Praveen's Weblog

Voice Calls between MSN and Gtalk

2007-03-21T17:33:00.000+05:30

Open your Windows Live Messenger and invite new recipient whose user id is service@gtalk2voip.com. Yes, this same ID is used in Google Talk too.

Type like CALL someuser@gmail.com in the chat window to place an outgoing call to Google Talk user someuser@gmail.com.

In a second or two you will get an incoming call from service@gtalk2voip.com which you have to accept

When your call is answered on the remote side, "Remote answered. Now talking.." message is displayed. From this moment, you may talk.

Type 'HELP' for more information in the chat window.

Make Free Calls from Gtalk

2007-03-21T17:30:00.000+05:30

Add service@splinter.net to your contact list on GoogleTalk

Type like CALL someuser@gmail.com in the chat window to place an outgoing call to mobile or landline

In a second or two you will get an incoming call from service@splinter.net

you may talk with your called party now.

Type 'HELP' for more information in the chat window. http://gtalk.splinter.net/

How to Avoid Keyloggers on Your PC

2006-12-27T23:51:00.000+05:30

A friend called me just now asking why he couldn’t login to e-gold today, something like the password has been changed. Few hours back, he received an email saying that some ’security changes’ has been applied from e-gold. What he does not know is that keyloggers are the devil programs running anonymously on his PC.

If one day you receive an email from your bank confirming your transaction that you never did, it is possibly after someone has happily spying on you. They read every texts you type.

There are some ways that I can remember on how these bad programs end up on your PC:

1. You have install some programs called freeware or shareware or any other wares that doing something in the background.

2. You have visited some websites that asked you to install something and you just click “Yes”.

3. You have downloaded an evaluation copy of a good software and later find the unlock key from bad sites and run the patch program.

4. You have received some cool games in emails and immediately install all of them.

5. You have followed a link in an email and do some installations.

6. You are looking here and there for a spyware remover and found a web claiming to be able to remove all kind of spywares and install the remover happily.

7. You have visited some sexy websites and install the free screen savers.

Bla bla… there are a lot more ways to get you infected. The best way to get rid of these (if you get confused now) is reformatting the PC and use only that PC for online bankings or tradings. Be sure not to share it with anyone else.

Midtown Madness Cheats - PC Cheat Codes

2006-12-27T23:48:00.000+05:30

Midtown Madness Cheats - PC Cheat Codes

Hold CTRL+SHIFT+ALT+F7 until a text input box appears and then enter the cheat you want.

Cheat Code Effect

/big big people
/bridge the bridges raise and lower quickly
/damage turns damage back on
/dizzy makes the sky wacky
/fuzz turns on the police radar
/grav drive with half gravity
/nodamage turns off car damage
/nosmoke turns off wheel & damage smoke
/postal when pressing horn vehicle fires post boxes
/smoke turns on wheel & damage smoke
/swap the train turns into planes
/tiny tiny people
/ufo planes turn into ufos

..

Reverse Social Engineering

2006-12-27T22:43:00.000+05:30

A final, more advanced method of gaining illicit information is known as “reverse social engineering”. This is when the hacker creates a persona that appears to be in a position of authority so that employees will ask him for information, rather than the other way around. If researched, planned and executed well, reverse social engineering attacks may offer the hacker an even better chance of obtaining valuable data from the employees; however, this requires a great deal of preparation, research, and pre-hacking to pull off.

According to Methods of Hacking: Social Engineering, a paper by Rick Nelson, the three parts of reverse social engineering attacks are sabotage, advertising, and assisting. The hacker sabotages a network, causing a problem arise. That hacker then advertises that he is the appropriate contact to fix the problem, and then, when he comes to fix the network problem, he requests certain bits of information from the employees and gets what he really came for. They never know it was a hacker, because their network problem goes away and everyone is happy.

References

Ameritech Consumer Information “Social Engineering Fraud,”
http://www.ameritech.com/content/0,3086,92,00.html

Anonymous “Social engineering: examples and countermeasures from the real-world,” Computer Security Institute
http://www.gocsi.com/soceng.htm

Arthurs, Wendy: “A Proactive Defence to Social Engineering,” SANS Institute, August 2, 2001.
http://www.sans.org/infosecFAQ/social/defence.htm

Berg, Al: “Al Berg Cracking a Social Engineer,” by, LAN Times Nov. 6, 1995.
http://packetstorm.decepticons.org/docs/social-engineering/soc_eng2.html

Bernz 1: “Bernz’s Social Engineering Intro Page”
http://packetstorm.decepticons.org/docs/social-engineering/socintro.html

Bernz 2: “The complete Social Engineering FAQ!”
http://packetstorm.decepticons.org/docs/social-engineering/socialen.txt

Social Engineering by Phone

2006-12-27T22:40:00.000+05:30

The most prevalent type of social engineering attack is conducted by phone. A hacker will call up and imitate someone in a position of authority or relevance and gradually pull information out of the user. Help desks are particularly prone to this type of attack. Hackers are able to pretend they are calling from inside the corporation by playing tricks on the PBX or the company operator, so caller-ID is not always the best defense. Here’s a classic PBX trick, care of the Computer Security Institute: “’Hi, I’m your AT&T rep, I’m stuck on a pole. I need you to punch a bunch of buttons for me.’”

And here’s an even better one: “They’ll call you in the middle of the night: ‘Have you been calling Egypt for the last six hours?’ ‘No.’ And they’ll say, ‘well, we have a call that’s actually active right now, it’s on your calling card and it’s to Egypt and as a matter of fact, you’ve got about $2,000 worth of charges from somebody using your card. You’re responsible for the $2,000, you have to pay that...’ They’ll say, ‘I’m putting my job on the line by getting rid of this $2,000 charge for you. But you need to read off that AT&T card number and PIN and then I’ll get rid of the charge for you.’ People fall for it.” (Computer Security Institute).

Help desks are particularly vulnerable because they are in place specifically to help, a fact that may be exploited by people who are trying to gain illicit information. Help desk employees are trained to be friendly and give out information, so this is a gold mine for social engineering. Most help desk employees are minimally educated in the area of security and get paid peanuts, so they tend to just answer questions and go on to the next phone call. This can create a huge security hole.

The facilitator of a live Computer Security Institute demonstration, neatly illustrated the vulnerability of help desks when he “dialed up a phone company, got transferred around, and reached the help desk. ‘Who’s the supervisor on duty tonight?’ ‘Oh, it’s Betty.’ ‘Let me talk to Betty.’ [He’s transferred.] ‘Hi Betty, having a bad day?’ ‘No, why?...Your systems are down.’ She said, ‘my systems aren’t down, we’re running fine.’ He said, ‘you better sign off.’ She signed off. He said, ‘now sign on again.’ She signed on again. He said, ‘we didn’t even show a blip, we show no change.’ He said, ‘sign off again.’ She did. ‘Betty, I’m going to have to sign on as you here to figure out what’s happening with your ID. Let me have your user ID and password.’ So this senior supervisor at the Help Desk tells him her user ID and password.” Brilliant.

A variation on the phone theme is the pay phone or ATM. Hackers really do shoulder surf and obtain credit card numbers and PINs this way. (It happened to a friend of mine in a large US airport.) People always stand around phone booths at airports, so this is a place to be extra cautious.

...