Ten tips for smartphone security

With the holiday season in full swing, more people are using their smartphone for tasks such as last minute shopping, accessing bank accounts, connecting with friends or making shopping lists on their phone.

Smartphones are also expected to be one on the top gifts under the tree this season, so millions of new users will be trying out their new phones and looking for tips for getting started and staying safe.


For anyone with a smartphone this season, Lookout Mobile Security created a quick list of tips to help smartphone owners stay safe.

1. Set a password. One of the most common challenges for smartphone owners is losing the phone and all the personal data on it. Setting a strong password for your phone and enabling the screen auto-lock time to be five minutes is the simplest way to keep your personal information private during this busy season.

2. Download the updates for your phone. Always take the extra time to download software updates. Often, they include patches to security flaws recently found in the software. Just like a desktop or laptop computer, staying up to date is your first line of defense from hackers and viruses.

3. Treat your phone like your PC. As phones become more powerful and consumers do more with them, they become more attractive targets for malicious attacks. Protect yourself and your private data from malware, spyware and malicious apps by downloading a security app like Lookout Mobile Security.

4. Use discretion when downloading apps. One of the most exciting things to do with a new smartphone is explore all the great applications you can download onto it. As you begin to explore, make sure you download responsibly. Only download apps from sites you trust, check the app’s rating and read the reviews to make sure they’re widely used and respected.

5. Pay attention to the private data accessed by apps. Applications have the capability to access a lot of information about you. When you install an app, take the time to read the data and personal information that it needs to access. Whether it is access to your location, your personal information or text messages, it should make sense that the application needs access to those capabilities.

6. Download a “find your phone” app. No matter how diligent you are about keeping your phone on you at all times, you’re bound to lose it once, or it may even get stolen at some point. Download an app that helps you find your phone in case it is lost or stolen. Make sure you can remotely lock your phone if it is lost or stolen.

7. Exercise caution with links in SMS messages. Smishing, or a combination of SMS texting and phishing, is when scammers send you a text to a malicious website or ask you to enter sensitive information. Don’t click on links in text messages or emails if you don’t know the sender or they look suspicious. Trust your instincts.

8. On Public Wi-Fi, limit email, social networking and only window shop. Public Wi-Fi networks have become ubiquitous, but unfortunately securing the websites you may access haven’t. Many websites, email programs, instant messaging programs and social networking sites are not entirely safe to browse or access from a public Wi-Fi network. Also, trying to limit your online shopping to “window shopping” on a public network.

9. Never enter your credit card information on a site that begins with only “http://”. If a website ever asks you to enter your credit card information, you should automatically look to see if the web address begins with “https”. On unsecured networks, (those that have only have http://), mean a hacker could easily steal information like usernames, passwords and credit card numbers, which could lead to identity theft.

10. Enable a Wipe feature on your phone. If you find yourself (or your phone) in a difficult situation, and you won’t be able to get your phone back, a Wipe application will clear all the data so your private information won’t fall into the wrong hands. If you can, try to download an app where you can wipe your SD card too.

How to repair MDF files not detached from SQL Server 2000

If you have an mdf file that was not properly detached from SQL Server 2000 (possibly due to a hard drive crash), the first (best) option is to restore the database from a valid backup.  If that is not an option, then you may need to repair the mdf before you are able to attach the database.

If you are using SQL Server 2000, the following are instructions on how to repair the mdf file. Replace the filenames with your filename!

1. Make sure you have a copy of eshadata.MDF (or gendata.mdf)
2. Create a new database called fake (default file locations)
3. Stop SQL Service
4. Delete the fake_Data.MDF and copy eshadata.MDF (or gendata.mdf) to where fake_Data.MDF used to be and rename the file to  fake_Data.MDF
5. Start SQL Service
6. Database fake will appear as suspect in EM
7. Open Query Analyser and in master database run the following :

   sp_configure 'allow updates',1
   go
   reconfigure with override
   go
   update sysdatabases set
      status=-32768 where dbid=DB_ID('fake')
   go
   sp_configure 'allow updates',0
   go
   reconfigure with override
   go

   This will put the database in emergency recovery mode
8. Stop SQL Service
9. Delete the fake_Log.LDF file
10. Restart SQL Service
11. In QA run the following (with correct path for log)

    dbcc rebuild_log('fake','h:\fake_log.ldf')
    go
    dbcc checkdb('fake') -- to check for errors
    go

12. Now we need to rename the files, run the following (make sure there are no connections to it) in Query Analyser (At this stage you can actually access the database so you could use DTS or bcp to move the data to another database .)
    

    use master
    go
    
    sp_helpdb 'fake'
    go
    
    /* Make a note of the names of the files , you will need them in the next bit of the script to replace datafilename and logfilename - it might be that they have the right names  */
    
    sp_renamedb 'fake','eshadata'
    go
    
    alter database eshadata
    MODIFY FILE(NAME='fake', NEWNAME = 'eshadata')
    go
    
    alter database eshadata
    MODIFY FILE(NAME='fake_log', NEWNAME = 'eshadata_log')
    go
    
    dbcc checkdb('eshadata')
    go
    
    sp_dboption 'eshadata','dbo use only','false'
    go
    
    use eshadata
    go
    
    sp_updatestats
    go

13. You should now have a working database. However the log file will be small so it will be worth increasing its size. Unfortunately your files will be called fake_Data.MDF and fake_Log.LDF but you can get round this by detaching the database properly and then renaming the files and reattaching it.
    Run the following in QA

    sp_detach_db eshadata
    
    --now rename the files then reattach
    
    sp_attach_db 'eshadata','h:\eshadata.mdf','h:\eshadata_log.ldf'

Restore SQL Database from MDF file

For ex., if you have northwind.mdf file, you can create a 

database with the following statement:
 

USE master
GO
CREATE DATABASE northwind
ON 
( NAME = northwind_dat,
   FILENAME = 'd:\Program Files\Microsoft SQL Server\Data\northwind.mdf',
   SIZE = 10,
   MAXSIZE = 50,
   FILEGROWTH = 5 )
LOG ON
( NAME = northwind_log,
   FILENAME = 'd:\Program Files\Microsoft SQL Server\Data\northwind.ldf',
   SIZE = 5MB,
   MAXSIZE = 25MB,
   FILEGROWTH = 5MB )

GO

Restoring SQL Server databases from .mdf files

Method One

@ Reinstall SQL Server and create a database with the same physical file name as the .mdf file that you have. For example, if you have northwind.mdf file, create a database with the following statement:

USE master
GO
CREATE DATABASE northwind
ON 
( NAME = northwind_dat,
   FILENAME = 'd:Program FilesMicrosoft SQL ServerDatanorthwind.mdf',
   SIZE = 10,
   MAXSIZE = 50,
   FILEGROWTH = 5 )
LOG ON
( NAME = northwind_log,
   FILENAME = 'd:Program FilesMicrosoft SQL ServerDatanorthwind.ldf',
   SIZE = 5MB,
   MAXSIZE = 25MB,
   FILEGROWTH = 5MB )
GO

After ensuring that database was successfully created, stop your SQL Server service. Copy the .mdf file you have from the current directory to the SQL Server data directory. When asked whether you wish to overwrite the existing file, choose "yes." Now, start your SQL Server again. SQL Server will recover all the data and schema you had in the original database.

Method Two

This method is used when you don't want to stop and restart SQL Server. WARNING: be extremely careful when running the following code. Updating system tables with incorrect values might cause your server to crash!
Copy your .mdf file and paste it to SQL Server data directory. Next, configure your server to allow changes to the system tables. This can be accomplished by running the following code in the Query Analyzer:

sp_configure 'allow_updates', '1'
RECONFIGURE WITH OVERRIDE

Now, add an entry for your database to the sysdatabases system table in the master database. First, a quick lesson about sysdatabases table is in order. This system table tracks all user-defined and system databases that reside on the server. The columns that you should be concerned with are described in the following table:

COLUMN NAME	MEANING
Name	Database name
Dbid	Internal identifier for each database
Sid	Security id for the database - hexadecimal value
Mode	Used internally - do not set this value to anything other than 0
Status	Status bits that inform SQL Server of the database configuration options. Some of these options can be set using sp_dboption system stored procedure.
Status2	Additional status information, also in bit format
Reserved	Reserved for future use. Contains '1/1/1900' for all databases except model.
Crdate	The date the database was created
Category	Bitmap of the replication option used with the database
Cmptlevel	The database compatibility level; with SQL Server 2000, this could be 65, 70 or 80
Filename	The physical path to where the file is stored

The following code snippet shows you the statement that can be used to populate the sysdatabases table with an entry for the new database:

INSERT master..sysdatabases (name, dbid, sid, mode, status, status2, 
       crdate, reserved, category, cmptlevel, filename)
VALUES ('northwind', 10, 0x01, 0, 24, 1090519040, getdate(), '1/1/1900', 
        0, 80, 'd:Program FilesMicrosoft SQL ServerDatanorthwind.mdf')

Of course, if dbid of 10 is already taken, please choose another available identifier. You should examine sysdatabases table before adding any records to it. Now, reset your server to disallow updates to system tables:

sp_configure 'allow_updates', '0'
RECONFIGURE

Your database is now ready to be used. Again, please be extremely careful while making changes to sysdatabases system table (or any other system table for that matter). Inexperienced SQL Server users should use Method One.

Cyber Crime Investigators Field Guide for Winmobile Pocket PC

Computer crime field guide with tools investigators use, how to use them, and which procedures to follow.

Long gone are the days when a computer took up an entire room. Now we have computers at home, laptops that travel just about anywhere, and data networks that allow us to transmit information from virtually any location through the Internet in a timely and efficient manner. What have these advancements brought us? Another arena for criminal activities, including identity theft, spam emails and computer viruses. If someone wants to focus and target something, more than likely they will obtain what they want. We shouldn't expect it to be any different in cyberspace.
Designed as a field guide for law-enforcement, the Cyber Crime Investigator's Field Guide describes how to investigate a computer crime from beginning to end, covering everything from what to do upon arrival at the scene until the investigation is complete, including chain of evidence.
The product includes:

• tools investigators use
• how to use those tools
• which procedures to follow

Topics include:

• questions to ask the client
• evidence collection procedures
• password cracking
• key Unix/Linux commands
• a glossary of commonly used terms
• Cisco firewall data and commands
• attack signatures
• a port number reference
• other items to aid the field investigator in efficiently handling computer security incidents

Cyber Crime Investigator's Field Guide provides the investigative framework, a knowledge of how cyberspace really works, and the tools to investigate cyber crime...tools that tell you the who, where, what, when, why, and how.

10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery)

1. BackTrack
The newest contender on the block of course is BackTrack, which we have spoken about previously. An innovative merge between WHax and Auditor (WHax formely WHoppix).
BackTrack is the result of the merging of two Innovative Penetration Testing live Linux distributions Whax and Auditor, combining the best features from both distributions, and paying special attention to small details, this is probably the best version of either distributions to ever come out.
Based on SLAX (Slackware), BackTrack provides user modularity. This means the distribution can be easily customised by the user to include personal scripts, additional tools, customised kernels, etc.
Get BackTrack Here.
2. Operator
Operator is a very fully featured LiveCD totally oriented around network security (with open source tools of course).
Operator is a complete Linux (Debian) distribution that runs from a single bootable CD and runs entirely in RAM. The Operator contains an extensive set of Open Source network security tools that can be used for monitoring and discovering networks. This virtually can turn any PC into a network security pen-testing device without having to install any software. Operator also contains a set of computer forensic and data recovery tools that can be used to assist you in data retrieval on the local system.
Get Operator Here
3. PHLAK
PHLAK or [P]rofessional [H]acker’s [L]inux [A]ssault [K]it is a modular live security Linux distribution (a.k.a LiveCD). PHLAK comes with two light gui’s (fluxbox and XFCE4), many security tools, and a spiral notebook full of security documentation. PHLAK is a derivative of Morphix, created by Alex de Landgraaf.
Mainly based around Penetration Testing, PHLAK is a must have for any pro hacker/pen-tester.
Get PHLAK Here (You can find a PHLAK Mirror Here as the page often seems be down).
4. Auditor
Auditor although now underway merging with WHax is still an excellent choice.
The Auditor security collection is a Live-System based on KNOPPIX. With no installation whatsoever, the analysis platform is started directly from the CD-Rom and is fully accessible within minutes. Independent of the hardware in use, the Auditor security collection offers a standardised working environment, so that the build-up of know-how and remote support is made easier.
Get Auditor Here
5. L.A.S Linux
L.A.S Linux or Local Area Security has been around quite some time aswell, although development has been a bit slow lately it’s still a useful CD to have. It has always aimed to fit on a MiniCD (180MB).
Local Area Security Linux is a ‘Live CD’ distribution with a strong emphasis on security tools and small footprint. We currently have 2 different versions of L.A.S. to fit two specific needs – MAIN and SECSERV. This project is released under the terms of GPL.
Get L.A.S Linux Here
6. Knoppix-STD
Horrible name I know! But it’s not a sexually trasmitted disease, trust me.
STD is a Linux-based Security Tool. Actually, it is a collection of hundreds if not thousands of open source security tools. It’s a Live Linux Distro, which means it runs from a bootable CD in memory without changing the native operating system of the host computer. Its sole purpose in life is to put as many security tools at your disposal with as slick an interface as it can.
Get Knoppix-STD Here 
7. Helix
Helix is more on the forensics and incident response side than the networking or pen-testing side. Still a very useful tool to carry.
Helix is a customized distribution of the Knoppix Live Linux CD. Helix is more than just a bootable live CD. You can still boot into a customized Linux environment that includes customized linux kernels, excellent hardware detection and many applications dedicated to Incident Response and Forensics.
Get Helix Here
8. F.I.R.E
A little out of date, but still considered the strongest bootable forensics solution (of the open-source kind). Also has a few pen-testing tools on it.
FIRE is a portable bootable cdrom based distribution with the goal of providing an immediate environment to perform forensic analysis, incident response, data recovery, virus scanning and vulnerability assessment.
Get F.I.R.E Here
9. nUbuntu
nUbuntu or Network Ubuntu is fairly much a newcomer in the LiveCD arena as Ubuntu, on which it is based, is pretty new itself.
The main goal of nUbuntu is to create a distribution which is derived from the Ubuntu distribution, and add packages related to security testing, and remove unneeded packages, such as Gnome, Openoffice.org, and Evolution. nUbuntu is the result of an idea two people had to create a new distribution for the learning experience.
Get nUbuntu Here
10. INSERT Rescue Security Toolkit
A strong all around contender with no particular focus on any area (has network analysis, disaster recovery, antivirus, forensics and so-on).
INSERT is a complete, bootable linux system. It comes with a graphical user interface running the fluxbox window manager while still being sufficiently small to fit on a credit card-sized CD-ROM.
The current version is based on Linux kernel 2.6.12.5 and Knoppix 4.0.2
Get INSERT Here
Extra – Knoppix
Remember this is the innovator and pretty much the basis of all these other distros, so check it out and keep a copy on you at all times!
Not strictly a security distro, but definately the most streamlined and smooth LiveCD distribution. The new version (soon to be released – Knoppix 5) has seamless NTFS writing enabled with libntfs+fuse.
KNOPPIX is a bootable CD or DVD with a collection of GNU/Linux software, automatic hardware detection, and support for many graphics cards, sound cards, SCSI and USB devices and other peripherals. KNOPPIX can be used as a productive Linux desktop, educational CD, rescue system, or adapted and used as a platform for commercial software product demos. It is not necessary to install anything on a hard disk.
Get Knoppix Here
Other Useful Resources:
SecurityDistros
FrozenTech LiveCD List
DistroWatch
Others to consider (Out of date or very new):
SlackPen
ThePacketMaster
Trinux
WarLinux
Network Security Toolkit
BrutalWare
KCPentrix
Plan-B
PENToo

Toll Free Number for Cyber Crime

Agape India, a computer and mobile forensics specialist, plans to launch a special toll-free number to enable instant reporting of cyber crimes and mobile offences. The service will be activated on the 17th of this month.

Sufferers of cyber crimes such as online fraud, phishing, or even threat mails, and those affected by mobile related offences like unsolicited calls or pornographic MMS, can now call 1800 209 6789 and seek professional and individual assistance for free.

Agape has also launched the National Institute of e-Forensic (NIEF) in Mumbai. The purpose of this institute is to provide specialized computer and mobile forensic training programs to meet the growing demand of law enforcement agencies, corporates, individuals, and government bodies.

NIEF has set up 2 special e-Forensics training labs, while 3 more are expected to be set up in a year's time.

According to CERT IN (Indian Computer Emergency Response Team), hackers have become more active in India this year, breaking into over 2340 websites up to the end of May, as against 5200 in the entire year of 2006.

Sachin Pandey, CEO of NIEF observed, "With the growing market of PDAs and mobiles, related crimes in this sector have also witnessed an increase. Computer misuse has become so common that detection and effective monitoring of electronic activity as part of a solid computer usage and monitoring policy, should now be a cornerstone of any IT or personnel policy of the company."

The company said, NIEF will train students to combat various types of cyber crimes namely, credit card scams, e-mail related crimes like spoofing/ bombing, threat, defamation, fraud; and even phishing, software piracy, SMS hacking, cloning of mobiles, etc.

According to NIEF, the technology to combat these issues is present in the country, but there are very few people who are skilled to bring the existing technology in use.

Therefore, NIEF is offering a 1-year advanced course for imparting training in e-forensics. The cost of this course will approximately be Rs. 2.5 lakh; while short term courses will cost upwards of Rs. 15,000.

Presently, the institute has 6 trained cyber crime experts who will train the students at their Mumbai institute, but 3 more institutes have been planned to commence operation in the nation's metropolitans by the end of this financial year.

NIEF also has a mobile forensic lab that will travel across the length and breadth of India to educate the masses on cyber crime and make them aware of mobile malpractices.

Pinguy OS: Out-of-the-box Linux Operating System for Everyone

Pinguy OS an out-of-the-box working Linux operating system for everyone, not just geeks.
This OS is for people that have never used Linux before or for people that just want an out-of-the-box working OS without doing all the tweaks and enhancements that everyone seems to do when installing a fresh copy of Ubuntu or other Linux based Distro's.
Pinguy OS is an optimized build of Ubuntu 10.10 Minimal CD with added repositories, tweaks and enhancements that can run as a Live DVD or be installed. It has all the added packages needed for video, music and web content e.g. flash and java, plus a few fixes as well. Like fixing the wireless problems, gwibber’s Facebook problem and flash videos in full-screen.
Nautilus has been replaced for Elementary-Nautilus with added plug-ins so it can get music and video art from the web. The default theme is Elementary using ttf-droid font with Docky and a custom Conky.

It also has DVB support to Totem for anyone with a TV card that wants to watch tv on their PC but doesn't want to install a dedicated program like myth-tv.
All the programs in Pinguy OS have been chosen because of their ease of use and functionality, Every file type have also been changed to open with the right program, like for some reason by default .iso are opened with Archive Manager so it has been changed that to Brasero Disc Burner.
Download Link

Google Android Hidden Secret Codes

• Fast Boot mode 
• Download mode
• Recovery mode

WARNING: All these modes are used to flash/reset phone firmware. Think twice before entering in these modes.

Fast Boot Mode

This mode is used to flash the phone firmware using command line tools. To access this mode:

• Power off your phone.
• Press and hold Call and End Call/Power keys.

Download Mode

This mode is also used to flash the phone firmware. Mostly this mode is used by GUI tools for easier and quicker flashing. To access this mode:

• Power off your phone.
• Press and hold Volume Down, OK and End Call/Power keys.

Recovery Mode

This mode is used for recovery purposes like to reset the phone firmware. To access this mode:

• Power off your phone.
• Press and hold Volume Down, Call and End Call/Power keys.

Once the alert triangle is shown on screen, press "Menu" key to reset the firmware or press "Home" and "End Call/Power" keys to show recovery menu.

Android Secrets

*#*#4636#*#*

This code can be used to get some interesting information about your phone and battery. It shows following 4 menus on screen:

• Phone information
• Battery information
• Battery history
• Usage statistics

*#*#7780#*#*

This code can be used for a factory data reset. It'll remove following things:

• Google account settings stored in your phone
• System and application data and settings
• Downloaded applications

It'll NOT remove:

• Current system software and bundled applications
• SD card files e.g. photos, music files, etc.

PS: Once you give this code, you get a prompt screen asking you to click on "Reset phone" button. So you get a chance to cancel your operation.

*2767*3855#

Think before you give this code. This code is used for factory format. It'll remove all files and settings including the internal memory storage. It'll also reinstall the phone firmware.
PS: Once you give this code, there is no way to cancel the operation unless you remove the battery from the phone. So think twice before giving this code.

*#*#34971539#*#*

This code is used to get information about phone camera. It shows following 4 menus:

• Update camera firmware in image (Don't try this option)
• Update camera firmware in SD card
• Get camera firmware version
• Get firmware update count

WARNING: Never use the first option otherwise your phone camera will stop working and you'll need to take your phone to service center to reinstall camera firmware.

*#*#7594#*#*

This one is my favorite one. This code can be used to change the "End Call / Power" button action in your phone. Be default, if you long press the button, it shows a screen asking you to select any option from Silent mode, Airplane mode and Power off.
You can change this action using this code. You can enable direct power off on this button so you don't need to waste your time in selecting the option.

*#*#273283*255*663282*#*#*

This code opens a File copy screen where you can backup your media files e.g. Images, Sound, Video and Voice memo. 

*#*#197328640#*#*

 

This code can be used to enter into Service mode. You can run various tests and change settings in the service mode.

 

WLAN, GPS and Bluetooth Test Codes:

 

*#*#232339#*#* OR *#*#526#*#* OR *#*#528#*#* - WLAN test (Use "Menu" button to start various tests)
*#*#232338#*#* - Shows WiFi MAC address
*#*#1472365#*#* - GPS test
*#*#1575#*#* - Another GPS test
*#*#232331#*#* - Bluetooth test
*#*#232337#*# - Shows Bluetooth device address

*#*#8255#*#*

This code can be used to launch GTalk Service Monitor.

Codes to get Firmware version information:

*#*#4986*2650468#*#* - PDA, Phone, H/W, RFCallDate
*#*#1234#*#* - PDA and Phone
*#*#1111#*#* - FTA SW Version
*#*#2222#*#* - FTA HW Version
*#*#44336#*#* - PDA, Phone, CSC, Build Time, Changelist number

Codes to launch various Factory Tests:

*#*#0283#*#* - Packet Loopback
*#*#0*#*#* - LCD test
*#*#0673#*#* OR *#*#0289#*#* - Melody test
*#*#0842#*#* - Device test (Vibration test and BackLight test)
*#*#2663#*#* - Touch screen version
*#*#2664#*#* - Touch screen test
*#*#0588#*#* - Proximity sensor test
*#*#3264#*#* - RAM version
NOTE: All above codes have been checked on Google Android phone Samsung Galaxy I7500 only but they should also work in other Google Android phones.

  

 

 

 

Thinks you likes to know.....

" The oldest world in the english language is TOWN"

" India has the II largest pool of scientiest and engeneers in the world"

" You share your birthday within at least 9 other million people in the  world"

" Sabeer bhatia is the founder & creator of homail world no. 1 web"

" Tom sietas world record to hold their breath 15 minute 2 second"

"Money notes not made from paper, it is made mostly from a special blend of cotton and linen.

"Just about 3 people are born every second, and about 1.3333 people die every second."

"According to oxford english dictionary the largest word "PNEUMONOULTRAMICROSCOPICSILICOVALCANOKONIOSIS"

" The cigarette lighter was invented before the matches"

" Yoga has its origins in india and has existed for over 5,000 year"

“Dolphins sleep with one eye open"

"The largest employer in the word is the Indian Railway Employing over a million people"

" India has the largest number of post-office in the world”

“ Cheess was invented in India”

“ India exports software in 90 countries”

“ Canada is an Indian word an Indian word meaning “Big Village”

“ There are more than 10,000 varieties of tomatoes”

“ There are two words in the English language that have all 5 vowels in order: ABSTEMIOUS and FACETIOUS”

RAID technology advances with wide striping and erasure coding

RAID: wide striping, storage virtualization and erasure coding

Storage manufacturers have been quick to modify and adapt RAID levels to meet the needs of their customers. Technologies like wide striping, storage virtualization and erasure coding are changing the basic assumptions of RAID. Much of this work was unheralded and invisible to customers, however, and the old nomenclature persists.

EMC Corp., Hewlett-Packard (HP) Co. and others abandoned the whole-disk concept in the mid-1990s, building RAID 1 and RAID 5 sets from slices of capacity spread across multiple drives. This was taken further in the 2000s by companies like 3PAR and Compellent Technologies Inc., whose "wide striping" technology places just a little data on each hard disk drive. Spreading data across many more drives improves average performance and reduces the time required to rebuild a RAID set in the event of a failure. Although many arrays still rely on rigidly defined disk groups, most high-end devices spread data more widely.

Like its server-based cousin, storage virtualization breaks the rigid link between physical systems and their logical representation. Virtualized arrays present drives and file systems to servers that aren't tied to a specific set of disks. This allows them to freely move this data between RAID sets, hard disk drives, flash storage and even across multiple arrays. Conventional RAID might still be used at the lowest level, but storage virtualization overcomes its inflexible layout and performance limits.
As discussed in my August Tech Tip, erasure coding is a new kind of data protection math that goes well beyond the simple parity checks used by classic RAID systems. Although often referred to as "dual parity," most implementations of RAID 6 actually employ advanced Reed-Solomon coding, bringing many advantages over basic parity calculation. These systems can not only recover lost data, they can detect corruption of data. Some systems disperse data widely across drives, storage nodes and geographies for even greater reliability. Although these calculations were widely known in the 1980s, computing power hadn't advanced far enough to utilize them in storage arrays.

Living in the post-RAID world

Today's enterprise storage systems are just as likely to employ these modern data protection schemas as they are to use classic RAID levels, and most are at least somewhat-virtualized. Data storage buyers are likely to encounter any number of new technologies in combinations that make them difficult to assess. It's therefore important to discard outdated "rules of thumb" regarding RAID and focus instead on real-world performance and manageability of systems. Once, the only way to achieve high performance was to combine RAID 1 and data striping (also called "RAID 0") into a "RAID 1+0" or "RAID 10" set. But modern systems with DRAM and flash caches, wide striping and automated tiering can perform even better without the 50% capacity hit of RAID 1. Similarly, database administrators are loath to use RAID 5 due to the limited performance of classical implementations. But today's systems can overcome these issues, delivering more performance than the basic mirrored disks DBAs often request.

Advances in technology have made RAID technology more common, but not all RAID systems are equal. The power of the CPU and capacity of the cache in an array have much more to do with performance than the arrangement of the disk drives. And disk drives with greater capacity can make a small array appear to be a decent alternative to a larger system, though performance will surely suffer. Put simply, one can't assume that a given system will perform.

The best strategy for storage buyers is to examine the real-world performance of a storage device rather than making assumptions based on RAID levels. They should request references from vendors and examine how a given system supports their applications. RAID is not dead, but the critical issues in enterprise storage have moved beyond it.

C++ Source Codes

C++ Source Codes

Game programs

Find source codes properly stored in organized manner. Click on the subpages on the left for different categories. The subpages are provided with download links. Click on the links to download and click on the mediafire link to go to the mediafire download page. Each page is also provided with mediafire folder link from which you can download the files indirectly.

Mediafire Main Folder Link

http://www.mediafire.com/?8rl45waj438p4

Target shooting Game

http://www.mediafire.com/?ju8fl9i2wl73wj6 (Target shooting Game)                   

Shuffle Game

http://www.mediafire.com/?3bkd1easaedad7f (Shuffle Game)

Simple Tic Tac Toe Game

http://www.mediafire.com/?1aaw8i600zd1hee (Simple Tic Tac Toe Game)

Snake Game

http://www.mediafire.com/?tyn20qmoyv278ci (Snake Game)

Sudoku Game

http://www.mediafire.com/?yjxwkvyijjai8p3 (Sudoku)

Dx ball

http://www.mediafire.com/?cqoy32qxx8q0owu (Dx ball)

Mickey Mouse Program

http://www.mediafire.com/?eracbqjwwc1r118 (Mickey Mouse Program)

Snake Game in Graphics

http://www.mediafire.com/?osmmwb498nqhtls (Snake Game in Graphics)

Snakes and Ladders Game

http://www.mediafire.com/?82hvw9wbtqn7u08 (Snakes and Ladders Game)

14 Othello Game

http://www.mediafire.com/?5phyg12e3tepxu7 (14 Othello Game)

Game of Roulett

http://www.mediafire.com/?9h8jzickxcfpjw3 (Game of Roulett)

Jumble Fair Game

http://www.mediafire.com/?8uz635po00z6otu (Jumble Fair Game)

Source : The codemakit source codes portal

How to Trace Mobile Numbers

With the rapid growth of mobile phone usage in recent years, we have often observed that the mobile phone has become a part of many illegal and criminal activities. So in most cases, tracing the mobile number becomes a vital part of the investigation process. Also sometimes we just want to trace a mobile number for reasons like annoying prank calls, blackmails, unknown number in a missed call list or similar.

Even though it is not possible to trace the number back to the caller, it is possible to trace it to the location of the caller and also find the network operator. Just have a look at this page on tracing Indian mobile numbers from Wikipedia. Using the information provided on this page, it is possible to certainly trace any mobile number from India and find out the location (state/city) and network operator (mobile operator) of the caller. All you need for this is only the first 4-digit of the mobile number. In this Wiki page you will find all the mobile number series listed in a nice tabular column where they are categorized based on mobile operator and the zone (state/city). This Wiki page is updated regularly so as to provide up-to-date information on newly added mobile number series and operators. I have used this page many a time and have never been disappointed.
If you would like to use a simpler interface where in you can just enter the target mobile number and trace the desired details, you can try this link from Numbering Plans. Using this link, you can trace any number in the world.

By using the information in this article, you can only know “where” the call is from and not “who” the caller is. Only the mobile operator is able to tell you ”who” the caller is. So if you’re in an emergency and need to find out the actual person behind the call, I would recommend that you file a complaint and take the help of police. I hope this information has helped you!

How to Hack an Ethernet ADSL Router

Almost half of the Internet users across the globe use ADSL routers/modems to connect to the Internet however, most of them are unaware of the fact that it has a serious vulnerability which can easily be exploited even by a noob hacker just like you. In this post I will show you how to exploit a common vulnerability that lies in most ADSL routers so as to gain complete access to the router settings and ISP login details.
Every router comes with a username and password using which it is possible to gain access to the router settings and configure the device. The vulnerability actually lies in the Default username and password that comes with the factory settings. Usually the routers come preconfigured from the Internet Service provider and hence the users do not bother to change the password later. This makes it possible for the attackers to gain unauthorized access and modify the router settings using a common set of default usernames and passwords. Here is how you can do it.
Before you proceed, you need the following tool in the process
Angry IP Scanner
Here is a detailed information on how to exploit the vulnerability of an ADSL router.
Step-1: Go to www.whatismyipaddress.com. Once the page is loaded you will find your IP address. Note it down.
Step-2: Open Angry IP Scanner, here you will see an option called IP Range: where you need to enter the range of IP address to scan for.

Suppose your IP is 117.192.195.101, you can set the range something as 117.192.194.0 to 117.192.200.255 so that there exists atleast 200-300 IP addresses in the range.

 

Step-3: Go to Tools->Preferences and select the Ports tab. Under Port selection enter 80 (we need to scan for port 80). Now switch to the Display tab, select the option “Hosts with open ports only” and click on OK.

I have used Angry IP Scanner v3.0 beta-4. If you are using a different version, you need to Go to Options instead of Tools

 

Step-4: Now click on Start. After a few minutes, the IP scanner will show a list of IPs with Port 80 open as shown in the below image.

 

Step-5: Now copy any of the IP from the list, paste it in your browser’s address bar and hit enter. A window will popup asking for username and password. Since most users do not change the passwords, it should most likely work with the default username and password. For most routers the default username-password pair will be admin-admin or admin-password.
Just enter the username-password as specified above and hit enter. If you are lucky you should gain access to the router settings page where you can modify any of the router settings. The settings page can vary from router to router. A sample router settings page is shown below.

 

If you do not succeed to gain access, select another IP from the list and repeat the step-5. Atleast 1 out of 5 IPs will have a default password and hence you will surely be able to gain access.

 

What can an Attacker do by Gaining Access to the Router Settings?

By gaining access to the router settings, it is possible for an attacker to modify any of the router settings which results in the malfunction of the router. As a result the target user’s computer will be disconnected from the Internet. In the worst case the attacker can copy the ISP login details from the router to steal the Internet connection or play any kind of prank with the router settings. So the victim has to reconfigure the router in order to bring it back to action.

 

The Verdict:

If you are using an ADSL router to connect to the Internet, it is highly recommended that you immediately change your password to prevent any such attacks in the future. Who knows, you may be the next victim of such an attack.
Since the configuration varies from router to router, you need to contact your ISP for details on how to change the password for your model.

Warning!

All the information provided in this post are for educational purposes only. Please do not use this information for illegal purposes.

Matriux- Another powerfull distribution

Another security distribution consisting of a bunch of powerful, open source and free tools designated for penetration testing, ethical hacking, system administrators, information systems forensics, security testing and much more.

Tools included in this distro are:

- Reconnaissance

- DNS

• DIG
• DNSBruteForce
• DNSTracer
• DNSWalk

+ HTTrack

• Chaosreader
• Deepmagic Information Gathering Tool
• dsniff password sniffer
• EtherApe
• tcpdump
• tcpslice
• tcptrace
• tcptracert
• Network Analyzer (Wireshark)
• xtrace

- Scanning

- BATMAN-Tools

• batping
• batroute
• batdump

- Cisco

• CDP Packet Generator
• HSRP Generator

- Routing-Protocols

• Autonomous System Scanner
• IGRP Route Injector

- Web-Scanners

• Nikto
• Angry IP Scan
• CryptCat
• ettercap console
• Ettercap Gui
• file2cable
• Web Server Fingerprinting Tool
• icmpush
• icmpquery
• IRDP Packet Sender
• IRDP Responder Packet Sender
• Netcat
• netenum
• netmask
• Nmap
• Paris Traceroute
• Protocol Scanner
• Parallel Internet Measurement Utility
• tctrace
• THC-Amap
• The Network Mapper Front End

- Gain Access (Attack Tools)

- Brute-Force

• BruteSSH

- Password

• crunch
• md5-utils
• Mac Changer

- Framework

- Fast-Track

• Fast Track Console Mode
• FT-Interactive Menu
• Fast Track Gui

- Inguma

• Inguma-cli
• Inguma-gui

- Metaspolit Framework 2

• msf2-cli
• msf2-console
• msf2-update
• msf2-web
• msf2-web console v2.7.

- Metaspolit Framework 3

• msf3-cli
• msf3-console
• msf3-gui
• msf3-web
• msf3-web console v3.2
• Grendel-Scan
• HTTP Request Exploit Framework
• WebSecurify
• WSFuzzer

- Radio

- Bluetooth

• haraldscan

- Wireless 802.11

• airbase-ng
• aircrack-ng
• airdecap-ng
• airdecloak-ng
• airdriver-ng
• aireplay-ng
• airmon-ng
• airodump-ng
• airolib-ng
• airserv-ng
• airtun-ng
• buddy-ng
• easside-ng
• packetforge-ng
• tkiptun-ng
• wesside-ng
• WiFi Radar

- Digital-Forensics

- Acquisition

• Automated Image & Restore 1.28
• Guymager

- Analysis

• Start Autopsy
• Autopsy Forensics Browser
• Gpart
• Pasco
• Vinetto
• Start WarVOX
• Open WarVOX Web Interface
• Xplico Console Mode (Internet Traffic Decoder)
• Xplico Web Interface (Internet Traffic Decoder)
• Dhash

- Debugger

• Crash
• e2dbg
• efence
• JavaScript Lint
• valgrind

- Tracer

- Leak-Tracer

• Leak Analyze
• Leak Check
• etrace
• ltrace
• pstack
• strace

Darkjumper- Web vulnerability checker

This tool will try to find every website that host at the same server at your target Then check for every vulnerability of each website that host at the same server.

Get Darkjumper  5.8 here

Tabnabbing: A New Type of Phishing Attack

The web is a generative and wild place. Sometimes I think I missed my calling; being devious is so much fun. Too bad my parents brought me up with scruples.
Most phishing attacks depend on an original deception. If you detect that you are at the wrong URL, or that something is amiss on a page, the chase is up. You’ve escaped the attackers. In fact, the time that wary people are most wary is exactly when they first navigate to a site.
What we don’t expect is that a page we’ve been looking at will change behind our backs, when we aren’t looking. That’ll catch us by surprise.

How The Attack Works

1. A user navigates to your normal looking site.
2. You detect when the page has lost its focus and hasn’t been interacted with for a while.
3. Replace the favicon with the Gmail favicon, the title with “Gmail: Email from Google”, and the page with a Gmail login look-a-like. This can all be done with just a little bit of Javascript that takes place instantly.
4. As the user scans their many open tabs, the favicon and title act as a strong visual cue—memory is malleable and moldable and the user will most likely simply think they left a Gmail tab open. When they click back to the fake Gmail tab, they’ll see the standard Gmail login page, assume they’ve been logged out, and provide their credentials to log in. The attack preys on the perceived immutability of tabs.
5. After the user has entered their login information and you’ve sent it back to your server, you redirect them to Gmail. Because they were never logged out in the first place, it will appear as if the login was successful.

Smartphone Forensics: Cracking BlackBerry Backup Passwords

BlackBerry dominates the North American smartphone market, enjoying almost 40 per cent market share. A 20 per cent worldwide market share isn’t exactly a bad thing, too. The total subscriber base for the BlackBerry platform is more than 50 million users.
Today, we are proud to present world’s first tool to facilitate forensic analysis of BlackBerry devices by enabling access to protected data stored on users’ BlackBerries.
One of the reasons of BlackBerry high popularity is its ultimate security. It was the only commercial mobile communication device that was ever allowed to a US president: Barack Obama has won the privilege to keep his prized BlackBerry despite resistance from NSA. (On a similar note, Russian president Dmitry Medvedev was handed an iPhone 4 a day before its official release by no one but Steve Jobs himself. No worries, we crack those, too).



All data transmitted between a BlackBerry Enterprise Server and BlackBerry smartphones is encrypted with a highly secure AES or Triple DES algorithm. Unique private encryption keys are generated in a secure, two-way authenticated environment and are assigned to each BlackBerry smartphone user. Even more; to secure information stored on BlackBerry smartphones, password authentication can be made mandatory through the policies of a BlackBerry Enterprise Server (default, password authentication is limited to ten attempts, after which the smartphone's wiped clean with all its contents erased). Local encryption of all data, including messages, address book and calendar entries, memos and tasks, is also provided, and can be enforced via the IT policy as well. With the supplied Password Keeper, Advanced Encryption Standard (AES) encryption allows password entries to be stored securely on the smartphone, enabling users to keep their online banking passwords, PIN codes and financial information handy – and secure. If that’s not enough, system administrators can create and send wireless commands to remotely change BlackBerry device passwords, lock or delete information from lost or stolen BlackBerries.
Sounds pretty secure, does it? As always, there is the weakest link. With BlackBerry, the weakest link is its offline backup mechanism.
Backups are good. If you don’t do backups yet you definitely should. Any decent IT policy will mandate you to backup data at certain intervals. This is true not only for laptops, desktops or servers, but also for mobile devices and smartphones. A lost BlackBerry can definitely ruin your day without having a recent backup handy. How long will it take you to get everything back on your new BlackBerry? Count contacts, appointments, mail accounts and their settings, installed applications, photos, device preferences, etc. Backups offer a convenient way to reduce this time to just a few minutes.
Backups are also evil. They create a new instance of information that might be private or sensitive. It is easy to manage this information while it stays inside a secure device, and it might be a nightmare to manage it when it is out. Backup encryption is supposed to solve the problem. If you’re one of those guys with search warrants, I doubt that you like the idea of encrypting anything, BlackBerry backups included. At least if this isn’t your own backup.
Smartphone manufacturers provide software not only for syncing devices with desktop computers, but also for creating backups. For example, Apple iPhone users have iTunes. For BlackBerries, it is BlackBerry Desktop Software. According to the application manual:

The BlackBerry Desktop Software is designed to link the content and applications on your BlackBerry device with your computer.
You can use the BlackBerry Desktop Software to do the following tasks:
• synchronize your organizer data (calendar entries, contacts, tasks, and memos) and media files (music, pictures, and videos)
• back up and restore your device data
• manage and update your device applications
• transfer your device settings and data to a new BlackBerry device
• use your device as a modem to connect to the Internet from your computer
• manage multiple devices
• charge your device

Creating device backup is quite simple; again, following the manual:

To back up data that is in your built-in media storage, mass storage mode must be turned on.
1. Connect your BlackBerry device to your computer.
2. In the BlackBerry Desktop Software, click [Device] > [Back up].
3. Do one of the following:
• To back up all your device data, click [Full].
• To back up all your device data except for email messages, click [Quick].
• To select which types of device data to back up, click [Custom]. Select the check box next to the data you want to back up.
4. If your device includes built-in media storage and you want to back up data that is stored there, select the [Files saved on my built-in media storage] check box.
5. Do any of the following:
• To change the default name for the backup file, in the File name field, type a new name.
• To encrypt your data, select the [Encrypt backup file] check box. Type a password.
• To save your settings so that you are not prompted to set these options again when you back up your device, select the [Don't ask for these settings again] check box.
6. Click [Back up].

So when you restore the device from a backup, you will have to supply the same password you entered to create it (as if it’s not obvious).
Contrary to iPhone backups that consist of a collection of multiple files, BlackBerry backups are stored in a single file – either with .ipd (Windows version of BlackBerry Desktop) or .bbb (Mac version) extension. In fact, .bbb is simply a ZIP archive incorporating .ipd file inside.
Backup encryption uses AES with a 256-bit key. So far, so good. An AES key is derived from the user-supplied password, and this is where the problem arises.
In short, standard key-derivation function, PBKDF2, is used in a very strange way, to say the least. Where Apple has used 2’000 iterations in iOS 3.x, and 10’000 iterations in iOS 4.x, BlackBerry uses only one. Another significant shortcoming is that it’s BlackBerry Desktop Software that encrypts data, not the BlackBerry device itself. This means that the data is passed from the device to the computer in a plain, unencrypted form. Apple devices act differently; the data is encrypted on the device and never leaves it in an unencrypted form. Apple desktop software (iTunes) acts only as a storage and never encrypts/decrypts backup data. This is quite surprising since the BlackBerry platform is known for its unprecedented security, and we’ve been expecting BlackBerry backup protection to be at least as secure as Apple’s, which turned not to be the case.
What does that mean for us? We can run password recovery attacks on BlackBerry backups really fast – even without GPU acceleration we can go over millions of passwords per second. Here is the performance chart

In case these numbers don't give you much of a hint, here is the tip: if the password is 7 character long (a typical length) and contains only small letters or only capitals, it will take only about half an hour to recover the password on an Intel Core i7 CPU. And even if the password is composed of both uppercase and lowercase letters, the recovery will succeed in less than three days.
Of course, longer passwords will take more time, but the big question is: are you able to memorize longer passwords, or will you write them down?
Sorry, forgot to mention. To recover BlackBerry passwords, you'll need our Elcomsoft Phone Password Breaker (formerly "Elcomsoft iPhone Password Breaker" – sorry Apple, we've dropped an 'i' because not only iPhone backups are supported now, but your competitors as well. The abbreviated name remains EPPB for the time being).
And now some quick tips. First, not only brute-force attack is available: the dictionary attack (our favorite, especially when used with permutations) is there as well.
Second, once the password is recovered (or if you already know it), EPPB can decrypt the backup so that you can use it to restore the device or analyze its contents using any 3rd party mobile forensic tools like ABC Amber BlackBerry Converter.


By : Vladimir Katalov

Scapy

Scapy is a powerful interactive packet manipulation program. It is able to forge or decode packets of a wide number of protocols, send them on the wire, capture them, match requests and replies, and much more. It can easily handle most classical tasks like scanning, tracerouting, probing, unit tests, attacks or network discovery (it can replace hping, 85% of nmap, arpspoof, arp-sk, arping, tcpdump, tethereal, p0f, etc.). It also performs very well at a lot of other specific tasks that most other tools can’t handle, like sending invalid frames, injecting your own 802.11 frames, combining technics (VLAN hopping+ARP cache poisoning, VOIP decoding on WEP encrypted channel, …), etc.

 Get Scapy 2.1.1 here

Black Berry IPD Files

IPD Files Demystified
Black Berry handheld devices have long been a favorite of the corporate executive but now with the release of a more mainstream multimedia capable mobile device in the Pearl and an aggressive advertising campaign, the Black Berry is bound to become a more popular device with non corporate types as well.
This mini white paper discusses the structure of the Black Berry backup or IPD file for the forensic examiner.
The IPD What is it?
The Black Berry Desktop software creates a proprietary backup of the databases on the Black Berry Handheld. This file is by default named in the following fashion
Backup-(current date,time and year)-.ipd
The files also default to the user’s “My Documents” folder. This, of course, may be changed by a user. The IPD file itself is a database of the databases.
IPD STRUCTURE
Below is a graphic of the IPD file.

As you can see from the graphic the IPD file begins with Inter@ctive Pager Backup/Restore File. The examiner may find this to be of use in search strings to find hidden or unallocated files.
Following this “header” the structure follows as is shown in the graphic below.

Here we can see that we have an one byte line feed (x/OA) followed by an one byte version (x/02) and a two byte indicator of the number of data bases in the file (in the above case x/3F).
Finally the names of the Databases follow after a 1 byte separator (x/00).
DATABASE NAME STRUCTURE
The databases within the file are constructed as follows

• Database name length 2 bytes the length includes terminating null
• Database name As long as the name length above

This is illustrated in the following graphic

After the database name length and name the database follows the following structure

• Database ID Two bytes zero based position in the list of DB name blocks
• Record Length 4 bytes
• Database version 1 byte
• DatabaseRecordHandler 2 bytes
• Record Unique ID 4 bytes
• Field length #1 2 bytes
• Field type #1 1 byte
• Field data #1 As long as field length
• Field length #m 2 bytes
• Field type #m 1 byte
• Field data #m As long as the field length

The database has a unique id that is followed by the record length and the record ID. Each record will have a variable number of fields (as shown in the table by field #1 …field #m) that have a structure of length, type and data.
This is illustrated in the below graphic

This short white paper attempted to show the structure of the Black Berry backup file commonly known as the IPD file. The IPD file can be loaded into a Black Berry simulator or third party software such as the Amber Black Berry Converter to extract evidence. Examiners are encouraged to do their own research and validation into the file.
CITATIONS
1. http://www.BlackBerry.com/developers/journal/jan_2006/ipd_file_format.shtm