VirtualBox 4.1 Final released for Linux

VirtualBox 4.1 Final released for Linux

VirtualBox 4.1 final is released for Linux. It is a general-purpose full virtualizer for x86 hardware, targeted at server, desktop and embedded use. VirtualBox is a cross-platform virtualization application. What does that mean? For one thing, it installs on your existing Intel or AMD-based computers, whether they are running Windows, Mac, Linux or Solaris operating systems. Secondly, it extends the capabilities of your existing computer so that it can run multiple operating systems (inside multiple virtual machines) at the same time. So, for example, you can run Windows and Linux on your Mac, run Windows Server 2008 on your Linux server, run Linux on your Windows PC, and so on, all alongside your existing applications. You can install and run as many virtual machines as you like -- the only practical limits are disk space and memory.


VirtualBox is deceptively simple yet also very powerful. It can run everywhere from small embedded systems or desktop class machines all the way up to datacenter deployments and even Cloud environments.


This version is a major update. The following major new features were added:

• Support for cloning of VMs (bug #5853, see the manual for more information): full clones can be created through the GUI and VBoxManage, linked clones only through VBoxManage
• GUI: enhanced wizard for creating new virtual disks
• GUI: new wizard for copying virtual disks
• GUI: keep the aspect ratio in scale mode (Windows and OSX hosts only; bug #7822)
• VMM: raised the memory limit for 64-bit hosts to 1TB
• Experimental support for PCI passthrough for Linux hosts, see the manual for more information
• Windows guests: Experimental WDDM graphics driver, supporting Windows Aero (bug #4607) and providing Direct3D support using a cleaner approach (no need to install the guest drivers in Safe Mode anymore)
• Guest Additions: status of modules and features can now be queried separately by the frontends
• Networking: new network attachment mode "Generic Driver", which offers an open plugin architecture for arbitrary and separately distributable virtual network implementations
• Host-only Networking: fixed host crash in kernels prior to 2.6.29
• New Networking Mode UDP Tunnel: allows to interconnect VMs running on different hosts easily and transparently, see the manual for more information
• Experimental support for SATA hard disk hotplugging available with VBoxManage
• Solaris hosts: New Crossbow based bridged networking driver for Solaris 11 build 159 and above

downlaod here:
http://www.virtualbox.org/wiki/Downloads

Download Havij 1.1.5

Havij is the one of the best tool for SQL injections which is used by most of the persons to hack website databse. This is a nice automated tool which takes tha URL and give you complete database of the website


The power of Havij that makes it different from similar tools is its injection methods. The success rate is more than 95% at injectiong vulnerable targets using Havij.
The user friendly GUI (Graphical User Interface) of Havij and automated settings and detections makes it easy to use for everyone even amateur users.


What's in this

1. Webknight WAF bypass added.
2. Bypassing mod_security made better
3. Unicode support added
4. A new method for tables/columns extraction in mssql
5. Continuing previous tables/columns extraction made available
6. Custom replacement added to the settings
7. Default injection value added to the settings (when using %Inject_Here%)
8. Table and column prefix added for blind injections
9. Custom table and column list added.
10. Custom time out added.
11. A new md5 cracker site added
12. bugfix: a bug releating to SELECT command
13. bugfix: finding string column
14. bugfix: getting multi column data in mssql
15. bugfix: finding mysql column count
16. bugfix: wrong syntax in injection string type in MsAccess
17. bugfix: false positive results was removed
18. bugfix: data extraction in url-encoded pages
19. bugfix: loading saved projects
20. bugfix: some errors in data extraction in mssql fixed.
21. bugfix: a bug in MsAccess when guessing tables and columns
22. bugfix: a bug when using proxy
23. bugfix: enabling remote desktop bug in windows server 2008 (thanks to pegasus315)
24. bugfix: false positive in finding columns count
25. bugfix: when mssql error based method failed
26. bugfix: a bug in saving data
27. bugfix: Oracle and PostgreSQL detection

Download Here:
Link 1

Tutorial on Password guessing attack

Passwords are used in every system for authentication of a user. Password is a set of symbol asssociated with a user. Password guessing attack is a type of attack in which an attacker tries to gain access of a system or network with a guessed password. Guessing a password is very simple type of attack but it is most effective if you know about the victim. The latest form of password guessing attack is carried out by automated tools which guess and try the password again and again to get the access of a system.
If you are doing it without any tool, you can try some information of users as a password which are generally taken as a passowrd. such as mobile number, birthday, name of gf/bf, birthday. So if you use this type of passwords then you can be hacked easily by a simple guess.


Password guessing attacks can be classified into two.


Brute Force Attack: A Brute Force attack is a type of password guessing attack and it consists of trying every possible code, combination, or password until you find the correct one. This type of attack may take long time to complete. A complex password can make the time for identifying the password by brute force long.
Dictionary Attack: A dictionary attack is another type of password guessing attack which uses a dictionary of common words to identify the user’s password.


We also have hybrid attacks, which append, prepend, or insert numerical (0-9) and special (!@#$%*, etc.) characters to dictionary terms. Passwords guessed at this level might be something like "129good45guess" or "pa55w0rd."'


A short and simple tutorial.. comment if any question

How to use megaupload as premium user

If you want to enjoy megaupload as premium usr, download this tool and install. I got this tool on the website www.egyhacks.net and the reviews were good. The name of the tool is Megakey


Features.
1) It removes limitations on megaupload and megavideo.
2) It provides happy hour premium access to all mega sites.
3) It allows for ultra fast up & downloads thanks to multiplexing technology.
4) It identifies music files on your PC and make them available in your megabox.
5) It gives you a direct connection to mega servers.
6) No delays and availability. In the future you get free access to movies, music and games licensed by mega.


Download Here:


I am not the uploader of this tool and will not be responsible for this.. download at your own risk

Backtrack 5 R1 released

Backtrack, the operating system for pnetration testers, 5R1 released. 


This release contains over 120 bug fixes, 30 new tools and 70 tool updates.
The kernel was updated to 2.6.39.4 and includes the relevant injection patches.


The company posted on the blog, "We are really happy with this release, and believe that as with every release, this is our best one yet. Some pesky issues such as rfkill in VMWare with rtl8187 issues have been fixed, which provides for a much more solid experience with BackTrack. 
We’ve released Gnome and KDE ISO images for 32 and 64 bit (no arm this release, sorry!), as well as a VMWare image of a 32 bit Gnome install, with VMWare Tools pre-installed."


Download Here:
http://www.backtrack-linux.org/downloads/

Android Is The Number 1 Target Of Hackers

If you are an android users, you could be or might be the next victim of hackers, According to report by Mcafee, Google android has became the number 1 target of hackers, The Mcafeereport also says that the recent attacks from hacktivists Anonymous and Lulzsec security helped in driving a massive increase in Online attacks.
According to the threat report the reason why google android is the number 1 target, is because google is not monitoring the active distribution of mobile apps. As a result of which android users are being the victim of massive malware attacks.


What kind of Malware is being distributed?

According to Mcafee report, the android malware takes over the identity of android user, hence causing an identity theft attack, Once the malware has been installed, the hacker has complete access to any kind of information including personal data, GPS logs and carrier and billing code information.

According to Dave Marcus the Director Of Mcafee Security Labs:

“There is malware ending up on Android phones that is coming out of China and is being used to steal the identity of Android users, Once hackers take control of an Android device, they have access to any kind of information on there including personal data, GPS logs and carrier and billing code information.”

According to me the reason why android is being targeted the most is because most android users do not bother to use any antivirus at all, or if they use it, they do not update it all. As a reason of which it becomes fairly easy for hackers to promote and distribute malware, I don't think that there are any zero days being used, A simple trojan is being used with a little bit code obfuscation to bypass the antiviruses.

How Can I protect My Self From Android Malware?

It's simple install a good antivirus and update it regularly, New malware come up every day, so you should make sure that your antivirus is updated, Plus avoid downloading any untrusted mobile apps which you are not sure about. It would be nice if you could do a little research on the google before installing any google app.

Tabnapping Is The Latest Phishing Scheme

Tab Napping: A New Type of Phishing Attack

The web is a generative and wild place. Sometimes I think I missed my calling; being devious is so much fun.
 Too bad my parents brought me up with scruples.Most phishing attacks depend on an original deception. If you detect that you are at the wrong URL, or that something is amiss on a page, the chase is up. You’ve escaped the attackers. In fact, the time that wary people are most wary is exactly when they first navigate to a site.What we don’t expect is that a page we’ve been looking at will change behind our backs, when we aren’t looking. That’ll catch us by surprise.
              
        

How The Attack Works

 1.  A user navigates to your normal looking site.
 2.  You detect when the page has lost its focus and hasn’t been interacted with for a while.



 3.  Replace the favicon with the Gmail favicon, the title with “Gmail: Email from Google”,and the page with a Gmail login look-a  -like.This can all be done with just a little bit of  Javascript that takes place instantly.
 4.  As the user scans their many open tabs, the favicon and title act as a strong visual cu—memory is malleable and moldable and the user will most likely simply think they left a Gmail tab open. When they click back to the fake Gmail tab, they’ll see the standard Gmail login page, assume they’ve been logged out, and provide their credentials to log in. The attack preys on the perceived immutability of tabs.  5.  After the user has entered their login information and you’ve sent it back to your server, you redirect them to Gmail. Because they were never logged out in the first place, it will appear as if the login was successful.Targeted Attacks


There are many ways to potentially improve the efficacy of this attack.
Using my CSS history miner you can detect which site a visitor uses and then attack that site (although this is no longer possible in Firefox betas). For example, you can detect if a visitor is a Facebook user, Citibank user, Twitter user, etc., and then switch the page to the appropriate login screen and favicon on demand.
You can make this attack even more effective by changing the copy: Instead of having just a login screen, you can mention that the session has timed out and the user needs to re-authenticate. This happens often on bank websites, which makes them even more susceptible to this kind of attackEven more deviously, there are various methods to know whether a user is currently logged into a service. These methods range from timing attacks on image loads, to seeing where errors occur when you load an HTML webpage in a script tag*. Once you know what services a user is currently logged in to, the attack becomes even more effective.
  
Attack Vector


Every time you include a third-party script on your page, or a Flash widget, you leave yourself wide open for an evil doer to use your website as a staging ground for this kind of attack. If you are the evil doer, you can have this behavior only occur once in a while, and only if the user uses a targeted service. In other words, it could be hard to detect.
You can also use a cross-site scripting vulnerabilities to force the attack to be performed by other websites. And for browsers that do not support changing the favicon, you can use alocation.assign call to navigate the page to a controlled domain with the correct favicon. As long as the user wasn’t looking at the tab when the refresh occurred (which they won’t be), they’ll have no idea what hit them. Combine this with look-alike Unicode domain names and even the most savvy user will have trouble detecting anything is amiss.
Try it Out


You can try it out on this very website (it works in all major browsers). Click away to another tab for at least five seconds. Flip to another tab. Do whatever. Then come back to this tab.
It’s hard to find, isn’t it? It looks exactly like Gmail. I was lazy and took a screenshot of Gmail which loads slowly. It would be better to recreate the page in HTML.
Update: Many people have reported that the attack doesn’t change the favicon in Chrome. This was due to a bug in Chrome which has been fixed in the version 6.0.408.1. Chrome is fully susceptible to this attack.
You can get the source code here: bgattack.js.


 The Fix


This kind of attack once again shows how important our work is on the Firefox Account Manager to keep our users safe. User names and passwords are not a secure method of doing authentication; it’s time for the browser to take a more active role in being your smart user agent; one that knows who you are and keeps your identity, information, and credentials safe.

ASIMO makes its debut at the 2011 FIRST Championship

The world’s most advanced humanoid robot, ASIMO, will be making its first appearance at the FIRST Championship tomorrow. In case you didn’t know, the FIRST (For Inspiration and Recognition of Science and Technology) Championship is an event where over 11,000 students from 29 different countries will take part in 3 simultaneous robotics competitions. The FIRST Championship encourages students to pursue a career in science, technology and engineering through the use of robotics.

ASIMO, a robot that took  over twenty years of research and development to create will be shown off at the event, demonstrating its abilities and functions to the public. ASIMO has never been shown off at a FIRST Championship before, so tomorrow will mark its first day at the event. If you’d like to catch ASIMO in action, head to the second level atrium of the America’s Center Convention Complex in downtown St. Louis, Missouri. The robot will be shown off on Friday, April 29 from 10am to 5pm and Saturday April 30 from 9am to 12pm.