Ajit Gaddam: TechNews and Security

An Associate producer of Dateline, a NBC show, Michelle Madigan tried to attend this year’s DEFCON psing undercover where she registered as a programmer and came to the annual Hacking/Security conference with a hidden camera hoping to get some hidden scoops for her show.

However, there was one small problem. DEFCON has a strict rules prohibiting media from photographing or videotaping without approval. Another Michelle was never really undercover. The organizers of DEFCON got a tip off from a mole at NBC that she was showing up posing undercover. So the organizers politely tried to give her a press pass which she repeatedly refused. So the geeks took it into their own hands.

The organizers in a conference in between held an impromptu “spot the undercover reporter”. Madigan fled, much to the delight of the convention attendees who mocked her all the way to the parking lot. Check out the video below.

Read the rest of this entry »

Wow. Matt Cutts. <takes a bow>

As reported by SearchEngineLand and a number of blogs, Matt Cutts, the head of Google’s WebSpam team, had his blog defaced by the Dark SEO Team over the weekend. Matt’s blog is down, hacked — and archives wiped out as well. Matt has posted previously to this about the site being slow (post gone, but you can see his Twitter comment here) and heading offline through Monday, so you might be seeing the screen below for awhile.

Now, Matt Cutts seems to have taken his sweet revenge. You can check it out yourself by visiting the Dark SEO’s website

The Content of the hack

Defaced by Matt ! I ownz you, Dark seo team !

Of course I’m lying when I make everyone believe that content is King.
Of course black hat SEO and spamdexing are the only Kings.
Google is just a stupid algorithm relying on spammy backlinks.
But you guys had no right to let everyone know. That’s why I defaced your bloody DST site. To show the entire world how evil a white hat can be.

In fact, I’m as evil as my employer

All your backlinks are belong to us !

Head of the Google’s Webspam team

Update: Matt Cutts and Dark SEO combined to make this a successful April Fools Joke. <takes a bow again>

Related Links:

In case you wish to view larger pictures, if Matt Cutts blog and Dark SEO’s website are restored to their original pristine glory

1. Matt Cutts Blog Defaced by Dark SEO

2. Matt Cutts defaces Dark SEO’s website

I recently lost my Cell phone while travelling abroad. Fortunately for me, I had an brand new cell phone which I got from T-Mobile for free when I renewed my contract with them, a Nokia 6010 hanging around. In most countries, there are pre-paid options for phones where you pay a provider some cash and you get a SIM card which you can plug into your phone and you are all set. However, the Nokia phone I had was locked to T-Mobile and I could not use my SIM card.

This led me to go online and see if there are any methods out there to help me unlock and use my cellphone. Now, there are plently of sites out there which give you the unlock codes for your Nokia Cell phone. However, most of them charge anywhere from $9.99 to $65 to provide you with the unlock codes. Also, some of them only take payment in Euros. So, in this post, I will introduce you to two sites who provide you with unlock codes for your Nokia Cell phone absolutely FREE.

Site # 1: Unlock.it

This site is the most popular free site for unlocking any Nokia based Cell phone and most of the cell phones out there. Some of their other brands for which they provide unlock codes include Siements, LG, NEC, Panasonic, Samsung, Sony Ericsson and Motorola based phones.

The procedure for unlocking your Cell phone is as follows:

1. Start your phone without your new SIM or any SIM card in it

2. Now hit *#06# on your cell phone. When you do it, your IMEI number, a unique global serial number for your cell phone shows up. Your IMEI number should be 15 digits.

3. Now, choose the model of your Cell phone. If you don’t know your cell phone model number, you can always find out by removing the cell/battery of your phone. The model number along with the IMEI of the phone should be present.

4. Now, select the country and the operator the phone is locked to. For example “USA- T-Mobile”

5. You are now given the unlock codes for your cell phone. A lot of people have a problem punching in the alphabet p and w while entering the unlock codes. To enter the codes, here is a visual guide below as well as the step by step procedure
Read the rest of this entry »

Spammer Watch : DAY # 1 

So, I followed up with our London based Nigerian spammer by emailing him that I am indeed interested in proceeding with this “financial transaction”. I pretend to be a Mr. Brandon Hurley based in the UK. So, here is my first email to Mr. Peter Fischer, our friendly neighbourhood spammer

Spammer Watch : Day # 2

So, within 7 hours, I get an email from Mr.Fischer thanking me for my interest. This is starting to get interesting.
Read the rest of this entry »

Every IT professional worth his/her salt has their own webpage/blog these days. While you may have people from all over the globe dropping a line at your site, Email harvesters are the most unwanted visitors on any website. These email spambots crawl the web via search engines to find and extract email addresses from webpages. E-mail addresses in your blog or webpage are no secret to spam robots. Here’s a guide that should help you protect your email addresses from these spam spiders. Techniques mentioned use text manipulation, Masking, HTML, Flash, CSS, and JS to hide email addresses.
How email spammers operate? Email addresses always contain an @ symbol. Most spambots do a pattern-search for likely combinations of letters (abc@xyz.com) like billgates@microsoft.com or larrypage@google.org in the HTML source of webpages. Often they just search for the @ character and grab all the letters on each side on the assumption that it’s a valid email address.
How to keep your email address available to humans but invisible to email spiders? There are tons of Email Address Protector software that claim to protect your email address in web pages and get rid of junk mail - Don’t waste your money, they only encode your email or generate a javascript snippet. We will discuss manual email encoding techniques here. If a visitor clicks an encryped email link on your website, it will work as normal, but spam robots will not be able to extract the address from the link. Read the rest of this entry »

This article is not a hacking tutorial. This is only to be used for educational purposes and should not be exploited.

Using simple command line tools on a machine running Windows XP, we will obtain system level priviledges. The system run level is higher than administrator, and has full control of the operating system and it’s kernel. On many machines this can be exploited even with the guest account. This system account allows for several other things that aren’t normally possible (like resetting the administrator password).
The Local System account is used by the Windows OS to control various aspects of the system (kernel, services, etc); the account shows up as SYSTEM in the Task Manager process list, as seen in the following screen shot:
Local System differs from an Administrator account in that it has full control of the operating system, similar to root on a *nix machine. Most System processes are required by the operating system, and cannot be closed, even by an Administrator account; attempting to close them will result in a error message.

The following quote from Wikipedia explains this in a easy to understand way:

: In Windows NT and later systems derived from it (Windows 2000, Windows XP, Windows Server 2003 and Windows Vista), there may or may not be a superuser. By default, there is a superuser named Administrator, although it is not an exact analogue of the Unix root superuser account. Administrator does not have all the privileges of root because some superuser privileges are assigned to the Local System account in Windows NT.

Under normal circumstances, a user cannot run code as System, only the operating system itself has this ability, but by using the command line, we will trick Windows into running our desktop as System, along with all applications that are started from within.   Procedure to get system level access and previlege escalation in windows I will now walk you through the process of obtaining SYSTEM privileges and a demonstration of this Windows XP admin exploit / super user hack 

Read the rest of this entry »