Satu lagi sumber kekuatan para IT Security, dan sumber yang di cari-cari oleh para newbie yang ingin tau lebih dalam teknik-teknik hacking/cracking, ada satu ebook yang patut dijadikan rujukan. Ebook ini berjudul "Anti-Hacker Toolkit". Dalam buku ini dijelaskan secara mendetil bagaimana cara menggunakan lebih dari 100 tools hacking. Penjelasannya secara teknis cukup mudah untuk dimengerti dan diikuti. Selain membawakan penjelasan tools dalam menyerang, disini juga dijelaskan topik mengenai mendeteksi adanya serangan dan menangani serangan tersebut. Topik-topik yang dibahas antara lain port scanners, vulnerability scanners, password crackers, and war dialers.

What is a Proxy Server?

What is a Proxy Server?
A proxy server is a kind of buffer between your computer and the Internet resources you are accessing. The data you request come to the proxy first, and only then it transmits the data to you. I know many are looking for IP Maskers or Scramblers, but honestly, it aint real easy for the simple fact that any website that you visit needs your IP to send the info packets too. If its scrambled, you will get alot of errors and crazy redirects :P My solution? Read on........... for a good list of Proxy servers try here>> http://www.multiproxy.org/

Why do I need to use proxy servers?
Transfer speed improvement. Proxy servers accumulate and save files that are most often requested by thousands of Internet users in a special database, called “cache”. Therefore, proxy servers are able to increase the speed of your connection to the Internet. The cache of a proxy server may already contain information you need by the time of your request, making it possible for the proxy to deliver it immediately.
Security and privacy. Anonymous proxy servers that hide your IP address thereby saving you from vulnerabilities concerned with it.
Sometimes you may encounter problems while accessing to web server when server administrator restricted access from your IP or even from wide IP range (for example restricting access from certain countries or geographical regions). So you try to access those pages using an anonymous proxy server.

What is a public proxy server?
It is a proxy server which is free and open for everybody on the Internet. Unfortunately most of them are not anonymous.
Free service trying to provide list of public HTTP proxy servers. Usually provide small list of proxies with low percent of functioning servers due to hosting restrictions on CPU time (they simply can't allow themselves to check many proxies every second especially in parallel).

The Solution?
When using an anonymous proxy server you don’t give a anybody chance to find out your IP address to use it in their own interests. ;) If there is a need to make an (inner) proxy connect to the outside world via another (outer) proxy server, you can use the same environment variables as are used to redirect clients to the proxy to make inner proxy use the outer one:
http_proxy
ftp_proxy
gopher_proxy
wais_proxy
E.g. your (inner) proxy server's startup script could look like this:
#!/bin/sh
http_proxy=http://outer.proxy.server:8082/
export http_proxy
/usr/etc/httpd -r /etc/inner-proxy.conf -p 8081

This is a little ugly, so there are also the following directives in the configuration file:
http_proxy http://outer.proxy.server/
ftp_proxy http://outer.proxy.server/
gopher_proxy http://outer.proxy.server/
wais_proxy http://outer.proxy.server/

10 Fast and Free Security Enhancements PC magazine.

Before you spend a dime on security, there are many precautions you can take that will protect you against the most common threats.

1. Check Windows Update and Office Update regularly (_http://office.microsoft.com/productupdates); have your Office CD ready. Windows Me, 2000, and XP users can configure automatic updates. Click on the Automatic Updates tab in the System control panel and choose the appropriate options.

2. Install a personal firewall. Both SyGate (_www.sygate.com) and ZoneAlarm (_www.zonelabs.com) offer free versions.


3. Install a free spyware blocker. Our Editors' Choice ("Spyware," April 22) was SpyBot Search & Destroy (_http://security.kolla.de). SpyBot is also paranoid and ruthless in hunting out tracking cookies.

4. Block pop-up spam messages in Windows NT, 2000, or XP by disabling the Windows Messenger service (this is unrelated to the instant messaging program). Open Control Panel | Administrative Tools | Services and you'll see Messenger. Right-click and go to Properties. Set Start-up Type to Disabled and press the Stop button. Bye-bye, spam pop-ups! Any good firewall will also stop them.

5. Use strong passwords and change them periodically. Passwords should have at least seven characters; use letters and numbers and have at least one symbol. A decent example would be f8izKro@l. This will make it much harder for anyone to gain access to your accounts.

6. If you're using Outlook or Outlook Express, use the current version or one with the Outlook Security Update installed. The update and current versions patch numerous vulnerabilities.

7. Buy antivirus software and keep it up to date. If you're not willing to pay, try Grisoft AVG Free Edition (Grisoft Inc., w*w.grisoft.com). And doublecheck your AV with the free, online-only scanners available at w*w.pandasoftware.com/activescan and _http://housecall.trendmicro.com.

8. If you have a wireless network, turn on the security features: Use MAC filtering, turn off SSID broadcast, and even use WEP with the biggest key you can get. For more, check out our wireless section or see the expanded coverage in Your Unwired World in our next issue.

9. Join a respectable e-mail security list, such as the one found at our own Security Supersite at _http://security.ziffdavis.com, so that you learn about emerging threats quickly and can take proper precautions.

10. Be skeptical of things on the Internet. Don't assume that e-mail "From:" a particular person is actually from that person until you have further reason to believe it's that person. Don't assume that an attachment is what it says it is. Don't give out your password to anyone, even if that person claims to be from "support."

Hacking Password Protected Website's

Hacking Password Protected Website's By Pinglocalhost

************************

There are many ways to defeat java-script protected websites. Some are very simplistic, such as hitting

[ctl-alt-del ]when the password box is displayed, to simply turning offjava capability, which will dump you into the default page.You can try manually searching for other directories, by typing the directory name into the url address box of your browser, ie: you want access to www.target.com .

Try typing www.target.com/images .(almost ever y web site has an images directory) This will put you into the images directory,and give you a text list of all the images located there. Often, the title of an image will give you a clue to the name of another directory. ie: in www.target.com/images, there is a .gif named gamestitle.gif . There is a good chance then, that there is a 'games' directory on the site,so you would then type in www.target.com/games, and if it isa valid directory, you again get a text listing of all the files available there.

For a more automated approach, use a program like WEB SNAKE from anawave, or Web Wacker. These programs will create a mirror image of an entire web site, showing all director ies,or even mirror a complete server. They are indispensable for locating hidden files and directories.What do you do if you can't get past an opening "PasswordRequired" box? . First do an WHOIS Lookup for the site. In our example, www.target.com . We find it's hosted by www.host.com at 100.100.100. 1.

We then go to 100.100.100.1, and then launch \Web Snake, and mirror the entire server. Set Web Snake to NOT download anything over about 20K. (not many HTML pages are bigger than this) This speeds things up some, and keeps you from getting a lot of files and images you don't care about. This can take a long time, so consider running it right before bed time. Once you have an image of the entire server, you look through the directories listed, and find /target. When we open that directory, we find its contents, and all of its sub-directories listed. Let's say we find /target/games/zip/zipindex.html . This would be the index page that would be displayed had you gone through the password procedure, and allowed it to redirect you here.By simply typing in the url www.target.com/games/zip/zipindex.html you will be onthe index page and ready to follow the links for downloading.

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

(DISCLAIMER)XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

The Info Above Is Lame!!!. I Dont Condone The Use Of This Document In A Malisous Manner. I Suggest That U Dont Do it But U Do What Ever U Want. I Will Not Be Responsible For Any Thing That Might Happen To U If U Use This. :)

How to hack Windows XP Admin Passwords the easy way

How to hack Windows XP Admin Passwords the easy way by Estyle, Jaoibh
and Azrael.

This hack will only work if the person that owns the machine
has no intelligence. This is how it works:

When you or anyone installs Windows XP for the first time your
asked to put in your username and up to five others.

Now, unknownst to a lot of other people this is the only place in
Windows XP that you can password the default Administrator Diagnostic
Account. This means that to by pass most administrators accounts
on Windows XP all you have to do is boot to safe mode by pressing F8
during boot up and choosing it. Log into the Administrator Account
and create your own or change the password on the current Account.

This only works if the user on setup specified a password for the
Administrator Account.

This has worked for me on both Windows XP Home and Pro.

-----------------------------------------------------------------------------

Now this one seems to be machine dependant, it works randomly(don't know why)

If you log into a limited account on your target machine and open up a dos prompt
then enter this set of commands Exactly:

(this appeared on www.astalavista.com a few days ago but i found that it wouldn't work
on the welcome screen of a normal booted machine)

-----------------------------------------------------------------------------

cd\ *drops to root
cd\windows\system32 *directs to the system32 dir
mkdir temphack *creates the folder temphack
copy logon.scr temphack\logon.scr *backsup logon.scr
copy cmd.exe temphack\cmd.exe *backsup cmd.exe
del logon.scr *deletes original logon.scr
rename cmd.exe logon.scr *renames cmd.exe to logon.scr
exit *quits dos

-----------------------------------------------------------------------------

Now what you have just done is told the computer to backup the command program
and the screen saver file, then edits the settings so when the machine boots the
screen saver you will get an unprotected dos prompt with out logging into XP.

Once this happens if you enter this command minus the quotes

"net user password"

If the Administrator Account is called Frank and you want the password blah enter this

"net user Frank blah"

and this changes the password on franks machine to blah and your in.

Have fun

p.s: dont forget to copy the contents of temphack back into the system32 dir to cover tracks

Any updates, Errors, Suggestions or just general comments mail them to either

Estyle89@hotmail.com
jaoibh@hotmail.com

Taekwondo

DOJANG AMIKOM SABET 2 PERUNGGU

DI KEJURKAB TAE KWONDO KABUPATEN SLEMAN

Tae Kwondo Dojang STMIK AMIKOM Yogyakarta kembali menunjukkan
prestasinya dengan menyabet 2 perunggu pada Kejurkab Tae Kwondo
Kabupaten Sleman. Tim AMIKOM menurunkan 4 atletnya yaitu Mulya
Sulistiyono, Vlentoni HK, Bansa Tuasikal, dan Rangga Juniansyah. Bansa
Tuasikal dan Mulya Sulistiyonolah yang mempersembahkan masing – masing
perunggu. Perolehan ini bisa dibilang cukup memuaskan karena ketiga
atlet AMIKOM selain Mulya Sulistiyono merupakan atlet – atlet baru.


Kejuaraan ini diikuti oleh dojang – dojang Tae Kwondo di daerah
Kabupaten Sleman. Diantaranya dojang STMIK AMIKOM, UPN, UGM, Yonif
403, Tri Haji Kayani, UNY, dan yang lainnya. Kejuaraan ini
dilaksanakan di GOR Sleman pada tanggal 11 Mei 2008. Semoga prestasi
Tae Kwondo AMIKOM semakin maju.