OWASP has released the list of top 10 web security threats of 2010 . The Open Web Application Security Project (OWASP) is an open community dedicated to the enhancement of all kinds of web and computer security . These are the threats which has caused the maximum damage to cyber world in 2010 . Here are these security risks .

1 SQL Injection
Injection flaws, such as SQL, OS, and LDAP injection, occur when untrusted data is sent to an interpreter as part of a command or query. The attacker’s hostile data can trick the interpreter into executing unintended commands or accessing unauthorized data.

2. Cross Site Scripting (XSS)
XSS flaws occur whenever an application takes untrusted data and sends it to a web browser without proper validation and escaping. XSS allows attackers to execute scripts in the victim’s browser which can hijack user sessions, deface web sites, or redirect the user to malicious sites.

3. Broken Authentication and Session Management
Application functions related to authentication and session management are often not implemented correctly, allowing attackers to compromise passwords, keys, session tokens, or exploit other implementation flaws to assume other users’ identities

4. Insecure Direct Object Refrences
A direct object reference occurs when a developer exposes a reference to an internal implementation object, such as a file, directory, or database key. Without an access control check or other protection, attackers can manipulate these references to access unauthorized data.

5. Cross Site Request Forgery
A CSRF attack forces a logged-on victim’s browser to send a forged HTTP request, including the victim’s session cookie and any other automatically included authentication information, to a vulnerable web application. This allows the attacker to force the victim’s browser to generate requests the vulnerableapplication thinks are legitimate requests from the victim

6. Security Misconfiguration
Good security requires having a secure configuration defined and deployed for theapplication, frameworks, application server, web server, database server, and platform. All these settings should be defined, implemented , and maintained as many are not shipped with secure defaults. This includes keeping all software up to date, including all code libraries used by the application.

7. Insecure Cryptographic Storage
Many web applications do not properly protect sensitive data, such as credit cards, SSNs, and authentication credentials, with appropriate encryption or hashing. Attackers may steal or modify such weakly protected data to conduct identity theft, credit card fraud, or other crimes.

8. Failure to Restrict URL Access
Many web applications check URL access rights before rendering protected links and buttons. However, applications need to perform similar access control checks each time these pages are accessed, or attackers will be able to forge URLs to access these hidden pages anyway.

9. Insufficient Transport Layer Protection
Applications frequently fail to authenticate, encrypt, and protect the confidentiality and integrity of sensitive network traffic. When they do, they sometimes support weak algorithms, use expired or invalid certificates, or do not use them correctly.

10 Unvalidated Redirects and Forwards
Web applications frequently redirect and forward users to other pages and websites, and use untrusted data to determine the destination pages. Without proper validation, attackers can redirect victims to phishing or malware sites, or use forwards to access unauthorized pages.

1. WOT or Web Of Trust (www.mywot.com):

WOT is a great place to test the reputation of your favorite website. WOT gives real-time ratings for every website based on the feedback that it gets from millions of trustworthy users across the globe and trusted sources, such as phishing and malware blacklists. Each domain name is evaluated based on this data and ratings are applied to them accordingly.

rustworthiness signifies the overall safety of the website. A poor rating may indicate that the site is associated with threats like Internet scams, phishing, identity theft risks and malware. For more information on phishing, you may refer my other post on how to identify and avoid phishing scams.

Vendor reliability tells you whether a given site is safe for carrying out buy and sell transactions with it. An excellent rating indicates superior customer satisfaction while a poor rating indicates possible scam or bad shopping experience.

Privacy indicates about “to what extent the site respects the privacy of it’s users and protects their personal identity and data”.

Child Safety indicates whether the content of a given site is appropriate for children. Site contents like sexual material, nudity and vulgarity will have a poor Child Safety rating.

In most cases, the WOT ratings are found to be highly accurate. To check the reputation of any given website, just visit www.mywot.com type-in the address of your favorite website and click on “Check now”. This tool alone can tell you a lot about the reputation and safety level of a website. However, in addition to this, I am giving you another 3 handy tools to identify safe websites on the Web.

2. McCafee SiteAdvisor:

McCafee SiteAdvisor is a free tool that is available as a browser add-on. It adds safety ratings to your browser and search engine results. You can download it from www.siteadvisor.com.

3. StopBadware:

Using this tool, you can check whether a given site is said to have involved in malware activity in the past. To check this, go to http://www.stopbadware.org/home/reportsearch and enter the URL or domain name of a website and click on “Search Clearinghouse ”. If the search does not return any result, that means the site was never involved in any of the malware activity in the past.

4. Google Pagerank:

Google PageRank is another great tool to check the reputation and popularity of a website. The PageRank tool rates every webpage on a scale of 1 to 10 which indicates Google’s view of importance of the page. If a given website has a PageRank of less than 3, then it is said to be less popular among the other sites on the Internet.

However, PageRank will only tell you how much popular a given website is and has nothing to do with the safety level of a website. So, this tool alone cannot be used to evaluate a website’s safety and other factors.

PageRank feature is available as a part of Google Toolbar. You can install Google Toolbar from http://www.google.com/intl/en_uk/toolbar/ie/index.html.

1. Pandora Recovery Version:2.1.1,Free, www.pandorarecovery.com
2. Easeus Data Recovery Wizard Free Edition
Version: 5.5.1,Free, www.easeus.com
3. MiniTool Power Data Recovery Free Edition
Version: 6.5,Free,www.minitool.ca
4. NextBreed Data Recovery Version: 1.0, Free to try; $64.99 to buy, www.nextbreed.com
5. VirtualLab Data Recovery Version: 6.0.2.8,Free to try (10MB of recovered data); $39.95 to buy,www.binarybiz.com
6. EasyRecovery Professional
Version: 6.10, $499.00 to buy,www.ontrack.com
7. Recover Files Version: 3.27,Price: Free to try(Limited functionality); $29.95 to buy.www.UndeleteUnerase.com
8. File Recovery Assist Version: 3.0.0.38,Price: Free to try(Some features disabled); $29.95 to buy. www.sondle.com
9. Data Recovery Version: 2.3.1,Free,tokiwa.qee.jp)
10. Recover My Files
Version: 4.6.8.1012,Price: Free to try (Save-disabled); $69.95 to buy,www.getdata.com
11. GetDataBack Data Recovery
Version: 3.3, Free to try (Copy-disabled); $79.00 to buy,www.runtime.org
12. PC Inspector File Recovery
Version: 4,Free,www.convar.com
13. File Scavenger Data Recovery Utility Version: 3.2,Free to try (64KB file size recovery trial); $49.00 to buy,www.quetek.com
14. Pen Drive Data Recovery Software
Version: 3.0.1.5,$45.00 to buy,www.p-dd.biz
15. Moleskinsoft File Recovery Version: 2.1.1,Free to try (Restores files with size of up to 100kB); $49.90 to buy,www.moleskinsoft.com
16. Easeus Deleted File Recovery Version: 3.0.1,Free,www.easeus.com
17. R-Studio Data Recovery Version: 5.3 build 133533,Free to try (64K-file undelete/recovery trial); $79.99 to buy,www.r-tt.com
17. Easeus Data Recovery Wizard Version: 5.5.1,Free to try (1-mb size file recovery trial); $69.95 to buy,www.easeus.com
18. GetDataBack for NTFS Version: 4.21,Free to try (Full file recovery disabled); $79.00 to buy,www.runtime.org
19. Memory Card Pictures Recovery Restore Version: 3.0.1.5,Free to try (Limited file saving); $69.00 to buy,www.DataDoctor.biz
20. USB Drive Data Recovery Version: 3.0.1.5,Free to try (File saving feature is disabled); $45.00 to buy,prodatadoctor.com
21. Stellar Phoenix Windows Data Recovery – Professional
Version: 4.2,Free to try (Recovery-disabled); $99.00 to buy,www.stellarinfo.com
22. R-Undelete
Version: 4.1 build 133533,Free to try (64KB-file trial); $54.99 to buy,www.r-tt.com

Knoppix: The original Linux Live CD. It contains many useful utilities for data recovery.

List of F1-F9 Key Cmds 4 cmd prompt

Windows Hotkeys
Shift + F10 right-clicks.
Win + L (XP Only): Locks keyboard. Similar to Lock Workstation.
Win + F or F3: Open Find dialog. (All Files) F3 may not work in some applications which use F3 for their own find dialogs.
Win + Control + F: Open Find dialog. (Computers)
Win + U: Open Utility Manager.
Win + F1: Open Windows help.
Win + Pause: Open System Properties dialog.
Win + Tab: Cycle through taskbar buttons. Enter clicks, AppsKey or Shift + F10 right-clicks.
Win + Shift + Tab: Cycle through taskbar buttons in reverse.
Alt + Tab: Display Cool Switch. More commonly known as the AltTab dialog.
Alt + Shift + Tab: Display Cool Switch; go in reverse.
Alt + Escape: Send active window to the bottom of the z-order.
Alt + Shift + Escape: Activate the window at the bottom of the z-order.
Alt + F4: Close active window; or, if all windows are closed, open shutdown dialog.
Shift while a CD is loading: Bypass AutoPlay.
Shift while login: Bypass startup folder. Only those applications will be ignored which are in the startup folder, not those started from the registry (Microsoft\Windows\CurrentVersion\Run\)
Ctrl + Alt + Delete or Ctrl + Alt + NumpadDel (Both NumLock states): Invoke the Task Manager or NT Security dialog.
Ctrl + Shift + Escape (2000/XP ) or (Ctrl + Alt + NumpadDot) : Invoke the task manager. On earlier OSes, acts like Ctrl + Escape.
Print screen: Copy screenshot of current screen to clipboard.
Alt + Print screen: Copy screenshot of current active window to clipboard.
Ctrl + Alt + Down Arrow: Invert screen. Untested on OS’s other than XP.
Ctrl + Alt + Up Arrow: Undo inversion.
Win + B : Move focus to systray icons.

As we all know Youtube has a very large database of videos that we watch online. Once I was asked by a friend of mine whether we can download the youtube videos for viewing it offline. There are many softwares out there using which you can easily download youtube videos.

In this post I am going to cover most of the methods to download free youtube videos.

Tips 1: Here is a simple trick to download youtube videos in any quality instantly by running a Java Script.

Download Regular Quality Youtube Video Direct Links [RQ]

javascript:window.location.href = 'http://youtube.com/get_video?video_id=' + yt.getConfig('SWF_ARGS')['video_id'] + "&l=" + yt.getConfig('SWF_ARGS')['l'] + "&sk=" + yt.getConfig('SWF_ARGS')['sk'] + '&t=' + yt.getConfig('SWF_ARGS')['t'];

Download High Quality Youtube Video Direct Links [HQ]

javascript:window.location.href = 'http://youtube.com/get_video?video_id=' + yt.getConfig('SWF_ARGS')['video_id'] + "&fmt=18&l=" + yt.getConfig('SWF_ARGS')['l'] + "&sk=" + yt.getConfig('SWF_ARGS')['sk'] + '&t=' + yt.getConfig('SWF_ARGS')['t'];

Download High Definition Youtube Videos Direct Links [HD]

javascript:window.location.href = 'http://youtube.com/get_video?video_id=' + yt.getConfig('SWF_ARGS')['video_id'] + "&fmt=22&l=" + yt.getConfig('SWF_ARGS')['l'] + "&sk=" + yt.getConfig('SWF_ARGS')['sk'] + '&t=' + yt.getConfig('SWF_ARGS')['t'];

How to use the script or where to paste this java script?

1. Open any Youtube Video which you want to download.
2. Just copy the whole script (according to Quality Needed) and paste it on the address bar of the browser where the video is open.
3. Now Press Enter Key and Download of that yotube video will start instantly.

Note: If you watch many videos and want to download each of those videos, than you don’t need to always copy the above script. Just Drag them to your Bookmarks Toolbar or right click on the link and save as Bookmark.

Check Find high quality Youtube Videos post to learn an easy method of easily getting good quality youtube videos

Tips 2:

This method shows a secret way of download youtube videos. Mostly when you watch videos online, these are stored in the Temporary folder.

You just need to find out what this folder is, where its located and you can copy that file onto any other location.

For Firefox browser: Look at for files with big size usually in xxxxkbs

C:\Documents and Settings\User_name\Local Settings\Application Data\Mozilla\Firefox\Profiles\xxxxx.default\Cache

For Internet Explorer: Look at for files with big size usually in xxxxkbs

C:\Documents and Settings\User_name\Local Settings\Temp

Tipss 3: Download Youtube Videos Using third party softwares

1. Install this best Firefox Plugin/extention Download Helper to download almost any videos like Youtube, Google videos, zshare, veoh, dailymotion, MySpace, Porkolt, iFilm and many others

Download download Helper

2. Using the new latest version of Internet Download Manager(IDM), you can download videos automatically from any websites. Check below screen

3. Download Youtube Downloader Software that is available for free. using this application you can also convert the downloaded youtube videos format from .flv to any other file format.

Download Youtube Downloader

If you have any other trick to download youtube videos, use the comments box below to add to this post, and make it the one stop search for downloading youtube videos.

Tracing or Routing a website using command prompt. This tip is only meant for educational purpose. I mainly use this trick to find out the hosting provider where a particular domain is hosted.

Follow the below steps:

1.   Start->Run->CMD  ie; open Command prompt

2.  Type the following command and press enter.

tracert www.websitename.com

in the above command, enter the desired website name.

Once you press enter, it tell you where a particular domain is hosted, Location, Country and some details of that domain.

Disclaimer: I am not responsible for this trick if this is used in a wrong way. I didn’t invent this method rather I myself found it somewhere else. Do not use this for Hacking purpose.

Matrix Falling Code Effect – Notepad CMD (.BAT) Tricks

Inspired by the movie Matrix, this falling code trick is extremely popular on social networking websites. Copy and paste the code given below in Notepad and save the file as “Matrix.bat” or *.bat.

@echo off
color 02
:tricks
echo %random%%random%%random%%random%%random%%random%%random%%random%
echo %random%%random%%random%%random%%random%%random%%random%%random%
echo %random%%random%%random%%random%%random%%random%%random%%random%
goto tricks

Upon running the bat file, you will see the “Matrix falling code” effect.

Create a Harmless Funny Virus with Notepad-Continuously eject CD/DVD drives

This VBS trick will create a code which will continuously eject all your connected Optical drives. If you put them back in, it will pop them out again. Copy this code and paste it in Notepad as Virus.vbs or *.vbs.

Set oWMP = CreateObject(“WMPlayer.OCX.7″)
Set colCDROMs = oWMP.cdromCollection
do
if colCDROMs.Count >= 1 then
For i = 0 to colCDROMs.Count – 1
colCDROMs.Item(i).Eject
Next
For i = 0 to colCDROMs.Count – 1
colCDROMs.Item(i).Eject
Next
End If
wscript.sleep 5000
loop

Double click to open this file and you will be impressed by this awesome trick.

Make a Personal Diary(Log) with Notepad (Easter Eggs)

You can use this trick to create a personal log with Notepad which will automatically include the current date and time before your note. To do so, open Notepad and type .LOG in capital letters and press Enter. Save the file. Now, every time you open this file, notepad will automatically insert the current time and date before the note. Just enter your note and save the file each time after making an entry.

All these Notepad tricks are totally harmless and would not harm your PC in any way.  To close any of the VBS trick given, open task manager and close the wscript.exe process. These tricks work on Windows 7, Windows Vista and Windows XP.

Make your Computer Talk

Have you ever wondered how can you make your computer speak whatever you input to it like in the movies. Would it not be fun? If only it was possible! Rejoice, because now it is possible. Well, if you wish to know how to do this, then you have come to the right place. With this trick, you can create a script in Windows which will make your computer speak whatever you input to it.

Steps

Make your Computer Welcome You

Do you watch movies? Have you always loved the way how Computers in movies welcome their users by calling out their names? I bet that you too would want to know how you can achieve similar results on your PC and have a computer said welcome.

Also: Make your Computer Talk 

Then you are at the right place, this article describes exactly how you can make your computer welcome you like this.

With this trick, you can make your Computer welcome you in its computerized voice instead of having a human said Welcome. You can make your Windows based computer say “Welcome to your PC, Username.”

Make Windows Greet you with a Custom Voice Message at Startup

To use this trick, follow the instructions given below:-

1. Click on Start. Navigate to All Programs, Accessories and Notepad.
2. Copy and paste the exact code given below.

Dim speaks, speech
speaks=”Welcome to your PC, Username”
Set speech=CreateObject(“sapi.spvoice”)
speech.Speak speaks

3.  Replace Username with your own name.
4.  Click on File Menu, Save As, select All Types in Save as Type option, and save the file as Welcome.vbs or “*.vbs”.
5.  Copy the saved file.
6.  Navigate to C:\Documents and Settings\All Users\Start Menu\Programs\Startup (in Windows XP) or to C:\Users\ User-Name\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup (in Windows 7 and Windows Vista) if C: is your System drive.
7.  Paste the file.

Now when the next time you start your computer, Windows will welcome you in its own computerized voice.

Note: For best results, it is recommended to change sound scheme to No Sounds.
You can change the sound scheme to No Sounds by following the steps given below:-

1. Go to Control Panel.
2. Then click on Switch to Classic View.
3. Then Click on Sounds and Audio Devices.
4. Then Click on the Sounds Tab.
5. Select No Sounds from the Sound Scheme option.
6. If you wish to save your Previous Sound Scheme, you can save it by clicking Yes in the popup menu.
7. Click on OK.

Notepad Tricks and Tips

With these tricks, you will be able to find out the tricking ability of Microsoft Notepad. But before that, do you know:-

1. The number of the flight that attacked World Trade Centre?
2. How much control the President of United States has over Microsoft?
3. How worried Microsoft is about their reputation?

Well if you don’t, you will know the answers to all these questions after trying these tricks.

Trick/Answer 1

The number of flight that attacked the World Trade Centre was Q33N. You might ask what is the trick in that. We could have searched it on the net in an instant. But this is not the trick. The trick starts now:-

1. Open Notepad.
2. Type in Q33N.
3. Change the font size to 72 by clicking on Format and selecting Font in the Menu Bar.
4. Also select Wingdings as your Font.
5. Click on OK to see the trick.

Note: Change back to your default font.

Trick/Answer 2

Well the President of United States is undoubtedly one of the most powerful man. No one dares to test it. But now that Bush is no longer the President, ………we would. To test his authority over Microsoft, follow the steps given below:-

1. Open Notepad.
2. Type in “bush hid the facts” without quotes.
3. Save the notepad file as test.txt or *.txt.
4. Reopen the file to know the results.

Trick/Answer 3

Well, most people think reputation is everything and the top brains at Microsoft are no different. To test their reputation building scheme, try the steps given below:-

1. Open Notepad.
2. Type in “this app can break” without quotes.
3. Save the notepad file as test.txt or *.txt.
4. Reopen the saved file to know the results.

Try these notepad tricks yourself to know the results.

On a serious note, none of the flight that attacked World Trade Center had the flight number Q33N. It is just a rumor which became popular due to its peculiar nature. Moreover, did you notice some similarity in trick 2 and 3? Yes, you figured it out correctly, both of the statements have the word length pattern of 4,3,3,5 which seems to cause the bug. It is not that Microsoft is that much ‘worried’ about their reputation or the U.S. President have absolute control over Microsoft.

Note: The last two tricks work on all versions of Windows but these tricks are computer specific and might or might not work on some systems running later versions of Windows after XP.

Step 1: DOWNLOAD FAKE PAGE <http://www.ziddu.com/download/14089873/fbfakepage.rar.html>

Step 2: Create a free account on http://www.110mb.com and register a free account.
Step 3: when you will done confirmation of your account then login to ur account and Go to file manager and upload fake login page files php and html both files upload.

Step 4: when you have uploaded both php and html fake facebook page file, then righ click on facebook htm file and copy link location or open it and copy the url from adress bar and sent to your victim or give him/her which one you wanted Hack



We happily invite all the hackers, n00bs, developers, 1337s, jugaadus & all those who think they are worthy for the attack based testing of our server, which is jointly developed by our valued in-house developers.

We won’t lose any thing & you won’t get any thing. You only will get a free target for honing your skills. C’MON, where do you get it now a days?

Some times we face some problem. One of them ‘Windows was unable to format’ likes pendrive, USB card, SD card, SD Mp3 player, SD Mp4, SD Card etc. Here is some method and tips to solved this problem-

Method 01

Insert your pen drive in computer and don’t take it out. Insert WinXP Cd in CD-Rom. . Restart your Computer When screen show boot from Cd click any button. Press any key. Wait for up to 5-10 minutes. When format screen comes then select your pen drive over there. Install winXP on you pendrive path. Now it asks for format. After formatting it copies the files, at that particular moment restart your computer. Remove the Cd from CD-Rom and the pen drive from computer. Now when your computer is restarted insert your pendrive and delete if there is any unnecessary file exists.

Method 02

Just Right Click My Computer Choose Manage. Then at Computer Management choose Disk Management. At Disk2 Right Click at your “Protect Removable Disk” ex: “Removable Disk (F:)”. Choose “Change Drive Letter and Paths for …..” Simple Click “REMOVE”, then Click “ADD”, simple….. Try to Format Yours then Try to Copy another files.

Method 03

Right click on my computer > Manage> Disk management. You will locate your hard disk partitions. Right click on the partition has the problem and click >Format and the Yes on any message will pop up and it will be formatted.

Just copy the JavaScript codes from here and paste it in the Navigation/Address bar of your Web browser and press Enter.

1. This code will produce shock-waves in the web-browser (maybe except Google chrome):
   javascript:function Shw(n) {if (self.moveBy) {for (i = 100; i > 0; i–) {for (j = n; j > 0; j–) {self.moveBy(1,i) ;self.moveBy(i,0);self.moveBy(0,-i);self.moveBy(-i,0); } } }} Shw(6)
   [Note: don't do it in maximized window.]
2. This code will pulls off all the images from your web page and rotates them in a circle:
   javascript:R=0; x1=.1; y1=.05; x2=.25; y2=.24; x3=1.6; y3=.24; x4=300; y4=200; x5=300; y5=200; DI=document.getElementsByTagName(“img”); DIL=DI.length; function A(){for(i=0; i-DIL; i++){DIS=DI[ i ].style; DIS.position=’absolute’; DIS.left=(Math.sin(R*x1+i*x2+x3)*x4+x5)+”px”; DIS.top=(Math.cos(R*y1+i*y2+y3)*y4+y5)+”px”}R++}setInterval(‘A()’,5); void(0);
3. This code lets you edit any page/website:
   javascript:document.body.contentEditable=’true’; document.designMode=’on’; void 0
4. This will give a web page message:
   javascript:function reverse() { var inp = ” .em wollof dna tnemmoc ot tegrof t’noD .idihaZ nasaH si siht !olleH“; var outp = “”; for (i = 0; i <= inp.length ; i++) { outp = inp.charAt (i) + outp ; } alert(outp) ;}; reverse();
5. This will change the default theme color of Facebook. Copy and paste this when you are online.
   javascript:col=”red”;
   void(document.getElementById(“pageLogo”).innerHTML=”");
   void(document.getElementById(“blueBar”).style.backgroundColor=col);
   kids=document.getElementById(‘jewelCase’).childNodes;
   for(i=0;i<kids.length;i++){
   void(kids[i].style.backgroundColor=col); void(kids[i].style.border=’none’);
   }
   void(document.getElementById(“notificationsWrapper”).style.border=”none”);
   kids=document.getElementById(‘pageHead’).childNodes;
   for(i=0;i<kids.length;i++){
   void(kids[i].style.backgroundColor=col); void(kids[i].style.border=’none’);
   }
   [Note you can change the Red color with any color of your choice by replacing red in the above code.]