Remote 60 Professional - Control Your Phone from PC

Remote 60 Professional - Control Your Phone from PC
 
NEW: Now also running on Nokia N70, 668x, 6630, 6670, 3230, 6260 and 7610
NEW: Connect via USB with the DKU-2 cable (compatible phones only)

NEW: High performance screen algorithm using pure ARM/Thumb assembler and new compression scheme
Remote S60 Professional - Operate your phone from your desktop PC

Remote S60 Professional by mobileways.de lets you operate your Series 60 phone from your Windows computer. You can access and control all applications on your phone by using your PC's keyboard while watching the screen of your phone in a virtual window in real time.

The Perfect Tool for Presentations, Tutorials or Device and Application Testing

With Remote S60 Professional, you can conveniently demo any applications or services on your phone in realtime. Remote S60 Professional displays your phone's screen in a virtual window on your PC. You can either use a wireless bluetooth connection for best mobility during your presentation or a USB cable (DKU-2) for best realtime performance.
Remote S60 Professional supports skins for different mobile phone models, offers a customizable (HTML) fullscreen mode and allows you to record AVI movies.

For device and service testing, just let your automated testing tool control the Remote S60 Professional Windows application. You can connect multiple devices to one PC by using multiple instances of Remote S60 Professional.

Manage your Everyday Tasks

Remote S60 Professional helps you compose SMS, enter contacts, add WAP/WEB URLs, create and change calender entries or manage your phone's settings with ease.

Features of Remote S60 Professional:

* Connect your phone with the USB cable DKU-2 (compatible Series 60 v2 phones only!) or by Bluetooth Serial Port
* For (old) Series 60 v1 phones: conveniently connect via the PC Suite / mRouter (Nokia 6600, 3650, N-Gage, Siemens SX1, Sendo X, Panasonic X700/X800)
* Support for multiple skins (showing different mobile phone models)
* Customizable (HTML) fullscreen mode (with zoom feature)
* 3 different zoom levels (2x, 3x and 4x)
* Use your keyboard to control your phone in realtime
* Make screenshots, copy them to the clipboard or save them to your PC
* Create AVI movies while navigating on your phone
* Profiles for quickly switching between different performance settings
* Advanced options for balancing performance vs. power consumption:
Reduced color modes, different compression levels, application priority, sampling frequency
* Multiple devices connected to the same PC by using multiple instances of Remote S60 Professional

You need to install two softwares for that..

Download:
1st Software(Remote S60 Professional)
2nd Software(Softcam)

Hacking FAQ: There is no easy way how to hack

Here you can get some hacking tutorials.

Hacking FAQ
****************

How do I hack? -
There is no easy way how to hack. Google is your best friend.. REMEMBER THAT! Read any information you can find on hacking. Read hacking forums and check out hacking websites. Learn a programming language like C++. Get a book like Hacking for Dummies which will teach you alot.

What do I need to be able to hack? -
Firstly you need to understand how your computers operating system works, networks and protocols works, security settings and general PC knowledge. After you understand how it works you need hacking tools which helps you to hack.

What is command prompt (cmd- the little dos Windows)? -
Go START, RUN and type in: "cmd"

What can I do in cmd? -
You can can do various things with it like run exploits or do a ping request.


Why does some of the hacking tools I download just close itself when I open them? -
Lot's of hacking tools are DOS based and has to be run through CMD. If you double click on the program it will open a DOS box and automaticly close the box. From CMD you can navigate to the directory which your hacking tool is stored in and run it from there. Other hacking tools are GUI ( graphical user interface ) based and it will open like a normal Windows based program.

What is a IP address? -
Every computer connected to the Internet or some network has a IP address. Goto START, RUN and type in "cmd" then type in "ipconfig" it will show you your IP adress or adresses. It will look something like this : 81.35.99.84. IP = internet protocol.

What can I do with a IP? -
Well you need someone's IP before you can hack, portscan or DOS them.

What is IP ping ? -
It's a command you can use to check if someone's IP address is online, to check it they connected to the Internet or a network. In command prompt type in "ping 192.168.0.21" - this will show you something like this :
____________________________________________________________
Pinging 192.168.0.21 with 32 bytes of data:
Reply from 192.168.0.21: bytes=32 time<1ms TTL=128
Reply from 192.168.0.21: bytes=32 time<1ms TTL=128
Reply from 192.168.0.21: bytes=32 time<1ms TTL=128
Reply from 192.168.0.21: bytes=32 time<1ms TTL=128
Ping statistics for 192.168.0.21:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
____________________________________________________________

That means you can succesfully PING IP 192.168.0.21 which means the IP is online. If you get a message "request timed out" it means the IP is not online.
Bytes=32 is the ammount of data which was sent to the host.
Time<1ms is the time the host took to reply.


Why can't I ping a certain IP? -
Either the IP is not online/ in use or the person your trying to ping is running a firewall which blocks ping requests or maybe your firewall is blocking outgoing ping requests

What is 127.0.0.1 IP? -
It is your PC's local loopback IP address.

Why do I have two IP addresses when I do a ipconfig? -
Well if your on a local LAN (Local area network) you will have a IP like 192.168.0.1. If your also directly connected to the internet you will have another IP address like 80.87.34.56. 192.168.0.1 is your local IP which you use to comunicate with your local internet network (lan) and 80.87.34.56 is your internet IP.


What is a static and dynamic IP address? -
Static means permanent set IP address - like a website will have a static IP address, it never changes. Dynamic means temporary IP address - dailing up to the Internet with a modem or most ADSL connections has dynamic IP's. Everytime you logon to the Internet your ISP ( Internet Service Provider ) will issue you a new IP address.


I have sent someone a trojan but I cannot connect to their PC? -
Either they are running a firewall which blocks you from connecting to their PC, or they are connected to the internet through a router.


What do I do when someone is behind a router and I want to control their PC with a trojan? -
You will need to use a trojan which uses reverse connections - meaning you don't connect to the host, the host connects to you. Bifrost is a trojan which has the mentioned function. Remember when someone is behind a router and your using IPstealer to get hold of their IP address, you are actually getting their routers IP, not their actual PC's IP. The router will have the persons internet IP (WAN IP) and their PC will have a difirent IP - their LAN IP.


How do I check if my own PC is infected with a trojan? -
Do a port scan on your PC and check which ports are open. If you find any open ports in this trojan port list you might be infected with a trojan. Download the trojan you think you might be infected with and connect to that specified port.

How To : Preparing for Distributed Denial of Service (DDoS) attacks | White Paper by DELL

An Introduction to DDoS attacks

After emerging in 1999, Distributed Denial of Service (DDoS) attacks have again gained a lot of attention due to recent high-profile attacks by hacktivist groups and extensive media coverage. As a trusted security services provider, Dell SecureWorks has prepared the following high-level brief to provide a basic understanding of these types of attacks, and methods that can be used to mitigate them. Those interested in a more detailed technical analysis should look to the end of this paper for a link to the complete Dell SecureWorks Threat Analysis of DDoS.
  
DDoS attacks are attempts by one or more adversaries to disrupt availability of a network asset using ultiple attack sources. This can occur at the network layer when available bandwidth is consumed, at the transport layer when processing capacity of in-line network devices is exceeded, or at the application layer when the ability of an application to respond to network requests is exceeded. 

Recent high-profile attacks have targeted Web servers at the application layer, where one or more adversaries attempt to take down a website by flooding the Web server with more traffic than it can handle. A successful DDoS attack against a Web server can effectively knock the website offline, making it unavailable to end users and customers. These attacks are most often used to damage businesses whose websites or online assets are a major source of revenue, an indicator of brand value, or critical to business operations. An organization can become a target for any variety of reasons, but the attacks are often used as a form of protest by activists or an attempt to extort a business by essentially holding its website hostage.

Although major DDoS attacks are a rare occurrence for most organizations, they can be very detrimental and attempts cannot be prevented. Because of this, it is important to proactively implement mitigations and practice DDoS incident response plans prior to a DDoS event occurring. The remainder of this brief will outline the steps that a business can take to mitigate the effects of a DDoS attack.

Basic DDoS Preparation

DDoS attacks are possible because the Internet is built from limited consumable resources. If a business had unlimited bandwidth and unlimited computing resources, then an attacker couldn’t feasibly consume all of these resources - but this simply isn’t the case. An organization must balance the amount of resources they are willing to put towards preventing a DDoS attack from occurring with an acceptable level of risk.

Security professionals, especially those well versed in DDoS, can usually help the organization compute the costs associated with the different levels of risk. The more resources (i.e. Web server capacity and Internet bandwidth) an organization has dedicated to their public-facing website, the more difficult it will be for an attacker to consume all available resources. Therefore, the business must determine and understand the level of risk associated with their infrastructure and how easy or difficult it would be for an attack to be successful.

Organizations must consider the varying components of the network architecture during this review, because there are often multiple points of failure that could collapse under the pressure of a DDoS attack. These technologies often come with numerous configuration options and bypass controls that can be set up to align with the security needs and risk tolerance of your organization. As a starting point, determine the weakest link and first point of failure in your network by performing load testing and a system performance review. This analysis highlights areas where investment can be most effective at preventing the downtime that would result from a DDoS attack. It is also critical that a business review and understand the full cost of website downtime, so it can be taken into consideration when calculating how much to spend on the resources to prevent these attacks.

Understanding and agreeing upon these metrics is not a simple task, nor is designing and implementing the right architecture and policies. If your internal resources do not have the necessary time or expertise to perform these tasks, the Dell SecureWorks Security and Risk Consulting (SRC) group can help by evaluating your current environment and providing recommendations that will best meet your needs and budget. 

Creating an Incident Response Plan

Internet resources are limited, so complete DDoS prevention is impossible in practice. Therefore, a determined attacker may be able to successfully take down a website built on a very resilient architecture. Nowadays, there are publicly available toolkits that make attacking a target quite simple, so that attacks are not limited to groups with a sophisticated knowledge of networking and architecture design. Thousands of botnets are available for rent on the Internet, providing ample resources for those who would want to disable a public-facing website.

It is for all these reasons that DDoS attack mitigations should be part of the organization’s incident response, crisis response and business continuity plans. Having a plan of action in place is critical to ensure a timely recovery from a successful DDoS attack. This plan of action should be practiced and tested regularly to ensure that everything goes as expected and alterations can be made to improve processes and efficiency.

Because successful attacks can have an impact on multiple business units, all stakeholders need to be made aware of the consequences of DDoS attacks and included in the planning process to ensure their interests are properly represented and protected. Typically, an organization's CIO, CSO, CISO, or Risk Management Officer will ultimately be responsible for ensuring this representation happens, and in the event of an attack that significantly impacts multiple business areas, will likely be the one held accountable for the outcome.

The Dell SecureWorks Security and Risk Consulting team can help organizations build an incident response plan that maps to their environment and staffing model. Their expertise and experience in responding to DDoS attacks can provide insight into best practices and common pitfalls. During a typical DDoS Incident Response Plan engagement, the SRC group can help you:

•  Understand what your Internet Service Provider is able to do at the provider level
•  Understand the limitations of the networking and information systems in your architecture

          o Indentify the ‘weakest link’ in the network
          o Ensure proper device configurations for identification and mitigation of attacks
          o Analyze the cost and benefits of increasing website capacity and resources

•  Outline escalation and notification procedures when a DDoS attack is identified
•  Record roles and responsibilities during an attack
•  Document techniques for identifying the type and source of a DDoS attack
•  Record detailed mitigations for various types of attacks - such as implementing strict SYN limits per IP, geographic blocking, or reducing the per-client connection limits at the ASA bundle
•  Plan for the public response and communications that will need to occur
•  Create an outline for a follow up and lessons learned report
•  Additional agreed-upon tasks as requested by the customer

Conclusion

DDoS attacks cannot be prevented, but organizations can become aware of the threat and work proactively to establish countermeasures and incident response plans to mitigate and minimize the potential impact of a determined and well-resourced attacker. Understanding the adversary's tactics, techniques, and procedures, as well as the options available for mitigating the effects, is vital to establishing a strong security posture and planning a rapid, effective response.

A more detailed technical analysis of DDoS attacks is also available, describing the various types of attacks, common tools and tactics, trends in DDoS, countermeasures, and legal issues. The analysis is targeted towards an audience with a solid understanding of networking.

The report is available at: Threat Analysis: Understanding and Combating DDoS Attacks

Should you have any additional questions about how Dell SecureWorks can help your organization plan for or respond to DDoS attacks, contact your account manager, email info@secureworks.com or call (877) 905-6661.

Learn How to Scan all open TCP and UDP ports using VISION

Vision, a host based Forensic Utility is the GUI successor to the well-known freeware tool, Fport. This innovative new product from Foundstone shows all of the open TCP and UDP ports on a machine, displays the service that is active on each port, and maps the ports to their respective applications. Vision allows users to access a large amount of supplementary information that is useful for determining host status by displaying detailed system information, applications running, as well as processes and ports in use.

Key Features

• Interrogate ports and identify potential "Trojan" services by using the "Port Probe" command in the port mapper. Using "Port Probe", Vision will enable you to send a customized string of information to the port. Based on the response from the port, a determination can be made to either kill the port, using the "Kill" command, or leave it as is.
• View system events by sorting by application, process, service, port, remote IP, and device drivers in ascending or descending order.
• Identify and review detailed information about Services and Devices to determine if they are Running or Stopped.

List Applications Running

List Services Running

List Devices Running

Faq

Q. Will Vision work on Windows 9x, Me, or XP?

A. Vision will not work on Windows 9x, or Me. It will work with Windows XP.

Q. I get “Must be Admin” error when trying to launch. I am the Administrator, so what’s the problem?

A. Check to ensure that nbt binding is enabled. In NT 4 this is done in your network interface bindings. Under Win2k check to ensure that you have the TCP/IP Netbios helper enabled.

System Requirements

• NT 4/ Win 2000
• NT 4 needs psapi.dll
• 800x600 res. minimum
• 256 colors min
• 32MB

DOWNLOAD HERE

SOURCE: http://www.foundstone.com

Simple security audit & Penetration test tool HackBar 1.4.2 download for free: Its Add-ons for Firefox

Version 1.4.2

Works with Firefox: 1.5 – 3.6.*

Updated May 13, 2009

Developer Johan Adriaans

Rating Rated 5 out of 5 stars

# In general

This toolbar will help you in testing sql injections, XSS holes and site security. It is NOT a tool for executing standard exploits and it will NOT teach you how to hack a site. Its main purpose is to help a developer do security audits on his code. If you know what your doing, this toolbar will help you do it faster. If you want to learn to find security holes, you can also use this toolbar, but you will probably also need a book, and a lot of google :)

# The advantages are:

- Even the most complicated urls will be readable

- The focus will stay on the textarea, so after executing the url (ctrl+enter) you can just go on typing / testing

- The url in textarea is not affected by redirects.

- I tend to use it as a notepad :)

- Useful tools like on the fly uu/url decoding etc.

- All functions work on the currently selected text.

# Load url ( alt a )

This loads the url of the current page into the textarea.

# Split url ( alt s )

When this button is clicked, the url/text in the textarea will be split into multiple lines using the ? and & character

# Execute ( alt x, ctrl enter )

This will execute the current url in the textarea, i mostly use ctrl+enter

# INT -1 ( alt - )

First select a number in the textarea and press this button, the number will be lowered by 1 and the url will be loaded.

# INT +1 ( alt + )

Again first select a number in the textarea and press this button, 1 will be added to the number and the url will be loaded.

# HEX -1 ( control alt - )

First select a number in the textarea and press this button, the number will be lowered by 1 and the url will be loaded.

# HEX +1 ( control alt + )

Again first select a number in the textarea and press this button, 1 will be added to the number and the url will be loaded.

# MD5 Hash ( alt m )

this is a standard hashing method, often used as an encryption method for passwords. It will MD5 hash the currently selected string.

# SHA-1/256

this is a standard hashing method, often used as an encryption method for passwords. It will SHA-1/256 hash the currently selected string.

# MySQL CHAR() ( alt y )

If quotes are escaped but you did find an SQL injection thats exploitable, you can use this button to convert lets say:

load_file('/etc/passwd') --> load_file(CHAR(47, 101, 116, 99, 47, 112, 97, 115, 115, 119, 100))

Thus omiting the use of quotes to load a file.

You can also use this on

WHERE foo LIKE ('%bar%') --> WHERE foo LIKE (CHAR(37, 98, 97, 114, 37))

# MsSQL CHAR() ( alt q )

Same story as MySQL CHAR(), MsSQL has a slightly different CHAR syntax

--> WHERE foo LIKE ( CHAR(37) + CHAR(98) + CHAR(97) + CHAR(114) + CHAR(37))

# Base64 encode / decode

Base64 encoding ( UU ) is often used to store data (like a return url etc.) This will help you to read those values.

# URLencode / decode

This will encode or decode the currently selected characters to url safe characters. I mostly use it to end a query with # (%23) when in a pseudo path where i cant use /* or --

And lots more ;) Go test it!

DOWNLOAD HERE

Nvidia Investigates Claims Of Online Store Compromise During Spate Of Hacking

Just a few days back we posted about Yahoo! Voices Hacked With SQL Injection – Passwords In Plaintext, and most recently it seems someone has been going after Nvidia pretty hard.
They have already had a few web properties hacked including their forum, the developer zone and their research site. The latest break in the news is a claim that the store has been hacked – they have suspended access whilst they investigate.

Graphics chip manufacturer Nvidia is investigating claims that hackers have compromised its online stores as part of a larger attack that affected several of its websites.
On Friday, a hacker group calling itself Team Apollo claimed that one of Nvidia’s online stores was compromised. As a result, the company suspended access to its Board Store and Gear Store websites.
“Nvidia is investigating whether the store sites were hacked,” Bea Longworth, Nvidia’s senior PR manager for EMEAI (Europe, Middle East, Africa, India), said Monday via email. “We don’t have any evidence that credit card data or customer lists have been put at risk, but we’re investigating.”
The news follows confirmed compromises of some of the company’s other websites last week. “Nvidia Forums, Nvidia Developer Zone and Nvidia Research were compromised in what appears to have been a breach by third parties seeking sensitive information,” Longworth said. On Thursday, Nvidia revealed that hackers had gained access to the Nvidia Forums database and stole usernames, email addresses, hashed passwords and user profile information.

We haven’t really discussed Nvidia much before and I dont recall them being a hacking target previously, we’ve only mentioned them in passing when it comes to tools and methods using graphics card chips for brute forcing like – CUDA-Multiforcer – GPU Powered High Performance Multihash Brute Forcer.
I imagine them having a store and carrying out transactions online puts them in the firing range though, when there’s money or credit card details involved – the bad guys will come.

On the same day, the company also took its Developer Zone and Nvidia Research websites offline over suspicions of compromise. Those suspicions were confirmed on Friday, when a hacker posted hashed passwords for a proportion of DevZone users on a public website.
Nvidia was not the only company forced to deal with data leaks that resulted from hacker attacks during the past week.
On Tuesday, the company operating Formspring, a website where users can post and answer questions, disabled its users’ passwords after 420,000 password hashes were posted on a forum. The company later confirmed that someone broke into one of its development servers and stole user account information from a production database.
On Thursday, a hacker group published a list of 450,000 log-in credentials that it claimed to have stolen from the database of an unnamed Yahoo service. Yahoo later confirmed that the log-in credentials were from its Yahoo! Contributor Network service.

Nvidia has taken the other compromised sites down and confirmed they were hacked, I wonder if the threat against the store is just bravado or someone genuinely has compromised it. There seems to be no proof of that at this point however.
There seems to have a been a real glut of these kind of attacks lately, I wonder if there’s a new vulnerability passing around the underground that no-one knows about in a common web language like PHP or in a common service like Apache or the recent MySQL bug.

Learn How to Scan open ports using Angry IP Scanner

From the Angry IP scanner software enter the target IP address.

 

Click Options, then click Select Ports and enter the ports you are searching for. Click OK.

Click the Start button.

Once the scan has completed a window will appear identifying the results. Click OK.

In this example:

• Port 21 (FTP [File Transfer Protocol]) is open.
• Port 80 (Web) is open.
• Port 139 (Windows Share) is open.
• Port 445 (Windows Share) is open.

Right-click on the IP address to bring up a menu; then select OPEN COMPUTER, then IN EXPLORER.

In this example, the results revealed the following:

• The Database directory is shared.
• The Downloads directory is shared.
• The Personal directory is shared.
• There may be Printers shared on the target.
• The Windows scheduler is running and may have tasks that can be modified.

If the shares ask you for a username/password when attempting to access them, initiate a NULL session and try again.