Visit the creator’s site :

KidKeyLock

To turn your monitor back on, just move the mouse.

Instead You may like changing settings in power options but that is not such a handsome idea.

So, go for Wizmo ( works with Windows 7 as well ) , compatible with windows OS only.

Download Wizmo

For more info :

Wizmo

 Header files are monitored to extract the information about the sender, the route taken and certain other things. Now, every header file does not give you enough information, mostly in the case of web based mail programs like gmail and yahoo. But hotmail has the trend of attaching “ X- originating IP” in the header file which contains the email and IP address of the computer from which the email was sent. e.g.

X-Originating-IP: [***.***.80.54]

X-Originating-Email: [hackthisway@live.com]

I have masked the IP address for security purpose.

However, same is not true for Gmail or Yahoo mail. They don’t add any such information if the email is sent from a web based mail program. Hotmail or live mail does this to figure out the origin of spam or phishing mails. Not a foolproof method to counter spam but effective sometimes.

But if the sender uses a desktop based mail program like Outlook or Eudora or Incredimail etc., you may find the IP of the sender’s computer. The IP address and machine name is one of the first things that get added to the header file. The IP address could be the IP address of the computer which is directly connected to Internet or it could be the address of a router. Well, even this can be faked.

Let us understand through some examples of the header files …

NOTE : unimportant data is not shown.

Header files of an email received from a web based mail program :

X-Apparently-To:   ******@yahoo.com via 203.104.17.143; Mon, 20 Sep 2010 07:21:31 -0700

Return-Path:   <check.wsx@gmail.com>

Received-SPF:   pass (mta1188.mail.sk1.yahoo.com: domain of check.wsx@gmail.com designates 209.85.160.42 as permitted sender)

X-YMailISG:   zhjciiocZAr0A1zpFh5t5Rj.LSVeZFGWC8HYRDb.qOGPnalU LVLBncoIcmp05C2ma3amJN_.PDdW5gmqKebX3OzwpOL4h7vxwSbdqD6oGdd5 ……

X-Originating-IP:   [209.85.160.42]

Authentication-Results:   mta1188.mail.sk1.yahoo.com from=gmail.com; domainkeys=pass (ok); from=gmail.com; dkim=pass (ok)

Received:   from 127.0.0.1 (EHLO mail-pw0-f42.google.com) (209.85.160.42) by mta1188.mail.sk1.yahoo.com with SMTP; Mon, 20 Sep 2010 07:21:30 -0700

Received:   by mail-pw0-f42.google.com with SMTP id 9so1549545pwj.1 for <*******@yahoo.com>; Mon, 20 Sep 2010 07:21:30 -0700 (PDT)

MIME-Version:   1.0

Received:   by 10.143.40.18 with SMTP id s18mr7678419wfj.283.1284992490002; Mon, 20 Sep 2010 07:21:30 -0700 (PDT)

Received:   by 10.143.161.2 with HTTP; Mon, 20 Sep 2010 07:21:29 -0700 (PDT)

Date:   Mon, 20 Sep 2010 19:51:29 +0530

Subject:   checking again

From:   This sender is DomainKeys verified check checkk <check.wsx@gmail.com>  Add sender to Contacts

To:   **********@yahoo.com

Content-Type:   multipart/alternative; boundary=001636e0b5e4e7d9e10490b1a0a2

Content-Length:   190

None of this contains the IP address of the sender.

Let us have a look at another header file sent from Microsoft Outlook 2007:

X-Apparently-To:   ******@yahoo.com via 203.104.17.159; Mon, 20 Sep 2010 07:18:31 -0700

Return-Path:   <check.wsx@gmail.com>

Received-SPF:   pass (mta1082.mail.ac4.yahoo.com: domain of check.wsx@gmail.com designates 209.85.212.182 as permitted sender)

X-YMailISG:   tDcVrVIcZApapCW99IhBY.3q6CQSIqoRSTz07uQYj3WyscDw

X-Originating-IP:   [209.85.212.182]

Authentication-Results:   mta1082.mail.ac4.yahoo.com from=gmail.com; domainkeys=pass (ok); from=gmail.com; dkim=pass (ok)

Received:   from 127.0.0.1 (EHLO mail-px0-f182.google.com) (209.85.212.182) by mta1082.mail.ac4.yahoo.com with SMTP; Mon, 20 Sep 2010 07:18:28 -0700

Received:   by pxi17 with SMTP id 17so1777220pxi.41 for <rohit_apogee@yahoo.com>; Mon, 20 Sep 2010 07:18:27 -0700 (PDT)

DKIM-Signature:   v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com;

Received:   by 10.114.46.8 with SMTP id t8mr10160141wat.32.1284992307235; Mon, 20 Sep 2010 07:18:27 -0700 (PDT)

Return-Path:   <check.wsx@gmail.com>

Received:   from myPC ([***.234.80.49]) by mx.google.com

with ESMTPS id o17sm13595920wal.21.2010.09.20.07.18.24 (version=TLSv1/SSLv3 cipher=RC4-MD5); Mon, 20 Sep 2010 07:18:26 -0700 (PDT)

From:   This sender is DomainKeys verified “check.wsx” <check.wsx@gmail.com>  Add sender to Contacts

To:   <rohit_apogee@yahoo.com>

Subject:   checking

Date:   Mon, 20 Sep 2010 19:48:19 +0530

Message-ID:   <4c976d32.1156730a.27c7.fffffa26@mx.google.com>

MIME-Version:   1.0

X-Mailer:   Microsoft Office Outlook 12.0

Have a look at the underlined data which shows the name and IP  of the computer from where the mail was sent.

With this piece of info in hand you can find out the ISP with which the IP address is registered and can report any suspicious activity.  However, the law enforcement ppl can go a step ahead,  they can even get the residential  address of the registered user from the ISP.

Do a google search or bing      :)      to  find out  how you can view the headers in your email clients.

You get connected to internet as soon as you switch on your router !

Enable DHCP server.  Click on LAN and enter the details :

* Wifi enabled Handset

* Active Internet Connection with wifi router modem

Configure your router modem to use the pppoe connection type

Restore your router to factory settings ( Preferred & recommended). See your router manual.Type in     192.168.1.1 in your url address bar and hit enter.  You will be prompted for a username and password which generally is admin and admin respectively unless you have not configured it manually. Also, the default username password could be different if you have a different model. Refer your router manual.

192.168.1.1 is an IP address in the private IP address range 192.168.0.0 – 192.168.255.255. Many network devices, such as LinkSys routers, use 192.168.1.1 as their default IP address.

Now follow these steps :

Configure your Wireless Security :

TCP/IP Settings:

Auto

Now, Configure your phone:  ( I  AM USING NOKIA 5800 XM )

Here we are !  Now Browse wireless @ great speed without 3G hassle ( at least when you are in wifi hotspots ! )

hackthisway@live.com

Google as a hacking tool is generally used by hackers to locate random vulnerable targets and then they hack it for fun etc.  There are a lot of webservers  that have old unpatched  Operating Systems running. Many websites are defaced using very simple techniques. So, it is of utmost importance for the administrators to have their servers properly patched. I am presuming that you know advanced google searching techniques. Even if you don’t know, do a google search.

Search expressions in google can yield a plethora of information. We will now see Google helping us to locate Microsoft IIS  ( Internet Information Services ) servers.                                                                                                                                                                                                              Query Google for  :

intitle:”welcome to IIS 4.0”

Dissecting the search expression :

intitle:”welcome to IIS 4.0”

intitle means that Google will search for whatever words you tell it to in the title of a website. In this case you search for                     “welcome to IIS 4.0”.

IIS Server Version                             Query

Many                                                   intitle:”welcome to” intitle:internet IIS

Unknown                                             intitle:”Under construction” “does not currently have”

IIS 4.0                                                  intitle:”welcome to IIS 4.0”

IIS 4.0                                                  allintitle:Welcome to Windows NT 4.0 Option Pack

IIS 4.0                                                  allintitle:Welcome to Internet Information Server

IIS 5.0                                                  allintitle:Welcome to Windows 2000 Internet Services

IIS 6.0                                                  allintitle:Welcome to Windows XP Server Internet Services

What  attackers do after getting this info :

After locating the web server the attackers search for working exploits for the found version of the webserver and execute the exploits.

This is no rocket engineering.

You can locate different kind of web servers, default programs, network hardware, printers etc. using Google.

Search for Open Webcams:

Query:

inurl:/view.shtml
inurl:ViewerFrame?Mode=Refresh
inurl:axis-cgi/jpg
inurl:axis-cgi/mjpg (motion-JPEG)
inurl:view/indexFrame.shtml
inurl:view/index.shtml
inurl:view/view.shtml
liveapplet
intitle:”live view” intitle:axis
intitle:liveapplet
allintitle:”Network Camera NetworkCamera”
intitle:axis intitle:”video server”
intitle:liveapplet inurl:LvAppl
intitle:”EvoCam” inurl:”webcam.html”
intitle:”Live NetSnap Cam-Server feed”
intitle:”Live View / – AXIS”
intitle:”Live View / – AXIS 206M”
intitle:”Live View / – AXIS 206W”
intitle:”Live View / – AXIS 210″
inurl:indexFrame.shtml Axis
inurl:”MultiCameraFrame?Mode=Motion”
intitle:start inurl:cgistart
intitle:”WJ-NT104 Main Page”
intext:”MOBOTIX M1″ intext:”Open Menu”
intext:”MOBOTIX M10″ intext:”Open Menu”
intext:”MOBOTIX D10″ intext:”Open Menu”
intitle:snc-z20 inurl:home/
intitle:snc-cs3 inurl:home/
intitle:snc-rz30 inurl:home/
intitle:”sony network camera snc-p1″
intitle:”sony network camera snc-m1″
site:.viewnetcam.com -www.viewnetcam.com
intitle:”Toshiba Network Camera” user login
intitle:”netcam live image”
intitle:”i-Catcher Console – Web Monitor”

Queries that Locate password Info:

filetype:netrc password netrc file may contain cleartext passwords

intitle:”Index of” passwords modified “Password” directories

inurl:/db/main.mdb

ASP-Nuke database files often contain passwords

filetype:bak inurl:”htaccess|passwd| shadow|htusers” usernames

BAK files referring to passwords

filetype:log “See `ipsec —copyright”

BARF log files reveal ipsec data

inurl:”calendarscript/users.txt”

CalenderScript passwords

inurl:ccbill filetype:log

CCBill log files may contain authentication Data

inurl:cgi-bin inurl:calendar.cfg

CGI Calendar (Perl) configuration file reveals information including passwords for the program.

inurl:chap-secrets -cvs chap-secrets

file may list usernames and passwords

[WFClient] Password= filetype:ica

Citrix WinFrame-Client may contain login Information

inurl:passlist.txt

Cleartext passwords. No decryption required!

intitle:index.of config.php

Config.php files

inurl:config.php dbuname dbpass

config.php files

inurl:server.cfg rcon password

Counter strike rcon passwords

source: VUPEN

Exploit has been added to metasploit. See a screenshot :

Vulnerable  Products :

Microsoft Internet Explorer 6
Microsoft Internet Explorer 7

Microsoft Windows XP Service Pack 2
Microsoft Windows XP Service Pack 3
Microsoft Windows XP Professional x64 Edition Service Pack 2
Microsoft Windows Server 2003 Service Pack 2
Microsoft Windows Server 2003 x64 Edition Service Pack 2
Microsoft Windows Server 2003 SP2 (Itanium)
Microsoft Windows Vista
Microsoft Windows Vista Service Pack 1
Microsoft Windows Vista Service Pack 2
Microsoft Windows Vista x64 Edition
Microsoft Windows Vista x64 Edition Service Pack 1
Microsoft Windows Vista x64 Edition Service Pack 2
Microsoft Windows Server 2008 (32-bit)
Microsoft Windows Server 2008 (32-bit) Service Pack 2
Microsoft Windows Server 2008 (x64)
Microsoft Windows Server 2008 (x64) Service pack 2
Microsoft Windows Server 2008 (Itanium)
Microsoft Windows Server 2008 (Itanium) Service Pack 2

Prevention:

Disable Active Scripting.

Patch:

Not available till date.

If you want to check your browser against CSS vulnerabilities, you may visit :

http://digitaloffense.net/tools/see-ess-ess-die/cssdie.html

Follow the instructions carefully and click on test being sure of the risks.