How to Detect Hidden Camera in Trial Room

How to Detect Hidden Camera in Trial Room?
In front of the trial room take your mobile and
make sure that mobile can make calls........
Then enter into the trail room, take your mobile and
make a call.....
If u can't make a call......!!!!
...There is a hidden camera......
This is due to the interference of fiber optic cable
during the signal transfer......
Please forward this to your friends to educate this
issue to the
public......To prevent our innocent ladies from
HIDDEN CAMERA...........
Pinhole Cameras in Changing Rooms of Big Bazaar,
Shoppers Stop?
A few days ago, I received this text message:
Please don't use Trial room of BIG BAZAAR there
are pinhole cameras to make MMS of young girls.
So, please forward to all girls. Also forward to all
boys who have sisters and girlfriends.
Don't be shy in forwarding this message. Because
its about protecting the integrity of all girls &
ladies.
HOW TO DETECT A 2-WAY MIRROR?
When we visit toilets, bathrooms, hotel rooms,
changing rooms, etc., How many of you know for
sure that the seemingly ordinary mirror hanging on
the wall is a real mirror, or actually a 2-way mirror
I.e., they can see you, but you can't see them.
There have been many cases of people installing 2-
way mirrors in female changing rooms or bathroom
or bedrooms.
It is very difficult to positively identify the surface
by just looking at it. So, how do we determine with
any amount of certainty what type of Mirror we are
looking at?
CONDUCT THIS SIMPLE TEST:
Place the tip of your fingernail against the reflective
surface and if there is a GAP between your
fingernail and the image of the nail, then it is a
GENUINE mirror.
However, if your fingernail DIRECTLY TOUCHES the
image of your nail, then BEWARE, IT IS A 2-WAY
MIRROR! (There may be someone seeing you from
the other side). So remember, every time you see a
mirror, do the "fingernail test." It doesn't cost you
anything. It is simple to do.
This is a really good thing to do. The reason there
is a gap on a real mirror, is because the silver is on
the back of the mirror UNDER the glass.
Whereas with a two-way mirror, the silver is on the
surface. Keep it in mind! Make sure and check
every time you enter in hotel rooms.
Share this with your sisters, wife, daughters,
friends, colleagues, etc.
Pass this message to all Ur friends in the Contacts.

Please Share

Thank You 

dirs3arch – HTTP File & Directory Brute Forcing Tool

dirs3arch – HTTP File & Directory Brute Forcing Tool

dirs3arch is a simple command line tool designed to brute force directories and files in websites. It’s a HTTP File & Directory Brute Forcing Tool similar to DirBuster.

Features

• Keep alive connections
• Multithreaded
• Detect not found web pages when 404 not found errors are masked (.htaccess, web.config, etc).
• Recursive brute forcing

Getting Started

Usage: dirs3arch.py [-u|--url] target [-e|--extensions] extensions [options] Options: -h, --help show this help message and exit Mandatory: -u URL, --url=URL URL target -e EXTENSIONS, --extensions=EXTENSIONS Extensions list separated by comma (Example: php, asp) Dictionary Settings: -w WORDLIST, --wordlist=WORDLIST -l, --lowercase General Settings: -r, --recursive Bruteforce recursively -t THREADSCOUNT, --threads=THREADSCOUNT Number of Threads -x EXCLUDESTATUSCODES, --exclude-status=EXCLUDESTATUSCODES Exclude status code, separated by comma (example: 301, 500) --cookie=COOKIE, --cookie=COOKIE --user-agent=USERAGENT, --user-agent=USERAGENT --no-follow-redirects, --no-follow-redirects Connection Settings: --timeout=TIMEOUT, --timeout=TIMEOUT Connection timeout --ip=IP, --ip=IP Destination IP (instead of resolving domain, use this ip) --http-proxy=HTTPPROXY, --http-proxy=HTTPPROXY Http Proxy (example: localhost:8080 --max-retries=MAXRETRIES, --max-retries=MAXRETRIES Reports: -o OUTPUTFILE, --output=OUTPUTFILE --json-output=JSONOUTPUTFILE, --json-output=JSONOUTPUTFILE

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37

Usage: dirs3arch.py [-u|--url] target [-e|--extensions] extensions [options]   Options:   -h, --help            show this help message and exit     Mandatory:     -u URL, --url=URL   URL target     -e EXTENSIONS, --extensions=EXTENSIONS                         Extensions list separated by comma (Example: php, asp)     Dictionary Settings:     -w WORDLIST, --wordlist=WORDLIST     -l, --lowercase     General Settings:     -r, --recursive     Bruteforce recursively     -t THREADSCOUNT, --threads=THREADSCOUNT                         Number of Threads     -x EXCLUDESTATUSCODES, --exclude-status=EXCLUDESTATUSCODES                         Exclude status code, separated by comma (example: 301,                         500)     --cookie=COOKIE, --cookie=COOKIE     --user-agent=USERAGENT, --user-agent=USERAGENT     --no-follow-redirects, --no-follow-redirects     Connection Settings:     --timeout=TIMEOUT, --timeout=TIMEOUT                         Connection timeout     --ip=IP, --ip=IP    Destination IP (instead of resolving domain, use this                         ip)     --http-proxy=HTTPPROXY, --http-proxy=HTTPPROXY                         Http Proxy (example: localhost:8080     --max-retries=MAXRETRIES, --max-retries=MAXRETRIES     Reports:     -o OUTPUTFILE, --output=OUTPUTFILE     --json-output=JSONOUTPUTFILE, --json-output=JSONOUTPUTFILE

You can download dirs3arch here:
v0.2.3.zip

FakeNet – Windows Network Simulation Tool For Malware Analysis

FakeNet – Windows Network Simulation Tool For Malware Analysis

FakeNet is a Windows Network Simulation Tool that aids in the dynamic analysis of malicious software. The tool simulates a network so that malware interacting with a remote host continues to run allowing the analyst to observe the malware’s network activity from within a safe environment.

The goal of the project is to:

1. Be easy to install and use; the tool runs on Windows and requires no 3rd party libraries
2. Support the most common protocols used by malware
3. Perform all activity on the local machine to avoid the need for a second virtual machine
4. Provide python extensions for adding new or custom protocols
5. Keep the malware running so that you can observe as much of its functionality as possible
6. Have a flexible configuration, but no required configuration

The tool is in its infancy of development. The team started working on the tool in January 2012 and intend to maintain the tool and add new and useful features. If you find a bug or have a cool feature you think would improve the tool please do contact them.
Features

• Supports DNS, HTTP, and SSL
• HTTP server always serves a file and tries to serve a meaningful file; if the malware request a .jpg then a properly formatted .jpg is served, etc. The files being served are user configurable.
• Ability to redirect all traffic to the localhost, including traffic destined for a hard-coded IP address.
• Python extensions, including a sample extension that implements SMTP and SMTP over SSL.
• Built in ability to create a capture file (.pcap) for packets on localhost.
• Dummy listener that will listen for traffic on any port, auto-detect and decrypt SSL traffic and display the content to the console.

Right now the tool only supports WinXP Service Pack 3. The tool runs fine on Windows Vista/7 although certain features will be automatically disabled.
You can download FakeNet here:
Fakenet1.0c.zip

Password Manager Security – LastPass, RoboForm Etc Are Not That Safe

Password Manager Security – LastPass, RoboForm Etc Are Not That Safe

We’ve talked a lot about using a password manager to secure, generate and manage your passwords – way back since 2008 when we introduced you to the Password Hasher Firefox Extension.
Since then we’ve also mentioned it multiple times in articles where plain text passwords were leaked during hacks, such as the Cupid Media hack which exposed 42 Million plain text passwords.

Now some researchers have ganged up and are taking a really close look at some of the popular password management solutions and password manager security. Honestly I haven’t heard of My1Login, PasswordBox or NeedMyPassword and wonder why they are included over more popular choices like PassPack and 1Password.

Researchers have detailed a series of quickly patched vulnerabilities in five popular password managers that could allow attackers to steal user credentials.
“Critical” vulnerabilities were discovered and reported in LastPass, RoboForm, My1Login, PasswordBox and NeedMyPassword in work described by the University of California Berkeley researchers as a “wake-up call” for developers of web password vaults.
“Our attacks are severe: in four out of the five password managers we studied, an attacker can learn a user’s credentials for arbitrary websites,” Researchers Zhiwei Li, Warren He, Devdatta Akhawe, and Dawn Song wrote in the paper The Emperor’s New Password Manager: Security Analysis of Web-based Password Managers (PDF).
“We find vulnerabilities in diverse features like one-time passwords, bookmarklets, and shared passwords.
“The root-causes of the vulnerabilities are also diverse: ranging from logic and authorisation mistakes to misunderstandings about the web security model, in addition to the typical vulnerabilities like CSRF (cross site request forgery) and XSS (cross site scripting).”
The LastPass bookmarklet option which permitted ad-hoc integration with Safari on iOS was found vulnerable if users were tricked into running the Java code on an attackers’ site.

I just hope this means that PassPack is so secure they left it out (because that’s the one I use). I also chose PassPack because the choice was really between that or LastPass and LastPass has faced some security issues and does some things in rather pointless ways.
PassPack address the LastPass masked password features for example here: Why Masked Passwords Are a Serious Security Hole
I’m fairly certain though, all current password management solutions have security flaws – I just hope the companies developing them take them seriously (however much of an edge case they are) and address them.

A carder, for example, could set up a fake banking site in an attempt to con the less than one percent of LastPass users running bookmarklets to log in. Doing so could allow attackers to extract passwords from the victim’s LastPass vault.
A second CSRF bug affected LastPass one time passwords. It could allow attackers to see which apps and devices were running LastPass, to steal the entire master password-encrypted vault for later brute-forcing, and to erase any stored website password.
The disclosure prompted LastPass to issue a statement playing down vulnerabilities affecting its Java bookmarklets and one time passwords which if run on a malicious website could compromise user accounts prior to a fix pushed out in September.
“If you are concerned that you’ve used bookmarklets before September 2013 on non-trustworthy sites, you may consider changing your master password and generating new passwords, though we don’t think it is necessary,” chief information officer Joe Siegrist said.
“The OTP attack is a ‘targeted attack’ requiring an attacker to know the user’s username to potentially exploit it, and serve that custom attack [for each] user [which is] activity which we have not seen.
“Even if this was exploited, the attacker would still not have the key to decrypt user data.”
The research did not signal curtains for web password managers, but rather served as a warning to developers and users of inherent security risks.

You can check out the original paper here – The Emperor’s New Password Manager: Security Analysis of Web-based Password Managers [PDF].
My sceptical side however does see this a little like a pre-marketing stunt, where these guys prove everyone else is insecure (or at least find some guys are partially insecure), publish the details then come out with a new super secure alternative..which you have to pay for obviously.
We shall of course have to wait and see if that happens.