Latest Post
Sign up for FREE daily Updates.

Ramadan Mubarak Wishes, Images For Whatsapp and Facebook 2015

First of all sorry for updating Hacking-Sec after almost an year now, I was really very busy with my personal life, schooling, board examination and stuff. Now Hacking-Sec is back on track and it will be updated from now on as it used to be.

Hacking-Sec wishes Ramadan Mubarak to all our beloved readers.
May Allah the Almighty showers his choicest blessings upon you and your family this Ramadan Mubarak 2015. May all your supplications be accepted.  Ramadan is a holy month for Muslims. Wish this Ramadan your friends, family and relatives with our best collection of Ramadan Images and Ramadan Wishes. You can very conveniently and easily share Happy Ramadan to your family and friends by sending these images and sms. If you want to send these images top your friends you need to Download Ramadan Images from here. After downloading Happy Ramadan 2015 images you can send them to your friends on whatsapp and facebook and wish them.

In our post you will find wishes both in hindi language and english language. If you want wishes in english language you can use Ramadan Wishes in English and if you want wishes in hindi language you can use Ramadan Wishes in Hindi . We hope you will love the wishes and sms here for Happy Ramadan. Do share them with your family friends and relatives.

Ramadan Mubarak 2015

ramadan mubarak 2015 wishes

Ramadan Mubarak Wishes 2015

1.) May This Ramadan be as bright as ever.
May this Ramadan bring joy, health and wealth to you.


2.) May the festival of lights brighten up you
and your near and dear ones lives.


3.) May this Ramadan bring in u the most
brightest and choicest happiness and
love you have ever Wished for.


4.) May this Ramadan bring you the
utmost in peace and prosperity.


5.) May The Light That We Celebrate At
Ramadan Show Us The Way And Lead
Us Together On The Path Of Peace And
Social Harmony A Very Happy Ramadan.


6. May The Spirit Of Ramadan
Illuminate The World And
Show Us The Way To Peace
And Harmony Happy Ramadan!


ramadan mubarak wishes




















Ramadan Mubarak Images For Whatsapp and Facebook 2015


ramadan wishes 2015


7. May This Ramadan Be Month Of
Blessings, A Month Full Of
Forgivenesses & Guidences For
You And Your Family! Amen
Ramadan Kareem Mubarak To You


8. Welcome Ramadan Walk Humbly
Talk Politely Dress Neatly
Treat Kindly Pray Attentively
Donate Generously
May Allah Bless & Protect You!


9. One Ramadan Can Make Such A
Difference Towards Your Position
In Jannah. May Allah Allow Us
To Be The First Batch Of Muslims
To Enter Jannah In’shaa’allah
Have A Merciful Ramadan..!!


7. May This Ramadan Be Month Of
Blessings, A Month Full Of
Forgivenesses & Guidences For
You And Your Family! Amen
Ramadan Kareem Mubarak To You


Ramadan Mubarak Greetings 2015


8.) Welcome Ramadan Walk Humbly
Talk Politely Dress Neatly
Treat Kindly Pray Attentively
Donate Generously
May Allah Bless & Protect You!

9.) One Ramadan Can Make Such A
Difference Towards Your Position
In Jannah. May Allah Allow Us
To Be The First Batch Of Muslims
To Enter Jannah In’shaa’allah
Have A Merciful Ramadan..!!


10.) As the month of Ramadan starts, talk respectfully,
treat others kindly, walk modestly and pray sincerely.
May Allah bless you and your family.
May the Spirit of Ramadan stay in our heart and
illuminate our soul from within.
Happy Ramadan!

11.) Your sincere prayers,
your devotion,
your faith in Allah,
will make you a better human,
to serve this society
with wisdom and truth.
Happy Ramadan.

12.) As you fasts and offers prayers to Allah,
may you find your peace and happiness.
Have a peaceful and happy Ramadan!
Ramadan is the best chance to ask Allah for forgiveness. Thank him for his blessings and for keeping you alive till this moment.

Latest Ramadan Mubarak Status, SMS, Wishes For Friends

ramadan mubarak images wishes 2015


13.) He is the one GOD, the Creator, the Initiate, the Designer
To Him belong the most beautiful names...
He is the Almighty, Most Wise.
Wishing you a blessed Ramadan..!


14.)As the crescent moon is sighted and the holy month of Ramadan begins...
May Allah bless you with happiness and grace your home with warmth & peace !


15.) Walk humbly; Talk politely; Dress neatly; Treat kindly; Pray attentively; Donate generously. May ALLAH bless and protect you!
I wish this Ramadan, you are gifted with blessings of Allah and many treasured moments of joy! Ramadan Mubarak!


16.) May Allah's immaculate grace and exceptional wisdom
conquer your life as you celebrate this holy month of Ramadan.
Have a blessed and peaceful Ramadan!

Ramadan Mubarak 2015

:)
 

5 Best Joomla Security Extensions For You to Breathe Easy






Apart from WordPress and Drupal content management systems, Joomla is the most popular CMS used all over the world to power websites of all sorts and sizes. Just like any other open-source CMS, Joomla powered sites also have to deal with hacking attacks. In fact, almost every day Joomla powered site encounter callous hackers who mutilate website pages, upload backdoors and steal or delete sensitive information. And sadly, most of the attacks cost website owners substantial amount of time and money in getting the damage fixed. And so, it becomes needful for website owners take all the possible measures into account that helps to strengthen security of their Joomla site.

In this post we have come up with a list of remarkably useful Joomla extensions that helps to secure your Joomla website. 



jHackGuard

 










jHackGuard is an extension designed by Siteground that helps to protect the websites of Joomla users from being hacked. The extension is made publicly available to Joomla site owners, irrespective of whether they're using Siteground hosting services or not. This extension is a blend of a security plugin (that does the system work) and component (that helps to handle configurations) – that helps to protect a Joomla site by filtering the user's input data and integrating more PHP security settings. But, the plugin is disabled so that filters don't prevent authenticated administrators from performing their administrative tasks.


jHackGuard is compatible with Joomla version 3 and higher. And so, if you want to protect your site security running on an older Joomla version, you can choose to download the appropriate versions of jHackGuard for the older Joomla versions such as jHackGuard for Joomla 1.5 or other.







Akeeba Backup









Akeeba Backup formerly known as JoomlaPack is an open-source and free backup component that helps in creating a full website backup – that can be used to restore your site on any server running Joomla powered sites. It lets you create a backup of your website in just a single archive, including all the files, a “database snapshot” and an “installer”.
The best aspect about this extension is that it runs an AJAX-powered backup and restore process that helps to prevent server timeouts – even when you're running a large website. Besides, you can choose to create a backup of only your website files or database. It is compatible with Joomla version 2.5 or 3.x only.






 

HTTP Verb Tampering Demo/Example/Tutorial



What is HTTP Verb?

  •  According to Wiki "The Hypertext Transfer Protocol (HTTP) is an application protocol for distributed, collaborative, hypermedia information systems.  HTTP is the foundation of data communication for the World Wide Web.

  • Verb is nothing but HTTP methods used to indicate the desired action to be performed on the identified resource.


-  List of some basic HTTP Verb or Methods
  • OPTIONS
  • GET
  • HEAD
  • POST 
  • PUT
  • DELETE
  • TRACE
  • CONNECT



What is HTTP Verb Tampering? 

It's a method to bypass a defense technique by tampering the verb. Some secret directories have restricted access by  basic authentication. This directories are protected by the .htaccess file which can be easily exploited. This attack is a result of a Apache  htaccess file misconfiguration .

An administrator, limits the access to the private resource or directory just via POST request method. See the vulnerable code below.















Here AuthUserFile is the directory to the .htpasswd file which contains the username & password in encrypted format.

<LIMIT GET POST>
require valid-user
</LIMIT>


It just limits the POST method & matches the credentials that saved in htpasswd file, if wrong error page shows up.


Here the administrator has limited POST method, but also not blacklisted other methods?. This means any requests via other method would lead the attacker having access to the protected  private resources or directory. Below i have provided a video DEMO of  successful exploitation of an HTTP Verb tampering vulnerability via Live HTTP Headers ( Firefox add-on) on AT&T sub domain (Reported & Fixed). In the next post i will be showing you various ways to fix or apply a patch to this vulnerability .



 







 

Best Traffic Exchange service website | Hitleap



There's a huge demand for traffic exchange websites. You can find "N" no. of websites out there on internet providing the service of traffic exchange. After having an experience with all of them, i came to the conclusion  Hitleap is the one of the best & top website in terms of their services, monetary profit & website performance. The website works by earning minutes by surfing others website via Hitleap viewer software & then spending them on getting traffic on your website. You can earn number of  minutes easily just by surfing others website via the hit leap viewer software, just open & let it earn minutes for you. The minutes you will be using later in order to get traffic to your submitted website. Depending upon the minutes you will be getting traffic to your URL. The submitted website needs to be approved by their moderator which is done within fraction of seconds. It also provides a feature for setting  how many second's or minutes an visitor should stay on your website.

Earning via HitLeap ?

- Some websites provide credits just by visiting the URL, you can mask them & submit it to hitleap in order to to sit back & earn. ( Will be covering this in later tutorials briefly)

- Referrals ( 10% of the minutes your referrals earn
20% of the cash value of any purchase )


Click on the below banner to visit the website & Register yourself.

Free Traffic
 

Mobile security infestation [Infographics]

The explosion in popularity of mobile devices has changed the way that people go about their daily lives. Their reliance on the efficiency and speed of these gadgets has made location--often--irrelevant. However, with the reliance comes risk; the number of viruses and hackers lurking for unencrypted data has risen dramatically over the past few years, a number closely related to the rise in smartphone and tablet usage over that same period of time.


This infographic, provided by TollFreeForwarding.com, is an interesting look at mobile security, how it is being exploited, and the future of safe usage on mobile devices.is an interesting look at mobile security, how it is being exploited, and the future of safe usage on mobile devices.

 Russel Cooke is a journalist based in Louisville, KY. His love of technology often drives his stories, which also center around social media, content creation, and marketing. You can follow him on Twitter @RusselCooke2.



 

Wordpress XML-RPC Brute Force Attack Vulnerability

Today i'll be sharing a easy & quite  interesting tutorial on Wordpress XML-RPC Brute Force Attack.
As we all know nowadays when every an attacker gets his hands on a WordPress website, the first thing he would try to do in order to compromise the website is a brute force attack. The attacker loads a list of user & password combination in order to guess the correct one. Its always the first & mandatory option to try in point of view of a newbie attacker. The result of an increase in brute force attack day buy day, the developers have started using Login captcha plugins to protect them selves form such attack.


XML-RPC is a word press interface & this functionality is turned by default since WordPress 3.5. Recently we have seen very critical vulnerability been found in the same which effected a quarter of the internet - Ping Back DDOS Vulnerability, Arbitrary code Execution etc. Recently it has came to known that attackers are taking advent of the XML-RPC wp.getUsersBlogs method in order to launch a brute force attack against the website. In XML-RPC many of the calls need the credentials in order to implement. Then attacker can try different combinations on user & passwords. The output is thrown on the webpage weather its valid or invalid.



Step by step guide -



 - Locate the XMLRPC on the target website - localhost/xmlrpc.php


















- Send a POST request with the following code given below.

<methodCall><methodName>wp.getUsersBlogs</methodName><params><param><value> <string>user</string></value></param>  <param><value><string>password</string></value></param></params></methodCall>












- Check the response

If wrong combination - faultCode


  


If right - isAdmin









Hope you all liked this tutorial.  Any queries? Drop it down in comments!.


 

Malware: How we are Infected [InfoGraphic]

So you have a computer, but if it was infected with a virus, what would you do? Would you even know it was there? It is a well-known fact that over 32% of all computers in the world have malware of some sort. Today we will be talking about the infamous computer virus and what it is.

So let's start with something you all have probably heard of, Malware. Malware is a program made to infiltrate your computer, disable parts of it, and thus gain access to your hard drive, search history and such to aid with stealing information. However, there are other types of malware out there. Let's get to know them and how much of the 32% they infect.

At 57%, first we have the virus. This is a software that has the capability to copy itself and send itself into other folders. Then there is the "Trojan" at 21%. The Trojan is malicious software that hides on the internet disguised as some sort of program or free item, and ce you download it, you will soon discover it is malicious. But the Trojan has a brother at 7%, called the "Trojan Downloader". This type of virus does the same thing as the simple Trojan, but once on your computer it downloads more viruses and software, then begins to use those programs.

Then at 3% there is the "Exploit", which finds a glitch, bug or system error and uses that to hack into your computer. Next we have the "Worm" at 2%, this malicious bug works the same as a Trojan, but then copies and pastes itself across your computer network.

But not all viruses seem so bad when you get them, for instance the "Adware" at 3%. This type of virus infects your computer so nothing happens at first, but once you log into your web browser, then immediately your screen will be flooded with ads. There is also the "Monitoring Tool" with 2% of the 32% infected. This malware infects your computer and hides, not doing anything but monitoring your activity, (Search history, keyboard history etc.) and then sends those back to a remote server.

There is also one of the worst at 1%, the "Back Door". This virus infects your computer remotely, not allowing your anti-virus security to even detect it, but sure enough it does. And lastly we have one of the worst but luckily at a low percentage of 0.01%, "Spyware". This diabolically designed software infects your computer and takes the most important pieces of information it can find and sends it back to wherever it came from. This information is generally passwords, credit card numbers and other sensitive information.
All of these viruses have devastating effects. Last year there were 27 million strains of malware made, which means 74,000 new viruses are created every day. The number of homes in the United States that experience spam is 24 million. The number of homes with serious viruses in the last 2 years is 16 million, and the number of houses that had spyware in the last 6 months is 6 million. But most devastating of all, over 1 million of all homes have lost money to spyware in the last year. Another devastating fact is that Viruses cost the world 4.55 billion USD every year.

So be safe, don't download anything you are unsure of, and be sure to have an anti-virus software. But most importantly learn how to detect these programs when you get them.






















 

Follow The Following Steps To Make Facebook Page With No Name,



    1) First of all, click here to create your new Facebook page.


    2) Select a Category. Example- Entertainment and after that choose a category.

       3) Copy the code inside the brackets [ ᠌᠌᠌᠌᠌] and paste in the name field.
     4) Click on I agree to Facebook Pages Terms and then Get Stated And All Done You Can    See A Page With No Name Is Created 


 

iOS Update Quashes Dangerous SSL Bug

5497202855_bbbca2a000_o.jpg

Photo by: Duncan Hull


If you haven't gotten the iOS 7.0.6 update, you need to stop what you're doing and get it now. There's a dangerous SSL bug that can hurt you in numerous ways if you don't take care of it right away by updating your Apple operating system. Even if you have an older version, you're going to want to make sure you're protected and have the latest OS available for your particular mobile device.


Back in February of this year, it came out that not updating could lead to bad people being able to read and modify encrypted communications whether people were using iPhones, iPads or other iOS devices. As you might imagine, this upset a lot of people. The good news is that Apple was pretty quick at making sure an update was available for people who downloaded it.


And yet that's part of the problem - not everyone updates their operating system on their own, especially on their phone or mobile device. Some people have claimed that it wasn't a flaw and was built-in iOS as a means for people - like the NSA perhaps - to be able to spy on people easier. Apple denied the claims, of course, but if you Google around, you're going to find some interesting speculation about the "flaw" found in iOS.


According to Ars Technica, the problem may have gone beyond iOS mobile devices and actually affected Mac OS X users - even if they had all the current patches and updates installed! According to them, "[The] vulnerability has been confirmed in iOS versions 6.1.5, 7.0.4, and 7.0.5, and OS X 10.9.0 and 10.9.1." That's quite a wide vulnerability. And while Apple seemed to be working fast to squash the bug last month, there's a good chance that a lot of people still don't have it patched.


In order to make sure you stay safe, here are some specific tips you should follow.


  • Always Update - The first thing you want to do is make sure you ALWAYS update your OS when you find out there's a new version available.
  • Be Aware - In order to know when you should update your OS, you're going to make sure you're aware of major problems that have been found.
  • Act Quickly - The sooner you patch the vulnerable code, the sooner you're going to be safe from attacks.


While there's no guarantee your mobile devices are going to be safe and secure, you want to make sure you take whatever steps you can to guarantee that you're as safe as possible. If you have any thoughts or opinions about the latest iOS update that killed some major security flaws, feel free to leave a comment below and let us know what you're thinking.


Guest Post:

Written by: Jenny Corteza has used a City Directory Theme because it made her life as a writer a whole lot easier. She's been writing technology articles for many years now.
 

WhatsApp spam used by ASProx Botnet to Deliver Kuluoz Malware

5448944597_8e70da64ab_o.png

Photo by: Sean MacEntee




As you probably know, Facebook bought WhatsApp for an obscene amount of money in stock earlier this year. What you might not know is that there's a lot of WhatsApp spam that is being used by ASProx Botnet to deliver nasty Kuluoz malware to unsuspecting  users. This is not good news any way you look at the situation. Keep reading if you want to know more about this as well as what you should do to stay safe.


Here's a look at some of the dates when the WhatsApp problem has made Malcovery's "Today's Top Threats" list.


  1. SEPTEMBER 19, 23, 24, 25, 26
  2. OCTOBER 2, 3, 4, 7, 8, 9, 10, 11, 16, 17, 18, 21, 22, 23, 24, 25
  3. NOVEMBER 14
  4. JANUARY 9, 13, 15, 20, 28


Looking at that list, it's easy to start wondering why nothing has been done sooner about the problem. Additionally, it really makes you wonder why Facebook paid so much for the company by offering them stock options.


Going back to November of last year, ComputerWorld published an article about how WhatsApp was one of the top five brands imitated to deliver malware with spam. That's quite a bit of recognition - and not in a good way.


Here's a look at some specific ways you can stay safe and avoid Kuluoz and other malware.

  • Use Protection - The very first thing you want to do is make sure you're using some type of protection. The good news is that you don't need to spend a lot of money to get decent anti-virus software these days.
  • Update Protection - Having protection software is nice, but if you never update it at all, you're going to find that there's still a high chance your computer will get infected and quit working correctly.
  • Be Suspicious - If you're not sure of something online, you want to err on the side of caution and not take any unnecessary risks. Even with a brand like WhatsApp - that's connected to Facebook now - you want to be very careful and know what you're doing.
  • Educate Yourself - Last but most certainly not least, you should make an effort to stay informed about how malware works and the steps you can take to protect yourself from it whenever possible. This is really the best way you can make sure your computer stays safe and virus free.


Following the advice above, there's a good chance you'll be able to avoid WhatsApp spam and not get infected with Kuluoz malware. Still, it's a good idea to pay attention and update your anti-virus software all the time. If you have any experience with WhatsApp that's negative, please leave us a comment below. 







Guest Post - 
 
Written by: Jenny Corteza deals with staff outsourcing all the time. She's a writer and dealing with editors and others can sometimes be a problem. Still, she loves writing articles about technology. Go figure.





 
 
Support : Blog | Hacking-Sec | PHP-Sec
Copyright © 2014. Hacking-Sec - All Rights Reserved

UA-55004066-1