What is Steganography?

Steganography is a means of obscuring data where secret messages are hidden inside computer files such as images, sound files, videos and even executable files so that, no one except the sender and the receiver will suspect the existence of stealth information in it. Steganography may also involve the usage of cryptography where the message is first encrypted before it is concealed in another file. Generally, the messages appear to be something else such as an image, sound or video so that the transfer of secret data remains unsuspected.

The main advantage of steganography over other methods such as cryptography is that, it will not arose suspicion even if the files fall in the hands of a third party. Unlike cryptographic messages, stegnographic messages will no way attract the attention of a third party by themselves. Thus stegnanography has an upper hand over cryptography as it involves both encryption and obscurity.

What are the Applications of Steganography?

Steganography is mainly used to obscure confidential information/data during storage or transmission. For example, one can hide a secret message in an audio file and send this to another party via email instead of sending the message in the textual format. The receiver on the other end will decrypt the hidden message using the private decryption key. In a worst case scenario, even if a third party does manage to gain access to the email, all he can find is the audio file and not the hidden data inside it. Other usage of steganography include digital watermarking of images for reasons such as copyright protection.

Eventhough steganography has many useful applications, some may use this technique for illegitimate purposes such as hiding a pornographic content in other large files. Roumors about terrorists using steganography for hiding and communicating their secret information and instructions are also reported. An article claiming that, al-Queda had used steganography to encode messages in images and transported them via e-mails, was reported by New York Times, in October 2001.

How do Steganography Tools Work?

Stegnography tools implement intelligent algorithms to carefully embed the encrypted text messages or data inside other larger files such as an image, audio, video or an executable file. Some tools will embed the encrypted data at the end of another file so that there will be enough room for storing larger data.

There are many steganography tools available online but only a few are able to work flawlessly. I did not find any tool that worked perfectly on both small and large data. However I have  managed to develop my own tool that can work perfectly on all types of files and all size of data. The tool is called “Stego Magic“. You can download it from the following link.

The zip file contains two versions of Stego Magic: One for encrypting the text messages and the other for encrypting binary files. StegoMagic_TXT can be used to hide text messages in other files such as an image or a sound file. StegoMagic_BIN can be used to hide one binary file in another such as an executable file inside an image or an image inside a video file.

With Stego Magic, there is no limitation on the size and type of the file that you are intending to hide. For example, you can hide a video of size 1 GB in an image of size 1 MB or hide an executable file inside a WORD document. The tool is pretty straightforward to use and requires no special understanding of the concept.

At the end of the encryption process, a secret decryption key will be generated and the same is required during the decryption process.

How to Use Stego Magic?

Suppose you want to hide a text message inside a JPG file:

1. Place the JPG and the text file (.txt) in the same folder as that of StegoMagic_TXT.exe

2. Run StegoMagic_TXT.exe and follow the screen instructions to embed the text message inside the JPG image.

3. Note down the secret decryption key.

Now you can send this image to your friend via email. To decrypt the hidden message, your friend should load this JPG file onto the Stego Magic tool and use the secret decryption key.

I hope you enjoy this post . For queries and feedback, please pass your comments .

In fact, there are many ways to download videos from YouTube, but here in this post, I would like to share with you one of the easiest way to do that. This can be done as follows:

1. Download and install the latest version of Internet Download Manager.

Internet Download Manager is a great add-on for your web browser which increases the download speed by 5 times. It also helps you to pause/resume and schedule your downloads. It has got a great interface and is user friendly. It works with most of the browsers including IE, Firefox, Chrome, Safari and Opera.

2. After you complete the installation, just open your browser and start searching for your favorite video on YouTube. You will see the download button on top of the video using which you can download it instantly.

3. Click on the “Download this Video” button to save the video onto your computer. The downloaded video will be in the flash video format (.flv).

4. You can use VLC Player to play the downloaded video or use SUPER to convert it to your desired format.

By using this trick, you can download almost all the buffering content on the Internet including videos from MySpace and Google. I hope you like this small post. Don’t forget to pass your comments. Enjoy

If you’re unaware of what exactly Zemana Antilogger is, then please ready my previous post that contains the required details. You can download this program from the following link:

This program is fully compatible with Windows XP (SP2 or higher), Windows Vista (32bit & 64bit) and Windows 7 (32bit & 64bit). I hope you all like this offer from GoHacking.com.

Unlike most antivirus softwares, Zemana antilogger does not rely on the signature based and file scanning approach. Rather it makes use of a unique technology to detect and shut down the malware and spyware programs just before they start their job.

Today, hackers are constantly trying to intrude vulnerable systems with programs like keyloggers which are capable of recording each and every activity of your computer. But Zemana Antilogger is capable of combating any such keylogger and spy programs, thereby keeping hackers and intruders at bay.

Zemana Antilogger is one stop solution to all of the security threats that your PC may come across. This program is fully compatible with Windows XP (SP2 or higher), Windows Vista (32bit & 64bit) and Windows 7 (32bit & 64bit).

I have already discussed about the usage of Zemana Antilogger in my previous post: How to Protect Your Computer from Keyloggers. For more information on this product you can visit the Zemana Antilogger official website.

The free license giveaway for this program is scheduled on 29th July 2011 (coming Friday). I will post the download link along with the free license key which should be valid for one year.

You will have to activate your copy of Zemana antilogger within 2nd of Aug 2011, after which the license key will become invalid for usage. Once you activate within the specified date, you can use this product for one full year, free of cost.

I hope you like this offer from GoHacking.com.

In this post, I will show you how to load the Windows installation on to your USB flash drive and make it bootable just like the DVD.

Tools Required:

1. USB flash drive with a minimum capacity of 4 GB.

2. Windows 7 set-up DVD.

Step-1: Plug-in your USB flash drive and backup all the existing data in it.

Step-2: Open the command prompt. If you are using Windows 7/Vista then open it with administrator rights*.

* Goto Start -> All Programs -> Accessories -> Right-click on “Command Prompt” and select “Run as Administrator”.

Step 3: In the command prompt, type in the following command:

DISKPART

Now issue the following command:

LIST DISK

SELECT DISK 5

NOTE: In the above command, 5 is the USB drive number on my system. If you have a different number on your system, then you need to replace 5 with that number.

Step-4: Now issue the following list of commands one by one as shown below:

CLEAN

CREATE PARTITION PRIMARY

SELECT PARTITION 1

ACTIVE

FORMAT FS=NTFS QUICK

ASSIGN

EXIT

Minimize the command prompt and proceed to the next step.

Step 5: Insert the Windows 7/Vista installation disc and note down the “drive letter” of your DVD drive. In my case, it is “H:”. Now type the following list of commands as shown below:

H: CD BOOT
CD BOOT
BOOTSECT.EXE /NT60 M:(NOTE: M: is your USB drive letter)
EXIT

Step-6: Copy the contents of your Windows 7/Vista installation disk into the USB flash drive.

That’s it! Your USB stick is now ready to boot and install the OS for you. Don’t forget to enable the “USB Boot” option and change the “boot priority to USB device from hard disk” in your BIOS settings.

I hope you like this post. Pass your comments to express your opinion.

Here in this post, I will show you how to hack your Symbian S60 3rd or 5th edition smartphone, so as to modify the phone’s firmware and completely bypass the mandatory signing requirement. So, once you are done with this one time hack, you should be able to install any compatible application including unsigned and those with an expired certificate.

What is the Need for Signing Applications?

From the 3rd edition onwards, all the Symbian S60 applications need to be signed in order to ensure their integrity, so that it would not be possible for a third party to tamper with the application. Also, signing ensures that you always install applications from a trusted source.

However, there are many freeware and beta applications that come unsigned as the developers cannot afford to buy a symbian certificate. Hence, it can be a real nightmare for the users who need to install such applications on their phones. So, here is a step-by-step procedure to hack your phone and permanently disable this security feature.

1. Download HelloOX2 V2.03 or the latest version from the HelloOX2 Ofiicial Website.

HelloOX2 is an excellent tool to hack Symbian S60 3rd, 5th and Symbian^3 smartphones which makes it possible to install a root certificate by gaining full access to the phone’s system files. With this capability, you can install anything you want on your phones without the need to worry about the annoying certificate error!

2. The signed version of HelloOX2 demands for a donation and hence, only the unsigned version is available for free download. So, if you have the unsigned version, you need to sign it before installing on your phone. In order to sign any application, you need to have the certificate and the key file which can be obtained as follows:

• Go to the OPDA Website, get registered and login to your account.
• Click on the “Apply Certificate” tab, enter the model number and the IMEI of your phone and then click on “Submit and Upload” button.
• It will usually take up 24 hours for your certificate and key file to be generated and uploaded. To check the status of your certificate click on “My Certificate” tab. If the certificate is ready for the download you will see something as follows:

• Download the certificate and the key file on to your computer. Also download the SisSigner tool to sign your HelloOX2 application.
• Open the SisSigner, load the HelloOX2.sis, certificate and the key file as shown below and click on “Sign”. Leave the “Key File Password” field blank.

• Your HelloOX2 application is now signed and ready for the installation.

3. Install the signed HelloOX2 application on your phone and run it to start the hacking process, which is completely automatic. Within a minute your phone will be hacked. Once this is done, say goodbye to the annoying certificate error and install any application.

I hope you like this post. Express your opinion through comments. Enjoy!!!

On the whole Internet, there are approximately more than 150 million active websites up and running. As a result, it often becomes a real challenge for the users to identify safe websites that are trustworthy and reputed. Have you ever wondered to know the reputation of a website before placing the order? Need to know whether a given website is child safe? Well, here are some of the ways to identify safe websites on the Web.

WOT is a great place to test the reputation of your favorite website. WOT gives real-time ratings for every website based on the feedback that it gets from millions of trustworthy users across the globe and trusted sources, such as phishing and malware blacklists. Each domain name is evaluated based on this data and ratings are applied to them accordingly. A snapshot of WOT ratings for gohacking.com is shown below:

As shown in the above snapshot, the reputation of each website is shown in terms of 4 components where green means excellent, yellow warns users to be cautious and red indicates potential danger.

Trustworthiness signifies the overall safety of the website. A poor rating may indicate that the site is associated with threats like Internet scams, phishing, identity theft risks and malware. For more information on phishing, you may refer my other post on how to identify and avoid phishing scams.

Vendor reliability tells you whether a given site is safe for carrying out buy and sell transactions with it. An excellent rating indicates superior customer satisfaction while a poor rating indicates possible scam or bad shopping experience.

Privacy indicates about “to what extent the site respects the privacy of it’s users and protects their personal identity and data”.

Child Safety indicates whether the content of a given site is appropriate for children. Site contents like sexual material, nudity and vulgarity will have a poor Child Safety rating.

In most cases, the WOT ratings are found to be highly accurate. To check the reputation of any given website, just visit www.mywot.com type-in the address of your favorite website and click on “Check now”. This tool alone can tell you a lot about the reputation and safety level of a website. However, in addition to this, I am giving you another 3 handy tools to identify safe websites on the Web.

McCafee SiteAdvisor is a free tool that is available as a browser add-on. It adds safety ratings to your browser and search engine results. You can download it from www.siteadvisor.com.

Using this tool, you can check whether a given site is said to have involved in malware activity in the past. To check this, go to http://www.stopbadware.org/home/reportsearch and enter the URL or domain name of a website and click on “Search Clearinghouse ”. If the search does not return any result, that means the site was never involved in any of the malware activity in the past.

Google PageRank is another great tool to check the reputation and popularity of a website. The PageRank tool rates every webpage on a scale of 1 to 10 which indicates Google’s view of importance of the page. If a given website has a PageRank of less than 3, then it is said to be less popular among the other sites on the Internet.

However, PageRank will only tell you how much popular a given website is and has nothing to do with the safety level of a website. So, this tool alone cannot be used to evaluate a website’s safety and other factors.

PageRank feature is available as a part of Google Toolbar. You can install Google Toolbar from http://www.google.com/intl/en_uk/toolbar/ie/index.html.

I hope you like this article. Waiting for your comments…

With the dramatic increase in the number of phishing scams in the recent years, there has also been a steady rise in the number of people being victimized. Lack of awareness among the people is the prime reason behind such attacks. This article will try to create awareness and educate the users about such online scams and frauds.

Phishing scams usually sends an email message to users requesting for their personal information, or redirects them to a website where they are required to enter thier personal information. Here are some of the tips that can be used to identify various phishing techniques and stay away from it.

Identifying a Phishing Scam

1. Beware of emails that demand for an urgent response from your side. Some of the examples are:

• You may receive an email which appears to have come from your bank or financial organization stating that “your bank account is limited due to an unauthorized activity. Please verify your account asap so as to avoid permanant suspension”. In most cases, you are requested to follow a link (URL) that takes you to spoofed webpage (similar to your bank website) and enter your login details over there.
• In some cases, phishing emails may ask you to make a phone call. There may be a person or an audio response waiting on the other side of the phone to take away your credit cards details, account number, social security number or other valuable data.

2. Phishing emails are generally not personalized. Since they target a lagre number of online users, they usually use generalized texts like “Dear valued customer”, “Dear Paypal user” etc. to address you. However, some phishing emails can be an exception to this rule.

3. When you click on the links contained in a phishing email, you will most likely be taken to a spoofed webpage with official logos and information that looks exactly same as that of the original webpages of your bank or financial organization. Pay attention to the URL of a website before you enter any of your personal information over there. Even though malicious websites look identical to the legitimate site, it often uses a different domain or variation in the spelling. For example, instead of paypal.com, a phishing website may use different addresses such as:

• papyal.com
• paypal.org
• verify-paypal.com
• xyz.com/paypal/verify-account/

Tips to Avoid Being a Victim of Phishing

1. Do not respond to suspicious emails that ask you to give your personal information. If you are unsure whether an email request is legitimate, verify the same by calling the respective bank/company. Always use the telephone numbers printed on your bank records or statements and not those mentioned in the suspicious email.

2. Don’t use the links in an email, instant messenger or chat conversation to enter a website. Instead, always type the URL of the website on your browser’s address bar to get into a website.

3. Legitimate websites always use a secure connection (https://) on those pages which are intended to gather sensitive data such as usernames and passwords, account numbers or credic card details. You will see a lock icon in your browser’s address bar which indicates a secure connection. On some websites like paypal.com which uses an extended validation certificate, the address bar turns GREEN as shown below.

In most cases, unlike a legitimate website, a phishing website or a spoofed webpage will not use a secure connection and does not show up the lock icon. So, absence of such security features can be a clear indication of phishing attack. Always double-check the security features of the webpage before entering any of your personal information.

4. Always use a good antivirus software, firewall and email filters to filter the unwanted traffic. Also ensure that your browser is up-to-date with the necessary patches being applied.

5. Report a “phishing attack” or “spoofed emails” to the following groups so as to stop such attacks from spreading all over the Internet:

You can directly send an email to spam@uce.gov or reportphishing@antiphishing.org reporting an attack. You can also notify the Internet Crime Complaint Center of the FBI by filing a complaint on their website: www.ic3.gov.