Most of us have experienced a situation where in we need to gain access to a computer which is password protected or at times we may forget the administrator password without which it becomes impossible to login to the computer. So here is an excellent hack using which you can reset the password or make the password empty (remove the password) so that you can gain administrator access to the computer. You can do this with a small tool called  Offline NT Password & Registry Editor. This utility works offline, that means you need to shut down your computer and boot off your using a floppy disk, CD or USB device (such as pen drive). The tool has the following features.

• You do not need to know the old password to set a new one
• Will detect and offer to unlock locked or disabled out user accounts!
• There is also a registry editor and other registry utilities that works under linux/unix, and can be used for other things than password editing.

How it works?

Most Windows operating systems stores the login passwords and other encrypted passwords in a file called sam (Security Accounts Manager). This file can be usually found in \windows\system32\config. This file is a part of Windows registry and remains inaccessible as long as the OS is active. Hence it is necessary that you need to boot off your computer and access this sam file via boot. This tool intelligently gains access to this file and will reset/remove the password associated with administrator or any other account.

The download link for both CD and floppy drives along with the complete instructions is given below

Offline NT Password & Reg Editor Download

It is recommended that you download the CD version of the tool since floppy drive is outdated and doesn’t exist in today’s computer. Once you download you’ll get a bootable image which you need to burn it onto your CD. Now boot your computer from this CD and follow the screen instructions to reset the password.

Another simple way to reset non-administrator account passwords

Here is another simple way through which you can reset the password of any non-administrator accounts. The only requirement for this is that you need to have administrator privileges. Here is a step-by-step instruction to accomplish this task.

1. Open the command prompt (Start->Run->type cmd->Enter)

2. Now type net user and hit Enter

3. Now the system will show you a list of user accounts on the computer. Say for example you need to reset the password of the account by name John, then do as follows

4. Type net user John * and hit Enter. Now the system will ask you to enter the new password for the account. That’s it. Now you’ve successfully reset the password for John without knowing his old password.

So in this way you can reset the password of any Windows account at times when you forget it so that you need not re-install your OS for any reason. I hope this helps.

To help you come out of this confusion I have decided to write a complete review of one the best spy softwares that I have come accross. The following is the best spy software that I always recommend.

SniperSpy Full Review

In my experience of more than 6 years I have tested almost 50 spy softwares. Out of these one of my favorite Spy software is SniperSpy. The following are some of the reasons for which I recommend SniperSpy for you.

1. SniperSpy can be used to Spy on your local PC as well as a remote PC since it supports remote installation feature.

2. On the whole Internet there exists only a few spy softwares that support remote installation and SniperSpy is the best among them.

3. You can view the LIVE screenshot of the remote computer. Not only screenshots, but also you can see every activity on the remote comuter LIVE.

4. With SniperSpy you can take a complete control of the remote PC. You can logoff, restart or shutdown the remote PC right from your PC.

5. SniperSpy records every activity of the remote computer.

6. SniperSpy is completely stealth and remains undetected.

7. SniperSpy captures every keystroke that is typed. This includes email passwords, login passwords, instant messenger passwords etc.

8. SniperSpy has the ability to bypass any firewall.

How it Works?

After you purchase the SniperSpy software, you will be able to download the a program that allows you to create a remotely deployable module.

To deploy the module you can attach the exe file to any regular email and send to the remote PC. Modules can be dropped into a Word, Wordpad or Works document, or even a ZIP or RAR file. When the module is executed it will not display anything on the screen if you chose the “Do Not Alert User” option during module creation.

After you have sent the email, wait until the remote user checks their email and executes the module. After the module is executed, activity will begin recording immediately. After activity starts recording it will then be uploaded to your personal SniperSpy web space.

Wait about fifteen minutes after the module has been executed. Then login to your online account. You will be able to view any recorded activity there using a secure https connection. Logs are updated every six minutes. No matter where you are, you can log into your SniperSpy account from any Internet connection.

How effective is SniperSpy?

Once you’ve got the module executed on the target machine, it begins logging keystrokes, websites visited, internet searches, file changes, instant message chats, and taking screenshots of computer activity. I decided to install the module remotely on my friend’s laptop. A few hours after it’s successful installation, I was able to login to the control panel to see the screenshots, keystrokes (includes passwords), websites visited and many more. Whenever he used to come online I was able to monitor has activity LIVE. It was quite amazing to sit at my place and watch his activities remotely.

Improvements in the latest version of SniperSpy

In the older versions of Sniperspy the online control panel was pretty slow taking upto a minute to communicate with the remote computer. This was a bit annoying.

But this problem is fixed in the latest version. In fact it’s extremely fast now!

How is SniperSpy different from other spy softwares?

The following features makes SniperSpy stand out from the crowd

1. Sniper Spy is more reliable than other spy softwares since the logs sent will be received and hosted by SniperSpy servers. You need not rely on your email account to receive the logs.

2. SniperSpy offers excellent customer support.

3. SniperSpy has got recognition from media such as CNN, BBC, CBS, Digit etc. Hence it is more reputed and trustworthy.

Verdict: Sniperspy Internet Monitor Software

This review can only give you an idea of just how powerful SniperSpy really is and how it can help you to monitor internet activity. There is not much that can be hidden from SniperSpy and if you visit their website you will get the complete picture.
There are a few computer remote spying programs available but Sniperspy is without doubt one of the best ones you can buy. Customer support is excellent and if you want peace of mind then this will allow you to find out the truth very quickly.

Check SniperSpy out right now and discover for yourself how much is worth to you compared with the few dollars it costs.

You can get SniperSpy from the following link: SniperSpy Homepage

I hope this helps…

MessenPass: Recovers the passwords of most popular Instant Messenger programs: MSN Messenger, Windows Messenger, Yahoo Messenger, ICQ Lite 4.x/2003, AOL Instant Messenger provided with Netscape 7, Trillian, Miranda, and GAIM.

Mail PassView: Recovers the passwords of the following email programs: Outlook Express, Microsoft Outlook 2000 (POP3 and SMTP Accounts only), Microsoft Outlook 2002/2003 (POP3, IMAP, HTTP and SMTP Accounts), IncrediMail, Eudora, Netscape Mail, Mozilla Thunderbird, Group Mail Free.
Mail PassView can also recover the passwords of Web-based email accounts (HotMail, Yahoo!, Gmail), if you use the associated programs of these accounts.

IE Passview: IE PassView is a small utility that reveals the passwords stored by Internet Explorer browser. It supports the new Internet Explorer 7.0, as well as older versions of Internet explorer, v4.0 – v6.0

Protected Storage PassView: Recovers all passwords stored inside the Protected Storage, including the AutoComplete passwords of Internet Explorer, passwords of Password-protected sites, MSN Explorer Passwords, and more…

PasswordFox: PasswordFox is a small password recovery tool that allows you to view the user names and passwords stored by Mozilla Firefox Web browser. By default, PasswordFox displays the passwords stored in your current profile, but you can easily select to watch the passwords of any other Firefox profile. For each password entry, the following information is displayed: Record Index, Web Site, User Name, Password, User Name Field, Password Field, and the Signons filename. 

Here is a step by step procedre to create the password hacking toolkit.

1. Download all the 5 tools, extract them and copy only the executables(.exe files) into your USB Pendrive.

ie: Copy the files – mspass.exe, mailpv.exe, iepv.exe, pspv.exe and passwordfox.exe into your USB Drive.

2. Create a new Notepad and write the following text into it

save the Notepad and rename it from

New Text Document.txt to autorun.inf

Now copy the autorun.inf file onto your USB pendrive.

3. Create another Notepad and write the following text onto it.

save the Notepad and rename it from

New Text Document.txt to launch.bat

Copy the launch.bat file also to your USB drive.

Now your rootkit is ready and you are all set to sniff the passwords. You can use this pendrive on on any computer to sniff the stored passwords. Just follow these steps

1. Insert the pendrive and the autorun window will pop-up. (This is because, we have created an autorun pendrive).

2. In the pop-up window, select the first option (Perform a Virus Scan).

3. Now all the password recovery tools will silently get executed in the background (This process takes hardly a few seconds). The passwords get stored in the .TXT files.

4. Remove the pendrive and you’ll see the stored passwords in the .TXT files.

This hack works on Windows 2000, XP and Vista

If you are wondering to know how to hack MySpace account of your wife, husband, girl/boy friend then you have landed at the right place. I have seen many cheaters create secret MySpace accounts in order to have secret relationships with another person. So, it’s no wonder why many people want to hack into MySpace account to reveal the secret.  

Is it Possible to Hack MySpace?

  
Yes. As a matter of fact, almost anything can be hacked on the Internet. However you must be aware of the following things before you proceed to hack MySpace.    

1. Never trust any Hacking Service that claims to hack a MySpace account for a fee. I have personally tried and tested many of them. All I can tell you is that they are no more than a scam.  

2. With my experience of about 8 years in the field of Hacking and IT security, I can tell you that there are only TWO ways to hack MySpace: They are Keylogging and Phishing. All the other ways are simply scam or don’t work!

The following are the only 2 foolproof methods that work:  

1. How to Hack Myspace: The Easiest Way

The easiest way to hack MySpace is by using a keylogger (Also known as Spy software). A keylogger is a small program that monitors each and every keystroke that a user types on a specific computer’s keyboard. Keylogging can not only get you the password, but also has the power to monitor each and every activity they perform on their compter. To use a keylogger you don’t need to have any special knowledge. Anyone with a basic knowledge of computers can use the keyloggers. Hence for novice computer users, it is the ideal way to obtain MySpace password. With my experience I recommend the following keylogger as the best.  

• SniperSpy – The No.1 Keylogger

SniperSpy is revolutionary software that allows you to access *ANY* online account or password protected material. MySpace, Facebook, Yahoo, Gmail, etc. There are absolutely *NO* limitations to what accounts or websites this software can access!  

Why Sniperspy is the best?  

1. With my experience of over 8 years in the field of IT security, I have tried almost every product currently available and know the ins and outs of what it is and how it works.   

2. Sniperspy is the only software that offers a complete stealth and easy access to any password.  

Here is a summary of benifits that you will receive with Sniperspy software: 

1. Access ANY Password  

Using Sniperspy, you can hack every password typed, allowing you to access any type of password protected account. 

2. Monitor all the Activities on the Target Computer and Access Protected MySpace Accounts  

With Sniperspy you can do anything from secretly recording their IM conversations to accessing protected MySpace, Facebook or email accounts.  

 3. Never Get Caught 

This software runs in a total stealth mode which makes it possible to record the activities without anyone knowing it. 

4. Remote Install Feature 

No physical access to your remote PC is needed to install the spy software. You can install the software even if the PC is out of country! 

5. Extremely Easy to Use 

Sniperspy is designed for novice computer users and requires no special skills. 

How safe is to use SniperSpy?

SinperSpy is completely safe and secure since it neither collects any information from your computer nor contact you in any way unless you request assistance. SniperSpy is a reputed, trustworthy and reliable company which offers 100% privacy for it’s users.

Is my online order 100% secure?

Absolutely Yes! All the e-commerce transactions for SniperSpy are routed through a highly secure payment gateway. So all your information remains private and secure. Also SniperSpy is backed by 100% Money Back Guarantee. So you have nothing to lose and everything to gain. Go grab SniperSpy now and expose the truth!

2. Other Ways to Hack Myspace

Phishing
Phishing is the most commonly used method to hack into MySpace or any other email. The most widely used technique in phishing is the use of Fake Login Page (also known as spoofed page). These fake login pages resemble the original login pages of sites like Yahoo, Gmail, MySpace etc. Here the victim is trickedto make him believe the fake login page to be the real one and enter hispassword. But once the user attempts to login through these pages, his/her login details are stolen away. However phishing requires specialized knowledge and high level skills to implement. So I recommend the use of keyloggers to hack MySpace since it is the easiest way.

Today in this post I’ll teach you how to protect your email account from being hacked. Nowadays I get a lot of emails where most of the people say “My Email account is hacked please help…”. Now one question which arises in our mind is: “Is it so easy to hack an email account? OR Is it so difficult to protect an email account from being hacked?”. The single answer to these two questions is “Absolutely NOT!”. It is neither easy to hack an email nor difficult to protect an email account from bieng hacked.

If this is the case, then what is the reason for many people to lose their accounts?

The answer is very simple. They don’t know how to protect themselves from being hacked! In fact most of the people who lose their email accounts are not the victims of hacking but the victims of Trapping. They lose their passwords not because they are hacked by some expert hackers but they are fooled to such an extent that they themselves give away their password.

Are you confused? If so continue reading and you’ll come to know…

Now I’ll mention some of the most commonly used online scams which fool people and make them lose their passwords. I’ll also mention how to protect your email account from these scams.

1. WEBSITE SPOOFING

Website spoofing is the act of creating a website, with the intention of misleading the readers. The website will be created by a different person or organisation (Other than the original) especially for the purposes of cheating. Normally, the website will adopt the design of the target website and sometimes has a similar URL.

For example a Spoofed Website of Yahoo.com appears exactly same as Yahoo Website. So most of the people believe that it is the original site and lose their passwords. The main intention of spoofed websites is to fool users and take away their passwords. For this,the spoofed sites offer fake login pages. These fake login pages resemble the original login pages of sites like Yahoo,Gmail,Orkut etc. Since it resemble’s the original login page people beleive that it is true and give away their username and passwords by trying to login to their accounts.

Solution:

• Never try to login/access your email account from the sites other than the original site.
• Always type the URL of the site in the address bar to get into the site. Never click on the hyperlink to enter the site.

2. BY USING KEYLOGGERS

The other commonly used method to steal password is by using a Keylogger. A Keylogger is nothing but a spyware. The detailed description of keylogger and it’s usage is discussed in the post Hacking an email account. If you read this post you’ll come to know that it is too easy to steal the password using a keylogger program. If you just access your email account from a computer installed with keylogger, you definitely lose your password. This is because the keylogger records each and every keystroke that you type.

Solution:

Protecting yourselves from a keylogger scam is very easy.Just install a good anti-spyware program and update it regularly. This keeps your PC secure from a keylogger. Also there is a program called Anti-keylogger which is specially designed to detect and remove keyloggers. You can use this program to detect some stealth keyloggers which remain undetected by many anti-spyware programs.

3. ACCESSING YOUR EMAIL ACCOUNT FROM CYBER CAFES

Do you access your email from cyber cafes?  Then definitely you are under the risk of loosing your password.In fact many people lose their email account in cyber cafes. For the owner of the cyber cafe it’s just a cakewalk to steal your password. For this he just need’s to install a keylogger on his computers. So when you login to your email account from this PC, you give away your password to the cafe owner. Also there are many Remote Administration Tools (RATs) which can be used to monitor your browsing activities in real time.

This doesn’t mean that you should never use cyber cafes for browsing the internet. I know, not all the cyber cafe owners will be so wicked but it is recommended not to use cafes for accessing confidential information. If it comes to the matter of security never trust anyone, not even your friend. I always use my own PC to login to my accounts to ensure safety.

So with this I conclude my post and assume that I have helped my readers to protect their email accounts from being hacked. Please pass your comments…

A software keylogger (or simple keylogger) is a stealth computer program that captures every keystroke entered through the keyboard.

Now I’ll tell you what is a hardware keylogger and how it can be used for hacking an email.

Hardware Keyloggers are used for keystroke logging, a method of capturing and recording computer user keystrokes. They plug in between a computer keyboard and a computer and log all keyboard activity to an internal memory. They are designed to work with PS/2 keyboards, and more recently with USB keyboards. A hardware keylogger appears simply as a USB pendrive (thumb drive) or any other computer peripheral so that the victims can never doubt that it is a keylogger. So by looking at it’s appearence it is not possible to identify it as a keylogger. Here are some of the images of hardware keyloggers for your convenience.

So by looking at the above images we can come to know that hardware keyloggers look just like any USB or PS/2 device. So it is very hard to identify it as a keylogger.

Insatalling a Hardware Keylogger to Hack the Email Password

The hardware keylogger must be installed between the keyboard plug and the USB or PS/2 port socket. That is you have to just plug in the keylogger to your keyboard’s plug (PS/2 or USB) and then plug it to the PC socket. The following image shows how the keylogger is installed.

Once you install the hardware keylogger as shown in the above two images the keylogger starts recording each and every keystroke of the keyboard including email passwords and other confidential information. The hardware keylogger has an inbuilt memory in which the logs are stored.

Everyday I get a lot of emails from people asking how to hack a Yahoo password? So if you’re wondering to know how to hack Yahoo and catch a cheating spouse, girl/boy friend then this is the post for you. In this post I will give you the real and working ways to hack Yahoo password. 

Is it possible to hack Yahoo?

Yes! As a matter of fact it’s possible to hack almost any email password. But before you learn the real ways to hack Yahoo password, the following are the things you should be aware of.

1. Never trust any Hacking Service that claims to hack Yahoo password just for $100 or $200. I have tried many such services and have found out that they are no more than scams.

2. With my experience of about 8 years in the field of Hacking and IT security, I can tell you that there are only TWO ways to hack Yahoo password: They are Keylogging and Phishing. All the other password hacking methods are simply scam or don’t work! The following are the only 2 foolproof methods that work.

1. EASIEST WAY TO HACK YAHOO

Using keylogger is the easiest way to hack a Yahoo password. A keylogger is a small program that records each and every keystroke (including passwords) that a user types on a specific computer’s keyboard. A keylogger is also called as Spy program or Spy software. To use it you don’t need to have any special knowledge. Anyone with a basic knowledge of computer can use it. With my experience I recommend the following 2 keyloggers as the best for hacking Yahoo password.

How can I use SniperSpy for hacking Yahoo?

You can hack Yahoo password using SniperSpy as follows:

1. After you purchase it, you’ll be able to create the installation module. You need to email this module to the remote user as an attachment.

2. When the remote user runs the module it’ll get installed silently and monitoring process will begin. The keystrokes are captured and uploaded to the SniperSpy servers continously.

3. You can login to your Sniperspy account (you get this after purchase) to see the logs which contains the password. In this way you can hack Yahoo or any email using sniperspy.

The working of Winspy is almost same as Sniperspy.

I don’t have physical access to the target computer, can I still use sniperspy?

Yes you can still use it for hacking Yahoo. Because both SniperSpy and WinSpy offers Remote Installation Feature. With this feature it is possible to remotely install the keylogger on the victim’s PC. However they can also work on a local computer.

Once I install sniperspy can the victim come to know about it’s presence?

No. The victim will never come to know about it’s presence on his/her computer. This is because, once installed the keylogger will run in total stealth mode. Unlike other programs it will never show up in start-menu, start-up, program files, add/remove programs and task manager.

Can I be traced back if I install it on some other computer?

No, it’s almost impossible to trace back to you for installing the keylogger on other’s PC.

How safe is to use SniperSpy?

Sniperspy is completely safe to use since all the customer databases remain confidential and private. They doesn’t collect any information from your system and will not contact you in any way unless you request assistance.

For more details on keylogger you can read my post on How to use Keyloggers

2. OTHER WAYS TO HACK YAHOO

 
The other most commonly used trick to hack Yahoo password is using a Fake Login Page (also called as Phishing). Today, Fake login pages are the most widely used techniques to hack Yahoo password. A Fake Login page is a page that appears exactly as a Login page of sites like Yahoo, Gmail etc. But once we enter our password there, we end up loosing it.

However creating a fake login page and taking it online to successfully hack a Yahoo password is not an easy job. It demands an in depth technical knowledge of HTML and scripting languages like PHP, JSP etc. So if you are new to the concept of hacking passwords, then I recommend using the keyloggers to hack Yahoo password since it’s the easiest way.

1. What are some password basics?

Most accounts on a computer system usually have some method of restricting access to that account, usually in the form of a password. When accessing the system, the user has to present a valid ID to use the system, followed by a password to use the account. Most systems either do not echo the password back on the screen as it is typed, or they print an asterisk in place of the real character.

On most systems,the password is typically ran through some type of algorithm to generate a hash. The hash is usually more than just a scrambled version of the original text that made up the password, it is usually a one-way hash. The one-way hash is a string of characters that cannot be reversed into its original text. You see, most systems do not “decrypt” the stored password during authentication, they store the one-way hash. During the login process, you supply an account and password. The password is ran through an algorithm that generates a one-way hash. This hash is compared to the hash stored on the system. If they are the same, it is assumed the proper password was supplied.

Cryptographically speaking, some algorithms are better than others at generating a one-way hash. The main operating systems we are covering here — NT, Netware, and Unix — all use an algorithm that has been made publically available and has been scrutinized to some degree.

To crack a password requires getting a copy of the one-way hash stored on the server, and then using the algorithm generate your own hash until you get a match. When you get a match, whatever word you used to generate your hash will allow you to log into that system. Since this can be rather time-consuming, automation is typically used. There are freeware password crackers available for NT, Netware, and Unix.

2. Why protect the hashes?

If the one-way hashes are not the password itself but a mathematical derivative, why should they be protected? Well, since the algorithm is already known, a password cracker could be used to simply encrypt the possible passwords and compare the one-way hashes until you get a match. There are two types of approaches to this — dictionary and brute force.
Usually the hashes are stored in a part of the system that has extra security to limit access from potential crackers.

3. What is a dictionary password cracker?

A dictionary password cracker simply takes a list of dictionary words, and one at a time encrypts them to see if they encrypt to the one way hash from the system. If the hashes are equal, the password is considered cracked, and the word tried from the dictionary list is the password.

Some of these dictionary crackers can “manipulate” each word in the wordlist by using filters. These rules/filters allow you to change “idiot” to “1d10t” and other advanced variations to get the most from a word list. The best known of these mutation filters are the rules that come with Crack (for Unix). These filtering rules are so popular they have been ported over to cracking software for NT.

If your dictionary cracker does not have manipulation rules, you can “pre-treat” the wordlist. There are plenty of wordlist manipulation tools that allow all kinds of ways to filter, expand, and alter wordlists. With a little careful planning, you can turn a small collection of wordlists into a very large and thorough list for dictionary crackers without those fancy word manipulations built in.

4. What is a brute force password cracker?

A brute force cracker simply tries all possible passwords until it gets the password. From a cracker perspective, this is usually very time consuming. However, given enough time and CPU power, the password eventually gets cracked.

Most modern brute force crackers allow a number of options to be specified, such as maximum password length or characters to brute force with.

5. Which method is best for cracking?

It really depends on your goal, the cracking software you have, and the operating system you are trying to crack. Let’s go through several scenarios.

If you remotely retrieved the password file through some system bug, your goal may be to simply get logged into that system. With the password file, you now have the user accounts and the hashes. A dictionary attack seems like the quickest method, as you may simply want access to the box. This is typical if you have a method of leveraging basic access to gain god status.

If you already have basic access and used this access to get the password file, maybe you have a particular account you wish to crack. While a couple of swipes with a dictionary cracker might help, brute force may be the way to go.

If your cracking software does both dictionary and brute force, and both are quite slow, you may just wish to kick off a brute force attack and then go about your day. By all means, we recommend a dictionary attack with a pre-treated wordlist first, followed up by brute force only on the accounts you really want the password to.

You should pre-treat your wordlists if the machine you are going to be cracking from bottlenecks more at the CPU than at the disk controller. For example, some slower computers with extremely fast drives make good candidates for large pre-treated wordlists, but if you have the CPU cycles to spare you might want to let the cracking program’s manipulation filters do their thing.

A lot of serious hackers have a large wordlist in both regular and pre-treated form to accommodate either need.

6. What is a salt?

To increase the overhead in cracking passwords, some algorithms employ salts to add further complexity and difficulty to the cracking of passwords. These salts are typically 2 to 8 bytes in length, and algorithmically introduced to further obfuscate the one-way hash. Of the major operating systems covered here, only NT does not use a salt. The specifics for salts for both Unix and Netware systems are covered in their individual password sections.

Historically, the way cracking has been done is to take a potential password, encrypt it and produce the hash, and then compare the result to each account in the password file. By adding a salt, you force the cracker to have to read the salt in and encrypt the potential password with each salt present in the password file. This increases the amount of time to break all of the passwords, although it is certainly no guarantee that the passwords can’t be cracked. Because of this most modern password crackers when dealing with salts do give the option of checking a specific account.

7. What are the dangers of cracking passwords?

The dangers are quite simple, and quite real. If you are caught with a password file you do not have legitimate access to, you are technically in possession of stolen property in the eyes of the law. For this reason, some hackers like to run the cracking on someone else’s systems, thereby limiting their liability. I would only recommend doing this on a system you have a legitimate or well-established account on if you wish to keep a good eye on things, but perhaps have a way of running the cracking software under a different account than your own. This way, if the cracking is discovered (as it often is — cracking is fairly CPU-intensive), it looks to belong to someone else. Obviously, you would want to run this under system adminstrator priviledges as you may have a bit more control, such as assigning lower priority to the cracking software, and hiding the results (making it less obvious to the real administrator).

Being on a system you have legit access to also allows you better access to check on the progress. Of course, if it is known you are a hacker, you’ll still be the first to be blamed whether the cracking software is yours or not!

Running the cracking software in the privacy of your own home has the advantage of allowing you to throw any and all computing power you have at your disposal at a password, but if caught (say you get raided) then there is little doubt whose cracking job is running. However, there are a couple of things you can do to protect yourself: encrypt your files. Only decrypt them when you are viewing them, and wipe and/or encrypt them back after you are done viewing them.

8. Is there any way I can open a password-protected Microsoft Office document?

Certainly! There are plenty of commercial programs that will do this, but we give props to Elcomsoft. 30-day trial versions are available here.

Here’s the Step-By-Step instructions

1. Right-click on the “My Computer” icon on the desktop OR in the Start Menu.

2. Select the option “Manage”.

3. On the left pane expand the “Computer Management (Local) tree (if it is not already expanded)

4. Double click “Local Users and Groups” option From “System Tools” tree.

5. Click the “Users” option.

6. Now you will see the list of users on the right side pane, such as Administrator, Guest etc.

7. Right click the “Administrator” and select the option “Set Password” option.

8. Now you will see a warning message, Click on proceed.

9. Now the system asks you for “New Password” and “Confirm Password” .

10. After entering the password click on “OK”. The password is changed. That’s It!

P

Recent phishing attempts have targeted the customers of banks and online payment services. Social networking sites such as Orkut are also a target of phishing.

Spoofed/Fraudulent e-mails are the most widely used tools to carry out the phishing attack. In most cases we get a fake e-mail that appears to have come from a Trusted Website . Here the hacker may request us to verify username & password by replaying to a given email address.

TECHNIQUES BEHIND PHISHING ATTACK

1. Link Manipulation

Most methods of phishing use some form of technical deception designed to make a link in an email appear to belong to some trusted organization or spoofed organization. Misspelled URLs or the use of subdomains are common tricks used by phishers, such as this example URL

www.micosoft.com

www.mircosoft.com

www.verify-microsoft.com

instead of www.microsoft.com

2. Filter Evasion

Phishers have used images instead of text to make it harder for anti-phishing filters to detect text commonly used in phishing emails. This is the reason Gmail or Yahoo will disable the images by default for incoming mails.

How does a phishing attack/scam look like?

As scam artists become more sophisticated, so do their phishing e-mail messages and pop-up windows. They often include official-looking logos from real organizations and other identifying information taken directly from legitimate Web sites. Here is an example of how the phishing scam email looks like

Example of a phishing e-mail message, including a deceptive URL address linking to a scam Web site.

To make these phishing e-mail messages look even more legitimate, the scam artists may place a link in them that appears to go to the legitimate Web site (1), but it actually takes you to a phishing site (2) or possibly a pop-up window that looks exactly like the official site.

These copycat sites are also called “spoofed” Web sites. Once you’re at one of these spoofed sites, you may send personal information to the hackers.

How to identify a fraudulent e-mail?

Here are a few phrases to look for if you think an e-mail message is a phishing scam.

“Verify your account.”

Legitimate sites will never ask you to send passwords, login names, Social Security numbers, or any other personal information through e-mail.

“If you don’t respond within 48 hours, your account will be closed.”

These messages convey a sense of urgency so that you’ll respond immediately without thinking.

“Dear Valued Customer.”

Phishing e-mail messages are usually sent out in bulk andoften do not contain your first or last name.

“Click the link below to gain access to your account.”

HTML-formatted messages can contain links or forms that you can fill out just as you’d fill out a form on a Web site. The links that you are urged to click may contain all or part of a real company’s name and are usually “masked,” meaning that the link you see does not take you to that address but somewhere different, usually a scam Web site.

Notice in the following example that resting the mouse pointer on the link reveals the real Web address, as shown in the box with the yellow background. The string of cryptic numbers looks nothing like the company’s Web address, which is a suspicious sign.

So the Bottom line to defend from phishing attack is

1. Never assume that an email is valid based on the sender’s email address.

2. A trusted bank/organization such as paypal will never ask you for your full name and password in a PayPal email.

3. An email from trusted organization will never contain attachments or software.

4. Clicking on a link in an email is the most insecure way to get to your account.