Jul.29

I want to believe.

My friends always ask me why not you are a believer .?
My reply always this I want to believe.
These lines are my friends please read them carefully.
—————————-
If a problem can b solved no need to worry about it.
If a problem cannot be solved what is the use of worrying?
Do not believe in anything simply because you have heard it.

Do not believe in anything simply because it is spoken and rumored by many.

Do not believe in anything simply because it is found written in your religious books.

Do not believe in anything merely on the authority of your teachers and elders.

Do not believe in traditions because they have been handed down for many generations.

But after observation and analysis, when you find that anything agrees with reason and is conducive to the good and benefit of one and all, then accept it and live up to it. ~Buddha

Blog

Mar.30

Ecommerce Web Designing In Pakistan

Classic web styles offers end-to-end Ecommerce Web Designing In Pakistan and across the world to businesses Who are seeking to launch themselves within the online retail business. we provide enticing and reasonable ecommerce web site development in Pakistan and different a part of the world. Our expertise operating with a large vary of consumers can assist you avoid mistakes and sleek your growth. we have a tendency to ar one in every of the Indias best Ecommerce internet Development company and our web site coming up with Company is predicated in capital of India, giving full vary of tailored Ecommerce internet development together with absolutely customizable and third party open supply ecommerce programs together with Opencart, Magneto, X-cart and additional. Our reasonable E-commerce development solutions ar professionally designed and tested to offer you the sting over your competitors. except handcart solutions, we have a tendency to conjointly provide Payment entry integration, online credit card process and fixing businessperson account for your online e-commerce solutions.

 If you looking for Ecommerce Web Designing In Pakistan

Being an expert Ecommerce web site coming up with company in Pakistan our ecommerce web site style provides you with everything you wish to begin conducting business online. By utilizing our ecommerce web site development in india, your web target markets become your potential customers. E-Commerce websites bring the complete world to the merchants sill. simply think of} the possibilities! jointly of the leading ecommerce internet development company in Pakistan we have a tendency to perceive that being a layman having very restricted information about ecommerce internet development it’s very tough for you to assemble all of your needed options into a web site, however our specialists can give you complete resolution beneath single roof, and that they can guide that of them feature are going to be helpful for your online business and which options isn’t therefore necessary for your business in order that you have got the choice to decide on solely those feature which goes to spice up your sales.

 We are the best Ecommerce Web Designing In Pakistan

Our reputation allows us to deliver unbeatable service to our existing customers worldwide. If you would like to launch a brand new online store, however would really like to hire skilled} to develop your online store otherwise you would really like to figure with an expert to require your ecommerce web site to future level you are during a right place With the proper approach, the proper selling and also the right technology, you will flip a web site visitor into a life-long client, one who buys over just one occasion, one who refers additional business your manner, and one who adds profit to your bottom line year once. Our Ecommerce internet development is over simply commerce your product on the internet, it is about building a long-term relationship with a client through effective selling. It is concerning serving their desires higher, smarter, faster, and during a additional appealing manner than your competition. Keep a client happy through higher service, build them feel special and necessary and that they can rather do additional business with you than anyone else.

 

So if you are looking for customized Ecommerce Web Designing In Pakistan, Contact us today and our business specialist can give you 100% support in developing your world class Ecommerce website development.

The only Ecommerce Web Designing In Pakistan who work fast and reliable.

Blog

Mar.21

SEO Expert in Pakistan

I am Mohammad Khalil extremely skillful and practiced SEO Exper in Pakistan (SEO) knowledgeable and a web promoting adviser, based mostly in cities, Pakistan. i have been during this business for quite your time currently and have helped numerous little businesses and freelance shoppers rank high on Google, Yahoo and Bing with the utilization of moral white-hat SEO techniques that I even have formed over time through real expertise.
I even have conjointly provided in-house coaching to marketers, net masters and web developers.
The purpose of this web site is two fold. First, if you’re longing for a professional SEO expert and a probe engine promoting adviser to assist you produce stronger on-line presence, you’ll be able to find out about the varied SEO services I supply as well as research, programmer improvement (SEO), on-line name management, web promoting, content development/optimization and net analytics. there’s plenty concerned in achieving solid and lasting success on the web and thru advanced SEM and SEO techniques, I facilitate my shoppers win the results they require.
Second, if you’re simply longing for data regarding SEO Associate in web promoting from an SEO knowledgeable and are interested in however it all works, you’ll realize voluminous SEO resources, articles, and links that may give you with the newest data during this field. So, fancy your visit, and are available back typically.
Professional SEO Services from Associate in SEO Expert in Pakistan.

Whether you’ve got a replacement web site and square measure trying increase traffic or have a established web site that’s not attracting enough net traffic, my SEO service plans will assist you reach your goals.
I supply comprehensive SEO services using techniques and activities that square measure derived from business best practices to assist your web site restore rankings on major search engines, as well as Google, Yahoo! and MSN. These include:
Website assessment
Keyword analysis and analysis
Competition analysis
Website structure and committal to writing assessment
SEO strategy formulation
Meta information analysis and redaction
Link building ways development and implementation
Monitoring rankings and making standing reports

So What precisely is SEO and Why does one want It?

Search Engine improvement (SEO) could be a set of programmer promoting (SEM), and could be a method of fitting your web site thus it achieves solid, high rankings of programme Results Pages (SERP) for necessary keywords and/or key phrases. SEO uses a mix of techniques, tools, and technical skills to urge the required results.
So as seo expert in Pakistan I think If you’re an internet business, SEO is one among the foremost essential factors to your website’s on-line promoting success. Most of the traffic on the web is generated by search engines. so as to look aboard your competition within the search results, your web site should be search-engine friendly. Moreover, to be competitive among the search results you wish to require steps that persuade search engines that your web site is Associate in Nursing authority which your content has relevancy for specific keywords associated with your business. thus if done properly, SEO will assist you win that and end in the next come back on investment than the other kind of promoting ,each on-line and offline. SEO may also facilitate drive targeted traffic and actuated consumers to your web site and successively contribute to inflated sales conversions.
Here square measure a number of the essential edges of SEO:

SEO leads to inflated targeted traffic to your web site
SEO helps produce complete identity
SEO creates higher programme positioning
SEO helps you gain competitive advantage
SEO leads to quick measurable ROI
SEO boosts product sales and on-line visibility
SEO brings in free targeted traffic and therefore leads to low consumer acquisition prices
SEO will permit you to vie expeditiously and effectively against larger competitors
SEO provides continuous on-line visibility
SEO is that the least expensive promoting tool even on cyber web
White-hat (ethical) vs. Black-hat (unethical) SEO Techniques

White-hat and black-hat square measure 2 totally different views of a way to move programme improvement. White-hat SEO specialists (like me) square measure those that devise correct SEO ways in step with the rules given by numerous search engines. On the opposite hand, black-hat SEOs typically try and “trick” search engines by victimization back doors, cloaking, spamming and alternative tricks to optimize their sites.
There square measure several firms and “SEO professionals” United Nations agency use black-hat, unethical techniques so as to urge fast results that always get their clients’ websites illegal from search engines. to urge sustained results solely white-hat SEO techniques ought to use.

Unlike alternative SEO professionals so known as SEO specialists, I don’t promise number one rankings in Google, nor do I promise to submit your web site to fifty,000 search engines and directories. All such claims square measure phony and carry no weight the least bit. However, I do promise a substantial increase in your web site traffic, higher rankings for primary and secondary keywords, and higher conversions that end in inflated revenue from your web site.
As Associate in Nursing SEO knowledgeable, here is what I guarantee:
Your web site are going to be submitted to any or all the key search engines and directories, along side some industry-specific directories.
The keywords I counsel can have searches as indicated by WordTracker.
I will optimize for all keywords requested by you.
I can NOT use unethical SEO techniques and none of the SEO techniques utilized by Maine will get your information processing system illegal from search engines.
I will discuss all my SEO techniques with you.
I will not do any changes on your web site while not your approval.

 At Last I must say I am the best SEO Expert in Pakistan.

Blog

Jan.25

Metasploit GUI integrated with Nessus in Kali Linux

Metasploit is the renowned Penetration testing framework created by H. D. Moore in 2003, metasploit was created to hack into computer systems for testing purpose. Metasploit can be used for following purposes:
  • Validate security risks as part of your vulnerability management program.
  • Safely simulate attacks on your network to uncover security issues.
  • Verify your defenses, security controls and mitigation efforts.
  • Measure the effectiveness of your security awareness program.
  • Audit password security beyond Windows and Linux logins.
Whereas, Nessus is a proprietary comprehensive vulnerability scanner which is developed by Tenable Network Security. It is free of charge for personal use in a non-enterprise environment. Key features of Nessus are:
  • Patch Management Integration
  • Malware/Botnet Detection
  • Mobile Device Auditing
  • Configuration & Compliance Auditing
  • Scanning & Auditing Virtualization & Cloud Platforms
And the last but not the least Kali Linux, which is the successor of backtrack linux. Kali Linux is a Debian-derived Linux distribution designed for digital forensics and penetration testing. It is maintained and funded by Offensive Security Ltd.

Metasploit Graphical User Interface Tutorial

So it was the basic introduction of the tools that we are going to discuss, metasploit GUI comes under many umbrella; for example: Pro, community, Express and framework. In this tutorial I will use the Community version of metasploit.
  • Download the community version of metasploit from rapid7 website and get the activation code.
  • Configure it (if you need guideline then let us know, we will create a tutorial for the configuration too)
For better understanding of the work-flow, the video tutorial has been created.Something went wrong after uploading the video, skip the first 5 sec to get better quality. 

Blog

Jan.25

VoIP Hacking: Past, Present, Future and You!

VoIP technology does not need my words to prove its superiority over traditional mode of communication. The edge that this technology has, made it to become the number1 mode of communication, but at the same time it increased the risk of data theft and hijacking. Your words, your data and the past, present and future of hacking is matter but the industry is quite reluctant to discuss VoIP hacking and its security.

On Sep,24, 2014 we have seen a news where a man was sentenced to 10 years in prison for stealing and then reselling more than 10 million minutes of Internet phone service. There are so many other incidents out there, on Oct,19,2014 phone hackers dial and redial to steal billions. VoIP security can be costly if not addressed properly. PBX and VoIP hacking, taken together, can lose companies a large amount of money. VoIP hacking is like most other forms of hacking — if you don’t pay attention to your security, you really will get what you deserve.

Hacking attack on VoIP network is the real threat that organizations are facing, top management of any company worry about their meeting that they done over IP telephony, the meeting, finalizing any deal, coordination with other team and all of above data of future plans, financial secrets and organizational secrets, etc. all of these information are at risk.

Organizations are willing to spend their $$$ to save their data and information but to whom they should spend their money? There seems to be nobody or a specific group of people who takes care of VoIP security and conduct penetration testing; otherwise the infosec industry is quite reluctant to produce more professionals for VoIP penetration testing. Hence the result is market gap, where potential are not interested, not available of simply they are not capable for VoIP environment.

The bad news is that training is not something that we can get over a single night. It takes time, effort and focus to learn and practice the art of VoIP penetration testing to secure the VoIP environment at your work place. There are some certification bodies who give certification but they are too costly and most of the courses are outdated.

You are reading this because somehow you are the part of Infosec industry and its time for us to think about it, to think about the future of this industry; what we have achieved so far and where the industry is heading towards?

Well, at this time I am not willing to give my final words of what I am thinking about the VoIP security and its future, I want you to consider yourself in place and think about it. Its about you and the past, present and future of VoIP hacking and its security.
Ehacking took an initiative to provide the world class VoIP Penetration Testing Training, the course has been designed to create engineers having skills to create VoIP network with server and phone configuration and the second objective of the course is to teach everyone to conduct pen-testing on VoIP environment. The course is available for FREE of cost. – See more at: http://www.ehacking.net/2015/01/voip-hacking-past-present-future-and-you.html?utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+ehacking+%28Ehacking-+Your+Way+To+The+World+Of+IT+Security%29#sthash.8rSAM7a9.dpuf

Blog

Nov.27

How to save your Credit Card from Cyber Criminals

During online shopping there are many people who became victim of the Cyber Criminals. Now the Question is who are these people who became victims of these Hackers. Or How can you protect your credit card online?

There’s nothing like the feeling of snapping up a hard-earned bargain when shopping online.
There’s also nothing like the feeling of falling victim to credit card fraud.
With a number of high-profile breaches this year alone, it’s always a good time to be alert — not alarmed — about using your credit card online.

On top of these general tips for safe shopping, here are some card-specific tips to keep in mind when virtually swiping your plastic.

Only enter your credit card details on secure sites

By now, you hopefully know the drill. Look for an https connection in the URL, as well as a padlock or another digital security certificate to ensure that you are only entering your details on a site that encrypts the transaction end-to-end. Don’t send your credit card information over email.

Buy a prepaid card for online transactions

For those who want to keep online purchases completely separate from everyday credit card transactions, prepaid cards are an option to consider. These can either be bought online or from a traditional bricks and mortar retailer for a small fee.

Prepaid credit cards allow you to load a set amount of money at the time of purchase. The advantages are plentiful when it comes to using a prepaid card for online shopping, but the big one is that even if the card’s details are compromised somewhere along the chain, there is a limit to the amount of money that can be taken.

Some banks and financial institutions will let you generate a virtual credit card number to complete purchases. This is generally a single-use number that you can enter in place of your regular number.

Watch statements for any unusual transactions 

While many banks have sophisticated 24/7 monitoring systems designed to detect fraud and unauthorised credit card use, it’s important to also keep an eye out on financial statements both online and on paper. If you spot anything suspicious, call your bank immediately.
Turn on your credit card’s added layer of security

Many credit cards will have an additional layer of security that might not be enabled by default. MasterCard has a product called SecureCode, which is a private code that you enter every time you make a transaction on a supported site, and is never disclosed to the retailer.

Read full article on CNET

Blog

Nov.24

Hands on with Caine Linux: Pentesting and UEFI compatible

I have mixed feelings about Caine Linux. First and foremost, it is a Linux-based forensic analysis system which is UEFI-compatible. However, while it is reasonably easy to boot as a Live DVD or USB system, I found it to be rather difficult to install, and quite complicated to use.

There are a variety of special-purpose Linux distributions which I can easily imagine being used for everyday work – Kali Linux, Knoppix, AV Linux and others. But I have difficult time imagining even an experienced Linux user using Caine for everyday tasks.

Maybe this is a good thing. Honestly, a pentest/forensic system should be used for that, and nothing else.  When you use it for other purposes, and in other situations, or you connect regularly to the internet and mount other removable storage devices, you are taking the risk that it could become compromised, corrupted or otherwise damaged and made unsuitable for its primary use.

So that is the reason I have such mixed feelings. Maybe it would be best to use it only as it is distributed, as a standalone Live system. I would be interested in hearing other opinions about this.

But of course the really big question is, does it work on UEFI-firmware systems? This is not a trivial question – for example, Kali Linux (formerly BackTrack), which is my preferred distribution of this type, added UEFI compatibility not long ago, and to say that they had mixed result would be very generous. So having a system that works with UEFI out of the box would be very nice.

The short answer is yes, it does work as a stand-alone UEFI-boot Live system. The long answer is that if you want to go beyond that and create an installed system, well, that works too but you have to be very careful, and there are some potentially serious pitfalls along the way.

Let’s start with the basics of the distribution. Caine 6.0 is derived from Ubuntu 14.04.1 (64 bit). That is a Long Term Support release, so that is a good thing. It uses the MATE desktop, rather than Unity, which is another really good thing. The ISO image can be obtained from their Downloads page (duh), and is relatively large (2.68GB).

You can either burn the ISO to a DVD, or copy it to a USB stick. The downloads page specifically says that you can use rufus (on Windows) or unetbootin (on Linux, MacOS or Windows).  I am curious/stubborn/lazy/set in my ways (choose one or more which you think applies), so I decided to try a couple of other possibilities. The first and most obvious option, copy directly to a USB stick with dd, doesn’t work. Bummer.  The other obvious choice, because this is an Ubuntu derivative, was to try the Ubuntu Startup Disk Creator. I recently installed Ubuntu 14.10, so I fired that up, and it worked just fine. Yay.

The Live USB stick can then be booted on either “Legacy” (MBR) or UEFI-boot systems, and on UEFI systems it can be booted with Secure Boot enabled (or not). That’s very good news.

Read Full Article at ZDNET

Blog

Nov.24

WordPress 4.0.1 Released to Address Vulnerabilities and Cross-Site Scripting Flaw

The critical security release addresses a serious cross-site scripting (XSS) bug identified and reported by Jouko Pynnonen of the Finland-based IT company Klikki Oy on September 26. The vulnerability affects WordPress 3.9.2 and earlier versions which, according to the latest statistics from WordPress, account for nearly 86% of installations. WordPress 4.0, released in early September 2014, is not affected.

“An attacker could exploit the vulnerability by entering carefully crafted comments, containing program code, on WordPress blog posts and pages. Under default settings comments can be entered by anyone without authentication (login),” Klikki Oy said in a press release. “Program code injected in comments would be inadvertently executed in the blog administrator’s web browser when they view the comment. The rogue code could then perform administrative operations by covertly taking over the administered account.”

A proof-of-concept published by the company shows that an attacker can exploit the vulnerability to create new administrator accounts, change the password of the current administrator, and execute arbitrary PHP code on the server.

“Exploitability without login, under default settings, and the server-side impact make this probably the most serious WordPress core vulnerability that has been reported since 2009,” Klikki Oy said.

Technical details on the critical XSS vulnerability are available in an advisory published by the Finnish company on November 20.

Millions of WordPress sites around the web are being updated to 4.0.1 right now and older releases will be updated to 3.9.3, 3.8.5, or 3.7.5, as outlined in Andrew Nacin’s security release announcement. If you don’t want to wait for the automatic update, you can always go to Dashboard → Updates in the admin and update immediately.

The security update also fixes 23 flaws from the WordPress 4.0 version among others.

Read Full article at SECURITYWEEK

Blog

Nov.24

Who is Behind is behind the sophisticated, stealthy Regin malware?

An advanced piece of malware has been uncovered, which has been in use as far back as 2008 to spy on governments, companies and individuals, Symantec said in a report released Sunday.
Symantec Security Response has discovered a new malware called Regin which, they say, “…displays a degree of technical competence rarely seen and has been used in spying operations against governments, infrastructure operators, businesses, researchers, and private individuals.”
This back-door trojan has been in use, according to the security company, since at least 2008, and has stayed under the radar since.

The level of quality and the amount of effort put into keeping it secret convinces Symantec that it is a primary cyberespionage tool of a nation state.

Regin is a multi-stage attack, each stage but the first encrypted and none by themselves especially revealing about the overall attack. The picture only emerges when you have all five stages.

Attacks were committed between 2008 and 2011 (Regin 1.0), at which point the malware disappeared. It resurfaced in 2013 (Regin 2.0) with some significant differences: the new version is 64-bit, and may have lost a stage.

Symantec has not found a stage 3 for the 2.0 version, which may be explained by the fact that the 1.0 stage 3 is a device driver, and installing device drivers on 64-bit Windows surreptitiously is a difficult proposition even, it would seem, for the most sophisticated of attackers.

Attacks were committed between 2008 and 2011 (Regin 1.0), at which point the malware disappeared. It resurfaced in 2013 (Regin 2.0) with some significant differences: the new version is 64-bit, and may have lost a stage.

Symantec has not found a stage 3 for the 2.0 version, which may be explained by the fact that the 1.0 stage 3 is a device driver, and installing device drivers on 64-bit Windows surreptitiously is a difficult proposition even, it would seem, for the most sophisticated of attackers.

Symantec’s description in their threat database of the threat, where they call it Backdoor.Trojan.GR, indicates that it was detected and protection provided on December 12, 2013. Presumably they did not know what they had until much more recently, and retrospective analysis revealed the true nature of the threat and its use prior years.

Even so, there is still

Read Full Article at ZDNET

Blog

Nov.22

How to use an authenticator app to improve your online security

Passwords alone are hopelessly weak and fragile security measures.

Don’t be fooled by the myth that creating a stronger password will somehow make you safe online. You can create a password that is so long and complex it takes you five minutes to type, and it will do nothing to protect you if the service where you use that password stores it improperly and then has their server breached. It happens regularly.
And even with reasonable policies in place (complexity, changed regularly, not reused), people are still the weakest link in the security chain. Social engineering can convince even intelligent people to enter their credentials on a phishing site or give them up over the phone.
The solution is two-factor authentication, or 2FA. (Technically, it should be called multi-factor authentication, but 2FA is the most common form, so that’s the term I’ll use in this article.)

Turning on 2FA for a service changes the security requirements, forcing you to provide at least two proofs of identity when accessing a secure service for the first time on an unknown device. Those two forms of authentication can come from any combination of at least two of the following elements:

    “Something you know,” such as a password or PIN
    “Something you are,” such as a fingerprint or other biometric ID
    “Something you have,” such as a trusted smartphone that can generate or receive confirmation codes

For the most part, the two-factor authentication systems you see in place today use the first item, your password, and the last item, your smartphone. Smartphones have become ubiquitous, making them ideal security devices.

Your smartphone can assist with authentication by providing a unique code that you use along with your password to sign in. You can acquire that code in one of two ways: sent as a text message from the service, or generated by an app installed on your phone.

Here, for example, is what I saw moments ago when I tried to sign in to my Gmail account from a browser I had never used before.

If this sign-in request were from someone who had stolen my Google account credentials, he’d be stopped dead in his tracks. Without that code, he can’t continue the sign-in process.

I prefer the option to use an authenticator app rather than receiving codes via text message whenever possible, and so should you. The reason is simple logistics. There are times when you have access to the Internet (via a wired connection or Wi-Fi) but don’t have the ability to receive a text message, because your cellular signal is weak or nonexistent, or you’re using a different SIM while traveling.

The most popular 2FA app is Google Authenticator, which is available on iOS and Android. But if you use another platform, you can almost certainly find an alternative: Because the process for generating secure tokens is based on open standards, anyone can write an authenticator app that performs the same function.

Read more at ZDNET

Blog