To get the brief preview, just watch the video here :

This following excerpt is taken from lateeda.com:

There is currently a flaw in a Myspace’s third party program which currently allows you to view certain albums of private profiles.  Click read more to find out how.

-  Go to http://viewmorepix.com

-  Enter in the FriendID and hit Enter to submit.

-  On the page where it askes you to complete a survey (the next page after you hit enter), right click anywhere on the site, and hit “View Source”.  It starts with http://myspace.tabblo.com…and ends with the userid=(the one you entered in).

-  Search in the source page something that looks similar to below…

http://myspace.tabblo.com/editor/iframe/?album_id=0&Culture=en-US&oauth_consumer_key=http%3A%2F%2Fwww.myspace.com%2F422699854&oauth_nonce=633736980581374146&oauth_signature=qqIoycBFWnlb3tpJndnisC7bdMM%3D&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1238101258&oauth_token=ehw%2BuzbrQBBonTwjtdu1oGKu9k3PgS%2BdSRQ7rq01Knz4MhNDdfD0wHui%2BQsQ8isWKG436CIYbr%2FYUcC0CP9rJE57DczftZ6Y3NYPMCjGOUg%3D&oauth_version=1.0&partner_id=myspace&PrefCulture=en-US&product_id=167&token=yC%20rPGXBZDqBvkoOsmKR%2FcUT%2FtebELnly%2F9×6cgRwPUJWoQQqp2A1C7hRp35eJlDt%2FnA5JKfb4evyZ4koo6ZPQnrcDK6YpadQkMfqhUsO%2FU%3D&user_id=XXXXXXXX

-  Copy and paste that big long URL

- If you would like to view other friends, copy and paste the same URL and just change the red x’s

I am not sure if it works for all, as it may say “default album not available”, but I have tested it on two private profiles and were able to get pictures.

To enlarge the pictures, right click on them, and change the “s_” to “l_”

Watch the video on how to use viewmorepix :

Related articles :

• Your Social Profile: Tips (actionbites.blogspot.com)
• Are you a Tweethead? Yahoo’s gorgeous new site will let you know (thenextweb.com)
• TwitArea – share any place on twitter, right from your browser (twi5.com)

As the newest version of Backtrack , Backtrack 4 has become the most used linux security distro by security pentesters out there. If being compared to Backtrack 3 , backtrack 4 has less tutorials and documentations than backtrack 3 does. You can read about backtrack 3 tutorial on my previous post. In this post , you will watch a video about Backtrack 4 tutorial , the video is about installing backtack 4 to hardisk.

The video itself is taken from metacafe – a place where you can browse more videos about backtrack 4. Just start watching the backtrack 4 tutorial video here :

BackTrack 4 Pre Final Hard Disk Install ! – The most popular videos are here

Related articles :

• Xterprise Introduces Hard Disk Drive Tracking Application (prweb.com)
• How to Crack a Wi-Fi Network’s WEP Password with BackTrack [Wi-Fi] (lifehacker.com)
• Monday morning links serving: The July 6th edition (geeksaresexy.net)

To see how this facebook photo stalker app works , you can watch the video here :

Related articles :

• Facebook Not the End: FriendFeed Launches Custom Themes (mashable.com)
• Marketing Magazine (jonggunlee.tistory.com)
• Online networks off limits to most teachers (jonggunlee.tistory.com)

Related articles :

• Video: How to Write a Book for Children – Do I Need an Illustrator? (write4kids.com)
• Video: 7 Things Editors @ Children’s Book Publishers Wish They Could Tell Writers (write4kids.com)
• TubeMogul 2.0 Democratizes Online Video Analytics, Sets New Standard for Viewing Metrics (klessblog.blogspot.com)

Firefox is known as the most used web browser in the world. But only few people know how malicious code can be embedded in your Firefox without Antivirus or Firewall even notice it. In this case, You’re about to see how powerful Firefox keylogger addon is. Its ability to log the keystrokes whenever a victim type something within his browser is the main fun part of this firefox keylogger addon.

Here’s the short excerpt taken from the artile written by armando romeo :

My small POC consists of a keylogger written in javascript and embedded into Firefox browser in form of extension. This code can be injected into any known/famous addon without even noticing it since it creates no warnings at Antiviruses (it’s just legal javascript) and no warning from Firewalls since the logs of the keystrokes are sent through Firefox on port 80 to a malicious server.
Firewalls allow Firefox on port 80 if you want to browse the internet, so no way to understand what’s going on under the hood unless you track all the packets going out of your internet interface. The POC is an installable extension that once installed it doesn’t add anything to the Firefox appearance.

Get it here : http://www.hackerscenter.com/public/Firefox_poc/poc_keylogger.zip
More information :
http://blogs.hackerscenter.com/2008/04/firefox-addons-threat.html

The addon which is used in the video might not related to the firefox keylogger addon created by armando , but it’s still nice to watch anyway. So here’s the firefox keylogger addon video :

Firefox Keylogger from Jabra on Vimeo.

Related articles :

• Orange UK exiles Firefox from call centers (theregister.co.uk)
• Mozilla To Launch “Build Your Own Browser” (tech.slashdot.org)
• Mozilla to let enterprise users build custom Firefox-based browsers (downloadsquad.com)

Related articles :

• How to Crack a Wi-Fi Network’s WEP Password with BackTrack [Wi-Fi] (lifehacker.com)
• How do I secure my home Wi-fi network? (cnn.com)
• Wireless Lan Security (slideshare.net)

Here’s a video presentation on w3af :

BSQL Hacker

BSQL (Blind SQL) Hacker is an automated SQL Injection Framework / Tool designed to exploit SQL injection vulnerabilities virtually in any database. BSQL Hacker aims for experienced users as well as beginners who want to automate SQL Injections (especially Blind SQL Injections). It allows metasploit alike exploit repository to share and update exploits.

Here are some known features from BSQL Hacker (from Portcullis lab) :

Key Features

* Easy Mode
o SQL Injection Wizard
o Automated Attack Support (database dump)
+ ORACLE
+ MSSQL
+ MySQL (experimental)
* General
o Fast and Multithreaded
o 4 Different SQL Injection Support
+ Blind SQL Injection
+ Time Based Blind SQL Injection
+ Deep Blind (based on advanced time delays) SQL Injection
+ Error Based SQL Injection
o Can automate most of the new SQL Injection methods those relies on Blind SQL Injection
o RegEx Signature support
o Console and GUI Support
o Load / Save Support
o Token / Nonce / ViewState etc. Support
o Session Sharing Support
o Advanced Configuration Support
o Automated Attack mode, Automatically extract all database schema and data mode

* Update / Exploit Repository Features
o Metasploit alike but exploit repository support
o Allows to save and share SQL Injection exploits
o Supports auto-update
o Custom GUI support for exploits (cookie input, URL input etc.)

* GUI Features
o Load and Save
o Template and Attack File Support (Users can save sessions and share them. Some sections like username, password or cookie in the templates can be show to the user in a GUI)
o Visually view true and false responses as well as full HTML response, including time and stats

* Connection Related
o Proxy Support (Authenticated Proxy Support)
o NTLM, Basic Auth Support, use default credentials of current user/application
o SSL (also invalid certificates) Support
o Custom Header Support

* Injection Points (only one of them or combination)
o Query String
o Post
o HTTP Headers
o Cookies

* Other
o Post Injection data can be stored in a separated file
o XML Output (not stable)
o CSRF protection support

one time session tokens or asp.net viewstate ort similar can be used for separated login sessions, bypassing proxy pages etc.

It’s still beta and there are known issues :

* Auto-Update doesn’t work (server hasn’t configured yet)
* Exploit Updates doesn’t work (server hasn’t configured yet)
* Automated Attack for MySQL is experimental, might not work properly

Download BSQL Hacker for Windows.

A Short video on BSQL Hacker demonstration:

BSQL Hacker Beta – Wizard Demo from fmavituna on Vimeo.