Nilesh Kumar

I had written long time back about this: Official Gmail Blog: Detecting suspicious account activity http://nileshkumar83.blogspot.com/2009/03/gmail-provides-hijack-detection-tool.html

Sarah Palin's Yahoo mail account was hacked during 2008 presidential election, reason? Phishing,MITM, XSS or Virus/Trojan? No, the correct answer is: using her publicly available information,somebody was able retrieve her password determining the answers for Password reset mechanism. These things are very abundant in today's websites. Some websites use damn weak password recovery mechanism. Even Password reset question is dead easy to guess like: the city where you born into,what is your pet's name, what's your father's middle name or which is your favorite film. The last one is damn easy to guess,reason being, you often chat to your friends about your favorite film or list favorite films. I was surprised to see that Indiatimes web mail is very lenient in employing mechanisms for recovering the forgot password. I am valid user of Indiatimes web mail. After a very long time I unsuccessfully tried to login into my account. Because I had forgot my password, I tried to...

I was today just googling my white paper on ' SSLStrip on Windows '. I was surprised that Google was now suggesting ' SSLStrip Windows' as you start typing ' SSLStrip ...' It indicates that lot of people are searching for the term. The Google search listed me some results among which few were linking to sites where I had uploaded the document e.g. my blog and scribd .com . Another result which came up was was linking to www.rmccurdy.com/scriptssslstrip%20in%20windows.pdf which took me by surprise and I was full of mixed feelings. I was happy that somebody has found it useful but at the other hand I was bit sad that he is not mentioning my name anywhere as a reference on his site. I stressed on my memory and recalled that the guy's full name is 'Robert McCurdy '. Actually we have had a lot of communications regarding his doubts over running SSLStrip on windows. Well Robert, thanks for uploading it to your site. Now one more location to download th...

Capturing wireless traffic in a Windows environment is unfortunately not as easy as a setting change. As with most Windows-based software, drivers in Windows are often not open source and do not allow for configuration change into monitor mode. With this in mind, we must use a specialized piece of hardware known as an AirPcap device. Once you have obtained an AirPcap device you will be required to install the software on the accompanying CD to your analysis computer. The configurable options include: • Interface - Select the device you are using for your capture here. Some advanced analysis scenarios may require you to use more than one AirPcap device to sniff simultaneously on multiple channels. • Blink LED - Clicking this button will make the LED lights on the AirPcap device blink. This is primarily used to identify the specific adapter you are using if you are using multiple AirPcap devices. • Channel - In this field, you select the channel you want AirPcap to listen on. Extension C...