Hacking Tutes: XSS Attacks to steal accounts.

Anything mentioned here is meant only for 'White-Hat' hackers (in case u dont know, they are security testers and ethical guys) and meany only for learning purposes (which I am sure many won't follow :P ).
This is my first tute on hacking (getting bored in office at late hours). So lets assume you are a kiddie, use gmail/facebook/orkut and would LOVE to hack your pals account. But let me tell you, hacking is not like windows but linux. There is not "Click here to hack" button!! So forgive me for that inconvenience, though this tute requires some basic programming blah blah blah language understanding.

XSS - Cross Site Scripting in a nutshell is a type of attack which uses input-validation flaw to execute scripts (do i need to know these?NO!). So say if I find something like http://www.facebook.com/blah-blah?url= and can get to my-evil-site directly by clicking on this link, WhOoOoooOooOaaaaa! Jackpot! (though such things are difficult to find and immediately fixed when posted on net!). Now, I will host my-evil-website on some free website domain which has javascript and php support, make a javascript that catches the cookie of facebook or make a php script that writes that cookie down to a text file in my website domain. I can also run a javascript keylogger (google 'xss javascript keylogger'), though after stealing cookie/authentication-info, its a trivial excercise (but not simple!) to duplicate user's session.

Is it simple? Yes. But if you don't want to labour or research or read more on the topic, you won't be able to execute on your own. For now, I will only advise - Don't click on things like "You have won $10000, click here to redeem" :D

Feel free to leave comments and or ask something.

The 3 idiots controversy! I say its fake….

I searched the net for so many days to see whether a single person wrote against the controversy NOT taking either sides of bollywood vs “The Writers” (in double quotes), but all in vain. I say the whole thing was a fake. Let me specify one thing before anyone sues me. All the views in this blog are purely based on circumstantial evidences and personal views and in no way depict actual incidents or truth (Phew! I guess I am safe now!). So the facts now:-

1. 3 Idiots’ first week collection broke records - 80 crores. Chetan’s blog against the controvery is dated 31st december’10 (http://www.chetanbhagat.com/blog/2009/12
   ) - exactly one week after the release of 3 Idiots.Why did Chetan keep numb for a whole week (infact, he asked his blog reader how they liked the movie 3 days before!) ? EVERYBODY KEPT THE CONTROVERSY TRUMP TO BE USED AFTER THE FIRST WEEK ROLLED OUT !!!
2. Chetan visited RajKumar Hirani’s office many times while the movie was in making. He was never supplied the script, he said. Why didn’t he ask for one or sued them when they didn’t give him one? He obviously knew how bollywood works at that time since he had already made a big banner film on his book - “Hello”. How can he say things like ‘he was made a fool’ or ‘he is a poor writer being eploited’? THOSE SESSIONS WERE OBVIOUSLY BRAIN_STORMING SESSION OVER HOW TO CINEMATIZE THE SCRIPT ETC.
3. Aamir likes to be clean and Chetan has specified in his 31st december blog that Aamir is out of it coz he didn’t even read the novel. Can you expect someone like Aamir to stay out of direction thing given he pokes his nose in everything? Given the amount of research he does, is it believable he didn’t read the book? AAMIR WOULD HAVE DEFENITLY ASKED EVERYBODY TO KEEP HIM OUT OF IT!
4. Chetan Bhagat apologizes to Aamir and the 3 Idiots team on 5th January - around 10-11 days after the release. By then, the movie already became highest grossing film of Bollywood industry - 240 crores! And it still kept running. Those who watched it once went again to the halls after reading FPS. Others just went coz everybody else is going owing to the controversy. Chetan asks his name to be put in writers section as a humble request on his blog. Controversy is still ON coz Raj Hirani doesn't agree. THE MOVIE IS STILL RUNNING IN PACKED HOUSES AND MOVIE GOES BIGGER!!
5. By now, Chetan has already been acclaimed for his contribution to the storyline and Raj Hirani been applauded well too for his work by such a balanced controversy. NO LAWSUITS HELD AGAINST ANYONE!!
6. And how it ends for Chetan? He and Aamir become neighbours when Chetan bought a new one-floor-one-flat Flat in Pali Hill, near Aamir’s home worth crores on th 7th of January. THE HOUSE EMERGED OUT OF THE WRITER-cum-CONTROVERSY CREATOR COMPENSATION GIVEN TO CHETAN!!!

I could fetch these facts and I am amazed to see that nowhere on the net has somebody put light over these things. I guess we like to take sides these days rather siding with the truth, which often is cursive. Please put your comments/remarks/facts and whether you agree/disagree.