- Your xbox will be able to boot unsigned code, and therefore you can install an alternate dashboard, install applications, use your xbox as a media center, install Xbox-Linux, backup games to the hard drive, play backed-up (burned) games on DVD, play DVDs without the DVD Playback Kit, and run Xbox emulators.

Mods
1. Modchip
2. TSOP Mod
3. Softmod
4. Hotswap

1. Modchip

By far the most popular mod, a modchip can either be a solder modchip or a solderless solution. If you have some soldering experience, or are brave enough, try a solder modchip, because they are cheaper and are more secure. If you have no soldering experience, and you still would rather want a chip, go for a solderless modchip. Remember to get a modchip that is supported by your xbox version. To check your xbox version, go to http://www.xbox-scene.com/versions.php.

Advantages:

+ Can be used in every version xbox (if you get the right chip)
+ Many chips have on/off switches so you can turn off the chip and get onto Xbox Live
+ Easy to update BIOS
+ Easy to upgrade Hard Drive

Disadvantages:

- Price
- Requires you to open your xbox and solder your chip in (solder modchips)
- Voids any warranty
- Solderless modchips may come loose from time to time and require readjustment

2. TSOP

A TSOP mod requires you to open up your xbox, solder a few points, then use an exploitable game and gamesave to flash your onboard TSOP chip with a bios. The soldering is easy and the flashing is easy.

Advantages:

+ Price (FREE)
+ Easy to solder ( just a couple points need to be bridged, and perhaps a wire or two)
+ Version 1.0 to 1.1 TSOP is 1 mb, so you can install a switch and use Xbox LIVE.
+ Easy to update BIOS
+ Easy to upgrade Hard Drive

Disadvantages:

- YOU CANNOT TSOP A VERSION 1.6 XBOX
- You can TSOP a version 1.2 - 1.5 xbox, but you would not be able to use Xbox LIVE
- You need an exploitable game
- You need a way of transferring a gamesave to your retail xbox (Action Replay, Homemade Action Replay, or Use a modded xbox and a memory card)

3. Softmod

By using an exploitable game and an exploitable gamesave, you can take advantage of "bugs" in the xbox dashboard to mod your xbox. While it may have more advantages than a TSOP mod, the major disadvantage is the difficulty of upgrading your hard drive.

Advantages:

+ Price (FREE)
+ Works on all xboxes now
+ You can coldboot xbox games and use Xbox LIVE
+ Newest softmods install virtual C drives and virtual eeproms, making it harder to "break" the softmod
+ Very easy to install

Disadvantages:

- You need an exploitable game
- You need a way of transferring a gamesave to your retail xbox (Action Replay, Homemade Action Replay, or Use a modded xbox and a memory card)
- Difficult to upgrade the hard drive (not impossible, but it is a lot easier with a chip or TSOP)
- Difficult to ugrade BIOS, but isn't really necessary anyways

4. Hotswap

Moddng your Xbox through hotswapping is still considered a softmod. The only difference is you are opening up your Xbox and PC, then connecting your Xbox hard drive to your PC to transfer files to the hard drive. This way, you can softmod without needing an exploitable game or Action Replay.

Advantages:

+ Price (FREE)
+ Works on all xboxes now
+ You can coldboot xbox games and use Xbox LIVE
+ Newest softmods install virtual C drives and virtual eeproms, making it harder to "break" the softmod

Disadvantages:

[color=red] - Difficult to upgrade the hard drive (not impossible, but it is a lot easier with a chip or TSOP)
- Difficult to ugrade BIOS, but isn't really necessary anyways

• tutti quelli che visitano le pagine di questo blog ogni giorno. Non tantissimi ed è meglio così. Come si dice, pochi ma buoni, come piace a me;
• Nemo che, oltre a deliziare le rete con delle pungenti ed acute vignette, mi ha dato l'onore di inserirmi nel suo blogroll;
• quelli che continuano a cercare informazioni sul futuro Xfce 4.6.0 qui. Finora non ne ho parlato perché mi auguro che cambino diverse cose prima dell'uscita di pinkie. Ma potrei accontentarli in settimana;
• un signore del gruppo di sviluppo, per aver messo i cambiamenti nell'svn solo oggi dopo secoli. Che bello rifare una patch 6 volte (grrr);
• Uolter... se non ci fosse lui a continuare la solita messinscena, la vita sarebbe meno divertente;
• la gentil donzella che mi ha buttato giù dal letto alle 4:30 di mattina per chiedermi come si craccano le password WEP¹. Le ho risposto «prova tutte le combinazioni possibili» e ho riattaccato. Sta ancora provando...;
• il gentile signore che, mezz'ora dopo, mi ha svegliato ancora con il rumore del trapano. Grazie di cuore, bastardo;
• un mio carissimo amico il quale mi ha accolto nella piscina che ha preso in gestione... data la  simpaticissima clientela, credo proprio che andrò a trovarlo spesso :D .

1. Capisco che posso non avere la faccia da bravo ragazzo, ma è un'impressione.↩

Anyway, I reuqested my guest editor - to educate my readers on: "Breaking Security': of course it has something to do with hacking. I wonder if someone can hack the hacker. I asked and here is the response:

PORT SCANNING: Sequential or Parallel you decide:

Every computer connected on internet has a unique Internet Protocol (IP) address that identifies them over the Internet. Hackers use a hacking tool called a scanner to search for a range of IP addresses for a computer to attack.

When the scanner finds a computer at a particular IP address, it then examines the ports on that computer to see which ones could be exploited.

A port represents a specific way for a computer to communicate over the Internet. When a computer connects to the Internet, it needs to know when it's receiving email and when it's accessing a web page. Since information from the Internet flows into the computer through the same physical connection (a telephone line or cable modem), computers create separate ports to accept certain data. This way the computer knows how to handle data.

Each port is assigned a number and every computer connected to the Internet uses ports, which means that ports open up a door that hackers can use to access a computer.

To attack a computer, you need the target computers IP address. There are lots of software’s available on net for this purpose one way is by looking up for the domain name on the Network Solutions website. Once you know a computer's IP address, the next step is to find which ports are open in order to access the target computer.

Ways to check which port is open-----

TCP connect scanning – Hacker sends a SYN packet to the target computer and waits for a return acknowledgment packet (SYN/ACK), and then sends another acknowledgment packet (ACK) to connect. This type of scanning is easily recognized by target computers to alert them of a possible hacker attack.

TCP SYN scanning – Same as above but when the acknowledgement is received the hacker does not sent back the ACK packet to connect. By doing this the hacker knows that the port is listening and hence open. This technique has less chances of getting detected.

TCP FIN scanning – Hacker sends a "No more data from sender" (FIN) packet to a port. A closed port responds with a Reset (RST) message, while an open port simply ignores the FIN packet.

The next task is to find the target computer’s operating system in order to know the commands for guessing the computer's password.

<FIN probing: Hacker sends a FIN ("No more data from sender") packet to a port and waits for a response. Windows responds with RST (Reset) messages.

<FIN/SYN probing: Hacker sends a FIN/SYN packet to a port and waits for a response. Linux systems respond with a FIN/SYN/ACK packet.

<ICMP message quoting: Hacker sends data to a closed port and waits to receive an error message. All computers send back the initial IP header of the data with an additional eight bytes tacked on. Solaris and Linux systems, however, return more than eight bytes.

Once a hacker knows the IP address, the open ports available, and the type of operating system for a target computer, the hacker can plan his strategy for breaking into the computer.

Olga Lednichenko

Basics of Assembler:

Pieces, bits and bytes:

BIT - The smallest possible piece of data. It can be either a 0 or a 1. If you put a bunch of bits together, you end up in the 'binary number system'

i.e. 00000001 = 1 00000010 = 2 00000011 = 3 etc.

BYTE - A byte consists of 8 bits. It can have a maximal value of 255 (0-255). To make it easier to read binary numbers, we use the 'hexadecimal number system'. It's a 'base-16 system', while binary is a 'base-2 system'

WORD - A word is just 2 bytes put together or 16 bits. A word can have a maximal value of 0FFFFh (or 65535d).

DOUBLE WORD - A double word is 2 words together or 32 bits. Max value = 0FFFFFFFF (or 4294967295d).

KILOBYTE - 1000 bytes? No, a kilobyte does NOT equal 1000 bytes! Actually, there are 1024 (32*32) bytes.

MEGABYTE - Again, not just 1 million bytes, but 1024*1024 or 1,048,578 bytes.

REGISTERS:

Registers are “special places” in your computer's memory where we can store data. You can see a register as a little box, wherein we can store something: a name, a number, a sentence.

EAX: Extended Accumulator Register
EBX: Extended Base Register
ECX: Extended Counter Register
EDX: Extended Data Register
ESI: Extended Source Index
EDI: Extended Destination Index
EBP: Extended Base Pointer
ESP: Extended Stack Pointer
EIP: Extended Instruction Pointer

Generally the size of the registers is 32bit (=4 bytes). They can hold data from 0-FFFFFFFF (unsigned). In the beginning most registers had certain main functions which the names imply, like ECX = Counter, but in these days you can - nearly - use whichever register you like for a counter or stuff (only the self defined ones, there are counter-functions which need to be used with ECX). The functions of EAX, EBX, ECX, EDX, ESI and EDI will be explained when I explain certain functions that use those registers. So, there are EBP, ESP, EIP left:

EBP: EBP has mostly to do with stack and stack frames. Nothing you really need to worry about, when you start.
ESP: ESP points to the stack of a current process. The stack is the place where data can be stored for later use (for more information, see the explanation of the push/pop instructions)
EIP: EIP always points to the next instruction that is to be executed.

There's one more thing you have to know about registers: although they are all 32bits large, some parts of them (16bit or even 8bit) can not be addressed directly. So, EAX is the name of the 32bit register, AX is the name of the "Low Word" (16bit) of EAX and AL/AH (8bit) are the “names” of the "Low Part" and “High Part” of AX. BTW, 4 bytes is 1 DWORD, 2 bytes is 1 WORD.

The FLAGS:

Z-Flag: It is the most useful flag for cracking. It is used in about 90% of all cases. It can be set (status: 1) or cleared (status: 0) by several opcodes when the last instruction that was performed has 0 as result. You might wonder why "CMP" (more on this later) could set the zero flag, because it compares something - how can the result of the comparison be 0? The answer on this comes later ;)

O-Flag: It is used in about 4% of all cracking attempts. It is set (status: 1) when the last operation changed the highest bit of the register that gets the result of an operation. For example: EAX holds the value 7FFFFFFF. If you use an operation now, which increases EAX by 1 the O-Flag would be set, because the operation changed the highest bit of EAX (which is not set in 7FFFFFFF, but set in 80000000 - use calc.exe to convert hexadecimal values to binary values). Another need for the O-Flag to be set, is that the value of the destination register is neither 0 before the instruction nor after it.

C-Flag: It is used in about 1% of all cracking attempts. It is set, if you add a value to a register, so that it gets bigger than FFFFFFFF or if you subtract a value, so that the register value gets smaller than 0.

The STACK:

The Stack is a part in memory where you can store different things for later use. See t as a pile of books in a chest where the last put in is the first to grab out. Or imagine the stack as a paper basket where you put in sheets. The basket is the stack and a sheet is a memory address (indicated by the stack pointer) in that stack segment. Remember following rule: the last sheet of paper you put in the stack, is the first one you'll take out! The command 'push' saves the contents of a register onto the stack. The command 'pop' grabs the last saved contents of a register from the stack and puts it in a specific register.

INSTRUCTIONS (alphabetical)

Most instructions have two operators (like "add EAX, EBX"), but some have one ("not EAX") or even three ("IMUL EAX, EDX, 64"). When you have an instruction that says something with "DWORD PTR [XXX]" then the DWORD (4 byte) value at memory offset [XXX] is meant. Note that the bytes are saved in reverse order in the memory (WinTel CPUs use the so called “Little Endian” format. The same is for "WORD PTR [XXX]" (2 byte) and "BYTE PTR [XXX]" (1 byte).

-----------------------------------------------

Click on the yellow penguin's mouth for these bracelets

And click on the guitar for the Jade Necklace

I almost forgot click the Spikester for the Spikette

News

There is going to be a new stage on the 12th.

Target  : http://forum.amikom.ac.id/main/view_topics.php?fid=2
Keyword : or:#FF5921
Inject type : String
DB type is : MSSQL
The field's count 9
The string field position at 4
Current database is : SmartManagement
Field count is : 9
String field postion at : 4
Tables count is : 300

Get table : PROJECTLITBANG
Get table : TEMP_KULIAHTEORI
Get table : JADWAL_PSU
Get table : STATISTIK
Get table : DEPARTMENT
Get table : TEMP_JADWALP
Get table : JENIS_KWJ
Get table : TRANS_DEPT
Get table : DETAIL_PESANPINJAM
Get table : JADWAL_TES
Get table : TEMP_JADWALT
Get table : profildosenlocal
Get table : trans_ujian
Get table : SURAT_LAMARAN
Get table : KEGIATAN_DOSEN
....

In certain cases, it might be possible for the attacker to see or redirect the response to his own machine. The most usual case is when the attacker is spoofing an address on the same LAN or WAN.

Uses of spoofing

IP spoofing is most frequently used in denial-of-service attacks. In such attacks, the goal is to flood the victim with overwhelming amounts of traffic, and the attacker does not care about receiving responses to his attack packets. Packets with spoofed addresses are thus suitable for such attacks. They have additional advantages for this purpose - they are more difficult to filter since each spoofed packet appears to come from a different address, and they hide the true source of the attack.

Denial of service attacks that use spoofing typically randomly choose addresses from the entire IP address space, though more sophisticated spoofing mechanisms might avoid unroutable addresses or unused portions of the IP address space.

The proliferation of large botnets makes spoofing less important in denial of service attacks, but attackers typically have spoofing available as a tool, if they want to use it, so defenses against denial-of-service attacks that rely on the validity of the source IP address in attack packets might have trouble with spoofed packets. Backscatter, a technique used to observe denial-of-service attack activity in the Internet, relies on attackers' use of IP spoofing for its effectiveness.

IP spoofing can also be a method of attack used by network intruders to defeat network security measures, such as authentication based on IP addresses. This method of attack on a remote system can be extremely difficult, as it involves modifying thousands of packets at a time. This type of attack is most effective where trust relationships exist between machines. For example, it is common on some corporate networks to have internal systems trust each other, so that a user can log in without a username or password provided he is connecting from another machine on the internal network (and so must already be logged in). By spoofing a connection from a trusted machine, an attacker may be able to access the target machine without authenticating.

Para pembuat/penyedia web umumnya mengkategorikan keamanan web sebagai suatu hal yang hanya perlu di pikirkan setelah web itu di buat dan siap di gunakan oleh pengguna. Banyak ahli keamanan web bahkan menyatakan bahwa, umumnya keseluruhan website yang ada di internet rentan untuk di kuasai oleh penyerang, dan celah tersebut umumnya relatif gampang ditemukan bahkan untuk di eksploitasi.

Beberapa Celah itu adalah :

A1 - Cross Site Scripting (XSS)

Celah XSS, adalah saat pengguna web aplikasi dapat memasukkan data dan mengirimkan ke web browser tanpa harus melakukan validasi dan encoding terhadap isi data tersebut, Celah XSS mengakibatkan penyerang dapat menjalankan potongan kode (script) miliknya di browser target, dan memungkinkan untuk mencuri user session milik target, bahkan sampai menciptakan Worm.

A2 - Injection Flaws

Celah Injeksi, umumnya injeksi terhadap SQL (database) dari suatu aplikasi web. Hal ini mungkin terjadi apabila pengguna memasukkan data sebagai bagian dari perintah (query) yang menipu interpreter untuk menjalankan perintah tersebut atau merubah suatu data.

A3 - Malicious File Execution

Celah ini mengakibatkan penyerang dapat secara remote membuat file yang berisi kode dan data untuk di eksekusi, salah satunya adalah Remote file inclusion (RFI).

A4 - Insecure Direct Object Reference

Adalah suatu celah yang terjadi saat pembuat aplikasi web merekspos referensi internal penggunaan objek, seperti file, direktori, database record, dll

A5 - Cross Site Request Forgery (CSRF)

Celah ini akan memaksa browser target yang sudah log-in untuk mengirimkan "pre-authenticated request"terhadap aplikasi web yang diketahui memiliki celah, dan memaksa browser target untuk melakukan hal yang menguntungkan penyerang.

A6 - Information Leakage and Improper Error Handling

Penyerang menggunakan informasi yang didapatkan dari celah yang di akibatkan oleh informasi yang diberikan oleh web aplikasi seperti pesan kesalahan (error) serta konfigurasi yang bisa di lihat.

A7 - Broken Authentication and Session Management

Celah ini merupakan akibat buruknya penanganan proses otentikasi dan manajemen sesi, sehingga penyerang bisa mendapatkan password, atau key yang di gunakan untuk otentikasi.

A8 - Insecure Cryptographic Storage

Aplikasi web umumnya jarang menggunakan fungsi kriptografi untuk melindungi data penting yang dimiliki, atau menggunakan fungsi kriptografi yang di ketahui memiliki kelemahan.

A9 - Insecure Communications

Sedikit sekali aplikasi web yang mengamankan jalur komunikasinya, hal inilah yang dimanfaatkan oleh penyerang sebagai celah untuk mendapatkan informasi berharga.

A10 - Failure to Restrict URL Access

Seringkali, aplikasi web hanya menghilangkan tampilan link (URL) dari pengguna yang tidak berhak, tetapi hal ini dengan sangat mudah dilewati dengan mengakses URL tersebut secara langsung.

Untuk lebih lengkapnya dalam me-review aplikasi web anda, anda dapat membaca langsung dari situs resmi OWASP.

Blogspot merupakan layanan blog hosting gratis dari google sedangkan co.cc merupakan
free subdomain gratis yang bagus. Gak kebayang dah, udah bagus gratis lagee..
Kedua layanan gratis ini bisa kita gunakan untuk membuat website yang bagus. Buat gw
sih, kontrol panel di Blogspot itu sangat mudah dipahami. Jadi kalo keduanya
digabungkan pasti akan lebih baik lg.

Okeh sesuai dengan judul diatas, kita akan migrasi-in atau memindah domain dari
Blogspot.com menjadi co.cc. Tapi sebelum melakukan settingan ini, pastiin lu dah
punya blog di blogspot.com, juga account di co.cc.

Bagi yang belon punya acoount di co.cc silahkan klik disini

Sepp mari kita mulai...

* Pada Settingan di co.cc

login ke account lu trus pilih Manage Domain - Set Up

Kemudian pilih Zone Record

Selanjutnya.. contohnya spt ini...

Host:www.wisnoee.co.cc
TTL:1 D
Type/Priority:CNAME
Value:ghs.google.com

sehingga akan seperti ini...

Trus klik Set Up

* pada settingan blogspot nya

Login ke blogger/blogspot kemudian masuk ke menu "Setting-->Publishing"

Kemudian pilih "Switch to: • Custom Domain"

Setelah itu klik pada "Already own a domain? Switch to advanced settings"

Kemudian isikan nama domain kamu yang baru pada kolom "Your Domain".

Jadi nya kek gini...

Trus klik Save Setting.

SElesaIiiii .. !!

Kalau berhasil (Settingnya emg bener) maka domain lu yang baru akan aktif dalam
waktu antara beberapa jam sampai 2 hari.. hehehe... sabar yahhh...
Tapi tenang blog lu masih bisa diakses melalui domain yang lama kowq.

Okehhh.. SElaMat MencObAAa ... !!