Powered By

Free XML Skins for Blogger

Powered by Blogger

Monday, July 21, 2008

How to recover deleted SMS message from mobile phone

Now you can recover deleted sms messages from mobile phone using this tutorial. First you'll need some tools to make it possible, pre-requisites are listed below:

  • Smart card reader that is compatible with the Windows smart card subsystem
  • Smart card reader that is compatible with the Windows smart card subsystem. You probably also need a Plug-in (GSM SIM card size) to ID-1 (ordinary smart card size) adapter card so the SIM card fits into the reader physically or ChipDrive Micro RS232 from Towitoko.
Download this tool UndeleteSMS

After downloading run the program thru command.com or simply type cmd.exe (ex. click windows button->run->then type cmd.exe and drag the Undeletesms.exe to command and check the given info before proceeding. make sure you already attach you devices before executing it.

Q & A

Q: My GSM SIM card reader does not work with UndeleteSMS, how come?

A: Dedicated GSM SIM card readers are usually not compatible with the Windows smart card subsystem.

Q: Where do the erased SMS's end up?

A: They are printed in the Command Prompt window.

Q: What does "message is not in default alpabet [40] cannot decode" mean?

A: It usually means that the entry is an EMS or MMS instead of an ordinary SMS.

Q: I have a question that is not covered here. Where can I get help?

A: Send me your question. I can't promise that I will have time to answer, but I'll do my best.

All credits goes to Arne Vidstrom - http://vidstrom.net

Network intrusion - How to defend yourself

Last week I conducted an experiment for our local area network (LAN) to check whether it is secured or not. We have firewall installed on our network and over 30 computers on LAN area.

To check the integrity of our network to know if we are safe (I mean on a local area only) I use a software to perform a packet sniffing - a method to sniff traffic/packet over network. Surprisingly, I was able to sniff usernames and passwords for more than thirty computers on my network I was able to sniff them including cookies on secure connection (referring to browsers' cookie).

The method I perform is called ARP Spoofing, many software like this available online and for penetration testing only. If used improperly may cause you to trouble. I used cain & abel from oxid.it to perform such spoofing and I really like this software for conducting penetration tests. Note that your antivirus might flag it as a "virus" because it uses some packet sniffing method. Download only on that site for security purpose.

My purpose of ARP spoofing is to know if the packets sent over our network is safe and can't be intercepted and immune to local network attacks. But to my surprise I was able to gain their username and passwords, email, secure certificates, browser coockies, and other important details of each computer's user transaction.

I do not suggest you to take advantage and do evil things by using this program, as per IT security experts motive is to conduct a penetration test and not to harm network and perform hacking unethically. Nor I myself did not take advantage to those sniffed passwords and all other materials gathered during penetration testing.

How to secure your password - Things you don't know yet about your password

There are several ways on how to secure your password. Basically people use passwords base on their pet names, spouse, birthdays or any other important events and names which are alphabetically simple. On my previous post I mentioned having a seven (7) characters long password is important. In this case, having a seven characters long password is still easy to crack/decode using various method as I have mention on my previous post that it can be much easier using those tools to gain/crack passwords even if it is seven characters long.

A great way to secure your password is having a combination of alphabetical and number, more than seven characters long passwords. Base on my experience, a 7 characters long alphabetical password is cracked only in a few seconds compare to combined alphabet and number passwords. Even a longer than seven (7) characters is cracked within a minutes of waiting using a special method of cracking. Want some proof? Check out my previous post on using Ophcrack and see for yourself!

Even my twelve (12) characters long password - all alphabetical - was cracked by myself in a few minutes which I myself forcefully decided to change it having a number combination to harden the encryption. How does this happen? Having all alphabetical passwords are crack faster because of having "only alphabets" no numbers included, and a less time for decoding it. Truly, MD5 hashed passwords are hard to crack but having your passwords composed of only alphabetical is still vulnerable to cracking. A Salted MD5 hash would do because salted hash is a lot difficult to crack but on windows system is not reliable enough to protect you password.