Massive flaw in National Cyber Olympiad Online Examination!

Want to get very high rank in National Cyber Olympiad(NCO) organized by the Science Olympiad Foundation (SOF)?
I discovered a flaw in class 8 which has been helping me and all my friends to get very good ranks in the second round of NCO which is an online examination format. I had it in my mind to mail the SOF  anonymously telling them about this flaw which I did now.

So here is that original mail which I mailed to the SOF which should make matters more clear:
SUBJECT: MASSIVE FLAW IN NCO ONLINE EXAM.

Dear Sir/Madam,
I am a student of class 12. I have been giving the National Cyber Olympiad since
i was in class 8 and have qualified all subsequent years for the second round
which is an online test format. But I considered this to be my responsibility to
inform you about a MASSIVE FLAW IN THE ONLINE EXAMINATION FORMAT WHICH IS ENOUGH TO DESTROY ITS LEGITIMACY.
I discovered this bug in the software independently when i was in class 8 and
since then I have used it all subsequent years to secure high ranks.

The FLAW IN THE SOFTWARE IS AS FOLLOWS:
The examination time is strictly 30 minutes in which we have to solve 30
questions, which is not considered enough time. Most people feel if they have
more time then they could get a better score and that is exactly what we achieve with this flaw.
While giving this exam if we press right-click, we get a dialogue box
announcing that this function is not allowed. This is supposed to prevent
cheating but that is exactly what it implements. It seems the software developers have
not noticed that the TIME CLOCK STOPS giving the examinee complete freedom to
complete the exam in whatever time he thinks is necessary. When we click the
submit test button too the clock stops. We can slide the dialogue box to some
corner and can continue solving the question. Even when we finish the exam after doing
all this our answers are correctly processed and we get our results! For example
this year i gave the exam in about 50 minutes! The year before I gave the exam
in about 75 minutes!
A LOT MORE PEOPLE ALREADY KNOW THIS AND HAVE BEEN USING IT and getting
substantial ranks. The number of people using this can be somewhere in the 50s
according to me and many hundreds of people already know this. You wont me
believe if I start giving you specific examples, so lets not.

By the way if someone else (i mean some other organization) comes to know about
this you know what could happen so lets just prevent it from happening.

So consider this YOUR TOP PRIORITY to correct this flaw before it renders your
examination useless.

Yours truthfully,
Anonymous

And I did not receive any reply!!!

Easiest way to hack your friend's email: if he is dumb

Ever wanted to gain control of your friend's email id? I will explain to you how to secure yourself from such an attack in this post.

This hacking episode took place just a few days back and let me give you all the details about this attempt. Take this as a case study:
The person whose account was to be hacked was Mayank Chauhan.
The people involved in this hacking were Nikhil Sharma, Saikat Banerjee and Tanmay Sharma.
It seems that Mayank had a fight with Nikhil Sharma. So Nikhil hacked all his ids. But Mayank was able to get access to his id again. Then he implemented some 'top securities' , and challenged Saikat to hack him now.
This group used both guessing and phishing to get control of his two email id in order to get control of his facebook but eventually failed as Mayank changed the id he associated with Facebook.

So let me present a third party view of this episode i was not involved in any way:
Nikhil used forgot password option to 'hack' his email. His secret questions were
Q1. What is your place of birth?
Ans1. Delhi!
This was quite obvious as he lives in Delhi-NCR
Q2. Who is your favorite cartoon character?
Ans2. Shinchan!
Most of his friends knew his favorite cartoon was Shinchan. This was basically an open secret!

One ID under control now turn of another....
This time they used more sophisticated technique of phishing. This method can only work if the victim is dumb and the person doing it has good brainwashing qualities. By the time his one ID had been compromised he himself tried to get control of Nikhil's account and he looked for the net for that. He even asked some of his friends to help him. But unfortunately he asked the help of some friends who too were involved in hacking mayank's id. Such a dumb person he is!! They brainwashed him by suggesting a method by which he could possible hack someone else's account. Get an idea from this pdf http://www.derkeiler.com/pdf/Newsgroups/alt.computer.security/2009-06/msg00097.pdf
This is completely rubbish and never try it! Make sure your security questions are very general but their answers should be very specific.People usually reveal a lot of personal information in Facebook which helps the hackers a lot. So avoid that.
And remember never hack anybody's id 'just for fun'. Hacking can get you in legal trouble so beware.
Any way I hope the following discussion with one of the conspirators will make it clear what actually happened:
me: Gimme more details

 Saikat: about

1:33 PM me: That episode

 Saikat: which episode bhai?

 me: Taking control

1:34 PM Saikat: hacking?

  jaldi bol

  i have to go

 me: Ha

  Which account did he use?

1:35 PM Saikat: :P

  hmmm..

  well..

  first i brainwashed him

1:36 PM as nikhil as hacked his account... and he got it back.. he challenged me to hack him... so.. i found out this little trick..

  so...

  i told him that this is a method to hack nikhil

  i told him TO USE HIS OWN FB ID!

  so that i can get access to his :D

  but..

  he didnt use his fb id..

  and .. well..

  i could only get access to his new account

1:37 PM i hope you understood the trick?

 me: You took over nikhil's account?

 Saikat: NO

  i took over mayank's

  did you understand the trick?

  its just that..

1:38 PM me: No

 Saikat: wait.

  let me type

  ITS JUST THAT>.. i create a real LOOKING.. gmail server id...

  like..

  officer.gmail@gmail.com

  something like that

  and tell him

  that..

  you have to compose a mail... with

  the subject... PASSWORD RECOVERY

1:39 PM write the person's email id

  your id

  our own password

  (THIS IS THE TRICK.. he is giving us access to his own id without knowing that the officer thingy email id is ours only!!!!)

  then i give a stupid javascript code ( which doesnt work ofcourse)

  :P

  and tell him that this javascript..

  confuses the gmail server

1:40 PM and returns back the TARGET ID..

  which u gave first!

  lol..

  its just brainwash and bang

 me: Good

 Saikat: he has no idea that he gives me access

  oi..

  blog my name too :P

  inputs :P

 me: Okay

 Saikat: nice method.

  actually..

  tanmay and i did it

  credit goes to tanmay

 me: The pdf you gave to me was made by you?

1:41 PM Saikat: no

  tanmay and i found a better

  way..

  we discussed shit.

  and introduced the IDEA

  of brainwashing

  its easy..

1:42 PM ok i am going

 me: Then what was that pdf?

 Saikat: well.. we read it..

  and closed it

 me: And?

 Saikat: we didnt even think about that

  i mean.

  we thought that it was shit

  but then tanmay and i came up with the idea of brainwashing

1:43 PM i brainwashed mayank

  if someone reads that pdf

  it wouldnt help him in anyway.

  not a single fool will try it

  i mean.. try to hack

 me: Mayank tried it?

 Saikat: yes

1:44 PM i brainwashed him pretty well.

 me: Well he asked me how to hack and i gave him that

 Saikat: .hahahhahahahahahahahahahahahhahahaha

 me: And what about

  The forgot password?

1:45 PM Saikat: hmmm its a difficult thingy guess work..

  nikhil hacked mayank's id using social engineering

  SE.. is one of 7 ways to hack

  other ways are keylogger

  phishing

  etc

 me: Then why did you have to do all this when you guessed them

1:46 PM Saikat: mayank removed all his ids from facebook

  he had switched accounts..

  and i didnt know his new id

  which he was using for fb

  so..

  i had to implement this way

  to get his NEW ID

  and password at the same time

1:47 PM me: o...k

 Saikat: i am going now.

  are you going to give this convo in ur blog?

  rofl

 me: so you got control of 2 id?

 Saikat: no

1:48 PM i thought i got control of two ids.. as i hacked gmail.. with this method... so i will get pass to fb as well!!

  but it turned out that

 me: That's a great idea

 Saikat: mayank had made another id

  and did it

  so..

  it was my mistake

  that..

  i should have told him in the beginning

  that..

  use a account

  which is 30 days old

  !

  or frequently used!

 me: Hehe

 Saikat: OR

1:49 PM use the fb account u are using

  it only works with that

  ok

  do blog my name

  :|

  i have to take a bath now

  tere wageh se itne der se nahi gaya

 me: But he still has control of his account.

 Saikat: abe yaar

  the id i hacked

  it wasnt connected to his fb account!

  he had made a new id

  and did this shit

 me: good

1:50 PM Saikat: bhai

  ab main jaa raha hubn

  tell me when u r done with the blog

  aaah

 me: Naha le!

 Saikat: bye Remember Hacking is not an Indoor Game. It is a sport to be played outside. In order to win, you will have to get your hands dirty

FIITJEE results of every student is out there without even needing the passwords!

Forgot your web access code? Bah, I am not so innocent to tell people their passwords to check their results on FIITJEE website.
I am here to reveal THE RESULT OF EVERY STUDENT OF FIITJEE IN PUBLIC DOMAIN!
That sounds evil. >D
But the person who made the FIITJEE website s****.
Any way If you want to see anybody's results simply copy this to your browser's address bar
http://www.fiitjee.com/fiitjeejava/jsp/PerformanceReport.jsp?regno=1152210910010
and replace the last number with the enrollment number of the student whose result you want to see!
If you look at it this way this is basically good for the FIITJEE students. As their result is accessible to all they have to be conscious of their marks the year round and for that they will study! Blogging is really a powerful medium! Hope I changed some lives!

Make phone calls to USA and Canada for FREE!

Google has introduced facility to call phones all over the world via gmail. And you can make phone calls to USA and Canada for FREE! Who doesn't like free, at least I do! But wonder how you haven't seen it yet?

1. Either you don't live in the United States Of America (Even I don't live there!). This facility has been introduced only for people living there >.<
2. You don't have Gmail video/voice call plugin installed. You can install it from here.
3. Your Gmail language is not set to English(US).

You can easily control the options 2 and 3, but option 1 is very difficult to achieve if you don't already live there or you specially want to go there just to make free calls. (That would be lame)

So where was I?
Oh yes I was going to tell you how to get around the stigma of not being in USA and still being able to make free phone calls there.

Here are simple steps to access call function outside USA. This particular method is the best.
1. Go to http://hotspotshield.com/ and Click on the download button.   

2. A save file download box will open up. Click on Save button.

3. After it gets downloaded, launch this file by double clicking on it. Obviously! And just for you info the file you downloaded was just a downloader!

4. A download manager will pop up showing the progress.

5. Install the software and allow all the permissions it may need.

6. As soon as you finish, you can notice the Hotspot Shield icon in your taskbar.

7.Now your browser will be launched automatically (In case it doesn't do it manually). You get the following screen. Also notice that it will show connected in green if you are successfully connected.

8. Then you will be redirected to some site, close it and open the gmail site.

9.You will notice the Call Phone Option in your Gmail if you satisfy the conditions 2 and 3 mentioned at the top.

 10. Call your near (not exactly) and dear ones in USA AND CANADA FOR FREE!

  So what we did here is to fool Google to believe that we are in United States even though we are not.

Please comment if this works for you and your views about this article.

Overclocking your PC's GPU to get max performance!

We all want to get more performance out of our Computers for gaming but many times our computers disappoint us. So i hope to teach you the basics of overclocking your Graphics Processing Unit (GPU) to get more power for free! But let me clarify first that overclocking can also be extremely dangerous to your hardware if you don’t know what you're doing.
I tried over clocking on my laptop, even though people prefer to overclock their desktops. I did the temporary software based overclocking instead of messing with the BIOS or the hardware itself. I have a Nvidia GT 425M graphics card whose shader clock runs at 1120MHz and core runs at 560MHz and its memory frequency is 800MHz by default. I managed to get 180MHz more of shader clock frequency with ease. I still think I can increase these a lot but I want to be on the safer side. I have seen that a person has increased an identical laptop's shader speed to 1460MHz , core speed to 730MHz and memory clock to 900MHz.
I used a software called NVIDIA inspector even though you can use other softwares like ATI Tool and RivaTuner  . I will focus only on Nvidia inspector here as it seems to be the simplest for Nvidia Cards.
 Nvidia inspector doesn't even need to be installed, its a simple .exe file. When you run it click the Show Overclocking Button it shows a warning then you get a few sliders to work with. So when you are trying to overclock, first work on either the core clock or the memory clock. Not both simultaneously. Increase the clock speed of shader or memory in short increments of 10MHz-20MHz.  Keep slowly increasing the clock speed until you see some artifacts on your screen. Here artifacts means some lines, dots, grouped pixels, statics or anything unusual on the screen. When you see the artifacts reduce the speed by about 20-30MHz. Then stress test your GPU by playing some heavy game or running some 3D test. If everything is good then too then this speed would be the maximum clock speed of your shader or memory. All the while you do it make sure that your GPU does not over heat, monitor it constantly. The temperature of the card should not hit 90 degree Celsius.
Once you have found out your GPU's maximum speed save it by creating a shortcut. These settings do not load when you boot your PC so you will have to run this shortcut every time before you play a game.
Using default settings for my GPU i could get 22-24 frames per second at resolution of 1280x720 in Battlefield Bad Company 2 but after overclocking the frames per second jumped to 30-32 in a resolution of 1366x768! That's a lot of performance increase.
If you want to achieve even higher overclocking then buy some better cooling system for your PC or    BUY A NEW GRAPHICS CARD! :D

Easiest way to benchmark your Computer's speed

Most of people simply wonder what 2.93GHz 6 M Cache with 4 GB DDR3 memory means? Does more of that equals more performance? If, yes then by how much? So stop worrying I have an easy solution for you to measure your computer's processing power.
Follow these steps:

• Say ' Saurabh is great' 100 times
• Transfer $10000 to my bank account.

Then you qualify to read this

• Start Winrar
• Press Alt+B
• And wait for 20 seconds

And you're done! You will see a number in bold like this.

 

And for your info I ran this test in my 4.5 year old desktop. So expect your benchmarking to be much higher. My laptop gave me a benchmarking of about 2200. This value is basically the maximum speed by which your processor can compress or extract data. But this test cannot measure the speed of your computer's Graphics Processing unit unless it too lends a helping hand to the CPU. Do make sure you run this test and post your results in the comments.

How To Generate Valid Credit Card Numbers!!

What do the credit card numbers mean and how are they generated? I need to start with a disclaimer: Do not use any credit card numbers, except your own, to buy things off internet. That's wrong and illegal. The purpose of this post is *not* to create fraudulent workable card numbers. It is to explain the math and the science behind those numbers that most of us see day in and day out; and hence this post should be viewed from a purely academic perspective.
Typical credit card anatomy
Before we understand how credit card numbers are generated, here is a brief explanation of what a typical credit card number means.
Out of the 16 numbers on a typical credit card, the set of first 6 digits is known as the issuer identifier number (read this for details), and the last digit is known as the “check digit” which is generated in such a way as to satisfy a certain condition (the Luhn or Mod 10 check). “Luhn check” is explained later in this post. The term sounds intimidating, but it’s really a very simple (and elegant) concept.
Taking away the 6 identifier digits and 1 check digit leaves us with 9 digits in the middle that form the “account number”.
Now, there are 10 possible numbers (from 0 to 9) that can be arranged in these 9 places. This gives rise to 10⁹ combinations, that is, 1 billion possible account numbers (per issuer identifier).
With each account number, there is always an unique check digit associated (for a given issuer identifier and an account number, there cannot be more than one correct check digit)
Amex issues credit cards with15 digits. The account numbers in this case are 8 digit long.
What is the “Luhn” or “Mod 10? check?
In 1954, Hans Luhn of IBM proposed an algorithm to be used as a validity criterion for a given set of numbers. Almost all credit card numbers are generated following this validity criterion…also called as the Luhn check or the Mod 10 check. It goes without saying that the Luhn check is also used to verify a given existing card number. If a credit card number does not satisfy this check, it is not a valid number. For a 16 digit credit card number, the Luhn check can be described as follows:
Starting with the check digit, double the value of every second digit (never double the check digit). For example, in a 16 digit credit card number, double the 15th, 13th, 11th, 9th…digits (digits in odd places). In all, you will need to double eight digits.If doubling of a number results in a two digit number, add up the digits to get a single digit number. This will result in eight single digit numbers.Now, replace the digits in the odd places (in the original credit card number) with these new single digit numbers to get a new 16 digit number.Add up all the digits in this new number. If the final total is perfectly divisible by 10, then the credit card number is valid (Luhn check is satisfied), else it is invalid.
When credit card numbers are generated, the same steps are followed with one minor change. First, the issuer identifier and account numbers are assigned (issuer numbers are fixed for a given financial institution, whereas the account numbers are randomly allocated - I think). Then, the check digit is assumed to be some variable, say X. After this, the above steps are followed, and during the last step, X is chosen in such a way that it satisfies the Luhn check.
This part is a bit confusing and takes some time to understand. However, don’t get stuck here…continue reading through the examples below and you will figure out what this is all about.
Credit card numbers valid or invalid?
Have you ever wondered if those numbers on the fake plastic or cardboard credit cards that come with the “preapproved” offers are real or imaginary? If they are not valid, how do you know it?…Just apply the Luhn check and all the those fake credit cards will invariably fail.Here is an example of a VISA credit card (look at the expiry date - 01/09 ..it’s still valid !  )
Note that the credit card number starts with “4?…so it is indeed a VISA issued credit card (VISA cards start with “4? and MasterCard/Maestro cards start with “5?). Now, let us apply the Luhn algorithm to this card. To make it easier on you guys, I have created a schematic of the steps towards the Luhn check (below) for this card number 4552 7204 1234 5678:
In this case, when we sum up the total, it comes to 61 which is not perfectly divisible by 10, and hence this credit card number is invalid.
If such a credit card number is ever generated, the value of the check digit would be adjusted in such a way as to satisfy the Luhn condition. In this case, the only value of the check digit, that will create a valid credit card number, is 7. Choosing 7 as the check digit will bring the total to 60 (which is perfectly divisible by 10) and the Luhn condition will be satisfied. So the valid credit card number will be 4552 7204 1234 5677.
Let’s try another example, this time with a MasterCard.
Again, performing the Luhn check on the credit card number 5490 1234 5678 9121, we have:
The total comes to 65 which is not perfectly divisible by 10. Hence this credit card number is invalid.
In this case, a valid credit card number will result only if the check digit is 8. This will bring the total to 70 which is perfectly divisible by 10. So the valid credit card number will be 5490 1234 5678 9128.