Massive flaw in National Cyber Olympiad Online Examination!

Want to get very high rank in National Cyber Olympiad(NCO) organized by the Science Olympiad Foundation (SOF)?
I discovered a flaw in class 8 which has been helping me and all my friends to get very good ranks in the second round of NCO which is an online examination format. I had it in my mind to mail the SOF  anonymously telling them about this flaw which I did now.

So here is that original mail which I mailed to the SOF which should make matters more clear:
SUBJECT: MASSIVE FLAW IN NCO ONLINE EXAM.

Dear Sir/Madam,
I am a student of class 12. I have been giving the National Cyber Olympiad since
i was in class 8 and have qualified all subsequent years for the second round
which is an online test format. But I considered this to be my responsibility to
inform you about a MASSIVE FLAW IN THE ONLINE EXAMINATION FORMAT WHICH IS ENOUGH TO DESTROY ITS LEGITIMACY.
I discovered this bug in the software independently when i was in class 8 and
since then I have used it all subsequent years to secure high ranks.

The FLAW IN THE SOFTWARE IS AS FOLLOWS:
The examination time is strictly 30 minutes in which we have to solve 30
questions, which is not considered enough time. Most people feel if they have
more time then they could get a better score and that is exactly what we achieve with this flaw.
While giving this exam if we press right-click, we get a dialogue box
announcing that this function is not allowed. This is supposed to prevent
cheating but that is exactly what it implements. It seems the software developers have
not noticed that the TIME CLOCK STOPS giving the examinee complete freedom to
complete the exam in whatever time he thinks is necessary. When we click the
submit test button too the clock stops. We can slide the dialogue box to some
corner and can continue solving the question. Even when we finish the exam after doing
all this our answers are correctly processed and we get our results! For example
this year i gave the exam in about 50 minutes! The year before I gave the exam
in about 75 minutes!
A LOT MORE PEOPLE ALREADY KNOW THIS AND HAVE BEEN USING IT and getting
substantial ranks. The number of people using this can be somewhere in the 50s
according to me and many hundreds of people already know this. You wont me
believe if I start giving you specific examples, so lets not.

By the way if someone else (i mean some other organization) comes to know about
this you know what could happen so lets just prevent it from happening.

So consider this YOUR TOP PRIORITY to correct this flaw before it renders your
examination useless.

Yours truthfully,
Anonymous

And I did not receive any reply!!!

Easiest way to hack your friend's email: if he is dumb

Ever wanted to gain control of your friend's email id? I will explain to you how to secure yourself from such an attack in this post.

This hacking episode took place just a few days back and let me give you all the details about this attempt. Take this as a case study:
The person whose account was to be hacked was Mayank Chauhan.
The people involved in this hacking were Nikhil Sharma, Saikat Banerjee and Tanmay Sharma.
It seems that Mayank had a fight with Nikhil Sharma. So Nikhil hacked all his ids. But Mayank was able to get access to his id again. Then he implemented some 'top securities' , and challenged Saikat to hack him now.
This group used both guessing and phishing to get control of his two email id in order to get control of his facebook but eventually failed as Mayank changed the id he associated with Facebook.

So let me present a third party view of this episode i was not involved in any way:
Nikhil used forgot password option to 'hack' his email. His secret questions were
Q1. What is your place of birth?
Ans1. Delhi!
This was quite obvious as he lives in Delhi-NCR
Q2. Who is your favorite cartoon character?
Ans2. Shinchan!
Most of his friends knew his favorite cartoon was Shinchan. This was basically an open secret!

One ID under control now turn of another....
This time they used more sophisticated technique of phishing. This method can only work if the victim is dumb and the person doing it has good brainwashing qualities. By the time his one ID had been compromised he himself tried to get control of Nikhil's account and he looked for the net for that. He even asked some of his friends to help him. But unfortunately he asked the help of some friends who too were involved in hacking mayank's id. Such a dumb person he is!! They brainwashed him by suggesting a method by which he could possible hack someone else's account. Get an idea from this pdf http://www.derkeiler.com/pdf/Newsgroups/alt.computer.security/2009-06/msg00097.pdf
This is completely rubbish and never try it! Make sure your security questions are very general but their answers should be very specific.People usually reveal a lot of personal information in Facebook which helps the hackers a lot. So avoid that.
And remember never hack anybody's id 'just for fun'. Hacking can get you in legal trouble so beware.
Any way I hope the following discussion with one of the conspirators will make it clear what actually happened:
me: Gimme more details

 Saikat: about

1:33 PM me: That episode

 Saikat: which episode bhai?

 me: Taking control

1:34 PM Saikat: hacking?

  jaldi bol

  i have to go

 me: Ha

  Which account did he use?

1:35 PM Saikat: :P

  hmmm..

  well..

  first i brainwashed him

1:36 PM as nikhil as hacked his account... and he got it back.. he challenged me to hack him... so.. i found out this little trick..

  so...

  i told him that this is a method to hack nikhil

  i told him TO USE HIS OWN FB ID!

  so that i can get access to his :D

  but..

  he didnt use his fb id..

  and .. well..

  i could only get access to his new account

1:37 PM i hope you understood the trick?

 me: You took over nikhil's account?

 Saikat: NO

  i took over mayank's

  did you understand the trick?

  its just that..

1:38 PM me: No

 Saikat: wait.

  let me type

  ITS JUST THAT>.. i create a real LOOKING.. gmail server id...

  like..

  officer.gmail@gmail.com

  something like that

  and tell him

  that..

  you have to compose a mail... with

  the subject... PASSWORD RECOVERY

1:39 PM write the person's email id

  your id

  our own password

  (THIS IS THE TRICK.. he is giving us access to his own id without knowing that the officer thingy email id is ours only!!!!)

  then i give a stupid javascript code ( which doesnt work ofcourse)

  :P

  and tell him that this javascript..

  confuses the gmail server

1:40 PM and returns back the TARGET ID..

  which u gave first!

  lol..

  its just brainwash and bang

 me: Good

 Saikat: he has no idea that he gives me access

  oi..

  blog my name too :P

  inputs :P

 me: Okay

 Saikat: nice method.

  actually..

  tanmay and i did it

  credit goes to tanmay

 me: The pdf you gave to me was made by you?

1:41 PM Saikat: no

  tanmay and i found a better

  way..

  we discussed shit.

  and introduced the IDEA

  of brainwashing

  its easy..

1:42 PM ok i am going

 me: Then what was that pdf?

 Saikat: well.. we read it..

  and closed it

 me: And?

 Saikat: we didnt even think about that

  i mean.

  we thought that it was shit

  but then tanmay and i came up with the idea of brainwashing

1:43 PM i brainwashed mayank

  if someone reads that pdf

  it wouldnt help him in anyway.

  not a single fool will try it

  i mean.. try to hack

 me: Mayank tried it?

 Saikat: yes

1:44 PM i brainwashed him pretty well.

 me: Well he asked me how to hack and i gave him that

 Saikat: .hahahhahahahahahahahahahahahhahahaha

 me: And what about

  The forgot password?

1:45 PM Saikat: hmmm its a difficult thingy guess work..

  nikhil hacked mayank's id using social engineering

  SE.. is one of 7 ways to hack

  other ways are keylogger

  phishing

  etc

 me: Then why did you have to do all this when you guessed them

1:46 PM Saikat: mayank removed all his ids from facebook

  he had switched accounts..

  and i didnt know his new id

  which he was using for fb

  so..

  i had to implement this way

  to get his NEW ID

  and password at the same time

1:47 PM me: o...k

 Saikat: i am going now.

  are you going to give this convo in ur blog?

  rofl

 me: so you got control of 2 id?

 Saikat: no

1:48 PM i thought i got control of two ids.. as i hacked gmail.. with this method... so i will get pass to fb as well!!

  but it turned out that

 me: That's a great idea

 Saikat: mayank had made another id

  and did it

  so..

  it was my mistake

  that..

  i should have told him in the beginning

  that..

  use a account

  which is 30 days old

  !

  or frequently used!

 me: Hehe

 Saikat: OR

1:49 PM use the fb account u are using

  it only works with that

  ok

  do blog my name

  :|

  i have to take a bath now

  tere wageh se itne der se nahi gaya

 me: But he still has control of his account.

 Saikat: abe yaar

  the id i hacked

  it wasnt connected to his fb account!

  he had made a new id

  and did this shit

 me: good

1:50 PM Saikat: bhai

  ab main jaa raha hubn

  tell me when u r done with the blog

  aaah

 me: Naha le!

 Saikat: bye Remember Hacking is not an Indoor Game. It is a sport to be played outside. In order to win, you will have to get your hands dirty

FIITJEE results of every student is out there without even needing the passwords!

Forgot your web access code? Bah, I am not so innocent to tell people their passwords to check their results on FIITJEE website.
I am here to reveal THE RESULT OF EVERY STUDENT OF FIITJEE IN PUBLIC DOMAIN!
That sounds evil. >D
But the person who made the FIITJEE website s****.
Any way If you want to see anybody's results simply copy this to your browser's address bar
http://www.fiitjee.com/fiitjeejava/jsp/PerformanceReport.jsp?regno=1152210910010
and replace the last number with the enrollment number of the student whose result you want to see!
If you look at it this way this is basically good for the FIITJEE students. As their result is accessible to all they have to be conscious of their marks the year round and for that they will study! Blogging is really a powerful medium! Hope I changed some lives!

Make phone calls to USA and Canada for FREE!

Google has introduced facility to call phones all over the world via gmail. And you can make phone calls to USA and Canada for FREE! Who doesn't like free, at least I do! But wonder how you haven't seen it yet?

1. Either you don't live in the United States Of America (Even I don't live there!). This facility has been introduced only for people living there >.<
2. You don't have Gmail video/voice call plugin installed. You can install it from here.
3. Your Gmail language is not set to English(US).

You can easily control the options 2 and 3, but option 1 is very difficult to achieve if you don't already live there or you specially want to go there just to make free calls. (That would be lame)

So where was I?
Oh yes I was going to tell you how to get around the stigma of not being in USA and still being able to make free phone calls there.

Here are simple steps to access call function outside USA. This particular method is the best.
1. Go to http://hotspotshield.com/ and Click on the download button.   

2. A save file download box will open up. Click on Save button.

3. After it gets downloaded, launch this file by double clicking on it. Obviously! And just for you info the file you downloaded was just a downloader!

4. A download manager will pop up showing the progress.

5. Install the software and allow all the permissions it may need.

6. As soon as you finish, you can notice the Hotspot Shield icon in your taskbar.

7.Now your browser will be launched automatically (In case it doesn't do it manually). You get the following screen. Also notice that it will show connected in green if you are successfully connected.

8. Then you will be redirected to some site, close it and open the gmail site.

9.You will notice the Call Phone Option in your Gmail if you satisfy the conditions 2 and 3 mentioned at the top.

 10. Call your near (not exactly) and dear ones in USA AND CANADA FOR FREE!

  So what we did here is to fool Google to believe that we are in United States even though we are not.

Please comment if this works for you and your views about this article.