C++ program to Input and Show a Password

Now After upgrading C program to Block Windows Firewall I am here for teach you how to see input password
  
The task is simple. You need to devise a program so that when you type something, it does not gets displayed on the console screen, instead you need to print a character like *, &, $ there, (it could be anything you want). The fallowing program performs this task. It lets you input something and prints an * sign in the place of the entered character. You can run this program in Turbo C++.

So, here is the program

Get Code Here 
Password :-  no-one-is-secure

If you want to understand the logic of the program, it is very simple, getch() function is used to take the input from the user but it does not displays it on screen, instead every time, we put a * on the screen.
And later we output your input string.
It is the screen shot of the output.

Hope you like the post, comment bellow for Query and Feedback :)


                                                                                                                                                                     Source :-  mycfiles.com

Make Your Blog Speak More Languages

I speak and write English (Americanised English, for you Brits). Until this weekend, my blogs were all published in English, and in English only. Thanks to the Kaspersky fiasco of Friday(Kaspersky is a Russian product), however, I was motivated to correct that shortcoming.

This was, surprisingly, an easier task than I had anticipated. If you will examine the sidebar, you will observe my multi-lingual translator, courtesy of Google Translator. It provides on the fly translation of the currently displayed web page, and whatever web pages that are subsequently loaded from following any links. It provides translation from English, to any of(as of 12/01/2009) 54 different languages. You can see the enumeration of the available languages below, in the code, or you can move the mouse over each flag, and check out the popup tags.

The translator applet code is surprisingly compact, and expandable with additional languages. It's well defined too - "<form ... > ... </form>" is the entire package. Stretch the browser window widely enough, so you can see all of the text, please. And be very careful of anygratuitous line breaks.

Get Code Here

This entry requires just 3 unique elements.

• When you hover the mouse over the flag, you see

  العربية / Arabic

• The definition of English to Arabic translation is

  en|ar

• The picture of the Arabic flag, resized to 30px x 20px, in 1600 pixels resolution, is

  http://photos1.blogger.com/x/blogger2/
  6075/564571464515337/1600/z/358406/gse_multipart12399.png

Each of the other language entries, similarly, require another corresponding 3 unique elements. The array of flags are universal language symbols, that are obvious to the inhabitants of the various countries, so they need no captions.

If you want your blog to reach the world, I can't think of an easier way to encourage that to happen.

• Add a new HTML / JavaScript gadget.
• Highlight, Copy, then Paste the code ("<form ... > ... </form>"), exactly as presented above, directly into the Content window in the new HTML / JavaScript gadget. Do not copy anything into Notepad, or any other word processor that might have trouble with the UTF-8 character set. The code above includes UTF-8 characters, in the Asian language labels - if you try to save anything as ANSI, you will get a warning, and possible code corruption.
• Make one simple change - correct the blog URL, to identify your blog (in this example, "myblog.blogspot.com").

  <noscript><input value="http://cumulus.nitecruzr.net/" name="u" type="hidden"/></noscript>

  change to

  <noscript><input value="http://myblog.blogspot.com/" name="u" type="hidden"/></noscript>

• Save.
• Test, and admire, your new world ability.

It took me several hours to write (and rewrite) this. It took me 10 minutes to set up the gadget on this blog, and 5 minutes to add this to PChuck's Network.

Having said all of that, I will note that je parle un peu de francais, and yo hablo un poco de espanol. And briefly examining (5 minutes of each) various translated pages in those two languages, I can note what I will discretely call "oddities". Both PChuck's Network and The Real Blogger Status are techie blogs, and I will bet quite heavily that not all technical terms that I use will be properly translated. But this is a start.

And next, I will note that the setup described above translates from English into other languages. If your blog is written in, let's say, French, you'll want Cumulus In Your Language. Additional languages are in progress.

For a more detailed discussion about this exciting blog accessory, see Roberto's Report:Language Translator Set-up.

For the official Google Translated Language Pairs list, see Google Translate FAQ: Language Pairs, and for a description of the language codes, see WikiPedia: ISO 639-1. Be advised that my applet above won't always be 100% up to date; but if you spot a new language in the Google list, that isn't in my applet, and let me know, I'll do my best to add it.

Protect Your Identification From Hacker's !!

Identity-theft is a serious crime on rise in today’s ever-connected world. Protecting oneself online should be taken very seriously as the internet invades more and more in our personal lives. Online privacy intrusions can lead to serious consequences. It is very important to pay attention to some key points when you are online.

Using security tools.

Anti-virus software protects you from viruses that can crash your system and destroy your data. It is very important that you update your anti-virus regularly or set it for automatic updates to be able to detect the latest bugs. Do a complete scan of your computer at least twice a month. A firewall keeps hackers out of your computer. Sometimes the system is shipped from the manufacturer with the firewall turned off. Make sure it is turned on. Then there are anti-spyware and anti-malware tools which you should install. These block spyware software that tries to collect your personal data and profile your surfing habits without your knowledge or consent.

Make all transactions on secure sites

Before you do any kind of financial transactions online check the address bar and the security certificate. The website address of a secure website connection starts with “https” instead of just “http”. Click on the padlock icon on the status bar to see the security certificate for the site.

Don’t respond to e-mails requesting personal information

Legitimate entities like your bank or the social security department will not ask you to provide sensitive information through an email. And beware of scam mails that promise to make you heiress of a million dollar property in other continents.

Be safe on social-networking sites

Restrain yourself from sharing your biography on Facebook and twitter. You can use all the security tools correctly, but if you reveal too much personal information, you are still at risk. It is always better to avoid posting your birth year or mother’s maiden name and other sensitive details. Check the privacy settings on Facebook and access it via secure connection.

Using strong passwords

Make your passwords a combination of letters, numbers and special characters. Stay away from names of close family members and anything that can be guessed about you.

Do not click on suspicious links received from a friend

There are a number of email-generating viruses that can send fake emails from your contact list. Exercise caution if you receive a link from a friend who otherwise never sends you any links.

Be careful what you download

Download games, software and other products only from trusted sites. Do not go for every other free software that is available. A good research on the ratings and reviews about any product will guide you about the pros and cons of downloading it on your computer.

Beware of “Free” Wi-Fi

Public wireless hot-spots may not be safe especially when they are unsecured. On such networks data encryption is not enabled and anything you send over the net can be read by a hacker with the right tools.

LINUX OS Hacking TooLs !!

1. Nmap - Nmap ("Network Mapper") is a free open source utility for network exploration or security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. Nmap runs on most types of computers and both console and graphical versions are available.

2. Nikto - Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 3200 potentially dangerous files/CGIs, versions on over 625 servers, and version specific problems on over 230 servers. Scan items and plugins are frequently updated and can be automatically updated (if desired).

3. THC-Amap - Amap is a next-generation tool for assistingnetwork penetration testing. It performs fast and reliable application protocol detection, independant on the TCP/UDP port they are being bound to.

4. Ethereal - Ethereal is used by network professionals around the world for troubleshooting, analysis, software and protocol development, and education. It has all of the standard features you would expect in a protocol analyzer, and several features not seen in any other product.

5. THC-Hydra - Number one of the biggest security holes are passwords, as every password security study shows. Hydra is a parallized login cracker which supports numerous protocols to attack. New modules are easy to add, beside that, it is flexible and very fast.

6. Metasploit Framework - The Metasploit Framework is an advanced open-source platform for developing, testing, and using exploit code. This project initially started off as a portable network game and has evolved into a powerful tool for penetration testing, exploit development, and vulnerability research.

7. John the Ripper - John the Ripper is a fast password cracker, currently available for many flavors of Unix (11 are officially supported, not counting different architectures), DOS, Win32, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix flavors, supported out of the box are Kerberos AFS and Windows NT/2000/XP/2003 LM hashes, plus several more with contributed patches.

8. Nessus - Nessus is the world's most popular vulnerability scanner used in over 75,000 organisations world-wide. Many of the world's largest organisations are realising significant cost savings by using Nessus to audit business-critical enterprise devices and applications.

9. IRPAS - Internetwork Routing Protocol Attack Suite - Routing protocols are by definition protocols, which are used by routers to communicate with each other about ways to deliver routed protocols, such as IP. While many improvements have been done to the host security since the early days of the Internet, the core of this network still uses unauthenticated services for critical communication.

10. Rainbowcrack - RainbowCrack is a general propose implementation of Philippe Oechslin's faster time-memory trade-off technique. In short, the RainbowCrack tool is a hash cracker. A traditional brute force cracker try all possible plaintexts one by one in cracking time. It is time consuming to break complex password in this way. The idea of time-memory trade-off is to do all cracking time computation in advance and store the result in files so called "rainbow table".

Detecting Anonymous IP Addresses !!

As the fraudsters are now becoming more sophisticated in bypassing the Geo-location controls by using proxies (Anonymous IPs) to spoof their IP address, it has become very much necessary to come up with a means for detecting the proxies so that the authenticity of the users can be verified. Using a proxy (web proxy) is the simplest and easiest way to conceal the IP address of an Internet user and maintain the online privacy. However proxies are more widely used by online fraudsters to engage in cyber crimes since it is the easiest way to hide their actual Geo-location such as city/country through a spoofed IP address. Following are some of the examples where fraudsters use the proxies to hide their actual IP.

Credit Card Frauds
For example, say a Nigerian fraudster tries to purchase goods online with a stolen credit card for which the billing address is associated with New York. Most credit card merchants use Geo-location to block orders from countries like Nigeria and other high risk countries. So in order to bypass this restriction the credit card fraudster uses a proxy to spoof his IP address so that it appears to have come from New York. The IP address location appears to be legitimate since it is in the same city as the billing address. A proxy check would be needed to flag this order.

Bypass Website Country Restrictions
Some website services are restricted to users form only a selected list of countries. For example, a paid survey may be restricted only to countries like United States and Canada. So a user from say China may use a proxy so as to make his IP appear to have come from U.S. so that he can earn from participating in the paid survey.

Proxy Detection Services
So in order to stop such online frauds, Proxy Detection has become a critical component. Today most companies, credit card merchants and websites that deal with e-commerce transactions make use of Proxy Detection Services like MaxMind and FraudLabs to detect the usage of proxy or spoofed IP from users participating online.
Proxy Detection web services allow instant detection of anonymous IP addresses. Even though the use of proxy address by users is not a direct indication of fraudulent behaviour, it can often indicate the intention of the user to hide his or her real IP. In fact, some of the most used ISPs like AOL and MSN are forms of proxies and are used by both good and bad consumers.

How Proxy Detection Works?
Proxy detection services often rely on IP addresses to determine whether or not the IP is a proxy. Merchants can obtain the IP address of the users from the HTTP header on the order that comes into their website. This IP address is sent to the proxy detecting service in real time to confirm it’s authenticity.
The proxy detection services on the other hand compare this IP against a known list of flagged IPs that belong to proxy services. If the IP is not on the list then it is authenticated and the confirmation is sent back to the merchant. Otherwise it is reported to be a suspected proxy. These proxy detection services work continuously to grab a list or range of IPs that are commonly used for proxy services. With this it is possible to tell whether or not a given IP address is a proxy or spoofed IP.

How to Tell Whether a given IP is Real or a Proxy?
There are a few free sites that help you determine whether or not a given IP is a proxy. You can use free services like WhatisMyIPAddress to detect proxy IPs. Just enter the suspected IP in the field and click on “Lookup IP Address” button to check the IP address. If it is a suspected proxy then you will see the results something as follows:

So for all those who think that they can escape by using a spoofed IP, this post is the answer.
I hope this information Really helps You. Dont Forget To comment Below.

Protect Yourself From Phishing Attack !!

It is used to bait the on line users to give out their private information such as credit card information, net banking user name and passwords and other important personal and financial information.

These days’ social networking sites like face book are highly targeted sites for phishing purpose. These attacks are mainly carried by using Emails, Instant messaging or phone calls. Phishing is a example of social engineering to make the fool of user. In Phishing, people are convinced to enter their private information in spoofed sites. This is a criminal activity and a punishable crime. So, before giving you the web trick on how to protect your self from these sites, I suggested that you should never create phishing sites. Detecting fraud emails and phishing sites can be extremely difficult. Here we are giving you new trick and tips to detect these phishing sites and emails and protect your self from getting hacked or foolish.

Phishing Site Can Use the Following Techniques to affect the user:

Link manipulation

Filter evasions

Phone phishing

1. Link Manipulation -  This method is one of the popular method used to make user convinced to enter their private information in spoofed sites. Basically in this method a misspelled url of the original website is sent. Let us see some example below:
http://www.facebookk.com
http://www.facebooky.com
instead of the original address http://www.facebook.com.
There is also a second method that can be used in the different misleading anchor tag
For example:-The URL given below may seem to take you to facebook but it will take you to our homepage. You can test it by clicking on the link.

So the first web trick is: Try to avoid clicking on links in your emails inbox. Type the proper address of the site yourself.
2. Filter evasion - The main method to bring a user to a phishing site is by using emails. Now these days user uses various anti-phishing filters to block phishing text. To overcome these hackers started mailing website addresses in pictures. So now images are by default blocked by Gmail and you have to enable them manually.

3. Phone Phishing - Websites and Emails are not the only methods. In phone phishing Users receive phone calls or messages requesting them to verify their information by telling the caller. Some peoples on the call try to convince you to give your private information such as “your net banking user name and password” “credit card information” and other finical information. It is recommended that you should never reveal your sensitive information to the caller.

If you have any queries or suggestions then don’t hesitate to comment below

Guide To SQL INJECTION

"SQL INJECTION"

SQL Injection - \S-Q-L-in-'jek-shen\ - Noun
The technique of inputting malicious data into an SQL statement, which would therefore make the vulnerability present on the database layer.

What It Looks Like?
The vast majority of all SQL injections will take place on an input form.
The most basic of all SQL injections will look like the following:

The Basic SQL injection is :

Quote:
Variable' or 1=1--


Let’s say we have a login form. By inputting the above code, we can use our SQL injection to gain login even without proper credentials!

How’s it work?
Take a look..


Code:
SELECT * FROM users WHERE username = 'Variable' or 1=1--'



See how our code is nicely injected into the query? The result of this query will grant us access regardless of the username, since the result of “1=1? will always be true. In this case, we bypass the whole selection process.

You may have been wondering what the double dashes are for ( — ). These dashes at the end tell the SQL server to ignore the rest of the query. If the exploit isn’t being used on an SQL server, then omitting the double dashes and ending single quote will get the desired results.

Note that while this is the most standard way, it certainly isn’t the only way that malicious users will gain entry. SQL queries will differ greatly from one syntax to another.
It’s also common to see the following:


Code:
') or ('1'='1
"or "1"="1
' or '1'='1
Or 1=1--
" or 1=1--
' or 1=1--



SQL Injection: Attacking Via URLs

As we know it is possible to attack an SQL server through URL and usually much more dangerous to webmasters.
When using PHP and SQL, there is commonly a URL such as the following:


Code:
http://YourWebsiteName.com/page.php?id=2



By adding a little SQL to the end of the URL, we can attack on SQL server..

I think this is enough, Now Let’s finally find out how to secure your website from SQL injection.


SQL Injection Prevention: Editing Lengths Of Form Components

 
The first step in the process is simple: simply restrict input fields to the absolute minimum- usually anywhere from 7-12 characters is fine. Doing so will make long queries unable to be input, since the field is only enough characters for smaller queries. This will actually not prevent an SQL injection, but will make work harder for those trying to make use of one.

Note :SQL injection users can simply make a new form and remove the limits on the character length, since the length is in plain HTML and viewable (and editable) by anyone.

SQL Injection Prevention: Data Type Validation
Another good idea is to validate any data once it is received. If a user had to input an age, make sure the input is an actual number. If it was a date, make sure the date is in proper format. Again, this will not prevent an SQL injection in itself- it just makes work harder for those trying to exploit an SQL server.

Note: This is still only slowing attackers down- but isn’t it much more satisfying to have them waste their time before finding out one’s own query is impervious to harm?

SQL Injection Prevention: The Solution In Preventing SQL Attacks
We’ll accomplish this with a simple function that the developers of PHP made especially for SQL injections. We call this function mysql_real_escape_string() - take a look at it below:

Code:
$name = "Honey";
$name = mysql_real_escape_string($name);
$SQL = "SELECT * FROM users WHERE username = '$name'";



Although for a more practical use, we would have the $name variable pointed to a POST result, as seen below:

Code:
$name = mysql_real_escape_string($_POST['user']);



And we can even make things easier by putting it into one line:

Code:
$SQL = "SELECT * FROM users where username = "mysql_real_escape_string($POST['user']);



So what’s the output like if malicious users try to get access to our SQL server?
Their attempts may look something like this:


Code:
$malcious_input = "' OR 1'";
// The Above Is The Malicious Input. Don't Be Scared!
// With The mysql_real_escape_string() usage, the following is obtained:

\' OR 1\'
// Notice how the slashes escape the quotes! Now users can't enter malicious data



And the best part is, they just wasted their time and effort for nothing.

Lastly, note that there are libraries and classes that can help aid in the fight against SQL injection. Prepared statements are plausible as well, but as for us, we enjoy sticking to the mysql_real_escape_string() function for less headaches.

So This Is The Process By Which We Can Be Prevented From Hackers i.e This Is Ethical Hacking Technique.

Enjoy & Do Comment Here :)

Network Hacking Tips !!

Common Ways To Attack a Network

Ping
The IP address gives the attacker’s Internet address. The numerical address like 212.214.172.81 does not reveal much. You can use PING to convert the address into a domain name in WINDOWS: The Domain Name Service (DNS) protocol reveals the matching domain name. PING stands for “Packet Internet Groper” and is delivered with practically every Internet compatible system, including all current Windows versions. Make sure you are logged on to the net.
Open the DOS shell and enter the following PING command:
Ping –a 123.123.12.1

Ping will search the domain name and reveal it. You will often have information on the provider the attacker uses e.g.:
dialup21982.gateway123.provider.com

Pinging is normally the first step involved in hacking the target. Ping uses ICMP (Internet Control Messaging Protocol) to determine whether the target host is reachable or not. Ping sends out ICMP Echo packets to the target host, if the target host is alive it would respond back with ICMP Echo reply packets.

All the versions of Windows also contain the ping tool. To ping a remote host follow the procedure below.
Click Start and then click Run. Now type ping <ip address or hostname>
(For example: ping yahoo.com)

This means that the attacker logged on using “provider.com”. Unfortunately, there are several IP addresses that cannot be converted into domain names. For more parameter that could be used with the ping command, go to DOS prompt and type ping /?.

Ping Sweep
If you are undetermined about your target and just want a live system, ping sweep is the solution for you. Ping sweep also uses ICMP to scan for live systems in the specified range of IP addresses. Though Ping sweep is similar to ping but reduces the time involved in pinging a range of IP addresses. Nmap also contains an option to perform ping sweeps.

Tracert:
Tracert is another interesting tool available to find more interesting information about a remote host. Tracert also uses ICMP. Tracert helps you to find out some information about the systems involved in sending data (packets) from source to destination. To perform a tracert follow the procedure below.

Tracer connects to the computer whose IP has been entered and reveals all stations starting from your Internet connection. Both the IP address as well as the domain name (if available) is displayed. If PING cannot reveal a name, Traceroute will possibly deliver the name of the last or second last station to the attacker, which may enable conclusions concerning the name of the provider used by the attacker and the region from which the attacks are coming.

Go to DOS prompt and type tracert <destination address> (For example: tracert yahoo.com). But there are some tools available like Visual Traceroute which help you even to find the geographical location of the routers involved.
http://www.visualware.com/visualroute

Port Scanning:-
After you have determined that your target system is alive the next important step would be to perform a port scan on the target system. There are a wide range of port scanners available for free. But many of them uses outdated techniques for port scanning which could be easily recognized by the network administrator. Personally I like to use Nmap (http://www.insecure.org) which has a wide range of options. You can download the NmapWin and its source code from:
http://www.sourceforge.net/projects/nmapwin

Apart from port scanning Nmap is capable of identifying the Operating system being used, Version numbers of various services running, firewalls being used and a lot more.

Common ports:
Below is a list of some common ports and the respective services running on the ports.

20 FTP data (File Transfer Protocol)
21 FTP (File Transfer Protocol)
22 SSH
23 Telnet
25 SMTP (Simple Mail Transfer Protocol)
53 DNS (Domain Name Service)
68 DHCP (Dynamic host Configuration Protocol)
79 Finger
80 HTTP
110 POP3 (Post Office Protocol, version 3)
137 NetBIOS-ns
138 NetBIOS-dgm
139 NetBIOS
143 IMAP (Internet Message Access Protocol)
161 SNMP (Simple Network Management Protocol)
194 IRC (Internet Relay Chat)
220 IMAP3 (Internet Message Access Protocol 3)
389 LDAP
443 SSL (Secure Socket Layer)
445 SMB (NetBIOS over TCP)

Besides the above ports they are even some ports known as Trojan ports used by Trojans that allow remote access to that system.

Vulnerability Scanning:
Every operating system or the services will have some vulnerabilities due to the programming errors. These vulnerabilities are crucial for a successful hack. Bugtraq is an excellent mailing list discussing the vulnerabilities in the various system. The exploit code writers write exploit codes to exploit these vulnerabilities existing in a system. There are a number of vulnerability scanners available to scan the host for known vulnerabilities. These vulnerability scanners are very important for a network administrator to audit the network security.
Some of such vulnerability scanners include Shadow Security Scanner,Stealth HTTP Scanner, Nessus, etc. Visit http://www.securityfocus.com vulnerabilities and exploit codes of various operating systems. Packet storm security (http://www.packetstormsecurity.com) is also a nice pick.


Sniffing
Data is transmitted over the network in the form of datagrams (packets).These packets contain all the information including the login names,passwords, etc. Ethernet is the most widely used forms of networking computers. In such networks the data packets are sent to all the systems over the network. The packet header contains the destination address for the packet. The host receiving the data packets checks the destination address for the received packet. If the destination address for the packet matches with the hosts IP address the datagram will be accepted else it will be discarded.

Packet sniffers accept all the packets arrived at the host regardless of its destination IP address. So installing packet sniffer on a system in Ethernet we can monitor all the data packets moving across the network. The data may even include the login names and passwords of the users on the network. Not only that sniffing can also reveal some valuable information about the version numbers of the services running on the host, operating system being used, etc.
**NetworkActiv Sniffer is freeware tool available for download.
The following is the data contained in a packet, captured over my network.
(For security reasons I’ve edited the address).

HTTP/1.1 301 Moved Permanently
Content-Length: 150
Content-Type: text/html
Location: http://XXX.XXX.XXX.XXX/new/
Server: Microsoft-IIS/6.0
Date: Wed, 12 Mar 200X 08:17:56 GMT
<head><title>Document Moved</title></head>
<body><h1>Object Moved</h1>This document may be found <a
HREF="http://XXX.XXX.XXX.XXX/new/">here</a></body>
From this we can understand that the source system for the packet has a
Microsoft Operating System installed and is running IIS 6.0 (the
operating system might possibly be Windows 2003 Server as it has IIS
6.0 running).


Social Engineering
This has become one of the hottest topics today and it seems to work out most of the times. Social Engineering doesn’t deal with the network security issues, vulnerabilities, exploits, etc. It just deals withsimple
psychological tricks that help to get the information we want. This really works!! But it requires a lot of patience. We are all talking about network security and fixing the vulnerabilities in networks. But what happens if some internal person of a network accidentally gives out the passwords. After all we are all humans; we are also vulnerable and can be easily exploited and compromised than the computers.
Social Engineering attacks have become most common during the chat sessions. With the increase in use of Instant Messengers, any anonymous person may have a chat with another any where in the world. The most crucial part of this attack is to win the trust of the victim.

It may take a long time (may be in minutes, hours, days or months) for this to happen. But after you are being trusted by the victim he will say you every thing about him. Most of the times his person information will be useful to crack his web accounts like e-mail ids, etc. Even some people are so vulnerable to this attack that they even give their credit card numbers to the strangers (social engineers). Some social engineers stepped one more forward and they send some keyloggers or Trojans to the victims claimed to be as screensavers or pics. These keyloggers when executed gets installed and send back information to the attacker. So be careful with such attacks.

Prevention:

1) Don’t believe everyone you meet on the net and tell them every thing about you. Don’t even accidentally say answers to the questions like “What’s you pet’s name?”, “What is your mothermaiden’s name?”, etc. which are particularly used by your web account providers to remind your passwords.

2) Don’t give your credit card details to even your chating through instant messengers. Remember, it’s not a hard deal for an attacker to crack an e-mail id and chat with you like your friend.
Also data through IMs can be easily sniffed.

3) Don’t accept executable files (like *.exe, *.bat, *.vbs, *.scr, etc.) from unknown persons you meet on the net. They might be viruses or Trojans.

Please act carefully, use security software and ask professionals for help.