Kuch Kuch Locha Hai (2015) - Movie Songs

Description:

Story about a married, salacious 40-something man (Kapoor) who falls for international (adult) movie star (Leone) is silly, but not enough silly. It is evident from the intro frames where the film is really going - hatching a sex comedy between the primary protagonists, using slapstick and comic dialogs. Unfortunately, old formula has been highly tampered with and all that is left for its audiences to absorb are few cleavages, slurs about these cleavages, and short skirts that emphasize the cleft.

People love sex comedies if they are honest, but in here there is visible honesty only about one thing: flesh show. Those expecting things from the film will receive it with pure irreverence from Leone and Sharma, who are strictly for that purpose. Other characters simply fool around with unclear intentions. Moreover, the base of the film itself is flawed - the guy probably wants to get laid with someone other than his wife, and when the time comes, refuses to acknowledge it. I have no sympathy or liking for such a character.

The film is an update only for Ram Kapoor - a lucky sod who used to romance sari-clad middle-aged women in TV and now fantasizes about voluptuous actors.

BOTTOM LINE: Kuch Kuch Locha Hai is an updated and modernized progeny of Bhojpuri sleaze films which used to have posters stuck inside bus stops and on street light poles - posters that had three main people in it, descriptively the boob-flashing heroine, her big-hearted (and probably well-endowed) hero lover, and her knife-wielding villain lover.

Music Album Info :

          Director:  Devang Dholakia

                Cast:  Ram Kapoor, Sunny Leone & Evelyn Sharma

Music Director:  Ikka, Arko & Intense (Track #1), Amjad Nadeem (#2,4,6), Arko & R.D.Burman (#3),  Dharam & Sandeep (#5),Ali Quli Mirza (#7)

           Lyricist:  Ikka, Arko, Sameer, Sanjeev Chaturvedi, Himank Kalal & Mani Soni, Amjad Nadeem (All Tracks)

    MP3 Bitrate:  190 & 320Kbps (VBR)

Download : Click on Format icons & download track

1 Paani Wala Dance - Ikka, Arko & Shraddha Pandit  

2 Daaru Peeke Dance - Neha Kakkar & Aishwarya Nigam  

3 Aao Na - Ankit Tiwari, Arko & Shraddha Pandit  

4 Na Jaane Kya Hai Tumse Waasta - Jubin Nautiyal & Asees Kaur  

5 Kuch Kuch Locha Hai - Divya Kumar, Sandman & Shraddha Pandit  

6 Ishq Da Maara - Jubin Nautiyal  

7 Yeh Ishq - Ali Quli Mirza

Single Link for Full Album:

Download In 190Kbps (Zip File & Torrent File)

   (Click Here & Download Zip File...)

                                

Download In 320Kbps (Zip File & Torrent File)

   (Click Here & Download Zip File...)

Friday, June 12, 2015 Share:

Ek Paheli Leela (2015) - Movie Songs

Description:
The movie starts with Karan (Jay Bhanushali) shifting homes in Mumbai. Karan is a singer and musician who often helps his sister Radhika with music for her fashion shows. Radhika (Shivani Tanksale), is a fashion photographer who wants to get the sizzling Meera (Sunny Leone) for her shows.

Meanwhile in Bombay, Karan has persistent dreams of someone whipping him. In an attempt to figure why, his friend takes him to a Pandit (Nari-Shakti Scholar) who tells him that his pain is rooted in his past life.

While in India, Meera meets Ranveer Singh (Mohit Ahlawat), a prince, in Rajasthan. The two eventually fall in love and get married. Ranveer is in middle of a property dispute with his cousin Vikram Singh (Jas Arora).

Karan travels through his past and figures out that he was Shravan (Rajneesh Duggal), 300 years ago. He was in love with a girl named Leela but his master, an artist, Bhairao (Rahul Dev) adopts her as his muse. Bhairao makes a statue of Leela and discovers that Leela is in love with Shravan. In a fit of rage, Bhairao kills both Shravan and Leela.

Karan goes to Bhairao Kaksha (a place of dispute between Ranveer and Vikram). Karan tries to remind Mira about their past but Meera does not believe him. Karan plays a song that takes Meera back into their past and she recollects her past life.

Meera and Karan get kidnapped by Vikram who is looking for a statue that Bhairao made. The current market value of the statue is 1000 crores and Vikram wants to keep the money for himself. Karan reveals that the statue was hidden behind a wall. When Vikram gets to the statue, he is killed by Ranveer.

It turns out Karan was wrong all along. He was actually the reincarnation of Bhairao and not of Shravan (who got reincarnated in Ranveer). Karan tries to redeem his ills by committing suicide but Meera and Ranveer don't let him.

Music Album Info :
              Director:  Bobby Khan
                    Cast:  Sunny Leone, Jay Bhanushali & Mohit Alawat
    Music Director:  Meet Bros Anjjan, Amaal Mallik, Dr. Zeus, Tony Kakkar, Uzair Jaswal 
                Lyricist:  Kumaar & Uzair Jaswal
         MP3 Bitrate:  190 & 320Kbps (VBR)



Download : Click on Format icons & download track
1 Desi Look - Kanika Kapoor  
2 Tere Bin Nahi Laage - Uzair Jaswal  
3 Saiyaan Superstar - Tulsi Kumar  
4 Khuda Bhi - Mohit Chauhan  
5 Glamorous Ankhiyaan - Krishna Beura  
6 Main Hoon Deewana Tera - Arijit Singh  
7 Dhol Baaje - Monali Thakur, Ved, Ashish  
8 Tere Bin Nahi Laage - Tulsi Kumar, Alam  
9 Ek Do Teen Chaar - Neha Kakkar & Tony


Single Link for Full Album:
Download In 190Kbps (Zip File & Torrent File)
   (Click Here & Download Zip File...)
                                
Download In 320Kbps (Zip File & Torrent File)
   (Click Here & Download Zip File...) 

Thursday, June 11, 2015 Share:

Dolly Ki Doli (2015) - Movie Songs

Description:

The movie centres around different weddings where the bride, Dolly (Sonam Kapoor), is a young con who marries men from different religions and runs away with their wealth.Her entire family is full of conmen and conwomen. After conning quite a few number of rich men, she gets media attention, who label her as "looteri dulhan". A cop Robin Singh (Pulkit Samrat) decides to chase and catch Dolly. When she tries to con Delhi boy Manjot (Varun Sharma), her lover who is also one of her victims enters the scene. Dolly manages to fool everybody once again. Meanwhile her fake brother (Mohammed Zeeshan Ayyub) is actually in love with her.

When Dolly and her gang tries to con a nawab (Saif Ali Khan), they are arrested by Robin Singh. Then it is revealed that they were lovers and she was dumped by Robin which turned her into Looteri Dulhan. Dolly escapes prison with Robin's help and they get married. But the group cons Robin and travels in search of her next target "Prem" which is a picture of Salman Khan.

Music Album Info :

    Director:    Abhishek Dogra

        Cast:   Sonam Kapoor, Pulkit Samrat, Raj Kumar Rao & Varun Sharma

 Music Director:   Sajid-Wajid (All Tracks)

     Lyricist:  Irfan Kamal, Danish Sabri & Kumaar

              

Download : Click on Format icons & download track

1 Phatte Tak Nachna - Sunidhi Chauhan  

2 Fashion Khatam Mujhpe - Mamta Sharma, Wajid, Shabab Sabri  

3 Babaji Ka Thullu - Wajid, Danish Sabri  

4 Dolly Ki Doli - Divya Kumar  

5 Mere Naina Kafir Hogaye - Rahat Fateh Ali Khan

Single Link for Full Album:

Download In 190Kbps (Zip File & Torrent File)

   (Click Here & Download Zip File...)

                                

Download In 320Kbps (Zip File & Torrent File)

   (Click Here & Download Zip File...)

Tuesday, February 17, 2015 Share:

Khamoshiyan (2015) - Movie Songs

Desription:

In Kashmir, Kabir meets a mysterious beautiful lady Meera (Sapna Pabbi) who is married to an Industrialist Jaidev (Gurmeet Choudhary). Meera runs a mysterious guest house, where Kabir arrives as a tourist and also take cares of her bed-ridden husband. Kabir inadvertently starts getting attracted towards the married Meera.

Kabir now in love with Meera, tries to take her away from the house, but a strange force stops them from going far away. Curious to know the reality Kabir ends up calling a ''tantrik'' after drugging Meera. The tantrik discovers an evil spirit in the house which even attacks them. Tantrik claims the spirit is of Jaidev as he is dead and Meera is lying to him. Kabir sneeks into Jaidev's room only to find Jaidev sleeping on bed. Furious with all this, Meera asks Kabir to leave but he returns to help her.

On confronting, Meera reveals that she was involved in a hit and run case two years back and to evade imprisonment she ran away to a small town in Kashmir, were she meets Jaidev, a rich industrialist who lives in a huge mansion. She falls in love with him and soon they both get married. One night Meera sees Jaidev performing a ritual slaughter and praying to evil. Scared and shocked Meera tries to run away but she is caught by Jaidev. In struggle to stop her Jaidev falls from stairs and gets paralysed below waist. Later Jaidev commits suicide and leaves a letter for her mentioning, that she will have to live in the house for eternity with his soul and if she ever tries to run away from his house, and if his lawyer comes to know about it his lawyer will file an FIR against her for killing him and for her involvement in the hit and run case, for which he has already instructed his lawyer through a letter. To avoid been caught by police for double murder, Meera had to stay in the house with Jaidev's soul and delude the world that her husband is alive and bed-ridden.

Kabir decides to take care of the lawyer and goes to his house, only to discover that there is no such lawyer. On knowing Jaidev's lie Meera and Kabir now had to just cremate Jaidev's body and set his spirit free. They cremate his body and think that Jaidev's spirit has been set free. To their surprise Jaidev return to haunt Meera and captures her in a painting. Kabir takes help of the same tantrik who himself is a spirit, gives him some holy water to spray on Jaidev. After a lot of deadly struggle Kabir drinks a drop of Jaidev's blood to get his spirit enter his own body. He later drinks holy water, which makes Jaidev's evil spirit perish, setting Meera free. The movie ends with Kabir and Meera reuniting, whereas Kabir also converts his experience into a story and publishing it titled as "Khamoshiyan".

Music Album Info :

                    Director:    Karan Darra

                         Cast:   Ali Fazal, Gurmeet Choudhary & Sapna Pabbi

           Music Director:   Jeet Ganguly (Track #1,3,8,9), Bobby-Imran (#2,6,10), Ankit Tiwari (#5,7,11), Naved Zafar (#4)

                     Lyricist:  Sayeed Quadri & Rashmi Singh

Download : Click on Format icons & download track

1 Khamoshiyan - Arijit Singh & Jeet Ganguly  

2 Tu Har Lamha - Arijit Singh  

3 Baatein Ye Kabhi Na (Male) - Arijit Singh  

4 Kya Khoya - Naved Jafar  

5 Bheegh Loon (Female) - Prakriti Kakar  

6 Subhan Allah - Anupam Amod  

7 Bheegh Loon (Male) - Ankit Tiwari  

8 Baatein Ye Kabhi Na (Female) - Palak  

9 Khamoshiyan (Unplugged) - Arijit Singh & Jeet Ganguly  

10 Tu Har Lamha (Remix) - Arijit Singh & DJ Angel  

11 Bheegh Loon (Female-Remix) - Prakriti Kakar & DJ Angel  

Single Link for Full Album:

Download In 190Kbps (Zip File & Torrent File)

   (Click Here & Download Zip File...)

                                

Download In 320Kbps (Zip File & Torrent File)

   (Click Here & Download Zip File...) 

Monday, February 16, 2015 Share:

Safe House (2012) | Hindi Dubbed | HD 720p

Released : 2012

Genre : Action | Crime | Mystery

Star cast : Denzel Washington, Ryan Reynolds and Robert Patrick

Description :

A young CIA agent is tasked with looking after a fugitive in a safe house. But when the safe house is attacked, he finds himself on the run with his charge.

Tobin Frost (Denzel Washington), an ex-CIA NOC operative turned international criminal, acquires a data storage device from rogue MI6 agent Alec Wade (Liam Cunningham). Attacked by a team of mercenaries led by Vargas (Fares Fares), Wade is killed and Frost is forced to surrender himself to the American consulate in Cape Town, South Africa.

Frost is transferred to a local safe house maintained by "housekeeper" Matt Weston (Ryan Reynolds), a young agent recently promoted to the boring, low-level CIA posting. Weston watches veteran agent Daniel Kiefer (Robert Patrick) as he begins to interrogate Frost via waterboarding. Vargas and his men attack the safe house, killing Kiefer and his team. Weston escapes, taking Frost as his charge. When Weston makes contact with his superior, David Barlow (Brendan Gleeson), at CIA headquarters in Langley, Catherine Linklater (Vera Farmiga), another CIA operative, orders Weston to lie low and await further instructions.

Weston hides out with Frost and calls his girlfriend Ana Moreau (Nora Arnezeder), a French medical resident who does not know that he works for the CIA, and tells her to leave the house. Barlow later tells Weston to go to Cape Town Stadium to retrieve a GPS device with the location of a nearby safe house. He retrieves the GPS at the stadium, but Frost creates a diversion and gets away by disguising himself as a policeman. Weston, detained by the police, escapes but can't catch Frost. Weston goes to recapture Frost but Frost ambushes and aims a gun at him, then says bluntly "I only kill professionals" and bursts Weston's eardrum by shooting into the wall right next to him before leaving the area.

Weston is ordered to visit the nearest American embassy for debriefing. Instead he meets with Ana and reveals that he is a CIA agent. He tells her to return to Paris for her safety. Weston tracks Frost to a shantytown in Langa, where Frost is meeting Carlos Villar (Rubén Blades), an old contact and document forger. Vargas attacks again, killing Villar along with his wife, but Frost eludes him and his men with Weston's help. Weston subsequently learns that Vargas is actually working for the CIA, which is seeking to retrieve the storage device Frost received from Wade. The device is Israeli intelligence, revealed to contain details of corrupt officials and secret money transfers involving American CIA, British MI6, and other intelligence agencies; Weston recognizes the reference to the Mossad because the CIA accused Frost of selling secrets to them before he became a rogue agent. Weston's own superiors may be implicated. Frost is taken to the new safe house by Weston, where Weston is attacked by the housekeeper, Keller (Joel Kinnaman).

After much struggle, Weston kills Keller but is badly wounded in their fight. Frost leaves Weston who then passes out from the wounds sustained fighting Keller. Meanwhile, Linklater has arrived in South Africa with Barlow to collect Frost and Weston from the safe house, but on the way is shot and killed by Barlow, who goes to the safe house and reveals that he is Vargas's employer. He confirms that the file contains incriminating evidence against him, and encourages Weston to lie about what has happened. Frost returns to rescue Weston by killing Vargas and his men but is shot by Barlow. Weston then shoots Barlow in the chest, killing him. Frost gives Weston the file and tells Weston he is better than him before he dies from his injuries.

Back in the United States, Weston meets with CIA Deputy Director Harlan Whitford (Sam Shepard), who informs Weston that unflattering facts about the CIA must be removed from his report, but that he will be promoted. He asks Weston about the file's location but Weston denies having been told about it by Frost. Whitford states that whoever has those files will have many enemies. Weston leaves, then leaks the files to the media, incriminating personnel from many intelligence agencies, including Whitford. Later on, Weston sees Ana across a street in Paris, France. She reads a note passed to her from him, looks up at Weston, and they both make eye contact and smile before Weston walks away.

Duration : 1 hour 55 min

Click Below to Download Now-

Download Link1

size: 822 Mb

Download Link 2

size: 822 Mb

Tuesday, August 05, 2014 Share:

The Devil Inside (2012) Hindi Dubbed | HD 720p

Release: 6 January 2012 (USA)

Genre : Horror

Star Cast : Fernanda Andrade, Simon Quarterman and Evan Helmuth

Description :

An American girl, Isabella, sets out to make a documentary to understand what happened to her mother who murdered three clergy people. She was not convicted due to insanity and was sent to a mental hospital in Italy. Isabella meets with some priests in Italy who explain that her mother"s condition may not be medical, but could be an extra-human possession. 

In Italy, a woman becomes involved in a series of unauthorized exorcisms during her mission to discover what happened to her mother, who allegedly murdered three people during her own exorcism.

Written by Joy

Duration : 1 hour 30 mins

Click Below to Download Now-

Download Link 1

Download Now

size: 620 Mb

Download Link 2

Part I - Part II - Part III - Part IV

Tuesday, August 05, 2014 Share:

How to Activate Windows 8 || Best Working Windows 8 Activator

As u know that Microsoft has completely released full features of windows 8 through its pro versions. Everybody wants to run it on their PC or laptop because its metro UI is simply amazing and the most innovative user interface the computer geeks have ever seen. So in order to get all the features of window 8 you must have its genuine activation key or You have to buy its genuine copy from microsoft by paying a huge amount of money which we students cant afford to pay. So i am posting this to end your burden of activating it. The tool i am providing is the best activator available in market today.

So i am providing this activator which will activate it for lifetime and make it a complete genuine copy or pro. Though i thought that I will never share this activator as its a rare one but i have changed my mind so here it is.

Please note that its not a KMS activator which is also used to activate windows 8, office 13 and other Microsoft products. The biggest disadvantage of KMS tool is that it will harm your registry settings and also it will extend the trial only for 6 months and after that you will have to use it again. So this is a bit awkward for me as i cant digest only 6 months period.

Problems regarding activation of Windows 8 has been solved last year. Those who are the users of Windows 8 and having trouble to activate this version of Windows hope you already got the solution. Just after the release of the final version of Windows 8, we have provided an activator for you that works with all editions. 

All you is just to make a double click on the activator. Within 10/ 15 seconds your PC will be restarted. And you will see the confirmation message about Windows 8 activation. 

Okay let's start. This is a very simple and easy activator. First, download the file by hitting on the download button: 

Download Now

1. After download the file you need to unzip it. 
2. Then double click on the activator. 
3. Wait for few seconds for processing.
4. Now your system will be restarted and you will get the activation message. 

Cautions: 

• Windows Defender may detect this file as virus. I think as it is a cracking tool that's why defender may consider this as a threat. But this is safe (Though I'm not 100% sure but using it on my PC).  

• .Net Framework 3.5 is required to run this activator. If your Windows doesn't have .Net 3.5 installed then install it now. 

• For any reason, if this activator doesn't work, then you follow this method. 

After successfully activating the Windows, you will be shown the confirmation message. And you can also find it by pressing Start + Pause as the image shows below: 

Note: Always use "run as administrator". This activator might not work on some desktops because of Processor compatibility but its working 100% with all laptops. Though i have not faced any problem even with desktop as well as laptop.

And be patient for 30-50 seconds after applying activator as sometimes it takes a bit long to show desktop after restarting.
Enjoy.

I have added the instructions file along with activator. So just follow the instructions to use it.

Friday, July 18, 2014 Share:

Top 7 Ways to Reduce Blogger Blog Load Time

Blogger Blog is very popular among peoples, because according to me its very easy to use and setup as compare to others. Some people make a blog and after that they convert it to a website. But you know no one like heavy blog, so optimization is necessary.

In blogger blog you can't do any thing with cpanel, or you can't access internal coding file. But you wanna reduce loading time, so follow my 7 best tips for this.

1. Always use best Templates, don't use local or any template. Just use templates that are made by certified professionals, because some times you get corrupted or scripted templates.

2. Avoid Java Scripts. I know Java scripts make website attractive or you can do make useful things with this. But Java Scripts increase loading time, they make website heavy. So no need to use any unnecessary JavaScript.

3. Don't put any image in background. Images make website heavy so no need to use images in background. I wanna say one thing more, when ever you use image in post or blog always define height and width. Always give proper title, very much use full in SEO.

4. Place less Advertisement. Don't fill you blog with advertisements. Advertisements make website heavy. Put only necessary ads.

5. Use less or only important widgets. There are millions of widgets available, no need to use all. Use only professional, important and necessary widgets.

6. Remove External Links that are not required.

7. Never put full post, use read more option. This will make post and blog heavy. This thing also not look professional. So do one things always use read more option.

Friday, July 18, 2014 Share:

How to Get Free IPL Score By SMS on all Networks

Hello friends,
IPL, is like fever for cricket lovers. But many times due to busy schedule we are not able to see Live Match, but every one wanna know score. So today I am giving you the trick to get score without any cost. This is not a hack, its official service. This service is proved by IPL with help of txtweb.com, but many people don't know how to do this. So follow my steps and get free score on you mobile. 

How to Activate: 

1. First of all dial number 18002081021, this is toll free.
2. After 1 or 2 seconds, call will be disconnected automatically.
3. Now, all is done.You will receive score with team names.
4. No need to pay, you can get other cricket updates to.

How to Deactivate: 

1. You can easily deactivate this service by typing a simple SMS.
2. Just type STOP and send it to 9266592665.

Friday, July 18, 2014 Share:

How I lost my $50,000 Twitter username

Naoki Hiroshima is the creator of Cocoyon and a developer for Echofon. This post originally appeared on Naoki’s Medium blog and has been republished with permission.

---

Update: PayPal has denied that its customer service representative divulged credit card information over the phone. Go Daddy has admitted partial responsibility for the incidents. Finally, the @N account itself is actually in someone else’s hands, after Twitter made it available after initially deactivating it.

I had a rare Twitter username, @N. Yep, just one letter. I've been offered as much as $50,000 for it. People have tried to steal it. Password reset instructions are a regular sight in my email inbox.

As of today, I no longer control @N. I was extorted into giving it up.

While eating lunch on January 20, 2014, I received a text message from PayPal for one-time validation code. Somebody was trying to steal my PayPal account. I ignored it and continued eating.

Later in the day, I checked my email which uses my personal domain name (registered with Go Daddy) through Google Apps. I found the last message I had received was from Go Daddy with the subject “Account Settings Change Confirmation.” There was a good reason why that was the last one.

From: Go Daddy
To: <*****@*****.***> Naoki Hiroshima
Date: Mon, 20 Jan 2014 12:50:02 -0800
Subject: Account Settings Change Confirmation

Dear naoki hiroshima,

You are receiving this email because the Account Settings were modified for the following Customer Account:

XXXXXXXX

There will be a brief period before this request takes effect.

If these modifications were made without your consent, please log in to your account and update your security settings.

If you are unable to log in to your account or if unauthorized changes have been made to domain names associated with the account, please contact our customer support team for assistance: support@go daddy.com or (480) 505-8877.

Please note that Accounts are subject to our Universal Terms of Service.

Sincerely,
Go Daddy

I tried to log in to my Go Daddy account, but it didn't work. I called Go Daddy and explained the situation. The representative asked me the last 6 digits of my credit card number as a method of verification.

This didn't work because the credit card information had already been changed by an attacker. In fact, all of my information had been changed. I had no way to prove I was the real owner of the domain name.

The Go Daddy representative suggested that I fill out a case report on Go Daddy’s website using my government identification. I did that and was told a response could take up to 48 hours. I expected that this would be sufficient to prove my identity and ownership of the account.

Let The Extortion Begin

Most websites use email as a method of verification. If your email account is compromised, an attacker can easily reset your password on many other websites. By taking control of my domain name at Go Daddy, my attacker was able to control my email.

I soon realized, based on my previous experiences being attacked, that my coveted Twitter username was the target. Strangely, someone I don’t know sent me a Facebook message encouraging me to change my Twitter email address.

I assumed this was sent from the attacker but I changed it regardless. The Twitter account email address was now one which the attacker could not access.

The attacker tried to reset my Twitter password several times and found he couldn't receive any of the reset emails because it took time for the change of my domain’s MX record, which controls the email domain server. The attacker opened issue #16134409 at Twitter’s Zendesk support page.

N, Jan 20 01:43 PM:

Twitter username: @n
Your email: *****@*****.***
Last sign in: December
Mobile number (optional): n/a
Anything else? (optional): I’m not receiving the password reset to my email, do you think you could manually send me one?

Twitter required the attacker to provide more information to proceed and the attacker gave up on this route.

I later learned that the attacker had compromised my Facebook account in order to bargain with me. I was horrified to learn what had happened when friends began asking me about strange behavior on my Facebook account.

I received an email from my attacker at last. The attacker attempted to extort me with the following message.

From: SOCIAL MEDIA KING
To: <*****@*****.***> Naoki Hiroshima
Date: Mon, 20 Jan 2014 15:55:43 -0800
Subject: Hello.

I've seen you spoke with an accomplice of mine, I would just like to inform you that you were correct, @N was the target. it appears extremely inactive, I would also like to inform you that your Go Daddy domains are in my possession, one fake purchase and they can be repossessed by go daddy and never seen again D:

I see you run quite a few nice websites so I have left those alone for now, all data on the sites has remained intact. Would you be willing to compromise? access to @N for about 5 minutes while I swap the handle in exchange for your go daddy, and help securing your data?

Shortly thereafter, I received a response from Go Daddy.

From: change@go daddy.com
To: <*****@*****.***> Naoki Hiroshima
Date: Mon, 20 Jan 2014 17:49:41 -0800
Subject: Update [Incident ID: 21773161] — XXXXX.XXX

Unfortunately, Domain Services will not be able to assist you with your change request as you are not the current registrant of the domain name. As the registrar we can only make this type of change after verifying the consent of the registrant. You may wish to pursue one or more of the following options should you decide
to pursue this matter further:

1. Visit http://who.godaddy.com/ to locate the Whois record for the domain name and resolve the issue with the registrant directly.

2. Go to http://www.icann.org/dndr/udrp/approved-providers.htm to find an ICANN approved arbitration provider.

3. Provide the following link to your legal counsel for information on submitting legal documents to GoDaddy: http://www.godaddy.com/agreements/showdoc.aspx?pageid=CIVIL_SUBPOENA Go Daddy now considers this matter closed.

My claim was refused because I am not the “current registrant.” Go Daddy asked the attacker if it was OK to change account information, while they didn't bother asking me if it was OK when the attacker did it. I was infuriated that Go Daddy had put the burden on the true owner.

A coworker of mine was able to connect me to a Go Daddy executive. The executive attempted to get the security team involved, but nothing has happened. Perhaps because of the Martin Luther King Jr. holiday.

Then I received this follow-up from the attacker.

From: SOCIAL MEDIA KING
To: <*****@*****.***> Naoki Hiroshima
Date: Mon, 20 Jan 2014 18:50:16 -0800
Subject: …hello

Are you going to swap the handle? the go daddy account is ready to go. Password changed and a neutral email is linked to it.

I asked a friend of mine at Twitter what the chances of recovering the Twitter account were if the attacker took ownership. I remembered what had happened to @mat and concluded that giving up the account right away would be the only way to avoid an irreversible disaster. So I told the attacker:

From: <*****@*****.***> Naoki Hiroshima
To: SOCIAL MEDIA KING
Date: Mon, 20 Jan 2014 19:41:17 -0800
Subject: Re: …hello

I released @N. Take it right away.

I changed my username @N to @N_is_stolen for the first time since I registered it in early 2007. Goodbye to my problematic username, for now.

I received this response.

From: SOCIAL MEDIA KING
To: <*****@*****.***> Naoki Hiroshima
Date: Mon, 20 Jan 2014 19:44:02 -0800
Subject: RE: …hello

Thank you very much, your go daddy password is: V;Mz,3{;!’g&

if you’d like I can go into detail about how I was able to gain access to your go daddy, and how you can secure yourself

The attacker quickly took control of the username and I regained access to my Go Daddy account.

PayPal and Go Daddy Facilitated The Attack

I asked the attacker how my Go Daddy account was compromised and received this response:

From: SOCIAL MEDIA KING
To: <*****@*****.***> Naoki Hiroshima
Date: Mon, 20 Jan 2014 19:53:52 -0800
Subject: RE: …hello

- I called Paypal and used some very simple engineering tactics to obtain the last four of your card (avoid this by calling Paypal and asking the agent to add a note to your account to not release any details via phone)

- I called go daddy and told them I had lost the card but I remembered the last four, the agent then allowed me to try a range of numbers (00-09 in your case) I have not found a way to heighten go daddy account security, however if you’d like me to
recommend a more secure registrar i recommend: Name Cheap or eNom (not network solutions but enom.com)

It’s hard to decide what’s more shocking, the fact that PayPal gave the attacker the last four digits of my credit card number over the phone, or that Go Daddy accepted it as verification. When asked about this, the attacker responded with this message:

From: SOCIAL MEDIA KING
To: <*****@*****.***> Naoki Hiroshima
Date: Mon, 20 Jan 2014 20:00:31 -0800
Subject: RE: …hello

Yes Paypal told me them over the phone (I was acting as an employee) and go daddy let me “guess” for the first two digits of the card

But guessing 2 digits correctly isn’t that easy, right?

From: SOCIAL MEDIA KING
To: <*****@*****.***> Naoki Hiroshima
Date: Mon, 20 Jan 2014 20:09:21 -0800
Subject: RE: …hello

I got it in the first call, most agents will just keep trying until they get it

He was lucky that he only had to guess two numbers and was able to do it in a single call. The thing is, Go Daddy allowed him to keep trying until he nailed it. Insane. Sounds like I was dealing with a wannabe Kevin Mitnick—it’s as though companies have yet to learn from his Mitnick’s exploits circa 1995.

Avoid Custom Domains for Your Login Email Address

With my Go Daddy account restored, I was able to regain access to my email as well. I changed the email address I use at several web services to an @gmail.com address. Using my Google Apps email address with a custom domain feels nice but it has a chance of being stolen if the domain server is compromised. If I were using an @gmail.com email address for my Facebook login, the attacker would not have been able to access my Facebook account.

If you are using your Google Apps email address to log into various websites, I strongly suggest you stop doing so. Use an @gmail.com for logins. You can use the nicer custom domain email for messaging purposes, I still do.

In addition, I also strongly suggest you to use a longer TTL for the MX record, just in case. It was 1 hour TTL in my case and that’s why I didn’t have enough time to keep receiving emails to the compromised domain after losing the DNS control. If it was a week-long TTL for example, I would have had a greater chance to recover the stolen accounts.

Using two-factor authentication is a must. It’s probably what prevented the attacker from logging into my PayPal account. Though this situation illustrates that even two-factor authentication doesn’t help for everything.

Conclusion

Stupid companies may give out your personal information (like part of your credit card number) to the wrong person. Some of those companies are still employing the unacceptable practice of verifying you with the last some digits of your credit card.

To avoid their imprudence from destroying your digital life, don’t let companies such as PayPal and GoDaddy store your credit card information. I just removed mine. I’ll also be leaving GoDaddy and PayPal as soon as possible.

Editor’s Note: The Next Web has reached out to GoDaddy, PayPal, and Twitter for comment.

– PayPal says it did not release any credit card, personal or financial information for the account in question.

– A Twitter spokesperson tells us: “While we don’t comment on individual accounts, we are investigating the report.”

– GoDaddy Chief Information Security Officer Todd Redfoot provided the following statement:

Our review of the situation reveals that the hacker was already in possession of a large portion of the customer information needed to access the account at the time he contacted GoDaddy. The hacker then socially engineered an employee to provide the remaining information needed to access the customer account. The customer has since regained full access to his GoDaddy account, and we are working with industry partners to help restore services from other providers. We are making necessary changes to employee training to ensure we continue to provide industry-leading security to our customers and stay ahead of evolving hacker techniques.

Wednesday, July 16, 2014 Share: