Hack for world: 2011

Add to Technorati Favourites

Add to del.icio.us

Best Free Android Security Software Avast Antivirus

For you who longing for free Android antivirus, this is an exciting news for you. Avast, one of the famous antivirus vendors, now has launched Android Antivirus you can use for free! This Antivirus mobile is named Avast Mobile Security.

Avast Free Mobile Security supports a number of features that are usually available only in paid-for Android security software. These include privacy reports, call and SMS filtering, SIM-card change notifications, firewall and application management.

By using Avast Mobile Security in your Android phone, your cell phone will be protected from virus, threat, hacker, even it’s able to minimize your loss if your Android cell phone is stolen. The antivirus component supports real-time protection and automatic updates. Updates can be configured to only be downloaded over certain types of connections and the interface can be protected with a password.

Call and SMS filtering can help device owners block annoying advertising calls or spam text messages. Users can define groups of phone numbers and configure the blocking intervals for them.The firewall component is only available for rooted devices because it requires special system-level access to enforce its rules. Device owners can use it to block individual applications from accessing the Internet over certain types of connections.

If your cell phone Android version is Android 2.1.x, 2.2.x, or 2.3.x, so you can download and install Avast Mobile Security directly from Android Market.

Hewlett-Packard printers remote hacks Security fix available

Hewlett-Packard (HPQ) released a firmware update Friday that is says will fix a susceptibility in some of the Palo Alto company’s popular LaserJet printers that researchers said could allow hackers to remotely take control of the devices. The company stressed that it will be “communicating this proactively to customers and partners” though not, it seems, just yet, with the press release on the update giving no details of the changes made by HP and failing to reveal which devices the new firmware is available for.

Last Month, team of researchers from Columbia University discovered that some Hewlett-Packard LaserJet printers, and possibly similar devices, did not verify software upgrades contained within so-called remote firmware updates. The researchers were able to offer firmware updates that included malicious software and then take control of the printer.Once the researchers were able to take control of HP printers, they were able to accomplish a host of potentially dangerous tasks. They said they could print a tax return while sending a copy to a hacker’s remote computer, compromising a host of personal information; easily disable printers; and even command a printer to continuously heat up its ink-drying component until it started to catch fire.

On Friday, HP issued a news release reiterating that no customers have reported unauthorized access to their LaserJet printers, and offered a firmware update that the company says will “mitigate this issue.” The update is available at www.hp.com/support, in the “Drivers” category.

ANONdroid v. 00.00.008 : JonDonym proxy client for Android released

ANONdroid is a JonDonym proxy client for Android smartphones. This nice piece of software is under ongoing development by the AN.ON project of the university Dresden. Project leader is Dr. Stefan Köpsell. ANONdroid uses the core libraries of JonDo with a smartphone compatible GUI.

ANONdroid acts as a proxy for your internet applications and will forward the traffic of your internet applications encrypted to the mix cascades. It is still under development, but a first version is ready for download from theAndoid market.

a secure browser configuration is important for anonymous surfing we recommend the use of Orweb browser. It is a browser for Orbot, but can be used with ANONdroid too. After installation you have to change the proxy settings of Orweb to localhost:4001.

How It Works
When you start the JAP client program, JAP first connects to the InfoService to check if the program version is still current. If the version of the program is no longer compatible with the software of the mix, the user is automatically offered a program update, since otherwise the JAP service could no longer be used.

In the next step, JAP registers with the first mix station of the chosen mix cascade. A permanent network connection between JAP and the first mix station remains until logoff.
On installation of JAP, the user already configured the web browser so that each packet of data sent goes through JAP instead of directly to the internet. JAP encrypts the data and sends it to the first mix station. The first mix station then mixes the data with that of other users and sends it to the second mix station which passes it on to the third mix station which decrypts and sends the data through a cache proxy to the internet.
Each mix carries out cryptographic operations on the message so that the JAP-encrypted data is only readable when it’s gone through the proper mixes in the proper order. That way it’s insured, that an eavesdropper either only receives unreadable (encrypted) data or can no longer determine the sender. In order for it to work correctly, only one mix in the cascade need be trusted not to inform the eavesdropper as to the method of message mixing. Here is a description of the exact method of encryption.

Download ANONdroid

Key infrastructure systems of 3 US cities Under Attack By Hackers

BBC News Reported that the Federal Bureau of Investigation (FBI) announced recently that key infrastructure systems of three US cities had been accessed by hackers. Such systems commonly known as Supervisory Control and Data Acquisition (SCADA) are increasingly being targeted by hackers.

At a recent cybersecurity conference, Michael Welch, deputy assistant director of the FBI’s cyber division, said “hackers had accessed crucial water and power services.The hackers could theoretically have dumped sewage into a lake or shut off the power to a shopping mall.”

“We just had a circumstance where we had three cities, one of them a major city within the US, where you had several hackers that had made their way into SCADA systems within the city,” Welch told delegates at the Flemings Cyber Security conference.“Essentially it was an ego trip for the hacker because he had control of that city’s system and he could dump raw sewage into the lake, he could shut down the power plant at the mall a wide array of things,” he added.

In the city of South Houston, Texas, a hacker named pr0f claimed to have broken into a control system that supplied water to the town. Pr0f claimed the system had only been protected by a three-character password which “required almost no skill” to get around.

Security experts predict there will be a rise in such attacks.”Such systems have become a target partly because of all the chatter about the lack of security. Hackers are doing it out of curiosity to see how poorly they are protected,” said by senior security consultant at Sophos.

However the firms that run SCADA systems, such as Siemens, often advise against changing passwords because the threat from malware is not a big a problem as if passwords are changed

China Software Developer Network (CSDN) 6 Million user data Leaked

The “Chinese Software Developer Network” (CSDN), operated by Bailian Midami Digital Technology Co., Ltd., is one of the biggest networks of software developers in China. A text file with 6 Million CSDN user info including user name, password, emails, all in clear text leaked on internet.

The Download Link (use xunlei to download the file) of the File is available on various social Networks. NowChinese programmers are busy changing their password now.

Just did some data ming on CSDN leaked user data. Some interesting findings. Here are the results of Top 100 email providers form 6M CSDN user emails :

@qq.com, 1976190

@163.com, 1766919

@126.com, 807893

@sina.com, 351590

@yahoo.com.cn, 205487

@hotmail.com, 202944

@gmail.com, 186843

@sohu.com, 104735

@yahoo.cn, 87048

@tom.com, 72360

@yeah.net, 53292

@21cn.com, 50709

@vip.qq.com, 35119

@139.com, 29207

@263.net, 24778

@sina.com.cn, 19155

@live.cn, 18920

@sina.cn, 18601

@yahoo.com, 18452

@foxmail.com, 16432

@163.net, 15173

@msn.com, 14211

@eyou.com, 13372

@yahoo.com.tw, 10810

@huiseo.cn, 8493

@csoftmail.cn, 7121

@citiz.net, 6605

@vip.sina.com, 5378

@189.cn, 5004

@etang.com, 4236

@chinaren.com, 3973

@yahoo.com.hk, 3899

@neusoft.com, 2930

@wormsoft.cn, 2780

@sogou.com, 2567

@bdqnok-cp.com.cn, 2551

@live.com, 2528

@mail.china.com, 2177

@china.com, 2169

@mail.ustc.edu.cn, 2038

@huawei.com, 1921

@vip.163.com, 1882

@sjtu.edu.cn, 1881

@371.net, 1805

@10pig.com.cn, 1782

@zte.com.cn, 1681

@cp-bdqnok.com.cn, 1632

@company-mail.cn, 1555

@msn.cn, 1522

@netease.com, 1499

@uggsrock.com, 1363

@bjtu.edu.cn, 1342

@hotmail.com.tw, 1313

@owlpic.com, 1277

@siteposter.net, 1275

@x263.net, 1183

@2008.sina.com, 1180

@elong.com, 1172

@yahoo.co.jp, 1049

@chongseo.com, 1033

@bofthew.com, 1022

@tyldd.com, 992

@fudan.edu.cn, 987

@marketnet.com.cn, 963

@newline.net.cn, 955

@stu.xjtu.edu.cn, 931

@online.sh.cn, 928

@msa.hinet.net, 927

@zju.edu.cn, 878

@king.com, 870

@cmmail.com, 844

@123.com, 838

@56.com, 836

@cpok-bdqn.com.cn, 818

@zj.com, 804

@china.com.cn, 803

@fm365.com, 763

@71mail.com.cn, 751

@avl.com.cn, 748

@bdqncpok.com.cn, 720

@mails.tsinghua.edu.cn, 719

@bit.edu.cn, 693

@mail.nankai.edu.cn, 640

@lzu.cn, 622

@xnmsn.cn, 602

@wo.com.cn, 599

@ah163.com, 598

@yahoo.ca, 594

@263.com, 563

@eastday.com, 561

@stu.edu.cn, 559

@188.com, 556

@mobile.csdn.net, 539

@csdn.net, 533

@sian.com, 519

@ymail.com, 518

@km169.net, 490

@emails.bjut.edu.cn, 488

@pp.com, 483

@pchome.com.tw, 480

Security is important, especially for online service. And NEVER store user password in clear texts.

1.8 Million Accounts Hacked from Square Enix Japanese Game Company

Square Enix stated yesterday that somebody “may have gained unauthorized access to a particular Square Enix server” and took its members service offline in both Japan and the U.S. Today, the company clarified that 1.8 million customer’s accounts had been affected.

The company said it noticed that unknown parties had accessed the server for its free “Square Enix Members” site on Tuesday afternoon, and decided to shut down the service the same day. Users register on the server with their email addresses and sometimes their names, addresses and phone numbers, but the server holds no credit card information, a spokesman said.

The intruder breached an unknown number of servers that could hold data for the service’s one million members in Japan and 800,000 members in North America, but left untouched the servers with its 300,000 European members. In May, Square Enix said it suffered hacking attacks into the web site of a Canadian subsidiary and two product sites. It said 350 applicants’ resumes and up to 25,000 email addresses were stolen in that attack.

Kaspersky Internet Security Memory Corruption Vulnerability

Vulnerability-Lab Team discovered a Memory & Pointer Corruption Vulnerability on Kaspersky Internet Security 2011/2012 & Kaspersky Anti-Virus 2011/2012. A Memory Corruption vulnerability is detected on Kaspersky Internet Security 2011/2012 & Kaspersky Anti-Virus 2011/2012.

The vulnerability is caused by an invalid pointer corruption when processing a corrupt .cfg file through the kaspersky exception filters,which could be exploited by attackers to crash he complete software process.

The bug is located over the basegui.ppl & basegui.dll when processing a .cfg file import.

Affected Version(s):

Kaspersky Anti-Virus 2012 & Kaspersky Internet Security 2012

KIS 2012 v12.0.0.374
KAV 2012 v12.x

Kaspersky Anti-Virus 2011 & Kaspersky Internet Security 2011

KIS 2011 v11.0.0.232 (a.b)
KAV 11.0.0.400
KIS 2011 v12.0.0.374

Kaspersky Anti-Virus 2010 & Kaspersky Internet Security 2010

The kaspersky .cfg file import exception-handling filters wrong or manipulated file imports like one this first test … (wrong-way.png). The PoC is not affected by the import exception-handling & get through without any problems. A invalid pointer write & read allows an local attacker to crash the software via memory corruption. The technic & software to detect the bug in the binary is private tool.

Some Important Windows Commands For Administrator use

These command help you to have more control over your windows machine and also provide you with number of options for customizing your windowsenvironment. Moreover through some of these windows commands you can set or reset anything on your computer(if you have administrative privileges).

For Newbie

What is Command Prompt ?

Command Prompt is a command line interpreter application available in most Windows operating systems.
Command Prompt is officially called Windows Command Processor but is also sometimes called the command shell or by its file name cmd.exe.Note: Command Prompt is sometimes incorrectly referred to as “the DOS prompt” or as MS-DOS itself. Command Prompt is a Windows program that emulates many of the command line abilities available in MS-DOS but it is not actually MS-DOS.

To use thse commands just -
Go to start ,
Click on run , or just press “WIN + R” for directly opening it, and enter any of these following commands -

compmgmt.msc – It will open a computer management window
cmd – It will open a command prompt(dos shell not to be confused with cmd command)
diskmgmt.msc – It will open a disk management window
dfrg.msc – It will open a disk defrag window
devmgmt.msc – It will open a device manager window
eventvwr.msc – It will open an event viewer window
fsmgmt.msc – It will open a shared folders window
gpedit.msc – It will open a group policies window
lusrmgr.msc – It will open a local users and groups window
perfmon.msc – It will open a performance monitor window
rsop.msc – It will open a resultant set of policies window
secpol.msc – It will open a local security settings window
services.msc – It will open a Various Services window
msconfig - It will open a system configuration utility window
regedit – It will open a registry editor window
msinfo32 -It will open a system information window
sysedit -It will open a system edit window
win.ini – It will open a windows loading information(also system.ini)
winver – It will open a Shows current version of windows
mailto - It will open a Opens default email client.
PSR – For recording purpose in win 7

WinBubbles Lite 2009, Access Windows 7 (and Vista) Customizations easily

This is a small, light-weight, fast, updatable and Open For All version of WinBubbles .
In just few clicks, WinBubbles-Lite will let you access the most important Customizationfunctions of Windows 7 (and Vista) easily.

The powerful utility includes a built-in Graphical User Interface designer and programmer called RegDevelop that will let you update the program the way that you want. Add Features that is needed.

Any part on the program can be updated, Not just for the Programmers But For All.

Branding your new Vista and Windows 7 Machine

Add or Change Original Manufacturers logo and information
Separately Customize the Performance Information and Tools Logo
Change or Customize the Background of Windows 7 Welcome Screen
Change the Owner Information
Add Message before logon
Customize Bubbles Screen Saver – Change to small/Medium size, Metallic Bubbles, remove the shadow and launch in a Black Background
Add “Move To” and “Copy To” Right-Click Menu
Opened with Notepad” Context/Right-Click Menu
Hide this file” and “Hide this Folder” Right-Click Menu – Standard and Run as Admin is included
No Folder Option (Logoff is needed in Windows 7)
Disable Regedit
Disable CMD.exe
Disable Windows Task Manager
Disable Changing of Wallpaper
Disable Control Panel
Disable USB Drive in Windows 7 (Reboot is needed) and Vista
Disable Control Panel
Enter Username before login
Changing UAC levels launcher and *Change the settings to “Prompt for credentials”Note:Remember that image should be ( .bmp ) . So use the online converter for converting any jpeg to bmp format .. ok enjoy the GMMS

Robot Pirates hacked 70 USA sites

Robot Pirates a Pakistani hackers group has hacked more than 70 websites. Most of the sites belongs to USA. According to the hacker the main reason of this cyber attack is to protest the NATO’s attack against Pakistani Army. Previously some other Pakistani hackers also protested against NATO and they ware Pak Cyber Combat Squad, and so on. Robot Pirates released a pastebin where all the hacked sites and there mirror links & their messages are mentioned. Earlier this group has hacked many sites mostly Indian sites.

HTTP DOS Tool by MaxPainCode

Assassin DoS latest version 2.0.3 is developed by MaxPainCode. Assassin DoS new dos tool is based on a new attack that uses HTTP Flood to get the site down, this will work if you try with big dedicated server. Another Feature of Assassin DoS is that it will not take all your resources as the most DoS do. Also its like only 100 mili seconds delay when hitting the target and its available for windows.

To Download Assassin DoS 2.0.3 Click Here

Antivirus and Firewall bypassing script

Security Labs Experts from Indian launch an automated Anti-Virus and Firewall Bypass Script. Its an Modified and Stable Version in order to work with Backtrack 5 distro. In order to compile the generated payload Mingw32 gcc must be installed on your system.

Method:-

apt-get install mingw32-runtime mingw-w64 mingw gcc-mingw32 mingw32-binutils

After the installation you need to move the shell-script (Vanish.sh, We have mentioned the download link below) to default Metasploit folder (/pentest/exploits/framework) and execute it. Recommended Seed Number = 7000 and Number of Encode = 14.

Note: By default Script Generates Reverse TCP Payload but you can change it some modifications in Script [vanish.sh]. Virus Scan Report of Backdoor shows that its almost undetectable by most of the Antivirus programs.

To Download The Script Click Here

Security Labs Experts also released a pastebin. Rest of other information can be found from that release.

Top 10 Websites For Hackers

Hi,
As i said i am back with more stuff for you guys,
Hope you all enjoy them,
So i am here to tell you guys world top 10 websites for hackers,
Which every hacker should know about,
So lets start,

And the #top position goes to,
Hacker The Dude!!!!!!
Kick Ass!!@!@~!

1. Milw0rm

i have given this website the first rank because it is the major place for all

security guys,and penetration testers and the major of us hackers..

2. Hack a day
Second comes this,

its great for hackers to have a community like this,
with compitions,and stuff

3. Security Focus
These guys are great in terms of security testing,

4.ASTALAVISTA - secuirt y & hacking community
Another great place like Top milw0rm…

5.PacketStorm Security
Name tells it all :)

6.Black Hat

7.Metasploit Project

8.Insecure.org: Top 75 Security tools

9.2600 Store

The Birth Of hacking Is here …..

10.Rootkit

Hope you get that,
These where the place you must visit,
Happy Hacking

800 had phones hacked in U.K. media scandal

Police now believe 803 people from a list of those interviewed by investigators in a media ethics scandal had their phones hacked by the News of the World tabloid.

The scandal that has outraged the public began several years ago as a trickle of allegations from celebrities and politicians who said they believed their cell phone messages had been intercepted. It exploded over the summer when news broke that the now-defunct paper owned by Rupert Murdoch had hacked into the phone of murdered British school girl Milly Dowler.

The scandal has led to the closing of the 168-year-old newspaper, the resignation of two top London police officers and several senior Murdoch executives, and the arrest of more than a dozen newspaper editors, including the former editor of the newspaper, who then had to resign from his post as Prime Minister David Cameron's media chief.

The main source of information for the police investigation were the notes of a private investigator working for the News of the World.

In these notes, police had originally identified 5,800 potential phone hacking victims. From that figure, Scotland Yard says it spoke to 2,037 people. Investigators say they believe around 800 were actual victims.

"We are confident that we have personally contacted all the people who have been hacked or who are likely to have been hacked," Scotland Yard said Saturday.

As the scandal widened it also prompted multiple investigations and an official inquiry into media ethics, which has heard from the Dowler family and celebrities such as Hugh Grant about the effects of media intrusion on their lives.

Facebook virus or account hacked? Here’s how to fix it.

You’ve just discovered your Facebook account has been posting all kinds of weird, pornographic, or generally inappropriate content to your Wall and/or News Feed. Your friends are annoyed with all the questionable posts and requests coming from you.

Did you forget to log out of Facebook at your friend’s house, did you accidentally click on something you shouldn’t have, or has your account been hacked?

I can’t answer these questions without actually seeing what’s happening on your profile, but I can offer some advice. Here are three things you should try in order to clean up your Facebook account.

Change your Facebook password

It’s possible your Facebook woes are coming from the result of a phishing scam. Someone may have created a fake website that looks like Facebook or another online service you visit and tricked you into logging in. Their goal was to steal your password and other account credentials, and they may have succeeded.

In this case, you should change your password on Facebook. If you don’t know how to do so, you can refer to the following guide: How to change your Facebook password.

If changing your password fixes your Facebook problems, you should change your password for all your other services too, especially if you use the same password for them as you previously used on Facebook. If this doesn’t fix the problem, try the next step.

Remove unwanted Facebook apps

It’s possible your Facebook woes are coming from a rogue app that you accidentally installed or were tricked into installing. Every Facebook app has certain permissions to your account. Some of these permissions you can modify, while others you cannot.

Your best bet is to remove all the Facebook apps you find suspicious. If you don’t know how to do so, you can refer to the following guide: How to clean up your Facebook apps.

If cleaning out your apps fixes your Facebook problems, tell your friends they should do the same (chances are the app asked your friends to install it as well). If this doesn’t fix the problem, try the next step.

Get some security software and run a virus scan

It’s possible your Facebook woes are coming from some sort of malware, be it a keylogger, a trojan, or some other type of virus. Even if you think your computer is clean, it can’t hurt to check.

I recommend Microsoft Security Essentials –it’s free and gets the job done very well. Another good one is Malwarebytes. Other free alternatives include Avira and Avast.

The aforementioned security programs are for Windows. If you have a Mac, try using the antivirus from Sophos.

After running the virus scan, clean out whatever the program detects. If you’re not sure about what it found, ask a friend who might.

British student admits hacking into Facebook

26-year-old Glenn Steven Mangham, a student in the UK, admitted hacking into Facebook, a court heard this week. Mangham pleaded guilty to breaching the social network’s security systems between April 27 and May 9. He was arrested on June 2 and released from prison on bail after spending two months behind bars. Four conditions were attached to his bail, including that he live and sleep at his home address, not access the Internet, and not have any devices in the house that can access the Web.

Mangham had previously shown Yahoo how to improve its security and wanted to do the same for Facebook, the court heard, according to the BBC. Prosecutor Sandip Patel said the defendant’s actions caused concern among a number of American authorities, including the FBI, and that Mangham’s actions were the “most effective and egregious example of hacking into social media that has come before a British court. It required considerable expertise.” He managed to download “highly sensitive intellectual property.”

“This attack did not involve an attempt to compromise or access user data,” a Facebook spokesperson said in a statement.

Facebook discovered the infiltration during a system check. Tom Ventham, Mangham’s defence lawyer, said his client was an ethical hacker who had a “high moral stance” and Yahoo had “rewarded” him for pointing out its vulnerabilities. “That was his plan here but the activity was found by accident,” said Ventham.

Mangham used various programs to get past Facebook’s defenses, and faces five charges for repeatedly trying to penetrate the defenses of the social network under the Computer Misuse Act 1990. More specifically, Mangham is accused of downloading a computer program to secure unauthorized access to Facebook, of attempting to hack into Facebook’s Mailman server, of using PHP script to secure access to Facebook’s Phabricator server, of sharing a PHP script intended to hack into that server, and of securing repeated access to another Facebook server.

Facebook runs a Puzzle server to allow computer programmers to test their skills. A Mailman server is typically used by firms to run internal and external email distribution lists. The Phabricator is a set of tools designed by the company to make it easier to build Facebook apps.

President of Guyana’s Website defaced by Hackers

The Official Website of President of Guyana‘s Website defaced by some hackers belongs to Group called “The Hackers Army” .”To the ignorant observer Israel may appear modern, vigorous and democratic largely thanks to the outrageous bias in Western media and the $$$ whom have become our leaders…now wake up!!!” The Pakistani hacker also blames the UN for creating out of Israel a country comparable to Nazi Germany. Also earlier The Hackers Army has hacked lots of high profile websites inlcuding ESET antivirus site and many more.

The Disaster named hacker from the group is responsible for the Defacements . This is not the first time when Tha Disastar manages to breach the security of a site. Just yesterday he took down one of the websites used by Anonymous to spread their activist messages.

US ,Israel or Russia , Who is Behind Stuxnet?

Initially After Symantec did a little reverse engineering on the now infamous Stuxnet worm, many started pointing the finger at the US and Israel, especially since it was concluded that the piece of malware was designed to target a specific version of the Siemens SCADA programmable logic controls (PLC) operating in certain nuclear facilities from Iran. Ralph Langner told a conference in California that the malicious software was designed to cripple systems that could help build an Iranian bomb.Mr Langner was one of the first researchers to show how Stuxnet could take control of industrial equipment.

Dr. Panayotis A. Yannakogeorgos is a cyber defense analyst with the U.S. Air Force Research Institute. He told the Diplomat that the one weak point in the theory that the US and Israel hit the Iranian nuclear problem with Stuxnet is that both sides denied it when they would not have had to. Yannakogeorgos said that the Russians could have equally carried out the attack. Apparenly the Russians are not that happy about an Iranian indigenous nuclear capability even if they are helping build it.

In brief, the case for the United States having designed and developed Stuxnet is as follows: First, neither the United States nor Israel wants Iran to develop nuclear weapons. The worm, then, is seen as likely part of a covert strategy to delay or destroy Iran’s nuclear infrastructure while stopping short of war. The weapon was designed to target a specific version of the Siemens SCADA programmable logic controls (PLC) operating a specific configuration and number of cascading centrifuges found in Iran. Some analysts point to the fact that there were vulnerability assessments being run at Idaho National Labs on Siemens PLC software. Others note that the design of the cyber weapon closely fit Richard Clark’s description in Cyber War of a well-designed and ethically thought out weapon limiting collateral damage due to a vast army of lawyers scrutinizing the effects. The malware-analyst community, meanwhile, points to digital code strings such as “b:\myrtus\” taken from biblical events important to Israeli identity. And, as the story goes, after the political decisions, vulnerability assessments, and weapon design took place, either an Iranian agent was found to take the USB memory stick into the nuclear facility, or all the computers around the plants were infected with Stuxnet via the conficker worm.

Russia has a good reason not to want Iran to get its paws on nuclear technology. In 1995, for example, Chechen rebels planted a “dirty bomb” in Moscow’s Izmailovsky Park. Nuclear material is much more secure in Russia but if Iran develops a full-blown nuclear capability, Chechen or other violent extremist and nationalist rebels go to Iran to buy the material.

The Stuxnet attack may be coupled with an assassination campaign targeting Iranian nuclear and computer scientists and various leaks suggesting covert action, all made for a compelling case of U.S. involvement. But whether it was the United States or Russia behind it, it’s clear that in Stuxnet’s aftermath, and with the emergence of other worms within their systems, Iranian nuclear engineers have less confidence in the accuracy of sensor information on digital displays. All this means that there’s now no need for the U.S. or Russia to say anything on the issue internal conflict in the minds of those responsible for Iran’s nuclear program is doing a perfectly good job of delaying progress.

Government organised 12 Chinese Hacker Groups behind all Attacks

About 12 different Chinese groups largely directed by the government there, do the bulk of the China based cyber attacks stealing critical data from U.S. companies and government agencies, according to U.S. cyber security analysts and experts. US online security companies are suggesting that it should have the right to force them to stop “by any means possible“.

Sketched out by analysts who have worked with U.S. companies and the government on computer intrusions, the details illuminate recent claims by American intelligence officials about the escalating cyber threat emanating from China. And the widening expanse of targets, coupled with the expensive and sensitive technologies they are losing, is putting increased pressure on the U.S. to take a much harder stand against the communist giant.

The report states that many of the attacks carry tell-tale signatures of particular hacking groups being tracked by intelligence and cybersecurity teams in the U.S., contrary to many expert opinions which indicate that accurate attribution is nearly impossible if the attackers are savvy enough.

James Cartwright, a former vice chairman of the Joint Chiefs of Staff who advocates for increasing measures to hold China and other nation-states responsible for intrusion operations, said that “industry is already feeling that they are at war.“

“Right now we have the worst of worlds. If you want to attack me you can do it all you want, because I can’t do anything about it. It’s risk free, and you’re willing to take almost any risk to come after me,” said Cartwright.

Cartwright believes the U.S. should be aggressive in their response to attacks that originate overseas, in essence establishing that “if you come after me [the U.S.], I’m going to find you, I’m going to do something about it. It will be proportional, but I’m going to do something… and if you’re hiding in a third country, I’m going to tell that country you’re there, if they don’t stop you from doing it, I’m going to come and get you.“

The government “needs to do more to increase the risk,” said Jon Ramsey, head of the counter threat unit at the Atlanta-based Dell SecureWorks, a computer security consulting company. “In the private sector we’re always on defense. We can’t do something about it, but someone has to. There is no deterrent not to attack the U.S.“

According to experts, the malicious software or high-tech tools used by the Chinese haven’t gotten much more sophisticated in recent years. But the threat is persistent, often burying malware deep in computer networks so it can be used again and again over the course of several months or even years.The tools include malware that can record keystrokes, steal and decrypt passwords, and copy and compress data so it can be transferred back to the attacker’s computer. The malware can then delete itself or disappear until needed again.

For the first time, U.S. intelligence officials called out China and Russia last month, saying they are systematically stealing American high-tech data for their own economic gain. The unusually forceful public report seemed to signal a new, more vocal U.S. government campaign against the cyberattacks.

Carrier IQ acting as Special Agent for FBI ?

The Carrier IQ Privacy issue continues today with a new, albeit not a really surprising, episode. Apparently the FBI was aware of what the Carrier IQ technology is able to do, and the Bureau is not willing to reveal anything regarding Carrier IQ just yet. Whereas, The FBI denies the release of information about their use of Carrier IQ, Wikipedia founder asks for input about a site-wide blackout, and the Kindle Fire will get a pre-Christmas software update to improve performance.

Government watchdog site MuckRock believes Carrier IQ data is being used by the FBI in an investigation. If so, the worries over Carrier IQ will rise up again. Carrier IQ is installed in about 150 million handsets globally, according to the company. MuckRock sent an Freedom of Information Act request to the FBI, asking for “manuals, documents or other written guidance used to access or analyze data gathered by programs developed or deployed by Carrier IQ.” That FOIA request was met with what MuckRock called a “telling denial.”

The very first page of the denial letter specifically states that the information they have in the exempt file is for law enforcement purposes and that they cannot release information that will jeopardize any ongoing investigation.

Carrier IQ and several wireless carriers and handset makers have admitted to installing the software in handsets, but insist the software is benign and designed primarily to collect data for optimizing network and device performance. Critics of Carrier IQ’s software, who include Google executive chairman Eric Schmidt, have claimed the software enables keylogging and extensive data capture.

Hopefully future investigations into Carrier IQ practices will offer us more details about the way Carrier IQ data was used by the FBI, if that’s the case, and we’re certainly interested to see what various U.S. and international officials will have to say about the FBI’s proven involvement with this matter.

In the meantime, if you wish not to be monitored by corporations and the government, we politely remind you to stay off the Internet, stop using all proprietary software and hardware, disconnect your cell phone and land line immediately, and ensure a snug fit on your tin foil helmet.

Three “critical” patches to be in Microsoft security update

Microsoft is planning to next week release 14 patches to fix 20 vulnerabilities across its product line, the company announced Thursday.
Tuesday’s monthly security update, to be released around 1 p.m. EST, will come with three “critical” and 11 “important” bulletins to plug holes in Windows, Office, Internet Explorer, Publisher and Windows Media Player. Most of the vulnerabilities, if exploited, can lead to remote code execution.
It is unclear if the update will include remediation for an unpatched Windows Kernel vulnerability, disclosed just prior to the November patches, which aids in the spread of the Duqu trojan. In addition to describing the planned fixes, Angela Gunn, a senior response communications manager for Microsoft Trusworthy Computing, announced in a Thursday blog post that there is now “greater transparency” around the Microsoft Active Protections Program (MAPP).

Four Romanians Indicted for Hacking Subway, Other Retailers

Four Romanian nationals have been charged with hacking card-processing systems at more than 150 Subway restaurants and 50 other unnamed retailers, according to an indictment unsealed Thursday.

The hackers compromised the credit-card data of more than 80,000 customers and used the data to make millions of dollars of unauthorized purchases, according to the indictment (.pdf).

From 2008 until May 2011, the hackers allegedly hacked into more than 200 point-of-sale (POS) systems in order to install a keystroke logger and other sniffing software that would steal customer credit, debit and gift-card numbers. They also placed backdoors on the systems to provide ongoing acces

The Mole – Another Automatic SQL Injection exploitation tool

The Mole is an automatic SQL Injection exploitation tool. Only by providing a vulnerable URL and a valid string on the site it can detect the injection and exploit it, either by using the union technique or a boolean query based technique.

Features

Support for injections using Mysql, SQL Server, Postgres and Oracle databases.
Command line interface. Different commands trigger different actions.
Auto-completion for commands, command arguments and database, table and columns names.
Support for query filters, in order to bypass certain IPS/IDS rules using generic filters, and the possibility of creating new ones easily.
Exploits SQL Injections through GET and POST methods.
Developed in python 3.

1.) Installation Guide
2.) Tutorial to Use
3.) Download Mole

Hack a webcam and a film camera into a USB microscope

Have you ever wanted to inspect or photograph something up close, but could not find amagnifying glass or did not have enough light on your subject? Well read on, because this project will do the job for you at little or no cost called “My Inspector Gadget”.

Most of you probably have a webcam sitting around somewhere, and after all the high voltage projects you’ve done using disposable cameras, we bet you have some camera lenses too. In a contest entryButch shows how to make your very own computer enabled microscope out of stuff that many of you will have lying around your house. What is basically involved is tearing apart a web cam, adding additional lighting and a lens assembly from an old film camera.

In is project he shows how to harvest the lens from the film camera and mount it, as well as where he added the LED. You can see in the picture above, his results are pretty good.

Green MP’s e mails hacked

Green Party list MP Kevin Hague is today reassuring people that he is alive and well in New Zealand, not trapped penniless in Spain, as an email scam claims.

Mr Hague’s personal email account has been hacked and a scamster purporting to be him is emailing his account contact list to say that he is in financial difficulty, having misplaced his bag in Spain, and desperately needs US$2000 to cover his hotel bill and flight home.
Promising immediate reimbursement when he returns home, the email says: “I feel so devastated, now my passport and other belongings have been retained by the hotel management pending the time I pay my hotel bills. This is shameful.”

BeEF 0.4.2.12 alpha Browser Exploitation Framework Released

The Browser Exploitation Framework (BeEF) is a powerful professional security tool. BeEF is pioneering techniques that provide the experienced penetration tester with practical client side attack vectors.

Unlike other security frameworks, BeEF focuses on leveraging browser vulnerabilities to assess the security posture of a target. This project is developed solely for lawful research and penetration testing.

BeEF hooks one or more web browsers as beachheads for the launching of directed command modules. Each browser is likely to be within a different security context, and each context may provide a set of unique attack vectors.

BeEF provides an easily integratable framework that demonstrates the impact of browser and Cross-site Scripting issues in real-time. Development has focused on creating a modular framework. This has made module development a very quick and simple process. Current modules include metasploit, port scanning, keylogging, TOR detection and more.

Download BeEF 0.4.2.12 alpha

Russian hackers hit Twitter with automated hashtags tweets

Russian hackers have taken aim at Twitter in recent days to hamper communication between opposition activists as outrage against the conduct of last week’s general elections grows. The pro-government messages were generated by thousands of Twitter accounts that had little activity beforehand. The hashtag is #триумфальная (Triumfalnaya), the name of the square where many protesters gathered.

Maxim Goncharov, a senior threat researcher at Trend Micro, observed that “if you currently check this hash tag on twitter you’ll see a flood of 5-7 identical tweets from accounts that have been inactive for month and that only had 10-20 tweets before this day. To this point those hacked accounts have already posted 10-20 more tweets in just one hour.”

Brian Krebs, the author of the blog Krebs on Security, noted that the ‘bot accounts he lists themhere appear to follow a single account called @master_boot, as well as following each other. The accounts were also all created in July of this year. Besides pro-government tweets many of the messages are gibberish.

Getting the software for such attacks isn’t that hard, about $150 one can get the automated Twittering software, and a “Twitter blasting machine” totals about $300. Social networks are becoming an increasingly important stage for conflict between governments and their people. Occupy Wall Street has made effective use of Tumblr, and protests in Egypt were often organized using Twitter and Facebook.

Subscribe to: Posts (Atom)