HP Training Center Official Website Hacked & Defaced

HP Training Center Official Website Hacked & Defaced 

Official website of Hewlett Packard Training center also known as HP training center get hacked. Here again well-known Pakistani hacker known to as 'Hitcher' from a hacker collective group named Pak Cyber Force (PCF) took responsibility of this hack. His last hack take down the official website of NIOS, and here also he followed the same mechanism & that is in-spite of having full privilege on the HP server, the hacker did not harm the main index. He just uploaded his deface page as shown in the above picture. This hack also compromised three sub-domain of HP among them there are Designjet - Sales Training and Development Center, HP Indigo Training Center & one more. As expected Hitcher has also created deface mirror on Zone-Hack. This cyber attack took place yesterday & still the deface page uploaded by the hacker exist on the web-server. Such kind of carelessness or irresponsibility is not at all expected from a company like HP. Hitcher is widely known for defacing high profile websites, his last few high profile hack was Bank of Punjab, Kingfisher Airlines, Central Statistical Agency of Ethiopia & 100+ Chinese Govt Websites. The hacker's message on the deface page is clearly indicating that the hack was motivated due the cause of Palestine. Though it is not clear that why he targeted HP, because there is no relation between HP and the inhuman torture in Palestine. 

Message of the Hacker:- 

"Free Palestine . . . We will not go down..Freedom is our goal. .// End the Occupation. . . . .

You the Zionist Government of Israel have been murdering thousands and thousands of innocent Palestinian people for years and enough is enough! The land you call Israel is occupied illegally and is not and will never be yours and the fight to free the Palestinian people and their land from your evil clutches will continue! You continue to try and play the victim in all this bloodshed, yet we have all seen and know you are the murderers, suppressors, rapists and terrorists in this bloody war!

You have NO Israeli culture, NO history in Gaza, nor in the West Bank or in Great Palestine. The only history you the Zionist Terrorist Israel are leaving for your future children is of BLOODSHED, TEARS and LOSS OF LIFE and that is not something to be proud of. To call the land you illegally occupy "Israel" is not only misguided, it is tragic and leaves a very foul taste in the mouths of millions of people who stand against you.

Israel your idea of the peace process is surrender or war and we will not surrender! This is not a war against race, religion nor sex, but a fight against the suppression, murders, and rapes of millions of Palestinians that occurs on a daily basis by you the Zionists. 

To the people of Palestine we have not forgotten you, nor will we ever forget you and as long as we are still breathing we will continue to grow stronger and will fight for your freedom!

LONG LIVE PALESTINE.."

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">HP Training Center Official Website Hacked & Defaced"https://www.voiceofgreyhat.com/2012/08/HP-Training-Center-Official-Website-Hacked.html</a>

HP Issues Firmware To Fix LaserJet Printer's Security Hole

Last month we have published a article which was saying that HP LaserJet Printers have serious security flaws. Columbia University Researchers have discovered a vulnerability in some Hewlett-Packard (HP) LaserJet printer lines that could allow attackers to install a modified firmware to steal information, run attacks from within a network or cause physical damage to the printer. 

The exploit made known in the report was based on HP LaserJet printers that allow firmware upgrades through a "Remote Firmware Update" process. Because the printers don't verify the source, and because firmware updates don't come packed with a signature, anyone can send a virus-laden document to the printer which would instruct the printer to erase its current firmware and install a malware-laced version. Hackers can even do this on printers configured to accept print jobs via the Internet.

Once news of a potential hacker-ignited fire began to circulate, HP quickly retaliated to the Columbia University finding, stating that a potential fire stemming from a firmware change was false. "HP LaserJet printers have a hardware element called a 'thermal breaker' that is designed to prevent the fuser from overheating or causing a fire," HP said in a statement. "It cannot be overcome by a firmware change or this proposed vulnerability."

On December 23, HP issued a news release reiterating that no customers had reported unauthorised access to their LaserJet printers, and offered a firmware update that the company said would ''mitigate this issue''. The update is available on the company's support website, in the ''Drivers'' category.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">HP Issues Firmware To Fix LaserJet Printer's Security Hole"https://www.voiceofgreyhat.com/2011/12/hp-issues-firmware-to-fix-laserjet.html</a>

Zero-Day Vulnerability Found in The Server Monitoring Software of HP

Zero-Day Vulnerability Found in The Server Monitoring Software of HP

After the massacre of HP LaserJet Printers yet again another product of HP (server monitoring software) has been infected with zero-day vulnerability. Hewlett-Packard have already issued a security warning to its customers about two security vulnerabilities in its Operations Agent server monitoring software. The vulnerabilities were reported to HP by Luigi Auriemma via TippingPoint's Zero Day Initiative (ZDI). According to the company, unspecified errors in the enterprise software for AIX, HP-UX, Linux, Solaris and Windows can be exploited by a remote attacker to compromise a vulnerable system and execute arbitrary code. Both of these errors have a CVSS 2.0 (Common Vulnerability Scoring System) base score of 10.0, the highest.

Versions prior to 11.03.12 on all supported platforms are affected; upgrading to 11.03.12 corrects the problems. A full list of affected versions, and patch download information can be found in the company's security advisory. HP advises all administrators to install the patches as soon as possible. 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Zero-Day Vulnerability Found in The Server Monitoring Software of HP"https://www.voiceofgreyhat.com/2012/07/zero-day-vulnerability-found-in-server.html</a>

HP LaserJet Printers Have Serious Security Flaws Said Columbia University Researchers

Columbia University Researchers have discovered a vulnerability in some Hewlett-Packard (HP) LaserJet printer lines that could allow attackers to install a modified firmware to steal information, run attacks from within a network or cause physical damage to the printer.

Attacks can be carried out from different vectors. Printers that support a remote firmware update process could allow attackers to take control of a printer’s firmware over the Internet in less than a minute if the printer is not protected properly by a firewall. The researchers during a scan were able to find more than 40,000 devices that they said could be infected within minutes.

Local attacks are another possibility. The researchers were able to send print commands from Macintosh and Linux computer systems to trick the printer into reprogramming itself. It is not clear at the time of writing if Windows environments are safe or also affected by this.

Printers that the researchers analyzed do not verify the source of the firmware with the help of digital signatures. A HP spokesperson stated that all modern HP printers do require digitally signed firmware upgrades since 2009. Even worse for consumers and companies, there is no way of telling if a printer’s firmware has bee compromised short from physically disassembling the printer and analyzing its chipset output.

According to RedTape, HP is currently analyzing the claims made by the researchers. HP could release a firmware update of their own to resolve the vulnerability. Compromised printers however may have been programmed to block new firmware updates. That’s bad on the one hand as companies would have to throw away the printer in this case (or talk to HP to find a solution) and good in another as they have just identified a compromised printer in their network. The researchers have started analyzing printers manufactured by other companies recently but no results have been posted yet. They say it is likely that printers and other devices with Internet access are also vulnerable.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">HP LaserJet Printers Have Serious Security Flaws Said Columbia University Researchers"https://www.voiceofgreyhat.com/2011/12/hp-laserjet-printers-have-serious.html</a>

HP unveils a "technological revolution"... the Wi-Fi mouse

HP has unveiled what it calls a "technological revolution" - a Wi-Fi mouse.
The new HP Wi-Fi Mobile Mouse is the first to connect over Wi-Fi, which HP said helps free up USB ports occupied by wired mice or wireless versions that require a USB-based radio frequency connector. It will work from up to 30 feet away.
"It ranks as a technological revolution because it eliminates wires and external receivers forever, offering total freedom at your fingertips," HP said, seemingly without irony.
The technological marvel promises a nine-month battery life - twice that of Bluetooth rivals - and comes with five customisable buttons and a laser sensor. It features what HP describes as a "sculpted shape designed to fit like a glove in your hand".
The Wi-Fi only works with Windows 7 machines and will be available this month for £40.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">HP unveils a "technological revolution"... the Wi-Fi mouse"https://www.voiceofgreyhat.com/2011/05/hp-unveils-technological-revolution-wi.html</a>

Another Fake Publicity stunt of The Hacker News (THN) get exposed, This time by PCA

Another Fake Publicity stunt of The Hacker News (THN) get exposed, This time by Pakistan cyber Army (PCA). Today THN published that ftp of HP get hacked and their Data Base will be licked also they specific the space of that DB and that was around 9 GB. But the reality is that ftp of HP is not at all hacked. It is a rumor, created to get fake attention.  

Today the Official Authority of PCA inform the VOGH team about this stuff. They also want to expose these hole story in front of the world. 

According to PCA:- 

"...Dear All,

This is PCA yea yea you know us Pakistan Cyber Army with "mission Exposed". Copy Cats are around every where in the world. We have just read a story of "HexCode" hacking into HP ftp. He calim to have GB's of DATA from the HP server. "HexCode" script kiddie so called l33t forgot that the folder he is showing is a "public" folder "/pub" and it is mainly use to download update patches. Go on and just access "ftp://ftp.hp.com/pub/" from your ftp client or firefox LOL..... HP Hacked ROFL

Acer ftp was critical because it exposes user information about the "packerd Bell" Users. "HexCode" grow up kiddoz you cant be a hacker realize this reality ROFL. Fake stuff by a kid... and .... Ahhh forget it LOL.... "HexCode" another script kiddie expose by PCA ROFL........ ROFL.......  PCA will keep exposing kids like before.... Grow Up and drink RedBull ROFL..

Thehackernews is posting fake news LOL... "

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Another Fake Publicity stunt of The Hacker News (THN) get exposed, This time by PCA"https://www.voiceofgreyhat.com/2011/06/another-fake-publicity-stunt-of-hacker.html</a>

XSS Vulnerability Found On HP (Hewlett Packard ) By Mohit Pande

Non persistent XSS Vulnerability Found On HP (Hewlett Packard ) By Mohit Pande Aka Toshu

Vulnerable Website:-

http://www.hp.com/

Vulnerable Link:-

http://www8.hp.com/us/en/hp-search/search.html?nores=true&qt=%3CMarquee%3EMohit%20Pande%20Aka%20Toshu%20!%3C/marquee%3E%3Ciframe%20src=http://i52.tinypic.com/bgyz2q.jpg/%20height=800%20width=800

 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">XSS Vulnerability Found On HP (Hewlett Packard ) By Mohit Pande"https://www.voiceofgreyhat.com/2011/08/xss-vulnerability-found-on-hp-hewlett.html</a>

Red Hat Enterprise Linux (RHEL) 6.2 Released

After RHEL 6.2 Beta now Red Hat the world’s leading provider of open source solutions, today announced the general availability of Red Hat Enterprise Linux 6.2. With this milestone, Red Hat includes many enhancements that deliver benefits spanning multiple areas, including performance and scalability. Red Hat Enterprise Linux 6 operating system achieved the largest multi-core Linux configuration results certified to-date on the two-tier SAP® Sales and Distribution (SD) standard application benchmark.1 Proven to perform and scale, Red Hat Enterprise Linux 6 effectively supports large, mission-critical enterprise computing environments.

Vice President and General Manager, Platform Business Unit at Red Hat, said, “The exciting features in Red Hat Enterprise Linux 6.2 with new impressive SAP® benchmark results allow our enterprise customers to have increased confidence that Red Hat Enterprise Linux 6 can run their enterprise workloads with high performance across physical, virtual and cloud computing environments.”

Enterprises can confidently migrate to the latest multi-core technology with Red Hat Enterprise Linux 6. On the latest two-tier SAP SD standard application benchmark, Red Hat Enterprise Linux 6 achieved more than 22,000 SAP SD benchmark users on a single system. On this same benchmark, the HP DL980 G7 system running Red Hat Enterprise Linux 6 fully utilized all 80 cores and 160 threads in the 8-processor system running MaxDB 7.8 and the SAP enhancement package 4 for the SAP ERP 6.0 application. This is the largest Linux result submitted to SAP to-date. The results demonstrate the capabilities of the HP ProLiant DL980 G7 8-processor system’s PREMA architecture and smart CPU caching technology. Results are as of December 2, 2011, certification number 2011052.

“Clients need solutions to automate, scale-up or virtualize their environments to best fit their business requirements,” said Martin Whittaker, vice president, Systems and Solutions Engineering, Enterprise Servers, Storage and Networking at HP. “Optimizing Red Hat Enterprise Linux on HP ProLiant DL980 systems extends the power of open source to HP Converged Infrastructure, delivering uptime, increased capacity and faster processing speeds.”

Red Hat Enterprise Linux 6.2 delivers significant improvements in resource management and high availability, as well as new features aimed at storage and file system performance and identity management. Red Hat Enterprise Linux 6.2 provides additional capabilities to manage system resources. For service providers or internal IT organizations that deliver applications or hosted services via multi-tenant environments, maximums can be set for CPU time associated with a given application, business process or a virtual machine. This allows for more efficient management of SLAs and enables the ability to implement service priorities, similar to those associated with network Quality of Service (QoS).

When an enterprise deploys its applications to run in a Red Hat Enterprise Linux 6.2 guest hosted by VMware, the applications can now be utilized for High Availability (HA) Add-Ons. This also includes full support for use of GFS2 shared storage file system by the virtual machines. The result is additional deployment flexibility for customers requiring HA within a portion of their virtualized environment, as well as full support for Red Hat Enterprise Linux on the VMware hypervisor.

Red Hat Enterprise Linux 6.2 adds enhancements to storage and file system features including full support of iSCSI extension for RDMA. Now, benefits of low latency and high throughput through a standard SAN implementation based on 10Gb Ethernet are available to even the most demanding storage environments. This allows customers to opt out of expensive Infiniband hardware or other dedicated interconnect fabrics. Other enhancements around file system include delayed meta data logging, asynchronous and parallel file system writes, as well as support for multiple active instances of Samba in a cluster which improves overall throughput and increases availability for large Samba clustered deployments.

Identity Management:-

In Red Hat Enterprise Linux 6.2 provides the administrative tools to quickly install, configure and manage server authentication and authorization in Linux/Unix enterprise environments, while still providing the option to interoperate with Microsoft Active Directory. This enables enterprises to manage Linux infrastructure easily and cost-effectively. Centralized identity management and host-based access control can reduce administrative overhead, streamlines provisioning and improves security.

Performance:- 

Is key to all customers. Red Hat Enterprise Linux 6.2 continues to put an emphasis on accelerating I/O such as network traffic steering to improve network throughput by as much as 30 percent in performance tests conducted by Red Hat and delivering numerous file system enhancements that reduce read-write times and boost overall system utilization.

Red Hat expects to deliver the beta for Red Hat Enterprise Linux 5.8 later this month. Also fully underway is development for Red Hat Enterprise Linux 7, the next major release of Red Hat Enterprise Linux. Red Hat received an outstanding response from all Red Hat subscribers – users and partners – for requested features coming from the recent Red Hat Enterprise Linux 7 Ideas discussion group posted on the Red Hat customer portal. This important feedback allows Red Hat to continue to make Red Hat Enterprise Linux a computing foundation for the next generation of operating system platforms.

For More Information, New Technical Features and Benefits document Click Here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Red Hat Enterprise Linux (RHEL) 6.2 Released"https://www.voiceofgreyhat.com/2011/12/red-hat-enterprise-linux-rhel-62.html</a>

Famous Framework Metasploit v4.0.0

The Metasploit Framework is a penetration testing toolkit, exploit development platform, and research tool. The framework includes hundreds of working remote exploits for a variety of platforms. Payloads, encoders, and nop slide generators can be mixed and matched with exploit modules to solve almost any exploit-related task.

New Exploit Modules:

VSFTPD v2.3.4 Backdoor Command Execution
Java RMI Server Insecure Default Configuration Java Code Execution
HP OpenView Network Node Manager Toolbar.exe CGI Buffer Overflow
HP OpenView Network Node Manager Toolbar.exe CGI Cookie Handling Buffer Overflow
Mozilla Firefox nsTreeRange Dangling Pointer Vulnerability
Black Ice Cover Page ActiveX Control Arbitrary File Download
Microsoft Office Visio VISIODWG.DLL DXF File Handling Vulnerability
MicroP 0.1.1.1600 (MPPL File) Stack Buffer Overflow
Lotus Notes 8.0.x – 8.5.2 FP2 – Autonomy Keyview
RealWin SCADA Server DATAC Login Buffer Overflow
Siemens FactoryLink vrn.exe Opcode 9 Buffer Overflow
Iconics GENESIS32 Integer overflow version 9.21.201.01
Siemens FactoryLink 8 CSService Logging Path Param Buffer Overflow
Sielco Sistemi Winlog Buffer Overflow
Blue Coat Authentication and Authorization Agent (BCAAA) 5 Buffer Overflow
HP OmniInet.exe Opcode 20 Buffer Overflow
HP OmniInet.exe Opcode 27 Buffer Overflow
Citrix Provisioning Services 5.6 streamprocess.exe Buffer Overflow
Lotus Notes 8.0.x – 8.5.2 FP2 – Autonomy Keyview

New Post-Exploitation Modules:

Winlogon Lockout Credential Keylogger
Windows Gather Microsoft Outlook Saved Password Extraction
Windows Gather Process Memory Grep
Windows Gather Trillian Password Extractor
Windows PCI Hardware Enumeration
Windows Gather FlashFXP Saved Password Extraction
Windows Gather Local and Domain Controller Account Password Hashes
Windows Gather Nimbuzz Instant Messenger Password Extractor
Windows Gather CoreFTP Saved Password Extraction
Internet Download Manager (IDM) Password Extractor
Windows Gather SmartFTP Saved Password Extraction
Windows Gather Bitcoin wallet.dat
Windows Gather Service Info Enumeration
Windows Gather IPSwitch iMail User Data Enumeration

New Auxiliary Modules:

John the Ripper Password Cracker Fast Mode
Microsoft Windows DNSAPI.dll LLMNR Buffer Underrun DoS
Kaillera 0.86 Server Denial of Service
2Wire Cross-Site Request Forgery Password Reset Vulnerability
SIPDroid Extension Grabber
MSSQL Password Hashdump

Notable Features & Closed Bugs:-

Feature #4982 – Support for custom executable with psexec
Feature #4856 – RegLoadKey and RegUnLoadKey functions for the Meterpreter stdapi
Feature #4578 – Update Nmap XML parsers to support Nokogiri parsing
Feature #4417 – Post exploitation module to harvest OpenSSH credentials
Feature #4015 – Increase test coverage for railgun
Bug #4963 – Rework db_* commands for consistency
Bug #4892 – non-windows meterpreters upload into the wrong filename
Bug #4296 – Meterpreter stdapi registry functions create key if one doesn’t exist
Bug #3565 – framework installer fails on RHEL (postgres taking too long to start)

Armitage integrates with Metasploit 4.0 to:-

Take advantage of the new Meterpreter payload stagers
Crack credentials with the click of a button
Run post modules against multiple hosts
Automatically log all post-exploitation activity
Revision Information:
Framework Revision 13462

Several import parsers were rewritten to use Nokogiri for much faster processing of large import files. Adding to Metasploit’s extensive payload support, Windows and Java Meterpreter now both support staging over HTTP and Windows can use HTTPS. In a similar vein, POSIX Meterpreter is seeing some new development again. It still isn’t perfect nor is it nearly as complete as the Windows version, but many features already work. Java applet signing is now done directly in Ruby, removing the need for a JDK for generating self-signed certificates. The Linux installers now ship with ruby headers, making it possible to install native gems in the Metasploit ruby environment.

Another flexibility improvement comes in the form of a consolidated pcap interface. The pcaprub extension ships with the Linux installers as of this release and support for Windows will come soon. Modules that used Racket for generating raw packets have been converted to Packetfu, which provides a smoother API for modules to capture and inject packets.

To download Metasploit Framework v4.0.0 Click Here

For more information abous MSF click here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Famous Framework Metasploit v4.0.0"https://www.voiceofgreyhat.com/2011/08/famous-framework-metasploit-v400.html</a>

Pwn2Own 2013 -Hack Major Browser, Adobe Reader, Flash or Java & Earn in Million Dollars

Pwn2Own 2013 -Hack Major Web-browser, Adobe Reader, Flash or Java & Earn in Million Dollars 

Since the last two years the Pwn2Own hacker contest has become an important fixture in the world of testing the security of software applications, operating systems and hardware devices. In last two years we have seen several hackers, security professionals have expressed their enthusiasm and joined Pwn2Own where four major and widely browser's security get compromised, in order to make applications, software more safe and secure. Last year we have reported how different hackers across the globe taken part in Pwn2Own and successfully hacked Google Chrome, IE & Firefox, and earned millions of dollars. But the contest of this year has some more twist than before as, HP TippingPoint and Google, sponsor of Pwn2Own, has made clear that it is expanding the focus of the competition beyond browsers. Also, Pwn2own 2013 will include $560,000 in prize money for demonstrations of exploits in the major web browsers, Adobe Reader, Adobe Flash or Oracle Java. 

Contest Dates:-

The contest will take place the 6th, 7th, and 8th of March in Vancouver, British Columbia during the CanSecWest 2013 conference. DVLabs blog post will be updated as the contest plays out and get real-time updates by following either @thezdi or @Pwn2Own_Contest on Twitter or search for the hash tag #pwn2own.

Rules & Prizes:-

HP ZDI is offering more than half a million dollars (USD) in cash and prizes during the competition for vulnerabilities and exploitation techniques in the below categories. The first contestant to successfully compromise a selected target will win the prizes for the category.

• Web Browser
• Google Chrome on Windows 7 ($100,000)
• Microsoft Internet Explorer, either
• IE 10 on Windows 8 ($100,000), or
• IE 9 on Windows 7 ($75,000)
• Mozilla Firefox on Windows 7 ($60,000)
• Apple Safari on OS X Mountain Lion ($65,000)
• Web Browser Plug-ins using Internet Explorer 9 on Windows 7
• Adobe Reader XI ($70,000)
• Adobe Flash ($70,000)
• Oracle Java ($20,000)

The targets will be running on the latest, fully patched version of the Windows 7, 8, and OS X Mountain Lion. All targets will be installed in their default configurations, as this is how a majority of users will have them configured. As always, the vulnerabilities utilized in the attack must be unknown and not previously reported to the vendor. If a sandbox is present, a full sandbox escape is required to win. A given vulnerability may only be used once across all categories.

Upon successful demonstration of the exploit, the contestant will provide HP ZDI a fully functioning exploit and all the details of the vulnerability used in the attack. In the case that multiple vulnerabilities were exploited to gain code execution, details about all the vulnerabilities (memory corruption, infoleaks, escalations, etc.) leveraged and the sequence in which they are used must be provided to receive the prize money. The initial vulnerability utilized in the attack must be in the registered category.

Along with prize money, the contestant will receive the compromised laptop and 20,000 ZDI reward points* which immediately qualifies them for Silver standing. 

Full contest rules can be found at http://dvlabs.tippingpoint.com/Pwn2OwnContestRules.html, and may be changed at any time without notice.

Registration:-

Contestants are asked to pre-register by contacting ZDI via e-mail at zdi@hp.com. This will allow the organizer to ensure that they have the necessary resources in place to facilitate the attack. If more than one contestant registers for a given category, the order of the contestants will be drawn at random.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Pwn2Own 2013 -Hack Major Browser, Adobe Reader, Flash or Java & Earn in Million Dollars"https://www.voiceofgreyhat.com/2013/01/Pwn2Own-2013-Hack-and-Earn-in-Million.html</a>

Pwn2Own 2013 Result: Chrome, Firefox, IE, Adobe Reader, Flash & Java Owned

Pwn2Own 2013 Result: Chrome, Firefox, IE, Adobe Reader, Flash & Java Owned Only Safari Survived 

Couple of months ago we have talked about 'Pwn2Own 2013' hacking contest sponsored by HP TippingPoint, ZDI and Google where the most famous and widely used browsers have to face challenges. Now the result of this long awaited security competition has came which is showing that the entire browser security landscape can change in a single day, as browsers thought to be secure are proven to be otherwise. Of the Big Four browsers, only Apple's Safari has so far survived the onslaught of the browser-breakers where Chrome, Internet Explorer 10 and Firefox all fell to the mercy of the hackers. Not only browsers but also three other popular applications that is Adobe Reader, Flash Player and yet again Java fallen victim to hackers at 'Pwn2Own'. And for Java it was a true disaster as Java fell three times, though under the contest rules, only the first attacker was due to win the $20,000 prize. Vupen, a renowned security research firm based in France, cracked both Firefox and Internet Explorer. It roughly explained the attack in a tweet, “We’ve pwned Firefox using a use-after-free and a brand new technique to bypass ASLR/DEP on Win7 without the need of any ROP.” This bug hint leads them winning $100,000 for finding a huge hole. Again in a tweet, Security firm Vupen explained “We’ve pwned MS Surface Pro with two IE10 zero-days to achieve a full Windows 8 compromise with sandbox bypass.” Lastly, U.K.-based security firm MWR Labs cracked Chrome and also gained full control of the operating system, this time Windows 7. It also “demonstrated a full sandbox bypass exploit.” The company explained in a blog post that it found a zero-day in Chrome “running on a modern Windows-based laptop.” It was able to exploit the vulnerability by performing a very similar attack to what took down Facebook, Microsoft, and a number of other well-known companies: It had the laptop visit a malicious website. 

Now lets take look at the final score board of Pwn2Own 2013:

Wednesday:
1:30 - Java (James Forshaw) PWNED
2:30 - Java (Joshua Drake) PWNED
3:30 - IE 10 (VUPEN Security) PWNED
4:30 - Chrome (Nils & Jon) PWNED
5:30 - Firefox (VUPEN Security) PWNED
5:31 - Java (VUPEN Security) PWNED

Thursday:
12pm - Flash (VUPEN Security) PWNED
1pm - Adobe Reader (George Hotz) PWNED
2pm - Java (Ben Murphy via proxy) PWNED

The total damage to the prize fund comes out at a whopping $480k. With HP's announcement that everyone will get paid for each attack, the prize monies will be divvied up as follows:-

1. James Forshaw: Java = $20K
2. Joshua Drake: Java = $20k
3. VUPEN Security: IE10 + Firefox + Java + Flash = $250k
4. Nils & Jon: Chrome = $100k
5. George Hotz: Adobe Reader = $70k
6. Ben Murphy: Java = $20k

As you all know that the main motive of these contest is to make applications, software more safe and secure while figuring out hidden vulnerabilities  Here also for Pwn2Own the security holes figured out by the above experts have already been submitted and taken carefully by those organization  along with that, the expected patch for the browsers have already been released. Those who are still using the older version of those above applications are requested to update their system. So, stay tuned with VOGH and be safe on the Internet. 

-Source (HP, Naked Security) 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Pwn2Own 2013 Result: Chrome, Firefox, IE, Adobe Reader, Flash & Java Owned"https://www.voiceofgreyhat.com/2013/03/Pwn2Own-2013-Result.html</a>

Google Pakistan Hacked & Defaced By Turkish Hacker

Google Pakistan Along With Microsoft  HP, HSBC, Apple, PayPal, Blogspot Hacked & Defaced By Turkish Hacker

Today was most probably the worst day in the history of Pakistan cyber space. Ten big domains of Pakistan has been stroked very badly. Many of you are guessing that it was Indian hackers who cost this damage. But in reality the attack was not generated from India, Bangladesh or such any other native countries,  but it was a Turkish hacker who have reportedly taken down the home and search page of Google Pakistan while leaving an image of two penguins walking across a bridge for million of users. I think now you got that, yes it was Google Pakistan which has been hacked and defaced by a Turkey hacker code named "KriptekS". In the deface page the hacker left several messages in Turkish language, the translation of the text, written on the website, is: "eboz. My homies in a friend always there for me. Have not shot by me with every breath." Also the hacker left a message saying "Pakistan Downed" which is indicating that the home page of Google Pakistan is indeed take down. According to deface mirror on Zone-H, the attack took place around 02:17 in the afternoon, but still, when I am writing this article, the home page of Google Pakistan is still offline. 

May be you are thinking that the story is over, but no; as I told earlier it was the worst day for Pakistani cyber fence, trust me indeed it was. As along with Google, KriptekS, the Turkish hacker also targeted Pakistani domain of Blogger, HSBC, Coca-Cola, Fanta, Paypal, Microsoft, HP & Apple. Also it has been reported that Pakistani domain of Sony, Yahoo & Windows has also been allegedly hacked. And all those hacked domains are still offline. 

List of Hacked Sites:-

http://www.google.com.pk
http://www.google.pk
http://www.hp.com.pk
http://www.apple.pk
http://www.hsbc.pk
http://www.blogspot.pk
http://www.coca-cola.pk
http://www.fanta.pk
http://www.paypal.pk
http://www.microsoft.pk
www.visa.com.pk
www.ebay.pk
www.msn.org.pk
www.sony.pk
www.windows.com.pk
www.yahoo.pk


Deface Mirrors:-

http://zone-h.com/mirror/id/18639529
http://zone-h.com/mirror/id/18639530
http://zone-h.com/mirror/id/18639528
http://zone-h.com/mirror/id/18639527
http://zone-h.com/mirror/id/18638930
http://zone-h.com/mirror/id/18638890
http://zone-h.com/mirror/id/18638879
http://zone-h.com/mirror/id/18638866
http://zone-h.com/mirror/id/18638824
http://zone-h.com/mirror/id/18638825
http://zone-h.com/mirror/id/18638826
http://zone-h.com/mirror/id/18638827
http://zone-h.com/mirror/id/18638828
http://zone-h.com/mirror/id/18638820
http://zone-h.com/mirror/id/18638822
http://zone-h.com/mirror/id/18638823


While talking about this dangerous cyber attack, we would like to remind you that few days ago couple of Pakistani hackers defaced several big Israeli domains including MSN, Bing, Live, Skype, Microsoft Store, BBC, CNN, Coca-Colla, XBOX, Windows, Intel, Philips, Israeli Parliament, Citi Bank and so on. Whether it is not clear that this attack on Pakistan has nay relation with that attack on Israel. But what we can say is that "KriptekS" exactly followed the same path, which Pak hackers shown the world few days ago. 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Google Pakistan Hacked & Defaced By Turkish Hacker"https://www.voiceofgreyhat.com/2012/11/Google-Pakistan-Hacked-Defaced-By-Turkish-Hacker.html</a>

Metasploit 4.2.0 Released With IPv6 Support & Virtualization Target Coverage

Metasploit 4.2.0 Released With IPv6 Support & Virtualization Target Coverage

Earlier we haev discussed many times about one of the most famous and widely used exploitation framework named Metasploit. Yet again the Rapid 7 released another updated version of Metasploit. This update brings Metasploit to version 4.2.0, adding IPv6 support and virtualization target coverage. You'll also notice a new Product News section and update notification for our weekly updates. Since the last major release (4.1.0), added 54 new exploits, 66 new auxiliary modules, 43 new post-exploitation modules, and 18 new payloads. 

Brief About Metasploit:- 

The Metasploit Framework is a penetration testing toolkit, exploit development platform, and research tool. The framework includes hundreds of working remote exploits for a variety of platforms. Payloads, encoders, and nop slide generators can be mixed and matched with exploit modules to solve almost any exploit-related task.

Module Changes:-

•     Novell eDirectory eMBox Unauthenticated File Access

•     JBoss Seam 2 Remote Command Execution

•     NAT-PMP Port Mapper

•     TFTP File Transfer Utility

•     VMWare Power Off Virtual Machine

•     VMWare Power On Virtual Machine

•     VMWare Tag Virtual Machine

•     VMWare Terminate ESX Login Sessions

•     John the Ripper AIX Password Cracker

•     7-Technologies IGSS 9 IGSSdataServer.exe DoS

•     Microsoft IIS FTP Server <= 7.0 LIST Stack Exhaustion

•     DNS and DNSSEC fuzzer

•     CheckPoint Firewall-1 SecuRemote Topology Service Hostname Disclosure

•     CorpWatch Company ID Information Search

•     CorpWatch Company Name Information Search

•     General Electric D20 Password Recovery

•     NAT-PMP External Address Scanner

•     Shodan Search

•     H.323 Version Scanner

•     Drupal Views Module Users Enumeration

•     Ektron CMS400.NET Default Password Scanner

•     Generic HTTP Directory Traversal Utility

•     Microsoft IIS HTTP Internal IP Disclosure

•     Outlook Web App (OWA) Brute Force Utility

•     Squiz Matrix User Enumeration Scanner

•     Sybase Easerver 6.3 Directory Traversal

•     Yaws Web Server Directory Traversal

•     OKI Printer Default Login Credential Scanner

•     MSSQL Schema Dump

•     MYSQL Schema Dump

•     NAT-PMP External Port Scanner

•     pcAnywhere TCP Service Discovery

•     pcAnywhere UDP Service Discovery

•     Postgres Schema Dump

•     SSH Public Key Acceptance Scanner

•     Telnet Service Encyption Key ID Overflow Detection

•     IpSwitch WhatsUp Gold TFTP Directory Traversal

•     VMWare ESX/ESXi Fingerprint Scanner

•     VMWare Authentication Daemon Login Scanner

•     VMWare Authentication Daemon Version Scanner

•     VMWare Enumerate Permissions

•     VMWare Enumerate Active Sessions

•     VMWare Enumerate User Accounts

•     VMWare Enumerate Virtual Machines

•     VMWare Enumerate Host Details

•     VMWare Web Login Scanner

•     VMWare Screenshot Stealer

•     Capture: HTTP JavaScript Keylogger

•     Oracle DB SQL Injection via SYS.DBMS_CDC_SUBSCRIBE.ACTIVATE_SUBSCRIPTION

•     Asterisk Manager Login Utility

•     FreeBSD Telnet Service Encryption Key ID Buffer Overflow

•     Linux BSD-derived Telnet Service Encryption Key ID Buffer Overflow

•     Java Applet Rhino Script Engine Remote Code Execution

•     Family Connections less.php Remote Command Execution

•     Gitorious Arbitrary Command Execution

•     Horde 3.3.12 Backdoor Arbitrary PHP Code Execution

•     OP5 license.php Remote Command Execution

•     OP5 welcome Remote Command Execution

•     Plone and Zope XMLTools Remote Command Execution

•     PmWiki <= 2.2.34 pagelist.php Remote PHP Code Injection Exploit

•     Support Incident Tracker <= 3.65 Remote Command Execution

•     Splunk Search Remote Code Execution

•     Traq admincp/common.php Remote Code Execution

•     vBSEO <= 3.6.0 proc_deutf() Remote PHP Code Injection

•     Mozilla Firefox 3.6.16 mChannel Use-After-Free

•     CTEK SkyRouter 4200 and 4300 Command Execution

•     Adobe Flash Player MP4 SequenceParameterSetNALUnit Buffer Overflow

•     Icona SpA C6 Messenger DownloaderActiveX Control Arbitrary File Download and Execute

•     HP Easy Printer Care XMLCacheMgr Class ActiveX Control Remote Code Execution

•     Viscom Image Viewer CP Pro 8.0/Gold 6.0 ActiveX Control

•     Java MixerSequencer Object GM_Song Structure Handling Vulnerability

•     MS05-054 Microsoft Internet Explorer JavaScript OnLoad Handler Remote Code Execution

•     MS12-004 midiOutPlayNextPolyEvent Heap Overflow

•     Viscom Software Movie Player Pro SDK ActiveX 6.8

•     Adobe Reader U3D Memory Corruption Vulnerability

•     Aviosoft Digital TV Player Professional 1.0 Stack Buffer Overflow

•     BS.Player 2.57 Buffer Overflow

•     CCMPlayer 1.5 m3u Playlist Stack Based Buffer Overflow

•     Free MP3 CD Ripper 1.1 WAV File Stack Buffer Overflow

•     McAfee SaaS MyCioScan ShowReport Remote Command Execution

•     Mini-Stream RM-MP3 Converter v3.1.2.1 PLS File Stack Buffer Overflow

•     MS11-038 Microsoft Office Excel Malformed OBJ Record Handling Overflow

•     Ability Server 2.34 STOR Command Stack Buffer Overflow

•     AbsoluteFTP 1.9.6 - 2.2.10 LIST Command Remote Buffer Overflow

•     Serv-U FTP Server < 4.2 Buffer Overflow

•     HP OpenView Network Node Manager ov.dll _OVBuildPath Buffer Overflow

•     XAMPP WebDAV PHP Upload

•     Avid Media Composer 5.5 - Avid Phonetic Indexer Buffer Overflow

•     Citrix Provisioning Services 5.6 SP1 Streamprocess Opcode 0x40020000 Buffer Overflow

•     HP Diagnostics Server magentservice.exe Overflow

•     StreamDown 6.8.0 Buffer Overflow

•     Wireshark console.lua Pre-Loading Script Execution

•     Oracle Job Scheduler Named Pipe Command Execution

•     SCADA 3S CoDeSys CmpWebServer <= v3.4 SP4 Patch 2 Stack Buffer Overflow

•     Sunway Forcecontrol SNMP NetDBServer.exe Opcode 0x57

•     OpenTFTP SP 1.4 Error Packet Overflow

•     AIX Gather Dump Password Hashes

•     Linux Gather Saved mount.cifs/mount.smbfs Credentials

•     Multi Gather VirtualBox VM Enumeration

•     UNIX Gather .fetchmailrc Credentials

•     Multi Gather VMWare VM Identification

•     UNIX Gather .netrc Credentials

•     Multi Gather Mozilla Thunderbird Signon Credential Collection

•     Multiple Linux / Unix Post Sudo Upgrade Shell

•     Windows Escalate SMB Icon LNK dropper

•     Windows Escalate Get System via Administrator

•     Windows Gather RazorSQL Credentials

•     Windows Gather File and Registry Artifacts Enumeration

•     Windows Gather Enumerate Computers

•     Post Windows Gather Forensics Duqu Registry Check

•     Windows Gather Privileges Enumeration

•     Windows Manage Download and/or Execute

•     Windows Manage Create Shadow Copy

•     Windows Manage List Shadow Copies

•     Windows Manage Mount Shadow Copy

•     Windows Manage Set Shadow Copy Storage Space

•     Windows Manage Get Shadow Copy Storage Info

•     Windows Recon Computer Browser Discovery

•     Windows Recon Resolve Hostname

•     Windows Gather Wireless BSS Info

•     Windows Gather Wireless Current Connection Info

•     Windows Disconnect Wireless Connection

•     Windows Gather Wireless Profile

For additional information click Here. To Download Metasploit version 4.2.0 for windows & Linux click Here.

 -Source (rapid7)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Metasploit 4.2.0 Released With IPv6 Support & Virtualization Target Coverage"https://www.voiceofgreyhat.com/2012/02/metasploit-420-released-with-ipv6.html</a>

In Server Growth IBM beats HP & Oracle

IBM's server revenues grew 22.1% in the first quarter, outpacing rivals as demand for the types of high-end systems in which Big Blue specializes picked up. Total industry revenue from non-x86 servers, including Unix and mainframe systems, jumped 12.3%, compared to a 10.1% increase in revenue from sales of servers that run Windows or Linux on industry-standard chips, according to numbers released Wednesday by market watcher IDC. IBM's quarterly server revenues came in at $3.5 billion, making it the number two player in sales behind Hewlett-Packard. But IBM's server business is growing faster than that of its Palo Alto-based rival, which saw 10.8% growth. IBM officials said the company's rich portfolio of Unix and mainframe technologies is allowing it to cash in on customers' moves to higher-end systems. Rod Adkins, senior VP for Systems and Technology, said businesses' need to deal with ever larger amounts of data, structured and unstructured, is driving them toward tightly integrated systems like IBM's Power7 line. Servers like the Power7-based Power 780 are designed so that the processors, middleware, and hardware work in concert to deal with applications feeding huge amounts of so-called big data from sources as diverse as call centers, smartphones, and tablet computers. "We'll continue to have a unique advantage," said Adkins, in an interview. "When you start to think about the nature of these applications and workloads, and the types of integration that you need to do going forward, the investments that you make at each layer of the system stack will make a difference." IDC officials said growth in enterprise-class systems is also being driven by companies' need to refresh older systems—something they put off during the recession. "The Unix server marketplace is seeing new market dynamics centered on technology refresh for mission-critical workloads," said IDC research vice president Jean Bozman, in a statement. "This segment was hard-hit in 2009 and 2010 during the economic downturn as customers deferred or delayed acquisition of midrange and high-end Unix servers," said Bozman. "Customers' servers are being refreshed to carry forward Unix-specific, mission-critical workloads." Growth wasn't limited to the high-end of the server market. Total industry revenue from systems that run on x86 chips from Intel or AMD grew 12%, to $7.9 billion, while unit shipments increased 2.6%. Overall, HP led the market with Q1 sales of $3.8 billion, up 10.8% from the previous year. Its market share fell slightly, from 31.8% to 31.5%. IBM's market share grew from 26.9% to 29.2%. Dell, the number three player, saw sales increase 9.7%, to $1.9 billion, but its share fell to 15.6%, from 16% the previous year. Oracle, which entered the server business last year when it completed its $7.4 billion buyout of Sun Microsystems, saw system revenues increase to $773 million in the quarter, up 13.6% from the previous year. Its market share was 6.5%.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">In Server Growth IBM beats HP & Oracle"https://www.voiceofgreyhat.com/2011/05/in-server-growth-ibm-beats-hp-oracle.html</a>

Vulnerability Found in Samsung Printers Allowing Remote Hack

Vulnerability Found in Samsung Printers Allowing Remote Hack 

Bad news for those who are using Samsung and Dell-branded printers, as in an advisory U.S. Computer Emergency Readiness Team (US CERT) issued an warning that a hard coded administrative account could allow remote attackers to take control of their device. According to the vulnerability note (VU#281284)- Samsung printers contain a hardcoded account that could allow a remote attacker to take control of an affected device. Samsung printers (as well as some Dell printers manufactured by Samsung) contain a hardcoded SNMP full read-write community string that remains active even when SNMP is disabled in the printer management utility. Manipulating the above vulnerability a remote, unauthenticated attacker could access an affected device with administrative privileges. Secondary impacts include: the ability to make changes to the device configuration, access to sensitive information (e.g., device and network information, credentials, and information passed to the printer), and the ability to leverage further attacks through arbitrary code execution. 

Solution:-
Samsung and Dell have stated that models released after October 31, 2012 are not affected by this vulnerability. Samsung and Dell have also indicated that they will be releasing a patch tool later this year to address vulnerable devices.
Block Port 1118/udp
The reporter has stated that blocking the custom SNMP trap port of 1118/udp will help mitigate the risks.

Restrict Access:
As a general good security practice, only allow connections from trusted hosts and networks. Restricting access would prevent an attacker from accessing an SNMP interface using the affected credentials from a blocked network location.

While talking about vulnerabilities in Printer, then we would like to remind you that late in last year Columbia University Researchers have discovered a vulnerability in some Hewlett-Packard (HP) LaserJet printer lines that could allow attackers to install a modified firmware to steal information, run attacks from within a network or cause physical damage to the printer. Later HP issued firmware to fix those security hole.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Vulnerability Found in Samsung Printers Allowing Remote Hack "https://www.voiceofgreyhat.com/2012/11/Samsung-Printers-Allowing-Remote-Hack.html</a>

Red Hat Linux enjoys bumper growth

OPEN SOURCE SOFTWARE OUTFIT Red Hat out-performed its rivals in operating system revenue growth with its Red Hat Enterprise Linux (RHEL) distribution.
Red Hat's Enterprise Linux OS helped the firm bring in $610 million in 2010, according to market analyst Gartner, which said that figure represented an impressive 18 per cent growth over 2009. While Red Hat posted the largest growth, Microsoft still remains the OS leader, with revenue increasing by 8.8 per cent to an astounding $23.8 billion thanks to its Windows 7 and Windows Server operating systems.
Gartner claims that Red Hat's impressive growth means that Linux is finally gaining acceptance for mission-critical server use. The mission-critical market has been predominantly the reserve of Unix variants from companies like HP and IBM, but now Gartner's pinstriped analysts claim "the market has accepted Linux as a viable alternative to Unix and other proprietary OSs in mission-critical environments". In contrast IBM and HP posted very modest revenue growth of just 5.6 per cent and 1.4 per cent, respectively.
Technically Oracle beat everyone by recording a 7,683 per cent growth, but when you start from nothing and acquire Sun and its Solaris operating system, it isn't really a fair comparison. In fact Gartner says that the revenue Oracle collected from Solaris dropped 3.2 per cent during 2010 as customers were unsure about whether Oracle would continue to support Solaris in the future.
Apple also posted tremendous revenue growth of its Mac OS X operating system, taking $520 million in 2010, which represented a 15.8 per cent rise over 2009. Gartner claimed that as Apple flogs more Iphones and Ipads, some users are jumping onto Apple's Mac products driving sales up.
Although Apple and Red Hat have posted impressive revenue growth, their market share rose 0.1 per cent to 1.7 per cent and 0.2 per cent to 2.0 per cent respectively. To put those figures into perspective, Microsoft grew 0.7 per cent and commanded 78.6 per cent of the market. It's no wonder that analysts are expecting a bumper set of financials from Microsoft.
While there is little doubt that Microsoft is still the firm to beat, Red Hat's impressive performance has shown that Linux is playing in the big leagues now when it comes to the high-end server market. 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Red Hat Linux enjoys bumper growth"https://www.voiceofgreyhat.com/2011/04/open-source-software-outfit-red-hat-out.html</a>