Showing posts sorted by relevance for query NASA. Sort by date Show all posts
Showing posts sorted by relevance for query NASA. Sort by date Show all posts

NASA Laptop Theft Puts Thousands of Employees & Contractors at Risk

Posted by Avik Sarkar On 11/21/2012 01:17:00 am

NASA Laptop Theft Puts Thousands of Employees & Contractors at Risk

So far NASA have been targeted several times, where hackers penetrated the digital security. But here comes a bit different type of breach. A laptop with data on thousands of employees and contractors has been stolen from a NASA employee's car. NASA issued serious warning and it it informing its employees that a laptop computer with personnel information such as social security numbers was stolen from a locked car two weeks ago, potentially putting thousands of workers and contractors at risk. The laptop, issued to an employee at NASA headquarters in Washington, was password protected but its disk was not fully encrypted, making it relatively easy to access the information stored in that hard disk. This security breach  may affect thousands of employees and contractors at NASA facilities around the United States.
NASA has contracted a specialist consulting firm to identify and contact persons affected by the data breach, saying that the process could take up to 60 days due to the large amount of data. NASA Administrator Charlie Bolden banned the removal of unencrypted laptops containing sensitive information from any NASA facility and ordered security software upgrades to be finished by December 21. NASA has now instructed its employees to use full disk encryption (FDE) to lock down hard drives on all devices that process critical data by this 21st December. The agency also warned employees about storing sensitive data on smart phones and mobile devices. The agency is offering employees free credit-monitoring services and other support.
The laptop theft is the latest in a string of NASA security breaches over the past few years. In March, a Kennedy Space Center worker's laptop that contained personal information on about 2,300 employees and students was stolen. A NASA inspector general report this year determined 48 NASA laptops and mobile computing devices were lost or stolen between April 2009 and April 2011, many containing sensitive data.



-Source (Reuters)





SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Code.NASA - Opensource Website & Latest Member of NASA Web Family

Posted by Avik Sarkar On 1/08/2012 05:31:00 pm



National Aeronautics and Space Administration (NASA) in the US, has launched code.nasa.gov, a web site that will serve as the central source of information about the agency's open source projects. The site, which is still in early alpha, is intended to help unify and expand NASA's open source activities. Through this website, we will continue, unify, and expand NASA’s open source activities. The site will serve to surface existing projects, provide a forum for discussing projects and processes, and guide internal and external groups in open development, release, and contribution.

NASA Said:- 
"Today we are launching code.nasa.gov, the latest member of the open NASA web family. Through this website, we will continue, unify, and expand NASA’s open source activities. The site will serve to surface existing projects, provide a forum for discussing projects and processes, and guide internal and external groups in open development, release, and contribution.
In our initial release, we are focusing on providing a home for the current state of open source at the Agency. This includes guidance on how to engage the open source process, points of contact, and a directory of existing projects. By elucidating the process, we hope to lower the barriers to building open technology in partnership with the public.
Phase two will concentrate on providing a robust forum for ongoing discussion of open source concepts, policies, and projects at the Agency. In our third phase, we will turn to the tools and mechanisms development projects generally need to be successful, such as distributed version control, issue tracking, continuous integration, documentation, communication, and planning/management. During this phase, we will create and host a tool, service, and process chain to further lower the burden to going open.
Ultimately, our goal is to create a highly visible community hub that will imbue open concepts into the formulation stages of new hardware and software projects, and help existing projects transition to open modes of development and operation. We are going to need your help to get there! Please use “Share your Ideas,” comment on this post, or email us at opengov@nasa.gov to let us know how code can help you, where you would like to see the site go, and how we might best fulfill our purpose.
We believe that tomorrow’s space and science systems will be built in the open, and that code.nasa.gov will play a big part in getting us there. Will your code someday escape our solar system or land on an alien planet? We’re working to make it happen, and with your help, it will."





SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

NASA Technical Reports Server, Encyclopedia Britannica & Dhaka Stock Exchange is Vulnerable

Posted by Avik Sarkar On 4/02/2012 03:18:00 am

NASA Technical Reports Server, Encyclopedia Britannica & Dhaka Stock Exchange is Vulnerable
A 15 years ethical hacker from India named Akshay code name "0z0n3" find out non-persistent cross site scripting vulnerability in three very high profile websites. Those are the official website of NASA Technical Reports Server (NTRS), Encyclopedia Britannica, & Dhaka Stock Exchange. Earlier he has found out XSS vulnerability in the official website of National Geographic. The vulnerability details have already been reported to the web-masters and immediately Dhaka Stock Exchange & Encyclopedia Britannica has fixed those security holes but the vulnerability status of NASA Technical Reports Server (A Sub-domain of NASA) is unpatched. To know the vulnerable link click here.  If you dig the history you will find that previously NASA was hit many times by the hackers from different part of the world Such as Spamers targeted NASA, TeaMp0isoN hacked NASA official forum, Chinese Hackers hit NASA satellites, Indian hacker minhal stole secrete  information from NASA, Code Smasher has found CSRF vulnerability in the official website of Virtual Heliospheric Observeatory NASA and so on. Though the vulnerability in Encyclopedia Britannica & DSE is fixed, still the below screen-shots will clarify the fact.  
-:Encyclopedia Britannica:-
-:Dhaka Stock Exchange:-





SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

NASA Sub-Domain is Vulnerable To Hackers

Posted by Avik Sarkar On 2/13/2012 12:22:00 am

NASA Sub-Domain is Vulnerable To Hackers 
Virtual Heliospheric Observeatory, a sub-domain of NASA is Vulnerable. A fourteen years old ethical hacker from India named Code Smasher has found Cross-site request forgery (CSRF) vulnerability on the official website of Virtual Heliospheric Observeatory NASA. The hacker also claimed that using this vulnerability an attacker can even exploit the website and execute unauthorized commands. Click Here to know the vulnerable link. Few days ago another ethical hacker group found CSRF on wikileaks official site. If you dig the history you will find that previously NASA was hit many times by the hackers from different part of the world. Such as Spamers targeted NASA, TeaMp0isoN hacked NASA official forum, Chinese Hackers hit NASA satellites, Indian hacker minhal stole secrete  information from NASA and so on. Also we would like to give you reminder that well known hacker TinKode get busted for hacking into NASA server. So before playing with NASA be little conscious :)




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Another Romanian Hacker Get Busted on Pentagon & NASA Server Hacking Charges

Posted by Avik Sarkar On 2/02/2012 01:14:00 am

Another Romanian Hacker Get Busted on Pentagon & NASA Server Hacking Charges
Yet another Romanian hacker get busted on charges of hacking into Pentagon and NASA servers, stealing confidential data. The hacker have posted all the stolen information on his personal blog. Razvan Manole Cernaianu, an information technology student who allegedly used the online alias "TinKode," offered a software program for sale on his blog and also showed a video that demonstrated how he compromised the servers, officials said. Romanian officials said they were working with the FBI and NASA representatives on the case. An FBI spokesman in Washington, D.C., did not immediately have comment this afternoon. The U.S. Embassy in Bucharest said Cernaianu "used sophisticated hacking tools to gain unauthorized access to government and commercial systems." The case demonstrates that "countries and agencies around the globe" could cooperate "to counter these types of threats," it said.
This is not the first time earlier another 26 year aged Romanian Guy face imprisonment for hacking into NASA servers. Also If you dig the history you will find that previously NASA was hit many times by the hackers from different part of the world. Such as Spamers targeted NASA, TeaMp0isoN hacked NASA official forum, Chinese Hackers hit NASA satellites, Indian hacker minhal stole secrete  information from NASA and so on.


-Source (Diicot)


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

NASA Sub-domain is Vulnerable Allowing Information Disclosure

Posted by Avik Sarkar On 2/18/2013 08:55:00 pm

NASA Sub-domain is Vulnerable Allowing Serious Information Disclosure

National Aeronautics and Space Administration, widely known as NASA used to fascinate the hackers to come and breach its security system. Many of our readers may be astonished after reading the above lines, but its a fact and history is the witness of that. So far NASA have been targeted several times, where hackers have figured out vulnerability and penetrated the digital security. Yet again same thing happened to NASA, when an ethical hacker from India going by the name of "Zero Cool" find out serious loopholes in one of the sub-domain of NASA, which could lead sensitive information disclosure. The hacker shared a vulnerability report with us, where he has shown that, exploiting the vulnerability one malicious attacker can easily extract lots of confidential data from NASA server, such as source code of various programs (used by NASA), current project information, future research paper, topological graph, license information, several executable files, .dll files, private application software & it's source codes, employ details and many more highly confidential or in other word "Top Secrete" data and files. For security and privacy purpose we are not disclosing those vulnerable links, but exclusively for VOGH readers we are sharing few images to justify the fact. 



This vulnerability report has already been submitted to NASA, and as expected they immediately reacted and promised to path those loopholes with immediate effect. While talking about the ethical hacker "Zero" we would like to remind you that, before this NASA vulnerability disclosure, he exposed several vulnerabilities among many major and high profile websites such as FacebookReebok,Indiagames, mtv, lapdonline, UNESCO, Toshiba, Discovery.com, Novell.comMicrosoft Store India, several Pakistani  and Bangladeshi Govt websites and many more.  




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

NASA, Stanford Websites Hit by Search Engine Scammers

Posted by Avik Sarkar On 5/10/2011 05:49:00 pm


Scammers looking to flog cheap software have hacked Web pages on high-profile websites, including those belonging to NASA and Stanford University.

NASA, just a week away from its penultimate space shuttle launch, has now removed dozens of Web pages that popped up on its Jet Propulsion Laboratory website. They were used to flog low-cost versions of Adobe's Creative Suite and other products, according to cached versions of the pages, still viewable on Google.
The scammers loaded up the Web pages with nonsense text (a sample: "Edit buy adobe premiere pro cs4 some callouts and balloons to make this time it took you and saved you a long time") and links to many other hacked pages.
Affected sites included those for NASA, Stanford University, Syracuse University and Northeastern University. NASA had cleaned up its site Monday, but others, including Stanford, had not. Visitors to those sites could encounter the hacked pages even if they weren't looking for cheap software.
Jane Platt, a spokeswoman for NASA's Jet Propulsion Laboratory, said the NASA site was safe to visit, but she declined to comment on the hacking incident because NASA's policy "is not to discuss security matters."
Some of the sites seem to have been hacked so that they pop up in the top results when Web surfers are looking for cheap Adobe software.
It looks like the scammers are trying to make money by generating Web traffic for online retailers, said Mary Landesman, a security researcher with Cisco's ScanSafe group. On some of the sites, visitors who arrive following a Google search are automatically redirected to online retailers.
Google awards a higher ranking to Web pages hosted on trusted, high-profile websites, so by hacking NASA and Stanford's pages, the scammers can generate more traffic for their clients and earn themselves more money in referral fees, she said. "Someone searching for cheap Adobe products is more likely to get those results," she said.
This type of search engine poisoning has been around for years. Hackers often use a Web hacking technique called SQL injection to break into websites, but they can also do this by stealing or guessing passwords.
With NASA set to launch the Space Shuttle Endeavor next week, a lot of people are visiting the space agency's website -- something that makes it only more valuable to hackers, according to Chester Wisniewski, a security researcher with Sophos. Although none of the sites examined Monday contained malicious software, that could easily have been the case, Wisniewski said. "If they were to get malicious code inserted into those pages, it could hurt a lot of people," he said.
Robert McMillan covers computer security and general technology breaking news for The IDG News Service. Follow Robert on Twitter at @bobmcmillan. Robert's e-mail address isrobert_mcmillan@idg.com

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Chinese Hackers Breached The NASA Jet Propulsion Lab

Posted by Avik Sarkar On 3/03/2012 01:43:00 am

Chinese Hackers Breached The NASA Jet Propulsion Lab 

Chinese hackers gained illegal access NASA Jet Propulsion Laboratory (JPL). According to the investigation report of the Inspector General- hackers from China have breached the NASA JPL earlier in November and stolen sensitive data. Not only data stealing they have breached the security system of JPL which allowed them to delete sensitive files, add user accounts to mission-critical systems, upload malware and many more. That report revealed scant details of an ongoing investigation into the incident against the Pasadena, Calif., lab, noting only that cyberattacks against the JPL involved Chinese-based Internet Protocol (IP) addresses. Paul K. Martin, NASA's inspector general, put his conclusions bluntly."The attackers had full functional control over these networks," he wrote.
If you dig the history you will find that previously NASA was hit many times by the hackers from different part of the world. Such as Spamers targeted NASA, TeaMp0isoN hacked NASA official forum, Chinese Hackers hit NASA satellites, Indian hacker minhal stole secrete  information from NASA and so on. 



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

'The Unknowns' Claimed to Breach NASA, European Space Agency, French & Bahrain Ministry of Defense, US Air Force

Posted by Avik Sarkar On 5/10/2012 04:02:00 pm

'The Unknowns' Claimed to Breach NASA, European Space Agency, French & Bahrain Ministry of Defense & Many More
A new group of hacker collective group calling themselves 'The Unknowns' had claimed to breach the security system of a range of government agencies, organizations & many high profile sites. According to a PasteBin release The Unknowns said that they hacked into ten different organizations and published documents and other data alleged to have originated from the servers. Among them there are NASA - Glenn Research Center, US military, US AIR FORCE, European Space Agency, Thai Royal Navy, Harvard, Renault Company, French ministry of Defense, Bahrain Ministry of Defense and Jordanian Yellow Pages
NASA has confirmed that an attack did take place on 20 April, but noted that no "sensitive or controlled information" was compromised. The ESA also admitted to having suffered an attack, which it said made use of SQL injection. 
The hacker group claims that their mission is not malicious, but rather to help. "Victims, we have released some of your documents and data, we probably harmed you a bit but that's not really our goal because if it was then all of your websites would be completely defaced but we know that within a week or two," said the groups post, "the vulnerabilities we found will be patched and that’s what we're looking for."  In other word they are pretending to be 'White Hat'.
If you dig the history you will find that previously NASA was hit many times by the hackers from different part of the world Such as Spamers targeted NASA, TeaMp0isoN hacked NASA official forum, Chinese Hackers hit NASA satellites, Indian hacker minhal stole secrete  information from NASA, Code Smasher has found CSRF vulnerability in the official website of Virtual Heliospheric Observeatory NASA and so on.
 


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

NASA Certified First Commercial Smartphone (Android-based Nexus S)

Posted by Avik Sarkar On 9/03/2011 03:52:00 pm


Just when you thought Google was losing its appeal with its Google Plus network, here comes another biggie that might add a feather to the company’s colourful hat.
NASA revealed that they prefer working with Android on their Space Stations and that Nexus S is being used by NASA to run its SPHERE satellites. SPHERE satellites are free-floating devices that were in fact inspired by Star Wars, according to NASA. They have been placed on the International Space Station right from 2006, which dates back to pre-Android days. Android is being used on a special expansion port which would allow NASA to utilize the highly customizable Android OS to add additional sensors and features. Nexus S devices are being touted by NASA as the first commercial Smartphones to be certified to fly on the space shuttle.
Nexus S’ CPU would be used to power SPHERE’s ‘brains’ and the robots would be able to monitor and sense more external data that can be controlled and observed remotely from Earth, thanks to its Wi-Fi connection. NASA made no attempts to hide their happiness with Google and Android OS, which definitely gives Google the boost that it required in the last few weeks. Most people have begun to complain that Google Plus pages are almost empty without any updates, though it is filled with people.
Such criticisms may no more affect the bigwigs at Google, who would now be patting their own backs after NASA declared Android OS to be their preferred mobile operating system. One shouldn’t be surprised if Google makes an attempt to try and do something with space research as well. This news would surely have ruffled feathers of Apple and other competitors who have been fighting Google’s juggernaut that has been throwing its weight around in Internet, mobile and even home device technologies.

-News Source (NASA & Walyou)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

#ProjectWhiteFox -Team GhostShell Hacked 1.6 Million Accounts of NASA, ESA, Pentagon & FBI

Posted by Avik Sarkar On 12/15/2012 04:14:00 pm

#ProjectWhiteFox -Team GhostShell Hacked 1.6 Million Accounts of NASA, ESA, Pentagon & FBI

After the devastating "Project Blackstar" now the hacktivist group calling them selves "Team GhostShell" announced another big hack, where the hackers have targeted several big organizations. This round of cyber attack was going under the banner of #ProjectWhiteFox, in which GhostShell has posted log-in details of 1.6 million accounts they claim are taken from a series of attacks on organizations including NASA, FBI, European Space Agency and Pentagon, as well as many companies that partner with these organizations. The Anonymous subsidiary group has posted the details on Pastebin, while describing the aim of the hack; as part of their #ProjectWhiteFox campaign to promote hacktivism and freedom of information on the internet. The hacker group claimed that the leaked information contained log-in names, passwords, email addresses, CV & several other sensitive information. In their release GhostShell said - "For those two factors we have prepared a juicy release of 1.6 million accounts/records from fields such as aerospace, nanotechnology, banking, law, education, government, military, all kinds of wacky companies & corporations working for the department of defense, airlines and more."
GhostShell members also said that they have messaged security bosses about the insecurity a number of organizations they targeted during attacks throughout 2012, describing it as "an early Christmas present." 
In a Pastebin file, GhostShell features a list of 37 organizations and companies, including The European Space Agency, NASA’s Engineers: Center for Advanced Engineering, and a Defense Contractor for the Pentagon. GhostShell sets itself apart from other hacktivist groups by targeting more than just one company or organization, and then releasing the results of its attack all at once. This set of hacks is spread out across 456 links, many of which simply contain raw dump files uploaded to GitHub and mirrored on paste sites Slexy.org and PasteSite.com.
The uploaded files contain what appears to be user data that looks to have been obtained from the servers of the various firms (likely via SQL injection). The entries include IP addresses, names, logins, email addresses, passwords, phone numbers, and even home addresses. Email accounts include the big three (Gmail, Hotmail, and Yahoo), as well as many .gov accounts. There are also various documents and material related to partnerships between companies and government bodies, as well as sensitive information for the aforementioned industries. 
Furthermore, the group says it has sent an email to the ICS-CERT Security Operations Center, Homeland Security Information Network (HSIN), Lessons Learned and Information Sharing (LLIS), the FBI’s Washington Division and Seattle location, Flashpoint Intel Partners, Raytheon, and NASA. In it, they say to have detailed “another 150 vulnerable servers from the Pentagon, NASA, DHS, Federal Reserve, Intelligence firms, L-3 CyberSecurity, JAXA, etc.”
-Source (TNW)






SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Romanian Hacker Get Busted For Hacking Into NASA Servers

Posted by Avik Sarkar On 11/17/2011 05:46:00 pm


A Romanian hacker have to face imprisonment for hacking into NASA servers. 26-year-old Romanian national, currently in detention, is charged with breaching security measures to access several of NASA’s servers in December 2010. Prosecutors said Wednesday that he interfered with server data, causing NASA losses of about $500,000 (€371,000). Yet there was no comment from the U.S. Embassy. Court spokesman Lucian Marian in the northwest city of Cluj says Robert Butyka would be arrested for 29 days as he awaits trial. 




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

NASA Website is Vulnerable, Private Information of Researchers Leaked By Minhal

Posted by Avik Sarkar On 11/04/2011 07:34:00 pm


Minhal Mehdi, Indian Hacker found uploading vulnerability on a sub-domain of National Aeronautics and Space Administration (NASA). He also hacked and exposed personal details of NASA researchers including Name, Email-id, Phone Number, Postal Address and so on. 


Vulnerable Link:-
To Know the link click Here





Exposed Credentials:-
pastebin.com/UnLwLPT9


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

NASA & UFO Hacker Gary McKinnon Will Not Face Prosecution in UK

Posted by Avik Sarkar On 12/19/2012 03:45:00 pm

NASA & UFO Hacker Gary McKinnon Will Not Face Prosecution in UK

Infamous NASA hacker Gary McKinnon who broke into US government computer system, while hunting for evidence of UFOs and fought a long fight against extradition, has been told that he will now not face prosecution in the UK. After discussing the case with US Department of Justice and the police, The Crown Prosecution Service (CPS) has decided the appropriate jurisdiction for the McKinnon case to be heard is the US. According to Karen Todner, McKinnon's solicitor, the decision on Friday is an "interesting" one given that he was first arrested and questioned by UK police.

The reasons for that decision were:
  1. The harm occurred in the US - the activity was directed against the military infrastructure of the US;
  2. An investigation had already been launched in the US;
  3. There were a large number of witnesses, most of whom were located in the US;
  4. All of the physical evidence (with the exception of Mr McKinnon's computer) was located in the US;
  5. The US prosecutors were able to bring a case that reflected the full extent of Mr McKinnon's alleged criminality; and
  6. The bulk of the unused material was located in the US. Given the nature of the offences, this inevitably included highly sensitive information and the US courts were best placed to deal with any issues arising in relation to this material.

In a statement, the CPS's Director of Public Prosecutions (DPP), Kier Starmer QC, and Mark Rowley, Assistant Commissioner of the Metropolitan Police Service, said that they had convened a joint panel to discuss the issue and decide whether a new criminal investigation should take place. They decided that the original reasoning for the trial being held in the US still held, and looked into the possibility of holding the trial in the UK. This would have involved transferring witnesses and sensitive physical evidence to the UK. The panel consulted with the US Department of Justice as to whether this would be possible, given that they believed that "the prospects of a conviction against Mr McKinnon, which reflects the full extent of his alleged criminality, are not high".
According to the statement, the US authorities "indicated to us that they would be willing to co-operate with a prosecution in England and Wales if that would serve the interests of justice." However, the US authorities did not feel that transferring all the witnesses and evidence to the UK would be in that interest, given the panel's representations. The statement goes on to say: "That is a decision the US authorities are fully entitled to reach and we respect their decision." On that basis, the panel concluded that a new criminal investigation should not be started and the Assistant Commissioner accepted that advice.





SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Cyber Shield deal Between India & US

Posted by Avik Sarkar On 7/20/2011 03:26:00 pm


India and the US today inked a pact on cybersecurity to intensify information exchange on threats to computers and networks and initiate joint work on technologies against cyber-attacks.
A joint statement on the India-US strategic dialogue has announced the cybersecurity agreement among new initiative by the two countries. These initiatives also include a plan to develop a software platform to make available non-sensitive government data to the public and to award $3 million each year to entrepreneurial projects that commercialise technologies to improve health.
A memorandum of understanding between the Indian and the American Computer Emergency Response Teams (CERT) is expected to lead to routine exchange of information on vulnerabilities and co-operation on cybersecurity technologies, Indian CERT officials said.
“This comes at a time when cybersecurity-related incidents are increasing in number and becoming more and more sophisticated,” said Gulshan Rai, director-general of the Indian CERT, a division of the ministry of communications and information technology.
Rai said the MoU is expected to lead to greater exchange of information between Indian and US CERTs about known and emerging threats, specific vulnerabilities of computers and networks and open opportunities for joint technology development.
The CERTs track and catalogue threats, advocate protective mechanisms, and respond to attacks on computer systems in the two countries.
The latest monthly security bulletin from India’s CERT says 151 computer security-related incidents were reported during May 2011 alone, among which more than half involved “phishing” — an attack or an intrusion that involves some form of identity theft.
Last year, unidentified hackers, believed to be based in China, had penetrated computers in sensitive Indian government offices, including the National Security Council secretariat, and stolen documents on missiles, and personal and financial data of Indian officials.
India already has cybersecurity pacts, primarily for the exchange of information, with Japan and Korea and is planning to develop one with Finland.
The cybersecurity pact followed consultations led by the Indian and the US National Security Councils on prospects for bilateral co-operation on cybersecurity issues, held on Monday, a joint statement on the India-US strategic dialogue said.
The joint statement also said the Nasa has “reiterated its willingness to discuss potential co-operation with the Indian Space Research Organisation on human spaceflight”.
While the Nasa offer comes on the eve of the retirement of the US Space Shuttle, space experts believe Nasa has accumulated enormous expertise on human spaceflight — for instance, in the area of onboard life support systems — that could help India in its own long-term plans to develop a space capsule large enough to carry two astronauts into a low-earth orbit for a short mission.
The open source software platform that India and the US plan to create is intended to help make available to the public all non-sensitive government information through a user-friendly website.
It is expected to be patterned on the lines of America’s own government data websitewww.data.gov which began with 47 government data sets in May 2009, but has more than 392,000 data sets today.
“We have all kinds of data there — data sets on infant car seats, airline statistics, hospitals,” said Aneesh Chopra, the chief technology officer in the US, who is also assistant to US President Barack Obama.
An Indian government official said India is preparing a policy initiative to get myriad government departments into making non-sensitive data — from education to health to public infrastructure — public through a so-called National Data Sharing Access Policy (NDSAP). The official who spoke on condition of anonymity said this NDSAP is yet to be approved by the Union cabinet.
Among other initiatives, the India-US science and technology endowment board established in 2009 has decided to award $3 million annually to projects proposed by entrepreneurs for commercialisation of technologies to improve health and empower citizens.
The first call for proposals has already attracted more than 380 joint India-US proposals and the first set of awards will be announced in September this year.

                                     
                                                                                                                                                                             -News Source (The Telegraph)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

NASA, Sony, Adidas, SPIKE TV & Few Other Govt Websites Are Vulnerable - Said "TeamHav0k"

Posted by Avik Sarkar On 2/20/2012 09:38:00 pm

NASA, Sony, Adidas, SPIKE TV & Few Other Govt Websites Are Vulnerable - Said "TeamHav0k"
Newly formed hacker group named "TeamHav0k" continues their Operation XSS #OPXSS. Like earlier they have found cross site scripting vulnerability in many high profile websites. This time NASA, adidas Official Store, SPIKE TV Official Site, Brighton& Hove City council,  Air Accident Investigation Branch [Govt of UK], Portal and Information Services of Tocantins [Govt of Brazil] became the victim. In a pastebin release the hacker group claimed that using the vulnerabilities an attacker can perform cookie stealing, XSS & XSSF Tunneling and such nasty things. Which indeed can create serious harm for those vulnerable sites. They have also found redirection vulnerability on the official website of Sony Global Headquarters later it was patched. 
Earlier TeamHav0k figure out XSS vulnerability in the official site Huffingtonpost, EA, IGN, NYTimes & many other. 




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

The Official NASA forum is Vulnerable to SQL-i, Said TeaMp0isoN

Posted by Avik Sarkar On 8/09/2011 05:22:00 pm


Well-known hackers group TeaMp0isoN found SQL-i vulnerability of the NASA forum. Actually it was a found through the Zero-day of vbulletin. TeaMp0isoN exposed very sensitive information like the Database info, admin user- name, email-id, password hash and so on.  

According to TeaMpOisoN:-

Admin Username: rkim
Email: Randolph.I.Kim@nasa.gov
Hashed Password: f8c139f15bbbb79a362c049590b24f0d:W\oFuA
Salt: {2p^:D?w~=pYxVayvmn;l7*

Admin Username: cmohnike
Email: MohnikCC@nv.doe.gov
Hashed Password: 6c6e2b5e36846c2aee99b1c6e1194f63
Salt: )~#FJj:zQ^52q:SF{&5MDCILiPi2S=


For More Info click Here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Satellite System of U.S. Was Attacked By Chinese Hackers

Posted by Avik Sarkar On 10/27/2011 11:15:00 pm



Computer hackers, possibly from the Chinese military, interfered with two U.S. government satellites four times in 2007 and 2008 through a ground station in Norway, according to a congressional commission. The intrusions on the satellites, used for earth climate and terrain observation, underscore the potential danger posed by hackers, according to excerpts from the final draft of the annual report by the U.S.-China Economic and Security Review Commission. The report is scheduled to be released next month.
“Such interference poses numerous potential threats, particularly if achieved against satellites with more sensitive functions,” according to the draft. “Access to a satellite‘s controls could allow an attacker to damage or destroy the satellite. An attacker could also deny or degrade as well as forge or otherwise manipulate the satellite’s transmission.”
A Landsat-7 earth observation satellite system experienced 12 or more minutes of interference in October 2007 and July 2008, according to the report. Hackers interfered with a Terra AM-1 earth observation satellite twice, for two minutes in June 2008 and nine minutes in October that year, the draft says, citing a closed-door U.S. Air Force briefing. The draft report doesn’t elaborate on the nature of the hackers’ interference with the satellites.
Chinese Military Writings:-
U.S. military and intelligence agencies use satellites to communicate, collect intelligence and conduct reconnaissance. The draft doesn’t accuse the Chinese government of conducting or sponsoring the four attacks. It says the breaches are consistent with Chinese military writings that advocate disabling an enemy’s space systems, and particularly “ground-based infrastructure, such as satellite control facilities.”
U.S. authorities for years have accused the Chinese government of orchestrating cyber attacks against adversaries and hacking into foreign computer networks to steal military and commercial secrets. Assigning definitive blame is difficult, the draft says, because the perpetrators obscure their involvement. The commission’s 2009 report said that “individuals participating in ongoing penetrations of U.S. networks have Chinese language skills and have well established ties with the Chinese underground hacker community,” although it acknowledges that “these relationships do not prove any government affiliation.”
Chinese Denials:-
China this year “conducted and supported a range of malicious cyber activities,” this year’s draft reports. It says that evidence emerging this year tied the Chinese military to a decade-old cyber attack on a U.S.-based website of the Falun Gong spiritual group. Chinese officials long have denied any role in computer attacks.
The commission has “been collecting unproved stories to serve its purpose of vilifying China’s international image over the years,” said Wang Baodong, a spokesman for the Chinese Embassy in Washington, in a statement. China “never does anything that endangers other countries’ security interests.” The Chinese government is working with other countries to clamp down on cyber crime, Wang said. Defense Department reports of malicious cyber activity, including incidents in which the Chinese weren’t the main suspect, rose to a high of 71,661 in 2009 from 3,651 in 2001, according to the draft. This year, attacks are expected to reach 55,110, compared with 55,812 in 2010.
Relying on the Internet:-
In the October 2008 incident with the Terra AM-1, which is managed by the National Aeronautics and Space Administration, “the responsible party achieved all steps required to command the satellite,” although the hackers never exercised that control, according to the draft. The U.S. discovered the 2007 cyber attack on the Landsat-7, which is jointly managed by NASA and the U.S. Geological Survey, only after tracking the 2008 breach. The Landsat-7 and Terra AM-1 satellites utilize the commercially operated Svalbard Satellite Station in Spitsbergen, Norway that “routinely relies on the Internet for data access and file transfers,” says the commission, quoting a NASA report. The hackers may have used that Internet connection to get into the ground station’s information systems, according to the draft. While the perpetrators of the satellite breaches aren’t known for sure, other evidence uncovered this year showed the Chinese government’s involvement in another cyber attack, according to the draft.


-News Source (Bloom Berg)




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Two Romanian Hackers Pleaded Guilty on Credit Card Hack & Faced 7 Years Imprisonment

Posted by Avik Sarkar On 9/20/2012 03:43:00 pm

Two Romanian Hackers Pleaded Guilty on Credit Card Hack & Faced 7 Years Imprisonment  

According to the U.S. Department of Justice two Romanian hacker- Iulian Dolan & Cezar Butu have pleaded guilty to participating in a US$10 million scheme to hack into the computers of hundreds of Subway restaurants in the U.S. and steal payment card data. Iulian Dolan, 28, of Craiova, Romania, pleaded guilty Monday to one count of conspiracy to commit computer fraud and two counts of conspiracy to commit access device fraud, and Cezar Butu, 27, of Ploiesti, Romania, pleaded guilty to one count of conspiracy to commit access device fraud, the DOJ confirmed. Dolan and Butu were two of four Romanians charged in December in U.S. District Court for the District of New Hampshire with hacking Subway point-of-sale computers. In his plea agreement, Dolan has agreed to be sentenced to seven years, and Butu has agreed to be sentenced to 21 months in prison. The two men, in their guilty pleas, acknowledged participating in a Romanian-based conspiracy, lasting from 2009 to 2011, to hack into hundreds of U.S. point-of-sale (POS) computers. Co-conspirator Adrian-Tiberiu Oprea is in U.S. custody and awaiting trial in New Hampshire. The group used stolen payment card data to make unauthorized charges or to transfer funds from the cardholders' accounts, the scheme involved more than 146,000 compromised payment cards and more than $10 million in losses.  
During the conspiracy, Dolan remotely scanned the Internet to identify vulnerable POS systems in the U.S. with certain remote desktop software applications (RDAs) installed on them. Using these RDAs, Dolan logged onto the targeted POS systems over the Internet. The systems were often password-protected and Dolan attempted to crack the passwords to gain administrative access. 
He then installed keystroke logging software onto the POS systems and recorded all of the data that was keyed into or swiped through the POS systems, including customers' payment card data. Thus Dolan managed to steal payment card data belonging to approximately 6,000 cardholders. Dolan received $5,000 to $7,500 in cash and personal property from Oprea for his efforts.
In his plea agreement, Butu said he repeatedly asked Oprea to provide him with stolen payment card data and that Oprea provided him with instructions for how to access the website where Oprea had stored a portion of the stolen payment card data. Butu later attempted to use the stolen payment card data to make unauthorized charges on, or transfers of funds from, the accounts. He also attempted to sell, or otherwise transfer, the stolen payment card data to other co-conspirators. Butu acquired stolen payment card data from Oprea belonging to approximately 140 cardholders
While talking about Romanian Hackers then one name definitely comes in mind and that is Razvan Manole Cernaianu aka "TinKode" who get busted earlier in this year, on charges of hacking into Pentagon and NASA servers, stealing confidential data. Also last year another 26 year aged Romanian hacker faced imprisonment for hacking into NASA servers. 


-Source (CSO)





SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Hackers can hacked into your e-mail setup system if your wi-fi system is unprotected

Posted by Avik Sarkar On 4/25/2011 01:46:00 pm


"It is alarm time for all of us, an infectious virus has entered into the system through the Wi-Fi setup of gate no. 23 router 1.0.1.5", this was the call of the system manager of Nasa's chief security department on the day when one of Nasa's server was hacked from outside through the wi-fi system. Almost all of our homes, offices, military buildings, security departments use computers and internet, and modern days' technology enables us to use wireless setup of the network where the network can be accesses through Bluetooth type devices from anywhere within the server premises. But these wi-fi connectivity needs to be secured from inside as packets and information which are transferring through the gateway can be caught at unwanted ends anytime without our concern.
The internet and e-mail setup system use packets which carry information while leaving a machine. The data is stored in binary format which carries the actual information as well as the source and target destination addresses which are indicated by binary digits. If you think your PC as your home and the information leaving your PC as a member of the house, thus when the information is leaving for the destination indicates that your family member is on-road now. Hackers are spread out all over the world and hence will be waiting outside your home, or you can say PC, to get control over your family member, or you can say your personal information.
So in case we do not give any protection to our family member, in that case the family member can be kidnapped, or rather your personal information can be opened to an outsider. This requires a guard which will guard your family member from your home to your target house, means the data packet will be safely transferred from your PC to your target server. This protection is needed to set up with your e-mail setup system which will provide a protection to your data packets and your valuable information. What is followed today is that the data that is put into the packets are encrypted with a key which is known only on the sender and targeted machines. When a packet is transferred, the data inside is encrypted with that key and correct decryption is done only through that key when it reaches the proper target.
Hence if any of the packets get hacked from middle, it will not be of any use to the hacker as the hacker will not have the proper key with him or her. A wrong key will decrypt the file to wrong information, which will be useless for the purpose the file is hacked. But don't get relieved that it's done and you are protected, no, not at all. Because hackers are aware of such systems more than we do, and they are just brilliants in these fields. What they do is directly hack the wi-fi setup of your system, thus get into the control of the whole of your machine and take up required information. So we will have to protect our wi-fi system as well to protect our homes from unwanted hazards. These will be discussed in the next edition of the article.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Related Posts Plugin for WordPress, Blogger...

Site search