Showing posts with label Passwords Leaked. Show all posts
Showing posts with label Passwords Leaked. Show all posts

The Washington Post Server Breached! Chinese Hackers Apprehend For This Cyber Attack

Posted by Avik Sarkar On 12/20/2013 12:55:00 am

The Washington Post Server Hacked! Suspected That Chinese Hackers Are Behind This Cyber Attack 
Last week the story of Chinese eavesdropping on European ministries and diplomats at G20 summit draws the attention of the entire cyber world and made headlines. Yet again another breathtaking issue came in-front where also China found responsible for security breach that effected The Washington Post - the most widely circulated newspaper published in Washington, D.C. Sources reveled that hackers broke into The Washington Post’s servers and gained access to employee user names and passwordsMandiant, a cyber security contractor that monitors The Washington Post’s networks, said the intrusion was of relatively short duration. The extent of the loss of company data was not immediately clear, still the matter of relief is that the company passwords are stored in encrypted form, hackers in some cases have shown the ability to decode such information. although to avoid any further mishap Washington Post have planned to ask all employees to change their user names and passwords on the assumption that many or all of them may have been compromised. Officials at Washington Post said that they saw no evidence that subscriber information, such as credit cards or home addresses, was accessed by the hackers. Nor was there any sign that the hackers had gained access to The Post’s publishing system, e-mails or sensitive personal information of employees, such as their Social Security numbers. Post officials found that this hack is more-recent than the 2011 one. They also said, began with an intrusion into a server used by The Post’s foreign staff but eventually spread to other company servers before being discovered. “This is an ongoing investigation, but we believe it was a few days at most,” said Post spokeswoman Kris Coratti. 
China not only targeted Washington Post,  If you look at the story of major cyber attacks of this year we will find that the name of China has been involved several times for engaging cyber attacks against several high profile news organization of U.S. including New York TimesNBC and so on. So far Chinese Government have not responded to this issue, also none of Chinese hacker community take the responsibility of this breach. For upcoming updates on this story stay tuned with VOGH




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Security Breach Invaded 8,500 Recipients of Unemployment Insurance Agency Michigan (UIA)

Posted by Avik Sarkar On 12/13/2013 01:22:00 am

Michigan Unemployment Insurance Agency (UIA) Hacked! 8,500 Recipients Personal Data Leaked
A major security breach has invaded Unemployment Insurance Agency of Michigan, widely known as UIA. Sources revealed that the attack was placed in between mid of July to mid of September which affected more than 8,500 unemployment insurance recipients in Michigan with leak of social security numbers, bank account numbers, passwords, phone numbers & few other sensitive data. This security breach was first detected Sept. 17 by contractor JP Morgan Chase. In his reaction the director of the Unemployment Insurance Agency, Shaun Thomas said -“The UIA is deeply concerned about this incident.” But due to some untold reason state official were not notified until this December first week. Dan Lohrmann, the state’s chief security officer in the Department of Technology, Management and Budget, said he has “worked closely with JP Morgan Chase to share our concern about the delayed notification and to ensure that the state receives immediate notice of future problems. “We work around the clock to keep citizen information and data protected, and I feel confident that everyone involved in this event understands the importance of protecting personal information.” Chase, which handles the debit cards Michigan uses to pay unemployment insurance benefits to some recipients, said those who accessed the bank’s website between mid-July and mid-September may have been affected. The 8,500 claimants in Michigan are among about 465,000 cardholders nationwide who may have been affected, the bank said. So far the identity of the hackers & their reasons behind this attack is not been identified, but Chase has notified law enforcement and both the bank and the state will be notifying claimants whose information was potentially compromised. 



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Cupid Media Network Breach Exposes 42 Million Passwords in Plain Text

Posted by Avik Sarkar On 11/30/2013 03:30:00 am

Cupid Media Network Breach Exposes 42 Million Passwords in Plain Text (Uunencrypted)

Cupid Media one of the leading niche online dating network that have more than 35 large online dating website, faced a massive intrusion that effects more than 42 million of its registered users. From an exclusive report of Kerbs On Security we came to know that the breach was taken earlier in this year. Where the hackers managed to gain access into the crucial servers belongings to Cupid Media network. According to the managing director of Cupid Media, Mr Andrew Bolton - "In January we detected suspicious activity on our network and based upon the information that we had available at the time, we took what we believed to be appropriate actions to notify affected customers and reset passwords for a particular group of user accounts.” After a preliminary investigation it has been found that the purloined database of Australia-based niche dating service Cupid Media was found on the same server where hackers had amassed tens of millions of records stolen from AdobeMore than 42 million peoples' unencrypted names, dates of birth, email addresses and passwords have been found from the pinched database. I am very much wearied to see that a high value site like Cupid is unconcerned about the basic security counter measure. Even their confidential tables remained unencrypted which allows the hacker to gain the personal information in plain text. Like the Cupid Media security team, the registered users also found very much inadvertent and unaware of basic security measures. I am saying this because of the leaked passwords, almost two million picked "123456", and over 1.2 million chose "111111". "iloveyou" and "lovely" both beat out "password", and while 40,000 chose "qwerty", 20,000 chose the bottom row of the keyboard instead - yielding the password "zxcvbnm"
Jason Hart of famous data protection firm Safenet said "The true impact of the breach is likely to be huge. Yet, if this data had been encrypted in the first place then all hackers would have found is scrambled information, rendering the theft pointless."
This security breach of Cupid Media reminds us  the decent history of breach where we have seen a slew of attacks against the following sites: Drupal.org  Scribd, Guild Wars 2, Gamigo, Blizzard, Yahoo, LinkedIn, eHarmony, Formspring, Android Forums, Gamigo,  Nvidia,Blizzard, Philips, Zynga, VMWare, Adobe,  Twitter,  New York Times, Apple and so on. While covering this story on behalf of VOGH, I am warning our readers across the globe to use strong alphanumeric passwords to avoid such disaster. Also the webmasters and security administrator are highly recommended to use salted encryption in their database to prevent fortuitousness cyber attack


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Drupal.org Hacked ! More Than 967,000 Registered User Details Compromised

Posted by Avik Sarkar On 6/03/2013 09:07:00 pm

Drupal.org Hacked ! More Than 967,000 Registered User Details Compromised 

Drupal, one of the most famous and widely used open-source content management framework have fallen victim to cyber criminals. The Drupal Security Team and Infrastructure Team has discovered unauthorized access to account information on the official Drupal website and another site called groups.drupal.org. This security breach has exposed user names, country, and email addresses along with hashed passwords of more than 967,000 registered users on the Drupal.org. But still a matter of relief is that the breach failed to infiltrate the credit card details which was stored on the same server. According to security release unauthorized access was made via third-party software installed on the Drupal.org server infrastructure, and was not the result of a vulnerability within Drupal itself. Drupal team have worked with the vendor to confirm it is a known vulnerability and has been publicly disclosed. They are still investigating and will share more detail when it is appropriate. Upon discovering the files during a security audit, the security team has already shut down the association.drupal.org website to mitigate any possible ongoing security issues related to the files. The Drupal Security Team then began forensic evaluations and discovered that user account information had been accessed via this vulnerability. The suspicious files may have exposed profile information like username, email address, hashed password, and country. In addition to resetting your password on Drupal.org, it is also recommending a number of measures (below) for further protection of your information, including, among others, changing or resetting passwords on other sites where you may use similar passwords. 

As a precautionary measure of the said security breach, Drupal Security Team has reset all Drupal.org account holder passwords and are requiring users to reset their passwords at their next login attempt. A user password can be changed at any time by taking the following steps. 
  1. Go to https://drupal.org/user/password 
  2. Enter your username or email address. 
  3. Check your email and follow the link to enter a new password. It can take up to 15 minutes for the password reset email to arrive. If you do not receive the e-mail within 15 minutes, make sure to check your spam folder as well.
Counter Measures that Drupal has Taken to avoid such mishap is something followed- as attacks on high-profile sites (regardless of the software they are running) are common, Drupal strive to continuously improve the security of all Drupal.org sites. To that end, Drupal have taken the following steps to secure the Drupal.org infrastructure:
  • Staff at the OSU Open Source Lab (where Drupal.org is hosted) and the Drupal.org infrastructure teams rebuilt production, staging, and development webheads and GRSEC secure kernels were added to most servers
  • Drupal is scanning and have not found any additional malicious or dangerous files and making scanning a routine job in their process
  • There are many subsites on Drupal.org including older sites for specific events. Drupal created static archives of those sites.

This security breach of Drupal which affected more than 967,000 users is giving us a remind of the decent history of breach where we have seen a slew of attacks against the following sites: ScribdGuild Wars 2GamigoBlizzardYahooLinkedIneHarmonyFormspringAndroid ForumsGamigo,  Nvidia,BlizzardPhilipsZyngaVMWareAdobe Twitter  New York TimesApple and so on. 







SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

'Scribd' World's Largest Document Sharing Website Admits Security Breach

Posted by Avik Sarkar On 4/11/2013 01:42:00 am

'Scribd' World's Largest Document Sharing Website Admits Security Breach 

Scribd- San Francisco-based document sharing site have fallen victim of cyber attack. Such kind of massacre is no doubt very much shameful for one of the world largest document sharing website which have more than 100 million of registered user. Like other largest companies, Scribd acknowledged the attack. In their official security announcement the company said that the operations team of Scribd have discovered and blocked suspicious activity on Scribd's network that appears to have been a deliberate attempt to access the email addresses and passwords of registered Scribd users. But the matter of relief is that only the 1% of its registered users have been affected during the hack. Immediately after this intrusion get spotted Scribd security team have emailed every user whose password was potentially compromised with details of the situation and instructions for resetting their password.  So, if you are a Scribd user and you did not receive such email from Scribd, then you are most likely unaffected.  If you still wish to check, you can use this web tool to determine if your account was among those affected. From the official announcement of Scribd, we came to know that the inertial investigation have already take place, which indicates that no content, payment and sales-related data, or other information were accessed or compromised. It has been  believed that the information accessed by the hackers was limited to general user information, which includes usernames, emails, and encrypted passwords.  Even though this information was accessed, the passwords stored by Scribd are encrypted (in technical terms, they are salted and hashed). Most of the users were therefore unaffected by this; however, the analysis shows that a small percentage may have had their passwords compromised. In an abundance of caution, it has been highly recommended for those affected users to reset their password and to change their password on any other services they might have used it on. 
At conclusion of the note, Scribd team did serious apology to its users while saying -"we would like to sincerely apologize for our failure to live up to our users' expectations in this instance. We’re incredibly disappointed that this happened and are committed to doing everything we can to prevent this from happening again. We will work harder than ever to ensure that we deserve the trust that our users place in us." 
While talking about big cyber attacks against large companies we would like to remind you in the last year we have been a slew of attacks against the following sites: Guild Wars 2GamigoBlizzardYahooLinkedIneHarmonyFormspringAndroid ForumsGamigo,  Nvidia,BlizzardPhilipsZyngaVMWare, Adobe Twitter  New York Times, Apple and so on. 






SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Twitter Hacked, More Than 250,000 User Data Compromised

Posted by Avik Sarkar On 2/03/2013 01:55:00 am

Twitter Hacked, More Than 250,000 User Data Compromised

The social networking giant and the world famous micro blogging site Twitter again fallen victim of cyber attack. Last year we have seen that the tight security system if twitter have been compromised many times. Yet again in this year the San Francisco based social media giant who have more than 500 million registered users failed to protect them selves from hackers. On last Friday Twitter acknowledged that it had become the latest victim in a number of cyber-attacks against media companies, saying hackers may have gained access to information on 250,000 of its more than 200 million active users. The micro blogging giant said in a blog posting that earlier this week it detected attempts to gain access to its user data. It shut down one attack moments after it was detected. According to reports usernames, email addresses, session tokens and encrypted/salted passwords for 250,000 users might have been accessed in what it described as a “sophisticated attack” 

"This attack was not the work of amateurs, and we do not believe it was an isolated incident,” said Bob Lord, Twitter’s director of information security. “The attackers were extremely sophisticated, and we believe other companies and organisations have also been recently similarly attacked” Bob added. 

Jim Prosser, a Twitter spokesman, would not say how hackers infiltrated Twitter’s systems, but Twitter’s blog post said hackers had broken in through a well-publicized vulnerability in Oracle’s Java software. Last month, after a security researcher exposed a serious vulnerability in the software, though Oracle patched the security hole, but Homeland Security said the fix was not sufficient. The DHS issued a rare alert that warned users to disable Java on their computers. Prosser said Twitter was working with government and federal law enforcement to track down the source of the attacks. For now, he said the company had reset passwords for, and notified, every compromised user. The company encouraged users to practice good password hygiene, which typically means coming up with different passwords for different sites, and using long passwords that cannot be found in the dictionary.
Twitter said it “hashed” passwords — which involves mashing up users’ passwords with a mathematical algorithm — and “salted” those, meaning it appended random digits to the end of each hashed password to make it more difficult, but not impossible, for hackers to crack. Once cracked, passwords can be valuable on auction-like black market sites where a single password can fetch $20.

While talking about Twitter and cyber issues, I would like to remind you that in last year twitter faced several cyber attacks where more than 55,000 twitter account details was leaked, after this issue in the middle of last year the social networking giant faced massive denial of service which interrupted its services. Later a huge number of Twitter users across the globe received  emails warning that their account have been compromised and their passwords had been reset, and it was another security breach which affected twitter. Such big organization are not at all careless about security, so as twitter and it has been proved when they hired renowned white hat hacker Charlie Miller to boost up their security, but after this current massacre, it seems that twitter need to think more and emphasize a lot to make sure that their system is good enough to prevent cyber attacks. For all the hot cyber updates and reviews stay tuned with VOGH.


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Hacker Breached Verizon Server & Stolen 3 Million Customer Data

Posted by Avik Sarkar On 12/27/2012 05:07:00 pm

Hacker Breached Verizon Server & Stolen 3 Million Customer Data

Verizon one of the most popular and largest Network provider and ISP of America faced a large scale cyber attack. A hacker going by the name of TibitXimer claimed to have breached one of major server of Verizon, by which he managed to gain access inside the database of Verizon customer. This data breach effected more than 3 Million Verizon FiOS customers including full names, addresses, mobile serial numbers, the opening date of each account, and account passwords. However, he said that figure was an estimate and had "no clue" exactly how many records there were, and that it was a "low estimate based on the size of one record and the size of all the files." A fraction of leaked data have been allegedly posted on pastebin, but later the post was removed. In a report Zdnet said that the cyber attack was taken place earlier in July, this year which allowed him to gain root access to the server holding the customer data. Tibit gained access to a server with little difficulty after working with another hacker to identify the security flaw. Though Tibit denied to mention the reason of this hack, and also he did not expose the nature of the vulnerability by which he managed to get access in the server. The hacker also said that after he informed Verizon of the exploit, the company "ignored my report," and did not comment. 
 He also noted that the exploit "still exists." "The worst part of it all, every single record was in plain text," he said. "I did not have to decrypt anything." He said he couldn't understand "why they still haven't fixed the exploits," months after informing the company of its poor network security.

Immediately after this hack Verizon authorities posted a notice while saying- "This incident was reported to the authorities when we first learned of it months ago and an investigation was launched. Many of the details surrounding this incident are incorrect and exaggerated. No Verizon systems were breached, no root access was gained, and this incident impacted a fraction of the number of individuals being reported. We take any and all attempts to violate consumer and customer privacy and security very seriously, so we notified individuals who could potentially have been impacted and took immediate steps to safeguard their information and privacy. Verizon has also notified law enforcement of this recent report as a follow-up to the original case.
....
There was no hack, and no access gained. A third party marketing firm made a mistake and information was copied. As for wireless v. wired customers, some of the individuals listed were Verizon customers who are not wireless customers but wired/wireline customers or prospective customers...."





SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Adobe Confirms Data Breach, Hacker Leaked More Than 150,000 Customer Details

Posted by Avik Sarkar On 11/21/2012 01:17:00 am

Adobe Confirms Data Breach, Hacker Leaked More Than 150,000 Customer Details 

Yet again Adobe, the American multinational computer software company had fallen victim of cyber attack. In September Adobe faced what it called a sophisticated cyber attack where hackers have breached Adobe server in order to compromise certificate to sign malware. As a move Adobe revoked those certificates on October 4th. After that massacre, here again one of Adobe's databases has been breached by a hacker and that it has temporarily taken offline the affected Connectusers.com website. The attacker who claimed responsibility for the attack, told that he used a SQL injection exploit in the breach. Adobe confirmed the breach and said that the hacker indeed managed to break into an Adobe server and copy the private credentials of approximately 150,000 users – including their names, email addresses and password hashes. Those affected accounts include Adobe customers, Adobe employees and partners along with U.S. military users including U.S. Air Force users, and users from Google, NASA, universities, and other companies. To prove the attack, the intruder, who goes by the name of "ViruS_HimA" and claims to be from Egypt, has released extracts from his haul on the Pastebin text hosting service. 
"It was an SQL Injection vulnerability -- somehow I was able to dump the database in less requests than normal people do," said ViruS_HimA. Users passwords for the Adobe Connect users site were stored and hashed with MD5, says the hacker, which made them "easy to crack" with freely available tools. And Adobe wasn't using WAFs on the servers, the hacker notes. "I just want to be clear that I'm not going against Adobe or any other company. I just want to see the biggest vendors safer than this," he told the press. "Every day we see attacks targeting big companies using Exploits in Adobe, Microsoft, etc. So why don't such companies take the right security procedures to protect them customers and even themselves?"
"Adobe is a very big company but they don't really take care of them security issues, When someone report vulnerability to them, It take 5-7 days for the notification that they've received your report!!" he wrote. "It even takes 3-4 months to patch the vulnerabilities!" 
While talking about such big cyber attacks, here we would like to give you reminder that in the last few months we have been a slew of attacks against the following sites: Guild Wars 2GamigoBlizzardYahooLinkedIneHarmonyFormspringAndroid ForumsGamigo,  Nvidia,BlizzardPhilips, Zynga, VMWare, & so on. For all the latest on cyber security and hacking related stories; stay tuned with VOGH


-Source (Dark Reading, The-H)





SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

TOR Client Leaking Sensitive Information From Cache Memory, Later The Bug Has Been Fixed

Posted by Avik Sarkar On 11/10/2012 12:57:00 am

TOR Client Leaking Sensitive Information From Cache Memory, Later The Bug Has Been Fixed  

Major security issue has been found in the world's most famous and widely used software for online anonymity, Tor (The Onion Router). A software developer named Andrey Karpov found that the anonymisation software uses a function called memset() to delete cache data, which is not supported by all compilers. In some cases, that can cause the TOR client to leave confidential data like passwords in the system memory when it is closed. The memset() function is problematic because it is automatically deleted when TOR is optimized for speed with a compiler like the one in Microsoft Visual Studio 2010. Once that happens, the data remains in system memory, where it can be read by malicious programs.
As soon as this security issue get spot light The Tor Project has immediately issues a fix to close the security vulnerability which leads to leak information from memory on some machines running Tor that could give an attacker access to sensitive information stored in the cache. The developers at the Tor Project were alerted to the problem recently and began looking into the issue. What they found is that in some cases, when the Tor client uses a function called memset to erase some cache data on a machine, some of that information will still remain when Tor exits. The data that remains could give an attacker access to sensitive information in the cache. The strring explaining the bug fix in Tor says that different compilers handle the situation differently. In their bug fix Tor Project says that "Tor tries to wipe potentially sensitive data after using it, so that if some subsequent security failure exposes Tor's memory, the damage will be limited. But we had a bug where the compiler was eliminating these wipe operations when it decided that the memory was no longer visible to a (correctly running) program, hence defeating our attempt at defense in depth. We fix that by using OpenSSL's OPENSSL_cleanse() operation, which a compiler is unlikely to optimize away. Future versions of Tor may use a less ridiculously heavy approach for this. Fixes bug 7352."



 -Source (Tor Project, The-H & threatpost)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

"Project Blackstar" Team Ghostshell Leaks 2.5 Million Records From Russian Govt & Individual

Posted by Avik Sarkar On 11/05/2012 05:08:00 am

"Project Blackstar" Team Ghostshell Leaks 2.5 Million Records From Russian Govt & Individual 

A hacker group calling them selves "Team Ghostshell" who was recently behind the attack several top universities called an open operation declaring war on Russia's cyberspace. The operation is dubbed “Project Blackstar”. In the first phase of the operation  the hacking collective Team Ghostshell posted approximately 2.5 million accounts/records leaked, from governmental, educational, academical, political, law enforcement, telecom, research institutes, medical facilities, large corporations (both national and international branches) in such fields as energy, petroleum, banks, dealerships and many more. The hacker group also claimed to have access "to more russian files than the FSB and we are very much  eager to prove it." - said Ghostshell. The rest of the Pastebin post goes on to call out the Russian government and is littered with references to corruption, capitalism and social injustice. Judging by some of the records released, the Russian Police, along with Novatek, Russia's largest independent natural gas producer, the Alfa Group, an investment consortium and JINR, the country’s Joint Institute for Nuclear Research, all appear to have been implicated in the alleged leak. Some records appear to include individuals’ usernames and passwords while other documents almost read like resumes, complete with individuals’ names, IP addresses, education and job history.
Above I have discussed the last hack by Team Ghostshell where they had published 120,000 records from some of the world’s top universities. That leak, dubbed “Project WestWind,” sought to “raise awareness towards the changes made in today’s education,“ spilling student and faculty email addresses, passwords and IDs. Now this “Project Blackstar” with a leak of 2.5 million records from several Russian cyber space,  again arising a big doubt, that how much secure our cyber world is? 



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

UNESCO World Heritage Centre Hacked By Xception Code

Posted by Avik Sarkar On 9/30/2012 03:12:00 am

UNESCO World Heritage Centre Hacked By Xception Code

United Nations Educational, Scientific and Cultural Organization widely known as UNESCO faced hacker attack. A young Indian hacker code named 'Xception Code' targeted UNESCO World Heritage Centre, which is one of the sub-domain of UNESCO. Like his earlier attack, this time also he did not deface or infected the website. But definitely the hacker have stolen sensitive information from the website. As per resources Xception Code managed to get access into the UNESCO web-server and exposed credentials like DNS server information, ns records, database information (tables, columns, user names, user id) and so on. In a post in pastebin the hacker made all the stolen information available. But he did not exposed any passwords, though he claimed to have access in several user-id, administrative passwords and even root password. In his message the hacker said - "Hello, Admin ( I Know You Have Multiple Admins,Because I Have Their Password :D Yes , I Have All Information That Contains Root Password / User Accounts / All Mail Ids Used By Unesco & ALl Info. But, I Am Not Releasing Them. This Is Just A Warning For Unesco, To Patch Their Website/Server...." 
With this news, we also like to remind you that in the middle of this year this hacker has hacked another high profile website, that is National Radio Astronomy Observatory (NRAO). That time also he exposed sensitive information. 

  


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Ekoparty Conference: Stealth Password Cracking Vulnerability Found in Oracle Database

Posted by Avik Sarkar On 9/23/2012 12:05:00 am

Ekoparty Conference: Stealth Password Cracking Vulnerability Found in Oracle Database

Researchers unveiled serious vulnerability in the authentication protocol used by some Oracle databases, a flaw that could enable a remote attacker to brute-force a token provided by the server prior to authentication and determine a user's password. The attacker could then log on as an authenticated user and take unauthorized actions on the database. The vulnerability exists in Oracle Database 11g Releases 1 and 2 and is caused by a problem with the way the authentication protocol protects session keys when users try to log in. The first step in the authentication process when a client contacts the database server is for the server to send a session key back to the client, along with a salt. The vulnerability enables an attacker to link a specific session key with a specific password hash. The researcher who discovered the bug named Esteban Martinez Fayó has also released a tool that can crack some simple passwords in about five hours on a normal PC.  Fayó is a security specialist of AppSec Inc, he demonstrated his findings at the Ekoparty conference which is currently taking place in Buenos Aires. 
According to Esteban Martinez Fayo "This Session Key is a random value that the server generates and sends as the initial step in the authentication process, before the authentication has been completed.  This is the reason why this attack can be done remotely without the need of authentication and also, as the attacker can close the connection once the Session Key has been sent, there is no failed login attempt recorded in the server because the authentication is never completed."  He also staid "Once the attacker has a Session Key and a Salt (which is also sent by the server along with the session key), the attacker can perform a brute force attack on the session key by trying millions of passwords per second until the correct one is found.  This is very similar to a SHA-1 password hash cracking.  Rainbow tables can’ t be used because there is a Salt used for password hash generation, but advanced hardware can be used, like GPUs combined with advanced techniques like Dictionary hybrid attacks, which can make the cracking process much more efficient."  
"Basically, I discovered that not all failed login attempts were recorded by the database.  Looking closer at the issue, I located the problem in the way that one of the components of the logon protocol, the Session Key, was protected.  I noticed that, in a certain way, the Session Key was leaking information about the password hash," he added 
Although Oracle closed the hole with the 11.2.0.3 patch set, which introduced the new version 12 of the protocol in mid-2011, Fayó said that there has been no fix for versions 11.1 and 11.2 of the database because the update was never included in any of Oracle's regular "critical patch updates". The researcher explained that unless administrators activate the new protocol manually, the database will continue to use the vulnerable version 11.2 protocol. The vulnerability is in a widely deployed product and is easy to exploit, Fayo said he considers it to be quite dangerous. "The Oracle stealth password cracking vulnerability is a critical one.  There are many components to affirm this: It is easy to exploit, it doesn’t leave any trace in the database server and it resides in an essential component of the logon protocol," he said.
"It is very simple to exploit.  The attacker just needs to send a few network packets or use a standard Oracle client to get a Session Key and Salt for a particular user.  Then, an attack similar to that of cracking SHA-1 password hash can be performed. I developed a proof-of-concept tool that shows that it is possible to crack an 8 characters long lower case alphabetic password in approximately 5 hours using standard CPUs."


-Source (Threat Post)






SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

11,000 Guild Wars 2 Account Hijacked On a Campaign By Chinese Hackers

Posted by Avik Sarkar On 9/13/2012 11:57:00 pm

11,000 Guild Wars 2 Account Hijacked On a Campaign By Chinese Hackers 

After the security breach on GamigoBlizzard yet again online gamer's have fallen victim to cyber criminals. The second sequel of the popular Guild Wars multiplayer online RPG by ArenaNet has been released less than two weeks ago, and player accounts are already being heavily targeted by what seems to be a dedicated account hijacking campaign coming from China. ArenaNet and publisher NCSoft have been in touch to dispute the number of Guild Wars 2 accounts that have been hacked, saying in a statement: "Over the past three days we've received approximately 8,500 new support tickets related to hacked accounts and other blocking login issues." The accounts of an estimated 11,000 Guild Wars 2 players have been hacked - and developer ArenaNet says they only have themselves to blame for not using unique usernames and passwords. In a post on the official Guild Wars 2 Wiki, the developer says that its customer support team is treating the recovery of hacked accounts as a priority, and urges those who have escaped unscathed to change their passwords as a precaution.
"Hackers have lists of email addresses and passwords taken from other games and websites, and collected through spyware, and are systematically testing Guild Wars 2 looking for matching accounts," the post reads. "To protect yourself, use a strong, unique password for Guild Wars 2 that you've never used anywhere else. "If your current password isn't unique to Guild Wars 2, change it today. Do not under any circumstances use the same password for Guild Wars 2 as you do for your email account. "We've observed hack attempts against hundreds of thousands of accounts that don't even exist. To protect those people in case they purchase Guild Wars 2 and create an account, we will now disallow customers from picking passwords that we've previously seen used in a hack attempt." 
The company has so far received around 11,000 support requests related to hacked accounts, and is likely to receive more as time goes by, Here we want to draw the attention of our readers that not only  Guild Wars  2 players,  In the last few months we have been a slew of attacks against the following sites: YahooLinkedIn, eHarmonyFormspring, Android Forums, GamigoNvidia, Blizzard and  PhilipsEarlier in 2011 we have seen several other gaming sites became victim of cyber attacks, among them there are Square EnixEidosMapleStory & so onSo all customers are advised to change their passwords now to a long and unique one for Guild Wars 2 that they never before used for any other game or website. 


-Source (Edge, Net Security)







SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

FBI Agent's Laptop Hacked, 12 Million Apple UDID Stolen By Anonymous (#FFF)

Posted by Avik Sarkar On 9/04/2012 10:55:00 pm

FBI Agent's Laptop Hacked, 12 Million Apple UDID Stolen By Anonymous (#FFF)

#Antisec an Offshoot part of infamous hacker collective Anonymous claims to have stolen a file from an FBI laptop which contained more than 12 million unique Apple device indentity numbers. The hackers declares this hack as part of their Friday rampage (#FFF) though the breach did not took place on Friday
The data which hackers stole came from a laptop belonging to Supervisor Special Agent at the FBI, Christopher K. StanglStangl, who joined the FBI in 2003 after graduating from Monmouth University, has been with the agency for nine and a half years and won an award in 2010 for helping bust a cyber crime ring. He was also sucked into another Anonymous stunt earlier this year when at least one of their supporters breached an FBI conference call that had been discussing Anonymous and LulzSec. Stangl was listed among those invited into the call, in an e-mail that was posted on PastebinIn a video posted to Facebook in 2009 (and which will likely be getting a lot more views in the coming days), Stangl is shown wearing a dark suit and tie, speaking to the camera, and calling for “cyber security experts” to join the FBI.

According to the hacker :-

"During the second week of March 2012, a Dell Vostro notebook, used by Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team was breached using the AtomicReferenceArray vulnerability on Java, during the shell session some files were downloaded from his Desktop folder one of them with the name of “NCFTA_iOS_devices_intel.csv” turned to be a list of 12,367,232 Apple iOS devices including Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc. the personal details fields referring to people appears many times empty leaving the whole list incompleted on many parts. no other file on the same folder makes mention about this list or its purpose."

The data is just part of a larger database of 12,367,232 UDIDs, and personal information such as full names, cellphone numbers, addresses and zipcodes belonging to Apple customers. The data was allegedly stolen via exploiting a Java vulnerability. In a pastebin note, the hacker posted several download links of the hacked database. Several security experts have already stated that the stolen data is correct. For those you are not familiar with the term UDID -Each iOS device (iPhone, iPad, iPod touch) is assigned a unique alphanumeric number known as a UDID. This was previously used by app developers to track data usage for their apps, until Apple decided to reject any apps which sought to gain access to this number in the most recent official iOS update. As well as believing that the FBI was using these identifiers to track people, though AnticSec, in its missive on Pastebin, said it didn't agree with the idea of hardware coded identifiers anyway: "We always thought it (UDIDs) was a really bad idea. That hardware coded IDs for devices concept should be eradicated from any device on the market in the future." To read the full press release of #Antisec click Here




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

'BackDoor.Wirenet.1' Trojan Stealing Passwords From Mac & Linux Based Systems

Posted by Avik Sarkar On 9/04/2012 03:34:00 pm


'BackDoor.Wirenet.1' Trojan Stealing  Passwords From Mac & Linux Based Systems

A Russian Anti Virus software company named 'Dr Web' has spotted a piece of malware that unusually targeting Macs and Linux-based systems is causing a world of trouble for those in its path. The newly found mlaware dubbed 'BackDoor.Wirenet.1' apparently providing its masters with a backdoor into infected systems. It is also capable of stealing passwords stored in browsers like Chrome, Chromium, Firefox and Opera. Furthermore, it’s also able to obtain passwords from popular applications including SeaMonkey, Pidgin and Thunderbird. Even if you don’t use any of the above mentioned software, you’re still in danger as a keylogger is bundled in the payload. Wirenet.1 installs itself into the user's home directory using the name WIFIADAPT

There are some steps that can be taken right away if you think you could be infected. Dr. Web is quick to point out that their anti-virus software will keep you protected. Another option is to simply disable communication with the control server used by the code’s author. In this case, blocking communication with IP address 212.7.208.65 should do the trick.  

Earlier also Mac users faced such attacks when mac Trojan OSX.SabPub was spreading through Java exploits In 2011 we have also seen OSX/Revir-B trojan was installed behind a PDF, and giving hackers remote access to MAC computers, not only Revier-B also Linux Tsunami trojan Called "Kaiten"targeted Mac OS users in 2011. Also another malware named "Devil Robber" which was also make MAC users victim while stealing their personal information




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Related Posts Plugin for WordPress, Blogger...

Site search