NASA Sub-domain is Vulnerable Allowing Information Disclosure

NASA Sub-domain is Vulnerable Allowing Serious Information Disclosure

National Aeronautics and Space Administration, widely known as NASA used to fascinate the hackers to come and breach its security system. Many of our readers may be astonished after reading the above lines, but its a fact and history is the witness of that. So far NASA have been targeted several times, where hackers have figured out vulnerability and penetrated the digital security. Yet again same thing happened to NASA, when an ethical hacker from India going by the name of "Zero Cool" find out serious loopholes in one of the sub-domain of NASA, which could lead sensitive information disclosure. The hacker shared a vulnerability report with us, where he has shown that, exploiting the vulnerability one malicious attacker can easily extract lots of confidential data from NASA server, such as source code of various programs (used by NASA), current project information, future research paper, topological graph, license information, several executable files, .dll files, private application software & it's source codes, employ details and many more highly confidential or in other word "Top Secrete" data and files. For security and privacy purpose we are not disclosing those vulnerable links, but exclusively for VOGH readers we are sharing few images to justify the fact. 

This vulnerability report has already been submitted to NASA, and as expected they immediately reacted and promised to path those loopholes with immediate effect. While talking about the ethical hacker "Zero" we would like to remind you that, before this NASA vulnerability disclosure, he exposed several vulnerabilities among many major and high profile websites such as Facebook, Reebok,Indiagames, mtv, lapdonline, UNESCO, Toshiba, Discovery.com, Novell.com, Microsoft Store India, several Pakistani  and Bangladeshi Govt websites and many more.  

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">NASA Sub-domain is Vulnerable Allowing Information Disclosure"https://www.voiceofgreyhat.com/2013/02/NASA-Sub-domain-is-Vulnerable.html?m=0</a>

VMware Confirmed: The Source Code of ESX kernel Was Indeed Stolen By Hackers

VMware Confirmed: The Source Code of ESX kernel Was Indeed Stolen By Hackers

VMware, the global leader in virtualization and cloud infrastructure again faced cyber attack. Earlier in this year a hacker named "Hardcore Charlie" had stolen files from its ESX server hypervisor source code has been posted online. In that attack the hacker managed to steal more than 300MB source code of  VMWare products. Here also after 6 months another hacker named Stun (57UN) claiming to be affiliated with hacker collective Anonymous managed to hack the source code of VMware's ESX kernel. Immediately after the breach the hacker tweeted a link to a torrent site hosting the stolen VMkernel source code. In their official blog post VMware director of platform security Iain Mulholland acknowledged the breach on Sunday and confirmed the source code was indeed stolen. But VMware also confirmed that leaked is source code that dates back to 1998-2004 which was previously leaked Hardcore Charlie. VMware also said that it is investigating what actions to take next. The torrent file posted by 57UN is leading to download you the source code of VMware ESX, that is sized almost 2MB. 

In a security note VMware said- "our security team became aware of the public posting of VMware ESX source code dating back to 2004. This source code is related to the source code posted publicly on April 23, 2012. It is possible that more related files will be posted in the future. We take customer security seriously and have engaged our VMware Security Response Center to thoroughly investigate. Ensuring customer security is our top priority. As a matter of best practices with respect to security, VMware strongly encourages all customers to apply the latest product updates and security patches made available for their specific environment. We also recommend customers review our security hardening guides. By applying the combination of the most current product updates and the relevant security patches, we believe our customer environments will be best protected. As is our practice, VMware will continue to assess any further security risks, and will provide recommendations and updates here as appropriate..." VMware also encouraged its customers to view the May 3, 2012 security patch information as a resource.

While talking about source code leak, we want to remind you that couple of months ago this hacker (57UN) stolen the source code of Skype. Also earlier in 2012 another hacker group named  The Lords of Dharmaraja has managed to steal the source code of Norton Symantec. 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">VMware Confirmed: The Source Code of ESX kernel Was Indeed Stolen By Hackers"https://www.voiceofgreyhat.com/2012/11/Sourcecode-of-VMware-ESX-kernel-Stolen.html?m=0</a>

Reverse Engineered Source Code of Skype Allegedly Stolen & Exposed

Reverse Engineered Source Code of Skype Allegedly Stolen & Exposed 

After VMWare & Norton's Symantec now another big fish -Skype get caught among the list of those whose source code has been allegedly stolen. An Anonymous affiliated hacker named "57UN" also known as 'Stun' claims to have stolen the source code which he made public. From this leak several fact come in front, according to the hacker the Federal Authorities uses skype for surveillance, in his twitter the hacker said - "Oh and the FBI uses #Skype as a surveillance tool?! #Lulz?! Privacy my ass! Wake up people!..." He added "#Skype & privacy?! Yeah! Did you know that #Microsoft works with each and every government, for instance in #Tunisia!..." 

In his release on Pastebay Stun said- 

"AFTER MICROSOFT ACQUIRING SKYPE FOR 8.5 BILLION DOLLARS AND PROCEEDING TO ADD BACK DOORS FOR GOVERNMENT TO THE PROGRAM, THE SOFTWARE HAS BEEN HACKED AND IT'S SOURCE CODE RELEASED

Skype1.4_binaries

http://thepiratebay.se/torrent/6442887

SkypeKit_sdk+runtimes_370_412.zip

skypekit binaries for Windows and x86_Linux + SDK

http://thepiratebay.se/torrent/7190651/

skype55_59_deobfuscated_binaries (Windows)

http://thepiratebay.se/torrent/7238404/

http://twitter.com/57UN

#Anonymous #Antisec #PoliceState #SecurityState #OpenSource ..."

However, experts state that the source code published by the hacker is actually the one leaked some time ago by a researcher who reverse engineered the Windows binaries. According to security researcher Janne Ahlberg “I managed to get a copy of the file ‘skype55_59_deobfuscated’ from May. It is not Skype source code, but a reverse engineered version of the Windows binaries. The tool used in reverse engineering seems to be IDA disassembler/debugger” 

So far 3 torrent files being released which include a reversed engineered copy of the skype protocol, the source development kit(sdk) and needed runtime and de-obfuscated, unpacked Skype 5.5 and 5.9 binaries for Windows. 

-Source (Softpedia) 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Reverse Engineered Source Code of Skype Allegedly Stolen & Exposed"https://www.voiceofgreyhat.com/2012/07/SkypeSourceCodeLeaked.html?m=0</a>