Showing posts sorted by relevance for query Gmail. Sort by date Show all posts
Showing posts sorted by relevance for query Gmail. Sort by date Show all posts

Gmail Hacked!! State-Sponsored Attackers Accessing Millions of Gmail Accounts Illegally

Posted by Avik Sarkar On 6/12/2012 02:30:00 am

Gmail Hacked!! State-Sponsored Attackers Accessing Millions of Gmail Accounts Illegally

This year cyber criminals became very busy while penetrating security systems of many leading Industries. Last week we have seen hackers had managed to steal more than 6.5 million passwords of LinkedIn users. Also this week we have seen popular dating site eHarmony faced cyber attacks which causes serious damages. Now its the turn for Internet giant Google. Hackers have managed to breach the tight security system of Google Mail I mean Gmail. According to last report state-sponsored attackers are accessing millions of Gmail accounts illegally. Google unveiled a new warning system to alert Gmail users when it suspects “state-sponsored” attackers are attempting to compromise their accounts or computers using malicious software. 

Many China-based Gmail users reported received the warning early Wednesday in the form of a banner message at the top of their email accounts. The warning also reportedly appeared on accounts in the U.S. and Japan.
Google says it cannot provide details on how it knows that specific attacks are government-sponsored. But it said “detailed analysis” and “victim reports” strongly suggest the involvement of governments or state-sponsored groups. 
Google VP Security Engineer Eric Grosse wrote, "If you see this warning it does not necessarily mean that your account has been hijacked. It just means that we believe you may be a target, of phishing or malware for example, and that you should take immediate steps to secure your account." However he also makes it clear that if users see that warning, it does not imply "Google's internal systems have been compromised." 
Although Google did not mention any specific governments that may be behind the attacks, many technology analysts suggest it may be another chapter in the long-running dispute between Google and China over censorship and web privacy issues.





SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

FBI Draws Interest on Gmail Hacking

Posted by Avik Sarkar On 6/05/2011 03:34:00 pm

 
The computer phishing scam that Google says originated in China was directed at an unknown number of White House staff officials and set off the FBI inquiry that began this week, according to several administration officials. It is unclear how many White House staff members - or those of other departments in the executive branch - might have been targeted, according to two officials with knowledge of the investigation. But the intended victims ranged across different functions in the White House, and were not limited to those working on national security, economic policy or trade areas that would be of particular interest to the Chinese government.  Administration officials said they had no evidence any confidential information was breached, or even that many people fell for the attack by providing information that would allow a breach of their Gmail accounts. White House classified systems run on dedicated lines and information on those systems, the officials said, cannot be forwarded to Gmail accounts. But investigators are trying to determine if the attackers believed that some staff members or other officials used their personal email accounts for sensitive government communications.
"Right now," said one senior official, "that's a theory, not a fact."
Google disclosed the attack this week and said it targeted not only U.S. government officials, but also human right activists, journalists and South Korea's government. Google tracked the attack to Jinin, China, which is the home to a Chinese military school.
But that does not necessarily mean the attackers were Chinese or related to the government. The Chinese government denied any involvement.
The attack used emails that appeared to be tailored to their targets to better fool their victims, a technique known as spear phishing. Recipients were asked to click on a link to a phony Gmail login page that gave the hackers access to their personal accounts.
The attacks come as the U.S. government considers expanding its use of Web-based software for email, along with word processing, spreadsheets and other kinds of documents. Google is one of the many companies vying for the business with its Apps product, as is Microsoft . Web based email would be vulnerable to hackers who steal login information through phishing attacks. But Web-based systems are not necessarily any easier to hack than traditional email, which a government agency would usually manage using its own servers, said Larry Ponemon, chairman of the Ponemon Institute, a computer security company in Traverse City, Mich.
Jay Carney, the White House press secretary, said Thursday that all White House-related electronic mail was supposed to be conducted on work email accounts to comply with the Presidential Records Act, which governs how those communications are protected and archived. Carney said there was no evidence that any White House accounts were compromised.

White House employees are permitted to have private email accounts, he said, but cannot use them for work purposes. Officials at the White House and other agencies often keep two computers in their offices, one for unclassified work and another for classified. Very senior officials sometimes have a "secure facility" in their homes, in which computers and telephones are on dedicated lines and communications are encrypted.
Given its size, Google and its Gmail system will always make an attractive target.
Other personal email services, including Yahoo and Microsoft's Hotmail, have faced similar attacks, according to Trend Micro , a computer security company in Cupertino, Calif. "The types of attacks that are happening against Web mail users aren't confined to Gmail alone and extend to other email platforms," said Nart Villeneuve, a senior threat researcher for Trend Micro.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Massive Phishing Scheme Originating from China, said Google

Posted by Avik Sarkar On 6/02/2011 03:45:00 am


Hundreds of personal Gmail accounts, including those of some senior U.S. government officials, were hacked as a result of a massive phishing scheme originating from China, Google said Wednesday.The account hijackings were a result of stolen passwords, likely by malware installed on victims' computers or through victims' responses to e-mails from malicious hackers posing as trusted sources. That type of hack is known as phishing. Gmail's security systems themselves were not compromised, Google said.The company believes the phishing attack emanated from Jinan, China. In addition to the U.S. government personnel, other targets included South Korean government officials and federal workers of several other Asian countries, Chinese political activists, military personnel and journalists. The news comes a little more than a year after a separate hack originating from China affected Gmail accounts of Chinese human rights activists. In that case, attackers were able to break through Google's security systems, and two Gmail accounts were hacked.
That cyber attack set off a series of events that eventually led to Google ending its agreement with the Chinese government to censor certain search results, and the company physically moved its servers out of the country.
This time around, the hack appears larger in scope -- but Google itself was not attacked. A person with knowledge of the attack's details said there was no apparent correlation between last year's attack and this one.
A spokesman from Google declined to comment on how the company obtained the information about the most recent hack. Public information, user reports and a third-party hacking blog called Contagio was used to determine the scope, targets and source of the attack.Google (GOOG, Fortune 500) said it notified the victims and disrupted the campaign. The hackers were attempting to monitor the victims' e-mails, and some users' forwarding settings were altered.The company urged users to "please spend ten minutes today taking steps to improve your online security so that you can experience all that the Internet offers -- while also protecting your data." Google provided several examples of how Gmail users can better protect themselves from phishing attacks on its blog, including enabling a setting that allows users to login to their accounts only after receiving a verification code on their phones. The company also suggested that users monitor their settings for suspicious forwarding settings.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

'Newmail' -Microsoft Revamped & Renamed Hotmail To Rival Gmail

Posted by Avik Sarkar On 6/17/2012 02:48:00 am

'Newmail' -Microsoft Revamped & Renamed Hotmail To Rival Gmail

While aiming to bring back millions of users software giant Microsoft is reportedly revamping its popular mail service Hotmail through it's look and features and preparing to re-launch it with the name of 'Newmail'. According to Daily mail- Microsoft is doing so to compete Google's Gmail service which has reached on the second position after Hotmail. It has reached up to 350-million users which was only 260 million in last October while Hotmail has some 360-millions. Microsoft has claimed it has a 'fluid and interactive design', which is expressly designed to work well on mobile devices such as phones or tablets. Newmail is understood to have a 'clean look' when it comes to the font that has been used for the labels in the inbox, which resembles its Google adversary. Newmail will initially be available on an opt-in basis to existing Hotmail customers, but Microsoft has not ruled out making it compulsory in future. The new email service will also be linked to Facebook and Twitter and will allow users to keep their contacts automatically in sync and see what their friends are doing on the service. The new name Newmail, however, appears to be just the title for the service and users will still have @hotmail email addresses.




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Iran Accused of Carrying out Cyber Attacks Against US Banks Over Anti Islamic Movie Issue

Posted by Avik Sarkar On 9/26/2012 01:36:00 am

Iran Accused of Carrying out Cyber Attacks Against US Banks Over Anti Islamic Movie Issue

Since last few days, the conspiracy with the 'Anti Islamic Movie' was the headline in every where. We have seen global violence and a mass protest mainly came from Muslim brotherhood. This protest was also touched the internet, and as expected Muslim hackers joined the movement, which cost many damages for the cyber fence. Thousands of websites became victim of cyber attack, and among them several US banks also faced huge disturbance. This protest takes a new direction when Govt of Iran announced the blockage of Google Inc's search engine and its email service. "Google and Gmail will be filtered throughout the country until further notice," an official identified only by his last name, Khoramabadi, said, without giving further details. The Iranian Students' News Agency (ISNA) said Google ban was connected to the anti-Islamic film posted on the company's YouTube site which has caused outrage throughout the Muslim world. 
This stand of Iran Govt created a controversy, which make them responsible for carrying out cyber attacks against US banks. According to NBC news report US National Security officials accused the Iranian government for engaging cyber attacks against US Banks mainly Bank of America. But when the ball goes to Iran's side then they completely denies the blame, while saying "We officially announce that we haven't had any attacks," This statement came from the Head of Iran's civil defense agency Gholam Reza Jalali when he was asked about the report. The western media reports alleged on Friday that Muslim hackers have repeatedly attacked Bank of America Corp, JPMorgan Chase & Co and Citigroup Inc over the past year as part of a broad cyber campaign targeting the United States. Security sources told Chicago Tribune and NBC News that the attacks on the three largest US banks originated in Iran, but it is not clear if they were launched by the state, groups working on behalf of the government, or "patriotic" citizens. 

Here we want to refresh your memory while digging up a story, when Iran Govt decided a permanent Internet ban in Iran, where Iran Government has announced its plans to establish a National Intranet within five months. The Iranian minister for Information and Communications Technology, announced the setting up of a national Intranet and the effective blockage of services like Google, Gmail, Google Plus, Yahoo and Hotmail, in line with Iran's plan for a "clean Internet." And that five months is almost over, so may be the blockage of Google came due to that reason, or may be not. We suggest our readers that, it will be better if you ask yourself, that whether Iran was indeed responsible for the cyber attack or not??!!


-Source (Reuters, NBC & FARS News Agency)








SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

China Denies hacking-attack claims over Gmail

Posted by Avik Sarkar On 6/03/2011 12:56:00 am


China denied it supports hacking activities and said it is part of global efforts to combat computer security threats Thursday, a day after Google disclosed some of its email users suffered hacking attacks that orginated within the country. Google disclosed Wednesday that personal Gmail accounts of several hundred people, including senior U.S. government officials, military personnel and political activists, had been breached. Google traced the origin of the attacks to Jinan, China, the home city of a military vocational school whose computers were linked to an assault 17 months ago on Google's systems. China is firmly opposed to activities that sabotage Internet and computer security, including hacking, Foreign Ministry spokesman Hong Lei told reporters Thursday. Hong said hacking was a global problem and Chinese networks had also been targeted by hackers, but he gave no specifics. He said China was working to crack down on the problem, but he didn't respond when asked whether it would investigate this specific incident. "Allegations that the Chinese government supports hacking activities are completely unfounded and made with ulterior motives," Hong said. Google said all of the hacking victims have been notified and their accounts have been secured. 

This time around, the hackers appeared to rely on tactics commonly used to fool people into believing they are dealing with someone they know or a company that they trust. Once these "phishing" expeditions get the information needed to break into an email account, the access can be used to send messages that dupe other victims. China's Ministry of Industry and Information Technology, which has a hand in regulating the Internet, referred questions about the allegations to another regulatory agency, the State Council Information Office, which asked that questions be faxed and then did not respond. 
The Pentagon said Thursday it had very little information since the reported breaches involved personal accounts rather than government email. And since the accounts were not official, the U.S. Department of Defense was unaware if the targeted individuals were defense employees, the statement said. 
The latest attacks aren't believed to be tied to the more sophisticated assault last year. That intrusion targeted the Google's own security systems and triggered a high-profile battle with China's Communist government over online censorship. The tensions escalated amid reports that the Chinese government had at least an indirect hand in the hacking attacks, a possibility that Google didn't rule out. 
The previous break-in prompted Google to move its Chinese-language search engine off the mainland so it wouldn't have to censor content that the government didn't want the general public to see. The search engine is now based in Hong Kong, which isn't subject to Beijing's censorship rules. China's official Xinhua News Agency blasted Google in an unsigned commentary on Thursday saying the company "provided no solid proof" to support its claims that the hack attacks originated in China. Xinhua said Google's compaints had "become obstacles for enhancing global trust between stakeholders in cyberspace."

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Google, Yahoo, Microsoft & AOL Jointly Enhancing Agari Anti-Phishing Service

Posted by Avik Sarkar On 12/01/2011 06:07:00 pm


Google, Microsoft, Yahoo, AOL jointly enhancing the Agari anti-phishing service. Google, Microsoft, Yahoo, and AOL are providing metadata from messages that get delivered to their customers to Palo Alto, Calif.-based Agari so it can be used to look for patterns that indicate phishing attacks. Agari collects data from about 1.5 billion messages a day and analyzes them in a cloud-based infrastructure, according to Agari CEO Patrick Peterson.
The company aggregates and analyzes the data and provides it to about 50 e-commerce, financial services and social network customers, including Facebook and YouSendIt, who can then push out authentication policies to the e-mail providers when they see an attack is happening. "Facebook can go into the Agari console and see charts and graphs of all the activity going on in their e-mail channel (on their domains and third-party solutions) and see when an attack is going on in a bar chart of spam hitting Yahoo," for instance, Daniel Raskin, vice president of marketing for Agari, told the media in an interview. "They receive a real-time alert and they can construct a policy to push out to carriers (that says) when you see this thing happening don't deliver it, reject it."
Agari doesn't collect the actual messages, he said. Some e-mail providers will take a message that is failing authentication and provide the malicious URLs in it to Agari to pass on to the company whose name is being used in the phishing messages, Raskin said. "Other than that we don't want to see the content," he said.
Google expects Gmail users to benefit as more mail senders authenticate their messages and implement block policies. "Since 2004 Gmail has supported several authentication standards and developed features to help combat e-mail phishing and fraud," Google Product Manager Adam Dawes said in a statement to. "Proper coordination between senders and receivers is the best way to cut down on the transmission of unauthorized mail, and AGARI's approach helps simplify this process."
Agari, which has been operating in stealth mode since October 2009, rejected more than 1 billion messages across its e-mail partners' networks in a year, according to Peterson, who was with the original management team of e-mail security firm IronPort. IronPort got acquired by Cisco in 2007.  



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Outlook.com -A New Email Service Introduced By Microsoft

Posted by Avik Sarkar On 8/04/2012 02:44:00 am

Outlook.com -A New Email Service Introduced By Microsoft  

After successfully revamping it's popular mail service Hotmail through it's look and features with the name of 'Newmail', now the software giant Microsoft has launched a new email service that shares the name of its famed email software, Outlook. Outlook.com is accessible as a preview now, and anyone can sign up for an account. If you already have a Hotmail or Live email address, you can convert that to an Outlook.com address in the settings now. The old Hotmail/Live address remains active--users will still get mail sent to the old addresses--unless you explicitly choose to delete it. The interface is based on Metro, the user interface you see in Windows Phone and the upcoming Windows 8. This means you get a clean, uncluttered design and simple icons familiar to anyone who has used a Nokia Lumia smartphone. Microsoft is not requiring everyone that has a Hotmail account to switch to the new address, but it seems the plan is to eventually have everyone move over.
Research firm comScore says Hotmail has 41 million monthly unique visitors; AOL, 24 million. That makes them the No. 3 and No. 4 e-mail providers in the U.S., behind Yahoo Mail, with 84 million unique visitors, and Gmail, 68 million. Worldwide, more than 324 million people still use Hotmail monthly, making it the top provider globally. But Hotmail's user base is on the decline.
Like many email clients, you get a list of folders on the left navigation bar. What's interesting is the Quick Views dropdown below the folders, which lets you filter certain kinds of email. By default, it filters emails with documents or photos, flagged messages and those that give you shipping updates. That last one will be useful for those who frequently shop online and are always expecting packages. These categories can be customized to suit your needs.
With Outlook.com, you can also turn on a reading pane that lets you read the message either below or on the right of the email list. As a security measure, it shows a blank message by default, and not the first one in your inbox--you have to explicitly click on a message to show it, reducing the risk of being exposed to malicious emails by accident.
On the far right is an advertisement column. This shows a random selection, unlike Gmail, which uses targeted ads based on the content of your email messages. 
To find out more about the features and design of Outlook.com it will be best if you try it out yourself, just visit www.outlook.com and sign up for an account, or simply switch your current Hotmail/Live email to an Outlook.com one.



-Source (Outlook.com, Cnet)







SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

IE Vulnerability Can Lead to “Cookiejacking”

Posted by Avik Sarkar On 5/26/2011 06:48:00 pm


An independent internet security researcher has revealed that an unpatched vulnerability across all versions of Microsoft’s web browser Internet Explorer (IE) running on any version of Microsoft’s Windows operating system can lead to attacks wherein credentials used in web browsing to access Facebook, Twitter and Gmail accounts are stolen. What’s more, Rosario Valotta, an Italian security expert, says that although his proof of concept code exploits cookies used to access Facebook, Twitter and Gmail accounts, a crafty attacker can possibly exploit the vulnerability to gain access to cookies for virtually any website. In a method he calls “cookiejacking”, Valotta said that the method can be used for “any website” and “any cookie” and that the “limit is just your imagination”, a report from Reuters says. According to the internet security researcher, using the exploit, an attacker can hijack an IE “cookie” which holds credentials to gain access to accounts. Valotta demonstrated his proof of concept code at a security conference held in Amsterdam last week, a report from U.K.’s The Register says.
According to the report, an attacker can use a special iframe tag which is embedded onto a malicious website to take advantage of the exploit. “The attack exploits a vulnerability in the IE security zones feature that allows users to segregate trustworthy websites from those they don’t know or don’t ever want to access,” the publication reports. 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Lightweight Portable Security (LPS)

Posted by Avik Sarkar On 9/30/2011 01:34:00 pm

 
LPS-Remote Access was certified by AFNIC to connect to the GIG for general telecommuting use. Lightweight Portable Security (LPS) creates a secure end node from trusted media on almost any Intel-based computer (PC or Mac). LPS boots a thin Linux operating system from a CD or USB flash stick without mounting a local hard drive. Administrator privileges are not required; nothing is installed. The ATSPI Technology Office created the LPS family to address particular use cases. LPS-Public is a safer, general-purpose solution for using web-based applications. The accredited LPS-Remote Access is only for accessing your organization’s private network.

These are the release notes for Lightweight Portable Security:-
  •     Updated Flash to 10.3.183.10
  •     Added more support for RealTek wireless drivers
  •     Added additional broadband cellular drivers
  •     Added additional SmartCard drivers
  •     Revised About Box to show licensing info
  •     Removed Gmail S/MIME addon, which no longer works with Gmail
  •     Updated Flash to 10.3.183.7
  •     Updated Firefox to 3.6.22
  •     Updated DOD Configuration add-on to 1.3.3
  •     Updated Java to 1.6u27
  •     Updated OpenSSH to 5.9p1
  •     Updated DOD Root CAs
To download Lightweight Portable Security Public Edition Click Here
                                             &
For the Lightweight Portable Security Deluxe Edition Click Here


 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Microsoft Updates Hotmail with more Signature Options & Keyboard Shortcuts

Posted by Avik Sarkar On 6/25/2011 06:38:00 pm



It's not as titillating as the time Microsoft added conversation view to Hotmail, but the outfit didjust freshen up its email service with a handful of helpful tweaks. Topping the list is an assortment of shortcuts, including the ability to right click a message to reply, reply all, or forward (you could already do this for other things, like marking something as unread). Hotmail also now responds to some additional Gmail- and Yahoo Mail-specific keyboard shortcuts, such as "#" for deleting messages -- a Gmail trick. And the company is none too subtle about admitting it wants the service to be user-friendly for folks if -- or when -- they switch from Google or Yahoo. Rounding out the batch of improvements, you get an easy way to recover deleted emails, an improved back button, HTML5-fueled speed improvements, and the option of changing your default font signature -- something we can't believe Hotmail has been missing until now. Hit the source link for the full spill, and find a short demo video after the break. 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Department of Homeland Security (DHS) Said -Cyber Crime is As Threatening As al Qaeda

Posted by Avik Sarkar On 6/12/2012 02:30:00 am

Department of Homeland Security (DHS) Said -Cyber Crime is As Threatening As al Qaeda

The number of organized cyber crime has already kisses the sky. Keeping this scenario in mind Janet Napolitano, Secretary of Homeland Security, said that "the greatest threats in actual activity we've seen aimed at the West and the United States has been in the cyber-arena", in addition to "al Qaeda and al Qaeda-related groups" The comments highlight the increasing trend of political sparring and espionage proliferating on the Web. The Flame virus, believed to be driven by a western government, continues to grab headlines, while he also claimed that Google has introduced a tool to warn users of state-sponsored attacks on their accounts. Though gmail completely denied this blame while saying that Govt hired State-Sponsored attackers who ware accessing millions of Gmail accounts illegally
Napolitano also said the government is taking steps to be "proactive instead of reactive" in combating the new threats, adding that the worldwide cost of tackling cyber-crime - an estimated $388 billion (£250 billion) - is "already outstripping [the cost of tackling] traditional narcotics". 
A White House plan code-named Olympic Games was launched to infect Iran's nuclear program at the beginning of the Obama administration, though Washington denies the Flame virus, also targeting Iran, was part of the project, after it was found to have existed for a number of years.


-Source (IT Portal)
.




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Anonymous Exposed The Private Information of The Special Agent, Officers, Cyber Crime Investigators Of Department Of Justice

Posted by Avik Sarkar On 11/26/2011 04:08:00 pm


The hacktivists claim to have hacked into Baclagan's Gmail account and to have accessed his voicemails and SMS message logs using unspecified techniques as part of their ongoing campaign against law enforcement officials and their "allies" in the computer security industry.
The email dump, released as a torrent last Friday in part of what has become the group's regular FuckFBIFriday release, is also said to contain personal information including Baclagan's home address and phone number. The cache of emails – which according to AntiSec are from the account of Fred Baclagan, a retired special agent supervisor of the Californian Department of Justice – includes 38,000 emails detailing various computer forensic techniques and cybercrime investigation protocols. 
Baclagan told that he was nobody special in the Justice Department ... which is what he would say, of course. He said that he had specialised in identity theft before he retired last year. "I'm really just a nobody," he told the Post, "just a local investigator, not involved in anything dynamic or dramatic

In the Press Release Anon Said:-

################################################################################
#        ANTISEC LEAKS DOJ SPECIAL AGENT SUPERVISOR'S PRIVATE EMAILS,         #
#               IACIS CYBERCRIME INVESTIGATOR COMMUNICATIONS                              #
#         care of the #OCCUPYWALLST CRACKDOWN RETALIATION TASK FORCE         #       
################################################################################

Greetings Pirates, and welcome to another exciting #FuckFBIFriday release.

As part of our ongoing effort to expose and humiliate our white hat enemies, we
targeted a Special Agent Supervisor of the CA Department of Justice in charge of
computer crime investigations. We are leaking over 38,000 private emails which
contain detailed computer forensics techniques, investigation protocols as well
as highly embarrassing personal information. We are confident these gifts will 
bring smiles to the faces of our black hat brothers and sisters (especially 
those who have been targeted by these scurvy dogs) while also making a mockery 
of "security professionals" who whore their "skills" to law enforcement to 
protect tyrannical corporativism and the status quo we aim to destroy.

We hijacked two gmail accounts belonging to Fred Baclagan, who has been a cop
for 20 years, dumping his private email correspondence as well as several dozen 
voicemails and SMS text message logs. While just yesterday Fred was having a 
private BBQ with his CATCHTEAM high computer crime task force friends, we were 
reviewing their detailed internal operation plans and procedure documents. We 
also couldn't overlook the boatloads of embarrassing personal information about 
our cop friend Fred. We lulzed as we listened to angry voicemails from his 
estranged wives and ex-girlfriends while also reading his conversations with 
girls who responded to his "man seeking woman" craigslist ads. We turned on his 
google web history and watched him look up linux command line basics, golfing 
tutorials, and terrible youtube music videos. We also abused his google 
voice account, making sure Fred's friends and family knew how hard he was owned.

Possibly the most interesting content in his emails are the IACIS.com internal
email list archives (2005-2011) which detail the methods and tactics cybercrime 
units use to gather electronic evidence, conduct investigations and make 
arrests. The information in these emails will prove essential to those who want 
to protect themselves from the techniques and procedures cyber crime 
investigators use to build cases. If you have ever been busted for computer 
crimes, you should check to see if your case is being discussed here. There are 
discussions about using EnCase forensic software, attempts to crack TrueCrypt 
encrypted drives, sniffing wireless traffic in mobile surveillance vehicles, how 
to best prepare search warrants and subpoenas, and a whole lot of clueless 
people asking questions on how to use basic software like FTP. In the end, we
rickrolled the entire IACIS list, causing the administrators to panic and shut
their list and websites down.

These cybercrime investigators are supposed to be the cream of the crop, but we
reveal the totality of their ignorance of all matters related to computer
security. For months, we have owned several dozen white hat and law enforcement
targets-- getting in and out of whichever high profile government and corporate
system we please and despite all the active FBI investigations and several
billion dollars of funding, they have not been able to stop us or get anywhere
near us. Even worse, they bust a few dozen people who are allegedly part of an
"anonymous computer hacking conspiracy" but who have only used 
kindergarten-level DDOS tools-- this isn't even hacking, but a form of
electronic civil disobedience. 

We often hear these "professionals" preach about "full-disclosure," but we are
sure these people are angrily sending out DMCA takedown notices and serving
subpoenas as we speak. They call us criminals, script kiddies, and terrorists, 
but their entire livelihood depends on us, trying desperately to study our 
techniques and failing miserably at preventing future attacks. See we're cut 
from an entirely different kind of cloth. Corporate security professionals like
Thomas Ryan and Aaron Barr think they're doing something noble by "leaking" the
public email discussion lists of Occupy Wall Street and profiling the "leaders"
of Anonymous. Wannabe player haters drop shitty dox and leak partial chat logs
about other hackers, doing free work for law enforcement. Then you got people 
like Peiter "Mudge" Zatko who back in the day used to be old school l0pht/cDc 
only now to sell out to DARPA going around to hacker conventions encouraging 
others to work for the feds. Let this be a warning to aspiring white hat 
"hacker" sellouts and police collaborators: stay out the game or get owned and 
exposed. You want to keep mass arresting and brutalizing the 99%? We'll have to 
keep owning your boxes and torrenting your mail spools, plastering your personal 
information all over teh internets.

Hackers, join us and rise up against our common oppressors - the white hats, the 
1%'s 'private' police, the corrupt banks and corporations and make 2011 the year 
of leaks and revolutions! 

We are Anti-Security,
We are the 99%
We do not forgive.
We do not forget.
Expect Us!

For More information Click Here


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

New Hacking Alert System Introduced By Hotmail

Posted by Avik Sarkar On 7/15/2011 04:49:00 pm



Microsoft on Thursday introduces a hacking alert system to its Windows Live Hotmail email service alongside banning common passwords. "When someone's account gets hijacked, their friends often find out before they do, because the hijacker uses their account to send spam or phishing email to all their contacts," said Microsoft in a blog post.
The new security feature adds a "My friend's been hacked!" option in the "mark as" menu in Hotmail and also enables users to report hacked accounts via the junk mail filing screen. Then an alert will be sent to Microsoft, which will "make sure the account can no longer be used by spammers and activates an account recovery process to allow the owner to take back control the accounts." Users can report any email account as compromised and Hotmail will provide the information to other email providers like Yahoo! and Gmail, said the blog. Meanwhile, Microsoft said Hotmail will roll out a feature to prevent users from choosing commonly used and weak passwords, such as "123456," "ilovecats" and "gogiants." Users who currently use a weak password will be asked to change to a stronger one in the future.
Hotmail, first launched in July 1996, is one of the first free email providers, and was acquired by Microsoft in 1997 for an estimated 400 million U.S. dollars. According to statistics released by comScore last August, Hotmail was then the world's largest web-based email service with around 364 million users, followed by Yahoo! Mail (280 million) and Gmail (191 million).

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Spear phishing attacks spread to Hotmail and Yahoo Mail

Posted by Avik Sarkar On 6/04/2011 04:50:00 pm



Security researchers have uncovered a new set of targeted phishing attacks on users of the Microsoft Hotmail and Yahoo Mail services.
Trend Micro is reporting a set of targeted attacks which the company believes are part of a larger campaign to compromise systems and access user data. The company said that the attacks included both malicious file attachments, as well as attempts to exploit flaws in the webmail services themselves to harvest user credentials. Trend Micro senior threat researcher Nart Villeneuve told V3.co.uk that the attackers attempted to exploit cross-site scripting (CSS) flaws in both platforms, as well as use specially-crafted Word documents containing malware. In the case of Yahoo Mail, however, things did not go quite as planned.
"They were trying to exploit a CSS vulnerability in Yahoo Webmail to steal the cookies, so they could have access to that session, but their code didn't actually work," he explained.
Trend's report comes just days after Google reported a series of attacks on its Gmail service, which targeted the accounts of both government officials and political activist groups.
Villeneuve said that while there was similarity in the attacks, the company could not find evidence directly linking the Hotmail and Yahoo Mail operations to the Gmail incident.
In a statement provided to V3.co.uk, Microsoft safety services general manager John Scarrow said that the company did not find any evidence that Hotmail was being targeted by the operation.
"Microsoft is not aware of any Hotmail customers being targeted by the specific phishing attacks that occurred earlier this week," Scarrow said.
"However, phishing attacks and other forms of abuse are a persistent industry challenge."
At the time of publication, Yahoo had yet to respond to a request for comment on the report.
To help prevent users from falling victim to targeted attacks, Villeneuve suggested that users keep a careful eye on emails which claim to be from colleagues. He noted that clues such as grammatical errors and unusual data requests will often give away a phishing attempt.
"Once users are aware that these attacks do happen they can look for things that don't exactly make sense," he said.
"Little tricks like that can help users initially decide to treat an email with a little bit of suspicion."

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Google Vs. Microsoft (For Cloud)

Posted by Avik Sarkar On 5/25/2011 07:19:00 pm


Google has locked horns with Microsoft in a high-stakes showdown to dominate what could be the next great mother lode of Internet-derived profits. Each is seeking to attract businesses to lease its hosted versions of essential communications and office programs, instead of maintaining these basic tools in house. It's an emerging form of digital office outsourcing — often referred to as cloud computing — one which Microsoft's outspoken CEO, Steve Ballmer, has vowed to own. "At Microsoft, for the cloud, we're all in," Ballmer told an auditorium full of University of Washington computer science students last spring. "It's just a great time to be all-in and really drive the next generation of technology advances." The software giant recently released a near-final test version of Office 365, a hybrid of its ubiquitous productivity software suite. Tuned for the Internet, Office 365 extends the slow-but-steady advances the company has been making since 2002 in delivering business programs over the Web, much as a utility delivers water or electricity. But now that's being challenged again by search-advertising company Google. At its recent Google I/O developer conference, Google made a move to steal some of Ballmer's thunder. There, Google unveiled Chromebooks, stripped-down computers optimized to run its hosted messaging, calendaring and collaboration tools. "Chromebooks is actually a huge leap forward for cloud computing," says Dave Girouard, Google's president of enterprise. "We're excited about putting more pieces of the puzzle together. Our aim is to be No.1 in cloud computing." Delivering software over the Internet is nothing new. Cloud computing occurs when an individual accesses services housed on a third-party server rather than a local PC. Consumers use cloud computing with free Web mail services and popular social-networking sites. The race among Amazon, Google and Apple to popularize cloud-based storage of your music collection is yet another example. And Salesforce.com and NetSuite have long supplied businesses with specialized customer relationship management and bookkeeping programs as hosted services. Yet, a confluence of developments has buoyed the big pushes by Microsoft and Google to extend cloud computing to basic workplace tools: e-mail, messaging, calendaring, word processing, spreadsheets, slide presentations and file sharing. Many companies that hunkered down during the recession are eager to refresh aging systems. Security has become a major pain, and everything is getting more complex as mobile-device use rises. And capital spending budgets are as tight as ever. A desire to become more efficient and reduce long-term costs was identified as an influential factor by 60% of information technology buyers from government agencies recently surveyed by CompTIA, a non-profit association for IT pros. For the tech companies wrestling for the future of office software, the stakes are high. Tech researcher Gartner forecasts that global spending on e-mail, collaboration and cloud-based applications will more than double to $20.7 billion by 2014, up from $9.8 billion this year. 


Cloud savings 
Now cloud computing is getting a second look by often-conservative IT buyers because Internet connectivity has become ubiquitous, and data storage, dirt cheap, says Wes Miller, industry analyst at research firm Directions on Microsoft. "But the real reason people are flocking to it has to do with saving money, whether directly or indirectly." In many cases, the first basic tool companies look to outsource is e-mail. Shane Ochotny, tech architect at Tampa General Hospital, had four technicians working full time maintaining e-mail for 7,000 employees, including 1,000 physicians, spread through the hospital, a clinic and separate administrative offices. After testing several hosted e-mail services, including Google's Gmail, Ochotny chose to outsource e-mail, instant messaging and video conferencing to Microsoft; the software giant first began offering hosted e-mail in 2002, and it added other services in 2005 and 2008. That freed four technicians to create a customized program that provides instant e-mail access to new workers. Next up for the hospital's techs: developing a way to integrate video conferencing with instant messaging and voice over Internet. While some analysts worry that cloud outsourcing will ultimately cut employment, Tampa General's experience is likely more the norm. "Moving stuff that isn't central to the business into the cloud frees up IT people to work on systems that are central," says Rob Helm, analyst at Directions on Microsoft. The hospital is one of the early testers of Office 365, which features a lightweight version of Office that can be accessed by workers from any device with an Internet browser. Ochotny is prepping a test to see if Microsoft's approach to cloud computing — which continues to require traditional desktop PC software in combination with new hosted services — can be tweaked to let doctors and nurses instant message each other on their iPhones, as well as BlackBerry, Android and Windows Phone 7 smartphones. "Since we spend less time on maintenance, we can focus on innovation and better use of existing tools," says Ochotny. Microsoft's huge advantage over Google: "The sheer number of companies of literally every size for whom Office is the de facto productivity suite," says Charles King, principal analyst at Pund-IT. "After years of fumbling with its online strategy, Microsoft now has a viable plan with Office 365 to entice enterprises to dip a toe in." 


Google’s cloud 
Google's strategy is 100% cloud-based. Basic versions of Gmail and its office productivity suite, Google Apps, are free to consumers; businesses pay a monthly per-user fee for commercial versions. It all runs through a Web browser on servers owned and maintained by Google. This arrangement works especially well for businesses looking to extend Internet communications and file sharing to managers in far-flung operations or to workers on the factory floor or out in the field. Jason's Deli, a Beaumont, Texas-based restaurant chain, uses Google Docs to schedule meetings, share reports and plan events among managers working in 230 eateries, five corporate offices and two food distribution hubs. "Our use cases are wide and varied," says Kevin Verde, chief information officer of Jason's Deli. "We currently have 10,000 documents that our users are collaborating on using Google Docs." When Google approached Jason's Deli about testing Chromebooks, Verde says, he was skeptical that a device built solely to access a Web browser, and which could not store files nor run applications as a tablet or laptop PC could, would prove useful. But he distributed test models to sales reps who spend all day pitching catering services to schools, churches and local businesses. He was pleasantly surprised. Using Chromebooks, the reps could tap into spreadsheets and monitor successful sales campaigns in other regions. They could access customer relationship management programs hosted by Salesforce.com. Verde is now a Chromebook fan. "The administration side of the Chromebook is almost effortless, and that is a big deal for corporate IT," he says. But can Google make any meaningful encroachment on Microsoft's turf? Chromebook, while intriguing, is going head-to-head against tablets and netbooks, priced roughly the same. "The competitive landscape has been complicated by the emergence of tablets, particularly the iPad," analyst King says. "Though tablets essentially offer the same browser-centric experience Google is promoting, they also enhance the user experience via a wide variety of apps." Google remains undaunted. In an effort to entice Microsoft Office fans to give Google Docs a whirl, the search giant in March 2010 reportedly spent $25 million to acquire start-up DocVerse, launched by two former Microsoft engineers. DocVerse subsequently came out in February as Google Connect, a free browser plug-in that lets users access Microsoft Office files using Google Apps. "It really knocks down some of the last reasons people have for not wanting to use Google," says Girouard. "This makes it easier." Microsoft swiftly counterpunched., with officials lambasting Google Connect in the tech media for ruining the formatting of complicated Office docs. Lately, they've been spinning Connect as a concession that Office cannot be displaced. "Google was trying to shoehorn a consumer offering, Google Apps, into an enterprise value proposition, by telling customers, 'You don't need Office anymore,'" says Tim O'Brien, general manager of Microsoft's platform strategy. "That strategy failed. So now they've changed tack and are telling customers, 'We don't think Office is going anywhere soon, so let us show you how our product can work alongside of it.'" Maybe, but Microsoft can't get complacent, analysts say. Google claims more than 30 million "active users" of Google Apps at some 3million businesses, with more than 3,000 new sign-ups every day. That includes midsize companies, such as Virgin America and National Geographic, and a few large ones, such as Jaguar Land Rover, Motorola andInterContinental Hotels. "Google is a serious wannabe contender," says King. "The search giant has to be taken seriously if only because it has deep pockets and a strong will."

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Brazilian ISP Under Massive DNS Poisoning Attack, Redirecting Users To Malicious Sites

Posted by Avik Sarkar On 11/09/2011 10:28:00 pm


Major Cyber Attack on Brazilian Internet Services Provider. The attackers are performing massive DNS poisoning attack to redirect their account holders into the malicious websites. 

According to Kaspersky's SecureList:-
"In the past few days several Brazilian ISPs have fallen victim to a series of DNS cache poisoning attacks. These attacks see users being redirected to install malware before connecting to popular sites. Some incidents have also featured attacks on network devices, where routers or modems are compromised remotely. Brazil has some big ISPs. Official statistics suggest the country has 73 million computers connected to the Internet, and the major ISPs average 3 or 4 million customers each. If a cybercriminal can change the DNS cache in just one server, the number of potential victims is huge.
Last week Brazil’s web forums were alive with desperate cries for help from users who faced malicious redirections when trying to access websites such as YouTube, Gmail and Hotmail, as well as local market leaders including Uol, Terra and Globo. In all cases, users were asked to run a malicious file as soon as the website opened..."'


For more information click Here


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

THC-IPv6 Attack Toolkit, A Tool to Attack the Inherent Protocol Weaknesses of IPV6 & ICMP6

Posted by Avik Sarkar On 10/13/2012 01:26:00 am


THC-IPv6 Attack Toolkit, A Tool to Attack the Inherent Protocol Weaknesses of IPV6 & ICMP6

German hackers group, widely known as THC -The Hacker's Choice released an comprehensive attack toolkit for the IPv6 protocol suite named 'THC-IPv6 Attack Toolkit'. THC is the first group who is releasing such attacking tool for IPv6 protocol. According to the release note this is  a complete tool set to attack the inherent protocol weaknesses of IPV6 and ICMP6, and includes an easy to use packet factory library. It comprises of state-of-the-art tools for alive scanning, man-in-the-middle attacks, denial-of-service etc. which exploits inherent vulnerabilities in IPv6. 

Features at a Glance:- 
  • parasite6: icmp neighbor solitication/advertisement spoofer, puts you as man-in-the-middle, same as ARP mitm (and parasite)
  • alive6: an effective alive scanng, which will detect all systems listening to this address
  • dnsdict6: parallized dns ipv6 dictionary bruteforcer
  • fake_router6: announce yourself as a router on the network, with the highest priority
  • redir6: redirect traffic to you intelligently (man-in-the-middle) with a clever icmp6 redirect spoofer
  • toobig6: mtu decreaser with the same intelligence as redir6
  • detect-new-ip6: detect new ip6 devices which join the network, you can run a script to automatically scan these systems etc.
  • dos-new-ip6: detect new ip6 devices and tell them that their chosen IP collides on the network (DOS).
  • trace6: very fast traceroute6 with supports ICMP6 echo request and TCP-SYN
  • flood_router6: flood a target with random router advertisements
  • flood_advertise6: flood a target with random neighbor advertisements
  • exploit6: known ipv6 vulnerabilities to test against a target
  • denial6: a collection of denial-of-service tests againsts a target
  • fuzz_ip6: fuzzer for ipv6
  • implementation6: performs various implementation checks on ipv6
  • implementation6d: listen daemon for implementation6 to check behind a fw
  • fake_mld6: announce yourself in a multicast group of your choice on the net
  • fake_mld26: same but for MLDv2
  • fake_mldrouter6: fake MLD router messages
  • fake_mipv6: steal a mobile IP to yours if IPSEC is not needed for authentication
  • fake_advertiser6: announce yourself on the network
  • smurf6: local smurfer
  • rsmurf6: remote smurfer, known to work only against linux at the moment
  • sendpees6: a tool by willdamn(ad)gmail.com, which generates a neighbor solicitation requests with a lot of CGAs (crypto stuff ;-) to keep the CPU busy. nice.
  • thcping6: sends a hand crafted ping6 packet [and about 25 more tools for you to discover]
For detailed information about the usage, library interface & so on click here. To Download THC-IPv6 Attack Toolkit Click Here (Linux Only). For those who are hearing the name THC first time, we want to give you reminder that before this tool, this German hackers group published few other hack tools like Hydra (Fastest Login Cracker), THC SSL Dos and so on. 






SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Ubuntu 11.04 ('Natty Narwhal') Revealed

Posted by Avik Sarkar On 4/25/2011 12:05:00 am

Ubuntu Logo
Canonical today announced the imminent availability of the latest version of its popular Linux distribution, Ubuntu. Version 11.04 of the software, nicknamed "Natty Narwhal," will be available for download on Ubuntu.com beginning April 28.
The release is notable primarily for integrating the Unity interface, which appeared in theNetbook Edition of Ubuntu 10.10, released in October. Unity is a cleaner, pared-down interface, inspired by smartphone and tablet operating systems, that is designed to maximize functionality on both smaller and touch-enabled screens.
In Unity, the program launcher is located on the left side of the screen, and configurable with whatever programs the user anticipates needing or wanting on a regular basis. Programs may be dragged to it, and locked there permanently or removed at any time. (In these ways, the launcher very much resembles the Windows 7 taskbar.)
Because Unity can be graphics-intensive, if the user does not have a supported video card, the traditional version of Ubuntu will automatically start instead.
In addition to the Unity interface, Ubuntu 11.04 also revamps search, basing it on Web-based search engines such as Google, making it quicker and easier to find applications, music, video, and other kinds of files, all from the same field.
Also the subject of improvements is the Ubuntu Software Center, which is used to download free or paid applications from the many available online. It has been integrated with the program launcher, which lets users add new applications with a minimum number of clicks, and instantly see reviews or ratings of added software. Users will also see programs they have most recently installed or most frequently used, and receive suggestions for similar apps to download.
Touch screens receive extra support in Ubuntu 11.04 as well, with gestures capable of triggering scrolling, workspace switching, and expanding and contracting screens.
Additional enhancements to Ubuntu 11.04 include a "global menu" that contains most preinstalled apps in one place at the top of the display. Menus are displayed only when needed. Switching between multiple screens (or workspaces) is even easier, and new keyboard shortcuts simplify navigation between windows and workspaces. Volume adjustments, queuing and playing files, and other music functions may be accessed from the volume indicator, without having to enter the music player. Users of the Ubuntu One cloud file-sharing service may now also access files via their Android devices, import contacts from Facebook and sync them with Gmail, and take advantage of improved music streaming with better playlist management and a wider range of supported file formats.
"This release breaks new ground for Ubuntu by offering users a PC experience that is stylish and efficient," Canonical chief executive Jane Silber said in a statemment. "With this release Ubuntu will recruit an entirely new wave of users to free software. Ubuntu 11.04 is a high watermark for what has been achieved with open-source technologies for the everyday computer user."
If you're interested in "test driving" Ubuntu 11.04, you may do so within your Web browser at ubuntu.com—no downloads required.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Related Posts Plugin for WordPress, Blogger...

Site search