TCHunt: Detect Encrypted TrueCrypt Volumes!

As we know, TrueCrypt is a free and open-source disk encryption software for Windows 7/Vista/XP, Mac OS X, and Linux. It does so by creating a virtual encrypted disk within a file and mounts it as a real disk. The reason we are mentioning aboutTrueCrypt is because of TCHunt – an open source application to detect most encrypted TrueCryptvolumes.

Since TrueCrypt is very stable and does it’s job as it says, it is used by almost everyone who wants to deny unauthorized access to their data. It allows you to use keyfiles that stop basic keyloggers, supports automatic unmounting after timeouts, etc. However, this also brings in the “bad guys” who hide behind such legitimate software to protect themselves. It does become really difficult while forensically investigating a TC encrypted drive. This is where TCHunt comes in handy. TCHunt allows you to search for file  with the following attributes :

1. The suspect file size modulo 512 must equal zero.
2. The suspect file size is at least 19 KB in size (although in practice this is set to 5 MB).
3. The suspect file contents pass a chi-square distribution test.
4. The suspect file must not contain a common file header.

TCHunt also seems very robust. Only, if a volume happen to be created with a common file header, then TCHunt would not find that volume. Even if someone were to rename your encrypted TrueCryptvolumes and hide them among millions of files of similar size, file extension, modification time, etc., TCHunt would quickly and accurately find the actual encrypted volumes! That’s not all! TCHunt completely ignores file names and file extensions. Owing to this, TCHunt can still find encrypted volumes that lack file extensions or have fictitious file extensions! You can employ TCHunt to locate encrypted sparse volumes and encrypted hidden volumes too!

TCHunt can run on Windows XP or newer Windows operating systems. Best of all, it is a self-contained, standalone program, that does not need any additional dependencies and can be used from a floppy disk, USB drive or CD/DVD! Just take care while compiling from the source code that you link the source with boost and FLTK libraries.

Download TCHunt v1.5 (TCHunt-1.5-en.exe/TCHunt-1.5-en.lin) here.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">TCHunt: Detect Encrypted TrueCrypt Volumes!"https://www.voiceofgreyhat.com/2011/04/tchunt-detect-encrypted-truecrypt.html</a>

Spyware, Trojans Exploits iTunes & Gaining Access To Computers

A remote monitoring software" developed in Germany is designed to exploit a vulnerability in iTunes in order to infect target computers. An IT monitoring company advertises its ability to distribute spyware software for government agencies using fake iTunes updates. Apple iTunes has been rectified and closed a security hole. The exploit in question relies on the fact that, assuming Apple Software Updater is not active, iTunes uses an unencrypted HTTP request to query for the URL for the latest version of the program from the Apple server. Because the query is unencrypted, this URL could be modified. If a user were to respond to an iTunes update message, they could then be taken to a crafted web page intended to install the "remote monitoring tool" onto their computer. For the redirection to work, however, a Gamma customer would need to be able to actively interfere with the network, limiting its use to entities such as ISPs acting under government orders.

iTunes update to play Trojans :-

Unlike their Italian rivals of the company hacking team, which campaigned in Berlin also to new customers, the gamma-people even ensures that journalists had to leave before the presentation of their "Managing Directors" the hall. The fear has obviously good reasons: Gamma seems to operate at FinFisher dubious methods - that suggests marketing material SPIEGEL has obtained. After that, the authorities offered and government software works similarly to that of computer criminals who should be fought with it.

Apparently, it is clear from FinFisher promotional videos, for example, the software uses Apple's popular iTunes media supermarket to load with a fake software updates FinFisher-sniffing software on the computers of suspects.

The demand for surveillance technology for the Internet, such as the Gamma International Ltd. and hacking demonstration team in Berlin and they peddled, has risen significantly in recent years internationally. Security agencies worldwide are faced with the problem that increasingly suspicious encrypted communication over the Internet. Agreements, the suspects met earlier on relatively simple to intercept landline telephones or mobile phones to run, now increasingly encrypted Internet telephony services like Skype or encrypted computer chat. Authorities often get only with how to arrange suspects via cell phone to the next encrypted chat.

This issue promises companies like Gamma International Ltd. and hacking team to solve. However, this kind targeted surveillance measures are not easy to implement: Listening encrypted communication is only possible if it occurs before encryption. This software must be installed, the conversations, emails or chats ausleitet unnoticed on the computers of suspects - unencrypted to the security authorities. In plain English: the authorities have to hack into the computers of suspects. 

-News Source (Spiegel Online)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Spyware, Trojans Exploits iTunes & Gaining Access To Computers"https://www.voiceofgreyhat.com/2011/11/spyware-trojans-exploits-itunes-gaining.html</a>

TrueCrypt 7.1

TrueCrypt is a software system for establishing and maintaining an on-the-fly-encrypted volume (data storage device). On-the-fly encryption means that data is automatically encrypted right before it is saved and decrypted right after it is loaded, without any user intervention. No data stored on an encrypted volume can be read (decrypted) without using the correct password/keyfile(s) or correct encryption keys. Entire file system is encrypted (e.g., file names, folder names, contents of every file, free space, meta data, etc)

This is the official change log for TrueCrypt v7.1:

• Full compatibility with 64-bit and 32-bit Mac OS X 10.7 Lion

• Minor improvements and bug fixes  (Windows, Mac OS X, and Linux)

To Download TrueCrypt 7.1 Click Here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">TrueCrypt 7.1"https://www.voiceofgreyhat.com/2011/09/truecrypt-71.html</a>

WikiLeaks Launched Wlfriends.org - New Encrypted Social Network

WikiLeaks Launched Wlfriends.org - New Encrypted Social Network

WikiLeaks Twitter feed announced on 20 May 2012 that the WL Friends/Friends of WikiLeaks (FoWL) network is ready to launch an 'encrypted Facebook' as the whistleblowing website claims that Facebook sells users' information to governments. Wikileaks also criticize Facebook recently came out in support of CISPA, a proposed US law that infringes on privacy and freedom of speech. So WL claimed that from now onwards Facebook cannot be trusted any more.

In the press release WL said- "FoWL is currently in its beta stage. This means that people from all over the world are registering to be part of this network to support WikiLeaks. For some time, nothing else will happen - we need the network to be of a certain size before we can start introducing you to candidate friends. Registering now will allow you to be a part of the network before the beta stage network gets full. As soon as we are ready to give you some candidate friends we will let you know."

One WikiLeaks tweet noted that "Facebook sells your information to governments, is lauded by MSM. WikiLeaks gives government information to you for free and we're terrorists". Following this statement, WikiLeaks tweeted a dozen reasons why this new site is better than Facebook.

Reasons:- 

1. WL Friends introduces you to people you want to know, but don't know yet. Facebook connects you to people you already know - no point.
2. Facebook is a mass surveillance tool. You put your friends into it, you betray your friends. Do friends betray friends? WL Friends doesn't know your friends. It introduces you to new friends.
3. Facebook records everything you do, hands it over to the US government and corporations. WL Friends doesn't.
4. WL Friends keeps your data so encrypted, not even the system admins can decrypt it. You and your friends decrypt on login automatically.
5. WL Friends uses military grade cryptography and the best industry standards (OpenPGP + Elliptic Curves).
6. WL Friends even uses homomorphic encryption for certain operations so WL Friends doesn't even know how many friends you have.
7. The more you use WL Friends, the less you use WL Friends. WL Friends is designed to build, not control, a robust network of shared value.
8. WL Friends is designed for more than just WikiLeaks. It is a general solution to build a robust support network under hostile conditions.
9. Friends of Israel, Friends of Palestine, Friends of the Tea Party, Friends of Catholicism are all possible with WL Friends.
10. WL Friends is designed to make infiltration costly. No person can be seen to be more important than any other or individually targeted.
11. WL Friends builds a strong support network instantly for any shared belief by connecting supporters in a way that maximizes communication.
12. As time goes by the WL Friends network for any shared belief is designed to mathematically grow stronger and stronger. 

-Source (WL Central, Wikileaks)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">WikiLeaks Launched Wlfriends.org - New Encrypted Social Network"https://www.voiceofgreyhat.com/2012/05/wikileaks-launched-wlfriendsorg-new.html</a>

Security Experts Are Saying: Project 25 Mobile Radios Are Vulnerable

Many users don’t know how to use encryption, and radios can be jammed with a child’s toy. A paper presented at this year’s APCO conference showed the vulnerability of some new and expensive encrypted digital mobile radios, particularly those used by federal law enforcement agencies. The researchers from the University of Pennsylvania found that it was very easy to monitor sensitive law enforcement operations, that users either didn’t turn on their encryption or thought their transmissions were encrypted when they weren’t, and that a $30 child’s toy could corrupt the radios’ signals enough to make them useless. They also found a way to make the radios transmit at will, so that direction-finding equipment could be used to determine their location.
The radios with the identified problems operate on a relatively new protocol called Project 25 (P25). P25 is an initiative of the Association of Public Safety Communications Officers (APCO) and both users and manufacturers of radio equipment. P25 radios use digital transmissions on channels spaced 12.5KHz apart in the UHF and VHF bands. One of the objectives of P25 is to expand the number of channels available for use in the crowded radio spectrum. Presently, federal law enforcement agencies are the biggest users of P25 equipment, but other public safety organizations are adopting the standard as they replace their “legacy” radios. Eventually, all users in the VHF and UHF bands will be required to go to P25 equipment, as their licenses to operate on the broader channels and with analog equipment won’t be renewed by the FCC.
Traffic over P25 equipment is transmitted in digital form, as bits of ones and zeros, rather than as an analog waveform as with older radios. The body of voice or data traffic is preceded and followed by several data frames of different lengths that identify the source, the type of information (voice or data) that follows, and when the traffic is encrypted, encryption keys that prevent the transmission from being heard by a radio which doesn’t have the matching codes. The authors of the paper found that the markings on the radios that turned the encryption on or off were so cryptic themselves that many of them thought they were transmitting encrypted, when they were actually sending “in the clear.” The knobs and indicators for encryption were poorly located, making it easy to turn encryption on and off while adjusting the volume or changing radio channels.

There are blocks of frequencies allocated for the exclusive use of federal law enforcement agencies. These are allocated by the National Telecommunications and Information Administration, and are not published, as are FCC-allocated channels. The allocation is made by both region and user agency, so that a channel used by the FBI in New York might be the one used by the U.S. Forest Service in Boise. Even though the assignments are confidential, the researchers were able to scan the federal bands in two large U.S. cities and monitor ongoing operations at length. The encryption problem became obvious, as users openly discussed names and descriptions of informants, appearance and vehicles of undercover agents and surveillance operators, and plans for raids and arrests. The researchers used a $1000 bench-type receiver, but indicated that the same task could be accomplished with gear from Radio Shack.
Techies are familiar with the acronym “RTFM,” or “Read the [Bleeping] Manual.” The manual for a P25 radio from one well-known manufacturer is 150 pages long. On top of that, most P25 radios are user-configurable, so that combinations of button presses and switch settings set the radio to work in specific ways the owner agency thinks is appropriate. The net effect is that — in addition to the 150-page manual — each agency has to publish their own user manual if they want their users to understand all the functions of the radio and how to use them. Of course, getting the users to read those manuals is another matter.

Digital communications has several advantages over analog, one being that if a portion of a transmission is not received or corrupted in sending, an error-correction protocol identifies it and sends a request for a re-send. The University of Pennsylvania researchers found they could manipulate this mechanism and send a string of renegade error messages to a radio, triggering a string of retransmit requests. There would be no retransmit, as the messages pointed to a nonexistent message stream, but the nearly continuous transmission could be used with a direction finder to pinpoint the location of the radio. Someone who was running countersurveillance on law enforcement users would be able to tell by this method when officers were active, and where they were.

A variation on the data packet manipulation worked to disable the radios entirely. The researchers purchased a toy text messaging device called an IM-Me http://uk.girltech.com/electronics-imMe.aspx , which sends and receives text messages between a computer and the toy, which looks like a text pager. By loading some custom firmware onto the device, it could be set to transmit corrupted data packets to P25 radios and confound their reception. The device had to transmit these packets for milliseconds at a time, making it very difficult to locate and identify.
The authors of this paper are all “good guys” who have no agenda for compromising public safety communications, but if they can produce the hardware and software necessary to manipulate P25 radios, you can bet someone with less honorable motives can, as well. These new P25 radios are expensive; one available from Midland costs $3295. Hopefully, that custom-configuration capacity can be used to modify the radio firmware and close some of these security gaps. In the meantime, if your agency is using or contemplating a purchase of P25 radios, you should revisit your security procedures and contact your vendor to determine how vulnerable your communications may be.

-News Source (Tim Dees & Police One)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Security Experts Are Saying: Project 25 Mobile Radios Are Vulnerable"https://www.voiceofgreyhat.com/2011/08/security-experts-are-saying-project-25.html</a>

Hacker Steals 3.6 Million South Carolina Social Security No & Also Exposed 387,000 Card Details

Hacker Steals 3.6 Million South Carolina Social Security Number & Also Exposed 387,000 Card Details

The year 2012 is going from bad to worse for the cyber space, as yet another big data breach happened which effected more than 4.7 million residents of South Carolina at risk of identity theft. Anyone who filed a South Carolina tax return in the past 14 years may have had their Social Security number stolen and has been urged by the state government to immediately enroll in consumer protection services. The U.S. Secret Service detected a security breach at the S.C. Department of Revenue on Oct. 10, but it took state officials 10 days to close the attacker’s access and another six days to inform the public that 3.6 million Social Security numbers had been compromised. The attack also exposed 387,000 credit and debit card numbers. The stolen data included other information people file with their tax returns such as names and addresses. Businesses’ taxpayer identification numbers also potentially have been comprised in the attack that is being described as one of the nation’s largest against a state agency. The hacker began accessing the Department of Revenue’s computer system in August, but wasn’t noticed by the Secret Service until October, giving him about two months to gather the data in what is one of the largest computer breaches in the US. Most of the data had not been encrypted, meaning the hacker would not need a key to a secret code to read the stolen data. Revenue director James Etter said none of the Social Security numbers were encrypted and about 16,000 credit card numbers were not encrypted.

“The number of records breached requires an unprecedented, large-scale response by the Department of Revenue, the State of South Carolina and all our citizens,” South Carolina Gov. Nikki Haley said during a news conference. “We are taking immediate steps to protect the taxpayers of South Carolina, including providing one year of credit monitoring and identity protection to those affected.” 

S.C. Inspector General Patrick Maley said nine agencies had been evaluated thus far, and some corrective action had been taken. There was no overarching security policy within state government, he said. No one at the Revenue Department or within the state’s information technology division has been disciplined over the latest attack.  

While this case of hacking was the largest in US history, it wasn’t the first. On March 30, 2012, officials in Utah discovered that one of their health department servers had been hacked. That time also a large number of Social Security numbers were stolen from the server – including those of children. Here we would like to give you reminder that in the last few months we have been a slew of attacks against the following sites: Adobe, Guild Wars 2, Gamigo, Blizzard, Yahoo, LinkedIn, eHarmony, Formspring, Android Forums, Gamigo,  Nvidia, Blizzard and  Philips. And after this breach Adobe also enlisted its name among those who was fallen victim to cyber criminals in this year. For all the latest on cyber security and hacking related stories; stay tuned with VOGH. 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Hacker Steals 3.6 Million South Carolina Social Security No & Also Exposed 387,000 Card Details"https://www.voiceofgreyhat.com/2012/10/hacker-steals-36-million-south-carolina.html</a>

SecretLayer: Advanced Steganography Software [Pro Version Download Now]

SecretLayer: Advanced Steganography Software [Pro Version Download Now]

Hackers, security professionals and also many other people who are involved in this cyber domain must be familiar with the term 'steganography'. I do believe that many of us have used this finest technique many times, may be some times for fun, or may be some nasty jobs. For those who are not so familiar with Steganography, then it is the art and science of writing hidden messages in such a way that no one, apart from the sender and intended recipient, suspects the existence of the message, a form of security through obscurity. In very simple word its one of finest art of deception. For your information, now a days Steganography has been widely used, or I should say misused by many terrorist organizations for transmitting their hidden messages. One of the most dangerous changeless with Steganography is, researcher can detect whether an image or text is containing hidden message, but so far they can't unveil the inside message. 

Today we will talk about an advanced tool which is designed to tweak the color of specific pixels. The tool is named 'SecretLayer' which lets you encrypt your data (so you're no worse off than before) and then hide that encrypted data in ordinary images, like the ones used every day on all websites and email attachments. 

The Pro version of Secret Layer supports encryption of your data: -

Encryption type: AES, Key length: 128, 196, 256 (bits)

Encryption type: Blowfish, Key length: 128, 196, 256, 384, 448 (bits)

Encryption type: Cast-128, Key length: 40, 64, 128 (bits)

Encryption type: Cast-256, Key length: 128, 160, 192, 224, 256 (bits)

Encryption type: DES, Key length: 64 (bits)

Encryption type: IDEA, Key length: 128 (bits)

Encryption type: RC5, Key length: 64, 128, 192, 256, 384, 448, 512, 1024, 1536, 2040 (bits)

Encryption type: Twofish, Key length: 128, 192, 256 (bits)

A container with the encrypted data is hidden inside of an ordinary-looking image. This is all done automatically and in the background: you don't have to do anything extra. To download SecretLayer click Here. Earlier I told you that Steganography is on the finest way of hiding your secrete message, besides it contains many threats, as it has been widely used by criminals for transmitting messages. So far those hidden contains can not be decrypted easily. So now its upto you, that how will you use such tools. Remember one lesson which we have already learnt from a Famous movie SpiderMan, that is 'With greater power there comes greater responsibility...'. So I urge you not to use such tools for negative purposes. 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">SecretLayer: Advanced Steganography Software [Pro Version Download Now]"https://www.voiceofgreyhat.com/2012/10/SecretLayer-Advanced-Steganography-Software.html</a>

Fedora 17 Beta Codenamed "Beefy Miracle" Released

Fedora 17 Beta Codenamed "Beefy Miracle" Released 

After Fedora 16 codenamed "Verne" now the developers at Fedora Project announced the availability the next version of Fedora and that is Fedora 17 "Beta" code-named "Beefy Miracle". In this release you will get Linux kernel 3.3.0 along with enhanced security, Virtualization, cloud an many more. As per schedule the final version of Fedora 17 will be available on on 22 May this year.

The following are major features for Fedora 17:-

• GNOME 3.4 and KDE 4.8

• OpenStack, Eucalyptus, CloudStack and Open Nebula

• ICC profiles for color printing and an improved gimp

• Still more virtualization improvements

File Systems:-

Large filesystems -Fedora 17 will support file systems larger than 16 terabytes on the default file system (ext4). With the latest version of e2fsprogs, ext4 file systems can now be up to 100 TB.
Encrypted filesystems -Fedora 17 uses version 1.4.1 of the cryptsetup package, which removes deprecated API calls. In addittion, it supports placing LUKS headers on separate devices and the creation of shared, non-overlapping encrypted segments on a single device.
btrfs -btrfs is not available as a target file system during installation. This is a temporary situation and will be resolved in Fedora 18. btrfs is still available after installation.  

For detailed information and to know about the features in Fedora 17 Click Here 

To Download Fedora 17 Codenamed "Beefy Miracle" Click Here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Fedora 17 Beta Codenamed "Beefy Miracle" Released"https://www.voiceofgreyhat.com/2012/04/fedora-17-beta-codenamed-beefy-miracle.html</a>

German National Cyber Security Centre is under Cyber Attacks

Just a few weeks after German authorities opened a national Cyber Defense Centre in Bonn, it was attacked by hackers and now officials are struggling to arrest all of those involved.
While security authorities reported they had arrested two members of the hacking group linked to the attacks, the group released a statement saying that only its leader was under arrest. A 23-year-old calling himself Darkhammer, leader of the so-called "n0n4m3 cr3w", was arrested on Sunday, the Office of Criminal Investigation in the state of Nordrhein-Westfalen reported.

The Federal Criminal Police office issued a press release saying that it had searched the apartment of a second suspect. Responding to that arrest and media reports regarding those taken into custody, the hacking group said: "Apparently none of the suspects is a member of the No Name Crew."
Members of the No Name Crew had claimed responsibility for infiltrating computers of the federal police and the customs service. They were able to steal information from servers running the spy program Patras, and put it on their website. Patras is used by customs authorities, the federal police and police in the German states for tracking serious criminals. After the attacks were uncovered several federal and state authorities temporarily shut down their servers.
The attacks first became known already on July 8, but attracted bigger attention just after German newspaper Bild am Sonntag cited a confidential report by the federal information security agency, BSI, saying that computers of the federal police had been infected by Trojans for months without detection.
The hacking group now offers an encrypted file for downloading on its website stating that it had collected emails and confidential data from the police and customs authorities. The group said it would release the password for the encrypted file should police arrest more of the group's members.

"The terrifying fact about these attacks is that the delinquents are quite young. If these 17 year old schoolboys are able to do that, what would happen if a much more experienced hacker would attack?" said Lars Sobiraj, editor-in-chief at the German magazine gulli who interviewed members of the group.
In the interview, members of the group said they regarded their hacking as a wake-up call for the German public to see that the state kept the population under permanent surveillance. The group announced on its website that it will initiate more attacks. "New targets have been chosen," it said.

The attacks came just four weeks after German Federal Secretary of the Interior Hans-Peter Friedrich opened the Cyber Defense Centre. The centre is run by the BSI, the federal office for the protection of the constitution and the disaster control agency. The authorities whose systems were attacked also contribute to the operation of the centre.
A spokesman of the BSI, said that the agency would not comment about the events due to the ongoing investigations.

The centre against cyberattacks has been criticised for not having the ability to fight electronic attacks. After its opening in June, Memet Kilic, a member of the Green party that is part of the opposition, said the centre did not have enough financial and human resources. According to the BSI, the centre has 10 full time employees.
In an interview with the news magazine "Der Spiegel" this week, Klaus Jansen, leader of the German union of police detectives, said that security authorities do not have enough experts working with them to effectively fighting cybercrime.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">German National Cyber Security Centre is under Cyber Attacks"https://www.voiceofgreyhat.com/2011/07/german-national-cyber-security-centre.html</a>

AnonBin - Anonymous Started A New & Secure Alternative of PasteBin

AnonBin - Anonymous Started A New & Secure Alternative of PasteBin 

Hacker collective Anonymous has started a brand new site which will allow users to post material without fear of being tracked down. Anonymous described the new site, dubbed AnonPaste or AnonBin, as a safer site than Pastebin.com, which has been widely used by hackers to post evidence of their exploits. Earlier this month Jeroen Vader, the owner of Pastebin says he planed the make Pastebin censored, and also they will help to crack down hackers who misused pastebin while exposing serious & confidential data. The entire hacker community did maximum criticism of this step, so to keep the anonymity hacker collective Anonymous has started AnonBin which is an opensource online pastebin based off of Zerobin software where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256 bits AES. In a joint statement issued Tuesday, Anonymous and a group calling itself the People’s Liberation Front said the new site will allow people to post any material with complete anonymity while keeping the user's identity safe. 

Press Release:- 

"Anonymous and the Peoples Liberation Front are proud to announce a totally secure and safe alternative to the now infamous PasteBin service. AnonPaste - www.AnonPaste.tk As many might be aware, PasteBin has been in the news lately for making some rather shady claims as to what they are willing to censor, and when they are willing to give up IP addresses to the authorities. And as a recent leak of private E-Mails show clearly, PasteBin is not only willing to give up IP addresses to governments - but apparently has already given many IPs to at least one private security firm. And these leaked E-Mail's also revealed a distinct animosity towards Anonymous. And so the PLF and Anonymous have teamed up to offer a paste service truly free of all such nonsense. 

Here is a brief list of some of the features of AnonPaste: 

1) No connection logs, period. 

2) All pastes are encrypted BY THE BROWSER using 256 bit AES encryption. This means there is no usable paste data stored on the server for the authorities or anyone else to seize. 

3) No moderation or censorship. Because the data on our servers is unreadable by us (or anyone), the responsibility for the legality or appropriateness of any paste is the sole responsibility of the person posting. So there will be no need for us to police this service, and in fact we don't even have the ability of deleting any particular paste. 

4) No advertisements. This service will be totally user supported through donations. Links for this are available on the web site. 

Paste services have become very popular, and many people want to post controversial material. This is especially so for those involved in Information Activism. We feel that it is essential that everyone, and especially those in the movement - have a safe and secure paste service that they can trust with their valuable and often politically sensitive material. As always, we believe in the radical notion that information should be free. SIGNED -- Anonymous and the Staff of the Peoples Liberation Front PLF - www.PeoplesLiberationFront.net ..."

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">AnonBin - Anonymous Started A New & Secure Alternative of PasteBin"https://www.voiceofgreyhat.com/2012/04/anonbin-anonymous-started-new-secure.html</a>

Twitter Makes Android Security Open Source

Twitter makes Android Security Open Source. Couple of months before Twitter bought Android security specialist Whisper System. Now this decision of Twitter will surely enhance the Android Security. With a view to opening the future growth of the branded "TextSecure" security software offering to the benefits of the community contribution model of software application development, Twitter is arguably playing a more mature hand in the global software market by making this move. To clarify, Twitter spent good money to acquire Whisper less than a calander month ago and might naturally have been expected to absorb the company's Intellectual Property into some deeper more granular level of its own product roadmap as a primary move. Instead, Twitter has opened up the biscuit tin and put it straight out on the dining table in time for coders to be able to feast and gorge for all they are worth.

According to Whisper Systems web site, "TextSecure is a drop-in replacement for the standard text messaging application, allowing you to send and receive text messages as normal. All text messages sent or received with TextSecure are stored in an encrypted database on your phone, and text messages are encrypted during transmission when communicating with someone else also using TextSecure."

Whisper has further posted a statement on its web site confirming that it has "always been interested" in the ability for individuals and organisations to communicate freely and securely.

"In the year and a half since Whisper Systems launched TextSecure, we've received an enormous amount of thanks, feedback, and encouraging stories from users who have employed TextSecure towards those ends. We hope that as an open source project, TextSecure will be able to reach even more people, with an even larger number of contributors working to make it a great product," said the company, in a statement.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Twitter Makes Android Security Open Source"https://www.voiceofgreyhat.com/2011/12/twitter-makes-android-security-open.html</a>

Hackers can hacked into your e-mail setup system if your wi-fi system is unprotected

"It is alarm time for all of us, an infectious virus has entered into the system through the Wi-Fi setup of gate no. 23 router 1.0.1.5", this was the call of the system manager of Nasa's chief security department on the day when one of Nasa's server was hacked from outside through the wi-fi system. Almost all of our homes, offices, military buildings, security departments use computers and internet, and modern days' technology enables us to use wireless setup of the network where the network can be accesses through Bluetooth type devices from anywhere within the server premises. But these wi-fi connectivity needs to be secured from inside as packets and information which are transferring through the gateway can be caught at unwanted ends anytime without our concern.
The internet and e-mail setup system use packets which carry information while leaving a machine. The data is stored in binary format which carries the actual information as well as the source and target destination addresses which are indicated by binary digits. If you think your PC as your home and the information leaving your PC as a member of the house, thus when the information is leaving for the destination indicates that your family member is on-road now. Hackers are spread out all over the world and hence will be waiting outside your home, or you can say PC, to get control over your family member, or you can say your personal information.
So in case we do not give any protection to our family member, in that case the family member can be kidnapped, or rather your personal information can be opened to an outsider. This requires a guard which will guard your family member from your home to your target house, means the data packet will be safely transferred from your PC to your target server. This protection is needed to set up with your e-mail setup system which will provide a protection to your data packets and your valuable information. What is followed today is that the data that is put into the packets are encrypted with a key which is known only on the sender and targeted machines. When a packet is transferred, the data inside is encrypted with that key and correct decryption is done only through that key when it reaches the proper target.
Hence if any of the packets get hacked from middle, it will not be of any use to the hacker as the hacker will not have the proper key with him or her. A wrong key will decrypt the file to wrong information, which will be useless for the purpose the file is hacked. But don't get relieved that it's done and you are protected, no, not at all. Because hackers are aware of such systems more than we do, and they are just brilliants in these fields. What they do is directly hack the wi-fi setup of your system, thus get into the control of the whole of your machine and take up required information. So we will have to protect our wi-fi system as well to protect our homes from unwanted hazards. These will be discussed in the next edition of the article.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Hackers can hacked into your e-mail setup system if your wi-fi system is unprotected"https://www.voiceofgreyhat.com/2011/04/hackers-can-hacked-into-your-e-mail.html</a>

New enterprise security solutions for Sophos

IT security and data protection company Sophos has announced several new products on its enterprise security line-up, including a new light-weight mobile security platform designed for use on a wide range of mobile communication devices. Sophos Mobile Control provides protection on devices including Apple iPhones, iPads and Google Android and Windows Mobile devices. The system is designed to allow IT administrators to secure, monitor, and control configurations for smartphones running Apple iOS, Google Android and Windows Mobile operating systems. Sophos Mobile Control features a web-based console which allows IT administrators to centrally configure security settings, enable lockdown of unwanted features; and remote over-the-air lock or wipe if a device is lost or stolen. The web-based console is also designed to allow a constant monitoring of mobile devices to ensure consistent security policy enforcement, strong password policies and lock periods and ensure the control and installation of applications. The console also allows users to block the use of cameras, browsers, and sites such as YouTube. The service allows users to register new devices, lock or wipe devices on a self-service portal. It also controls access to corporate email via a secure gate allowing only properly secured and registered devices to access email. "Today, iPads, smartphones, and laptops are everywhere and connected to the web at all times. Mobile technology has allowed today's workforce to be far more productive but it has also opened up a new can of worms for IT teams as they must ensure that the data on those devices - especially the non-company-issues ones - are encrypted at all times no matter where the end user is. Sophos Mobile Control quickly and efficiently protects data on all iOS and Android mobile devices, giving those IT departments' peace of mind that their end users' devices are fully protected," said Matthias Pankert, head of Data Protection Product Management, Sophos. The second enterprise security product now available from Sophos is Sophos SafeGuard Enterprise 5.60, which provides encryption and data loss prevention (DLP) for desktops, laptops and removable media. SafeGuard is now designed to comprehensively manage all encryption options that fully support hardware drives, including Opal, software-based encryption, and hardware encrypted USB. It is also designed to manage enhancements to the latest versions of Sophos Endpoint Security and Data Protection. The new SafeGuard system is designed to provide up to 30 percent higher read/write throughput on solid state drives compared to the previous version. The software also reduces performance overhead with multiple central processing unit (CPU) processors running in parallel to minimise performance overhead of encryption and decryption, according to Sophos. It also includes active directory synchronisation; automatic event log; deletion; and enables scheduling of custom scripts for reoccurring tasks. "The explosion of smartphones and tablets, and especially the applications for these mobile devices, has pushed the presence of our corporate data even further out of the corporate data center.  The ability to protect our clients by maintaining security controls around this data is critical for businesses, especially financial services companies," said Pat Patterson, Information Security architect from Raymond James. The third software announcement from Sophos is the Sophos Endpoint Security and Data Protection 9.7 (Sophos ESDP), which id designed to deliver advanced labs intelligence via a single agent that enhances protection against zero-day and web-based threats along with real-time feedback to security and application policy settings via the cloud using Sophos Live Protection technologies. According to Sophos, the latest upgrade to Sophos ESDP (9.7) also includes encryption, data loss prevention, network access control, device control, application control, management, and reporting. The software is also designed to provide location-aware intelligent updating for mobile workers and extended tamper protection to help stop users from turning off key Sophos protection features, including anti-virus protection, updates, and client firewall. Sophes EDSP will also minimise computer CPU and disk I/O usage during while optimising  performance when users are active or away, according to the company. "IT organisations are facing unprecedented challenges securing their users, corporate data and infrastructure on consumer, mobile and cloud devices and platforms they do not own or control. It is incumbent upon security vendors to adapt and provide solutions that provide a full arsenal of protection against security threats and data loss, yet flexible and lightweight to protect users on any device, in any location," said Arabella Hallawell, vice president of Corporate Strategy, Sophos.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">New enterprise security solutions for Sophos"https://www.voiceofgreyhat.com/2011/05/new-enterprise-security-solutions-for.html</a>

BBB urges caution on wi-fi networks

Protecting your identity is important, and many consumers don’t realize the dangers that come with using a Wi-Fi connection that is not their own.

According to a recent poll conducted by Wakefield Research and Wi-Fi Alliance, 32 percent of respondents said they have tried to get on a Wi-Fi network that was not their own, a startling 18 percent more than a December 2008 poll.

The Better Business Bureau of Minnesota and North Dakota (BBB), along with the Federal Trade Commission (FTC), urges consumers to think ahead before surfing the Web on a Wi-Fi hotspot.

Wi-Fi hotpots like coffee shops, libraries, airports, hotels and universities are all breeding grounds for hackers. According to the FTC, new hacking tools — which are available for free online — make hacking easy, even for users with limited technical know-how.

In order to confirm that an Internet connection is secure, the BBB advises consumers to follow the FTC’s top Wi-Fi tips:

• Make sure the connection is protected by a unique password. If a Wi-Fi hotspot doesn’t ask for a password, the Internet connection is not secure.

• Transmitted information should be encrypted. When sending personal information like addresses, credit card numbers and Social Security numbers over the Internet, make sure the website is fully encrypted and the network is secure. Look for https (the “s” stands for secure) at the beginning of the URL address to confirm its security.

• Don’t stay permanently logged in to wireless hotspots. Never leave your Internet connection running while your computer is unattended and make sure to log off after every use.

• Change your passwords frequently. When creating new accounts, make sure you use different passwords. Do not use the same password for different sites. If one password is hacked, the chances of other accounts being hacked becomes greater with repeated passwords.

For more advice on security scams, visit www.bbb.org or to learn more about protecting your privacy online and what to do if your information is compromised, visit www.OnGuardOnline.gov and http://www.ftc.gov/opa/2011/02/wireless.shtm.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">BBB urges caution on wi-fi networks"https://www.voiceofgreyhat.com/2011/04/bbb-urges-caution-on-wi-fi-networks.html</a>

Vanish Crypt – Virtual Encryption Tool By Security Labs

Vanish Crypt, A Virtual Encryption tool designed By Security Labs. It's a Freeware Utility to Secure Your Data.
Features:-

• VanishCrypt is app with which you can create a virtual disk contains your secret files.
• Data is protected with a Encrypted Password.
• The files are completely unaccessible without the correct password!
• Stored files are encrypted with strong CryptoAPI.

Additional Features:-

• It have "Advanced Mode" with you can create a real virtual drive accessible in Explorer that contains your files stored in the vdisk image.
• It uses Win32 API for I/O operations for a great speed improvements

Supported Operating Systems:-
VanishCrypt supports Win9x, WinNT, Win2000, WinXP, WinVista and Win7 and Linux under wine.
For more information and to see the official documentation click Here
Video Presentation:-

To download VanishCrypt Click Here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Vanish Crypt – Virtual Encryption Tool By Security Labs"https://www.voiceofgreyhat.com/2011/11/vanish-crypt-virtual-encryption-tool-by.html</a>

'Scribd' World's Largest Document Sharing Website Admits Security Breach

'Scribd' World's Largest Document Sharing Website Admits Security Breach 

Scribd- San Francisco-based document sharing site have fallen victim of cyber attack. Such kind of massacre is no doubt very much shameful for one of the world largest document sharing website which have more than 100 million of registered user. Like other largest companies, Scribd acknowledged the attack. In their official security announcement the company said that the operations team of Scribd have discovered and blocked suspicious activity on Scribd's network that appears to have been a deliberate attempt to access the email addresses and passwords of registered Scribd users. But the matter of relief is that only the 1% of its registered users have been affected during the hack. Immediately after this intrusion get spotted Scribd security team have emailed every user whose password was potentially compromised with details of the situation and instructions for resetting their password.  So, if you are a Scribd user and you did not receive such email from Scribd, then you are most likely unaffected.  If you still wish to check, you can use this web tool to determine if your account was among those affected. From the official announcement of Scribd, we came to know that the inertial investigation have already take place, which indicates that no content, payment and sales-related data, or other information were accessed or compromised. It has been  believed that the information accessed by the hackers was limited to general user information, which includes usernames, emails, and encrypted passwords.  Even though this information was accessed, the passwords stored by Scribd are encrypted (in technical terms, they are salted and hashed). Most of the users were therefore unaffected by this; however, the analysis shows that a small percentage may have had their passwords compromised. In an abundance of caution, it has been highly recommended for those affected users to reset their password and to change their password on any other services they might have used it on. 

At conclusion of the note, Scribd team did serious apology to its users while saying -"we would like to sincerely apologize for our failure to live up to our users' expectations in this instance. We’re incredibly disappointed that this happened and are committed to doing everything we can to prevent this from happening again. We will work harder than ever to ensure that we deserve the trust that our users place in us." 

While talking about big cyber attacks against large companies we would like to remind you in the last year we have been a slew of attacks against the following sites: Guild Wars 2, Gamigo, Blizzard, Yahoo, LinkedIn, eHarmony, Formspring, Android Forums, Gamigo,  Nvidia,Blizzard, Philips, Zynga, VMWare, Adobe,  Twitter  New York Times, Apple and so on. 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">'Scribd' World's Largest Document Sharing Website Admits Security Breach"https://www.voiceofgreyhat.com/2013/04/Scribd-Admits-Security-Breach.html</a>

Wi-Fi Security Challenge 3 By Security Tube, Prize: $50 !

This challenge has 2 parts:
3a. Never Judge a Packet by its Type:
In this challenge the trace file contains a Shared Key Challenge Text and Encrypted Response. You will need to crack the WEP key with just this.

3b. Never Send a N00b to a do a Hacker's Job:
In this challenge, you send your N00b apprentice to collect a Wireshark trace. He mistakenly limits the size of the packets and all your get is a truncated encrypted data packet! :( Can you crack the WEP key with just this? Take a shot!

All tools / programming platforms required are present on BT4. We don't expect you to scour the web for this :)

Prizes: The first person to finish the challenges and send us an email will win $50 worth of goodies from Amazon. Your choice! choose what you want! 

You can download the trace files and updates from the Challenge Page: http://www.securitytube.net/video/1884

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Wi-Fi Security Challenge 3 By Security Tube, Prize: $50 !"https://www.voiceofgreyhat.com/2011/05/wi-fi-security-challenge-3-by-security.html</a>

Oracle Database Firewall Adds Support For MySQL Enterprise Edition

Oracle has released a version of Oracle Database Firewall that adds support for MySQL Enterprise Edition.

Oracle Database Firewall (ODF) is essentially a utility that monitors database activity on the network looking for unauthorized access, SQL injections, and privilege or role escalation.

The software analyses the grammar of SQL statements to check for and prevent SQL injection attacks. It can also be used to show security compliance without the need to change any existing databases or applications that access the data, and means companies can show they’re conforming to requirements such as Sarbanes-Oxley (SOX), Payment Card Industry (PCI), and Health Insurance Portability and Accountability Act (HIPAA).

The firewall comes with a set of reports that can show what’s been happening in terms of access to the database.

The addition of support for MySQL Enterprise Edition is hardly a surprise given the fact that MySQL is now part of Oracle. Other supported databases include Oracle Database 11g, IBM DB2, Microsoft SQL Server, Sybase Adaptive Server Enterprise, and Sybase SQL Anywhere. Other improvements to the new version include ten new reports for regulatory compliance, alongside the ability to modify the layout of existing reports. It is also integrated with Oracle Advanced Security, so even encrypted traffic can be monitored while being sent to Oracle Databases.

-News Source (I-Programmer)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Oracle Database Firewall Adds Support For MySQL Enterprise Edition"https://www.voiceofgreyhat.com/2012/01/oracle-database-firewall-adds-support.html</a>