Teen Hacker "Cosmo the God" of Underground Nazi Sentenced 6 Yrs Internet Ban By California Court

Teen Hacker "Cosmo the God" of Underground Nazi Sentenced 6 Yrs Internet Ban By California Court

A teenager hacker from an infamous hacker collective group named Underground Nazi faced Internet ban. On Wednesday the 15 years old hacker known as "Cosmo" or "Cosmo the God" was sentenced in juvenile court in Long Beach, California. According to sources, Cosmo pleaded guilty to multiple felonies in exchange for a probation, encompassing all the charges brought against him, which included charges based on credit card fraud, identity theft, bomb threats, and online impersonation. 

This newly formed hacker group Underground Nazi had taken the spot light in January this year, when they hacked UFC.com (Ultimate Fighting Championship). Later they involved them selves in mass protest against controversial privacy act SOPA & PIPA. The protest was dubbed Operation Megaupload (#OpMegaupload), where hacktivist Anonymous  along with hackers around the globe stand together against the take down of Megaupload.com. In the middle of 2012 Cosmo was also responsible for Twitter outage, where Cosmo along with few other UG Nazi members performed massive denial of service attack to interrupt the service of Twitter. Also it has been found that, Cosmo pioneered social-engineering techniques that allowed him to gain access to user accounts at Amazon, PayPal, and a slew of other companies. He was arrested in June during a part of a multi-state FBI sting. 

Representatives from both the Long Beach district attorney and public defenders offices refused to comment on the case, given Cosmo’s status as a juvenile. However, according to Cosmo, the terms of the plea place him on probation until his 21st birthday. During that time, he cannot use the internet without prior consent from his parole officer. Nor will he be allowed to use the Internet in an unsupervised manner, or for any purposes other than education-related ones. He is required to hand over all of his account logins and passwords. He must disclose in writing any devices that he has access to that have the capability to connect to a network. He is prohibited from having contact with any members or associates of UG Nazi or Anonymous, along with a specified list of other individuals. He had to forfeit all the computers and other items seized in the raid on his home. Also, according to Cosmo, violating any of these terms will result in a three-year prison term. The probationary period lasting until age 21 is standard, but other terms were more surprising.

-Source (Wired) 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Teen Hacker "Cosmo the God" of Underground Nazi Sentenced 6 Yrs Internet Ban By California Court"https://www.voiceofgreyhat.com/2012/11/Cosmo-of-UGNazi-Sentenced-By-California-Court.html</a>

Search Guru Bill Stasior CEO of Amazon’s A9 Unit, Hired By Apple To Oversee Siri

Search Guru Bill Stasior CEO of Amazon’s A9 Unit, Hired By Apple To Oversee Siri

To be the very best, you need to deliver your hundred percent even some times more than hundred percent, and this race continues. As a result Apple has hired 'search guru' Bill Stasior, CEO of Amazon.com’s A9 search and advertising search unit, to oversee Apple's Siri voice-activated personal assistant. Stasior, who joined Amazon in 2003 as director of search and navigation, founded A9.com in May 2004 and then became CEO of the wholly owned subsidiary in February 2006, according to his LinkedIn profile. Stasior, who holds undergraduate and graduate degrees from the Massachusetts Institute of Technology, describes A9.com as a “company with a mission to create groundbreaking technologies in search, advertising, and mobile that power customer centric, Internet businesses.” Apple confirmed his hire but didn't provide any comment. Stasior has an impressive pedigree (you can read his resume and see a really geeky binary image he posted of himself here). The MIT PhD has taught there, too, and has done stints at Oracle, Netcentives and AltaVista. 

 Siri, Apple's famous voice-activated personal assistant program, was acquired in April 2010 to launch a big stake in voice-activated search. Since Apple kicked Google Maps to the curb in iOS 6, the only remaining tie with Google is search. Will Apple eventually do its own search network? Who knows. Stasior’s background in search will certainly be of value if the time ever comes. While Siri has had a high profile in the iPhone range, Apple has lost some of the talent who created it. Adam Cheyer, who co-founded the voice recognition software, recently left the company. CEO Dag Kittlaus departed in October 2011. 

Here we want to remind you that last month Twitter hired famous whitehat hacker Charlie Miller, to boost up its security. Here its Apple who hired Stasior presumably, strengthening Apple’s search and search advertising technology in the wake of its increasing competition with Google. While talking about the news of hiring geniuses then the name of Nicholas Allegra, the world-famous hacker known as "Comex", creater of JailbreakMe.com comes. He was also hired by Apple in 2011. 

-Source (AllThingsD) 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Search Guru Bill Stasior CEO of Amazon’s A9 Unit, Hired By Apple To Oversee Siri"https://www.voiceofgreyhat.com/2012/10/Search-Guru-Bill-Stasior-Hired-By-Apple.html</a>

Security Flaws Allowing Hackers to Brute Force Twitter Passwords

Security Flaws Allowing Hackers to Brute Force Twitter Passwords 

A security flaw has been discovered in popular micro blogging site 'Twitter' which is allowing an malicious attack to brute force user's passwords.  On Saturday, multimedia producer and Twitter user Daniel Dennis Jones (@blanket) received a notification that his Twitter password had been reset. This alone would have been cause for concern; at the very least, it would mean that someone had tried and failed to access his account. He quickly found out that the problem was much worse than he expected. He was eventually able to log back into the account, but found that his username had been changed to @FuckMyAssHoleLO , and that @blanket was now operated by someone else. His account, in other words, had clearly been hacked. After seeing the above scenario it is very clear that - Twitter's password reset process allows hackers to attempt a more wide-ranging brute force approach to breaking into accounts than other services with more restrictive systems. Both Apple and Amazon quickly closed the loopholes that led to Honan's hack, but Twitter accounts (the ultimate prize Honan's hackers were after) remain surprisingly vulnerable to unsophisticated hacking efforts. That vulnerability was on display this past weekend as a desirable group of "OG" Twitter handles the short, memorable, one-word names that got snapped up when the service launched were brute-force hacked by a group of kids looking to make a little cash and impress their friends.

Daniel Jones is not the only victim of this recently discovered vulnerability, many other people around the globe also fallen victim of this security hole. After a day of research, Jones "got to the bottom of a little ring of kids who crack passwords to gain access to handles" - he found a number of other short, memorable handles like @hah, @captain, and @craves had also been hacked. Judging from the conversations he saw over Twitter, these hackers were not sophisticated social engineers, but just a group of teenagers trying to sell the names they had collected. Eventually, Jones had a long Skype conversation with a 14-year-old hacker who goes by Mason he wasn't the one who stole @blanket from Jones, but he was part of the young crew grabbing and selling these desirable names.

Of course, Twitter's security regimen is probably not all that different from that of many other sites. According to Jeremiah Grossman, CTO and co-founder of Whitehat Security, the attack that victimized Jones was "very, very common....Perhaps Twitter could have a bit stronger and more comprehensive approach to dealing with brute force attacks, but they can really only take it so far before annoying their users." 

We personally think that, after this case twitter should implement two step authentication, like Google to prevent its user getting compromised. 

-Source (Buzz Feed & CNET)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Security Flaws Allowing Hackers to Brute Force Twitter Passwords"https://www.voiceofgreyhat.com/2012/10/Security-Flaws-Allowing-Hackers-to-BruteForce-Twitter-Passwords.html</a>

A Tribute to The 10 Most Infamous Student Hackers of All Time

A Tribute to The 10 Most Infamous Student Hackers of All Time

Since last two years, we the VOGH team has been covering all the latest cyber security updates. But today lets do some thing different. One of our frequent reader and fan Katina Solomon has requested us to share a fantastic article. Everyday VOGH draws headlines of hackers around the world and their activities. While trying to maintain speed with time, we usually forgot our past. Today we will take you into the past, where we will discuss about those heroes, who are always been ill treated by the society & the system while revamping those heroes into cyber-criminals or infamous hackers. Its our question to our humanity "Did the system has done justice with them??" 

Hacking has always been inherently a young person’s game. The first usage of the word “hacker” was to describe pranksters meddling with the phones at MIT. Many hackers have cited boredom, a desire for change, or the thrill of going somewhere one is not supposed to go as their motivation for hacking, all of which could apply to scores of common activities on college campuses. While today’s hacking scene is dominated by large hacking groups like Anonymous and Masters of Deception, many of the greatest hacks ever have been pulled off by college, high school, and even middle school kids who rose to infamy armed only with a computer and the willingness to cross the bounds of legality.

1. Sven Jaschan: In the words of one tech expert, “His name will always be associated with some of the biggest viruses in the history of the Internet.” The viruses: the Sasser and NetSky worms that infected millions of computers and have caused millions of dollars of damage since their release in 2004. The man behind the viruses proved to be not even a man at all, legally. Seventeen-year-old hacker Sven Jaschan, a student at a computer science school in Germany, claimed to have created the viruses to become a hero by developing a program that would eradicate the rampaging Mydoom and Bagle bugs. Instead he found himself the subject of a $250,000 bounty courtesy of Microsoft, for which some of his classmates turned him in.
   
2. Jonathan James: In 2000, at the age of 16, James, or “C0mrade” as he was known in the hacker community, infamously became the first juvenile federally sentenced for hacking. The targets of his notorious hack jobs were a wing of the U.S. Department of Defense called the Defense Threat Reduction Agency, NASA, and the Marshall Space Flight Center in Huntsville, Ala. (By hacking the latter James gained the ability to control the A/C in the International Space Station.) All of these were pulled off “for fun” while James was still a student at Palmetto Senior High in Miami. Unfortunately, the fun ran out when James was tied into a massive identity theft investigation. Though insisting he was innocent, James took his own life, saying he had “no faith in the justice system.”
   
3. Michael Calce: Yahoo. CNN. Ebay. Amazon. Dell.com. One by one in a matter of days, these huge websites crashed at the hands of 15-year-old Canadian high school student Michael Calce, aka “MafiaBoy.” Armed with a denial-of-service program he called “Rivolta” that overloaded servers he targeted, the young hacker wreaked $7.5 million in damages, according to court filings. Calce was caught when he fell victim to a common ailment of teenage boys: bragging. The cops were turned on to him when he began boasting in chat rooms about being responsible for the attacks. On Sept. 12, 2001, MafiaBoy was sentenced to a group facility for eight months on 56 counts of cybercrime.
   
4. Kevin Mitnick: Before performing hacks that prompted the U.S. Department of Justice to declare him “the most wanted computer criminal in United States history,” Kevin Mitnick had already made a name for himself as a hacker in his school days, first at Monroe High School in LA and later at USC. On a dare, Mitnick connived an opening into the computer system of Digital Equipment Corporation, which some fellow hackers then used to steal proprietary source code from the company before ratting on him. While still on probation for that crime, Mitnick broke into the premises of Pacific Bell and had to go on the run from police in the aftermath, during which time he hacked dozens of systems, including those of IBM, Nokia, Motorola, and Fujitsu.
   
5. Tim Berners-Lee: “Scandalous” is a synonym for “infamous,” and for this legendary computer scientist, knight of the British Empire, and inventor of the World Wide Web to have been a hacker in his school days is certainly a juicy factoid. During his time at Oxford in the mid-’70s, Sir Tim was banned from using university computers after he and a friend were caught hacking their way into restricted digital areas. Luckily by that time he already knew how to make his own computer out of a soldering iron, an old TV, and some spare parts. And also luckily for him, he will always be revered as the father of the Internet.
   
6. Neal Patrick and the 414s: In the early ’80s, hacking was still a relatively foreign concept to most Americans. Few recognized the enormous power hackers could hijack with a few strokes on a keyboard, which explains why a young group of hackers known as the 414s (after a Milwaukee area code) were virtual celebrities after they hacked into the famous Los Alamos National Laboratory, the Memorial Sloan-Kettering Cancer Center, and elsewhere. While today hacking a lab where classified nuclear research is conducted could earn you a one-way ticket to Guantanamo, the 17-year-old ringleader and high school student Neal Patrick was on the cover of Newsweek. The group members got light sentences but prompted Congress to take a stronger role in cybercrime.
   
7. Robert T. Morris: The first ever Internet worm, the Morris Worm derived its name from Cornell grad student Robert Tappan Morris. In 1988, Morris released the worm through MIT’s system to cover his tracks, which would seem to contradict his claims that he meant no harm with it. But that’s exactly what resulted: the worm spread out of control, infecting more than 6,000 computers connected to the ARPANET, the academic forerunner to the World Wide Web. The damages reached as high as an estimated $10 million, and Morris earned the ignominious distinction of being the first person prosecuted under the Computer Fraud and Abuse Act. Morris got community service but was apparently not considered too infamous to be offered his current job as a professor at MIT.
   
8. George Hotz: To some, George Hotz (aka “geohot,” aka “million75,” aka “mil”) is a public menace, a threat to electronic businesses everywhere. To many, Hotz is a hero. The high-schooler shot to fame/infamy in 2007 at the tender age of 17 by giving the world its first hacked, or “jailbroken” iPhone. He traded it for a new sports car and three new iPhones, and the video of the hacking received millions of hits. Apple has had to grudgingly come to terms with jailbreaking, seeing as the courts have declared it legal, but Sony Corp. is definitely not OK with such tampering. When Hotz hacked his PlayStation 3 and published the how-to on the web, the company launched a vicious lawsuit against him. In turn, the hacker group Anonymous launched an attack on Sony, stealing millions of users’ personal info.
   
9. Donncha O’Cearbhaill: According to the FBI, this 19-year-old freshman at Trinity College Dublin is one of the top five most wanted hackers in the world. Well, he was; now that he’s been arrested he’s not really “wanted” anymore. The Feds contend the young man is a VIP member of the Anonymous and LulzSec hacking groups that have already been mentioned and whose targets have included the FBI, the U.S. Senate, and Sony (in the Hotz backlash). It seems “Palladium” (O’Cearbhaill) took the liberty of listening in on a conference call between the FBI and several international police forces who were discussing their investigations of the hacking groups. He could be sentenced to up to 15 years in prison if convicted for that hack alone.
   
10. Nicholas Allegra: Just as George Hotz moved on from the Apple hacking game, Brown University student Nicholas Allegra is also hanging up his jersey. “Comex,” as he is known to millions of rooted iPhone fans, created the simple-to-use Apple iOS jailbreaking program JailbreakMe in 2007 and has since released two newer versions of it. However, Comex seems to have gone over to the dark side, accepting an internship with the very company whose products he became famous exploiting. Still, Allegra’s hacking skills are so advanced (one author puts him five years ahead of the authors of the infamous Stuxnet worm that corrupted Iran’s nuclear facilities) and so many people availed themselves of his talents, he will forever live in hacking infamy.
    

We want to dedicate the above post to the legendary hacker, who left us -Jonathan James aka “C0mrade”. Also the post is a tribute to all the so called 'infamous hackers'. You are our heroes and inspiration, you will always be there in our soul. Team VOGH salutes you...... 

-Thank you Katina & Online Degrees

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">A Tribute to The 10 Most Infamous Student Hackers of All Time"https://www.voiceofgreyhat.com/2012/09/10-Most-Infamous-Student-Hackers-of-All-Time.html</a>

Russian Hacker 'Dmitry Zubakha' Arrested For DDoS Attacks on Amazon, eBay & Priceline

Russian Hacker 'Dmitry Zubakha' Arrested For DDoS Attacks on Amazon, eBay & Priceline

A twenty five years old hacker from Russia get arrested for allegedly perforimg two massive DDoS (Denial-of-Service) attacks on one of the most popular online shopping site Amazon.com and eBay in 2008. Dmitry Olegovich Zubakha also known as "Cyber bandit" in most of the hacker's underground community was indicted in 2011, but he was just arrested in Cyprus on Wednesday. The arrest of Zubakha took place under an international warrant and  currently he is in custody pending extradition to the United States. According to the indictment unsealed on Thursday said- Zubakha, with the help of another Russian hacker planned and executed DDoS attacks against Amazon.com, eBay, and Priceline in the middle of 2008. Zubakha and his co-conspirator launched the attack with the help of a DDoS botnet to generate a large number of traffic which interrupts the normal service of those online shopping sites. According to a press release by the U.S. Department of Justice (DOJ), the attacks made it "difficult for Amazon customers to complete their business on line."

He has been charged by law enforcement for stealing more than 28,000 credit cards in 2009 for that reason, Zubakha and his partner are also charged with aggravated identity theft for illegally using the credit card of at least one person. At present the charges in the indictment conspiracy, intentionally causing damage toa protected computer resulting in a loss of more than $5000, possession of more than 15 unauthorized access devices (credit card numbers), and aggravated identity theft are just allegations. Zubakha faces up to five years in prison for conspiracy, up to teh years in prison and a $250,000 fine for intentionally causing damage to a protected computer, up to ten years in prison and a $250,000 fine for possessing unauthorized access devices, and an additional two years in prison for aggravated identity theft. 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Russian Hacker 'Dmitry Zubakha' Arrested For DDoS Attacks on Amazon, eBay & Priceline"https://www.voiceofgreyhat.com/2012/07/RussianHackerDmitryZubakhaArrestedForDDoSAttack.html</a>

Security Hole in Amazon's Kindle Touch Allowing Attacker to Execute Arbitrary Shell Commands As root

Security Hole in Amazon's Kindle Touch Allowing Attacker to Execute Arbitrary Shell Commands as root

Yet again another major security hole found in Amazon's Kindle Touch which could lead a attacker to run malicious codes and even can get root privilege. This hole has been found into the built in browser of Kindle Touch. The vulnerability is something follows - when a user navigates to a specially crafted web page, the Kindle will execute arbitrary shell commands as root. This allows attackers to access the eBook reader's underlying Linux system at the highest privilege level and potentially steal the access credentials for the Amazon account linked to the Kindle, or purchase books with the Kindle user's account.

Though Amazon have a solid excuse while saying  the Kindle browser has been considered to be in "beta" for more than a year, this status doesn't reduce the risk for inquisitive users as the software is installed on each device by default.  

We would like to give you reminder that, this security issue was publicly documented about three months ago but hasn't attracted much attention – except in the jailbreak community. The issue doesn't appear to affect any other Kindle models. Amazon's security department told heise Security that they are working on a patch. 

-Source (The-H)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Security Hole in Amazon's Kindle Touch Allowing Attacker to Execute Arbitrary Shell Commands As root"https://www.voiceofgreyhat.com/2012/07/security-hole-in-amazons-kindle-touch.html</a>

Serv-U FTP Server Added In RHEL Catalog As A Secure File Transfer Application

Serv-U FTP Server Added In RHEL Catalog As A Secure File Transfer Application & Will Also Support  Ubuntu, OpenSUSE, Mint

Red Hat enhancing more security in RHEL. After RhinoSoft joined the Red Hat partner program as an independent software vendor soon Serv-U FTP Server was added to the official Red Hat Linux product catalog as a secure file transfer application. Not only Red Hat Enterprise Linux (RHEL), Serv-U will also supports Fedora, Ubuntu, OpenSUSE, Mint, CentOS and the Amazon Linux AMI for its EC2 cloud computing deployment.

"When we ported Serv-U to Linux last year it gave Linux administrators new capabilities like web-based administration, mobile transfers and integration with third-party portals," said RhinoSoft President Mark Peterson. "This year we reaffirmed our commitment to the Linux community by aligning with its largest platform provider."

"Our solutions make secure file transfer affordable to businesses, especially those facing budget challenges," said RhinoSoft VP of Product Management Jonathan Lampe. "Supporting Serv-U on a wide variety of platforms helps our customers save money through reduced training and overhead costs."

Brief About RhinoSoft:-

RhinoSoft is the global leader in affordable file transfer, with more than 90,000 business customers, including nine of the Fortune 10, in 90 different countries. Its award-winning and U.S. Department of Defense-certified Serv-U FTP Server and FTP Voyager client products support FTP, SFTP, FTPS and web-based HTTP/S transfers over FIPS 140-2 validated channels while continuing to incorporate emerging technologies such as mobile computing, IPv6, native 64-bit computing and UTF-8/Unicode internationalization.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Serv-U FTP Server Added In RHEL Catalog As A Secure File Transfer Application"https://www.voiceofgreyhat.com/2012/02/serv-u-ftp-server-added-in-rhel-catalog.html</a>

Zappos.com Server Compromised, 24 Million Customer Details Stolen

US-based online shoe and apparel shop Zappos has beacme another victim of cyber criminals. The Zappos authority has confirmed this recent breach. Immediately Zappos told their 24 million users to reset their passwords. The security breach by an unknown party or parties through one of the company's servers in Kentucky is said to have exposed the private data of the Amazon.com subsidiary's more than 24 million customers.
In an email sent to customers, Zappos CEO Tony Hsieh said that information that may have been accessed in the breach included customer names, email addresses, billing and shipping addresses, telephone numbers and the last four digits of credit cards used, as well as "cryptographically scrambled" versions of site passwords. The database that contains customer's full credit card details and other payment data "was not affected or accessed", added Hsieh. As a security precaution, Zappos.com has reset and expired customer passwords; customers who use the same or a similar password on other sites are advised to change those as well.
"We've spent over 12 years building our reputation, brand, and trust with our customers. It's painful to see us take so many steps back due to a single incident," Hsieh's e-mail said The company says that it is cooperating with law enforcement and that an investigation is currently taking place. Customers of 6pm.com, which is owned by Zappos, are also affected.

In 2011 we have seen  several cases. Sony, PSN, City Bank, CSDN, Square Enix, Maple story and many more became the victim of cyber attack.

-Source (The-H)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Zappos.com Server Compromised, 24 Million Customer Details Stolen"https://www.voiceofgreyhat.com/2012/01/zapposcom-server-compromised-24-million.html</a>

Amazon Kindle Touch (Kindle OS 5) Has been JailBroken

Recently release Kindle Touch has been JailBroken. Yifan Lu, freelance developer found vulnerability Kindle OS 5 and he has exploited Kindle Touch of Amazon. Although it might look completely innocuous due to the e-ink display, the Kindle Touch is a relatively complex device. At the core of the device is an operating system built around HTML5 and Javascript. Unfortunately, the engineers at Amazon left some gaping holes in the system, allowing for a straight-forward XSS (cross site scripting) attack vector to be used. By embedding HTML and JS calls into an MP3, Yifan Lu was able to hook into undocumented debug functions in order to execute code at root level. Not only did Amazon leave a function that allowed any process to be spawned as root, they also didn’t bother to sanitize inputs when reading the ID3 tag for display. With root access, a simple SSH package was created and pushed, providing unfettered access to the device.

Yifan Fu is encouraging other developers to start writing plugins for the device. Open formats such as ePub or Mobi can be supported as well. While apps and games are a possibility, the e-ink display will really limit the possibilities due to the slower refresh rate, lack of color as well as lack of multitouch.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Amazon Kindle Touch (Kindle OS 5) Has been JailBroken"https://www.voiceofgreyhat.com/2011/12/amazon-kindle-touch-kindle-os-5-has.html</a>

Facebook & HTC Developing Facebook Phone Codenamed "Buffy"

Facebook is working with HTC to develop a phone that has a much deeper integration with the social network than any previous "Facebook phone." That's according to a report from All Things, which says the phone is probably 12 to 18 months away from hitting store shelves.

Codenamed "Buffy" after the vampire slayer of the same name, the phone will run a modified version of Google's Android, but Facebook is reported to be tweaking the system "heavily."

HTC is known for modifying Android on its phones with its HTC Sense interface, and both Amazon and Barnes & Noble have created tablets with highly customized versions of the Android, so it's possible that Facebook is adopting a similar strategy.

Part of the package would be serving up Facebook apps via HTML5 support. This would allow users to play games like Farmville and Poker directly from the Facebook app. While most developers offer their apps as separate downloads from Facebook, that prevents them from tapping into active Facebook users, while cutting Facebook off from potential revenues. Buffy would presumably bridge the gap.

Both HTC and Facebook told media that they don't comment on rumor and speculation, though the Facebook spokesperson added, "Our mobile strategy is simple: we think every mobile device is better if it is deeply social. We're working across the entire mobile industry; with operators, hardware manufacturers, OS providers, and application developers to bring powerful social experiences to more people around the world."

The collaborative picture Facebook paints is a far cry from the ultra-competitive war among mobile platforms with Google, Apple, Facebook, and others vying for consumers' hearts and minds. Perhaps the most telling aspect of the rumored phone is the codename. With a name like Buffy, the Facebook phone's mission is clear: slay all comers.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Facebook & HTC Developing Facebook Phone Codenamed "Buffy""https://www.voiceofgreyhat.com/2011/11/facebook-htc-developing-facebook-phone.html</a>

Google TV Update For Android 3.1 (Honeycomb)

Google announced on its Google TV blog Friday that the platform will be upgraded to Android 3.1 (otherwise known as Honeycomb) for Sony devices Sunday, with the Logitech Revue set-top box getting its upgrade "soon thereafter." What will you get with this software upgrade to Android? Google says it's "much simpler." Its customization capabilities will go a long way toward alleviating the awkwardness of its first iteration, which Google admits was "not perfect."
And the addition of the Android Market will open up a variety of applications, with the promise of more -- perhaps thousands more -- on the way. One welcome improvement will be an easier ability to search across all the TV shows at your disposal. With this update, Google's trying to answer that age-old question, "What's on?" If Google can pull that off, it could be a powerful thing indeed. The company says it has learned from its mistakes with the first version of Google TV and is "committed to find the best way to discover and engage with the high-quality entertainment on your television." So does that mean Google TV will be able to find all the shows from whichever cable or satellite provider you're subscribing to, or from the web via all of the apps within Google TV, such as Netflix, Amazon Instant Video, and HBO Go? Maybe. Of course, Google plans to improve Google TV's search across YouTube, its own video streaming service.
In the blog post, Google also hinted at future software updates (Ice Cream Sandwich, anyone?) and new devices "on new chipsets from multiple hardware partners." Hey, this is getting interesting.
We'll have to reserve judgment until we can install this software update on our Logitech Revue box, but for now, clearly this update has great potential. It makes perfect sense for Google -- purveyor of Android, the Chrome browser, YouTube and by the way, the world's search expert -- to leverage these powerful capabilities in its TV set-top. The hurdle Google needs to navigate is not so much a technical or software one, but a matter of negotiating and arm-twisting of content providers. Will the company gain cooperation from TV networks and movie studios, allowing their content to be searchable on the Google TV platform? That's the key to Google TV's success.

• To see the google TV blog post click Here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Google TV Update For Android 3.1 (Honeycomb)"https://www.voiceofgreyhat.com/2011/11/google-tv-update-for-android-31.html</a>

Security Flaws in Amazon Silk (The Cloud-Based) Web Browser

Amazon Silk, the cloud-based Web browser for the leading US online retailer’s Kindle Fire tablet, received mix reactions from users re privacy, especially on features with high risks of endangering data confidentiality.
The Amazon Silk Web browser rides on the high-speed and powerful connection offered by the company’s own Elastic Cloud Computing (EC2) service to reduce page load times.
The online retailer apparently boasts on this split browser architecture, which Opera Software ASA already used on its lightweight Opera Mini browser since 2005. Concerning security, the Amazon Silk Web browser stores all the visited sites of any user that are easily accessible to law enforcement agencies by request. Amazon’s servers will act as MITM, or man-in-the-middle, proxy for HTTPS requests, giving the company enough ability to tap on secure communications. Fortunately, the Web browser comes with an offline/off-cloud feature to stop sharing sensitive data to the servers. However, this Amazon Silk functionality is not set to default so most users will likely not notice of having one and use it.

-News Source (Social Barrel)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Security Flaws in Amazon Silk (The Cloud-Based) Web Browser"https://www.voiceofgreyhat.com/2011/10/security-flaws-in-amazon-silk-cloud.html</a>

‘Unauthorized’ Autobiography of Julian Assange Released

The highly anticipated autobiography of WikiLeaks founder Julian Assange hit bookshelves here on Thursday — released without Assange’s consent and following a spectacular falling-out with his publisher. Three months ago, Assange tried to cancel the contract for the autobiography, for which he reportedly was paid more than $1 million. But as the 40-year-old Australian knows better than most, objecting to the release of information is no guarantee that it will be withheld.
Edinburgh, Scotland, publisher Canongate Books said it decided to publish an “unauthorized first draft” of the autobiography, noting that Assange has not repaid his advance, which is tied up in legal fees.
Assange has hit back at Canongate in a lengthy statement, accusing the publisher of “profiteering from an unfinished and erroneous draft.” The 244-page memoir traces Assange’s life from his early years in Queensland, Australia, through to the founding of the whistleblowing Web site that has embarrassed the U.S. government with its release of thousands of diplomatic cables.
Assange devotes an entire chapter to allegations of sexual misconduct with two Swedish women, which he staunchly denies. Perhaps the women were motivated by revenge, he says, or perhaps he was set up. He claims a Western intelligence agency warned him that the U.S. government was discussing ways to deal with him “illegally,” which could include an elaborate trap. Speaking at length about his version of events with women he calls “A” and “W,” Assange writes: “I may be a chauvinist pig of some sort but I am no rapist.”
According to extracts published Thursday in the Independent, he also writes: “The international situation had me in its grip, and although I had spent time with these women, I wasn’t paying enough attention to them, or ringing them back, or able to step out of the zone that came down with all these threats and statements against me in America. One of my mistakes was to expect them to understand this . . . I wasn’t a reliable boyfriend, or even a very courteous sleeping partner, and this began to figure. Unless, of course, the agenda had been rigged from the start.”
Assange didn’t respond to requests for an interview. But in his statement, he disputed the publisher’s version of events — saying that when he tried to cancel the contract, he was seeking a new one with an extended deadline in light of his legal battles. He said: “This book was meant to be about my life’s struggle for justice through access to knowledge. It has turned into something else. The events surrounding its unauthorized publication by Canongate are not about freedom of information — they are about old-fashioned opportunism and duplicity.”
On Twitter, WikiLeaks wrote that “Life is stranger than fiction,” and offered a helpful link to Amazon for anyone seeking to buy the book. When Canongate signed up Assange last December, it was seen as a fantastic coup for the relatively small publisher, who went on to sell the book rights to 38 publishing houses around the globe, including Alfred A. Knopf in the U.S. Canongate said in a statement that Assange sat for 50-plus hours of interviews with a ghost writer at the Georgian manor home northeast of London where Assange currently lives under partial house arrest as he fights an extradition warrant to Sweden. Canongate said that “Julian became increasingly troubled by the thought of publishing an autobiography.” While every word in the book is Assange’s, Canongate said, Assange came to feel it was too personal. Despite pulling the ghostwriter off the project and offering Assange more control, the publisher said, Assange didn’t offer a single edit or additional material while the book was being completed.
Knopf said in a statement that it had cancelled plans to publish the memoir in the United States. “The author did not complete his work on the manuscript or deliver a book to us in accordance with our agreement,” Knopf said. Assange told the Sunday Times last December that he was reluctant to write a memoir, but that he needed the money.
“I don’t want to write this book, but I have to,” he said. “I have already spent £200,000 for legal costs and I need to defend myself and to keep WikiLeaks afloat.”

-News Source (Washington Post)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">‘Unauthorized’ Autobiography of Julian Assange Released"https://www.voiceofgreyhat.com/2011/09/unauthorized-autobiography-of-julian.html</a>

Suspected LulzSec and Anonymous Members Got Busted

Four men have been arrested in separate parts of the UK by police investigating the hacker groups Anonymous and LulzSec. The suspects - from Doncaster, Warminster, Northampton and London - are being questioned by Scotland Yard's e-Crime unit. Their arrests are part of a wider operation involving UK law enforcement and the FBI. At the same time, 14 suspected members of Anonymous appeared in a US court.
Authorities around the world have been rounding up suspects following a wave of attacks by both groups on major corporations and government institutions.
Amazon, PayPal, the CIA, US Senate and the UK's Serious Organised Crime Agency have all suffered either intrusions or denial of service attacks, designed to take their websites offline.

Mass arrests:-

In the latest round of British arrests, police detained 20-year-old Christopher Weatherhead from Northampton and 26-year-old Ashley Rhodes from Kennington, near London. The pair are due to appear at Westminster Magistrates Court on 7 September. Detectives also arrested a 24-year-old man from Doncaster, and a 20-year-old from Wiltshire for conspiring to commit offences under the Computer Misuse Act 1990. In the United States, a mass court appearance saw 14 suspected Anonymous members appear before a judge in San Jose, California. All of them denied being involved in a denial of service attack on PayPal's website in December 2010. Anonymous had publicly declared its intent to target both PayPal and Amazon for, what the group perceived as, their complicity in isolating whistle blowing website Wikileaks. Following the leaking of confidential US State Department memos, PayPal stopped processing donations to Wikileaks, while Amazon kicked the site off its web hosting service.

-News Source (BBC)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Suspected LulzSec and Anonymous Members Got Busted"https://www.voiceofgreyhat.com/2011/09/suspected-lulzsec-and-anonymous-members.html</a>

Google CEO Larry Page said G+ Hit 10M Users in 2 Weeks

Google's Facebook competitor Google Plus grew to 10 million users in just two weeks, the company announced Thursday.
That's only a bit more than 1 percent of Facebook's 750 million global users, but it still represents staggering growth for Google's infant social network, which isn't yet open to the public. The site remains in a "limited" trial phase.
"Growth on Google has been great," Google CEO Larry Page said on a conference call with analysts. 

"Over 10 million have joined. That's a great achievement for the team. There has been a ton of activity."

Page said more than 1 billion items are being shared on the network every day. The " 1" button, which populates search results with friends' recommendations, has been clicked 2.3 billion times a day.
Google represents a part of the new CEO's grand vision for the 13-year old company. Despite Google's position as the worldwide leader in search, Page has opted to treat the company as a startup, increasing hiring and starting several new initiatives. 

"Today, I see more opportunities for Google than ever before; we're just at the beginning of what we want to do," Page said. "We're only at 1 percent of what's possible. Google's just getting started."

Accordingly, Google continued its hiring spree in the second quarter, upping its headcount by nearly 9 percent, or 2,500 employees -- including 450 from the acquisition of flight data company ITA .
The company also has spent freely, putting more than $900 million into its infrastructure during the quarter, including expanding its massive data centers. The company says it expects to continue to make "significant" capital expenditures going forward.
Google says all that spending will keep the company ahead of its rivals.

The past quarter has been a busy one. In addition to Google , the company started selling its Chromebook line of laptops aimed at current Microsoft corporate clients and launched its Music application to compete with Apple's iTunes and Amazon's Cloud Drive.
The company also unveiled Google Wallet, which will allow customers to pay for items using their smartphones, and it launched Google Offers, a Groupon competitor.
But Google also shut down several products that weren't working, such as Google Health and PowerMeter.
"Our focus is more wood behind fewer arrows," said Page. "I'm very happy with our progress."
Still, the free spending has made some stock analysts cautious. Page lashed back at that criticism, noting that when Google started its search engine, no one believed the company could monetize that besides the occasional banner ad.

"Fast forward to today, it seems like we're playing the same movie all over again," he said.

The world's online search leader said its net income in the second quarter rose to $2.5 billion, up 36 percent from a year earlier.
Results included one-time charges totaling $1.06 per share. Without the charges, Google said it earned $8.74 per share. Analysts polled by Thomson Reuters, who typically exclude one-time items from their estimates, had forecast earnings of $7.85 per share.
Profit rose as both the number of clicks on Google's ads and the amount that advertising partners pay per click increased substantially: Paid clicks surged 18 percent and cost per click grew 12 percent compared to last year.

Sales for the Mountain View, Calif., company rose 32 percent to $9 billion. Excluding advertising sales that Google shares with partners, a figure also known as traffic acquisition costs, the company reported revenue of $6.9 billion, which topped analysts' forecasts of $6.6 billion.
Shares of Google jumped 12 percent after hours.
Still, not all the news has been positive for Google, which has recently landed in antitrust crosshairs.

The Federal Trade Commission began investigating the company for evidence of abusive practices, and a federal judge rejected Google's planned settlement deal in its attempt to create a universal online book library.
The Department of Justice also heavily scrutinized the company's recent purchase of flight data software company ITA, and Google set aside $500 million for a potential settlement with the DOJ regarding the company's advertising practices. The DOJ is currently studying Google's proposed $400 million purchase of digital advertising toolmaker Admeld.
Late last month, French search company 1plusV said it would seek $423 million in damages from the American search giant over alleged anti-competitive practices.

-The News Source (Chicago Tribune)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Google CEO Larry Page said G+ Hit 10M Users in 2 Weeks"https://www.voiceofgreyhat.com/2011/07/google-ceo-larry-page-said-g-hit-10m.html</a>

Nmap 5.59 BETA1 (With 40 new NSE scripts)

Nmap 5.59 BETA1 released. This version includes 40 new NSE scripts (plus improvements to many others), even more IPv6 goodness than the informal World IPv6 Day release, 7 new NSE protocol libraries and hundreds of bug fixes! This release also expands and improves IPv6 support!

o [NSE] Added 40 scripts, bringing the total to 217!  You can learn
 more about any of them at http://nmap.org/nsedoc/. Here are the new
 ones (authors listed in brackets):

 + afp-ls: Lists files and their attributes from Apple Filing
   Protocol (AFP) volumes. [Patrik Karlsson]

 + backorifice-brute: Performs brute force password auditing against
   the BackOrifice remote administration (trojan) service. [Gorjan
   Petrovski]

 + backorifice-info: Connects to a BackOrifice service and gathers
   information about the host and the BackOrifice service
   itself. [Gorjan Petrovski]

 + broadcast-avahi-dos: Attempts to discover hosts in the local
   network using the DNS Service Discovery protocol, then tests
   whether each host is vulnerable to the Avahi NULL UDP packet
   denial of service bug (CVE-2011-1002). [Djalal Harouni]

 + broadcast-netbios-master-browser: Attempts to discover master
   browsers and the Windows domains they manage. [Patrik Karlsson]

 + broadcast-novell-locate: Attempts to use the Service Location
   Protocol to discover Novell NetWare Core Protocol (NCP)
   servers. [Patrik Karlsson]

 + creds-summary: Lists all discovered credentials (e.g. from brute
   force and default password checking scripts) at end of scan.
   [Patrik Karlsson]

 + dns-brute: Attempts to enumerate DNS hostnames by brute force
   guessing of common subdomains. [Cirrus]

 + dns-nsec-enum: Attempts to discover target hosts' services using
   the DNS Service Discovery protocol. [Patrik Karlsson]

 + dpap-brute: Performs brute force password auditing against an
   iPhoto Library. [Patrik Karlsson]

 + epmd-info: Connects to Erlang Port Mapper Daemon (epmd) and
   retrieves a list of nodes with their respective port
   numbers. [Toni Ruottu]

 + http-affiliate-id: Grabs affiliate network IDs (e.g. Google
   AdSense or Analytics, Amazon Associates, etc.) from a web
   page. These can be used to identify pages with the same
   owner. [Hani Benhabiles, Daniel Miller]

 + http-barracuda-dir-traversal: Attempts to retrieve the
   configuration settings from a Barracuda Networks Spam & Virus
   Firewall device using the directory traversal vulnerability
   described at
   http://seclists.org/fulldisclosure/2010/Oct/119. [Brendan Coles]

 + http-cakephp-version: Obtains the CakePHP version of a web
   application built with the CakePHP framework by fingerprinting
   default files shipped with the CakePHP framework. [Paulino
   Calderon]

 + http-majordomo2-dir-traversal: Exploits a directory traversal
   vulnerability existing in the Majordomo2 mailing list manager to
   retrieve remote files. (CVE-2011-0049). [Paulino Calderon]

 + http-wp-plugins: Tries to obtain a list of installed WordPress
   plugins by brute force testing for known plugins. [Ange Gutek]

 + ip-geolocation-geobytes: Tries to identify the physical location
   of an IP address using the Geobytes geolocation web service
   (http://www.geobytes.com/iplocator.htm). [Gorjan Petrovski]

 + ip-geolocation-geoplugin: Tries to identify the physical location
   of an IP address using the Geoplugin geolocation web service
   (http://www.geoplugin.com/). [Gorjan Petrovski]

 + ip-geolocation-ipinfodb: Tries to identify the physical location
   of an IP address using the IPInfoDB geolocation web service
   (http://ipinfodb.com/ip_location_api.php). [Gorjan Petrovski]

 + ip-geolocation-maxmind: Tries to identify the physical location of
   an IP address using a Geolocation Maxmind database file (available
   from http://www.maxmind.com/app/ip-location). [Gorjan Petrovski]

 + ldap-novell-getpass: Attempts to retrieve the Novell Universal
   Password for a user. You must already have (and include in script
   arguments) the username and password for an eDirectory server
   administrative account. [Patrik Karlsson]

 + mac-geolocation: Looks up geolocation information for BSSID (MAC)
   addresses of WiFi access points in the Google geolocation
   database. [Gorjan Petrovski]

 + mysql-audit: Audit MySQL database server security configuration
   against parts of the CIS MySQL v1.0.2 benchmark (the engine can
   also be used for other MySQL audits by creating appropriate audit
   files).  [Patrik Karlsson]

 + ncp-enum-users: Retrieves a list of all eDirectory users from the
   Novell NetWare Core Protocol (NCP) service. [Patrik Karlsson]

 + ncp-serverinfo: Retrieves eDirectory server information (OS
   version, server name, mounts, etc.) from the Novell NetWare Core
   Protocol (NCP) service. [Patrik Karlsson]

 + nping-brute: Performs brute force password auditing against an
   Nping Echo service. [Toni Ruottu]

 + omp2-brute: Performs brute force password auditing against the
   OpenVAS manager using OMPv2. [Henri Doreau]

 + omp2-enum-targets: Attempts to retrieve the list of target systems
   and networks from an OpenVAS Manager server. [Henri Doreau]

 + ovs-agent-version: Detects the version of an Oracle OVSAgentServer
   by fingerprinting responses to an HTTP GET request and an XML-RPC
   method call. [David Fifield]

 + quake3-master-getservers: Queries Quake3-style master servers for
   game servers (many games other than Quake 3 use this same
   protocol). [Toni Ruottu]

 + servicetags: Attempts to extract system information (OS, hardware,
   etc.) from the Sun Service Tags service agent (UDP port
   6481). [Matthew Flanagan]

 + sip-brute: Performs brute force password auditing against Session
   Initiation Protocol (SIP -

http://en.wikipedia.org/wiki/Session_Initiation_Protocol)

   accounts.  This protocol is most commonly associated with VoIP
   sessions. [Patrik Karlsson]

 + sip-enum-users: Attempts to enumerate valid SIP user accounts.
   Currently only the SIP server Asterisk is supported. [Patrik
   Karlsson]

 + smb-mbenum: Queries information managed by the Windows Master
   Browser. [Patrik Karlsson]

 + smtp-vuln-cve2010-4344: Checks for and/or exploits a heap overflow
   within versions of Exim prior to version 4.69 (CVE-2010-4344) and
   a privilege escalation vulnerability in Exim 4.72 and prior
   (CVE-2010-4345). [Djalal Harouni]

 + smtp-vuln-cve2011-1720: Checks for a memory corruption in the
   Postfix SMTP server when it uses Cyrus SASL library authentication
   mechanisms (CVE-2011-1720).  This vulnerability can allow denial
   of service and possibly remote code execution. [Djalal Harouni]

 + snmp-ios-config: Attempts to downloads Cisco router IOS
   configuration files using SNMP RW (v1) and display or save
   them. [Vikas Singhal, Patrik Karlsson]

 + ssl-known-key: Checks whether the SSL certificate used by a host
   has a fingerprint that matches an included database of problematic
   keys. [Mak Kolybabi]

 + targets-sniffer: Sniffs the local network for a configurable
   amount of time (10 seconds by default) and prints discovered
   addresses. If the newtargets script argument is set, discovered
   addresses are added to the scan queue. [Nick Nikolaou]

 + xmpp: Connects to an XMPP server (port 5222) and collects server
   information such as supported auth mechanisms, compression methods
   and whether TLS is supported and mandatory. [Vasiliy Kulikov]

o Nmap has long supported IPv6 for basic (connect) port scans, basic
 host discovery, version detection, Nmap Scripting Engine.  This
 release dramatically expands and improves IPv6 support:
 + IPv6 raw packet scans (including SYN scan, UDP scan, ACK scan,
   etc.) are now supported. [David, Weilin]
 + IPv6 raw packet host discovery (IPv6 echo requests, TCP/UDP
   discovery packets, etc.) is now supported. [David, Weilin]
 + IPv6 traceroute is now supported [David]
 + IPv6 protocol scan (-sO) is now supported, including creating
   realistic headers for many protocols. [David]
 + IPv6 support to the wsdd, dnssd and upnp NSE libraries. [Daniel
   Miller, Patrik]
 + The --exclude and --excludefile now support IPV6 addresses with
   netmasks.  [Colin]

o Scanme.Nmap.Org (the system anyone is allowed to scan for testing
 purposes) is now dual-stacked (has an IPv6 address as well as IPv4)
 so you can scan it during IPv6 testing.  We also added a DNS record
 for ScanmeV6.nmap.org which is IPv6-only. See
 http://seclists.org/nmap-dev/2011/q2/428. [Fyodor]

o The Nmap.Org website as well as sister sites Insecure.Org,
 SecLists.Org, and SecTools.Org all have working IPv6 addresses now
 (dual stacked). [Fyodor]

o Nmap now determines the filesystem location it is being run from and
 that path is now included early in the search path for data files
 (such as nmap-services).  This reduces the likelihood of needing to
 specify --datadir or getting data files from a different version of
 Nmap installed on the system.  For full details, see
 http://nmap.org/book/data-files-replacing-data-files.html.  Thanks
 to Solar Designer for implementation advice. [David]

o Created a page on our SecWiki for collecting Nmap script ideas! If
 you have a good idea, post it to the incoming section of the page.
 Or if you're in a script writing mood but don't know what to write,
 come here for inspiration: https://secwiki.org/w/Nmap_Script_Ideas.

o The development pace has greatly increased because Google (again)
 sponsored a 7 full-time college and graduate student programmer
 interns this summer as part of their Summer of Code program!
 Thanks, Google Open Source Department!  We're delighted to introduce
 the team: http://seclists.org/nmap-dev/2011/q2/312

o [NSE] Added 7 new protocol libraries, bringing the total to 66.  You
 can read about them all at http://nmap.org/nsedoc/. Here are the new
 ones (authors listed in brackets):

 + creds: Handles storage and retrieval of discovered credentials
   (such as passwords discovered by brute force scripts). [Patrik
   Karlsson]

 + ncp: A tiny implementation of Novell Netware Core Protocol
   (NCP). [Patrik Karlsson]

 + omp2: OpenVAS Management Protocol (OMP) version 2 support. [Henri
   Doreau]

 + sip: Supports a limited subset of SIP commands and
   methods. [Patrik Karlsson]

 + smtp: Simple Mail Transfer Protocol (SMTP) operations. [Djalal
   Harouni]

 + srvloc: A relatively small implementation of the Service Location
   Protocol. [Patrik Karlsson]

 + tftp: Implements a minimal TFTP server. It is used in
   snmp-ios-config to obtain router config files.[Patrik Karlsson]

o Improved Nmap's service/version detection database by adding:
 + Apple iPhoto (DPAP) protocol probe [Patrik]
 + Zend Java Bridge probe [Michael Schierl]
 + BackOrifice probe [Gorjan Petrovski]
 + GKrellM probe [Toni Ruotto]
 + Signature improvements for a wide variety of services (we now have
   7,375 signatures)

o [NSE] ssh-hostkey now additionally has a postrule that prints hosts
 found during the scan which share the same hostkey. [Henri Doreau]

o [NSE] Added 300+ new signatures to http-enum which look for admin
 directories, JBoss, Tomcat, TikiWiki, Majordomo2, MS SQL, WordPress,
 and more. [Paulino]

o Made the final IP address space assignment update as all available
 IPv4 address blocks have now been allocated to the regional
 registries.  Our random IP generation (-iR) logic now only excludes
 the various reserved blocks.  Thanks to Kris for years of regular
 updates to this function!

o [NSE] Replaced http-trace with a new more effective version. [Paulino]

o Performed some output cleanup work to remove unimportant status
 lines so that it is easier to find the good stuff! [David]

o [Zenmap] now properly kills Nmap scan subprocess when you cancel a
 scan or quit Zenmap on Windows. [Shinnok]

o [NSE] Banned scripts from being in both the "default" and
 "intrusive" categories.  We did this by removing dhcp-discover and
 dns-zone-transfer from the set of scripts run by default (leaving
 them "intrusive"), and reclassifying dns-recursion, ftp-bounce,
 http-open-proxy, and socks-open-proxy as "safe" rather than
 "intrusive" (keeping them in the "default" set).

o [NSE] Added a credential storage library (creds.lua) and modified
 the brute library and scripts to make use of it. [Patrik]

o [Ncat] Created a portable version of ncat.exe that you can just drop
 onto Microsoft Windows systems without having to run any installer
 or copy over extra library files. See the Ncat page
 (http://nmap.org/ncat/) for binary downloads and a link to build
 instructions. [Shinnok]

o Fix a segmentation fault which could occur when running Nmap on
 various Android-based phones.  The problem related to NULL being
 passed to freeaddrinfo(). [David, Vlatko Kosturjak]

o [NSE] The host.bin_ip and host.bin_ip_src entries now also work with
 16-byte IPv6 addresses. [David]

o [Ncat] Updated the ca-bundle.crt list of trusted certificate
 authority certificates. [David]

o [NSE] Fixed a bug in the SMB Authentication library which could
 prevent concurrently running scripts with valid credentials from
 logging in. [Chris Woodbury]

o [NSE] Re-worked http-form-brute.nse to better autodetect form
 fields, allow brute force attempts where only the password (no
 username) is needed, follow HTTP redirects, and better detect
 incorrect login attempts. [Patrik, Daniel Miller]

o [Zenmap] Changed the "slow comprehensive scan" profile's NSE script
 selection from "all" to "default or (discovery and safe)"
 categories.  Except for testing and debugging, "--script all" is
 rarely desirable.

o [NSE] Added the stdnse.silent_require method which is used for
 library requires that you know might fail (e.g. "openssl" fails if
 Nmap was compiled without that library).  If these libraries are
 called with silent_require and fail to load, the script will cease
 running but the user won't be presented with ugly failure messages
 as would happen with a normal require. [Patrick Donnelly]

o [Ncat] ncat now listens on both localhost and ::1 when you run ncat
 -l. It works as before if you specify -4 or -6 or a specific
 address. [Colin Rice]

o [Zenmap] Fixed a bug in topology mapper which caused endpoints
 behind firewalls to sometimes show up in the wrong place (see
 http://seclists.org/nmap-dev/2011/q2/733).  [Colin Rice]

o [Zenmap] If you scan a system twice, any open ports from the first
 scan which are closed in the 2nd will be properly marked as
 closed. [Colin Rice].

o [Zenmap] Fixed an error that could cause a crash ("TypeError: an
 integer is required") if a sort column in the ports table was unset.
 [David]

o [Ndiff] Added nmaprun element information (Nmap version, scan date,
 etc.) to the diff.  Also, the Nmap banner with version number and
 data is now only printed if there were other differences in the
 scan. [Daniel Miller, David, Dr. Jesus]

o [NSE] Added nmap.get_interface and nmap.get_interface_info functions
 so scripts can access characteristics of the scanning interface.
 Removed nmap.get_interface_link. [Djalal]

o Fixed an overflow in scan elapsed time display that caused negative
 times to be printed after about 25 days. [Daniel Miller]

o Updated nmap-rpc from the master list, now maintained by IANA.
 [Daniel Miller, David]

o [Zenmap] Fixed a bug in the option parser: -sN (null scan) was
 interpreted as -sn (no port scan). This was reported by
 Shitaneddine. [David]

o [Ndiff] Fixed the Mac OS X packages to use the correct path for
 Python: /usr/bin/python instead of /opt/local/bin/python. The bug
 was reported by Wellington Castello. [David]

o Removed the -sR (RPC scan) option--it is now an alias for -sV
 (version scan), which always does RPC scan when an rpcinfo service
 is detected.

o [NSE] Improved the ms-sql scripts and library in several ways:
 - Improved version detection and server discovery
 - Added support for named pipes, integrated authentication, and
   connecting to instances by name or port
 - Improved script and library stability and documentation.
 [Patrik Karlsson, Chris Woodbury]

o [NSE] Fixed http.validate_options when handling a cookie table.
 [Sebastian Prengel]

o Added a Service Tags UDP probe for port 6481/udp. [David]

o [NSE] Enabled firewalk.nse to automatically find the gateways at
 which probes are dropped and fixed various bugs. [Henri Doreau]

o [Zenmap] Worked around a pycairo bug that prevented saving the
 topology graphic as PNG on Windows: "Error Saving Snapshot:
 Surface.write_to_png takes one argument which must be a filename
 (str), file object, or a file-like object which has a 'write' method
 (like StringIO)". The problem was reported by Alex Kah. [David]

o The -V and --version options now show the platform Nmap was compiled
 on, which features are compiled in, the version numbers of libraries
 it is linked against, and whether the libraries are the ones that
 come with Nmap or the operating system.  [Ambarisha B., David]

o Fixed some inconsistencies in nmap-os-db reported by Xavier Sudre
 from netVigilance.

o The Nmap Win32 uninstaller now properly deletes nping.exe. [Fyodor]

o [NSE] Added a shortport.ssl function which can be used as a script
 portrule to match SSL services.  It is similar in concept to our
 existing shortport.http. [David]

o Set up the RPM build to use the compat-glibc and compat-gcc-34-c++
 packages (on CentOS 5.3) to resolve a report of Nmap failing to run
 on old versions of Glibc. [David]

o We no longer support Nmap on versions of Windows earlier than XP
 SP2.  Even Microsoft no longer supports Windows versions that old.
 But if you must use Nmap on such systems anyway, please see

https://secwiki.org/w/Nmap_On_Old_Windows_Releases.

o There were hundreds of other little bug fixes and improvements
 (especially to NSE scripts).  See the SVN logs for revisions 22,274
 through 24,460 for details.

To Download Nmap 5.59 BETA 1 Click HERE

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Nmap 5.59 BETA1 (With 40 new NSE scripts)"https://www.voiceofgreyhat.com/2011/07/nmap-559-beta1-with-40-new-nse-scripts.html</a>

Anonymous Gave Warrig to NATO

Responding to a recent report from the North Atlantic Treaty Organization condemning  Anonymous, the online "hacktivist" group has issued a public response warning the global organization not to challenge it. Claiming that the NATO report singled it out as a threat to "government and the people," Anonymous defended some of its recent actions in the name of freedom and dissent. In its message (Google cached version), it also asserted that NATO fears the group not because it's a "threat to society," but because it's a "threat to the established hierarchy."

Issued last month by Lord Joplin, general rapporteur of NATO, the report warned member nations about the rising threat of "hacktivism," or carrying out cyberattacks for political purposes. Singling out Anonymous, NATO described several of the group's most recent actions, including the distributed denial-of-service attacksagainst MasterCard, Visa, PayPal, Amazon, and others that had cut off services for WikiLeaks.

Noting that Anonymous has become more sophisticated, the NATO report cautioned that it could hack into sensitive government, military, and corporate information and described a strong response against the group. "Today, the ad hoc international group of hackers and activists is said to have thousands of operatives and has no set rules or membership," said the report. "It remains to be seen how much time Anonymous has for pursuing such paths. The longer these attacks persist the more likely countermeasures will be developed, implemented, the groups will be infiltrated and perpetrators persecuted." In its response, Anonymous tried to soften its stance in parts by saying that it doesn't want to threaten anyone's way of life or terrorize any nation. But it made clear its reaction to NATO's report. "Finally, do not make the mistake of challenging Anonymous," warned Anonymous in its message. "Do not make the mistake of believing you can behead a headless snake. If you slice off one head of Hydra, ten more heads will grow in its place. If you cut down one Anon, ten more will join us purely out of anger at your trampling of dissent." NATO's report also provided a larger look into the growing danger of cyberattacks and how governments should respond to them. In the report, Joplin asked the question of how NATO should react if one of its member nations was the victim of a cyberattack. "Can one invoke Article 5 of the Washington Treaty after a cyber attack?" asked the report. "And what response mechanisms should the Alliance employ against the attacker? Should the retaliation be limited to cyber means only, or should conventional military strikes also be considered? Both the U.S. and the U.K. have recently made their own positions clear--that they consider cyberwarfare another form of warfare, and one potentially subject to a response using conventional military weapons.

 You May also Like this one:- 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Anonymous Gave Warrig to NATO"https://www.voiceofgreyhat.com/2011/06/anonymous-gave-warrig-to-nato.html</a>