(#OpFreeKorea) Anonymous Breached Uriminzokkiri, Stolen 15k User Data & Hijacked Twitter, Flickr Account

Anonymous Breached Uriminzokkiri.com, Stolen 15K User Data & Hijacked Twitter, Flickr Account (#OpFreeKorea)

Anonymous the most organized and infamous hacktivist group of the world have targeted the cyber fence of North Korea, and the hacking campaign started with the hack of propaganda site Uriminzokkiri.com. The attack had been executed in different steps, first the hacker group calling them selves 'Anonymous Korea' managed to gain access inside Uriminzokkiri and claimed to have stolen more than 15,000 user data (including the names, email addresses, passwords and dates of birth & many more) and later they defaced the website. Uriminzokkiri's main site was offline till Thursday morning. Not only the data breach and defacement, Anonymous affiliated hackers continued their chariots of cyber attack, which then hit the official twitter and Flickr account belongs to Uriminzokkiri. Both the twitter feed and flickr photos have been replaced by the hacker group with anti-North Korea messages. In their message Anonymous boldly demanded that Kim Jong-Un resign and installs free democracy in North Korea while saying Kim Jong as "threatening world peace." Meanwhile Uriminzokkiri's official Twitter account picture had been changed to show two mask-wearing dancers, alongside the legend "Tango Down" and links to hacked companion sites as follows: Hacked uriminzokkiri.com, uriminzokkiri.com/itv, ryugyongclip.com

Notably the hackers posted a cartoon wanted poster of Kim Jong Un – "aka Nuke Nuke Mickey Lover" – with a list of his alleged crimes, including "threatening world peace with ICBMs and nuclear weapons," "wasting money while his people starve to death," and "concentration camps and the worst human rights violation in the world."

The entire cyber attack was done under the banner of Operation Free Korea also dubbed #OpFreeKorea. Hackers from Anonymous vows the North Korean government while claiming to have access to the country’s local intranets, mail servers and web servers. Anonymous hackers claimed to have taken five of the country’s websites offline over the weekend. "We are inside your local intranets, we are inside your mail servers, we are inside your web servers." said the twitter feed of Anonymous Korea. From one of the relevant source of Anonymous it is confirmed that the next activity for the Anonymous #OpFreeKorea campaign is slated as happening on April 19. 

#OpFreeKorea Press Release of Anonymous:-

Hello, citizens of the world.
We are Anonymous
North Korean government is increasingly becoming a threat to peace and freedom.
Don't misunderstand us: As well we disagree with the USA government too - these guys are crooks,
USA is a threat to world peace too, and direct democracy (or any kind of democracy) doesn't exist
there. The American government is a target and enemy of Anonymous as well!
This is not about country vs country - This is about we, the people, the 99% (of USA and of North
Korea) vs oppressing and violent regimes (like USA gov. and N.K. gov)!
We, the people, are gathering together because we are stronger now and we won't fight your wars
anymore, we won't eat your shit anymore!!!
We demand:
- N.K. government to stop making nukes and nuke-threats
- Kim Jong-un to resign
- it's time to install a free direct democracy in North Korea
- uncensored internet access for all the citizens!

Brief About Uriminzokkiri: Uriminzokkiri ("Our Nation") is based in China, but publishes news and propaganda from North Korea's state media and is considered one of Pyongyang's primary online mouthpieces. 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">(#OpFreeKorea) Anonymous Breached Uriminzokkiri, Stolen 15k User Data & Hijacked Twitter, Flickr Account "https://www.voiceofgreyhat.com/2013/04/OpFreeKorea-Anonymous-Breached-Uriminzokkiri.com.html</a>

Flicker Is Developing Their New Tool For Photo Hack Day

Just in time for the August 20-21 Photo Hack Day, Flickr has unleashed some new tools for providing real-time photo data to web apps.That means you can soon look forward to apps that make more extensive — and immediate — use of what’s going on in your Flickr photo stream and those of your friends.
Back in June, the photo-sharing service allowed developers to access photos and favorites from a user’s contacts in their applications using some of Flickr’s nifty PuSH API methods.
As Flickr’s “nils” noted in the Flickr developer blog, those methods were “pretty neat, but that barely scratches the surface of stuff that happens on Flickr that people might be interested in. So we added some more stuff to subscribe to.”
The new APIs make use of Pubsubhubbub (for instant notifications when something is published — say, a new photo) and allow developers to grab a lot more interesting data for their users, including:

    Photos of you
    Photos of your contacts
    Your photos and favorites
    Photos from a specific area (using geodata)
    Photos with a certain tag or tags
    Images from the Flickr Commons
    And, of course, photos and favorites from your contacts

When grabbing photos from the Commons, you can specify a particular institution or institutions to pull from — for example, you could just get pics from the Smithsonian and the White House. Or, you could scrape all photos and updates from the Flickr Commons in real time.
As for geodata, you can specify an area using a point and radius or a set of WOE IDs, the subscribe to images from that area. This would be handy for getting a real-time stream of photos of tourists “holding up” the Leaning Tower of Pisa, to name a terrible example that should never be implemented by anyone.
Etsy developer Kellan Elliot-McCrea was kind enough to post about how to get started with the new APIs, including some lovely PHP snippets.
Flickr will be at Photo Hack Day (or, more accurately, Photo Hack Weekend) in New York City this weekend. Flickr dev Paul Mison will be on hand to talk about the Flickr APIs and answer questions.

For More Information about Photo Hack Day click Here

-News Surce (Dev Beat & Photo Hack Day)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Flicker Is Developing Their New Tool For Photo Hack Day"https://www.voiceofgreyhat.com/2011/08/flicker-is-developing-their-new-tool.html</a>

Image-Based Zero-day Vulnerability in WordPress

Bilocating technology blogger Mark Maunder - he claims to live in Seattle and Cape Town concurrently, though I suspect he means consecutively, and I'll wager he wisely avoids winter in both of them - recently wrote about an intrusion to his WordPress site.

It turns out the backdoor was a previously-unexploited, or at least a previously-undocumented, flaw in a useful little WordPress addon, shared by many WordPress themes, called timthumb.

Timthumb is an 864-line PHP script which assists with automatic image resizing, thumbmailing and so forth. (It doesn't squeeze the image manipulation code into those 864 lines, but uses the third-party GD library.)

If you run WordPress and you have a file named timthumb.php, sometimes renamed to thumb.php, in your installation, you may be at risk.

Tracking down the mechanism behind his intrusion, Maunder identified three main problems with timthumb.php: poor default settings; poor verification of input data; and poor choice of file permissions for temporary files.

By default, the vulnerable version of timthumb allowed images from external sites to be accessed from your server. The default list is probably unsurprising: 

// external domains that are allowed to be displayed on your website

$allowedSites = array (

'flickr.com',

'picasa.com',

'img.youtube.com',

'upload.wikimedia.org',

);

But a better default would be an empty list, so that users who want to allow external files to be sourced by their own servers need to take steps to enable that capability.

If you use WordPress and timthumb and you don't need this capability, Maunder suggests simply editing the timthumb.php code to say $allowedSites = array(); in order to prevent remote file trickery.

Secondly, timthumb.php checked the sanity of remote URLs - to verify they really were in the list of allowed sites - by looking for the permitted domains somewherewere the hostname part:

in the hostname part of the URL, rather than making sure they

$isAllowedSite = false;

foreach ($allowedSites as $site) {

if (strpos (strtolower ($url_info['host']), $site) !== false) {

$isAllowedSite = true;

}

}

This code meant that a dodgy website name such as picasa.com.badsite.example would pass the test, simply because it contains the string picasa.com. Clearly, that is not what was intended.

Lastly, timthumb.php stored the files it generated in a cache directory which is inside the PHP directory tree. This is bad, because files generated from untrusted external content - files only ever intended to be displayed - needlessly became executable.

So if the cached file isn't an innocent image, but a remote access PHP Trojan (in Maunder's case, the attacker used a malicious remote console tool called Alucar), you're owned

If you are a web developer:

* Don't trust externally-sourced content by default. Force your users to think about what they really want.

* Check, test, check, test, check and test again your URL sanitisation code. Build a decent test suite and verify your code against it every time you release an update.

* Keep files which are only ever supposed to be used as data - especially remotely-sourced files - outside the directory tree where your server-side executable code lives.

If you run a WordPress installation:-

Check if any of the blogs you host use timthumb.php, and upgrade to the latest version. The dodgy strpos above has been replaced with a tighter match based on a regular expression, like this:

$isAllowedSite = false;

foreach ($allowedSites as $site) {

if (preg_match ('/(?:^|\.)' . $site . '$/i', $url_info['host'])) {

$isAllowedSite = true;

}

}

This doesn't fix all of the issues Maunder describes, but it's better than having a known hole in your site.

Many thanks to Mr Maunder for turning an attack on his site into a training tool to help the rest of us avoid a similar problem!

-News Source (NS)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Image-Based Zero-day Vulnerability in WordPress"https://www.voiceofgreyhat.com/2011/08/image-based-zero-day-vulnerability-in.html</a>