#ProjectWhiteFox -Team GhostShell Hacked 1.6 Million Accounts of NASA, ESA, Pentagon & FBI

#ProjectWhiteFox -Team GhostShell Hacked 1.6 Million Accounts of NASA, ESA, Pentagon & FBI

After the devastating "Project Blackstar" now the hacktivist group calling them selves "Team GhostShell" announced another big hack, where the hackers have targeted several big organizations. This round of cyber attack was going under the banner of #ProjectWhiteFox, in which GhostShell has posted log-in details of 1.6 million accounts they claim are taken from a series of attacks on organizations including NASA, FBI, European Space Agency and Pentagon, as well as many companies that partner with these organizations. The Anonymous subsidiary group has posted the details on Pastebin, while describing the aim of the hack; as part of their #ProjectWhiteFox campaign to promote hacktivism and freedom of information on the internet. The hacker group claimed that the leaked information contained log-in names, passwords, email addresses, CV & several other sensitive information. In their release GhostShell said - "For those two factors we have prepared a juicy release of 1.6 million accounts/records from fields such as aerospace, nanotechnology, banking, law, education, government, military, all kinds of wacky companies & corporations working for the department of defense, airlines and more."

GhostShell members also said that they have messaged security bosses about the insecurity a number of organizations they targeted during attacks throughout 2012, describing it as "an early Christmas present." 

In a Pastebin file, GhostShell features a list of 37 organizations and companies, including The European Space Agency, NASA’s Engineers: Center for Advanced Engineering, and a Defense Contractor for the Pentagon. GhostShell sets itself apart from other hacktivist groups by targeting more than just one company or organization, and then releasing the results of its attack all at once. This set of hacks is spread out across 456 links, many of which simply contain raw dump files uploaded to GitHub and mirrored on paste sites Slexy.org and PasteSite.com.

The uploaded files contain what appears to be user data that looks to have been obtained from the servers of the various firms (likely via SQL injection). The entries include IP addresses, names, logins, email addresses, passwords, phone numbers, and even home addresses. Email accounts include the big three (Gmail, Hotmail, and Yahoo), as well as many .gov accounts. There are also various documents and material related to partnerships between companies and government bodies, as well as sensitive information for the aforementioned industries. 

Furthermore, the group says it has sent an email to the ICS-CERT Security Operations Center, Homeland Security Information Network (HSIN), Lessons Learned and Information Sharing (LLIS), the FBI’s Washington Division and Seattle location, Flashpoint Intel Partners, Raytheon, and NASA. In it, they say to have detailed “another 150 vulnerable servers from the Pentagon, NASA, DHS, Federal Reserve, Intelligence firms, L-3 CyberSecurity, JAXA, etc.”

-Source (TNW)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">#ProjectWhiteFox -Team GhostShell Hacked 1.6 Million Accounts of NASA, ESA, Pentagon & FBI"https://www.voiceofgreyhat.com/2012/12/ProjectWhiteFox-TeamGhostShell-Hacked-1.6M-Accounts.html</a>

THC-IPv6 Attack Toolkit, A Tool to Attack the Inherent Protocol Weaknesses of IPV6 & ICMP6

THC-IPv6 Attack Toolkit, A Tool to Attack the Inherent Protocol Weaknesses of IPV6 & ICMP6

German hackers group, widely known as THC -The Hacker's Choice released an comprehensive attack toolkit for the IPv6 protocol suite named 'THC-IPv6 Attack Toolkit'. THC is the first group who is releasing such attacking tool for IPv6 protocol. According to the release note this is  a complete tool set to attack the inherent protocol weaknesses of IPV6 and ICMP6, and includes an easy to use packet factory library. It comprises of state-of-the-art tools for alive scanning, man-in-the-middle attacks, denial-of-service etc. which exploits inherent vulnerabilities in IPv6. 

Features at a Glance:- 

• parasite6: icmp neighbor solitication/advertisement spoofer, puts you as man-in-the-middle, same as ARP mitm (and parasite)
• alive6: an effective alive scanng, which will detect all systems listening to this address
• dnsdict6: parallized dns ipv6 dictionary bruteforcer
• fake_router6: announce yourself as a router on the network, with the highest priority
• redir6: redirect traffic to you intelligently (man-in-the-middle) with a clever icmp6 redirect spoofer
• toobig6: mtu decreaser with the same intelligence as redir6
• detect-new-ip6: detect new ip6 devices which join the network, you can run a script to automatically scan these systems etc.
• dos-new-ip6: detect new ip6 devices and tell them that their chosen IP collides on the network (DOS).
• trace6: very fast traceroute6 with supports ICMP6 echo request and TCP-SYN
• flood_router6: flood a target with random router advertisements
• flood_advertise6: flood a target with random neighbor advertisements
• exploit6: known ipv6 vulnerabilities to test against a target
• denial6: a collection of denial-of-service tests againsts a target
• fuzz_ip6: fuzzer for ipv6
• implementation6: performs various implementation checks on ipv6
• implementation6d: listen daemon for implementation6 to check behind a fw
• fake_mld6: announce yourself in a multicast group of your choice on the net
• fake_mld26: same but for MLDv2
• fake_mldrouter6: fake MLD router messages
• fake_mipv6: steal a mobile IP to yours if IPSEC is not needed for authentication
• fake_advertiser6: announce yourself on the network
• smurf6: local smurfer
• rsmurf6: remote smurfer, known to work only against linux at the moment
• sendpees6: a tool by willdamn(ad)gmail.com, which generates a neighbor solicitation requests with a lot of CGAs (crypto stuff ;-) to keep the CPU busy. nice.
• thcping6: sends a hand crafted ping6 packet [and about 25 more tools for you to discover]

For detailed information about the usage, library interface & so on click here. To Download THC-IPv6 Attack Toolkit Click Here (Linux Only). For those who are hearing the name THC first time, we want to give you reminder that before this tool, this German hackers group published few other hack tools like Hydra (Fastest Login Cracker), THC SSL Dos and so on. 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">THC-IPv6 Attack Toolkit, A Tool to Attack the Inherent Protocol Weaknesses of IPV6 & ICMP6"https://www.voiceofgreyhat.com/2012/10/THC-IPv6-Attack-Toolkit.html</a>

Iran Accused of Carrying out Cyber Attacks Against US Banks Over Anti Islamic Movie Issue

Iran Accused of Carrying out Cyber Attacks Against US Banks Over Anti Islamic Movie Issue

Since last few days, the conspiracy with the 'Anti Islamic Movie' was the headline in every where. We have seen global violence and a mass protest mainly came from Muslim brotherhood. This protest was also touched the internet, and as expected Muslim hackers joined the movement, which cost many damages for the cyber fence. Thousands of websites became victim of cyber attack, and among them several US banks also faced huge disturbance. This protest takes a new direction when Govt of Iran announced the blockage of Google Inc's search engine and its email service. "Google and Gmail will be filtered throughout the country until further notice," an official identified only by his last name, Khoramabadi, said, without giving further details. The Iranian Students' News Agency (ISNA) said Google ban was connected to the anti-Islamic film posted on the company's YouTube site which has caused outrage throughout the Muslim world. 

This stand of Iran Govt created a controversy, which make them responsible for carrying out cyber attacks against US banks. According to NBC news report US National Security officials accused the Iranian government for engaging cyber attacks against US Banks mainly Bank of America. But when the ball goes to Iran's side then they completely denies the blame, while saying "We officially announce that we haven't had any attacks," This statement came from the Head of Iran's civil defense agency Gholam Reza Jalali when he was asked about the report. The western media reports alleged on Friday that Muslim hackers have repeatedly attacked Bank of America Corp, JPMorgan Chase & Co and Citigroup Inc over the past year as part of a broad cyber campaign targeting the United States. Security sources told Chicago Tribune and NBC News that the attacks on the three largest US banks originated in Iran, but it is not clear if they were launched by the state, groups working on behalf of the government, or "patriotic" citizens. 

Here we want to refresh your memory while digging up a story, when Iran Govt decided a permanent Internet ban in Iran, where Iran Government has announced its plans to establish a National Intranet within five months. The Iranian minister for Information and Communications Technology, announced the setting up of a national Intranet and the effective blockage of services like Google, Gmail, Google Plus, Yahoo and Hotmail, in line with Iran's plan for a "clean Internet." And that five months is almost over, so may be the blockage of Google came due to that reason, or may be not. We suggest our readers that, it will be better if you ask yourself, that whether Iran was indeed responsible for the cyber attack or not??!!

-Source (Reuters, NBC & FARS News Agency)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Iran Accused of Carrying out Cyber Attacks Against US Banks Over Anti Islamic Movie Issue"https://www.voiceofgreyhat.com/2012/09/Iran-Accused-Cyber-Attack-Against-US-Banks.html</a>

Outlook.com -A New Email Service Introduced By Microsoft

Outlook.com -A New Email Service Introduced By Microsoft  

After successfully revamping it's popular mail service Hotmail through it's look and features with the name of 'Newmail', now the software giant Microsoft has launched a new email service that shares the name of its famed email software, Outlook. Outlook.com is accessible as a preview now, and anyone can sign up for an account. If you already have a Hotmail or Live email address, you can convert that to an Outlook.com address in the settings now. The old Hotmail/Live address remains active--users will still get mail sent to the old addresses--unless you explicitly choose to delete it. The interface is based on Metro, the user interface you see in Windows Phone and the upcoming Windows 8. This means you get a clean, uncluttered design and simple icons familiar to anyone who has used a Nokia Lumia smartphone. Microsoft is not requiring everyone that has a Hotmail account to switch to the new address, but it seems the plan is to eventually have everyone move over.

Research firm comScore says Hotmail has 41 million monthly unique visitors; AOL, 24 million. That makes them the No. 3 and No. 4 e-mail providers in the U.S., behind Yahoo Mail, with 84 million unique visitors, and Gmail, 68 million. Worldwide, more than 324 million people still use Hotmail monthly, making it the top provider globally. But Hotmail's user base is on the decline.

Like many email clients, you get a list of folders on the left navigation bar. What's interesting is the Quick Views dropdown below the folders, which lets you filter certain kinds of email. By default, it filters emails with documents or photos, flagged messages and those that give you shipping updates. That last one will be useful for those who frequently shop online and are always expecting packages. These categories can be customized to suit your needs.

With Outlook.com, you can also turn on a reading pane that lets you read the message either below or on the right of the email list. As a security measure, it shows a blank message by default, and not the first one in your inbox--you have to explicitly click on a message to show it, reducing the risk of being exposed to malicious emails by accident.

On the far right is an advertisement column. This shows a random selection, unlike Gmail, which uses targeted ads based on the content of your email messages. 

To find out more about the features and design of Outlook.com it will be best if you try it out yourself, just visit www.outlook.com and sign up for an account, or simply switch your current Hotmail/Live email to an Outlook.com one.

-Source (Outlook.com, Cnet)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Outlook.com -A New Email Service Introduced By Microsoft"https://www.voiceofgreyhat.com/2012/08/Outlook.com-New-Email-Service-Introduced-By-Microsoft.html</a>

Junaid Hussain aka "TriCk" -Former Leader of "TeaMp0isoN" Jailed

Junaid Hussain aka "TriCk" -Former Leader of "TeaMp0isoN" Jailed For 6 Months

Former leader of infamous hacker collective group TeaMp0isoN named Junaid Hussain also known as "TriCk" was sentenced to six months in prison for accessing the Gmail email account of former special adviser of Tony Blair and publishing details from her contacts database. Earlier in this year MI6 arrested the TriCk along with few other active members of TeaMp0isoN  who ware directly involved behind the Denial of Service attack on MI6 hotline. Hussain had previously pled guilty to the conspiracy and computer charges which arose from the publication of phone numbers and email addresses of Members of Parliament and the House of Lords and a separate event which left the national anti-terror hotline "permanently engaged" for three days. Hussain has also confessed to taking part in and leading members of the hacker group to attack the UK national Anti-Terrorist Hotline with hundreds of hoax phone calls and involvement with hacktivist Anonymous in #OpRobinHood, #OpCensorThis and few more. "Hussain's actions were foolish and irresponsible," said detective inspector Stewart Garrick of the Police Central E-crime Unit. "Today's sentencing emphasises the seriousness of his offence and should act as a deterrent to anyone else who feels that they can act in such a manner." 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Junaid Hussain aka "TriCk" -Former Leader of "TeaMp0isoN" Jailed"https://www.voiceofgreyhat.com/2012/08/TriCk-Former-Leader-of-TeaMp0isoN-Jailed.html</a>

Junaid Hussain aka "TriCk" -Former Leader of "TeaMp0isoN" Pleads Guilty

Junaid Hussain aka "TriCk" -TeaMp0isoN Leader Pleads Guilty at London's Southwark Crown Court

Earlier in this year MI6 arrested the leader of TeaMp0isoN code named "TriCk" along with few other active members who ware directly involved behind the Denial of Service attack on MI6 hotline. Few days later some other members of this hacker group tried to threaten the Govt while saying "it will fight back against the arrest of its members." But now all these efforts seems worthless because the leader of infamous hacker collective group "TeaMp0isoN" has pleaded guilty to stealing the address book details and other private data from former British Prime Minister Tony Blair in June of last year. According to the sources Junaid Hussain, also known as "TriCk", has now admitted to hacking into a Gmail email account belonging an advisor to Blair by the name of Katy Kay. 

Hussain, 18, from Birmingham, said that he used an ID "Trick" to access the aide's account and steal confidential data including addresses, phone numbers and email addresses belonging to Blair, his wife, and sister-in-law Lyndsye Booth, as well as Members of Parliament (MPs) and Members of the House of Lords. Ben Cooper, Hussain's lawyer, told the court that the offences had just been a prank. After admitting to conspiracy and computer charges at London's Southwark Crown Court, Judge Peter Testar granted Hussain bail until sentencing later this month, advising him to be "under no illusions" that he may go to prison. Hussain has also confessed to taking part in and leading members of the hacker group to attack the UK national Anti-Terrorist Hotline with hundreds of hoax phone calls and involvement with hacktivist Anonymous in #OpRobinHood, #OpCensorThis and few more.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Junaid Hussain aka "TriCk" -Former Leader of "TeaMp0isoN" Pleads Guilty"https://www.voiceofgreyhat.com/2012/07/junaid-hussain-aka-trick-former-leader.html</a>

Hacker Face $66,179 Fine & 5 Years Imprisonment For Leaking Nude Photo of Celebrities

Hacker Face $66,179 Fine & 5 Years Imprisonment For Leaking Nude Photo of Celebrities

According to US prosecutors the computer hacker who broke into the email accounts of celebrities including Scarlett Johansson, by automatically forwarding any email the hacked celebrities received to an account under the control of the hacker, by which the hacker was able to gain access to the actress's private correspondence and personal photographs and thus he leaked nude photographs of the stars online faces tough & big amount of penalties. Christopher Chaney, from Jacksonville, Florida, pleaded guilty to breaking into the Apple, Gmail and Yahoo email accounts of various female stars, including Mila Kunis and Scarlett Johansson.

According to the report of Dailymail prosecutors have filed documents at the US District Court in California, calling for 35-year-old Chaney to spend 71 months in prison, and pay over $150,000 in restitution.

Specifically, prosecutors are calling on Chaney to Pay:

• $7,500 to Christina Aguilera for semi-nude snaps, allegedly grabbed from her personal stylist's account.
• $66,179.46 to Scarlett Johansson.
• $76,767.35 to actress and singer Renee Olstead.

-News Source (NS)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Hacker Face $66,179 Fine & 5 Years Imprisonment For Leaking Nude Photo of Celebrities"https://www.voiceofgreyhat.com/2012/06/hacker-face-66179-fine-5-years.html</a>

'Newmail' -Microsoft Revamped & Renamed Hotmail To Rival Gmail

'Newmail' -Microsoft Revamped & Renamed Hotmail To Rival Gmail

While aiming to bring back millions of users software giant Microsoft is reportedly revamping its popular mail service Hotmail through it's look and features and preparing to re-launch it with the name of 'Newmail'. According to Daily mail- Microsoft is doing so to compete Google's Gmail service which has reached on the second position after Hotmail. It has reached up to 350-million users which was only 260 million in last October while Hotmail has some 360-millions. Microsoft has claimed it has a 'fluid and interactive design', which is expressly designed to work well on mobile devices such as phones or tablets. Newmail is understood to have a 'clean look' when it comes to the font that has been used for the labels in the inbox, which resembles its Google adversary. Newmail will initially be available on an opt-in basis to existing Hotmail customers, but Microsoft has not ruled out making it compulsory in future. The new email service will also be linked to Facebook and Twitter and will allow users to keep their contacts automatically in sync and see what their friends are doing on the service. The new name Newmail, however, appears to be just the title for the service and users will still have @hotmail email addresses.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">'Newmail' -Microsoft Revamped & Renamed Hotmail To Rival Gmail"https://www.voiceofgreyhat.com/2012/06/newmail-microsoft-revamped-renamed.html</a>

Gmail Hacked!! State-Sponsored Attackers Accessing Millions of Gmail Accounts Illegally

Gmail Hacked!! State-Sponsored Attackers Accessing Millions of Gmail Accounts Illegally

This year cyber criminals became very busy while penetrating security systems of many leading Industries. Last week we have seen hackers had managed to steal more than 6.5 million passwords of LinkedIn users. Also this week we have seen popular dating site eHarmony faced cyber attacks which causes serious damages. Now its the turn for Internet giant Google. Hackers have managed to breach the tight security system of Google Mail I mean Gmail. According to last report state-sponsored attackers are accessing millions of Gmail accounts illegally. Google unveiled a new warning system to alert Gmail users when it suspects “state-sponsored” attackers are attempting to compromise their accounts or computers using malicious software. 

Many China-based Gmail users reported received the warning early Wednesday in the form of a banner message at the top of their email accounts. The warning also reportedly appeared on accounts in the U.S. and Japan.

Google says it cannot provide details on how it knows that specific attacks are government-sponsored. But it said “detailed analysis” and “victim reports” strongly suggest the involvement of governments or state-sponsored groups. 

Google VP Security Engineer Eric Grosse wrote, "If you see this warning it does not necessarily mean that your account has been hijacked. It just means that we believe you may be a target, of phishing or malware for example, and that you should take immediate steps to secure your account." However he also makes it clear that if users see that warning, it does not imply "Google's internal systems have been compromised." 

Although Google did not mention any specific governments that may be behind the attacks, many technology analysts suggest it may be another chapter in the long-running dispute between Google and China over censorship and web privacy issues.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Gmail Hacked!! State-Sponsored Attackers Accessing Millions of Gmail Accounts Illegally"https://www.voiceofgreyhat.com/2012/06/gmail-hacked-state-sponsored-attackers.html</a>

Department of Homeland Security (DHS) Said -Cyber Crime is As Threatening As al Qaeda

Department of Homeland Security (DHS) Said -Cyber Crime is As Threatening As al Qaeda

The number of organized cyber crime has already kisses the sky. Keeping this scenario in mind Janet Napolitano, Secretary of Homeland Security, said that "the greatest threats in actual activity we've seen aimed at the West and the United States has been in the cyber-arena", in addition to "al Qaeda and al Qaeda-related groups" The comments highlight the increasing trend of political sparring and espionage proliferating on the Web. The Flame virus, believed to be driven by a western government, continues to grab headlines, while he also claimed that Google has introduced a tool to warn users of state-sponsored attacks on their accounts. Though gmail completely denied this blame while saying that Govt hired State-Sponsored attackers who ware accessing millions of Gmail accounts illegally. 

Napolitano also said the government is taking steps to be "proactive instead of reactive" in combating the new threats, adding that the worldwide cost of tackling cyber-crime - an estimated $388 billion (£250 billion) - is "already outstripping [the cost of tackling] traditional narcotics". 

A White House plan code-named Olympic Games was launched to infect Iran's nuclear program at the beginning of the Obama administration, though Washington denies the Flame virus, also targeting Iran, was part of the project, after it was found to have existed for a number of years.

-Source (IT Portal)

.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Department of Homeland Security (DHS) Said -Cyber Crime is As Threatening As al Qaeda"https://www.voiceofgreyhat.com/2012/06/department-of-homeland-security-dhs.html</a>

Permanent Internet Ban in Iran, Govt Launching National Intranet Service

Permanent Internet Ban in Iran, Govt Launching National Intranet Service  

The Iran Government has announced its plans to establish a National Intranet within five months. As a result millions of Internet users in Iran will be permanently denied access to the World Wide Web (WWW) and cut off from popular social networking sites, email services & so on. The government is set to roll out the first phase of the project in May, following which Google, Hotmail and Yahoo services will be blocked and replaced with government Intranet services like Iran Mail and Iran Search Engine. At this stage, however, the World Wide Web, apart from the aforementioned sites, will still be accessible. Iran government has already started the registration procedure to apply for procuring Iran Mail ID, which mandates authentic information pertaining to a person's identity, including national ID, address and full name. Registration will be approved only after verifying it against the government data on the particular applicant. The second and final stage of the national Intranet will be launched in August, which will permanently deny Iranians access to the Internet. "All Internet Service Providers (ISP) should only present National Internet by August," Taghipour said in the statement. Iranian ISPs already face heavy penalties if they fail to comply with the government filter list. By establishing the Intranet, the government control is set to become stricter. Foreign sites can still be accessed over the Intranet provided they are mentioned in a "white list" set up by the government. The government is also believed to be planning for better control on proxy servers which allow users to access banned sites. Accordint to statement of Reza Taghipour, the Iranian minister for Information and Communications Technology, announced the setting up of a national Intranet and the effective blockage of services like Google, Gmail, Google Plus, Yahoo and Hotmail, in line with Iran's plan for a "clean Internet."

-Source (IB Times)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Permanent Internet Ban in Iran, Govt Launching National Intranet Service"https://www.voiceofgreyhat.com/2012/04/permanent-internet-ban-in-iran-govt.html</a>

eCrypt Me & eCrypt One On One -Incredible Email Security Solution (More Security & Privacy)

eCrypt Me & eCrypt One On One- Incredible Email Security Solution (More Security & Privacy) 

To implement more security and privacy eCrypt Technologies has developed two incredible email security solutions in the United States. ‘eCrypt Me’ and ‘eCrypt One On One’ are the two latest security solutions which are cost-effective, user-friendly and easy to use. Both solutions are available on a trial basis on the company’s website. ‘eCrypt Me’ is a web based email security solution that offer a secure environment to users of all types of email. ‘eCrypt One On One’ is an email encryption software for BlackBerry smartphone users. Both of the email security solutions use a combination of AES256 and ECC521 algorithms to secure all data. According to Brad Lever, CEO of eCrypt technologies - “Our goal is to provide the highest level of security to users across the world. We believe in making security solutions simple yet effective, so that implementation of our solutions does not become a headache for our users”

Brief Description:- 

‘eCrypt Me’ offers a web based email encryption, secure file storage and secure document sharing platform to all existing email addresses, whether its Gmail, Yahoo Mail, Hotmail, POP, IMAP, Exchange, GroupWise, or other. Users can use their existing email identities to send and receive emails on the platform. The web based email security solution includes a secure File Vault which secures online document storage and file sharing. The email security solution is very easy to use and secured data in unsecured, public, free Wi-Fi environments, preventing unauthorized data interception threats. For BlackBerry smartphone users, ‘eCrypt One on One’ provides the highest level of encryption, unbeatable by hackers. The encryption software is downloaded directly to the smartphone and embeds itself into the BlackBerry operating system. The software generates unique random key sets for each contact. Users can select which messages to encrypt by adding contacts to the software’s Secure Contact List. ‘eCrypt One on One’ has been designed to encrypt emails sent between two people. 

For More information & to use eCrypt Click Here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">eCrypt Me & eCrypt One On One -Incredible Email Security Solution (More Security & Privacy)"https://www.voiceofgreyhat.com/2012/03/ecrypt-me-ecrypt-one-on-one-incredible.html</a>

IPS officer Rajnish Rai Email Account Hacked

Email account of IPS officer Rajnish Rai get hacked. The officer said that he found the password of his Gmail account had been changed without his knowledge, he has also registerd a complaint. According to the complaint, the account was hacked before January 6 by some unknown person. A case has been registered under Section 66 of the Information Technology Act. Few years ago the email account of Major Shantanu Dey of 21 Bihar Regiment was also get hacked by Sameer Ali. On that attack lots sensitive doucments about Mumbai Attack leaked. 

In this case still the investigation team is not clear that weather the attacker is Indian or from some other country. Police said that they have written to the email service provider Google about the alleged hacking and awaiting a response from them.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">IPS officer Rajnish Rai Email Account Hacked"https://www.voiceofgreyhat.com/2012/01/ips-officer-rajnish-rai-email-account.html</a>

XSS Vulnerability In Google Earth, Said Kyle Osborn At TakeDownCon Security Conference

Security researchers have shown that relying on browser technology in mobile apps—and even some desktop apps—can result in hidden vulnerabilities in those applications that can give an attacker access to local data and device features through cross-site scripting. At TakeDownCon security conference in Las Vegas, researcher Kyle Osborn presented some examples of cross-site scripting attacks that he and colleagues have discovered on mobile devices. "XSS is generally considered to be a browser attack,"  But many applications, he said, such as those built with cross-platform mobile-development tools like PhoneGap, use HTML rendering to handle display of data. If applications aren't properly coded, it's possible for JavaScript or other web-based attacks to be injected into them through externally-provided data. "Often, there are times when you can just make a JavaScript request and pull files from the local filesystem," he said.

The most recent example Osborn found is a vulnerability in the Google Earth app that allows execution of arbitrary JavaScript code on the device by embedding script in location data. He says that the flaw has been reported to Google.

Osborn said other vulnerabilities that have been discovered, and that in most cases have now been patched, include Skype on Apple's iOS and Gmail on Android and iOS. The vulnerabilities aren't limited to mobile platforms—many desktop applications that use Webkit or another web rendering engine have also had issues, Osborn said. The Skype vulnerability was originally discovered on Mac OS X, and similar bugs have been discovered and patched in the Adium instant messaging client on OS X and Empathy social networking client on Ubuntu.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">XSS Vulnerability In Google Earth, Said Kyle Osborn At TakeDownCon Security Conference"https://www.voiceofgreyhat.com/2011/12/xss-vulnerability-in-google-earth-said.html</a>

Opera 11.60 Codenamed "Tunny" Released & Major Security Holes Fixed

Opera 11.60 Final Version code named "Tunny" has been released by Opera Software. Opera 11.60 boasts three major new features, including revamped Address Bar, browser engine and mail client. Opera, which runs on Windows, Mac and Linux, has long been regarded as a pioneer when it comes to the web browser -- it was the first to introduce tabbed browsing, for example, and is still the only major browser to also include a mail client.

The Address Bar has been revamped to provide an experience similar to rival browsers such as Google Chrome and Mozilla Firefox in providing helpful suggestions as the user starts typing into the Address field. Version 11.60 also introduces a new shortcut, courtesy of a clickable star, to the Address Bar that makes it quick and easy to add the current web page to your Speed Dial or bookmarks menu.

Opera 11.60′s most visible new features are in the mail client’s extensive redesign, which Opera claims brings it in line with the browser’s "featherweight design aesthetic" The layout is cleaner, and messages are now grouped together by date, with options for grouping them by unread or pinned status, or not at all. Messages can also be pinned via a single click, with the pinning mapped to the IMAP \Flagged feature, ensuring compatibility with other IMAP clients, including Gmail’s Starred message status. The Mail toolbars have been simplified and redesigned icons coupled with easier access to the settings dialog (click the new Wrench button) provide weight to Opera’s claim that this makes the client easier to navigate and more intuitive to use. 

In this release opera updated addresses a vulnerability affecting some two- and three-letter top-level domains (TLD) that could allow cookies to be set for the TLD itself; these cookies could then be read by other sites using that TLD. A problem related to a weakness in the SSL v3.0 and TLS 1.0 specifications which could be used for eavesdropping attacks against some applications, and a cross-domain information leakage problem in the JavaScript "in" operator, have also been fixed.

In addition to the security fixes, Opera 11.60 has a new HTML engine that should, according to its developers, improve loading time for a majority of web sites, including pages using Secure Sockets Layer (SSL) encryption technology. Other changes include a completely revamped built-in mail client (M2) that's said to be easier to setup and use, and improvements to the address (URL) field to allow users to quickly add their favourite sites to the browser's Speed Dial.

To Download Opera 11.60 For Windows, Linux, Mac, BSD & Solaris Click Here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Opera 11.60 Codenamed "Tunny" Released & Major Security Holes Fixed"https://www.voiceofgreyhat.com/2011/12/opera-1160-codenamed-tunny-released.html</a>

Google, Yahoo, Microsoft & AOL Jointly Enhancing Agari Anti-Phishing Service

Google, Microsoft, Yahoo, AOL jointly enhancing the Agari anti-phishing service. Google, Microsoft, Yahoo, and AOL are providing metadata from messages that get delivered to their customers to Palo Alto, Calif.-based Agari so it can be used to look for patterns that indicate phishing attacks. Agari collects data from about 1.5 billion messages a day and analyzes them in a cloud-based infrastructure, according to Agari CEO Patrick Peterson.

The company aggregates and analyzes the data and provides it to about 50 e-commerce, financial services and social network customers, including Facebook and YouSendIt, who can then push out authentication policies to the e-mail providers when they see an attack is happening. "Facebook can go into the Agari console and see charts and graphs of all the activity going on in their e-mail channel (on their domains and third-party solutions) and see when an attack is going on in a bar chart of spam hitting Yahoo," for instance, Daniel Raskin, vice president of marketing for Agari, told the media in an interview. "They receive a real-time alert and they can construct a policy to push out to carriers (that says) when you see this thing happening don't deliver it, reject it."

Agari doesn't collect the actual messages, he said. Some e-mail providers will take a message that is failing authentication and provide the malicious URLs in it to Agari to pass on to the company whose name is being used in the phishing messages, Raskin said. "Other than that we don't want to see the content," he said.

Google expects Gmail users to benefit as more mail senders authenticate their messages and implement block policies. "Since 2004 Gmail has supported several authentication standards and developed features to help combat e-mail phishing and fraud," Google Product Manager Adam Dawes said in a statement to. "Proper coordination between senders and receivers is the best way to cut down on the transmission of unauthorized mail, and AGARI's approach helps simplify this process."

Agari, which has been operating in stealth mode since October 2009, rejected more than 1 billion messages across its e-mail partners' networks in a year, according to Peterson, who was with the original management team of e-mail security firm IronPort. IronPort got acquired by Cisco in 2007.  

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Google, Yahoo, Microsoft & AOL Jointly Enhancing Agari Anti-Phishing Service"https://www.voiceofgreyhat.com/2011/12/google-yahoo-microsoft-aol-jointly.html</a>

Anonymous Exposed The Private Information of The Special Agent, Officers, Cyber Crime Investigators Of Department Of Justice

The hacktivists claim to have hacked into Baclagan's Gmail account and to have accessed his voicemails and SMS message logs using unspecified techniques as part of their ongoing campaign against law enforcement officials and their "allies" in the computer security industry.

The email dump, released as a torrent last Friday in part of what has become the group's regular FuckFBIFriday release, is also said to contain personal information including Baclagan's home address and phone number. The cache of emails – which according to AntiSec are from the account of Fred Baclagan, a retired special agent supervisor of the Californian Department of Justice – includes 38,000 emails detailing various computer forensic techniques and cybercrime investigation protocols. 

Baclagan told that he was nobody special in the Justice Department ... which is what he would say, of course. He said that he had specialised in identity theft before he retired last year. "I'm really just a nobody," he told the Post, "just a local investigator, not involved in anything dynamic or dramatic

In the Press Release Anon Said:-

################################################################################

#        ANTISEC LEAKS DOJ SPECIAL AGENT SUPERVISOR'S PRIVATE EMAILS,         #

#               IACIS CYBERCRIME INVESTIGATOR COMMUNICATIONS                              #

#         care of the #OCCUPYWALLST CRACKDOWN RETALIATION TASK FORCE         #       

################################################################################

Greetings Pirates, and welcome to another exciting #FuckFBIFriday release.

As part of our ongoing effort to expose and humiliate our white hat enemies, we

targeted a Special Agent Supervisor of the CA Department of Justice in charge of

computer crime investigations. We are leaking over 38,000 private emails which

contain detailed computer forensics techniques, investigation protocols as well

as highly embarrassing personal information. We are confident these gifts will 

bring smiles to the faces of our black hat brothers and sisters (especially 

those who have been targeted by these scurvy dogs) while also making a mockery 

of "security professionals" who whore their "skills" to law enforcement to 

protect tyrannical corporativism and the status quo we aim to destroy.

We hijacked two gmail accounts belonging to Fred Baclagan, who has been a cop

for 20 years, dumping his private email correspondence as well as several dozen 

voicemails and SMS text message logs. While just yesterday Fred was having a 

private BBQ with his CATCHTEAM high computer crime task force friends, we were 

reviewing their detailed internal operation plans and procedure documents. We 

also couldn't overlook the boatloads of embarrassing personal information about 

our cop friend Fred. We lulzed as we listened to angry voicemails from his 

estranged wives and ex-girlfriends while also reading his conversations with 

girls who responded to his "man seeking woman" craigslist ads. We turned on his 

google web history and watched him look up linux command line basics, golfing 

tutorials, and terrible youtube music videos. We also abused his google 

voice account, making sure Fred's friends and family knew how hard he was owned.

Possibly the most interesting content in his emails are the IACIS.com internal

email list archives (2005-2011) which detail the methods and tactics cybercrime 

units use to gather electronic evidence, conduct investigations and make 

arrests. The information in these emails will prove essential to those who want 

to protect themselves from the techniques and procedures cyber crime 

investigators use to build cases. If you have ever been busted for computer 

crimes, you should check to see if your case is being discussed here. There are 

discussions about using EnCase forensic software, attempts to crack TrueCrypt 

encrypted drives, sniffing wireless traffic in mobile surveillance vehicles, how 

to best prepare search warrants and subpoenas, and a whole lot of clueless 

people asking questions on how to use basic software like FTP. In the end, we

rickrolled the entire IACIS list, causing the administrators to panic and shut

their list and websites down.

These cybercrime investigators are supposed to be the cream of the crop, but we

reveal the totality of their ignorance of all matters related to computer

security. For months, we have owned several dozen white hat and law enforcement

targets-- getting in and out of whichever high profile government and corporate

system we please and despite all the active FBI investigations and several

billion dollars of funding, they have not been able to stop us or get anywhere

near us. Even worse, they bust a few dozen people who are allegedly part of an

"anonymous computer hacking conspiracy" but who have only used 

kindergarten-level DDOS tools-- this isn't even hacking, but a form of

electronic civil disobedience. 

We often hear these "professionals" preach about "full-disclosure," but we are

sure these people are angrily sending out DMCA takedown notices and serving

subpoenas as we speak. They call us criminals, script kiddies, and terrorists, 

but their entire livelihood depends on us, trying desperately to study our 

techniques and failing miserably at preventing future attacks. See we're cut 

from an entirely different kind of cloth. Corporate security professionals like

Thomas Ryan and Aaron Barr think they're doing something noble by "leaking" the

public email discussion lists of Occupy Wall Street and profiling the "leaders"

of Anonymous. Wannabe player haters drop shitty dox and leak partial chat logs

about other hackers, doing free work for law enforcement. Then you got people 

like Peiter "Mudge" Zatko who back in the day used to be old school l0pht/cDc 

only now to sell out to DARPA going around to hacker conventions encouraging 

others to work for the feds. Let this be a warning to aspiring white hat 

"hacker" sellouts and police collaborators: stay out the game or get owned and 

exposed. You want to keep mass arresting and brutalizing the 99%? We'll have to 

keep owning your boxes and torrenting your mail spools, plastering your personal 

information all over teh internets.

Hackers, join us and rise up against our common oppressors - the white hats, the 

1%'s 'private' police, the corrupt banks and corporations and make 2011 the year 

of leaks and revolutions! 

We are Anti-Security,

We are the 99%

We do not forgive.

We do not forget.

Expect Us!

For More information Click Here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Anonymous Exposed The Private Information of The Special Agent, Officers, Cyber Crime Investigators Of Department Of Justice"https://www.voiceofgreyhat.com/2011/11/anonymous-exposed-private-information.html</a>

Brazilian ISP Under Massive DNS Poisoning Attack, Redirecting Users To Malicious Sites

Major Cyber Attack on Brazilian Internet Services Provider. The attackers are performing massive DNS poisoning attack to redirect their account holders into the malicious websites. 

According to Kaspersky's SecureList:-

"In the past few days several Brazilian ISPs have fallen victim to a series of DNS cache poisoning attacks. These attacks see users being redirected to install malware before connecting to popular sites. Some incidents have also featured attacks on network devices, where routers or modems are compromised remotely. Brazil has some big ISPs. Official statistics suggest the country has 73 million computers connected to the Internet, and the major ISPs average 3 or 4 million customers each. If a cybercriminal can change the DNS cache in just one server, the number of potential victims is huge.
Last week Brazil’s web forums were alive with desperate cries for help from users who faced malicious redirections when trying to access websites such as YouTube, Gmail and Hotmail, as well as local market leaders including Uol, Terra and Globo. In all cases, users were asked to run a malicious file as soon as the website opened..."'

For more information click Here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Brazilian ISP Under Massive DNS Poisoning Attack, Redirecting Users To Malicious Sites"https://www.voiceofgreyhat.com/2011/11/brazilian-isp-under-massive-dns.html</a>

22 Years Old Student (Aekawit Thongdeeworakul) Arrested in Thai PM Twitter Account Hacking Case

Police in Thailand have arrested a university student who is said to have admitted hacking into the Prime Minister's Twitter account and posting messages accusing her of incompetence.
22-year-old Aekawit Thongdeeworakul, a fourth year architecture student at Chulalongkorn University, could face up to two years in prison if found guilty of illegally accessing computer systems without authorisation. Thailand's Prime Minister, Yingluck Shinawatra, had her Twitter account hacked last weekend - and her followers saw a stream of messages criticising her leadership.
The hacker's final tweet read:-
"If she can't even protect her own Twitter account, how can she protect the country?"

In bizarre scenes, Thongdeeworakul appeared before reporters at a hastily convened news conference in Bangkok, alongside ICT Minister Anudith Nakornthap.
The minister told members of the press that the alleged hacker believed his actions were innocent "as he didn't realise it would be a big deal." According to the ICT minister, Thai Prime Minister Yingluck Shinawatra had her Gmail account hacked on September 30th by unknown people, and her password was disseminated across the computer underground.

 

-News Source (NS)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">22 Years Old Student (Aekawit Thongdeeworakul) Arrested in Thai PM Twitter Account Hacking Case"https://www.voiceofgreyhat.com/2011/10/22-years-old-student-aekawit.html</a>

Lightweight Portable Security (LPS)

 

LPS-Remote Access was certified by AFNIC to connect to the GIG for general telecommuting use. Lightweight Portable Security (LPS) creates a secure end node from trusted media on almost any Intel-based computer (PC or Mac). LPS boots a thin Linux operating system from a CD or USB flash stick without mounting a local hard drive. Administrator privileges are not required; nothing is installed. The ATSPI Technology Office created the LPS family to address particular use cases. LPS-Public is a safer, general-purpose solution for using web-based applications. The accredited LPS-Remote Access is only for accessing your organization’s private network.

These are the release notes for Lightweight Portable Security:-

•     Updated Flash to 10.3.183.10

•     Added more support for RealTek wireless drivers

•     Added additional broadband cellular drivers

•     Added additional SmartCard drivers

•     Revised About Box to show licensing info

•     Removed Gmail S/MIME addon, which no longer works with Gmail

•     Updated Flash to 10.3.183.7

•     Updated Firefox to 3.6.22

•     Updated DOD Configuration add-on to 1.3.3

•     Updated Java to 1.6u27

•     Updated OpenSSH to 5.9p1

•     Updated DOD Root CAs

To download Lightweight Portable Security Public Edition Click Here
                                             &
For the Lightweight Portable Security Deluxe Edition Click Here


 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Lightweight Portable Security (LPS)"https://www.voiceofgreyhat.com/2011/09/lightweight-portable-security-lps.html</a>