Showing posts sorted by date for query ethical hacker. Sort by relevance Show all posts
Showing posts sorted by date for query ethical hacker. Sort by relevance Show all posts

Cartoon Network (CN) Official Website is Vulnerable to XSS Attack

Posted by Avik Sarkar On 12/10/2013 02:26:00 am

XSS Vulnerability Found in Cartoon Network's (CN) Official Website By Dr41DeY 
After the successful breach of 'DY365 TV' yet again the hacker going by the name of Dr41DeY from Nigerian Cyber Army targeted another TV network. Guess what, this time he caught even a bigger fish. Unlike defacement or breach this time the hacker did something what it called ethical or can be categorized in white-hat list. Okey now without pulling the intro more longer lets directly come to the story -and that is the official website of Cartoon Network is vulnerable of cross site scripting attack also known as XSS attack. Cartoon Network mostly known as CN is the worlds leader in broadcasting  animated programming, ranging from action to animated comedy & many more. This satellite channel is the most preferred channel for the children and teenagers between the ages of 7 to 5 among the whole of the world. So it is quit indisputable that the official website of Cartoon Network (CN) is indeed a valuable website which have large number of traffic everyday. But it is unclear that being such a big and popular brand name, why CN committed such a massacre while leaving XSS vulnerability in their official portal. Dr41DeY shared with VOGH, that the search box in the home page of CN poses non persistent XSS vulnerability. The above screen shots was taken as a proof of the story. I on behalf of Team VOGH has already contacted CN authorities, and knocked them about this issue. Hopefully they will take appropriate steps with out doing any further delay. For updates in this story and also other hot cyber issues, just stay tuned with VOGH.  


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Jadavpur University Official Website is Vulnerable to Sql Injection

Posted by Avik Sarkar On 3/31/2013 03:20:00 pm

Jadavpur University Official Website is Vulnerable to Sql Injection 

An ethical hacker from India named Chirag Singh have figured out serious loopholes in the official website of Jadavpur University -one of the most renowned and prestigious university of India. Chirag find blind Sql injection vulnerability which can be exploited by malicious purpose in order to harm the website and gain access. From the vulnerability report submitted by the hacker, it has been found that the web-server of Jadavpur University is using Red Hat Enterprise Linux 5 (Tikanga) where the web application technologies are Apache 2.2.3 and PHP 5.1.6; along with the back-end database is PostgreSQL. The hackers also managed to dump 11 database with more than 215 tables as shown in the picture below 

This issue has already been reported to the concern person and the webmaster of Jadavpur University, and due to security and privacy we are not exposing and mention the vulnerable link and dumped database.







SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

NASA Sub-domain is Vulnerable Allowing Information Disclosure

Posted by Avik Sarkar On 2/18/2013 08:55:00 pm

NASA Sub-domain is Vulnerable Allowing Serious Information Disclosure

National Aeronautics and Space Administration, widely known as NASA used to fascinate the hackers to come and breach its security system. Many of our readers may be astonished after reading the above lines, but its a fact and history is the witness of that. So far NASA have been targeted several times, where hackers have figured out vulnerability and penetrated the digital security. Yet again same thing happened to NASA, when an ethical hacker from India going by the name of "Zero Cool" find out serious loopholes in one of the sub-domain of NASA, which could lead sensitive information disclosure. The hacker shared a vulnerability report with us, where he has shown that, exploiting the vulnerability one malicious attacker can easily extract lots of confidential data from NASA server, such as source code of various programs (used by NASA), current project information, future research paper, topological graph, license information, several executable files, .dll files, private application software & it's source codes, employ details and many more highly confidential or in other word "Top Secrete" data and files. For security and privacy purpose we are not disclosing those vulnerable links, but exclusively for VOGH readers we are sharing few images to justify the fact. 



This vulnerability report has already been submitted to NASA, and as expected they immediately reacted and promised to path those loopholes with immediate effect. While talking about the ethical hacker "Zero" we would like to remind you that, before this NASA vulnerability disclosure, he exposed several vulnerabilities among many major and high profile websites such as FacebookReebok,Indiagames, mtv, lapdonline, UNESCO, Toshiba, Discovery.com, Novell.comMicrosoft Store India, several Pakistani  and Bangladeshi Govt websites and many more.  




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

BackBox Linux 3 Released! To Perform Penetration Tests & Security Assessments

Posted by Avik Sarkar On 10/26/2012 05:58:00 am

BackBox Linux 3 Released! To Perform Penetration Tests & Security Assessments

In past we have discussed many times about BackBox, which is a Linux distribution based on Ubuntu. It has been developed to perform penetration tests and security assessments. Designed to be fast, easy to use and provide a minimal yet complete desktop environment. Its own software repositories, always being updated to the latest stable version of the most used and best known ethical hacking tools. Now a days along with  BackTrack this Ubuntu based penetration testing distribution has became very popular in hacker communities, even several penetration testers also using BackBox. Like other popular Pen testing distro, BackBox also get updated periodically. This time BackBox developer team has announced a major release BackBox Linux, version 3.0. The major release include features such as the new Linux Kernel 3.2 flower and Xfce 4.8. Apart from the system major upgrade, all auditing tools are up to date as well. 

What's new:- 
  • System upgrade
  • Bug corrections
  • Performance boost
  • Improved start menu
  • Improved Wi-Fi dirvers (compat-wireless aircrack patched)
  • New and updated hacking tools
System requirements:- 
  • 32-bit or 64-bit processor
  • 512 MB of system memory (RAM)
  • 4.4 GB of disk space for installation
  • Graphics card capable of 800×600 resolution
  • DVD-ROM drive or USB port
To Download BackBox Linux Version 3.0 Click Here





SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Zero-day Vulnerability in "Cloud" Revealed at TakeDown Conference

Posted by Avik Sarkar On 4/11/2012 08:54:00 am

 Zero-Day Vulnerability in "Cloud" Revealed at TakeDown Conference
 
Almost every IT companies across the globe acknowledging "Cloud" technology to store large amount of data while reducing the cost. Also almost 99% of them assumes that data is being stored offsite it is securely preserved and they no longer have to worry about risk. But this assumption proved wrong when security experts at TechDown Conference reveled zero-day vulnerability in Cloud. “Au contraire. Risk cannot be outsourced,” says professional ethical hacker, Dave Chronister of Parameter Security (St. Louis, MO). Mr. Chronister went onto say, “It’s because of this mindset that hackers are preying upon the cloud and are gaining control of huge stores of information through a single attack” - which is exactly what Mr. Chronister recently did. Mr. Chronister went onto say, “During a recent cloud security audit, I was able to identify a zero day exploit and within minutes gained access to the cloud sphere and every system that was on that cloud—giving me complete control. Needless to say, the client was shocked because they were touting their cloud offering as 100% secure.”
Bringing his real-world cloud hacking experience to event goers at TakeDownCon in Dallas in May, his presentation entitled The Cloud is a Smoke Screen provides eye-opening information about the false sense of security cloud providers and users possess. Specifically, Chronister’s presentation will:-
  • Expose various cloud vulnerabilities
  • Address cloud security issues
  • Provide insight into selecting cloud providers and questions to ask with     regards to data security, risk and incident response
  • Offer ways to successfully implement your own cloud solution and mitigate risk
  • Share his real-world experiences hacking multiple cloud environments
  • And much more


-Source (TechDown)



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

NASA Technical Reports Server, Encyclopedia Britannica & Dhaka Stock Exchange is Vulnerable

Posted by Avik Sarkar On 4/02/2012 03:18:00 am

NASA Technical Reports Server, Encyclopedia Britannica & Dhaka Stock Exchange is Vulnerable
A 15 years ethical hacker from India named Akshay code name "0z0n3" find out non-persistent cross site scripting vulnerability in three very high profile websites. Those are the official website of NASA Technical Reports Server (NTRS), Encyclopedia Britannica, & Dhaka Stock Exchange. Earlier he has found out XSS vulnerability in the official website of National Geographic. The vulnerability details have already been reported to the web-masters and immediately Dhaka Stock Exchange & Encyclopedia Britannica has fixed those security holes but the vulnerability status of NASA Technical Reports Server (A Sub-domain of NASA) is unpatched. To know the vulnerable link click here.  If you dig the history you will find that previously NASA was hit many times by the hackers from different part of the world Such as Spamers targeted NASA, TeaMp0isoN hacked NASA official forum, Chinese Hackers hit NASA satellites, Indian hacker minhal stole secrete  information from NASA, Code Smasher has found CSRF vulnerability in the official website of Virtual Heliospheric Observeatory NASA and so on. Though the vulnerability in Encyclopedia Britannica & DSE is fixed, still the below screen-shots will clarify the fact.  
-:Encyclopedia Britannica:-
-:Dhaka Stock Exchange:-





SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

NASA Sub-Domain is Vulnerable To Hackers

Posted by Avik Sarkar On 2/13/2012 12:22:00 am

NASA Sub-Domain is Vulnerable To Hackers 
Virtual Heliospheric Observeatory, a sub-domain of NASA is Vulnerable. A fourteen years old ethical hacker from India named Code Smasher has found Cross-site request forgery (CSRF) vulnerability on the official website of Virtual Heliospheric Observeatory NASA. The hacker also claimed that using this vulnerability an attacker can even exploit the website and execute unauthorized commands. Click Here to know the vulnerable link. Few days ago another ethical hacker group found CSRF on wikileaks official site. If you dig the history you will find that previously NASA was hit many times by the hackers from different part of the world. Such as Spamers targeted NASA, TeaMp0isoN hacked NASA official forum, Chinese Hackers hit NASA satellites, Indian hacker minhal stole secrete  information from NASA and so on. Also we would like to give you reminder that well known hacker TinKode get busted for hacking into NASA server. So before playing with NASA be little conscious :)




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Dutch Govt. Setup National Cyber Security Centre (NCSC) To Protect Cyber-Crime

Posted by Avik Sarkar On 1/15/2012 09:56:00 pm


Now the Dutch Govt. is also paying attention to secure the Cyber Fence. To protect cyber crime and enhance cyber security The Dutch government has set up a new National Cyber Security Centre (NCSC) to deal with with the growing problem of online crime. The NCSC, which is a public-private partnership, commenced operations on 1 January 2012. Its ambition is to grow, in a phased manner, into the cooperation platform for cyber security in the Netherlands. In 2011 more than 123K web pages of Netherland was infected by Lilupophilupop attack and also recently a Hacker Group named The Hackers Army has hacked thousand of  Dutch sites while running their operation named #OPfreePalestine. Dutch cyber fence also been target from different part of the world. So this newly formed NCSC was indeed needed by Dutch Authorities.  
In the Netherlands several government departments are involved in the fight against cyber crime - and that's precisely the problem. The NCSC should improve coordination between them. The centre will bundle together a lot of knowledge and expertise. The NCSC is composed of over sixty people and will deal especially with the major issues. Wouter Stol is cyber safety expert at the NHL University of Applied Sciences in Leeuwarden.
He sees the NCSC as a good start:- "It's a clear move to streamline the approach to cybercrime. But it's not just about coordination. There's far too little knowledge in the public sector. How do you handle the problems with cyber crime? How do you organize it? Much remains to be done."

The fight against cybercrime is still in its infancy, according Mr Stol. First you have to map properly how cybercrime - nationally and internationally - actually works. Cyber criminals are a difficult group because they often don't operate from a fixed location. An efficient response is only possible through international cooperation that is fast and smooth. To keep up with the technical know-how of the cyber criminals, the government has suggested turning to "ethical" hackers. This is the group that detect various leaks and weak spots. They hack the sites of companies and governments to identify the problems, not for criminal reasons. Wouter Stol thinks that these hackers will soon be needed. "Developments in the digital world are rapid. Training a few internet producers isn't enough. Before you know it you'll be left behind. It's a good strategy to gain the latest knowledge in a flexible manner. So you also need the hackers."











SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Ankit Fadia Hacked By Teamgreyhat (TGH)

Posted by Avik Sarkar On 1/10/2012 06:49:00 pm


Self called ethical hacker Ankit Fadia is under cyber attack. Hacktivist group Teamgreyhat has officially declared operation against Ankit Fadia. According to official press release TGH said #target Ankitfadia Engaged. In this attack they have successfully hacked into the Ankit Fadia's offcial site and exposed lots of credentials including sensitive data, student details, DB credentials (DB Name, User Name & Password) and many more. 

Here Are Some Screen shots Submitted By The Hacker Group :- 







Those screen shots are clearing showing that TGH have their access on that particular web server & the database. To download the hacked credentials click here (Password is "teamgreyhat"). Also TGH has exposed the database information & shell link. For more information and to see the TGH official release click Here





SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

"Busting Windows With Backtrack 5 R1 & Metasploit Framework 4.0" An Exclusive Article by Rahul Tyagi

Posted by Avik Sarkar On 10/01/2011 01:12:00 pm


"Busting Windows With Backtrack 5 R1 & Metasploit Framework 4.0" An Exclusive Article written by famous ethical hacker Rahul Tyagi.

The Article Contents:- 
  • Backtrack 5 R1 Overview
  • Brief of MSF 4.0
  • Vulnerabilities, Exploits & Payloads
  • MSF 4.0 Console Mode
  • Exploiting Windows With Armitage 
  • Starting the Party With Armitage
  • Hard Facts That They Don't Reveal 

To download the article Click Here

-News Source (Rahul Tyagi)


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Apple's Developer Site is Under Phishing Attacks

Posted by Avik Sarkar On 6/30/2011 04:54:00 pm



With all the news about Anonymous, LulzSec, Anti-Sec, and so on, you'd almost forget there are more ethical hacking groups out there as well. One such group, YGN Ethical Hacker Group, informed Apple of several weaknesses in its developers website on April 25. Apple acknowledged the flaws, but so far, hasn't done anything about them. YGN Ethical Hacker Group has now stated they will fully disclose the vulnerabilities if Apple doesn't fix them in the coming few days.
The hacker group claims to have found three separate security flaws in Apple's developer website - arbitrary URL redirects, cross-site scripting, and HTTP response splitting. Especially the arbritry URL redirects are problematic, since it would make it quite easy to lead a phishing attack to obtain login credentials from Apple's third party developers. Developers use Apple IDs to login, so this would give malicious folk access to developers' iTunes accounts.
YGN Ethical Hacker Group isn't a new group - they've already identified similar security issues at other websites. Java.com, for instance, suffered from similar URL redirect issues, but Oracle fixed it within a week, and thanked the hacker group. They also found issues with McAfee's website, but McAfee refused to fix anything until the hacker group went for full disclosure.
Apple has been given the same two months to fix their issues, but Apple has so far refused to do so. The issues were reported to Cupertino April 25, and Apple confirmed they had received the information two days later. We're two months down the line now, and nothing has been fixed, according to the hacker group. As such, they will now take the same steps they took with McAfee

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Kids (Age Between 8-16 Years) Conference to Teach "White Hat" Skills

Posted by Avik Sarkar On 6/24/2011 09:24:00 pm



DEFCON was started in 1993, and has grown into the largest annual gathering of hackers. Attendees to this year’s conference, DEFCON19, will include cyber-criminals, hackers, computer security professionals, security personnel, US Federal agents, and any one else with interest in anything that can be hacked. Activities at the event include speakers on different subjects of interest to hackers, social events and contents. In August the first ever DEFCON kid’s conference will take place. This conference will be run as part of the main DEFCON conference, and is meant to teach kids between 8 and 16 years “white hat” hacker skills. As opposed to “black hat” hacking, the DEFCON Kids will be taught “white hat” hacker skills that will give them the ability to protect themselves against cyber crime. Black hat involves the dark side of internet hacking, including looting of money and destruction of hardware or software. The aim is to convince kids that it is cool to fight crime by being an ethical hacker.
The courses will be run by some of the world’s most elite hackers. According to the DEFCON Kids website, the training and demonstrations will include “learning how to open Master locks, Google Hacking, making Electronics, Social Engineering, coding in Scratch and Communicating in Code.”

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Software steals laptop thief's pvt data

Posted by Avik Sarkar On 5/23/2011 04:32:00 pm



If your laptop goes missing or is stolen, don't worry. A new software will not only help you trace it, but also spy on the thief and provide you his confidential information. A student of M S University ( MSU) has developed first-of-its-kind software that monitors all the activities of the thief on the laptop and report them to its owner.

While hundreds of laptop tracking softwares are available in market, Bhaumik Merchant , a third year student of BE (computers) at Faculty of Technology and Engineering, has gone a step ahead to make it tougher for laptop thieves. Merchant has developed the software as part of his academic project and will launch it in next couple of months. Though he can mint good money by selling the software, Merchant has decided to distribute it for free.

"The tracking software currently available in market helps us to trace the stolen laptop and track the thief by finding out IP address. I thought of developing a software that will turn the tables on the thief," Merchant, an ethical hacker, told TOI.

"This software gets activated the moment the thief goes online. It helps the laptop owner in monitoring everything that the thief types on the pages including his email ID and passwords. The owner can easily track down the thief, get information of all the activities and emails done by him apart from his contacts and passwords," Merchant said.

Merchant's software will also delete the operating system in the laptop and delete all the data in such a manner that it cannot be retrieved. "One has to feed two email ids in the software that works in stealth mode. One id keeps monitoring the laptop activities while the other comes into action when the instrument is stolen. If your laptop gets stolen, you just have to send an email stating 'stolen' on the second id and the software will start doing its work," explained Merchant, who is planning to attend Hactivity, an ethical hacking event organised in Hungary later this year.

"Such software makes life easy for us as we are able to track thieves quickly and return laptops to their rightful." 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Interview of Bangladesh Cyber Army with Voice Of GREYHAT

Posted by Avik Sarkar On 5/12/2011 12:16:00 am




Exclusive Interview of the Admin Bangladesh Cyber Army with Voice Of GREYHAT:-


VOGH :  I have heard a lot about BCA now I want to know about BCA from admin himself so will you plz?


BCA  : Yes, Now days, BCA is a leading security team in Bangladesh. But Interesting thing is, It’s started from a Facebook Group. And Only 5 people are in starting time. But now it has 250+ people in Group.  And we also have our own website, and forum. And many people know us, and Like us 


VOGH : whats the aim of BCA? Means you people must have some objects over here
may I know what are those?


BCA : BCA will be the best cyber security team in bd. basically BCA will help BD people to self defend from others hacker. We will protect all the BD site from others hacker. We will be the ultimate hacking team in next gen. we will prove whole world that BD guys can do anything for their country. We just love our country.


VOGH : How many members are there in BCA?


BCA:  All the BD people are our members. And other’s people who love BD 


VOGH:  What type of achievements BCA has got?


BCA :As far as we think this is only our beginning. Tons of web sites have been hacked till now from BCA team. We hired from BD gov security team called RAB (rapid action battalion) for something under cover mission related about technology. we have protected 150+ web site from others hacker. people love us. People want us. thats it.


VOGH : I am aware of that Bangladeshi hacker’s hacked Google and Airtel, tell what is your view on those topics. And also briff that hacking.


BCA : Yes, It was a Big Hacking. And he was also a good Hacker. But sad thing’s is, he didn’t use his skill in right way, and he destroys many website in his own country. And many harmful hacking done by him.


VOGH: When BCA will make their own forum or security team?


BCA : BCA Now Work on it, and Very soon it will be launched.


VOGH : Tell us some thing about the Bangladeshi hackers.


BCA : Yes, There are many Hackers now in Bangladesh, and they doing very good job. Some of Big Hacks are already done by Bangladeshi Hackers. And also many website secured and penetrate by Bangladeshi People. And in our maximum Hackers are don’t doing  any harmful Hacking. And they Love Bangladesh and Bangladeshi People 


VOGH : let me know is there any one who really helped u guys to form BCA?
means do u want to give thanks to any body regarding the set up and publicity
BCA : Yes we wanna ThnX to Alshe Dupor. He provided our host to maintain our forum. And Also ThnX you and your Group for Our Publicity


VOGH : There are lots of other security team and forums, what is your view about them?
BCA : Yes, There is Many Security team and Forums. Some of them are very good, some are good and some are not so good. It’s Depend what are they doing.


VOGH : Name your favourite hacker.
BCA : There is Many Hacker and their work I Like.  But Kevin Mitnick is Best One 


VOGH : what’s your next object?
BCA : Our Next object is Approval from BD Gov, As a Security Team 


VOGH : We always hard a term "ethical hacker", my question is can hacking be ethical?


BCA : Why Not? If you apply your knowledge on positive things, Help people to Improve Their Cyber Security, and don’t do any harmful things, then it can be Ethical.


VOGH : Thanks a lot for giving voice of GREYHAT so much time. All the very best for BCA.


BCA : Thank you too.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Exclusive Interview of Ankit Oberoi Managing Director Innobuzz

Posted by Avik Sarkar On 5/09/2011 02:52:00 pm





Exclusive Interview of Mr. Ankit Oberoi, Co- Founder and Managing Director of Innobuzz Knowledge Solution with Voice Of GREYHAT

VOGH: 1st of all thank you very much for giving us time

Innobuzz: Your most welcome

VOGH: I am aware of that you are a very busy person so I do apologize for taking your time

Innobuzz: Not an issue at all

VOGH: I am aware of that Innobuzz is one of the leading ethical hacking training institute of India so how do you feel as being the director of Innobuzz?

Innobuzz: It is a pleasure to serve the company which I co-founded along with Mr. Atul Agarwal back in 2007.
I have learned a lot during this journey and I am happy to see the success this venture has shown

VOGH: okay
Sir Please share your views on the hacking and security filed

Innobuzz: Information Security and Ethical Hacking is still a niche Technology and has a long way to go. As we know that Internet penetration in Indian and other developing countries is low, I feel that this will rise considerably in the next few years and as the usage increases, so will the misuse. Demand for Ethical Hackers will rise here along with the requirement for services and products related to Information Security.

VOGH: I must have to admire your thoughts
sir kindly tell us what do u think of modern days hacker?

Innobuzz: Hackers today are much smarter and in a much large number today, as compared to a few years ago. There is no formal Statistics for what I am citing, but I feel the average technical knowledge among hacker is only going up and mostly young people which are even less than 15 years of age are contributing to the List. Besides this, Security is a cat and mouse race, so it is obvious that the future will have much smarter hackers and security professional alike. Only way to survive, is to keep yourself updated.

VOGH: I got information form your site that Innobuzz has sucessfully tarined more than 5500 CISE(ethical hackers), My question is can hacking be ethical?

Innobuzz: Of Course, the term Hacker originally referred to people who love Technology and who would explore it by going a step forward. Similarly, Ethical Hacking refers to the usage of same techniques which the Black Hats do, but at the end of the day, the holes are fixed, thereby helping the security of a system, instead of damaging it.

VOGH: U have a huge experience on this filed what is ur suggestion to our readers that how they can prepare themselves in this particular field?

Innobuzz: Get as much knowledge and experience as you can. The more you get, the less you will feel it is. Information Security & Ethical Hacking is one such field where the only thing which can take you forward is passion. I am representing a Training Company, but I will still say that our Training on Ethical Hacking will be of no use unless the student has interest, passion and the zeal to learn it!

VOGH: my next question who is your favourite hacker?

Innobuzz: Renowned and famous - Kevin Mitnick. I have read his books, and the kind of intellect this man posses is commendable.

VOGH: there are lots of other companies who are giving the ethical hacking training, so why Innobuzz?

Innobuzz: To provide a unbiased reply, I will leave for the readers to decide themselves :) Just do your search and talk to the Alumni of all the options you have, before taking a decision. Make sure you don't select a unprofessional company just to save a few bucks., after all, it is your career!

VOGH: U have gained a huge reputation over the industry, but While gaining that what seems to be the biggest trouble you ave ever faced?

Innobuzz: In order to build reputation, one must do what is ethically correct and be righteous. At times, we have made losses to make sure whatever we do is ethically correct.

VOGH: Tell me some person whom u want to thank for ur achievements. Is there any one with out whom this will never happen?

Innobuzz: There are a lot of people without whom this would have been not possible. This list includes our employees who work day-night to make it happen and our competitors who left the gap in the system, which we found and grew.

VOGH: what is your view about voice of greyhat?
also please give some suggestion by which we can make VOGH more successful?

Innobuzz: It is a great site and sites like this which promote information security are the future.
I am sure VOGH can partner with various sites and companies, online + offline, arrange contests, get guest writers to achieve more fame.

VOGH: thanks for your comment about us
what are the upcoming event of innobuzz?

Innobuzz: Your welcome, Innobuzz has gone global and we are soon expanding into many more countries!

VOGH: hope not only hope we do believe that you will break all the records and kiss the sky of success

Innobuzz: Thank you

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

BlackBerry phones hit by ZeuS Trojan virus

Posted by Avik Sarkar On 5/01/2011 01:36:00 pm


If you thought your phone is virus-proof, think again. There is a virus on the block that has started affecting all BlackBerry devices. And the worse part is that an user will never know whether her phone has been affected or not. 

Amit Nath, country manager, India and SAARC at Trend Micro, claims researchers at the firm were alerted to the discovery of a ZeuS Trojan specifically targeting BlackBerry users. It aims to monitor users' private information especially when they conduct mobile banking, says Nath. 

"It does not display any graphical user interface that can prompt users about the infection. Instead, it removes itself from the list of applications. The virus can view, delete and forward text messages, block calls, change the administrator on the device and block phone numbers. It allows the hacker to change the telephone number the device sends all the data to in the event that it gets shut down," he said. 

"Although there is no definite data on how many phones have been hit, we are sure it is spreading fast even in India. However, as users mostly don't get to know they have been infected, it's difficult to fix a number. We have detected instances of the virus on our clients' networks. This virus have the capability of spreading on its own and infecting phones that do not have anti-virus software installed," Nath points out. 
Jagannath Patnaik, director, channel sales south Asia at Kaspersky Lab , says: "There has been a new wave of malware attack that has started affecting BlackBerry and it has originated from Poland. The aim is to extract banking passwords." 

An email sent to Research In Motion , manufacturers of BlackBerry phones, went unanswered despite repeated reminders. 
Trend Micro Researchers, the ZeuS Trojan is capable of blocking calls, registering a new administrator, adding and removing sender, switch the phone on or off remotely and, most important, hiding text messages and sending it to the hacker without the user's knowledge. 

Abhijit Limaye, director, development at Symantec, said: "BlackBerry has a reputation as being a secure platform. However, it is still susceptible to malware threats and has issued advice documentation for customers to minimise risks. They have also released software applications to help customers protect their data." Vinoo Thomas, technical product manager at McAfee Labs , said: "While Trojan virus can replicate and spread on its own, there are a few spyware that needs to be loaded manually. One can buy the spyware programs like MobiSpy, MobiStelath and FlexiSpy for between $40 and $80." 

One reason for infection could be downloading of out-of-box applications on a BlackBerry. Zaki Qureshi, a professional ethical hacker, said: "BlackBerry phones have high security features, but if users instal out-of-the-box applications, chances of infection rises."

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Oracle Patches Java.com Flaw

Posted by Avik Sarkar On 4/29/2011 02:41:00 am




The discovery of security issues in Java is something that Oracle deals with on a routine basis by way of regular security updates. Security issues with Java.com, however, is another issue.
Security researchers with the YGN Ethical Hacker Group publicly reported this week that Java.com was at risk from an arbitrary URL redirection vulnerability. YGN made the report on the public Full-Disclosure security mailing list.
The group also provided a link to a proof-of-concept demo to validate their claim.
According to YGN, it informed Oracle of the vulnerability on April 19th. On April 23rd, Oracle replied, "Thank you for bringing this issue to our attention. We appreciate your note and wanted to let you know that we have fixed it.
Oracle did not respond by press time to a request for comment from InternetNews.com on the YGN disclosure.
A URL redirection flaw is a serious issue that could have enabled an attacker to leverage Java.com for a phishing attack. Security tracking group Mitre has labeled URL Redirection as CWE-601 (Common Weakness Enumeration).
"An http parameter may contain a URL value and could cause the Web application to redirect the request to the specified URL," the CWE-601 definition states. "By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials."
The Java.com disclosure is not the first time that YGN has exposed security flaws in a major public facing website. At the end of March, YGN reported that McAfee.com was at risk from multiple security vulnerabilities.  

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Oracle fixes Java.com website hole after heads-up from hacker group

Posted by Avik Sarkar On 4/26/2011 04:27:00 pm

The secretive hacker group known as YGN Ethical Hacker Group has done it again, exposing a vulnerability in a vendor website -- this time one owned by Oracle -- through assessment scanning. YGN says Oracle responded promptly to its notification about the vulnerability it found in www.java.com and fixed the hole.
YGN told Network World by email that the Oracle Security Alerts team has thanked it for the information provided about an "arbitrary URL redirect vulnerability" in www.java.com. YGN published advisory information about this vulnerability both on the public SecLists online and the hacker group's own website on Sunday.
Oracle had no immediate comment.
This interaction between YGN and Oracle, which took place over the last week, seems to have followed a far different course than the hacker group's recent interaction with McAfee, which ended last month with YGN disclosing it had found a vulnerability in the McAfee website before the security vendor had fixed it.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Related Posts Plugin for WordPress, Blogger...

Site search