6.5 Million of LinkedIn Passwords Stolen By Cyber Criminals

6.5 Million of LinkedIn Passwords Stolen By Cyber Criminals

Very popular social networking site LinkedIn are currently running through a massive cyber attacks. It has been allegedly reported that more than six million passwords belonging to LinkedIn users have been compromised among them more than 300,000 passwords has already been cracked and published as plain text. A file containing 6,458,020 SHA-1 unsalted password hashes has been posted on the internet, and hackers are working together to crack them.  

LinkedIn has confirmed that it is investigating the incident. In the meantime, several reputable sources have said that they have found their LinkedIn passwords in that list; it can therefore be assumed that the social network's operator actually does have a problem.

Pages are already appearing on the internet that prompt you to enter your password to verify whether you are affected; these are phishing sites. It is also expected that there will be waves of spam email soon which will call for you to change your password with a link to a LinkedIn-impersonating phishing site. Instead of following these links, either enter the LinkedIn URL yourself (linkedin.com) or use a stored bookmark to visit the social network and change your password.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">6.5 Million of LinkedIn Passwords Stolen By Cyber Criminals"https://www.voiceofgreyhat.com/2012/06/65-million-of-linkedin-passwords-stolen.html</a>

Global Payment company Visa Conducted Security Training For CBI Officials

Global Payment company Visa Conducted Security Training For CBI Officials To Fight Against Cyber-Crime

Global Payment company Visa has sensitized officials from the Central Bureau of Investigation (CBI) about modus operandi of electronic payment frauds and measures to combat the rising cyber-crime. This whole campaign was a part of spreading awareness on changing nature of cyber crime and card frauds in India. Visa conducted a workshop in New Delhi where CBI officials of economic offence wing were given information on global trends in fraud risk management, cybercrime and measures available to detect and combat them. The company said that given the rapidly changing nature of cybercrime and card fraud in India, the objective of the awareness programme was to share the modus operadi of electronic payment frauds and the intricacies involved in them. 

Visa said it has stepped up its electronic payments security awareness initiative with a Cards Fraud and Payments Risk Awareness Programme for Indian law enforcement agencies.
"This programme has been developed in response to growing government and public concerns around increased fraud exposures around electronic payment products, cyber security and cyber crime," it said in a statement. Visa Group Country Manager (India and South Asia) Uttam Nayak said the company is committed to developing a safe and secure online experience. "Through such programmes we play our part in keeping the country's payment system safe and ensure that law enforcement agencies have the latest skills at their disposal," he said.
VK Gupta, Special Director of CBI said that as a law enforcement agency, it is critical to understand the evolving cybercrime landscape and the latest technology used to track and prevent criminal activities.

-Source (Money Life)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Global Payment company Visa Conducted Security Training For CBI Officials"https://www.voiceofgreyhat.com/2012/06/global-payment-company-visa-conducted.html</a>

#CFP - Call For Papers Nullcon Delhi 2012 (International Security Conference)

#CFP - Call For Papers Nullcon Delhi 2012 (International Security Conference)

After the success of Goa, now its the preparation time for nullcon Delhi to showcase cutting edge security technologies and discuss new attack vectors and security threats among the Corporate world and the Government sector. The event brings together thought leaders, Corporates, Government and security professionals all under one roof. Being the official media partner, Team Voiceofgreyhat wishes all the very best for Nullcon Delhi 2012.

Categories:-

The talk time duration includes time for questions and answers (5-10 minutes).

1. Research Category (40 mins - 1 hr) - is a deep knowledge technical track that includes new research, tools, vulnerabilities, zero days or exploits.
   
2. Technical Category (30 mins - 1 hr) - comprises of known security issues, case studies, twist to an existing research, tool, vulnerability, exploit or research-in-progress. Although this track is fairly technical, it covers known techniques and analysis and is specially created for security professionals who are not too much into new research, are auditors, management professionals and newbies.
   
3. Desi Jugaad (1 hr) - is our signature research category talk and includes any local Indian/Asian hacks.

Submission Topics:-

1. One of the topics of interest to us is Desi Jugaad(Local Indian/Asian Hack) and has a separate track of its own. Submissions can be any kind of local hacks that you have worked on (hints: electronic/mechanical meters, automobile hacking, Hardware, mobile phones, lock-picking, bypassing procedures and processes, etc. Be creative!)
   
2. The topics pertaining to security and hacking in the following domains(but not limited to):
• Hardware Hacking(ex: RFID, Magnetic Strips, Card Readers, Mobile Devices, Electronic Devices)
• Tools/exploits/Zero-days (noncommercial)
• Programming/Software Development security and weaknesses
• Network vulnerabilities.
• Information Warfare, cyber espionage, cyber crime, cyber laws
• Malware, Botnets
• Web attacks and application hacking
• New attack vectors
• Mobile malware, vulnerabilities, exploits, VOIP and Telecom
• Virtualization security, hacking VMs, breaking out of VMS etc
• Cloud security, threats and exploitation
• Critical Infrastructure
• Satellite hacking
• Forensics

Submission Format:-

Email the paper to : cfp@nullcon.net
The subject should be : CFP Delhi 2012 <Paper Title>
Email Body :

1. Name
2. Handle
3. Track (& Time required in case of General/Business track)
4. Paper Title
5. Country(and City) of residence
6. Organization and Designation
7. Contact Number
8. Have you presented or submitted this paper at any other conference(s) or magazine(s)?
   Yes, No. If yes, where? and how this submission is different from the previous ones. Note that new research talks already given elsewhere or are due to be given elsewhere prior to nullcon will be considered as Technical category talks unless they consist of cutting edge and ground breaking technology, which is at the judgment of the review committee.
9. Are you releasing an open source tool?
   Yes/No. (If yes, please include the source code for review)
10. Are you releasing an exploit?
    Yes/No. (If yes, please include the source and vulnerability details for review)
11. Are you releasing a new vulnerability/Zero-day?
    Yes/No. (If yes, please send us the details, including reproduction procedure, for review)
12. Why do you think your paper is different/innovative (for all tracks) and how does it qualify as new work/research(for Research track only)?
13. Are there any live demonstrations (These earn you good points during review)?
    Yes/No. (If Yes, how many? Also please explain each demo)
14. Brief Profile ( less than 500 Words)
15. Paper Abstract - Please provide detailed working or your research/work. The more details you provide the better it is for the reviewers. Please keep the abstract to the point. Please do not try to hide the technical details or say “I can't disclose it till bla bla” as it does not help the reviewers in any way and may give your paper a low score because of insufficient information available in the abstract.
16. Your high resolution photo (attached)

Important Dates:-

CFP Opens: 25^th April 2012
1st round of Speaker list Online: 10^th June 2012
CFP Closing Date: 30^th June 2012
Final speakers List online: 10^th July 2012
Conference Dates: 26^th-29^th September 2012 

For Detailed Information Click Here 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">#CFP - Call For Papers Nullcon Delhi 2012 (International Security Conference)"https://www.voiceofgreyhat.com/2012/06/cfp-call-for-papers-nullcon-delhi-2012.html</a>

(Facebook Downtime) Users Faced Log-in Difficulties, FB Said -Outage Was Not Caused By Anonymous

(Facebook Downtime) Users Faced Log-in Difficulties, FB Said -Outage Was Not Caused By Anonymous

On first of June millions of Facebook users faced disturbance while using their favourite social network. Facebook users across the globe experienced log-in difficulties for several hour. For a site with 900 million users worldwide, even a minor outage has a huge effect, especially amidst criticism of the Facebook IPO. The outage may have caused Facebook’s share price to go down 5.95 percent this morning. The simple event was a tweet sent out by @YourAnonNews after the news broke that Facebook was having problems. The account appeared to claim responsibility for the attacks. Anonymous had made two tweets with regard to Facebook’s latest troubles, whereby one read as follows: “Looks like good old Facebook is having packet problems” to indicate that the shadows surrounding the calamitous IPO is not the only quandary, but a number of them. The second indecent tweet read, “RIP Facebook a new sound of tango down, b—–*."

Later hacker collective Anonymous has released a statement denying responsibility for Thursday’s Facebook slowdown and agreeing withe the Menlo Park company that there was in fact no attack at all. 

What ever the main twist is that Facebook completely denies the rumour that Anon was behind the downtime. In a statement FB said "Last night’s outage was not the result of a DDoS.” There was no attack on Facebook last Thursday. The company suffered from an internal problem that slowed down user’s connections and refused access to many of them. It doesn’t happen often but it happens often enough that it was a possibility. In the press release Facebook spokesman said, “Earlier today, some users briefly experienced issues loading the site. The issues have since been resolved and everyone should now have access to Facebook. We apologize for any inconvenience.” This is a public apology to its esteemed customers.

Being a responsible media its our duty to refresh the memory of our readers. In 2011 Anonymous openly declared to take down Facebook. The operation was dubbed #Op-Facebook and Anonymous told that they will hit FB on the 5th of November last year. But in reality it was just a threat and as expected Anonymous failed to execute Operation Facebook. 

 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">(Facebook Downtime) Users Faced Log-in Difficulties, FB Said -Outage Was Not Caused By Anonymous"https://www.voiceofgreyhat.com/2012/06/facebook-downtime-users-faced-log-in.html</a>

Fedora 18 Added UEFI Secure Boot (Security-Key Purchased From Microsoft)

Fedora 18 Added UEFI Secure Boot (Security-Key Purchased From Microsoft)

 

Many of us knows that Microsoft has been pushing hardware vendors for Secure UEFI as part of Windows 8. The tldr version of UEFI is that it's secure encryption on the physical hardware at the pre-boot layer. Basically in order to boot the hardware will have to have a secure key. But while making UEFI a very basic problem arose and that is it won't easily allow people to load Linux. To get rid of this burning issue Red Hat's Fedora Linux has a solution and it's not one that is entirely satisfactory. Fedora will buy a key via Microsoft that will enable it to run. This is the solution now being offered up by Fedora developer Matthew Garret (and his blog post has fantastic details about the whole concept and the deliberation)

The key costs $99 and the funds go to VeriSign (though hardware signing is done via Microsoft). The problem of course is that Fedora will perhaps be tied to Microsoft's Secure UEFI efforts in order to enable Linux on new hardware. The bigger problem would be if Secure UEFI wasn't dealt with and Linux wouldn't run on new hardware at all.

After eliminating options of creating their own Fedora key or an overall Linux key as too complex or costly, Garrett says they have decided to opt for the "least worst" option; have Microsoft sign Fedora. So for $99, Microsoft offer a signing service and this should ensure compatibility with a wide range of hardware. "If there are better options then we haven't found them" he added.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Fedora 18 Added UEFI Secure Boot (Security-Key Purchased From Microsoft)"https://www.voiceofgreyhat.com/2012/06/fedora-18-added-uefi-secure-boot.html</a>

FBI Used LulzSec To Track & Spy on Wikileaks Founder Julian Assange

FBI Used LulzSec To Track & Spy on Wikileaks Founder Julian Assange

After the inside story of Anonymous former leader Hector Xavier Monsegur aka "Sabu" case get revealed, the world came to know that Sabu was working as an under cover agent of FBI which lead a series of arrest for several key members of hacker collective Anonymous & LulzSec. Now we got another twist which came from a new book written by Parmy Olson, the London bureau chief for Forbes Magazine, saying that FBI used an agent inside the LulzSec hacker group to track and spy on Wikileaks founder Julian Assange. According to the book, an associate of WikiLeaks contacted LulzSec spokesman Topiary on June 16 hours after the assault on the CIA. The two would eventually converse over an Internet Relay Chat channel that was reported to be witnessed by Assange, who confirmed his identity by providing a video to the hacker in real time during their chat. For a few weeks, writes Olson, Assange and/or his associate returned to the LulzSec IRC channel “four or five more times,” during which others occasionally engaged in conversation with both sides. During at least one of those conversations, Assange’s contact at WikiLeaks offered LulzSec a spreadsheet of classified government data contained in a file named RSA 128, which she says was heavily encrypted and needed the manpower of black hat hacktivists to decode.

According to an exclusive report of RT - Aside from a few unsealed court documents, details about the now-defunct hacktivism group LulzSec remains few and far between. One journalist is saying she got inside the organization though — along with Julian Assange.
“We Are Anonymous: Inside the Hacker World of LulzSec, Anonymous, and the Global Cyber Insurgency” is an upcoming book from Parmy Olson, the London bureau chief for Forbes Magazine. And although her alleged account has not yet hit the shelves, a lengthy excerpt has been leaked to the Web — and its contents suggest that that the world’s once most powerful hacking collective was in correspondence with WikiLeaks founder Julian Assange after he allegedly reached out to the organization for assistance. The US government says that they had already infiltrated LulzSec by then, though, meaning that WikiLeak’s plea to the hacking collective was actually being offered to an FBI mole.
According to Olson, the June 2011 attack on the public website of the US Central Intelligence Agency by LulzSec caught the attention of Assange, who was residing in the countryside manor of an English journalist while on house arrest.Once he saw that a LulzSec-led invasion had crippled CIA.gov, Assange allegedly sent out two tweets from the WikiLeaks Twitter account, only to delete the micomessages shortly after:
"WikiLeaks supporters, LulzSec, take down CIA . . . who has a task force into WikiLeaks," read one."CIA finally learns the real meaning of WTF” reads the other.
Assange “didn't want to be publicly associated with what were clearly black hat hackers” writes Olson, speaking of computer compromisers who target network for perhaps no real intention other than mischief making. “Instead, he decided it was time to quietly reach out to the audacious new group that was grabbing the spotlight,” she says. Olson says that one of those hackers aware the newfangled relationship was Hector Xavier Monsegur, who spearheaded LulzSec by serving as a leader of sorts under the handle Sabu. Perhaps unbeknownst to all engaged in the IRC chats, however, was that Sabu had been arrested on June 7 and, according to the federal government, began immediately working as an FBI informant.
"Since literally the day he was arrested, the defendant has been cooperating with the government proactively," Assistant US Attorney James Pastore said at a secret bail hearing on August 5 2011, according to a transcript released this March after his arrest was made public.
While details of Sabu’s escapades under the direct influence of the FBI are obviously being kept confidential, federal attorneys have said that the hacker more or less masterminded the group under their command until LulzSec dissolved on June 25; Jake Davis — Topiary — was arrested in the UK on August 1. If Olson’s allegations add up, that could mean that the FBI’s top-secret informant, Sabu, was speaking directly with America’s cyber-enemy number one: Julian Assange.
On Wednesday this week, the UK Supreme Court agreed to extradite Assange to Sweden, where he is facing a lawsuit unrelated to his involvement with WikiLeaks. Once there, however, the United States may be able to more easily fight to have him sent stateside to be charged with aiding the enemy — the crime being pegged to alleged WikiLeaks contributor Bradley Manning, who now faces life in prison for that involvement. The uncertainty of who exactly conversed with whom might be near impossible to confirm given the widespread anonymity of hacktivists tied with LulzSec and Anonymous alike, but if Olson’s account adds up, the FBI’s inside man may very well have come close to working with Assange. On his part, Topiary claims that he never received the RSA 128 file.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">FBI Used LulzSec To Track & Spy on Wikileaks Founder Julian Assange"https://www.voiceofgreyhat.com/2012/06/fbi-used-lulzsec-to-track-spy-on.html</a>