Posted by Avik Sarkar
On 6/20/2011 10:56:00 am
SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
Posted by Avik Sarkar
On 6/19/2011 01:49:00 pm
In a catch-me-if-you-can explanation of why it has targeted the likes of Sony, the U.S. Senate, an FBI affiliate, and online porn sites, the LulzSec hacking group says it plans to keep having fun until it gets caught. A statement the group has posted says going public with user personal details after a hack attack is better than keeping exploits private. It gives users a chance to change their passwords, the group says. Such public releases are also arguably good for websites too. After the group published 26,000 emails and passwords stolen from porn sites last week, Facebook automatically locked every account linked to the email addresses, stopping the kind of unauthorized access LulzSec discusses. LulzSec says its hack attacks will continue until "we're brought to justice, which we might well be." The group's statement amounts to a manifesto and is surprisingly more erudite than might be expected. "We're attracted to fast-changing scenarios, we can't stand repetitiveness," the group says. "Nobody is truly causing the Internet to slip one way or the other, it's an inevitable outcome for us humans." And not everything the group has done has appeared malicious. Although ithacked into the British health system computers, it declined to cause damage or publish details, instead warning admins that the system was insecure.LulzSec members were considered righteous vigilantes by some sectors of the Internet after their repeated attacks against Sony, which were carried out in response to Sony's hounding of PS3 hardware hacker George Hotz. However, support has been waning after the group targeted non-Sony game servers this week. Perhaps surprisingly, in the statement the group attempts to distance itself from these attacks, pointing out they were done "by the request of callers [to its telephone request line], not by our own choice".
SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
Posted by Avik Sarkar
On 6/19/2011 01:43:00 pm
Apple's iTunes Store had a vulnerability that accepted incorrect passwords from America Online (AOL) users, that could have been exploited by hackers.
Security researcher Joshua Long said he discovered the vulnerability more than six months ago but kept silent until Apple could fix the flaw."Apple recently worked with AOL to fix a vulnerability that has been discovered in the iTunes Store authentication process ... This vulnerability seemed to be a problem in the way Apple integrated AOL user names and passwords into its services," he said in his blog.Before the vulnerability was fixed, he said Apple would accept incorrect passwords from users logging into the store using an AOL Screen Name. Incomplete passwords, passwords with incorrect letter case, passwords with incorrect or extra characters at the end, or a combination of any or all of these, were accepted by Apple. "Knowledge of this vulnerability could potentially have been used by attackers, leading to disclosure of personally identifiable information, identity theft, and fraudulent purchases," he said.Long said the vulnerability took the whole six-month disclosure time limit to be announced.He said Apple was at first unresponsive to the problem and then when it did respond, it was initially unable to reproduce it. "When I discovered this security vulnerability last year, I felt that it was serious enough to warrant submitting it to a responsible third-party vulnerability management organization rather than only to Apple or AOL. I have submitted reports to both companies in the past, and I have found that sometimes it can take them a very long time to respond to a security issue," Long said.He noted that up to now, AOL "still doesn't seem to care about encrypting its Web-based e-mail service, in spite of Firesheep shining a spotlight on the problem last year.""I hoped that bringing in a third party to work with the vendor would help encourage the vendor to take the issue seriously and fix it more quickly," he said.He eventually asked upSploit to help inform the affected parties about the vulnerability and the date on which it will be disclosed to the public. "I believe that upSploit's persistence was a major factor in motivating the vendor to take action and to resolve the issue," he said.
SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
Posted by Avik Sarkar
On 6/19/2011 01:14:00 pm
In order to combat the rising tide of cyber crime, the Japanese government has enacted a sweeping new law that criminalizes the creation of computer viruses and grants broad powers to law enforcement investigating computer crimes. The new legislation became law this past Friday, and is meant to provide new tools to Japanese police who perviously had no domestic laws with which to prosecute cyber criminals.
According to The Mainichi Daily News, the law carries a three year jail sentence and fines in excess of $6,000 (500,000 Yen) for creating and distributing computer viruses, and lesser fines and jail time for acquiring and storing viruses. Fortunately for computer security researchers, the law provides a “reasonable cause” caveat. The law also makes it illegal to send pornographic email spam.
Not everyone is happy about the new law, however. There are some concerns over language in the law which allows law enforcement to seize or copy data from computers connected via networks to computers used to commit virus-related crimes. Investigators can also seize and retain electronic communication records for up to 60 days. This has caused some controversy in the country, as Japan’s constitution guarantees the privacy of communications. The Japanese government has sought to quell concerns by including a directive that the law be applied appropriately.
The adoption of the law reflects the escalating concern over cybercrime across the international stage. The creation of this domestic law in Japan concludes some of the provisions of the Budapest Convention on Cybercrime, of the which the US is also a signer. The recent policy statements from the White House on cyber crime were derived from the same treaty. Of course, how well these new laws will function remains to be seen.
SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
Posted by Avik Sarkar
On 6/19/2011 01:07:00 pm
In India Inc, it could be the most high-profile case of an attempt to hack email. Mumbai police are investigating if the official email of Anil Ambani, group chairman of the Anil Dhirubhai Ambani Group (ADAG), was hacked last month. The probe began after the group lodged a complaint. An ADAG Official familiar with the developments, who did not wish to be named, said there had been only an attempt at hacking. “There was no security breach and no loss of data,” the official said. When contacted, ADAG declined to comment. On May 8, Ambani received an email apparently sent by a reporter of a newswire service, Bloomberg. When the compnay’ corporate communications department got in touch with the reporter, it emerged the reporter had not sent any such mail.
“This was clearly done with the intention of hacking,” said the official. Himanshu Roy, chief of Mumbai police crime branch, said, “We are certain we will solve the case very soon.”
SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
Posted by Avik Sarkar
On 6/18/2011 10:05:00 pm
The Cyber war is on between Indian and Pakistani Hackers. Today Indian hacker group Indishell (TEAM ICA) hacked into the pakhackerz.com & now in counter Pakleets hacked the Indishell Forum also they gave message to the Indishell guys.
"This is the Revenge of Hacking my Brother Site PakCyberArmy (shak) and Als0 U Comments On Faceb00k Piss me Off S0 today i Was s0 Bore i thought to Play with U and Here i am xD N0w Admit that U r Skid and Visit Google and learn Some More shits ...
Dont Even Dare t0 Visit Pakistani Sites again
0therwise U Come t0 Kn0w what I and Pakistani Hackers Can D0 :P"
Hacked Site:-
http://indishell.net/
Mirror Link:-
http://mirror.sec-t.net/defacements/?id=42923
SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
Posted by Avik Sarkar
On 6/18/2011 09:37:00 pm
Microsoft has commented on LulzSec's posting of emails and addresses, some of which may be associated with Xbox Live accounts. Microsoft has sent us this comment on the data, which is an info dump and not a hack.
"This group appears to have posted a list of thousands of potential email addresses and passwords, and encouraged users to try them across various online sites like Xbox LIVE in the event one of the users happens to use the same password and email address combination. At this time we do not have any evidence Xbox LIVE has been compromised. However we take the security of our service seriously and work on an ongoing basis to improve it against evolving threats."
The group dumped a list of 62,000 emails and passwords on a file sharing site (the list has been taken down multiple times) for accounts of sites and services like Xbox Live, PayPal, WOW, and much more (confirmed on LulzSec's Twitter, even). We've also had one poor reader tell us the credit card attached to his Xbox Live account has already been hit for $100 and the account's password changed.Just to clarify: LulzSec hasn't hacked Xbox Live, they've simply released people's emails and passwords that may pertain to an Xbox Live or PayPal or WOW, etc. account. Hacker group LulzSec has released emails and passwords for some people's Xbox Live account info, among other sites and services. LulzSec has also been involved in attacks on Nintendo, Minecraft, EVE Online, and (of course) Sony, among others. And for those of you keeping score out there, hactivists Anonymous deal more in denial of service attacks, while exposing user info is one of LulzSec's deals. Whatever the method or rationale, though, it's annoying.
SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
