Pakistani Hackers Started a new operation named "GAY HIND" Due to this operation Indian Server (182.18.188.26) get rooted and 655 Sites get Hacked
Click HERE to Know more About this Operation
SQL Injection Vulnerability In Google Lab Database System found by Shadman Tanjim
SQL Injection Vulnerability In Google Lab Database System found by Shadman Tanjim (Admin Bangladesh Cyber Army). Here is the report Submitted By Shadman to VOGH.
REPORT:-
Very Big and Critical Vulnerability detect in Google Lab System. Vendor is already reported. But they don’t take positive step in this case this vulnerability is now exposed and open in public. Now I tell details About the Vulnerability in Google Lab System.
Google Lab Website has SQL Injection Vulnerability and Dangerous thing is this
Vulnerability is Exploitable. We can get Tables, columns and data. Google Lab
Database has his own customize DB system. But Interesting things is their database system is Similar as Ms Access database. In this case Ms Access SQL Injection System is Also Work on Google Lab Database system. And this vulnerability is 100% real and Now We can see this in our eyes.
Google Lab Website has SQL Injection Vulnerability and Dangerous thing is this
Vulnerability is Exploitable. We can get Tables, columns and data. Google Lab
Database has his own customize DB system. But Interesting things is their database system is Similar as Ms Access database. In this case Ms Access SQL Injection System is Also Work on Google Lab Database system. And this vulnerability is 100% real and Now We can see this in our eyes.
Now I give you Step by step proof about this Vulnerability.
1. Website: www.googlelabs.com or labs.google.com
2. Vulnerability type: SQL Injection
3. Vulnerable url: http://www.googlelabs.com/?q=%27&apps=Search+Labs
Info:
6. Host IP: 209.85.175.141
7. Web Server: Google Frontend
8. Keyword Found: Fast
9. Injection type is Integer
10. Keyword corrected: Swirl
7. Web Server: Google Frontend
8. Keyword Found: Fast
9. Injection type is Integer
10. Keyword corrected: Swirl
Let’s Check Exploiting this Vulnerable link. Here I use 3 Famous SQL Injection
tools. They are:
tools. They are:
1. Havij Advance SQL Injection Tool
2. Safe3 SQL Injector v8.4
3. Pangolin SQL Injection Tool
Website: http://www.nosec-inc.com/en/
You Can Download the Video Of This Vulnerability VIDEO LINK
To Download the Full PDF report Click HERE
Chrome OS Has Serious Flaws, Said Researchers
Flaws could undermine Google's focus on security of Chrome-powered devices. Since Google's Chrome operating system is built to be used connected to the web, users' files and work will mostly be saved in the cloud. Using Google Docs applications for example, automatically stores the work on Google's servers so you can access it from anywhere across a variety of devices.
Google believes this is the future of computing, and its Chrome OS is designed specifically for Cloud-based use. It also allows Google to talk up security, as your documents are stored and well protected in the Cloud, whereas if somebody were to steal your Chromebook, they won't find all of your files on your HDD like they will if they steal your notebook PC.
However, researchers at an independent security firm say that Chrome's reliance on web computing also makes it vulnerable in other ways. WhiteHat Security researcher Matt Johansen was paid $1,000 by Google for reporting a flaw in the Chrome OS note-taking application that he successfully exploited to hijack a Google Mail account.
Since then, Johansen has said he found the same basic flaw with many other applications (or extensions). "This is just the tip of the iceberg," he told Reuters. "This is just evolving around us. We can see this becoming a whole new field of malware."
Johansen says the key to for Chrome OS hacking is to somehow capture data that is being sent and received by the Chrome browser, to and from the Cloud. "I can get at your online banking or your FaceBook profile or your email as it is being loaded in the browser," he said.
"If I can exploit some kind of Web application to access that data, then I couldn't care less what is on the hard drive." Such snooping could be done by exploiting a vulnerability found in a Chrome extension, for example. Google has recently revealed plans to improve the screening of Chrome extensions to avoid security problems. "Chrome is trusting these extensions more than it would be trusting just another website," Johansen said, referring to how the operating system gives extensions sweeping rights to access data stored on the cloud.
Google believes this is the future of computing, and its Chrome OS is designed specifically for Cloud-based use. It also allows Google to talk up security, as your documents are stored and well protected in the Cloud, whereas if somebody were to steal your Chromebook, they won't find all of your files on your HDD like they will if they steal your notebook PC.
However, researchers at an independent security firm say that Chrome's reliance on web computing also makes it vulnerable in other ways. WhiteHat Security researcher Matt Johansen was paid $1,000 by Google for reporting a flaw in the Chrome OS note-taking application that he successfully exploited to hijack a Google Mail account.
Since then, Johansen has said he found the same basic flaw with many other applications (or extensions). "This is just the tip of the iceberg," he told Reuters. "This is just evolving around us. We can see this becoming a whole new field of malware."
Johansen says the key to for Chrome OS hacking is to somehow capture data that is being sent and received by the Chrome browser, to and from the Cloud. "I can get at your online banking or your FaceBook profile or your email as it is being loaded in the browser," he said.
"If I can exploit some kind of Web application to access that data, then I couldn't care less what is on the hard drive." Such snooping could be done by exploiting a vulnerability found in a Chrome extension, for example. Google has recently revealed plans to improve the screening of Chrome extensions to avoid security problems. "Chrome is trusting these extensions more than it would be trusting just another website," Johansen said, referring to how the operating system gives extensions sweeping rights to access data stored on the cloud.
Al-Qaeda Network Hacked (Terrorists terrorised)
Computer hackers have disrupted al-Qaeda's ability to communicate via internet by interrupting the flow of videos and messages of the outfit, an anti-terror expert said.The attack was reportedly carried out by unknown hackers in the past few days.
"Al-Qaeda's online communications have been temporarily crippled, and it does not have a single trusted distribution channel available on the Internet," Evan Kohlmann of Flashpoint Global Partners, which monitors the outfit's communication said.
It was "well coordinated and involved the use of an unusual cocktail of relatively sophisticated techniques," Kohlmann said.
"My guess is that it will take them at least several days more to repair the damage and get their network up and functioning again," he said.
British newspapers reported earlier this month that the UK government had also hacked into al-qaeda's online magazine - Inspire - and replaced instructions to make bombs with instructions to make cupcakes.
It reportedly took the terrorist organization two weeks to get back the original posting.
"Al-Qaeda's online communications have been temporarily crippled, and it does not have a single trusted distribution channel available on the Internet," Evan Kohlmann of Flashpoint Global Partners, which monitors the outfit's communication said.
It was "well coordinated and involved the use of an unusual cocktail of relatively sophisticated techniques," Kohlmann said.
"My guess is that it will take them at least several days more to repair the damage and get their network up and functioning again," he said.
British newspapers reported earlier this month that the UK government had also hacked into al-qaeda's online magazine - Inspire - and replaced instructions to make bombs with instructions to make cupcakes.
It reportedly took the terrorist organization two weeks to get back the original posting.
New Cyber Security Degree to be offered By LCC
To address this emerging global threat, Laredo Community College will launch a new, two-year degree in Network and Cyber Security Technology in the fall.“Frankly, most law enforcement agencies are ill-equipped to deal with this new era and sophistication of technology crime,” Robert Moore, chair and instructor for LCC’s Computer Technology Department, said.“There’s currently a shortage of computer security specialists, and we’re doing our part to fill this gap.”For several years now, LCC’s CT department has been offering an associate degree in network technology.But, because “the skill sets of the modern day network administrators have expanded, we’re enhancing the curriculum to add cyber security courses to train traditional students and professionals in the industry who want to update their computer networking skills,” Moore added.No similar program is being offered within a 150-mile radius of Laredo. “Every business uses a computer, and every business has a potential to be targeted,” Steven Moncivais, a cyber detective for the Laredo Police Department, said.“A hacker can break into a computer system via cyber space and steal information from thousands of credit cards. Doing this criminal act in this manner provides a blanket of anonymity, and the chances of getting caught are pretty slim.”Hacking, malware, identity theft, and phishing are terms associated with a new wave of technology crimes that can damage a person’s financial history or cripple a company’s network (parallelism).
According to Moncivais, cyber criminals can open a credit card account, or even a loan. We had an incident a few years ago where a local restaurant was targeted from another city via the web and stole hundreds of clients’ credit card information, and another incident where someone purchased a $100,000 home under someone else’s name,” Moncivais added.
“The threat is there, but if a company really wants to protect their customers’ information, they do need someone who is knowledgeable in this field.”
Robert Herrera, Management Information Systems Liaison officer with LPD and one of several committee members for the program, agreed. “There is a huge need for experts like these,” Herrera said.
On a daily basis, Herrera and his team meticulously view surveillance videos or browse through computer hard drives to solve various crimes.
“The threat is there, but if a company really wants to protect their customers’ information, they do need someone who is knowledgeable in this field.”
Robert Herrera, Management Information Systems Liaison officer with LPD and one of several committee members for the program, agreed. “There is a huge need for experts like these,” Herrera said.
On a daily basis, Herrera and his team meticulously view surveillance videos or browse through computer hard drives to solve various crimes.
Apple's Developer Site is Under Phishing Attacks
With all the news about Anonymous, LulzSec, Anti-Sec, and so on, you'd almost forget there are more ethical hacking groups out there as well. One such group, YGN Ethical Hacker Group, informed Apple of several weaknesses in its developers website on April 25. Apple acknowledged the flaws, but so far, hasn't done anything about them. YGN Ethical Hacker Group has now stated they will fully disclose the vulnerabilities if Apple doesn't fix them in the coming few days.
The hacker group claims to have found three separate security flaws in Apple's developer website - arbitrary URL redirects, cross-site scripting, and HTTP response splitting. Especially the arbritry URL redirects are problematic, since it would make it quite easy to lead a phishing attack to obtain login credentials from Apple's third party developers. Developers use Apple IDs to login, so this would give malicious folk access to developers' iTunes accounts.
YGN Ethical Hacker Group isn't a new group - they've already identified similar security issues at other websites. Java.com, for instance, suffered from similar URL redirect issues, but Oracle fixed it within a week, and thanked the hacker group. They also found issues with McAfee's website, but McAfee refused to fix anything until the hacker group went for full disclosure.
Apple has been given the same two months to fix their issues, but Apple has so far refused to do so. The issues were reported to Cupertino April 25, and Apple confirmed they had received the information two days later. We're two months down the line now, and nothing has been fixed, according to the hacker group. As such, they will now take the same steps they took with McAfee
YGN Ethical Hacker Group isn't a new group - they've already identified similar security issues at other websites. Java.com, for instance, suffered from similar URL redirect issues, but Oracle fixed it within a week, and thanked the hacker group. They also found issues with McAfee's website, but McAfee refused to fix anything until the hacker group went for full disclosure.
Apple has been given the same two months to fix their issues, but Apple has so far refused to do so. The issues were reported to Cupertino April 25, and Apple confirmed they had received the information two days later. We're two months down the line now, and nothing has been fixed, according to the hacker group. As such, they will now take the same steps they took with McAfee
Arizona Police are Still in the Target of Hackers
A computer-hacking group posted Wednesday personal details of officers allegedly taken from an Arizona police department, stepping up its campaign of attacks against government agencies and officials.
"AntiSec," a hacking campaign that includes elements of the Anonymous vigilante group and the Lulz Security hacking collective, posted emails, photos and other personal information it said was from at least 14 officers at the Arizona Department of Public Safety.
Hackers had targeted the same police department earlier and released training manuals, emails and intelligence documents last week as part of a political protest against a controversial state immigration law.
A spokesman for the Arizona Department of Public Safety declined to comment. Wednesday's release appears to step up the attack, focusing on officers rather than the department more broadly.
"We're not stopping until every prisoner is free," the hackers said in a statement. Earlier, some of the hackers said they had targeted Arizona's police department to protest Arizona's SB1070, a controversial state law that critics say is anti-immigration. A key provision of the law has been frozen because of legal challenges.
The hack comes amid a two-month long rampage of digital break-ins targeting governments and corporations including Sony Corp. (SNE, 6758.TO), the U.S. Senate, AT&T Inc. (T) and other high-profile targets. The attacks had been headed by Lulz Security, which said it had disbanded four days ago. The group's six main members joined a larger Internet campaign called AntiSec, or "Anti-Security," along with members of the online vigilante group Anonymous.
Together, the groups have released passwords and user data stolen from a Universal Music affiliated website, as well as details of Viacom Inc.'s (VIA) computer networks.
