Farhan Ghumra found Critical Vulnerability in Payment Portal of PayPal

Posted by Avik Sarkar On 7/08/2011 06:03:00 pm

Farhan Ghumra, A Computer Engineering Student from Rajkot, India  found Critical Vulnerability in Payment Portal PayPal. Websites having PayPal portal for payment can easily be bypassed by Java Script. The JavaScript will bypass the payment page and redirect the user to download page for products like software, e-Books and so on. He also reported the Paypal Authority about this flaws.

According to Farhan:-

"...JavaScript is so simple. It just redirect the user by fetching the download page from website’s source code.


javascript:top.location=document.getElementsByName(‘return’)[0].value;javascript:void(0);


Moreover the JavaScript is floating around various blogs and forums. Apart from them a lot of video tutorial are uploaded on YouTube. The infected websites can easily be searched by this Google dork


“this order button requires a javascript enabled browser”


Google list a whopping 1,390,000 results. So this number of sites are at risk easy to be exploit. The internet is flooding with this vulnerability & it’s exploit, but the biggest question is that the PayPal, which is considered the most secure payment service doesn't get attention till now about this theft..."

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

More than 40 Sites Hacked By Krishandpate118 & V1p3R

Posted by Avik Sarkar On 7/08/2011 03:40:00 pm


More Than 40 Websites Hacked By Krishandpate118 & V1p3R

Hacked Sites:- 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Microsoft Said, Our Security is Stronger than Sony & RSA, also We are not Vulnerable to DDoS

Posted by Avik Sarkar On 7/08/2011 03:24:00 pm


Microsoft's John Howie claims Microsoft security is stronger than Sony and RSA which were hacked due to "rookie mistakes." The software giant also released Volume 10 of its Security Intelligence Report.

Uh-oh. There's nothing quite like throwing down the gauntlet and virtually taunting hackers to prove a proud boast is false. In what some attackers might consider a dare,  John Howie, Microsoft's senior director in the Online Services Security & Compliance (OSSC) team, basically claimed that Microsoft sites are unhackable and can't be DDoSed.
According to Microsoft, "rookie mistakes" by Sony and security firm RSA caused the corporations to be brought down by hackers. Howie told Computing News that Sony was coded badly and failed to patch its servers. "These are rookie mistakes," Howie said.  In regards to the breach at RSA, Howie stated, "RSA got hacked because someone got socially engineered and opened a dodgy email attachment. A rookie mistake."
Howie added, "At Microsoft we have robust mechanisms to ensure we don't have unpatched servers. We have training for staff so they know how to be secure and be wise to social engineering. We have massively overbuilt our internet capacity, this protects us against DoS attacks. We won't notice until the data column gets to 2GB/s, and even then we won't sweat until it reaches 5GB/s. Even then we have edge protection to shun addresses that we suspect of being malicious."
In other Microsoft security news, after analyzing 600 million computers worldwide, Microsoft released Volume 10 of its Security Intelligence Report. It  focuses on malware, software vulnerability disclosures, vulnerability exploits, and related trends. The majority of all vulnerabilities in 2010 were vulnerabilities in applications versus operating systems or web browsers. Exploiting Java vulnerabilities topped the list of exploitation categories over generic HTML/scripting exploits, operating system exploits, and document exploits. Adobe Acrobat and Reader accounted for the highest number of document format exploits. Windows 7 and Windows Server 2008 R2 had the lowest operating system infection rate for both client and server platforms. 64-bit versions of Windows 7 which "appeal to a more technically savvy audience than their 32-bit counterparts" have the lowest infection rates.
In regard to malicious websites, phishers targeted gaming sites in the first half of 2010 but then targeted social networks. Yet the "number of active sites targeting gaming sites remained relatively high during the second half of the year, which suggests that more campaigns may be coming."
According to the SIR [PDF] Global Threat Assessment graph below, in the 4th quarter of 2010, the most common threat in the USA  was miscellaneous Trojans which affected 38.6% of all cleaned computers. This was down from 43.8% in the 3rd quarter. The second most common threat was Adware which affected 28.3% of all cleaned computers and was up from 23% in the third quarter. "Miscellaneous Potentially Unwanted Software" was the third most common threat in the U.S. and affected 24.6% of cleaned computers. The MSRT detected malware on 11.6 of every 1,000 computers scanned in U.S. in 4Q10 giving the States "a CCM score of 11.6, compared to the 4Q10 average worldwide CCM of 8.7."

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Internet Security Crackdown By ICSPA

Posted by Avik Sarkar On 7/08/2011 03:24:00 pm


Business leaders looking to protect their cloud services against internet crime could be interested in the launch of a new scheme. On Tuesday (July 5th), the International Cyber Security Protection Alliance (ICSPA) unveiled plans to provide increased resources for countries struggling to provide online security.

Working alongside businesses and law enforcement agencies, the organisation aims to allow governments with limited expertise to experience success in eradicating the issue.
The announcement comes after UK politicians injected £650 million funding into programmes working to improve the national infrastructure. Prime minister David Cameron said: "The very nature of this threat calls for more than a national response, it demands a truly global response and that is what the ICSPA is all about."
Earlier this month, the ICSPA joined forces with European law enforcement agency Europol in a bid to tackle threats to internet security across the EU's 27 member states. As part of the partnership, the agencies will aim to explore methods of accrediting specialised officials and provide advice for businesses looking to protect their assets.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

#Antisec, Turkish Takedown Thursday By Anonymous

Posted by Avik Sarkar On 7/07/2011 06:35:00 pm





Hacker Group Anonymous declared #operation Turkey for the shake of #Antisec. This time they damaged more than 70 Turkish websites. 

Anonymous messages about #operation Turkey: -


"Over the last few years, we have seen how the Turkish government has tightened its grip on the internet. It has blocked thousands of websites and blogs while abusive legal proceedings against online journalists persist. The government now wants to impose a new filtering system on the 22nd of August that will make it possible to keep records of all the people’s internet activity. Though it remains opaque why and how the system will be put in place, it is clear that the government is taking censorship to the next level.
These acts are inexcusable. Accessing and participating in the free flow of information is a basic human right. Anonymous will not stand by while the Turkish government violates this right. We will bring our support to circumvent censorship and retaliate against organizations imposing censorship. 
Hundreds of thousands of people protested against internet censorship decisions but AKP government ignored the voice of the people and violently oppressed the protesters. 
We call on all internet citizens to support freedom of speech by pushing the Turkish government to stop these foolish policies. The free flow of information won’t be stopped. Sharing of knowledge won’t be stopped. It is time to fight for our rights and stand up for what we believe in.

Join us in the IRC channel to discuss what we can do to liberate the internet: http://chat.mibbit.com/?server=194.8.74.43&channel=%23opTurkey

(server: irc.anonops.li, channel #opturkey)

We are Anonymous.
We are Legion.
We do not Forgive.
We do not Forget.
Expect us.
.."

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Web Browser Grand Prix 5

Posted by Avik Sarkar On 7/07/2011 06:20:00 pm

 
Three major released have landed since our last impromptu Web Browser Grand Prix (WBGP4): Chrome 12, Firefox 5, and Opera 11.50. Can Chrome or Opera regain the WBGP championship? Will Mozilla Firefox ever overtake Microsoft's IE9 in the rankings?
If it seems like it was only weeks ago when we were compelled to test the then-new Mozilla Firefox 4 against the reigning Web Browser Grand Prix champion Microsoft Internet Explorer 9 in Web Browser Grand Prix 4: Firefox 4 Goes Final, that's because it was only a few weeks ago.
In an attempt to curb the siphoning of its user base to Google, Mozilla decided to keep pace with the frenetic development cycle of Chrome. Firefox 5 is now a reality. But will Mozilla also keep up with innovation like Google? Furthermore, will a higher integer finally allow Mozilla to overtake arch-rival Microsoft in our performance metrics? Can former speed-kings Chrome and Opera reclaim the dual domination of our WBGP crown, as they did in 2010?
We've tightened up our suite of benchmarks for this article, cutting the fat that was Google's V8 JavaScript Benchmark and the redundant two-pixel variant of the GUIMark2 HTML5 Vector Charting test. We also fleshed it out by adding Facebook's JSGameBench, as well as battery life and reliability testing. But before we get to the benchmarks, let's get caught up on the latest developments in the continuing browser wars.
Opinions:-

The release of Firefox 5 was met with harsh criticism for its apparent lack of anything new. It has been said that Firefox 5 should have been called Firefox 4.1 or 4.2. Or even 4.02.
There is also a growing concern over whether the new rapid release schedule jives with IT departments. Firefox became a viable choice for many companies during the version 2 and 3 days. Mozilla also offers the preferred development platform for most Web designers. Basically, Firefox gained the reputation of being the most stable choice. By mimicking Chrome's development cycle, Mozilla may have shot itself in the foot.
Smack Talk:-

Microsoft took a shot right across the bow of Google and Mozilla by announcing that WebGL is “harmful,” and that IE10 would not be utilizing the specification. Several experts came out in support of Microsoft's assertion, though it should be noted that Redmond may have a dog in this fight with DirectX.

Attacking Mozilla even further, the Internet Explorer development team sent the Firefox development team a cupcake to celebrate the release of Firefox 5. Mozilla also received cakes from Microsoft for the release of Firefox 3 and 4. Full cakes. Obviously, this is in response to the criticism that Firefox 5 is nothing more than a minor update to Firefox 4. The included note read: "Congratulations on shipping! Love, The IE Team". "Congratulations on shipping" might have been in reference to the frequent delays that plagued Firefox 4, which was eventually made available more than six months late. Now that's a classy way to rag on somebody. Not missing a single opportunity to slam its competition, Microsoft also capitalized on the other major criticism of Firefox 5 when an IE developer boasted Microsoft's commitment to IT.
Mozilla shot back with a blog post addressing the IT issue, although in a very non-concrete way:

"We are exploring solutions that balance these needs..."

Not to be outdone, an Opera employee also had this to say in regard to rapid release schedule:

“Despite the version number (11.50), we've packed a lot of new features into it. While other browsers rush to release whole new version numbers with small tweaks, I think we've kept traditional versioning, while simply releasing a little faster.”Obviously, this comes at an unfortunate time for Mozilla, but one cannot help but wonder if this comment was meant for Google. Opera and Google have gotten into it pretty heavily in the past, and, for a time (before IE9), Chrome and Opera swapped places on a semi-monthly basis in the performance charts.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

The Obama Campaign Website get Hacked

Posted by Avik Sarkar On 7/07/2011 12:03:00 pm


The Obama campaign website was hacked on Tuesday and invited supporters to two fake anti-government events hosted by an unnamed "Commy Obama."
The campaign's application for mobile devices, such as iPhones and iPads, directed users to two events titled "Rules of Politics" scheduled for noon on Tuesday in Washington.

"1. Politicians and other public servants lie," read the event description provided on the Obama campaign website."
2. Politicians tell you what you want to hear and offer to provide things for 'free' to get votes. 
3. When government buys, the people pay."

The 430-word message lists 21 total anti-government criticisms, none of which target Obama, another politician or a particular political party by name.
The twenty-first note quotes the late Adrian Pierce Rogers, a Southern Baptist preacher who served two terms as president of the Southern Baptist Convention from 1979 to 1988. 
"'You cannot legislate the poor into freedom by legislating the wealthy out of freedom,'" the author writes, quoting one of Rogers' more famous sermons. "'When half of the people get an idea that they do not have to work because the other half is going to take care of them, and when the other half gets the idea that it does no good to work because somebody else is going to get what they work for, that my dear friend, is about the end of any nation. You cannot multiply wealth by dividing it.'”
The Obama website was hacked one day after Fox News' Twitter account was hijacked and spread false information saying Obama had been assassinated.
Update: Obama campaign adviser Ben LaBolt sent an e-mail to The Washington Examiner Tuesday afternoon saying the events calendar is user-generated, so the security of the website has not been compromised. The campaign removed the event from its calendar following the Examiner's report.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Related Posts Plugin for WordPress, Blogger...

Site search