Twitter Spam Bots (#mumbaiblasts)

After the blasts in Mumbai on Wednesday evening, many turned to Twitter for the latest information. Most tweets about the explosions featured the hash tagged term #mumbaiblasts to make identifying relevant posts easier. The live-updating stream included critical information, with tweets sharing emergency phone numbers and links to a public spreadsheet where anyone who wanted to help could post their contact information.
But some of the #mumbaiblasts posts aimed to exploit the attention. Several provocative tweets like “OMG British royalty hurt in #mumbaiblast,” “#MumbaiBlasts done by Bin Laden Apparently he is not dead. See here” and “First Lady caught up in #Mumbai blasts” were posted throughout the evening and from numerous Twitter accounts. All these tweets included links to blog posts that had nothing to do with the explosions. To someone following the stream live, clicking on these links would have been a confusing experience.
But these posts weren’t trying to make sense. They just wanted clicks. These spam tweets linked to “spam blogs,” blogs that exist solely to attract as many views for their sites as possible and sell ads against them. The entities behind these blogs can use computer programs to create an army of Twitter accounts that all link back to the blogs. And while it may be particularly repugnant that spammers would capitalize on a disaster to boost their page views, it’s not unusual. If you follow any of the most popular phrases on Twitter, spam tweets will pop up, regardless of the topic. Twitter banned many of the #mumbaiblasts spam accounts shortly after they were created, but for those who were logged in as events unfolded, it was too late.
Most of the spam tweets have been removed from Twitter since we first saw them there. We went back and found them by plugging in one of the spam links to Backtweets, a site that combs Twitter to find all the tweets linking to an individual webpage. The spammers have apparently moved on to other topics like Justin Timberlake and iPads, but you can still find the #mumbaiblast spam deep in the search results.
There’s not much the average user can do to avoid falling victim to the spam’s tweet trap, except to know that if the Tweet sounds too crazy to be true, it probably is. Twitter also offers this tutorial on how to report spam accounts.

-News Source (India Real Times)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Twitter Spam Bots (#mumbaiblasts)"https://www.voiceofgreyhat.com/2011/07/twitter-spam-bots-mumbaiblasts.html</a>

Skype is Still Vulnerable

 

An Armenian hacker is claiming that Skype has failed to learn from prior security lessons, falling victim to a cross-site scripting (XSS) vulnerability similar to one it patched in May, which would allow users to redirect victims to unwanted websites or run arbitrary code.  The May vulnerability allowed users to fool the Mac client of Skype into running arbitrary code as the client didn't check, or sanitise, instant messages to ensure they were free of malicious code.

While Skype issued a low-priority patch at the time, a 28-year-old Armenian-based security engineer, Levent "noptrix" Kayan, claimed on Wednesday night that a similar XSS vulnerability existed elsewhere in Skype's software. He said that the failure to sanitise certain user information or the output rendered in Skype clients could still allow code to be executed.

In particular, Kayan claimed that he could see remote users' session information, which he said a malicious user could utilise to masquerade as the remote user and make calls on their account. He also said it could be used to take advantage of other holes, possibly allowing full control over the PC. Both of the latest versions of Windows and Mac clients are affected.

HE told that "An attacker would need to [submit] malicious code. The victim doesn't have to do anything. He will be attacked, when he just logs into his account."

Skype said the vulnerability was considered a minor issue and that it had developed a fix for it which would be deployed next week.

Skype's head of information security, Adrian Asher, said that in order to exploit this, a person would have to be a validated contact of yours and one of the most frequent people you are in contact with and was therefore very unlikely to cause any issues in the real world. Nevertheless, he said the vulnerability shouldn't have existed and it would be fixed.

Additionally, Skype said that the session information that Kayan had been able to access was in relation to the web session IDs and not Skype IDs, suggesting that the attacker couldn't make calls using the exploit. It did, however, concede that it was possible for a victim's contacts to redirect them to any website using the web browser built into the Skype client, but stressed that only validated contacts would be able to do so. In the meantime, it said users should not authorise people they do not know and/or do not want to talk to.

HackLabs director, Chris Gatford, said that it was common to come across these sorts of vulnerabilities in the work penetration testing of client systems his company does.

"I would suggest that 80 per cent, perhaps even 90 per cent of the time, cross-site scripting vulnerabilities are present," he said.

Gatford mentioned the previous XSS vulnerability in the Skype client and thought that it was surprising that Skype had not patched all of its input validation problems when it was previously brought to its attention. "This would be a simple fix for them. To be honest, I'm kind of surprised they didn't learn their lesson the first time and extend the fix system-wide then."

-News Source (ZDNet)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Skype is Still Vulnerable"https://www.voiceofgreyhat.com/2011/07/skype-is-still-vulnerable.html</a>

New Hacking Alert System Introduced By Hotmail

Microsoft on Thursday introduces a hacking alert system to its Windows Live Hotmail email service alongside banning common passwords. "When someone's account gets hijacked, their friends often find out before they do, because the hijacker uses their account to send spam or phishing email to all their contacts," said Microsoft in a blog post.

The new security feature adds a "My friend's been hacked!" option in the "mark as" menu in Hotmail and also enables users to report hacked accounts via the junk mail filing screen. Then an alert will be sent to Microsoft, which will "make sure the account can no longer be used by spammers and activates an account recovery process to allow the owner to take back control the accounts." Users can report any email account as compromised and Hotmail will provide the information to other email providers like Yahoo! and Gmail, said the blog. Meanwhile, Microsoft said Hotmail will roll out a feature to prevent users from choosing commonly used and weak passwords, such as "123456," "ilovecats" and "gogiants." Users who currently use a weak password will be asked to change to a stronger one in the future.

Hotmail, first launched in July 1996, is one of the first free email providers, and was acquired by Microsoft in 1997 for an estimated 400 million U.S. dollars. According to statistics released by comScore last August, Hotmail was then the world's largest web-based email service with around 364 million users, followed by Yahoo! Mail (280 million) and Gmail (191 million).

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">New Hacking Alert System Introduced By Hotmail"https://www.voiceofgreyhat.com/2011/07/new-hacking-alert-system-introduced-by.html</a>

Jawahar Knowledge Centre (Indian Government) Database Hacked By PCA

Indian Government's Jawahar Knowledge Centre Database Hacked By Shak (Pak Cyber Army). They Exposed useremail,password, surname, name, designation, address, phone, college-code, dateofreg, gender, districtid, hallticketno, question, answer, alterem & other confidential datas.

To Download the Data Base Click Here

According to the Official Press Release of PCA:-

INDIAN GOVERNMENT HACKED BY <=Shak=>

DATABASE LEAK: 100%

>_ Words To Kidi V0iD:

Get a Life Kid , This is Payback from Pak Cyber Army .

---------------------------------------------------------------------------------------------

http://ieg.gov.in/

= 0Wn3D

Here are the , password, surname, name, designation, address, phone, useremail, collegecode,

dateofreg, gender, districtid, hallticketno, question, answer, alteremail | Still need something els

ALL PASSWORDS ARE CRACKED


DOWNLOAD DATABASE : Multiupload.com - upload your files to multiple file hosting sites!

INDIAN GOVERNMENT HACKED BY <=shak=> - Pastebin.com

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Jawahar Knowledge Centre (Indian Government) Database Hacked By PCA"https://www.voiceofgreyhat.com/2011/07/jawahar-knowledge-centre-indian.html</a>

VODAFONE UK Network Compromised

The Hacker's Choice (http://www.thc.org) announced a security problem with Vodafone's Mobile Phone Network today. An attacker can listen to UK Vodafone mobile phone calls.

An attacker can exploit a vulnerability in 3G/UMTS/WCDMA - the latest and most secure mobile phone standard in use today. The technical details are available at http://wiki.thc.org/vodafone.

THC was not immediately available for comments but an associated member of the group commented that 'the problem lies within Vodafone's Sure Signal / Femto equipment'.A Femto Cell is a tiny little home router which boosts the 3G Phone signal. It's available from the Vodafone Store to any customer for 160 GBP.

THC managed to reverse engineer - a process of revealing the secrets - of the equipment. THC is now able to turn this Femto Cell into a full blown 3G/UMTC/WCDMA interception device.

-News Source (THC)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">VODAFONE UK Network Compromised"https://www.voiceofgreyhat.com/2011/07/vodafone-uk-network-compromised.html</a>

2 Hackers Forum Hacked By Shadow008

Now a days it has became a very common scenario that Hacker's site is getting hacked. Same thing happens again. This time the victim are thehackingcrew.net & hackk.net, famous Pakistani Hacker Shadow008 hacked these Forums.

Hacked Sites:-

http://thehackingcrew.net/
http://www.hackk.net/vb/forum.php

Mirror Link:-

http://zone-h.com/mirror/id/14413904  
http://mirror.sec-t.net/defacements/?id=53384

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">2 Hackers Forum Hacked By Shadow008"https://www.voiceofgreyhat.com/2011/07/thehackingcrewnet-hacked-by-shadow008.html</a>

A Man Has been Jailed for 18 Years Due to Hacking into Neighbours Wi-Fi

A man has been jailed for 18 years following a prolonged campaign of hacking his neighbours Wi-Fi in an attempt to frame them for child pornography and threats against the US Vice President.

Minnesota resident Barry Ardolf was sentenced to a lengthy stretch in America's finest following an astonishing campaign of revenge against his neighbours, apparently motivated by the neighbours reporting Ardolf to the police after kissing their 4-year-old son.

The FBI, having become involved following the death threats against Vice President Joe Biden , discovered documents stolen from the man's neighbours as well as detailed revenge plans against his neighbours Matt and Bethany Kostolnik. While the Kostolnik's Wi-Fi router network was encrypted, Ardolf reportedly used password cracking software to discover the password to the router where upon he would access the Kostolnik's home network and set up fake MySpace and Yahoo email accounts posting as his neighbours. In a court document from the prosecution prior to sentencing, Ardolf was described as a "dangerous man" that "uses his technical skills both to inflict harm and to avoid getting caught."

-News Source (PCR)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">A Man Has been Jailed for 18 Years Due to Hacking into Neighbours Wi-Fi"https://www.voiceofgreyhat.com/2011/07/man-has-been-jailed-for-18-years-due-to.html</a>