Andhra Pradesh Medicinal & Aromatic Plants Board (Indian Govt.) official website Hacked By Pak Cyber Pyrates
Hacked Site:-
Mirror Link:-
Andhra Pradesh Medicinal & Aromatic Plants Board's Site Hacked By Pak Cyber Pyrates
Hacked Site:-
Mirror Link:-
National Telecommunication Authority of Nepal Hacked By w3bdf4c3r & n3ll4!h4ck3r
National Telecommunication Authority of Nepal hacked by w3bdf4c3r & n3ll4!h4ck3r. According to the hacker there was SQL-i vulnerability on their site, using that they hacked the entire Database exposed including admin details
Website:-
Vulnerable Link:-
www.nta.gov.np/en/aboutus/index.php?id=7
Exposed DB & Admin Credentials:-
##############ADMIN DETAILS#####################
USERNAME : Administrator
PASSWORD : cWccBbcbcLPCAYtMBA+c9jz6Q/Gvgn5FEPWxuwewFwY
##############SERVER DETAILS####################
web server operating system: Linux Debian or Ubuntu 6.0 (unstable sid or testing squeeze)
web application technology: Apache 2.2.16
back-end DBMS: MySQL 5.0
available databases [2]:
[*] dbase_nta
[*] information_schema
#########DATABASE NAMES############
Database: dbase_nta
[29 tables]
+----------------------+
| ajaxim_chats |
| ajaxim_users |
| poll_answers |
| poll_options |
| poll_questions |
| tblaboutus |
| tbladmin |
| tblarticles |
| tblemailtemplate |
| tblemployee |
| tblflashnews |
| tblgroup |
| tblindustry |
| tbllicenselist |
| tbllink |
| tbllinktype |
| tblmenu |
| tblmisreport |
| tblnewsnevents |
| tblperformanceform |
| tblperformancereport |
| tblpublicnotice |
| tblsettings |
| tblsitecontent |
| tblsitedefinition |
| tblsubscriber |
| tblsuccessstory |
| tbltestimonials |
| tblwhatsnew |
+----------------------+
Database: dbase_nta
Table: tbladmin
[8 columns]
+--------------------+-------------+
| Column | Type |
+--------------------+-------------+
| account_created_on | datetime |
| admin_id | int(11) |
| fullname | varchar(90) |
| last_logged_on | datetime |
| logged_times | int(11) |
| password | varchar(90) |
| user_type | int(11) |
| username | varchar(90) |
+--------------------+-------------+
Database: dbase_nta
Table: tbladmin
[7 entries]
+---------------+
| username |
+---------------+
| Administrator |
| newadmin |
| License |
| skhatiwada |
| employee |
| shiva |
| hiranya |
+---------------+
Database: dbase_nta
Table: tbladmin
[7 entries]
+-----------------------------------------------------+
| password |
+-----------------------------------------------------+
| cWccBbcbcLPCAYtMBA+c9jz6Q/Gvgn5FEPWxuwewFwY= |
| kDe+yWtg8ig1c7u/xUFGUNW346lxji9dULxj0zEgDpo= |
| dbeHX/VJnZX/k1WWX1/PgNtQ9J3vOAH4wRbOknMZpmM= |
| Cgvlz3lhqdQjnJme8mPyPbIz4aAcNrbcBrbG+qng10I= |
| ktvKe8xBnYQSdYdCXXqsUe1NPdyxubXuDiZqZhOc8U8= |
| b12d9c7d622fbf7c4d1ed40a3b13ada1ab342c5a (newworld) |
| tR2rHWvfuW1jUXZmetwRs+ggUx4D5ROXqBwOqG87Mos= |
+-----------------------------------------------------+
Database: dbase_nta
Table: tbladmin
[7 entries]
+-------------------+
| fullname |
+-------------------+
| Udaya Raj Regmi |
| new admin |
| License Section |
| Sunil Khatiwada |
| employee |
| shiva ram |
| HIiranya Bastkoti |
+-------------------+
Database: dbase_nta
Table: ajaxim_users
[7 columns]
+-----------+---------------------+
| Column | Type |
+-----------+---------------------+
| buddylist | text |
| email | text |
| id | bigint(20) unsigned |
| is_online | int(11) |
| last_ping | text |
| password | text |
| username | text |
+-----------+---------------------+
Database: dbase_nta
Table: ajaxim_users
[3 entries]
+-------------+
| username |
+-------------+
| sumanshakya |
| testuser |
| admin |
+-------------+
Database: dbase_nta
Table: ajaxim_users
[3 entries]
+-----------------------+
| email |
+-----------------------+
| nqholder@hotmail.com |
| test@test.com |
| nqholdesr@hotmail.com |
+-----------------------+
Database: dbase_nta
Table: ajaxim_users
[3 entries]
+-------------------------------------------+
| password |
+-------------------------------------------+
| 0e02d54612f4e7e959aea25c5a43a2ea |
| 098f6bcd4621d373cade4e832627b4f6 (test) |
| 21218cca77804d2ba1922c33e0151105 (888888) |
+-------------------------------------------+
Database: dbase_nta
Table: tblemployee
[9 columns]
+----------------+---------------+
| Column | Type |
+----------------+---------------+
| department | tinytext |
| dt_appointment | date |
| email | varchar(200) |
| emp_id | int(11) |
| fullname | varchar(300) |
| grp_id | int(11) |
| isenable | enum('Y','N') |
| post | text |
| qualification | text |
+----------------+---------------+
Database: dbase_nta
Table: tblemployee
[5 entries]
+------------------+
| fullname |
+------------------+
| Shakya
Suman |
| ss |
| Suman Shakya |
| Sam Shrestha |
| Suresh Shrestha |
+------------------+
Database: dbase_nta
Table: tblemployee
[5 entries]
+-------------------------+
| email |
+-------------------------+
| nqholder@hotmail.com |
| suman.nta.com.np |
| nqholder@hotmail.com |
| sam@nta.com.np |
| sureshthedude@gmail.com |
+-------------------------+
For More Info Click Here
Danish Government 11 GB Data Breached 1,000,000 Companies Private Info Leaked
Antisec hackers Strikes again. This time the victim is Danish Government. The Hackers groups hacked and expose the full database of 11GB which includes 1,000,000 companies private information.Anonymous twitted about this case
According to Their Official Sources (Aaron Swartz):-
The files in this torrent contain of the snapshot the the Danish Government database of companies. ΓΓé¼┼ôCVR, Det Centrale VirksomhedsregisterΓΓé¼┬¥ translates directly to ΓΓé¼┼ôThe Central Company RegisterΓΓé¼┬¥. The contents of the database is currently browsable on the cvr.dk website, but the database is not available in bulk unless you purchase a license.
The snapshot was obtained during the summer of 2011 by systematically harvesting data from the public parts of the cvr.dk website.
The snapshot was obtained during the summer of 2011 by systematically harvesting data from the public parts of the cvr.dk website.
Contents:-
CVRfull.zip: Archive containing xml files with company information, including html from cvr.dk
CVRCompact: As above, but without html
The included fields are as follows:
CVR: CVR-number (8-digit unique id, last digit is a checksum)
Corporation Type: Integer denoting type of company, eg. ΓΓé¼┼ô10 EnkeltmandsvirksomhedΓΓé¼┬¥ (Sole Proprietorship)
Incorporated: Date of registration
Dissolved: Date of dissolution, if dissolved
Industry: Code of the companyΓΓé¼Î“äós main areas of business, eg. ΓΓé¼┼ô494100 VejgodstransportΓΓé¼┬¥ (Transport of goods by road)
Document Content: Html of company page from cvr.dk (minus header and footer), only available in the ΓΓé¼┼ôfullΓΓé¼┬¥ version
The other fields are name, address, phone, fax and email -- they should be self-explanatory. If youΓΓé¼Î“äóre only interested in the information in these fields you should just get the compact file. If you want to parse more info out of the page you should get the full version which includes html.
There are approximately 1,000,000 companies in the dataset. CVR reports 550,000 companies in existence, but that is likely not including the dissolved ones.
This data is made freely available because it is wrong for the Danish government to require citizens to provide data for government databases, then use taxpayer money to gather, collate and store that data, only to ask citizens to pay if they want access to that same information from the the government.
There are approximately 1,000,000 companies in the dataset. CVR reports 550,000 companies in existence, but that is likely not including the dissolved ones.
This data is made freely available because it is wrong for the Danish government to require citizens to provide data for government databases, then use taxpayer money to gather, collate and store that data, only to ask citizens to pay if they want access to that same information from the the government.
To download the torrent file released by the hacker Click here
Pentagon Is Expanding Cyber-Security Program
The Pentagon is exploring whether to expand a pilot program that protects the networks of defense contractors to include other companies, and even those in industries that serve mainly civilians. But some private sector officials are not sure that the Defense Department should lead the effort.
Speaking at a conference in Baltimore this week, Deputy Defense Secretary William J. Lynn III said that the Defense Industrial Base (DIB) Cyber Pilot, which currently involves 20 large defense companies, is already showing signs of success. It relies on classified threat “signatures” or data that can help detect malicious code before it penetrates a network.
The signatures and other data that help detect threats are provided by the National Security Agency, which collects electronic data on foreign adversaries and operates under the auspices of the Pentagon. The signatures are loaded into devices run by the Internet service providers, including AT&T and Verizon, which provide Internet services to the companies.
The voluntary 90-day pilot, which the Pentagon said should be completed by early fall, has already shown that “it stops hundreds of signatures that we wouldn’t previously have seen,” Lynn said. “It appears to be cost-effective.”
The Pentagon has declined to give details to back up Lynn’s assertions. In an email earlier this week, Pentagon spokeswoman April Cunningham said: “We do not yet have enough information regarding the pilot to make any decisions about the success or effectiveness of the pilot.” She added: “We are not yet in a position to discuss specific metrics.”
She declined to say whether the Pentagon tested NSA’s signatures and other data against other models for effectiveness. “It is the long-standing policy of the Department of Defense not to discuss matters of operational security.”
Speaking at a conference run by the Defense Information Systems Agency, Lynn expressed significant concern “that over the past decade we’ve lost terabytes of data to foreign intruders, foreign intelligence services, to attacks on corporate networks of defense companies.” A great deal of it, he said, “concerns our most sensitive systems-- aircraft avionics, surveillance technologies, satellite communication systems, and network security protocols.”
As a result, he said, the Pentagon is considering expanding the pilot to more defense companies, and discussing with other agencies whether to “apply this same concept to other sectors, whether it’s the power sector, nuclear energy, the transportation sector or the financial sector.’’
But some officials in other industries questioned whether the Pentagon is the right leader for the effort. One concern involves privacy. NSA participation — even if tangential-- raises fears that the spy agency may at some point gain access to private citizens’ data. Defense officials have addressed that worry for now by saying that the government will not directly filter the network traffic or receive any of the captured malicious code.
Then there is the issue of who leads the initiative. The Department of Homeland Security, which is involved in the Pentagon’s cyber pilot program, is also working with other critical sectors on cyber security.
A financial services industry official, who was not authorized to speak publicly, said his industry would prefer “one point” of collaboration. That point, he said, likely would be DHS. “Let’s not have 10, 20, 30 different bilateral arrangements with each government agency and each sector,” he said. “That would result in a web of confusion.”
A telecom industry official, who also was not authorized to speak publicly, agreed: “What we would like is one consolidated government effort that we can hitch our wagons to.”
-News Source (Washington Post)
Serious Vulnerability Found By zSecure Team On The Web-Portal of Idea
A critical SQL-i vulnerability found on the web-portal of Ideacellular which can compromise the entire Database. This vulnerability has been found by zSecure Team. AS per the vulnerability analysis a smart black hat can exploit the entire DB, perform devastating attacks and also can get full access on their web-server.
Vulnerable Website:-
Vulnerability Type:-
Hidden SQL Injection Vulnerability
Database Type:-
MySql 5.0.27
Alert Level:-
Critical
Threats:-
Complete Database Access, Database Dump
Here are some Screen Shots to prove the Vulnerability:-
About Idea (Company Profile):-
Idea is the 3rd largest mobile services operator in India. Idea’s strong growth in the Indian telephony market comes from its deep penetration in the non-urban and rural markets. IDEA Cellular is an Aditya Birla Group Company, India’s first truly multinational corporation. The group operates in 26 countries, and is anchored by over 130,600 employees belonging to 40 nationalities. The Group has been adjudged the ‘6th Top Company for Leaders in Asia Pacific Region’ in 2009, in a survey conducted by Hewitt Associates, in partnership with The RBL Group, and Fortune. The Group has also been rated ‘The Best Employer in India and among the Top 20 in Asia’ by the Hewitt-Economic Times and Wall Street Journal Study 2007.
-News Source (Zsecure.net)
Epson Korea Hacked More Than 350,000 Customers' Data Stolen
Epson Korea Co., the South Korean unit of Japan's Seiko Epson Corp., said Saturday that its Web site has been hacked, causing the private information of 350,000 users to be leaked.
"We have discovered through an internal investigation that the customers' data were leaked. We apologize for causing the trouble," said Epson Korea in a pop-up notice on its Web site.
The company said that it had detected the security breach a week ago but reported the cyber attack to the Korea Communications Commission (KCC) belatedly on Thursday. The company said that it has put more priority on informing its customers of the hacking.
Personal information leaked included names, user IDs, passwords and resident registration numbers, according to the company. Epson Korea said it is trying to track the hackers but has found no trace of them.
Epson Korea said that it has asked its customers to change their passwords on its Web sites and other portal sites.
Also Saturday, Gabia, a local Web domain management company, said its system was hacked, which subsequently affected Web connections with its clients. Cafe24, one of Gabia's clients, said the problem did not cause any private information to be leaked.
Two popular Web sites operated by SK Communications Co. were hacked in late July, causing the private information of 35 million users to be leaked. A local court earlier this week ordered the operator of South Korea's third most-visited Internet portal to pay a victim 1 million won (US$925) in compensation.
-News Source (Yonhap News Agency)
Supercookies Of MSN Has Been Disabled By Microsoft
Microsoft has eliminated controversial "supercookies" that were present on MSN.com, in response to research that detailed the user-tracking technique. Unlike regular cookies, or even newer Flash cookies, the latest generation of tracking technologies can't be disabled by browser users, even with privacy add-ons. That revelation surfaced late last month, in two separate research papers.
The first paper, "Tracking the Trackers: Microsoft Advertising (cache and ETag supercookies)," written by Stanford University graduate student Jonathan R. Mayer, highlighted new, persistent-cookie techniques being used by Microsoft on its MSN.com site.
In response to that paper, released in July, Microsoft on Thursday disclosed that it had immediately investigated Mayer's assertions, identified the code in question, and disabled it.
The first paper, "Tracking the Trackers: Microsoft Advertising (cache and ETag supercookies)," written by Stanford University graduate student Jonathan R. Mayer, highlighted new, persistent-cookie techniques being used by Microsoft on its MSN.com site.
In response to that paper, released in July, Microsoft on Thursday disclosed that it had immediately investigated Mayer's assertions, identified the code in question, and disabled it.
"We determined that the cookie behavior he observed was occurring under certain circumstances as a result of older code that was used only on our own sites, and was already scheduled to be discontinued," said Mike Hintze, associate general counsel for regulatory affairs at Microsoft, in a blog post.
"We accelerated this process and quickly disabled this code. At no time did this functionality cause Microsoft cookie identifiers or data associated with those identifiers to be shared outside of Microsoft," he said. "We are committed to providing choice when it comes to the collection and use of customer information, and we have no plans to develop or deploy any such 'supercookie' mechanisms."
"We accelerated this process and quickly disabled this code. At no time did this functionality cause Microsoft cookie identifiers or data associated with those identifiers to be shared outside of Microsoft," he said. "We are committed to providing choice when it comes to the collection and use of customer information, and we have no plans to develop or deploy any such 'supercookie' mechanisms."
Interestingly, the use of ETag supercookies that Mayer discovered wasn't limited to Microsoft. In fact, a separate group of researchers found similar techniques at use in a wide range of websites, as detailed in their paper, "Flash Cookies and Privacy II: Now with HTML5 and ETag Respawning," released late last month.
That report's co-author, Ashkan Soltani, an independent privacy researcher, said in a blog post that the team discovered the new tracking techniques when recreating their 2009 study,
"which found that websites were circumventing user choice by deliberately restoring previously deleted HTTP cookies using persistent storage outside of the control of the browser (a practice we dubbed 'respawning')." The technique is often used by online advertisers and their affiliates to track online behavior.
In the course of the new research, the team identified 5,600 HTTP cookies used on popular sites, 88% of them from third parties. Google-run cookies were present on 97 of the top 100 websites--including government websites--and Flash cookies were also present on 37 of the top 100 websites. In addition, 17 sites used HTML5, with seven also used "HTML5 local storage and HTTP cookies with matching values," said Soltani.
In addition,
In the course of the new research, the team identified 5,600 HTTP cookies used on popular sites, 88% of them from third parties. Google-run cookies were present on 97 of the top 100 websites--including government websites--and Flash cookies were also present on 37 of the top 100 websites. In addition, 17 sites used HTML5, with seven also used "HTML5 local storage and HTTP cookies with matching values," said Soltani.
In addition,
"we found two sites that were respawning cookies, including one site--hulu.com--where both Flash and cache cookies were employed to make identifiers more persistent," he said. "The cache cookie method used ETags, and is capable of unique tracking even where all cookies are blocked by the user and 'Private Browsing Mode' is enabled."
Exactly what are ETags? According to the report, "ETags are tokens presented by a user's browser to a remote webserver in order to determine whether a given resource (such as an image) has changed since the last time it was fetched. Rather than simply using it for version control, we found KISSmetrics returning ETag values that reliably matched the unique values in their 'km_ai' user cookies."
Wired first reported those findings, which led television streaming website Hulu.com to sever ties with one of the supercookie-using tracking firms detailed in the report, startup KISSmetrics. Spotify also suspended its relationship with the company, pending an investigation.
In a blog post, Hiten Shah, CEO of KISSmetrics, slammed the report for inaccuracies, arguing that it "significantly distorts our technology and business practices." Namely, he said, while his company employs a unique identifier for every person it tracks, even across websites, "internally, these identifiers are instantly translated into unique identifiers for each customer, and KISSmetrics has gone to extensive lengths to avoid linking any information from different customers, including segregating each customer's data in a completely separate database."
According to Shah, the same day the report was released, the first of two related lawsuits were filed against his company.
Hulu's move to sever ties over controversial marketing practices isn't surprising, considering it had been named in a previous class action lawsuit that resulted from Soltani's original respawning study, released in 2009. The result of that lawsuit was a $2.4 million settlement in December 2010, and a promise by Clearspring and Quantcast to discontinue using the technology.
Meanwhile, other defendants in the suit--ABC, ESPN, Hulu, JibJab Media, MTV Networks, NBC Universal, and Scribd--agreed to warn user if Flash was being used to track them, and to detail in their website privacy policies how to block the practice.
How can users stop supercookies? While do not track capabilities in browsers have attracted much attention lately as a way to block persistent tracking, supercookies can't currently be stopped from within the browser. Accordingly, blocking supercookies might require some type of privacy legislation that compels U.S. businesses to respect users' "do not track" intentions, as well as to disclose their tracking techniques.
-News Source (Information Week)
