NASA, Sony, Adidas, SPIKE TV & Few Other Govt Websites Are Vulnerable - Said "TeamHav0k"

NASA, Sony, Adidas, SPIKE TV & Few Other Govt Websites Are Vulnerable - Said "TeamHav0k"

Newly formed hacker group named "TeamHav0k" continues their Operation XSS #OPXSS. Like earlier they have found cross site scripting vulnerability in many high profile websites. This time NASA, adidas Official Store, SPIKE TV Official Site, Brighton& Hove City council,  Air Accident Investigation Branch [Govt of UK], Portal and Information Services of Tocantins [Govt of Brazil] became the victim. In a pastebin release the hacker group claimed that using the vulnerabilities an attacker can perform cookie stealing, XSS & XSSF Tunneling and such nasty things. Which indeed can create serious harm for those vulnerable sites. They have also found redirection vulnerability on the official website of Sony Global Headquarters later it was patched. 

Earlier TeamHav0k figure out XSS vulnerability in the official site Huffingtonpost, EA, IGN, NYTimes & many other. 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">NASA, Sony, Adidas, SPIKE TV & Few Other Govt Websites Are Vulnerable - Said "TeamHav0k""https://www.voiceofgreyhat.com/2012/02/nasa-sony-adidas-spike-tv-few-other.html</a>

Zappos.com Server Compromised, 24 Million Customer Details Stolen

US-based online shoe and apparel shop Zappos has beacme another victim of cyber criminals. The Zappos authority has confirmed this recent breach. Immediately Zappos told their 24 million users to reset their passwords. The security breach by an unknown party or parties through one of the company's servers in Kentucky is said to have exposed the private data of the Amazon.com subsidiary's more than 24 million customers.
In an email sent to customers, Zappos CEO Tony Hsieh said that information that may have been accessed in the breach included customer names, email addresses, billing and shipping addresses, telephone numbers and the last four digits of credit cards used, as well as "cryptographically scrambled" versions of site passwords. The database that contains customer's full credit card details and other payment data "was not affected or accessed", added Hsieh. As a security precaution, Zappos.com has reset and expired customer passwords; customers who use the same or a similar password on other sites are advised to change those as well.
"We've spent over 12 years building our reputation, brand, and trust with our customers. It's painful to see us take so many steps back due to a single incident," Hsieh's e-mail said The company says that it is cooperating with law enforcement and that an investigation is currently taking place. Customers of 6pm.com, which is owned by Zappos, are also affected.

In 2011 we have seen  several cases. Sony, PSN, City Bank, CSDN, Square Enix, Maple story and many more became the victim of cyber attack.

-Source (The-H)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Zappos.com Server Compromised, 24 Million Customer Details Stolen"https://www.voiceofgreyhat.com/2012/01/zapposcom-server-compromised-24-million.html</a>

FreeBSD & PC-BSD 9 Released !!

Hello BSD user I have 2 good news for you and that is both Free BSD & PC BSD 9 has been released. 

Brief About FreeBSD:-

FreeBSD is an advanced operating system for modern server, desktop, and embedded computer platforms. FreeBSD's code base has undergone over thirty years of continuous development, improvement, and optimization. It is developed and maintained by a large team of individuals. FreeBSD provides advanced networking, impressive security features, and world class performance and is used by some of the world's busiest web sites and most pervasive embedded networking and storage devices. For more information about this release click here.

Some Highlights:- 

• The FreeBSD Release Engineering Team is pleased to announce the availability of FreeBSD 9.0-RELEASE. This is the first release from the stable/9 branch, which improves on stable/8 and adds many new features.
• A new installer, bsdinstall(8) has been added and is the installer used by the ISO images provided as part of this release
• The Fast Filesystem now supports softupdates journaling
• ZFS updated to version 28
• Updated ATA/SATA drivers support AHCI, moved into updated CAM framework
• Highly Available Storage (HAST) framework
• Kernel support for Capsicum Capability Mode, an experimental set of features for sandboxing support
• User-level DTrace
• The TCP/IP stack now supports pluggable congestion control framework and five congestion control algorithm implementations available
• NFS subsystem updated, new implementation supports NFSv4 in addition to NFSv3 and NFSv2
• High Performance SSH (HPN-SSH)
• Flattened device tree (FDT), simplifying FreeBSD configuration for embedded platforms
• The powerpc architecture now supports Sony Playstation 3
• The LLVM compiler infrastructure and clang have been imported
• Gnome version 2.32.1, KDE version 4.7.3

To Download FreeBSD 9 Click Here

******

Brief About PC-BSD:-

PC-BSD is a user friendly desktop Operating System based on FreeBSD. Known widely for its stability and security in server environments, FreeBSD provides an excellent base on which to build a desktop operating system. PC-BSD uses a host of popular open source window managers and uses a custom-tailored application installer that puts popular applications in easy reach of users. For more information click Here

Some Highlights:-

• Based upon FreeBSD 9.0-RELEASE
• Support for installing a variety of Window Managers, such as KDE, GNOME, XFCE, LXDE and more!
• Improved PBI system, allows library sharing, binary diff updating, custom repositories, digital signing and more!
• Support for "freebsd-update" via the System Update GUI.
• New Control Panel, providing consistent configuration options across various Window Managers.
• Improved networking utilities, including wifi quick-connect.
• Enhanced "Life-Preserver" utility for doing off-site rsync backups of user data.
• New VirtualBox / VMware disk images, with integrated guest tools.
• Support for UFS+Journaling out of box
• New graphical boot options page
• Support for installation to BootCamp partitions on OSX systems.
• And much more!

To Download PC-BSD 9 Click Here

*****

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">FreeBSD & PC-BSD 9 Released !!"https://www.voiceofgreyhat.com/2012/01/freebsd-pc-bsd-9-released.html</a>

Sony Pictures Official Website & Facebook Page Hacked By Anonymous (#OpSony)

Remember few days ago we have covered that hacktivist Anonymous has given warning to Sony. Recently the have posted a YouTube video declaring that they will hack Sony again. If Sony doesn't stop their support of the Stop Online Piracy Act. Anonymous has confirmed that they have once again hacked Sony Pictures, gaining access to their Facebook account and website. Anonymous did threaten Sony for supporting the controversial SOPA bill and now it seems that the threats materialized.

The hack hit the Sony Pictures Facebook page and its web site homepage, according to reports and tweets from those involved. Comments were left on the web pages, but have since been removed.

The attacks carry the name #OpSony and were noted through the @s3rver_exe Twitter account. 

"#OpSony SonyPictures Hacked! by s3rver.exe , Anonnerd and N3m3515," says a tweet from that user, who continued, "I uploaded a @YouTube video (link removed) Sony Pictures Hacked By Anonymous."

"The hack wasn't big, but still the servers were vulnerable and I got access to the admin too," The Hacker added.

In 2011Anonymous caused major problems for Sony after successfully hacking into the firm's online gaming network and stealing the login information of thousands of users, forcing the system offline for several weeks.

-Source (The Inquirer)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Sony Pictures Official Website & Facebook Page Hacked By Anonymous (#OpSony)"https://www.voiceofgreyhat.com/2012/01/sony-pictures-official-website-facebook.html</a>

Anonymous Gave Warning To Sony (#OpBlackout, #OpLulzxmas, #OpMayhem)

Earlier we have told that Anonymous has reacted against the controversial Stop Online Piracy Act (SOPA) reconvenes by the US Senate. This bold protest of Anonymous continues. Recently the have posted a YouTube video declaring that they will hack Sony again. If Sony doesn't stop their support of the Stop Online Piracy Act. They have specifically said they are not hacking the PlayStation Network. "We're hacking the SONY network and exploiting its servers. NOT PLAYSTATION NETWORK" 

Video Release Of Anonymous:- 

According To The Video:-

"Your support to the act is a signed death warrant to SONY Company and Associates," Anonymous said in the video. "Therefore, yet again, we have decided to destroy your network. We will dismantle your phantom from the internet. Prepare to be extinguished. Justice will be swift, and it will be for the people, whether some like it or not. Sony, you have been warned."

A Message From Anonymous To Sony:- 

Brief About SOPA:-
The Stop Online Piracy Act is a bill that was introduced in the United States House of Representatives on October 26, 2011. The bill will increase the power of the U.S. Department of Justice and copyright holders.  The bill "would expand the ability of federal law enforcement to shut down foreign Web sites and services that that use counterfeited or pirated content created by U.S. firms."

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Anonymous Gave Warning To Sony (#OpBlackout, #OpLulzxmas, #OpMayhem)"https://www.voiceofgreyhat.com/2012/01/anonymous-gave-warning-to-sony.html</a>

Square Enix Server Hacked, More Than 1.8 Million Gamers Accounts Compromised

Square Enix the famous franchise for the Final Fantasy and Dragon Quest compromised. The Square Enix Authority reported that a hacker gained unauthorized access to one of their servers thus the attacker managed to access the personal information of 1.8 million gamers in the US and Japan. Though the company spokes man claimed that no credit card information was compromised in this attack. The video game industry has been the target of several hacker attacks this year. Few days ago 13 million MapleStory players personal data was also stolen. It was one of the largest cyber attack happened in South Korea. Earlier such phenomena took place in Sony PSN breaching case, there more than 93K user details ware compromised. 

In an exclusive report it is demonstrated that  the target of the attack was a free fan site called Square Enix Members. Officials at Square Enix noticed the unauthorized access on December 12 and subsequently shut the site down to investigate. Members of the site register using their email addresses but some enter additional information like names, addresses and phone numbers. A spokesperson for Square Enix said no credit card information is stored on the server.

Those affected include 1 million users from Japan and 800,000 gamers in the US. As of writing, the Square Enix Members site remains offline, instead redirecting visitors to a page explaining the breach and actions the company is taking moving forward. The message indicates that the suspension will continue for a few days until the security team completes their investigation and counter-measures are in place.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Square Enix Server Hacked, More Than 1.8 Million Gamers Accounts Compromised"https://www.voiceofgreyhat.com/2011/12/square-enix-server-hacked-more-than-18.html</a>

Konami Updates Security System To Stop Hackers

Gaming giant Konami upgraded its security system to stop hackers. The Authority was in hurry to implement their system because they keep in mind that how Sony was compromised, PSN breached and also couple of days before 13 million MapleStory Players info was stolen and so on. So Konami no longer wants to keep their users in danger. So  In a pre-emptive strike against cyber criminals, Konami is to adopt Digipass online security for e-Amusement Gate and its Konami Style shopping service.

In a press release today, Digipass owner Vasco said "Cybercriminals have a real economic incentive to acquire online gaming accounts as it offers a good return for relatively low risks.

"With fraud statistics on the rise, game developer Konami realized the need to implement a security solution for its community site e-Amusement Gate and its online shopping channel Konami Style."

The press release explains how consumers will be protected by using a one-button authenticator to access Konami's services.

"The company implemented VASCO's VACMAN Controller authentication back-end software in combination with DIGIPASS technology allowing its customers to log-on securely to Konami's online services," it reads.

"Customers can choose for DIGIPASS GO 6 one-button authenticator KONAMI one-time password service. VASCO's strong authentication provides a solid defence against keyloggers and identity theft and adds an additional security layer offering Konami's customers adequate protection." 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Konami Updates Security System To Stop Hackers"https://www.voiceofgreyhat.com/2011/11/konami-updates-security-system-to-stop.html</a>

Google TV Update For Android 3.1 (Honeycomb)

Google announced on its Google TV blog Friday that the platform will be upgraded to Android 3.1 (otherwise known as Honeycomb) for Sony devices Sunday, with the Logitech Revue set-top box getting its upgrade "soon thereafter." What will you get with this software upgrade to Android? Google says it's "much simpler." Its customization capabilities will go a long way toward alleviating the awkwardness of its first iteration, which Google admits was "not perfect."
And the addition of the Android Market will open up a variety of applications, with the promise of more -- perhaps thousands more -- on the way. One welcome improvement will be an easier ability to search across all the TV shows at your disposal. With this update, Google's trying to answer that age-old question, "What's on?" If Google can pull that off, it could be a powerful thing indeed. The company says it has learned from its mistakes with the first version of Google TV and is "committed to find the best way to discover and engage with the high-quality entertainment on your television." So does that mean Google TV will be able to find all the shows from whichever cable or satellite provider you're subscribing to, or from the web via all of the apps within Google TV, such as Netflix, Amazon Instant Video, and HBO Go? Maybe. Of course, Google plans to improve Google TV's search across YouTube, its own video streaming service.
In the blog post, Google also hinted at future software updates (Ice Cream Sandwich, anyone?) and new devices "on new chipsets from multiple hardware partners." Hey, this is getting interesting.
We'll have to reserve judgment until we can install this software update on our Logitech Revue box, but for now, clearly this update has great potential. It makes perfect sense for Google -- purveyor of Android, the Chrome browser, YouTube and by the way, the world's search expert -- to leverage these powerful capabilities in its TV set-top. The hurdle Google needs to navigate is not so much a technical or software one, but a matter of negotiating and arm-twisting of content providers. Will the company gain cooperation from TV networks and movie studios, allowing their content to be searchable on the Google TV platform? That's the key to Google TV's success.

• To see the google TV blog post click Here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Google TV Update For Android 3.1 (Honeycomb)"https://www.voiceofgreyhat.com/2011/11/google-tv-update-for-android-31.html</a>

FBI Arrested 2 More Suspected Members of Anonymous & Lulzsec (Hacktivist)

It looks like the Federal Bureau of Investigation's been especially busy over the past 48 hours, because they're suddenly snatching up alleged members of hack collectives LulzSec and Anonymous across the United States.

According to FOX News:- F.B.I. arrested two members allegedly affiliated with LulzSec and Anonymous yesterday morning—one in San Francisco, one in Phoenix—while a third suspect was charged in Ohio Add Minnesota, Montana and New Jersey to the state roster: an F.B.I. official toward FoxNews.com Thursday that search warrants were underway in those states, too.

The arrested? According to a federal indictment, 23-year-old Cody Kretsinger of Phoenix, charged with conspiring to cause damage to a computer without authorization. Kretsinger allegedly used a virtual private service to probe Sony Pictures' computer systems for vulnerabilities, launched a SQL injection attack against said computers, stole confidential information in the process, handed it over to other members of LulzSec, publicized the attack, posted information from the attack online, then wiped the hard drive of the computer used to conduct the attack clean.

The other two arrested—Christopher Doyon, 47, from Mountain View, California and Joshua Covelli, 26, from Fairborn, Ohio—were charged with conspiring to damage computers and eventually putting paid to that conspiracy. They allegedly executed a distributed denial of service (DDOS) attack against Santa Cruz County, California's computer systems last year.

-News Source (Fox News)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">FBI Arrested 2 More Suspected Members of Anonymous & Lulzsec (Hacktivist)"https://www.voiceofgreyhat.com/2011/10/fbi-arrested-2-more-suspected-members.html</a>

Sony is Going to Release "PlayStation Vita" (Portable Video Game Player)

Sony is planning to release the PlayStation Vita, a portable video game player, on February 22, 2012, in the United States, Canada and Europe, the company announced at a technology conference on Tuesday.

The Vita will succeed the PlayStation Portable, or PSP, and PlayStation Go, a smaller version of the hand-held device. The Vita has a touchscreen and a touch-sensitive pad on the back of the device, along with the buttons and control sticks gamers expect to see on controllers.

Sony Computer Entertainment CEO Jack Tretton and a Sony spokesman demonstrated a sequel to a popular PlayStation 3 game called "Uncharted: Golden Abyss." Players can use the standard controller or manipulate the character using touch controls, as the spokesman showed onstage at the Web 2.0 Summit. The game looks very attractive -- but when shown on the big screen, not as sharp as a console game.

Sony previously announced pricing for the Vita, with a version that connects to the Web via Wi-Fi costing $250 and another that has 3G wireless data connectivity for $300.

Nintendo made deep price cuts to its portable 3DS system just five months after a strong launch when sales began to slow.

Analysts expect Sony will struggle to sell consumers a dedicated hand-held game machine now that smartphones and tablets have become powerful enough to handle powerful games.

"The advent of smartphone gaming is quite additive to what we're trying to accomplish," Tretton said. People may look to the Vita when they want to graduate from more simplistic games sold on phones, he said.

The Vita will first hit stores on December 17 in Japan, where Sony's portable systems have fared better.

-News Source (Sony & CNN)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Sony is Going to Release "PlayStation Vita" (Portable Video Game Player)"https://www.voiceofgreyhat.com/2011/10/sony-is-going-to-release-playstation.html</a>

Sony Again Under Massive Attack, 93K Accounts Compromised

Sony's online services have been the target of another large-scale attack. In a press release, Sony said that attackers made multiple attempts to intrude into users' Sony online service accounts. Apparently, the attacks targeted the Playstation Network (PSN), the Sony Entertainment Network (SEN) and Sony Online Entertainment (SOE) between 7 and 10 October. 

According to Official Press Release of Sony:-

"Sony Network Entertainment International LLC and Sony Online Entertainment (SOE) have detected a large amount of unauthorized sign-in attempts on PlayStation®Network (PSN), Sony Entertainment Network (SEN) and Sony Online Entertainment (SOE) services. We discovered these attempts and have taken steps to mitigate the activity.
Less than one tenth of one percent of our PSN, SEN and SOE consumers may have been affected. There were approximately 93,000 accounts (PSN/SEN: approximately 60,000 accounts; SOE: approximately 33,000) where the attempts succeeded in verifying those accounts’ valid sign-in IDs and passwords, and we have temporarily locked these accounts. As a preventative measure, we will be sending email notifications to these account holders and will be requiring secure password resets or informing consumers of password reset procedures.
Credit card numbers associated with these accounts are not at risk as a result of these unauthorized attempts. Only a small fraction of these 93,000 accounts showed additional activity prior to being locked. We are continuing to investigate the extent of unauthorized activity on any of these accounts.
These attempts appear to include a large amount of data obtained from one or more compromised lists from other companies, sites or sources. These were unauthorized attempts to verify valid user accounts on our services using very large sets of sign-in IDs and passwords. Between October 7 - 10 US Pacific Daylight Time, we confirmed that these were unauthorized attempts, and took steps to thwart this activity. "

-News Source (Sony Corporation)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Sony Again Under Massive Attack, 93K Accounts Compromised"https://www.voiceofgreyhat.com/2011/10/sony-again-under-massive-attack-93k.html</a>

Top 5 DDoS Attacks of 2011, Exclusive Report By Corero Network Security

Corero Network Security (cns:LN), the leader in on-premises Distributed Denial of Service (DDoS) Defense Systems for enterprises, data centers and hosting providers, named its list of 2011's Top 5 DDoS attacks. Corero's findings show an increase in newer, intelligent application-layer DDoS attacks that are extremely difficult to identify "in the cloud," and often go undetected until it is too late. Corero also found an uptick in attacks against corporations by "hactivists" DDoS-ing sites for political and ideological motives, rather than financial gain. Attacks against Mastercard, Visa, Sony, PayPal and the CIA top Corero's list.
"The cat-and-mouse game between IT administrators, criminals and hactivists has intensified in 2011 as the number of application-layer DDoS attacks has exploded. Coupled with an increase in political and ideological hactivism, companies have to be extremely diligent in identifying and combating attempts to disable their websites, steal proprietary information and to deface their web applications, " said Mike Paquette, chief strategy officer, Corero Network Security.

Corero's 2011 Top 5 DDoS Attacks:-

1. Anonymous DDoS Attacks on WikiLeaks "Censors" Visa, MasterCard and PayPal. The most significant DDoS attack so far this year, the WikiLeaks-related DDoS attacks on Visa, MasterCard and PayPal were both Anonymous' "coming out" party, and the first widespread example of what has been dubbed "cyber rioting" on the Internet, with virtual passersby joining in the attack voluntarily.

2. Sony PlayStation Network DDoS. A shocking wake-up call for many gamers, customers and investors, the Sony Playstation Network DDoS attack began a series of cyber attacks and data breaches that damaged Sony financially and hurt its reputation.

3. CIA and SOCA Hit by LulzSec DDoS Attacks. The appearance of LulzSec on the cyber attack scene, highlighted by bold DDoS attacks on the CIA and the U.K. Serious Organised Crime Agency (SOCA), made us wonder if anyone was safe on the Internet.

4. WordPress DDoS. A massive DDoS attack disrupted one of the world's largest blog hosts--some 18 million websites. The huge attack hit the company's data centers with tens of millions of packets per second.

5. Hong Kong Stock Exchange. This DDoS attack had a major impact on the financial world, disrupting stock market trading in Hong Kong. This was a highly leveraged DDoS attack, potentially affecting hundreds of companies and individuals through a single target.

For all the pain and suffering DDoS attacks have caused, there are a number of best practices that companies can implement to reduce their risk. The most effective defense against DDoS attacks requires expert preparation of defensive resources, ongoing vigilance and a rapid, organized response.

-News Source (Corero Network Security)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Top 5 DDoS Attacks of 2011, Exclusive Report By Corero Network Security"https://www.voiceofgreyhat.com/2011/10/top-5-ddos-attacks-of-2011-exclusive.html</a>

Lulzsec Member Recursion Might Have to Face 15 Years of Imprisonment

The FBI has arrested a member of the LulzSec hacking group over its attacks on Sony Pictures earlier this year. Cody Kretsinger, who goes by the name ‘Recursion', was arrested during a raid on his home in home in Arizona. Kretsinger has been charged with conspiracy and the unauthorized impairment of a protected computer, and faces a statutory maximum sentence of 15 years in prison.
An FBI statement alleges that Kretsinger was involved in the hack on Sony Pictures, and the distribution of information stolen from the company. The statement said that he posted the stolen information on the LulzSec site, and announced the attack via Twitter. He is also alleged to have erased the hard drive of the computer used to attack Sony, in a bid to avoid detection. Four other raids were conducted looking for members of Anonymous, which has loose affiliations with LulzSec.
LulzSec embarked on a string of high profile attacks between May and July this year, targeting the US Senate, the CIA, the NHS, and Sony, but the group claimed to have disbanded.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Lulzsec Member Recursion Might Have to Face 15 Years of Imprisonment"https://www.voiceofgreyhat.com/2011/09/lulzsec-member-recursion-might-have-to.html</a>

2 Member of Anon & Lulz Busted By FBI

The FBI arrested two alleged members of the hacking collectives LulzSec and Anonymous on Thursday morning in San Francisco and Phoenix and secured charges against a third suspect from Ohio, the Justice Department confirmed Thursday. Search warrants were also being executed in New Jersey, Minnesota and Montana, an FBI official told FoxNews.com, which first reported the arrests. One individual was described as part of the LulzSec group, the other part of the group that calls itself Anonymous, the official said.
Cody Kretsinger, a 23-year-old from Phoenix, was charged with conspiracy and the unauthorized impairment of a protected computer, according to the federal indictment unsealed Thursday morning. In another indictment, Christopher Doyon, 47, of Mountain View, Calif., and Joshua Covelli, 26, of Fairborn, Ohio, were charged with conspiracy to cause intentional damage to a protected computer, causing intentional damage to a protected computer and aiding and abetting. The indictment says both men participated in a "Distributed Denial of Service (DDoS)" attack on Santa Cruz County, Calif.'s computer servers in 2010, causing them to go offline. It alleges that the attack was carried out by the People's Liberation Front, which is associated with hacking groups such as Anonymous. 

Kretsinger, who goes by the online name "recursion," is believed to be a current or former member of LulzSec and is accused of being involved in the Sony Hacking Case

-News Source (FOX & CNET)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">2 Member of Anon & Lulz Busted By FBI"https://www.voiceofgreyhat.com/2011/09/2-member-of-anon-lulz-busted-by-fbi.html</a>

Sony Pakistan Hacked By Optik Fiber (Team Openfire)

Sony Pakistan Hacked By Optik Fiber of Team Openfire also known as Indian Cyber Force. The hacker group hacked the Database of Sony Pakistan and exposed  admin credentials and so on.
Websites:-
http://sonycenter.com.pk/

Here are some exposure submitted by Team Openfire:-

INFECTED FILE : CATEGORY.PHP
ADMIN USERNAME :- admin                                       
PASSWORD :- pa$$word

For More Information Click Here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Sony Pakistan Hacked By Optik Fiber (Team Openfire)"https://www.voiceofgreyhat.com/2011/09/sony-pakistan-hacked-by-optik-fiber.html</a>

Wikileaks Is Now Exposing Bollywood

WikiLeaks is a non-profit media organization dedicated to bringing important news and information to the public who used to expose the governments across the globe. This time wikileaks is on Bollywood industry. Many of the cables are surprisingly succinct and contain detailed analysis of the Indian film industry that churns out almost 1000 films a year and generates billions of rupees in revenue. The documents look at different aspects of Bollywood, including its profitability, connections to organized crime, growth opportunities, and the Bollywood-Hollywood partnerships. India's movie industry generated an estimated Rs 10,700 crore in revenue in 2008, and that is expected to increase by an average of 11.5 per cent a year to 2013, Price water house Coopers said in a study.

• Hollywood-Bollywood Partnerships:-

Two documents that analysed the Hollywood-Bollywood partnership are critical of the Hindi film industry and the scope of US film studios in the second fastest growing economy. "Hollywood film studios, amongst the world's highest revenue earners, are increasingly beginning to stake their claim in Bollywood," a document said. "Though not without challenges, major US studios have started to try to capture a piece of this potentially lucrative market. US studios ranging from Sony, Disney, and Warner Brothers have co-produced Hindi movies attracted by the growth potential and opportunities in Indian cinema," it said.
The embassy cable said while big budget Hollywood action films - dubbed in vernacular languages - have done relatively well in India, success has eluded Hollywood-Bollywood co-production partnerships so far.

• Black Money:-

A leaked diplomatic cable also said that Bollywood welcomed funding from gangsters and politicians, known in India as "black money." While there is no direct reference of Dawood Ibrahim which allegedly financed a number of movies, the cable said that in recent decades, Bollywood has been associated with the notorious Mumbai underworld, at the nexus of gangsters, money, and politics.
According to Jehil Thakkar, Head of Media and Entertainment for (KPMG), this association stemmed from the financing needs of the industry; until 2000, by government fiat, the film industry was ineligible for bank credit, private equity, and other means of legitimate commercial financing.

• Bollywood & US Visa:-

Following intensive investigation which also included a visit to the shooting site of 'My Name is Khan' the US Consulate in Mumbai in 2009 concluded that Bollywood generally does not misuse the US visas issued to its crew. Home to one of the largest entertainment industries in the world, Mumbai sends many stars and production crews to the US on O1 and O2 visas, it said, adding that the investigation was based on reports of fraud in other categories of visas.
"The study found that O2 travelers have a low overstay rate of 1.6 per cent. Site visits to major Indian production houses and no evidence of fraud for O2 applicants further suggests that most entertainment companies in Mumbai do not intend to misuse their US visas," said the US Consulate in Mumbai its cable dated December 14, 2009, which was released by WikiLeaks on August 30. 

-News Source (Wikileaks & IBN)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Wikileaks Is Now Exposing Bollywood"https://www.voiceofgreyhat.com/2011/09/wikileaks-is-now-exposing-bollywood.html</a>

Sony Released Head Mounted Display Equipped With High Definition OLED Panel (Personal 3D Viewer, HMZ-T1)

 

Sony Corporation announced the launch of Head Mounted Display “Personal 3D Viewer” ‘HMZ-T1’, a device that offers a spectacular new style for viewing both 2D and 3D content. Simply slip the device onto your head to experience the movie theater-like virtual screen (equivalent to a 750-inch screen*2) expand before your eyes.*3
It is equipped with the newly-developed 0.7-inch (diagonal 18.0mm) high definition OLED panel (1280 x 720), which have been realized through Sony’s unique expertise in both OLED display and semiconductor silicon drive technologies. The ‘HMZ-T1’ achieves HD picture quality that makes full use of the OLED display’s high contrast, color reproducibility, and fast response. In addition, the device adopts the ‘Dual Panel 3D Method’ which consists of separate panels for the left and right eye in order to display independent HD picture quality to each eye, which realize 3D vision. The viewer can enjoy natural and bright 3D picture quality that is crosstalk-free. Furthermore, we have achieved a wide horizontal viewing angle of 45 degrees by incorporating an optical lens that thoroughly suppresses unwanted elements such as aberration and distortion. Viewers can now enjoy watching video on a movie theater-like big-screen (750-inch virtual screen, virtual viewing distance approx. 20m)*2. Sony has also adopted its original virtual surround signal processing technology. Combined with the high-resolution 3D picture quality, viewers will be able to fully enjoy powerful acoustics equivalent to a maximum of 5.1ch through the left and right headphones alone.

 Sony group has offered a wide range of 3D products and 3D content production systems, from industrial 3D filming and editing equipment and movie theater systems through to its “BRAVIA” LCD TVs, home projectors, Blu-ray™ Disc devices, Personal Computer VAIO and “PlayStation 3” while its “Handycam” and “Cyber-shot” cameras even enable people to film 3D video themselves. And now, this new 3D viewing style provided by ‘HMZ-T1’ will enable users to enjoy the movie theater-like experience whilst relaxing on their living room sofa, thus further expanding Sony’s 3D world.

Main Features:-

1. The high definition OLED panel delivers HD picture quality.
2. The ‘Dual Panel 3D Method’ delivers natural and bright 3D picture quality that is crosstalk-free.
3. Optical lens which realize wide 45-degree horizontal viewing angle (750-inch virtual screen, virtual viewing distance approx. 20m)*2 which is equivalent to a movie theatre screen, while the shielding construction creates a deep feeling of immersion.
4. ‘5.1ch Virtual Surround Technology (Virtualphones Technology)’ for realistic and expressive sound.  

Demo:-

 

 

For more information & to see the official press release by Sony click Here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Sony Released Head Mounted Display Equipped With High Definition OLED Panel (Personal 3D Viewer, HMZ-T1)"https://www.voiceofgreyhat.com/2011/09/sony-released-head-mounted-display.html</a>

Judge Nicholas Loraine-Smith : Ryan 'LulzSec Hacker' is Banned From seeing His Girlfriend Alone

On the face of it, teenager Ryan Cleary appears the archetypal computer geek who retreated from the real world into a digital one. When he was charged with hacking into the website of the Serious Organized Crime Agency, observers branded him a recluse who needed to 'get a girlfriend'. But he was already dating Amy Chapman, 19, - and now a judge has refused his request to see her alone. The Aspergers sufferer is said to be a key member of the computer hacking network LulzSec, which has been blamed for attacks on the Serious Organised Crime Agency, the CIA, Sony and News International. He is alleged to have controlled a 'botnet' of up to half a million compromised computers which he used to launch 'denial of service' attacks against websites. He was charged in June and bail conditions imposed in court stipulate that he can only leave his home address with a parent.
Addressing London's Southwark Crown Court, his defence barrister Ben Cooper asked for this to be changed so Cleary could see Miss Chapman without his parents being present.

Refusing the application, Judge Nicholas Loraine-Smith said: 'I will not consider making a variation until the police have interviewed her and that they are satisfied that she is responsible enough to take on the duty.’ Cleary and fellow alleged LulzSec member Jake Davis, 18, were not required to attend the hearing. Davis is said to have operated from his bedroom in the Shetland Islands and used the online name Topiary.
The judge issued a stark warning to both defendants to comply with their bail conditions as he fixed their plea and case management hearing for January 27, 2012. 'First of all bail has to be on the same stringent terms for both of these defendants and I reiterate, as I did to one of them who has appeared before me, that if they breach any of these conditions they can be arrested and brought before the court and almost certainly remanded in custody,' he said.
Cleary, of South Beech Avenue, Wickford, Essex, is charged with five offences under the Computer Misuse and Criminal Law Acts.
He is alleged to have taken part in a denial of service attack - which cripple websites by overwhelming them with requests for data – that briefly brought down SOCA's site.
Cleary is also accused of involvement in two similar attacks on the websites of both the International Federation of the Phonographic Industry and its British counterpart on November 28 and October 29 respectively. A further charge alleges that he 'made, adapted, supplied or offered to supply' access to a 'botnet' - a network of computers, hijacked without their owners' knowledge - for use in the attacks.
Each of the three charges relating to DoS attacks carry a maximum jail sentence of 10 years, while the botnet charge could result in up to two years imprisonment. Davis, of Hoofields, Lerwick, Shetland, is alleged to have played a leading role in LulzSec, a group that was said to have been disbanded after being linked to attacks on a number of high-profile sites.
He is charged with gaining unauthorized access to a computer system, encouraging or assisting offences and two counts of conspiracy to commit offences.
He also faces a charge of conspiring to carry out a distributed denial of service attack - where a website is flooded with traffic to make it crash - on the Serious and Organised Crime Agency website.

-News Source (Mail Online)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Judge Nicholas Loraine-Smith : Ryan 'LulzSec Hacker' is Banned From seeing His Girlfriend Alone"https://www.voiceofgreyhat.com/2011/09/judge-nicholas-loraine-smith-ryan.html</a>

Microsoft Plugs Internet Explorer Security Hole (Which was Exposed in A Contest)

Microsoft last week patched the last vulnerability in Internet Explorer (IE) used by a researcher in March to win $15,000 at the
The company had patched IE twice before to quash bugs exploited by Stephen Fewer of Harmony Security to bring down IE8 on Windows 7 at Pwn2Own. For his efforts, Fewer was awarded a cash prize of $15,000 and a Sony notebook.

Microsoft internet explorer Fewer chained three exploits , each for a different vulnerability, to bypass IE's sandbox, called "Protected Mode," and compromise IE8. Pwn2Own sponsor HP Tipping Point called the feat "impressive" at the time.
Microsoft patched the third IE bug in a multiple-flaw update to its browser, part of a 13-bulletin collection .
Although Microsoft credited Fewer in the MS11-057 bulletin for reporting the third vulnerability, it said the bug wasn't a security flaw. "Yes, this update addresses a Protected Mode bypass issue, publicly referenced as CVE-2011-1347," Microsoft said in response to an FAQ query, "Does this update contain any non-security related changes to functionality?"
At Pwn2Own, Fewer used the bypass bug to escape Protected Mode so he could circumvent the browser's sandbox, which allowed him to add a file to the machine, a task that mimicked a hacker's insertion of malware.

Fewer confirmed that last week's IE update fixed the final flaw he used at Pwn2Own.
"Yes MS11-057 patches the final bug, the protected mode bypass, that I used in my Pwn2Own exploit, the other two being a use-after-free which was patched in MS11-018 and an information leak patched in MS11-050," Fewer said today in an email reply to questions.

Earlier Flaws Addressed

MS11-018 and MS11-050 were the designations of the April and June bulletins, respectively, that patched the two other vulnerabilities he reported to Microsoft via Tipping Point's bug bounty program.
According to Aaron Portnoy, manager of TippingPoint security research team and the company's Pwn2Own organizer, Tuesday's IE update wraps up patching for the 2011 contest.
During Pwn2Own, Microsoft said that IE9, the browser that launched shortly after Fewer's hack, did not contain the bugs he exploited.
Including Tuesday's update, IE9 has been patched twice since its March launch. Of the August bugs Microsoft acknowledged as security issues, one was reported by Fewer.
"Yes, I have been doing some research into IE9 and actually my first IE9 vulnerability was also patched this Tuesday as part of MS11-057," Fewer said, referring to a separate bug he was credited with this week.
That flaw, dubbed "CVE-2011-1964," was reported via TippingPoint to Microsoft in May, and was ranked critical for IE9 when run on Vista or Windows 7.
Fewer wouldn't commit to taking on IE9 at next year's Pwn2Own, but he left the door open to a repeat performance. "I don't have any plans as of yet for next year's competition, but if I have a few new bugs handy closer to the time, who knows?"
August's security updates, including MS11-057 for IE, can be downloaded and installed via the Microsoft Update and Windows Update services, as well as through Windows Server Update Services.

-News Source (PC-World)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Microsoft Plugs Internet Explorer Security Hole (Which was Exposed in A Contest)"https://www.voiceofgreyhat.com/2011/08/microsoft-plugs-internet-explorer.html</a>

Operation Shady RAT (The Biggest Cyber-Attack Ever)

Researchers from security software concern McAfee say they have discovered the biggest series of computer intrusions ever, covering some 72 organizations and governments around the world, including the U.S., Taiwan, Vietnam, South Korea, Canada and India — some of them dating back as far as 2006. (See the map of targets, courtesy of McAfee, below.)

And these aren’t the kind of cyber attacks carried out by bumbling troublemakers like the LulzSec gang, which make headlines but really only cause a nuisance for companies like Sony. In these cases, networks were compromised by remote access tools — or RATs, as they’re known in the industry. These tools — and they are tools, because they have legitimate uses for system administrators — give someone the ability to access a computer from across the country or around the world. In this case, however, they were secretly placed on the target systems, hidden from the eyes of day-to-day users and administrators, and were used to rifle through confidential files for useful information. It’s not for nothing that McAfee is calling this Operation Shady RAT.

McAfee says the attacker was a “state actor,” though it declined to name it. I’ll give you three guesses who the leading candidate is, though you’ll probably need only one: China.

Dmitri Alperovitch, McAfee’s Vice President, Threat Research, makes a statement in his blog entry on the discovery that should give everyone minding a corporate or government network pause: “I am convinced that every company in every conceivable industry with significant size and valuable intellectual property and trade secrets has been compromised (or will be shortly), with the great majority of the victims rarely discovering the intrusion or its impact.” He further divides the worldwide corporate landscape into two camps: Those who have been compromised and know it, and those who simply don’t know it yet.

This has been a particularly nasty year on the cyber security front. (I hate to say it, but I told you so.) Prior to this, the big attack whose full impact has not yet been fully sized up was the one against the RSA SecureID system, which uses popular keychain devices that create a constantly changing series of numbers that in turn create a second password for access to system resources. They’re widely used in government and military circles and among defense contractors. Google has been a regular target in recent years.

The RSA attack and Operation Shady RAT are examples, Alperovitch says, of an “Advanced Persistent Threat.” The phrase has come to be a buzzword that, loosely translated into English, means the worst kind of cyber attack you can imagine. Unlike the denial-of-service attacks and network intrusions carried out by LulzSec and its ilk, which require only minimal skill and marginal understanding of how networks and servers work, an APT is carried out by someone of very high skill who picks his targets carefully and sneaks inside them in a way that is difficult to detect, which allows access to the target system on an ongoing basis that may persist for years.

How did these attacks happen? Its very simple: Someone at the target organization received an email that looked legitimate, but which contained an attachment that wasn’t. This is called “spear phishing,” and it has become the weapon of choice for sophisticated cyber attackers. The attachments are not what they appear to be — Word documents or spreadsheets or other routine things — and contain programs that piggyback on the targeted user’s level of access to the network. These programs then download malware which gives the attackers further access. This all happens in an automated way, but soon after, live attackers log in to the system to dig through what they can find, copy what they can, and make a getaway — though they often leave the doors unlocked so they can come back for repeat visits.

Alperovitch notes — correctly, to my mind — that the phrase has been picked up and overused by the marketing departments of numerous security companies. His larger point is that too often those attacked in this way refuse to come forward and disclose what they’ve learned, thereby allowing the danger to continue for everyone else.

Alperovitch says that the data taken in Operation Shady RAT adds up to several petabytes worth of information. It’s not clear how it has been used. But, as he says, “If even a fraction of it is used to build better competing products or beat a competitor at a key negotiation (due to having stolen the other team’s playbook), the loss represents a massive economic threat not just to individual companies and industries but to entire countries that face the prospect of decreased economic growth.” It’s also bad for a target’s national security, because defense contractors dealing in sensitive military matters are often the targets. The best thing that can happen is that victims start talking about their attacks and sharing information with each other so that everyone can be ready for the next one, which is surely coming.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Operation Shady RAT (The Biggest Cyber-Attack Ever)"https://www.voiceofgreyhat.com/2011/08/operation-shady-rat-biggest-cyber.html</a>