hh
Source Code of Crypo.com Available to Download
The Source Code of Crypo.com , One of the Famous Free Online Encryption Service is now available todownload form a File sharing website. This Script will encrypt your messages using a strong encryption algorithm, and then your information will be secure for sending.
US ,Israel or Russia , Who is Behind Stuxnet?
Initially After Symantec did a little reverse engineering on the now infamous Stuxnet worm, many started pointing the finger at the US and Israel, especially since it was concluded that the piece of malware was designed to target a specific version of the Siemens SCADA programmable logic controls (PLC) operating in certain nuclear facilities from Iran. Ralph Langner told a conference in California that the malicious software was designed to cripple systems that could help build an Iranian bomb.Mr Langner was one of the first researchers to show how Stuxnet could take control of industrial equipment.
Dr. Panayotis A. Yannakogeorgos is a cyber defense analyst with the U.S. Air Force Research Institute. He told the Diplomat that the one weak point in the theory that the US and Israel hit the Iranian nuclear problem with Stuxnet is that both sides denied it when they would not have had to. Yannakogeorgos said that the Russians could have equally carried out the attack. Apparenly the Russians are not that happy about an Iranian indigenous nuclear capability even if they are helping build it.
In brief, the case for the United States having designed and developed Stuxnet is as follows: First, neither the United States nor Israel wants Iran to develop nuclear weapons. The worm, then, is seen as likely part of a covert strategy to delay or destroy Iran’s nuclear infrastructure while stopping short of war. The weapon was designed to target a specific version of the Siemens SCADA programmable logic controls (PLC) operating a specific configuration and number of cascading centrifuges found in Iran. Some analysts point to the fact that there were vulnerability assessments being run at Idaho National Labs on Siemens PLC software. Others note that the design of the cyber weapon closely fit Richard Clark’s description in Cyber War of a well-designed and ethically thought out weapon limiting collateral damage due to a vast army of lawyers scrutinizing the effects. The malware-analyst community, meanwhile, points to digital code strings such as “b:\myrtus\” taken from biblical events important to Israeli identity. And, as the story goes, after the political decisions, vulnerability assessments, and weapon design took place, either an Iranian agent was found to take the USB memory stick into the nuclear facility, or all the computers around the plants were infected with Stuxnet via the conficker worm.
Russia has a good reason not to want Iran to get its paws on nuclear technology. In 1995, for example, Chechen rebels planted a "dirty bomb" in Moscow's Izmailovsky Park. Nuclear material is much more secure in Russia but if Iran develops a full-blown nuclear capability, Chechen or other violent extremist and nationalist rebels go to Iran to buy the material.
The Stuxnet attack may be coupled with an assassination campaign targeting Iranian nuclear and computer scientists and various leaks suggesting covert action, all made for a compelling case of U.S. involvement. But whether it was the United States or Russia behind it, it’s clear that in Stuxnet’s aftermath, and with the emergence of other worms within their systems, Iranian nuclear engineers have less confidence in the accuracy of sensor information on digital displays. All this means that there’s now no need for the U.S. or Russia to say anything on the issue internal conflict in the minds of those responsible for Iran’s nuclear program is doing a perfectly good job of delaying progress.
President of Guyana's Website defaced by Hackers
The Official Website of President of Guyana's Website defaced by some hackers belongs to Group called "The Hackers Army" ."To the ignorant observer Israel may appear modern, vigorous and democratic largely thanks to the outrageous bias in Western media and the $$$ whom have become our leaders...now wake up!!!" The Pakistani hacker also blames the UN for creating out of Israel a country comparable to Nazi Germany. Also earlier The Hackers Army has hacked lots of high profile websites inlcuding ESET antivirus site and many more.
The Disaster named hacker from the group is responsible for the Defacements . This is not the first time when Tha Disastar manages to breach the security of a site. Just yesterday he took down one of the websites used by Anonymous to spread their activist messages.
Coalition of Law Enforcement Hacked & Agents Information Leaked
The Official Website of Coalition of Law Enforcement and Retail Hacked by Exphin1ty, Claiming himself from Anonymous Team. The Database has been hacked using SQL Injection on the website. Passwords, Email ID's, Address & Phone Number of Various Agents leaked by him. The attack resulted in the temporary suspension of the website
Hacker Said in a pastebin Note that "The American law enforcement's inhumane treatments of occupiers has caught our attention. You have shown through these actions that you are nothing more than puppets in the hands of your government. We have seen our fellow brothers & sisters being teargassed for exercising their fundamental liberal rights, the exact ones that were bestowed upon them by their Constitution. Due to this and several other reasons we are releasing the entire member database of clearusa.org (The Coalition of Law Enforcement and Retail). An organization who works to "encourage mutual cooperation between all law enforcement agencies and retail corporations". This fun little database dump includes hashed passwords, physical and email addresses, phone numbers etc. of many military, law enforcement officers, large corporations such as Microsoft, federal agents & security companies. Many of the users reuse their passwords elsewhere, so we encourage all of our lulz loving friends to deface & leak their twitters, facebooks and private email accounts as well as spreading their d0xes far and wide across the internet ocean. The website requires new members to be approved by an administrator, meaning the validity of this information is relatively high."
It seems that some "lulz loving friends" have already taken advantage of the shared data to access a police department’s e-mail.Hacker claim himself to be Anti-Security guy.
Government organised 12 Chinese Hacker Groups behind all Attacks
About 12 different Chinese groups largely directed by the government there, do the bulk of the China based cyber attacks stealing critical data from U.S. companies and government agencies, according to U.S. cyber security analysts and experts. US online security companies are suggesting that it should have the right to force them to stop "by any means possible".
Sketched out by analysts who have worked with U.S. companies and the government on computer intrusions, the details illuminate recent claims by American intelligence officials about the escalating cyber threat emanating from China. And the widening expanse of targets, coupled with the expensive and sensitive technologies they are losing, is putting increased pressure on the U.S. to take a much harder stand against the communist giant.
The report states that many of the attacks carry tell-tale signatures of particular hacking groups being tracked by intelligence and cybersecurity teams in the U.S., contrary to many expert opinions which indicate that accurate attribution is nearly impossible if the attackers are savvy enough.
James Cartwright, a former vice chairman of the Joint Chiefs of Staff who advocates for increasing measures to hold China and other nation-states responsible for intrusion operations, said that "industry is already feeling that they are at war."
"Right now we have the worst of worlds. If you want to attack me you can do it all you want, because I can't do anything about it. It's risk free, and you're willing to take almost any risk to come after me," said Cartwright.
Cartwright believes the U.S. should be aggressive in their response to attacks that originate overseas, in essence establishing that "if you come after me [the U.S.], I'm going to find you, I'm going to do something about it. It will be proportional, but I'm going to do something... and if you're hiding in a third country, I'm going to tell that country you're there, if they don't stop you from doing it, I'm going to come and get you."
The government "needs to do more to increase the risk," said Jon Ramsey, head of the counter threat unit at the Atlanta-based Dell SecureWorks, a computer security consulting company. "In the private sector we're always on defense. We can't do something about it, but someone has to. There is no deterrent not to attack the U.S."
According to experts, the malicious software or high-tech tools used by the Chinese haven't gotten much more sophisticated in recent years. But the threat is persistent, often burying malware deep in computer networks so it can be used again and again over the course of several months or even years.The tools include malware that can record keystrokes, steal and decrypt passwords, and copy and compress data so it can be transferred back to the attacker's computer. The malware can then delete itself or disappear until needed again.
For the first time, U.S. intelligence officials called out China and Russia last month, saying they are systematically stealing American high-tech data for their own economic gain. The unusually forceful public report seemed to signal a new, more vocal U.S. government campaign against the cyberattacks.
Web of Trust (WOT) Wins in Court, Favors freedom of speech
The world’s leading safe surfing tool Web of Trust (WOT) has won the lawsuit filed against it in the United States. WOT was accused of defamation, violating rights, conspiracy and manipulating algorithms. The court of justice in Florida granted the motion to dismiss with prejudice.
The case was brought up by ten companies, which are all associated to a person named Mr. Ayman El-Difrawi. The companies demanded WOT to remove ratings and comments for their numerous websites. WOT’s advocacy was based on the article 230 of the Communications Decency Act, legislated in 1996 for similar cases. The article protects Internet service providers clearing them from liabilities related to content created by third parties.
During the eventful case, the plaintiff changed their claims several times. The last change happened only a day before the oral hearing, when the plaintiff voluntarily dismissed some defendants and half of the claims. Finally, after a year, the court ordered the case to be dismissed with prejudice, which means the plaintiff cannot file this same case against WOT again based on the same set of facts.
“The court’s decision is a very important precedent for WOT, although we always knew that the case was baseless. The decision shows clearly that courts in the United States favor freedom of speech. In the European Union, the situation is not as clear”, says WOT CEO Mr. Vesa Perälä.
About Web of Trust
Web of Trust (WOT) is a community-powered surfing tool that boosts trust on the Internet, by using authentic user experiences to help web users find reliable websites. The leading community-based safe surfing tool uses intuitive traffic lights to help web users stay safe when they search, surf and shop online. Website ratings are powered by a fast growing worldwide community of nearly 30 million users who have rated the reputation of over 34 million websites based on their experiences in terms of trustworthiness, vendor reliability, privacy and child safety. The add-on works with Firefox, Google Chrome, Internet Explorer, Opera and Safari and is a free download from www.mywot.com
Carrier IQ acting as Special Agent for FBI ?
The Carrier IQ Privacy issue continues today with a new, albeit not a really surprising, episode. Apparently the FBI was aware of what the Carrier IQ technology is able to do, and the Bureau is not willing to reveal anything regarding Carrier IQ just yet. Whereas, The FBI denies the release of information about their use of Carrier IQ, Wikipedia founder asks for input about a site-wide blackout, and the Kindle Fire will get a pre-Christmas software update to improve performance.
Government watchdog site MuckRock believes Carrier IQ data is being used by the FBI in an investigation. If so, the worries over Carrier IQ will rise up again. Carrier IQ is installed in about 150 million handsets globally, according to the company. MuckRock sent an Freedom of Information Act request to the FBI, asking for "manuals, documents or other written guidance used to access or analyze data gathered by programs developed or deployed by Carrier IQ." That FOIA request was met with what MuckRock called a "telling denial."
The very first page of the denial letter specifically states that the information they have in the exempt file is for law enforcement purposes and that they cannot release information that will jeopardize any ongoing investigation.
Carrier IQ and several wireless carriers and handset makers have admitted to installing the software in handsets, but insist the software is benign and designed primarily to collect data for optimizing network and device performance. Critics of Carrier IQ's software, who include Google executive chairman Eric Schmidt, have claimed the software enables keylogging and extensive data capture.
Hopefully future investigations into Carrier IQ practices will offer us more details about the way Carrier IQ data was used by the FBI, if that’s the case, and we’re certainly interested to see what various U.S. and international officials will have to say about the FBI’s proven involvement with this matter.
In the meantime, if you wish not to be monitored by corporations and the government, we politely remind you to stay off the Internet, stop using all proprietary software and hardware, disconnect your cell phone and land line immediately, and ensure a snug fit on your tin foil helmet.
BeEF 0.4.2.12 alpha Browser Exploitation Framework Released
The Browser Exploitation Framework (BeEF) is a powerful professional security tool. BeEF is pioneering techniques that provide the experienced penetration tester with practical client side attack vectors.
Unlike other security frameworks, BeEF focuses on leveraging browser vulnerabilities to assess the security posture of a target. This project is developed solely for lawful research and penetration testing.
BeEF hooks one or more web browsers as beachheads for the launching of directed command modules. Each browser is likely to be within a different security context, and each context may provide a set of unique attack vectors.
BeEF provides an easily integratable framework that demonstrates the impact of browser and Cross-site Scripting issues in real-time. Development has focused on creating a modular framework. This has made module development a very quick and simple process. Current modules include metasploit, port scanning, keylogging, TOR detection and more.
Russian hackers hit Twitter with automated hashtags tweets
Russian hackers have taken aim at Twitter in recent days to hamper communication between opposition activists as outrage against the conduct of last week's general elections grows. The pro-government messages were generated by thousands of Twitter accounts that had little activity beforehand. The hashtag is #триумфальная (Triumfalnaya), the name of the square where many protesters gathered.
Maxim Goncharov, a senior threat researcher at Trend Micro, observed that “if you currently check this hash tag on twitter you’ll see a flood of 5-7 identical tweets from accounts that have been inactive for month and that only had 10-20 tweets before this day. To this point those hacked accounts have already posted 10-20 more tweets in just one hour.”
Brian Krebs, the author of the blog Krebs on Security, noted that the ‘bot accounts he lists themhere appear to follow a single account called @master_boot, as well as following each other. The accounts were also all created in July of this year. Besides pro-government tweets many of the messages are gibberish.
Getting the software for such attacks isn’t that hard, about $150 one can get the automated Twittering software, and a “Twitter blasting machine” totals about $300. Social networks are becoming an increasingly important stage for conflict between governments and their people. Occupy Wall Street has made effective use of Tumblr, and protests in Egypt were often organized using Twitter and Facebook.
Fully Undetectable Backdoor generator for Metasploit
Security Labs Experts from Indian launch an automated Anti-Virus and Firewall Bypass Script. Its an Modified and Stable Version in order to work with Backtrack 5 distro. Below you can find the modified version and a simple presentation on how it works:
In order to be able to compile the generated payload we must install the following packages ; Mingw32 gcc which you can install by :
root@bt:~# apt-get install mingw32-runtime mingw-w64 mingw gcc-mingw32 mingw32-binutils
After the installation we must move our shell-script - Vanish.sh - to default Metasploit folder (/pentest/exploits/framework) and execute it. Recommended Seed Number = 7000 and Number of Encode = 14 .
Note: By default Script Generates Reverse TCP Payload but you can change it some modifications in Script [vanish.sh]. Virus Scan Report of Backdoor shows that its almost undetectable by most of the Antivirus programs.
Download Link : Click Here [Vanish.sh] Size : 3.3 KB OR Pastebin Version here
Nintendo 3DS sales hit three million
Nintendo has sold over three million units of the 3DS portable gaming system, with president of the Japanese gaming company Satoru Iwata saying that he felt the console had "regained its momentum."
Much of this resurgence in 3DS gaming has been put down to new versions of first party titles like Mario Kart, which sold almost half a million copies in the first few days of December. In the same week of its release, Nintendo was able to push over 215,000 3DS consoles in Japan alone.
TechCrunch has it that Iwata believes Nintendo will pass four million global unit sales of the hand-held by February next year, thanks to higher sales during the Christmas period and the continued strong sales of its own games. He has a point too, as the 3DS launched with no real first party titles to speak of, leaving it to flounder without any strong games to help push sales. Now though with the release of the new kart-based Mario game and his new platform outing Super Mario 3D Land - which has sold over 500,000 copies in the US alone - Nintendo's handheld may have turned a corner.
Three "critical" patches to be in Microsoft security update
Microsoft is planning to next week release 14 patches to fix 20 vulnerabilities across its product line, the company announced Thursday.
Tuesday's monthly security update, to be released around 1 p.m. EST, will come with three "critical" and 11 "important" bulletins to plug holes in Windows, Office, Internet Explorer, Publisher and Windows Media Player. Most of the vulnerabilities, if exploited, can lead to remote code execution.
It is unclear if the update will include remediation for an unpatched Windows Kernel vulnerability, disclosed just prior to the November patches, which aids in the spread of the Duqu trojan. In addition to describing the planned fixes, Angela Gunn, a senior response communications manager for Microsoft Trusworthy Computing, announced in a Thursday blog post that there is now "greater transparency" around the Microsoft Active Protections Program (MAPP).
Anonymous claims new Monsanto-related hack
The Anonymous hacktivist group claims it is responsible for putting a Washington, D.C. public relations firm out of business.
But a former executive at the now-defunct company, known as The Bivings Group, denies the allegations.
Anonymous defaced the firm's website and hacked into a database, spilling the contents, including hundreds of corporate emails, the collective said in a Pastebin document, posted Monday. Anonymous targeted The Bivings Group as part of "Operation End Monsanto," a campaign designed to go after the multinational maker of genetically engineered seeds and growth hormones.
ICE admits year-long seizure of music blog was a mistake
We've covered Operation In Our Sites, an ambitious project by Immigration and Customs Enforcement (ICE) to seize the domains of dozens of websites allegedly used for copyright infringement, in great detail here at Ars. In a piece earlier this year, we noted the curious case of Dajaz1.com, a hip-hop music blog that didn't seem to fit the conventional definition of a "rogue site." When the domain was seized last year, the site's owner expressed confusion, showing the New York Times copies of e-mails documenting that some of the allegedly infringing songs on his site had been sent to him by artists and labels.
Now, as first reported by Techdirt, the federal government has tacitly admitted it screwed up in seizing Dajaz1.com. After holding the domain for a year, the government returned the domain to its owner. ICE spokesman Ross Feinstein told Ars that "the government concluded that the appropriate and just result was to decline to pursue judicial forfeiture."
So what took so long? Feinstin wouldn't elaborate on why the domain was seized or why the government had changed its mind. But Dajaz1's attorney, Andrew Bridges, described to Techdirt a positively kafkaesque process for getting his client's domain name back. After seizing a domain, the government has a relatively short window of time to either begin formal forfeiture proceedings or return the domain. But Bridges says that the government refused to return the domain even after the clock ran out.
Another Adobe Flash zero-day for sale by security software vendo
InteVyDis, a Russian firm specializing in packaging software security exploits, has released a software module that can give a remote computer access to an up-to-date Windows 7 machine running the most recent version of Adobe Flash Player 11.
The exploit module, called vd_adobe_fp, is packaged in VulnDisco Step Ahead Edition, an add-on toolkit for Canvas—an automated exploitation system developed for IT security professionals by Miami Beach-based Immunity. In a video demo of the exploit, Immunity's Alex McGeorge said that the attack had been tested against fully patched Windows 7 Ultimate and Windows XP Pro systems running Internet Explorer 7 and 8, Google Chrome, and Firefox. McGeorge said that a Mac OS X version of the exploit is expected in the next release.
sslyze – Fast and Full-Featured SSL Configuration Scanner
Transport Layer Security (TLS), commonly called SSL, is one of the most widely used protocols to secure network communications. As costs fall and user security and privacy expectations rise companies are deploying it more widely every year. Attacks against the CA system, SSL implementation flaws and aging protocol versions have grabbed news headlines, bringing attention to weak configurations, and the need to avoid them. Additionally, server misconfiguration has always greatly increased the overhead caused by SSL, slowing the transition to improved communications security.
To help improve system configurations, iSEC is releasing the free software “SSLyze” tool. They have found this tool helpful for analyzing the configuration of SSL servers and for identifying misconfiguration such as the use of outdated protocol versions, weak hash algorithms in trust chains, insecure renegotiation, and session resumption settings.
Features
You can download sslyze here:
sslyze-0.3_src.zip
To help improve system configurations, iSEC is releasing the free software “SSLyze” tool. They have found this tool helpful for analyzing the configuration of SSL servers and for identifying misconfiguration such as the use of outdated protocol versions, weak hash algorithms in trust chains, insecure renegotiation, and session resumption settings.
Features
- Insecure renegotiation testing
- Scanning for weak strength ciphers
- Checking for SSLv2, SSLv3 and TLSv1 versions
- Server certificate information dump and basic validation
- Session resumption capabilities and actual resumption rate measurement
- Support for client certificate authentication
- Simultaneous scanning of multiple servers, versions and ciphers
You can download sslyze here:
sslyze-0.3_src.zip
Microsoft: We Can Remotely Delete Windows 8 Apps
Microsoft will be able to throw a "kill switch" to disable or even remove an app from users' Windows 8 devices, the company revealed in documentation released earlier this week for its upcoming Windows Store.
Kill switches -- so called because a simple command can deactivate or delete an app -- are common in mobile app stores. Both Apple and Google can flip such a switch for apps distributed by the iOS App Store and Android Market, respectively.
In the Windows Store terms of use , Microsoft made it clear that it can pull the kill switch at its discretion. "In cases where your security is at risk, or where we're required to do so for legal reasons, you may not be able to run apps or access content that you previously acquired or purchased a license for," said Microsoft in the Windows Store terms.
Four Romanians Indicted for Hacking Subway, Other Retailers
Four Romanian nationals have been charged with hacking card-processing systems at more than 150 Subway restaurants and 50 other unnamed retailers, according to an indictment unsealed Thursday.
The hackers compromised the credit-card data of more than 80,000 customers and used the data to make millions of dollars of unauthorized purchases, according to the indictment (.pdf).
From 2008 until May 2011, the hackers allegedly hacked into more than 200 point-of-sale (POS) systems in order to install a keystroke logger and other sniffing software that would steal customer credit, debit and gift-card numbers. They also placed backdoors on the systems to provide ongoing access.
Hackers hit Dutch certificate authority Gemnet
Dutch certificate authority Gemnet has taken its site offline following the discovery of a system breach.
Parent company KPN said that the certificate authority had temporarily suspended its web operations following a breach which allow outside attackers to access the Gemnet web server.
KPN moved to allay fears that the hack would lead to the creation of false certificates. The company said that no systems related to the certificates themselves had been compromised in the attack and the Dutch PKIoverheid key infrastructure was not in any danger. The incident is the sthe high-profile breach to hit a Dutch certificate authority this year and the second breach at a KPN form. In November, a server breach at KPN Corporate Market forced the company to temporarily close its site.
Skype security flaw leaves user locations vulnerable
Users of the world’s most popular Internet telephony service may be inadvertently putting themselves at risk of having their physical location and other personal details stolen, experts warn.
Tracking the Skype activities of 20 volunteers and a random sample of 10,000 other users over two weeks, researchers at New York University’s Polytechnic Institute found hackers could not only discover where each user placed each call, but also their peer-to-peer (P2P) file-sharing activity. Their findings were published last month and reported by security software provider Symantec Corp. on Thursday.
“A hacker anywhere in the world could easily track the whereabouts and file-sharing habits of a Skype user – from private citizens to celebrities and politicians – and use the information for purposes of stalking, blackmail or fraud,” Keith Ross, professor of computer science at NYU-Poly, warns in a news release.
Green MP’s e mails hacked
Green Party list MP Kevin Hague is today reassuring people that he is alive and well in New Zealand, not trapped penniless in Spain, as an email scam claims.
Mr Hague's personal email account has been hacked and a scamster purporting to be him is emailing his account contact list to say that he is in financial difficulty, having misplaced his bag in Spain, and desperately needs US$2000 to cover his hotel bill and flight home.
Promising immediate reimbursement when he returns home, the email says: "I feel so devastated, now my passport and other belongings have been retained by the hotel management pending the time I pay my hotel bills. This is shameful."
HP sued over security flaw in printers
A lawsuit against Hewlett-Packard alleges that the company sold LaserJet printers that it knew had a security flaw in them that could allow hackers to steal data, take control of networks and even cause physical damage to printers through overheating.
The suit, filed last week in district court in San Jose, Calif., accuses HP of knowingly selling printers with a design defect that renders them "highly vulnerable to attacks by hackers." The plaintiff, David Goldblatt of New York, said he would not have purchased two HP printers had he known about the problems. It alleges HP violated the California laws designed to protect consumers and prohibit fraudulent or deceptive business practices and seeks class-action status.
The issue stems from the fact that software on the printers that allows for updates over the Internet does not use digital signatures to verify the authenticity of any software upgrades or modifications downloaded to the printers, according to the lawsuit.
Six arrested for Million Pounds phishing scam
Six people from London and the North West were being questioned by police on Friday in connection with a £1 million phishing scam that drained the bank accounts of hundreds of UK students. That is a lot of beer and book money, and the police said that hundreds of students had been caught out by the scammers. Today the Metropolitan Police said its Police Central e-Crime Unit (PCeU) arrested the suspects yesterday after four months of investigation.
On Thursday, the police arrested a 38 year old man in Bolton; a 26 year old man and a 25 year old woman in Manchester; a 25 year old man in Deptford, London; and a 49 year old woman and a 31 year old man in Stratford, London. Police also seized computers and equipment from premises in London, Manchester and Bolton.
The police said that on average the scammers, four men and two women, took amounts of money ranging from £1,000 to £5,000 at a time. They have been arrested on suspicion of conspiracy to defraud and committing Computer Misuse Act and money laundering offences.
Traditional phishing attacks occur when online fraudsters try to access personal data such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an online exchange, while malware is malicious software installed on a computer, which enables cybercriminals to access and use that computer for criminal purposes.
The Mole - Another Automatic SQL Injection exploitation tool
The Mole is an automatic SQL Injection exploitation tool. Only by providing a vulnerable URL and a valid string on the site it can detect the injection and exploit it, either by using the union technique or a boolean query based technique.
Features
- Support for injections using Mysql, SQL Server, Postgres and Oracle databases.
- Command line interface. Different commands trigger different actions.
- Auto-completion for commands, command arguments and database, table and columns names.
- Support for query filters, in order to bypass certain IPS/IDS rules using generic filters, and the possibility of creating new ones easily.
- Exploits SQL Injections through GET and POST methods.
- Developed in python 3.
Video Demonstration:
1.) Installation Guide
2.) Tutorial to Use
3.) Download Mole
Social network poisoning - They are Following you Everywhere !
Note : This Article is taken from Most Comprehensive and Informative IT Security Magazine by The Hacker News - December Edition [ Download Here ]
"Be Social" is the imperative of the last years. We live alternative lives, weave dense networks of relationships; we feel the irrepressible urge to be part of a group, to fill the void that we carry within. But this human propensity to aggregation is now the foundation of the concept of "social network", a community of people, each of them defined “node” by researches, which are united by friendship, kinship, passions, interests, religious beliefs. The whole world is represented by a lattice structure that scientists have long taken to study, to achieve the classification of that human "node", classify its customs, and especially to predict the behavior and through it influence the response of the community a particular event. The philosophy is that of the control.
In May Pierluigi Paganini defined the term “Social network poisoning” writing before to Wikipedia EN and also to Italian Wiki.
The term social network refers to the poisoning effect produced by the application of methods designed to make unreliable the knowledge related to a profile and its relationships. The application of this kind of attack on large-scale could lead to the collapse of Social Networking platforms affect its value for commercial purposes, as well as the utility in terms of knowledge and correlation of data provided by users, with a significant impact on its economic value.
In the same way as the "route poisoning" (affecting the telecommunications network), the "poisoning action" are conducted with the aim to pollute the contents of this social network profiles typically introducing artifacts and relationships exist between them and real ones thus making the information unreliable. The result is the consequent failure of the chain of trust which are based on all social networks, in order not to allow search engines specifically developed to retrieve information of any kind relating to a particular profile.
Starting from the assumption that Internet and in particular the social network lacks a coherent and safe management of digital identity, it is possible to introduce the main tools currently poisoning and to hypothesize a new and viable in a future scenario:
Current tools
Replacement of identity, or the ability to impersonate another user to the wide variety of purposes intelligence social engineering.
Simulation of identity, creating a false profile, which does not correspond to any existing person, for malicious purposes or simply to remain anonymous.
Fuzzing profile, the voluntary introduction of elements false and / or non-matching to your profile to deceive intelligence systems, to prevent OSINT activities or other forms of personal gain.
Fuzzing social graph, the association intended to groups and individuals that have nothing to do with their interests and relations with the intention of introducing "noise" in their social graph.
Future instruments:
Personal /social bots , creating a large number of fake profiles (e.g. millions of fake profiles) managed by machines, able to interact with real users in a way likely, thus changing the "sentiment" and "conversation "large-scale as well as altering all the social graph and to preclude meaningful correlations on the data.
Black curation, the use of real users "holes" or fictitious to speak on topics of which you want to change the meaning, or to create new one ad-hoc, in analogy to the black SEO (search engine optimization) already use on search engines.
How easy to understand the interest in social networks are the stars. Complex systems analyze information, scan faces and places, building new relationships and providing new information. Government agencies and companies have realized the full potential of the medium, a real gold mine in which the imperative is the power, information, and control of a at the expense of a user too distracted and inattentive to the dangers ahead.
What to suggest to a friend node, be social, but sparingly. Be human first!
Biggest Pakistan News site Dawn.com hacked by LuCkY
Indian hacking Group "Indishell" hackers once again hit Pakistani cyber space. This time LuCkY from Indishell team deface the biggest Pakistani News site Dawn.com (Alexa Rank : 3540).
He also post Database Info ie.
Database Name - archives_wpress
Database Name - archives_user2
Database Password - 'B,!R~T-K^L2)');
Deface page message include the possible hack reason "You Wont get kashmir by hacking sites lol , Kashmir is ours will be". Hackers on both sides have indulged in sporadic attacks against each other ever since 1998 nuclear tests. The Indishell and PCA warriors hide behind coded named such as 'Zombie' , 'Lucky' and are thought to be young IT professionals.
Hack a webcam and a film camera into a USB microscope
Have you ever wanted to inspect or photograph something up close, but could not find amagnifying glass or did not have enough light on your subject? Well read on, because this project will do the job for you at little or no cost called “My Inspector Gadget”.
Most of you probably have a webcam sitting around somewhere, and after all the high voltage projects you’ve done using disposable cameras, we bet you have some camera lenses too. In a contest entryButch shows how to make your very own computer enabled microscope out of stuff that many of you will have lying around your house. What is basically involved is tearing apart a web cam, adding additional lighting and a lens assembly from an old film camera.
In is project he shows how to harvest the lens from the film camera and mount it, as well as where he added the LED. You can see in the picture above, his results are pretty good.
Coca-Cola Norway Hacked by Greek Hacking Scene (GHS)
An Impressive cyberattack was executed by a Greek hacker against the official website of the multinational company Coca-Cola in Norway with defacement in internal links of the website. In a demonstration of power, the Greek hacker with the pseudonym «Napsterakos», identified weakness in the company's website-giant Coca-Cola, and defaced on purpose to post his own messages.
As SecNews was informed by an anonymous reader giving us details about the incident, the attack was made as the first attack of the operation «Greek Hacking Scene vs Corruption», The hacker «Napsterakos», in a message posted on Pastebin states that "when the future is based on lies, then everyone is corrupt ..." and that "~ We were everywhere we see and hear everything in a future based on lies anyone is corrupted, all must pay, and will do so in one way or another. The words acquire value only through their actions. ~ '
See [here] the message posted on the Pastebin and we give a relevant Screenshot.
The Coca-Cola Norway was founded in 1997 and is the largest supply of soft drinks in Norway, responsible for production, sale and distribution of products. They are wholly owned by the parent company Coca-Cola Enterprises, and with strong partnerships and agreements for bottling and distribution of products such as beer, mineral water and a host of local beverages. It has even one of the largest logistics center in Norway.
The Coca-Cola Norway was founded in 1997 and is the largest supply of soft drinks in Norway, responsible for production, sale and distribution of products. They are wholly owned by the parent company Coca-Cola Enterprises, and with strong partnerships and agreements for bottling and distribution of products such as beer, mineral water and a host of local beverages. It has even one of the largest logistics center in Norway.
Important is the fact that the website that was attacked, as expected, have taken important security measures by the company giant.As identified by the technical team of SecNews, they used Akamai's infrastructure to achieve the security and high availability access to their Web content. But it seems that this was not enough to stop the Greek hacker, who successfully implemented his defacement attacks
XSS Vulnerability in Google Code site
XSS (Cross site Scripting)Vulnerability discovered in Google Code website as shown. Claimed to be Discovered by Vansh Sharma & Vaibhuv Sharma.
Proof Of Concept: Just go to http://code.google.com/apis/ajax/playground/ and then click on edit HTML after that remove all the codes and type this script : <img src="<img src=search"/onerror=alert("XSS")//"> and click on DEBUG CODE, and then first it will show you "Sample must have <head> element" click OK and wait for the window to load if nothing happen then try the same thing again or simply you can click on RUN CODE, and you will get a popup which is XSS.
Another Similar XSS posted by +Pirate, as posted on HackForum Community.
Charlie Miller now working with DoD for Cyber Security
Charlie Miller is a former hacker who has become an information security consultant now working with Department of Defense (DoD) for helping out with cyber security. He was invited to the conference on cyber conflict held by the NATO Cooperative Cyber Defense Center of Excellence in Tallinn, where he talked about the vulnerability of information systems. In a recent video released he talks about the ways he works.
He spent five years working for the National Security Agency. Miller demonstrated his hacks publicly on products manufactured by Apple. In 2008 he won a $10,000 cash prize at the hacker conference Pwn2Own in Vancouver Canada for being the first to find a critical bug in the ultrathin MacBook Air. The next year, he won $5,000 for cracking Safari. In 2009 he also demonstrated an SMS processing vulnerability that allowed for complete compromise of the Apple iPhone and denial-of-service attacks on other phones. In 2011 he found a security hole in an iPhone's or iPad's security, whereby an application can contact a remote computer to download new unapproved software that can execute any command that could steal personal data or otherwise using iOS applications functions for malicious purposes. As a proof of concept, Miller created an application called Instastock that got approved by Apple's App Store. He then informed Apple about the security hole, who then promptly expelled him from the App Store.
Another United Nations Web Site Hacked, Barack Obama info Leaked !
Hackers of Team Sector 404 have breached the Spanish Web site for the United Nations Refugee Agency ACNUR. Group claims to be working with Anonymous. Hackers was able to breach site withSQL Injection vulnerability.
They leaked Barack Obama’s email address, username, password (not in clear text), personal phone number and a login ID as shown. Other individuals whose information was leaked are Dirk Wildt from Die Netzmacher and Schaffstein from a non-profit organization called TYPO3 .Info of Other United Nation members also leaked from database.
The team of hackers include PHANTOM, RAWR, IO93, V, ZD4P50N, SPECTRUS, ANONGUS, FIBO,HACKW32, ADREX,NEKA, JJ, & ESCUADRON SPY PEOPLE Y HACKERSMX219 involve in this Hack as Sector 404.
MySQL.com Once again Compromised using Sql Flaw
A hacker with name "D35M0ND142" claim to hack MySql.com website using Sql Injection Flaws. In September, Mysql.com was hacked and it was serving BlackHole exploit malware on the site. In apastebin dump Hacker Exposes various Admin user credentials and Database info. The Compromised Usernames and Passwords are from Blog site of MySql.
MySql website is pretty embarrassed for not securing its own database’s properly, Even hacker share that "Robin Schumacher is MySQL's Director of Product Management andhas over 20 years of database experience in DB2, MySQL, Oracle, SQLServer and other database engines. Before joining MySQL, Robin wasVice President of Product Management at Embarcadero Technologies."
Besides the hack on MySQL.com, D35M0ND142 also managed to breach the systems of the Urbino University in Italy and the Universal Language & Computer Institute in Nepal and Stream Database.
Cain & Abel v4.9.43 Released
Cain & Abel is a password recovery tool for Microsoft operating systems.It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using dictionary and brute force attacks, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols.
Change Log :
- Added SAP R/3 sniffer filter for SAP GUI authentications and SAP DIAG protocol decompression.
- Added support for Licensing Mode Terminal Server connections to Windows 2008 R2 servers in APR-RDP sniffer filter.
- Added support for MSCACHEv2 Hashes (used by Vista/Seven/2008) in Dictionary and Brute-Force Attacks.
- Added MSCACHEv2 Hashes Cryptanalysis via Sorted Rainbow Tables.
- Added MSCACHEv2 RainbowTables to WinRTGen v2.6.3.
- MS-CACHE Hashes Dumper now supports MSCACHEv2 hashes extraction from Windows Vista/Seven/2008 machines and offline registry files.
- Fixed a bug (crash) in Certificate Collector with Proxy settings enabled.
Download Here
DNS cache poisoning attack on Google, Gmail, YouTube, Yahoo, Apple
Hacker with nickname AlpHaNiX deface Google, Gmail, Youtube, Yahoo, Apple etc domains of Democratic Republic of Congo. Hacker use strategy so-called DNS cache poisoning.
DNS cache poisoning is a security or data integrity compromise in the Domain Name System (DNS). The compromise occurs when data is introduced into a DNS name server's cache database that did not originate from authoritative DNS sources. It may be a deliberate attempt of a maliciously crafted attack on a name server.
Hacked websites are :
http://apple.cd/
http://yahoo.cd/
http://gmail.cd/
http://google.cd/
http://youtube.cd/
http://linux.cd/
http://samsung.cd/
http://hotmail.cd/
http://microsoft.cd/
Protecting Your BlackBerry Smartphone with Security Wipe
The BlackBerry device is a wonderful thing. We load our BlackBerries with various softwares and applications to increase our productivity and customize them with interesting themes and ringtones. We watch movies and play games and track day to day activities. All of these things require passwords and usually involve storing data on our devices that is sensitive in nature.
So what if you want to wipe your BlackBerry clean?
There are a number of reasons why you might want to wipe out your Blackberry. Perhaps you have switched jobs and need to submit your BlackBerry into your new IT department so they can set it up for their network. You wouldn’t want them to have access to your previous employers data would you?
Perhaps you have purchased a new model of BlackBerry and would like to gift your previous model to a friend or sell it on ebay. The same rule applies, you do not want them to see what you were using your Blackberry for prior to handing it over.
How to Use security wipe ?
Before using this function, it is recommended that you back up any data and applications that you like to use on your new BlackBerry smartphone.
- On the BlackBerry smartphone, select Options from the home screen.
- Select Security Settings, then Security Wipe.
- Specify what items will be wiped during this process by checking off the boxes.
- Enter “blackberry” (field is not case-sensitive) and select Wipe.
- The BlackBerry smartphone will reset a few times, and after this process is complete, it will no longer contain any of your personal data.
Android Bloatware, Another Serious Android Privacy Issue
Researchers have found that some Android smartphones are more vulnerable to attacks than others, thanks to add-on software and skins that get installed by handset makers before they ship their smartphones to subscribers. It’s not just Carrier IQ that Android users need to be worried about.
A team of researchers from North Carolina State University discovered the security vulnerability on eight different smartphones from Google, HTC, Motorola and Samsung. Black hat hacker can exploit these vulnerabilities to record phone calls (see proof of concept video below), wipe out your phone, call or text premium rate numbers, and read your private messages and emails, all without your permission, of course. According to the paper published by the team.
"Our results with eight phone images show that among 13 privileged permissions examined so far, 11 were leaked, with individual phones leaking up to eight permissions. By exploiting them, an untrusted application can manage to wipe out the user data, send out SMS messages, or record user conversation on the affected phones - all without asking for any permission". According to the researchers, certain system configurations added on top of the Android OS by manufacturers, contain a backdoor to this personal information.
Android permissions are cornerstone of Android security and user privacy. For example, if an application requests permission to use a user's location--perhaps as part of an advertiser-backed effort to track their online behavior--the smartphone owner can deny that request. Likewise, permissions serve as a last line of defense against malicious applications that may end up on their phones. For example, if an application attempts to access both the Internet and a user's address book, but shouldn't need to do so, it could indicate that the application in question is attempting to steal data and phone home.
To test the permission-enforcement security model on Android smartphones, the researchers built a tool, dubbed Woodpecker, that subjects images of Android operating systems to permission tests. As a baseline, they first studied the Google Nexus One and Nexus S smartphones which come with a vanilla version of Android installed as well as the Motorola Droid, which is "close to the reference Android design," they said.
The university researchers explained in their paper, as well as in a YouTube video, that the code that allows these apps to sidestep Android's permission system lies in the interfaces and services phone manufacturers add on to their devices to supplement Google's firmware.
To Ensure your Privacy ,You can use custom ROM To Protect your Privacy on Android Phones By rooting your phone.
Biggest Independent Russian Election site Hacked on election day
Popular Russian media websites, the major LiveJournal social network and the website of the country’s biggest independent election watchdog, were inaccessible in hacking attacks for several hours on Sunday in what their employees said was an attempt to jam information on parliamentary elections.
“The attack on the website on election day is apparently tied to an attempt to publish information about violations,” chief editor of the independent-minded Ekho Moskvy radio Aleksei Venediktov wrote in his Twitter blog.
Websites of Forbes Russia, Bolshoi Gorod and New Times magazines, Slon.ru news portal, Golos election watchdog and its Kartanarusheniy.ru website that was supposed to map vote fraud were down throughout most of Sunday.These media organizations and the watchdog have pledged to report voting violations from all over Russia live.Independent and opposition media, as well as the LiveJournal social network that has become the main political discussion venue in Russia, are often subjected to hacking attacks, though the Sunday assault was the most concerted and broad. Law enforcement officials had not commented on it as of late Sunday afternoon.
XSS Vulnerability On Twitter Found by 15 Years Old Expert
A 15 years old XSS Expert "Belmin Vehabovic(~!White!~)" discovered XSS Vulnerability On Twitter and report us. The Vulnerable link is here. Even He also Discovered XSS Vulnerability in Facebook also as tweeted by him Yesterday &Facebook is offering him $700 as Bounty.
Critical Security Holes In Oracle Database
A serious vulnerability found by security researchers on oracle databases. An attacker can perform SQL injection attacks and other advanced attacks, thus they can gain full privilege & traction said security researchers. Is Oracle just paying lip service to database security? Some researchers within the database community think so, complaining that as the software juggernaut has grown with acquisitions, such as the blockbuster Sun deal, it hasn't maintained enough resources to securely develop database products and resolve vulnerabilities disclosed by researchers in a timely fashion.
"I would say easy fixes get done pretty quickly, within three to six months, but things that are harder and need some changes in architecture or have an impact on customers where customers have to make some changes to their products, to their software that uses the databases, those things don't get done in the CPU," said Alex Rothacker, manager of Application Security's research arm, TeamSHATTER. "We have a vulnerability disclosed where basically we can brute force any user's password ... we reported this two years ago and they haven't fixed it yet."
It's a complaint lodged by many researchers, who say that even as Oracle publicly states it wants to work with the research community to fix database issues, it isn't putting its shoulder into the effort. The numbers show that the proportion of quarterly critical patch updates for Oracle database products has diminished considerably over the last two years.
While some might come to the conclusion that there are fewer updates because Oracle's products are getting more secure, researchers say this trend has occurred simultaneously as the window between disclosure of vulnerabilities and patch releases for them has grown wider.
"They respond immediately and say 'Thank you very much for the information' and so on, but it sometimes takes more than a year to actually release a patch," said Slavik Markovich, VP and CTO of database security for McAfee. "I get the feeling that they don't invest enough or have enough people working on this so it takes a long time to patch." In the meantime, too, new database products--some of them security related, even--are released with the same type of vulnerabilities that researchers have been alerting Oracle to for years.
Femtocells, NFC and Bluetooth among emerging mobile security risks
Some of the major wireless networking technologies behind mobile networks could soon become key vectors for attackers, say researchers.
Security vendor McAfee said in its 'Securing Mobile Devices' report that connectivity options such as near-field communications and Bluetooth could allow attackers to defraud users out of money by way of their mobile handsets.
Report author Dr. Igor Muttik said that future attacks on mobile handsets will likely be made easier by the fact that handsets are constantly connected to wireless networks despite traveling through multiple locations. This, he argues, allows attackers to set up operations which can easily target users and harvest information for use in fraud operations.
The Spy Files: Wikileaks expose Mobile Phone, Email Hacking capability
“Today we release over 287 files documenting the reality of the international mass surveillance industry – an industry which now sells equipment to dictators and democracies alike in order to intercept entire populations” Assange told reporters.
Another leaked document from 2011 shows how one UK firm is depended upon by the government, including “law enforcement agencies, intelligence and military agencies & special forces”. Such technologies can be “integrated into bespoke solutions for static, tracking and mobile overt and covert surveillance”.
The UK, one of the most surveilled countries in the world, with more CCTV cameras per person than any other major city, is one of the most prevalent in Internet monitoring, phone and text messaging analysis, GPS tracking and speech analysis technologies. Last month, it was found that Leeds-based company Datong plc. sold phone tracking and remote-disability technology to Scotland Yard, home of London’s Metropolitan Police, which could then be used to track protestors or disable remotely shut-off mobile phones en masse.
Wikileaks recently celebrated the first anniversary of the controversial publication of US diplomatic cable leaks a publication that made Julian Assange a household name.Assange is currently under house arrest in London, where he is planning to launch an appeal against the recent ruling of a British court, which decided to extradite the journalist to Sweden, where he is accused of sexually harassing two women. Assange fears that his extradition to Sweden may eventually end up being one to the United States and will be appealing the ruling once again next Monday.
McAfee drafted Five Steps to Avoiding bad apps on Pc & Mobile
Malicious applications are one of the most serious threats to smartphone users today. Not only can a dangerous app infect your phone and steal your personal information, it can even spy on you. Read our five easy tips for avoiding bad apps, and keep your device and information safe.
An Android developer recently discovered a clandestine application called Carrier IQ built into most smartphones that doesn't just track your location; it secretly records your keystrokes, and there's nothing you can do about it. In this digital age, privacy is more important than ever. Just because you “don’t have anything to hide,” does not mean that you shouldn’t value your privacy or fight for it when companies do things like this, especially with something as personal as your cell phone.
McAfee has come up with five “Common sense” practices that you might not have thought about before, but they actually do make sense for the most part.
Here’s a look:
- For the moment, the amount of detected smartphone malware is relatively low compared to malware that targets desktop or laptop PCs; but being aware that it exists is the first step toward protecting yourself and your data.
- Research apps and their publishers thoroughly and check the ratings - better to install apps that are broadly used in the market and/or are recommended by your circle of friends and colleagues
- It is wise to purchase from a well-known reputable app store market, such as the Android Market. One way for Android users to avoid installation of non-market applications is to de-select the “Unknown sources” option in the Applications Settings menu on their device. If the option is not listed, it means your mobile service provider has already done this for the user.
- When you install an app, you’ll see a list of permissions for services that are granted access to the hardware and software components on your device, like contacts, camera and location. If something in the permissions screen doesn’t look right, don’t install that app! For example, a game or alarm clock app probably shouldn’t need to access your contacts or have the ability to transmit that data from your device.
- Install antivirus software on your phone. It is a good idea to install an antivirus program when you get a new mobile device before you add any other apps.
This last one actually be the most crucial one that people are missing. McAfee argues now that because smartphone and tablet sales are eclipsing those of desktops and laptops, cyber crime is surging in the mobile sector.
Your Android Phone is Spying On You, Use custom ROM To Protect your Privacy
The company that’s creating this software claims that the point of the software is to deliver “analytics” about devices to the carriers to help them provide better service to their users. But is recording every keystroke really necessary for that information? Does not telling the users about this and making it near-impossible to opt out seem a bit fishy to anybody else? This software is on almost all Android phones made by the big names (HTC, Samsung, Motorola), and is even on BlackBerries and Nokia devices, as well.
"Our action was misguided and we are deeply sorry for any concern or trouble that our letter may have caused Mr. Eckhart," the company said in response to the EFF's letter. "We sincerely appreciate and respect EFF's work on his behalf, and share their commitment to protecting free speech in a rapidly changing technological world."
But Eckhart's new video seems to refute at least some of those claims. In one part of the clip, he shows how an entire SMS message--"hello world"--was recorded by Carrier IQ's software. In another example, he demonstrates how a Google search, his location, and other key information is recorded by Carrier IQ's application, even though he was on Wi-Fi and a page secured by HTTPS.
HTTPS? Nothing Is Safe From Carrier IQ
For those unaware, the S in HTTPS stands for secure. It's what keep your passwords and other sensitive data safe when sent across the web. It's provides encryption for said information, so whilst it's traveling through the airwaves, it's safe and snuggly, away from the awful people who want to steal your info.
Just because a website is using a secure connection doesn't mean it's one-hundred percent safe from end-to-end, though. You see, some information, including usernames and passwords, can still be sent plain text. For example, the username and password can be used in the address of the site, like www.mysite.com?username=MYNAME&password=MYPASS (Trev's example). Sure, it's encrypted while going down the tunnel, but guess who gets to see the raw link? Did you guess Carrier IQ? If so, go get yourself a cookie. You earned it. [Source]
Carrier IQ says in this public statement that it is “not logging keystrokes or providing tracking tools” and that its software is used to track performance, but the video proves entirely otherwise: this app is sitting in between you and the Android OS and is making a note of everything you do. Secure websites don’t help. Even using Wi-Fi doesn’t help. Your phone use is being logged by this software, and there is no way to easily opt out.
Devices Without a Cellular Network Aren't Safe, Either
Let's think about the name of this thing for a minute - Carrier IQ. So, it's probably safe to say that this is all about the carriers, right? If that were true, then why would CIQ remain active once a device no longer has carrier service?
Let me back up for one second, CIQ claims that its services are stopped the second the SIM card is removed from the device, which is all fine and dandy... if you're on a GSM network. Those of us on CDMA networks aren't so lucky, though, because we don't use SIM cards. Thus, even when a device is deactivated from its network, it continues to send data back to the carrier, CIQ, and whoever else whenever you're on a Wi-Fi connection.
Let's think about the name of this thing for a minute - Carrier IQ. So, it's probably safe to say that this is all about the carriers, right? If that were true, then why would CIQ remain active once a device no longer has carrier service?
Let me back up for one second, CIQ claims that its services are stopped the second the SIM card is removed from the device, which is all fine and dandy... if you're on a GSM network. Those of us on CDMA networks aren't so lucky, though, because we don't use SIM cards. Thus, even when a device is deactivated from its network, it continues to send data back to the carrier, CIQ, and whoever else whenever you're on a Wi-Fi connection.
Ensure your Privacy : Use custom ROM To Protect your Privacy
Unfortunately, there is no easy way to protect yourself. There’s no switch that you can turn off in the settings of your phone or software that appears in your app drawer that you can simply uninstall. As far as the GUI of your phone is concerned, Carrier IQ isn’t even there. But it is there, hiding in the background, making sure that you don’t even know it exists. And for many, that’s just not cool. Your phone is a deeply personal device and contains lots of things (emails, photos, text messages) that many would consider totally private. Why should this company have access?
Best way, root your phone and there are many guides available for the different devices. The best place to look for information on rooting is the XDA Forum. Search on the page for your phone name and go to the “General” forum for the device. There, you should find threads with guides on how to root and get the phone ready to install custom ROMs. The process varies widely phone by phone, so we can’t give you a definitive guide here, but XDA is generally on top of the best rooting processes for the major devices.The next step is to find a ROM that supports your device that does not have Carrier IQ installed on it. Your best bet is to look for “AOSP” or “Vanilla” ROMs. These are versions of Android that have built entirely from the open source code for Android that’s released by Google each time a new version comes out. These ROMs will be free from carrier and device manufacturer tinkering, and won’t have Carrier IQ hiding in the background.Another great custom ROM solution is Cyanogenmod. Cyanogenmod has some nice additional tweaks and features above stock Android, and is definitely the most well respected and most frequently updated custom ROM out there. Additionally, it’s available on most popular Android devices out there. The developers are even working hard on the next version, based on Android 4.0, Ice Cream Sandwich.
A simple Guide : How To Install CyanogenMod 7 On Samsung Galaxy S II Using ROM Manager isAvailable here.
VectorLinux 7.0 Codenamed 'GG' Is Now Available
The final release of VectorLinux 7.0 (code name 'GG') is now available. This release is the result of nearly two years of blood sweet and tears since the very successful release of VectorLinux 6.0. With the enthusiasm of a small group of packagers, our repository now hosts over a thousand up to date packages. VectorLinux is the fastest Linux desktop in it's class bar none.
The main desktop is based on Xfce-4.8 with a custom theme and artwork again unique to VectorLinux. FluxBox is installed as a secondary desktop option. Much work has been done on localization and we know users from all over the globe will find VectorLinux usable in their language of choice.
All the VectorLinux trademarks are included: DVD playback, Audio and Video Codecs, Multimedia and Java plugins are installed and working out of the box. The best of the Open Source world is included: Gimp, Inkscape, Geeqie and Shotwell for Graphics; the latest Firefox and Opera for Internet Browsing; Pidgin and Xchat for instant messaging; Brasero for CD burning (K3B is available in the repo); Mplayer, UMplayer, Xine and Exaile for playing most available media formats. The office applications are Gnumeric and Abiword (Libreoffice and many others available in the repo).
Wireless networking has been extended with updated drivers and firmware, Wicd has been employed to manage wireless and non wireless networking. Ufw with the Gufw gui is included for firewall protection and there is added support for several webcam makes and models. The Kernel is version 3.0.8 and there have been improvements in installation, usability and hardware Support. This release will fulfill all the hardware requirements of even the most modern equipment.
To Download the VectorLinux-7.0 iso Click Here
Nullcon GOA 2012 - International Security Conference
The open security community is a registered non-profit society and by far the largest security community in India with more than 2000 members comprising of information security professionals, ethical hackers and law enforcement professionals that focuses on Infosec research and assisting Govt. and private organizations with cyber security issues. null has 7 chapters through out India - Pune, Bangalore, Mumbai, Hyderabad, Delhi, Chennai and Bhopal, interacting with around 5000-6000 people by various activities like monthly meets, security camps, workshops, talks at various events & organizations and executing security projects.
Our portal http://null.co.in provides free information on security research, responsible vulnerability disclosure, open source security software project, white papers, presentations, monthly chapter meets.
We see that currently there is a disconnect between the Govt. agencies and private organizations when it comes to cyber security and aim to fill the gap in a vendor neutral way. We have many projects running that help organizations tighten their security infrastructure, including Keeda Project and nullcon - International
Security Conference and Training.
Keeda Project is a database of vulnerabilities found in the wild which are reported to us by the members or anonymous researchers and we take action by immediately contacting the concerned organization and the respective CERT with information on the vulnerability and assist them in mitigating the threats.
As a part of null initiatives we organize nullcon - International Security Conference (http://nullcon.net), our annual flag-ship event. It is held in Goa in the month of February. At nullcon we call upon security experts from around the world to deliver talks and workshops on the latest technology and techniques in the security
and hacking world. The talks range from web hacking, security & hacking tools, smart phone hacking, cyber warfare to zero day vulnerabilities.
The year 2012 marks a revolutionary change and unprecedented expansion in the way nullcon is organized. With the overwhelming support of our esteemed sponsors, enthusiastic participants and volunteers - null is organizing TWO conferences in 2012 - nullcon Goa on 15-18th Feb 2012 and nullcon Delhi in Oct 2012
- Nullcon Goa continues to be a mix of hacking, security and business briefings with a lot of technical events for all the security geeks.
- Nullcon Delhi will focus more on the Corporate and the Government sector. It will include events geared towards business prospects in information security such as the exquisite Exhibit Space and Demo Zone for cutting-edge technology and products, business networking events and parties.