...
Source Code of Crypo.com Available to Download
The Source Code of Crypo.com , One of the Famous Free Online Encryption Service is now available todownload form a File sharing website. This Script will encrypt your messages using a strong encryption algorithm, and then your information will be secure for sending.Download H...
US ,Israel or Russia , Who is Behind Stuxnet?
Initially After Symantec did a little reverse engineering on the now infamous Stuxnet worm, many started pointing the finger at the US and Israel, especially since it was concluded that the piece of malware was designed to target a specific version of the Siemens SCADA programmable logic controls (PLC) operating in certain nuclear facilities from Iran. Ralph Langner told a conference in California that the malicious software was designed to cripple systems that could help build an Iranian...
President of Guyana's Website defaced by Hackers
The Official Website of President of Guyana's Website defaced by some hackers belongs to Group called "The Hackers Army" ."To the ignorant observer Israel may appear modern, vigorous and democratic largely thanks to the outrageous bias in Western media and the $$$ whom have become our leaders...now wake up!!!" The Pakistani hacker also blames the UN for creating out of Israel a country comparable to Nazi Germany. Also earlier The Hackers Army has hacked lots of high profile websites...
Coalition of Law Enforcement Hacked & Agents Information Leaked
The Official Website of Coalition of Law Enforcement and Retail Hacked by Exphin1ty, Claiming himself from Anonymous Team. The Database has been hacked using SQL Injection on the website. Passwords, Email ID's, Address & Phone Number of Various Agents leaked by him. The attack resulted in the temporary suspension of the websiteHacker Said in a pastebin Note that "The American law enforcement's inhumane treatments of occupiers has caught our attention....
Government organised 12 Chinese Hacker Groups behind all Attacks
About 12 different Chinese groups largely directed by the government there, do the bulk of the China based cyber attacks stealing critical data from U.S. companies and government agencies, according to U.S. cyber security analysts and experts. US online security companies are suggesting that it should have the right to force them to stop "by any means possible".Sketched out by analysts who have worked with U.S. companies and the government on computer intrusions, the details...
Web of Trust (WOT) Wins in Court, Favors freedom of speech
The world’s leading safe surfing tool Web of Trust (WOT) has won the lawsuit filed against it in the United States. WOT was accused of defamation, violating rights, conspiracy and manipulating algorithms. The court of justice in Florida granted the motion to dismiss with prejudice.The case was brought up by ten companies, which are all associated to a person named Mr. Ayman El-Difrawi. The companies demanded WOT to remove ratings and comments for their numerous websites. WOT’s advocacy...
Carrier IQ acting as Special Agent for FBI ?
The Carrier IQ Privacy issue continues today with a new, albeit not a really surprising, episode. Apparently the FBI was aware of what the Carrier IQ technology is able to do, and the Bureau is not willing to reveal anything regarding Carrier IQ just yet. Whereas, The FBI denies the release of information about their use of Carrier IQ, Wikipedia founder asks for input about a site-wide blackout, and the Kindle Fire will get a pre-Christmas software update to improve performance.Government...
BeEF 0.4.2.12 alpha Browser Exploitation Framework Released
The Browser Exploitation Framework (BeEF) is a powerful professional security tool. BeEF is pioneering techniques that provide the experienced penetration tester with practical client side attack vectors.Unlike other security frameworks, BeEF focuses on leveraging browser vulnerabilities to assess the security posture of a target. This project is developed solely for lawful research and penetration testing.BeEF hooks one or more web browsers as beachheads for the launching of directed command modules....
Russian hackers hit Twitter with automated hashtags tweets
Russian hackers have taken aim at Twitter in recent days to hamper communication between opposition activists as outrage against the conduct of last week's general elections grows. The pro-government messages were generated by thousands of Twitter accounts that had little activity beforehand. The hashtag is #триумфальная (Triumfalnaya), the name of the square where many protesters gathered.Maxim Goncharov, a senior threat researcher at Trend Micro, observed that “if you currently check this hash...
Fully Undetectable Backdoor generator for Metasploit
Security Labs Experts from Indian launch an automated Anti-Virus and Firewall Bypass Script. Its an Modified and Stable Version in order to work with Backtrack 5 distro. Below you can find the modified version and a simple presentation on how it works:In order to be able to compile the generated payload we must install the following packages ; Mingw32 gcc which you can install by :root@bt:~# apt-get install mingw32-runtime mingw-w64 mingw gcc-mingw32 mingw32-binutilsAfter the installation...
Nintendo 3DS sales hit three million
Nintendo has sold over three million units of the 3DS portable gaming system, with president of the Japanese gaming company Satoru Iwata saying that he felt the console had "regained its momentum."Much of this resurgence in 3DS gaming has been put down to new versions of first party titles like Mario Kart, which sold almost half a million copies in the first few days of December. In the same week of its release, Nintendo was able to push over 215,000 3DS consoles in Japan alone.TechCrunch has it...
Three "critical" patches to be in Microsoft security update
Microsoft is planning to next week release 14 patches to fix 20 vulnerabilities across its product line, the company announced Thursday.Tuesday's monthly security update, to be released around 1 p.m. EST, will come with three "critical" and 11 "important" bulletins to plug holes in Windows, Office, Internet Explorer, Publisher and Windows Media Player. Most of the vulnerabilities, if exploited, can lead to remote code execution.It is unclear if the update will include remediation for an unpatched...
Anonymous claims new Monsanto-related hack
The Anonymous hacktivist group claims it is responsible for putting a Washington, D.C. public relations firm out of business.But a former executive at the now-defunct company, known as The Bivings Group, denies the allegations.Anonymous defaced the firm's website and hacked into a database, spilling the contents, including hundreds of corporate emails, the collective said in a Pastebin document, posted Monday. Anonymous targeted The Bivings Group as part of "Operation End Monsanto," a campaign designed...
ICE admits year-long seizure of music blog was a mistake
We've covered Operation In Our Sites, an ambitious project by Immigration and Customs Enforcement (ICE) to seize the domains of dozens of websites allegedly used for copyright infringement, in great detail here at Ars. In a piece earlier this year, we noted the curious case of Dajaz1.com, a hip-hop music blog that didn't seem to fit the conventional definition of a "rogue site." When the domain was seized last year, the site's owner expressed confusion, showing the New York Times copies of e-mails...
Another Adobe Flash zero-day for sale by security software vendo
InteVyDis, a Russian firm specializing in packaging software security exploits, has released a software module that can give a remote computer access to an up-to-date Windows 7 machine running the most recent version of Adobe Flash Player 11.The exploit module, called vd_adobe_fp, is packaged in VulnDisco Step Ahead Edition, an add-on toolkit for Canvas—an automated exploitation system developed for IT security professionals by Miami Beach-based Immunity. In a video demo of the exploit, Immunity's...
sslyze – Fast and Full-Featured SSL Configuration Scanner
Transport Layer Security (TLS), commonly called SSL, is one of the most widely used protocols to secure network communications. As costs fall and user security and privacy expectations rise companies are deploying it more widely every year. Attacks against the CA system, SSL implementation flaws and aging protocol versions have grabbed news headlines, bringing attention to weak configurations, and the need to avoid them. Additionally, server misconfiguration has always greatly increased the overhead caused by SSL, slowing the transition to improved communications security.To help improve system configurations, iSEC is releasing the free software “SSLyze” tool. They have found this tool helpful for analyzing the configuration of SSL servers and for identifying misconfiguration such as the use...
Microsoft: We Can Remotely Delete Windows 8 Apps
Microsoft will be able to throw a "kill switch" to disable or even remove an app from users' Windows 8 devices, the company revealed in documentation released earlier this week for its upcoming Windows Store.Kill switches -- so called because a simple command can deactivate or delete an app -- are common in mobile app stores. Both Apple and Google can flip such a switch for apps distributed by the iOS App Store and Android Market, respectively.In the Windows Store terms of use , Microsoft made it...
Four Romanians Indicted for Hacking Subway, Other Retailers
Four Romanian nationals have been charged with hacking card-processing systems at more than 150 Subway restaurants and 50 other unnamed retailers, according to an indictment unsealed Thursday.The hackers compromised the credit-card data of more than 80,000 customers and used the data to make millions of dollars of unauthorized purchases, according to the indictment (.pdf).From 2008 until May 2011, the hackers allegedly hacked into more than 200 point-of-sale (POS) systems in order to install a keystroke...
Hackers hit Dutch certificate authority Gemnet
Dutch certificate authority Gemnet has taken its site offline following the discovery of a system breach.Parent company KPN said that the certificate authority had temporarily suspended its web operations following a breach which allow outside attackers to access the Gemnet web server.KPN moved to allay fears that the hack would lead to the creation of false certificates. The company said that no systems related to the certificates themselves had been compromised in the attack and the Dutch PKIoverheid...
Skype security flaw leaves user locations vulnerable
Users of the world’s most popular Internet telephony service may be inadvertently putting themselves at risk of having their physical location and other personal details stolen, experts warn.Tracking the Skype activities of 20 volunteers and a random sample of 10,000 other users over two weeks, researchers at New York University’s Polytechnic Institute found hackers could not only discover where each user placed each call, but also their peer-to-peer (P2P) file-sharing activity. Their findings were...
Green MP’s e mails hacked
Green Party list MP Kevin Hague is today reassuring people that he is alive and well in New Zealand, not trapped penniless in Spain, as an email scam claims.Mr Hague's personal email account has been hacked and a scamster purporting to be him is emailing his account contact list to say that he is in financial difficulty, having misplaced his bag in Spain, and desperately needs US$2000 to cover his hotel bill and flight home.Promising immediate reimbursement when he returns home, the email says:...
HP sued over security flaw in printers
A lawsuit against Hewlett-Packard alleges that the company sold LaserJet printers that it knew had a security flaw in them that could allow hackers to steal data, take control of networks and even cause physical damage to printers through overheating.The suit, filed last week in district court in San Jose, Calif., accuses HP of knowingly selling printers with a design defect that renders them "highly vulnerable to attacks by hackers." The plaintiff, David Goldblatt of New York, said he would not...
Six arrested for Million Pounds phishing scam
Six people from London and the North West were being questioned by police on Friday in connection with a £1 million phishing scam that drained the bank accounts of hundreds of UK students. That is a lot of beer and book money, and the police said that hundreds of students had been caught out by the scammers. Today the Metropolitan Police said its Police Central e-Crime Unit (PCeU) arrested the suspects yesterday after four months of investigation.On Thursday, the police arrested a 38 year old...
The Mole - Another Automatic SQL Injection exploitation tool
The Mole is an automatic SQL Injection exploitation tool. Only by providing a vulnerable URL and a valid string on the site it can detect the injection and exploit it, either by using the union technique or a boolean query based technique.Features Support for injections using Mysql, SQL Server, Postgres and Oracle databases. Command line interface. Different commands trigger different actions. Auto-completion for commands, command arguments and database, table and columns names. Support for query...
Social network poisoning - They are Following you Everywhere !
Note : This Article is taken from Most Comprehensive and Informative IT Security Magazine by The Hacker News - December Edition [ Download Here ]"Be Social" is the imperative of the last years. We live alternative lives, weave dense networks of relationships; we feel the irrepressible urge to be part of a group, to fill the void that we carry within. But this human propensity to aggregation is now the foundation of the concept of "social network", a community of people,...
Biggest Pakistan News site Dawn.com hacked by LuCkY
Indian hacking Group "Indishell" hackers once again hit Pakistani cyber space. This time LuCkY from Indishell team deface the biggest Pakistani News site Dawn.com (Alexa Rank : 3540).He also post Database Info ie.Database Name - archives_wpressDatabase Name - archives_user2Database Password - 'B,!R~T-K^L2)');Deface page message include the possible hack reason "You Wont get kashmir by hacking sites lol , Kashmir is ours will be". Hackers on both sides...
Hack a webcam and a film camera into a USB microscope
Have you ever wanted to inspect or photograph something up close, but could not find amagnifying glass or did not have enough light on your subject? Well read on, because this project will do the job for you at little or no cost called “My Inspector Gadget”.Most of you probably have a webcam sitting around somewhere, and after all the high voltage projects you’ve done using disposable cameras, we bet you have some camera lenses too. In a contest entryButch shows how to make your very own...
Coca-Cola Norway Hacked by Greek Hacking Scene (GHS)
An Impressive cyberattack was executed by a Greek hacker against the official website of the multinational company Coca-Cola in Norway with defacement in internal links of the website. In a demonstration of power, the Greek hacker with the pseudonym «Napsterakos», identified weakness in the company's website-giant Coca-Cola, and defaced on purpose to post his own messages.As SecNews was informed by an anonymous reader giving us details about the incident, the attack was made as the first attack...
XSS Vulnerability in Google Code site
XSS (Cross site Scripting)Vulnerability discovered in Google Code website as shown. Claimed to be Discovered by Vansh Sharma & Vaibhuv Sharma.Proof Of Concept: Just go to http://code.google.com/apis/ajax/playground/ and then click on edit HTML after that remove all the codes and type this script : <img src="<img src=search"/onerror=alert("XSS")//"> and click on DEBUG CODE, and then first it will show you "Sample must have <head> element" click OK and wait for the...
Charlie Miller now working with DoD for Cyber Security
Charlie Miller is a former hacker who has become an information security consultant now working with Department of Defense (DoD) for helping out with cyber security. He was invited to the conference on cyber conflict held by the NATO Cooperative Cyber Defense Center of Excellence in Tallinn, where he talked about the vulnerability of information systems. In a recent video released he talks about the ways he works.He spent five years working for the National...
Another United Nations Web Site Hacked, Barack Obama info Leaked !
Hackers of Team Sector 404 have breached the Spanish Web site for the United Nations Refugee Agency ACNUR. Group claims to be working with Anonymous. Hackers was able to breach site withSQL Injection vulnerability.They leaked Barack Obama’s email address, username, password (not in clear text), personal phone number and a login ID as shown. Other individuals whose information was leaked are Dirk Wildt from Die Netzmacher and Schaffstein from a non-profit organization called TYPO3...
MySQL.com Once again Compromised using Sql Flaw
A hacker with name "D35M0ND142" claim to hack MySql.com website using Sql Injection Flaws. In September, Mysql.com was hacked and it was serving BlackHole exploit malware on the site. In apastebin dump Hacker Exposes various Admin user credentials and Database info. The Compromised Usernames and Passwords are from Blog site of MySql.MySql website is pretty embarrassed for not securing its own database’s properly, Even hacker share that "Robin Schumacher is MySQL's Director...
Cain & Abel v4.9.43 Released
Cain & Abel is a password recovery tool for Microsoft operating systems.It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using dictionary and brute force attacks, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols.Change Log : Added SAP R/3 sniffer filter for SAP GUI authentications and SAP DIAG protocol decompression. Added support for Licensing Mode Terminal Server connections...
DNS cache poisoning attack on Google, Gmail, YouTube, Yahoo, Apple
Hacker with nickname AlpHaNiX deface Google, Gmail, Youtube, Yahoo, Apple etc domains of Democratic Republic of Congo. Hacker use strategy so-called DNS cache poisoning.DNS cache poisoning is a security or data integrity compromise in the Domain Name System (DNS). The compromise occurs when data is introduced into a DNS name server's cache database that did not originate from authoritative DNS sources. It may be a deliberate attempt of a maliciously crafted attack on a name server.Hacked websites...
Protecting Your BlackBerry Smartphone with Security Wipe
The BlackBerry device is a wonderful thing. We load our BlackBerries with various softwares and applications to increase our productivity and customize them with interesting themes and ringtones. We watch movies and play games and track day to day activities. All of these things require passwords and usually involve storing data on our devices that is sensitive in nature.So what if you want to wipe your BlackBerry clean?There are a number of reasons why you might want to wipe out your Blackberry....
Android Bloatware, Another Serious Android Privacy Issue
Researchers have found that some Android smartphones are more vulnerable to attacks than others, thanks to add-on software and skins that get installed by handset makers before they ship their smartphones to subscribers. It’s not just Carrier IQ that Android users need to be worried about.A team of researchers from North Carolina State University discovered the security vulnerability on eight different smartphones from Google, HTC, Motorola and Samsung. Black hat hacker can exploit these...
Biggest Independent Russian Election site Hacked on election day
Popular Russian media websites, the major LiveJournal social network and the website of the country’s biggest independent election watchdog, were inaccessible in hacking attacks for several hours on Sunday in what their employees said was an attempt to jam information on parliamentary elections.“The attack on the website on election day is apparently tied to an attempt to publish information about violations,” chief editor of the independent-minded Ekho Moskvy radio Aleksei Venediktov wrote in his...
XSS Vulnerability On Twitter Found by 15 Years Old Expert
A 15 years old XSS Expert "Belmin Vehabovic(~!White!~)" discovered XSS Vulnerability On Twitter and report us. The Vulnerable link is here. Even He also Discovered XSS Vulnerability in Facebook also as tweeted by him Yesterday &Facebook is offering him $700 as Boun...
Critical Security Holes In Oracle Database
A serious vulnerability found by security researchers on oracle databases. An attacker can perform SQL injection attacks and other advanced attacks, thus they can gain full privilege & traction said security researchers. Is Oracle just paying lip service to database security? Some researchers within the database community think so, complaining that as the software juggernaut has grown with acquisitions, such as the blockbuster Sun deal, it hasn't maintained enough...
Femtocells, NFC and Bluetooth among emerging mobile security risks
Some of the major wireless networking technologies behind mobile networks could soon become key vectors for attackers, say researchers.Security vendor McAfee said in its 'Securing Mobile Devices' report that connectivity options such as near-field communications and Bluetooth could allow attackers to defraud users out of money by way of their mobile handsets.Report author Dr. Igor Muttik said that future attacks on mobile handsets will likely be made easier by the fact that handsets are constantly...
The Spy Files: Wikileaks expose Mobile Phone, Email Hacking capability
“Today we release over 287 files documenting the reality of the international mass surveillance industry – an industry which now sells equipment to dictators and democracies alike in order to intercept entire populations” Assange told reporters. Another leaked document from 2011 shows how one UK firm is depended upon by the government, including “law enforcement agencies, intelligence and military agencies & special forces”. Such technologies can be “integrated into bespoke solutions...
McAfee drafted Five Steps to Avoiding bad apps on Pc & Mobile
Malicious applications are one of the most serious threats to smartphone users today. Not only can a dangerous app infect your phone and steal your personal information, it can even spy on you. Read our five easy tips for avoiding bad apps, and keep your device and information safe.An Android developer recently discovered a clandestine application called Carrier IQ built into most smartphones that doesn't just track your location; it secretly records your keystrokes, and there's nothing...
Your Android Phone is Spying On You, Use custom ROM To Protect your Privacy
The company that’s creating this software claims that the point of the software is to deliver “analytics” about devices to the carriers to help them provide better service to their users. But is recording every keystroke really necessary for that information? Does not telling the users about this and making it near-impossible to opt out seem a bit fishy to anybody else? This software is on almost all Android phones made by the big names (HTC, Samsung, Motorola), and is even on BlackBerries and Nokia...
VectorLinux 7.0 Codenamed 'GG' Is Now Available
The final release of VectorLinux 7.0 (code name 'GG') is now available. This release is the result of nearly two years of blood sweet and tears since the very successful release of VectorLinux 6.0. With the enthusiasm of a small group of packagers, our repository now hosts over a thousand up to date packages. VectorLinux is the fastest Linux desktop in it's class bar none.The main desktop is based on Xfce-4.8 with a custom theme and artwork again unique to VectorLinux. FluxBox...