Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

PakizLover
Defaced Website Hackers News Pakistan Hackers PakizLover

18 sites Hacked and defaced by Pakistani Hacker Group PakizLover


Pakistani Hacker Group "PakizLover"  hacked 18 websites and defaced them.(main page defacement).

Hacked Sites:

http://www.poptopaddition.com/default/
http://paramountadvisers.com/efault/
http://www.potomachomeforsale.net/Default/
http://homesforsalechevychasemd.com/index.html
http://newhomebuildervirginia.com/index.html
http://potomacarchitect.com/index.html
http://potomacbuilder.com/index.html
http://rockvillearchitect.com/index.html
http://rockvillehomeplans.com/index.html
http://homeforsalebethesda.net/index.html
http://homerenovationandremodeling.com/index.html
http://houseforrentbethesdamd.com/index.html
http://marylandhomerentals.net/index.html
http://houseforsalemd.com/index.html
http://houserentalsmclean.com/index.html
http://houserentalsmd.com/index.html
http://houserentalsva.com/index.html
http://pksagar.com
Read more »
Hackers News
Anonymous Finland Anonymous Hackers Hackers News

Operaatio Screw Talvivaara-Anonymous Finland approved the support of Anonymous


Anonymous Finland planned the operationg named as  Operaatio Screw Talvivaara against the Talvivaara Mining Company. They  approved the support of Anonymous' worldwide Operation Green Rights, a series of actions in defence and safeguard of the environment, and decided to start a spin-off of the same in their country.

 "Talvivaara Mining Company Plc (Talvivaaran Kaivososakeyhtiö Oyj) has been carrying out massive and dangerous mining operations in Eastern Finland so far to the detriment of the local natural environment and people of the communities living off Lake Hakonen and nearby the Talvivaara mine." They said in their official press release.


"We at Anonymous Finland are simply pissed off and decided to join the struggle against Talvivaara: We officially declare war to You and start Operaatio Screw Talvivaara. We stand in solidarity with all the citizens affected by Talvivaara's action and polluting activities and We support them in protesting against this corporate abuse. Anonymous Finland will not stand by idly and let these environmental atrocities continue. This is not the clean energy of the future that we are being promised.

Anonymous Finland will, over the course of the next weeks and months, use the powers We posses to spread attacks on You. We invite all the people of the communities affected by Talvivaara's activities and the rest of the Finnish people to take the protest to Eduskunta and show that You are as mad as hell and You are not going to take this shit anymore."

You can check the full press release here:
http://pastebin.com/j5Syj8aB
Read more »
Security News
Security News

An input sanitation flaw in Gentoo Linux ~ Security Advisory

Gentoo Linux published Security Advisory for phpDocumentor Vulnerability.  phpDocumentor bundles Smarty which contains an input sanitation flaw, allowing attackers to call arbitrary PHP functions.

The phpDocumentor package provides automatic documenting of PHP API directly from the source. phpDocumentor bundles Smarty with the modifier.regex_replace.php plug-in which does not properly sanitize input related to the ASCII NUL character in a search string. A remote attacker could call arbitrary PHP functions via templates.

Gentoo recommends all phpDocumentor users to upgrade to the latest stable version:

# emerge --sync
# emerge --ask --oneshot --verbose
">=dev-php/PEAR-PhpDocumentor-1.4.3-r1"

NOTE: This is a legacy GLSA. Updates for all affected architectures are
available since February 12, 2011. It is likely that your system is
already no longer affected by this issue.



Read more »
Hackers News
Anonymous Hackers Anonymous Iberomerica Hackers News

congresogro.gob.mx site is Hacked by Mexican Hackers & Anonymous Iberomerica


congresogro.gob.mx(H. Congreso del Estado de Guerrero) website is hacked by Mexican Hackers & Anonymous Iberomerica.  They dumped the database in pastebin. The leak contains name, email,phone number...etc.They hacked this site as part of the operation named as "#OPCORRUPCION"
They also managed to enter the page of the members of the National Action Party, and took information from your mailbox citizen.

ANONYMOUS PRESS
We have often heard the Mexican deputies, federal and local legislatures, boast of the "great" accomplishments of his administration and trying to prove by all means at their disposal than the salary they earn negligible (much higher than the salary the vast majority of Mexicans) have earned it penny by penny. They enjoy many holidays, has one of the more flexible hours in the labor market, and if this were not enough, enjoy the benefits that many Mexicans can barely dream: major medical insurance, travel, free cell phone , petrol vouchers and even meals at fancy restaurants by the Treasury. All this simply because they belong to a political party to achieve an early age and "tying the post" as they say in Mexico. Perhaps since the time of the day the Sun King, Louis XIV, had not seen a cut of such proportions. Yes, we have written well: a court. A court insider for the crisis, famine, the gasolinazos not exist, because the public pays. A court which claims to work while those who truly work must deal with assaults on public transport, with haughty heads, afraid to be fired at any time thanks to the laws promoted by these gentlemen, and last but not least, with fear being kidnapped or killed, while these gentlemen in sumptuous dining establishments sure to have peace of mind that a team of bodyguards (if paid by the people, of course), provide.

As we will show below, this is just another part of the massive corruption (both blatant and hidden) of the suffering people of Mexico. Anonymous Hackers have succeeded in Mexican and compromise the database contact page citizen's National Action Party in the Legislative Assembly of Mexico City, whose coordinator is Ms. Mariana Gomez del Campo, is an extract of the same in this post. In these emails, ranging from the absurd to the dramatic, to the raw, political and accurate, we can glimpse the large number of citizen complaints and requests for action received, of which very few, only a few, come the public domain. This particular political party, claims to be the most productive in that legislative body. The question here is whether this group is most active, what are then the less active? People of Mexico, Anonymous flatters you this information so that reflections on it and wonder if they really deserve to be holding this ball of lazy.

We regret to have exposed citizens in this information leak, but found no other way to denounce the inaction and inefficiency of the authorities, so if your identity or email is posted on this leak, we offer an apology in advance. If Anonymous, which has no influence with the government nor officials at your service, you can get this information so easily ... How easy it is for a criminal group with officials get paid? People of Mexico, these are your rulers.
Hacked site:
http://www.congresogro.gob.mx

Pastebin Link:
http://pastebin.com/2JiTr205
Read more »
Vulnerability
Apple Hacked Mac OS X Hacks OS Vulnerability Vulnerability

Critical Vulnerability found in Apple Mac OS X Sandbox Mechanisms


CoreLabs Researchers discovered critical Vulnerability in Mac OS X's sandboxing mechanisms.They published the Advisory information on Nov 10,2011.

Vulnerability Description

Several of the default pre-defined sandbox profiles don't properly limit all the available mechanisms and therefore allow exercising part of the restricted functionality. Namely, sending Apple events is possible within the no-network sandbox (kSBXProfileNoNetwork). A compromised application hypothetically restricted by the use of the no-network profile may have access to network resources through the use of Apple events to invoke the execution of other applications not directly restricted by the sandbox.

It is worth mentioning that a similar issue was reported by Charlie Miller in his talk at Black Hat Japan 2008 . He mentioned a few processes sandboxed by default as well as a method to circumvent the protection. Sometime after the talk, Apple modified the mentioned profiles by restricting the use of Apple events but did not modify the generic profiles.

According to the Advisory,Apple Mac OS X 10.7.x,10.6.x,10.5.x are vulnerable .

Apple Mac OS X 10.4 is non-vulnerable. 


Read more »
Mass Defacments
Defaced Website Hackers News Hitcher Mass Defacments

600+ Websites Hacked by Hitcher

The Hackers Team "Hitcher" hacked 600+ websites and defaced them by uploading the hitcher.html file. They websites are from different countries.

http://www.yyjcw.gov.cn/hitcher.html
http://www.taerpl.com.au/hitcher.html
http://www.35xxt.com/hitcher.html
http://www.gvaonline.com.ar/hitcher.html
http://careers.royalcanin.us/hitcher.html
http://www.hcqrd.gov.cn/hitcher.html
http://bouwmeteo.be/hitcher.html

Full list is here:
http://pastebin.com/pMwR4rv8
Read more »
Pakistan Hackers
Anonymous Hackers Pakistan Hackers

Anonymous site(Anonyops.com) hacked by Pakistani Hacker Tha Disastar


Few days back, Anonymous hackers declared an operation against the The Muslim Brotherhood .  They told that they are going to launch DDOS attack against them on Nov 11.

Today, A Pakistani Hacker named as "Tha Disastar" hacked into the official site of AnonyOPS.The DDoS specilist has also faced massive denial of service attack on the anonyops.com and the site is still off-line.

In the message hacker said that "Anonymous should stay in limits,and must not go out of there limits to others peoples religion"

Hacked Site
http://anonyops.com/anonnews/uploads/

Mirror Link
http://www.zone-hack.com/defacements/?id=5822

Read more »
Cyber Crime
Cyber Crime

EDF fined €1.5m (£1.3m) for Spying on Greenpeace with Trojan


French nuclear giant EDF  has been fined 1.5 million euros by a Paris court on Thursday for hacking the computers and putting virus into the network of environmental group Greenpeace .

Two of the group's security chiefs were also sentenced to prison for their role in the affair, which involved the theft of confidential documents from the computer of the former head of Greenpeace France, Yannick Jadot.


Crime
In 2006, EDF hired a private detective agency called Kargus Consultants, run by a former member of the French secret services, to spy on the Greenpeace France plans. The agency send an email with Trojan Attachment to the director Yannick Jadot.  When he opened the document , the Trojan was infect the system and opened back door of Hackers. The agency accessed around 1,400 documents on Jadot's computer.

Sentenced
French Judge Isabelle Prévost-Desprez pronounced a verdict of guilty in the trial of French state owned energy giant EDF, which was accused of industrial scale espionage against Greenpeace. She sentenced EDF executive Pierre-Paul François to three years imprisonment, with 30 months suspended and Pascal Durieux three years imprisonment, two years suspended and a 10,000 Euro fine for commissioning the spying operation.

The judge also handed down a guilty verdict in the case of Thierry Lorho, the head of Kargus, the company employed by EDF to hack into the computers of Greenpeace. He has been sentenced to three years in jail, with two suspended and a 4,000 Euro fine.

EDF has been fined 1.5 million Euros and ordered to pay half a million Euros in damages to Greenpeace.


Read more »
Software Release
Security Tools Software Release

Naxsi 0.41 released -Open Source Web Application Firewall module for Nginx

What is Naxsi?

Naxsi is an open source, high performance, low rules maintenance, Web Application Firewall module for Nginx, the infamous web server and reverse-proxy.

Its goal is to help people securing their web applications against attacks like SQL Injections, Cross Site Scripting, Cross Site Request Forgery, Local & Remote file inclusions.

The difference with most WAF (Web Application Firewalls) out there is that it does not rely upon signatures to detect and block attacks. It uses a simpler model where, instead of trying to detect "known" attacks, it detects unexpected characters in the HTTP requests/arguments.

Each kind of unusual character will increase the score of the request. If the request reaches a score considered "too high", the request will be denied, and the user will be redirected to a "forbidden" page. Yes, it works somewhat like a spam system.

Changelog:

- Feature: added support for FILE_EXT. We can now control file uploads
names/extensions as well.
- Added a rule for FILE_EXT into naxsi_core.rules
- Added unit testing for FILE_EXT feature
- Fixed erroneous log messages
- Fixed an error on whitelist of types $URL:xxx|URL


Download it from here:
http://code.google.com/p/naxsi/downloads/list
Read more »
Database Leaked
Cyber Attacks Database Leaked

Security breaching on Steam Forum database, Credit Cards at risk


Yesterday(Thursday), Gabe Newell, founder and CEO of Valve Software announced about the Security breach on Steam Forum Database following the forum defacement on Nov 6,2011.

Here is the Announcement:

Dear Steam Users and Steam Forum Users,

Our Steam forums were defaced on the evening of Sunday, November 6. We began investigating and found that the intrusion goes beyond the Steam forums.

We learned that intruders obtained access to a Steam database in addition to the forums. This database contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information. We do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked. We are still investigating.
They recommends you to closely watch your credit card activity, Even though there is no evidence of credit card misuse at this time.

According to the report, the Steam forum database is compromised, they recommend users to change the password for Forum.  Though there is no data compromise in steam accounts, changing the password in steam make you secure.

If you use the same password for steam & steam forums and other accounts including email,  you must change the password now.  Steam introduced "verification by email" whenever you login from different computer(like facebook).  But if you use the same password for email, an attacker can login into your email and hack your account.
 
Security Tips:
  • If you are using very weak password , change it now.  Though it is encrypted, weak password can be cracked. 
  • Keep an eye on your credit card statement and report any unexpected transactions
  • Don't store your credit card details in any website.
  • Enable "Verify by Email" option, this will ask you to verify whenever you login from different systme.
  • Do not use the same password for email (use unique and strong password for email alone).

Read more »
Subscribe to: Comments (Atom)