Website english.inmind.com is hacked by Indian Hackers :- aK47 & D4RK CRYST4L
So here is the Deface Page !
Friday 30 September 2011
Monday 26 September 2011
Official websites of 7 major Syrian city hacked by Anonymous
Posted by
Code104 Reporter
Labels:
Anonymous,
Cyber News,
defacement,
Hacker,
Hacker News,
Lulzsec
on
, |
Comments
http://tartous-city.gov.sy/
http://deirezzor-city.gov.sy/
http://palmyra-city.gov.sy/
http://homs-city.gov.sy/
http://aleppo-city.gov.sy/
http://latakia-city.gov.sy/
http://old-damascus.gov.sy/
Facebook Track your Cookies Even After LogOUT
Posted by
Code104 Reporter
Labels:
Cyber News,
facebook hacks,
featured,
Hacker News
on
, |
Comments
According to Australian technologist Nik Cubrilovic: 'Logging out of Facebook is not enough.' He added, Even after you are logged out, Facebook is able to track your browser's page every time you visit a website. He wrote in his blog 'With my browser logged out of Facebook, whenever I visit any page with a Facebook like button, or share button, or any other widget, the information, including my account ID, is still being sent to Facebook.'
After explaining the cookies behavior he also suggested a way to fix the tracking problem: 'The only solution to Facebook not knowing who you are is to delete all Facebook cookies.'
Sunday 18 September 2011
26 Books on Hacking by Ankit Fadia: Free Downloads
Download various books on Hacking by Ankit Fadia for free
Collection | 26Books | DOC PDF | 8MB
Author: Ankit Fadia
Ankit Fadia is a certified ethical hacker from India. He has written a number of books on hacking and security.
Download link::
http://www.filesonic.com/file/534316741/ankit_fadia_books.rar
By tech Panels
What is Denial of Service (DoS) Attacks
Denial Of Service (DoS) Attacks :-
A denial of service (DoS) attack is an attack that clogs up so much memory on the target system that it can not serve it’s users, or it causes the target system to crash, reboot, or otherwise deny services to legitimate users.There are several different kinds of dos attacks as
discussed below:-
1) Ping Of Death :- The ping of death attack sends oversized ICMP datagrams (encapsulated in IP packets) to the victim.The Ping command makes use of the ICMP echo request and echo reply messages and it’s commonly used to determine whether the remote host is alive. In a ping of death attack, however, ping causes the remote system to hang, reboot or crash. To do so the attacker uses, the ping command in conjuction with -l argument (used to specify the size of the packet sent) to ping the target system that exceeds the maximum bytes allowed by TCP/IP (65,536).
example:- c:/>ping -l 65540 hostname
Fortunately, nearly all operating systems these days are not vulnerable to the ping of death attack.
2) Teardrop Attack :- Whenever data is sent over the internet, it is broken into fragments at the source system and reassembled at the destination system. For example you need to send 3,000 bytes of data from one system to another. Rather than sending the entire chunk in asingle packet, the data is broken down into smaller packets as given below:
* packet 1 will carry bytes 1-1000.
* packet 2 will carry bytes 1001-2000.
* packet 3 will carry bytes 2001-3000.
In teardrop attack, however, the data packets sent to the target computer contais bytes that overlaps with each other.
(bytes 1-1500) (bytes 1001-2000) (bytes 1500-2500)
When the target system receives such a series of packets, it can not reassemble the data and therefore will crash, hang, or reboot.
Old Linux systems, Windows NT/95 are vulnerable.
3) SYN – Flood Attack :- In SYN flooding attack, several SYN packets are sent to the target host, all with an invalid source IP address. When the target system receives these SYN packets, it tries to respond to each one with a SYN/ACK packet but as all the source IP addresses are invalid the target system goes into wait state for ACK message to receive from source. Eventually, due to large number of connection requests, the target systems’ memory is consumed. In order to actually affect the target system, a large number of SYN packets with invalid IP addresses must be sent.
4) Land Attack :- A land attack is similar to SYN attack, the only difference being that instead of including an invalid IP address, the SYN packet include the IP address of the target sysetm itself. As a result an infinite loop is created within the target system, which ultimately hangs and crashes.Windows NT before Service Pack 4 are vulnerable to this attack.
5) Smurf Attack :- There are 3 players in the smurf attack–the attacker,the intermediary (which can also be a victim) and the victim. In most scenarios the attacker spoofs the IP source address as the IP of the intended victim to the intermediary network broadcast address. Every host on the intermediary network replies, flooding the victim and the intermediary network with network traffic.
Result:- Performance may be degraded such that the victim, the victim and intermediary networks become congested and unusable, i.e. clogging the network and preventing legitimate users from obtaining network services.
6) UDP – Flood Attack :- Two UDP services: echo (which echos back any character received) and chargen (which generates character) were used in the past for network testing and are enabled by default on most systems. These services can be used to launch a DOS by connecting the chargen to echo ports on the same or another machine and generating large amounts of network traffic.
by tech PANELS
On Page SEO Optimization Techniques for Blogs/Beginners/Blogger
How to Optimize Blogs by On Page Optimization Techniques
Research Keywords :
Keyword research is the first step to starting the long term blogging career and also to start the On page Optimization because if you don't know about your niche keywords then you never generate traffic to your blogs as your niche should be deserve without researching your keywords and also If you are in the planning to monetize your blogs with some advertising companies such as Google Adsense then you must be research high targeted keywords for generate decent amount. The idea is simple because if you don't know the keywords that people searches mostly related to your niche then how search engine let you bring to the top position if you don't have any optimized page for that corresponding keyword.
There are many software to researching the keywords of which mostly used by users such as Word Tracker which is a firefox plugin and you can use it in the browser while you are writing your post just enter your keywords then it will give you the suggestion of your related keywords which are mostly searches by the users.
Mostly I am using google own keyword Tool just type your keyword phrases or keyword and search you will get lot of suggestion you can sort it by globally searches or locally search and noted down your keywords to any safe area.Domain Name :
If you want to be stay in blogging for long term then I would suggest you that purchase your own domain name because if you used any free domain such as yourblogname.blogspot.com and after some months you want to be purchase your own domain name then you know how hard to increase your audience and by changing the domain name then you have to start working from the starting. I highly recommended that include your main keywords in your domain name because search engines gives priority to sites who have keyword also in domain name. If possible then register your domain name for a long term. The longer the registration the most trusted by search engines because many spam sites have short registration and longer the registration will indicate to search engines that you are building your site for long period.Blog Title & Post Title :
Blog title is main factor for on page seo optimization. You can find it by going to your source code your blog title will be between <title> Your Blog Title </title>. So for creating your home page blog title make sure to include your main keywords in your blog title and don't make it longer or your blog title should be upto 70 words including spaces and not more than 70 words if you do that then your blog title will going to be overloaded and your blog title looks very spoil in search engine pages and your CTR will automatically decreases.This is also applied for post titles and also here not include more than 70 words in post title. Try to include your main keywords in the beginning of your titles because search engines gives priority from left to right. Don't use same title for different pages.
If you blog is hosted on google blogger platform then by default your post tile not be search engine optimized because you will see your post title as "BLOG TITLE : POST TITLE" so you can see your blog home page title will be on the left side and your main page on which you created content for your targeted keywords is in right side and search engine will gives priority to your blog title not on post title so bring your post title on left side and remove your blog title on post pages because of 70 words criteria so that you can include your some keywords on post title too.Meta Tags :
In On page seo optimization some webmasters says that search engines has been changed the algorithm and they did not use meta tags for search queries and it is also true if you don't have any meta description of your blog then google will generate automatically a description and shows it in the search result page. Basically how google find the description automatically the idea is simple if user search the query and then google finds a piece of 160 words from your posts which contains mostly the queries related term. So my question is that why you want to give extra work to google for finding the description the idea is simple create a good description which contains your keywords and if your selected description has best 160 words from your entire post.then google will show it. You can see meta tags as description and keywords as in your source code if you have,
<META NAME="description" content="Your Description Here">
<META NAME="Keywords" content="Your Keywords Here">
meta keywords is not important for seo in these days because many users can stuffed with keywords so it is now not considered by major search engines and if you do that then no negative effect so add it properly because doing something is better than nothing.
Make sure your meta tags must be unique for every pages of your blog. Never use the same meta tags for your pages it could be negative effect in seo for your blog. If your blog is hosted on blogger then read this post Add different meta tags for post, static, archive, home pages of bloggerPage Headings H1, H2, H3.. H6 :
Headings have major roles in on page seo optimization. you can see your headings in your source code it look like <h1> .. </h1>. Like a book if you read a book then first look at the name of the book as blog title have and then go to inside the book and you would like to see some headings before reading the book. This is also true for search engines. search engines look at your headings and H1 heading tag is more powerful in SEO than H2 heading tag and and similarly, H1 < H2 < H3 < H4 < H5 < H6
Since H1 heading tag is most powerful among all heading tags so it doesn't means that you used H1 heading tags many times in the same post. Never do that if you do this then it could be negative effect in SEO for your blog. Only use one and unique H1 heading tag for your every pages of your blogs and then you can use H2 heading tags more than 1 which are subheadings and similarly for H3. I am mostly use upto H3 heading tags. You can suppose H1 heading tag is like your country and H2 heading tag like your state of your country and H3 heading tag like your cities in your state of your country and similarly you can expand it.Page Content :
There is no doubt that content is the king for search engine optimization but your content must be have your targeted keywords as you find in your keyword tool see step 1. Try to use those keywords in the content and optimize your content page for some specific phrases means one or two but not enough phrases because if you do that then search engine will confused that for which phrases we have to bring this page into search pages. So in simple way use your suggested keywords by keywords tool in to your post page it will increase the chances for finding the traffic and optimized it with primary keyword which is the most searched keyword in your keyword tool and include your primary keyword in to the first paragraph of your post but never stuffed. And the second largest searched term you can use it by secondary keywords and use it in your content but be sure the quantity of your secondary keyword should not be more than primary keyword.Keyword Density :
First thing you must be know that you are writing about your audience and not for search engines. So write your content normally and never stuffed your article by filling a lot keywords in your content. Basically your keyword density should be between 1% - 4% if your keyword density be 6% or 8% then your could be banned by major search engines. Keyword density means suppose you write 100 words and use 'SEO' 2 times, then your keyword density will be 2%. You can check for keyword phrases also. Use this tool for Keyword Density Checker.Internal Linking :
Internal links means put your existing post URL into the post which is related to the existing one and for create a link use Anchor Text with your keywords related to post of which you want to add link because in the content area the linking is most trusted by the search engines. Being links in sidebar or in footer it is also in benefit but in the content area it is more powerful in SEO for on page optimization.URL Structure :
Also search engines look at the URL of the post for keywords if they find keywords in the URL they could give some priority. So try to use your keywords in your URL structure which will be after your your domain name. For example could you see "On, page, optimization, SEO" in my URL structure in your browser URL field.Updating Content :
The more you update your content the more traffic you get and the more indexing by search engines and the more probability to popular so try to write articles in your blogs at least one in a day. if not then at least two article in a week. Update content in your blogs is doesn't mean that go to your edit post and cut some part and add some part and publish it. It means you want to fool search engines but search engines not like a fool at least the current season.Related Niche Brands :
It is a fact that if you want to read mathematics and you know two persons in which one knows mathematics, physics, chemistry, Bio, Social Science, Programming Languages, .. and much more. but on the other hand the other person only knows Mathematics so I have a question to you that with what person you want to read the first who knows mostly all things or the second one who knows the thing which you want. I would not say what you think but in my case I will prefer the second person who knows only mathematics because no one in the world exist who experts in all the field. Similarly Search engines mostly likes the blogs which related to a particular niche and all the post of the blog are related to that niche. For example I could not add any category in this blog related to 'health' because my niche is Tips & Tricks and based on SEO Technology.Image Optimization :
I would not say about image optimization here because I have already created a post related to image search engine optimization with brief explanation.Useful Gadgets :
In your sidebars put recent post gadget (for linking each other pages) and don't forget to add gadget which contains the categories of your content. if you are a blogger account then it is know as Blog Archive widget. I highly recommended you to add related post gadgets below every post pages but above the comment box. You can use Linkwithin for related post gadget with thumbnails.Outbound Links :
Basically outbound links are links which are points to other sites from your site. Keep in mind that for your every page your outbound links should not be more than 100. If possible then keep the links which are related to your niche, which will be beneficial for both your visitors and for search engines. But why for search engines? It would leave my visitors to linked site. Is outbound links help for indexing? I really have not much idea about that but think if you are writing an article and you know the article which is already published and mostly related to your own and if you link your article to that already published post so your visitors can read more information about your article for linking by you than not outbound link. Readers sure Love You (as a friend lol!) and back if they want other info. You can read more about Do Outbound Links matter in SEO.
Above are the factors what I measure through our SEO for my blog for On page optimization if you follow these steps then I am sure your pages will be optimized but game is not over because you have been done your batting and now you have to do bowling and in this case you have to some player for your fielding and you can play with more than 11 players( Ok don't take pressure on your knee. lol!). now you have to do Off page SEO Optimization for getting the benefits for you On Page SEO Optimization, or vice versa. click the following link.
- Off Page Optimization for SEO ( Soon! just after 20 hour)
No Wait... Whenever Latest posts here delivered in your email just subscribe Blogger & SEO Technology
You done!
Friday 16 September 2011
2nd largest Database of jobseekers in pakistan hacked by H@ck3r h!t3sh
4 Indian Government Railway websites defaced by KhantastiC HaXor!
Defaced websites links :
http://www.secr.gov.in/
http://www.icf.gov.in/
http://nerailway.gov.in/
http://rwfindia.gov.in/
New Working Domains :
http://www.secr.indianrailways.gov.in/
http://www.ner.indianrailways.gov.in/
Mirror :
http://k0-ka.in/attack/?id=43672
http://k0-ka.in/attack/?id=43673
http://k0-ka.in/attack/?id=43674
http://k0-ka.in/attack/?id=43675
SSHtrix - Fastest Multithreaded SSHv1 and SSH1v2 login cracker
Posted by
Code104 Reporter
Labels:
Downloads,
full softwares,
Hacker News,
News,
Tools
on
, |
Comments
sshtrix is a very fast multithreaded SSH login cracker. It supports SSHv1 and SSHv2.sshtrix was designed to automate rapid bruteforce attacks against SSH authentification screens. Unlike other public tools, the aim is to keep it simple, stable, fast and modular. With its clean code design, it is easy to extend the code to a framework or to fork it against protocols of your choice. In fact, sshtrix is a fork of my own generic login cracker framework.
Download SSHtrix here
Droidsheep : Android Application for Session Hijacking
Posted by
Code104 Reporter
Labels:
android tips and tricks,
Cyber News,
Hacker News,
mobile tips and tricks,
News,
Technology,
Tips and Tricks
on
, |
Comments
Droidsheep is free alternate of faceniff which is available on download droidsheep website for free. Its one click hijacking tool which supports
- Amazon.de
- facebook.com
- flickr.com
- twitter.com
- linkdein.com
- yahoo.com
- live.com
- google.de (only the non-encrypted services like "maps")
- You need an android-powered device, running at least version 2.1 of Android
- You need Root-Access on your phone (link)
- You need DroidShep (You can get it in the "GET IT" section)
Download Droidsheep
Operation OpIndependencia : Anonymous Hit Mexican Government Official websites
Posted by
Code104 Reporter
Labels:
Anonymous,
Cyber News,
Hacker News,
Lulzsec,
News
on
, |
Comments
The websites of several Mexican government ministries, including Defense and Public Security, went offline on Thursday, and a hacker group claimed responsibility. Yesterday’s date was significant because it was the symbolic beginning of Mexico’s independence from Spain.
According to Anonymous, blocking Mexican government sites is part of the operation OpIndependencia, but its essence is not disclosed and could not explain their actions.“We are anonymous, we are legion, we don’t forgive, we don’t forget. Wait for us,” said a statement on a blog linked to a Twitter account for Anonymous Hispano.
Meanwhile, X-Ploit's three members say they are tracking senators' Web surfing habits, including visits to porn sites, in addition to initiating hacks against Mexico's Health Ministry, National Water Commission and National Statistics Institute sites."We're only looking to show that we don't agree [with the government]. In other places, these protests are not heard, but a hacked website is read by millions," said LoTek, a member of the X-Ploit group.Both groups are well acquainted with online protests. X-Ploint in February wrote, "We're watching you, Big Brother," on the Mexican Finance Ministry's home page, next to a picture of revolutionary leader Emilio Zapata.
Anonymous, a loosely knit group that has attacked financial and government websites around the world, said it orchestrated the shutdowns as part of what it termed OpIndependencia, but did not give a reason for its actions.
Hackers from the group Anonymous, as a rule, carry out the so-called DDoS-attacks, in which the company’s server simultaneously receives tens of thousands of requests from users. The site can’t withstand such a flood of virtual clients and breaks down. Recent list of group’s victims includes Sony, IMF, several U.S. banks, U.S. Senate, and even the CIA website.The hacker group has launched cyber attacks in several countries before, including the United States, the United Kingdom, Colombia and the Dominican Republic.
ClickIndia Classifieds network hacked by Sec Indi
Sec Indi Security Team have found Multiple major flaws on Clickindia.com - One of the biggest Classifieds network. There is a highly possible chance to damage ClickIndia system or to steal the Database. Hackers Exploit it via SQL Injection Vulnerability.
Linux.com down again due to Security Breach
Linux Foundation infrastructure including LinuxFoundation.org, Linux.com, and their subdomains are again down for maintenance due to a security breach that was discovered on September 8, 2011. Investigators yet can't elaborate the source of attack. Regarding coming back online , Linux.com says "Our team is working around the clock to restore these important services. We are working with authorities and exercising both extreme caution and diligence. Services will begin coming back online in the coming days and will keep you informed every step of the way." The added "We are in the process of restoring services in a secure manner as quickly as possible. As with any intrusion and as a matter of caution, you should consider the passwords and SSH keys that you have used on these sites compromised. If you have reused these passwords on other sites, please change them immediately. We are currently auditing all systems and will update this statement when we have more information."
Linux Foundation make sure that they does not store passwords in plaintext,So its hard for attacker to decrypt all hashes (its depends upon password strength).
Thursday 15 September 2011
WAVSEP 1.0.3 – Web Application Vulnerability Scanner Evaluation Project
Posted by
Code104 Reporter
Labels:
Downloads,
full softwares,
Hacker News,
News,
Tools
on
, |
Comments
A vulnerable web application designed to help assessing the features, quality and accuracy of web application vulnerability scanners. This evaluation platform contains a collection of unique vulnerable web pages that can be used to test the various properties of web application scanners. Additional information can be found in the developer's blog.Project WAVSEP currently includes the following test cases:
Vulnerabilities:
- Reflected XSS: 66 test cases, implemented in 64 jsp pages (GET & POST)
- Error Based SQL Injection: 80 test cases, implemented in 76 jsp pages (GET & POST )
- Blind SQL Injection: 46 test cases, implemented in 44 jsp pages (GET & POST )
- Time Based SQL Injection: 10 test cases, implemented in 10 jsp pages (GET & POST )
False Positives:
- 7 different categories of false positive Reflected XSS vulnerabilities (GET & POST )
- 10 different categories of false positive SQL Injection vulnerabilities (GET & POST)
Additional Features:
- A simple web interface for accessing the vulnerable pages
- Sample detection & exploitation payloads for each and every test case
- Database connection pool support, ensuring the consistency of scanning results
Although some of the test cases are vulnerable to additional exposures, the purpose of each test case is to evaluate the detection accuracy of one type of exposure, and thus, “out of scope” exposures should be ignored when evaluating the accuracy of vulnerability scanners.
Balaji Plus Cloud Antivirus Released - Mix of 32 antivirus Engines for ultra Protection
Leo Impact Launch World first Antivirus scanning software which protects your PC from viruses, trojans, spyware, rootkits and other malicious programs (zero day exploits) by using 32+ antivirus on cloud. Most of time you can install and use only 2 to 3 antivirus in one system, not more so virus author bypass top antivirus but Balajiplus is Free service by Leo impact Security for Corporate Social Responsibility to protect your digital life using multiple antivirus scanners on cloud. Collective Intelligence, Balaji Antivirus Plus proprietary cloud-scanning technology that automatically collects and processes millions of malware samples, lies at the core of Balaji Cloud Antivirus. In recent comparative tests conducted by both AV-Test.org and AV-Comparatives.org, Balaji Antivirus Security's detection and protection scores rank consistently amongst the top security solutions.
Balajiplus Cloud scanner use following Latest 32+ antivirus engine
Ad-Adware
ArcaVir
Avast
AVG Anti-Virus
Avira AntiVir Personal
BitDefender Internet Security
BullGuard
VirusBuster Internet Security
ClamAV
COMODO Internet Security
Dr.Web
CA Internet Security
F-PROT Antivirus
F-Secure Internet Security
G Data InternetSecurity 2011
IKARUS Security Software
Kaspersky Internet Security
McAfee Total Protection
Microsoft Security Essentials
ESET NOD32 Antivirus
Norman Security Suite
Norton Internet Security
Panda Cloud Antivirus
Quick Heal
Rising AntiVirus 2011
SOLO ANTI-VIRUS
Sophos AutoUpdate
Trend Micro Internet Security
VirusBlokAda
Vexira Antivirus Scanner
Webroot Internet Security
Zoner AntiVirus client
Why Balaji plus is unique/Safe?
- Trusted by Trustwave and verisign
- Online scanning module so no need to install any program in your system
- Totally free and Anonymous (your exe and attachments auto deleted and never shared with antivirus companies)
- Its better than install & use one antivirus instant Muliple 32+ antivirus scanning using our cloud technology.
- This is ver 1.1 and we will launch ver 2.1 engine soon in next 2 months with patent patending technology so No virus /RAT./ Trojan infection's on your system
Visit us : http://balajiplus.com (3.26 MB Only)
Wednesday 14 September 2011
THC-HYDRA v7.0 new version released for Download
Posted by
Code104 Reporter
Labels:
Downloads,
full softwares,
Hacker News,
News,
Tools
on
, |
Comments
THC-HYDRA is a very fast network logon cracker which support many different services. This tool is a proof of concept code, to give researchers and security consultants the possibility to show how easy it would be to gain unauthorized access from remote to a system. It was tested to compile cleanly on Linux, Windows/Cygwin, Solaris, FreeBSD and OSX.
Official change log:
- New main engine for hydra: better performance, flexibility and stability
- New option -u – loop around users, not passwords
- Option -e now also works with -x and -C
- Added RDP module, domain can be passed as argument
- Added other_domain option to smb module to test trusted domains
- Small enhancement for http and http-proxy module for standard ignoring servers
- Lots of bugfixes, especially with many tasks, multiple targets and restore file
- Fixes for a few http-form issues
- Fix smb module NTLM hash use
- Fixed Firebird module deprecated API call
- Fixed for dpl4hydra to work on old sed implementations (OS/X …)
- Fixed makefile to install dpl4hydra (thx @sitecrea)
- Fixed local buffer overflow in debug output function (required -d to be used)
- Fixed xhydra running warnings and correct quit action event
Download THC-HYDRA v7.0
uTorrent & BitTorrent Sites Hacked, Spread Security Shield Malware
Attackers hijacked two popular Torrent websites "bittorrent.com and utorrent.com" and tampered with their download mechanisms, causing visitors trying to obtain file-sharing software to instead receive malware. The site reported on its blog that the attack had occurred at around 04:20 Pacific Daylight Time (11:20 GMT) on Tuesday. Initially, the incursion was also thought to have affected the servers of the main BitTorrent site, but further investigation revealed this site had been unaffected by the attack.
Once installed, Security Shield delivers false reports that a computer is infected with multiple pieces of malware and prompts the user for payment before claiming to disinfect the machine. The attack affected only users who downloaded and installed software from bittorrent.com and utorrent.com during the hour-and-fifty-minute window that the sites were compromised. Those who installed software previously are unaffected.
"We have completed preliminary testing of the malware. Upon installation, a program called ‘Security Shield" launches and pops up warnings that a virus has been detected. It then prompts a user for payment to remove the virus. " experts write on the blog.
It is very important to once more note that infected are only users who have downloaded the software between 4:20 a.m. and 6:10 a.m. Pacific time. If you have previously downloaded it - you can rest assured your software is clean.
Backtrack 5 Wireless Penetration Testing by BOOK Vivek Ramachandran
Posted by
Code104 Reporter
Labels:
Downloads,
E-Books,
full softwares,
Hacker News,
News,
Tools
on
, |
Comments
This book will provide a highly technical and in-depth treatment of Wi-Fi security. The emphasis will be to provide the readers with a deep understanding of the principles behind various attacks and not just a quick how-to guide on publicly available tools. We will start our journey with the very basics by dissecting WLAN packet headers with Wireshark, then graduate to the next level by cracking WEP, WPA/WPA2 and then move on to real life challenges like orchestrating Man-in-the-Middle attacks, creating Wi-Fi Honeypots and compromise networks running WPA-Enterprise mechanisms such as PEAP and EAP-TTLS.
Even though touted as a Beginner's Guide, this book has something for everyone - from the kiddies to the Ninjas. You can purchase the book from:
Global: http://www.amazon.com/BackTrack-Wireless-Penetration-Testing-Beginners/dp/1849515581/
India: http://www.packtpub.com/backtrack-5-wireless-penetration-testing-beginners-guide/book
Sample Chapter can be downloaded here:
http://www.packtpub.com/sites/default/files/5580OS-Chapter-6-Attacking-the-Client_0.pdf
Author Bio:
Vivek Ramachandran, the author of the book has been into Wireless security research since 2003. He has spoken at conferences such as Blackhat, Defcon and Toorcon on Wireless Security and is the discoverer of the Caffe Latte attack. He also broke WEP Cloaking, a WEP protection schema in 2007 publically at Defcon. He was one of the programmers of the 802.1x protocol and Port Security in Cisco's 6500 Catalyst series of switches. He was one of the winners of Microsoft Security Shootout contest held in India among a reported 65,000 participants. He is best known in the hacker community as the founder of SecurityTube.net where he routinely posts videos on Wi-Fi Security, Assembly Language, Exploitation Techniques etc. Vivek's work on wireless security has been quoted in BBC online, InfoWorld, MacWorld, The Register, IT World Canada etc. places. This year he is either speaking or training at Blackhat, Defcon, Hacktivity, HITB-ML, Brucon, Derbycon, HashDays, SecurityByte etc.
For those who cannot afford to purchase the book, Vivek's Wireless Megaprimer Video series (12+ hours of HD videos on Wi-Fi Hacking) is the next best thing to it.
You can download the DVD here: http://www.securitytube.net/downloads
McAfee DeepSAFE - Anti-rootkit Security Solution
McAfee previewed its DeepSAFE hardware-assisted security technology for proactively detecting and preventing stealthy advanced persistent threats (APTs) and malware. The technology, which was co-developed with Intel, sits below the OS, providing the ability to fundamentally change the security game, according to the companies.
According to McAfee Labs, more than 1,200 new rootkits per day are detected - equating to 50 per hour every single day. The DeepSAFE technology, which was demonstrated at the Intel Developer Forum in San Francisco, was able to detect and stop a zero-day Agony rootkit from infecting a system in real time. This technology is expected to launch in products later in 2011.
Key attributes of McAfee DeepSAFE:
- Builds the foundation for next-generation hardware-assisted security operating beyond the operating system
- Provides a trusted view of system events below the operating system
- Exposes many attacks that are undetectable today
- New vantage point to block sophisticated stealth techniques and APTs
- Provides real time CPU event monitoring with minimal performance impact
- Combines the power of hardware and flexibility of software to deliver a new foundation for security.
Presidential website president of Bolivia hacked
The presidential website of Bolivia presidencia.gob.bo has been hacked. The hack has been carried out by twitter id: @SwichSmoke. The website data has been breached and has been data leaked.Hacker upload the dumps on Pastebin.
Tuesday 13 September 2011
BarackObama Website Service - Persistent Web Vulnerability
Vulnerability-Lab Team discovered persistent Web Vulnerability on BaraObamas official website service.
Disclaimer:
=======
The information provided in this advisory is provided as it is without any warranty. Vulnerability-Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability- Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability- Lab. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by Vulnerability-Lab or its suppliers.
Status :fixed
Top100 Arena Gaming Sites Network hacked By ACA [Albanian Cyber Army]
Albania hackers have exploited one of the biggest Game Arena site "Top100" database using SQL injection attack. They leak the database on mediafire. Hackers belongs from group ACA [Albanian Cyber Army].
#Opiran new press release for 23 September by Anonymous Hackers
Posted by
Code104 Reporter
Labels:
Anonymous,
Cyber News,
Hacker News,
Lulzsec,
News
on
, |
Comments
[Salutation]
To the Noble and Brave People of Iran and Syria,
[Acknowledge plight]
The people of Iran and Syria are still being caged, tortured and murdered. They are ruled by vile leaders, who seek not to protect, but to harm. Leaders who will stop at nothing to keep their power.
[Statement of Facts and Outcomes]
Iran deserves modern affortable energy and fair elections. The entire world speaks of the treachery of Iran's fraudulous regime. Newly secret US ambassadorial letters, released by WikiLeaks, confirm what you already know. [irc.iranserv.com #opiran port 6697 ssl]
[Outline Client Condition]
The people of Syria are beaten by regime police from Iran. The People of Syria are kept down by the regime of Iran, which backs the will of Assad to remain in power. No matter how many innocent victims fighting for freedom and social justice, this may cost.
[Support]
Ahmadinejad, Khamenei and Assad know their time has come. The world waits, the people act. Know that Anonymous actively supports the Syrian and Iranian people in their battle for a democratic and secular governmental rule, respecting their culture, peoples and future.
We are Anonymous
We are legion
We do not forgive
We do not forget
Expect us
The Security Onion LiveDVD - Download
Posted by
Code104 Reporter
Labels:
Downloads,
full softwares,
Hacker News,
News,
Tools
on
, |
Comments
The Security Onion LiveDVD is a bootable DVD that contains software used for installing, configuring, and testing Intrusion Detection Systems. It is based on Xubuntu 10.04 and contains Snort, Suricata, Sguil, Squert, Xplico, nmap, metasploit, Armitage, scapy, hping, netcat, tcpreplay, and many other security tools.Official change log for Security Onion 20110919:
- The “IDS Rules” menu now has a new entry called “Add Local Rules” which will open /etc/nsm/rules/local.rules for editing using the “mousepad” GUI editor. You can then add any rules that you want to maintain locally (outside of the downloaded VRT or Emerging Threats rulesets).
- A new menu called “IDS Config” was added with a new menu entry called “Configure IDS engine(s)”. This will list all of the IDS engines on your system and allow you to choose one to configure. It will then open the proper config file for whatever IDS engine you’re running. After you save and close the config file, it will offer to restart the IDS engine for you.
Belgium’s first security conference | BruCON
BruCON, Belgium’s first security conference is back for it’s third edition on 19-22 September. After witnessing greater success in the past two years, this year’s event is expected to attract more then 400 people from around Europe.BruCON conference aims to create bridge between the various actors active in computer security world, included but not limited to hackers, security professionals, security communities, non-profit organizations, CERTs, students, law enforcement agencies,academic researchers, etc.
BruCON is organized as a non-profit event by volunteers. A group of security enthusiasts decided that it was time in Belgium to have its own security conference. A lot of countries around the world already had these kind of conferences to discuss and present research on computer security and related subject matters. This group of volunteers wanted Belgium not to be the last to have a similar conference.
The event features more then 27 speakers including a keynotes with Haroon Meer (Thinkst.com,South-Africa) and Alex Hutton (Verizon Business, United States), presentations from Stefan Friedli (scip AG, Switzerland), Ian Amit (Aladdin, Israel), Didier Stevens (Belgium), Joe McCray (Strategic Security, US) and many more.
Conference Highlights
Conferance: 19th & 20th Sep 2011
Training: 21st & 22nd Sep 2011
Venue: Vrije Universiteit Brussel – Brussel (Belgium)
Hook Analyser Malware Tool Released
Hook analyser is a hook tool which can be potentially helpful in reversing applications and analysing malware. It can hook to an API in a process and search for a pattern in memory or dump the buffer. The tool can hook to an API in a process and can do following tasks.
- 1. Hook to API in a process
- 2. Hook to API and search for pattern in memory of a process
- 3. Hook to API and dump buffer (memory).
Download Here
Monday 12 September 2011
120+ Random sites hacked by ZHC-Disaster to Expose the lies of Global Elite about 911
9/11 was NOT an act of terrorism, it was a crime to cover up VAST financial crimes committed by the global elite and supported by criminal Banksters.
This message is not for USA government because we know the power has made them blind, People of America; Your government is constantly lying to you. If you believe we are wrong then ask them to explain the following: What was reason of esoteric Collapse of World Trade Centre Building 7? In the history of building fires, the causation of the collapse of a building has never been the melting of steel and certainly not when the building collapsed in free fall. This was a controlled demolition! Why did the Bush Administration wait for 1 year to form the 9/11 investigation Commission? Ask them and they won't be able to give you a satisfactory explanation. Why? Because 911 was a well planned Drama.. Get up! stop listening to the lies..
Defaced Websites List Here
Iframe Vulnerability on bloggertheme.net Found
Status : Unfixed
Panda Security (Pakistan Domain) hacked by X-NerD
Panda Security, One of the famous Computer software company website got hacked. Pakistan domain of Panda Security hacked by Pakistani hacker "X-NerD". Hacker is from Pakistan Cyber Army team of hackers. Taunt by hacker on deface page "OoooOOPss...I am ShockeD At YouR SecuritY..S3cuR!tY L3vEL Z3r0...YOu Dont KnoW HOw To SecurRe Your AsS n Pr0vidinG SEcurity to 0therS...Big LauGh...". Yesterday X-Nerd was in news for hacking 250+ other domains. Mirror of hack on Zone-H.
Suggested The Linux 3.1 Kernel logo
This new logo was proposed just this weekend and the current discussion to see whether it will be accepted for Linux 3.1 can be found in this LKML thread. To mark the upcoming release of the Linux 3.1 kernel IBM’s Darrick Wong has proposed changing the familiar solo-Tux logo to something more, well, befitting of the version number.
This proposed logo for the Linux 3.1 kernel isn't to raise awareness for any animals or other causes. but to poke fun at Microsoft Windows 3.1. Darrick Wong of IBM has proposed replacing the Tux logo in the Linux 3.1 kernel with a new logo that makes mockery of Microsoft's Windows 3.1 operating system that began selling 19 years ago.
Truth Alliance Network and 20 Churches websites hacked by Muslim Liberation Army
20 Churches websites and Truth Alliance Network defaced by Muslim Liberation Army. Hacker with name "XtReMiSt" deface all these 21 websites and post above image and message on homepage as shown. Message posted by hackers "To Raise A Voice Against Quran Burning Day and Illegal occupation of Israel and India in Palestine and kashmir.. and to show why muslims are raising their voice against america....Message Delievered with peace... !!!"
Further message posted by him :
Sites like Church of God of North America, Legacy Church, First United Church of God, First Church of God Madisonville, First Baptist Church Hyannis, Meet the Pastors - First Church of God has been defaced. List of hacked sites is here.
Federal Nigerian Government Websites Hacked by Elemento_pcx & s4r4d0
Nigerian Government Websites defaced by hacker with name "Elemento_pcx & s4r4d0". Defacement page contain the message "Fatal Error!by Elemento_pcx & s4r4d0 ..."Be yourself but not always the same" ... G. The Thinker ...Help? s4r4d0 [at] yahoo.com & elemento_pcx [at] yahoo.com.br". Mirror of hack also posted to Zone-H.
Linux Foundation & Linux.com multiple server compromised
The Linux Foundation has pulled its websites from the web to clean up from a “security breach". A notice posted on the Linux Foundation said the entire infrastructure including LinuxFoundation.org, Linux.com, and their subdomains are down for maintenance due to a security breach that was discovered on September 8, 2011.
Multiple Servers that are part of the Linux Foundation & Linux.com infrastructure were affected during a recent intrusion on 8 September which "may have compromised your username, password, email address and other information".
More from the Linux Foundation announcement:
We are in the process of restoring services in a secure manner as quickly as possible. As with any intrusion and as a matter of caution, you should consider the passwords and SSH keys that you have used on these sites compromised. If you have reused these passwords on other sites, please change them immediately. We are currently auditing all systems and will update this statement when we have more information.
We apologize for the inconvenience. We are taking this matter seriously and appreciate your patience. The Linux Foundation infrastructure houses a variety of services and programs including Linux.com, Open Printing, Linux Mark, Linux Foundation events and others, but does not include the Linux kernel or its code repositories.
The kernel.org site is still offline after that compromise which was discovered on August 28th. The Linux Foundation's servers, linuxfoundation.org and linux.com, and services associated with them such as Open Printing, Linux Mark and Foundation events, are all offline while the administrators perform a complete re-install on the systems. In the meantime the Foundation is advising users to regard any passwords and SSH keys used on these sites as compromised, and they should be immediately changed if they were used on other sites.
Sunday 11 September 2011
Android app gives you free Web access via texting
Getting something for nothing is awfully hard to resist. If you have T-Mobile's unlimited messaging plan for your Android phone, the "something" is Web access and "for nothing" means no data plan required.
Smozzy is an Android app that cleverly packages communications between Android browser and Web as messages transmitted via T-Mobile's text messaging service. The result is slow but free Web access (given that you have T-Mobile's unlimited messaging plan).
Under this scheme, Web requests are sent via SMS to Smozzy's server, which retrieves the pages and returns them to your phone via MMS. The tricky part is in how Smozzy fits the camel through the needle's eye. The Smozzy server chops up a Web page, zips each piece, packages the zip files as PNGs, and sends the faux image files via MMS. The app unpacks the files and reassembles the Web page.
Smozzy's Android Market page includes these caveats from the developer, Jeff Donahue:
Donahue is considering extending the app to other unlimited messaging services beyond T-Mobile, but he's not sure about other platforms, he said. "It was quite a bit of work getting it to work on Android."
Smozzy is a beta release. Donahue is taking a wait-and-see approach before deciding whether to do a commercial release and figuring out how to charge for it, he said. And yes, T-Mobile could shut him down. "I don't think there's much I can do if they block me," he said.
I wonder if they will. Does the disadvantage of some T-Mobile users getting data for free outweigh more people joining T-Mobile to get data for free? What do you think?
Smozzy is an Android app that cleverly packages communications between Android browser and Web as messages transmitted via T-Mobile's text messaging service. The result is slow but free Web access (given that you have T-Mobile's unlimited messaging plan).
Under this scheme, Web requests are sent via SMS to Smozzy's server, which retrieves the pages and returns them to your phone via MMS. The tricky part is in how Smozzy fits the camel through the needle's eye. The Smozzy server chops up a Web page, zips each piece, packages the zip files as PNGs, and sends the faux image files via MMS. The app unpacks the files and reassembles the Web page.
Smozzy's Android Market page includes these caveats from the developer, Jeff Donahue:
This app currently works with U.S. T-MOBILE SERVICE ONLY. This application may send and receive a large number of messages, so use of it without an unlimited messaging plan is NOT recommended. It is currently in beta, and has been tested only on Nexus S and HTC G2 devices.ExtremeTech's Sebastian Anthony lays out some of the app's downsides:
There are some security issues, of course--there's no encryption (though some could be added), so passwords are sent as plaintext--and the entire service currently runs through one man's, cheap-and-cheerful VPS, so it would be unwise to rely on Smozzy being available. It's also incredibly likely that T-Mobile will close this hole, so you probably shouldn't use Smozzy as an excuse to cancel your overpriced data plan and transfer to T-Mobile.Still, you've got to admire the creativity, and hey, free is free--for as long as it lasts.
Donahue is considering extending the app to other unlimited messaging services beyond T-Mobile, but he's not sure about other platforms, he said. "It was quite a bit of work getting it to work on Android."
Smozzy is a beta release. Donahue is taking a wait-and-see approach before deciding whether to do a commercial release and figuring out how to charge for it, he said. And yes, T-Mobile could shut him down. "I don't think there's much I can do if they block me," he said.
I wonder if they will. Does the disadvantage of some T-Mobile users getting data for free outweigh more people joining T-Mobile to get data for free? What do you think?
Saturday 10 September 2011
XSS Attack On POLICE.UK Website by CYBER4RT
Police.uk Website Cross Site Scripting (XSS) Vulnerable. CYBER4RT Found This Vulnerability on Uk Police Website .You Can see Vulnerable Link Here .
250+ Websites hacked by X-NerD hacker
More than 250 websites are defaced by Pakistani hacker "X-NerD" and a custom page can be seen their at site/x.php . List and Mirror of all 250+ hacked sites are here.
Cocain TeaM Hacked The George Washington Institue for Sustainability website
The George Washington Institue for Sustainability website got hacked and defaced by Cocain TeaM hackers. Mirror of hack available on Zone-H. The George Washington University is located four blocks from the White House and was created by an Act of Congress in 1821. Today, GW is the largest institution of higher education in the nation's capital.
Rootkit Hunter | Rootkit Scanning tool | Scan Rootkit Now
Posted by
Code104 Reporter
Labels:
Downloads,
full softwares,
Hacker News,
News,
Tools
on
, |
Comments
Rootkit scanner is scanning tool to ensure you for about 99.9%* you're clean of nasty tools. This tool scans for rootkits, backdoors and local exploits by running tests like:
- MD5 hash compare
- Look for default files used by rootkits
- Wrong file permissions for binaries
- Look for suspected strings in LKM and KLD modules
- Look for hidden files
- Optional scan within plaintext and binary files
Download Rootkit Hunter
14 Years in Jail for mass credit card theft
A 21 year old man received a 14 year prison sentenced on Friday for running an online business that sold counterfeit credit cards encoded with stolen account information with losses estimated at more than $3 million.
Tony Perez III, of Hammond, Indiana, pleaded guilty to the charges on April 4. In his plea, Perez said he sold counterfeit credit cards encoded with stolen account information. Perez found customers through criminal "carding forums," Internet discussion groups set up to aid in the buying and selling of stolen financial account information and related services.
When the US Secret Service raided his apartment in June 2010, they found data for 21,000 stolen credit cards and equipment needed to encode them onto blank cards. Credit card companies said losses from the card numbers in Perez's possession topped more than $3 million.
In addition to the prison term, Judge Liam O'Grady of U.S. District Court for the Eastern District of Virginia ordered Perez to pay $2.8 million in restitution and a $250,000 fine.
Hacker's Take Over NBC News Twitter Account
Posted by
Code104 Reporter
Labels:
Hacker,
Hacking,
NBC Hacked,
Technology,
Trick,
Twiiter,
Twiiter Hacking
on
, |
Comments
The account was swiftly taken offline and the news division apologized. The incident was deemed serious enough that the news anchor Brian Williams read the apology out loud on the “NBC Nightly News.”
“The NBC News Twitter account was hacked late this afternoon and as a result, false reports of a plane attack on ground zero were sent to @NBCNews followers,” the statement issued by the news division and read by Mr. Williams said. “We are working with Twitter to correct the situation and sincerely apologize for the scare that could have been caused by such a reckless and irresponsible act.”
The NBC Twitter account had about 130,000 followers, only a fraction of whom likely saw the Twitter message when it was posted. Still, the false claim rippled across the short messaging Web site in a matter of minutes, alarming some people on a day of heightened anxieties about potential terrorist attacks. Authorities have warned of a nonspecific bomb threat possibly tied to the 10th anniversary of the Sept. 11, 2001 terrorist attacks. The attacks will be commemorated at ground zero on Sunday.
The false claim was knocked down with impressive speed on Friday, suggesting that both Twitter and news organizations are learning how to grapple with such incidents.
Ryan Osborn, the director of social media for NBC News, said he saw the hackers’ Twitter message appear online about 40 seconds after it was posted. He was already logged into the account and quickly realized that the password had been changed. “We are taking this breach very seriously,” said Mr. Obsorn, who said the organization has existing security and password policies in place.
Mr. Osborn contacted officials at Twitter, and he said they suspended the account within eight minutes, including the account that claimed responsibility for the hack.
What helped minimize the spread of misinformation was that employees inside NBC News — and others on Twitter who recognized that the account had been hacked — immediately sent out tweets saying so. “We have a great community throughout this building and throughout the Web,” Mr. Osborn said. “It was great to see people correct such terrible misinformation.”
He added, “For anyone who works in journalism, it is terrifying to see people not respect facts. It is scary.”
Twitter declined to comment on the incident, citing a policy against commenting on individual accounts. In July, when a Twitter account belonging to Fox News was hacked and was used to disseminate false claims about President Obama, the Web site issued this series of tips about account security.
Twitter said earlier this week that it now had about 100 million active users each month, some of whom depend on the service for news and information.
Hackers Take Over NBC Twitter Account
The account was swiftly taken offline and the news division apologized. The incident was deemed serious enough that the news anchor Brian Williams read the apology out loud on the “NBC Nightly News.”
“The NBC News Twitter account was hacked late this afternoon and as a result, false reports of a plane attack on ground zero were sent to @NBCNews followers,” the statement issued by the news division and read by Mr. Williams said. “We are working with Twitter to correct the situation and sincerely apologize for the scare that could have been caused by such a reckless and irresponsible act.”
The NBC Twitter account had about 130,000 followers, only a fraction of whom likely saw the Twitter message when it was posted. Still, the false claim rippled across the short messaging Web site in a matter of minutes, alarming some people on a day of heightened anxieties about potential terrorist attacks. Authorities have warned of a nonspecific bomb threat possibly tied to the 10th anniversary of the Sept. 11, 2001 terrorist attacks. The attacks will be commemorated at ground zero on Sunday.
The false claim was knocked down with impressive speed on Friday, suggesting that both Twitter and news organizations are learning how to grapple with such incidents.
Ryan Osborn, the director of social media for NBC News, said he saw the hackers’ Twitter message appear online about 40 seconds after it was posted. He was already logged into the account and quickly realized that the password had been changed. “We are taking this breach very seriously,” said Mr. Obsorn, who said the organization has existing security and password policies in place.
Mr. Osborn contacted officials at Twitter, and he said they suspended the account within eight minutes, including the account that claimed responsibility for the hack.
What helped minimize the spread of misinformation was that employees inside NBC News — and others on Twitter who recognized that the account had been hacked — immediately sent out tweets saying so. “We have a great community throughout this building and throughout the Web,” Mr. Osborn said. “It was great to see people correct such terrible misinformation.”
He added, “For anyone who works in journalism, it is terrifying to see people not respect facts. It is scary.”
Twitter declined to comment on the incident, citing a policy against commenting on individual accounts. In July, when a Twitter account belonging to Fox News was hacked and was used to disseminate false claims about President Obama, the Web site issued this series of tips about account security.
Twitter said earlier this week that it now had about 100 million active users each month, some of whom depend on the service for news and information.
Friday 9 September 2011
2000 + Email ids and Passwords exposed under Operation #opSouthAfrica by Team Ghosts
Team Ghosts Hacked http://www.waspa.org.za/ Website and exposed more then 2000 users information with passwords. Operation #opSouthAfrica Now is in full swing. You can Follow the Team Ghosts on Facebook . Press Release statement about #opSouthAfrica here .
User ids and Passwords here .
Nasa Government Server Unauthorised Access by @SwichSmoke
mandalay.arc.nasa.gov Website Server Unauthorised Access by @SwichSmoke. Access Proof of Nasa Website is Here .
TheDailyStar Website hacked and Database disclosed by CYB3R-M4FI4
The Leading News Media TheDailyStar Website hacked and Database disclosed by CYB3R-M4FI4.
Hacked Website : http://www.thedailystar.net
Database Disclose Here
International Institute of Information Technology, Hyderabad Website Hacked and Database Exposed by CYB3R-M4FI4
International Institute of Information Technology, Hyderabad Website Hacked and Database Exposed by CYB3R-M4FI4.
Brief Intro About IIIT :
The institute was set up in the year 1998 with seed support from the Government of Andhra Pradesh. The Institute strives to combine highest quality education with pioneering research that can make a significant difference to industry and society. A major goal of IIIT-H is to impart a uniquely broad and interdisciplinary IT education of the highest academic quality.
Today we all are proud torch bearers of our Alma Mater. Wherever we all are and shall continue to be, the superlative histrionics we display or shall do in the times that lay ahead of us, shall be the outcome of our nurturing and innovative grooming at IIIT-H.
The radar of success would not preclude any of us, on the contrary as all of us are promisingly ensconced today and are soaring higher and higher….. IIIT Hyderabad can be proudly called the production house that churns out beacons for an Inspirational Innovation for India Tomorrow (IIIT)!
hacked website - http://alumni.iiit.ac.in/
Full Database here .
Subscribe to:
Posts (Atom)
Posts
