Tuesday, 30 August 2011

After Releasing U.S diplomatic cables WikiLeaks.org is Under Cyber Attack




The WikiLeaks website, which contains thousands of U.S. embassy cables, has crashed in an apparent cyberattack. The anti-secrecy organization said in a Twitter message Tuesday that Wikileaks.org "is presently under attack."
Wikileaks.org today released 250,000 U.S. diplomatic cables that have apparently caused grave concern in Western governments. The documents have already revealed that the U.S. has been spying on the United Nations Secretary General. State Department spokeswoman Victoria Nuland would not confirm the authenticity of the latest documents, but said "The United States strongly condemns any illegal disclosure of classified information."
Source==> THN
Get Free Updates:
*Please click on the confirmation link sent in your Spam folder of Email*
read more

RetnOHacK Anonymous Albanian Hacker hacked Bangladesh Police Website




Some Anonymous Hacker "RetnOHacK" from Albanian claim to hack Bangladesh Police website as shown in Screenshot. Hacker claim to hack this just for Fun and using Sql Injection Vulnerability on website.

Source==> THN
Get Free Updates:
*Please click on the confirmation link sent in your Spam folder of Email*
read more

Google+ Hacker Florian Rohrweck Hired By Google for Security




Austrian blogger/developer Florian Rohrweck, who discovered unreleased Google+ features by exploring the source code, was hired by Google. Rohrweck's main claim to fame was a period of snooping on the code behind Google's various web apps, during which time he uncovered pre-launch evidence of things like Google+ Games, telling the world of the impending release and somewhat taking the wind of of Google's sails.

On his blog Rohrweck now has posted that he “has gone Google”:
“Or at least I will be have gone soon. Or something like that  I will post new articles again. Not so much about leaks but more about the dark arts of mastering Google products and APIs. Or something else. Time will tell!
Thanks to all of you, who supported me on my way and made my work so much fun and enjoyable! You guys are awesome!
Rock on!”


Few Days ago a big tech company "Apple" has plucked an outsider notorious iPhone jailbreak hacker Comex as an intern to work for them.

Source==> THN
Get Free Updates:
*Please click on the confirmation link sent in your Spam folder of Email*
read more

Qubes OS : Operating System Designed For Security | Be Secure with Qubes OS



Qubes is an open source operating system designed to provide strong security for desktop computing. Qubes is based on Xen, X Window System, and Linux, and can run most Linux applications and utilize most of the Linux drivers. In the future it might also run Windows apps.
Key architecture features:

  • Based on a secure bare-metal hypervisor (Xen)

  • Networking code sand-boxed in an unprivileged VM (using IOMMU/VT-d)

  • No networking code in the privileged domain (dom0)

  • All user applications run in “AppVMs”, lightweight VMs based on Linux

  • Centralized updates of all AppVMs based on the same template

  • Qubes GUI virtualization presents applications like if they were running locally

  • Qubes GUI provides isolation between apps sharing the same desktop

  • Storage drivers and backends sand-boxed in an unprivileged virtual machine(*)

  • Secure system boot based on Intel TXT(*)

 
Source==> THN
Get Free Updates:
*Please click on the confirmation link sent in your Spam folder of Email*
read more

AnDOSid: DOS Tool for Android




A new product released by SCOTT HERBERT for Android mobile phones,Its AnDOSid - the DOS tool for Android Phones. The rise of groups like Anonymous and LuzSec, as well as constant India / Pakistan cyberwar has raised the issue of cyber-security high(er) in the minds of web owners.

Pentesting tools exist to simulate such attacks and help website security people defend against them, however for the most part they currently only exist for desktop computers. Mobile phones have, over the last few years, grown from simple devices that send and receive calls to mobile computing platforms which can be purchased for less than $100 a device.

AnDOSid fills that gap, allowing security professionals to simulate a DOS attack (An http post flood attack to be exact) and of course a dDOS on a web server, from mobile phones. AnDOSid is actively being developed and I welcome feedback from the security community as to how you would like the application to evolve.


What's in this version:

  • Requires Internet access to send the http post data

  • Requires phone state to access the IMEI (one of the two identifiers sent with each post)



AnDOSid can be downloaded from the Android Market place and costs just £1 or Rs.74.58/-Only.
Get Free Updates:
*Please click on the confirmation link sent in your Spam folder of Email*
read more

XCode SQLi/LFI/XSS and Webshell Scanning tool




XCode Exploit – Vulnurable & webshell Scanner help you to gather the dorks Link from Google. then you may check the results if its Vulnurable to exploit with SQL injection commands, LFI,and XSS. And You may hunt the webshells those uploaded.
Download Here

Source==> THN 
Get Free Updates:
*Please click on the confirmation link sent in your Spam folder of Email*
read more

3000+ Websites Hacked by Indian Hackers Minhal Mehdi & NoTty_rAJ

More Then 3000 Websites hacked through Server rooted process


https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg2ObhI2Jnhyphenhyphen3vEEwkil5ssrrYROH8feLgiCy8gkFTEqeViSzm9Ii8bHzCxMruGYPRjQ-CV_nSHIV52oNgaUvD3waAhWmxO0Gu-F-ycbkc9nYcvFDCTqpYuveQ_A59mPWwGXr7NkrZ-FTU/s640/--%253D%253D%255B%255B+Hacked+By+Minhal+%255D%255D%253D%253D--.png 
Top hack done by Indian Hacker  Minhal Mehdi & NoTty_rAJ
Defaced Server Info :
Server details :- User Properties:
UserName: IUSR_CL-T148-200CN
Computer Name: CL-T148-200CN
User Domain:


Cpu Information:
Processor Architecture: x86
Number Of Processors: 2
Processor Identifier: x86 Family 6 Model 23 Stepping 10, GenuineIntel
Processor Level: 6
Processor Revision: 170a


Operating System Information:
IP: 70.38.64.183
Sistem OS: Windows_NT
Server Software: Microsoft-IIS/6.0
Cmd Path: C:\WINDOWS\system32\cmd.exe
Public Paths: C:\PHP\;c:\ruby\bin;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Diskeeper Corporation\Diskeeper\;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\Microsoft SQL Server\90\DTS\Binn\;C:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft SQL Server\90\Tools\Binn\VSShell\Common7\IDE\;C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\PrivateAssemblies\;C:\Program Files\Idera\SQLsafe\;c:\PHP;C:\NSIS;C:\Program Files\MySQL\MySQL Server 5.0\bin;C:\Program Files\Intel\DMIX
Executables: .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.RB;.RBW
Prompt:
System Drive: C:
System Root: C:\WINDOWS
System32 Path: c:\windows\system32\inetsrv



Click Here For Hacked Websites List

Click Here For Server Details 

Get Free Updates:
*Please click on the confirmation link sent in your Spam folder of Email*
read more

Iranian Man-in-the-Middle Attack Against Google certificate




Recently discovered attempts of an SSL man-in-the-middle attack against Google users - spotted by a number of Iranian Internet users - have revealed that Dutch Certificate Authority DigiNotar has issued an SSL certificate for all *.google.com domains.

What’s worse than discovering that someone has launched a man-in-the-middle attack against Iranian Google users, silently intercepting everything from email to search results and possibly putting Iranian activists in danger? Discovering that this attack has been active for two months.
"This is a wildcard for any of the Google domains," said Roel Schouwenberg, senior malware researcher with Kaspersky Lab, in an email interview Monday.
"[Attackers] could poison DNS, present their site with the fake cert and bingo, they have the user's credentials," said Andrew Storms, director of security operations at nCircle Security.

As the problems with the certificate authority system become clear, lots of people are working on ways to detect and mitigate these attacks. Chrome's pinning feature is available not only to Google web sites but to any webmaster; if you run an HTTPS site, you can contact the Chrome developers and get your site's keys hard-coded. Other browser vendors may implement a similar feature soon. The same result could also be achieved by giving web sites themselves a way to tell browsers what certificates to anticipate—and efforts to do this are now underway, building on top of DNSSEC or HSTS. Then browsers could simply not believe conflicting information, or at least provide a meaningful way to report it or warn the user about the situation.
Mozilla has announced the release of new versions of their browser, mail client and Internet suite in which trust of DigiNotar's root certificate will be revoked.
Get Free Updates:
*Please click on the confirmation link sent in your Spam folder of Email*
read more

Secure Wp-Config File To Prevent Your WordPress Blog From Getting Hacked


Securing To Wp Config File To Prevent Your Wordpress Blog From Getting Hacked Securing To Wp Config File To Prevent Your WordPress Blog From Getting Hacked
If your blog has been hosted on wordpress then your blog is more vulnerable than other blogging platgorms, The reason is that by default the wordpress security is very low and can be compromised easily, Before writing this post I made a little search on the web related to “WordPress Security” and really found some foolish tips out there which would really not help you in any means. So I decided to write a post on my own, There are lots of wordpress admins who use plugins such as login lockdown along with many other plugins to prevent brute force attacks on wordpress, The problem is that now a days a hacker will not use a bruteforce attack or dictionary attack for hacking a wordpress blog, because now a days almost every one atleast has a password of more than 8 characters, and even if some one has a weaker password too, the brute force attacks and Dictionary attacks will be automatically blocked by your webserver, As they have iDS and IPS configured to these kinds of requests automatically.


Phising attacks are also not very common with wordpress blogs and I have seen very rare cases in which wordpress users have fallen for phishing attacks, but almost every time a wordpress user will login into the dashboard by manually adding wp-admin to the end of the url, There are possibliles that wordpress users can be attacked by phishing attacks, but bloggers are already a bit tech savy and won’t fall for these types of attacks, Alternatively if the hacker is smarter and can implement more advanced types of phishing attacks like desktop phishing ,tabnabbing or Dns Spoofing then there are chances that the wordpress user will fall for these attacks.

So How Do Hackers Hack Into WordPress Blogs?

Most of the skilled Hackers will target your wp-config as it’s in an unsecure place by default. Wp-config file is the most important file present on your wordpress blog. It holds very sensitive information such as including your database access, table prefix and Secret Key, So in order to protect your wordpress blog from getting hacked you would need to harden your wp-config file. Here is how a wp-config file looks inside, As you can see from looking into it that it contains very sensitive information.

Protecting Wp-Config File From .htacess

The first step you should take write away is to add the following code to your .htacess file, This is the first step you should take in hardening your wordpress.

# protect wpconfig.php

<files wp-config.php>

order allow,deny

deny from all

</files>


Changing The Permission

Last week I came across a wordpress blog, whose permission for wp-config file was set to readable, All the hacker needed to do is to upload a mysql database and use those to access victim’s wordpress blog. So the bottom line is that the permission should not be set to readable, it should be set to something like “400?.


Security keys were added in wordpress 2.6 to ensure better encryption of information stored in the user’s cookies, A secret key also includes makes it harder to crack your passwords, If some how the hacker gets hold of your wordpress hash, You can get your secret keys fromhere, All you need to do is to add these secret keys to your wp-config file.


Moving Your Wp-Config File


By default Wp-Config is located in the root folder, WordPress themselves recommend users to move their wp-config file to some other place such as outside the root folder, This will prevent the Symlink bypassing attack to the some extent.


Moving To VPS Or Dedicated Host To Prevent Symlink Bypassing Attack
If your wordpress blog is on a shared host then it will be alot more vulnerable to symlink bypassing attack than on VPS or dedicated, If your blog is quite established and you can afford to move to VPS or dedicated hosting, Then I would recommend to move it right away.

I hope you have liked my post on WordPress security, If you are looking for some more ways to protect your wordpress blog, I would recommend you visiting my website regularily.
Get Free Updates:
*Please click on the confirmation link sent in your Spam folder of Email*
read more

How to Hide IP Address and Spoof MAC Address | Become Anonymous on Internet


Now today i am going to have another interesting Tutorial , i.e HOW TO HIDE IP ADDRESS AND MAC ADDRESS AND BECOME ANONYMOUS ON NETWORK.
Many of my Daily readers have asked me about how can we become anonymous and do any hacking trick, so by now you will be having anew trick to become anonymous, such that no one can track you. Like wise you can send Phishing pages, spoofed pages and backtrack attack without the fear of being caught.
All the tutorials I have seen on internet tell people How To Set up RAT’s, Keyloggers etc. People follow these steps and start spreading, without doing anything to prevent themselves from being traced. You should follow the below steps before you start spreading, otherwise you will be easy to trace. There is no such thing as 100% anonymous, but this will help you.

This tutorial will show you how to become anonymous on the internet.

How To Hide IP And MAC Address And Becoming Anonymous On Network

How To Spoof/Hide MAC Address
First we will spoof our MAC address. MAC stands for “Media Access Control”. It is commonly used by the authorities to trace hackers. To make it harder to trace us, we can change it!Step1 : Firstly, download the Program NMAC here: 
Step2 : After you have installed it, open it up, and click proceed.You should see a list at the top of the window.
Click on the first one.
Note: The drop-down box under “Network Connection” changes.If you are using a wired connection, you need to select the one that says “Local Area Connection”. If you are using a wireless connection, you need to select the one that says “Wireless Network Connection”. If you are using a VPN, that should be visible too.
 Step3 : Once you have found the correct one, click “Random” as many times as you like.
 Step4 : Now click on “Update MAC”.
 
Click “Yes” to the window that follows, and wait until you get a window telling you that the adapter was restarted succesfully.
Now You just spoofed your MAC address.
 
How To Hide your IP address and encrypt your connection
Next, you need a VPN-Virtual Private Network, This will hide your IP address and encrypt your connection.Step1 : Goto hotspotshield and Click on “Download The Latest Version” on the right-hand side of the page.Note : If you can afford a paid VPN, it is recommended, but a good free one is Hotspot Shield.
 Step2 : Once you have downloaded and installed it, a web page should open up and it should connect to the VPN.Now your IP address will b hide and your Location will be Fake. Just like I used it, and My Location Was set to Milpitas/california – USA.
Note: You cannot go to some sites when using a VPN. This is because of security.
Congratulations! You now have a VPN!
So friends, I hope you like this tutorial.If you have any problem in this tutorial, mention it in comments section.
Get Free Updates:
*Please click on the confirmation link sent in your Spam folder of Email*
read more

How to Send a Self Deleting SMS

In this post i will tell you how to send a self deleting SMS to any mobile that is automatically deleted after user reads it.
Basically this technique is called SAFE-TEXT. It’s a technique where a message destroys itself after being read. If you want to call it the Data-centric Suicide Message, that’s fine too. This is a website that allows you to send such type of sms for free of cost after registering on it. But it has limitation that you can send only 10 SMS a day.
So here’s the thing. With Wikileaks on one side and British libel law on the other, there’s room for a tool that lets you say what needs to be said, but without it falling into the wrong hands in the process.
What it does is allow you to send an expletive-laden opinion of your boss to a co-worker, or an it’s-in-the-public’s-interest-to-know-this leak to your friend on the Guardian (or Wired), without it having a chance to be read by said boss, or unsaid MP.

Note: This trick should only work for British mobile network operators.
Here’s how to use it:
  1. To register and activate, text WIRED to 83118 (charged at your standard network rate). You’ll be able to send up to 10 messages daily.

  2. If you’re the sender, the message will show your name and number.

  3. Write your libel-ridden hate speech and hit send.

  4. The receiver will then be sent a text telling them they have been sent a Wired Safe Text with a link to the mobile internet site that hosts your message.

  5. When they click through they will activate Safe Text. They will only have a few seconds to read the text (so don’t make it too long) before it self-destructs.

Get Free Updates:
*Please click on the confirmation link sent in your Spam folder of Email*
read more

Facebook Paid $40,000 to bug hunters in three weeks

Facebook said today it has paid more than $40,000 to people who have uncovered bugs on its Web site in the first three weeks of its Bug Bounty program.
The company launched its bug bounty program at the end of last month as a way to compensate people who find and report bugs that might otherwise go unfixed or be exploited by malicious hackers. Bug hunters can make upwards of $500 per bug reported.
One bug hunter received more than $7,000 for six different issues reported, and another person was paid $5,000 for "one really good report," Joe Sullivan, Facebook chief security officer, wrote in a blog post. "On the other end of the spectrum, we've had to deal with bogus reports from people who were just looking for publicity."
He did not say how many bugs have been reported.
"We know and have relationships with a large number of security experts, but this program has kicked off dialogue with a whole new and ever expanding set of people across the globe in over 16 countries, from Turkey to Poland who are passionate about Internet security," he wrote. "The program has also been great because it has made our site more secure--by surfacing issues large and small, introducing us to novel attack vectors, and helping us improve lots of corners in our code."
Some people have asked Facebook to extend the bounty program to cover third-party applications and Web sites that are part of the Facebook Platform, he said.
"Unfortunately, that's just not practical because of the hundreds of thousands of independent Internet services implicated, but we do care deeply about security on the Platform," the post says. "We have a dedicated Platform Operations team that scrutinizes these partners and we frequently audit their security and privacy practices. Additionally, we have built a number of backend tools that help automatically detect and disable spammy or malicious applications." 

Source--> CNET
Get Free Updates:
*Please click on the confirmation link sent in your Spam folder of Email*
read more

Monday, 29 August 2011

South Korean domain registrar Gabia hacked,100000 domains and 350000 users data exposed !


Gabia a South Korean domain registrar was hacked on Saturday, affecting the online connection with 100,000 registered domains, according to a report Monday by the Korea Herald. This hack exposing over 100,000 domains and 350,000 users data. The information included names, user IDS, passwords and registration numbers.The website of HSBC Korea was also hacked, paralysing it for over an hour leaving customers unable to access their online banking.

There have been 6,000 hacking incidents reported to the state-run Korea Internet Security Agency this year, according to the report. The hacker, known as ‘TG’ defaced pages with their Twitter account and picture. It is thought in some cases, data may have been stolen and widespread disruption to services caused.
South Korea has suffered many hacks as of late with many concerned at the security of one of the world’s most Internet-connected country.

Source-->THN
Get Free Updates:
*Please click on the confirmation link sent in your Spam folder of Email*
read more

Easiest Way to Hack Yahoo Email | Hack Yahoo Account in Just 5 Minutes

yahoo hackHey Friends.Today we are here again with a Tweaky Tutorial on  HOW TO HACK A YAHOO ACCOUNT JUST IN 5 MINS.
It is possible and it is easy. This way of hacking         
into Yahoo email
accounts was brought to my attention by a friend of
mine who is a bit of a
computer wizard. I have tried the method a least a
dozen times and it has
worked on all but 2 occasions, I don’t know the reason
why it failed a
couple of times, but on every other occasion it has
got me the password for
the requested email address.
This is how it is done:
STEP 1- Log in to your own yahoo account. Note: Your
account must be at
least 30 days old for this to work.
STEP 2- Once you have logged into your own account,
compose/write an e-mail to:y.helpers@ymail.com
his is a mailing
address to the Yahoo
Staff. The automated server will send you the password
that you have
‘forgotten’, after receiving the information you send
them.
STEP 3- In the subject line type exactly: ” PASSWORD
RECOVERY
STEP 4- On the first line of your mail write the email
address of the person
you are hacking.
STEP 5- On the second line type in the e-mail address
you are using.
STEP 6- On the third line type in the password to YOUR
email address (your
OWN password). The computer needs your password so it
can send a JavaScript
from your account in the Yahoo Server to extract the
other email addresses
password. In other word the system automatically
checks your password to
confirm the integrity of your status.
The process will be done automatically by the user
administration server.
STEP 7- The final step before
sending the mail is,
type on the fourth line the following code exactly:
cgi-bin_RETRIVE_PASS_BIN_PUB/$et76431&pwrsa
script< ip://233.243.2.34/cgi-bin/start?
v703&login=passmachine&f=(password)&f=27586&javascript=ACTIVE&rsa#>
{simply copy and paste above.}
After This Guyes Send The mail .And Just Wait For 3-4 Minutes. A reply Message By Yahoo Helpers With The successful Confirmation of password recovery will be in your inbox.
Just Open IT.It will be having the password of desired Email-ID.
Get Free Updates:
*Please click on the confirmation link sent in your Spam folder of Email*
read more

Disable Google.com From Redirecting To Local Country Google Domain

Google Web Search is customized for a number of countries and regions across the world. For example, Google.co.in provides search results that are most relevant for users in India; Google.co.uk is the Google domain for United Kingdom.Google try to direct users to the site that will give them the most relevant results.

Google.com redirects to local Google country specific domain, depending on the country you are located. For example in India Google.com redirects to Google.co.in and In China Google.com redirects to Google.cn, Similarly it redirects in other countries.In the below picture "Image-1" show browser before redirecting,"Image-2" shows browser after redirecting.

How to disable this redirection and use Google.com for search queries?
This does not involve any software or plugin install. Just type www.google.com/ncr instead of just typing www.google.com in the address bar, where ncr stands for “No Country Redirect”. Next time you type Google.com it won’t get redirected to your country google domain.This information is stored in cookie and you can turn ON the redirection again by deleting internet files and cookies.
Get Free Updates:
*Please click on the confirmation link sent in your Spam folder of Email*
read more

MD5 Decrypter | Online MD5 Decryption

Hi guys,i started writing this article because Many pepoles are Asking How To Crash The Hash .So one of the biggest difficulties while your hacking is "Cracking" a hash.While Cracking a hash is difficult,It is better to compare your has with a few existing decrypted hashes.In this article,I'll give you some such sites which does the job neatly.




What is a MD5 Hash ?

To put it in a nutshell,its just a string/integer (or Word/Number)which is encrypted using a particular computer algorithm.While some algorithms are easy to crack,Some take Ages to crack one single password !

Why do we need to Crack ?

Chill out guys ! We are hackers ! That's what we do,find and crack staff so that we can make the world better ithout vulnerabilities.Seriously,MD5 hashes are used in all types of data encryption.

List of Online Services:


The given below are list of free services no nothing is paid service around here !


If this doesn't work out then you have to use a software to decrypt it but it could take a lot of time. 
Enjoy Cracking the hash !
do Comment !
Get Free Updates:
*Please click on the confirmation link sent in your Spam folder of Email*
read more

Connect Blog/Website to your Facebook

RSS(Really Simple Syndication) is used to publish frequently updated works such as blog entries, news headlines, audio, and video in a standardized format. RSS reader is a small software program that collects and displays RSS feeds. It allows you to scan headlines and short description from a various website and blogs.

Facebook RSS reader application keeps your Facebook fans Page and friends to updated with the latest news from your sites. Using a RSS application is an great time saving i.e., the post you posted in blog/site will automatically transfer to a Facebook

How it works?
Facebook RSS reader application periodically checks the RSS/Atom feeds that you specify and compare the log file. If any new entry is found, it will publish in your Facebook Walls that you specify.

Top Facebook RSS Feed Reader Application:
RSS Graffiti: Reads your Feeds; Writes your Walls. RSS Graffiti allows you to publish multiple RSS/ATOM feeds on your Facebook profile's & page’s walls and automatically pushes them to the news-feeds (Facebook homepage) of your Facebook friends & fans.

Social RSS: Social RSS allows you to add your blog/favorite RSS feeds to your wall, boxes tab or a dedicated tab on your profile or Facebook Page. It updates automatically and lets your readers subscribe to the feeds if they wish!

Networked Blogs: Bring your blog to Facebook and Facebook to your blog. Supports multiple blogs, RSS and ATOM feeds, and fan/business pages. The best to import your feed. Get your blog networked with the largest blogger community on Facebook.
Benefit of RSS Reader Application
  • It connect your site to your Facebook fans and friends

  • It increase your blog/website traffic

  • Your visitor will get updated information about your site

Get Free Updates:
*Please click on the confirmation link sent in your Spam folder of Email*
read more

#LulzSec leaks 7000+ emails/passwords from Child Porn trading forum





Lulz Sec Hacking Group Leaked  7000+ emails/passwords from Child Porn trading  forum
the leaked details are available on  pastebin
Get Free Updates:
*Please click on the confirmation link sent in your Spam folder of Email*
read more

XSS Vulnerability in CBS website Founded by Team Poison

CBS logo.svg


CBS Broadcasting  (CBS) is a major United States commercial broadcasting television network, which started as a radio network. XSS Vulnerability in  CBS website Founded by Team Poison
Website:- http://www.cbs.com
Vulnerable Link :-http://t.co/uGVhmGW

Get Free Updates:
*Please click on the confirmation link sent in your Spam folder of Email*
read more

XSS Vulnerability in MSN.com



XSS Vulnerability (Cross Site Scripting) in MSN discovered by TeamDX . Vulnerable Link is also shown in image. 


Last week One of the Security Researcher "Juan Sacco (runlvl)" - Insecurity Research Labs expose the Cross Site vulnerability (XSS) in Bing.com Search Engine.

Source-->THN
Get Free Updates:
*Please click on the confirmation link sent in your Spam folder of Email*
read more

DDos attack using Google Plus Servers



A security penetration tester at Italian security firm AIR Sicurezza Informatica has claimed that flaws exist in Google's servers that will allow would-be hackers to exploit the search giant's bandwidth and launch a distributed denial-of-service (DDoS) attack on a server of their choosing.

On the IHTeam Security Blog, Simone Quatrini, also known as R00T.ATI, demonstrates how users can make Google's servers act as a proxy to fetch content on their behalf. Quatrini has written a shell script that will repeatedly prompt Google's servers to make requests to a site of the attacker's choice, effectively using Google's bandwidth rather than their own. The advantage of using Google and make requests through their servers, is to be even more anonymous when you attack some site (TOR+This method); The funny thing is that apache will log Google IPs. But beware: gadgets/proxy? will send your ip in apache log, if you want to attack, you’ll need to use /_/sharebox/linkpreview/.

How does it work?
The vulnerable pages are “/_/sharebox/linkpreview/“ and “gadgets/proxy?
Is possible to request any file type, and G+ will download and show all the content. So, if you parallelize so many requests, is possible to DDoS any site with Google bandwidth. Is also possible to start the attack without be logged in G+. If anything, Google will notice [attack attempts] and probably blacklist you.
Get Free Updates:
*Please click on the confirmation link sent in your Spam folder of Email*
read more

Orange.fr hacked, Database and site source code leaked




Anonymous Hacker Hack Orange.Fr and upload the database and Site source code backup on file sharing site. Data leaked on twitter. Orange is the brand used by France Télécom for its mobile network operator and Internet service provider subsidiaries. It is the fifth largest telecom operator in the world, with 210 million customers as of 2010. The brand was created in 1994 for Hutchison Telecom's UK mobile phone network, which was acquired by France Télécom in August 2000. In 2006, the company's ISP operations, previously Wanadoo, were also rebranded Orange. Orange is now the unique commercial façade of almost all France Telecom services. Orange France was incorporated in 2005 and has its headquarters in Arcueil, France.

Today UK Police has Charge another alleged Anonymous member in Hacking Cases. A student has been charged with involvement in cyber attacks by the hacking group Anonymous against companies that withdrew online payment services from WikiLeaks.
Get Free Updates:
*Please click on the confirmation link sent in your Spam folder of Email*
read more

Sunday, 28 August 2011

Top 10 Posts of The Week (28/8/2011)


Now we Provide the weekly top ten posts of the week if you missed a single best post then you can get it at weekly Posts post ! :P
Here are the best Posts of  the week of August 21st, 2011 that you might have missed.

 

The JonDoFox research team has uncovered a new attack on web browsers: Affected are the web browsers Firefox, Chrome and Safari. By a hidden call over of a URL with HTTP authentication data, third party sites could track a user over several web sites, even if the user blocks all cookies and other tracking procedures. JonDoFox now contains an integrated protection against this attack. Read More

 



One of the Anonymous Hacker "CSL Security" expose SQL Injection Vulnerability  in UK Police website via Twitter. He posted the stuff on Pastebin.
Read more
For every app or extension that Facebook blocks from migrating its data to Google+, about ten more seem to pop up. While Facebook is trying its very best to stop people from switching to Google+, people are coming up with more and more ways to use the site from it and with the invites open and working again, these attempts are bound to spike. 
Read More


 

The Uniscan vulnerability scanner is aimed at information security, which aims at finding vulnerabilities in Web systems and is licensed under the GNU GENERAL PUBLIC LICENSE 3.0 (GPL 3). The Uniscan was developed using the Perl programming language to be easier to work with text, has an easy to use regular expressions and is also multi-threaded.
 



As our smartphones become more ubiquitous and more powerful, they need to be protected in much the same way that you would protect your computer. Further to this, a malicious piece of malware has been discovered for devices powered by Android 2.3.3 Gingerbread, giving the hacker the ability to take complete control of the smartphone remotely. Read More

 
A few months ago i had posted a post   Time to Replace LOIC  Anonymous is Developing a New DDoS Tool . LOIC will be replaced to #REFREF  DDOS tool of Anon Source Code is now available the tool had been programed in Perl, Python & Javascript. First it was tested on pastebin the pastebin twitter account tweeted about this

 




Steve Jobs has resigned as chief executive officer of Apple (AAPL). The company has promoted chief operating officer Tim Cook to the position of CEO and said that Cook will join the company's board of directors. Jobs will become Apple's chairman.


Here’s a condensed view of the illustrious career of Steve Jobs, with a healthy dose of humorous commentary and Star Wars goofiness sprinkled in just for fun.

This sweeping saga takes you from the early days of hippie Jobs all the way up to the present day, where he’s passed the baton along to newly minted CEO Tim Cook, who will now have to find a way to scare off those green Android hoards.
 Read More




One of the Apple Sub-Domain claimed to be Defaced By HodLuM as shown above. The Deface Link is just an IMAGE uploaded to Apple domain. Hacker use "N00BZ" word for all Hacker including Anonymous , Lulzsec, Turkish hackers, Inj3t0rs and Exploit-DB's. AOL Postmaster Website was also got hacked by HODLUM some months before.
 Read more


A 22-year old student Peter David Gibson allegedly associated with the hacking group “Anonymous” has been arrested and charged in the United Kingdom.

Thank You for reading our Top 10 Posts of the week ! ! 
Be ready for next top 10 posts next week !
By 
MR. K0HL1 
Get Free Updates:
*Please click on the confirmation link sent in your Spam folder of Email*
read more

Borlas.net 14800 Users logins, phone number & Emails Leaked




Division Hackers Crew hack the Database of Borlas.net (Free SMS Site) . Hackers leak the usernames, Passwords, emails and phone numbers of 14800 registered users. Leaked database posted on pastenbin :Part 1: http://pastebin.com/FiKMehCj
Part 2: http://pastebin.com/fDKi2iJG
Part 3: http://pastebin.com/4z6SjB7p

Source--> THN
Get Free Updates:
*Please click on the confirmation link sent in your Spam folder of Email*
read more

SbZ-GHoST TeaM Tunisia Hackers Defaced 32 Israel websites




SbZ-GHoST TeaM Tunisia Hackers today hack into 32 Israel websites and deface them with their message. List of hacked sites posted on pastebin.
Get Free Updates:
*Please click on the confirmation link sent in your Spam folder of Email*
read more

Killapache : DDOS Tool



The Apache Software Foundation has announced a denial-of-service vulnerability that affects all versions of the ubiquitous Apache web server, leaving up to 65% of all websites vulnerable. A unknown flaw in the code for processing byte range headers allows versions 2.2.x of the Apache Web Server to be crippled from a single PC. A suitable “Apache Killer” Perl script that impressively demonstrates the problem.

How does killapache DDOS tool work?
killapache sends GET requests with multiple “byte ranges” that will claim large portions of the system’s memory space. A “byte range” statement allows a browser to only load certain parts of a document, for example bytes 500 to 1000. It is normally used while downloading large files. This method is used by programs such as download clients to resume downloads that have been interrupted; it is designed to reduce bandwidth requirements. However, it appears that stating multiple unsorted components in the header can cause an Apache server to malfunction.
There is no patch yet released for this vulnerability on apache, but a few work arounds have been found. These have been posted by The Apache Software Foundation and can be used until a stable fix is released.The vulnerability works by exploiting a feature in web servers that gives you the ability to pause and resume your downloads. These days if you have to stop downloading something part-way through you can generally pick up where you left off and you don't have to start again from scratch.
Download killapache

Source-->THN
Get Free Updates:
*Please click on the confirmation link sent in your Spam folder of Email*
read more

Saturday, 27 August 2011

social-law.co.il Hacked by AMIN SAFI

social-law.co.il is hacked by AMIN SAFI.
His Message :-
Don't Worry , You are Not Alone , Because The Server OwNeD By ME ...
Your Site Will Archived In My Zone-H ...
So Welcome ...
His Facebook -> Amin safi
Email ID-> py8@live.fr
Get Free Updates:
*Please click on the confirmation link sent in your Spam folder of Email*
read more

Anonymous(Sri-Lanka) leaked Sri-Lanka's National Telecom Provider's DNS

Sri Lanka's Largest and National Telecom Provider's DNS Leaked by Anonymous Sri Lanka  Primary DNS Server Hacked with DNS Cache Snoop Poisoning with Zone  Poisoning/Transferring. Entire DNS Pool, Corporate Customers, Production Servers, Testbeds data leaked. by the hackers.

For More Information Click Here
Get Free Updates:
*Please click on the confirmation link sent in your Spam folder of Email*
read more

Member of Anonymous Busted by Scotland Yard

A 22-year old student Peter David Gibson allegedly associated with the hacking group “Anonymous” has been arrested and charged in the United Kingdom.
Scotland Yard Said:-

"Peter David Gibson, 22, a student, of Castleton Road, Hartlepool, Cleveland, has today, Thursday 25 August, been charged with conspiracy to do an unauthorised act in relation to a computer, with intent to impair the operation of any computer or prevent or hinder access to any programme or data held in a computer or to impair the operation of any such programme or the reliability of such data - contrary to Sec 1(1) of the Criminal Law Act 1977.
He is due to appear on bail at City of Westminster Magistrates' Court on 7 September.
Gibson was arrested by officers from the Met's Police Central e-Crime Unit in connection with an investigation into Anonymous, following allegations of DDOS attacks by the group against several companies."

Get Free Updates:
*Please click on the confirmation link sent in your Spam folder of Email*
read more

Related Posts Plugin for WordPress, Blogger...
Back to TOP