Cyber News & Culture

Awesome Photo of iPhone 5

2012-09-12T20:33:00.004-07:00

Top 10 Infamous Student Hackers Ever

2012-09-10T03:51:00.002-07:00

1.) Sven Jaschan:

In the words of one tech expert, “His name will always be associated with some of the biggest viruses in the history of the Internet.” The viruses: the Sasser and NetSky worms that infected millions of computers and have caused millions of dollars of damage since their release in 2004. The man behind the viruses proved to be not even a man at all, legally. Seventeen-year-old hacker Sven Jaschan, a student at a computer science school in Germany, claimed to have created the viruses to become a hero by developing a program that would eradicate the rampaging Mydoom and Bagle bugs. Instead he found himself the subject of a $250,000 bounty courtesy of Microsoft, for which some of his classmates turned him in.

2.) Jonathan James:

In 2000, at the age of 16, James, or “C0mrade” as he was known in the hacker community, infamously became the first juvenile federally sentenced for hacking. The targets of his notorious hack jobs were a wing of the U.S. Department of Defense called the Defense Threat Reduction Agency, NASA, and the Marshall Space Flight Center in Huntsville, Ala. (By hacking the latter James gained the ability to control the A/C in the International Space Station.) All of these were pulled off “for fun” while James was still a student at Palmetto Senior High in Miami. Unfortunately, the fun ran out when James was tied into a massive identity theft investigation. Though insisting he was innocent, James took his own life, saying he had “no faith in the justice system.”

3.) Michael Calce:

Yahoo. CNN. Ebay. Amazon. Dell.com. One by one in a matter of days, these huge websites crashed at the hands of 15-year-old Canadian high school student Michael Calce, aka “MafiaBoy.” Armed with a denial-of-service program he called “Rivolta” that overloaded servers he targeted, the young hacker wreaked $7.5 million in damages, according to court filings. Calce was caught when he fell victim to a common ailment of teenage boys: bragging. The cops were turned on to him when he began boasting in chat rooms about being responsible for the attacks. On Sept. 12, 2001, MafiaBoy was sentenced to a group facility for eight months on 56 counts of cybercrime.

4.) Kevin Mitnick:

Before performing hacks that prompted the U.S. Department of Justice to declare him “the most wanted computer criminal in United States history,” Kevin Mitnick had already made a name for himself as a hacker in his school days, first at Monroe High School in LA and later at USC. On a dare, Mitnick connived an opening into the computer system of Digital Equipment Corporation, which some fellow hackers then used to steal proprietary source code from the company before ratting on him. While still on probation for that crime, Mitnick broke into the premises of Pacific Bell and had to go on the run from police in the aftermath, during which time he hacked dozens of systems, including those of IBM, Nokia, Motorola, and Fujitsu.

5.) Tim Berners-Lee:

“Scandalous” is a synonym for “infamous,” and for this legendary computer scientist, knight of the British Empire, and inventor of the World Wide Web to have been a hacker in his school days is certainly a juicy factoid. During his time at Oxford in the mid-’70s, Sir Tim was banned from using university computers after he and a friend were caught hacking their way into restricted digital areas. Luckily by that time he already knew how to make his own computer out of a soldering iron, an old TV, and some spare parts. And also luckily for him, he will always be revered as the father of the Internet.

6.) Neal Patrick and the 414s:

In the early ’80s, hacking was still a relatively foreign concept to most Americans. Few recognized the enormous power hackers could hijack with a few strokes on a keyboard, which explains why a young group of hackers known as the 414s (after a Milwaukee area code) were virtual celebrities after they hacked into the famous Los Alamos National Laboratory, the Memorial Sloan-Kettering Cancer Center, and elsewhere. While today hacking a lab where classified nuclear research is conducted could earn you a one-way ticket to Guantanamo, the 17-year-old ringleader and high school student Neal Patrick was on the cover of Newsweek. The group members got light sentences but prompted Congress to take a stronger role in cybercrime.

7.) Robert T. Morris:

The first ever Internet worm, the Morris Worm derived its name from Cornell grad student Robert Tappan Morris. In 1988, Morris released the worm through MIT’s system to cover his tracks, which would seem to contradict his claims that he meant no harm with it. But that’s exactly what resulted: the worm spread out of control, infecting more than 6,000 computers connected to the ARPANET, the academic forerunner to the World Wide Web. The damages reached as high as an estimated $10 million, and Morris earned the ignominious distinction of being the first person prosecuted under the Computer Fraud and Abuse Act. Morris got community service but was apparently not considered too infamous to be offered his current job as a professor at MIT.

8.) George Hotz:

To some, George Hotz (aka “geohot,” aka “million75,” aka “mil”) is a public menace, a threat to electronic businesses everywhere. To many, Hotz is a hero. The high-schooler shot to fame/infamy in 2007 at the tender age of 17 by giving the world its first hacked, or “jailbroken” iPhone. He traded it for a new sports car and three new iPhones, and the video of the hacking received millions of hits. Apple has had to grudgingly come to terms with jailbreaking, seeing as the courts have declared it legal, but Sony Corp. is definitely not OK with such tampering. When Hotz hacked his PlayStation 3 and published the how-to on the web, the company launched a vicious lawsuit against him. In turn, the hacker group Anonymous launched an attack on Sony, stealing millions of users’ personal info.

9.) Donncha O’Cearbhaill:

According to the FBI, this 19-year-old freshman at Trinity College Dublin is one of the top five most wanted hackers in the world. Well, he was; now that he’s been arrested he’s not really “wanted” anymore. The Feds contend the young man is a VIP member of the Anonymous and LulzSec hacking groups that have already been mentioned and whose targets have included the FBI, the U.S. Senate, and Sony (in the Hotz backlash). It seems “Palladium” (O’Cearbhaill) took the liberty of listening in on a conference call between the FBI and several international police forces who were discussing their investigations of the hacking groups. He could be sentenced to up to 15 years in prison if convicted for that hack alone.

10.) Nicholas Allegra:

Just as George Hotz moved on from the Apple hacking game, Brown University student Nicholas Allegra is also hanging up his jersey. “Comex,” as he is known to millions of rooted iPhone fans, created the simple-to-use Apple iOS jailbreaking program JailbreakMe in 2007 and has since released two newer versions of it. However, Comex seems to have gone over to the dark side, accepting an internship with the very company whose products he became famous exploiting. Still, Allegra’s hacking skills are so advanced (one author puts him five years ahead of the authors of the infamous Stuxnet worm that corrupted Iran’s nuclear facilities) and so many people availed themselves of his talents, he will forever live in hacking infamy.

thehackernews.com

Download Bitdefender Safebox 1.0

2012-03-17T05:48:00.000-07:00

Bitdefender Safebox 1.0

These days, people work across a variety of different platforms: computers, mobile phones and tablets. Ensuring the latest version of your data travels with you can be tricky if you rely on manually copying it between devices, which is why so many of today’s cloud-based backup tools also work by synchronising data between supported devices.

Online backup solutions are ten-a-penny these days, which is why Bitdefender’s Safebox feels like it’s a little late to the party. It works on Windows and Android, with iPad and iPhone support coming shortly, and offers 2GB free online storage space, with paid-for solutions offering up to 60GB of online storage a year.

It’s simple enough to use: install the free app, sign up for a free account, log in and then start selecting which files you want to back up. Once selected, initial copies are uploaded to your secure online account – encrypted of course – ready for synchronising to other computers and devices (just sign in with the same account details, then choose what to sync), accessing via a web browser (log in at https://my.bitdefender.com/en_us/safebox), or sharing securely with selected others, such as family and friends.

It’s all very efficient – changes to files are immediately uploaded to the server, and you can easily restore previous versions of files simply by right-clicking the file in Windows itself. The user interface is simple and uncluttered and it does what it says on the tin.

Unfortunately, so do so many other online backup services, and there’s nothing here to make Bitdefender Safebox stand out from the crowd. Most other services offer the same sync, share and backup tools, encrypt your data, work across multiple platforms (including Mac) and offer free accounts – in the case of AVG LiveKive and SugarSync, you get 5GB, while the forthcoming Windows 8 will have Windows Live SkyDrive built right into the interface, which currently offers up to 25GB free storage, admittedly most of which is currently only accessible through your web browser.

What Safebox does have going for it is simplicity, but it’s not enough on its own to make it the must-have cloud backup product, particularly if you’re already signed up with someone else. via downloadcrew

Download Bitdefender Safebox 1.0 for Windows

Download Bitdefender Safebox 1.0 for Android

How To Install Windows 8

2012-03-03T06:35:00.002-08:00

How To Install Windows 8 - I spent almost the entire day playing around with Windows 8 and finally installed it on all the three machines that I have – two of them were previously running Windows 7 while the third one is an iMac running Mac OS X Lion. Everything just worked without any issues.

The first Windows machine is sort of test machine and I therefore installed Windows 8 as the primary OS on that machine overwriting Windows 7. All my previous files, Windows settings and programs were preserved and it was quite an effortless installation.

The second Windows machine is my primary computer, the one that I am using to write this story inside Windows Live Writer, and I therefore installed Windows 8 on another partition (dual-boot setup). Thus my existing Windows 7 installation is not modified in any way while I can switch to Windows 8 anytime with a simple restart.

In the case of iMac, I created a new NTFS partition and installed Windows 8 using Boot Camp. The metro tiles of Windows 8 on the 27” iMac look absolutely gorgeous and the Apple keyboard and Magic Mouse also work inside Windows 8.

Finally, I installed Windows 8 as a Virtual Machine inside Windows 8 itself just for the purpose of recording the Windows 8 installation procedure.

Windows 8 Installation Guides

If you haven’t tried Windows 8 yet, you should consider doing that now because Windows 8 looks fresh, beautiful and definitely brings that “wow” effect. It’s a beta version but after using it for about a day, I found it stable though the new UI might involve a bit of learning curve.

The best part is that setting up Windows 8 is extremely easy and the installation procedure won’t take more than 15-20 minutes. Should you be interested, I have written several detailed guides that will walk you through the installation steps in either of the above scenarios – pick one that best fits your workflow and get going.

How to Install Windows 8 as a Virtual Machine (using Oracle’s VirtualBox)
How to Install Windows 8 on a Mac (using Apple’s Boot Camp)
How to Install Windows 8 alongside an older version of Windows (Dual boot)
How to Upgrade your Computer to Windows 8 (Overwrite mode)

How To Install Windows 8

Windows 8 Installation Guides | labnol

Nessus 5.0 Vulnerability Scanner Releases

2012-02-17T04:31:00.000-08:00

Nessus 5.0 Vulnerability Scanner

Tenable Network Security announced Nessus 5.0 vulnerability and configuration assessment solution for enterprises and security professionals. Nessus version 5.0 introduces key features and improvements, separated into the four major phases of the vulnerability scanning process:

Installation and management (for enhanced usability) - Nessus 5.0 simplifies the installation and configuration for non-technical users. Configuration and management: Nessus v5.0 configuration and management is now done 100% through the GUI

Scan policy creation and design (for improved effectiveness) - Users now enjoy improved effectiveness when creating scan policies. Over two dozen new pre-built plugin filters make it easy for security and compliance professionals to simplify policy creation for laser-focused scans on the areas that matter most. Users can quickly select multiple filter criteria, such as, Vulnerability Publication Date, public vulnerability database ID (OSVDB, Bugtraq, CERT Advisory, and Secunia), Plugin type (local or remote), information assurance vulnerability alert (IAVA), and more, to quickly identify easily-exploitable vulnerabilities.Scan for all easily remotely-exploitable vulnerabilities for which there is an exploit published in your favorite exploit framework.

Scan execution (for improved efficiency) - Users can take advantage of real-time scan results, on-the-fly filtering and sorting, and streamlined results navigation. A new vulnerability summary and redesigned host summary make it easy to see risk level without even running a report. As the scan is being run, not only can you see the results as they are being gathered, but navigate and filter on them as well. This allows you to easily act upon the vulnerability data while the scan is happening.

Report customization and creation (for improved communication with all parts of the organization) - New reporting features allow for improved communication of vulnerability results with all parts of the organization:Results filtering and report creation: Results filtering and report creation is more flexible than ever before. Users can apply multiple result filtering criteria, and targeted reports can be generated against the filtered results. Reports can be generated in native Nessus formats, HTML, and now PDF formats, Multiple report templates can be combined into one report.

Nessus 5.0 Installation Guide and Download Nessus 5.0 via | thehackernews

xSQL Scanner, Advanced SQL Audit Tool

2012-02-17T04:23:00.002-08:00

xSQL Scanner is a advanced SQL audit tool that allows users to find weak passwords and vulnerabilities on MS-SQL and MySQL database servers.

The objective of xSQLScanner is to assist the Security Analyst or Penetration Tester in auditing the security of MS-SQL and MySQL database servers.

xSQL Scanner, Advanced SQL Audit Tool

Features :

Test for weak password fast;
Test for wear/user passwords;
Wordlist option;
Userlist option;
Portscanner
Range IP Address audit and more.

Windows – xsqlscanner-1.2.zip

Linux – xsqlscan-mono.tgz

Or read more here. via | darknet

Download Firefox 11 Beta

2012-02-04T09:17:00.000-08:00

Firefox 11 Beta

Firefox Beta is the build for those who like a little bit of jeopardy, but who don’t want to risk everything by trying out Firefox Aurora, the early alpha build of Firefox. Firefox Beta gives you a sneak peek at the next version of Firefox six weeks ahead of its final release, offering a relatively stable build that’s not quite ready for primetime, but still pretty solid.

Whereas Firefox Aurora installs as a completely separate application alongside your existing Firefox installation, Firebox Beta will replace the stable build. Should you subsequently wish to go back to the safer version, you’ll need to manually download the stable version and install it over the top of the beta build.

Confirm which build you have by selecting About Firefox from the Firefox menu or button (it’s inside the Help menu if using the Firefox button).

There’s not an awful lot to get excited about with Firefox 11 Beta. Firefox Sync now tentatively supports synchronising add-ons in addition to all your other settings – you’ll see Add-ons appear as an additional option when choosing exactly what to sync from the Firefox Sync Setup menu.

Support for importing data from Chrome has also been partially implemented in the form of cookies, history and bookmarks – you’ll see the option appear when you open the Bookmarks Library and choose Import and Backup > Import Data from another Browser.

Developers will also welcome the addition of two new tools in addition to the raft of extras first introduced in Firefox 9 – these are a Style Editor for tweaking CSS settings on the fly, and a new 3D view (Tilt) for Page Inspector. via downloadcrew

Download Firefox 11 Beta for Windows

Download Firefox 11 Beta for Linux

Download Firefox 11 Beta for Mac

Wordpress Plugin Easy Comment Uploads Vulnerability

2012-01-20T00:16:00.000-08:00

Wordpress as you might know is one of the most widely used blogging platforms, As a reason of which it has became the favorite target of hackers. Wordpress itself is quite secure, however the plugins make it unsecure resulting in hack attacks, data loss etc, when they are created the developers do not think of the security or do not know how to write the secure code, hence skipping lots of necessary checks making the plugins vulnerable to attacks like SQLInjetion, Remote File inclusion etc.

One of those popular vulnerable plugin is Easy Comment Upload plugin, The version 0.61 and prior versions are affected with Arbitrary File Upload Vulnerability. The plugin fails to check the upload file type as a reason of which it can be exploited by uploading a Phtml file.

Easy Comment Upload plugin

Wordpress Plugin Easy Comment Uploads Vulnerability

There are thousands of wordpress blogs still vulnerable to this attack. The vulnerability can be fixed by updating the wordpress easy comments plugin to version 0.71.

If you want to know more about Protecting your wordpress blog from hackers you can refer the following posts, If you still think your blog is vulnerable drop me an email and I will perform a security assessment on your blog. via | rafayhackingarticles

Mozilla Seeks Designers

2012-01-07T07:11:00.000-08:00

Badges for Learning competition

Design digital badges for NASA, Intel, Disney-Pixar, the U.S. Department of Education and other leading organizations in the “Badges for Learning” competition. Deadline for entries is January 17.

Help the world level up with NASA, the MacArthur Foundation and Mozilla.

Mozilla is seeking designers and developers to participate in the $2 million “Badges for Learning” competition. Participants will have the chance to design digital badges for more than 60 different leading organizations, all aimed at providing recognition for learning that happens on the web or outside of school.

Winners will receive funding from the MacArthur Foundation to make their designs a reality, plus the opportunity to collaborate with Mozilla and other leading organizations in education, industry and government.

The goal: supercharge 21st century learning by building a free, open source badge system that helps people around the world use the Web to gain new skills and level up in their life and work.

Learn more or get involved here.

Predictions for Google 2012

2011-12-31T06:13:00.000-08:00

Predictions for Google 2012

Last year's predictions weren't that great (the predictions for 2010 were better), but predicting the future is an addictive game, so I'll try again. Here are my predictions for 2012:

1. Oflline Google stores that will sell Chromebooks, Android phones, Google TV boxes, Google-branded shirts and more.

2. Google Music will become a subscription service.

3. Google will focus on improving the quality of Android apps. It will offer better tools for creating consistent user interfaces, it will review some of the new apps and applications will be able to request additional permissions after they've been installed.

4. Google Games - a new service for multiplayer games that will combine the best games for Chrome, Android and Google+, while syncing your data, ranking users and allowing you to challenge your friends.

5. A new music editing online service that will only work in Chrome (and probably other Chrome-only services).

6. ARM Chromebooks (notebooks and tablets) and ARM Google TV boxes will be cheaper and more successful.

7. Google+ will have at least 300 million users at the end of 2012 and will incorporate many existing Google apps. Google will aggressively promote the service and will even integrate it with Chrome.

8. Google Instant Answers - an improved OneBox that will offer some of the detailed answers that are available in Wolfram Alpha.

9. A virtual assistant for Android that will be more powerful than Siri and it will also be available in the desktop Google interface as an upgrade for voice search. Google will get better at supporting natural language queries.

10. Google's navigation menu will be customizable and the notification box will support new services.

11. The first Google-branded Motorola phones and tablets.

12. Google search results personalized based on information from your calendar, Google+ posts, the apps you install etc.

13. Google Doodle Creator - a service that lets you create a doodle and share it with your friends.

14. Image Search will be able to analyze images and recognize multiple objects and people.

15. Chrome Web Store apps and extensions for Android.

16. YouTube's HTML5 player will become the default player.

17. YouTube's new TV-like channels will combine some of the best videos that are available.

18. The largest fine in Google's history.

19. Blog commenting service powered by Google+.

20. Google+ Answers service replaces Aardvark.

21. An online Chrome dashboard will let you access your data (bookmarks, passwords, apps) even when you don't use Chrome.

22. Better Google Docs for tablets, Google Drive - a new name for the Google Docs list, apps for syncing files and more free storage.

source : googlesystem

DNS Cache Poisoning Attack on Google, Yahoo, Apple

2011-12-06T05:34:00.001-08:00

DNS Cache Poisoning Attack on Google, Yahoo, Apple

Hacker with nickname AlpHaNiX deface Google, Gmail, Youtube, Yahoo, Apple etc domains of Democratic Republic of Congo. Hacker use strategy so-called DNS cache poisoning.

DNS cache poisoning is a security or data integrity compromise in the Domain Name System (DNS). The compromise occurs when data is introduced into a DNS name server's cache database that did not originate from authoritative DNS sources. It may be a deliberate attempt of a maliciously crafted attack on a name server.

DNS Cache Poisoning Attack

Hacked websites are :

http://apple.cd/
http://yahoo.cd/
http://gmail.cd/
http://google.cd/
http://youtube.cd/
http://linux.cd/
http://samsung.cd/
http://hotmail.cd/
http://microsoft.cd/

Source

Bitdefender Carrier IQ Detector

2011-12-05T05:20:00.000-08:00

The deeply integrated Carrier IQ software on mobile devices has made the rounds lately. Check out this introductory post for detailed information about Carrier IQ. The technology has recently been discovered on Android and Apple smartphones in a way that the discoverer called rootkit-like. Users have a hard time finding out if Carrier IQ is running on their phone, and virtually no possibility of finding out which data it collects or transfers. To top it all off, there is no native option to disable Carrier IQ from running on the phone.

If you are like me, you’d probably want to know if a program that can virtually access all data on the phone is running on it and with which server and companies it communicates.

Bitdefender Carrier IQ Finder is a new program for Android mobile phones by Bitdefender that can be used to find out if the technology is running on a phone.

Android users need to download the application from Android Market where it is available for free. The app has been designed to detect Carrier IQ on Android phones. It cannot remove the technology nor detect or remove malicious software from the phone.

Android users can point their browsers to the Bitdefender carrier IQ Finder market place listing to install the program directly from there. It is necessary to be logged in a Google account to install the app.

The app will search for traces of Carrier IQ on the phone on start up.

Bitdefender Carrier IQ Detector

A red screen after the scan indicates that Carrier IQ has been found running on the system, a green screen that the technology has not been found on the smartphone.

What can you do if Carrier IQ has been found on your phone? It may be virtually impossible to remove the technology completely from the phone. You could contact your carrier for additional information about the technology. (via)

Carrier IQ, Your Android Might Record Your Activities

2011-12-05T05:15:00.000-08:00

If you have never heard about Carrier IQ before you can rest assured that you are not the only one. Security researcher Trevor Eckhart published a research paper on Carrier IQ, a software that he discovered running on his HTC Android device, in mid November. Lets start at the beginning, and with a simple question: What is Carrier IQ.

Carrier IQ is a software that runs on more than 140 million mobile phones (according to information on the Carrier IQ website). It is a monitoring software that can track user activities and data, including their personal information, locations, network communications, phone calls, messages and a lot more.

A few aspects make the software especially suspicious from a consumer perspective. Carrier IQ is not listed as a running application on the phone. The software furthermore cannot be stopped or deactivated on standard phones.

The Carrier IQ company stated that the Carrier IQ software “delivers Mobile Intelligence on the performance of mobile devices and networks to assist operators and device manufacturers in delivering high quality products and services to their customers”.

How can you find out if Carrier IQ is running on your phone?

It’s almost impossible for users to find off switches, user interfaces, policies, or references to IQRD anywhere on the phone. Using standard functionality, the only place you can see that the application is installed on the phone is in Menu -> Settings -> Manage Applications -> All, then scroll down to IQRD. This application has a non-descript icon and offers no information about itself. Even on old devices, IQRD runs continuously because it’s set to start automatically at boot. The only option you have to stop the application is to select “force stop”—which does nothing. The application continues to run.

The only option to remove Carrier IQ is to root the phone:

The only choice we have to “opt out” of this data collection is to root our devices because every part of the multi-headed CIQ application is embedded into low-level, locked regions of the phones. Even if you unlock your device and remove the base application with a sophisticated removal method, neutered, leftover code called from other applications will likely throw an error each time an old action is triggered.

It’s almost impossible to fully remove Carrier IQ. The browser is modified to send to Carrier IQ daemon, as is almost everything else. The application is so deeply embedded in our devices that a user must rebuild the whole device (system.img and boot.img) directly from source code to remove every part of CIQ.

Eckhart only looked at Android devices, but it is likely that other phone manufacturers are also making use of Carrier IQ.

I suggest you take a look at the YouTube video that is a live demonstration of the Carrier IQ software by the security researcher himself.

I suggest you read the two detailed articles (What is Carrier IQ? and CarrierIQ Part 2 for a deeper understanding of the situation. (via)

Anonymous: We Hacked Cybercops Email

2011-11-28T07:14:00.001-08:00

Anonymous: We Hacked Cybercops Email

The Anonymous hacking collective's AntiSec group has launched a fresh assault on law enforcement agencies with the release of what they claim are personal emails stolen from a Californian cybercrime investigator.

The cache of emails – which according to AntiSec are from the account of Fred Baclagan, a retired special agent supervisor of the Californian Department of Justice – includes 30,000 emails detailing various computer forensic techniques and cybercrime investigation protocols.

The hacktivists claim to have hacked into Baclagan's Gmail account and to have accessed his voicemails and SMS message logs using unspecified techniques as part of their ongoing campaign against law enforcement officials and their "allies" in the computer security industry.

The email dump, released as a torrent last Friday in part of what has become the group's regular FuckFBIFriday release, is also said to contain personal information including Baclagan's home address and phone number.

"Possibly the most interesting content in his emails are the IACIS.com* internal email list archives (2005-2011), which detail the methods and tactics cybercrime units use to gather electronic evidence, conduct investigations and make arrests," a member of Anonymous said on a statement accompanying the release, adding that knowledge of these techniques will help hacktivists to develop better tradecraft and anti-forensic techniques.

"There are discussions about using EnCase forensic software, attempts to crack TrueCrypt encrypted drives, sniffing wireless traffic in mobile surveillance vehicles, how to best prepare search warrants and subpoenas, and a whole lot of clueless people asking questions on how to use basic software like FTP. In the end, we rickrolled the entire IACIS list, causing the administrators to panic and shut their list and websites down.

But Baclagan told the Huffington Post that he was nobody special in the Justice Department ... which is what he would say, of course. He said that he had specialised in identity theft before he retired last year. "I'm really just a nobody," he told the Post, "just a local investigator, not involved in anything dynamic or dramatic. ®

Bootnote

*IACIS is the International Association of Computer investigative Specialists, an volunteer-led non-profit organisation made up of law enforcement pros and geared towards developing and etching best practice in computer forensics. (via)

Earthquake Alerts via Internet

2011-11-28T06:58:00.001-08:00

The U.S. Geological Survey agency monitors earthquake activity around the world. It reports the geographic location and intensity of an earthquake and anyone can subscribe to this data through Twitter, RSS feeds and KML files for Google Earth.

Then there are desktop software like Quake Alert that poll the USGS website and will pop-up an alert as soon as a new “big” earthquake is reported anywhere in the world.

Get Earthquake Alerts for your Surrounding Areas

The Twitter and RSS feeds will report earthquake activity worldwide but if you are only interested in receiving email alerts for your own geographic region, you should use the Earthquake Notification Service.

Here you have a Google Map and all you have to do is draw a custom polygon over regions that you would like to monitor for earthquake activity. You can mark one or more regions on the map, set the notification magnitude threshold (like only send me alerts for earthquakes with magnitude of 5 and above) and save your profile.

Earthquake Alerts via Internet

The USGS website says that information for U.S. earthquakes is generally available within 2-8 minutes but for earthquakes outside the U.S., it may take up to 20 minutes to report the activity. Twitter may thus be a faster medium to get earthquake news but as USGS says – “it cannot provide quantitative data such as location and magnitude.” (via)

Largest DDOS Attack Hit Chinese

2011-11-25T05:45:00.001-08:00

Largest DDOS Attack Hit Chinese

A week-long DDoS attack that launched a flood of traffic at an Asian e-commerce company in early November was the biggest such incident so far this year, according to Prolexic, a company that defends websites against such attacks. The distributed denial-of-service attack consisted of four consecutive waves launched from multiple botnets between Nov. 5 and Nov. 12, 2011.

The attack on the unnamed organisation and its DNS provider happened between 5 and 12 November and reached 45Gbit/s at peak, equivalent to 69 million packets or 15,000 connections per second, way above the level that can be easily stemmed using standalone appliances, the company claimed. This attack was three times larger in packets per second volume than the biggest attack Prolexic has mitigated previously, which also occurred in 2011.

Prolexic technicians identified a randomised attack consisting of the largest volume of GET, SYN, ICMP, UDP and DNS floods launched in a single attack campaign this year. They identified that the attack was coming from botnets in multiple worldwide locations.In addition, unlike typical DDoS attacks that are coordinated from one geographic source, this attack was coordinated globally. via

KDE 4.8 Beta Released

2011-11-25T04:59:00.001-08:00

KDE 4.8 Beta

The KDE Community has released a first beta of version 4.8 of the KDE Software Compilation (KDE SC). Aimed at testers, the development preview of the next major update to the open source K Desktop Environment brings changes to the Plasma Workspaces, applications and underlying platform, as well as various performance and stability improvements.

KDE SC 4.8 Beta 1 includes support for Qt Quick in Plasma Workspaces. The device notifier widget, now written in pure QML, has been ported using the new Plasma Components – a standardised API implementation that has a "native Plasma Look and Feel". To improve performance and scalability, while updating its appearance, the file view in Dolphin has also been rewritten. The developers note that, as the API, dependency and feature freezes are in effect, the team is now focusing "on fixing bugs and further polishing new and old functionality".

Further details about the first beta can be found in the official release announcement and on the KDE SC 4.7.80 Info Page. Source code for self-compilation and binary packages for various Linux distributions are available to download from the project's web site. Users testing the release are encouraged to provide feedback and report any bugs that they find.

KDE is licensed under a combination of the LGPLv2, BSD, MIT and X11 licences for core libraries and the GPLv2 or GPLv3 for applications. The current stable release is KDE SC 4.7.3 from earlier this month. (via)

Download Linux Mint 12 (RC1)

2011-11-14T07:57:00.001-08:00

Download Linux Mint 12

Linux Mint founder and lead developer Clement Lefebvre has announced the arrival of a release candidate for version 12 of his project's Ubuntu-based Linux distribution, code-named "Lisa". The new edition has a GNOME 3 desktop with customisations that bring some of the look and feel of GNOME 2.

Last week, the Mint team announced that version 12 of the distribution will switch to GNOME 3 but continue to offer the familiar desktop environment to users. The developers do this via "Mint Gnome Shell Extensions" (MGSE), which add traditional desktop elements such as a start menu and window list at the bottom of the screen.

More details about the release candidate can be found on the New features in Linux Mint 12 page. Although the project's community site is still down for maintenance, ISO images of the release candidate can be downloaded from several mirror servers. (via | h-online)

Amazon's Kindle Fire Available Today

2011-11-14T07:14:00.001-08:00

Amazon's Kindle Fire

Now here’s a way to make a splash – Amazon’s much-hyped Kindle Fire tablet is available today, 24 hours earlier than the official release date. Meanwhile, the Kindle Touch and Kindle Touch 3G will be available six days early, shipping tomorrow.

In an announcement, Amazon says:

“We’re thrilled to be able to ship Kindle Fire to our customers earlier than we expected. Kindle Fire quickly became the bestselling item across all of Amazon.com, and based on customer response we’re building millions more than we’d planned,” said Dave Limp, Vice President, Amazon Kindle. “Customers are excited about Kindle Fire because it is a premium product at the non-premium price of only $199.”

The US-only release sees the cloud-centric 7-inch tablet available to purchase here. At the time of writing, shipping time is displayed as ’3-5 days’. It’s unclear whether this is due to first-day stock being entirely allocated or if the estimate will be updated to reflect the announcement. The Fire will face competition from Barnes & Nobles Nook Tablet.

In a separate press release, Amazon said it will be shipping its touchscreen versions of the classic Kindle in the US tomorrow – the WiFi-only version costing $99, the 3G alternative priced at $149. (via)

#AntiSec - We are still here

2011-11-13T04:20:00.001-08:00

iOS 5.0.1 Update Now Available to Install

2011-11-11T04:41:00.001-08:00

iOS 5.0.1 Available to Install

Today Apple released their first update to iOS 5 ahead of expectations. Among the usual bug fixes, this update brings aid to the dwindling battery life experienced by many owners of the iPhone 4S. Users of the beta have reported that the improvements have been ideal and they can make it through the day no problem. If you weren't lucky enough to test it out early, go run Software Update on your iPhone (Settings > General > Software Update) and get it right now. It took a few minutes for our phones to realize an update was available so be patient and don't worry—it's there. iPad 1 users will also be glad to know that the update brings back multitasking gestures—something that previously required a little hacking to enable.

Note: Jailbreakers should not upgrade until there's an iOS 5.0 downgrade option. Keep an eye on the iPhone Dev Team's blog and Twitter feed for progress updates.

iOS 5.0.1 Update Now Available to Install via Gizmodo

Anonymous talks about Anonymous

2011-11-10T07:19:00.001-08:00

Anonymous talks about Anonymous

HACKTIVIST GROUP Anonymous, or at least one part of it, has visited Reddit to discuss who it is, where it is and where it's going.

The section of the group that runs the AnonymousIRC Twitter account started the Reddit conversation earlier today, and it discussed things like: its leader - there isn't one; its motives - they are varied; and its members - which are legion.

There might be some disinformation sprinkled around in the conversation, such as the late mention that 9,000 people operate the Twitter account, but otherwise the Reddit session seemed frank and forthcoming. For example, discussing the real numbers behind the account, the group explained that it was managed by "More than one person," adding, "It's impossible to shut down the twitter by arresting a single person."

These is no money behind the group and there are no obvious monetary agendas. Fortunately for the group its methods are cheap, and effective. "We run on a very low budget," said on poster, "but 20 bucks is enough to take on the filthy leaders, fortunately :)".

These cheap and effective methods could lend themselves to attacks on any kind of organisation, like the Opcartel plans to take on a Mexican drugs cartel. This controversial move was backed by some camps and opposed by others. AnonymousIRC said that these Anons were "bold".

"We support them with all our heart, And oops, we may have some data on them which would be preferred to be undisclosed, according to them," it said. "It'll all get out, tho. Why? We do not need to fear Govt's OR Cartels. We're Anonymous and we're mad as hell." It added later, "OpCartel are some ballsy guys. We love them <3".

The disparate nature of the group - and this is just one out of many social media accounts associated with Anonymous, remember - should suggest that there are many disagreements, but it seems that while different sectors may carry out their own initiatives or random attacks, this is fine within the greater Anonymous consciousness.

"We cannot control or limit what some individual anon may do or not do. Neither it is our interest. An example: If some cop finds it funny to mace innocent girls, Internet crowd will hate him. Which will include his family, if that information is public. Like it or not, it's just what happens," one poster said.

"There is no individual Anon. We might agree or not, it does not matter much, though. Anonymous strives because its base is covered every where: Pacifists as well as Anarchists. And while they despise each others methods they still can work together. Isn't it beautiful?"

What might not be so beautiful is the use of the Guy Fawkes or V for Vendettamask that has become the face of the organisation, and one respondent seemed to want to distance the group from its use, or at least its connotations.

"The Guy Fawkes mask became a traditional symbol of Anonymous. We find that troubling for a number of reasons," he or she wrote.

"It's all down to Hollywood. Nobody of us would know of him if it wasn't for the movie. Possibly there was an evil plan. Let's calculate with that - not only to push Time Warners' profits. Most of us don't want to burn down the Parliament. And most of us don't want to throw money into TW's throat. So let us meet halfway."

Other symbols of leadership, such as Topiary who was arrested in the UK, are also dimissed as leaders, but not as personalities. "It does not matter whether Anonymous has a spokesperson or not, even less who that might me. Once you understand you realize it does not matter," adds the poster.

"Barrett Brown is not a spokesperson. Neither is Topiary btw. Or me. Or Sabu. Or whoever. We just keep on pounding the establishment until there is no more."

Majority approval is not necessary for a movement to succeed, but there is a tipping point for action that depends on the mood of the group. This may explain why an operation like that against Facebook was ignored, for technical reasons, but an assault on the Zetas drug cartel was not.

"Nobody within Anonymous can approve or reject any idea. Nobody has that authority. What happens is: Someone suggests a plan. Or an idea. Or an operation. If it is sound, other Anons will support it. If it isn't, it will be ignored. It's a bit like democracy except that it can be taken literally and it is actually working," they said.

"[Facebook] is hosted and backed by Akamai and Amazon, the largest backbone providers you have. It still is possible to screw them but it would take skill and determination. However, those involved in [it] said [the] Op lacked both. You cannot kill [Facebook] with LOIC obviously. Needs different stuff..." µ

Adidas Websites Hacked

2011-11-08T03:47:00.000-08:00

Adidas Websites Hacked

Adidas has been forced to take some of its main websites offline after a "sophisticated, criminal cyber-attack" that took place last week, the company said.

Adidas.com, reebok.com, miCoach.com and adidas-group.com all were taken offline, along with various local e-commerce sites, the company said in a statement Sunday.

At least two of the sites, adidas.com and miCoach.com, appeared to still be offline Monday evening. "Due to technical difficulties our website is currently not available," said a message at adidas.com.

The sportswear vendor first learned of the attack last Thursday, it said.

"Our preliminary investigation has found no evidence that any consumer data is impacted. But, while we continue our thorough forensic review, we have taken down affected sites ... in order to protect visitors to our sites," it said.

It didn't provide further details of the attacks or say who was responsible. A note on the miCoach website said Adidas hoped to have the site running again by the end of the day Tuesday. via

We Are Legion: The Story of the Hacktivists

2011-11-07T06:52:00.002-08:00

We Are Legion: The Story of the Hacktivists

#OccupyLondon : The Night of Thousand Masks

2011-11-05T06:33:00.001-07:00

#OccupyLondon : The Night of Thousand Masks

thehackernews.com : Anonymous Mask = "A symbol that unites them behind one universal message" . Activists plan to protest on 5th November ,2011 at Saint Pauls Cathedral London 9:00pm - 11:00pm. This going to be "The Night of Thousand Masks".

Message By Anonymous :

Good evening, London. Allow me first to apologize for this interruption. I do, like many of you, appreciate the comforts of every day routine- the security of the familiar, the tranquility of repetition. I enjoy them as much as any bloke. But in the spirit of commemoration, thereby those important events of the past usually associated with someone's death or the end of some awful bloody struggle, a celebration of a nice holiday, I thought we could mark this November the 5th, a day that is sadly no longer remembered, by taking some time out of our daily lives to sit down and have a little chat. There are of course those who do not want us to speak. I suspect even now, orders are being shouted into telephones, and men with guns will soon be on their way. Why? Because while the truncheon may be used in lieu of conversation, words will always retain their power. Words offer the means to meaning, and for those who will listen, the enunciation of truth. And the truth is, there is something terribly wrong with this country, isn't there? Cruelty and injustice, intolerance and oppression. And where once you had the freedom to object, to think and speak as you saw fit, you now have censors and systems of surveillance coercing your conformity and soliciting your submission. How did this happen? Who's to blame? Well certainly there are those more responsible than others, and they will be held accountable, but again truth be told, if you're looking for the guilty, you need only look into a mirror. I know why you did it. I know you were afraid. Who wouldn't be? War, terror, disease. There were a myriad of problems which conspired to corrupt your reason and rob you of your common sense. Fear got the best of you, and in your panic you turned to the now high chancellor, Adam Sutler. He promised you order, he promised you peace, and all he demanded in return was your silent, obedient consent. Last night I sought to end that silence. Last night I destroyed the Old Bailey, to remind this country of what it has forgotten. More than four hundred years ago a great citizen wished to embed the fifth of November forever in our memory. His hope was to remind the world that fairness, justice, and freedom are more than words, they are perspectives. So if you've seen nothing, if the crimes of this government remain unknown to you then I would suggest you allow the fifth of November to pass unmarked. But if you see what I see, if you feel as I feel, and if you would seek as I seek, then I ask you to stand beside me one year from tonight, outside the gates of Parliament, and together we shall give them a fifth of November that shall never, ever be forgot. V for Vendetta.