VOGH- VOICE OF GREYHAT| Leading Resource of Cyber-Security & Hacking News

Flamer/Skywiper Stuxnet- Newly Found Cyber-Weapon Discovered By Iran National CERT (MAHER)

2012-05-29T02:30:00.002+05:30

Flamer/Skywiper Stuxnet- Newly Found Cyber-Weapon Discovered by Iran National CERT (MAHER)

After "Duqu" now The Iranian Computer Emergency Response Team (MAHER) claims to have discovered a new targeted Stuxnet attacking the country's internal system. This newly found Stuxnet have been dubbed Flame (also known as Flamer or Skywiper). The name “Flamer” comes from one of the attack modules, located at various places in the decrypted malware code. In fact this malware is a platform which is capable of receiving and installing various modules for different goals. At the time of writing, none of the 43 tested anti viruses could detect any of the malicious components. Nevertheless, a detector was created by Maher center and delivered to selected organizations and companies in first days of May.

Key Features of “Flamer” :-

Distribution via removable medias

Distribution through local networks

Network sniffing, detecting network resources and collecting lists of vulnerable passwords

Scanning the disk of infected system looking for specific extensions and contents

Creating series of user’s screen captures when some specific processes or windows are active

Using the infected system’s attached microphone to record the environment sounds

Transferring saved data to control servers

Using more than 10 domains as C&C servers

Establishment of secure connection with C&C servers through SSH and HTTPS protocols

Bypassing tens of known antiviruses, anti malware and other security software

Capable of infecting Windows Xp, Vista and 7 operating systems

Infecting large scale local networks

For additional information about "Flamer" click Here

Personal Information of 123,000 US Government Employees Stolen

2012-05-29T02:30:00.001+05:30

Personal Information of 123,000 US Government Employees Stolen

Personal information of over 123,000 federal employees have been exposed after a cyber attack in last July. The cyberattack occurred against a Thrift Savings Plan (TSP) contractor, Serco Inc. The FBI notified both Serco and the TSP last month about the attack. According to the Guardian has called Serco "probably the biggest company you have never heard of." It's on the FTSE 100 (Big!), has 100,000 employees and operates everything from railways in the UK and Australia to driver licensing in Ontario, Canada to retirement accounts for US government employees, members of the armed forces and US Postal Service workers. Perhaps taking advantage of the holiday weekend in the United States, Serco announced this morning that hackers had compromised systems at its Thrift Savings Plan (TSP) operation.

After extensive forensic investigation it was determined that 43,000 members' names, addresses and Social Security Numbers had been accessed by the intruders, and the Social Security Numbers of another 80,000 may have been involved.

"Serco regrets this incident and the inconvenience it may cause to some Thrift Savings Plan participants and payees whose personal data was involved," said Serco Chairman and CEO Ed Casey in the statement. "We have fortified our information security measures and cyber defenses."

Further information has been published that shows the original intrusion into Serco's system occurred in July 2011. Information that was accessed has been available to criminals for nearly a year before Serco was notified by the FBI.

-Source (FOX News & NS)

Administrative Password Reset Vulnerability Found in Seagate BlackArmor NAS

2012-05-29T02:30:00.000+05:30

Administrative Password Reset Vulnerability Found in Seagate BlackArmor NAS

Security experts have revealed that the Seagate BlackArmor network attached storage device (NAS server) contains a static administrator password reset vulnerability by anyone with access to it and a particular URL. The BlackArmor range of network-attached storage devices is aimed at small businesses and offers storage and backup options from Windows PCs and Mac OS X systems, ranging from 1TB to 12TB of hard disk media. According to an exclusive report of US-CERT A remote unauthenticated attacker with access to the device's management web server can directly access the webpage, http://DevicesIpAddress/d41d8cd98f00b204e9800998ecf8427e.php and reset the administrator password.

Seagate has been notified, but no fix has yet been made available. Also there is no current solution to the problem and US-CERT are only advising that network access to BlackArmor devices' web interface should be restricted. For additional information click here.

KickAss Torrents Facing a Total Blackout in Italy

2012-05-27T22:14:00.002+05:30

KickAss Torrents Facing a Total Blackout in Italy

After Pirate bay now another widely preferred BitTorrent website on the Internet - KickAss Torrents , is facing a total blackout in Italy. Following an investigation by the country’s cybercrime police, an ISP blocking order has now been granted against a site which authorities say is run by criminals generating millions of dollars. FIMI boss Enzo Mazza confirmed to TorrentFreak that both the old and new domains and IP-addresses will be blocked, and added the following message - “The investigation into the criminal organization behind the site is still making progress and the public prosecutor is in touch with the authorities in the countries involved in the case. The case is followed by the Fiscal police who are usually investigating Italian mafia bosses. This means they are well equipped to take the members of the KAT gang to justice.”

In an exclusive report Torrentfreak said - KickAss Torrents has been founded just three years ago in 2009, KickAssTorrents has shown that it’s serious about becoming a leading torrent site player. Of course, that has its drawbacks too. The site’s increasing profile has caused it to appear in numerous MPAA, RIAA and government reports, in the US and elsewhere. News today reveals that the authorities in Italy have been watching the site for some time.

According to a report coming out of the police department with responsibilities for tackling cybercrime, KickAssTorrents will soon be subjected to a nationwide ISP blockade. Translated as “Financial Guard”, the Guardia di Finanza (GdF) is a department under Italy’s Minister of Economy and Finance. Part of the Italian Armed Forces, GdF has in recent years been involved in many file-sharing investigations, most recently against KickAssTorrents.

Operation ‘Last Paradise’ has just concluded with the public prosecutor of the Sardinian capital Cagliari granting an “order of inhibition” which requires the country’s ISPs to cease providing access to the site. Similar orders were previously granted against The Pirate Bay and the now-defunct BTjunkie. “This is another memorable dark day for digital piracy in Italy. After starting with The Pirate Bay in 2008 and the final closing of the doors at BTjunkie in February 2012, the Guardia di Finanza has targeted another super-pirate platform, virtually located in the Philippines and servers scattered around the world,” GdF said in a statement.

“This colossal site of 10 million active torrents receives over 3 million visits daily from all over the world and Italy was the third most popular country of origin for users behind only India and the USA.” GdF adds that by their estimates, KickAssTorrents generates $8.5 million per year from advertising and other revenue.

“This international platform has long been targeted by U.S. authorities as one of the worst sites for the illegal distribution of music,” said Enzo Mazza, chief of FIMI, Italy’s answer to the RIAA. “The intervention of the Italian authorities was very important, especially for the protection of legal music in Italy, which now represents 30% of the market. Platforms such as The Pirate Bay, BTjunkie and KickAssTorrents are run by criminal organizations that make millions from advertising.” Responding to the news, Italian lawyer Giovanni Battista Gallus told TorrentFreak that unlike The Pirate Bay blockade, there is no “proper” court order for the current blockade. This also happened with the BTjunkie block earlier, which was handled by the same prosecutor. “In this case the order has been issued only by the public prosecutor, without any judicial intervention,” he said. “I have serious doubts whether this is appropriate under Italian criminal procedure law, and I’m very curious to see the outcome of an appeal against this order.”

The extent of the forthcoming blockade isn’t clear from the information currently being released. However, the GdF statement specifically mentions kickasstorrents.com, a domain the site left behind when it switched to Kat.ph in April 2011.

Bredolab Botnet Author -Georgiy Avanesov Received 4 Years Imprisonment

2012-05-27T22:14:00.001+05:30

Bredolab Botnet Author -Georgiy Avanesov Received 4 Years Imprisonment

Georgiy Avanesov, a 27-year-old Russian man, the creator of the Bredolab botnet received a four-year imprisonment by Armenian court. In October 2010, Dutch investigators were able to take control of the Bredolab botnet's 143 command & control servers and take them offline. The Dutch law enforcement authorities worked with security specialist Fox IT to track down Avanesov, which eventually led to his arrest at an airport in the Armenian capital of Yerevan. At the time it was running, the Bredolab trojan was estimated to have infected more than 30 million Windows PCs around the world and was capable of infecting three million new PCs a month through infected emails.

Avanesov was found guilty of computer sabotage, started operating the botnet in 2009 and used it for distributed denial-of-service (DDoS) attacks and for sending over 3.6 billion spam email messages per day. The BBC estimates that Avanesov earned approximately €100,000 (£80,000) per month with Bredolab, also known as Oficla.

Security Breach Australia's Largest Telecom "TELSTRA" Forces 35K Users To Change Password

2012-05-27T22:14:00.000+05:30

Security Breach Australia's Largest Telecom "TELSTRA" Forces 35K Users To Change Password

TELSTRA, Australia's largest telecommunication company has been forced to change 35,000 users' passwords on its gaming websites GameArena and Games Shop after a hacking attack. A statement issued by Telstra on Thursday morning warned that information such as user names, email addresses and passwords may have been stolen.

"We have reset the passwords of GameArena and Games Shop customers, after the sites were victims of a hacking attack," the statement said. "While your password for access to the site has been changed, and the new password has been emailed to you, we encourage you to change it at any other site where you might have used the same password." No financial or credit card details were kept on the sites. Telstra said the site is operated by a third party, so other Telstra customers should not be affected. "We will contact affected customers, with their new password, as soon as possible," Telstra added.

In 2011 we have seen similar attacks when cyber criminals targeted MapleStory Players & Stolen personal details of 13 million players, same things happened to Square Enix server hacked which leads more than 1.8 million accounts compromised.

WikiLeaks Launched Wlfriends.org - New Encrypted Social Network

2012-05-25T15:45:00.001+05:30

WikiLeaks Launched Wlfriends.org - New Encrypted Social Network

WikiLeaks Twitter feed announced on 20 May 2012 that the WL Friends/Friends of WikiLeaks (FoWL) network is ready to launch an 'encrypted Facebook' as the whistleblowing website claims that Facebook sells users' information to governments. Wikileaks also criticize Facebook recently came out in support of CISPA, a proposed US law that infringes on privacy and freedom of speech. So WL claimed that from now onwards Facebook cannot be trusted any more.

In the press release WL said- "FoWL is currently in its beta stage. This means that people from all over the world are registering to be part of this network to support WikiLeaks. For some time, nothing else will happen - we need the network to be of a certain size before we can start introducing you to candidate friends. Registering now will allow you to be a part of the network before the beta stage network gets full. As soon as we are ready to give you some candidate friends we will let you know."

One WikiLeaks tweet noted that "Facebook sells your information to governments, is lauded by MSM. WikiLeaks gives government information to you for free and we're terrorists". Following this statement, WikiLeaks tweeted a dozen reasons why this new site is better than Facebook.

Reasons:-

WL Friends introduces you to people you want to know, but don't know yet. Facebook connects you to people you already know - no point.
Facebook is a mass surveillance tool. You put your friends into it, you betray your friends. Do friends betray friends? WL Friends doesn't know your friends. It introduces you to new friends.
Facebook records everything you do, hands it over to the US government and corporations. WL Friends doesn't.
WL Friends keeps your data so encrypted, not even the system admins can decrypt it. You and your friends decrypt on login automatically.
WL Friends uses military grade cryptography and the best industry standards (OpenPGP + Elliptic Curves).
WL Friends even uses homomorphic encryption for certain operations so WL Friends doesn't even know how many friends you have.
The more you use WL Friends, the less you use WL Friends. WL Friends is designed to build, not control, a robust network of shared value.
WL Friends is designed for more than just WikiLeaks. It is a general solution to build a robust support network under hostile conditions.
Friends of Israel, Friends of Palestine, Friends of the Tea Party, Friends of Catholicism are all possible with WL Friends.
WL Friends is designed to make infiltration costly. No person can be seen to be more important than any other or individually targeted.
WL Friends builds a strong support network instantly for any shared belief by connecting supporters in a way that maximizes communication.
As time goes by the WL Friends network for any shared belief is designed to mathematically grow stronger and stronger.

-Source (WL Central, Wikileaks)

Selena Gomez Facebook Hacker Sentenced To One Year in Prison

2012-05-25T15:45:00.000+05:30

Selena Gomez Facebook Hacker Sentenced To One Year in Prison

A British hacker has been sentenced to one year in prison after he admitted to hacking singer-actress Selena Gomez's Facebook account and illegally accessing the emails. According to the London's Metropolitan Police - Gareth Crosskey, 21, was jailed on Wednesday for an incident in January 2011, when he hacked into an unnamed American's Facebook profile.

Crosskey was arrested at his home in West Sussex, a coastal county in south of London. Law-enforcement agents removed computers and other storage devices from his home during the raid. A YouTube video detailing the account takeover was allegedly posted by Crosskey, using the hacker handle "PkinJ0r." The video shows someone gaining control of Gomez's Facebook page and entering text into various fields.

However, none of the new information is saved, and the maker of the video writes in one field as he films, "I won't actually be posting anything ... Due to it's her page and I'm not that much of a [jerk]."

The video maker made one telling error, which may have led to Crosskey's arrest.

Following the breach, which was reported to the FBI, Crosskey was released on bail. The FBI traced Crosskey's Facebook hack to the U.K, and on Feb. 29, he was brought back to court, where he pleaded guilty to two counts of illegally accessing data, both violations of the Computer Misuse Act.

British police stressed that Crosskey's jail term should serve as a warning that authorities will take swift action, and levy strong penalties, against anyone who follows in his footsteps.

We would like to give you reminder that this year Young Pop Star & Gomez's husband Justin Bieber's twitter account also get compromised

-Source (msnbc & msn)

WHMCS Forum Get Hacked & Defaced By 1337 (Pakistani Hacker)

2012-05-23T18:31:00.001+05:30

WHMCS Forum Get Hacked & Defaced By 1337 (Pakistani Hacker)

WHMCS, the popular client management billing platform used by a number of web hosting providers faced the wrath of hackers on Monday. After facing website downtime, WHMCS Developer Matt confirmed the breach via the company’s forums late last night. A Pakistani hacker code named "1337" managed to get access on the server and defaced the index page of WHMCS forum. As expected the hacker has also created a deface mirror on Zone-H. But the authority completely deny that they have security hole on the server. WHMCS laid the blame on what it referred to as a “social engineering attack.” WHMCS has handed over the investigation to the FBI.

It has also been reported that the official site of WHMCS had been facing denial of service attack since last few days. Operation was carried out by hacking group UGNazi and succeeded in leaking data pertaining to 500 thousand user accounts. Another report from stated that the data totaled 1.7 gigabytes. Earlier this Pakistani hacker was responsible for the hack of world's largest warez forum.

Chicago Police Department Website Under Attack From AntiS3curityOPS (#Anonymous)

2012-05-23T18:31:00.000+05:30

Chicago Police Department Website Under Attack From AntiS3curityOPS (#Anonymous)

A hackers collective group named "AntiS3curityOPS" associated with hacktivist Anonymous claims to have taken down Chicago's police department website. As of about 11:10 a.m., the Chicago Police Department website, cityofchicago.org/police, was down along with Chicago's city website, cityofchicago.org . The sites were back up just before 1 p.m. Chicago Police News Affairs said they weren't aware the sites weren't working as usual, but Supt. Garry McCarthy confirmed to reporters at noon the sites were indeed down. Chicago's Office of Emergency Management site, hosted on the city of Chicago site, also would not load and shortly after also went down. Officials say they continue to investigate.

In the video statement posted online, the group AntiS3curityOPS claimed they are "actively engaged in actions against the Chicago Police Department." Earlier we have seen similar attack when Anon members targeted websites of several Police organizations like Salt Lake City Police Dept, Los Angeles Police Department, International Association of Chief of Police & so on.

-Source (NBC Chicago)

Nmap 6 Released With Full IPv6 Support, Better Web Scanning & 289 New Scripts

2012-05-22T22:34:00.001+05:30

Nmap 6 Released With Full IPv6 Support, Better Web Scanning & 289 New Scripts

Earlier we have discussed several times about Nmap. Now the Nmap Project is pleased to announce the immediate, free availability of the Nmap Security Scanner version 6.00. According to the project release - this product of almost three years of work, 3,924 code commits, and more than a dozen point releases since the big Nmap 5 release in July 2009. Nmap 6 includes a more powerful Nmap Scripting Engine, 289 new scripts, better web scanning, full IPv6 support, the Nping packet prober, faster scans, and much more.

Top 6 improvements in Nmap 6:-

1. NSE Enhanced: The Nmap Scripting Engine (NSE) has exploded in popularity and capabilities. This modular system allows users to automate a wide variety of networking tasks, from querying network applications for configuration information to vulnerability detection and advanced host discovery. The script count has grown from 59 in Nmap 5 to 348 in Nmap 6, and all of them are documented and categorized in our NSE Documentation Portal. The underlying NSE infrastructure has improved dramatically as well.
2. Better Web Scanning: As the Internet has grown more web-centric, Nmap has developed web scanning capabilities to keep pace. When Nmap was first released in 1997, most of the network services offered by a server listened on individual TCP or UDP ports and could be found with a simple port scan. Now, applications are just as commonly accessed via URL path instead, all sharing a web server listening on a single port. Nmap now includes many techniques for enumerating those applications, as well as performing a wide variety of other HTTP tasks, from web site spidering to brute force authentication cracking. Technologies such as SSL encryption, HTTP pipelining, and caching mechanisms are well supported.
3. Full IPv6 Support: Given the exhaustion of available IPv4 addresses, the Internet community is trying to move to IPv6. Nmap has been a leader in the transition, offering basic IPv6 support since 2002. But basic support isn't enough, so we spent many months ensuring that Nmap version 6 contains full support for IP version 6. And we released it just in time for the World IPv6 Launch. We've created a new IPv6 OS detection system, advanced host discovery, raw-packet IPv6 port scanning, and many NSE scripts for IPv6-related protocols. It's easy to use too—just specify the -6 argument along with IPv6 target IP addresses or DNS records. In addition, all of our web sites are now accessible via IPv6. For example, Nmap.org can be found at 2600:3c01::f03c:91ff:fe96:967c.
4. New Nping Tool: The newest member of the Nmap suite of networking and security tools is Nping, an open source tool for network packet generation, response analysis and response time measurement. Nping can generate network packets for a wide range of protocols, allowing full control over protocol headers. While Nping can be used as a simple ping utility to detect active hosts, it can also be used as a raw packet generator for network stack stress testing, ARP poisoning, Denial of Service attacks, route tracing, etc. Nping's novel echo mode lets users see how packets change in transit between the source and destination hosts. That's a great way to understand firewall rules, detect packet corruption, and more.
5. Better Zenmap GUI & results viewer: While Nmap started out as a command-line tool and many (possibly most) users still use it that way, we've also developed an enhanced GUI and results viewer named Zenmap. One addition since Nmap 5 is a “filter hosts” feature which allows you to see only the hosts which match your criteria (e.g. Linux boxes, hosts running Apache, etc.) We've also localized the GUI to support five languages besides English. A new script selection interface helps you find and execute Nmap NSE scripts. It even tells you what arguments each script supports.
6. Faster scans: In Nmap's 15-year history, performance has always been a top priority. Whether scanning one target or a million, users want scans to run as fast as possible without sacrificing accuracy. Since Nmap 5 we've rewritten the traceroute system for higher performance and increased the allowed parallelism of the Nmap Scripting Engine and version detection subsystems. We also performed an intense memory audit which reduced peak consumption during our benchmark scan by 90%. We made many improvements to Zenmap data structures and algorithms as well so that it can now handle large enterprise scans with ease.

For detailed information click here. And to download Nmap 6 for Windows, Linux and many UNIX platforms (Solaris, Free/Net/OpenBSD, etc.) included Zenmap, the GUI frontend Click Here

The White House Hires Michael Daniel As New Cyber Security Chief

2012-05-22T22:34:00.000+05:30

The White House Hires Michael Daniel As New Cyber Security Chief

The White House announced that they have picked a new cyber-security officer amid furious debate between the White House and both chambers of Congress around the future of American cyber defence.

Michael Daniel, a longtime member of the Office of Management and Budget’s national security squad, will fill the gap left by Howard Schmidt, who announced his departure earlier this week. Daniel has been working with securities issues for 10 years and watched over multiple Defense Department programs, as well as the budgets for the federal government’s various cybersecurity programs. He has been involved with “virtually every major issue affecting the Intelligence Community,” according to a White House statement.

“I am very honored to be asked to take on such an important role, especially at a time when cybersecurity issues are so prominent,” said Daniel in a statement.

What does that mean for the future of the cyber security issue? Probably that we can expect his knowledge of the intelligence community to play a part in not just tracking down hackers, but determining the lines that need to be crossed with future SOPA-like bills. So while this sounds like a relatively nondescript appointment, Daniel will almost definitely be a major player the next time someone comes for your internet.

-Source (Mashable, Gizmodo)

Supreme Court & Congress Both Denied Anonymous Attack

2012-05-21T00:13:00.001+05:30

Supreme Court & Congress Both Denied Anonymous Attack

We all are aware of Anonymous movement regarding the decision of Indian govt for controlling internet content. Immediately after this step, few unnamed hacker claiming to be a part of hacker collective Anonymous engaged cyber attack on India's cyber fence. Supreme Court of India & All India Congress became the victim of that attack. Even one of the legitimate twitter resource of Anonymous said :- "Namaste #India, your time has come to trash the current government and install a new one. Good luck." After this tweet we have seen Supreme Court & Congress website faced denial of service attack which interrupts the service for a certain time. Hacker group Anonymous is believed to have attacked the websites in response to the Centre blocking torrent portal Pirate Bay and video-sharing Vimeo. The group is said to have launched “MT Operation India” to protest the government's censorship plan.

This is not the first time earlier in 2011 hackers from Pakistan have hacked the official website of All India Congress. Also in an attack another Pak Hacker named KhantastiC haXor penetrated the official site of Indian Congress and defaced the Profile page of Party President Sonia Gandhi.

But this time both Supreme Court & Congress completely denies the cyber attack. Congress party's computer department chief Vishwajeet Prithvijeet Singh said- “The site is not hacked at all. It was not opening for sometime because the load on the particular server was too heavy due to huge number of hits after the news of website hacking spread. It went slow at that time due to over-traffic.”

Linux Mint 13 “Maya” RC Released, Available in Two Editions -MATE & Cinnamon

2012-05-21T00:13:00.000+05:30

Linux Mint 13 “Maya” RC Released, Available in Two Editions- MATE & Cinnamon

After Linux Mint 12 - Lisa now the the developer team of Linux Mint officially declared the availability of a release candidate (RC) of Linux Mint version 13 codenamed "Maya". Linux Mint 13 features the choice between a productive, stable and mature MATE 1.2 desktop and the brand new modern-looking and exciting Cinnamon 1.4. These two desktops are among the best available, they’re perfectly integrated within Linux Mint and represent great alternatives to Gnome 2 users. Linux Mint 13 is also an LTS (Long Term Support) release and it will be supported until April 2017. For detailed information & complete overviewclick here.

New Features:-

Basically Linux Mint 13 is available into two editions, one is MATE and the second one is Cinnamon. To download Mint 13 "Maya" click Here.

Researcher.ibm.com (IBM Research) Hacked By KHS

2012-05-19T18:48:00.000+05:30

Researcher.ibm.com (IBM Research) Hacked By KHS

After successful execution of Operation Greek, now the hacker collective group dubbed Kosova Hacker Security or in other word KHS targeted IT giant & multinational technology and consulting corporation IBM. In this attack KHS successfully hacked into the official site of IBM Researcher. In their statement hacker group said that IBM had a SQL-i & remote code execution vulnerability, which lead them access on its server. According the KHS spokesman another hacker group named Teamgreyhat figure out this vulnerability which allow KHS to breach the server and deface index page. As expected the hacker group also created a deface mirror on Zone-H. As per the resources, IBM authority immediately patch the security hole and restore the site to its normal format. Earlier this hacker hacker group take lead role in many cyber attack on Ukraine, Israel, Hotmail and many more.

Anonymous Bring Down The Information Commissioner’s Office (ICO)

2012-05-19T01:06:00.001+05:30

Anonymous Bring Down The Information Commissioner’s Office (ICO) Official Site

Hacktivist group Anonymous continuing massive denial of service of attack on the data protection watchdog's website. The tweets, which were published by the @UKAnonymous2012 account, claim the attack is part of a protest by the group at the handling of the Leveson Inquiry. Incidentally, the Leveson Inquiry’s website has also been the target of DDoS attacks by Anonymous this week.

The Information Commissioner’s Office (ICO) has confirmed that it’s still dealing with the fallout from a suspected Distributed Denial of Service (DDoS) attack on its website.In a statement sent to IT Pro, the data watchdog said access to the site has been disrupted over the last several days because of the attack. “The website itself has not been damaged, but people have been unable to access it. We provide a public facing website which contains no sensitive information,” the statement said. “We regret this disruption to our service and we are working to bring the website back online as soon as possible.”

Like ICO couple of weeks ago we have seen similar attack on the official website of UK's Serious Organised Crime Agency (SOCA) that time also the experts suspected that Anonymous was behind the attack and the reason of that hack was to protest Supreme Court's decession on blocking The Pirate Bay in UK.

-Source (IT Pro)

Ophcrack LiveCD 3.4.0 Released (Free Windows Password Cracker)

2012-05-19T01:06:00.000+05:30

Ophcrack LiveCD 3.4.0 Released (Free Windows Password Cracker)

After the release Ophcrack 3.4.0 both Windows & Linux installer now the developer at Ophcrack has released the new LiveCD includes the latest version of Ophcrack 3.4.0. This edition of Ophcrack is built on Slitaz 4.0, the latest version of this great LiveCD. Christophe Lincoln from Slitaz helped us to enhance the scripts for partitions and tables detection. A new ncurses interface is also available to help users look for tables on other drives or interact with ophcrack.

Finally a LiveCD without tables has been released as well for users that already downloaded or bought tables. The directory containing the table files must be placed inside another directory called tables in order for ophcrack to find them automatically.

Features:-

Runs on Windows, Linux/Unix, Mac OS X, ...

Cracks LM and NTLM hashes.

Free tables available for Windows XP and Vista/7.

Brute-force module for simple passwords.

Audit mode and CSV export.

Real-time graphs to analyze the passwords.

LiveCD available to simplify the cracking.

Dumps and loads hashes from encrypted SAM recovered from a Windows partition.

Free and open source software (GPL).

To Download Ophcrack 3.4.0 Live CD Click Here.

Pirate Bay & WikiLeaks Goes Offline After Prolonged Denial of Service Attack

2012-05-18T01:34:00.000+05:30

Pirate Bay & WikiLeaks Goes Offline After Prolonged Denial of Service Attack

Most popular and controversial file sharing site "The Pirate Bay" faced a prolonged distributed denial of service which interrupts the service. In their official Facebook page confirmed the attack. DDoS attack left the site largely inaccessible for the last 24 hours, with only intermittent service in the UK. The Pirate Bay took to its Facebook page to confirm the attack, saying that it did not know who was behind it, although it ‘had its suspicions’. There had initially been speculation that the attack on The Pirate Bay was initiated as an act of revenge by the Anonymous hacker collective after members of The Pirate Bay criticised Anonymous for organizing DDoS attacks on UK internet service provider (ISP) Virgin Media for blocking access to The Pirate Bay. The Pirate Bay has said, however, that Anonymous is not to blame for the attack on its site.

Meanwhile, a former Anonymous member by the name of AnonNyre has claimed responsibility for DDoSing the Pirate Bay site. There is no evidence though to confirm that AnonNyre was actually behind the attacks.

Not only TPB, but also Wikileaks official website faced massive distributed denial of service attack which hampers the site for 72 long hours. According to official twitter of Wikileaks "WikiLeaks has been under sustained DDOS attacks over the last 72 hours..."

This not the first time, before this Wikileaks have faced cyber attack and an Anonymous member took responsibility of that Attack on Wikileaks website. That time the attacker executed a massive Denial of Service while using newly developed tool #refref. In an exlusive report by Corero Network Security said the attack on Wikileaks site was one of the largest DDoS attack ever took place in 2011. But still it is not clear if there is any connection between the two incidents.

Ministry of Finance Zimbabwe & Nigerian Airspace Management Agency Hacked

2012-05-17T23:14:00.000+05:30

Ministry of Finance Zimbabwe & Nigerian Airspace Management Agency Hacked

After Operation Uganda now Rwandan Hackers have targeted two high profile websites. One is the official website of Ministry of Finance Zimbabwe and another is the website of Nigerian Airspace Management Agency. This attack is dubbed Operation Zimbabwe (#OpZimbabwe). In their blog the hacker group claimed that ht main object of this operation was to fight against the rising corruption in Zimbabwe & Nigeria. The hack is divided into two pastebin notes(1, 2) where the hacker has exposed several credentials including server details, database information, user details, administrator credentials and so on.

Debian GNU/Linux 6.0.5 Released

2012-05-17T21:04:00.000+05:30

Debian GNU/Linux 6.0.5 Released

Developers at Debian project is pleased to announce the fifth update of its stable distribution Debian 6.0 codenamed squeeze. According to the project release this update mainly adds corrections for security problems to the stable release, along with a few adjustments for serious problems. Security advisories were already published separately and are referenced where available. If you have Debian 6.0.x already installed, it is not necessary to reinstall, you only need to install all the latest updates from your nearest mirror site.

What's new in Debian GNU/Linux 6.0.2:-

aide Properly support large files on 32-bit systems; fix group for bind9 log files

approx Don't try caching InRelease or non-.gz compressed files

apr Fix apr_ino_t changing size depending on -D_FILE_OFFSET_BITS on kfreebsd-*

apt Fix file size calculation on big-endian arches; don't prompt for CD re-insertion on "apt-get update"; add XZ support

apt-listchanges Correctly handle NEWS files containing only one entry

base-files Update /etc/debian_version

clive Adapt for liveleak.com changes

dbus Fix local DoS for system services (CVE-2011-2200)

deborphan Exclude libreoffice from --guess-section output; trap WINCH in a POSIX way; minor translation fixes

dokuwiki Fix an ACL bypass issue in the XMLRPC interface

dpkg Fix regression in 'dpkg-divert --rename'; dpkg-split: don't corrupt metadata on 32-bit systems; fix vsnprintf() compat declaration

e2fsprogs Various bug fixes

fakechroot Fix 'debootstrap --variant=fakechroot'

fcgiwrap Fix init script's 'stop' target

gdm3 Reset SIGPIPE handler before starting the session; execute the PostSession script even when GDM is killed or shut down

git Allow remove and purge in one step by terminating the git-daemon/log service before removing the gitlog user

gnome-settings-daemon Work around possible race condition when starting Xsettings manager

ia32-libs Refresh packages from stable and proposed-updates.

iceowl Security updates

im-config Avoid breaking login via GDM if im-config is removed but not purged

inn Stop using 'sort +1n' in makehistory; disable outdated CHECK_INCLUDED_TEXT option by default

josm Give more verbose explanation to users who haven't agreed to the new OSM license

kde4libs Wildcard SSL certificate and XSS security fixes; ktar checksum and UTF-8 longlink fixes

kdenetwork Improve fix for CVE-2010-1000 directory traversal issue

kernel-wedge Add hpsa and pm8001 to scsi-extra-modules; add bna to nic-extra-modules

kerneltop Increase line buffer size to 1024 bytes

klibc ipconfig: escape DHCP options and correctly handle multiple connected network devices (CVE-2011-1930)

krb5 Fix DoS; fix interoperability with w2k8r2 KDCs; fix invalid free and double free; don't make authentication fail if PAC verification fails

kupfer Use correct parameter type to allow keybindings to work again

libapache2-mod-perl2 Rebuild against apr 1.4.2-6+squeeze3 to pick up apr_ino_t size fix on kFreeBSD

libburn Don't create images with overly-restrictive permissions

libfinance-quotehist-perl Disable test suite, broken by website changes

libmms Fix alignment issues on arm

linux-2.6 New hardware support; add longterm 2.6.32.41; fix oops via corrupted partition tables

linux-kernel-di-amd64-2.6 Rebuild against kernel-wedge 2.74+squeeze3

linux-kernel-di-armel-2.6 Rebuild against kernel-wedge 2.74+squeeze3

linux-kernel-di-i386-2.6 Rebuild against kernel-wedge 2.74+squeeze3

linux-kernel-di-ia64-2.6 Rebuild against kernel-wedge 2.74+squeeze3

linux-kernel-di-mips-2.6 Rebuild against kernel-wedge 2.74+squeeze3

linux-kernel-di-mipsel-2.6 Rebuild against kernel-wedge 2.74+squeeze3

linux-kernel-di-powerpc-2.6 Rebuild against kernel-wedge 2.74+squeeze3

linux-kernel-di-s390-2.6 Rebuild against kernel-wedge 2.74+squeeze3

linux-kernel-di-sparc-2.6 Rebuild against kernel-wedge 2.74+squeeze3

lua-expat Fix the 'billion laughs' DoS attack

monkeysphere Fix monkeysphere-host revoke-key

nagios-plugins Allocate a big enough buffer to handle all IPs of hosts being pinged

nsd3 Remove statoverride before removing the package's user

openldap Fix possible database corruption issues, several security issues and dpkg-reconfigure

php-svn Rebuild against apr 1.4.2-6+squeeze3 to pick up apr_ino_t size fix on kFreeBSD

php5 Rebuild against apr 1.4.2-6+squeeze3 to pick up apr_ino_t size fix on kFreeBSD

pianobar Update API keys for XMLRPC v30

postgresql-8.4 New upstream bugfix release; fix pg_upgrade use with TOAST tables

prosody Fix the 'billion laughs' DoS attack

puppet Fix service provider to properly use update-rc.d disable API

python-apt Strip multiarch by default in RealParseDepends; add XZ support

python-gudev Add missing dependency on python-gobject

q4wine Stop shipping the library in lib64

qemu Don't register qemu-mips(el) with binfmt on mips(el)

qemu-kvm Fix division by 0 with some guests; fix vnc zlib overflow; don't abort on user hardware errors; fix migration on 32-bit

qt4-x11 Blacklist some fraudulent SSL certificates; fix weakness in wildcard certificate verification

rapidsvn Rebuild against apr 1.4.2-6+squeeze3 to pick up apr_ino_t size fix on kFreeBSD

refpolicy Various permissions fixes

reprepro Handle Release files which don't contain md5sums

ruby1.8 Fix upgrades from lenny by making libruby1.8 conflict/replace irb1.8 and rdoc1.8

samba Fix undefined symbol error from tdb2.so; several printing related bugs and a gid leak in winbind / idmap. Document the new and potentially disruptive 'map untrusted to domain'

schroot Fix loading of dchroot.conf

softhsm Remove statoverride entries before the package's user

sun-java6 New upstream security update

tzdata New upstream version

vimperator Resolve compatibility issues with iceweasel

widelands Fix potential security issue in Internet games

xenomai Adapt kernel patch to apply cleanly to squeeze's kernel

xserver-xorg-video-tseng Fix driver initialisation

To Download Debian 6.0 codenamed "squeeze" Click Here

-Source (Softpedia, Debian Project)

National Radio Astronomy Observatory (NRAO) Hacked By Xception Code

2012-05-16T15:05:00.000+05:30

National Radio Astronomy Observatory (NRAO) Hacked By Xception Code, Database Exposed

Official website of NRAO - National Radio Astronomy Observatory faced cyber attack, and Indian hacker code named "Xception Code" took responsibility of the attack. NRAO is a Federally Funded Research and Development Center of the United States National Science Foundation operated under cooperative agreement by Associated Universities, Inc for the purpose of radio astronomy. NRAO designs, builds, and operates its own high sensitivity radio telescopes for use by scientists around the world.

Normally we are habituated to see that when ever a hacker get access on a server either he defaced the websites hosted there or else some times breach the database and expose credentials. Here the hacker has managed to hack into the database of NRAO and exposed several details of the server, application installed on the server, database details such as tables, columns, full name, email-id, user name and so on. Xception Code also claimed to have the administrator passwords and login details but for some reason he did not make those public. What ever all the hacked credentials can be found on a pastebin release.

Four LulzSec Hackers Appeared In Court Together For The First Time

2012-05-14T15:48:00.002+05:30

Four LulzSec Hackers Appeared In Court Together For The First Time

For the first time the four men, Ryan Ackroyd, 25, Ryan Cleary, 20, Jake Davis, 19 and a 17-year-old male who could not be named appeared in Court together. They are charged with taking part in cyber attacks under hacking group LulzSec, an offshoot of Anonymous, appeared in court Friday afternoon, appearing side-by-side for first time before a judge. British prosecutors allege that the quartet last engaged with one another under the guises of online pseudonyms to wreak havoc on the web. These LulzSec key members are accused of accessing computers operated by News Corp. (NWSA) (NWSA)’s Twentieth Century Fox, Sony Corp. (6758), the U.K.’s National Health Service, the Arizona State Police, and technology-security company HBGary Inc.

Four of the eight counts listed in the updated British indictment today, were levelled solely on 20-year-old Cleary. He is accused of supplying a botnet — or a network of thousands of infected computers that can be used to paralyze websites — to others, and operating one himself to attack the website of DreamHost, a web hosting company. He is also accused of “installing and/or altering computer programs” on computers at the Pentagon controlled by the U.S. Air Force, between May 1 and June 22, 2011.

Cleary was the only one of the four defendants who was still in police custody. He was arrested on March 6 of this year — the same day Hector “Sabu” Monsegur was unveiled as an informant — for breaching his bail conditions.

According to the new indictment, the four men also targeted denial of service attacks against: Westboro Baptist Church, which has staged anti-homosexual demonstrations at military funerals; the online role-playing game Eve Online; the U.S. Central Intelligence Agency; and Britain’s Serious Organised Crime Agency.

-Source (Forbes)

Security Bulletin for Photoshop, Adobe Recommended to Buy CS6 To Addresses Those Vulnerabilities

2012-05-14T15:48:00.001+05:30

Security Bulletin for Photoshop, Adobe Recommended to Buy CS6 To Addresses Those Vulnerabilities

It seems Adobe remained very busy while issuing security updates in their products. Few days ago Adobe closed a newly found Zero-day hole in its popular Flash Player program. Now it comes the time for Photoshop, Adobe released a security upgrade for Adobe Photoshop CS5 and earlier for Windows and Macintosh. This upgrade addresses vulnerabilities that could allow an attacker who successfully exploits these vulnerabilities to take control of the affected system. In the case of the Windows and Mac versions of Adobe Photoshop, a vulnerability exists in version CS5 and earlier that could be exploited by a malicious attacker who tricks you into opening a boobytrapped .TIF file in order to take control of your computer.

Adobe has released Adobe Photoshop CS6 (paid upgrade), which addresses these vulnerabilities. This upgrade resolves a use-after-free TIFF vulnerability that could lead to code execution (CVE-2012-2027, Bugtraq ID 52634, which references: www.securityfocus.com/bid/52634/).

Bing Goes Social in Search, Added Search for Facebook, Twitter & More

2012-05-14T15:48:00.000+05:30

Bing Goes Social in Search, Added Search for Facebook, Twitter & More

Microsoft's recent movement to boost Bing's social networking feaures could finally give the company an opportunity to truly take on Google's dominant search engine. The updated Bing search engine, which was unveiled on Thursday, can now include the user comments, likes and activities posted in popular social networks like Facebook and Twitter. Bing's new interface, which is expected to move from a private to a public beta test period soon, offers users a sidebar that focuses on people in the user's social networks and their opinions and search queries, Microsoft said. The social sidebar also is designed to let users ask their friends questions about their query topic, and those friends can respond either through Bing or Facebook, Microsoft added.

Since Microsoft first launched Bing in the summer of 2009, the company faced a daunting task in taking on Google's dominant search engine. And Google has remained dominant. Despite all of Microsoft's efforts, including an upgrade in 2011, Bing simply hasn't been able to take a significant bite out of Google's market share. Now, Microsoft is hoping that its social search capabilities can become the game-changer the company needs in the battle against Google.

-Source (Computer World)

Facebook Said - Please Hack Us & Get Bounty of $500

2012-05-13T00:30:00.000+05:30

Facebook Said - Please Hack Us & Get Bounty of $500

Earlier through Hackers Cup, Facebook has already shown honour to hackers now social networking giant Facebook is directly encouraging hackers to try hacking its security systems to find weaknesses. Those who succeed will receive a reward of US$500 or more and have their name added to a list of helpful hackers.

The hackers have taken part in Facebook's White Hat program. Anyone who finds a way of breaching the site's networks, and owns up, can earn rewards worth thousands of dollars. As well as money, Facebook promises not to land them in trouble with the police & legal harassment if they have complied with the program's golden rules. Already one British hacker has earned more than $2400 from Facebook, and the most prolific White Hat contributors are now given their own Facebook "bug bounty" credit cards. Facebook's chief security officer, Joe Sullivan, says he would much rather the hackers worked with the company, rather than against it. In time, he hopes the hackers will be able to find legitimate ways of expressing themselves within schools and universities. "There is a real lack of practical academic programs for cyber-security not only in the US but also internationally," he said. "Cyber-security is a skill best learned by doing, and unfortunately many of the current academic programs place little emphasis on real-world practical experience such as that gained in competition or via bug-bounty programs.

According to Facebook - "If you're a security researcher, please review our responsible disclosure policy before reporting any vulnerabilities. If you give us a reasonable time to respond to your report before making any information public and make a good faith effort to avoid privacy violations, destruction of data and interruption or degradation of our service during your research, we will not bring any lawsuit against you or ask law enforcement to investigate you."

Eligibility:-
To qualify for a bounty, you must:

Adhere to our Responsible Disclosure Policy:

Be the first person to responsibly disclose the bug

Report a bug that could compromise the integrity of Facebook user data, or circumvent the privacy protections of Facebook user data, such as:

Cross-Site Scripting (XSS)

Cross-Site Request Forgery (CSRF/XSRF)

Remote Code Injection

Broken Authentication (including Facebook OAuth bugs)

Circumvention of our Platform permission model

A bug that allows the viewing of private user data

Reside in a country not under any current U.S. Sanctions (e.g., North Korea, Libya, Cuba, etc.)

Rewards:-

A typical bounty is $500 USD

We may increase the reward for specific bugs

Only 1 bounty per security bug will be awarded

Exclusions:-
The following bugs aren't eligible for a bounty (and we don't recommend testing for these):

Security bugs in third-party applications (e.g., http://apps.facebook.com/[app_name])

Security bugs in third-party websites that integrate with Facebook

Security bugs in Facebook's corporate infrastructure

Denial of Service Vulnerabilities

Spam or Social Engineering technique

For detailed information click Here