CPLC Chief says 'Pakistan a safe heaven for cyber criminals' 06.49

The cyber crimes of multiple kinds in Pakistan have increased by five times over the past four years. Pakistan Daily Times News today reported that, Citizen Police Liaison Committee (CPLC) Chief through a letter on Saturday, apprised the Federal Law, Justice & Parliamentary Affairs Minister that in the absence of Prevention of Electronic Crime Ordinance (PECO) Law 2007, lapsed in 2010, Pakistan had become a safe heaven for cyber criminals and con artists whereas the law enforcement agencies were unable to take legal action against them.

According to the Cyber Crime Unit (CCU), a branch of Pakistan's Federal Investigation Agency (FIA), 62 cases were reported to the unit in 2007, 287 cases in 2008 and the ratio dropped in 2009 but in 2010 more than 312 cases were registered in different categories of cyber crimes.

“There are numerous complaints regarding fake calls deceiving citizens into receiving a phony prize. The normal practice is that the criminals calls the supposed prize winner, and gives him three options to collect his prize money i.e. have the amount transferred in his account through cheque, visit Islamabad to receive the prize money or receive the prize at door step. Thereafter, the caller asks the victim to pay Rs 10,000 through easy paisa transfer and or by cellular easy load for the prize to be processed and once sent the receiver disappears. “ CPLC Chief said.

Cybercrime in Pakistan has its global impact especially with cyber terrorism, example of this, the disappearance of the The Wall Street Journal correspondent on Jan. 23, 2002, from Pakistan's southern city of Karachi and his captors started sending e-mails to newspapers, then the investigators starting to trace the e-mails sent by the kidnappers, this was one of the important reason for establishing the National Response Center for Cyber Crimes in Pakistan to combat against cybercrimes.

After receiving several complains, Sindh CPLC Chief Ahmed Chinoy asked FIA to take up such cases for necessary action as per law. In response to Chinoy’s letter, FIA told him that due to the absence of PECO, they were unable to take any action against the offenders.Sindh CPLC Chief wrote a letter to the Federal Law, Justice & Parliamentary Affairs Minister to draw his attention towards the PECO Law 2007, which had been lapsed in 2010.

Urging the federal minister to revoke PECO, Chinoy stated that these criminals were intentionally harming the physical, mental and financial position of their victims by using modern telecommunication networks such as internet and mobile phones.

There are a number of cyber crimes in Pakistan mainly including cyber pornography, sale of illegal articles, online gambling, intellectual property crimes, email spoofing, cyber stalking, forgery, unauthorized access to computer systems/networks, theft of information contained in electronic form, virus attacks, Trojan attacks, Internet time theft, password cracking and financial cyber crimes (hacking of ATM card numbers and bank accounts).Official data suggest that the hacking of ATM card numbers and bank accounts are on the rise in Pakistan.

Kuwait Government will suspend Twitter accounts of Anonymous Users 06.36

In Kuwait, the Ministry of Interior is in the process of enforcing a rule of their own on Twitter which prevents Kuwaiti users from using anonymous accounts. The ministry said in a press statement that such measure comes in order to preserve the rights of citizens and residents of people who were used to slander them and their families under fake names, saying that such is a crime punishable by law.

The statement went on to say that the move was meant to protect the rights of citizens and residents who have found themselves the subject of slander through statements made by these anonymous accounts, a crime punishable by law in the country, as it is in the UAE.

It confirmed that all public have the freedom of expression guaranteed to them by the Constitution as long as those practices are going according to the law, especially with regard to using the Twitter site.

US Subway Stores POS Hacked For $3Million Dollars 08.39

Honestly there hasn’t been much news over the holiday period, well maybe there was but no one bothered reporting it. There was the Stratfor case of course, which Anonymous is saying wasn’t anything to do with them.

The scale of this incident somehow reminds me of the whole TJ MAXX fiasco a few years back.

Anyway, this whole scheme sounds like a case of people installed VNC with weak passwords and someone finding it by accident – it doesn’t even seem to have been a targeted hack.

    For thousands of customers of Subway restaurants around the US over the past few years, paying for their $5 footlong sub was a ticket to having their credit card data stolen. In a scheme dating back at least to 2008, a band of Romanian hackers is alleged to have stolen payment card data from the point-of-sale (POS) systems of hundreds of small businesses, including more than 150 Subway restaurant franchises and at least 50 other small retailers. And those retailers made it possible by practically leaving their cash drawers open to the Internet, letting the hackers ring up over $3 million in fraudulent charges.

    In an indictment unsealed in the US District Court of New Hampshire on December 8, the hackers are alleged to have gathered the credit and debit card data from over 80,000 victims.

    “This is the crime of the future,” said Dave Marcus, director of security research and communications at McAfee Labs in an interview with Ars. Instead of coming in with guns and robbing the till, he said, criminals can target small businesses, “root them from across the planet, and steal digitally.”

    The tools used in the crime are widely available on the Internet for anyone willing to take the risks, and small businesses’ generally poor security practices and reliance on common, inexpensive software packages to run their operations makes them easy pickings for large-scale scams like this one, Marcus said.

    While the scale of this particular ring may be significant, the methods used by the attackers were hardly sophisticated. According to the indictment, the systems attacked were discovered through a targeted port scan of blocks of IP addresses to detect systems with a specific type of remote desktop access software running on them. The software provided a ready-made back door for the hackers to gain entry to the POS systems. The PCI Security Standards Council, which governs credit card and debit card payment systems security, requires two-factor authentication for remote access to POS systems—something the applications used by these retailers clearly didn’t have.

It seems like there’s a pretty large ring behind this operation, just due to the sheer number of locations compromised and the amount of time it must have taken to install all the malware and logging software.

Plus the network infrastructure that was build to receive the logs via FTP upload, the criminals were pretty smart too – they even ‘backed up’ their stolen data to sendspace just in case their hosting got taken down.

    Once they were in, the hackers then deployed a collection of hacking tools to the POS systems, including logging software that recorded all the input into the systems—including credit card scans. They also installed a trojan, xp.exe, onto the systems to provide a back door to reconnect to the systems to allow the installation of additional malware, and prevent any security software updates.

    Collected data from the loggers was posted by the malware to FTP “dump” sites on a number of Web servers in the US created with domains they registered through GoDaddy.com using stolen credit card data. In addition to using the stolen data to register their own domains and pay for hosting service, the hackers periodically rounded up the dumped transaction data and moved it to sendspace.com, a file transfer site. Richard James of sendspace.com says that his company cooperated with the FBI in the investigation of the hack. ” Sendspace [is] a file hosting and transfer site used by millions every single day,” he said in an email to Ars Technica,”and as such can indeed be used for activities which are against our TOS and that we do not condone.”

    Some of the data was used to print counterfeit credit cards using blank plastic cards and embossing machines. One of the alleged hackers, Cezar Iulian Butu, was generating counterfeit cards with an embossing machine out of a house in Belgium in October of 2010, and working with a group, used the cards “among other uses [to] place bets at local French ‘tobacco’ shops,” the Justice Department said in its filing. The rest of the stolen data was sold in blocks to other criminals from the Sendspace server.

    According to a report by Schuman, Subway’s corporate IT and a credit card company discovered the data breach “almost simultaneously.” Subway Corporate Press Relations Manager Kevin Kane told Ars that “the tech guys who dealt with this moved and put steps in place [to block the theft of data] as soon as they discovered it.” He said the company wouldn’t discuss the measures taken, as “we don’t want to give away the blueprint” to other potential attackers. And Kane added that Subway had been asked by the Justice Department not to comment on other details of the case, as it is part of an ongoing investigation.

It’ll be a pretty interesting case to watch either way, we’ll have to see what else gets discovered (and more importantly released to the public).

Subway corporate IT has taken some measures against this, but as it was franchisee stores that got owned – I don’t honestly see how much they can do. Unless they implement a complete new POS system (which is secure and preferably doesn’t run Windows and connect to the Internet).

POS in this case should well stand for Piece of Shit.

GOVERNANCE OF PAKISTAN and 2 other pakistani websites Got hacked by Ashell(INDISHELL) 02.04

GOVERNANCE OF PAKISTAN , pmumcdp and my.pakistanwebhost Got hacked by Ashell(INDISHELL)


Once again Pakistani cyberspace hit by INDISHELL.This time Ashell INDIA from INDISHELL group have hacked Pakistan's governance’s website and pmumcdp . The reason behind this attack is one Pakistani hacker named THA have hacked BJP’s website so Ashell have hacked it. you can see the hacked website.
http://www.governance.pk/
http://my.pakistanwebhost.com/
http://www.pmumcdp.gov.pk/


mirrors of websites
http://legend-h.org/mirror/272151/governance.pk/
http://legend-h.org/mirror/272257/my.pakistanwebhost.com/
http://legend-h.org/mirror/272150/pmumcdp.gov.pk

China Software Developer Network (CSDN) 6 Million user data Leaked 11.49

The "Chinese Software Developer Network" (CSDN), operated by Bailian Midami Digital Technology Co., Ltd., is one of the biggest networks of software developers in China. A text file with 6 Million CSDN user info including user name, password, emails, all in clear text leaked on internet.

The Download Link (use xunlei to download the file) of the File is available on various social Networks. Now Chinese programmers are busy changing their password now.(lol)

Just did some data ming on CSDN leaked user data. Some interesting findings. Here are the results of Top 100 email providers form 6M CSDN user emails :

@qq.com, 1976190

@163.com, 1766919

@126.com, 807893

@sina.com, 351590

@yahoo.com.cn, 205487

@hotmail.com, 202944

@gmail.com, 186843

@sohu.com, 104735

@yahoo.cn, 87048

@tom.com, 72360

@yeah.net, 53292

@21cn.com, 50709

@vip.qq.com, 35119

@139.com, 29207

@263.net, 24778

@sina.com.cn, 19155

@live.cn, 18920

@sina.cn, 18601

@yahoo.com, 18452

@foxmail.com, 16432

@163.net, 15173

@msn.com, 14211

@eyou.com, 13372

@yahoo.com.tw, 10810

@huiseo.cn, 8493

@csoftmail.cn, 7121

@citiz.net, 6605

@vip.sina.com, 5378

@189.cn, 5004

@etang.com, 4236

@chinaren.com, 3973

@yahoo.com.hk, 3899

@neusoft.com, 2930

@wormsoft.cn, 2780

@sogou.com, 2567

@bdqnok-cp.com.cn, 2551

@live.com, 2528

@mail.china.com, 2177

@china.com, 2169

@mail.ustc.edu.cn, 2038

@huawei.com, 1921

@vip.163.com, 1882

@sjtu.edu.cn, 1881

@371.net, 1805

@10pig.com.cn, 1782

@zte.com.cn, 1681

@cp-bdqnok.com.cn, 1632

@company-mail.cn, 1555

@msn.cn, 1522

@netease.com, 1499

@uggsrock.com, 1363

@bjtu.edu.cn, 1342

@hotmail.com.tw, 1313

@owlpic.com, 1277

@siteposter.net, 1275

@x263.net, 1183

@2008.sina.com, 1180

@elong.com, 1172

@yahoo.co.jp, 1049

@chongseo.com, 1033

@bofthew.com, 1022

@tyldd.com, 992

@fudan.edu.cn, 987

@marketnet.com.cn, 963

@newline.net.cn, 955

@stu.xjtu.edu.cn, 931

@online.sh.cn, 928

@msa.hinet.net, 927

@zju.edu.cn, 878

@king.com, 870

@cmmail.com, 844

@123.com, 838

@56.com, 836

@cpok-bdqn.com.cn, 818

@zj.com, 804

@china.com.cn, 803

@fm365.com, 763

@71mail.com.cn, 751

@avl.com.cn, 748

@bdqncpok.com.cn, 720

@mails.tsinghua.edu.cn, 719

@bit.edu.cn, 693

@mail.nankai.edu.cn, 640

@lzu.cn, 622

@xnmsn.cn, 602

@wo.com.cn, 599

@ah163.com, 598

@yahoo.ca, 594

@263.com, 563

@eastday.com, 561

@stu.edu.cn, 559

@188.com, 556

@mobile.csdn.net, 539

@csdn.net, 533

@sian.com, 519

@ymail.com, 518

@km169.net, 490

@emails.bjut.edu.cn, 488

@pp.com, 483

@pchome.com.tw, 480

 

Kaspersky Internet Security Memory Corruption Vulnerability 11.45

Vulnerability-Lab Team discovered a Memory & Pointer Corruption Vulnerability on Kaspersky Internet Security 2011/2012 & Kaspersky Anti-Virus 2011/2012. A Memory Corruption vulnerability is detected on Kaspersky Internet Security 2011/2012 & Kaspersky Anti-Virus 2011/2012.

The vulnerability is caused by an invalid pointer corruption when processing a corrupt .cfg file through the kaspersky exception filters,which could be exploited by attackers to crash he complete software process.The bug is located over the basegui.ppl & basegui.dll when processing a .cfg file import.

Affected Version(s):

• Kaspersky Anti-Virus 2012 & Kaspersky Internet Security 2012
• KIS 2012 v12.0.0.374
• KAV 2012 v12.x
• Kaspersky Anti-Virus 2011 & Kaspersky Internet Security 2011
• KIS 2011 v11.0.0.232 (a.b)
• KAV 11.0.0.400
• KIS 2011 v12.0.0.374
• Kaspersky Anti-Virus 2010 & Kaspersky Internet Security 2010

The kaspersky .cfg file import exception-handling filters wrong or manipulated file imports like one this first test . (wrong-way.png). The PoC is not affected by the import exception-handling & get through without any problems. A invalid pointer write & read allows an local attacker to crash the software via memory corruption. The technic & software to detect the bug in the binary is private tool.

Backdoor in Android for No-Permissions Reverse Shell 11.36

Thomas Cannon working at viaForensics as the Director of R&D has demonstrated a custom-developed app that installs a backdoor in Android smartphones – without requiring any permissions or exploiting any security holes.Thomas built an app which requires no permissions and yet is able to give an attacker a remote shell and allow them to execute commands on the device remotely from anywhere in the world. The functionality they are exploiting to do this is not new, it has been quietly pointed out for a number of years, and was explained in depth at Defcon 18.

It is not a zero-day exploit or a root exploit. They are using Android the way it was designed to work, but in a clever way in order to establish a 2-way communication channel. This has been tested on Android versions ranging from 1.5 up to 4.0 Ice Cream Sandwich, and it works in a similar way on all platforms.

The application operates by instructing the browser to access a particular web page with specific parameters. This web page, and the server behind it, will, in turn, control the app by forwarding the browser to a URL that starts with a protocol prefix that is registered as being handled by the app, for example app://. This process can then be repeated and in doing so it enables two-way communication.

"In this demonstration Android’s power and flexibility were perhaps also its downfall. Other smartphone platforms may not offer the controls we are bypassing at all, and the multi-tasking capabilities in Android allowed us to run the attack almost transparently to the user. This power combined with the open nature of Android also facilitates the customisation of the system to meet bespoke security requirements. This is something we have even been involved in ourselves by implementing a proof of concept Loadable Kernel Module to pro-actively monitor and defend a client’s intellectual property as it passed through their devices. It is no surprise that we have seen adoption of Android research projects in the military and government as it can be enhanced and adapted for specific security requirements, perhaps like no other mobile platform before it." Thomas Cannon said.

Dailytop15 , gogo.pk and 6 other pakistani websites got hacked by Ashell (indishell) 06.15

Pakistani websites got hacked by Ashell (indishell)

The member of  "Indishell" (ICA-indian cyber army) once again hit Pakistani cyber space. This time Ashell  from Indishell team deface the 8 pakistani website.And the reason of this hack is that some pakistani hackers hacked INDIAN sites. you can see the site listed bellow.
http://dailytop15.com/ (Alexa Traffic Rank: 308,132 Traffic Rank in PK: 14,277 )
http://gogo.pk/ (Alexa Traffic Rank: 568,567 Traffic Rank in PK: 9,569 )
http://paksky.com/
http://www.gsp.gov.pk/
http://thebusinessdata.com/
http://www.bestibusiness.com/
http://www.thebusinessplus.com/
http://www.tipstorunbusiness.com/

President of Guyana's Website defaced by Hackers 07.11

Official Website of President of Guyana's Website defaced by some hackers belongs to Group called "The Hackers Army" And they have posted that the ignorant observer Israel may appear modern, vigorous and democratic largely thanks to the outrageous bias in Western media and the $$$ whores whom have become our leaders...now wake up!!!
REALITY: Israel is and will always be a racist murderer, a child abuser, a child killer, a thief, a compulsive liar, a financier of genocide, an exporter of Terror and a haven for sick perverted traffickers of desperate, vulnerable and naive little girls and young women from Eastern Europe - Essentially a Middle East perverted despot hell bent on recreating the nightmare of Nazi Germany! .The Disaster named hacker from the group is responsible for the Defacements.

NokiaHouse Hacked By Ashell (Indishell) 11.47

NokiaHouse Hacked By Ashell (Indishell)

An INDIAN hacker from INDISHELL(ICA) have hacked Nokiahouse.com. and he have also put the vulnerability details on the deface page. ”Vul : Basic sqli and server intrusion” .and he have created the mirror for that site. click here to see the mirror. And the another site hosted on the same server got hacked by that hacker. Nokia House is part of Nokia. From Nokia House you can download free nokia attractive games interesting applications melodious ringtones and High Quality videos, themes and many more things for you phone.

Hacked site:

http://nokiahouse.com/

http://mastienjoy.com/

Mirror:

http://zone-h.com/mirror/id/16180462

http://zone-h.com/mirror/id/16180458

Best SMS Spoofer: Send Fake SMS 10.56

Well here I am sharing one amazing post about sms spoofing. Using this technique you can send SMS from any number to any number and you can also update the status of any facebook account if the victim have active that service.This post is educational purpose only I am not responsible for anything. 

Lets start..

Smsglobal is an amazing website to send SMS. However, it is a premium site from Australia.But they only allow to send 25 fake SMS at the time of signing up there. So, you can send only 25 Fake SMS using this service . After that, you have to try signing in with a new number and Email ID.

just open this link http://smsglobal.com/signup/signup_page.php and sign up there.

Now fill the form as shown below in the image.

After signing in, you will receive your username and password on your phone.

• Now login in your SMS global Account with your provided Username and Password. 
• After loging in, you will see the welcome screen, just click on Send SMS to Number as shown below.
• 

First remove the sender ID while sending to send a spoofed SMS after that enter the mobile number of both the victim and now you can send a spoofed SMS as shown below.

So, Enjoy Sending fake SMS to any of the number , and now you can update any buddy’s facebook status using this technique!!

Please do not misuse this trick, This article is just for educational purposes. I am not responsible for any consequences taking place!!!

Facebook Security Flaws Allowing Attackers To grab Your Private Photos 09.50

Facebook Security Flaws Allowing Attackers To grab Your Private Photos

A very serious security flaws found in Facebook. Recently a forum has demonstrated how any one can access and download someones private and locked photos from Facebook. Here we sharing the process. The flaw was first reported on the forums of BodyBuilding.com, presumably because the users of that website like taking photos of themselves and putting them online. The bug exploits the way the offensive photograph reporting tool works. Facebook has been heavily criticised in the last few years for matters of privacy and so there are people who will leap on this story as yet another example of how the company simply doesn’t take its users privacy seriously. Such problems have included a change to the terms and conditions that made all your photographs and statuses Facebook’s property and a settings change that made everything on everybody’s profile accessible to search engines by default.

Locate the person who you want to view photos of

Click on Report/Block. From the popup menu, select Inappropriate Profile photo and press continue

Select Nudity or pornography and press continue

Only check Report to Facebook and press continue

Only select Help us take action by selecting additional photos to include with your report and press Okay

While some browsers restrict this flaw, private photos that are hidden or unaccessible to

people who are friends, can not only be accessed but enlarged to their full scale.

While some browsers restrict this flaw, private photos that are hidden or unaccessible to people who are friends, can not only be accessed but enlarged to their full scale.

This private photo of Mark Zuckerberg is also been exposed from his profile by the method described earlier. Facebook later said that they are working to patch this security hole.

sslyze – Fast and Full-Featured SSL Configuration Scanner 05.29

Transport Layer Security (TLS), commonly called SSL, is one of the most widely used protocols to secure network communications. As costs fall and user security and privacy expectations rise companies are deploying it more widely every year. Attacks against the CA system, SSL implementation flaws and aging protocol versions have grabbed news headlines, bringing attention to weak configurations, and the need to avoid them. Additionally, server misconfiguration has always greatly increased the overhead caused by SSL, slowing the transition to improved communications security.

To help improve system configurations, iSEC is releasing the free software “SSLyze” tool. They have found this tool helpful for analyzing the configuration of SSL servers and for identifying misconfiguration such as the use of outdated protocol versions, weak hash algorithms in trust chains, insecure renegotiation, and session resumption settings.

 

Features

• Insecure renegotiation testing
• Scanning for weak strength ciphers
• Checking for SSLv2, SSLv3 and TLSv1 versions
• Server certificate information dump and basic validation
• Session resumption capabilities and actual resumption rate measurement
• Support for client certificate authentication
• Simultaneous scanning of multiple servers, versions and ciphers

You can download sslyze here:

sslyze-0.3_src.zip

Dawn.com (biggest pakistani news site) hacked by LuCkY 05.22

Dawn.com (biggest pakistani news site) hacked by LuCkY

The member of  "Indishell" (ICA-indian cyber army) once again hit Pakistani cyber space. This time LuCkY from Indishell team deface the biggest Pakistani News site Dawn.com (Alexa Rank : 3540, 56 in pakistan).
Deface page message include the possible hack reason "You Wont get kashmir by hacking sites lol , Kashmir is ours will be".The Indishell and PCA warriors hide behind coded named such as 'Zombie' , 'Lucky' and are thought to be young IT experts.

pakhackerz,abbottabad. and 2 more websites got hacked by INDISHELL (ICA) 05.21

pakhackerz,abbottabad. and 2 more websites got hacked by INDISHELL (ICA)

Indian hackers group INDISHELL have hacked some of the Pakistani websites, the list of the websites are as follow.
http://pakhackerz.com/
http://esolpakistan.com/
http://www.thenucleuspak.org.pk/imp.html
http://justpakistan.com/administrator 
http://pakistanhost.com/administrator

Cain & Abel v4.9.43 Released 23.50

Cain & Abel v4.9.43 Released

Cain & Abel is a password recovery tool for Microsoft operating systems.It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using dictionary and brute force attacks, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols.
Change Log :

• Added SAP R/3 sniffer filter for SAP GUI authentications and SAP DIAG protocol decompression.
• Added support for Licensing Mode Terminal Server connections to Windows 2008 R2 servers in APR-RDP sniffer filter.
• Added support for MSCACHEv2 Hashes (used by Vista/Seven/2008) in Dictionary and Brute-Force Attacks.
• Added MSCACHEv2 Hashes Cryptanalysis via Sorted Rainbow Tables.
• Added MSCACHEv2 RainbowTables to WinRTGen v2.6.3.
• MS-CACHE Hashes Dumper now supports MSCACHEv2 hashes extraction from Windows Vista/Seven/2008 machines and offline registry files.
• Fixed a bug (crash) in Certificate Collector with Proxy settings enabled.
  click here to Download

Protecting Your BlackBerry Smartphone with Security Wipe 23.30

Protecting Your BlackBerry Smartphone with Security Wipe

The BlackBerry is a amazing device. We load our BlackBerries with various useful softwares and applications to increase our productivity and customize them with interesting themes and ringtones. We watch movies and play games and track day to day activities. All of these things require passwords and usually involve storing data on our devices that is sensitive in nature.

So what if you want to wipe your BlackBerry clean?

There are a number of reasons why you might want to wipe out your Blackberry. Perhaps you have switched jobs and need to submit your BlackBerry into your new IT department so they can set it up for their network. You wouldn’t want them to have access to your previous employers data would you?

Perhaps you have purchased a new model of BlackBerry and would like to gift your previous model to a friend or sell it on ebay. The same rule applies, you do not want them to see what you were using your Blackberry for prior to handing it over.

How to Use security wipe ?

Before using this function, it is recommended that you back up any data and applications that you like to use on your new BlackBerry smartphone.

1. On the BlackBerry smartphone, select Options from the home screen.

2. Select Security Settings, then Security Wipe.

3. Specify what items will be wiped during this process by checking off the boxes.

4. Enter “blackberry” (field is not case-sensitive) and select Wipe.

5. The BlackBerry smartphone will reset a few times, and after this process is complete, it will no longer contain any of your personal data.

Google, Gmail, YouTube, Yahoo, Apple hacked using DNS cache poisoning attack 23.08

Google, Gmail, YouTube, Yahoo, Apple hacked using DNS cache poisoning attack

Hacker with Codname AlpHaNiX deface Google, Gmail, Youtube, Yahoo, Apple etc domains of Democratic Republic of Congo. Hacker use strategy so-called DNS cache poisoning.

DNS cache poisoning is a security or data integrity compromise in the Domain Name System (DNS). The compromise occurs when data is introduced into a DNS name server's cache database that did not originate from authoritative DNS sources. It may be a deliberate attempt of a maliciously crafted attack on a name server.

Picture show you how hacker insert fake records into the cache of DNS servers.

List of hacked websites:
http://apple.cd/
http://yahoo.cd/
http://gmail.cd/
http://google.cd/
http://youtube.cd/
http://linux.cd/
http://samsung.cd/
http://hotmail.cd/
http://microsoft.cd/

15 Years Old Expert found XSS Vulnerability On Twitter !! 01.15

 

A 15 years old XSS Expert "Belmin Vehabovic(~!White!~)" discovered XSS Vulnerability On Twitter and report us. The Vulnerable link is here. Even He also Discovered XSS Vulnerability in Facebook also as tweeted by him Yesterday &Facebook is offering him $700 as Bounty.

New Yahoo 0-day exploit hijacks status updates !! 23.15

Malware spread via Yahoo Instant Messenger has been around for years. Infection, though, has been limited by the fact that it requires some interaction with the user.

 

 

How does it work?
The status message change happens when an attacker  simulates sending a file to a user. This action manipulates the $lnlineAction parameter in order to  load an iFrame which , when loaded ,swaps the status message for the attacker’s custom text. This status may include a dubious link.

 

Why is this dangerous?

When the victim's status message is swapped with an attention getting text that points to a page hosting a zero-day exploit targeting the IE browser, the locally installed  or Flash environments or even a PDF bug, to mention only a few. when  a contact clicks on the victim’s status message, chances are they get infected without even knowing it. All this time, the victim is unaware that his status message has been hijacked!!

The Mole – Automatic SQL Injection SQLi Exploitation Tool 03.09

The Mole – Automatic SQL Injection SQLi Exploitation Tool

The Nole is an automatic SQL injection exploitation tool. YOou just need to provide SQL vulnerable LINK and valid string on the shitty site and it can detect the injection and it will exploit it using union technique or a boolean query based technique. You can hack any sql vulnerable website using this tool.

 Features

• Support for injections using Mysql, SQL Server, Postgres and Oracle databases.
• Command line interface. Different commands trigger different actions.
• Developed in python 3.
• Support for query filters, in order to bypass certain IPS/IDS rules using generic filters, and the possibility of creating new ones easily.
• Auto-completion for commands, command arguments and database, table and columns names.

You can download it from here

Windows: themole-0.2.6-win32.zip

 Linux: themole-0.2.6-lin-src.tar.gz

 If you want to know how to use this tool then click here

Twitter Purchases WhisperCore – Full Disk Encryption For Android Phones 21.51

Twitter Purchases WhisperCore – Full Disk Encryption For Android Phones

 Whisper Systems’ offerings include WhisperCore, software that enables full disk encryption as well as management tools for Android phones. It’s free for individual users while enterprise customers pay for the software. Other Whisper Systems products include text encryption, voice encryption, firewall software and encrypted backup.
In a blog post about the acquisition, Whisper Systems didn’t say much about what Twitter might be planning to do with the technology. “Now that we’re joining Twitter, we’re looking forward to bringing our technology and our expertise into Twitter’s products and services,” the company wrote on the blog.
It said that Whisper Systems software will continue to be available but that during a transition period the company will take the products and services offline. In a forum on Whisper Systems’ website, people who are apparently unaware of the acquisition are already wondering why they can’t download products. Twitter did not reply to a request for comment about its plans for the technologies.

The only path I can see, obvious path that is, would be for Twitter to integrate the encryption technology offered by WhisperCore into the official Twitter apps – making them more secure in both storing data locally and in transmitting data over insecure networks.I don’t see how it really offers any value though, it’s not like anyone is actually sending anything important out over Twitter – apart from the odd DM (Direct Message) I would imagine.

It’ll be interesting to see what direction they take though and if we can actually find out why this acquisition took place.
WhisperCore has a number of features designed to make up for security shortcomings in Android. For instance, WhisperCore users can selectively revoke permissions that an app requests while allowing the user to still use the app.
The software also includes a feature aimed at thwarting someone who has stolen a phone from determining the phone’s unlock code based on finger smudges on the screen. Some Android phones display rows of dots and a user unlocks the phone by dragging a finger over certain dots in a set pattern. An attacker might be able to recreate the pattern by examining finger smudges on the screen. WhisperCore displays unlock numbers in a column, so an attacker doesn’t know in which order the user hits the numbers to unlock the phone.Earlier this year Whisper Systems released a software development kit so that developers could start building some WhisperCore features into their applications. Few other companies are doing full disk encryption for Android, although there are many other companies taking other approaches to securing Android phones. Companies like 3LM and Good Technology offer mobile security services for enterprises. In addition, mobile device management products from companies including Sybase, BoxTone, Zenprise, Mobile Iron and Fiberlink let IT managers set basic policies like password requirement and remote wipe, and offer additional security capabilities.

Facebook Hit By Classic Worm Attack 22.55

                           Facebook Hit By Classic Worm Attack
Zeus Trojan spreads when user views 'photos'; Facebook now blocking malicious domains spreading the attack.

A worm spreading via Facebook infects victims with a variant of the dangerous Zeus Trojan. The attack, which was first found by researchers at CSIS in Denmark, spreads via phony posts from an infected Facebook user's account that pretends to contain photos.
Like previous Facebook scams, it uses stolen account credentials to log in and then spam the victim account's "Friends" with the malicious posts. While a screenshot of the file appears to have a .jpg suffix, it's really a malicious screensaver file, according to Jovi Umawing, a security expert at GFI Software.

"The worm is also found to have anti-VM capabilities, making it useless to execute and test in a virtual environment, such as Oracle VM VirtualBox and VMWare." If you are using any virtual machine then it will infect your current OS.

Facebook has blocked the offending domains spreading the Trojan. "We are constantly monitoring the situation and are in the process of blocking domains as we discover them. We have internal systems in place configured specifically to monitor for variations of the spam and are working with others across the industry to pursue both technical and legal avenues to fight the bug," a Facebook spokesperson says. 

"Facebook is built to easily allow people to share pictures, videos, and other content -- and people trust what they are receiving from their friends," says Mike Geide, senior security researcher at Zscaler ThreatLabZ Malware. "[For example], this recent example can take advantage of the sharing mechanisms and user's trust of their friends within social networking."

Meanwhile, new research published today from Norman ASA found that Zeus-based attacks are actually on the decline this year: While there were 20,000 Zeus-related incidents in January, according to Norman, there were "nearly negligible levels" of Zeus threats discovered in September.

#OpRobinHood : Thousands of United Nation logins leaked by TeaMp0isoN 06.12

#OpRobinHood : Thousands of United Nation logins leaked by TeaMp0isoN

Online "hactivist" collective Anonymous and hackers Team Poison have joined forces for a new group effort known as 'Operation Robin Hood', that plans to target banks in an effort to give money back to the people.

First victim of  Operation Robin Hood was National Bank of Long Island. The hacktivists behind Operation Robin Hood revealed the vulnerabilities present in the website of the First National Bank of Long Island.

TeaMp0isoN today hack United nation website (www.undp.org) and leak 1000's of Login usernames, Passwords and Emails .
Leaked accounts details are posted on pastebin.

Indian Security and Hackers website's got hacked by Shadow008 03.05

Indian Security and Hackers website's got hacked by Shadow008

.

Pakistani hacker named shadow008 have hacked some of the Indian Security and Hackers websites.
the list of the hacked websites are as follow.

http://talkhacking.com/
http://thackers.co.in/
http://www.supremesecurity.in/
http://tlcsecure.in/
http://mahasecurity.com/
http://techsecure.co.in/
http://hackandlearn.com/
http://hackthisway.com/
http://ghack.info/
http://zenhacking.com/
http://sphinxsecurityind.com/
http://cyberintelligentsecurity.net/
http://hackerszilla.in/ 

More then 100 pakistani websites got hacked by ICA 02.41

More then 100 pakistani websites got hacked by ICA

the list of websites are as follow

1) http://mediheal.com.pk/

2) http://unicorngold.pk/

3) http://songstube.pk/

4) http://yman.com.pk/

5) http://nha.gov.pk/

6) http://itl.edu.pk/

7) http://kohatpolice.com/

8) http://pakreliance.com/

9) http://ijazulhaq.com/wp/

10) http://abbottabadonline.com/

11) http://alehsaan.pk/

12) http://akornfoodstuff.com/

13) http://ascop.com.pk/

14) http://makemoneyonlinepk.com/

15) http://wctqee.org/

16) http://lovemusti.com/blog/

17) http://cricketjam.com/

18) http://ayvain.com/

19) http://mobilesshop.pk/

20) http://julwa.com/

21) http://jalway.com/

22) http://moviesindia.pk/

23) http://newsindia.pk/

24) http://photosmoviessongs.com/

25) http://alothman.com/plugins/

26) http://al-kattan.com/images/26.11.html

27) http://acipjo.org/UploadImages/

28) http://songshindimovies.com/

29) http://alf1.com/UploadFile/

30) http://altahergroup.com/UploadImage/

31) http://auptde.org/NewSite/UploadFiles/

32) http://tdcp.gop.pk/tdcp/

33) http://khybercollege.edu.pk/

34) http://rmdm.com.pk/

35) http://pbsa.org.pk/

36) http://yokohama.com.pk/index.php

37) http://gbs.com.pk/

38) http://recruitmenintl.net/

39) http://zeeautomation.com/cwd/schemes.php

40) http://zaitoonpakistan.com/zaitoon/index.php?page_id=1

41) http://karachipressclub.com/

42) http://ict.wfp.org.pk/

43) http://softech.pk/index.php

44) http://bas.edu.pk/

45) http://gcspak.com/

46) http://karachipressclub.com/

47) http://bisesuksindh.edu.pk/

48) http://ciit-atd.edu.pk/index.html

49) http://pakistanpressfoundation.org/

50) http://ajkcouncil.com/

51) http://md-glovespk.com/26.11.html

52) http://aatirgold.com/26.11.html

53) http://kevenimpex.com/26.11.html

54) http://meerabgroup.com/26.11.html

55) http://melbosports.com/26.11.html

56) http://trinestarintl.com/26.11.html

57) http://zolinberg.com//26.11.html

58) http://al-barkat.com/index.html

59) http://lightofquran.net/26.11.html

60) http://jwtpakistan.com/26.11.html

61) http://sdc.gov.pk/index.php

62) http://arshadgroup.com/index.php

63) http://iqrapk.com/

64) http://dilkidunya.com/

65) http://ligamuslim.org/

66) http://abhc.edu.pk/index.php

67) http://abhcg.edu.pk/index.php

68) http://qurban.info/

69) http://fazaweb.com/

70) http://ahmedilyas.com/index.php

71) http://fgmcw.edu.pk/

72) http://rnsfunclub.com/

73) http://iespakistan.org/

74) http://psf-psg.com/

75) http://campus.ti.edu.pk/index.php

76) http://falahpk.org/

77) http://psaviation-psg.com/

78) http://tcdc-psg.com/

79) http://pscs-psg.com/

80) http://sdckarachi.org.pk/

81) http://sal-psg.com/

82) http://aasco.com.pk/index.php

83) http://businessmonitorpk.com/index.html

84) http://lunarsecurity.com.pk/

85) http://mansooryousaf.com/

86) http://webnwebs.com/

87) http://abacus-academy.com/default.html

88) http://alwahid.com.pk/index.php

89) http://al-zahid.net/index.php

90) http://alsiddiqueexports.com.pk/index.php

91) http://alkaram.pk/index.php

92) http://alhabibpackages.com/index.php

93) http://admin.ti.edu.pk/index.php

94) http://aminleather.pk/index.php

95) http://sol.edu.pk/

96) http://greenbushlabel.com/

97) http://nizamiqawwal.com/

98) http://bangush.com/index.php

99) http://azeemcattle.com/default.html

100) http://pakistancyberarmy.com/

101) http://abualhassan.net/

102) http://igoogle.pk/

103) http://software.net.pk/index.php

104) http://www.emezab-e-rehmat.com/index.php

105) http://myuniversity.pk/

107) http://brightstarlibrary.com/index.php

108) http://bideonline.com/

109) http://industrialequipments.com.pk/

110) http://punjabmodaraba.com.pk/

111) http://bunyaadfoundation.org/

112) http://blazingtrailers.com/

113) http://huf.org.pk/

114) http://catsmodelingagency.com/

115) http://www.businessmonitorpk.com/index.html

116) http://pakistanjusticeparty.com/ 

117)http://fasons.com.pk/

118) http://pakshaheen.com.pk/login.html

119) http://bunyaadfoundation.org/

120) http://catsmodelingagency.com/

121) http://businessmonitorpk.com/index.html

122) http://blazingtrailers.com/

123) http://hoteldoveinn.com/index.php

124) http://www.jeco.net.pk/

 If you want to see the mirrors of website then 

click here 

More then 111 pakistani websites got hacked by ICA 01.22

More then 111 pakistani websites got hacked by Indian Cyber Army

  

This Mass Deface Cyber Attack is done by Team ICA of www.indishell.in 

We are the only real & first ever INDIAN CYBER ARMY [ICA] made and existing !!
Rest In Peace the Heroes of 26/11 Mumbai Attacks !
We will Never Forgot your sacrifice and We never will let porkis and this world forget it too !

You can see the hacked sites list here.

Click here to see

National program for Cyber army to be launched in India 00.01

National program for Cyber army to be launched in India

Increasing attacks on cyberspace in India has brought several professionals and experts from the Industry, in support with the Government of India to jointly form a national level program to identify credible and valuable information security experts. The program "National Security Database" is all set to launch this Saturday in Mumbai at a major Information security conference, MalCon. The database will include ethical hackers and programmers who can protect country’s cyberspace. They will all be registered with the National Security Database, a brainchild of Information Sharing and Analysis Center (ISAC).

The need of such database originated after 2008 attacks in Mumbai when the cyber security professionals realised that a lot needed to be done in the area. "It is observed that some or other form of electronic notification is usually sent before a major terrorist attack, followed by defacement of government web sites. Professional cyber security professionals can make a lot of difference in investigations and help in the entire episode," said Rajshekhar Murthy, director of ISAC. Issue of forming a credible repository of such cyber security professionals who can be trusted with sensitive information can be of use in case of an emergency, and was also raised in a conference held last year.

"After a lot of brainstorming and analysis the database is in place and will be flagged off on November 26 in Mumbai," said Murthy. As per estimates there are over a lakh cyber security experts and hackers in India who as of now function individually. Each one of them has a certain area of specialisation. "They will be brought in to the NSD after a rigourous test which would test their skills. Also they would be made to undergo psychometric tests over and above the tasks that they would have to perform to test their personal skills. Once they clear all levels they would be empaneled in NSD program in applied areas of specialisation," added Murthy. Fraud investigation, web security, mobile security are some of the areas of specialisation in NSD.

The Database, which was secretly being worked on from last two years on invitation only basis has already a sizeable number of experts who have developed malwares and softwares to hack into devices like iPhone and XBox Kinect, which are slated for release at the malware conference MalCon. The database will come in handy each time country is under threat on cyberspace front. "The next generation of attacks will not be only on ground but also on country’s cyberspace," said Murthy citing the example of recent attack on some government computers after which the hackers released sensitive information pertaining to the miltary and communication between India and Moscow.

Companies like QuickHeal and Security Compass among others have already given support to the database and will be hiring security professionals with a direct final interview. "Since NSD professionals will have to go through a tough eight hour lab exam, major companies have written in expressing their interest in hiring NSD empaneled professionals. While NSD does not award certification, we are glad about the support from the Industry" stated Murthy.

The biggest challenge for NSD now is to reach both hackers and professionals and identify them with skills in existing areas of specialization.. "We have already identified several accross the country. Their motivations is that once they are registered with NSD they not only get to upgrade their skills and knowledge but will also be of service to the country. We are collaborating with government agencies looking after cyber security, all of whom are looking forward to the NSD," said Murthy.

The program will be flagged off in the International Malware Conference, MALCON, scheduled to be held at JW Marriott on November 26. Sachin Pilot, Minister of State for Communication and Information Technology is also going to join the conference via video conference from Delhi. His office confirmed that Pilot would share his views on cyber security and extend their endorsement to the National Security Database. Officials from National Technical Research Organisation, a government body which looks at cyber security, too have shown keen interest in the NSD. "It is great initiative which will be of use to the nation and will provide a databse of cyber security professionals," said an NTRO official refusing to be named.

VoIP Hopper 2.01 Released – IP Phone VLAN Hopping Tool 09.00

VoIP Hopper is a GPLv3 licensed security tool, written in C, that rapidly runs a VLAN Hop into the Voice VLAN on specific ethernet switches. VoIP Hopper does this by mimicking the behavior of an IP Phone, in Cisco, Avaya, and Nortel environments.

This requires two important steps in order for the tool to traverse VLANs for unauthorized access. First, discovery of the correct 12 bit Voice VLAN ID (VVID) used by the IP Phones is required. VoIP Hopper supports multiple protocol discovery methods (CDP, DHCP, LLDP-MED, 802.1q ARP) for this important first step. Second, the tool creates a virtual VoIP ethernet interface on the OS. It then inserts a spoofed 4-byte 802.1q vlan header containing the 12 bit VVID into a spoofed DHCP request.

New Features

• New “Assessment” mode: Interactive, menu driven command interface, improves ability to VLAN Hop in Pentesting when the security tester is working against an unknown network infrastructure
• New VLAN Discovery methods (802.1q ARP, LLDP-MED)
• LLDP-MED spoofing and sniffing support
• Can bypass VoIP VLAN subnet that have DHCP disabled, and spoof the IP address and MAC address of a phone by setting a static IP

download voiphopper-2.01.tar.gz

Web App Pentesting - Pentest Magazine 00.10

                    Web App Pentesting - Pentest Magazine

• The significance of HTTP and the Web for Advanced Persistent Threats
• Web Application Security and Penetration Testing
• Developers are form Wenus, Application Security guys from Mars
• Pulling legs of Arachni
• XSS BeeF Metaspolit Exploitation
• Cross-site request forgery. In-depth analysis
• First the Security Gate, then the Airplane

Download Magazine