Ask.com Vulnerable Link
http://goo.gl/eFQOI
Museum Of Paris Vulnerable Link
http://goo.gl/k2RDw
Decent Tools Vulnerable Link
http://goo.gl/tneyl
Showing posts with label News. Show all posts
Showing posts with label News. Show all posts
XSS Vulnerability Founded on Ask.com, Museum Of Paris, Decent Tools websites
Ask.com Vulnerable Link
http://goo.gl/eFQOI
Museum Of Paris Vulnerable Link
http://goo.gl/k2RDw
Decent Tools Vulnerable Link
http://goo.gl/tneyl
More than 10,000 Facebook account hacked by TeamSwaSTika
Another group of Hackers, self titled Team Swastika, have caused panic amongst Facebook users after releasing the details of 10,000 accounts onto popular text sharing site, Pastebin.
Pastebin, usually used to share source code, has frequently been host to a number of text files that contain the details of specific hacks by hackitivists and hacker groups.
Team Swastika is just one of these hackitivist groups but claims to be the most powerful hacking team in Nepal. They also said that next target will be Nepal Government website.
Facebook hacked account dump:
Pastebin, usually used to share source code, has frequently been host to a number of text files that contain the details of specific hacks by hackitivists and hacker groups.
Team Swastika is just one of these hackitivist groups but claims to be the most powerful hacking team in Nepal. They also said that next target will be Nepal Government website.
http://pastebin.com/KYsd0j5B (part1) - Removed by Pastebin
http://pastebin.com/nN5uDrQS (part2) - Removed by Pastebin
Adobe Flash bug allow spying Webcam hole
Adobe Flash bug allow spying Webcam hole
The flaw was disclosed in 2008 and can be exploited to turn on people's webcams or microphones without their knowledge. Attack involved putting the Adobe Flash Settings Manager page into an iFrame and masking it with a game, so that when the user clicked on the buttons he would actually change the settings and turn on the webcam.
Adobe is working on a fix for a Flash Player vulnerability that can be exploited via clickjacking techniques to turn on people's webcams or microphones without their knowledge.The issue was discovered by a Stanford University computer science student named Feross Aboukhadijeh who based his proof-of-concept exploit on a similar one disclosed back in 2008 by an anonymous researcher.
Once it was made public, Adobe fixed the issue by adding framebusting code to the Settings Manager page. But now, Stanford University computer science student Feross Aboukhadijeh managed to bypass the framebusting JavaScript code by simply putting the settings SWF file into the iFrame, and made the clickjacking attack possible again.
In essence this is the same 2008 vulnerability exploited through a slightly different attack vector. "I was really surprised to find out that this actually works," Aboukhadijeh said.
The flaw was disclosed in 2008 and can be exploited to turn on people's webcams or microphones without their knowledge. Attack involved putting the Adobe Flash Settings Manager page into an iFrame and masking it with a game, so that when the user clicked on the buttons he would actually change the settings and turn on the webcam.
Adobe is working on a fix for a Flash Player vulnerability that can be exploited via clickjacking techniques to turn on people's webcams or microphones without their knowledge.The issue was discovered by a Stanford University computer science student named Feross Aboukhadijeh who based his proof-of-concept exploit on a similar one disclosed back in 2008 by an anonymous researcher.
Once it was made public, Adobe fixed the issue by adding framebusting code to the Settings Manager page. But now, Stanford University computer science student Feross Aboukhadijeh managed to bypass the framebusting JavaScript code by simply putting the settings SWF file into the iFrame, and made the clickjacking attack possible again.
He said that he emailed Adobe about the problem a few weeks ago, but got no response. However, the company contacted him after the public disclosure to inform him that they are working on a fix which will be deployed on their end and won't require users to update their Flash Player installations.
Using an SWF file hosted on Adobe's servers to modify Flash Player settings instead of a local interface is something that has generated problems before. For example, privacy advocates have complained in the past that this makes clearing Local Shared Objects (LSOs), commonly known as Flash cookies, difficult and confusing.
Metasploit 4.1.0 Web UI Cross Site Scripting vulnerability
Metasploit 4.1.0 Web UI Cross Site Scripting vulnerability
The Web UI in Metasploit version 4.1.0 suffers from a stored cross site scripting vulnerability discovered by "Stefan Schurtz".
Technical Details
Login to Web UI -> Create New Project -> Project name -> '"</script><script>alert(document.cookie)</script>
The Web UI in Metasploit version 4.1.0 suffers from a stored cross site scripting vulnerability discovered by "Stefan Schurtz".
Technical Details
Login to Web UI -> Create New Project -> Project name -> '"</script><script>alert(document.cookie)</script>
Famous VPN service Proxpn compromised
Famous VPN service Proxpn compromised
proXPN is one of the famous VPN client based on OpenVPN Service, today hacked by hacked named "TurkisH-RuleZ". The Server is seems to be Compromised in this Hacking case. Compromised url is http://proxpn.com/whmcs1/downloads and Mirror of Hack is available here.
proXPN is one of the famous VPN client based on OpenVPN Service, today hacked by hacked named "TurkisH-RuleZ". The Server is seems to be Compromised in this Hacking case. Compromised url is http://proxpn.com/whmcs1/downloads and Mirror of Hack is available here.
Google Enable SSL-based searches, Will impact Google Analytic !
Google Enable SSL-based searches, Will impact Google Analytic !
According to a blog post by Google, the company is taking steps towards making search more secure for its users. Users will be redirected to https:// instead of http:// when going to do a Google search. By forcing SSL on http://google.com, all keyword data will be hidden. The company is dedicated to SSL and securing search and privacy for its signed in users. But This will restricting search terms availability and also when user will sign out, One will redirect back to Unencrypted (http://) page. The company says this won’t change reporting data for webmasters who use analytics tools too see how much traffic Google sends them.
How will this change impact Google Analytics users?
When a signed in user visits your site from an organic Google search, all web analytics services, including Google Analytics, will continue to recognize the visit as Google “organic” search, but will no longer report the query terms that the user searched on to reach your site. Keep in mind that the change will affect only a minority of your traffic. You will continue to see aggregate query data with no change, including visits from users who aren’t signed in and visits from Google “cpc”. According to Google Analytic Official Blog.
Google had this to say on its blog:
We’ve worked hard over the past few years to increase our services’ use of an encryption protocol called SSL, as well as encouraging the industry to adopt stronger security standards. For example, we made SSL the default setting in Gmail in January 2010 and introduced an encrypted search service located at https://encrypted.google.com four months later. Other prominent web companies have also added SSL support in recent months.
As search becomes an increasingly customized experience, we recognize the growing importance of protecting the personalized search results we deliver. As a result, we’re enhancing our default search experience for signed-in users. Over the next few weeks, many of you will find yourselves redirected to https://www.google.com (note the extra “s”) when you’re signed in to your Google Account. This change encrypts your search queries and Google’s results page. This is especially important when you’re using an unsecured Internet connection, such as a WiFi hotspot in an Internet cafe. You can also navigate to https://www.google.com directly if you’re signed out or if you don’t have a Google Account.
How will this change impact Google Analytics users?
When a signed in user visits your site from an organic Google search, all web analytics services, including Google Analytics, will continue to recognize the visit as Google “organic” search, but will no longer report the query terms that the user searched on to reach your site. Keep in mind that the change will affect only a minority of your traffic. You will continue to see aggregate query data with no change, including visits from users who aren’t signed in and visits from Google “cpc”. According to Google Analytic Official Blog.
Google had this to say on its blog:
We’ve worked hard over the past few years to increase our services’ use of an encryption protocol called SSL, as well as encouraging the industry to adopt stronger security standards. For example, we made SSL the default setting in Gmail in January 2010 and introduced an encrypted search service located at https://encrypted.google.com four months later. Other prominent web companies have also added SSL support in recent months.
As search becomes an increasingly customized experience, we recognize the growing importance of protecting the personalized search results we deliver. As a result, we’re enhancing our default search experience for signed-in users. Over the next few weeks, many of you will find yourselves redirected to https://www.google.com (note the extra “s”) when you’re signed in to your Google Account. This change encrypts your search queries and Google’s results page. This is especially important when you’re using an unsecured Internet connection, such as a WiFi hotspot in an Internet cafe. You can also navigate to https://www.google.com directly if you’re signed out or if you don’t have a Google Account.
iPad 2 iOS 5 Lock Screen Bypass Vulnerability [Video Demonstration]
iPad 2 iOS 5 Lock Screen Bypass Vulnerability
Marc Gurman at 9to5Mac has discovered a vulnerability on the iPad that allows for a limited bypass of the device’s lockscreen. Anyone with an iPad Smart Cover can gain access to the previously-open app (or the home screen if no app was open).
By holding the power button to bring up the ‘Power Off’ screen, closing the smart cover, re-opening it, and clicking cancel, the attacker will be dropped into the screen that was open before the iPad was locked. If the attacker gets dropped into the home screen, then they’ll be able to see the installed apps, but won’t be able to open anything. If Safari or Mail (or any other app) was the open when the device was locked, then the attacker would have access to that app.
From a locked iPad 2:
1) Lock a password protected iPad 2
2) Hold down power button until iPad 2 reaches turn off slider
3) Close Smart Cover
4) Open Smart Cover
5) Click cancel on the bottom of the screen
This isn’t the first security issue Apple has experienced since rolling out iOS 5. On the brand new iPhone 4S it has been discovered you can use Siri when a device is locked. Even if a passcode is required, Siri doesn’t care and allows you to carry out functions such as sending email and text messages.
Protection Against the iPad 2 Lock Screen Bypass:
For the time being, iPad 2 users are encouraged to disable the “Smart Cover unlocking” feature found in Settings > General.
By holding the power button to bring up the ‘Power Off’ screen, closing the smart cover, re-opening it, and clicking cancel, the attacker will be dropped into the screen that was open before the iPad was locked. If the attacker gets dropped into the home screen, then they’ll be able to see the installed apps, but won’t be able to open anything. If Safari or Mail (or any other app) was the open when the device was locked, then the attacker would have access to that app.
From a locked iPad 2:
1) Lock a password protected iPad 2
2) Hold down power button until iPad 2 reaches turn off slider
3) Close Smart Cover
4) Open Smart Cover
5) Click cancel on the bottom of the screen
This isn’t the first security issue Apple has experienced since rolling out iOS 5. On the brand new iPhone 4S it has been discovered you can use Siri when a device is locked. Even if a passcode is required, Siri doesn’t care and allows you to carry out functions such as sending email and text messages.
Protection Against the iPad 2 Lock Screen Bypass:
For the time being, iPad 2 users are encouraged to disable the “Smart Cover unlocking” feature found in Settings > General.
Million ASP.Net web sites affected with mass SQL injection attack
Hackers are in the midst of a massively successful SQL injection attack targeting websites built on Microsoft's ASP.Net platform. About 180,000 pages have been affected so far, security researchers say.
Attackers have planted malicious JavaScript on ASP.Net sites that causes the browser to load an iframe with one of two remote sites: www3.strongdefenseiz.in and www2.safetosecurity.rr.nu, according to security researchers at Armorize who discovered the attack. From there, the iframe attempts to plant malware on the visitor's PC via a number of browser drive-by exploits.
A drive-by exploit will load malware without a visitor's knowledge or participation (no need to open a file or click on a link). Fortunately, the attackers are using known exploits, with patches available, so the attack can only be successful if a visitor is using an outdated, unpatched browser without the latest version of Adobe PDF or Adobe Flash or Java.
Unfortunately, Armorize says that only a few of the most popular antivirus vendors can detect the dropped malware, according to the Virustotal web site. Virtustotal is a security monitoring service offered by Hispasec Sistemas that analyzes suspicious files and URLs. At this time, it says that six antivirus packages out of the 43 it monitors can detect this latest SQL injection attack.
These are AntiVir, ByteHero, Fortinet, Jiangmin, McAfee and McAfee-GW-Edition.The attack is targeting users whose default browser language is English, French, German, Italian, Polish or Breton. One of the sites accessed via the iframe is in Russia, the other is in the United States and is hosted by HostForWeb.com, Armorize says. Some of the planted malware accesses a site hosted in the United States, too.
Users are advised to take advantage of NoScript in order to protect themselves from this, and many other Web based threats.
Beware - Gaddafi malware on Internet
Beware - Gaddafi malware on Internet
As is not unusual when big news breaks, malware authors try to take advantage of the situation.A global computer virus that hides in an email about Gaddafi's death has been detected by internet security firm Sophos. The malware was caught in its worldwide network of spam traps.
The email below was sent to a mailing list that receives information pertaining to the Uighur people. The mail appears to have been sent from Korea.
Malicious hackers have spammed out an attack posing as pictures of Gaddafi's death, tricking users into believing that they came from the AFP news agency and are being forwarded by a fellow internet user.
As unlikely as the legitimacy of these emails may seem - in this case, the latest photos being forwarded to you in an email attachment - the news is often just too interesting for people to ignore.
Internet users are advised to avoid opening the email and updating or applying their security settings.
As is not unusual when big news breaks, malware authors try to take advantage of the situation.A global computer virus that hides in an email about Gaddafi's death has been detected by internet security firm Sophos. The malware was caught in its worldwide network of spam traps.
The email below was sent to a mailing list that receives information pertaining to the Uighur people. The mail appears to have been sent from Korea.
As unlikely as the legitimacy of these emails may seem - in this case, the latest photos being forwarded to you in an email attachment - the news is often just too interesting for people to ignore.
Internet users are advised to avoid opening the email and updating or applying their security settings.
Hackers Leak Citigroup CEO’s Personal Data
Addresses, phone numbers and other personal data of Citigroup CEO Vikram Pandit have been leaked by hacker group CabinCr3w after two dozen Occupy Wall Street protesters were arrested at a Citibank location.
In retaliation for the arrest of protesters who tried to close their Citibank accounts, hackers sympathetic to the Occupy Wall Street movement have released personal information about Citigroup Chief Executive Officer Vikram Pandit.
Data, including cell and office phone numbers, an email address, two home addresses, legal and financial information and information about Pandit’s family, were all posted online by members of a hacker group known as CabinCr3w. The group affiliates itself with the loose-knit group Anonymous, which has a long history of high-profile hacks and data leaks.
Anonymous members played a key role in promoting the original Occupy Wall Street protest, which began on September 17. A month later, the Occupy movement has spread to more than 900 cities around the world, primarily through the use of Twitter and other social media and Internet properties.
“During Occupy Wall street, protesters had made way to CitiBank to withdraw their funds and close their accounts,” wrote CabinCr3w on their Tumblr blog. “They were met with strong police prescence [sic] and arrested. We as american citizens MUST have full control over our money and lively hood. When this is taken away from us, what else do we have? So the CEO of CitiBank has blindly jumped into the sights of the CabinCr3w…”
This weekend, a small group of Occupy Wall Street protesters moved their fight to a Citibank in downtown Manhattan, where they attempted to close their bank accounts as an act of protest. According to the Wall Street Journal, 24 people in the group were arrested for criminal trespassing after they refused to leave the Citibank branch.
“A large amount of protesters entered our branch at 555 La Guardia Place around 2:00 PM today,” said Citigroup in a prepared statement. “They were very disruptive and refused to leave after being repeatedly asked, causing our staff to call 911. The Police asked the branch staff to close the branch until the protesters could be removed. Only one person asked to close an account and was accommodated.”
Security Firm Finds Hackers Forums Who Offer n00b Hackers Training
In its fifth entry of its series of “Hacker Intelligence Initiative” monthly trend reports, Imperva provided a detailed analysis of the types of conversations and information being passed around in one of these portals. By monitoring conversations on these public sites, the report suggests, IT professionals can get clues on what vulnerabilities hackers are attacking, technical insight into their tools and techniques, and a sense of the type of data being bought and sold. There may also be a hint or two about the direction to look in for future attacks (hint: it’s mobile devices).
The main flaw with the report is that it chose just one site to analyze: Hack Forums, a Web bulletin board that Imperva describes as “one of the largest-known hacker forums with roughly 250,000 members.” As a public bulletin board, Hack Forums is by its nature awash mostly in those new to hacking, those eager to share and show off their skills, and a fair number of security researchers and journalists. And if you believe a report from the Guardian from June, at least a quarter of the audience is FBI informants.For the most part, the content Imperva found largely matches what you’d expect from a site that caters to beginners. More than two thirds of the content on Hacker Forum’s boards is centered around three topics that resonate with entry-level hackers: “beginner hacking” (25 percent), hacking tools and programs (22 percent) and website and forum hacking (21 percent). Even in topics that might fall outside of the beginner class, however, the the content of the site’s discussion threads is often largely of inexperienced users’ requests for information or shortcuts to bigger fish. For example, a recent thread on Facebook consisted of a post asking how to hack a Facebook accounts, followed by a long string of people telling them that it can’t be done, and a few people posting sales pitches for tools vaguely related to the request.
All of this content, the report claims, helps train armies of fresh recruits for various hacker groups, who recruit through the forum. And there are some very well-crafted tutorials on Hack Forum, including some on SQL injection attacks that should be required reading for LAMP Web developers. But there’s also a lot of demonstrations of teenage gamer asshattery,such as YouTube videos showing off denial-of-service attacks used to take down game servers.
The report also suggests that nestled in among the discussion chaff is a wealth of data on what sorts of attacks hackers are developing—though by the time they filter down to a public board like Hack Forum, they’re likely already in regular use by cyber-criminals and security researchers. While the most popular attack topics Imperva tracked on Hack Forum were fairly old school (denial of service [22 percent] and SQL injection [19 percent], with spam coming in a close third at 16 percent), there are a growing number of discussions about attacks for iPhone, Android, Nokia and BlackBerry. The iPhone is the biggest target of interest, with as many discussions about it as all the others combined.
The Imperva report’s authors admit that drilling down on a single forum is a somewhat limited way of getting a good picture of the hacker mind. “Though there are many forums that are small and solely focused on committing cybercrime,” the report states, “we don’t have access to these. The site we examined is not a hardcore crime site, but it’s not entirely softcore either. New hackers come to this site to learn and on the other hand more experienced hackers teach to gain ‘street cred’ and recognition. In the past, this forum has helped security researchers identify illicit cyber activity. Typically, once hackers have gained enough of a reputation they go to a more hardcore, by-invite-only forum.”
One of the ways that some hackers are apparently trying to build their reputation is through a social networking and game site called RankMyHack.com. The site, which was alleged to have been set up by a security researcher, awards points to hackers when they provide proof of responsibility for a site hack or defacement. Register with your e-mail address, and you can start submitting your hacks under your chosen hacker tag to push your way up the leaderboard. The alleged top hack posted on RankMyHack’s homepage is of the Huffington Post. There are also point bounties posted for taking down sites of organizations like the Ku Klux Klan, as well as any .mil, .edu or .gov site.
Study claims people losing patience with firms that endanger their data
It looks as the great British public is finally losing its patience with those businesses that it views as endangering their personal data, as a survey from LogRhythm claims to show that many people are now aware of the need for data disclosure legislation.
According to the research – which took in responses from 2,000 people – many users now have an overwhelming desire for data loss disclosure laws.Researchers found that 80% of respondents said that they now have reservations about trusting organizations to keep their data safe from hackers.
In a similar survey, conducted on LogRhythm’s behalf back in November 2010, only 63% were concerned about this issue – an increase of delta 27% Infosecurity notes.
Further comparing the two sets of research, while last year 17% of respondents were adamant they would never have anything to do with organizations that had lost data as a result of cybercrime, in 2011 this figure rose to 26%.
A further 61% of this year’s respondents, meanwhile, said they would try to avoid interacting with these organizations if at all possible. Just 13% stated their attitude toward a brand would be unaffected by a data loss incident.
Commenting on the figures, Ross Brewer, LogRhythm’s managing director, said that in a year that has seen an unprecedented number of high-profile data breaches, it is hardly surprising to see public opinion shift in this way.
“Organizations need to look at these findings and realize that unless data security is improved they will lose customers and the bottom line will be affected”, he said.
“November will see the European Commission publish the new version of its Data Protection Directive following a consultation that wrapped up in September 2011”, he added.
This legislation, says Brewer, will include recommendations regarding a mandatory data breach disclosure law covering public and private sector organizations.
As a result, he claims it will be much easier for the public to identify, and boycott, those organizations that are being irresponsible when it comes to data protection.
Delving into the research reveals that respondents appeared to show enthusiasm for legislation forcing organizations to publish information relating to incidents in which individual’s data is put at risk.
Seventy-two percent thought that all breaches should be publicized, while 11% were of the opinion that only breaches of a pre-determined size should be made public.
When asked more specifically about the process involved, 69% wanted to be notified immediately, 19% were happy for an investigation to take place before affected customers were notified.
Ten percent, meanwhile, thought that notification should be dependent on whether the information is of a sensitive nature, an individual’s bank details for example.
Brewer asserts that the high proportion of respondents in favor of universal and instant notification tells us a lot about the lack of trust that exists when it comes to organization’s ability to defend against cyber attacks.
“When asked if organizations are doing enough to secure customer data 81% did not believe this was the case and that more needed to be done”, he explained.
Curiously, researchers also found that the British public also seem to be largely unaware of the work of the Information Commissioner’s Office (ICO), as 64% of those questioned had not even heard of the ICO. Of those that knew of the ICO, however, only 33% thought it was doing a good job.
Stop Complaining About Our Web Censorship, China says
China’s long history of Internet censorship is what’s best for the public, Foreign Ministry spokeswoman Jiang Yu told reporters yesterday.
According to Reuters, which spoke with Yu in an interview published today, China believes that its “Internet management” is not only “lawful,” but is designed to “safeguard the public.”
“We are willing to work with countries and communicate with them on the development of the Internet and to work together to promote the sound development of the Internet,” Yu told Reuters and other reporters that were at the press conference. “But we do not accept using the excuse of ‘Internet freedom’ to interfere in other countries’ internal practices.” Yu’s comments were a direct response to a letter sent to China earlier this week by U.S. Ambassador to the World Trade Organization Michael Punke. According to Reuters, which obtained a copy of the letter, Punke argued that China’s Web blockade diminishes the ability for many U.S. companies to compete against China’s counterparts
14 Year Old Hacker Hired By Microsoft After Doing Phishing via Call of Duty Server
These are the kinds of things dreams are made of, a 14 year old hacker on Call of Duty was just recruited by Microsoft. You heard me right, Microsoft.
This is exactly what Sony should have done with George Hotz – given him a job as a security specialist, instead of sueing him in court and getting its PlayStation Network and other Sony websites hacked day in and out.
Microsoft is reported to be working with the 14-year-old Irish hacker who managed to stir up a little trouble with his Call of Duty: Modern Warfare 2 phishing scam alert. According to the managing director of Microsoft of Ireland, the company is helping the hacker “develop his talent for legitimate purposes.”
Congrats to that young hacker, whose name was not disclosed.While the new prospect for the Dublin kid is not meant to be an example for other hackers to follow, companies do have to realize that there are many talented people among hackers.
Gud luck
CyanogenMod 7.1 brings support for Xperias and 20 other handsets
CyanogenMod-7.1 Released!
It’s been far too long since our last official release, but I’m happy to present CyanogenMod-7.1! I apologize for the long delay, and I hope to speed up our release process in the future. We originally planned to release this last weekend at the Big Android BBQ but some issues with our automated build system held it back.
You’ll find many new featuresand support for building on 68 devices! Upgrading from any previous CM-7 release or nightly build should be smooth and no wipe should be required.
New devices since 7.0 included in today’s release are:
* HTC Desire S
* HTC Incredible S
* HTC Incredible 2
* LG Optimus 2X and T-Mobile G2x
* Motorola Backflip (Motus)
* Motorola Cliq / Cliq XT
* Motorola Defy
* Motorola Droid 2
* Motorola Droid X
* Samsung Captivate
* Samsung Fascinate
* Samsung Mesmerize
* Samsung Showcase
* Samsung Vibrant
* Samsung Galaxy S
* Samsung Galaxy S2 (multiple carriers)
* Sony Ericsson Xperia X8
* Sony Ericsson Xperia Mini
* Sony Ericsson Xperia Mini Pro
* Sony Ericsson Xperia Neo
* Sony Ericsson Xperia Play
* Sony Ericsson Xperia Ray
* Sony Ericsson Xperia Arc
* ZTE V9
There are many devices still in beta status (Pyramid, Doubleshot, Shooter, HP Touchpad, Optimus 3D, several more) that we will be promoting to release or release-candidates in the next few weeks when the code is merged to our main branch.
The preferred method of installation is via ROM Manager, but you can directly download the latest release from our mirror network. Head over to our forums to discuss the release or get help. Installation instructions and other information can be found on our wiki.
As we continue to grow and improve CM, we are starting to see support from the industry grow- something that was unheard of previously. Recently, Sony Ericsson assisted our developers by providing over 20 devices, technical assistance, and compatible hardware drivers. CM-7.1 now has support for all recent SEMC devices thanks to this effort. Various other vendors have reached out to us, but we understand that it is still somewhat of a difficult situation. We will soon be providing a porting guide and some information on how vendors can get involved with the project and how/why it will benefit them.
Thanks again for the support, and for making CyanogenMod the #1 community Android distribution. We’ll be following up with a few minor releases and soon it will be time to start work on CM9!
Nod32 Eset Website Hacked
Nod32 and Eset Thailand Websites hacked by Turkey Cyber Army . ESET NOD32 Antivirus, commonly known as NOD32, is an antivirus software package made by the Slovak company ESET. ESET NOD32 Antivirus is sold in two editions, Home Edition and Business Edition. The Business Edition packages add ESET Remote Administrator allowing for server deployment and management, mirroring of threat signature database updates and the ability to install on Microsoft Windows Server operating systems.You Can see the Defaced websites Mirror : Nod32 & Eset .
CCC accuses German Government of running spy trojan
Hacker group the Chaos Computer Club (CCC) has accused the German Government of using a Trojan to snoop on citizens’ computers.
The CCC, which calls itself the largest hacker group in Europe, made the claim after reverse engineering a “lawful interception malware program used by German police forces” that it claimed gives the authorities access to end-user computers.
“The malware can not only siphon away intimate data, but also offers a remote control or backdoor functionality for uploading and executing arbitrary other programs,” the CCC said on its English-language site, adding that the design of the snooper also left computers vulnerable to attacks from third parties. The discovery is likely to create a stir in Berlin because the level of probing, the CCC says, goes beyond what is allowed under German law on tapping, which was set up to control only VoIP calls
Siri is iPhone 4S-only today; where will it be tomorrow?
Apple is launching the iPhone 4S this week with the recently unveiled integration of Siri, a voice activated “assistant.” Siri accepts voice input and can perform a range of actions on your iPhone, including looking up information, adding calendar events, and even composing short texts and e-mails.
Siri shows a lot of promise in realizing human computer interaction using natural language. Right now, however, Apple seems to be wisely keeping the feature firmly in the “beta” stage even as it seeks to popularize talking to your cell phone to get things done. As iPhone 4S users start using Siri en masse, it’s worth considering where Apple might integrate the technology in the future. Will talking to computers and devices transcend conventional keyboard or touch input, à la Star Trek?
Right now Siri is limited to the iPhone 4S. Presumably much of the reason for that limitation is that Siri requires a lot of computing power to work. Siri co-founder Norman Winarsky told 9to5 Mac that the Siri app, originally released in early 2010, required a number of workarounds and optimizations to work well on the then-current iPhone 3GS’s 600MHz processor. Even with the significant processing boost gained from the iPhone 4S’s dual-core A5 processor, however, Apple is still calling the tech a “beta” nearly two years after its first public release.
Latest Phoenix Exploit’s Kit 2.8 mini version
Latest Phoenix Exploit’s Kit 2.8 mini version
Back in April of this year, we reported the leak of Phoenix Exploit Kit 2.5. The version currently in circulation is 2.8, and despite its lower activity for the last half of this year, it remains one of the preferred exploit packs used by cyber-criminals.
In comparison to the Black Hole Exploit Pack, the PEK has a similar licensing model. The last version released offered an “alternative” to purchasing the exploit pack. This “alternative” is the Phoenix Exploit’s Kit 2.8 mini.
The current licensing model consists of the following:
· Simple Domain (Closed) – USD $2,200.00
· Multithreaded Domain (Closed) – USD $2,700.00
· Extra-Encryption Service (ReFUDing) – USD $40.00
The mini version does not change the characteristics of the Exploit Pack, at least in regards to its graphical interface and functionality in relation to previous versions. Each section has the same type of display and statistical information, which is provided in a minimalistic yet concise manner. Although trivial, this is one of the main reasons for the adoption of Phoenix by cyber-criminals. The ability to easily locate information and merge the functionality of this Exploit Pack with a Malware Kit, such as SpyEye or ZeuS, increases their level of success and attack strategies.
The main difference between the full version and the mini version is that the mini version is subject to a domain under the simple mode, while the full version allows multitasking.
There isn’t much new about the Exploit Pack. The code has been optimized to increase the success rate of exploitation and the exploit for Java Runtime Environment to Trusted has been added.
Also removed were the following exploits pre-compiled in version 2.7:
· Windows Help and Support Center Protocol Handler Vulnerability – CVE-2010-1885
· Integer overflow in the AVM2 abcFile parser in Adobe Flash Player – CVE-2009-1869
· Integer overflow in Adobe Flash Player 9 – CVE-2007-0071
· IEPeers Remote Code Execution – CVE-2009-0806
· Internet Explorer Recursive CSS Import Vulnerability – CVE-2010-3971
Although it’s basically the same exploits (similar in all cases, including those incorporating other Exploit Packs in the wild), the author's optimized for each version. In this case, it includes the following exploits:
· Microsoft Data Access Components (MDAC) - CVE-2006-0003
· Adobe Reader Javascript Printf Buffer Overflow - CVE-2008-2992
· Adobe Reader LibTiff - CVE-2010-0188
· Adobe Reader Collab GetIcon - CVE-2009-0927
· Java SMB - CVE-2010-0746
· Java Runtime Environment Trusted - CVE-2010-0840
· Java Skyline Plug-in component in Oracle Java SE and Java for Business6 - CVE-2010-3552
· Java Deployment Toolkit Component - CVE-2010-0886
Despite the optimization of the components for each version, it is interesting that chain optimization and updating MDAC exploits remains the most prevalent, not only in this Exploit Pack but in any of the existing Exploit Packs. What is the reason? It comes down to a lack of experience by the users (application, customers around the basic procedures update) that transforms them into a potential target and highly susceptible through this old, but effective vulnerability.
Back in April of this year, we reported the leak of Phoenix Exploit Kit 2.5. The version currently in circulation is 2.8, and despite its lower activity for the last half of this year, it remains one of the preferred exploit packs used by cyber-criminals.
In comparison to the Black Hole Exploit Pack, the PEK has a similar licensing model. The last version released offered an “alternative” to purchasing the exploit pack. This “alternative” is the Phoenix Exploit’s Kit 2.8 mini.
The current licensing model consists of the following:
· Simple Domain (Closed) – USD $2,200.00
· Multithreaded Domain (Closed) – USD $2,700.00
· Extra-Encryption Service (ReFUDing) – USD $40.00
The mini version does not change the characteristics of the Exploit Pack, at least in regards to its graphical interface and functionality in relation to previous versions. Each section has the same type of display and statistical information, which is provided in a minimalistic yet concise manner. Although trivial, this is one of the main reasons for the adoption of Phoenix by cyber-criminals. The ability to easily locate information and merge the functionality of this Exploit Pack with a Malware Kit, such as SpyEye or ZeuS, increases their level of success and attack strategies.
The main difference between the full version and the mini version is that the mini version is subject to a domain under the simple mode, while the full version allows multitasking.
There isn’t much new about the Exploit Pack. The code has been optimized to increase the success rate of exploitation and the exploit for Java Runtime Environment to Trusted has been added.
Also removed were the following exploits pre-compiled in version 2.7:
· Windows Help and Support Center Protocol Handler Vulnerability – CVE-2010-1885
· Integer overflow in the AVM2 abcFile parser in Adobe Flash Player – CVE-2009-1869
· Integer overflow in Adobe Flash Player 9 – CVE-2007-0071
· IEPeers Remote Code Execution – CVE-2009-0806
· Internet Explorer Recursive CSS Import Vulnerability – CVE-2010-3971
Although it’s basically the same exploits (similar in all cases, including those incorporating other Exploit Packs in the wild), the author's optimized for each version. In this case, it includes the following exploits:
· Microsoft Data Access Components (MDAC) - CVE-2006-0003
· Adobe Reader Javascript Printf Buffer Overflow - CVE-2008-2992
· Adobe Reader LibTiff - CVE-2010-0188
· Adobe Reader Collab GetIcon - CVE-2009-0927
· Java SMB - CVE-2010-0746
· Java Runtime Environment Trusted - CVE-2010-0840
· Java Skyline Plug-in component in Oracle Java SE and Java for Business6 - CVE-2010-3552
· Java Deployment Toolkit Component - CVE-2010-0886
Despite the optimization of the components for each version, it is interesting that chain optimization and updating MDAC exploits remains the most prevalent, not only in this Exploit Pack but in any of the existing Exploit Packs. What is the reason? It comes down to a lack of experience by the users (application, customers around the basic procedures update) that transforms them into a potential target and highly susceptible through this old, but effective vulnerability.
Latest Apple iOS 5 Released - Download Now!!
Apple iOS 5 Released!!!
Apple’s iOS 5 has been released, with owners of the iPhone 4, iPhone 3GS, iPad and iPad 2, along with the third- and fourth-gen iPod touch all getting the latest version of the mobile platform as a free update. Available to download for existing devices via iTunes, iOS 5 will also be preloaded on the new iPhone 4S, Apple’s fifth-gen smartphone that goes on sale this Friday.
"On non-mobile devices, our lives are quickly shifting from native applications [i.e. coded for a specific computer or smartphone's operating system] to Web applications, but by Apple dominating the consumer smartphone market first, and executing it beautifully, they have started to set some really unhealthy precedents that the rest of the industry is copying while simply trying to keep pace,said Zeke Shore, the Co-Founder and Creative Director of design firm Type/Code.
iOS 5 also brings with it iCloud, Apple’s new synchronization and backup system that promises to deliver your music and documents across all devices, as well as replace iTunes on the desktop as the hub of the digital ecosystem. All iOS 5 users – as well as those running OS X Lion on their Macs – will get 5GB of free iCloud storage, with more available at a fee. You can access the iCloud web-based login at icloud.com.
iOS 5 is compatible with the iPhone 3GS, 4, and 4S; the third- and fourth-generation iPod touch; and any iPad. To install it, you’ll just connect your iOS device to iTunes and—if not prompted to upgrade straight away—click on the Check For Updates button.
iOS 5 For iPhone, iPad And iPod Touch Download Links:
. Download iOS 5 iPhone 4 (GSM)
. Download iOS 5 iPhone 4 (Verizon)
. Download iOS 5 iPhone 3GS
. Download iOS 5 iPad 2 WiFi
. Download iOS 5 iPad 2 GSM
. Download iOS 5 iPad 2 CDMA
. Download iOS 5 iPad
. Download iOS 5 iPod touch 3G
. Download iOS 5 iPod touch 4G
Apple’s iOS 5 has been released, with owners of the iPhone 4, iPhone 3GS, iPad and iPad 2, along with the third- and fourth-gen iPod touch all getting the latest version of the mobile platform as a free update. Available to download for existing devices via iTunes, iOS 5 will also be preloaded on the new iPhone 4S, Apple’s fifth-gen smartphone that goes on sale this Friday.
"On non-mobile devices, our lives are quickly shifting from native applications [i.e. coded for a specific computer or smartphone's operating system] to Web applications, but by Apple dominating the consumer smartphone market first, and executing it beautifully, they have started to set some really unhealthy precedents that the rest of the industry is copying while simply trying to keep pace,said Zeke Shore, the Co-Founder and Creative Director of design firm Type/Code.
iOS 5 also brings with it iCloud, Apple’s new synchronization and backup system that promises to deliver your music and documents across all devices, as well as replace iTunes on the desktop as the hub of the digital ecosystem. All iOS 5 users – as well as those running OS X Lion on their Macs – will get 5GB of free iCloud storage, with more available at a fee. You can access the iCloud web-based login at icloud.com.
iOS 5 is compatible with the iPhone 3GS, 4, and 4S; the third- and fourth-generation iPod touch; and any iPad. To install it, you’ll just connect your iOS device to iTunes and—if not prompted to upgrade straight away—click on the Check For Updates button.
iOS 5 For iPhone, iPad And iPod Touch Download Links:
. Download iOS 5 iPhone 4 (GSM)
. Download iOS 5 iPhone 4 (Verizon)
. Download iOS 5 iPhone 3GS
. Download iOS 5 iPad 2 WiFi
. Download iOS 5 iPad 2 GSM
. Download iOS 5 iPad 2 CDMA
. Download iOS 5 iPad
. Download iOS 5 iPod touch 3G
. Download iOS 5 iPod touch 4G
