Maharashtra Highway Police website hacked

Not only International Law Enforcement and Police Under Hacker's attack, Even our Local Police websites and Database also become of Victim of breaches mostly once a day. A hacker With name "powerin10" take responsibility to hack Maharashtra Highway Police website. A mirror of this hack is available here.  Hacker is member of Bangladesh Cyber Army.

Hackers destroyed a pump used by a US water utility

Hackers destroyed a pump used by a US water utility after gaining unauthorized access to the industrial control system it used to operate its machinery. Five computer screenshots posted early Friday purport to show the user interface used to monitor and control equipment at the Water and Sewer Department for the City of South Houston, Texas.

''This is arguably the first case where we have had a hack of critical infrastructure from outside the United States that caused damage,'' a managing partner at Applied Control Solutions, Joseph Weiss, said.

The network breach was exposed after cyber intruders burned out a pump. ''No one realised the hackers were in there until they started turning on and off the pump,'' he said.

It said hackers apparently broke into a software company's database and retrieved usernames and passwords of various control systems that run water plant computer equipment.Using that data, they were able to hack into the Illinois plant.

The U.S. Department of Homeland Security and the Federal Bureau of Investigation are examining the matter, said DHS spokesman Peter Boogaard.

"At this time there is no credible corroborated data that indicates a risk to critical infrastructure entities or a threat to public safety," he said, declining to elaborate further. An FBI spokesman in Illinois did not return phone calls seeking comment.

US military's offensive operations in cyberspace to shoot Hackers

The US military is now legally in the clear to launch offensive operations in cyberspace, the commander of the US Strategic Command has said. The Pentagon has just sent a report to Congress where it says that it has the right to retaliate with military force against a cyber attack.


Air Force General Robert Kehler said in the latest sign of quickening U.S. military preparations for possible cyber warfare that "I do not believe that we need new explicit authorities to conduct offensive operations of any kind".

US Strategic Command is in charge of a number of areas for the US military, including space operations (like military satellites), cyberspace concerns, 'strategic deterrence' and combating WMDs.


"When warranted, we will respond to hostile acts in cyberspace as we would to any other threat to our country," the DoD said in the report. "All states possess an inherent right to self-defense, and we reserve the right to use all necessary means – diplomatic, informational, military, and economic – to defend our nation, our allies, our partners, and our interests."


This means that if anyone carries out a decent attack on the Pentagon website, the Navy Seals will land on his roof, run through his house shooting anything that moves and bury the body at sea. US security agencies are also training a crack team of highly skilled cyber forensics experts and are working with international partners to share information about cyber threats, including malicious code and the people behind it, it said.

Patches Released for BIND Denial-of-service Vulnerability

There's a new vulnerability in the popular BIND name server software that is causing various versions of the application to crash unexpectedly after logging a certain kind of error. The Internet Systems Consortium (ISC), an organization that maintains several software products critical for Internet infrastructure, has released a patch for an actively exploited denial-of-service vulnerability in the widely used BIND DNS server.


The internet Systems Consortium (ISC) have described the problem as follows:
An as-yet unidentified network event caused BIND 9 resolvers to cache an invalid record, subsequent queries for which could crash the resolvers with an assertion failure...
Affected servers crashed after logging an error in query.c with the following message: "INSIST(! dns_rdataset_isassociated(sigrdataset))
More details are available in their advisory.


As of this posting, ISC had not revealed the underlying problem, but said the patches would prevent the servers from crashing. The flaw affects BIND 9.4-ESV, 9.6-ESV, 9.7.x, and 9.8.x. The patch basically ensures that the cache doesn't return the anomalous data and prevents the server from crashing. ISC officials had not responded to media inquiries as of this posting, and it was unclear whether the flaw was just wreaking mayhem on the servers, or if an actual exploit was causing it.


Security intelligence firm Rapid7 said the first attack was discovered at The National Weather Service, with the following 89 discoveries of the attack on US universities."Bind 9 is the most widely used DNS server on the internet today… Gone unchecked, this attack could potentially affect nearly the entire internet," said Matt Barrett, senior solutions architect at Rapid7. A temporary patch has already been released.

Worlds first windows 8 Bootkit to be released at MalCon

It is amazing how fast security measures are bypassed by hackers. it seems Windows 8 is now Malconed! Peter Kleissner has created the world's first Windows 8 Bootkit which is planned to be released in India at the International Malware Conference MalCon.

An independent programmer and security analyst, peter was working for an anti-virus company from 2008 to 2009 and was speaker at the Black Hat and Hacking at Random technical security conferences. While his main operating fields are Windows security and analysis of new malware, his recent Important projects include the development of the Stoned Bootkit, a research project to subvert the Windows security model.

A bootkit is built upon the following broad parts:
Infector
Bootkit
Drivers
Plugins (the payload)
And as put by peter, those parts are easy to split up in a criminal organization: Teams A-D are writing on the different parts. If you are doing it right, Team D (the payload writers) need no internal knowledge of the bootkit! Peter's research website: http://www.stoned-vienna.com/

As per the MalCon website, peter's travel is still not confirmed citing VISA issues, however, there are chances that the presentation may be done over the video or a speaker may step in on behalf of peter and release it at MalCon.

Stuxnet 3.0 to be possibility released at MalCon?

Malware coders and security researchers are increasingly looking at MalCon malware convention to show-off their latest creations and research. We were pretty shocked to see in a twitter update today from MalCon, that one of the research paper submissions shortlisted is on possible features of Stuxnet 3.0.


While this may just be a discussion and not a release, it is interesting to note that the speaker Nima Bagheri presenting the paper is from IRAN.


For refreshing your memory, Stuxnet is a computer worm discovered in June 2010. It targets Siemens industrial software and equipment running Microsoft Windows.While it is not the first time that hackers have targeted industrial systems,it is the first discovered malware that spies on and subverts industrial systems, and the first to include a programmable logic controller (PLC) rootkit.


What is alarming is the recent discovery (On 1 September 2011) of a new worm - thought to be related to Stuxnet. The Laboratory of Cryptography and System Security (CrySyS) of the Budapest University of Technology and Economics analyzed the malware, naming the threat Duqu. Symantec, based on this report, continued the analysis of the threat, calling it "nearly identical to Stuxnet, but with a completely different purpose", and published a detailed technical paper.The main component used in Duqu is designed to capture information such as keystrokes and system information. The exfiltrated data may be used to enable a future Stuxnet-like attack.


The research paper abstract discusses rootkit features and the malware authors may likely show demonstration at MalCon with new research releated to hiding rootkits and advanced stuxnet like malwares.


Released or not, MalCon certainly leaves plently of room for imagination of the future with computing - and hope we don't get to live the Die Hard 4.0 someday.

FreeFloat FTP Server - Buffer Overflow Vulnerability

Ashfaq Ansari Reported FreeFloat FTP Server - Buffer Overflow Vulnerability. In computer security and programming, a buffer overflow, or buffer overrun, is an anomaly where a program, whilewriting data to a buffer, overruns the buffer's boundary and overwrites adjacent memory. This is a special case ofviolation of memory safety.Buffer overflows can be triggered by inputs that are designed to execute code, or alter the way the program operates.This may result in erratic program behavior, including memory access errors, incorrect results, a crash, or a breach ofsystem security.

This Exploit helps to gain remote access on FreeFloat FTP using FEAT command. Download Proof of Concept from Here and Exploit is Available here.

UCLA psychology department database hacked by Inj3ctor

Inj3ctor team of Hackers take responsibility for the release of information from the psychology department’s database which included the names, home addresses and dates of birth of 26 applicants to the university. The attacker also published some information that helped him access the database. He highlighted the open ports and the versions of the services he relied on to hack the site.

This is not the first time that the department database has been dumped on Pastebin. In July 2011, another hacker posted psychology department faculty’s phone number, first and last name, e-mail address, street address, and UCLA ID number. Webmasters from UCLA IT are still investigating the hacking, but Bollens said it is likely the result of a SQL injection, which makes programs give more information than intended for release.

The psychology department’s outdated database may have made it more susceptible to the SQL injection, where the hacker puts in a code that the program doesn’t recognize. That can cause the program to give up information that the programmer did not intend to release. SQL injections are responsible for more than 90 percent of hacks.

Sky News Twitter account Hacked

Hackers yesterday accessed the Twitter account for Sky News business desk and posted a tweet claiming that James Murdoch had been arrested by London police. It has also lately been used by hacker groups to simply raise their profile and make the public aware of their existence.

Soon re-twitted by many followers, the fake news created quite a stir.The false tweet was erased within minutes, but not before other Twitter users had shared it across the network. Sky News is likely to find out soon whether the hack was executed by an insider - possibly as a joke - or by hackers.

Uniscan 5.2 is released - vulnerability scanner

Uniscan is a open source vulnerability scanner for Web applications. Uniscan 2.0 is a perl vulnerability scanner for RFI, LFI, RCE, XSS and SQL-injection. 
features:
Identification of system pages through a Web Crawler.
Use of threads in the crawler.
Control the maximum number of requests the crawler.
Control of variation of system pages identified by Web Crawler.
Control of file extensions that are ignored.
Test of pages found via the GET method.
Test the forms found via the POST method.
Support for SSL requests (HTTPS).
Proxy support.
Generate site list using Google.
Generate site list using Bing.
Plug-in support for Crawler.
Plug-in support for dynamic tests.
Plug-in support for static tests.
Plug-in support for stress tests.


DOWNLOAD UNISCAN 5.2


Tutorials to create your plug-ins:


http://www.uniscan.com.br/tutorial1.php


http://www.uniscan.com.br/tutorial2.php


http://www.uniscan.com.br/tutorial3.php

Duqu computer virus Detected by Iran civil defense organization

The virus is called W32.Duqu, or just Duqu create fear after the opening Pandora’s Box of Stuxnet. The head of Iran's civil defense organization told the official IRNA news agency that computers at all main sites at risk were being checked and that Iran had developed software to combat the virus.

First, Duqu is not deigned to harm industrial automation. The software basically attacks windows systems. Instead of sabotaging industrial control, Duqu has been general remote access capabilities. Duqu has a key logger and can save passwords etc.. The malware uses HTTP and HTTPS to communicate to a command and control (C&C) server at 206.183.111.97, which is hosted in India, the IP is inactive as of October 18th. Duqu infiltrates systems directly it is not a worm like Stuxnet and needs to be placed directly, e.g. through infected mails.Duqu also the certificate of C-Media Electronics Incorporation, a Taiwanese audio chip producer.

"We are in the initial phase of fighting the Duqu virus," Gholamreza Jalali, was quoted as saying. "The final report which says which organizations the virus has spread to and what its impacts are has not been completed yet. All the organizations and centers that could be susceptible to being contaminated are being controlled," he said.

So far Duqu was found on less than 10 computers from European companies, which are developing industrial control software, according to a Symantec-Analyst. The software is programmed to remove itself automatically after 36 days. The complete set up: Invades target (not wormlike), spies out passwords, and removes itself – hopefully without being detected – seems like Duqu actually prepares an attack. This is also assumed by F-secure, “it’s possible we'll eventually see a new attack targeting PLC systems, based on the information gathered by Duqu.

PwnieExpress : Pentesting suite for the Nokia N900

PwnieExpress providing one of the best Pentesting suite for the Nokia N900 .It  Includes Aircrack, Metasploit, Kismet, GrimWEPa, SET, Fasttrack, Ettercap, nmap, and more, Custom pentesting screen with shortcuts to macchanger, injection on/off, etc. Built-in wireless card supports packet injection, monitor mode, and promiscuous mode also available :

Try It

Android facial recognition based unlocking can be fooled with photo

Another Android Feature Exploited, Funny that Android facial recognition based unlocking can be fooled with photo . Check out the video below, courtesy of Malaysia’s SoyaCincau :

He said "While some of you think that it is a trick and I had set the Galaxy Nexus up to recognise the picture, I assure you that the device was set up to recognise my face. I have a few people there watching me do the video and if any one of them is watching this video I hope you can confirm that this test is 100% legit.".

Operation Brotherhood Shutdown by Anonymous Hackers

Anonymous Hackers take down the The Muslim Brotherhood​ websites. The hacking group had made an announcement Tuesday in which they threatened to launch “Operation Brotherhood Takedown,” on all Brotherhood sites at 8pm on Friday, 11 November.

According to a video released by them on youtube as shown above. They claim to taken down following sites:
As of 2:24 PM EST, ikhwanonline.com IS DOWN.
As of 2:26 PM EST, ikhwanweb.com IS DOWN.

The Brotherhood claimed in a statement released on Saturday morning that the attacks were coming from Germany, France, Slovakia and San Francisco in the US, with 2000-6000 hits per second. The hackers later escalated their attack on the site to 380 thousand hits per second.Under the overload, four of the group’s websites were forced down temporarily.Anonymous is made up of a group of unidentified hackers who have previously attacked Israeli, Russian and NATO sites.

"...Therefore, Anonymous has decided to destroy the Muslim Brotherhood. We shall proceed to dismantle any form of its organization from the internet. Nothing will stop us. We will show no mercy."

Complete Press Release:
Citizens of the World,
We are Anonymous.

Ever since its revolution that shook the world, Egypt has had its fate undecided. Predators who seek to control are waiting to strike at the right moment. They are waiting to take over the country and make it so that another revolution is impossible. We cannot allow this.

The Muslim Brotherhood has become a threat to the revolution Egyptians had fought for, some with their lives. They seek to destroy the sovereignty of the people of Egypt as well as other nations including the United States.

The Muslim Brotherhood started as a benevolent group of people with fair and just intentions. However, as decades went by, corruption seized its mission of good and turned it into a power-hungry organization bent on taking over soverign arab states in its quest to seize power from them. They say this is necessary in order to unify the muslim nations into one islamic state, which is a lie.

We will not allow this to happen. 

Their tactics are very similar to tactics used by the Church of Scientology​ and ideas implemented in Freemasonry. A person may join only when presented in front of the Grand Master, or the Murshid, and is ordered to adhere to a solemn vow, to follow all orders of the Murshid, without hesitation. They claim to be anti-freemasonry, however they follow distinct principles taken from it. If you were to leave the Brotherhood or present any threat to it, they would take it to offense and begin to intimidate you and put your life as well as your loved ones in danger. This has been experienced by many former followers of the Brotherhood, including citizens in the United States and Great Britain who realized they made a terrible mistake. The Muslim Brotherhood is a threat that must be dealt with. 

To those listening now, this is not a threat towards the religion of Islam. The Muslim Brotherhood, as well as terrorist organizations affiliating with the religion, defiled and destroyed the very essence of what the religion preaches. Therefore, the Muslim Brotherhood does not represent the true ideas of Islam. In our collective, many of us are Muslim, yet we fight against the corruption in society and the injustice that comes with it. 

Infused with its blatant, corrupt ways, the Brotherhood is now a threat to the people.

Therefore, Anonymous has decided to destroy the Muslim Brotherhood. We shall proceed to dismantle any form of its organization from the internet. Nothing will stop us. We will show no mercy. 

Operation Brotherhood Takedown, engaged.

We are Anonymous.
We are Legion.
We do not Forgive.
We do not Forget.
Expect Us.

#Anonymous : Now is the Time to evolve or Die

 

Anonymous was formed and birthed on the internet message board 4chan in 2003. The moniker Anonymous was derived as homage to 4chan. At the time, if someone posted to 4chan’s forums and no name was given then the post was credited to "Anonymous". Seizing onto the premise or the idea that actions can be taken anonymously by the lesser or powerless “Anonymous” moved beyond 4Chan and morphed into sometime larger and more potent. The original premise of “Anonymous” appeared to be a limited but noble idea; attempting to keep the internet open and free because governments and corporations were earnestly trying and demanding limits and restrictions to the freedom of expression on the internet.

To date “Anonymous” has remained a banner that many channers, as well as hacktivists and IRC users, post under and are loosely grouped together. Allied under the umbrella of “Anonymous” with no real command structure in the group, “Anonymous” remains an ever fluctuating mass of unknown identities that have often fancied themselves as cyber-avengers unfocused and more often than not unable to remain of the same consciousness even on an hourly basis.

History must be remembered and never forgotten, for the factual words of Italian fascist Benito Mussolini was stated correctly; “Fascism is Corporatism”.

As the gap in wages world wide become increasingly more disparaging a significantly increasing numbers of world citizens are being harmed and maltreated by the unquenchable greed and corruption of the evolving corporate state. As the wealth of the world has rapidly been consolidated into the hands of a small minority, governments are being bought and paid for and rapidly, one by one, turned over lock stock and barrel to faceless Corporations. These greed drive soulless concerns have not hesitated to use their power as an instrument of war as a means of increasing their power and profits. Sadly, as expected along with this ever grown trend it has become a fact that human rights violations are becoming even more extreme and cruel.

Since it is evident that the monstrous Corporations committing these unspeakable crimes are almost never held accountable, it is time that the young and the computer literate around the world educate themselves and become consciously aware which greedy Corporations are committing the horrendous crimes that effects the very survival of this planet and every living being on it. Because information is power, inform yourselves. Now is the time to educate yourselves and make your lists of these offenders!

By becoming more educated and informed on the global threat posed by corporations, is it possible that this idea, this premise of “Anonymous” could be channeled into the kind of tool needed to awaken global consciousness to the treachery of the global power structure. Could the true center of “Anonymous” that idea that “Anonymous” wishes to represent the truth to the world morph once more beyond its present form and limitations or will the nebulous vision behind the premise of “Anonymous” remain content to use their collective abilities for either good or bad simply content on a myopic and undisciplined path, depending on the inclination of the mob?

It is time to get off that fluffy cloud of illusion, get educated and get informed beyond such a small focus. Investigate the bigger picture, know your own power; inform others of the immediate threat of corporations and the growing take over of world governments, the biggest and baddest being taken over by fascism today is the United States of America. Internet freedom is the least of your worries now. Call it what you will, this is what Benito Mussolini correctly labeled Fascism my brothers. If you don't like it, you can oppose it. But if you ignore it and deny it; then you will remain a sitting target. “Now is the time to evolve or die”

Bangladesh Supreme Court website hacked

The official website of the Supreme Court was hacked yesterday.Information technology experts of the court, however, recovered it around 8:00pm. According to the message posted on the site, the hackers identified themselves as "Bangladeshi UnderGround Hacker 3xp1r3 Cyber Army".They, however, claimed that all the data is safe and not being tampered with or deleted."Some other hackers are trying to hack Bangladeshi sites!! And delete all the data !! (sic)," they warn.

Head of IT department of the apex court Quddus Zaman confirmed the restoration of the site, www.supremecourt.gov.bd. Earlier, Supreme Court registrar A K M Shamsul Islam told , "A person from Singapore called me up in the morning and said the website of the Supreme Court has been hacked. Several others also phoned me later and complained about it."

Burp Suite Pro v1.4.03 released - CSRF generator, SSL strip Added

There is a new CSRF generator, which produces proof-of-concept HTML for generating virtually any HTTP request. You can access this feature by right-clicking any item within Burp, and using the engagement tools context menu to select "generate CSRF PoC".
Some useful features are:

• Support for all form encoding types: standard URL encoding, multipart encoding, and plain text encoding.
• Auto-detection of the optimal encoding type, with manual override.
• Ability to edit both the request and response in-place, to fine tune attacks.
• In-browser testing, by pasting a URL into your browser that will cause Burp Proxy to serve up the CSRF PoC in its response.

Download/Buy from here

Possible Credit Card Theft in Steam Website Hacking

Valve CEO Gabe Newell has contacted all users of the Steam game distribution platform to let them know that the company has suffered a security breach. Right before going offline, users saw a new category in the forum that directed them to open a site named "Fkn0wned." Many users also complained that their email ids related to Steam accounts were "spammed with ads for the web site.

Valve recommends all users to keep closely watched the activity of their credit cards because the hackers had access to that information during the attack. Forums Steam are closed for the moment, but the program itself is running.

" We have no evidence that the numbers encrypted credit card or personal identifying information was taken by intruders, or the protection of card numbers or passwords have been cracked . We are still investigating , "Newell wrote. " At the moment we have no evidence of misuse of credit cards but we recommend that you carefully monitor the activity of their credit cards . "

The data base was attacked, " contains information including user names, passwords , shopping, e-mail, billing address and information encrypted credit card , "he added. The Steam forums are not working as Valve conducting the investigation and recovers from the attack. When forums are back will require that all users change their passwords as well as it is advised that users who used the same password for forums on other sites also change.

" We do not know of any account of Steam that has been affected, so we are not forced to change the passwords of the accounts of Steam who are separated from the passwords on the forum, but no change would be a bad idea anyway, especially if they are the same as the forum. I am very sorry that this happened, and I apologize for the inconvenience , "he concluded Newell.

myOpenID XSS : One of the Largest OpenID provider is Vulnerable

One of the One of the Largest Independent OpenID provider "myOpenID" is Vulnerable to Cross Site Scripting (XSS) ,Discovered by "SeeMe" - Member of Inj3ct0r Team. Cross Site Scripting (or XSS) is one of the most common application-layer web attacks.


What Hacker can do - "The attackers can steal the session ID of a valid user using XSS. The session ID is very valuable because it is the secret token that the user presents after login as proof of identity until logout. If the session ID is stored in a cookie, the attackers can write a script which will run on the user's browser, query the value in the cookie and send it to the attackers. The attackers can then use the valid session ID to browse the site without logging in. The script could also collect other information from the page, including the entire contents of the page".

Proof Of Concept - Click Here

CrySyS Duqu Detector Open source Toolkit Released

Researchers at the Laboratory of Cryptography and System Security (CrySyS) in Hungary confirmed the existence of the zero-day vulnerability in the Windows kernel, according to security researchers tracking the Stuxnet-like cyber-surveillance Trojan.

The Laboratory of Cryptography and System Security (CrySyS) has released an open-source toolkit that can find traces of Duqu infections on computer networks.The open-source toolkit, from the Laboratory of Cryptography and System Security (CrySyS), contains signature- and heuristics-based methods that can find traces of Duqu infections where components of the malware are already removed from the system.

They make a release that "The toolkit contains signature and heuristics based methods and it is able to find traces of infections where components of the malware are already removed from the system.The intention behind the tools is to find different types of anomalies (e.g., suspicious files) and known indicators of the presence of Duqu on the analyzed computer. As other anomaly detection tools, it is possible that it generates false positives. Therefore, professional personnel is needed to elaborate the resulting log files of the tool and decide about further steps."

This toolkit contains very simple, easy-to-analyze program source code, thus it may also be used in special environments, e.g. in critical infrastructures, after inspection of the source code (to check that there is no backdoor or malicious code inside) and recompiling.
You can download it from Here