english-inmind.com Hacked by aK47 and D4RK CRYST4L

Website english.inmind.com is hacked by Indian Hackers :- aK47 and D4RK

On Page SEO Optimization Techniques for Blogs/Beginners/Blogger

On Page SEO optimization is a technique to bring your site on to the top pages of search engines so If you want to do SEO for blogs then you can't be ignore on page seo optimization.

What is Denial of Service (DoS) Attacks

Denial Of Service (DoS) Attacks :- A denial of service (DoS) attack is an attack that clogs up so much memory on the target system that it can not serve it’s users, or it causes the target system to crash, reboot, or otherwise deny services to legitimate users.

26 Books on Hacking by Ankit Fadia: Free Downloads

Download various books on Hacking by Ankit Fadia for free Collection

Monday, November 7

Israeli Government and Security Services Websites attacked by 'Anonymous Hackers'



Several Israeli government websites crashed on Sunday in what appeared to be a cyber-attack by Anonymous hackers. The websites of the IDF, Mossad and the Shin Bet security services were among the sites that went down, as well as several government portals and ministries.The Israeli army and intelligence agencies' websites were offline.
In a video that was uploaded to YouTube, Anonymous warns that if the siege on Gaza is maintained, it will have no choice but to go on the attack.. "Your actions are illegal, against democracy, human rights, international, and maritime laws," the statement addressed to the government of Israel and posted on Youtube and Anonymous-affiliated sites said. "Justifying war, murder, illegal interception, and pirate-like activities under an illegal cover of defense will not go unnoticed by us or the people of the world."





"If you continue blocking humanitarian vessels to Gaza or repeat the dreadful actions of May 31st, 2010 against any Gaza Freedom Flotillas then you will leave us no choice but to strike back. Again and again, until you stop," the statement said.

Anonymous said that if the siege continues and Israeli forces intercept additional flotillas, or if they conduct additional operations such as the commandeering of the Mavi Marmara, it will have no alternative but to launch repeated cyber-attacks on Israeli computer systems until the siege ends.

Saturday, October 1

english-inmind.com Hacked by aK47 & D4RK CRYST4L







 
Website english.inmind.com is hacked by Indian Hackers :- aK47  & D4RK CRYST4L
So here is the Deface Page !

Monday, September 26

Official websites of 7 major Syrian city hacked by Anonymous



Official websites of 7 major Syrian city hacked by Anonymous hackers as part of hacktivists Anonymous' Operation Syria (  #OpSyria ). Anonymous has replaced the home pages of official Syrian websites with an interactive map of Syria, showing the names, ages and date of deaths of victims of the Syrian regime since the protests started in March. They call it Martyrs of Freedom (March - October 2011). The figure 2,316 commemorates the number of Syrians killed by the Syrian regime since anti-Assad protests started in Syria in March. The victims' names, ages and dates of death appear as you hover over the map of Syria.Hacked sites:
http://tartous-city.gov.sy/
http://deirezzor-city.gov.sy/
http://palmyra-city.gov.sy/
http://homs-city.gov.sy/
http://aleppo-city.gov.sy/
http://latakia-city.gov.sy/
http://old-damascus.gov.sy/

Facebook Track your Cookies Even After LogOUT





According to Australian technologist Nik Cubrilovic: 'Logging out of Facebook is not enough.' He added, Even after you are logged out, Facebook is able to track your browser's page every time you visit a website. He wrote in his blog 'With my browser logged out of Facebook, whenever I visit any page with a Facebook like button, or share button, or any other widget, the information, including my account ID, is still being sent to Facebook.'

After explaining the cookies behavior he also suggested a way to fix the tracking problem: 'The only solution to Facebook not knowing who you are is to delete all Facebook cookies.'

Sunday, September 18

26 Books on Hacking by Ankit Fadia: Free Downloads


http://4.bp.blogspot.com/_Kas9x_WV7UU/TSYL-YnLy5I/AAAAAAAAADc/6ZCxoOt664o/s1600/Hacking20Ebook20Collection.jpg
Download various books on Hacking by Ankit Fadia for free
Collection | 26Books | DOC PDF | 8MB

Author: Ankit Fadia
Ankit Fadia is a certified ethical hacker from India. He has written a number of books on hacking and security.
Download link::
http://www.filesonic.com/file/534316741/ankit_fadia_books.rar

By tech Panels

What is Denial of Service (DoS) Attacks


Denial Of Service (DoS) Attacks :-
A denial of service (DoS) attack is an attack that clogs up so much memory on the target system that it can not serve it’s users, or it causes the target system to crash, reboot, or otherwise deny services to legitimate users.There are several different kinds of dos attacks as
discussed below:-
1) Ping Of Death :- The ping of death attack sends oversized ICMP datagrams (encapsulated in IP packets) to the victim.The Ping command makes use of the ICMP echo request and echo reply messages and it’s commonly used to determine whether the remote host is alive. In a ping of death attack, however, ping causes the remote system to hang, reboot or crash. To do so the attacker uses, the ping command in conjuction with -l argument (used to specify the size of the packet sent) to ping the target system that exceeds the maximum bytes allowed by TCP/IP (65,536).
example:- c:/>ping -l 65540 hostname
Fortunately, nearly all operating systems these days are not vulnerable to the ping of death attack.
2) Teardrop Attack :- Whenever data is sent over the internet, it is broken into fragments at the source system and reassembled at the destination system. For example you need to send 3,000 bytes of data from one system to another. Rather than sending the entire chunk in asingle packet, the data is broken down into smaller packets as given below:
* packet 1 will carry bytes 1-1000.
* packet 2 will carry bytes 1001-2000.
* packet 3 will carry bytes 2001-3000.
In teardrop attack, however, the data packets sent to the target computer contais bytes that overlaps with each other.
(bytes 1-1500) (bytes 1001-2000) (bytes 1500-2500)
When the target system receives such a series of packets, it can not reassemble the data and therefore will crash, hang, or reboot.
Old Linux systems, Windows NT/95 are vulnerable.
3) SYN – Flood Attack :- In SYN flooding attack, several SYN packets are sent to the target host, all with an invalid source IP address. When the target system receives these SYN packets, it tries to respond to each one with a SYN/ACK packet but as all the source IP addresses are invalid the target system goes into wait state for ACK message to receive from source. Eventually, due to large number of connection requests, the target systems’ memory is consumed. In order to actually affect the target system, a large number of SYN packets with invalid IP addresses must be sent.
4) Land Attack :- A land attack is similar to SYN attack, the only difference being that instead of including an invalid IP address, the SYN packet include the IP address of the target sysetm itself. As a result an infinite loop is created within the target system, which ultimately hangs and crashes.Windows NT before Service Pack 4 are vulnerable to this attack.

5) Smurf Attack :-
There are 3 players in the smurf attack–the attacker,the intermediary (which can also be a victim) and the victim. In most scenarios the attacker spoofs the IP source address as the IP of the intended victim to the intermediary network broadcast address. Every host on the intermediary network replies, flooding the victim and the intermediary network with network traffic.
Result:- Performance may be degraded such that the victim, the victim and intermediary networks become congested and unusable, i.e. clogging the network and preventing legitimate users from obtaining network services.

6) UDP – Flood Attack :- Two UDP services: echo (which echos back any character received) and chargen (which generates character) were used in the past for network testing and are enabled by default on most systems. These services can be used to launch a DOS by connecting the chargen to echo ports on the same or another machine and generating large amounts of network traffic.

by tech PANELS

On Page SEO Optimization Techniques for Blogs/Beginners/Blogger

On Page SEO optimization is a technique to bring your site on to the top pages of search engines so If you want to do SEO for blogs then you can't be ignore on page seo optimization. What is on page optimization for blogs? Basically on page seo optimization are the techniques of which you have to do by your self for your blogs such as creating content, domain name, research keywords, meta tags, page headings, keyword density, internal linking.. I will discuss these in the following post. Since on page seo optimization is totally depend upon you so at least you can do your work in the right manner to giving a reputation to your blog. Before reading it I would suggest to you that firstly read SEO for blogs/beginners for how to completely done seo for blogs. This post is about on page optimization which is the one step for seo for begginers. So lets start the points for your on page optimization.





How to Optimize Blogs by On Page Optimization Techniques


  1. Research Keywords :

    Keyword research is the first step to starting the long term blogging career and also to start the On page Optimization because if you don't know about your niche keywords then you never generate traffic to your blogs as your niche should be deserve without researching your keywords and also If you are in the planning to monetize your blogs with some advertising companies such as Google Adsense then you must be research high targeted keywords for generate decent amount. The idea is simple because if you don't know the keywords that people searches mostly related to your niche then how search engine let you bring to the top position if you don't have any optimized page for that corresponding keyword.
    There are many software to researching the keywords of which mostly used by users such as Word Tracker which is a firefox plugin and you can use it in the browser while you are writing your post just enter your keywords then it will give you the suggestion of your related keywords which are mostly searches by the users.
    Mostly I am using google own keyword Tool just type your keyword phrases or keyword and search you will get lot of suggestion you can sort it by globally searches or locally search and noted down your keywords to any safe area.
  2. Domain Name :

    If you want to be stay in blogging for long term then I would suggest you that purchase your own domain name because if you used any free domain such as yourblogname.blogspot.com and after some months you want to be purchase your own domain name then you know how hard to increase your audience and by changing the domain name then you have to start working from the starting. I highly recommended that include your main keywords in your domain name because search engines gives priority to sites who have keyword also in domain name. If possible then register your domain name for a long term. The longer the registration the most trusted by search engines because many spam sites have short registration and longer the registration will indicate to search engines that you are building your site for long period.
  3. Blog Title & Post Title :

    Blog title is main factor for on page seo optimization. You can find it by going to your source code your blog title will be between <title> Your Blog Title </title>. So for creating your home page blog title make sure to include your main keywords in your blog title and don't make it longer or your blog title should be upto 70 words including spaces and not more than 70 words if you do that then your blog title will going to be overloaded and your blog title looks very spoil in search engine pages and your CTR will automatically decreases.This is also applied for post titles and also here not include more than 70 words in post title. Try to include your main keywords in the beginning of your titles because search engines gives priority from left to right. Don't use same title for different pages.
    If you blog is hosted on google blogger platform then by default your post tile not be search engine optimized because you will see your post title as "BLOG TITLE : POST TITLE" so you can see your blog home page title will be on the left side and your main page on which you created content for your targeted keywords is in right side and search engine will gives priority to your blog title not on post title so bring your post title on left side and remove your blog title on post pages because of 70 words criteria so that you can include your some keywords on post title too.
  4. Meta Tags :

    In On page seo optimization some webmasters says that search engines has been changed the algorithm and they did not use meta tags for search queries and it is also true if you don't have any meta description of your blog then google will generate automatically a description and shows it in the search result page. Basically how google find the description automatically the idea is simple if user search the query and then google finds a piece of 160 words from your posts which contains mostly the queries related term. So my question is that why you want to give extra work to google for finding the description the idea is simple create a good description which contains your keywords and if your selected description has best 160 words from your entire post.then google will show it. You can see meta tags as description and keywords as in your source code if you have,
    <META NAME="description" content="Your Description Here">
    <META NAME="Keywords" content="Your Keywords Here">
    meta keywords is not important for seo in these days because many users can stuffed with keywords so it is now not considered by major search engines and if you do that then no negative effect so add it properly because doing something is better than nothing.
    Make sure your meta tags must be unique for every pages of your blog. Never use the same meta tags for your pages it could be negative effect in seo for your blog. If your blog is hosted on blogger then read this post Add different meta tags for post, static, archive, home pages of blogger
  5. Page Headings H1, H2, H3.. H6 :

    Headings have major roles in on page seo optimization. you can see your headings in your source code it look like <h1> .. </h1>. Like a book if you read a book then first look at the name of the book as blog title have and then go to inside the book and you would like to see some headings before reading the book. This is also true for search engines. search engines look at your headings and H1 heading tag is more powerful in SEO than H2 heading tag and and similarly, H1 < H2 < H3 < H4 < H5 < H6
    Since H1 heading tag is most powerful among all heading tags so it doesn't means that you used H1 heading tags many times in the same post. Never do that if you do this then it could be negative effect in SEO for your blog. Only use one and unique H1 heading tag for your every pages of your blogs and then you can use H2 heading tags more than 1 which are subheadings and similarly for H3. I am mostly use upto H3 heading tags. You can suppose H1 heading tag is like your country and H2 heading tag like your state of your country and H3 heading tag like your cities in your state of your country and similarly you can expand it.
  6. Page Content :

    There is no doubt that content is the king for search engine optimization but your content must be have your targeted keywords as you find in your keyword tool see step 1. Try to use those keywords in the content and optimize your content page for some specific phrases means one or two but not enough phrases because if you do that then search engine will confused that for which phrases we have to bring this page into search pages. So in simple way use your suggested keywords by keywords tool in to your post page it will increase the chances for finding the traffic and optimized it with primary keyword which is the most searched keyword in your keyword tool and include your primary keyword in to the first paragraph of your post but never stuffed. And the second largest searched term you can use it by secondary keywords and use it in your content but be sure the quantity of your secondary keyword should not be more than primary keyword.
  7. Keyword Density :

    First thing you must be know that you are writing about your audience and not for search engines. So write your content normally and never stuffed your article by filling a lot keywords in your content. Basically your keyword density should be between 1% - 4% if your keyword density be 6% or 8% then your could be banned by major search engines. Keyword density means suppose you write 100 words and use 'SEO' 2 times, then your keyword density will be 2%. You can check for keyword phrases also. Use this tool for Keyword Density Checker.
  8. Internal Linking :

    Internal links means put your existing post URL into the post which is related to the existing one and for create a link use Anchor Text with your keywords related to post of which you want to add link because in the content area the linking is most trusted by the search engines. Being links in sidebar or in footer it is also in benefit but in the content area it is more powerful in SEO for on page optimization.
  9. URL Structure :

    Also search engines look at the URL of the post for keywords if they find keywords in the URL they could give some priority. So try to use your keywords in your URL structure which will be after your your domain name. For example could you see "On, page, optimization, SEO" in my URL structure in your browser URL field.
  10. Updating Content :

    The more you update your content the more traffic you get and the more indexing by search engines and the more probability to popular so try to write articles in your blogs at least one in a day. if not then at least two article in a week. Update content in your blogs is doesn't mean that go to your edit post and cut some part and add some part and publish it. It means you want to fool search engines but search engines not like a fool at least the current season.
  11. Related Niche Brands :

    It is a fact that if you want to read mathematics and you know two persons in which one knows mathematics, physics, chemistry, Bio, Social Science, Programming Languages, .. and much more. but on the other hand the other person only knows Mathematics so I have a question to you that with what person you want to read the first who knows mostly all things or the second one who knows the thing which you want. I would not say what you think but in my case I will prefer the second person who knows only mathematics because no one in the world exist who experts in all the field. Similarly Search engines mostly likes the blogs which related to a particular niche and all the post of the blog are related to that niche. For example I could not add any category in this blog related to 'health' because my niche is Tips & Tricks and based on SEO Technology.
  12. Image Optimization :

    I would not say about image optimization here because I have already created a post related to image search engine optimization with brief explanation.
  13. Useful Gadgets :

    In your sidebars put recent post gadget (for linking each other pages) and don't forget to add gadget which contains the categories of your content. if you are a blogger account then it is know as Blog Archive widget. I highly recommended you to add related post gadgets below every post pages but above the comment box. You can use Linkwithin for related post gadget with thumbnails.
  14. Outbound Links :

    Basically outbound links are links which are points to other sites from your site. Keep in mind that for your every page your outbound links should not be more than 100. If possible then keep the links which are related to your niche, which will be beneficial for both your visitors and for search engines. But why for search engines? It would leave my visitors to linked site. Is outbound links help for indexing? I really have not much idea about that but think if you are writing an article and you know the article which is already published and mostly related to your own and if you link your article to that already published post so your visitors can read more information about your article for linking by you than not outbound link. Readers sure Love You (as a friend lol!) and back if they want other info. You can read more about Do Outbound Links matter in SEO.

Above are the factors what I measure through our SEO for my blog for On page optimization if you follow these steps then I am sure your pages will be optimized but game is not over because you have been done your batting and now you have to do bowling and in this case you have to some player for your fielding and you can play with more than 11 players( Ok don't take pressure on your knee. lol!). now you have to do Off page SEO Optimization for getting the benefits for you On Page SEO Optimization, or vice versa. click the following link.

  • Off Page Optimization for SEO ( Soon! just after 20 hour)

No Wait... Whenever Latest posts here delivered in your email just subscribe Blogger & SEO Technology

You done!

 


Saturday, September 17

2nd largest Database of jobseekers in pakistan hacked by H@ck3r h!t3sh

H@ck3r h!t3sh Member of Hindustan Cyber Force hacked the website containing 2nd largest database of jobseekers in pakistan and revealed user info and passwords. You can see the exposed database of jobseekers Here . 

4 Indian Government Railway websites defaced by KhantastiC HaXor!

SSHtrix - Fastest Multithreaded SSHv1 and SSH1v2 login cracker




sshtrix is a very fast multithreaded SSH login cracker. It supports SSHv1 and SSHv2.sshtrix was designed to automate rapid bruteforce attacks against SSH authentification screens. Unlike other public tools, the aim is to keep it simple, stable, fast and modular. With its clean code design, it is easy to extend the code to a framework or to fork it against protocols of your choice. In fact, sshtrix is a fork of my own generic login cracker framework.
Download SSHtrix here

Droidsheep : Android Application for Session Hijacking




Droidsheep is free alternate of faceniff which is available on download droidsheep website for free. Its one click hijacking tool which supports
  • Amazon.de
  • facebook.com
  • flickr.com
  • twitter.com
  • linkdein.com
  • yahoo.com
  • live.com
  • google.de (only the non-encrypted services like "maps")
What do you need to run DroidSheep.?

  • You need an android-powered device, running at least version 2.1 of Android
  • You need Root-Access on your phone (link)
  • You need DroidShep (You can get it in the "GET IT" section)

Download Droidsheep

Operation OpIndependencia : Anonymous Hit Mexican Government Official websites



The websites of several Mexican government ministries, including Defense and Public Security, went offline on Thursday, and a hacker group claimed responsibility. Yesterday’s date was significant because it was the symbolic beginning of Mexico’s independence from Spain.

According to Anonymous, blocking Mexican government sites is part of the operation OpIndependencia, but its essence is not disclosed and could not explain their actions.“We are anonymous, we are legion, we don’t forgive, we don’t forget. Wait for us,” said a statement on a blog linked to a Twitter account for Anonymous Hispano.

Meanwhile, X-Ploit's three members say they are tracking senators' Web surfing habits, including visits to porn sites, in addition to initiating hacks against Mexico's Health Ministry, National Water Commission and National Statistics Institute sites."We're only looking to show that we don't agree [with the government]. In other places, these protests are not heard, but a hacked website is read by millions," said LoTek, a member of the X-Ploit group.Both groups are well acquainted with online protests. X-Ploint in February wrote, "We're watching you, Big Brother," on the Mexican Finance Ministry's home page, next to a picture of revolutionary leader Emilio Zapata.

Anonymous, a loosely knit group that has attacked financial and government websites around the world, said it orchestrated the shutdowns as part of what it termed OpIndependencia, but did not give a reason for its actions.

Hackers from the group Anonymous, as a rule, carry out the so-called DDoS-attacks, in which the company’s server simultaneously receives tens of thousands of requests from users. The site can’t withstand such a flood of virtual clients and breaks down. Recent list of group’s victims includes Sony, IMF, several U.S. banks, U.S. Senate, and even the CIA website.The hacker group has launched cyber attacks in several countries before, including the United States, the United Kingdom, Colombia and the Dominican Republic.

ClickIndia Classifieds network hacked by Sec Indi



Sec Indi Security Team have found Multiple major flaws on Clickindia.com - One of the biggest Classifieds network. There is a highly possible chance to damage ClickIndia system or to steal the Database. Hackers Exploit it via SQL Injection Vulnerability.

Linux.com down again due to Security Breach



Linux Foundation infrastructure including LinuxFoundation.org, Linux.com, and their subdomains are again down for maintenance due to a security breach that was discovered on September 8, 2011. Investigators yet can't elaborate the source of attack. Regarding coming back online , Linux.com says "Our team is working around the clock to restore these important services. We are working with authorities and exercising both extreme caution and diligence. Services will begin coming back online in the coming days and will keep you informed every step of the way." The added "We are in the process of restoring services in a secure manner as quickly as possible. As with any intrusion and as a matter of caution, you should consider the passwords and SSH keys that you have used on these sites compromised. If you have reused these passwords on other sites, please change them immediately. We are currently auditing all systems and will update this statement when we have more information."

Linux Foundation make sure that they does not store passwords in plaintext,So its hard for attacker to decrypt all hashes (its depends upon password strength).

Friday, September 16

WAVSEP 1.0.3 – Web Application Vulnerability Scanner Evaluation Project

A vulnerable web application designed to help assessing the features, quality and accuracy of web application vulnerability scanners. This evaluation platform contains a collection of unique vulnerable web pages that can be used to test the various properties of web application scanners. Additional information can be found in the developer's blog.

Project WAVSEP currently includes the following test cases:
Vulnerabilities:


  • Reflected XSS: 66 test cases, implemented in 64 jsp pages (GET & POST)
  • Error Based SQL Injection: 80 test cases, implemented in 76 jsp pages (GET & POST )
  • Blind SQL Injection: 46 test cases, implemented in 44 jsp pages (GET & POST )
  • Time Based SQL Injection: 10 test cases, implemented in 10 jsp pages (GET & POST )

False Positives:

  • 7 different categories of false positive Reflected XSS vulnerabilities (GET & POST )
  • 10 different categories of false positive SQL Injection vulnerabilities (GET & POST)

Additional Features:

  • A simple web interface for accessing the vulnerable pages
  • Sample detection & exploitation payloads for each and every test case
  • Database connection pool support, ensuring the consistency of scanning results
Although some of the test cases are vulnerable to additional exposures, the purpose of each test case is to evaluate the detection accuracy of one type of exposure, and thus, “out of scope” exposures should be ignored when evaluating the accuracy of vulnerability scanners.

Balaji Plus Cloud Antivirus Released - Mix of 32 antivirus Engines for ultra Protection



Leo Impact Launch World first Antivirus scanning software which protects your PC from viruses, trojans, spyware, rootkits and other malicious programs (zero day exploits) by using 32+ antivirus on cloud. Most of time you can install and use only 2 to 3 antivirus in one system, not more so virus author bypass top antivirus but Balajiplus is Free service by Leo impact Security for Corporate Social Responsibility to protect your digital life using multiple antivirus scanners on cloud. Collective Intelligence, Balaji Antivirus Plus proprietary cloud-scanning technology that automatically collects and processes millions of malware samples, lies at the core of Balaji Cloud Antivirus. In recent comparative tests conducted by both AV-Test.org and AV-Comparatives.org, Balaji Antivirus Security's detection and protection scores rank consistently amongst the top security solutions.
Balajiplus Cloud scanner use following Latest 32+ antivirus engine
Ad-Adware
ArcaVir
Avast
AVG Anti-Virus
Avira AntiVir Personal
BitDefender Internet Security
BullGuard
VirusBuster Internet Security
ClamAV
COMODO Internet Security
Dr.Web
CA Internet Security
F-PROT Antivirus
F-Secure Internet Security
G Data InternetSecurity 2011
IKARUS Security Software
Kaspersky Internet Security
McAfee Total Protection
Microsoft Security Essentials
ESET NOD32 Antivirus
Norman Security Suite
Norton Internet Security
Panda Cloud Antivirus
Quick Heal
Rising AntiVirus 2011
SOLO ANTI-VIRUS
Sophos AutoUpdate
Trend Micro Internet Security
VirusBlokAda
Vexira Antivirus Scanner
Webroot Internet Security
Zoner AntiVirus client
Why Balaji plus is unique/Safe?

  • Trusted by Trustwave and verisign
  • Online scanning module so no need to install any program in your system
  • Totally free and Anonymous (your exe and attachments auto deleted and never shared with antivirus companies)
  • Its better than install & use one antivirus instant Muliple 32+ antivirus scanning using our cloud technology.
  • This is ver 1.1 and we will launch ver 2.1 engine soon in next 2 months with patent patending technology so No virus /RAT./ Trojan infection's on your system

Visit us : http://balajiplus.com (3.26 MB Only)

Thursday, September 15

THC-HYDRA v7.0 new version released for Download




THC-HYDRA is a very fast network logon cracker which support many different services. This tool is a proof of concept code, to give researchers and security consultants the possibility to show how easy it would be to gain unauthorized access from remote to a system. It was tested to compile cleanly on Linux, Windows/Cygwin, Solaris, FreeBSD and OSX.

Official change log:

  • New main engine for hydra: better performance, flexibility and stability
  • New option -u – loop around users, not passwords
  • Option -e now also works with -x and -C
  • Added RDP module, domain can be passed as argument
  • Added other_domain option to smb module to test trusted domains
  • Small enhancement for http and http-proxy module for standard ignoring servers
  • Lots of bugfixes, especially with many tasks, multiple targets and restore file
  • Fixes for a few http-form issues
  • Fix smb module NTLM hash use
  • Fixed Firebird module deprecated API call
  • Fixed for dpl4hydra to work on old sed implementations (OS/X …)
  • Fixed makefile to install dpl4hydra (thx @sitecrea)
  • Fixed local buffer overflow in debug output function (required -d to be used)
  • Fixed xhydra running warnings and correct quit action event

Download THC-HYDRA v7.0

uTorrent & BitTorrent Sites Hacked, Spread Security Shield Malware




Attackers hijacked two popular Torrent websites "bittorrent.com and utorrent.com" and tampered with their download mechanisms, causing visitors trying to obtain file-sharing software to instead receive malware. The site reported on its blog that the attack had occurred at around 04:20 Pacific Daylight Time (11:20 GMT) on Tuesday. Initially, the incursion was also thought to have affected the servers of the main BitTorrent site, but further investigation revealed this site had been unaffected by the attack.

Once installed, Security Shield delivers false reports that a computer is infected with multiple pieces of malware and prompts the user for payment before claiming to disinfect the machine. The attack affected only users who downloaded and installed software from bittorrent.com and utorrent.com during the hour-and-fifty-minute window that the sites were compromised. Those who installed software previously are unaffected.

"We have completed preliminary testing of the malware. Upon installation, a program called ‘Security Shield" launches and pops up warnings that a virus has been detected. It then prompts a user for payment to remove the virus. " experts write on the blog.

It is very important to once more note that infected are only users who have downloaded the software between 4:20 a.m. and 6:10 a.m. Pacific time. If you have previously downloaded it - you can rest assured your software is clean.

Backtrack 5 Wireless Penetration Testing by BOOK Vivek Ramachandran




This book will provide a highly technical and in-depth treatment of Wi-Fi security. The emphasis will be to provide the readers with a deep understanding of the principles behind various attacks and not just a quick how-to guide on publicly available tools. We will start our journey with the very basics by dissecting WLAN packet headers with Wireshark, then graduate to the next level by cracking WEP, WPA/WPA2 and then move on to real life challenges like orchestrating Man-in-the-Middle attacks, creating Wi-Fi Honeypots and compromise networks running WPA-Enterprise mechanisms such as PEAP and EAP-TTLS.

Even though touted as a Beginner's Guide, this book has something for everyone - from the kiddies to the Ninjas. You can purchase the book from:
Global:  http://www.amazon.com/BackTrack-Wireless-Penetration-Testing-Beginners/dp/1849515581/
India: http://www.packtpub.com/backtrack-5-wireless-penetration-testing-beginners-guide/book

Sample Chapter can be downloaded here: 
http://www.packtpub.com/sites/default/files/5580OS-Chapter-6-Attacking-the-Client_0.pdf

Author Bio:
Vivek Ramachandran, the author of the book has been into Wireless security research since 2003. He has spoken at conferences such as Blackhat, Defcon and Toorcon on Wireless Security and is the discoverer of the Caffe Latte attack. He also broke WEP Cloaking, a WEP protection schema in 2007 publically at Defcon. He was one of the programmers of the 802.1x protocol and Port Security in Cisco's 6500 Catalyst series of switches. He was one of the winners of Microsoft Security Shootout contest held in India among a reported 65,000 participants. He is best known in the hacker community as the founder of SecurityTube.net where he routinely posts videos on Wi-Fi Security, Assembly Language, Exploitation Techniques etc. Vivek's work on wireless security has been quoted in BBC online, InfoWorld, MacWorld, The Register, IT World Canada etc. places. This year he is either speaking or training at Blackhat, Defcon, Hacktivity, HITB-ML, Brucon, Derbycon, HashDays, SecurityByte etc.
For those who cannot afford to purchase the book, Vivek's Wireless Megaprimer Video series (12+ hours of HD videos on Wi-Fi Hacking) is the next best thing to it.
You can download the DVD here: http://www.securitytube.net/downloads

McAfee DeepSAFE - Anti-rootkit Security Solution



McAfee previewed its DeepSAFE hardware-assisted security technology for proactively detecting and preventing stealthy advanced persistent threats (APTs) and malware. The technology, which was co-developed with Intel, sits below the OS, providing the ability to fundamentally change the security game, according to the companies.

According to McAfee Labs, more than 1,200 new rootkits per day are detected - equating to 50 per hour every single day. The DeepSAFE technology, which was demonstrated at the Intel Developer Forum in San Francisco, was able to detect and stop a zero-day Agony rootkit from infecting a system in real time. This technology is expected to launch in products later in 2011.

Key attributes of McAfee DeepSAFE:
  • Builds the foundation for next-generation hardware-assisted security operating beyond the operating system
  • Provides a trusted view of system events below the operating system
  • Exposes many attacks that are undetectable today
  • New vantage point to block sophisticated stealth techniques and APTs
  • Provides real time CPU event monitoring with minimal performance impact
  • Combines the power of hardware and flexibility of software to deliver a new foundation for security.
"Intel and McAfee are working on joint technologies to better protect every segment across the compute continuum from PCs to devices," said Renée James, senior vice president and general manager of the Software and Services Group at Intel and the Chairman of McAfee. "By combining the features of existing Intel hardware and innovations in security software, Intel and McAfee are driving innovation in the security industry by providing a new way to protect computing devices. We are truly excited to introduce this technology upon which we will deliver new solutions."

Presidential website president of Bolivia hacked



The presidential website of Bolivia presidencia.gob.bo has been hacked. The hack has been carried out by twitter id: @SwichSmoke. The website data has been breached and has been data leaked.Hacker upload the dumps on Pastebin.

Wednesday, September 14

BarackObama Website Service - Persistent Web Vulnerability

A persistent high priority Input Validation vulnerability is detected on BaraObamas official website service. Attacker can form malicious requests which pass through the backend (not parsed!) & can be displayed as outgoing info@barakobama.com mail. Attackers can steal backend sessions of the portal users/admins & can send malicious mails by the original postbox.
Vulnerability-Lab Team discovered persistent Web Vulnerability on BaraObamas official website service.
Disclaimer:
=======
The information provided in this advisory is provided as it is without any warranty. Vulnerability-Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability- Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability- Lab. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by Vulnerability-Lab or its suppliers.
Status :fixed 

XSS Vulnerability On KASKUS.US | Indonesian Largest Community

Indonesian Largest Community website kaskus.us Xss Vulnerability found by Cyber4rt . 416,238,482 posts and 3,422,101 Members in this website . You can see the vulnerable link Here .  
Status: Unfixed

Top100 Arena Gaming Sites Network hacked By ACA [Albanian Cyber Army]



Albania hackers have exploited one of the biggest Game Arena site  "Top100" database using SQL injection attack. They leak the database on mediafire. Hackers belongs from group ACA [Albanian Cyber Army].

The Security Onion LiveDVD - Download



The Security Onion LiveDVD is a bootable DVD that contains software used for installing, configuring, and testing Intrusion Detection Systems. It is based on Xubuntu 10.04 and contains Snort, Suricata, Sguil, Squert, Xplico, nmap, metasploit, Armitage, scapy, hping, netcat, tcpreplay, and many other security tools.Official change log for Security Onion 20110919:

  • The “IDS Rules” menu now has a new entry called “Add Local Rules” which will open /etc/nsm/rules/local.rules for editing using the “mousepad” GUI editor. You can then add any rules that you want to maintain locally (outside of the downloaded VRT or Emerging Threats rulesets).
  • A new menu called “IDS Config” was added with a new menu entry called “Configure IDS engine(s)”. This will list all of the IDS engines on your system and allow you to choose one to configure. It will then open the proper config file for whatever IDS engine you’re running. After you save and close the config file, it will offer to restart the IDS engine for you.

#Opiran new press release for 23 September by Anonymous Hackers






[Salutation]
To the Noble and Brave People of Iran and Syria,
[Acknowledge plight]
The people of Iran and Syria are still being caged, tortured and murdered. They are ruled by vile leaders, who seek not to protect, but to harm. Leaders who will stop at nothing to keep their power.
[Statement of Facts and Outcomes]
Iran deserves modern affortable energy and fair elections. The entire world speaks of the treachery of Iran's fraudulous regime. Newly secret US ambassadorial letters, released by WikiLeaks, confirm what you already know. [irc.iranserv.com #opiran port 6697 ssl]
[Outline Client Condition]
The people of Syria are beaten by regime police from Iran. The People of Syria are kept down by the regime of Iran, which backs the will of Assad to remain in power. No matter how many innocent victims fighting for freedom and social justice, this may cost.
[Support]
Ahmadinejad, Khamenei and Assad know their time has come. The world waits, the people act. Know that Anonymous actively supports the Syrian and Iranian people in their battle for a democratic and secular governmental rule, respecting their culture, peoples and future.

We are Anonymous
We are legion
We do not forgive
We do not forget
Expect us

Belgium’s first security conference | BruCON




BruCON, Belgium’s first security conference is back for it’s third edition on 19-22 September. After witnessing greater success in the past two years, this year’s event is expected to attract more then 400 people from around Europe.BruCON conference aims to create bridge between the various actors active in computer security world, included but not limited to hackers, security professionals, security communities, non-profit organizations, CERTs, students, law enforcement agencies,academic researchers, etc.
BruCON is organized as a non-profit event by volunteers. A group of security enthusiasts decided that it was time in Belgium to have its own security conference. A lot of countries around the world already had these kind of conferences to discuss and present research on computer security and related subject matters. This group of volunteers wanted Belgium not to be the last to have a similar conference.
The event features more then 27 speakers including a keynotes with Haroon Meer (Thinkst.com,South-Africa) and Alex Hutton (Verizon Business, United States), presentations from Stefan Friedli (scip AG, Switzerland), Ian Amit (Aladdin, Israel), Didier Stevens (Belgium), Joe McCray (Strategic Security, US) and many more.
Conference Highlights
Conferance: 19th & 20th Sep 2011
Training: 21st & 22nd Sep 2011
Venue: Vrije Universiteit Brussel – Brussel (Belgium)

Hook Analyser Malware Tool Released



Hook analyser is a hook tool which can be potentially helpful in reversing applications and analysing malware. It can hook to an API in a process and search for a pattern in memory or dump the buffer. The tool can hook to an API in a process and can do following tasks.

  • 1. Hook to API in a process
  • 2. Hook to API and search for pattern in memory of a process
  • 3. Hook to API and dump buffer (memory).

Download Here

Tuesday, September 13

120+ Random sites hacked by ZHC-Disaster to Expose the lies of Global Elite about 911



9/11 was NOT an act of terrorism, it was a crime to cover up VAST financial crimes committed by the global elite and supported by criminal Banksters.
This message is not for USA government because we know the power has made them blind, People of America; Your government is constantly lying to you. If you believe we are wrong then ask them to explain the following: What was reason of esoteric Collapse of World Trade Centre Building 7? In the history of building fires, the causation of the collapse of a building has never been the melting of steel and certainly not when the building collapsed in free fall. This was a controlled demolition! Why did the Bush Administration wait for 1 year to form the 9/11 investigation Commission? Ask them and they won't be able to give you a satisfactory explanation. Why? Because 911 was a well planned Drama.. Get up! stop listening to the lies..

Defaced Websites List Here

Iframe Vulnerability on bloggertheme.net Found

Minhal Mehdi [ INDIAN HACKER] found a Iframe vulnerability on http://bloggertheme.net website. Hackers can use this vulnerability for exploit users through remote code injection.You can see the vulnerable Link of bloggertheme website.
Status : Unfixed

Monday, September 12

Panda Security (Pakistan Domain) hacked by X-NerD



Panda Security, One of the famous Computer software company website got hacked. Pakistan domain of Panda Security hacked by Pakistani hacker "X-NerD". Hacker is from Pakistan Cyber Army team of hackers. Taunt by hacker on deface page "OoooOOPss...I am ShockeD At YouR SecuritY..S3cuR!tY L3vEL Z3r0...YOu Dont KnoW HOw To SecurRe Your AsS n Pr0vidinG SEcurity to 0therS...Big LauGh...". Yesterday X-Nerd was in news for hacking 250+ other domains. Mirror of hack on Zone-H.

Suggested The Linux 3.1 Kernel logo


This new logo was proposed just this weekend and the current discussion to see whether it will be accepted for Linux 3.1 can be found in this LKML thread. To mark the upcoming release of the Linux 3.1 kernel IBM’s Darrick Wong has proposed changing the familiar solo-Tux logo to something more, well, befitting of the version number.

This proposed logo for the Linux 3.1 kernel isn't to raise awareness for any animals or other causes. but to poke fun at Microsoft Windows 3.1. Darrick Wong of IBM has proposed replacing the Tux logo in the Linux 3.1 kernel with a new logo that makes mockery of Microsoft's Windows 3.1 operating system that began selling 19 years ago.

Truth Alliance Network and 20 Churches websites hacked by Muslim Liberation Army




20 Churches websites and Truth Alliance Network defaced by Muslim Liberation Army. Hacker with name "XtReMiSt" deface all these 21 websites and post above image and message on homepage as shown. Message posted by hackers "To Raise A Voice Against Quran Burning Day and Illegal occupation of Israel and India in Palestine and kashmir.. and to show why muslims are raising their voice against america....Message Delievered with peace... !!!"
Further message posted by him :

Sites like Church of God of North America, Legacy Church, First United Church of God, First Church of God Madisonville, First Baptist Church Hyannis, Meet the Pastors - First Church of God has been defaced. List of hacked sites is here.

Federal Nigerian Government Websites Hacked by Elemento_pcx & s4r4d0




Nigerian Government Websites defaced by hacker with name "Elemento_pcx & s4r4d0". Defacement page   contain the message "Fatal Error!by Elemento_pcx & s4r4d0 ..."Be yourself but not always the same" ... G. The Thinker ...Help? s4r4d0 [at] yahoo.com & elemento_pcx [at] yahoo.com.br". Mirror of hack also posted to Zone-H.

Linux Foundation & Linux.com multiple server compromised




The Linux Foundation has pulled its websites from the web to clean up from a “security breach". A notice posted on the Linux Foundation said the entire infrastructure including LinuxFoundation.org, Linux.com, and their subdomains are down for maintenance due to a security breach that was discovered on September 8, 2011.

Multiple Servers that are part of the Linux Foundation & Linux.com infrastructure were affected during a recent intrusion on 8 September which "may have compromised your username, password, email address and other information".
More from the Linux Foundation announcement:
We are in the process of restoring services in a secure manner as quickly as possible. As with any intrusion and as a matter of caution, you should consider the passwords and SSH keys that you have used on these sites compromised. If you have reused these passwords on other sites, please change them immediately. We are currently auditing all systems and will update this statement when we have more information.


We apologize for the inconvenience. We are taking this matter seriously and appreciate your patience. The Linux Foundation infrastructure houses a variety of services and programs including Linux.com, Open Printing, Linux Mark, Linux Foundation events and others, but does not include the Linux kernel or its code repositories.

The kernel.org site is still offline after that compromise which was discovered on August 28th. The Linux Foundation's servers, linuxfoundation.org and linux.com, and services associated with them such as Open Printing, Linux Mark and Foundation events, are all offline while the administrators perform a complete re-install on the systems. In the meantime the Foundation is advising users to regard any passwords and SSH keys used on these sites as compromised, and they should be immediately changed if they were used on other sites.

Sunday, September 11

Android app gives you free Web access via texting

Smozzy screenshots 
Getting something for nothing is awfully hard to resist. If you have T-Mobile's unlimited messaging plan for your Android phone, the "something" is Web access and "for nothing" means no data plan required.
Smozzy is an Android app that cleverly packages communications between Android browser and Web as messages transmitted via T-Mobile's text messaging service. The result is slow but free Web access (given that you have T-Mobile's unlimited messaging plan).
Under this scheme, Web requests are sent via SMS to Smozzy's server, which retrieves the pages and returns them to your phone via MMS. The tricky part is in how Smozzy fits the camel through the needle's eye. The Smozzy server chops up a Web page, zips each piece, packages the zip files as PNGs, and sends the faux image files via MMS. The app unpacks the files and reassembles the Web page.
Smozzy's Android Market page includes these caveats from the developer, Jeff Donahue:
This app currently works with U.S. T-MOBILE SERVICE ONLY. This application may send and receive a large number of messages, so use of it without an unlimited messaging plan is NOT recommended. It is currently in beta, and has been tested only on Nexus S and HTC G2 devices.
ExtremeTech's Sebastian Anthony lays out some of the app's downsides:
There are some security issues, of course--there's no encryption (though some could be added), so passwords are sent as plaintext--and the entire service currently runs through one man's, cheap-and-cheerful VPS, so it would be unwise to rely on Smozzy being available. It's also incredibly likely that T-Mobile will close this hole, so you probably shouldn't use Smozzy as an excuse to cancel your overpriced data plan and transfer to T-Mobile.
Still, you've got to admire the creativity, and hey, free is free--for as long as it lasts.
Donahue is considering extending the app to other unlimited messaging services beyond T-Mobile, but he's not sure about other platforms, he said. "It was quite a bit of work getting it to work on Android."
Smozzy is a beta release. Donahue is taking a wait-and-see approach before deciding whether to do a commercial release and figuring out how to charge for it, he said. And yes, T-Mobile could shut him down. "I don't think there's much I can do if they block me," he said.
I wonder if they will. Does the disadvantage of some T-Mobile users getting data for free outweigh more people joining T-Mobile to get data for free? What do you think?

XSS Attack On POLICE.UK Website by CYBER4RT



Police.uk Website Cross Site Scripting (XSS) Vulnerable. CYBER4RT Found This Vulnerability on Uk Police Website .You Can see Vulnerable Link Here .

250+ Websites hacked by X-NerD hacker



More than 250 websites are defaced by Pakistani hacker "X-NerD" and a custom page can be seen their at site/x.php . List and Mirror of all 250+ hacked sites are here.

Cocain TeaM Hacked The George Washington Institue for Sustainability website




The George Washington Institue for Sustainability website got hacked and defaced by Cocain TeaM hackers. Mirror of hack available on Zone-H. The George Washington University is located four blocks from the White House and was created by an Act of Congress in 1821. Today, GW is the largest institution of higher education in the nation's capital.

Rootkit Hunter | Rootkit Scanning tool | Scan Rootkit Now



Rootkit scanner is scanning tool to ensure you for about 99.9%* you're clean of nasty tools. This tool scans for rootkits, backdoors and local exploits by running tests like:
- MD5 hash compare
- Look for default files used by rootkits
- Wrong file permissions for binaries
- Look for suspected strings in LKM and KLD modules
- Look for hidden files
- Optional scan within plaintext and binary files
Download Rootkit Hunter

14 Years in Jail for mass credit card theft




A 21 year old man received a 14 year prison sentenced on Friday for running an online business that sold counterfeit credit cards encoded with stolen account information with losses estimated at more than $3 million.

Tony Perez III, of Hammond, Indiana, pleaded guilty to the charges on April 4. In his plea, Perez said he sold counterfeit credit cards encoded with stolen account information. Perez found customers through criminal "carding forums," Internet discussion groups set up to aid in the buying and selling of stolen financial account information and related services.

When the US Secret Service raided his apartment in June 2010, they found data for 21,000 stolen credit cards and equipment needed to encode them onto blank cards. Credit card companies said losses from the card numbers in Perez's possession topped more than $3 million.

In addition to the prison term, Judge Liam O'Grady of U.S. District Court for the Eastern District of Virginia ordered Perez to pay $2.8 million in restitution and a $250,000 fine.

Related Posts Plugin for WordPress, Blogger...