On Page SEO Optimization Techniques for Blogs/Beginners/Blogger

On Page SEO optimization is a technique to bring your site on to the top pages of search engines so If you want to do SEO for blogs then you can't be ignore on page seo optimization.

What is Denial of Service (DoS) Attacks

Denial Of Service (DoS) Attacks :- A denial of service (DoS) attack is an attack that clogs up so much memory on the target system that it can not serve it’s users, or it causes the target system to crash, reboot, or otherwise deny services to legitimate users.

26 Books on Hacking by Ankit Fadia: Free Downloads

Download various books on Hacking by Ankit Fadia for free Collection

Monday, September 26

Official websites of 7 major Syrian city hacked by Anonymous

Official websites of 7 major Syrian city hacked by Anonymous hackers as part of hacktivists Anonymous' Operation Syria (  #OpSyria ). Anonymous has replaced the home pages of official Syrian websites with an interactive map of Syria, showing the names, ages and date of deaths of victims of the Syrian regime since the protests started in March. They call it Martyrs of Freedom (March - October 2011). The figure 2,316 commemorates the number of Syrians killed by the Syrian regime since anti-Assad protests started in Syria in March. The victims' names, ages and dates of death appear as you hover over the map of Syria.Hacked sites:

Facebook Track your Cookies Even After LogOUT

According to Australian technologist Nik Cubrilovic: 'Logging out of Facebook is not enough.' He added, Even after you are logged out, Facebook is able to track your browser's page every time you visit a website. He wrote in his blog 'With my browser logged out of Facebook, whenever I visit any page with a Facebook like button, or share button, or any other widget, the information, including my account ID, is still being sent to Facebook.'

After explaining the cookies behavior he also suggested a way to fix the tracking problem: 'The only solution to Facebook not knowing who you are is to delete all Facebook cookies.'

Sunday, September 18

Saturday, September 17

2nd largest Database of jobseekers in pakistan hacked by H@ck3r h!t3sh

H@ck3r h!t3sh Member of Hindustan Cyber Force hacked the website containing 2nd largest database of jobseekers in pakistan and revealed user info and passwords. You can see the exposed database of jobseekers Here . 

4 Indian Government Railway websites defaced by KhantastiC HaXor!

SSHtrix - Fastest Multithreaded SSHv1 and SSH1v2 login cracker

sshtrix is a very fast multithreaded SSH login cracker. It supports SSHv1 and SSHv2.sshtrix was designed to automate rapid bruteforce attacks against SSH authentification screens. Unlike other public tools, the aim is to keep it simple, stable, fast and modular. With its clean code design, it is easy to extend the code to a framework or to fork it against protocols of your choice. In fact, sshtrix is a fork of my own generic login cracker framework.
Download SSHtrix here

Droidsheep : Android Application for Session Hijacking

Droidsheep is free alternate of faceniff which is available on download droidsheep website for free. Its one click hijacking tool which supports
  • Amazon.de
  • facebook.com
  • flickr.com
  • twitter.com
  • linkdein.com
  • yahoo.com
  • live.com
  • google.de (only the non-encrypted services like "maps")
What do you need to run DroidSheep.?

  • You need an android-powered device, running at least version 2.1 of Android
  • You need Root-Access on your phone (link)
  • You need DroidShep (You can get it in the "GET IT" section)

Download Droidsheep

Operation OpIndependencia : Anonymous Hit Mexican Government Official websites

The websites of several Mexican government ministries, including Defense and Public Security, went offline on Thursday, and a hacker group claimed responsibility. Yesterday’s date was significant because it was the symbolic beginning of Mexico’s independence from Spain.

According to Anonymous, blocking Mexican government sites is part of the operation OpIndependencia, but its essence is not disclosed and could not explain their actions.“We are anonymous, we are legion, we don’t forgive, we don’t forget. Wait for us,” said a statement on a blog linked to a Twitter account for Anonymous Hispano.

Meanwhile, X-Ploit's three members say they are tracking senators' Web surfing habits, including visits to porn sites, in addition to initiating hacks against Mexico's Health Ministry, National Water Commission and National Statistics Institute sites."We're only looking to show that we don't agree [with the government]. In other places, these protests are not heard, but a hacked website is read by millions," said LoTek, a member of the X-Ploit group.Both groups are well acquainted with online protests. X-Ploint in February wrote, "We're watching you, Big Brother," on the Mexican Finance Ministry's home page, next to a picture of revolutionary leader Emilio Zapata.

Anonymous, a loosely knit group that has attacked financial and government websites around the world, said it orchestrated the shutdowns as part of what it termed OpIndependencia, but did not give a reason for its actions.

Hackers from the group Anonymous, as a rule, carry out the so-called DDoS-attacks, in which the company’s server simultaneously receives tens of thousands of requests from users. The site can’t withstand such a flood of virtual clients and breaks down. Recent list of group’s victims includes Sony, IMF, several U.S. banks, U.S. Senate, and even the CIA website.The hacker group has launched cyber attacks in several countries before, including the United States, the United Kingdom, Colombia and the Dominican Republic.

ClickIndia Classifieds network hacked by Sec Indi

Sec Indi Security Team have found Multiple major flaws on Clickindia.com - One of the biggest Classifieds network. There is a highly possible chance to damage ClickIndia system or to steal the Database. Hackers Exploit it via SQL Injection Vulnerability.

Linux.com down again due to Security Breach

Linux Foundation infrastructure including LinuxFoundation.org, Linux.com, and their subdomains are again down for maintenance due to a security breach that was discovered on September 8, 2011. Investigators yet can't elaborate the source of attack. Regarding coming back online , Linux.com says "Our team is working around the clock to restore these important services. We are working with authorities and exercising both extreme caution and diligence. Services will begin coming back online in the coming days and will keep you informed every step of the way." The added "We are in the process of restoring services in a secure manner as quickly as possible. As with any intrusion and as a matter of caution, you should consider the passwords and SSH keys that you have used on these sites compromised. If you have reused these passwords on other sites, please change them immediately. We are currently auditing all systems and will update this statement when we have more information."

Linux Foundation make sure that they does not store passwords in plaintext,So its hard for attacker to decrypt all hashes (its depends upon password strength).

Friday, September 16

WAVSEP 1.0.3 – Web Application Vulnerability Scanner Evaluation Project

A vulnerable web application designed to help assessing the features, quality and accuracy of web application vulnerability scanners. This evaluation platform contains a collection of unique vulnerable web pages that can be used to test the various properties of web application scanners. Additional information can be found in the developer's blog.

Project WAVSEP currently includes the following test cases:

  • Reflected XSS: 66 test cases, implemented in 64 jsp pages (GET & POST)
  • Error Based SQL Injection: 80 test cases, implemented in 76 jsp pages (GET & POST )
  • Blind SQL Injection: 46 test cases, implemented in 44 jsp pages (GET & POST )
  • Time Based SQL Injection: 10 test cases, implemented in 10 jsp pages (GET & POST )

False Positives:

  • 7 different categories of false positive Reflected XSS vulnerabilities (GET & POST )
  • 10 different categories of false positive SQL Injection vulnerabilities (GET & POST)

Additional Features:

  • A simple web interface for accessing the vulnerable pages
  • Sample detection & exploitation payloads for each and every test case
  • Database connection pool support, ensuring the consistency of scanning results
Although some of the test cases are vulnerable to additional exposures, the purpose of each test case is to evaluate the detection accuracy of one type of exposure, and thus, “out of scope” exposures should be ignored when evaluating the accuracy of vulnerability scanners.

Balaji Plus Cloud Antivirus Released - Mix of 32 antivirus Engines for ultra Protection

Leo Impact Launch World first Antivirus scanning software which protects your PC from viruses, trojans, spyware, rootkits and other malicious programs (zero day exploits) by using 32+ antivirus on cloud. Most of time you can install and use only 2 to 3 antivirus in one system, not more so virus author bypass top antivirus but Balajiplus is Free service by Leo impact Security for Corporate Social Responsibility to protect your digital life using multiple antivirus scanners on cloud. Collective Intelligence, Balaji Antivirus Plus proprietary cloud-scanning technology that automatically collects and processes millions of malware samples, lies at the core of Balaji Cloud Antivirus. In recent comparative tests conducted by both AV-Test.org and AV-Comparatives.org, Balaji Antivirus Security's detection and protection scores rank consistently amongst the top security solutions.
Balajiplus Cloud scanner use following Latest 32+ antivirus engine
AVG Anti-Virus
Avira AntiVir Personal
BitDefender Internet Security
VirusBuster Internet Security
COMODO Internet Security
CA Internet Security
F-PROT Antivirus
F-Secure Internet Security
G Data InternetSecurity 2011
IKARUS Security Software
Kaspersky Internet Security
McAfee Total Protection
Microsoft Security Essentials
ESET NOD32 Antivirus
Norman Security Suite
Norton Internet Security
Panda Cloud Antivirus
Quick Heal
Rising AntiVirus 2011
Sophos AutoUpdate
Trend Micro Internet Security
Vexira Antivirus Scanner
Webroot Internet Security
Zoner AntiVirus client
Why Balaji plus is unique/Safe?

  • Trusted by Trustwave and verisign
  • Online scanning module so no need to install any program in your system
  • Totally free and Anonymous (your exe and attachments auto deleted and never shared with antivirus companies)
  • Its better than install & use one antivirus instant Muliple 32+ antivirus scanning using our cloud technology.
  • This is ver 1.1 and we will launch ver 2.1 engine soon in next 2 months with patent patending technology so No virus /RAT./ Trojan infection's on your system

Visit us : http://balajiplus.com (3.26 MB Only)

Thursday, September 15

THC-HYDRA v7.0 new version released for Download

THC-HYDRA is a very fast network logon cracker which support many different services. This tool is a proof of concept code, to give researchers and security consultants the possibility to show how easy it would be to gain unauthorized access from remote to a system. It was tested to compile cleanly on Linux, Windows/Cygwin, Solaris, FreeBSD and OSX.

Official change log:

  • New main engine for hydra: better performance, flexibility and stability
  • New option -u – loop around users, not passwords
  • Option -e now also works with -x and -C
  • Added RDP module, domain can be passed as argument
  • Added other_domain option to smb module to test trusted domains
  • Small enhancement for http and http-proxy module for standard ignoring servers
  • Lots of bugfixes, especially with many tasks, multiple targets and restore file
  • Fixes for a few http-form issues
  • Fix smb module NTLM hash use
  • Fixed Firebird module deprecated API call
  • Fixed for dpl4hydra to work on old sed implementations (OS/X …)
  • Fixed makefile to install dpl4hydra (thx @sitecrea)
  • Fixed local buffer overflow in debug output function (required -d to be used)
  • Fixed xhydra running warnings and correct quit action event

Download THC-HYDRA v7.0

uTorrent & BitTorrent Sites Hacked, Spread Security Shield Malware

Attackers hijacked two popular Torrent websites "bittorrent.com and utorrent.com" and tampered with their download mechanisms, causing visitors trying to obtain file-sharing software to instead receive malware. The site reported on its blog that the attack had occurred at around 04:20 Pacific Daylight Time (11:20 GMT) on Tuesday. Initially, the incursion was also thought to have affected the servers of the main BitTorrent site, but further investigation revealed this site had been unaffected by the attack.

Once installed, Security Shield delivers false reports that a computer is infected with multiple pieces of malware and prompts the user for payment before claiming to disinfect the machine. The attack affected only users who downloaded and installed software from bittorrent.com and utorrent.com during the hour-and-fifty-minute window that the sites were compromised. Those who installed software previously are unaffected.

"We have completed preliminary testing of the malware. Upon installation, a program called ‘Security Shield" launches and pops up warnings that a virus has been detected. It then prompts a user for payment to remove the virus. " experts write on the blog.

It is very important to once more note that infected are only users who have downloaded the software between 4:20 a.m. and 6:10 a.m. Pacific time. If you have previously downloaded it - you can rest assured your software is clean.

Backtrack 5 Wireless Penetration Testing by BOOK Vivek Ramachandran

This book will provide a highly technical and in-depth treatment of Wi-Fi security. The emphasis will be to provide the readers with a deep understanding of the principles behind various attacks and not just a quick how-to guide on publicly available tools. We will start our journey with the very basics by dissecting WLAN packet headers with Wireshark, then graduate to the next level by cracking WEP, WPA/WPA2 and then move on to real life challenges like orchestrating Man-in-the-Middle attacks, creating Wi-Fi Honeypots and compromise networks running WPA-Enterprise mechanisms such as PEAP and EAP-TTLS.

Even though touted as a Beginner's Guide, this book has something for everyone - from the kiddies to the Ninjas. You can purchase the book from:
Global:  http://www.amazon.com/BackTrack-Wireless-Penetration-Testing-Beginners/dp/1849515581/
India: http://www.packtpub.com/backtrack-5-wireless-penetration-testing-beginners-guide/book

Sample Chapter can be downloaded here: 

Author Bio:
Vivek Ramachandran, the author of the book has been into Wireless security research since 2003. He has spoken at conferences such as Blackhat, Defcon and Toorcon on Wireless Security and is the discoverer of the Caffe Latte attack. He also broke WEP Cloaking, a WEP protection schema in 2007 publically at Defcon. He was one of the programmers of the 802.1x protocol and Port Security in Cisco's 6500 Catalyst series of switches. He was one of the winners of Microsoft Security Shootout contest held in India among a reported 65,000 participants. He is best known in the hacker community as the founder of SecurityTube.net where he routinely posts videos on Wi-Fi Security, Assembly Language, Exploitation Techniques etc. Vivek's work on wireless security has been quoted in BBC online, InfoWorld, MacWorld, The Register, IT World Canada etc. places. This year he is either speaking or training at Blackhat, Defcon, Hacktivity, HITB-ML, Brucon, Derbycon, HashDays, SecurityByte etc.
For those who cannot afford to purchase the book, Vivek's Wireless Megaprimer Video series (12+ hours of HD videos on Wi-Fi Hacking) is the next best thing to it.
You can download the DVD here: http://www.securitytube.net/downloads

McAfee DeepSAFE - Anti-rootkit Security Solution

McAfee previewed its DeepSAFE hardware-assisted security technology for proactively detecting and preventing stealthy advanced persistent threats (APTs) and malware. The technology, which was co-developed with Intel, sits below the OS, providing the ability to fundamentally change the security game, according to the companies.

According to McAfee Labs, more than 1,200 new rootkits per day are detected - equating to 50 per hour every single day. The DeepSAFE technology, which was demonstrated at the Intel Developer Forum in San Francisco, was able to detect and stop a zero-day Agony rootkit from infecting a system in real time. This technology is expected to launch in products later in 2011.

Key attributes of McAfee DeepSAFE:
  • Builds the foundation for next-generation hardware-assisted security operating beyond the operating system
  • Provides a trusted view of system events below the operating system
  • Exposes many attacks that are undetectable today
  • New vantage point to block sophisticated stealth techniques and APTs
  • Provides real time CPU event monitoring with minimal performance impact
  • Combines the power of hardware and flexibility of software to deliver a new foundation for security.
"Intel and McAfee are working on joint technologies to better protect every segment across the compute continuum from PCs to devices," said Renée James, senior vice president and general manager of the Software and Services Group at Intel and the Chairman of McAfee. "By combining the features of existing Intel hardware and innovations in security software, Intel and McAfee are driving innovation in the security industry by providing a new way to protect computing devices. We are truly excited to introduce this technology upon which we will deliver new solutions."

Presidential website president of Bolivia hacked

The presidential website of Bolivia presidencia.gob.bo has been hacked. The hack has been carried out by twitter id: @SwichSmoke. The website data has been breached and has been data leaked.Hacker upload the dumps on Pastebin.

Wednesday, September 14

BarackObama Website Service - Persistent Web Vulnerability

A persistent high priority Input Validation vulnerability is detected on BaraObamas official website service. Attacker can form malicious requests which pass through the backend (not parsed!) & can be displayed as outgoing info@barakobama.com mail. Attackers can steal backend sessions of the portal users/admins & can send malicious mails by the original postbox.
Vulnerability-Lab Team discovered persistent Web Vulnerability on BaraObamas official website service.
The information provided in this advisory is provided as it is without any warranty. Vulnerability-Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability- Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability- Lab. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by Vulnerability-Lab or its suppliers.
Status :fixed 

XSS Vulnerability On KASKUS.US | Indonesian Largest Community

Indonesian Largest Community website kaskus.us Xss Vulnerability found by Cyber4rt . 416,238,482 posts and 3,422,101 Members in this website . You can see the vulnerable link Here .  
Status: Unfixed

Top100 Arena Gaming Sites Network hacked By ACA [Albanian Cyber Army]

Albania hackers have exploited one of the biggest Game Arena site  "Top100" database using SQL injection attack. They leak the database on mediafire. Hackers belongs from group ACA [Albanian Cyber Army].

The Security Onion LiveDVD - Download

The Security Onion LiveDVD is a bootable DVD that contains software used for installing, configuring, and testing Intrusion Detection Systems. It is based on Xubuntu 10.04 and contains Snort, Suricata, Sguil, Squert, Xplico, nmap, metasploit, Armitage, scapy, hping, netcat, tcpreplay, and many other security tools.Official change log for Security Onion 20110919:

  • The “IDS Rules” menu now has a new entry called “Add Local Rules” which will open /etc/nsm/rules/local.rules for editing using the “mousepad” GUI editor. You can then add any rules that you want to maintain locally (outside of the downloaded VRT or Emerging Threats rulesets).
  • A new menu called “IDS Config” was added with a new menu entry called “Configure IDS engine(s)”. This will list all of the IDS engines on your system and allow you to choose one to configure. It will then open the proper config file for whatever IDS engine you’re running. After you save and close the config file, it will offer to restart the IDS engine for you.

#Opiran new press release for 23 September by Anonymous Hackers

To the Noble and Brave People of Iran and Syria,
[Acknowledge plight]
The people of Iran and Syria are still being caged, tortured and murdered. They are ruled by vile leaders, who seek not to protect, but to harm. Leaders who will stop at nothing to keep their power.
[Statement of Facts and Outcomes]
Iran deserves modern affortable energy and fair elections. The entire world speaks of the treachery of Iran's fraudulous regime. Newly secret US ambassadorial letters, released by WikiLeaks, confirm what you already know. [irc.iranserv.com #opiran port 6697 ssl]
[Outline Client Condition]
The people of Syria are beaten by regime police from Iran. The People of Syria are kept down by the regime of Iran, which backs the will of Assad to remain in power. No matter how many innocent victims fighting for freedom and social justice, this may cost.
Ahmadinejad, Khamenei and Assad know their time has come. The world waits, the people act. Know that Anonymous actively supports the Syrian and Iranian people in their battle for a democratic and secular governmental rule, respecting their culture, peoples and future.

We are Anonymous
We are legion
We do not forgive
We do not forget
Expect us

Belgium’s first security conference | BruCON

BruCON, Belgium’s first security conference is back for it’s third edition on 19-22 September. After witnessing greater success in the past two years, this year’s event is expected to attract more then 400 people from around Europe.BruCON conference aims to create bridge between the various actors active in computer security world, included but not limited to hackers, security professionals, security communities, non-profit organizations, CERTs, students, law enforcement agencies,academic researchers, etc.
BruCON is organized as a non-profit event by volunteers. A group of security enthusiasts decided that it was time in Belgium to have its own security conference. A lot of countries around the world already had these kind of conferences to discuss and present research on computer security and related subject matters. This group of volunteers wanted Belgium not to be the last to have a similar conference.
The event features more then 27 speakers including a keynotes with Haroon Meer (Thinkst.com,South-Africa) and Alex Hutton (Verizon Business, United States), presentations from Stefan Friedli (scip AG, Switzerland), Ian Amit (Aladdin, Israel), Didier Stevens (Belgium), Joe McCray (Strategic Security, US) and many more.
Conference Highlights
Conferance: 19th & 20th Sep 2011
Training: 21st & 22nd Sep 2011
Venue: Vrije Universiteit Brussel – Brussel (Belgium)

Hook Analyser Malware Tool Released

Hook analyser is a hook tool which can be potentially helpful in reversing applications and analysing malware. It can hook to an API in a process and search for a pattern in memory or dump the buffer. The tool can hook to an API in a process and can do following tasks.

  • 1. Hook to API in a process
  • 2. Hook to API and search for pattern in memory of a process
  • 3. Hook to API and dump buffer (memory).

Download Here

Tuesday, September 13

120+ Random sites hacked by ZHC-Disaster to Expose the lies of Global Elite about 911

9/11 was NOT an act of terrorism, it was a crime to cover up VAST financial crimes committed by the global elite and supported by criminal Banksters.
This message is not for USA government because we know the power has made them blind, People of America; Your government is constantly lying to you. If you believe we are wrong then ask them to explain the following: What was reason of esoteric Collapse of World Trade Centre Building 7? In the history of building fires, the causation of the collapse of a building has never been the melting of steel and certainly not when the building collapsed in free fall. This was a controlled demolition! Why did the Bush Administration wait for 1 year to form the 9/11 investigation Commission? Ask them and they won't be able to give you a satisfactory explanation. Why? Because 911 was a well planned Drama.. Get up! stop listening to the lies..

Defaced Websites List Here

Iframe Vulnerability on bloggertheme.net Found

Minhal Mehdi [ INDIAN HACKER] found a Iframe vulnerability on http://bloggertheme.net website. Hackers can use this vulnerability for exploit users through remote code injection.You can see the vulnerable Link of bloggertheme website.
Status : Unfixed

Monday, September 12

Panda Security (Pakistan Domain) hacked by X-NerD

Panda Security, One of the famous Computer software company website got hacked. Pakistan domain of Panda Security hacked by Pakistani hacker "X-NerD". Hacker is from Pakistan Cyber Army team of hackers. Taunt by hacker on deface page "OoooOOPss...I am ShockeD At YouR SecuritY..S3cuR!tY L3vEL Z3r0...YOu Dont KnoW HOw To SecurRe Your AsS n Pr0vidinG SEcurity to 0therS...Big LauGh...". Yesterday X-Nerd was in news for hacking 250+ other domains. Mirror of hack on Zone-H.

Suggested The Linux 3.1 Kernel logo

This new logo was proposed just this weekend and the current discussion to see whether it will be accepted for Linux 3.1 can be found in this LKML thread. To mark the upcoming release of the Linux 3.1 kernel IBM’s Darrick Wong has proposed changing the familiar solo-Tux logo to something more, well, befitting of the version number.

This proposed logo for the Linux 3.1 kernel isn't to raise awareness for any animals or other causes. but to poke fun at Microsoft Windows 3.1. Darrick Wong of IBM has proposed replacing the Tux logo in the Linux 3.1 kernel with a new logo that makes mockery of Microsoft's Windows 3.1 operating system that began selling 19 years ago.

Truth Alliance Network and 20 Churches websites hacked by Muslim Liberation Army

20 Churches websites and Truth Alliance Network defaced by Muslim Liberation Army. Hacker with name "XtReMiSt" deface all these 21 websites and post above image and message on homepage as shown. Message posted by hackers "To Raise A Voice Against Quran Burning Day and Illegal occupation of Israel and India in Palestine and kashmir.. and to show why muslims are raising their voice against america....Message Delievered with peace... !!!"
Further message posted by him :

Sites like Church of God of North America, Legacy Church, First United Church of God, First Church of God Madisonville, First Baptist Church Hyannis, Meet the Pastors - First Church of God has been defaced. List of hacked sites is here.

Federal Nigerian Government Websites Hacked by Elemento_pcx & s4r4d0

Nigerian Government Websites defaced by hacker with name "Elemento_pcx & s4r4d0". Defacement page   contain the message "Fatal Error!by Elemento_pcx & s4r4d0 ..."Be yourself but not always the same" ... G. The Thinker ...Help? s4r4d0 [at] yahoo.com & elemento_pcx [at] yahoo.com.br". Mirror of hack also posted to Zone-H.

Linux Foundation & Linux.com multiple server compromised

The Linux Foundation has pulled its websites from the web to clean up from a “security breach". A notice posted on the Linux Foundation said the entire infrastructure including LinuxFoundation.org, Linux.com, and their subdomains are down for maintenance due to a security breach that was discovered on September 8, 2011.

Multiple Servers that are part of the Linux Foundation & Linux.com infrastructure were affected during a recent intrusion on 8 September which "may have compromised your username, password, email address and other information".
More from the Linux Foundation announcement:
We are in the process of restoring services in a secure manner as quickly as possible. As with any intrusion and as a matter of caution, you should consider the passwords and SSH keys that you have used on these sites compromised. If you have reused these passwords on other sites, please change them immediately. We are currently auditing all systems and will update this statement when we have more information.

We apologize for the inconvenience. We are taking this matter seriously and appreciate your patience. The Linux Foundation infrastructure houses a variety of services and programs including Linux.com, Open Printing, Linux Mark, Linux Foundation events and others, but does not include the Linux kernel or its code repositories.

The kernel.org site is still offline after that compromise which was discovered on August 28th. The Linux Foundation's servers, linuxfoundation.org and linux.com, and services associated with them such as Open Printing, Linux Mark and Foundation events, are all offline while the administrators perform a complete re-install on the systems. In the meantime the Foundation is advising users to regard any passwords and SSH keys used on these sites as compromised, and they should be immediately changed if they were used on other sites.

Sunday, September 11

Android app gives you free Web access via texting

Smozzy screenshots 
Getting something for nothing is awfully hard to resist. If you have T-Mobile's unlimited messaging plan for your Android phone, the "something" is Web access and "for nothing" means no data plan required.
Smozzy is an Android app that cleverly packages communications between Android browser and Web as messages transmitted via T-Mobile's text messaging service. The result is slow but free Web access (given that you have T-Mobile's unlimited messaging plan).
Under this scheme, Web requests are sent via SMS to Smozzy's server, which retrieves the pages and returns them to your phone via MMS. The tricky part is in how Smozzy fits the camel through the needle's eye. The Smozzy server chops up a Web page, zips each piece, packages the zip files as PNGs, and sends the faux image files via MMS. The app unpacks the files and reassembles the Web page.
Smozzy's Android Market page includes these caveats from the developer, Jeff Donahue:
This app currently works with U.S. T-MOBILE SERVICE ONLY. This application may send and receive a large number of messages, so use of it without an unlimited messaging plan is NOT recommended. It is currently in beta, and has been tested only on Nexus S and HTC G2 devices.
ExtremeTech's Sebastian Anthony lays out some of the app's downsides:
There are some security issues, of course--there's no encryption (though some could be added), so passwords are sent as plaintext--and the entire service currently runs through one man's, cheap-and-cheerful VPS, so it would be unwise to rely on Smozzy being available. It's also incredibly likely that T-Mobile will close this hole, so you probably shouldn't use Smozzy as an excuse to cancel your overpriced data plan and transfer to T-Mobile.
Still, you've got to admire the creativity, and hey, free is free--for as long as it lasts.
Donahue is considering extending the app to other unlimited messaging services beyond T-Mobile, but he's not sure about other platforms, he said. "It was quite a bit of work getting it to work on Android."
Smozzy is a beta release. Donahue is taking a wait-and-see approach before deciding whether to do a commercial release and figuring out how to charge for it, he said. And yes, T-Mobile could shut him down. "I don't think there's much I can do if they block me," he said.
I wonder if they will. Does the disadvantage of some T-Mobile users getting data for free outweigh more people joining T-Mobile to get data for free? What do you think?

XSS Attack On POLICE.UK Website by CYBER4RT

Police.uk Website Cross Site Scripting (XSS) Vulnerable. CYBER4RT Found This Vulnerability on Uk Police Website .You Can see Vulnerable Link Here .

250+ Websites hacked by X-NerD hacker

More than 250 websites are defaced by Pakistani hacker "X-NerD" and a custom page can be seen their at site/x.php . List and Mirror of all 250+ hacked sites are here.

Cocain TeaM Hacked The George Washington Institue for Sustainability website

The George Washington Institue for Sustainability website got hacked and defaced by Cocain TeaM hackers. Mirror of hack available on Zone-H. The George Washington University is located four blocks from the White House and was created by an Act of Congress in 1821. Today, GW is the largest institution of higher education in the nation's capital.

Rootkit Hunter | Rootkit Scanning tool | Scan Rootkit Now

Rootkit scanner is scanning tool to ensure you for about 99.9%* you're clean of nasty tools. This tool scans for rootkits, backdoors and local exploits by running tests like:
- MD5 hash compare
- Look for default files used by rootkits
- Wrong file permissions for binaries
- Look for suspected strings in LKM and KLD modules
- Look for hidden files
- Optional scan within plaintext and binary files
Download Rootkit Hunter

14 Years in Jail for mass credit card theft

A 21 year old man received a 14 year prison sentenced on Friday for running an online business that sold counterfeit credit cards encoded with stolen account information with losses estimated at more than $3 million.

Tony Perez III, of Hammond, Indiana, pleaded guilty to the charges on April 4. In his plea, Perez said he sold counterfeit credit cards encoded with stolen account information. Perez found customers through criminal "carding forums," Internet discussion groups set up to aid in the buying and selling of stolen financial account information and related services.

When the US Secret Service raided his apartment in June 2010, they found data for 21,000 stolen credit cards and equipment needed to encode them onto blank cards. Credit card companies said losses from the card numbers in Perez's possession topped more than $3 million.

In addition to the prison term, Judge Liam O'Grady of U.S. District Court for the Eastern District of Virginia ordered Perez to pay $2.8 million in restitution and a $250,000 fine.

Saturday, September 10

2000 + Email ids and Passwords exposed under Operation #opSouthAfrica by Team Ghosts

Team Ghosts Hacked http://www.waspa.org.za/ Website and exposed more then 2000 users information with passwords.  Operation  #opSouthAfrica Now is in full swing. You can Follow the Team Ghosts on Facebook . Press Release statement about #opSouthAfrica here .
User ids and Passwords here .

Nasa Government Server Unauthorised Access by @SwichSmoke

mandalay.arc.nasa.gov Website Server Unauthorised Access by @SwichSmoke. Access Proof of Nasa Website is Here .

TheDailyStar Website hacked and Database disclosed by CYB3R-M4FI4

The Leading News Media TheDailyStar Website hacked and Database disclosed by CYB3R-M4FI4.
Hacked Website : http://www.thedailystar.net
Database Disclose Here

International Institute of Information Technology, Hyderabad Website Hacked and Database Exposed by CYB3R-M4FI4

International Institute of Information Technology, Hyderabad Website Hacked and Database Exposed by CYB3R-M4FI4.
Brief Intro About IIIT :
The institute was set up in the year 1998 with seed support from the Government of Andhra Pradesh. The Institute strives to combine highest quality education with pioneering research that can make a significant difference to industry and society. A major goal of IIIT-H is to impart a uniquely broad and interdisciplinary IT education of the highest academic quality. 
Today we all are proud torch bearers of our Alma Mater. Wherever we all are and shall continue to be, the superlative histrionics we display or shall do in the times that lay ahead of us, shall be the outcome of our nurturing and innovative grooming at IIIT-H. 
The radar of success would not preclude any of us, on the contrary as all of us are promisingly ensconced today and are soaring higher and higher….. IIIT Hyderabad can be proudly called the production house that churns out beacons for an Inspirational Innovation for India Tomorrow (IIIT)!  
hacked website - http://alumni.iiit.ac.in/
Full Database here .

