Tuesday, January 26, 2010

,

Can You Believe Playstation 3 Just Got Rooted - Geohot

Well its kinda like the days are over of PS3 to be called secure because of a true fact that, the hacker behind some of the iPhone jail breaking and iPod too is behind the Playstation 3 Hardware and is nearly finished with the exploit.

 

Can You Believe Playstation 3 Just Got Rooted - Geohot

 

On 22nd of this month the so known hacker George Hotz aka Geohot have claimed that he have successfully hacked the play station 3 box which he got from his friend.

 

I have read/write access to the entire system memory, and HV level access to the processor. In other words, I have hacked the PS3. The rest is just software. And reversing. I have a lot of reversing ahead of me, as I now have dumps of LV0 and LV1. I've also dumped the NAND without removing it or a modchip.

 

The exploit which he is talking about and is working on is not till yet done and haven't been released by him….

Techcrunch Hacked

TechCrunch : The biggest network of tech news showdown and one of the most visited websites in the world have been hacked just 11 minutes later we got this news. I am investigating about it, as soon we will get the news we will update this post.

 

Update 1 : The Blog is back after 15 minutes of hacked state.

Update 2 : We got some more screens and at 25 minutes after the hack the blog got again hacked with a new words from the hacker..

Update 3 : Official Message come from the TechCrunch Team ":

“Earlier tonight techcrunch.com was compromised by a security exploit.
We're working to identify the exploit and will bring the site back online shortly.”

The Hack is some kind of a link which have a anchor text of “Rapidshare Download”, as it is the most obvious reason people will click on it.

 

But in the meantime the geniuses behind the techcrunch team have seen this and is working on this matter showing a notice on their blog “We'll be back shortly.”

 

2689708043_3afee5af69_o

Thursday, January 21, 2010

,

BT4 Final, Nmap and Immunity Debugger Updated : There is Something In Air

Yeah there is definatly something in the Air, as there are some major tools updates this which are kick ass starting of with the New Backtrack 4 Final release, then there the new Nmap v5.20 released and the most anticipated Immunity Debugger 1.74 released all in the just one week.

 

BT4 Final, Nmap and Immunity Debugger Updated : There is Something In Air

 

Yup, this is exciting and we are all set to use them Dude, this is Hardcore this is pretty much great week for hackers and if you see at the upcoming soft’s you would be more excited, i am talking about Endor and Hax, would be launching soon…

,

Deep Look At Netdevilz XSS : Whois.com Hacked

These days xss and sql injection and mostly blind sql injections are working allot as we have also covered many of them like the Intel one, and many others too but this time the big domain tool whois.com is hacked.

 Deep Look At Netdevilz XSS : Whois.com Hacked

 

Well i am not sure that many of you guys won't know what is whois, so here is the basic information about it.

 

WHOIS (pronounced as the phrase who is) is a query/response protocol that is widely used for querying databases in order to determine the registrant or assignee of Internet resources, such as a domain name, an IP address block, or an autonomous system number. ~ via Wiki

 

The WHOIS system originated as a method for system administrators to obtain contact information for IP address assignments or domain name administrators So, the end of the story tells that it is useful…

Thursday, January 14, 2010

,

2 New Interesting Xss This Week

This Week some of the genius hackers have found some really cool XSS vectors and which i want to introduce to you. These are some which are currently Unpatched and are Hot to use.

 

2 New Interesting Xss This Week

 

Lets see if you guys like them, these are basically good ones and would be useful to you. as i have tested them on some browsers and was found to be working when they were released...

,

Gmail Goes https For Secure : Wi-Fi Protection

Google Just announced they are now moving to the Stable connection of https rather then the traditional connection of http. Gmail previously have also announced that they are making the Mails on https security but now Google is changing the whole connection to https.

Gmail Goes https For Secure : Wi-Fi Protection

 

The Reason are straight the Google is pretty much haded with the Chinese issues going onn. So its just the China which made this possible and special thanks to the hackers, as many of the people are now using SLL on their Gmail.

 

A group of 37 security and privacy specialists sent Google a letter (PDF) last June, urging the company to offer this feature. Gmail became the third-largest email provider last August, with more than 37 million unique visitors...

Are You Ready For Nullcon - Goa 2010

Nullcon are some conferences in India which are made for hackers and security guys, i was pretty exited to know about them as they are going to took place on the 6th - 7th of February of 2010.

 Are You Ready For Nullcon - Goa 2010

 

The con is pretty respected as many of the known security officials are joining inn the con. Some of the Speakers at the con are Veysel Ozer, Cassio Goldschmidt, Lavakumar Kuppan and many others. You can view the whole Plot here.

 

Many of the cons are being started like the Shoo and others also. But its great to see some starting in India too. Null con is going to be awesome and i am pretty sure you should join in too...

Tuesday, January 12, 2010

Angelina Jolie and Barack Obama #1 Choice of Spammers [Report]

MacAfee inc have just released there monthly report on the most Spammed people in the world and this month was special as it is the 1st month of the new year 2010.

Angelina Jolie and Barack Obama #1 Spammed [Report]
There are many others also included in the report published yesterday and you care right the most obvious subjects for spammers are none other then the president of United States "Barak Obama" and one of the most beautiful Actress "Angelina Jolie".

“Free-hosting” websites to provide spam URLs have also become a major target for spammers in this arena. As this to me is obvious as most of us want Free-Hosting for our files and web space.

McAfee Labs™ Discovers and Discusses Key Spam Trends By Adam Wosotowsky and Elan Winkler.  Going Straight away to the reports lets look at the Top Most Spammed Actress in the world...

HITB Ezine Issue 1 Released : Keeping Knowledge Free

Hack in the box and popularly known as HITB have released the new Ezine's for their magazine. The new ezine contains some of the major updates and to provide security researchers a new Outlet for the reading digests.

 

HITB Ezine Issue 1 Released : “Keeping Knowledge Free”

 

Set with the release on the New Year 2010, the new ezine covers some of the most popular and some of the interesting news for the security researchers and pentesters.  The Ezine which will be distributed in the [.pdf ] extension are freely to download and to publish also.

 

The Ezine in my views is a good initiative in the field of security. We haven't got the stats of the downloaded copies but as we will be updated, we will press it...

Sunday, January 10, 2010

US Army Website Defaced : TinKode Strike Again

3fe33fb6-b225-477e-8b86-5005a7f5479ebtr us army logoTinkode is an awesome hacker who have hacked many websites previous with his qualities in sql injections and Xss abilities and have defaced many big websites.

 

But this time Tinkode website is also down. Tinkode some days before hacked and defaced the website of UN Army website named http://onestop.army.mil with the vulnerability of Blind Sql injection in it.

 

But Apparently his website is down too and the reason remains the same he hacked the website of UN Army. The day Army website was hacked just the other day of it the website of Tinkode was down. I was having a eye on this and was pretty sure about this incident...

Saturday, January 9, 2010

,

MITM iPhone's PhotoSwap : How To Steal Hot Pics Of Chicks

PhotoSwapMITM iPhone's PhotoSwap : How To Steal Hot Pics Of Chicks is an application for the iPhone that allows you to send an anonymous photo and receive an anonymous photo back. The service is great for upbeat, healthy, family-fun photo sharing, but managed to become a cesspool for photo debauchery.

 

MITM as we have discussed earlier is a pretty good technically but using it in a iPhone is innovative. The idea is pretty good and the victim is changing from 1 person to another as soon as their images comes on the iphone.

 

You can also visit http://samy.pl/swap/ for the full details of the hack. The hack is pretty awesome and is its usability by a hacker. What happens here, explained by samy kamkar as

,

iiScan : Security On The Cloud

iiScan the newly built tool for the pen testers is just cool as a cloud. This tool i pretty awesome as you can manage your security projects on a cloud and there are many surprises in it.

 iiScan : Security On The Cloud

What iiScan does is that, on the simple basis, you built and web App, it surely contains the Vulnerability in it, they found the vulnerabilities in them from Xss to Sql injections making it cloud, then you get the report of the vulnerabilities and then you can work on them or remove them.

 

 

iiScan provide a cloud-computing based security service which focus on web application security. With iiScan, you can get your web application assessed by iiScan expert and the only thing you have to do is clicking the START botton.

 

After that, a report contained all details of vulnerabilities or risks of your website will be sent to your mailbox. Then you can fix it and make your website safer.

 

Well you can register on their website and use the tool for your upcoming projects and web projects too...

Thursday, January 7, 2010

, ,

@purehate_ Launches Online WPA Cracker : 10$ For 540 Million Passwords

@purehate_  is a backtrack Developer and penetration tester too. He recently Developed a New Online WPA Kracker. For cracking the passwords of the hashed network key is exchanged and validated in a “four-way handshake”.

 @purehate_ Launches Online WPA Cracker : 10$ For 540 Million Passwords

This tool is great as you can see it uses nearly about 540 Million passwords to crack the WPA, well i am not sure, as i am not experienced with the WPA cracking that much. But here is what it does.

 

Ok i am sorry for the name, because i was unable to Find the Name, I hope to get to know his real name. but i got a guess would be Nick as it was written in the contact page as nick pure_hate. Nevermind...

, ,

Windows 7 GodMode Hack [Turtorial]

Windows 7 The New shiny product of Microsoft is just revealed and some windows guys have uncovered a new Hack in Windows 7 which the team at windows call is "GodMode"

 

The Hack is some kind of Glitch as we have also seen the Glitch in YouTube yesterday, What this does is bring you to an new settings page which got some good options in it to play with the windows.

 

Windows 7 GodMode Hack [Turtorial]

 

Obviously not the control panel settings, they contain some of the good one's in them like "Back up Your computer" and "Login Credentials" and stuff like that.

 

The "GodMode" Contains a List of Over 50 sections consisting of setting for you which can be enabled by a simple rename.  But it might be a new promotion by the windows guys to promote their New windows 7...

Wednesday, January 6, 2010

,

How Youtube Got Hacked : How The F*ck She Did That ?

As Mashable Reported this Evening the YouTube video On "twista ft. do or die-do you" Hacked the Number of views on YouTube. Which is near about 79 Billion Views Actually the time i wrote this article, it was 79,441,058,538 views, which in My view is Impossible kind of stuff.

Over 79 billions views

 

Actually the Number of Views Matter allot for the YouTube Freaks and hacking the number of views is something that everybody would want. But after reviewing the video i am pretty damn Sure its some kind of "Big Bug" in the YouTube CMS.

 

This is some king "Glitch" in the YouTube i think :D Best would be if anybody found it before anybody else do. The video is a "Ft. Do or Die" and if u ever read the video comments you would only get one comment out all of them.

 

How The F*ck She Did That ?

Sunday, January 3, 2010

,

Nir Goldshlager Founds XSS Vulnerability in Google And Twitter

A security researcher uncovered some holes in Google Calendar and Twitter that may allow an attacker to steal cookies and user session IDs.

 Nir Goldshlager Founds XSS Vulnerability in Google And Twitter

Nir Goldshlageer is a security researcher, he recently found an Xss vulnerability in the Google Calendar and Twitter too. The HTML injection issue affecting Google Calendar as well that he said could be used to redirect a victim to an attack site anytime the user viewed his or her Google Calendar agenda events.

 

When the victim…(adds) this malicious code, his cookies (and) session ID will be stolen and will be sent to the attacker site," he said. "Then the attacker will be able to get full control of the victim’s Google accounts like: Google Calendar account, Google Groups, iGoogle, etc.”

,

Intel Website Hacked : Another SQL Injection From Unu

Intel Website HackedThis is kind of a luck because the amount of SQL injections are affecting the large website is just unbearable. This time the Hacker is one the best and my favorite hacker in the world "unu". unu have previously hacked some really popular website like The Wall Street Journal and Kaspersky Lab’s Websites.

 

I know this news is petty late as the Intel website was down near 23rd of December of 2009. which you can say about 1 week ago.But when the website was hacked, it was lead down and was showing a message of “investigating the matter.”

 

Not only is the website vulnerable to sql injection but it also allows load_file to be executed making it very dangerous because with a little patience, a writable directory can be found and injection a malicious code we get command line access with which we can do virtually anything we want with the website.

 

 

Upload phpshells, redirects, infect pages with Trojan droppers, even deface the whole website.

 

This is a kind of pity on the Intel security engineers,  but what can we do, if they don't pay to the security professionals....

Friday, January 1, 2010

, , ,

The Anatomy Of GSM Encryption Hack

After Karsten Nohl hacked the GSM encryption, I thought to Digg this a bit in more detail. So i have written this whole guide in favor of it. So lets start.

 

Karsten Nohl, A Germen Hacker have claimed that he have successfully cracked the GSM mobiles security algorithm. That we all know but the question that arises here is what he did to crack the GSM encryption which have been for years, actually from 1987.

 

There was a conference know as 26th Chaos Communication Congress (26C3) , as we all know which is indeed the most respected and one of the most seeable conferences in Europe.

 

3842740300_213911ed38_o

 

It takes place from December 27th to December 30th 2009 at the bcc Berliner Congress Center in Berlin, Germany. which is quite recent and what was special this time on it was the GSM encryption crack details which were going to be demoed in the conference.

 

The 26C3s slogan is "Here Be Dragons".

 

As a matter of fact i was not there in the conference and thus missed all the stuff going on there. but some of my twitter friends helped me out with this. When twitters started to tweet with the hash tag of #26C3 all was going clear about it...