Hacking Concepts

Now there is really great news for all the supporters of Former National Security Agency ( NSA ) contractor Edward Snowden , as he is nominated for the 2014 Nobel Peace Prize by two Norwegian lawmakers. Snorre Valen and Baard Vegar Solhjell , parliamentarians from Norway’s Socialist Left Party said, “ He has contributed to revealing the extreme level of surveillance by nations against other nations and of citizens ,”     Edward Snowden revealed various widely extended NSA spying projects and responsible for handing over the material from one of the world's most secretive organizations the NSA. He faces charges of theft and espionage and is in Russia on temporary asylum. “ Snowden contributed to people knowing about what has happened and spurring public debate ” on trust in government, which he said was “ a fundamental requirement for peace ”. Snorre Valen also added that, “ There’s no doubt that the actions of Edward Snowden may have damaged the securi

  Security researchers at Kaspersky has came across a cross-platform malware which is capable of running on Windows, Mac and Linux. The malware is completely written in Java.  Even the exploit used for delivering the malware is also well-known Java exploit(CVE-2013-2465) which makes the campaign completely cross-platform. Once the bot has infected a system, it copies itself into user's home directory as well as add itself to the autostart programs list to ensure it gets executed whenever user reboots the system. Once the configuration is done, the malware generates an unique identifier and informs its master.  Cyber criminals later communicates with this bot through IRC protocol. The main purpose of this bot is appeared to be participate in Distributed-denial-of-service(DDOS) attacks.  Attacker can instruct the bot to attack a specific address and specify a duration for the attack. The malware uses few techniques to make the malware analysis and detection more difficult.  It

Syrian Electronic Army yesterday posted a tweet saying that one of its friend with handle "Anti-NSA" hacker defaced the Angry website. At the time, we were not able to confirm the defacement.  No one was reported to have seen the hack.  Even the Zone-h mirror didn't confirm the defacement, displayed a message "The mirror is onhold and has not been verified yet". So, we didn't have strong proof to report the hack.  Today,  Rovio, creator of angry birds, confirmed that the defacement was there for few minutes and corrected immediately.  Now, the Zone-h record also confirmed it. Antti Tikkanen, Director of Security Response at F-Secure Labs, said in twitter that the attack is actually 'DNS Hijack attack'. He mentioned that the website itself not touched by the hacker; hacker managed to modify the DNS records. He also said that the angrybirds website pointed to some IP address(31.170.165.141) assoicated with Lithuania for at least one hour.  The same

  A New Android Trojan which is said to be the first Android Bootkit has been discovered by the Russian security firm Doctor Web. The malware resides in the memory of the infected devices and launches itself early on in the OS loading stage and makes it hard to remove from the device. The trojan, identified as Android.Oldboot.1.origin, installs one of its components into the boot partition of the file system.  It also modifies the init script -  a specialized program for initializing elements of the Android system. When the device is turned on, the script is get executed and installs other malware components as a typical application. Android virus which can't be removed by your Antivirus:  This malware is considered as most dangerous of android malware because even if you remove it, once the device is rebooted, the component residing in the protected memory area will re-infect the device. Researchers believe the threat gets into the device when user reflash their smar

So now obviously this again goes automatic, you just need to follow simple steps and execute a small script and all your friend requests will be accepted automatically + any page request or other requests can also be accepted easily. So now lets see how exactly this thing works. 1. Open Facebook.com and Sign-In. 2. Now visit https://www.facebook.com/reqs.php and here you will see all the requests for pages and right on top you will see all the friend requests. 3. Now you will see "See More" option click that to show all friend requests. 4. Now just press Ctrl + Shift + J to open Console menu in chrome and then simply paste the below script and press enter. javascript:for( i = 1;i<document.getElementsByName("actions[accept]").length;i++) {document.getElementsByName("actions[accept]") [i].click();}void(0); 5. That's it now within seconds all the friend requests will be accepted. 6. This even works for all the page req

Sending Bulk Messages on Facebook using Script So now guys if you are interested in sending bulk messages to all your friends on facebook then here is an easy way to do so. Open Facebook.com and Sign-In to your account. Now after Signing-In just press  F12  in chrome &  Ctrl  +  Shift  +  K  in Firefox to open the Console Tab. Now just copy the whole script provided here  [Link]  and paste it inside the Console Tab and press Enter. Now a new popup windows like below will open, with the text field to write your message and a Post button to send it immediately. Now to confirm that everyone is going to receive your message just open any of your friend using chat system and press Post to see how he will get your message and so do all of your friends will receive the same message in seconds. REMEMBER  Use this script once in a day else facebook will temporary block your messaging service for doing bulk messaging. So guys now enjoy this awesome trick to send bulk m

In October 2013,  Microsoft  adopted a silent, offensive method to tackle infection due to a Tor-based botnet malware called ' Sefnit '. In an effort to  takedown of the  Sefnit botnet  to protect windows users, Microsoft r emotely removes the older versions of installed Tor Browser software and infection from 2 Million systems, even without the knowledge of the system's owner. Last year in August, after Snowden revelations about the National Security Agency's ( NSA ) Spying programs, the Internet users were under fear of being spied. During the same time Tor Project leaders noticed almost 600% increase in the number of users over the anonymizing networks of Tor i.e. More than 600,000 users join Tor within few weeks. In September, researchers identified the major reason of increased Tor users i.e. A Tor-based botnet called ' Sefnit malware ', which was infecting millions of computers for click fraud and  bitcoin  mining. To achieve the maxim

As i said earlier, this year starts with bad luck for Microsoft.  As promised earlier in their tweet that they didn't finish their attack on Microsoft, they have attacked another website belong to Microsoft. This time, it is official 'Microsoft Office' blog. "We didn't finish our attack on @Microsoft yet, stay tuned for more! #SEA" Hackers posted in one of their earlier tweets. Hackers posted a screen shot that shows they managed to post articles entitled "Hacked by Syrian Electronic Army" in the blogs.office.com. They also mentioned in their tweet that Microsoft can expect more attack from SEA team. Hackers also posted couple of screen shots that shows they have gained access to the control panel of Office blog. "Dear @Microsoft, Changing the CMS will not help you if your employees are hacked and they don't know about that. #SEA" latest tweet from SEA reads. 

Last year in the month of December the Security-focused Unix-like distribution ' OpenBSD ' Foundation announced that it was facing shut down due to lack of funds to pay their electricity bills and dedicated Internet line costs.      Theo de  Raadt , the founder of the OpenBSD project, and Bob Beck (Developer)  announced : " In light of shrinking funding, we do need to look for a source to cover project expenses. If need be the OpenBSD Foundation can be involved in receiving donations to cover project electrical costs. But the fact is right now, OpenBSD will shut down if we do not have the funding to keep the lights on. " Just after a month, a Bitcoin billionaire from Romania has stepped in and sorted OpenBSD out! Mircea Popescu , the creator of the  MPEx  Bitcoin  stock exchange  has offered $20,000 donations to the OpenBSD Foundation and saved the existence of OpenBSD development from being stopped. Like each open source project, OpenBSD producti

123456, password, 12345678, qwerty… or abc123 , How many of you have your password one of these??? I think quite a many of you. Even after countless warnings and advices given to the users by many security researchers, people are continuously using a weak strength of password chains. After observing many cyber attacks in 2013, we have seen many incidents where an attacker can predict or brute-force your passwords very easily. From 2012, the only change till now is that the string “ password ” has shifted to the second place in a list of the most commonly used passphrases and string “ 123456 ” has taken the first place recently, according to an annual " Worst Passwords " report released by SplashData , a password management software company They announced the annual list of 25 most common passwords i.e. Obviously the worst password that found on the Internet. The Most common lists of the passwords this year are " qwerty ," " abc123 ,&quo

Since all threats to data security and privacy often come from outside, but internal threats are comparatively more dangerous and a difficult new dimension to the data loss prevention challenge i.e.Data Breach. The " Insider threats " have the potential to cause greater financial losses than attacks that originate outside the company. This is what happened recently with three credit card firms in South Korea, where the financial and personal data belonging to users of at least 20 million, in a country of 50 million, was stolen by an employee, who worked as a temporary consultant at  Korean Credit Bureau (KCB). “ Confidential data of customers ranging from the minister-level officials to celebrities, including their phone numbers, addresses, credit card numbers, and even some banking records, have been leaked from Kookmin Bank, Shinhan Bank and several other commercial banks ”, The stolen data includes the bank account numbers, customers' names, social se

Have you given shed to Zombies in your house? No???? May be you have no idea about it. After Computers, Servers, Routers, Mobiles, Tablets…. Now its turn of your home appliances to be a weapon or a victim of cyber war. Recently Security Researchers from  Proofpoint  found more than 100,000 Smart TVs, Refrigerator, and other smart household appliances compromised by hackers to send out 750,000 malicious spam emails. As the ’ Internet of Things ’ becoming smart and popular it became an easy weapon for cyber criminals to launch large scale of cyber attacks. “ The attack that Proofpoint observed and profiled occurred between December 23, 2013 and January 6, 2014, and featured waves of malicious email, typically sent in bursts of 100,000, three times per day, targeting Enterprises and individuals worldwide." Previously, such attacks were only drafted theoretically by researchers, but this is the first such proven attack involved smart household appliances that are u

Security firm IntelCrawler has been analyzing the recent massive data breaches of Target and Neiman Marcus.  The company said that it has identified the creator of the malware used in these attacks. According its  report , Sergey Taraspov, a 17-year-old boy from Russia, with Online handle ' ree[4] ', allegedly first created the sample of the BlackPos malware in March 2013. Initially the malware is referred as "Kaptoxa"("potatoe" - in russian slang) which was later referred as " Dump memory grabber " in underground forums by the creator.  "BlackPOS" name came from the title used in C&C communications. BlackPOS is a  RAM scrapping malware  totally written on VBScript which is designed to be installed on POS devices and steals all data from cards swiped through the infected system. Based on its own sources, the organization determined that the first victim of the malware is Point of Sale(PoS) systems in Canada, US and Aus

Social Engineering attacks is one of the most successful attack method- Even the system which is claimed to be 100% secure can be hacked, if an attacker is able to manipulate one employee. We recently covered a news about the recent Microsoft's twitter account hack in which Syrian hackers compromised the email accounts of Microsoft's employees through a phishing attack. Microsoft has finally admitted that the Syrian Electronic Army has hacked into several Microsoft employee email accounts via phishing attack. "A social engineering cyberattack method known as phishing resulted in a small number of Microsoft employee social media and email accounts being impacted." Microsoft spokesperson said in an email sent to Geekwire. Microsoft said that the compromised accounts have been recovered.  They also claimed that no customer info stolen in the attak. "We continue to take a number of actions to protect our employees and accounts against this industry-wide i

Syrian Electronic Army , who has hacked hundreds of High Profile targets in 2013-14, today they got hacked by a Turkish hacker. Turkguvenligi ,  a Turkish hacker told The Hacker News that he hacked and defaced the official website of the hacking group SEA ( sea . sy  and  leaks . sea . sy ). SEA Group has taken down many serious targets like Microsoft, Obama & New York Times' twitter accounts & websites in the past, but today their own server got breached. The most common hacking technique used by the SEA Group is  Phishing , but the Turkguvenligi hacked then using an exploit known for vulnerabilities in the server or website. At the time of writing this news, the whole website of SEA was down, but our readers can see the defacement mirror on  Zone-H . Turkguvenligi  tagged SEA in a  tweet , says " hi guys, you have been hacked ": The Syrian Electronic Army group has not commented anything about the hack, but We'll keep you updat

After the revelations from NSA internal documents leaked by Edward Snowden, the world knows the  NSA  as the Real Techie Gangster of this 21st Century, with the ability to brutally infiltrate every kind of electronic device, the Internet, and global communications.  " It is becoming increasingly difficult to trust the privacy properties of software and services we rely on to use the Internet. Governments, companies, groups and individuals may be surveilling us without our knowledge.  " The Inventor of JavaScript & current CTO of Mozilla,  Mr. Brendan Eich  said in a  blog post NSA is not just focused on high-tech exploits, but also specialize in inserting secret backdoor to legitimate products. Its Tailored Access Operations (TAO) unit works with the CIA and FBI to intercept shipments of hardware to insert spyware into the devices. This way NSA is able to keep an eye on all levels of our digital lives, from computing centers to individual computers, and fr

Want to use Chrome without buying a Chromebook? Here's a simple way to do it on a Windows machine that will take only a few minutes. You won't get all of Chrome's features, but you will get the most important ones. First a caveat. You won't actually replace Windows with Chrome or turn your machine into a dual-boot machine. Instead, you'll get many of Chrome's most important features right inside of Windows, including using the Chrome App Launcher and running Chrome apps directly from the Desktop. To do it,  install the Chrome browser . If you already have it installed, make sure that it's up to date. Click the Chrome menu (it's the icon on the upper-right of the screen), then select About Google Chrome. It will report your version number, and if it's outdated, will update to the newest version. (The newest version, as I write this, should be some form of Version 32, such as 32.0.1700.76 m.) Now head to the  For Your Desktop collection  in the

Last year Samsung launched a security feature called ' KNOX ' for high-end enterprise mobile devices. It's a nice security addition and free with new Samsung handsets such as the Galaxy Note 3 and Samsung Galaxy S4. Samsung Knox is an application that creates a virtual partition (container) within the normal Android operating system that allows a user to run two different Android systems on a same device, so that you can securely separate your personal and professional activities. KNOX based virtual operating system of your phone requires a password to be accessed and helps you to securely store data that they're especially concerned about, such as personal pictures and video, in protected containers that would be resistant to hacking attempts on stolen devices. You can switch between Knox mode and personal mode using shortcuts in the app tray and notification tray. All the data and applications stored in the KNOX container system are completely