A climate mangles a rush myth.

Once this sentence is on your blog, come back to your PPP account and press the claim blog button. You can remove the post after you have successfully claimed the blog.

Supreme Court of Canada vulnerable to xss attack !

Vunl Link : http://sr.scc-csc.gc.ca/search?client=SCC-CSC&site=Internet&output=xml_no_dtd&proxystylesheet=SCC-CSC&hl=en&oe=latin1&ie=latin1&q=%3E%22%3E%3CMARQUEE%3EHACKED+BY+ZERO+COOL%3C%2FMARQUEE%3E&btnG=Search


Found n Submitted by : Zero Cool

Self-wiping hard drives from Toshiba

Toshiba announces a family of self-encrypting hard disk drives (HDDs) engineered to automatically invalidate protected data when connected to an unknown host.

The new Toshiba Self-Encrypting Drive (SED) models enable OEMs to configure different data invalidation options that align with various end-user scenarios.
Designed to address the increasing need for IT departments to comply with privacy laws and regulations governing data security, the drives are ideally suited for PC, copier and multi-function printer, and point-of-sale systems used in government, financial, medical, or similar environments with an acute need to protect sensitive information.

IT data management concerns

LogLogic announced the findings to an IT Data Management survey carried out amongst 164 IT managers and directors.
The research aims to establish how IT data is being managed and utilised within UK organizations.

Key findings:

• Only 14 percent of survey respondents could say that they highly trusted the quality of their IT data and had no concerns. Staggering then that 81 percent said they used their IT data for compliance purposes.
• A huge 41 percent admitted that they couldn’t readily access all of their IT data and 48 percent added that it wasn’t in the right, useable format.
• 49 percent said that they couldn’t easily create reports. Confirming this, the research found that only 16.2 percent could create IT data reports in real time, 25 percent would take longer than five hours (and 13 percent of those estimating it taking longer than 24 hours).
• Of those who could create reports and insights from their IT data, only 26 percent said they were actionable.
• 43 percent don’t use their IT data to help manage service level agreements and 44 percent don’t use it for operational planning either.
• 36 percent of respondents estimate that less than 49 percent of the IT data that they need to need to report on and analyse is available to them and accessible for compliance, security or operational intelligence purposes.

“It’s clear from the findings that organisations are taking a tactical rather than strategic approach to IT data management,” said Guy Churchward, CEO at LogLogic. “For example, security and compliance were listed as the key reasons for viewing/using IT data (81 and 73 percent respectively) – activities the business has to carry out to protect itself. Only 32 percent saw IT data as a productivity tool and seven percent even admitted that their IT data was completely ignored and unused. The situation is further compounded by the fact that a high percentage of organisations have data quality and trust concerns.”
He continued: “Our research found that only 19.8 percent of c’level directors are currently asked to review IT data. This drops to 13 percent when the same question is asked of their board directors. This will however change in due course as IT data warehousing and management becomes the crux of IT decision-making and CIOs and IT managers assess their ability to implement modern computing models in the enterprise.
Current IT infrastructures have grown into a chaos of applications, agents and devices that generate an increasing amount of IT data. This data provides a wealth of information on how systems are being used, how they are performing, where to drive efficiencies, and how to meet compliance mandates and increase security.

HD video security on the iPad

To help you keep tabs on your home or office anytime, anywhere, Logitech introduced the Logitech Alert app for iPad which makes it easy to access your Logitech Alert digital video security system.

The Logitech Alert app for iPad is one of the first iPad apps developed strictly for tablet-based HD digital video surveillance. The app lets you view 720p HD video coupled with rich sound quality that’s captured by the user’s Logitech Alert cameras — including the Logitech Alert 750i Master System, the weatherproof Logitech Alert 750e Outdoor Master System and any Logitech Alert Add-On Camera — giving you the ability to see and hear what’s going on at home or the office even when you’re miles away.

App employs facial recognition to prevent visual eavesdropping

Oculis Labs released PrivateEye Enterprise, a desktop security application that employs facial recognition and detection algorithms with a standard webcam to actively protect information displayed on computer screens.

PrivateEye Enterprise offers a way to secure information used by CEOs, CFOs, auditors, consultants, lawyers, doctors, investigators, HR personnel and other users seeking greater privacy.
IT Administrators can manage client policies from a standard Group Policy Management console and can tailor PrivateEye Enterprise policies for the entire domain, business units, or individual users. Importantly, this solution complies with Windows’ Server Group Policy allowing any Windows-based organization to add PrivateEye Enterprise seamlessly to its existing IT infrastructure.

McAfee enhances its Network Security Platform

McAfee announced enhancements to its Network Security Platform which includes:
Enhanced botnet control: File and network connection reputation feeds from cloud-based McAfee Global Threat Intelligence allows Network Security Platform to perform in-line botnet prevention based on over 60 million malware samples and the reputation of hundreds of millions of network connections based on over two billion IP reputation queries each month. This external intelligence provides vital context for faster, more accurate detection and prevention.
Traffic analysis port: Traffic redirect capabilities allow arbitrary network traffic to be subjected to additional inspection by McAfee and third party products, including data loss prevention, network forensics and advanced malware analysis tools.
Virtual network inspection: Enables the Network Security Platform sensors to examine inter-virtual machine traffic on virtual environments and provide attack detection for virtual data center environments. Network Security Platform can inspect traffic both within virtual environments and between virtual and physical environments, giving organizations the same level of visibility regardless of where the traffic flows.
As enterprises consolidate data centers, adopt cloud-services, and virtualize critical infrastructure they need a way to unify security management across physical and virtual infrastructures. In partnership with Reflex Systems – a leader in virtualization management solutions – McAfee brings its threat detection and security management to virtual environments.
Together, McAfee and Reflex Systems will offer integrated virtual and physical security and management that enables customers to holistically monitor and understand security issues, easily apply best practices, and provide comprehensive reporting for compliance purposes across the current and next-generation data center infrastructure.

Microsoft Office for Mac 2011 SP1 released

Microsoft Office for Mac 2011 Service Pack 1 (14.1.0) fixes critical issues and also helps to improve security.

It includes fixes for vulnerabilities that an attacker can use to overwrite the contents of your computer’s memory with malicious code. For detailed information about this update, please visit the Microsoft Web site.

Applies to:

• Office 2011
• Office 2011 Home and Business Edition
• Word 2011
• Excel 2011
• PowerPoint 2011
• Outlook 2011
• Communicator 2011
• Office for Mac Standard 2011 Edition
• Microsoft Office for Mac Home & Student 2011
• Microsoft Office for Mac Academic 2011.

ESET NOD32 releases Antivirus for Linux 4 !

ESET announced the availability of ESET NOD32 Antivirus 4 Business Edition for Linux Desktop and ESET NOD32 Antivirus 4 for Linux.
ESET NOD32 Antivirus 4 for Linux offers protection against cross-platform and emerging threats, enhancing the security of Linux platforms. The scanning engine automatically detects and cleans malicious code, including threats designed for Windows and Mac based systems.

Malaysiakini – Malaysia’s Most Popular News Website Shutdown’s after cyber attack !

It has been reported that Malaysia’s most popular news website Malaysiakini (http://www.malaysiakini.com) has been hit by cyber attack from 11 AM afternoon shutting the website down. The attack created a stir when the website stopped working just before the Sarawak election, making the website inaccessible to the readers. The attack has been diagnosed as Denial-of-service attack which is considered to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely. Denial-of-service attacks are considered violations of the IAB’s Internet proper use policy, and also violate the acceptable use policies of virtually all Internet service providers. They also commonly constitute violations of the laws of individual nations.

According to the technical team, the cyber attack has resulted in  swarming the Malaysiakini servers to the point that they are unable to cope with the massive traffic. Highlighting the attack both the data centers TM Brickfields and Jaring have also been affected.

French Hacker Arrested After Bragging on TV !

The hacker appeared on the France 2 television programme “Complément d’enquête” (Further investigation) where he claimed to have hacked into computers belonging to the French Army and Thales Group, an IT contractor for the aerospace, defense and security industries.
After the programme aired, the company filed a complaint, claiming the hacker stole confidential information from its internal network.
The man, identified in only as Carl, was arrested on April 7 in Paris. When inspecting his computer, police found the details of hundreds of credit cards and bank accounts.
The hacker admitted selling the information on underground websites, as well as using them to make fraudulent purchases for himself and others.

BackTrack 5 will also be for Motorola Xoom

As of now, offensive-security have got a modified version of an Ubuntu 10.04 ARM image, chrooted on a Motorola Xoom. The tablet is running a modified, overclockable kernel (from 1.0 to 1.5 GHz). The chrooted BackTrack environment is running a VNC server, from which you can connect from the tablet itself. When run locally from the Xoom tablet, the VNC session does not lag, and the touch keyboard and touchscreen are very workable.

As expected from a chrooted environment, offensive-security are not using any custom drivers (for now), and injection and other related wireless attacks are NOT possible. Here’s a few screenshots we managed to scrounge from our dev box:

BackTrack on Motorola Xoom Screen 1

BackTrack on Motorola Xoom Screen 2

BackTrack on Motorola Xoom Screen 3

BackTrack on Motorola Xoom Screen 4

BackTrack on Motorola Xoom Screen 5

BackTrack on Motorola Xoom Screen 6

offensive-security hope to release a dev version of this image in a couple of weeks for other Xoom owners to play with. We’ll keep you posted !

Tell us how you did it, Pakistan court to hackers !

Tell us how you did it, Pakistan court to hackers !

Hackers would be granted bail if they taught judges how to do the job, Pakistan's Supreme Court said in a lighter vein as it heard the bail plea of two teenagers who had broken into the Supreme Court website last year. The Supreme Court then granted bail to the two teenagers who are accused of hacking its official website and placing derogatory material about judiciary and the chief justice on it, Dawn reported Tuesday.
The bench, comprising Justices Asif Saeed Khan Khosa and Amir Hani Muslim, was headed by Justice Javed Iqbal.

The judges said the hackers had done a "brilliant job".

Their counsel Iftikhar Hussain Gilani promptly said they had not hacked the site.

To which, the judges asked Gilani why he was not ready to accept praise for the hackers.

They then said in a lighter vein they would grant bail on the condition that the accused taught them how to do such a job.

The judges, however, observed that it was not just the issue of hacking, the hackers had also deprived the people and visitors to the website of general information and information regarding fixation of cases.

They also observed that highly objectionable material had been placed on the website.

Gilani claimed the site had not been hacked by the teenagers but by some Indians.

Wireshark 1.5.1 Development Release !

Wireshark 1.5.1 has been released. Installers for Windows, OS X, and source code are now available.

New and Updated Features

The following features are new (or have been significantly updated) since version 1.4:

CEH Trainer (Centennial Media Training) Got Hacked !

Hacked site : http://www.cmtraining.com.au/product.php?prod_id=68

50 government website hacked by Tn-V!Rus and The 077

Hacked sites : http://pastebin.com/wmmRF78j

71 websites hacked by T0$h!R0 AM!N

Hacked Sites : http://pastebin.com/b1FnnMHp

1000 website hacked by bad boy !

Hacked Site List : http://pastebin.com/JTDgcyMV

Barracuda Networks Hacking via SQL Injection !

Barracuda Networks Inc. combines premises-based gateways and software, virtual appliances, cloud services, and sophisticated remote support to deliver comprehensive content security, data protection and application delivery solutions. The company’s expansive product portfolio includes offerings for protection against email, Web and IM threats as well as products that improve application delivery and network access, message archiving, backup and data protection.

Barracuda Networks’ product portfolio includes: Barracuda Spam & Virus Firewall, Barracuda Web Filter, Barracuda IM Firewall, Barracuda Web Application Firewall, Barracuda SSL VPN, Barracuda Load Balancer, Barracuda Link Balancer, Barracuda Message Archiver, Barracuda Backup Service, and the BarracudaWaresoftware portfolio. Combining its own award-winning technology with powerful open source software, Barracuda Networks solutions deliver easy to use, comprehensive security, networking, and data protection products. Barracuda Central, an advanced 24x7 operations center manages data centers for all service-based offerings and works to continuously monitor and block the latest Internet threats.

DUCAT Punjab Best Ethical Hacker Competition

Registration : http://www.dreamtechlabs.com/registration.php
Participants are requested to carry their personal laptops with Battery backup. A Test fees of Rs 100 has to be submitted on the spot.

News By : Vishal Sharma

OllyDbg 2.01 alpha 3 Released !

A major update with many new features. Here are the most important:

• - Support for multi-monitor configurations
• - Hardware breakpoints and fast command emulation now co-operate. That is, run trace rund at full speed (up to and exceeding 500000 commands per second) even if there are hardware breakpoints set
• - Purely conditional breakpoints during run trace are strongly accelerated

Sqlmap v.0.9 - automatic SQL injection and database takeover tool !

sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a kick-ass detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.

Change Log :

RawCap sniffer for Windows released

We are today proude to announce the release of RawCap, which is a free raw sockets sniffer for Windows. Here are some highlights of why RawCap is a great tool to have in your toolset:

• Can sniff any interface that has got an IP address, including 127.0.0.1 (localhost/loopback)
• RawCap.exe is just 17 kB
• No external libraries or DLL's needed
• No installation required, just download RawCap.exe and sniff
• Can sniff most interface types, including WiFi and PPP interfaces
• Minimal memory and CPU load
• Reliable and simple to use

Usage
RawCap takes two arguments; the first argument is the IP address or interface number to sniff from, the second is the path/file to write the captured packets to.

C:\Tools>RawCap.exe 192.168.0.23 dumpfile.pcap
You can also start RawCap without any arguments, which will leave you with an interactive dialog where you can select NIC and filename:

WiFite The WEP/WPA Cracker version r68 released !

Designed for Backtrack4 RC1 distribution of Ubuntu. Linux only; no windows or osx support.
Purpose :
to attack multiple WEP and WPA encrypted networks at the same time. this tool is customizable to be automated with only a few arguments. wifite can be trusted to run without supervision.
Feature :

• this project is available in French: all thanks goto Matt² for his excellent translation!
• sorts targets by power (in dB); cracks closest access points first
• automatically deauths clients of hidden networks to decloak SSIDs
• numerous filters to specify exactly what to attack (wep/wpa/both, above certain signal strengths, channels, etc)
• customizable settings (timeouts, packets/sec, channel, change mac address, ignore fake-auth, etc)
• “anonymous” feature; changes MAC to a random address before attacking, then changes back when attacks are complete
• all WPA handshakes are backed up to wifite.py’s current directory
• smart WPA deauthentication — cycles between all clients and broadcast deauths
• stop any attack with Ctrl+C — options: continue, move onto next target, skip to cracking, or exit
• switching WEP attack methods does not reset IVs
• intel 4965 chipset fake-authentication support; uses wpa_supplicant workaround
• SKA support (untested)
• displays session summary at exit; shows any cracked keys
• all passwords saved to log.txt
• built-in updater: ./wifite.py -upgrade

Requirement : 

• linux operating system (confirmed working on Ubuntu 8.10 (BT4R1), Ubuntu 10.04.1)
• tested working with python 2.4.5 and python 2.5.2; might be compatible with other versions,
• wireless drivers patched for monitor mode and injection: backtrack4 has many pre-patched drivers,
• aircrack-ng (v1.1) suite: available via apt: apt-get install aircrack-ng or by clicking here,
• xterm, python-tk module: required for GUI, available via apt: apt-get install python-tk
• macchanger: also available via apt: apt-get install macchanger
• pyrit: not required, optionally strips wpa handshake from .cap files

Download Here...

Anonymous Plans Sony Boycott on April 16

Say you're a hacker trying to cripple a major electronics company for suing its own users: how do you launch a cyberattack without harming the people you're trying to protect?

In the case of hactivist group 'Anonymous,' which has spent the week targeting Sony to retaliate against Sony's ongoing lawsuits against PlayStation 3 modifiers, you take it offline.

Anonymous is staging a 24-hour, in-store boycott at Sony stores around world on Saturday, April 16. So far over 1,000 people have RSVP'd through Facebook.

PenTBox 1.4 – Penetration Testing Security Suite Download

PenTBox, a security framework written in Ruby and multiplatform (actually working even on iOS and Android!).

Tools & Features (Updated)
Technical features
- GNU/GPLv3 License. Free in freedom and in price.
- Multi-platform (Ruby: GNU/Linux, Windows, Mac OS, *BSD, iOS, Android, …).
- Compatible with Ruby and JRuby.
- Multithreading (native threads in Ruby >= 1.9 and JRuby).
- Doesn’t require additional libraries (non standard are included).
- Modular (easy to expand and customize).

Tools (SVN Version)
- Cryptography tools
Base64 Encoder & Decoder
Multi-Digest (MD5, SHA1, SHA256, SHA384, SHA512, RIPEMD-160)
Hash Password Cracker (MD5, SHA1, SHA256, SHA384, SHA512, RIPEMD-160)
Secure Password Generator
- Network tools
Net DoS Tester
TCP port scanner
Honeypot
Fuzzer
DNS and host gathering
- Web
HTTP directory bruteforce
HTTP common files bruteforce

A moderate number of people are using it and some important blogs have talked about it. A curious fact is that some people from anonymous use it for DoS attacks (but it isn't the most important part of the
framework).

You may like to talk about the tool.

Website : http://www.pentbox.net/
Sourceforge: http://sourceforge.net/projects/pentbox/

70 Indian Websites Hacked By Shadow008 (PakCyberArmy)

Hacked Sites : http://pastebin.com/8weEL5Bx

DRIL : Domain Reverse IP Lookup Tool Download

DRIL ( Domain Reverse IP Lookup ) Tool is a Reverse Domain Tool that will really useful for penetration testers to find out the domain names which are listed in the the target host, DRIL is a GUI, JAVA based application which use the Bing API key.DRIL has a simple user friendly which will be helpfull for penetration tester to do there work fast without a mess .this is only tested on linux still , been java it should work on windows to.

There are online tools available, But many times due to slow internet connectivity we intend to get frustrated while audits. this tool is small and handy will not consume harddisk space So, its simply an good and fast altenative.

How to run DRIL
java -jar

example

java -jar “/home/treasure/DomainReverseIPLookup.jar”

and it should open the application

Download DRIL

The Underground Cyber Hacking Challenge !

~~~ Menu of the day ~~~
 0x00 - 0p3nH4x #1 2011 - Ezine #1
 0x01 - The structure of 0p3nH4x #1 2011
 0x02 - About the targets
 0x03 - Goals
 0x04 - Points system
 0x05 - Reporting and Documentation
 0x06 - Prizes, biatchez
 0x07 - Rules
 0x08 - Registrations and information
 0x09 - About the idea and final words

Gta-SanAndreas &1342 New WebSites HAckeD By The 077 ( Hamdi HAcker )

Hacked Sites List : http://www.gta-sanandreas.com/downloads/pafiledb.php & http://www.zone-h.org/archive/notifier=The%20077

Hacked ICS/ICW domains belongs to Cat Techie group, said by ICS Admins !

On the Early Morning of 7^th April we got the news that Cat Techie akka vaidehi sachin's all sites, Security Firm & News Company got Hacked ! Read here : http://www.thehackernews.com/2011/04/cat-techie-akka-vaidehi-sachins-all.html

There were two more Domain got hacked which represent ICS – Indian Cyber Squad and ICW – Indian Cyber Warriors . At 1^st impression everyone was thinking that these two domains belongs to the original ICS & ICW groups, But today we got some Proofs n Statements from The owner of these groups that these two domains do not belongs to their team.

Statement By Navneet ( ICS Admin ) :

So today Cattechie got hacked,:| as usual I was not interested in her and her NBC but I was lil free  from my work and then I realized that all the sites which got hacked are on same server and I saw www.indiancybersquad.com on the zone-h mirrors I was little shocked and I reported all the members of Indian cyber squad and then I also say www.indiancyberwarrior.com seeing that too I was little shocked because I have never seen official website of ICW. It is completely fake news and it was done for some sought of publicity. Here are some proofs from my side which I got. www.Kaizen.org.in is the official site of Security Company which belongs to cat techie which is also on the same server of that of www.indiancybersquad.com.

DerbyCon Security Conference 2011

We are happy to announce that Offensive Security will be sponsoring DerbyCon. DerbyCon is a new hacker conference located in Louisville Kentucky. Our goal is to bring back an old style, community driven hacker con chocked full of amazing talks, live events and all around fun.

The idea for DerbyCon was created by Dave Kennedy (ReL1K), Martin Bos (PureHate), and Adrian Crenshaw (Irongeek). The goal came from a desire to see more of the old style talks and events of the cons of the past. We spoke to some in the community and our speaker list is already stacked with some of the industry’s leading minds and this is even before the call for papers has been issued. We are also happy to announce that DerbyCon’s call for papers is going live today, be sure to submit your talk if you have something cutting edge and high-speed. For information on how to submit go to http://www.DerbyCon.com/call-for-papers

In addition to some amazing talks there are a number of events scheduled including a very special appearance of Dual Core. Some of the events are Capture the flag, Network King of the Hill, Lockpick Village, Soldering Village, and Marathon “Hacker Movie” Theater to name just a few.

Finally, DerbyCon will be host to some specialized two-day training courses offered for only $825.00 for both days. DerbyCon will be at the Hyatt Regency in Louisville Kentucky, tickets will go on sale at 8:00AM on Friday April 29, 2011 for $125.00 for that weekend and go up to $150.00 on the following Monday. In addition, BSIDES Kentucky will also run at the same time as the training, so regardless if your in training or want to go to talks, they’ve got you covered.

For more information, be sure to visit http://www.DerbyCon.com for more information on this up and coming conference.

Indian Revolution : Lets know about Anna Hazare !

1. Who is Anna Hazare?
Started his career as a driver in the Army and turned into a social activist.

2. What's so special about him?
He built a village Ralegaon Siddhi in Ahamad Nagar district, Maharashtra

3. So what?
This village is a self-sustained model village. Energy is produced in the village itself from solar power, biofuel and wind mills.

In 1975, it used to be a poverty clad village. Now it is one of the richest village in India. It has become a model for self-sustained, eco-friendly & harmonic village.

4. Ok,...?
This guy, Anna Hazare was awarded Padma Bhushan and is a known figure for his social activities.

5. Really, what is he fighting for?
He is supporting a cause, the amendment of a law to curb corruption in India.

6. How that can be possible?
He is advocating for a Bil, The Lok Pal Bill (The Citizen Ombudsman Bill), that will form an autonomous authority who will make politicians (ministers), beurocrats (IAS/IPS) accountable for their deeds.

8. It's an entirely new thing right..?
In 1972, the bill was proposed by then Law minister Mr. Shanti Bhushan. Since then it has been neglected by the politicians and some are trying to change the bill to suit thier theft (corruption).

7. Oh.. He is going on a hunger strike for that whole thing of passing a Bill ! How can that be possible in such a short span of time?
The first thing he is asking for is: the government should come forward and announce that the bill is going to be passed.

Next, they make a joint committee to DRAFT the LOK PAL BILL. 50% goverment participation and 50% public participation. Because you cant trust the government entirely for making such a bill which does not suit them.

8. Fine, What will happen when this bill is passed?
A LokPal will be appointed at the centre. He will have an autonomous charge, say like the Election Commission of India. In each and every state, Lokayukta will be appointed. The job is to bring all alleged party to trial in case of corruptions within 1 year. Within 2 years, the guilty will be punished. Not like, Bofors scam or Bhopal Gas Tragedy case, that has been going for last 25 years without any result.

9. Is he alone? Whoelse is there in the fight with Anna Hazare?
Baba Ramdev, Ex. IPS Kiran Bedi, Social Activist Swami Agnivesh, RTI activist Arvind Kejriwal and many more. Prominent personalities like Aamir Khan is supporting his cause.

10. Ok, got it. What can I do?
At least we can spread the message. How?

Putting status message, links, video, changing profile pics. Share this news links all over your Facebook/Twitter/email to all and on all Social Networking Sites !

At least we can support Anna Hazare and the cause for uprooting corruption from India.


At least we can hope that his Hunger Strike does not go in vain.


At least we can pray for his good health.

116 Websites Hacked By Minhal Mehdi & Notty Raj (Indian Hackers)

Hacked Site List : http://pastebin.com/k7RUYJen

Amul's site is vulnerable to sql injection !

Angel 4k4 4d0r4b13  Found vulnerability on Amul's Websites, whole database is hackable !


Server Info:
Host IP:             59.163.170.113
Web Server:       Apache/2.2.11 (Fedora)
Powered-by:       PHP/5.2.13
DB Server:          MySQL >=5

Tables of vidya_new:

Dummy_maharani
Dummy_school
School_mst
School_mst_0506
School_mst_0708
bldgrp_mst
depot_address
depot_dist_map
depot_mst
depot_mst_14072010
depot_mst_29072010
depot_mst_new
hoard_image
parlour_mst
phplist_admin
phplist_admin_attribute
phplist_admin_task
phplist_adminattribute
phplist_attachment
phplist_attribute
phplist_bounce
phplist_bounceregex
phplist_bounceregex_bounce

Hacked Site : http://www.amul.com/

Cain & Abel 4.9.40 released , Download now !

Cain & Abel 4.9.40 released , Download now !
Cain & Abel is a password recovery tool for Microsoft operating systems.It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using dictionary and brute force attacks, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols.





Changes in this version:

• Added Proxy support for Cain's Certificate Collector.
• Added the ability to specify custom proxy authentication credentials for Certificate Collector.
• Added ProxyHTTPS Man-in-the-Middle Sniffer (TCP port 8080).
• HTTP, APR-HTTPS and APR-ProxyHTTPS sniffer filters are now separated.
• Added progress bar indicator in the off-line capture file function.
• Bug fixed in ProxyHTTPS Man-in-the-Middle Sniffer parsing "Connection Established" string.
• Bug fixed in VoIP Sniffer creating MP3 Mono files.
• Bug fixed in RTP Sniffer processing off-line capture files.
• WinRTGen recompiled with OpenSSL library version 0.9.8q.
• OpenSSL library upgrade to version 0.9.8q.
• Winpcap library upgrade to version 4.1.2.

Download Cain & Abel v4.9.40 for Windows NT/2000/XP

Progenic.com down with Social Engineering by Saken & Josh of TeamDX !

Progenic.com down with Social Engineering by Saken & Josh of TeamDX !

Method: Social Engineering via LiveChat + Phone + Support Ticket System

How: They had a SSN + DOB posted on their forum, Saken & Josh of TeamDX simply played the role of the person that the identity was stolen from, their domain registar which was located in the United States then decided that enough was enough but to shut them off.

Remember: Saken & Josh of TeamDX may not be able to get into your server/website, but Saken & Josh of TeamDX sure know the backdoor, your un-secure registars who are easily manipulative.

Saken & Josh of TeamDX could of gotten into your box, but Saken & Josh of TeamDX decided to lul about the domain going bye bye.

Google Fixing the little things !

Google Fixing the little things !

Ever since I joined the Gmail team, my friends have been eager to tell me, "I love Gmail ! Except for this one thing..." And every day, Gmail users share their "one thing" that would make Gmail better for them through our suggestions page. While we enjoy creating new solutions to old problems with features like Priority Inbox, those little annoyances and missing pieces are important, too. Recently, we've rolled out several small tweaks to Gmail to show it a little extra love. 

Here’s a rundown:

IE9 exploit puts Windows 7 SP1 at risk !

The exploit uses an unpatched zero-day vulnerability in Internet Explorer 9 and bypasses all the extra security measures of Windows 7. The latest version of Microsoft's operating system, fully up-to-date with service pack 1 (SP1), is vulnerable. The security hole was reported by the French security company Vupen, that previously discovered an IE8 vulnerability in December of last year.

Vupen classifies the exploit for IE9 as reliable, which means it's an effective way for cyber attackers to run malicious code of their choosing on Windows 7 PCs. The exploit manages to break through Windows' additional security layers, such as ASLR, DEP and the sandbox (Protected Mode) in IE9.

Cat Techie akka vaidehi sachin's all sites,Security Firm & News Company got Hacked !

Hacked Sites List : 
mumbaimanoos.com
maritimebridges.com
vaidehisachin.com
cyberghost.in
www.beyondthenews.biz
newsmakers.co.in
artscape.net.in
www.afternoonvoice.com
indiancyberarmy.info
indiancyberwarrior.com
cattechie.com
unitehackers.com
sabkileak.com
indiancybersoldiers.com
hackingschool.co.in


Zone-H mirror : http://www.zone-h.net/archive/ip=173.236.36.2

Hackers steal Dell 1000's customer information !

The personal information of thousands of Australians has been stolen by hackers who raided a US-based database company, in what some experts are calling the biggest data theft in US history.

Dell Australia says customer data was "exposed" by an unauthorised entry into the computer system of email service provider Epsilon.

The information includes the names and email addresses of Dell Australia's customers.

In a statement, Dell assured its customers that credit card, banking and other personally-identifiable information was not at risk and remained secure.

Australian Privacy Commissioner Timothy Pilgrim says Dell has informed him of the data breach.

"Dell Australia have also advised all of its customers affected by the data breach and have set up an advice service that those customers can use to obtain further information if needed," he said in a statement.

Mr Pilgrim has launched an investigation into the incident.

"I have also been advised that Epsilon has commenced an investigation into this matter and is keeping Dell Australia informed," he said.

Dell is warning affected customers to be aware of unusual or suspicious emails requesting personal information.

The crime is being described by experts as the biggest data theft in US history, and it is believed the hackers may be planning to sell the information to cyber criminals for targeted scams.

And while the tens of millions of names and email addresses swiped do not appear to have been used yet for cyber crime, experts said it may just be a matter of time.

Ed Heffernan, chief executive of Alliance Data Systems Corp, Epsilon's parent company, apologised for the breach and says it is being investigated by federal authorities and outside computer forensics experts.

"We will leave no stone unturned and are dealing with this malicious act by highly sophisticated cyber thieves with the greatest sense of urgency," he said.

Experts says the data theft could be the largest ever in terms of volume, comparable to the exploits of Albert Gonzalez, a hacker serving 20 years in prison for stealing tens of millions of debit and credit card numbers.

"All indications are this could be the biggest one in history," says Marian Merritt, internet safety advocate at Symantec, the maker of Norton anti-virus software.

It is unlikely, however, to prove as damaging as the Gonzalez scams.

"The good news is it's just the names and the email addresses and the affiliation of the company that you did business with," said Joris Evers, a security expert at McAfee.

"It's not your credit card number or your social security card number or your home address... information that could be more personal and used in more nefarious ways immediately," he said.

"There's a lot of work to do before you can convert this into cash."

Source : Click Here

Hydra v6.2 with a password bruteforcing mode, xmpp and irc modules, MD5/SHA1/ Support !

 A very fast network logon cracker which support many different services.
 Have a look at the feature sets and services coverage page - including a speed comparison against ncrack and medusa! 

CHANGELOG for 6.2
        * Added a patch by Jan Dlabal which adds password generation bruteforcing (no more password files :-) )
        * New module: XMPP with TLS negotiation and LOGIN, PLAIN, CRAM-MD5, DIGEST-MD5, SCRAM-SHA1 support
        * New module: IRC is not dead ! use to find general server password and /oper credential
        * Added man pages from debian maintainers
        * Add support for new syntax:
            ://[:][/]
        * Add TLS support for SIP
        * Add SCRAM-SHA1 auth to IMAP module
        * Add module usage help (-U)
        * Add support for RFC 4013: Internationalized Strings in SASL ("SASLPrep")
        * Add SASL + TLS support for NNTP
        * Add support for CRAM-MD5 and DIGEST-MD5 auth to ldap module
        * Add support for SCRAM-SHA1 (RFC 5802), first auth cracker to support it, yeah
        * Add TLS negotiation support for smtp-auth, pop3, imap, ftp and ldap
        * Rename smtpauth module to smtp
        * Forgot to rename ssh2 to ssh in xhydra, fixed
        * Fix SASL PLAIN auth method issue
        * Bugfix SASL DIGEST-MD5, response could be wrong on 64bits systems
        * Bugfix rlogin and rsh module, some auth failure could not be detected accurately
        * Add SSL support for VMware Authentication Daemon module
        * Bugfix CVS module, working now
        * Bugfix for Telnet module when line mode is not available



Screenshots

 
 (1) Target selection

 
 (2) Login/Password setup

 
 (3) Hydra start and output


 The Art of Downloading: Source and Binaries
 
 1. The source code of state-of-the-art Hydra: hydra-6.2-src.tar.gz
    (compiles on all UNIX based platforms - even MacOS X, Cygwin on Windows, ARM-Linux, etc.)

 2. The source code of the stable tree of Hydra in case v6 gives you problems on unusual platforms:
    hydra-5.9.1-src.tar.gz
 
 3. The Win32/Cywin binary release: --- not anymore ---
    Install cygwin from http://www.cygwin.com
    and compile it yourself. If you do not have cygwin installed - how
    do you think you will do proper securiy testing? duh ...

        4. ARM and Palm binaries here are old and not longer maintained:
      ARM:  hydra-5.0-arm.tar.gz
             Palm: hydra-4.6-palm.zip

GNOME 3.0 Released , Available for Download !

GNOME 3.0 is a major milestone in the history of the GNOME Project. The release introduces an exciting new desktop which has been designed for today's users and which is suited to a range of modern computing devices. GNOME's developer technologies have been substantially improved for 3.0. Modernized and streamlined, they will enable developers to provide better user experiences with less time and effort. And GNOME 3.0 comes with the same GNOME applications that users know and trust, many of which have received significant enhancements.

Download Now : http://gnome3.org/tryit.html

What is USB Malware and How to fix your USB from Malware Spread ?

As the use of USB or Pendrive has become more and more widespread, so malware has began to use them as a way to spread from machine to machine. While this is a problem for end users, the real danger is with IT professionals, who might use the same USB stick in dozens of computers in a single day, will often be logged in with administrative privileges, and will have access to important machines.

This articles is aimed at those professionals, and how they can minimize the risk of passing an infection onto other machines.

Find Serial Key / Cracks for Any Software !

Once Again i am back with a worth article for my ICA members, This time i am going to explain you that how you can "Find Serial Key / Cracks for Any Software !".I assume that most of you use pirated software. Not everyone can afford buying a program like Photoshop, which costs $699. In this case you can use alternative, free software or you can download a pirated, cracked version of the program. There is a vast number of websites out there, where you can find serial numbers and cracks for any program, but most of them aren't safe to use. Actually most of them are spam sites that “bombard” you with full-screen popup ads, or commandeer your computer into a spam-loving Kraken  or Srizbi Botnet army. In this post I will show you the most efficient way of downloading cracks and serial numbers without any risk to your pc. This is the part of Hacking/Cracking using "Google hacking".

How To Make A Cookie Stealer Php script ?

Hi friends, Lets know that exactly how does a cookie stealer work. There are two components in a cookie stealer: the sender and the receiver.

The sender can take many forms. In essense, it's just a link to the receiver with the cookie somehow attached. It can sometimes be difficult to find a way to implement the sender.

The receiver, as the name suggests, is a device which receives the cookie from the sender. It can also take several forms, but the most common is that of a PHP document, most commonly found residing on some obscure webserver.

Php Coding a receiver is the part. Only two things are needed to make a receiver : a webhost/ftp which supports PHP, and Notepad (see the end of the text for a link to some free PHP hosts).

How to Hack using Phishing & 34 phishing scripts !

Hello friends..
Next very interesting article is about "PHISHING" .This is the one of the easiest method to hack anyone,without knowing the basics of Hacking and Programming...

What Phishing is ?

What is Remote File Inclusion (RFI) Web Hacking ?

Hey friends...Now we will know about Website hacking method "Remote File Inclusion (RFI)" . This exploits are very simple and are only found in about 1 in every 10 sites - they are still allot of fun to exploit. In this tutorial i will show you how to take advantage of this coding error and possibly take control of the site.This ICA article is for Educational Purpose Only...so please Use this for knowledge Only !

This articles will be unserstandable mostly by web developers,or how know some web programming in html,php,asp etc...Lets start..

What Is A Proxy Server And How To Use It for Security ?

Today the exclusive topic is What Is A Proxy Server And How To Use It for Security ?

Lets start, Proxies are store-and-forward caches. When you configure your web browser to use a proxy, it