Wednesday, 9 December 2015

Silk Road Mentor Arrested in Thiland

Federal Authorities confirmed that Roger Thomas Clark mentor of silk Road mastermind 
Ross Ulbricht, in Thiland had arrested.
Department of Justice release a press and reveals Clark, whose names "Variety Jones,"
"VJ", "Cimon", and "Mongoose", regularly advised Ulbricht on going management
of the underground web marketplace. 
Federal authorities was arrested Ross Ulbricht in October 2013 and convicted seven 
conspiracy charge in February 2015 and after two months, sentenced to life in prison
According to Ars Technica, during Ulbricht’s arrest one of the documents seized was 
Clark’s scanned Canadian passport.
Moustache an independent researcher linked Clark to the silk Road.
Clark faces charges of narcotics conspiracy and money laundering. Currently 
Clark is awaiting extradition from a jail in Thailand to the united states.

Wednesday, 18 November 2015

YAN ZHU Found Email Spoofing in Anroid Gmail App

YAN ZHU a independent Security Researcher found a Email Spoofing Loopholes in Android Gmail App. A Email spoofing is a email header forgery so that the victim think that email is sent from orginal email account,which is not true.

Before sending email to google, ZHU change her display name as yan""" Yan Zhu and send these Bug to Google
security team in the month of October. Google security Team replied to Yan Zhu that " this bug is not a security vulnerability"

Some Tips to Protect from Email Spoofing:

* Spam Filter Turn On
* Check the Email Header
* Trace IP address ( Got in Email Header)

Wednesday, 4 November 2015

Facebook user can use facebook password in three different ways

Facebook user can use facebook password in three different ways:
Password @ 1  i3#iNdya4444
password @ 2  I3#iNdya4444
Password @ 3  I3#InDYA4444

Suppose if facebook User's password is i3#iNdya4444. Users can use facebook password in two different ways such as:

Password @ 2:
If Facebook User's original password is i3#iNdya4444. Facebook User's can Use this password in different ways : if the first character of facebook password is small character user's can convert this small character to UPPERCASE like "I3#iNdya4444".
Facebook Users successful logged in Facebook Account.

Password @ 3:
If Facebook User's original password is i3#iNdya4444. Facebook users can use this password in different ways : Facebook users can convert small character to UPPERCASE or UPPERCASE to small character like "I3#InDYA4444".
Facebook Users successful logged in Facebook Account.


Saturday, 31 October 2015

Hackers are using CCTV devices to deploy a DDoS Attacks.

Approx 900 CCTV cameras have been enlisted as slaves in a botnet thanks to default credentials.

CCTV cameras have become slaves in a global botnet used to disrupt online services, researchers have discovered.

In the past years, we've seen refrigerators also being hacked, Jeeps being controlled remotely by the attackers while the driver is a helpless person, and everything from baby monitors to router devices being criticized for weak security which can place our Internet of Things (IoT) devices at risk and personal privacy and security also.

There are approximately 242 million surveillance cameras in use all over the world -- counting only those which have been professionally installed and logged. Unfortunately, if default settings are left in place and not properly configured, surveillance cameras can become an easy target for hackers setting up botnets -- networks of slave systems which can flood World Wide Web with traffic after directions from a master controller device, resulting in a denial-of-service attack for legitimate traffic.

CCTV cameras are a common element of IoT-based botnets. Security Researchers discovered a 250 percent surge in botnet activity across the firm's network -- and much of this uptake was placed at the feet of enslaved surveillance cameras across the globe.

Now, a fresh attack is born to corrupt online services. First discovered when investigating a HTTP Get Flooding attack -- a type of distributed denial-of-service (DDoS) campaign -- which peaked at around 20,000-30,000 requests per second, the researchers found that within the list of attacking IPs, many of them belonging to the CCTV cameras.

Traffic was able to surge through these connected devices due to installers failing to change default username and passwords in order to protect the cameras from cyber-attacks.

All of the compromised devices were running BusyBox software, a lightweight Unix utility bundle designed for systems with limited resources. Once an attacker gained access to a CCTV device through the default credentials, they installed a variation of the ELF malware, a type of malicious code which scans for network devices running BusyBox.

If devices are discovered, the malware then searches for open Telnet and SSH services which are susceptible to brute force dictionary attacks. This particular variant was also equipped with the power to launch DDoS attacks.

The compromised cameras that monitored were logged from multiple locations in almost every case -- a sign that they were likely hacked by several different individuals.

This shows that how easy it is to locate and exploit such unsecured CCTV devices.

A simple method to prevent cyber attackers from gaining access to these cameras is to change the default credentials i.e. username and passwords associated with the devices.

Friday, 30 October 2015

In Mumbai 14 Years Old Girl Jumped from Seventh Floor, after seeing obscene Message on Fake Facebook Profile

A class 10th student, 14 years old girls commit suicide in Mumbai after her classmate posted obscene message on her fake facebook  profile.
The facebook fake account is created by a boy.

According to girl's parents said that boy had stalking their daughter from few days.
Girl's Parents tell's that we also registered a complaint to police. The police called a boy to
Police station and after giving warning police let off the boy.

After registered complaint boy was angered, and the boy created her fake Facebook Profile and posted obscene Message on fake Facebook profile..
Girls seen obscene Message on his fake facebook profile, after seeing this she jumped from 7th floor and commit suicide.This incident was held in Solitaire Society Mira road Mumbai on 20 October.

A case had registered in Police station and investigations are going on.
The boy has arrested and sent to a juvenile home.

Thursday, 29 October 2015

Millions of websites face HTTPS lock-out as sites are adopting SHA2 encryption.

In 2016, billions of people around the world will have to face trouble accessing some of the most common encrypted websites like Facebook, Gmail, Twitter, and Microsoft sites.

Why? Because their internet browsers or devices will not be able to make use of the new, more secure certificates.

SHA1, the cryptographic hashing algorithm that has been used in the web's security for a decade, will be retired in a little over a year. Some experts say it could be cracked by the end of the year, making it useless and weak security for a billion of users.

Certificate Authorities said they will not support SHA1 certificates at midnight, 1 January 2016, they are opting instead for SHA2 certificates. SHA2 is a significantly stronger algorithm that will last for many years. But there is a problem, a some portion of internet users don't have a browser or device that are compatible with SHA2 certificate.

Encryption is important for protecting your online banking, email accounts, and social networks. That green lit-up icon in your browser verifies the integrity of a site, offering a strong level of assurance that the page has not been modified in any way.

New and more websites nowadays are adopting encryption because it costs very little to implement.
In an age of daily data breaches and hacks adopting a strong SHA2 algorithm is more important than ever. But browser makers and website owners thought they had more time.

Some good news is that many popular websites are already using the strongest SHA2 certificates. 

About 25 percent of SSL-encryption websites still use SHA1 of about 1 million websites.

That figure is decreasing every month, so much so that by the end of the year it could fall as low as 11 percent of all websites, meaning the vast majority of encrypted websites will be safe from SHA1 collision attacks.

For most people, there is nothing to worry about. The majority are already using the latest Safari,Chrome or Firefox browser, the latest operating systems, or the newest smartphone with the latest OS, which are compatible with the old SHA1-hashed websites and the newer SHA2 adopted websites.

But many, particularly those in developing nations, who are running older software, devices, and even the candy bar phones that have basic mobile internet, will face a brick wall, because their devices are not upto date enough to even know what SHA2 is.

Tuesday, 27 October 2015

CIA Director Personal Email Account hacked by highschool student hacker

A highschool Students claimed to own hacked AOL personal email Account of John Brennan CIA Director (Central Intelligence Agency) and prime secret database was swipted.
The law enforcement unit officially told to CNN news that John Brennan (CIA Director) and Jeh Johnson (Department of Homeland Security Secretary) were hacked.

According to Alleged Hacker given first interview to New York Post said that  AOL email account is attached with Brennan includes security clearance application files and also claimed that the Comcast account have accesed  and associated with Jh Johnson.
Law Enforcement Department said that  Hacker does not accessed any important information

The Hacker told to New York Post that he use very simple trick to hack Brennan Account .
Hacker use a "Social Engineering" Trick to gather information of a person and using this information he attacks on their account.
The alleged Hacker also told that first he trick verizon employee into giving Brennan info and get AOL to reset his password, sending the reset to hacker

According to Hacker, Sensitive files include in Bennan Email accounts
Security Clearance of 47 page application
SSN number (Social Security Number)
Interrogation Techniques used in terrorist Suspect

Sunday, 18 October 2015

Malaysian Hacker Arrested for Passing US military Members data to ISIS Group

Malaysian authorities has  arrested a Malaysian based hacker who had stealing and passing personal information of US military member to dangerous terrorist group ISIS (Islamic State in Iraq and Syria).

According to U.S. Justice Department and criminal complaint, Ardit Ferizi, a Kosovo citizen,  hacked into US computer system and stolen a  more than 1000 US military members and passed to terrorist group ISIS.

According to authorities, Junaid Hussein, a British hacker also known as cyber jihadist has hacked military and other government websites in US, France and other countries also. Junaid Hussein is also a recruiter Westerners to join ISIS Group through social media.
“NEW: U.S. Military AND Government HACKED by the Islamic State Hacking Division!” was tweeted by Junaid Hussain in August. Also Junaid Hussain link to 30 page document allegedly provided by Ardit Ferizi.
In August 2015 US military announced that Junaid Hussain had killed in US drone strike in Syria.

Names, email addresses, passwords, phone numbers and locations of US military members are included in stolen data.

Ardit Ferizi didn't care his identity because he used real name on twitter account, openly tweeting them to communicate with ISIS member and also he did not hide his IP address

According to relatives Ardit Ferizi four-days trip to Turkey in 2013 when he was 17 with his parents to attend a trade fair in Istanbul.

Malaysian police said 20-year-old hacker  Ferizi had entered Malaysia in August 2014 for his study computer science and computer Forensics at a college in Kuala Lumpur

Sr. Assistant Commissioner Datuk Ayob Khan Mydin Pitchay, head of the counterterrorism division,
Special Branch of the Royal Malaysian Police said that Malaysian Authorities had monitoring after receiving information from the FBI.