Zone-H Hacked


The leading deface mirroring website (www.zone-h.com) has been hacked by HcJ & Cyb3R-1sT & Egyptian.H4x0rZ & Sas-TerrOrisT & H311 c0d3 & Red Virus
The hackers claimed that they rooted the server hacking:
www.zone-h.com
www.zone-h.org
www.zone-h.com.br
forum.zone-h.com.br
br.zone-h.org
www.zone-h.net


The Hacker had added this message on there deface:



"To be OR not TO be
Note : It's Unacceptable when we tried to notify defaced.zone-h.net and found tNote : It's Unacceptable when we tried to notify defaced.zone-h.net and found this message " nice try" it's not a try it's a real! your server rooted, all the websites hacked, all people knew that ! and it's the third time to hack your websites 2 of them in 2010( 2010/04/02 > brazilian domains + 06/2010 zone-h.com defacement database ),and now ! you should have the courage and allow the defacers
to notify your sites, it's the real courage !"




The reason they gave was that zone-h didnt submit the deface of their own website (defaced.zone-h.net) giving the message " Nice Try "

Huffingtonpost, EA, IGN, NYTimes & Many Other High Profile Sites Are Vulnerable Said "TeamHav0k"


Huffingtonpost, EA, IGN, NYTimes & Many Other High Profile Sites Are Vulnerable Said "TeamHav0k"
 A new hacker group which was most probably  formed in the last year named "TeamHav0k" has been working throughout last week and this week in attempts to find XSS vulnerability in many high profile sites, they have called this "#OP XSS".  In a pastebin, they have released all their finds over the past week. Among them  the most notable find are in the websites of the CERN, NYTimes, Dr.pepper, The Huffington Post, EA, IGN, Images Hack, Verizon and so on.  All their finds for #OP XSS can be found on the pastebin release.

Govt Server Rooted, 5K Sites Hacked By Teamgreyhat


Govt Server Rooted, 5K Sites Hacked By Teamgreyhat

Yet another big bang from well-known hackers group Teamgreyhat. This time one Govt. server rooted by TGH, not only that but also they have hacked more than 5000 sites hosted in 5 different web-servers, including many UK sites, Television sites, Gov bodies, Business Organization and many more. The list of all those hacked sites are available on a pastebin release, where TGH also vows to attack Indian Govt. 
TGH said:-  
"Also we want to declare that soon #Target Indian Govt Will be engaged
Our Moto is
#Free Proper Education (From The Very Beginning To Masters) & #Free Health" 


jQ.Mobi - A New Framework For Mobile Development Such As BlackBerry, Android & iOS


jQ.Mobi - A New Framework For Mobile Development Such As BlackBerry, Android & iOS
We have a good news for those who are very passionate about Mobile development. Today we will discuss about Java Query Written Mobi (JQ.Mobi) which is a new JavaScript framework for mobile applications. According to its developers, the framework is 2.5 times faster than the desktop variant of the jQuery JavaScript library, some of whose APIs are used by jQ.Mobi, and it only uses about 3 KByte of memory. jQ.Mobi, currently in beta, is intended for use in developing apps for systems with a WebKit browser, such as Android, iOS and the more recent versions of RIM's BlackBerry OS. The framework consists of a query selector engine, a UI library and several plug-ins.


Further detailed information about JQ.Mobi can be found on their officialProject Page & Blog

Anonymous Retaliates For Megaupload Shutdown & Bring Down DOJ & FBI (#OpMegaupload)



Federal authorities shut down one of the Web’s most popular sites Thursday on charges that it illegally shared movies, television shows, e-books and so on. In the payback hacktvist Anonymous called#OpMegaupload performed "The Largest Attack Ever" where 5,635 Anon people bring down the websites of Universal Music, the U.S. Department of Justice and the Recording Industry Association of America while using one of the world's most popular and vastly used DDoSer LOIC. 

"The government takes down Megaupload? 15 minutes later Anonymous takes down government and record label sites,"  Tweeted by Anonymous. That note was followed shortly by this one: "Megaupload was taken down w/out SOPA being law. Now imagine what will happen if it passes. The Internet as we know it will end. FIGHT BACK." The tweet referred to the Stop Online Piracy Act, an Internet piracy bill being considered in the U.S. Congress. 
Detailing the attacks, which are being dubbed as the largest performed by the group, via numerous Twitter feeds, @YourAnonNews said: "You cannot censor the internet. You cannot subpoena a hashtag. You cannot arrest an idea. You CAN expect us #OpMegaupload"


The link is a page on the anonymous web hosting site pastehtml. It link loads a web-based version of the program Anonymous has used for years to DDoS websites: Low Orbit Ion Cannon. (LOIC). When activated, LOIC rapidly reloads a target website, and if enough users point LOIC at a site at once, it can crash from the traffic. Judging from a Twitter search, the link is being shared at a rate of about 4 times a minute, mostly by Spanish-speaking users, for some reason. (Here's a link to the Twitter search, just don't click the PasteHTML link.)
The thing is, DDoSing is a criminal offense that could earn you 10 years in prison, if you do it intentionally. With previous versions of LOIC, participants had to acknowledge this risk and press a button labeled "fire." But now, it appears some enterprising anonymous member has retooled it so that it automatically fires if you click an unassuming link and leave a window open.
Megaupload.com distributed a variety of digital content, including music and movies. Investigators say Megaupload’s executives made more than $175 million through subscription fees and online ads while robbing authors, movie producers, musicians and other copyright holders of more than $500 million. “This action is among the largest criminal copyright cases ever brought by the United States,” the Justice Department and FBI said in a statement.
On Thursday, the U.S. DOJ announced that it had charged seven people who allegedly were affiliated with the site with running an organized criminal enterprise responsible for worldwide online piracy of copyrighted content. The DOJ worked with authorities in New Zealand, who arrested four of the seven people.

"Twitter - @AnonymousWiki
January 19th, 2012
Popular file-sharing website megaupload.com gets shutdown by U.S Justice - FBI and charged its founder with violating piracy laws. Four Megaupload members were also arrested. The FBI released a press release on its website which you can view here: 
http://www.fbi.gov/news/pressrel/press-releases/justice-department-charges-leaders-of-megaupload-with-widespread-online-copyright-infringement
We Anonymous are launching our largest attack ever on government and music industry sites. Lulz. The FBI didn't think they would get away with this did they? They should have expected us.
#OpMegaupload 
The following sites were taken down in response to the FBI shutting down megaupload.com
:) TANGO DOWN


justice.gov
universalmusic.com
riaa.org
mpaa.org
copyright.gov
hadopi.fr
wmg.com
usdoj.gov
bmi.com
fbi.gov
..."

Red Hat Enterprise Virtualization 3.0 (RHEV) Released



Red hat officially announced the global availability of Red Hat Enterprise Virtualization 3.0, with significantly expanded capabilities for both its server and desktop virtualization management tools and its Kernel-based Virtual Machine (KVM) hypervisor.  With Red Hat Enterprise Virtualization 3.0, Red Hat provides a compelling open virtualization alternative to customers that offers exceptional performance, scalability, security, manageability and cost benefits.

Red Hat Enterprise Virtualization for Servers was initially released in November 2009, followed by the release of Red Hat Enterprise Virtualization for Desktops in mid 2010.  Since its debut, the Red Hat Enterprise Virtualization product portfolio has enjoyed growing customer adoption and an expanding partner ecosystem.  Customers have expressed that they are looking for an alternative to proprietary solutions and are deploying Red Hat Enterprise Virtualization in mission-critical production deployments.  In addition, approximately 50 percent of Red Hat’s largest customers, based on revenue, have begun deploying or piloting Red Hat Enterprise Virtualization.1 Many are recognizing and executing on the trend of deploying dual-source virtualization strategies, with over 80 percent of Red Hat Enterprise Virtualization customers deploying Red Hat Enterprise Virtualization as an alternative side-by-side with VMware2.
Open virtualization has achieved increased visibility in recent months through the Open Virtualization Alliance and oVirt project.  As a founding member of the Open Virtualization Alliance, Red Hat has worked closely with leading IT vendors across the industry to foster the adoption of KVM-based solutions, ensuring that customers can choose from a wide range of virtualization products and services. Additionally, Red Hat is a lead sponsor of the industry-backed open source oVirt project, which has the goal of promoting the development of open source virtualization management technologies.
Red Hat Enterprise Virtualization 3.0 brings a balance of new enterprise virtualization management features, performance and scalability for both Linux and Windows workloads, at a lower cost than proprietary alternatives.3  With its open source hypervisor and virtualization management system, Red Hat Enterprise Virtualization offers an interoperable solution without lock-in to proprietary platforms.  Red Hat has established itself as an industry leader in virtualization performance, holding all of the top five current SPECvirt_sc2010 results (www.spec.org), including the best 2-socket, 4-socket and 8-socket results.  Similarly, Red Hat Enterprise Virtualization leads the industry in scalability metrics for VM density and hosts per cluster.  These leading performance and scalability benefits also come at prices one third to one fifth of the cost of alternative proprietary offerings.4
With Red Hat Enterprise Virtualization 3.0, the management system is now a Java application running on JBoss Enterprise Application Platform on Red Hat Enterprise Linux. It provides over 1,000 new features, enhancements and improvements, such as a power user portal for self-service provisioning, RESTful API, local storage and more. Offering a reliable and versatile foundation for cloud platforms, Red Hat Enterprise Virtualization 3.0 is designed to meet the heavy demands of the cloud and create a secure, scalable environment for sharing resources and for managing them simply and flexibly.

For more information about Red Hat Enterprise Virtualization 3.0, including a full list of new features and capabilities, or to download a free, fully supported 60-day trial of Red Hat Enterprise Virtualization 3.0 Click Here

Multiple Cross Site Scripting ( #XSS ) Vulnerabilities in Forbes


Multiple Cross Site Scripting ( #XSS ) Vulnerabilities in Forbes
Forbes-cross-site-scripting

Ucha Gobejishvili (longrifle0x) , A Georgian Security Researcher Discover two Cross Site Scripting ( XSS ) Vulnerabilities on the Official website of Forbes, an American publishing and media company. Cross-Site Scripting occurs when an attacker can send a malicious script to a different user by relaying the script from an otherwise trusted or innocuous server. These flaws are extensive on the Web and allow an attacker to place malicious code that can execute attacks against other users in the security context of the web servers of the trusted host.

1.) First Vulnerable Link : Click Here
XSS+vulnerabilities+1

2.) Second Vulnerable Link : Click Here
XSS+vulnerabilitY


Cross-Site Scripting typically involves executing commands in a user's browser to display unintended content, or with the intent of stealing the user's login credentials or other personal information. This information can then be used by the attacker to access web sites and services for which the compromised credentials are valid (e.g., identity theft). In some cases, the attacker might be able to use this information to hijack or further compromise the user's HTTP sessions.

Recommendation for Forbes, Please Ensure that your web application validates all forms, headers, cookie fields, hidden fields, and parameters, and converts scripts and script tags to a non-executable form. Always filter data originating from outside your application by disallowing the use of special characters. Only display output to the browser that has been sufficiently encoded. When possible, avoid simple character filters and write routines that validate user input against a set of allowed, safe characters. Use regular expressions to confirm that data conforms to the allowed character set. This enhances application security and makes it harder to bypass input validation routines.

WOL-E : Wake on LAN - Explorer


WOL-E : Wake on LAN - Explorer
WOL-E++Wake+on+LAN+-+Explorer


WOL-E is a suite of tools for the Wake on LAN feature of network attached computers, this is now enabled by default on many Apple computers. These tools include:

  • Bruteforcing the MAC address to wake up clients

  • Sniffing WOL attempts on the network and saving them to disk

  • Sniffing WOL passwords on the network and saving them to disk

  • Waking up single clients (post sniffing attack)

  • Scanning for Apple devices on the network for WOL enabling

  • Sending bulk WOL requests to all detected Apple clients.

  • Download

    SOPA in US and Censorship in India: A cocktail to destroy Internet Freedom !


    SOPA in US and Censorship in India : A cocktail to destroy Internet Freedom !
    SOPA+in+US+and+Censorship+in+India+A+cocktail+to+destroy+Internet+Freedom+%2521

    As US senators mull over the SOPA(Stopping Online Piracy Act) and PIPA(Protecting Intellectual Property Act) bills, the world stands witness to a historic moment. Almost all big IT companies like Google, Wikipedia, Facebook, Mozilla, Godaddy, etc are speaking in one unanimous voice against SOPA and Internet Censorship. The draconian provisions of SOPA/PIPA are bound to create the deathbed of internet freedom and free speech, and if a careful reading of the proposed legislation is done, one realizes that it is likely to have the same impact on India.

    In the disguise of protecting copyrights and stopping piracy its completely clear that the US government is trying to assert its control over the free flow of information on internet which is some time uncomfortable to them. Giving power to Attorney General to direct search engines like Google to filter particular search results, or asking an ISP to manipulate their DNS to filter specific IP addresses just at whims and fancies of government all the threatening to accessing information.

    To make the matters worse on the name of stopping piracy the websites will be held directly responsible for content uploaded by a one of its millions user. And if infringement is proved then apart from banning whole website its executives would be liable to mountainous fines and prison terms along with the user who uploaded content for upto 5 years. So imagine if a teenager ends up uploading a Michal Jackson video on YouTube he may get 5 year term in jail where as the doctor who killed Michal Jackson could get only 4 years. Or if you post a YouTube video link of Rockstar movie song on your Facebook wall, entire Facebook website can be blocked for copyright infringement.

    To make the matters worse, one of the provisions says if a particular site is banned. Any websites which provides any information about blocked website or softwares it offered can also be blocked. So in a nutshell if a website like Napster is blocked, a website like Wikipedia can also be blocked incase they provided any information about Napster, even if it was merely a hyperlink to Napster’s website And if Wikipedia is banned. all the websites which ever quoted Wikipedia can also be blocked.

    Another draconian provisions say that the government through attorney general can also direct all companies like 'payments gateway providers', Banks or even the Digital certificate providers to not provide any service to the blocked website. Now see how will this impact us in India
    1. 80% of Indian websites are hosted on US based servers with companies like Godaddy, which are under US jurisdiction and will fall under SOPA.
    2. Websites which are using payment gateways provided by US companies will also be affected.
    3. Even if a Indian website is hosted on a Indian server and uses all Indian payment gateways or banks for its business, If a injunction is issued by US court against it, US government can ask all the American websites to remove any information or links about that Indian website and block its access through all US based ISP's by forcing DNS blockade through ISP's
    4. Even the Anti SOPA tools like DeSopa would not work because providing them on any website or using them or providing any information about them would also become illegal.
    5. All the paid VPNs we use for our privacy or secure surfing would also be forced to share our data with US government because most of them have their head offices in US. This may spell disaster for people in countries like China and Iran who use these methods or overcome illegitimate government censorships.
    6. Onion surfing (chain proxy) tools like Tor would become useless because at the one shot US government will have power to ask all US ISP's, hosting servers to filter any request coming from proxy sites in disguise of stopping piracy.
    Internet was born in US but it is not a personal property of US government. Any type of laws which will be made in US are bound to be replicated in other countries. And with many governments across the world facing protest for various reason are already toying the idea of censoring the information on internet by some or other means. sometimes by arm twisting, some times by arbitrary court injunctions or some times by framing unconstitutional laws. Currently we are witnessing companies like Facebook,Twitter and Google are landing up in lawsuits in India on the issue of content filtering and government hardening its position against companies. Its not a good sign of for the future of internet, whose freedom we must uphold.
    Dissent is a integral part of any democracy. If countries like America in the aftermath of Wikileaks incidents frame laws to acquire backdoor authority to censor internet in disguise of protecting intellectual property and stopping piracy. They would be doing a great insult to the very.
    first amendment to their own constitution guarantying free speech. In India where our fundamental right of freedom of expression is ushering like a diamond hope with every passing year. We must protest any idea or policy which threatens our freedom to do things on innovation of millennium, Internet, Which has no boundaries, no laws, no jurisdictions and no censorships.
    So in my opinion we must oppose SOPA or any sort of censorship anywhere, before you are left with a internet with filtered search engines, Blocked websites, no free mp3 songs, No proxies, No free softwares and no Wikipedia and no free code snippets too !

    Related Posts Plugin for WordPress, Blogger...