THEHACKERNEWS MAY201 1-I s s ue02
Edi ti on
Be c a u s et h e r ei sn oPATCH f o rh u ma nSTUPI DI TY! c opyr i ght@s oc i a l e ngi ne e r . or g2011
# NITIN BHARDWAJ # Pattiegalle # Harsh Daftary # KapilChaudhary # David Kennedy # Anonymous # Priyanshu Sahay
DearReaders As thecyberworld rocks theX Generation wehereatTHE HACKERS NEWS spin the kalidoscope oftechnology news on its axis . Becauseofthat,Igetto warmlyandappreciativelywelcomeyouto ISSUE 2 of"THE HACKER NEWS MAGAZINE." THE HACKER NEWS was created from the need for up to date informative and practicalhacking news and information. we were spinning from the over 50,000 downloads of the first issue of THE HACKER NEWS MAGAZINE! As Editor,Iwant you to know that issue 2 willkeep you reading andlearningfrom theuniqueinformation compiledjustforyouby securityprofessionals and hackers alike. Notonlydowehaveatechsavvymonthlymagazinewealsoprovide hackernews24 hoursaday,7 daysaweek. Wewantyou to bethe bestinformed and educated on theweb today,tomorrow and well into thefuture. Thankyou for thepleasureofproducing this magazineand Ilook forward to yourinputand H continued interestin THE HACKER NEWS. Sincerely, MohitKumar(Chief-in-Editor)
TheHackerNews
VisitOurOficialSite-www.thehackernews.com EmailId-thehackernews@gmail.com FacebookProfile-http://facebook.com/unix.root FacebookTHN Page-http://facebook.com/thehackernews TwitterProfile-http://twitter.com/TheHackersNews
I NDEX 1. )S oc i a l E ngi neer i ng
1
2. )OpS onyByAnony mous
11
3. )AnnaHa z a r e
14
4. )Mes s a geByPa t t i eGa l l e
16
5. )Ha c k i ngNews
17
6. )Ha c k er sT ool sUpda t es / Downl oa d 19 7. )Def a c ementNews
20
I NDEX 8. )S ec ur i t ya ndHa c k i ngE v ent s
24
9. )Cy berCr i meNews
26
10. )L i nuxNews
27
11. )S ec ur i t yNews
28
12. )Vul ner a bi l i t yNews
30
13. )F eedba c kt oT HN
32
THERE’S SOMETHING “HUMAN”TO
SOCIAL ENGINEERING Aakash Mishra….GIVES US A GLIMPSE AT THE PSYCHOLOGICAL SKILL OF SOCIAL ENGINEERING
www. t heha c k er news . c om 01| Ma y2011| I s s ue02
Pretexting Pretextingistheabilityto createafalsescenario thatwouldmakeatargeted victim feel comfortable giving you information.it is more than simple lying.Often it is impersonating an individual that the targeted victim perceives has the right to know the information. it could be a police officer,bank personnel,tax authorities,or insurance investigators.Sometimesallthatisneededisanauthoritativeandearnestsounding voice.
Diversion theft This technique originated in the east end of London and thieves who employ this technique are well rehearsed,and are extremely effective. Basically,itisthejobofthesocialengineerto divertgoodsto adifferentlocation.Theengineermustpersuadetheadministratororpersonnel ofatransportorcouriercompanyto issueinstructionsforthedriverto redirecttheconsignmentorload.
Phishing Phishing is a popular emailscam thatfraudulentlyobtains privateinformation. An emailsentfrom an officiallooking business warning ofsome direconsequenceifthepersonalinformation is notprovided. Phishing can involvecreating websites thatresemblea legitimateorganizations site which convinces the targetitmustbe okayto give financial orpersonalinformation.
ivrorphonephishing This technique uses the phone to recreate a legimate sounding business that the intended target is persuaded to call from an email or letter. One technique uses voice prompts to get password or account information or the person willbe transferred to the socialengineer posing as thecustomerservicerepresentiveforquestioning. phonephishing is also callvishing. www. t heha c k er news . c om 02| Ma y2011| I s s ue02
Baiting This technique requires the engineer to make a malware infected floppy disk,CD rom,orusbflash driveinaplaceanintendedtarget(s)mightpick itup outofcuriosityor greed. the titles maybe corporate information thatwould appearto allow thetargetinformation thatwould givefinancialgain.Howeverpresented,oncethediskisinsertedtheusersinstalls malware giving the engineer unfettered access to the targets pc or a company’s internalcomputernetwork.
Quid pro quo Quid pro quo is simply “something for something,� in other words the social engineer calls the targeted victim and offers something,maybe money,chocolates,merchandiseforpasswordorotherpersonalinformation.Surprisingly,largenumbers ofvictims readilygivethis information believing theyaregetting something in return.
SocialEngineering God Father
Kevin David Mitnick Kevin David Mitnick (born October 6,1963)isacontroversialcomputer hacker and convicted criminalin theUnited States. Mitnick was convicted in the late 1990s of illegally gaining access to computernetworks and stealing intellectual property.Though Mitnick has been convicted ofcomputerrelatedcrimesandpossessionof severalforged identification docu ments,his supporters argue that his punishmentwas excessive. www. t heha c k er news . c om 03| Ma y2011| I s s ue02
Kevin Mitnickbegan socialengineeringorperhapsdiscoveredhisfirstengineerable situation at the age of 12.He realized he could bypass the punchcardsystem usedfortheLosAngelesbussystem:bybuyinghisown punch,he could get free bus rides anywhere in the greater LA area. Social engineering became his primary method of obtaining information, whether it be user names and passwords,modem phone numbers or any numberofotherpieces ofdata. In high school,hewas introduced to phonephreaking,theactivityofmanipulatingtelephoneswhichwasoftenusedtoevadelongdistancecharges forhis benefit. Mitnickbrokeinto hisfirstcomputernetworkin 1979,when afriendgave him thephonenumber for theArk,thecomputer system atDigitalEquipment Corporation (DEC) used for developing their RSTS/E operating system software.Hebrokeinto DEC' scomputernetworkandcopiedDEC' s software,forwhich hewaslaterconvicted.Thiswasthefirstofaseries ofrun-ins with thelaw.
Acts byKevin Mitnick: 1.)Using theLos Angeles bus transfer system to getfreerides Evading theFBI 2.)Hacking into DEC system(s)to view VMS sourcecode(DEC reportedly spent$160,000 in cleanupcosts) 3.)Gaining fulladmin privileges to an IBM minicomputer attheComputer Learning Centerin LA 4.)Hacking Motorola,NEC,Nokia,Sun Microsystemsand Fujitsu Siemens systems Kevin Mitnickis now a professionalcomputer consultant(doing business as MitnickSecurityConsulting,LLC).
www. t heha c k er news . c om 04| Ma y2011| I s s ue02
Interview with thecreatorofthesocial engineering toolkit,David Kennedy!
THN Editor :First,tellus aboutyourself,your experienceand whatyou haveproduced in thesocialengineering field? David :I' m a Director of Information Security for a Fortune 1000 company.Don' tletthetitlefoolyou,beingaDirectorjustmeansIcan focus on the stuffIlove which is breaking things.Ihave a heavy penetration testing and exploitation background dating back to the military intelligencedaysaswellasasecurityconsultantworkingwithanumberofFortune500 and 1000 companies.As a penetration tester a few years back, Social-Engineeringwasamajorportion ofwhatIneededto do in orderto gain access either physically or through social-engineering attacks againstorganizations.It' sbeen ablastworking in thesecuritycommunity and contributingasmuch asIcan to open source.Myphilosophyin lifeis IlovewhatIdo and whereIworkand mygoalis to giveas much backto thesecuritycommunityandmakethem successfulandhelpifIcan.I' m one of the founders of DerbyCon,a security conference in Louisville Kentucky,creator ofthe Social-Engineer Toolkit,Fast-Track,member ofthe Social-Engineer crew/podcast, and main blog post at http://www.secmaniac.com. THN Editor :Please explain what Social Engineering is and how we use SocialEngineering? David :Social-Engineering simplyputis themanipulation ofhuman behavior to achievesometask.For us as penetration testers,Social-Engineering can beleveraged in multiplecapacities to compromisean organization and gain accesswhich typicallycircumventsthemajorityofsecuritycontrolsin placein an organization.Forme,IleverageSocial-Engineeringon a regular basis to identify weaknesses within my security program and user awareness.Mostorganizations arespending a ton ofmoneyon the latest shiny technology that promises to fix their security problems whileourhumans arefinding theeasiestwayto getin. www. t heha c k er news . c om 05| Ma y2011| I s s ue02
THN Editor:Whatarethebestways to perform SocialEngineering? David:Social-Engineeringtakessometimetolearnandsomethingthatrequirespractice.There' sno easyansweron whatthebestwayto social-engineer a victim.When I' m going after an organization Ilook atwhatthey have on the Internet,who the personnelis,their language,whatcompanies they own,and as much information Ican possibly learn from open source intelligence (osint).I' ll develop a pretext (my attack)based on what Ilearn and practice it before hand to make sure it' s perfect and flawless.A lot of times leveraging social networking sites in order to learn a lotofinformation aboutmytargets is beneficialand leveraging trustwith people theytrustcan always make thatlittle bitofa difference. THN Editor :Whataretherecentusages ofSocialEngineering,such as the,HBgaryhackbyanonymous OR RSA hack? David :Ithinkthemostrecentonewould betheRSA hackwherethedetailsarestillabitvaguebutleveragedspear-phishingin orderto target aselectamountofpeoplewith aFlash zero day.We' veseen theseattacks becomemoreandmoreprevalentandsomethingwehavebeenpreachingon theSocial-Engineer.org podcastfor a largetimethatthesetypes ofattacksarecomingandit' sgoingto besomethingreallydifficultto protect against. THN Editor :How did "SET (SocialEngineering Toolkit)� come about and Whydid you developit? David :When SETwas firstconceived Chris Hadnagyand Iweresitting in achatroom on IRC talkingtogetherandhementionedhewasstartingsocial-engineer.org to try to bring more awareness and education to the community about social-engineering and how it relates directly to security.We started chatting and found that there really was no tool out thereforsocial-engineeringandsomethingthatwasahugegapforusas penetration testers.Outofthattalk,araw version ofSETwas created www. t heha c k er news . c om 06| Ma y2011| I s s ue02
which was reallybasic in nature,ithad a mass mailer,somePDF exploits and thatwas reallyit.Even with its early,earlyrelease itgota ton of positivefeedback and ithas justgrown from there.Inever thoughtfor oneminutethatSETwouldbecometheleadopen sourcetoolin social-engineering and something thatpenetration testers leverageon a regular basis,it' s quiteimpressiveand I' m humbled byit. THN Editor:Is SocialEngineering dangerous ? David:Social-EngineeringisextremelydangerousandTHE largestthreat thatIseein information securityto date.Asmentioned before,wehavea ton of technology in place that is specifically designed to stop buffer overflows (or detect them),catch malware (kind ofa joke at this point), and protect our web applications.Yet our user population is still completelyvulnerableand clueless on thesigns ofabreach.A finebalance between technology and user awareness needs to be accomplished and it' ll never be 100 percent but it' ll be a lot better than an uneducated userpopulation. THN Editor:How does someonemasterSocialEngineering ? David :Social-Engineering requires you to changeyour behavior,remove yourbarriers,and startto manipulatehumans to do yourbidding.Iknow that sounds awful,but use Social-Engineering in a positive way at your organization to seeifyou can affectadecision in yourmanner.Read and learn from studies on behavioralanalysis and how humans interactwith oneanother.Usethesocial-engineer.org framework to help you getthe knowledgeto expand on.Ultimatelyit' sgoing to beyourselflearning the techniques and applying them on a regular basis and be able to manipulateyourown behaviorto getadesired outcomefrom someoneelse. www. t heha c k er news . c om 07| Ma y2011| I s s ue02
THN Editor:Giveusan overview ofthesocialengineeringtoolsandwhat itoffers. David :TheSocial-EngineerToolkit(SET)is an open-sourcepython driven arsenalfor penetration testers aimed at testing how wellan organization can withstand a social-engineer attack.SET has a number ofattack vectors specifically aimed at targeting the user population.SET aids a penetration tester in social-engineer attacks however doesn' tperform it forthem.It' suptothepenetrationtestertoperform intelligencegathering and form their pretextin order to haveasuccessfulattack.SEThas a number oftools and attacks including theSpear Phishing Module,Web AttackVectors,TeensyUSB Hid,WirelessAttackVectors,andanumberof additionalcapabilities and features that make SET unique when it comes to social-engineering and penetration testing.SETis being used internationallybypenetration testersandacriticaltoolto them in everycapacity as social-engineering is a highly important attack vector to leverage during normaltesting. After that great interview with the creator of the social engineering toolkit,David Kennedy,iwondered how many readers really understand thedifferencein socialengineering as opposed to hacking. TheEND
Vi s i tHi ma tht t p: / / www. s ec ma ni a c . c om/ www. t heha c k er news . c om 08| Ma y2011| I s s ue02
Testyourunderstanding On SocialEngineering See ifyou can identify what technique ofsocialengineering was used in thefollowing examples. (Answers atend ofarticle) A)You receive an email where the sender is the manager or someone on behalfofthesupportdepartmentofyour bankand is presenting a problem thatcan beresolved with you giving personalinformation aboutyour account. B)A person representing your company contacts the shipping company thatdelivers your merchandiseand convinces them thattheymustdeliveracertain deliveryto adifferentaddress. C)You getan automated voicecallfrom afamiliarcompanyorbankasking you to key in password information or other pertinent information. You could betransferred from this callto alivecustomerservicerepresentive. D)You arewalking byyour bank and on thesidewalk you find a computer diskthatistitled “accountsover100k.” Thismakesyou curiousand you insertitinto yourcomputerto read theinformation. E)An attacker calls random numbers ata companyclaiming to becalling back from technicalsupport.Eventuallytheywillhitsomeonewith a legitimate problem,grateful that someone is calling them back to help them.Theattackerwill“help”solvetheproblem and in theprocess have theuser givepasswords or accountinformation or typein commands on theircomputerthatgivetheattackeraccess orlaunch malware. www. t heha c k er news . c om 09| Ma y2011| I s s ue02
Facing thefacts Thetruth is socialengineering is rarelydiscussed.Peoplemostlyliketo talkaboutcracking and phreaking. Let’s bring social engineering out of the closet and onto discussion blogs.Sharing information,learning thetechniques and knowing how to protectyourselffrom socialengineering is thebestwayto beskilled in this method ofhacking.
Answers A)Pretexting B)Diversion theft C)IvrorPhonephishing D)Baiting E)Quid pro quo
www. t heha c k er news . c om 10| Ma y2011| I s s ue02
ny # PSo
Yous ayyouwantRe vol ut i on? The yknowyourna me s . . . . Youa r et heGl oba l i z e dGOVERNMENTs pons or e d c or por a t i onsa ndi ns t i t ut i ons . The yknowyoua r egui l t yofc ommi t t i nga t r oc i t i e s ( wa rc r i me s ,t or t ur e ,t oxi cdumpi nga nds t i f l i ngf r e e dom ofs pe e c h,t ona mea f e w)a ga i ns tma nki ndi nt hena meofgr e e da ndpr of i t . The ys e ea se vi de nc et ha t i nc r e a s e de c onomi cgl oba l i z a t i ona ndt her i s eoft r a ns na t i ona lc or por a t epowe r ha vec r e a t e dt heunde ni a bl ec l i ma t ef orc or por a t ehuma nr i ght sa bus e r s . The yknow t ha tpr e da t or yc or por a t i onsa r egove r ne df i r s ta ndf or e mos tbyt he c ode sofs uppl ya ndde ma nda nds howt he i runa dul t e r a t e dl oya l t yonl yt ot he i r s t oc khol de r sa ndt hea l mi ght ybot t om l i ne .The yknow how c or por a t i onsha ve a ma s s e dgr e a tpowe ra ndi nf l ue nc eonpubl i cpol i c ya ndi mme ns epowe rove r wor l dgove r nme nt s . Asc or por a t i onsa r ea l l owe dt oa c tl i kec r i mi na l s , t he yha ve t her i ghta ndt hepowe rt os t opt he m. ASGREED DRI VEN MULTI NATI ONALCORPORATI ONSAND GOVERNMENTSe nga gei nt hec r ue l t i e sofGREEDAND Cor r upt i onaSI LENT GLOBALARMYOFCOMPUTERTECHNO’ Sa r eus i ngTHEI Rt a l e nt sa nd SKI LLSTO t hwa r tTHEM.Ar oundt hewor l di nVe ne z ue l a ,Ar ge nt i na ,I ndi a , a ndt heUni t e dSt a t e sANDMULTI TUDESOFOTHERCOUNTRI ESc i t i z e ns CYBERRe vol ut i ona r i e sa r es t e ppi ngupt of os t e rde moc r a c ya ndhol dc or por a t i onsa c c ount a bl eFORTHEI Re gr e gi ousCRI MES. Ast heAMERI CANr e vol ut i ona r ySa mue l Ada mss t a t e d, “ I tdoe snott a keama j or i t yt opr e va i l . . . butr a t he ra ni r a t e , t i r e l e s smi nor i t y , ke e nons e t t i ngbr us hf i r e s off r e e domi nt hemi ndsofme n. ” www. t heha c k er news . c om 11| Ma y2011| I s s ue02
Thos et ha tha vea bus e dpowe ra ndkne e lonl yt ogr e e ds houl dr e c ogni z et ha tA NEW REVOLUTI ON I SUNDERWAY.Agr owi ng,f ul l yf or me da ndde t e r mi ne dc ybe rARMYOFMANYha sf or me d. The i rr e vol ut i oni sa ni ns ur r e c t i on a ga i ns tt hec r ue l t i e sofGREED a ndCor r upt i ona ndi sbe i ngwa ge di nc ybe r s pa c ef r omPC’ Sa r oundt hewor l d.
Ent e rSonyPl ays t at i onNe t wor k
I fc or por a t eowne dgove r nme nt sa ndmul t i na t i ona lc or por a t i onsr e a l l yt hi nkt ha t t het a kedownofs onyps nwa sa boutpuni s hme ntf ors pyi ngont he i rus e r s ,t he y s houl da ndmus tt hi nka ga i n. Asa nygoodwa rs t r a t i ge s t mi ght doi t i swor t ht a ki ngal ooka t t hel e a dupt oone oft hebi gge s t ,mos te xpe ns e ,mos te mba r r a s s i ng,a ndl onge s ts hutdownsi n c ybe rhi s t or y .
Ti me l i ne
Apr i l16t h -Anonymouspl a nsaboyc ot tofSony Apr i l22nd-Pl a ys t a t i onne t wor ki sha c ke da nds hut down Apr i l26t h-Pl a ys t a t i ona nnounc e s77mi l l i onPSNc us t ome r si nf or ma t i onwa s ha c ke d Apr i l27t h -Theha c ke rne wsl e a ksc ha tl ogofPSNha c ke r s Ast hi si swr i t t e nwea r ee nt e r i ngda yni neoft hes hut downma nyus e r sa ndonl ooke r sa r ea s ki ngque s t i ons .I fyoua r enotoneoft he77mi l l i onne t wor kus e r s youmi ghtbea s ki ng,“ Whati st hepl ays t at i onne t wor k? ”TheSonyPl a ys t a t i onne t wor kwi l lc onne c tyourpl a ys t a t i on3t ot hei nt e r ne ta ndt os ony’ sc l oud s e r vi c e s . I fyoua r eoneoft he77mi l l i onus e r swa i t i ngt or e s umeyourga mepl a yi ng, you mi ghtbea s ki ng, “ Howl ongwi l lt hepl ays t at i onne t wor kbedown? ”Aha c ke r mi ghtt e l lyou, ar e vol ut i ont a ke st i me .Sonyha ss t a t e dt he yhopet obeba c kup i nawe e k. Aha c ke rmi ghtr e s pondt ot ha ta sa nopt i mi s t i cpr e di c t i on.
Onet hi ngonmos tpe opl e ’ smi ndsi st heque s t i on “ I smydat as af e ?” www. t heha c k er news . c om 12| Ma y2011| I s s ue02
Sonyc ompl a i nst ha tt hec ompr omi s e di nf or ma t i onmi ghtbeus e dbyt heha c ke r s ort hei nf or ma t i onc oul dbes ol dt oat hi r dpa r t y .TheHac ke rNe ws[ THN] t hi nkst ha t i far e vol ut i oni saf oot , t her e be l swoul dnot e nda nge rt heve r ype opl e i t i st r yi ngt opr ot e c t . Not et ha t We l l sFa r go, Ame r i c a nExpr e s s , a ndMa s t e rCa r d ha vebe e nmoni t or i ngc a r dhol de r sa c c ount sa ndha ves e e nnouna ut hor i z e da c t i vi t yr e l a t e dt os ony . Pr e s e nt l y ,SonyCor por a t i oni sf a c i ngac l a s sa c t i onl a ws ui tbyagr oupi nCa l i f or ni af orf a i l i ngt opr ot e c tus e r si nf or ma t i on.i na ddi t i on,t hi ss hut downc oul d c os ts onyupwa r dsof24bi l l i ondol l a r s . Ast hewor l dwa t c he ss onys t r uggl et or e s ol vet he i rpr e s e ntc onf oundi ngs i t ua t i onwemus twonde rwha tt he s ec ybe rwa r r i or sa r et r yi ngt oc onve y?Coul di t bea n“ Awake ni ng�i nc onve ni e nc et ot hega me r sc oupl e dwi t hahe f t ymone t a r y l os sa ndi nc onve ni e nc et os ony?I nf a c t ,pe r ha pst he ya r ea t t e mpt i ngt os e nda bi gge ra ndmor ei mpor t a ntme s s a get ot hewor l d. Coul dt he i rme s s a gebeac a l l t oa r ms ?Onec a nonl ys ur mi s ei fc or por a t eowne d gove r nme nt sa ndgr e e ddr i ve nmul t i na t i ona lc or por a t i onsc ont i nuet owa gewa r a ga i ns tma nki ndi nt hena meofgr e e da ndpr of i t ,t he nt het a kedownofSONY PSNa ppe a r st oha vegi ve nt hec ybe ra r mya ne ve nt t or e ve l i napr oba bl er e c r ui t i ngt ool . Wear eAnonymous Wear eLe gi on WedonotFor gi ve WedonotFor ge t Expe c tUs
www. t heha c k er news . c om 13| Ma y2011| I s s ue02
A71ye a rol dma nna me d AnnaHa z a r ede c i de st of a s t unt ode a t hunl e s sgove r nme nt r e c t i f i e si t si l l s .
Wh a td o e si ta l lme a nf o r
I n d i a . . . ? I ts e e me dunl i ke l yt ha tKi s anBabur aoHaz ar e ,t heol de s tofs i xs i bl i ngsa ndof humbl ebe gi nni ngswoul de ve rbei nt hepos i t i onofa l t e r i nggove r nme ntpr a c t i c e s wi t ht hes oundofj us tt wowor ds —“ Hunge rSt r i ke ” .
Bor ni n1940i nt hevi l l a geRa l e ga nSi ddi ,Ki s a nBa bur a oHa z a r e ,be t t e rknowni n t hewor l da sAnnaAa r a r e ,ha sdonej us tt ha t .I ns pi r e dbyt hewor ksofVi ve ka na nda , Ga ndhi ,a ndVi nobaBha ve ,hebe c a meas oc i a lwor ke ra nda c t i vi s t . Toda yAnnaHa z a r ei sr e s pons i bl ef ort hegove r nme ntc ons i de r a t i onoft heJ a n Lokpa lbi l lwhi c hwoul de s t a bl i s hi ni ndi aac hi e fombuds ma na nda nt i c or r upt i on pa ne lout s i deofgove r nme nt a la ndpol i t i c a li nf l ue nc e . But ,hedi dn’ tc omebyt hi sa c he i ve me ntwi t houtc ons i de r a bl ee xpe r i e nc ea ndape r s ua s i vet e c hni queofs ubmi t t i ngt ohunge rs t r i ke st obr i ngs omee nl i ght e nme ntt o I ndi a npol i t i c s . St a r t i ngi n1975a ndwor ki ngi nRa l e ga nSi ddhivi l l a ge ,het r a ns f or me dt hewa t e r di s t r i but i ons ys t e m whi c hl e dt oawa t e r s he dde ve l opme ntt ha tbr oughtas ol ut i ont o i r r i ga t i onpr obl e ms . Soi nf l ue nt i a l a ndpr ogr e s s i vewa shi sde s i gnt ha t t heI ndi a ngove r nme nt pl a nst ode ve l opamode lofi tf orot he rvi l l a ge si nt hec ount r y . I n1991Ha z a r ewa sa bl et oe xpos ec ol l us i onbe t we e n f or e s t of f i c i a l sa ndt i mbe rme r c ha nt sr e s ul t i ngi ns us pe ns i onoft he s eof f i c i a l s . www. t heha c k er news . c om 14| Ma y2011| I s s ue02
I n2003hee nt e r e daf a s tl a s t i ngs i xda ysbr i ngi ngi ndi c t me nt sf orc or r upt i ona ga i ns t f ourNCPMi ni s t e r soft heCongr e s s NCPGove r nme nt . Soona f t e r , Ha r a z ewa ss uc c e s s f uli ns t r e ngt he ni ngt heMa ha r a s ht r ar i ghtt oi nf or ma t i ona c tbye nt e r i ngahunge rs t r i kea ga i nl a s t i ngs i xda ysbe f or et hegove r nme nt a gr e e dt oa me ndt her i ght t oi nf or ma t i ona c t t oe xc l udet hef i l enot i ngsbyt hegove r nme ntof f i c i a l sf r omi t spur vi e w. I n201 1AnnaHa r a z ei ni t i a t e damove me ntt opa s st hej a nl okpa lbi l l .heonc ea ga i n be ga na98hourhunge rs t r i ket of or c et hegove r nme ntt opa s st hej a nl okpa lbi l lby 15a ugus t201 1. Shor t l ya f t e rt ha thede ma nde da na me ndme ntt ot hee l e c t r oll a wt oi nc or por a t et he opt i onof“ noneoft hea bove ”i nt hee l e c t r oni cvot i ngma c hi ne sdur i ngI ndi a ne l e c t i ons . Spor t i ngt he s ea c c ompl i s hme nt s ,i ti s n’ tawonde rt ha tt hel oot e r swhogove r nI ndi a ha veputupauni t e df r ontt ode r a i lHa r a z ea ndhi smove me ntt of r e eI ndi af r om t he c l ut c he sofl oot i nga ndc or r upt i on. Ast hee c onomi cc ondi t i onofi ndi ade t e r i or a t e sf ur t he ra ndf ur t he r , Ii mpl or ea l l i ndi a nst or i s eupa ndde ma ndt hepr i nc i pl e sa nddoc t r i neofAnnaAa z a r ebei ns t i t ut e d a ndf ol l owe d. Annaha r a z ec a nnot s i ngl eha nde dl ys t opt hede e pr oot e ds t a t eofc or r upt i oni nI ndi a . Hene e dsI ndi a ,t hepe opl eofI ndi a ,t os t a ndwi t hhi m,l oudl ya ndr e t ur nI ndi agove r nme ntt oi t sr i ght f ulowne r s . The r ec oul dbenot r ue rwor dsofAnnaHaz ar et hant he s e :
Theul t i ma t egoa lofa l lpol i t i c sa nds oc i a lwor k “
s houl dbet heupl i f t me ntofs oc i e t ya ndoft hena t i on. ” Wr i e nBy: Mo h i tK u ma r Edi t e dBy: P a eGa l l e
www. t heha c k er news . c om 15| Ma y2011| I s s ue02
Q/ A Ques t i on: Whys houl dt hegener a t i onoff r eel ov e , hi ppi es , a nd pol i t i c a l di s s entbea wa r e , i nt er es t ed, educ a t eda nds uppor t i v eof ha c k i nga ndot herc y bermet hodsofa wa k eni ngpeopl e? Ans wer: T hes eda y sev en5y ea rol dsha v eaf a c ebookpr ol e .Asa l l a ge gr oupsa r er egul a ri nt er netus er st hei nt er netbec omesac r i t i c a l pa r tofev er y onesl i f e .I fpeopl edon' tk nowhowt owor konl i nes a f el yt hent heyc a nbe v i c t i m ofc y berc r i mea nyt i me . Oneoft heobj ec t i v esof T HNi st obr i ngt her ea l i t yofs ec ur i t ya ndi t ' sc ons equenc est oi nt er netus er s .T hegener a t i ony our ef ert oi ny ourques t i oni s c omi nga l ong, butt heyneedmor eeduc a t i ona nda wa r enes soft hepowera nd t het hr ea toft hei nt er net . I bel i ev ewec a neduc a t epeopl eonhowt obet t erpr ot ec tt hems el v esa nd br i ngunder s t a ndi ngt ha tj us tbec a us eabi gc or por a t i ont el l sy ouy ouri nf or ma t i oni ss ec ur e , don' tbes oqui c kt obel i ev ei t . T oda ywec a n" ha c k "i nt omos ta l l s y s t ems .T hei ndus t r yi snotones t epa hea d ofus , , , , , wea r eones t epa hea doft hem.T i mef orev er y onet or ea l i z et ha tgov er nment sa ndc or por a t i onst ha tenga gei nc or r upt i on, dec ept i ona nds t ea l i ng ofc i t i z ensha r dea r neddol l a r swi l l bee x pos ed.I tmi ghtbef a i rt os a yt ha t ha c k er sa r et heba by s i t t er soft heev i l oft hewor l d.Wea r ewa t c hi nga ndwe a r edi s c ov er i ngwha tt hes et hei v esa r edoi nga ndt heya r ebewi l der eda st o howt oc opewi t hi t . T i mef ora l l gener a t i ons , es pec i a l l yt hegener a t i onoft he1960' st ha tunder s t oodgov er nmentneededa nov er ha ul , t os uppor ta ndut i l i z et hei nt er nett o a c c ompl i s ht hi s . I bel i ev et hi sc ur r entgener a t i onc a ndowha tot her sc oul dnot .Wi t hout r i ng ones hot , ga t her i ngi nonepubl i cs qua r e , c a r r y i ngonepr ot es ts i gn, wec a nv i a ourc omput er sbr i ngdownt heoutofc ont r ol unet hi c a l beha v i orofgov er nmenta ndc or por a t i ons . Pat t i Gal l e, Cont entEdi t or , TheHac kerNewsMagaz i ne
www. t heha c k er news . c om 16| Ma y2011| I s s ue02
1. )Sos or r ySony‌. . SonyOnl i neEnt er t ai nmentannouncedt hati thasl os t12, 700cus t omercr edi tcar dnumber sast her es ul tof anat t ack,andr oughl y24. 6mi l l i onaccount smayhavebeenbr eached.ReadMor e@ht t p: / / t i nyur l . com/ 3r y9675
2. )Anonymousper f or msOper at i onI r an.( TheHackerNewsGaveThem aSt andi ngOvat i on)OpI r anat t ackedt hegover nment alwebs i t esr es pons i bl ef oroppr es s i ngf r eedom ofs peech,i nf or mat i onori deas .Anonymoust i medat t ackst ocoi nci dewi t h I nt er nat i onalWor ker s ' Dayi nt heUni t edSt at es .ReadMor e@ ht t p: / / t i nyur l . com/ 5t snpsg
3. )DSLRepor t . com Hacked-t hei nf or mat i onandr evi ews i t eonhi ghs peedI nt er nets er vi ceswhi choper at esover200f or umshasbeenhi twi t habl i ndSQLi nj ect i onat t ack,whi chr es ul t edi nt hecompr omi s eofatl eas t9000account s .ReadMor e @ht t p: / / t i nyur l . com/ 3pphma4
4. )LadyGal lat wi t t eraboutheraccountbei nghacked.Ahackergai nedacces st oLadyGaga' st wi t t eraccountandbeganpos t i nganumberofs pam mes s ages ,al lwr i t t eni nSpani s h.ReadMor e@ht t p: / / t i nyur l . com/ 3g55t 6a
5. )Hacker st r ydat i ng.As oci alNet wor ki ngSi t e,Buddi e. mei shackedandabout15809emai l s / pas s wor dshavebeenexpos ed ont heWWW!ReadMor e@ht t p: / / t i nyur l . com/ 3qcyu2x
6. )Paki s t anCyberAr myder ai l st heI ndi ant r ai ns ys t em.PCAhackedi nt oI ndi anr ai l way' semai ls ys t em anddownl oadal loft he con dent i alemai l saswel lasemai laddr es s esandt hei rpas s wor ds .ReadMor e@ht t p: / / t i nyur l . com/ 3j l v8r t
7. )HackerdoesaNaught ydeed.A26year ol dmanf aces13f el onychar gesaf t erbei ngaccus edofhacki ngi nt oFacebookaccount s ,s t eal i ngphot osofyoungwomenandpos t i ngt hem onpor ns i t es .ReadMor e@ht t p: / / t i nyur l . com/ 6dhs2j 5
8. )Hacker seatt hei rown.ATur ki s hHacker sGr ouphacksCyber hacker s . or g.ReadMor e@ht t p: / / t i nyur l . com/ 3nmbl 7j
www. t heha c k er news . c om 17| Ma y2011| I s s ue02
9. )I ndi aandPaki s t anati tagai n.I ndi anHackerCodeBr eaker shackedPAF( Paki s t anAi rFor ce)s er ver.ReadMor e@ ht t p: / / t i nyur l . com/ 3kwo43k
10. )Empl oyeet ur nedHackers eesr ed.Anempl oyeecl ai msr evengef oran" i l l egi t i mat er i ng, "s t at i ngt hathewasabl et obr eak a200megawatwi ndt ur bi nes ys t em ownedbyNext Er aEner gyRes our ces .ReadMor e@ht t p: / / t i nyur l . com/ 6l 42yg8
11. )Ever yt hi ngi smadei nChi na……evenHacker s !Ther ei sagr owi ngt hr eatt oWes t er ngover nment sandcor por at i onsast hey ar eunderat t ackf r om hacker sbas edi nChi na.ReadMor e@ht t p: / / t i nyur l . com/ 3kkf ac2
12. )Hacker sar eoutoft hi swor l d!TheEur opeanSpaceAgency( ESA) ,es t abl i s hedi n1975washackedbyTi nKode. .ReadMor e @ht t p: / / t i nyur l . com/ 3bnqe7u
13. )Wor dPr es shasbeenhackedr es ul t i ngwhatt hecompanys ai dwasal owl evel( r oot )br eaki nt os ever aloft hei rs er ver s . ReadMor e@ht t p: / / t i nyur l . com/ 3baxshd
14. )Hacker sdot hei rownadver t i s i ng.Eps i l on' s( Mar ket i ngs er vi ces r m)Cus t omerLi s t sofMaj orBr andsCompr omi s ed.Read Mor e@ht t p: / / t i nyur l . com/ 3cg4x4l
15. )Whoi sbabys i t t i ngt hebabys i t t er ?Howdi dahackermanaget oi nl t r at eoneoft hewor l d’ st opcomput er s ecur i t ycompani es ?Ar eRSApr oduct snowuns af et o40mi l l i onus er s ?ReadMor e@ht t p: / / t i nyur l . com/ 3w8knw6
www. t heha c k er news . c om 18| Ma y2011| I s s ue02
HACKERZ TOOL KI T 1 . )Me t a s p l o i tFr a me wo r k3 . 7 . 0Re l e a s e d-h t t p : / / t i n y u r l . c o m/ 3 j e f l 8 a 2 . )To r0 . 2 . 2 . 2 5 a l p h ar e l e a s e d-h t t p : / / t i n y u r l . c o m/ 3 k v 8 5 6 h 3 . )Ha c ky o u rSo n yPSP:I SOTo o lv 1 . 9 7 5Re l e a s e d-h t t p : / / t i n y u r l . c o m/ 3 u b a 3 z f 4 . )Go o g l eHa c kDa t a b a s eTo o lv 1 . 1-h t t p : / / t i n y u r l . c o m/ 3 z we v l 3 5 . )USBI mmu n i z e r: An t i Ma l wa r eTo o l-h t t p : / / t i n y u r l . c o m/ 3 u 5 c 5 w3 6 . )Ar p ON2 . 2r e l e a s e d-ARPh a n d l e ri n s p e c t i o n-h t t p : / / t i n y u r l . c o m/ 3 d l f e 6 z 7 . )Hy d r av 6 . 3Re l e a s e dwi t ho r a c l e&s n mp e n u mmo d u l e s-h t t p : / / t i n y u r l . c o m/ 3 k c o 7 2 m 8 . )Pa c k e t Ma n i p u l a t o r0 . 3r e l e a s e d-i n c l u d i n gWi n d o wsI n s t a l l e r-h t t p : / / t i n y u r l . c o m/ 3 k p n e wl 9 . )Li v eHa c k i n gDVDv 1 . 3Be t a-Do wn l o a d-h t t p : / / t i n y u r l . c o m/ 3 mm7 u q s 1 0 . )Nc r a c k0 . 4Al p h a-Ne wVe r s i o nd o wn l o a d-h t t p : / / t i n y u r l . c o m/ 3 b 8 n 4 j 6 1 1 . )J o h nt h eRi p p e r1 . 7 . 7n e wv e r s i o nRe l e a s e d-h t t p : / / t i n y u r l . c o m/ 4 y r u 6 2 4 1 2 . )Mi c r o s o f tWi n d o wsMa l i c i o u sSo f t wa r eRe mo v a lTo o l-h t t p : / / t i n y u r l . c o m/ 3 d p k ws h 1 3 . )Ca i n&Ab e l4 . 9 . 4 0r e l e a s e d, Do wn l o a dn o w-h t t p : / / t i n y u r l . c o m/ 4 4 8 wz 2 u 1 4 . )Pa n g o l i nv 3 . 2 . 3Re l e a s e d , Do wn l o a dNo w-h t t p : / / t i n y u r l . c o m/ 3 n z q g x k 1 5 . )Th eSo c i a l En g i n e e rTo o l k i tv 1 . 3 . 5Re l e a s e d-h t t p : / / t i n y u r l . c o m/ 3 p y 5 o 2 e 1 6 . )I n f o n d l i n u x-Se c u r i t yt o o l si n s t a l ls c r i p tf o rUb u n t u-h t t p : / / t i n y u r l . c o m/ 3 s p c 4 p 9 1 7 . )Bo d g e I tSt o r e:Vu l n e r a b l eWe bAp p l i c a t i o nFo rPT-h t t p : / / t i n y u r l . c o m/ 4 y h 9 u h 4 1 8 . )f i l e i n f o g u i-Fo r e n s i ct o o lf o rf i l ei n f o r ma t i o n-h t t p : / / t i n y u r l . c o m/ 3 k s q n 6 8 1 9 . )THCAma pv 5 . 3-a p p l i c a t i o np r o t o c o ld e t e c t i o nRe l e a s e d-h t t p : / / t i n y u r l . c o m/ 6 j wt r 9 x 2 0 . )Ph o e n i xe x p l o i tk i t2 . 5l e a k e d , Do wn l o a dNo w-h t t p : / / t i n y u r l . c o m/ 4 y 2 g k r c 2 1 . )Wi r e s h a r k1 . 5 . 1De v e l o p me n tRe l e a s e-h t t p : / / t i n y u r l . c o m/ 4 x u mg 4 6 2 2 . )Ol l y Db g2 . 0 1a l p h a3Re l e a s e d-h t t p : / / t i n y u r l . c o m/ 3 c z x q 4 j 2 3 . )Sq l ma pv . 0 . 9-a u t o ma t i cSQLi n j e c t i o n-h t t p : / / t i n y u r l . c o m/ 3 o l t 5 e z 2 4 . )Ra wCa ps n i f f e rf o rWi n d o wsr e l e a s e d-h t t p : / / t i n y u r l . c o m/ 6 y 5 g l 7 q 2 5 . )Wi Fi t eTh eWEP/ WP ACr a c k e rv e r s i o nr 6 8r e l e a s e d-h t t p : / / t i n y u r l . c o m/ 3 z v 7 e j 6 2 6 . )Pe n TBo x1 . 4–Pe n e t r a t i o nTe s t i n gSe c u r i t ySu i t eDo wn l o a d-h t t p : / / t i n y u r l . c o m/ 4 2 y d z s x 2 7 . )DRI L:Do ma i nRe v e r s eI PLo o k u pTo o lDo wn l o a d-h t t p : / / t i n y u r l . c o m/ 3 w5 ml v g
www. t heha c k er news . c om 19| Ma y2011| I s s ue02
' TheHacker sPar adi s e' hackedbyKhant as t i C On30Apr i l2011,Khant as t i C( Paki s t anihacker )Hackedi nt o ht t p: / / www. t hehacker s par adi s e. com andaddhi sdef acepageont hat . ReadMor e@ht t p: / / t i nyur l . com/ 3huasms
Pr es i dentofPaki s t an–Dat abas eHackedByMohi tPandeAkaTos hu On1may2011,Mohi tPande( I ndi anHacker )hackPaki s t aniPr es i dent ’ s Offici alwebs i t eandexpos eddat abas eashackpr oofht t p: / / pas t ebi n. com/ Vt a6hVWTHackedSi t eht t p: / / www. pr es i dent of paki s t an. gov. pk/, ReadMor e@ht t p: / / t i nyur l . com/ 3hyl zo6 Es cuel aUni ver s i t ar i aDi s eno-Spai nhackedbyFr 0664/ FCA,26740 emai l s / pas s wor dsDumped-On1may2011,Fr 0664/ FCAhackeddat abas eofEs cuel aUni ver s i t ar i aDi s eno–Spai nanddumpt hedat abas eatht t ps : / / r api ds har e. com/l es / 460080122/ es ne. edu. 7z. ReadMor e@ht t p: / / t i nyur l . com/ 4y4g7r v
Avi at i onWebs i t ePl anes pot t er s . nethackedByLi onanees h On29Apr i l2011,Li onanees h( I ndi anHacker )hackedPl anes pot t er s . net andExpos edat abas eatht t p: / / pas t ebi n. com/ i qqaPway. ReadMor e@ht t p: / / t i nyur l . com/ 4y4ho5j
FamousI s r ael icompanywebs i t esHackedbyOl dChi l dz( Tur ki s hHacker s ) On29Apr i l2011,Ol dChi l dz( Tur ki s hHacker s )hackvar i ousFamousI s r ael i companywebs i t es .ReadMor e@ht t p: / / t i nyur l . com/ 4xh3t 6f
Cambr i dgeNet wor kshackedbyShak[ PCA] On27t hApr i l2011,Shak( Paki s t anihacker )hacki nt o cambr i dgewebwor ks . com andcambr i dgenet wor ks . co. uk. ReadMor e@ht t p: / / t i nyur l . com/ 42csl at
253webs i t edef acedbyi mm0r t 4l(I ndi anhacki ngcr ew) On27Apr i l2011,i mm0r t 4lHackvar i ouss i t esl i s t edat ht t p: / / pas t ebi n. com/ r 57UmqZ0. ReadMor e@ht t p: / / t i nyur l . com/ 3b5w3nt
TheFi l m andPubl i cat i onBoar d’ s( FPB)webs i t eHackedbyDr . Kr oOoZBy. NeShTeR/TTG On26t hApr i l ,TheFi l m andPubl i cat i onBoar d’ s ( FPB)webs i t e,hos t edatht t p: / / www. f pb. gov. za,hadbeenhackedby Dr . Kr oOoZ-By. NeShTeR/TTG. ReadMor e@ht t p: / / t i nyur l . com/ 43bg64u
www. t heha c k er news . c om 21| Ma y2011| I s s ue02
Pakr ai l . com dat abas eandus erdet ai l shackedbyAngel4k44d0r 4b13 Angel( I ndi anhacker )hackedt hedat abas eofPakr ai l . com on26t hApr i l 2011.HackedDat abas e-ht t p: / / pas t ebi n. com/ y6WQ1Qr r ReadMor e@ht t p: / / t i nyur l . com/ 3k33kvq
TheOakRi dgeNat i onalLabor at or yHacked -On22Apr i l2011,TheOakRi dgeNat i onalLabor at or ygot Hacked.ReadMor e@ht t p: / / t i nyur l . com/ 3kr w47d
20chi nagover nmentwebs i t eshackedbyThe077(HamDiHaCker) On20t hApr i l2011,20chi nagover nmentwebs i t esgothackedby The077(HamDiHaCker) .Hackeds i t esLi s t: ht t p: / / pas t ebi n. com/ YbyS1Ghm . ReadMor e@ht t p: / / t i nyur l . com/ 42db5mp
CEHTr ai ner( Cent enni alMedi aTr ai ni ng)GotHacked On12Apr i lAhackerhackedi nt owebs i t eofCEHt r ai nerat ht t p: / / www. cmt r ai ni ng. com. au/. ReadMor e@ht t p: / / t i nyur l . com/ 3vkz6me
www. t heha c k er news . c om 22| Ma y2011| I s s ue02
70I ndi anWebs i t esHackedByShadow008( PakCyber Ar my) On10Apr i l2011,Shadow008( PakCyber Ar my)hack70I ndi anwebs i t es . Her ei sl i s tofhackeds i t es-ht t p: / / pas t ebi n. com/ 8weEL5Bx. ReadMor e@ht t p: / / t i nyur l . com/ 3r hznzo
CatTechi eakkavai dehis achi n' sal ls i t es , Secur i t yFi r m &News CompanygotHacked-On7t hApr i l2011,CatTechi eakkavai dehi s achi n' sal ls i t es , Secur i t yFi r m &NewsCompanygotHackedby I ndi anl 33tHaxor s .ReadMor e@ht t p: / / t i nyur l . com/ 4x67dgk
Wi ndowsSer ver sHackedatTheHar t f or dI ns ur anceCompany On7t hApr i l2011,Hacker shavebr okeni nt oTheHar t f or di ns ur ance companyandi ns t al l edpas s wor ds t eal i ngpr ogr amsons ever aloft he company' sWi ndowss er ver s . ReadMor e@ht t p: / / t i nyur l . com/ 3qnpl 8o
GovtofOr i s s awebs i t eOwnedbyZHCXt r eMi s t[ ZHC] On6t hApr i l2011,GovtofOr i s s awebs i t e-zs s mayur bhanj . gov. i nwas hackedbyZHCXt r eMi s t[ ZHC] . ReadMor e@ht t p: / / t i nyur l . com/ 3baku2m
www. t heha c k er news . c om 23| Ma y2011| I s s ue02
Securi tyEvents Bel netSecur i t yConf er ence,5May2011i nBr us s el s Secur i t yont heI nt er neti soneofBel net ' shi ghes tpr i or i t i es .Bel netaf t eral lhasext ens i veexper t i s eati t sdi s pos ali nt he ar eaofI nt er nets ecur i t y.Mor eover ,wi t ht heexpans i onofi t ss ecur i t ys er vi ces ,Bel netwi s hest or ai s eawar enes sont he par toft heus ercommuni t ywi t hr es pectt os ecur i t y. Ther ef or eBel netor gani zes: What?Bel netSecur i t yConf er ence When?Thur s day5may2011 Wher e?atMar i vauxHot el ,Boul evar dAdol pheMax98, 1000Br us s el sAcces s map ReadMor e@ht t p: / / t i nyur l . com/ 3sbqzcg
OWASPHackademi cChal l engesPr oj ect TheOWASPHackademi cChal l engesPr oj ecti sanopens our cepr oj ectt hathel psyout es tyourknowl edgeonwebappl i cat i ons ecur i t y.Thecompet i t i ons t ar t son21s tApr i landwi l lr unf or4weeksunt i l15t hMay.
ReadMor e@ht t p: / / t i nyur l . com/ 3hf d6r p
Securi tyEvents Cal l i ngAl lHacker s-Gr andPr i zei nSuns hi neSt at e“ Hackt acul ar ”Chal l enge Cal l i ngal lhacker s :Dat aAnal yzer s ,LLC( www. dat anal yzer s . com)i nOr l ando, Fl or i da,i shos t i ngt heSuns hi neSt at e" Hackt acul ar "Chal l engewi t habi gpr i ze f ort het opcompet i t or–af ul l t i mej obwi t hbenet sandr el ocat i onal l owance i fyoumovet oOr l ando. ReadMor e@ht t p: / / t i nyur l . com/ 4xes3t 4 TheUnder gr oundCyberHacki ngChal l enge 0p3nH4xi st he r s tofi t ski nd" under gr oundcyberhacki ngchal l enge" .A chal l engebyhacker sf orhacker st ot es tr eals ki l l si nt he el d.Wear echal l engi ngal lhacker snomat t eri fyouar ebl ackorwhi t e" hat t ed" .I t ' st i met o pr ovet hatyourpr ef er r edcommuni t yi snots os ki d.Deadl i nef orr egi s t r at i onsf ort heunder gr oundhacki ngchal l engei s8t hMay2011at00: 00 GMT.ReadMor e@ht t p: / / t i nyur l . com/ 4ynukd7
Der byConSecur i t yConf er ence2011 Offens i veSecur i t ywi l lbes pons or i ngDer byCon.Der byConi sanewhackerconf er encel ocat edi nLoui s vi l l eKent ucky.Goali st obr i ngbackanol ds t yl e,communi t ydr i venhackerconchockedf ul lofamazi ngt al ks ,l i veevent sandal lar oundf un.Der byConwi l lbeatt heHyat tRegencyi nLoui s vi l l eKent ucky, t i cket swi l lgoons al eat8: 00AMonFr i dayApr i l29,2011f or$125. 00f ort hatweekendandgoupt o $150. 00ont hef ol l owi ngMonday.ReadMor e@ht t p: / / t i nyur l . com/ 3vvl t 78
CYBER CRI ME Hackerpl eadsaf t erbus t edwi t h675Ks t ol encar ds AGeor gi amanhaspl eadedgui l t yt of r audandi dent i t yt hef taf t eraut hor i t i esf oundhi mi npos s es s i onofmor et han675, 000cr edi tcar dnumber s ,s omeofwhi chheobt ai nedbyhacki ngi nt obus i nes snet wor ks . ReadMor e@ht t p: / / t i nyur l . com/ 3eww6kv
For merCi s coEngi neerAr r es t edf orHacki ng Af or merCi s coengi neerwasar r es t edl as tyearonchar gesofhacki ngi nt ohi s f or merempl oyer ' snet wor kandi scur r ent l yawai t i ngext r adi t i oni nCanada. Thechar gesagai ns tPet erAl f r edAdekeye,aBr i t i s hnat i onalwhowor kedf or Ci s cobef or el eavi ngt os t ar thi sowncompany,wer er epor t edi nl ocalVancouvermedi at hi sweek.ReadMor e@ ht t p: / / t i nyur l . com/ 3sv5evq Paki s t anpr es i dent ' swebs i t ehacki ngcas eadj our ned Acour ther ehasadj our nedt hecas eofamanwhohackedi nt ot hePaki s t anpr es i dent ' swebs i t eandupl oadedmat er i aldef ami ngAs i fAl iZar dar i .Accor di ngt oFeder alI nves t i gat i onAgency( FI A)enqui r y,t hehacker ,ShahbazKhan,hadt he us er nameADI L/ Th3penet r at oranddef acedt hewebs i t ewww. pr es i dent of paki s t an. com andupl oadedmat er i aldef ami ngZar dar iandt hecount r y. ReadMor e@ht t p: / / t i nyur l . com/ 4x7e83e Hacker ss t ealDel l1000' scus t omeri nf or mat i on Theper s onali nf or mat i onoft hous andsofAus t r al i anshasbeens t ol enbyhacker s whor ai dedaUSbas eddat abas ecompany,i nwhats omeexper t sar ecal l i ngt he bi gges tdat at hef ti nUShi s t or y.I nas t at ement ,Del las s ur edi t scus t omer st hat cr edi tcar d,banki ngandot herper s onal l yi dent iabl ei nf or mat i onwasnotatr i s k andr emai neds ecur e.ReadMor e@ht t p: / / t i nyur l . com/ 3cuar j t
www. t heha c k er news . c om 26| Ma y2011| I s s ue02
LI NUX NEWS Ubunt u11. 04Rel eas ed Fort hos eofyouwat chi ngUbunt u' swebs i t er ecent l y,youmayhavenot i cedanew ver s i onoft hepopul arandeas yt ous evar i antofLi nuxhasbeens ur f aced-Nat t y Nar wal .Downl oad:ht t p: / / www. ubunt u. com/ downl oad. ReadMor e@ht t p: / / t i nyur l . com/ 3s95vl 9
ESETNOD32r el eas esAnt i vi r usf orLi nux4 ESETannouncedt heavai l abi l i t yofESETNOD32Ant i vi r us4Bus i nes sEdi t i onf orLi nuxDes kt opandESETNOD32Ant i vi r us4f orLi nux. ESETNOD32Ant i vi r us4f orLi nuxoer spr ot ect i on agai ns tcr os s pl at f or m andemer gi ngt hr eat s ,enhanci ngt hes ecur i t yofLi nuxpl at f or ms .The s canni ngengi neaut omat i cal l ydet ect sandcl eansmal i ci ouscode,i ncl udi ngt hr eat sdes i gned f orWi ndowsandMacbas eds ys t ems .ReadMor e@ht t p: / / t i nyur l . com/ 3j qt usb
GNOME3. 0Rel eas ed,Avai l abl ef orDownl oad -GNOME3. 0i samaj ormi l es t onei nt hehi s t or yoft heGNOMEPr oj ect . Ther el eas ei nt r oducesanexci t i ngnewdes kt opwhi chhasbeendes i gnedf ort oday' sus er sandwhi chi ss ui t edt oar angeofmoder ncomput i ngdevi ces .Downl oadNow:ht t p: / / gnome3. or g/ t r yi t . ht ml. ReadMor e@ht t p: / / t i nyur l . com/ 3db52t 3
Mandr i va2011Bet a2i sAvai l abl ef orTes t i ng Mandr i va2011bet a2wass uppos edt ober el eas edaweekago,butt her el eas es chedul ewasdel ayedbyl as tmi nut edef ect sdi s cover edbyt hedevel opmentandt es t i ng t eams .I nor dert ogethol dofbet a2,youcanvi s i tyourf avor i t eMandr i vami r r orand checkdevel / i s o/ 2011.ReadMor e@ht t p: / / t i nyur l . com/ 3c388eq
www. t heha c k er news . c om 27| Ma y2011| I s s ue02
Googl e' sChr ome11 xes$16, 500wor t hofbugs At ot alof27s ecur i t yvul ner abi l i t i esar e xedi nt hel at es ts t abl er el eas ef orWi ndows , Mac, Li nuxandChr omeFr ame. I ndi vi dualr ewar dswer ef r om $500upt o$3, 000f ora
par t i cul ar l ynas t yl ooki ngbugt hatal l owedapos s i bl eURLbars poofl eadi ngt onavi gat i oner r or sandi nt er r upt edpagel oads . ReadMor e@ht t p: / / t i nyur l . com/ 3hf 6vl d FBIcr acksI nt er nat i onalBotNet wor k TheDepar t mentofJ us t i ceandFBIdecl ar edt hati thascr ackedanet wor kofhacker s , whohavei nf ect edal mos t2mi l l i oncomput er swi t ha har mf ul" bot "pr ogr am, Cor eoodt hats t eal spr i vat eandmonet ar ydat a f r om comput er s . ReadMor e@ht t p: / / t i nyur l . com/ 4225el q
Cyberj i hadi s t scoul dus eSt uxnetwor mt oat t ackt hewes t Thewor s tcas es cenar i oi st hatAl Qaedaoranot heror gani s at i oncoul dgai n acces st ot hi st ypeofknowl edgeandi nf or mat i on, andmakeus eofi tt ol aunch at t acksoncr i t i cali nf r as t r uct ur e–l i kebl owupnucl earpowerpl ant sordos omet hi ngt oourf oodchai n. ReadMor e@ht t p: / / t i nyur l . com/ 42sf 8qn
McAf ees t udy-I ndi ai sf our t hl owes ti ns ecur i t yadopt i on Accor di ngt ot her epor t ndi ngs , I ndi ar ankedf our t hi nt er msofl owes tl evel s ofs ecur i t yadopt i onaf t erBr azi l , Fr anceandMexi co, adopt i ngonl yhal fas manys ecur i t ymeas ur esasl eadi ngcount r i ess uchasChi na, I t al yandJ apan. Concur r ent l y, Chi naandJ apanwer eal s oamongt hecount r i eswi t ht hehi ghes tcon dencel evel si nt heabi l i t yofcur r entl awst opr eventordet erat t acks i nt hei rcount r i es . ReadMor e@ht t p: / / t i nyur l . com/ 3g5hooh www. t heha c k er news . c om 2 8| Ma y2 01 1| I s s ue02
Si emensAs s i s t edwi t hSt uxnet ' sDevel opment , cl ai medbyI r an As eni orI r ani anoďŹƒci alaccus esSi emensofwi l l i ngl yas s i s t i ngt heSt uxnetcr eat or sbypr ovi di ngt hes our cecodeneces s ar yf ort hem t oexpl oi ti t ss of t war e. " Si emenss houl dexpl ai nwhyandhowi tpr ovi dedt heenemi eswi t ht hei nf or mat i onaboutt hecodesoft heSCADAs of t war eandpr epar edt hegr oundf ora cyberat t ackagai ns tus , ". ReadMor e@ht t p: / / t i nyur l . com/ 3uhapgd Ver i zon2011Dat aBr eachI nves t i gat i onsRepor tRel eas ed Dat al os st hr oughcyberat t acksdecr eas eds har pl yi n2010, butt het ot al numberofbr eacheswashi ghert hanever , accor di ngt ot he"Ver i zon2011 Dat aBr eachI nves t i gat i onsRepor t. "Thes e ndi ngscont i nuet odemons t r at e t hatbus i nes s esandcons umer smus tr emai nvi gi l anti ni mpl ement i ngand mai nt ai ni ngs ecur i t ypr act i ces . ReadMor e@ht t p: / / t i nyur l . com/ 42vl mx2 I ndi a' sCBIpl anst os endt eamst oUS, Eur opet ot r acehacker s Agai ns tt hebackdr opoft heat t ackoni t swebs i t eby" Paki s t anCyber Ar my" , t heCBIi scons i der i ngt os endi t st eam t ot heUSandEur opet o t r acehacker si nvol vedi nt hedef acement . ReadMor e@ht t p: / / t i nyur l . com/ 3v673j t
NewChi nes eMBRRoot ki tI dent ied Anewr oot ki tt hatus est hemas t erbootr ecor d( MBR)t ohi dei t s el fhasbeen di s cover edi nChi naandi sbei ngus edt oi ns t al lanonl i negamepas s wor d s t eal er . ReadMor e@ht t p: / / t i nyur l . com/ 3vl s6ho
www. t heha c k er news . c om 2 9| Ma y2 01 1| I s s ue02
VULNERABI LI TY EXPOSURE Vul ner abi l i t yi nFac ebookEmai l f eat ur eExpos ed T hi st i met heF a c ebookus er na mef ea t ur ei sVul ner a bl e. Not onl yc a nS pa m' sbes entbutt hi sbugc a nbeus edt opos ti l l egi t i ma t emes s a gest oF a c ebookus er sf r om t hei rf r i endsorei t her f r om unk nownpeopl ewi t houtt hec ons entoft hes ender . Read Mor e@ht t p: / / t i nyur l . c om/ 3pqxj xj Not e:" T hi si s n' tas er i ous a w, bugorv ul ner a bi l i t ybuthi si spr ooft ha tt hewebs i t esl i k eF a c ebookc ont a i ns ec ur i t yhol es ."
0dayExpl oi tRel eas ed: Adobe, HP, Sun, Mi c r os of tI nt er i x&manymor eVendor sFTPhac kabl e Mul t i pl eVendor sl i bc / gl ob( 3) r es our c eex ha us t i on( +0da y r emot ef t pda non) E x pl oi tha sbeenr el ea s eda ndt hi sex pl oi tc a nha c kF T Pofv a r i ousVendor sl i k eAdobe, HP, S un, Mi c r os of tI nt er i x. Readmor e@ht t p: / / t i nyur l . c om/ 3kngqj f
Fac ebooki snotExc l us i on, XMLVul ner abi l i t y T hi si s n' ts er i ous a worbug, v ul ner a bi l i t y , butt hi s i spr oov et ha tev ens uc hwebs i t e' sc ont a i ns ec ur i t y hol es , a ndi fy oul ookt hr oughy ouc a nt a k et hem ov er . ReadMor e@ht t p: / / t i nyur l . c om/ 5t 7f d32
Mi c r os of tdi s c l os esvul ner abi l i t i esi nChr omeand Oper aMi c r os of tha si s s uedt woa dv i s or i esonChr ome a ndOper a , det a i l i ngr emot ec odeex ec ut i ona ndi nf or ma t i ondi s c l os ur ev ul ner a bi l i t i es . T hedi s c l os ur ei st he r es ul toft heMi c r os of tVul ner a bi l i t yRes ea r c h( MS VR) s y s t em goi ngl i v e, whi c hi soneoft hec or ei t emswi t hi n t hei rCoor di na t edVul ner a bi l i t yDi s c l os ur e( CVD) pr ogr a m. ReadMor e@ht t p: / / t i nyur l . c om/ 3hj 58bj
www. t heha c k er news . c om 30| Ma y2011| I s s ue02
VULNERABI LI TY EXPOSURE
DHCPc l i ental l owss hel l c ommandi nj ec t i on Dhc l i entv er s i ons3. 0. xt o4. 2. xa r ea l l owsDHCPs er v er st o i nj ec tc omma ndswhi c hc oul da l l owa na t t a c k ert oobt a i n r ootpr i v i l eges . T hepr obl em i sc a us edbyi nc or r ec tl t er i ng ofmet a da t ai ns er v err es pons e el ds . ReadMor e@ht t p: / / t i nyur l . c om/ 3bj s v42
Mul t i pl evul ner abi l i t i esi nI BM Ti vol i Di r ec t or y Ser verMul t i pl ev ul ner a bi l i t i esha v ebeenr epor t edi nI BMT i v ol i Di r ec t or yS er v er , whi c hc a nbeex pl oi t edbyma l i c i ousus er st odi s c l os es ens i t i v ei nf or ma t i ona ndbyma l i c i ouspeopl et oc a us ea Deni a l ofS er v i c ea ndc ompr omi s eav ul ner a bl e s y s t em. ReadMor e@ht t p: / / t i nyur l . c om/ 3l 8f 4pm Channel . f ac ebook. c om c r os s s i t es c r i pt i ng( XSS) vul ner abi l i t ybyEdgar dChammas S ec ur i t yr es ea r c herE dga r dCha mma s , ha ss ubmi t t ed on02/ 04/ 2011ac r os s s i t es c r i pt i ng( XS S ) v ul ner a bi l i t y a ec t i ng1. 61. c ha nnel . f a c ebook . c om, whi c ha tt he t i meofs ubmi s s i onr a nk ed2ont heweba c c or di ngt o Al ex a . I ti sc ur r ent l yun x ed. ReadMor e@ht t p: / / t i nyur l . c om/ 3o7484g
Getal l Vul ner abi l i t yNews@ ht t p: / / t i nyur l . c om/ 6xl nmwz
www. t heha c k er news . c om 31| Ma y2011| I s s ue02
F eedba c k Dea rRea der s , T ha nky ouf orbei ngapa r tofamov ementof a wa r enes sa ndc ha nge .Y ours uppor t ,pa r t i c i pa t i ona nd enc our a gementi swhywec ont i nuet oma k e‘ THEHACKER NEWS’ t hebes ts our c eofi nt er nets ec ur i t yont heweb. T oget herwec a nbr i ngf or wa r dt hei nf or ma t i onwe needt oha v eas us t a i na bl ea ndhea l t hywor l d.Wec a n' t wa i tt obr i ngy oune x tmont h' sedi t i on, " T ot al Expos ur e" t ha twi l l c ov er , i ndept h, howv ul ner a bl egov er nment sa nd c or por a t i onsa r e .Y ouwon' twa ntt omi s si t! Pl ea s ef or wa r dourma ga z i net of r i ends , c owor k er s , bos s es , f a mi l ya ndbus i nes s esy ouk nowwoul denj oyr ea di nga ndl ea r ni nga bouti nt er nets ec ur i t ya ndt hewho' s whooft hei nt er networ l d.I nt hemea nt i me , T ha nky ou. y our oc k! T heHa c k erNewsT ea m
#E ma i l Usy ouF eedba c k / Ar t i c l esa tt heha c k er news @gma i l . c om #Vi s i tours i t eht t p: / / www. t heha c k er news . c om/ #Dona t eus , KeepusS t r ong:ht t p: / / t i ny ur l . c om/ 64b7x s 2 #J oi nourf a c ebookpa ge: ht t p: / / t i ny ur l . c om/ 6de49r 9 #F ol l owusonT wi t t er: ht t ps : / / t wi t t er . c om/ # ! / T heHa c k er s News
www. t heha c k er news . c om 32| Ma y2011| I s s ue02