” Absinthe “, —-> Jailbreak Tool for iPhone 4S will be released in a few hours..
Pod2g just announced to release a jailbreak for iPhone 4S and iPad 2 running on iOS 5.0.1 Indeed, we have even an approximate time! In a few hours, we will be able to run the untethered jailbreak on A5 devices..
The official website Bharat Sanchar Nigam Limited (BSNL) was hacked today by Pakistani hacker “KhantastiC haX0r”
The official website of India’s leading telecom Company Bharat Sanchar Nigam Limited (BSNL) was hacked today by Pakistani hacker “KhantastiC haX0r”.This year 2011, Attack/ defacement are less than the records of previous years.
This is not 1st time when BSNL become victim of any cyber attack. Pakistani Hackers hit Indian Corporate and National Government Websites, Servers time by time Just for FUN or so called Cyber War b/w these two countries.
Most of the hacking groups from India now become White hat hackers and working for Cyber Security Awareness and Development.
The Hacker domain is http://bsnl.co.in/tender1/ .
Source : Hacker news
SSL DDOS Tool – German hacker group “The Hacker’s Choice” officially released
German hacker group “The Hacker’s Choice” officially released a new DDoS tool. The tool exploits a weakness in SSL to kick a server off the Internet.
Establishing a secure SSL connection requires 15x more processing power on the server than on the client.THC-SSL-DOS exploits this asymmetric property by overloading theserver and knocking it off the Internet.This problem affects all SSL implementations today. The vendors are awareof this problem since 2003 and the topic has been widely discussed.This attack further exploits the SSL secure Renegotiation featureto trigger thousands of renegotiations via single TCP connection.
Download:
Windows binary: thc-ssl-dos-1.4-win-bin.zip
Unix Source : thc-ssl-dos-1.4.tar.gz
Usage:
Use “./configure; make all install” to build and Run : ./thc-ssl-dos 127.3.133.7 443
Tips & Tricks for whitehats
1. The average server can do 300 handshakes per second. This would require 10-25% of your laptops CPU.
2. Use multiple hosts (SSL-DOS) if an SSL Accelerator is used.
3. Be smart in target acquisition: The HTTPS Port (443) is not always the best choice. Other SSL enabled ports are more unlikely to use an SSL Accelerator (like the POP3S, SMTPS, … or the secure database port).
Counter measurements:
No real solutions exists. The following steps can mitigate (but not solve) the problem:
1. Disable SSL-Renegotiation
2. Invest into SSL Accelerator
Source : The Hacker News
OpenVAS – Advanced Open Source vulnerability scanner
OpenVAS – Advanced Open Source vulnerability scanner
OpenVAS is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution.The powerful and comprehensive OpenVAS solution is available as Free Software and maintained on a daily basis.
An overview of the vulnerability handling process is:
The reporter reports the vulnerability privately to OpenVAS.
The appropriate component’s developers works privately with the reporter to resolve the vulnerability.
A new release of the OpenVAS component concerned is made that includes the fix.
The OpenVAS Manager is the central service that consolidates plain vulnerability scanning into a full vulnerability management solution. The Manager controls the Scanner via OTP (OpenVAS Transfer Protocol) and itself offers the XML-based, stateless OpenVAS Management Protocol (OMP). All intelligence is implemented in the Manager so that it is possible to implement various lean clients that will behave consistently e.g. with regard to filtering or sorting scan results. The Manager also controls a SQL database (sqlite-based) where all configuration and scan result data is centrally stored.
Download OpenVAS
US considered cyber war on Libya
Officials in the US Obama administration considered compromising Libya’s government computer networks
to block early-warning data gathering and missile launches on NATO war planes during the American-led strikes, but decided against it, according to The New York Times.
The report goes on to claim that, while the use of what is believed to be a pre-existing armoury of Trojans, viruses, malware and military hackers was suggested, the cyber-attack was never actually carried out.
The attack would have tried to disrupt Libya’s early-warning radar system and thus cripple the North African country’s ability to fire back at attacking NATO aircraft.But the Obama administration and the Pentagon chose instead to mount a conventional attack, partly because an American cyberattack might have set a dangerous precedent, and Libya might not have been worth the risk.
In the end, American officials rejected cyberwarfare and used conventional aircraft, cruise missiles and drones to strike the Libyan air-defense missiles and radars used by Col. Muammar el-Qaddafi’s government.This previously undisclosed debate among a small circle of advisers demonstrates that cyberoffensives are a growing form of warfare. The question the United States faces is whether and when to cross the threshold into overt cyberattacks.
A senior Defense Department official said: “They were seriously considered because they could cripple Libya’s air defense and lower the risk to pilots, but it just didn’t pan out.”
[Source CNET]
Scammers Drawing Profits Out Of Steve’s Death!
Aiming to capitalise on Steve Jobs’ death, online scammers have already hit a massive campaign comprising a bogus offer to Facebook users for free iPads in his memory.
| Friday, October 07, 2011: With the death of Apple co-founder Steve Jobs, the world mourns the untimely demise of one of the greatest innovators and inventors the technology world ever produced. But, there lies one section of this technology world which is trying to cash in on his death. Online scammers have already hit a massive campaign comprising a bogus offer to Facebook users for free iPads in his memory.
Computer security firm Sophos has revealed that scammers urge Facebook users to click on a link to register for free Apple products. They further request them to complete online surveys or visit gambling sites, as a step to win an Apple product. Owing to traffic-based commission on websites, the scammers profit when users click through those links, reports Graham Cluley, a researcher with Sophos. |
 |
While scams like this may not pose any malware threat to the users but the likeliness of online criminals devising more malicious campaigns cannot be ignored either. “They could just as easily have taken those users to a Web page containing malicious code or a phishing page designed to steal credentials,” Cluley says on the Sophos blog.
Computer fraudsters frequently attract prey by linking news of the latest tragedy or celebrity gossip to offers for free products, then packaging them in tainted Facebook messages, tweets or e-mails, the report adds.
Happy birthday wikileaks ..
Celebrating 5th Birthday of Wikileaks (Born : 4th Oct 2006) The wikileaks.org domain name was registered on
4 October 2006. The website was unveiled, and
published its first document, in December 2006.
The site claims to have been “founded by Chinese dissidents, journalists, mathematicians and start-up
company technologists, from the US, Taiwan,
Europe, Australia and South Africa “. The creators of WikiLeaks have not been formally
identified. It has been represented in public since
January 2007 by Julian Assange and others.
Assange describes himself as a member of
WikiLeaks’ advisory board. News reports in The
Australian have called Assange the “founder of WikiLeaks “. According to Wired magazine, a volunteer said that Assange described himself in a
private conversation as “the heart and soul of this
organisation, its founder, philosopher,
spokesperson, original coder, organizer, financier,
and all the rest”. 2006–08 WikiLeaks posted its first document in December
2006, a decision to assassinate government
officials signed by Sheikh Hassan Dahir Aweys.”] In
August 2007, The Guardian published a story
about corruption by the family of the former
Kenyan leader Daniel arap Moi based on information provided via WikiLeaks. In November
2007, a March 2003 copy of Standard Operating
Procedures for Camp Delta detailing the protocol of
the U.S. Army at the Guantanamo Bay detention
camp was released. The document revealed that
some prisoners were off-limits to the International Committee of the Red Cross, something that the U.S.
military had in the past repeatedly denied. In
February 2008, WikiLeaks released allegations of
illegal activities at the Cayman Islands branch of
the Swiss Bank Julius Baer, which led to the bank
suing WikiLeaks and obtaining an injunction which temporarily shut down wikileaks.org. The
California judge had the service provider of
WikiLeaks block the site’s domain (wikileaks.org)
on 18 February 2008, although the bank only
wanted the documents to be removed but
WikiLeaks had failed to name a contact. The site was instantly mirrored by supporters, and later
that month the judge overturned his previous
decision citing First Amendment concerns and
questions about legal jurisdiction. In March 2008,
WikiLeaks published what they referred to as “the collected secret ‘bibles’ of Scientology,” and three days later received letters threatening to sue
them for breach of copyright. In September 2008,
during the 2008 United States presidential election
campaigns, the contents of a Yahoo account
belonging to Sarah Palin (the running mate of
Republican presidential nominee John McCain) were posted on WikiLeaks after being hacked into
by members of Anonymous. In November 2008,
the membership list of the far-right British National
Party was posted to WikiLeaks, after briefly
appearing on a blog. A year later, on October
2009, another list of BNP members was leaked. 2009 In January 2009, WikiLeaks released 86 telephone
intercept recordings of Peruvian politicians and
businessmen involved in the 2008 Peru oil
scandal. In February, WikiLeaks released 6,780
Congressional Research Service reports followed in
March, by a list of contributors to the Norm Coleman senatorial campaign and a set of
documents belonging to Barclays Bank that had
been ordered removed from the website of The
Guardian. In July, it released a report relating to a
serious nuclear accident that had occurred at the
Iranian Natanz nuclear facility in 2009. Later media reports have suggested that the accident was
related to the Stuxnet computer worm. In
September, internal documents from Kaupthing
Bank were leaked, from shortly before the collapse
of Iceland’s banking sector, which led to the
2008–2010 Icelandic financial crisis. The document shows that suspiciously large sums of
money were loaned to various owners of the
bank, and large debts written off. In October, Joint
Services Protocol 440, a British document advising
the security services on how to avoid documents
being leaked was published by WikiLeaks. Later that month, it announced that a super-injunction
was being used by the commodities company
Trafigura to gag The Guardian (London) from
reporting on a leaked internal document
regarding a toxic dumping incident in the Ivory
Coast. In November, it hosted copies of e-mail correspondence between climate scientists,
although they were not originally leaked to
WikiLeaks. It also released 570,000 intercepts of
pager messages sent on the day of the 11
September attacks. During 2008 and 2009,
WikiLeaks published the alleged lists of forbidden or illegal web addresses for Australia, Denmark
and Thailand. These were originally created to
prevent access to child pornography and
terrorism, but the leaks revealed that other sites
covering unrelated subjects were also listed. 2010 In March 2010, WikiLeaks released a secret 32-
page U.S. Department of Defense
Counterintelligence Analysis Report written in
March 2008 discussing the leaking of material by
WikiLeaks and how it could be deterred. In April, a
classified video of the 12 July 2007 Baghdad airstrike was released, showing two Reuters
employees being fired at, after the pilots
mistakenly thought the men were carrying
weapons, which were in fact cameras. In the week
following the release, “wikileaks” was the search
term with the most significant growth worldwide in the last seven days as measured by Google
Insights. In January 2010, WikiLeaks received the
first test cable. A 22-year-old US Army intelligence
analyst, PFC (formerly SPC) Bradley Manning,
leaked a US embassy cable relating to IceSave,
thereafter referred as “Reykjavik 13″. In June 2010, he was arrested after alleged chat logs were
turned in to the authorities by former hacker
Adrian Lamo, in whom he had confided. Manning
reportedly told Lamo he had leaked the “Collateral
Murder” video, in addition to a video of the Granai
airstrike and around 260,000 diplomatic cables, to WikiLeaks. In July, WikiLeaks released 92,000
documents related to the war in Afghanistan
between 2004 and the end of 2009 to The
Guardian, The New York Times and Der Spiegel.
The documents detail individual incidents
including friendly fire and civilian casualties. At the end of July, a 1.4 GB “insurance file” was added to
the Afghan War Diary page, whose decryption
details would be released if WikiLeaks or Assange
were harmed. About 15,000 of the 92,000
documents have not yet been released on
WikiLeaks, as the group is currently reviewing the documents to remove some of the sources of the
information. WikiLeaks asked the Pentagon and
human-rights groups to help remove names from
the documents to reduce the potential harm
caused by their release, but did not receive
assistance. Following the Love Parade stampede in Duisburg, Germany, on 24 July 2010, a local
resident published internal documents of the city
administration regarding the planning of Love
Parade. The city government reacted by securing a
court order on 16 August forcing the removal of
the documents from the site on which it was hosted. On 20 August 2010, WikiLeaks released a
publication entitled Loveparade 2010 Duisburg
planning documents, 2007–2010, which
comprised 43 internal documents regarding the
Love Parade 2010. Following on from the leak of
information from the Afghan War, in October 2010, around 400,000 documents relating to the Iraq
War were released in October. The BBC quoted The
Pentagon referring to the Iraq War Logs as “the
largest leak of classified documents in its history.”
Media coverage of the leaked documents focused
on claims that the U.S. government had ignored reports of torture by the Iraqi authorities during
the period after the 2003 war. Diplomatic cables release On 28 November 2010, WikiLeaks and five major
newspapers from Spain (El País), France (Le
Monde), Germany (Der Spiegel), the United
Kingdom (The Guardian), and the United States
(The New York Times) started to simultaneously
publish the first 220 of 251,287 leaked confidential — but not top-secret — diplomatic
cables from 274 US embassies around the world,
dated from 28 December 1966 to 28 February
2010. WikiLeaks plans to release the entirety of the
cables in phases over several months. The contents of the diplomatic cables include
numerous unguarded comments and revelations
regarding: critiques and praises about the host
countries of various US embassies; political
manuvering regarding climate change; discussion
and resolutions towards ending ongoing tension in the Middle East; efforts and resistance towards
nuclear disarmament; actions in the War on Terror;
assessments of other threats around the world;
dealings between various countries; US intelligence
and counterintelligence efforts; and other
diplomatic actions. Reactions to the United States diplomatic cables leak include stark criticism,
anticipation, commendation, and quiescence.
Consequent reactions to the US government
include ridicule, sympathy, bewilderment and
dismay. On 14 December 2010 the United States
Department of Justice issued a subpoena directing Twitter to provide information for accounts
registered to or associated with WikiLeaks. Twitter
decided to notify its users. The overthrow of the
presidency in Tunisia has been attributed in part to
reaction against the corruption revealed by leaked
cables. 2011 : Guantanamo files In late April 2011, files related to the Guantanamo
prison were released. Wow, for being only 5 years old they have done a
remarkable and outstanding job of serving the
people. The one thing most governments in the
world have left off their agenda’s. Keep up the
good work Wikileaks and we stand in support and
behind you.
Ref : Hackers News
