MI6 hackers replace al Qaeda bomb recipes with pirated cake recipes. Hackers working for UK intelligence agency MI6 modified an online al Qaeda magazine and replaced the bomb recipes therein with cake recipes.
They called it "Operation Cupcake. " When followers tried to download the 67-page colour magazine, instead of instructions about how to "Make a bomb in the Kitchen of your Mom" by "The AQ Chef" they were greeted with garbled computer code. The code, which had been inserted into the original magazine by the British intelligence hackers, was actually a web page of recipes for "The Best Cupcakes in America" published by the Ellen DeGeneres chat show. L’attaque de l’année ! Même dans des situations où on pense que son système de sécurité est infaillible, les hackers font preuve d'une imagination sans limite.
Dernier exemple avec la société Netragard qui a pratiqué un audit chez l'un de ses clients, dont le système informatique était hyper sérieux, avec tout un tas de règles très strictes sur l'utilisation des réseaux sociaux, des téléphones, et sur l'accès physique aux ordinateurs. Washington Post's Jobs Section Hacked; 1.27 Million User IDs and E-mail Addresses Taken. $250,000 for Information on Rustock Botnet Creators. In 2009, Microsoft announced that it was offering a $250,000 reward for information that results in the arrest and conviction of those responsible for illegally launching the Conficker (aka Downadup) worm on the Internet.
Yesterday, Microsoft offered another $250,000 reward for anyone who can provide new information "... to identify those responsible for controlling the notorious Rustock botnet ... that results in the identification, arrest and criminal conviction of such individual(s). " As described in a Wall Street Journal article in March, Microsoft along with federal law enforcement was able to severely disrupt - if not fatally crippled - the Rustock botnet which was responsible for sending out some 30 billion spam emails a day. The Microsoft offer, which it posted on The Official Microsoft Blog, stated: Whether anyone takes up the offer remains to be seen. In the case of the Conficker reward, no one has come forward to claim it yet.
Nor amount of security training, either, it appears. US Military System Design Badly Compromised in March Cyber Attack? Various news outlets like the New York Times are reporting that the Deputy Secretary of Defense William J.
Lynn III stated that an unnamed US defense contractor's computer system had been penetrated in March and that some 24,000 files pertaining to an unnamed military system had been stolen. Secretary Lynn's disclosure came in a speech yesterday at the National Defense University announcing the US Department of Defense Strategy for Operating in Cyberspace (PDF). Secretary Lynn said in his speech that the US cyber strategy primarily was defensive in nature, but again reiterated that the US would not shy away from taking the initiative in defending itself. L’ONU piraté. 7 Habits of Highly Effective Hackers: Using twitter to build password cracking wordlist. This is going to be a quick one.
We're going to show how to use twitter to build a word list for cracking passwords. We'll use John the Ripper, and as a target we'll use the MilitarySingles.com md5 password hashes that were released by the artist formerly known as lulzsec. First, let's hack out a quick script that will get relevant tweets for us. And yes, I use a lot of tabs. The Pirate Bay Dancing for Firefox Bypasses National IP and DNS Blocks. And what happens when your government - or any government - declares that encrypted transmissions are against the law?
That they can only be used for financial transactions, and any other Internet use MUST be sent in the clear or face arrest? *shrugs* Microsoft Emergency Bulletin: Unauthorized Certificate used in "Flame" Microsoft just released an emergency bulletin, and an associated patch, notifying users of Windows that a "unauthorized digital certificates derived from a Microsoft Certificate Authority" was used to sign components of the "Flame" malware.
The update revokes a total of 3 intermediate certificate authorities: Microsoft Enforced Licensing Intermediate PCA (2 certificates) Microsoft Enforced Licensing Registration Authority CA (SHA1) It is not clear from the bulletin, who had access to these intermediate certificates, and if they were abused by an authorized user, or if they were compromised and used by an unauthorized user. Either way: Apply the patch. NASA 2011: hacked 13 times, highlights security failures? The National Aeronautics and Space Administration (NASA) has admitted that 13 separate major network security breaches took place in 2011.
The agency's inspector, General Paul K Martin, told a Congressional panel last week that only $58 million of its $1.5 billion annual IT budget was spent on cybersecurity, and hackers managed to gain "full, functional control" of NASA's systems at the Jet Propulsion laboratory (JPL). Martin's statement on Nasa's cybersecurity was submitted to the House Committee on Science, Space and Technology's Subcommittee on Investigations and Oversight.
Apart from the 13 major breaches, 5,408 minor computer security incidents also took place between between 2010 and 2011. Between 2009 and 2011, 48 agency mobile devices, such as unencrypted netbooks, were also reported lost or stolen. The hackers also secured full system access, which allowed them to edit, copy or delete sensitive and confidential files as they pleased.
Le Battle.net de Blizzard s'est fait hacker ! Defcon 2010 - Crawling BitTorrent DHTs for Fun - Scott Wolchok - Part.mov. DEF CON: The Documentary - 720p. Defcon 18 - You spent all that money and you still got owned - Joseph McCray - Part .mov. DEFCON 14: The Making of atlas: Kiddie to Hacker in 5 Sleepless Nights. Bad kitty! “Rookie mistake” in Cryptocat chat app makes cracking a snap. Developers of the Cryptocat application for encrypting communications of activists and journalists have apologized for a critical programming flaw that made it trivial for third parties to decipher group chats.
The precise amount of time the vulnerability was active is in dispute, with Cryptocat developers putting it at seven months and a security researcher saying it was closer to 19 months. Both sides agree that the effect of the bug was that the keys used to encrypt and decrypt conversations among groups of users were easy for outsiders to calculate. As a result, activists, journalists, or others who relied on Cryptocat to protect their group chats from government or industry snoops got little more protection than is typically available in standard chat programs. Snoops can identify Tor users given enough time, experts say. A recent academic paper (PDF) shows “that Tor faces even greater risks from traffic correlation than previous studies suggested.”
In other words, one of the world’s best tools for keeping online speech anonymous is at risk in a previously known—but now even clearer—fashion. In the wake of a recent uptick of Tor usage (whether from a botnet or from people inspired by former National Security Agency [NSA] contractor Edward Snowden), a reminder of these risks is certainly germane to today’s Internet. The new research has shown that a potential adversary with control of Internet Exchange Points (IXPs) or autonomous systems (ASes) that have large-scale network control (like an ISP), could expose and identify a Tor user, given enough time. “Essentially what we’re saying is location matters,” Chris Wacek, a researcher at Georgetown University and one of the paper’s authors, told Ars. RSF hacke la censure. Samedi, un hackaton était organisé à la Cantine à Paris pour tester la sécurité de la future plate-forme de diffusion de contenus censurés de Reporters sans frontières, WeFightCensorship.
Une expérience qui illustre une fois de plus les liens fructueux que les ONG ont commencé à tisser avec les hackers. Daedalus, une vue en 3D des cyber-attaques. Il n’y a rien de beau dans une cyber-attaque, c’est un fait. Faire tomber un site internet, mettre à mal tout le réseau d’une entreprise, ce n’est pas beau, ce n’est pas bien… Mais un institut a trouvé le moyen de rendre ceci d’une bien belle manière. Pour ce faire, le NICT, l’Institut National des Technologies de l’Information et des Communications du Japon, a décidé de surveiller pas moins de 190 000 adresses IP japonaises et de toutes les regrouper sous formes de lignes dans une vue unifiée en 3D. Les réseaux, sous-réseaux, les pings y apparaissent.
La vue met même en évidence les attaques potentielles. Wall Street targeted: 50,000 IT accounts hacked and leaked by ‘MidasBank’ A related faction of Anonymous, TeamGhostShell, has been targeting China with a vengeance in operation, #ProjectDragonFly — and now meet MidasBank, which focuses on the financial aspect; this time Wall Street. Approximately 50.000 accounts have been compromised. Defects leave critical military, industrial infrastructure open to hacks. Security researchers have blown the whistle on serious vulnerabilities in an Internet-connected system used by the US military, hospitals, and private industry to control boilers, air-conditioners, security alarms, and other critical industrial equipment. The defects in the Niagara Framework, which links more than 11 million devices in 52 countries, could allow malicious hackers to seize control of critical infrastructure, an article published by The Washington Post warned.
The vulnerabilities were unearthed by Billy Rios and Terry McCorkle, two researchers who have spent the past 18 months exposing security holes in a variety of ICS, or industrial control systems. "The ICS software community is light years behind modern software security," Rios wrote in a blog post recounting his odyssey in getting Niagara officials to publicly acknowledge the vulnerabilities after he and McCorkle reported them. A Tridium official told the paper: "We're committed to making our framework more secure. Reuters doublement piraté !
Les hackers ont enfin fait cracker le Sénat. Enfin ! Le dernier rapport du Sénat sur la cyberdéfense montre un changement net de regard sur la communauté des hackers. Hackers Get Personal Information on 35 Million South Korean Users of Nate and Cyworld. The Korean Herald and other news outlets are reporting that 35 million users of Nate - South Korea's third largest search engine - and Cyworld - the country's largest social networking site - have had some of their personal information stolen by hackers allegedly traced to China.
Some 25 million South Koreans belong to Cyworld - nearly half the country's population. The hacking attack was announced yesterday by SK Communications Co., which operates Nate and Cyworld, and is "a unit of the SK Group whose affiliates include top mobile operator SK Telecom," the Herald report. Hard drive-wiping malware that hit South Korea tied to military espionage. The hackers responsible for a malware attack in March that simultaneously wiped data from tens of thousands of South Korean computers belong to the same espionage group that has targeted South Korean and US military secrets for four years, researchers said. The conclusion, reported in a recently published research paper from security firm McAfee, is surprising.
Most groups behind network-based espionage campaigns take pains to remain hidden to ensure their advanced persistent threat (APT) is able to siphon as much sensitive data as possible. The "Dark Seoul" attack, by contrast, has attracted huge amounts of attention because of its coordinated detonation. It struck government and media networks in South Korea precisely at 2pm local time on March 20, affecting both Internet and mobile banking applications, while taking automatic teller machines offline.
Until now, researchers speculated the unknown group behind the attack was primarily motivated by a goal of causing disruptions. Seemingly benign “Jekyll” app passes Apple review, then becomes “evil” Computer scientists say they found a way to sneak malicious programs into Apple's exclusive app store without being detected by the mandatory review process that's supposed to automatically flag such apps. The researchers from the Georgia Institute of Technology used the technique to create what appeared to be a harmless app that Apple reviewers accepted into the iOS app store. How easy is it to hack JavaScript in a browser?
This Q&A is part of a weekly series of posts highlighting common questions encountered by technophiles and answered by users at Stack Exchange, a free, community-powered network of 100+ Q&A sites. Jesus Rodriguez asks: My question has to do with JavaScript security. JonDoFox 2.5.3: Provides protection against new HTTP authentication attack - JonDonym News Center. Today, the JonDos GmbH publishes a new version of JonDoFox, a privacy-friendly web browser, that you may also use for anonymous surfing, e.g. over anonymous proxy servers. What is new? The JonDoFox research team has uncovered a new attack on web browsers: Affected are the web browsers Firefox, Chrome and Safari. Piratage des données de l'UMP: que risquent les hackers, et autres questions. Des données personnelles de centaines de partisans et cadres de l'UMP, députés, sénateurs ou membres de cabinets ministériels, ont été piratées et sont disponibles librement sur Internet, rapportait Rue89 le 8 novembre, après avoir été alerté par une start-up qui réalise une veille sur les communications entre les hackers.
Le point sur ce que l'on sait, régulièrement mis à jour. Qui a été piraté et comment? Le parti majoritaire a affirmé le 8 novembre que la base de données diffusée «n’est pas un fichier de l’UMP», et que «certaines des informations qui y apparaissent ne sont pas des données que collecte l’UMP». URBAN HACK ATTACK - EPISODE 1. L’activité de 250 000 hackers analysée. Trahi par sa clé USB. HakTip - DEFCON 19: Wireless Security Assessment. Sony à poil et en image. You will be billed $90,000 for this call 2: F-Secure detects trojan malware in mobile game. [INFOGRAPHIE]: Genèse des menaces - Trend Micro France. Serial hacker says latest Android will be “pretty hard” to exploit. Scary New Computer Virus Could Be Responsible for the Nintendo Bomb Threat. Barnaby Jack. Defcon 20 - Dan Tentler - Drinking from the caffeine firehose we know as shodan. Nine Common Myths and Misconceptions About Viruses, Examined and Debunked. World's Biggest Data Breaches.
Group-IB Threat Intelligence Report 2012–2013 H1, a must read. Gone in 30 seconds: New attack plucks secrets from HTTPS-protected pages. “Hand of Thief” banking trojan doesn’t do Windows—but it does Linux. Android Firefox Zero-Day exploit available on the underground. Man In The Browser attacks scare banking world. Attackers can slip malicious code into many Android apps via open Wi-Fi. Le système d'achat in-app d'Apple finalement cracké. Apple’s “in-app purchase” service for iOS bypassed by Russian hacker. How to hide files in JPEG pictures. Tool: DNS Check #DNSChanger. Exploiter une injection SQL les doigts dans le nez. Linux Self-destruct Program. Une clé USB = Un mot de passe. DHCP Snooping.
How to hack Facebook account: Facebook profile hacking by PHP session hijacking. How to hack Facebook account 4: Geolocation via cross-site scripting. Clickjacking For Shells. Une faille dans les MacBook Air. SSL Man in the MIddle Attack using SSL Strip - Part 2. SSL Man in the Middle Attack using SSLStrip. Access Any Website Or Forum Without Registering. GSM-to-Skype. Mon astuce pro du web : Comment faire exploser vos revenus et votre trafic. Security researcher's app is like an over-the-shoulder iPad keylogger - TNW Apps.
This is how vulnerable your Facebook Page really is - TNW Facebook. Hack msn - Hack webcam [ Comment pirater une webcam avec SpyCam Foxiness - spy-webcam.com.