Hacking World

Facebook Twitter

LulzSec

NSA. Bad kitty! “Rookie mistake” in Cryptocat chat app makes cracking a snap. Developers of the Cryptocat application for encrypting communications of activists and journalists have apologized for a critical programming flaw that made it trivial for third parties to decipher group chats.

Bad kitty! “Rookie mistake” in Cryptocat chat app makes cracking a snap

The precise amount of time the vulnerability was active is in dispute, with Cryptocat developers putting it at seven months and a security researcher saying it was closer to 19 months. Both sides agree that the effect of the bug was that the keys used to encrypt and decrypt conversations among groups of users were easy for outsiders to calculate.

As a result, activists, journalists, or others who relied on Cryptocat to protect their group chats from government or industry snoops got little more protection than is typically available in standard chat programs. Snoops can identify Tor users given enough time, experts say. A recent academic paper (PDF) shows “that Tor faces even greater risks from traffic correlation than previous studies suggested.”

Snoops can identify Tor users given enough time, experts say

In other words, one of the world’s best tools for keeping online speech anonymous is at risk in a previously known—but now even clearer—fashion. In the wake of a recent uptick of Tor usage (whether from a botnet or from people inspired by former National Security Agency [NSA] contractor Edward Snowden), a reminder of these risks is certainly germane to today’s Internet. The new research has shown that a potential adversary with control of Internet Exchange Points (IXPs) or autonomous systems (ASes) that have large-scale network control (like an ISP), could expose and identify a Tor user, given enough time.

Android botnets on the rise - case study. Mobile botnets are malicious infrastructures that are increasing with impressive trend especially the Android botnets, considering the capillary diffusion for the Google mobile OS.

Android botnets on the rise - case study

Android devices are in the hands of more than half mobile users and unfortunately bad habits and lack of awareness of cyber threats are creating the favorable conditions for the diffusion of malicious applications that could infect helpless mobile. Every day I meet dozens of persons that have made a jailbreak on their device, that have installed insecure application downloaded from third-party application stores in most of the cases for trivial reasons.

For youngsters security is an unknown word, exactly such as malware despite they know that they desktop PC could be infected. But mobile devices are also in workspace, the promiscuous usage is very common that’s why concepts such as BYOD are becoming very familiar at least between company management. DEFCON 14: The Making of atlas: Kiddie to Hacker in 5 Sleepless Nights. Defcon 18 - You spent all that money and you still got owned - Joseph McCray - Part .mov. Hard drive-wiping malware that hit South Korea tied to military espionage. The hackers responsible for a malware attack in March that simultaneously wiped data from tens of thousands of South Korean computers belong to the same espionage group that has targeted South Korean and US military secrets for four years, researchers said.

Hard drive-wiping malware that hit South Korea tied to military espionage

The conclusion, reported in a recently published research paper from security firm McAfee, is surprising. Most groups behind network-based espionage campaigns take pains to remain hidden to ensure their advanced persistent threat (APT) is able to siphon as much sensitive data as possible. The "Dark Seoul" attack, by contrast, has attracted huge amounts of attention because of its coordinated detonation. It struck government and media networks in South Korea precisely at 2pm local time on March 20, affecting both Internet and mobile banking applications, while taking automatic teller machines offline.

Hackers Get Personal Information on 35 Million South Korean Users of Nate and Cyworld. The Korean Herald and other news outlets are reporting that 35 million users of Nate - South Korea's third largest search engine - and Cyworld - the country's largest social networking site - have had some of their personal information stolen by hackers allegedly traced to China.

Hackers Get Personal Information on 35 Million South Korean Users of Nate and Cyworld

Some 25 million South Koreans belong to Cyworld - nearly half the country's population. The hacking attack was announced yesterday by SK Communications Co., which operates Nate and Cyworld, and is "a unit of the SK Group whose affiliates include top mobile operator SK Telecom," the Herald report. The Korean Herald story quotes a statement from SK Communications that reads in part: "The company has confirmed that a leak of customers' information has taken place due to hacking on July 26, The specific scale of the hacking is still being investigated, but it is estimated that some of the personal information of 35 million Nate and Cyworld members have been leaked.

" DEF CON: The Documentary - 720p. Information Security Company | Counter Intelligence | OSINT Software. Defcon 2010 - Crawling BitTorrent DHTs for Fun - Scott Wolchok - Part.mov. Defcon 18 - Power of the Chinese Security - Anthony Lai Jake Appelbaum Jon Oberheide - Part.mov. DEFCON 20: Owning Bad Guys {And Mafia} With Javascript Botnets.

Exploits

Amazing mind reader reveals his 'gift' Defects leave critical military, industrial infrastructure open to hacks. Security researchers have blown the whistle on serious vulnerabilities in an Internet-connected system used by the US military, hospitals, and private industry to control boilers, air-conditioners, security alarms, and other critical industrial equipment.

Defects leave critical military, industrial infrastructure open to hacks

The defects in the Niagara Framework, which links more than 11 million devices in 52 countries, could allow malicious hackers to seize control of critical infrastructure, an article published by The Washington Post warned. The vulnerabilities were unearthed by Billy Rios and Terry McCorkle, two researchers who have spent the past 18 months exposing security holes in a variety of ICS, or industrial control systems. "The ICS software community is light years behind modern software security," Rios wrote in a blog post recounting his odyssey in getting Niagara officials to publicly acknowledge the vulnerabilities after he and McCorkle reported them. Wall Street targeted: 50,000 IT accounts hacked and leaked by ‘MidasBank’ A related faction of Anonymous, TeamGhostShell, has been targeting China with a vengeance in operation, #ProjectDragonFly — and now meet MidasBank, which focuses on the financial aspect; this time Wall Street.

Wall Street targeted: 50,000 IT accounts hacked and leaked by ‘MidasBank’

Approximately 50.000 accounts have been compromised. “I’ve been hacked!” Masakaki states, “The list contains both current, past, and rejected IT from Wall Street. The information is as detailed as ever with many other surprises in it.” GhostShell has been leaking left and right all kinds of targets, well we’re here to bring some sort of order to it, which is why this district will function solely to provide leaks from an economical point of view, institutional and educational, but primary, it will focus on the financial aspect of things.With that being said, what better target to pick as a first release, than the place that puts all markets to shame in the world. Daedalus, une vue en 3D des cyber-attaques. Il n’y a rien de beau dans une cyber-attaque, c’est un fait.

Daedalus, une vue en 3D des cyber-attaques

Faire tomber un site internet, mettre à mal tout le réseau d’une entreprise, ce n’est pas beau, ce n’est pas bien… Mais un institut a trouvé le moyen de rendre ceci d’une bien belle manière. Pour ce faire, le NICT, l’Institut National des Technologies de l’Information et des Communications du Japon, a décidé de surveiller pas moins de 190 000 adresses IP japonaises et de toutes les regrouper sous formes de lignes dans une vue unifiée en 3D.

Les réseaux, sous-réseaux, les pings y apparaissent. This Week in Cybercrime: Data Breaches at Yahoo, Formspring and Nvidia. It has been relatively quiet on the IT hacking front for the past month since LinkedIn and eHarmony were hacked and some 8 million user passwords taken.

This Week in Cybercrime: Data Breaches at Yahoo, Formspring and Nvidia

But things hotted up this past week, with several major hacks targeted at the social media site Formspring, search company Yahoo, and just announced today, hardware maker Nvidia. On Monday, hackers posted password information on 420,000 Formspring accounts online, which caused it to reset the passwords for all 28 million users on Wednesday as a precaution. A story at the San Francisco Chronicle quotes the following from Formspring founder Ade Olonoh’s blog that, ”We found that someone had broken into one of our development servers and was able to use that access to extract account information from a production database.

" The Formspring passwords taken were encrypted, and the company “salts” its password files, making it more difficult for them to be decrypted than in the LinkedIn and eHarmony cases. RSF hacke la censure. Samedi, un hackaton était organisé à la Cantine à Paris pour tester la sécurité de la future plate-forme de diffusion de contenus censurés de Reporters sans frontières, WeFightCensorship.

RSF hacke la censure

Une expérience qui illustre une fois de plus les liens fructueux que les ONG ont commencé à tisser avec les hackers. Pentesting (test d'intrusion) de l'application WeFightCensorship de RSF à La Cantine, le 21 juillet 2012 - cc Ophelia Noor Ils lui ont fait mal, ils lui ont fait mal, les hackers à la future plate-forme WeFightCensorship de Reporters sans frontières (RSF). Ce samedi, ils étaient conviés par l’ONG à un hackaton organisé à la Cantine à Paris pour tester la sécurité de l’outil. Vu l’enjeu, WeFightCensorship a intérêt à viser un système sûr au maximum. La carte d’un monde d’espions. OWNI en partenariat avec Wikileaks vous propose cette carte interactive permettant d'identifier toutes les sociétés à travers le monde qui développent et vendent des systèmes d'interception massives.

Depuis le mois de septembre dernier, OWNI, en partenariat avec WikiLeaks et cinq autres médias, a mis à jour les activités et les technologies des sociétés – souvent proches des services de renseignement et des institutions militaires – à l’origine de ce nouveau marché de l’interception massive. Pour une part très significative, ces industriels discrets sont implantés dans des démocraties occidentales. Ils fournissent en matériels d’écoutes et d’interception de masse leur propre gouvernement mais aussi de nombreuses dictatures. Reuters doublement piraté ! On parle souvent du piratage d'e-mails ou autres coordonnées bancaires. Toutefois, il existe mille et une façon de hacker un système, le site Reuters en a fait les frais et les conséquences auraient pu être détestables. Reuters est un site reconnu pour son sérieux, un site qui ne poste pas de news sans certitude.

Il jouit donc d’une excellente réputation et les infos données sont telles du pain béni. FinSpy Software Is Tracking Political Dissidents. What they found was the widespread use of sophisticated, off-the-shelf computer espionage software by governments with questionable records on human rights. While the software is supposedly sold for use only in criminal investigations, the two came across evidence that it was being used to target political dissidents. The software proved to be the stuff of a spy film: it can grab images of computer screens, record Skype chats, turn on cameras and microphones and log keystrokes. The two men said they discovered mobile versions of the spyware customized for all major mobile phones. But what made the software especially sophisticated was how well it avoided detection.

Les hackers ont enfin fait cracker le Sénat. Enfin ! Le dernier rapport du Sénat sur la cyberdéfense montre un changement net de regard sur la communauté des hackers. Naguère assimilés à des vilains pirates informatiques avides de gains, ils sont maintenant considérés pour ce qu'ils sont vraiment : un précieux vivier de talents en matière de sécurité informatique. hacker : pirate informatique.Avec l’essor de l’internet s’est développée une nouvelle catégorie de pirates (hackers) agissant en groupes et essentiellement motivés par l’appât du gain. Ces groupes mettent au point des outils qu’ils peuvent exploiter directement ou offrir sur le marché à des clients tels que des organisations criminelles ou mafieuses, des officines d’espionnage économique, des entreprises ou des services de renseignement. En 2008 comme en 2012, le rapport du Sénat sur la cyberdéfense, dont la dernière mouture vient d’être remise par Jean-Marie Bockel, témoigne que le milieu des hackers semble toujours un peu mystérieux à nos parlementaires.

Le Battle.net de Blizzard s'est fait hacker ! Blizzard invite ses utilisateurs à changer le mot de passe de leur compte Battle.net après que des hackers se soient introduits dans son système. Le service Battle.net de Blizzard vient tout juste d'être victime d'une méchante intrusion. La société avoue en effet que des hackers ont réussi à s'introduire dans son système pour y récupérer des informations rattachées à des comptes utilisateurs : « Cette semaine, notre équipe en charge de la sécurité a constaté un accès illégal et non autorisé à notre network interne, ici, à Blizzard.

Nous avons rapidement colmaté cet accès, et avons commencé à travailler avec les autorités et avec des experts en sécurité afin de statuer sur ce qui s’est passé. [...] A l’heure actuelle, nous n’avons aucune preuve que des informations financières telles que des données de cartes de crédit, des adresses de facturation ou des noms ont été compromis. [...] How “The Angel” helped 15,000 people steal broadband. NASA 2011: hacked 13 times, highlights security failures?

Microsoft Emergency Bulletin: Unauthorized Certificate used in "Flame" The Pirate Bay Dancing for Firefox Bypasses National IP and DNS Blocks.

Cybercriminalité

“cybercriminality” on SlideShare. Cybercriminalité : Paris, quatrième ville la plus exposée - Informatique - Bureautique. You will be billed $90,000 for this call: Mikko Hypponen (F-Secure) on Dialers, telephone fraud, mobile malware. Les pirates, ces grands dépressifs ? 7 Habits of Highly Effective Hackers: Using twitter to build password cracking wordlist. Le Pentagone se défend contre les cyberattaques - Aéronautique - Défense - Construction navale. Hackers politely deface security firm website, suggest fixes. L’ONU piraté. HackerLeaks. HackerLeaks. Anonymous & Lulz Security Statement.

US Military System Design Badly Compromised in March Cyber Attack? $250,000 for Information on Rustock Botnet Creators. Washington Post's Jobs Section Hacked; 1.27 Million User IDs and E-mail Addresses Taken. Fin de Facebook le 5 novembre par Anonymous. What Does it Cost to Change the World? L’attaque de l’année ! Adrian Lamo. Google Will Eat Itself. Le créateur du mod Cyanogen rejoint Samsung. MI6 hackers replace al Qaeda bomb recipes with pirated cake recipes. La publicité Wikileaks qui déchire.