Sunday, 24 April 2011

Facebook hacker posts stolen pics on porn site !


Facebook hacker posts stolen pics on porn site !
A 26-year-old man faces 13 felony charges after being accused of hacking into Facebook accounts, stealing photos of young women and posting them on porn sites, reports the Kansas City Star.
Along with content belonging to the 13 young women (ages 17 to 25), Timothy P. Noirjean is accused of victimizing, investigators found 92 folders on his computer containing names or photos of women, as well as 235 email addresses with security information. Noirjean confessed to accessing more than 100 Facebook accounts, and told police he was unaware that it's a crime.
The shocking thing here isn't that there are predators on the Internet, that Noirjean claims ignorance of the law, that police arrested Noirjean in his parents' basement (which, according to the report, they totally did) or that young ladies of today have porn-worthy photos of themselves in unencrypted files on their computers. It's that Noirjean carried out his crimes largely with the unwitting help of his victims:

According to the complaint, a 20-year-old woman from Oakdale told police in February 2010 that someone had accessed her personal information after pretending to be a friend through Facebook. The woman said she was exchanging instant messages with somebody she thought was her friend. The woman was logged off her Facebook account while messaging, but when she tried to log in, she was told her password had been changed.
The next day, the woman was able to access her Facebook page. But in a link to a website on a message from the woman she thought was her friend, she discovered a sexually explicit website, the complaint said.
There, she found three photos of herself that had been stored in her e-mail account. Her first and last names and city of residence also were listed.


Noirjean told police he initiated contact with the victims after obtaining their email addresses from their Facebook accounts. (Note: Facebook privacy settings allow users to hide their email addresses from some or all Facebook users, but it is not the default setting.) He then friended the women on Facebook, where he persuaded the victims to share answers to the security questions used for changing a password.

Any security expert will tell you we are a people largely given to ignoring (but still complaining about) our privacy settings, friending anyone on Facebook who asks, and we are notoriously unimaginative with our passwords.

While the report doesn't specify how Noirjean got the women to spill the answers to their security questions, one might speculate he found ways to work mom's maiden name, first pet and the street the victim grew up on into the conversation.

Once Noirjean used the security answers to get a new password to the account, his grift got easier. He could log on as the victim and IM her friends. The woman who filed the original report told police "she unwittingly disclosed the information while exchanging messages with the person she thought was her friend," reports the Star. "When investigators questioned the friend, she said that passwords to her Facebook and e-mail accounts had been changed without her knowledge the previous day."

If this sounds familiar, it's because Noirjean's M.O. has a lot in common with that of George Samuel Bronk, 23, of Citrus Heights, Calif. who faces six years in prison after he was arrested for hacking hundreds of women's e-mail accounts, using their personal information to commit identity theft and obtaining nude photos of the victims. He is also required to register as a sex offender.

So what did we learn?
If the lesson you come away with here is "Dang! It sure is easy to get into someone's computer," hopefully you won't use this new-found knowledge for your own nefarious purpose.

If you're basically good, take this as a big fat example why Internet privacy is such a hot-button issue. It's not the only reason, but it's a big one. The more a scammer knows about you, the easier it is to rip you off. If you think you're smarter than the victims here, consider that scammers can use your personal information to figure out your passwords and other info without even contacting you.

At the very least, lock down your Facebook account, and double check to make sure you did it right. And if your IMing bestie starts querying about what name your mom went by when she met her first husband, for cryin' out loud, be at least a little suspicious.

FBI tracking hackers who targeting vanessa Hudgens and other celebs !


The Federal Bureau of Investigation (FBI) is reportedly investigating a hacker ring that is targeting phones and computers of celebrities and stealing nude photos and other personal items.


The probe stems from nude photos of Vanessa Hudgens that were recently leaked online, reports the New York Daily News. 

According to TMZ.com, the federal investigators met Hudgens Wednesday to discuss her latest nude photo scandal and believe she might be the latest victim of a notorious hacker crew that has targeted scores of celebrities, including Scarlett Johansson, Ali Larter, Busy Philipps and Miley Cyrus.

A source told the website that one ringleader had fingerprints on every job and the primary motivation appeared to be the thrill and challenge - not money.

The new round of Hudgens' photos surfaced on the Internet Monday after similar full-frontal nudes appeared online in 2007 and 2009.

Hudgens, 22, is seen kissing 'Zoey 101' actress Alexa Nikolas in one of the new photos.

"Vanessa is deeply upset and angered that these old photos, which were taken years ago, continue to resurface," Hudgens' lawyer Christopher Wong said in a statement.

"It is particularly disturbing that whoever got hold of these private photos seems to be intent on illegally leaking them out over a long period of time," he said. 

"We are actively working with law enforcement to determine who is responsible and hold them accountable for their actions," he added.

The alleged raiding of her gmail account comes as the 'High School Musical' star prepares her return to the big screen in her new film 'Sucker Punch'.

Tor 0.2.1.30 is released, Download Now



Tor 0.2.1.30 fixes a variety of less critical bugs. The main other change is a slight tweak to Tor's TLS handshake that makes relays and bridges that run this new version reachable from Iran again. We don't expect this tweak will win the arms race long-term, but it buys us time until we roll out a better solution.


Complete Release description : Click Here

Infondlinux - Security tools install script for Ubuntu !


Infondlinux - Security tools install script for Ubuntu !

infondlinux is a post configuration script for Ubuntu Linux. It installs useful security tools and firefox addons. Tools installed by script are listed at the beginning of source code.

# download:
$ wget

# install:
$ sudo infondlinux.sh

Pakages :

# debian packages
# - imagemagick
# - vim 
# - less 
# - gimp
# - build-essential 
# - wipe 
# - xchat 
# - pidgin 
# - vlc 
# - nautilus-open-terminal
# - nmap
# - zenmap
# - sun-java6-plugin et jre et jdk
# - bluefish
# - flash-plugin-nonfree
# - aircrack-ng
# - wireshark
# - ruby
# - ascii
# - webhttrack
# - socat
# - nasm
# - w3af
# - subversion
# - wireshark
# - mercurial
# - libopenssl-ruby
# - ruby-gnome2
# - traceroute
# - filezilla
# - gnupg
# - rubygems
# - php5
# - libapache2-mod-php5
# - mysql-server 
# - php5-mysql
# - phpmyadmin
# - extract
# - p0f
# - spikeproxy
# - ettercap
# - dsniff :
# * arpspoof - Send out unrequested (and possibly forged) arp replies.
# * dnsspoof - forge replies to arbitrary DNS address / pointer queries on the Local Area Network.
# * dsniff - password sniffer for several protocols.
# * filesnarf - saves selected files sniffed from NFS traffic.
# * macof - flood the local network with random MAC addresses.
# * mailsnarf - sniffs mail on the LAN and stores it in mbox format.
# * msgsnarf - record selected messages from different Instant Messengers.
# * sshmitm - SSH monkey-in-the-middle. proxies and sniffs SSH traffic.
# * sshow - SSH traffic analyser.
# * tcpkill - kills specified in-progress TCP connections.
# * tcpnice - slow down specified TCP connections via “active” traffic shaping.
# * urlsnarf - output selected URLs sniffed from HTTP traffic in CLF.
# * webmitm - HTTP / HTTPS monkey-in-the-middle. transparently proxies.
# * webspy - sends URLs sniffed from a client to your local browser
# - unrar
# - torsocks
# - secure-delete
# - nautilus-gksu
# - sqlmap
# - john the ripper

# third party packages
# - tor
# - tor-geoipdb
# - virtualbox 4.0
# - google-chrome-stable

# manually downloaded softwares and version
# - DirBuster (1.0RC1)
# - truecrypt (7.0a)
# - metasploit framework (3.6)
# - webscarab (latest)
# - burp suite (1.3.03)
# - parosproxy (3.2.13)
# - jmeter (2.4)
# - rips (0.35)
# - origami-pdf (latest)
# - pdfid.py (0.0.11)
# - pdf-parser.pym (0.3.7)
# - fierce (latest)
# - wifite (latest)
# - pyloris (3.2)
# - skipfish (1.86 beta)
# - hydra (6.2)
# - Maltego (3.0)
# - set
# - volatilty (1.3 beta)

# home made scripts
# - hextoasm
# - md5crack.py (written by Corbiero)
# - chartoascii.py
# - asciitochar.py
# - rsa.py

# firefox extensions
# - livehttpheaders 
# - firebug 
# - tamperdata 
# - noscript 
# - flashblock 
# - flashgot 
# - foxyproxy
# - certificatepatrol
# - chickenfoot 1.0.7