Got a call from Facebook 574 ???? ( Must Read )

Hey Folks,
Today i was reading a post at which was about any call from facebook.
According to that post a guy recieved a call from Facebook. his friend asked him what they said ? He said "nothing just simple questionnaire". next day his email account hacked  .

This was quite interesting for my friend, he googled it, and came across an latest news that YES, this is true that social networking giant FACBOOK is making “huge effort” to weed out fake profiles in India. Their intention is to prevent misuse of such identities, so if you got a call from Facebook, take it very seriously.

So, “you may get call from Facebook if profile identity is suspect”.

**Contrary: A Hacker / Brats may prank someone, showing that they are from Facebook and might ask your sensitive details. So be aware, that if you get such call don’t ever disclose your Password and security questions.

                                                                                  !! Be aware, be secure !!
Courtesy:HANS

PhpMyAdmin Exploit (Hack Website using database Directly)

Hey Foks,

There is a new Google dork by using it  you can bypass username and password and edit the database information_schema. and offcoarse steal useful information such as Admin password ;) ..

so here it is ..

Google Dork:

"allinurl:index.php?db=information_schema"

U'll get too many results.. so start now and keep hacking :D

Note: m not gonna responsible for any Illegal activity. do it at ur own risk .this post is just for Spread Knowledge.. :)

All terry Jones Websites against "Islam" Taken down by (THA Disaster) !!!

All Terry Jones Against taken down by THA. Message by THA Hackers :

Islam is The religion of peace and non other is their for whom muslim ummah can sacrifice .we will take down other USA server if it needs and and we all muslim hackers are at a ssingle forum at this moment and maybe USA gonna face a big destruction.Allah Hu Akbar(Allah is great)Muhammand dur Rasoullah(and muhammand SAW is last prophet of Allah no other power.

Taken Down websites :
www.standupamericanow.org
www.doveworld.org
www.warriorsofchristchurch.com

30+ Websites Hacked by Phoenix 64 and D1617 64 ||||

1. 
   
   Hey folks,
   30+ websites hacked by Phoenix 64 and D1617 64
   here are the sites
   http://www.completeseotips.com/
2. http://zone-hc.com/archive/mirror/a32b38f_completeseotips.com_mirror_.html
3.  
4. http://www.chenaochena.com/
5. http://zone-hc.com/archive/mirror/f1b4cda_chenaochena.com_mirror_.html
6.  
7. http://www.dataentryhq.com/
8. http://zone-hc.com/archive/mirror/c97c21c_dataentryhq.com_mirror_.html
9.  
10. http://www.hostingexpertsbd.com/
11. http://zone-hc.com/archive/mirror/f71fa28_hostingexpertsbd.com_mirror_.html
12.  
13. http://www.exportershq.com/
14. http://hack-db.com/38592.html
15.  
16. http://www.hrohq.com/
17. http://hack-db.com/38567.html
18.  
19. http://www.iteshq.com/
20. http://hack-db.com/38568.html
21.  
22. http://www.bsccmjournal.org/
23. http://hack-db.com/38570.html
24.  
25. http://www.greenbudnursery.com/
26. http://hack-db.com/38569.html
27.  
28. http://khanvspetersonlive.us/
29. http://hack-db.com/38571.html
30.  
31. http://www.nuraintradeint.com/
32. http://hack-db.com/38572.html
33.  
34. http://livenews24.net/
35. http://hack-db.com/38573.html
36.  
37. http://www.defensepurchasehq.com/
38. http://hack-db.com/38574.html
39.  
40. http://www.recruitershq.com/
41. http://hack-db.com/38575.html
42.  
43. http://pacquiaobradleyfight.us/
44. http://hack-db.com/38576.html
45.  
46. http://www.sahfbd.com/
47. http://hack-db.com/38577.html
48.  
49. http://www.savetheparents.info/
50. http://hack-db.com/38578.html
51.  
52. http://www.seo-promoter.com/
53. http://hack-db.com/38590.html
54.  
55. http://www.softitbd.com/
56. http://hack-db.com/38579.html
57.  
58. http://www.allinfobd.com/
59. http://hack-db.com/38580.html
60.  
61. http://www.asianglobalbd.net/
62. http://hack-db.com/38581.html
63.  
64.  
65.  
66. 2days ago--- >
67.  
68. http://www.cargohq.com/
69. http://www.hack-mirror.com/21228.html
70.  
71. http://so-surgical.com/
72. http://www.hack-mirror.com/21231.html
73.  
74. http://hostingexpertsbd.com/
75. http://www.hack-mirror.com/21233.html
76.  
77. http://rangpurshibir.com/
78. http://www.hack-mirror.com/21234.html
79.  
80.  
81. http://khanvspetersonlive.us/
82. http://www.hack-mirror.com/21242.html
83.  
84. http://dailybhuluya.com/
85. http://www.hack-mirror.com/21243.html
86.  
87. http://completeseotips.com/
88. http://hack-db.com/37330.html
89.  
90. http://birdemccm.org/
91. http://hack-db.com/37354.html
92.  
93. http://apparelshq.com/
94. http://hack-db.com/37355.html
95.  
96. http://avionicshq.com/
97. http://hack-db.com/37356.html
98.  
99. http://advertisingbd.com/
100. http://hack-db.com/37357.html
101.  
102.  
103. http://blsfcpr.org/
104. http://hack-db.com/37358.html
105.  
106. http://bsccm.net/
107. http://hack-db.com/37359.html

Ankit Fadia Hacked once again by Ganster... :D ||

Hey Folks..

Ankit Fadia one of the famous hacker of India Hacked once againn by Ganster :D
here are the proofs :
http://www.ankitfadia.in
http://pastebin.com/xKxEWn9m

Latest Java-generated Trojan vulnerability Rodricter

Company FireEye reported the discovery of a critical vulnerability in the Java Runtime Environment version 1.7x, which received the designation CVE-2012-4681. Oracle has released a patch on security only on August 30, and, therefore, the vulnerability remained unclosed for at least four days than not long exploited. The specialists of "Doctor Web" found that using this exploit spread more malware, including Trojan was discovered Trojan.Rodricter.

In order to spread malware attackers used a hacked web sites, which, in particular, modify files. htaccess. At the time of referral to a Web site that contains an embedded malicious malicious script runs a chain of redirects, the address of the end node of which depends on your computer's operating system user. Windows users redirected to a Web page that contains calls to various exploits. It is noteworthy that the server addresses, which were transferred to users, dynamically generated, and change every hour.

Downloaded into the user's browser the web page immediately exploited two vulnerabilities: CVE-2012-1723 and CVE-2012-4681. Used by cybercriminals exploit depends on the version of Java Runtime: for version 7.05 and 7.06 bypass security came with vulnerability CVE-2012-4681. If the application of vulnerability was a success, Java-applet decrypts the file class, the main purpose of which - download and run the executable.

Trojan.Rodricter.21 Trojan uses rootkit technology and consists of several components. So, run on the infected computer, the malware dropper checks in the system and antivirus software debuggers, and then tries to increase its privileges: for this, in particular, may be vulnerable OS. On computers that use User Account Control, the Trojan disables UAC. Further action algorithm Trojan.Rodricter.21 depends on what rights he has in the infected system. Trojan saves to disk the main component, and if he's got enough for this privilege, infects one of the standard Windows drivers in order to hide the main unit on the affected system.

Thus, Trojan.Rodricter.21 well be classified as Trojans rootkits. Among other things, the malware is able to change the settings of browsers Microsoft Internet Explorer and Mozilla Firefox, for example, in the last Trojan installs a folder \ searchplugins \ additional plug-search engine, and replaces User-Agent and configure the default search engine. The result sent to the user queries are given http://findgala.com/?&uid =% d && q = {search term}, where% d - the unique identifier of the Trojan. Trojan.Rodricter.21 also modifies the contents of the file hosts, prescribing where the attacker addresses of websites.

The main module Trojan.Rodricter.21 saved as an executable file in the temporary folder, it is intended to spoof the user traffic and the introduction into it of any content.
Source:xakepy.cc

GOOGLE bought VirusTOTAL ||

Hey Guyzz....
Google acquired the Spanish software developer VirusTotal, which offers free online tools to analyze files and hyperlinks to detect viruses, worms, Trojans and other types of malware. The transaction amount was not disclosed, but VirusTotal said that even after the closing of the transaction, will continue to be based in Spain, and will continue to develop the previously initiated.

In a brief blog post VirusTotal said that the deal with Google will allow their company to get more resources and allow third parties to continue to work on developing their own solutions, built on the engine VirusTotal. The report made ​​no mention of plans to integrate Google products and VirusTotal.

"VirusTotal will continue to operate as a standalone unit, to develop our partnership with other antivirus companies and security experts. For us to deal with Google - is a big step in our own evolution. Google has its own extensive expertise in the development of security products, which we will also be useful "- said in VirusTotal.
http://www.onlinedisk.ru/cache/2e545ed9d54e02de52a6440322a359ec

Source:RussianHackNews

Hindustan Times Hacked by Silent Hacker

Hey Guyzz..
Hindustan Times one of the Leading news potal of India Hacked and Defaced by Silent hacker here are the Proof.. Its having XSS+Sqli vulnerability .

Vulnerable Link : /// not given for security reasons
and here are the name of dumped tables :

Total Databases :- 48
Database List :- Current DB:   HTSpecials
    master
    tempdb
    model
    msdb
    MSCS_Admin
    HTSite_marketing
    HTSite_marketing_lists
    HTSite_productcatalog
    HTSite_profiles
    HTSite_transactionconfig
    HTSite_transactions
    MSCS_CatalogScratch
    HTInteractives
    StumpVisionLive-Old
    HTBlogs
    HTSpecials
    htmessageboard
    HTDB
    HTSite_Rel3
    aspnetdb
    distributionFor more go to 


http://pastie.org/4579610

"Hzine - IT Security / Hacking Magazine" Calling For Papers/Articles for its Very first Edition

Hey Guyzz...
one of the famous Indian Hacking Website Launching its first Hacking magazine.
so they are calling for the papers . Theme of the paper/Articles is "OPERATING SYSTEM".
and the Topics are... 
1. Penetration testing / Hacking
2. Forensics 
3. Malware 
4. Exploit Development
5. Embedded, Mobile OS
6. OS Configs and Defenses
7. Offensive or Defensive Programming
8. About OS Tools, any specific OS articles
9. Troubleshooting any security issue
10. Any other OS related quality articles are also welcome

And requirements to consider for article submission :
    1. It will be a free Magazine
    2. It has to be your own work, research
    3. It has to be in ENGLISH only
    4. As we are not gaining any money from it, so don't expect from us to give you
    5. Send articles in document format only (doc, docx, odt)
    6. articles has to be with if any needed reference.

For Article submission Contact :
1. Site contact page   
2. Facebook  
3. Twitter

Proxy servers have begun to impose visitors Software ...

Hey Guyzz...
Due to the fact that the courts of some countries have forced local providers to block Pirate Bay, hundreds of thousands of users now use the services of a proxy server to gain access to your favorite tracker. But four days ago, some of the most popular proxy servers have started to do that is unclear, making visitors agree to install some software before downloading torrents. Administration of The Pirate Bay dissatisfied with such a move and threatened to take retaliatory action.
In recent months, the proxy servers that provide access to Pirate Bay, have become extremely popular.
A list of more than hundreds of proxies kept up to date on the PirateReverse, but four days ago, some of the most popular proxy servers started to do some amazing things.
Piratereverse.info, Livepirate.com Getpirate.com and became one of the sites that make users install on their computers crapware (pre-trial applications - approx. Trans.). Visitors who have come to the site, can not click on the link to download, install the toolbar until SnappyDee.
As you can see in the image of the installation, you can refuse, but when I try to do it, just a pop-up window is loaded again.
During the installation of this toolbar is usually supposed reward of up to $ 1, so that the imposition of SnappyDee visitors can be quite lucrative. If we assume that thousands of people have agreed to install the software, then the owners of the proxy server in question, have earned a good idea this weekend.

Needless to say, the administration of The Pirate Bay are not satisfied with this development - it announced its intention to close these proxy servers, if they continue to force users to install crapware. In the meantime, The Pirate Bay advises users not to install the software and imposed use alternative proxies, such as belonging to the Pirate Party of Great Britain.

Microsoft will award the prize of 250,000$ for new opportunities

Hey Frenzz ...

Microsoft announced the winners of BlueHat Prize, Award, established last year in order to facilitate the development of new capabilities to mitigate and prevent exploits. The main prize, $ 250 000 was awarded to a developer for Vassilis Pappas kBouncer, the concept of offering effective protection against attacks using back-Oriented Programming (ROP).

The main problem in detecting attacks that use ROP, is that they are legitimate utilize existing pieces of code that makes it necessary to analyze the context in which code is used. kBouncer uses the commercial processors Intel LBR for verification of critical system functions. Since LBR is a function of the hardware processor, kBouncer, is said to have no effect on system performance.
The concept of Ivan Fratrika ROPGuard took second place and provides five additional checks when you call the important functions of the system. The concept is designed to verify that the function was called through CALL, and not, for example, the closure of RET at the end of «ROP-gadget."

The source of cyber attacks on banks - the "built-in vulnerability of computers"

Hey Frenzz,,,
Failure to comply with safety requirements is not the primary cause of cyber attacks on banks, said the Head of Information Security Department of Radio Engineering and Cybernetics, MIPT, Ph.D. Valery Konyavsky during a roundtable on "Remote banking services in the sights of cybercrime", organized by IBC "Research without Borders" . According to him, the source of cyber attacks lies in the "built-in security vulnerability."

He explained that the essence of computers vulnerable to the actions of cyberhawks reduced to the principle of "who is first come, and sneakers." Each time you turn on or off the computer in addition to the basic processes are activated and latent viruses of different programs through which bank customers can fall victim to scams.

"Get rid of the vulnerability of computers both banks and their customers is almost impossible. All of our current protection - an imitation of protection "- says Konyavsky.

According to experts, today is better protected from all cyberhawks and attack the Russian Central Bank, which has a reliable computer system. For commercial banks, as suggested by the expert, the creation of a similar system is possible, but it is expensive and not all bank customers will be able to afford to be connected to it.

Already there is a system code-named "March" through it, users can get a trusted communication session, said Konyavsky. This system works with a simple USB-modem, which allows the client to work with the bank only when it is needed. Thus, the expert said, the mechanisms of creating a safe banking information system already exists, but how to make them available there.

PS: Read the "Go!" Can be like here nbj.ru/publs/banki-i-biznes/2011/09/05/organizatsija-bezopasnogo-dbo-na-osnove-sods-marsh/index.html

Hacker service offering cheap domain names ..

Hey frennzz..
Gud News to those who were thinking to purchase a domain.
According to an expert Brian Krebs, in the hacker world is now a special service called DoItQuick, which generates random domain names according to the user's request.

The service provides up to 15 domains at once. If the user does not specify the necessary parameters to it, the names are selected randomly in different domain areas.

DoItQuick can register domains of two different levels: the "white list" of domains that can operate up to a year, and the "black list" of addresses that can be active from 2 to 30 days.

According to Krebs, this service has become a godsend for kiberperstupnikov who use fake domain addresses during phishing attacks and spam organization. The creators of the resource offers a quick and relatively cheap registration address in different domain areas, payment of which can be produced with the help of online-service Webmoney, and are checking addresses to get into the "black list" of Internet resources, and tracking service Spamhaus.

As the researcher has generated a resource for him five different domain names with the "black list" at its request in the blast zone. Org for only $ 5 each. The names were formed from randomly selected combinations of two or three words, prescribed together.

Krebs also noted that the administration refuses to DoItQuick guarantee the registration of the domain of the "white list" if the customer intends to use it to host exploits, vulnerabilities, or other malicious content. In addition, the registration of a domain from the "white list" will cost the customer more nearly in half.

"Domains of the" white list "function for a year as long as the prepayment. They are intended for legitimate activities, there are no viruses or other illegal things "- quoted an expert message creators DoItQuick.

Hackers have posted on the Internet 8 million e-mail addresses and passwords

Hey Guyzz ...

Hackers have published in open access more than 8 million user accounts, site Gamigo. This archive includes usernames, passwords and email addresses.

Erez four months after the gaming service announced Gamigo hacker hacking and theft of user data on the web have been published more than 8 million logins, passwords and email addresses of users of this site.

Reported service PwnedList, tracking leaks of personal data. The database in the amount of $ polgigabayta with stolen user data has been published online by hackers InsidePro earlier in July 2012, where it remained available for download to all comers last week.

It should be noted that the passwords of the accounts on Gamigo stolen by hackers in the archive was encrypted, then as logins and email addresses can be accessed by anyone.

"This is the biggest leak I've ever encountered. When did he break-in, users' personal data were not included in the free access, so it did not cause great concern. Now, were compromised by more than 8 million e-mail address and password that will be an interesting discovery for many hackers, "- said Steve Thomas (SteveThomas), creator of the service PwnedList. Gamigo users have the ability to check whether they got an account and mailing address in stolen by hackers database online PwnedList.

According to experts, despite the fact that the passwords from the database Gamigo were published in an encrypted form, they should still be compromised. Many members of this forum InsidePro, which was published this information, reported that they were able to decipher most of the passwords.

Gamigo is a free gaming service, which is owned by German publishing company AxelSpringerAG. In March this year when it became known about the leak, the site has forced all of its users to change passwords on their accounts. Because of this, one could argue that using a stolen database hackers can no longer gain access to the accounts of users on the site Gamigo.

However, taking into account the fact that often users use the same password for many sites and services, with the help of this information, attackers may be able to access some of the other accounts of those whose data was stolen.

According PwnedList, including addresses in the archive is stolen more than three million email accounts registered in the U.S. services Hotmail, Gmail and Yahoo!, approximately 2.4 million mailboxes on the German sites, and about 1.3 million French accounts.

Free way to Purchase content in Games for iOS device....

Hey guyzz...
A russian programmer Alexey Borodin, acting on the Web under the name ZonD80, found a way to cheat the mechanism of internal purchases ("In App Purchase") in applications for iOS.

To perform a "buy", you are prompted to install the certificate on the iPhone two and change the settings DNS, and then go to the application and make a purchase without paying. To carry out the operation is not required to carry out the procedure on the device "jailbreaking."

9to5Mac points out that the method does not work in all applications. Also, when buying a server to the developers of the method are sent to the data on your device and application. The proposed method of obtaining ZonD80 content is illegal and contrary to the rules of the store App Store. Purchase "inside" applications allow users to obtain additional content without having to reinstall the program. That content can be, for example, the new issue of the magazine or newspaper, game currency, or addition to the game.

Chinese Researchers Devoloped a new "ENCRYPTION" System ..

Hey frenzz...

A team of researchers from China, lead by Professor Chzhuang Huanguo (Zhuang Huanguo) has developed a new encryption system.
Until now, cryptographic systems were designed in such a way that the encryption and decryption of data were performed by using fixed algorithms and random keys change.
The new encryption system is based on changing algorithms, which are periodically replaced with stronger ones.
"Basically, security encryption systems depends on some fundamental cryptographic components. Thus, in order to prevent attacks on the cryptographic system as a whole, you must use the appropriate components. Linear and differential cryptanalysis to date have been widely used in conducting cyber attacks on block ciphers. They are used as tools to assess the safety codes. In the past two decades, the hackers have achieved good results using this technique, the most significant of which are multi-dimensional extension of the original cryptanalysis "- the report says.
The researchers conducted a comparative test developed by a team of Huanguo block cipher with a multivariate linear and differential cryptanalysis. Based on a comparison of two types of cryptanalysis, it was noted that the new encryption system is more secure than those known to date cryptographic mechanisms.