Thousands caught out in Twitter scam

Tens of thousands of Twitter users, including at least two government ministers, have been caught out in an internet scam.

Online security experts warn social networking sites are being hit by ‘phishing’ scams, which can be used to steal internet users’ identities.

The latest victims include Energy Secretary Ed Miliband and Women and Equality Minister and Leader of the Commons Harriet Harman, who have both had automated fake messages sent from their accounts to Twitter followers.

In Mr Miliband’s case a tweet was sent which read ‘hey, i’ve been having better sex and longer with this here’, with a link directing people to a website selling herbal viagra.

Other malicious links direct users to pages where Tweeters are conned into giving away passwords and login details.

Graham Cluley, an internet security expert, advised anyone who was caught out to change their password and delete connections they do not recognise.

“A third of users are playing Russian Roulette with their identity by having the same password on every site they access,” he said. “If Mr Miliband made that kind of mistake, he has potentially opened up his email, eBay, PayPal and Amazon account... basically, his entire online life handed to hackers.”

Mr Cluley advised politicians to take the lead in online security, saying: “They should be setting an example for the rest of us. Too many of them are being a little bit lackadaisical.

“But what’s happened over the last week is not just for MPs, everyone on Twitter is at risk of receiving these messages, which can be quite convincing.”

Twitter bosses wrote on their blog: “Over the past few days, we’ve seen an increase in phishing attempts and are working on resetting passwords for accounts that were affected.”

If you like this post and want us to post similar articles, Pls give us a feedback and leave a comment here

read more "Thousands caught out in Twitter scam"

6000 Cheats & 10000 CD keys for various games: Download for free

* Found link while googling. I have not uploaded these files. PLS REPORT ANY BROKEN LINK on [email protected] OR leave a comment here *

DOWNLOAD HERE

If you like this post and want us to post similar articles, Pls give us a feedback and leave a comment here

read more "6000 Cheats & 10000 CD keys for various games: Download for free"

How to Hide IP Address: Download IP Anonymous Surfing Tool 16in1 2009 Absolutely Free

• 01 #1 Anonymous Proxy List Verifier 1.1
• 02 Anonimity 4 Proxy 2.8
• 03 Charon 0.6
• 04 Get Anonymous 2.1
• 05 Ghost Surf Platinum 2007
• 06 Hide ip Platinum 3.42
• 07 Hide The Ip 2.1.1
• 08 Invisible Browsing 5
• 09 IP Switcher Professional 1.01.12.0
• 10 Multi Proxy v1.2
• 11 Net Conceal Anonymity Shield 5.2.059.02
• 12 Proxy Switcher Standard 3.7.2.3913
• 13 Proxy grab 0.6
• 14 proxy way extra v3.2
• 15 Smart Proxy Helper 1.5
• 16 Steganos Internet Anonym 2006 v8.0.1

DOWNLOAD HERE

If you like this post and want us to post similar articles, Pls give us a feedback and leave a comment here

read more "How to Hide IP Address: Download IP Anonymous Surfing Tool 16in1 2009 Absolutely Free"

Watch TV on the internet with Readon TV Movie Radio Player. Channel from all over the world

THE COMPLETE ENTERTAINMENT SOLUTION FOR THE PC!

The program Readon TV Movie Radio Player allows you to listen to radio , watch TV broadcasts and access to latest movies on the internet. All you need is a Windows PC and and Internet connection. There is no need for a PC TV card because the TV channels are streamed through your internet connection. This is probably the best and yet free internet TV and radio you can get:

• Thousands of TV and Radio channels.
• Latest movies!
• Live sports!
• A rich variety of TV channels including movies, kids, news, general TV, music videos, etc.
• A rich variety of Radio channels including pop, jazz, classical etc.
• Able to record music from radio and MTV channels into MP3 files so that you can enjoy them
• Record your favourite TV shows into asf video format.
• Adult video search engines (thousands of videos).
• Flash games search engine (thousands of games).
• Movie search engine (thousands of movies)
• Include ShoutCast, SopCast, TVU Player and Youtube.
• Able to set password to prevent viewing of objectionable contents.
• Automatic updating of channel lists.

FREE! And Much more!

DOWNLOAD HERE

DOWNLOAD WINDOWS 7 EDITION

If you like this post and want us to post similar articles, Pls give us a feedback and leave a comment here

read more "Watch TV on the internet with Readon TV Movie Radio Player. Channel from all over the world"

What is HackerWatch & What is Anti-Hacker Community ????

HackerWatch is an online community where Internet users can report and share information to block and identify security threats and unwanted traffic.

With 2,000 malicious threats emerging each month, Internet users must continue to employ proven methods to safeguard vital information. Although firewall software is essential, HackerWatch is unique in its mix of community participation and proven technology: by analyzing corporate and individually-submitted data, HackerWatch reveals meaningful patterns of attacks, hacking attempts, and disruptions. Once a pattern is mapped, the appropriate authorities and ISP carriers can be notified.

HackerWatch delivers a truly proactive and direct approach to Internet security protection.

How does HackerWatch improve Internet security?

HackerWatch allows individual users to pool information to prevent hacking attempts, intrusion, and unwanted traffic. By combining data from thousands of nodes, Internet traffic such as that produced by automated tools that scan for vulnerable machines can be identified. As a result, the appropriate ISP can be notified and, in turn, remove the offender’s Internet access, which serves to reduce attacks worldwide.

Can HackerWatch identify hackers?

HackerWatch reduces hacking and intrusion by identifying the computers which instigate this activity. As HackerWatch expands, more sources and patterns will be identified. HackerWatch has proven very effective in locating compromised computers and servers. For example, Cheap Servers that have been infected with an Internet worm are frequently identified and the owner subsequently informed. Such action helps lower overall infection rates.

How can I submit data to HackerWatch?

HackerWatch is integrated with McAfee Personal Firewall.

Can I submit an entire log?

Not yet. In the near future, however, automatic event submission will be available through McAfee Personal Firewall.

Why does HackerWatch reject duplicate events with the same IP, port, and time?

Submitting multiple identical events is not beneficial when calculating a pattern of data. In the near future, McAfee Personal Firewall will simplify the event submission process and eliminate this message when you attempt to submit duplicate events.

CLICK HERE for World Internet Traffic Map

If you like this post and want us to post similar articles, Pls give us a feedback and leave a comment here

read more "What is HackerWatch & What is Anti-Hacker Community ????"

2X Software discovers Windows crash vulnerability

Virtual computing expert 2X Software has identified one of the biggest security vulnerabilities in the Windows OS for many years.

Any PCs and servers running anything from the latest Windows 7/Server 2008 versions down to Windows 2000/Server 2003 are affected – they can be crashed just by running some simple code giving major implications for Denial of Service attacks.

Microsoft has already been informed.

This means tens of millions of home and business PCs and servers across the globe are potentially at risk.

One of 2X Software’s bespoke testing tools uncovered the critical error in the Windows operating system resulting in a blue screen and system reboot.

Testing this 10-year old bug showed that the following operating systems are all affected: Windows 2000, Windows XP (and XP Embedded), Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2.

The code needed to crash the system is very easy to develop and perfectly legal, with no ‘tricks’ or unusual techniques being required.

With just a few lines of code an application can be created that will crash the whole Windows system.

This flaw can be easily used inside malicious applications to generate a Denial of Service attack.

The problem can be easily corrected within the OS code by validating the arguments passed to the API.

Paul Gafa, CTO of 2X Software, says: “This is a major problem with potentially tens of millions of devices at risk. Such a vulnerability leaves users open to Denial of Service attacks which can be devastating – imagine your company servers and PCs being restarted remotely every few minutes.

“As it affects all the latest versions of the operating system, I expect Microsoft to patch it very quickly. They have already been informed.”

As the crash vulnerability needs some code to run, users are at risk when running an application, script, or active x control.

As with all malicious code, the best way to avoid problems is not to run any applications from unknown sources, avoid websites of unreliable content, configure your web browser to the safest settings, and arm yourself with an updating virus scanner.

Businesses running Thin Client architecture that use other operating systems, such as 2X, are unaffected.

However, the Windows-based server side will have the same crash vulnerability (i.e. terminal server or VDI guest operating system).

The vulnerability appears to have been introduced during the development of the Windows 2000 Operating System (as Windows NT 4.0 is unaffected) and so is around 10 years old.

It is also present on 64-bit versions of the Operating System (having tested Windows 2008).

Configuring the user as a limited one without administrator rights has no effect and the problem still persists.

As per the screenshot, the crash occurs in the win32k.sys module.

Server-based Computing and Virtual Desktop Infrastructure inherently provide a more secure environment for enterprises.

Running hosted applications and desktops, with the necessary administrative precautions in place, will result in such attacks being less harmful as the local OS is not located where the application is running (and where the data is stored).

Furthermore, such centralised environments are less likely to suffer from attacks where trojans are used, as servers are normally closely monitored.

SOURCE: http://www.securitywatch.co.uk

read more "2X Software discovers Windows crash vulnerability"

Facebook bug: Facebook users receiving hundreds of e-mail messages

A bug in its software resulted in some Facebook users receiving hundreds of e-mail messages meant for other users the social networking site said Friday.

“During our regular code push early Wednesday evening, a bug caused some misrouting to a small number of users for a short period of time,” a Facebook spokeswoman said in a statement.

Receiving emails from about 100 starting around 8:30pm on Wednesday and was later temporarily unable to access his Facebook account. Facebook removed all but two of the messages; however, many had already been forward to a third-party email account, where they could not be deleted.

The company said that its engineers diagnosed the problems “moments after it began” and have since resolved the problem. Facebook would not say how many users were affected.

The embarrassing gaffe is not the first time that company has sent private information to others. In March 2008, a bug in the Facebook software made it possible for people to publicly view photos that members had designated as private.

read more "Facebook bug: Facebook users receiving hundreds of e-mail messages"

Ed Miliband’s Hacked Account Sends Sex Tweets

Obscene hacked tweets, apparently from MPs Ed Miliband and Harriet Harman, should be a warning for all of us to be more careful online, say security experts

Cabinet minister Ed Miliband and Leader of the Commons Harriet Harman have fallen victim to Twitter phishing, with Miliband’s followers getting spam promising better sexual performance.

“Hhey, i’ve been having better sex and longer with this here”, said Miliband’s hacked Twitter account, but the MP quickly tweeted a message to his 6,664 followers saying: “Oh dear it seems like I’ve fallen victim to twitter’s latest ‘phishing’ scam.”

Harriet Harman told MPs on Thursday that her account had been hacked, sending messages without her knowledge, but the content of those messages has been left untold. Ms Harman smily said: “I wouldn’t ever send a tweet like that.”

Shadow Prisons Minister, Conservative MP Alan Duncan, who received Harriet Harman’s tweet, took it in good part, according to the Press Association, tweeting: “I did get a message in Harriet’s name, so I sent a friendly message back by text. A bit confusing, and all in my first week on Twitter.”

While the MPs have added to the amusement of the nation, we can also learn from their embarassment, according to Graham Cluley of security firm Sophos: “Miliband needs to do more than just tweet an explanation for his bizarre tweets,” said Cluely. “He also needs to change his password, and think long and hard about whether he is using that same password on any other websites.”

SOURCE: www.eweekeurope.co.uk

read more "Ed Miliband’s Hacked Account Sends Sex Tweets"

Download Free Wondershare Office Recovery Software

* Found this useful tool while googling. I have not uploaded this tool. PLS REPORT ANY BROKEN LINK @ [email protected] OR leave a comment here *

Wondershare Office Recovery, from Wondershare Software, is a new powerful office recovery tool specially designed for recovering office files and PDF files lost caused by accidental deletion, formatted, virus infection, bad sectors, misuse of partition tools and so forth, allowing users to restore variety of office files formats, including DOC, DOCX, XLS, XLSX, PPT, PPTX, PST, DBX, ACCDB, MPP, PUB, ONE, XSN and PDF files.

Features of Wondershare Office Recovery:

• Easy 3-step to recover lost files – Select, scan and recover without special technical skills
• Restore lost office files and PDF files due to intentional deletion/formatting/virus attacks and other reasons
• Recover lost files from various storage devices including PC hard drive, external hard drive, memory stick, USB flash disk, DVDand more
• Choose precise file formats for accurate recovery
• Preview recoverable files before recovery
• Recovery result won’t affect the original file format and layout
• Supports Office 97, XP, 2000, 2003 and 2007

Note: Open the application. Press the "Get Code".

DOWNLOAD HERE

If you like this post and want us to post similar articles, Pls give us a feedback and leave a comment here

read more "Download Free Wondershare Office Recovery Software"

Download Microsoft Office Password Recovery Magic Tool for free here

* Found this useful tool while googling. I have not uploaded this tool. PLS REPORT ANY BROKEN LINK @ [email protected] OR leave a comment here *

Any office files' read-only passwords can be recovered here. We still can recover *.xls, *.ppt, *.mdb, *.doc and Office 2007 formats files. The easy-to-use interface help users do exact search. Users can set parameters to exact the range of searching password, such as the length of the password and the shape of the password. Users still can using dictionary file, which is a string document to find password more quickly.

Features of Office Password Recovery Magic:

• Recover the lost or forgotten password quickly.
• Recover read-only passwords for Microsoft Office Word.
• Recover read-only passwords for Microsoft Office Excel.
• Recover read-only passwords for Microsoft Office PowerPoint.
• Recover read-only passwords for Microsoft Office Access.
• User-friendly interface.

Version: 6.1.1.138 (+Portable)

Developer: Password Recovery Magic Studio Ltd

Updated: 2010.02

Language: Multilanguage

Platform: Windows 98/2K/XP/2K3/Vista/7

Size: 5.38 mb

DOWNLOAD HERE

read more "Download Microsoft Office Password Recovery Magic Tool for free here"

Download RAR Password Cracker for Free

This program is intended to recover lost passwords for RAR/WinRAR archives of versions 2.xx and 3.xx. The program finds by the method of exhaustive search all possible combinations of characters ("bruteforce" method), or using passwords from lists ("wordlist" or "dictionary" method). Self-extracting archives and multivolume archives are supported. The program is able to save a current state (you can interrupt the program at any time, and restart from the same state later). Estimated time calculator allows you to configure the program more carefully.

RAR Password Cracker requires Windows 9x/ME/XP/NT4/2000/2003. There are no special requirements for memory capacity, but the processor performance should be as high as possible. Special hardware is not required.

RAR Password Cracker 4.xx is shareware. You may download free evaluation version of the software:

Version 4.12 (zip, 201 Kb): DOWNLOAD HERE

Version 4.12 (exe, 205 Kb): DOWNLOAD HERE

The software may be used and evaluated free of charge and without time limit. However, if you wish to use RAR Password Cracker without limitations of free evaluation version, you must purchase the license.

Here you can find wordlists for Dictionary attack

read more "Download RAR Password Cracker for Free"

Twitter is stressing out a bit right now, so this feature is temporarily disabled: On 25th Feb

Just few minutes back, around @ 12:45 P.M. on 25th Feb, 2010, I found the below error on Twitter. Is this due to some DDOS ATTACK ???

read more "Twitter is stressing out a bit right now, so this feature is temporarily disabled: On 25th Feb"

U.S. would lose cyber war: Warning from former intelligence chief, John Michael McConnell

A former intelligence chief warned lawmakers Tuesday the U.S. would lose a cyber war waged today.

John Michael McConnell, a former Navy vice admiral and director of national intelligence under President George W. Bush, told the Senate Commerce Committee at a hearing Tuesday afternoon that the United States was the "most vulnerable" target for a massive, crippling cyber attack, primarily because the country is also "the most connected" to the Web.

He offered the panel a stern warning: "If we were in a cyber war today, we would lose."

"We would lose," McConnell repeated.

McConnell also said he feared it would "take that catastrophic event" to get lawmakers to take action to strengthen cyber security.

He sugggested a devastating attack would signal to both voters and their representatives that the Internet poses a real threat to private information, much-needed utilities, ubiquitous financial services and critical government resources.

Tuesday's hearing on the Internet and information security was prompted by a string of high-profile cyberattacks that have hit a number of U.S. businesses -- from a January attack on Google believed to originate in China, to an unrelated attempt later in the month on Intel, to still a third hack that for months targeted smaller businesses in 196 countries.

Legislation that could implement the country's first Web security framework has remained stalled for months in the Senate, in part because the healthcare and jobs debates have consumed lawmakers' time.

A cybersecurity bill did pass the House last year, but that legislation would only devote resources to researching better cybersecurity practices. By contrast, senators working on the upper chamber's bill signaled Tuesday they would prefer a more policy-based bill.

The bill's two co-sponsors, Commerce committee Chairman Jay Rockefeller (D-W.Va.) and ranking member Olympia Snowe (R-Maine), said Tuesday during they hearing they remain committed to introducing that legislation soon.

"The bill has undergone a number of revisions," Snowe said, noting that she, Rockefeller and others have huddled closely with industry leaders on potential tweaks.

"We risk a cyber-calamity of epic proportions with devastating implications for our nation," she later added, stressing the importance of passing that legislation soon.

SOURCE: TheHill.Com

read more "U.S. would lose cyber war: Warning from former intelligence chief, John Michael McConnell"

British Not Prepared for Cyber Attack: A Serious Issue raised by Cyber Security Operations Center (CSOC)

Continuing to my post earlier The U.S. Ready For A Cyberwar ??

Earlier this month, the Bipartisan Policy Center held a mock cyber war game in which the US came under cyber attack. By the end of the exercise, the power grid was down in much of the East Coast, telecommunications were severely disrupted and the Internet was virtually useless. The war game demonstrated some of the severe difficulties and challenges that would arise in the event of a cyber attack and helped to underscore that the US is not currently prepared to handle such an attack.

It now appears that the British are in a similar bind. According to an article in The Register, the Cyber Security Operations Centre (CSOC) has predicted that a cyber attack that caused even minor damage would prove “catastrophic” for public confidence in the government.

As use of the Internet becomes even more interconnected with daily operations, “any interruption of broadband access becomes intolerable and will have serious impacts on the the economy and public well being,” according to the CSOC. “A successful cyber attack against public services would have a catastrophic impact on public confidence in the government, even if the actual damage caused by the attack were minimal.”

The report for Whitehall is part of a report produced by the CSOC about future threats.

CYBER WARS: A PRIMER

TIMELINE

1999 NATOWeb sites are attacked from within Serbia after alliance warplanes begin bombing Yugoslavia in an effort to stop then-president Slobodan Milosevic's ethnic cleansing campaign in Kosovo.

1999 China attacks a Canadian Internet service provider that had been hosting a Web site of the Falun Gong spiritual movement, which is outlawed by Beijing. The attacks temporarily shut down the site.

2000 The Internet sites of the Palestinian Authority, Hezbollah and Hamas are attacked after three Israeli soldiers are abducted. In an apparent act of retaliation, the Israeli Knesset, ForeignMinistry, Bank of Israel and Tel Aviv Stock ExchangeWeb sites are taken down.

2005 Peru and Chile engage in hacker attacks against each other during a dispute over a fishing zone between the two countries. Targets include the Web sites of the Peruvian judiciary and Chilean National Emergency Office.

2005 Cyber attacks increase between Japan and China after a controversial visit by Japanese lawmakers to a SecondWorld War shrine.

2007 The Russian government mounts a cyber war against Estonia in apparent retaliation for Estonia's decision to relocate a SecondWorld War memorial honouring the Soviet Red Army.

read more "British Not Prepared for Cyber Attack: A Serious Issue raised by Cyber Security Operations Center (CSOC)"

Hackers hijack Staples' Twitter account

Don't get too excited if you received a confusing email from agriculture commissioner Todd Staples.

A direct message sent by Twitter on Monday evening pointed followers to a link that read, "you look funny here."

The link redirected readers to a site that reported a "web forgery."

Staples later responded on his Twitter site: "If you received a msg from me, disregard as my account was compromised. Settings have now been changed, thanks so much for following!"

read more "Hackers hijack Staples' Twitter account"

GateRocket rolls new version of FPGA debug tool: Designers can select individual design blocks to run

FPGA verification and debug software vendor GateRocket Inc. Tuesday (Feb. 23) announced the newest version of its RocketVision debugging software, introducing new capabilities that allow designers to select individual design blocks to run in their simulator or GateRocket's RocketDrive hardware verification system.

The new features are said to reduce overall design bring-up time by 50 percent or more compared with traditional approaches by enabling engineers to find and fix bugs faster and avoid unnecessary re-runs of synthesis-to-place-and-route iterations, according to GateRocket.

RocketVision 5.0 adds a new SoftPatch feature allows engineers to try a "soft" RTL fix to the FPGA without rerunning synthesis and place-and-route, according to GateRocket. The SoftPatch feature enables users to sequence through each bug and test fixes without re-building the FPGA, eliminating hours of tedious work (weeks or months over the course of a project), according to the company.

The new version of RocketVision also includes an enhanced AutoCompare features that helps identify bugs at the block or full chip level, GateRocket said. It allows designers to automatically compare the signals between the RTL and hardware representations of the complete FPGA design and highlights any differences that occur, simplifying the debugging process and helping to quickly identify the location of each divergence, the company said.

Both the latest versions of RocketDrive and RocketVision now support 64-bit versions of the industry's most popular simulators from Mentor Graphics Corp., Cadence Design Systems Inc. and Synopsys Inc., GateRocket said.

RocketVision 5.0 is a RocketDrive option and is available immediately with a starting price of $9,500, the company said.

SOURCE: http://www.eetimes.com

read more "GateRocket rolls new version of FPGA debug tool: Designers can select individual design blocks to run"

Argentinian hackers hoist flag on English language paper website as Falklands stand-off moves to cyberspace

Argentinian hackers drew first blood in the latest Falklands stand-off tonight by plastering the country’s flag across the islands’ newspaper website.

The computer attack came as a British oil rig was set to begin searching for oil after arriving in the South Atlantic waters from Scotland.

The Argentine activists hacked into the English-language Penguin News to post a flag on the home page and an audio recording of the song ‘March of the Malvinas,’ Argentina’s name for the Falklands.

They also wrote ‘the islands are Argentine’ and claimed the move was a ‘tribute’ to the country’s soldiers who died during the Falklands War.

The hackers posted the Argentine flag on the website of the Falklands newspaper Penguin News

The material has now been removed.

The planned oil exploration has met with outrage from the Argentine government, which fears it is being cut out of a share of any potential revenues.

Buenos Aires has threatened to ban British companies with any links with the oil venture from the mainland and has insisted that all ships travelling between Argentina and the Falklands must seek permission.

SOURCE: Mail Online

read more "Argentinian hackers hoist flag on English language paper website as Falklands stand-off moves to cyberspace"

Google Hacks: How to use Google Web Search Basics

Whenever you search for more than one keyword at a time, a search engine has a default strategy for handling and combining those keywords. Google defaults to searching for occurrences of your specified keywords anywhere in the page, whether side by side or scattered throughout. To return the results of pages containing specifically ordered words, enclose them in quotes, turning your keyword search into a phrase search , to use Google's terminology.

On entering a search for the keywords:

Learn ethical hacking

Google will find matches where the keywords appear anywhere on the page. If you want Google to find you matches where the keywords appear together as a phrase, surround them with quotes, like this:

"Learn ethical hacking"

Google will return matches in which only those words appear together.

Google's Boolean default is AND, which means that if you enter query words without modifiers, Google will search for all your query words. For example, if you search for:

Learn ethical hacking website "penetration testing"

Google will search for all the words. If you prefer to specify that any one word or phrase is acceptable, put an OR between each:

Learn ethical hacking OR website OR "penetration testing"

* Make sure you capitalize OR; a lowercase or won't work correctly *

If you want to search for a particular term along with two or more other terms, group the other terms within parentheses, like so:

Learn ethical hacking (website OR "penetration testing")

This query searches for the word "website" or phrase "penetration testing" along with "Learn ethical hacking"

If you want to specify that a query item must not appear in your results, prepend a (minus sign or dash):

Learn ethical hacking website -"penetration testing"

This will search for pages that contain both the words "Learn ethical hacking" and "website," but not the phrase "penetration testing."

* Note that the symbol must appear directly before the word or phrase that you don't want. If there's space between, as in the following query, it won't work as expected: *

Learn ethical hacking website - "penetration testing"

Be sure, however, to place a space before the - symbol.

There are certain words that Google will ignore because they are considered too common to be of any use in the search. These words"I," "a," "the," and "of," to name a feware called stop words .

You can force Google to take a stop word into account by prepending a + (plus) character, as in:

+the hackers

Stop words that appear inside of phrase searches are not ignored. Searching for:

"the hackers" lifestyle

Will result in a more accurate list of matches than:

the hackers lifestyle

Simply because Google takes the word "the" into account in the first example but ignores it in the second.

The Google synonym operator, the ~ (tilde) character, prepended to any number of keywords in your query, asks Google to include not only exact matches, but also what it thinks are synonyms for each of the keywords. Searching for:

~ape

Turns up results for monkey, gorilla, chimpanzee, and others (both singular and plural forms) of the ape or related family, as if you'd searched for:

monkey gorilla chimpanzee

Along with results for some words you'd never have thought to include in your query. (Synonyms are bolded along with exact keyword matches on the results page, so they're easy to spot.)

If you're looking to spend $500 to $800 on a sony laptop; Google for:

sony laptop 10..15 inch $500..$800

The one thing to remember is always to provide some clue as to the meaning of the range, e.g., $, size, megapixel, kg, and so forth.

You can also use the number range syntax with just one number, making it the minimum or maximum of your query. Do you want to find some land in Noida that's at least 50 acres? No problem:

acres Noida land 50..

On the other hand, you might want to make sure that raincoat you buy for your terrier doesn't cost more than $10. That's possible too:

raincoat dog ..$10

Google normally does not recognize special characters such as $ in the search process. But because the $ sign was necessary for the number feature, you can use it in all sorts of searches.

Try the search - "weekly sale" bargains 10

and then - "weekly sale" bargains $10

Notice how the second search gives you far fewer results? That's because Google is matching $10 exactly.

read more "Google Hacks: How to use Google Web Search Basics"

BBC website crashed: BBC bosses were left red-faced

BBC bosses were left red-faced when a TV documentary about the power of the internet crashed its own website.

Viewers were told to complete an online behaviour test after web documentary The Virtual Revolution aired on BBC2 on Saturday.

But servers crashed and thousands of the show's 1.3million viewers were faced with blank screens.

One viewer - called @cloggingchris - Tweeted: "Oh the irony."

A series spokesman also turned to Twitter, writing: "We may have to call this a DoS (Denial of Service) attack to save face."

The show featured interviews with Twitter fan Stephen Fry and Microsoft billionaire Bill Gates.

SOURCE: http://www.thesun.co.uk

read more "BBC website crashed: BBC bosses were left red-faced"

Facebook Down! Facebook Problems Today! Facebook Not Working! Facebook is hacked: What is the problem with Facebook Today ???

Damn! I m so pissed off with Facebook today. What’s that? You guys having the same problem as well? Yes, Facebook is suffering from some flue this morning and I have friends from all over the world complaining about it.

While some countries are facing no problems with log in but a lot of problems after they log in, some other countries can’t even log in. But don’t be jealous of the ones who can log in, it’s simply no use. Even if they can log into their accounts, their apps are not opening and pictures are not getting loaded properly.

404 errors, picture upload failures and a lot of other problems have occurred. Mobile face book is facing the same problem as well. The outrage of the people has taken the micro blogging website Twitter by storm. “Facebook down” discussions and tweets are topping Twitter trends.

Reports are flowing in that the popular social networking site Facebook is facing a number of problems today. Though the site has not provided any official declaration on the matter as yet, people having accounts on the site are continually blogging on twitter and other sites that detailing the problems they are facing.

Mashable has made a list of the most common problems being encountered today

• No CSS on certain pages
• Failure to Upload Photos
• Lots and Lots of Random Errors
• Status Update Errors on the iPhone and BlackBerry apps
• Very slow performance
• Crashing Firefox 3.5.8

In the wake of this, people all over the world are gripped by the panic if facebook has been hacked and their data compromised. Just a day earlier, It was reported that the virus Kneber Botnet is out hacking login credentials of e-mail accounts, social networking accounts and banking accounts.

read more "Facebook Down! Facebook Problems Today! Facebook Not Working! Facebook is hacked: What is the problem with Facebook Today ???"

Organizations should avoid Adobe if possible: Adobe a huge target of hackers

We knew before that Adobe was a huge target of hackers, but recent findings show just how bad their security really is. Out of all Internet exploits and attacks of 2009, 80% have been done by infecting Adobe’s PDF and Flash files.

According to ScanSafe, the California company that carried out this research, vulnerabilities in Adobe Reader and Adobe Acrobat were the most-exploited software in 2009, growing from 56% in in the first quarter of 2009, to 80% in the fourth quarter of 2009. These finding warn users to try to avoid PDF files and try to switch to other formats until Adobe fixes their security issues.

“I think organizations should avoid Adobe if possible. Adobe security appears to be out of control, and using their products seems to put your organization at risk. Try to minimize your attack surface. Limit the use of Adobe products where you can,” says Stephen Northcutt, president of the SANS Technology Institute.

SOURCE: Tech.Icrontic

read more "Organizations should avoid Adobe if possible: Adobe a huge target of hackers"

Cyber Attackers Hack Australian Government Websites

A hacker group attacked government websites in Australia to protest against the proposal that prohibits pornography on the Australian Internet. Individuals masterminding the group named "Anonymous" assigned the title 'Operation Titstorm' to their campaign.

It (Operation Titstorm) involves unsolicited bulk e-mails, which will deal with 3 categories of "illegal material" that the government plans to prohibit. These categories are cartoon porn, female ejaculation and small-breasted women. Additionally, it is said that Anonymous will use DDoS (Distributed Denial-of-Service) attacks to slander the websites.

Alongside these, the protest operation will utilize other types of communication modes.

The hacked websites are the Department of Broadband, Communications and the Digital Economy, the main Australian government website and the Australian Parliament House.

Meanwhile, Anonymous threatened the Australian Government in an e-mail saying that no government is empowered to deprive the citizens of its country from accessing anything online just because authorities think that is undesirable. The message added that sooner or later the Australian Government would learn not to interfere with the country's pornography, as reported by NZHerald on February 11, 2010.

Stephen Conroy, a Spokeswoman for Communications Minister, in her criticism of the hacks' malicious nature, stated that the attackers demonstrated completely irresponsible behavior as well as potentially prevented the Australian people from accessing services, as reported by Upi on February 10, 2010.

The latest news underscores what Prolexic (a network protection company) found in its recently released report. It stated that in the latest phase of botnet evolution, activist and political inclinations were currently the key motivations for espionage, denial-of-service as well as other cyber assaults.

Furthermore, another country engaged in clean-up operations like Australia is China. Here workers have been recruited to scrutinize all '.cn' domains for porn along with other malevolent Internet sites, which are spreading malware.

Finally, as online porn is now a worldwide issue, legal advisors call for addressing it. The reason for its reining is its incessant growth in magnitude day by day. Further, modern porn is often related to malicious campaigns that through different kinds of cyber crime slander the Internet, according to legal advisors.

SOURCE: Spam Fighter

read more "Cyber Attackers Hack Australian Government Websites"

4th Largest Affiliate Network gets attacked by hackers: XY7.com is Back Up and Running Smoothly After Web Attack

Xy7.com the nation's 4th most popular Affiliate program underwent a well planned Internet attack which started on Tuesday, Feb. 16th, 2010 at 2:04 pm pst. and ended shortly thereafter thanks to a fast acting internal team.

The company's CEO Kevin De Vincenzi released this statement:

"I am pleased to announce that XY7 is back online and fully operational after suffering a significant DDoS attack. Although there was a brief disruption, our team was able to quickly restore operations and our click tracking was never affected.

"DDoS attacks are not uncommon. Recently Facebook, Twitter and LiveJournal were victims of Distributed Denial of Service attacks. During a DDoS attack, multiple computers send requests to one computer in attempt to overload a system.

"As the 4th largest affiliate network, XY7 looks forward to providing the excellent service that we are known for.

"DDOS attacks are illegal and Xy7 was quick to report these actions to the appropriate federal agencies."

SOURCE: http://www.prweb.com

read more "4th Largest Affiliate Network gets attacked by hackers: XY7.com is Back Up and Running Smoothly After Web Attack"

WordPress network bug throws millions of blogs offline

Network problems knocked more than 10 million WordPress blogs offline in a two hour outage on 18 February.

WordPress.com said the problem was caused by a core router change at one of its data centre providers which "broke the site".

The company estimated that during the outage, the blogosphere lost about 5.5 million pageviews.

WordPress.com founder Matt Mullenweg said it was the firm's "worst downtime in four years".

"I know this sucked for you guys as much as it did for us — the entire team was on pins and needles trying to get your blogs back as soon as possible.

"I hope it will be much longer than four years before we face a problem like this again," said Mr Mullenweg.

On the company blog, he stressed that security was not an issue and that the site had not been hacked or hit by a denial of service attack.

"All of your data was safe and secure, we just couldn't serve it," he wrote.

Mr Mullenweg said the company would dig deeper to discover what happened and work out a better plan of how to cope if the problem recurs.

'Goodwill'

Reaction among users was fairly forgiving.

Those that posted comments on the WordPress.com site said they understood what was going on and appreciated the efforts Mr Mullenweg made to keep everyone informed.

However, not everyone thinks this will last for long.

"It seems the company has enough goodwill to spare a couple hours of failure," said Liz Gannes of technology blog GigaOm.com which was knocked offline. "But one thing's for sure, people won't be so friendly if it happens again,"

According to research company Quantcast, over 230 million people visit one or more of WordPress.com's blogs every month.

Among the company's showcase site of top customers is the Wall Street Journal's WSJ magazine, Forbes Blogs, musician Jay-Z and tech sites such as TechCrunch, AMD Blogs and SAP.info, among others.

Source: BBC News

read more "WordPress network bug throws millions of blogs offline"

Views of Pawan Kumar Singh, CISO, Tulip Telecom & Faraz Ahmed, CISO, Reliance Life Insurance on Wipro Fraud

Continuing to my previous post Wipro fraud may involve more than one person: Expert

The people and circumstances around me do not make me what I am, they reveal who I am,' said Laura Schlessinger, an American talk radio host and a socially conservative commentator and author. Companies like Satyam and Wipro are figuring out the truth of her words today. As per recent media reports, an employee of Wipro managed to embezzle $4 million from the company’s accounts.

It’s All About the People

Fingers have been pointed at the company’s IT infrastructure, their auditing methods and the finance team at the helm of affairs. However, one thing that we always seem to miss in such cases is the people of the company. "One can implement as many security solutions as available. However, how can you control the individuals, who are dealing with these solutions? After all, someone somewhere is going to know the passwords or how to get past these solutions," says Faraz Ahmed, CISO, Reliance Life Insurance.

Pawan Kumar Singh, CISO, Tulip Telecom, agrees and adds, "There is no controlling the temptation or greed of employees. IT works as an enabler for a company. At the end of the day, it is controlled by the people in the company. So, the focus of companies should be their employees more than mere technology. In fact, the dependence on technology in today’s age creates more problems than solutions".

Employee Verification: Need of the Hour

Singh and Ahmed both agree that a company should be extremely vigilant while hiring its employees. "A company the size of Wipro is always in need of people. Sometimes, due to business pressure, there is a possible gap that creeps into the verification process. Somehow, this is one area where the organisation cannot afford to compromise. Secondly, one should conduct psychometric tests of employees to know about their emotional state of being. It is important to know what your employees are going through so that they can be handheld in a better fashion," says Ahmed. He also adds that updating the risk assessment solutions regularly should become a common practice in the business community.

Communication is the Key

Singh agrees and says, "Communication with employees on a personal level is of utmost importance". He further states that one should have multiple motivational factors in place for employees. "Quite a few leadership programs are conducted for the top management but how many of these are offered at the junior level?" he asks. He further adds that one should create a culture of pride and ethics in the company. According to him, there is a need to revisit the chapter on ethics by all and sundry and have a good read of the same. "Another thing that one needs to do is to install the fear of punishment and loss of reputation among employees related to such incidents."

Suresh Iyer, Chief Security Officer-APAC, Aditya Birla Minacs, says, "The Information Security leader should ensure that all C-level functions have security-related KPIs among other performance metrics". He further adds that companies must have an operational practice of having all functions with significant risk exposure (which again needs to be evaluated through a detailed risk assessment procedure) being monitored on multiple channels, i.e. self-assessment, sample-based peer review, mandatory dual sign-off for high-value transactions – again maintaining a detailed 'Delegation of Authority' manual depending on the value of transaction.

Plugging the Loopholes

Though people’s temperaments and inclinations may not be totally in the employer’s hands, there are some things that are. Iyer says, "One should keep the company’s audit absolutely unbiased and totally independent. If the audit teams are part of the finance team, it defeats the entire purpose. Also, if Information Security audit teams have to report to the CIO’s office, independence is compromised".

Ahmed, on the other hand, believes that there should be a breakdown in process within the organisation. "The duties should be segregated in the financial team and one person should not be handed out the entire details of a company’s financial systems". Singh agrees and says, "The systems should have a feature wherein multiple passwords are needed to access financial data. Thus, it will make the job of the fraudster even more difficult".

Iyer further says, "One should implement two-factor authentication for access to critical applications. (In this case, the password was stolen, however, if digital certificates or soft/ hard tokens were involved, maybe the chances of having both compromised would have reduced significantly). Mandatory senior management sign-off for high-value transactions should be built into ERP systems. Application controls should have alert systems in place that would alert the finance head and the fraud prevention team in an auto trigger mode as soon as something goes wrong. It helps to have the fraud prevention cell reviewing these alert systems online on a regular basis."

Learning the Lesson

The incidents at Wipro and Satyam are open for all of us to learn from. Better communication with employees at all levels, instilling pride in company ethics and more stringent and robust IT security systems could help enterprise security leaders ride the waves of insecurity among people and as far as their data is concerned too.

SOURCE: http://biztech2.in.com

If you like this post and want us to post similar articles, Pls give us a feedback and leave a comment here

read more "Views of Pawan Kumar Singh, CISO, Tulip Telecom & Faraz Ahmed, CISO, Reliance Life Insurance on Wipro Fraud"

Firefox suffers critical bugs

Mozilla has released fixes for five security holes in older versions of Firefox, while a security company has warned of a zero-day flaw in the latest version of the popular browser.

On Wednesday, Mozilla issued patches for versions 3.5.8 and 3.0.18 of the browser, sending out fixes for the latter even though it had said it would stop supporting Firefox 3.0 in January.

In its security bulletin, the company said the vulnerabilities had previously been resolved in Firefox 3.6, which was launched on 21 January.

The five flaws addressed by Mozilla included three the company rated 'critical'. These three flaws involve an error in handling out-of-memory conditions; stability errors in the Gecko rendering engine; and a bug in the way Mozilla's implementation of web workers handles posted messages, Mozilla said. Web workers are used to carry out scripting tasks in a way that reduces the processing load on the user interface.

All three of these bugs can potentially be used to execute malicious code and take over a user's system, Mozilla said.

The two remaining flaws are less serious, potentially allowing an attacker to execute malicious JavaScript code.

The security updates to Firefox 3.5.8 and 3.0.18 are available for Windows, Mac OS X and Linux from Mozilla's website or via the browser's built-in update system.

Separately, Secunia on Thursday reported an unpatched bug in Firefox 3.6, the most recent version of the browser. The security research firm warned that the software contains a bug that could be used to execute malicious code on a user's system.

The zero-day bug was released as part of VulnDisco Pack, an add-on module for Immunity's Canvas penetration-testing software, according to Secunia. VulnDisco Pack developer Intevydis did not release details on the bug, but Secunia ranked it 'highly critical'.

SOURCE: http://news.zdnet.co.uk

read more "Firefox suffers critical bugs"

Kneber botnet virus attacks 75,000 computers worldwide, including US government systems2

A new computer virus has infected almost 75,000 computers worldwide - including 10 U.S. government agencies - collecting login credentials from online financial, social networking sites and email systems and reporting back to hackers.

The virus, dubbed the Kneber botnet, is thought to be the brainchild of an Eastern European criminal group that is likely selling the information on the black market, according to the Internet security firm NetWitness, which uncovered the attacks in January.

The attacks are continuing and corporate losses are still being compiled, said NetWitness chief technology officer Tim Belcher.

The FBI, Department of State and Department of Homeland Security have been notified, Belcher said.

The crime groups "running this activity are every bit as expert at compromising systems and siphoning off information as nation states," according to Belcher.

"They're well funded, motivated and successful." Hackers using the new virus have infiltrated the computer networks of more than 2,400 companies in almost 200 countries over an 18-month period, the Herndon, Va.-based computer security firm reported.

Further investigation revealed that many commercial and government systems were compromised, including 68,000 corporate login credentials and access to email systems, online banking sites, Yahoo, Hotmail and social networks such as Facebook.

Infiltrated companies include pharmaceutical giant Merck & Co., Cardinal Health Inc., software firm Juniper Networks and Paramount Pictures, the Wall Street Journal reported Thursday.

Hackers reportedly used the virus to break into computers at 10 U.S. government agencies and in one case obtained the user name and password for a soldier's military e-mail account.

Companies in Egypt, Mexico, Saudi Arabia, Turkey and the U.S. are the most frequently targeted in the attack, according to a research paper released by NetWitness.

The attack uses a piece of software called ZeuS, designed in Eastern Europe, that takes control of large numbers of computers.

ZeuS is among the top five most reported computer infections, according to the Department of Homeland Security.

"These large-scale compromises of enterprise networks have reached epidemic levels," said Amit Yoran, CEO of NetWitness and former Director of the National Cyber Security Division.

"Cyber criminal elements like the Kneber crew quietly and diligently target and compromise thousands of government and commercial organizations across the globe."

Yoran said that conventional intrusion detection systems are "inadequate for addressing Kneber or most other advanced threats."

SOURCE: Daily News

read more "Kneber botnet virus attacks 75,000 computers worldwide, including US government systems2"

My favorite 5 Games of all time – Part 1 – METAL GEAR SOLID

The most cinematic and epic game series I have ever played, Metal Gear Solid outshines every other game for me. Some might argue with me that MGS is all about sitting on the couch, watching cutscenes and waiting for something to happen and then play minigames while dodging enemies who have quite limited (and sometimes stupid questionable) vision cones. And you are seriously wrong, an MGS purist like me enjoys it like the way it is meant to be. MGS blends some serious conspiracy theories with stealth elements and merges realistic action with believable setting. It’s an arcade stealth genre game in my opinion, and it’s the most enjoyable one. Games like Thief and Splinter cell are overtly dark and bland when compared to MGS and Kojima’s direction shines when it comes to cutscenes and ideology theories. No, I m not saying that I was able to understand MGS2’s overtly convoluted plot in one go, but when it made sense, it made for one of the most epic plots I have ever studied with such deep patience. Solid Snake is my favorite character, and my favorite game of MGS series is the original Metal gear Solid. I remember it renting out and playing it on my Playstation emulator and spending hours and hours of my 12^th class playing that game (when I was supposed to cram Chemistry formulas and solve mathematical problems).

I still have it installed on my PC and I m still dishing and choking out soldiers and throwing chaff grenades at confused electronic devices. When it was released this was the most complete game on Playstation and pushed it to its theoretical limits. All the cutscenes happened in real time and though they did have to compromise with lip movement, the delivery is cinematic and represents the pinnacle of game direction for me. The graphics, the music, the action and the setting, everything was top notch and Konami revived the series with the touch of perfection.

The character development and the voice acting is something for which Metal Gear is hailed as the best ever, David Haytor and the team are the soul of MGS and without them, it would not have been a MGS. I remember the Sniper wolf death scene and still have a soft spot for her (I m dead serious) Harry Gregson Williams and Tappy Iwase composed the most theatrical score and the catchy music which celebrate the MGS the way it is meant to be. MGS is known for its gruesome and original boss fights;where else you can fight a Hind D,a psychic, a deadly sniper,a tank and a walking bipedal mobile death machine aka Metal Gear Rex ? All the boss fights require finding and exploiting a weakness and fighting your way off in the most original form.

In all, MGS represents the most complete gaming experiences for me and stands out as my one of the most favorite game of all time.

 

PS : Like this article ? You can always support me by buying me a coffee or You can always try some of the cool merchandize from PROHACK.

POSTED BY XERO ALL RIGHTS RESERVED.

 

Technorati Tags: gaming,top articles,reviews,game,metal gear solid,games,prohack,rdhacker

read more "My favorite 5 Games of all time – Part 1 – METAL GEAR SOLID"

Wipro fraud may involve more than one person: Expert

Wipro plans to undertake internal restructuring of its finance department, reports CNBC-TV18, quoting sources. The move follows a fraud of USD 4 million committed by a staffer in the finance department.

Sources say the fraud was committed through online means and the amount siphoned into a personal account. Wipro is yet to report the matter to the police.

The IT major plans to tighten online security within the company and will appoint an agency to monitor accounts. It will also issue investigations into other departments as well.

In an interview with CNBC-TV18, Vijay Mukhi, Consultant - Cyber Law, DSK Legal gave an insight into how such embezzlement could have gone undetected, and what companies can do to strengthen their security systems.

Here is a verbatim transcript of the interview. Also watch the accompanying video.

Q: Why is it that the company hasn't proceeded with action against this employee apart from suspending him?

A: I have seen scams which have been bigger than this and when the company management talks to you, the first question they normally ask you is we don’t want to go to the press or the police. So I am not surprised at the fact what Wipro has done nothing about it so far.

Q: Where do you think the lapse has happened? This is a very through professional company with one employee over a period of time hacks into the system and Rs 20 crore is moved into his account. Why did this go undetected?

A: I think this went undetected because Wipro may have used auditing techniques which are manual. When you are the size of a company like Wipro you need a software which can keep track of all these transactions like the airline industry uses it to check that my credit card is not misused. So you need anti-money laundering to check for fraud which obviously Wipro didn’t do.

Q: What can Wipro do now? Keeping this quiet and suspending the employee is no solution and you would agree with that. Whether companies like to talk or go to the press or Wipro in this case has put out a statement and perhaps many companies wouldn’t even have done that, but under the law how should Wipro proceed and shouldn’t a person like this be brought to justice?

A: If Section 66 of the IT Act applies, it is a clear cut case of hacking. Now what Wipro needs to find out is, is it one employee or were there 50 other employees who were a part of it? It is odd that you have such a big scam and you have only one employee involved.

I believe this should go to the police and court and tell everyone that cyber crime in India doesn’t pay. Today the big problem is that there is no conviction. So the cyber criminal gets away with murder.

Q: So what would be the lessons from this incident, more specifically other IT companies?

A: First lesson is that when IT companies don’t take the cyber crime cases to court. The entire ecosystem doesn’t learn how to fight cyber crime. I think that is what we need to do. We need more companies to go to the police.

SOURCE: http://www.moneycontrol.com

If you like this post and want us to post similar articles, Pls give us a feedback and leave a comment here

read more "Wipro fraud may involve more than one person: Expert"

Mobile Security Bug: Hackers can exploit Google Buzz: Google patched the flaw

Continuing to my previous post Google's new Twitter/Facebook competitor, Google Buzz: Huge Privacy Flaw

A common Web programming error could give hackers a way to take over Google Buzz accounts. The flaw is a "medium-sized problem" with the Buzz for Mobile Web site, said Robert Hansen, CEO of SecTheory, who first reported the issue.

This type of Web programming error, called a cross-site scripting flaw, lets the attacker put his own scripting code into Web pages that belong to trusted Web sites such as Google.com. It is a fairly common flaw but one that can have major consequences when exploited on widely used Web sites.

The attacker "can force you to say things you don't want to say, to follow people," he said. "Whatever Google Buzz allows you to do, it allows him to do to you."

The bug was discovered by a hacker known as TrainReq, who e-mailed Hansen details of the flaw without explanation. TrainReq is best known for posting photos stolen from pop star Miley Cyrus' e-mail account to the Internet.

Now that Google has made several changes and patched the flaw.

Google released a statement regarding the flaw. "We fixed a vulnerability that could have affected users of Google Buzz for mobile on February 16th, hours after it was reported to us. We have no indication that the vulnerability was actively abused. We understand the importance of our users' security, and we are committed to further improving the security of Google Buzz."

read more "Mobile Security Bug: Hackers can exploit Google Buzz: Google patched the flaw"

Google GO – New programming front

Google Go is a new language developed by Google Inc which was first officially announced in November 2009. It’s a compiled, garbage collected concurrent programming language. Language veterans Robert Griesemer, Rob Pike, and Ken Thompson initially started to design Go based on previous work related to the Inferno operating system in September 2007. Go has been deployed to compile on UNIX and Linux platform however as of the launch, Go was not considered to be ready for adoption in production environments.

With ken co creating Go,it has a syntax closer to C except for the type declarations; other syntactical differences are the missing parentheses around for and if expressions. Go has been designed with an aim to have exceptionally fast compilation times, even on modest hardware. Some of the features missing in Go as of now are exception handling, type inheritance, generic programming, assertions, method overloading and pointer arithmetic.

Here is an example of a Hello world program in Go -

package main

import "fmt"

func main()

{

fmt.Printf("Hello, World\n")

}

Go can be compiled using 2 compilers as of now - 6g (and its supporting tools, collectively known as gc) are in C, using yacc/Bison for the parser and Gccgo,a compiler with a C++ front-end with a recursive descent parser coupled to the standard GCC backend.

The industry reaction for Go has been mixed, with some veterans raising its fast compilation and others who criticized lack of features in it. judging by the reaction,one can simply say that Go is just not mature enough to be deployed to industry ready environments and has some rough edges to smooth out.

 

 

PS : Like this article ? You can always support me by buying me a coffee or You can always try some of the cool merchandize from PROHACK.

POSTED BY XERO ALL RIGHTS RESERVED.

Technorati Tags: technology news,what is?,google,programming,rdhacker,prohack,google go

read more "Google GO – New programming front"

Is The U.S. Ready For A Cyberwar ??

Imagine waking up in the morning and your electricity is out. No lights, no heat and no computers. You try to turn on your cell phone but the network is down and so is your access to the Internet. You suddenly feel alone and afraid.

An army of foreign computer hackers has brought down America's power grid and government operations.

According to cyber security advisors this kind of scenario is very real and the U.S. is unprepared to defend itself.

Cyber sieges do happen and can have a crippling effect on national defense. In August of 2008, Russia launched a cyber attack on the national websites of Georgia, its neighboring country. These attacks coincided with Russia's military campaign in the South Ossetia region. The attacks debilitated Georgian news and government websites and marked one of the first cyber/military wars in modern history.

The "Cyber ShockWave" event and was hosted by the Bipartisan Policy Center, a Washington based nonprofit organization. Their mission was to test the U.S. response to a coordinated, international attack on America's technological infrastructure.

The group hired experts in cyber warfare to compose a simulated scenario where a virus attaches itself to a "March Madness" college basketball phone application. In the simulation, the virus replicated and spread through smart phone contact lists until it eventually brought down cellular service for most Americans. Included in the exercise were a number of private companies, such as PayPal and General Dynamics, which have a vested interest in bolstering U.S. cyber defense capabilities.

So how did America fare against a such a strike?

Fail.

"It's very easy for hackers to hide in other people's computers and servers," said Lou Von Thaer, a top security expert with General Dynamics, a defense firm based in Falls Church, Va. "We spent a lot of time today trying to figure out who did it and it created a lot of chaos."

"What we're suggesting is the seat belt analogy," said Von Thaer. "These days we wouldn't imagine driving across town without wearing a seat belt. And that's because now there are laws and regulations that have made seat belt use a standard way of life. We need to have similar standards in the cyber world."

SOURCE: www.npr.org

read more "Is The U.S. Ready For A Cyberwar ??"

How Hackers hacks your cell phone to get information?? How Hackers spy conversations of your cell phone??

Hackers can get your information, and even spy on your conversations all through your cell phone.

Have you ever put your phone down for a few minutes, maybe left it on your desk, or on the table at a restaurant while you head to the ladies room?

If you’ve ever left it unattended you’re at risk.

When your phone rings, you answer. But your phone can pickup without making a sound, and turn into a hidden microphone.

Expert Tom Slovenski explains, “You can hear everything that is going on in the room.“

It happened to the Kuykendall family in Washington State. “They’ve totally taken over the phone,“ Heather Kuykendall says. And it was hard to convince authorities something was going on. “I can’t sleep at night I worry constantly,“ she says.

More on their story visit here

Tom Slovenski, with Cellular Forensics knows it can happen. He’s one of the leading experts in the US, who trains private detectives, law enforcement officers and members of the military on phone forensics—how to flush out spyware and go after the hackers.

Spyware works fast, if you’re at a bar and you’re busy dancing and having a fun time, and you leave your phone here, it only takes a creep 5 minutes to grab your phone load software and turn your phone into their personal spying device.

Corporations are getting worried about guarding secrets shared in important meetings. There is only one failsafe way to do that.

David, the Chicago based detective explains: “If you’re having an important meeting or something that you definitely don’t want anything getting out about is to actually remove the battery from your phone. That’s the number one thing to do. “

Protecting your phone from a spyware attack is free and simple.

“If you simply put a password on your phone its going to protect you from the majority of what is out there,“ Robert Kresson said.

Tom Slovenski says it’s simple. “It’s four digits and you’re in.“

The danger will escalate our expert says, with the launch of mobile banking from your phone… when that happens the incentive to hack into your phone, will multiply a lot faster than any interest on your accounts.

So what can you do to protect yourself? The free solution… set the password on your phone.

How to protect your phone:

• Put a password on your phone
• Turn off blue tooth when not using it.
• Don’t go to websites or click on links you don’t trust

SOURCE: www2.wspa.com

read more "How Hackers hacks your cell phone to get information?? How Hackers spy conversations of your cell phone??"

US Government looking for Cyber Warriors

For a battle which has not taken place

The US government is apparently looking for a coalition of the willing to take on cyber warriors. The US Defence Department estimates more than 100 foreign intelligence agencies have tried to hack into its systems, with its networks probed thousands of times a day.

According to the Sydney Morning News the US is formulating a cyber warfare doctrine which will be critical in deciding how the US Empire and its client kingdoms will respond to cyber attacks. Apparently the US is not certain if China is an ally or an enemy and is snuffling around its military chums to see if there are common areas in which they can work together.

While terrorists are finding it difficult to get bombs to go off they are having some success stuffing up Western networks and while it does not inspire terror it does keep their agenda at the top of the newspaper list.

However other commentators have pointed out there is little evidence of cyber warfare taking place anywhere and many attacks are overstated.

read more "US Government looking for Cyber Warriors"

UDPFlood: UDP packet sender utility

UDPFlood is a UDP packet sender. It sends out UDP packets to the specified IP and port at a controllable rate. Packets can be made from a typed text string, a given number of random bytes or data from a file.

DOWNLOAD HERE

SOURCE: http://www.foundstone.com

read more "UDPFlood: UDP packet sender utility"

Software used to detect the Task Scheduler vulnerability remotely

A Windows network admin utility for remotely detecting the Task Scheduler vulnerability on Microsoft Windows 2000 and Windows XP systems. NetSchedScan allows you to scan multiple IP ranges for the Task Scheduler buffer overrun.

Note: This tool does not require any authentication credentials.

DOWNLOAD HERE

SOURCE: http://www.foundstone.com

read more "Software used to detect the Task Scheduler vulnerability remotely"

Remotely detecting LSASS vulnerability using DSSCAN V1.0

A Windows® network admin utility for remotely detecting LSASS vulnerability released in the MS04-011 bulletin. Allows you to scan multiple IP ranges and send an alert message to vulnerable systems. Note: This tool requires the ability to establish a null session to each target host.

DOWNLOAD HERE

SOURCE: http://www.foundstone.com

read more "Remotely detecting LSASS vulnerability using DSSCAN V1.0"

A TCP/UDP port listener. Act as a guard dog to notify you of attempted probes: ATTACKER V3.0

Attacker -A TCP/UDP port listener. You provide a list of ports to listen on and the program will notify you when a connection or data arrives at the port(s). Can minimize to the system tray and play an audible alert. This program is intended to act as a guard dog to notify you of attempted probes to your computer via the Internet.

Attacker is not intended to protect your computer from hackers in any way other than notifying you of what was always happening to your computer before you knew about it! Running this program may in fact attract more attention to your computer from people remotely scanning for vulnerabilities due to it appearing as a collection of open ports. However, it will definitely not lessen the security of your computer. It is strongly recommended you have a good anti-virus program installed and that you do NOT have File & Printer Sharing enabled for use over the Internet.

** NOTE: Some Anti-virus packages may falsely report this product as a keylogger/trojan application. Please upgrade to the latest anti-virus definitions as this has been corrected by most vendors.**

DOWNLOAD HERE

SOURCE: http://www.foundstone.com

read more "A TCP/UDP port listener. Act as a guard dog to notify you of attempted probes: ATTACKER V3.0"

Identify unknown open ports and their associated applications using FPORT V2.0

fport supports Windows NT4, Windows 2000 and Windows XP

fport reports all open TCP/IP and UDP ports and maps them to the owning application. This is the same information you would see using the 'netstat -an' command, but it also maps those ports to running processes with the PID, process name and path. Fport can be used to quickly identify unknown open ports and their associated applications.

Usage:

C:\>fport

Pid Process Port Proto Path

392 svchost -> 135 TCP C:\WINNT\system32\svchost.exe

8 System -> 139 TCP

8 System -> 445 TCP

508 MSTask -> 1025 TCP C:\WINNT\system32\MSTask.exe

392 svchost -> 135 UDP C:\WINNT\system32\svchost.exe

8 System -> 137 UDP

8 System -> 138 UDP

8 System -> 445 UDP

224 lsass -> 500 UDP C:\WINNT\system32\lsass.exe

212 services -> 1026 UDP C:\WINNT\system32\services.exe

The program contains five (5) switches. The switches may be utilized using either a '/'

or a '-' preceding the switch. The switches are;

Usage:

/? usage help

/p sort by port

/a sort by application

/i sort by pid

/ap sort by application path

DOWNLOAD HERE

SOURCE: http://www.foundstone.com

read more "Identify unknown open ports and their associated applications using FPORT V2.0"

RootKit detection using Linux kernel module: Carbonite

Rootkits are collections of commonly trojaned system processes and scripts that automate many of the actions an attacker takes when he compromises a system. Rootkits will trojan ifconfig, netstat, ls, ps, and many other system files to hide an attacker's actions from unwary system administrators. They are freely available on the Internet, and one exists for practically every Unix release. The state-of-the-art rootkits are Loadable Kernel Modules (a feature unique to most Unix systems) that hide files, hide processes, and create illicit backdoors on a system. Solaris, Linux, and nearly all Unix flavors support Loadable Kernel Modules. Attacker tools that are Loadable Kernel Modules, or LKMs, have added to the complexity of performing initial response and investigations on Unix systems.

All operating systems provide access to kernel structures and functions through the use of system calls. This means whenever an application or command needs to access a resource the computer manages via the kernel, it will do so through system calls. This is practically every command a user types! Therefore LKM rootkits such as knark, adore, and heroin provide quite a challenge to investigators. The typical system administrator who uses any user space tools (any normal Unix commands) to query running process could overlook critical information during the initial response.

Therefore we created a Linux kernel module called Carbonite, an lsof and ps at the kernel level. Carbonite "freezes" the status of every process in Linux's task_struct, which is the kernel structure that maintains information on every running process in Linux.

DOWNLOAD HERE

SOURCE: http://www.foundstone.com

read more "RootKit detection using Linux kernel module: Carbonite"

Microsoft Targets Windows 7 Activation Hackers

Microsoft said it will soon will feed Windows 7 users an update that detects illegal copies installed using more than 70 different activation cracks.

The update to Windows Activation Technologies (WAT), the anti-piracy software formerly known as Windows Genuine Advantage (WGA), will be posted to Microsoft 's download site on Feb. 17, and offered as an optional upgrade via Windows Update later this month, where it will be tagged as "important."

Out the gate, the update will reach Windows 7 Home Premium, Professional, Ultimate and Enterprise users, said Joe Williams, the general manager of Microsoft's activation and anti-counterfeit group. "I'd like to stress that the Update is voluntary, which means that you can choose not to install it when you see it appear on Windows Update," said Williams in an entry to the Genuine Windows blog.

According to Williams, the WAT update sniffs out more than 70 "activation exploits," Microsoft's term for what others call "cracks" that sidestep the product activation process, or use stolen keys to illegally activate counterfeit copies of Windows 7.

After the update has been installed, PCs running cracked copies will begin displaying a black background and the usual gamut of nagging notifications that mark the operating system as bogus. "Machines running genuine Windows 7 software with no activation exploits will see nothing," promised Williams.

Microsoft regularly refreshes its anti-piracy technology to identify new activation exploits -- it did the same two years ago in a Vista crack crack-down -- but the number of exploit "signatures" in the upcoming WAT update is magnitudes larger than any previous.

Among the 70-some cracks shut down by the update are a pair that surfaced last November , just weeks after the launch of Windows 7. At the time, Microsoft said it was aware of the cracks -- "RemoveWAT" and "Chew-WGA" -- and was working on ways to disable them. A Microsoft spokeswoman confirmed today that the WAT update will include signatures for both cracks.

SOURCE: pcworld

read more "Microsoft Targets Windows 7 Activation Hackers"