2013-02-28

ABC News Hacked

ABC News hacked, for some controversial interview. The hacker publishes the full DB dump, including password hashes. Findings:

  • No salting
  • Weak password used by users.


In short - nothing new.

2013-02-27

Good News - Burger King's Twitter Account Hijacked


Burger King's Twitter account get hijacked, and the imposter jokes, saying McDonald's is taking over Burger King.

Anyway, BK is all smiles, this little episode more than doubled its followers..! No publicity is bad publicity.



2013-02-25

Email Spoofing

So, I was looking for some good tools to spoof emails. To know what is "email spoofing", please refer to Wikipedia. I tried some popular websites, like:

http://emkei.cz/
http://www.sendanonymousemail.net/
Both most likely the emails sent from here gets tagged as spam. Recommended is using tools like (built into Bactrack) SET and SendEmail. Challenge of course is finding a good & reliable SMTP server. In the screenshot below, used Gmail's server:


Update: 25-Feb-13
A very good video tutorial to clone a website, and send out spam, using Backtrack's SET

2013-02-20

New York Times Hacked by China

Looks like Symantec became overly defensive here.

Update 20-Feb-2012:
NY times, engages  Mandiant (a security firm), who releases a report, that says majority of the hacks in China are state sponsored!! And of course the Govt of China refutes. Full report is here.

Update 22-May-2013:
Attacks are back with a slight modification.

2013-02-12

Megaupload Shut Down

20-Jan-2012:
Megaupload, a file sharing website has been closed down, and arrested it's founder in a very dramatic style.

23-Jan-12:
Mr. Dotcom (AKA Kim Schmitz) has recruited Robert Bennett (known for defending President Bill Clinton during the Lewinsky scandal).

Not surprisingly, Anonymous started a retaliation attack, hours after the arrest was announced. However, this time their accomplices in the attack were unsuspecting internet users.

22-Feb-2012:
Kim is granted bail, with a long list of conditions

01-Mar-2012:
A TV interview with Kim Dotcom

05-Mar-2012:
Hackers fool Anonymous and their supporters.
Hackers have duped supporters of the Anonymous group into installing the Zeus botnet, which steals confidential information from PCs, including banking usernames and passwords, security researchers said last week.
07-Mar-2012:
Not surprisingly Anonymous refutes the claim that there was malware in their DDoS tool.

19-Mar-2012:
Google defends Hotfile and Megaupload (indirectly). Of course, goes without saying, the real reason here is Google's own Youtube.

01-June-2012:
Another update on this battle. Looks like the lawyers are playing their game now.

21-Jul-2012:
This is insane, Mr KimDotCom releases a video against the president of the USA

22-Jan-2013:
All right people, we now have the new and improved version of megaupload, with a user-side fit-for-army encryption.

24-Jan-2013:
Looks like there are some serious security lapses in this new 'security conscience' website. There is a MegaCracker as well to decrypt passwords from the auto-emails sent to the users.

12-Feb-2013:
Mega calls all white hats

2013-02-11

Hacker Databases

soldierx - Some Info

Operation Last Resort

A new attack by Anonymous, apparently to vengeance the death of Aaron Swartz

Update 11-Feb-13:
Now they attack MIT, but briefly.

Outlook vs Gmail

This is way under the belt..! Microsoft says Google reads all your email (to push ads).

I am not advocating Google, nor do I believe they have the best privacy policy. However, question for Microsoft, if you don't scan emails, how do you filter out spam?