Email Login| Link Exchange | Cyber News | Phishing Attack | SQL Injection | SEO | DOS Attack | Hacking Tools | |Hacking Tricks | Penetration Testing | Trojans & Keyloggers |Hacking Videos | General Discussion | Website Hacking | Session Hijacking | Social Engineering | Anonymous Surfing | Recover Passwords | Bypass Firewall | Hacking Books | Network Sniffers | Password Cracking | Enumerating & Fingerprinting | Movies & Songs

Share This Post With Your Friends

Showing newest 17 of 23 posts from 01/03/10. Show older posts
Showing newest 17 of 23 posts from 01/03/10. Show older posts

Wednesday, January 6, 2010

Learn How to Protect Your Smartphone From Hackers

Hackers are now targeting smartphones with programs to steal your valuable information. Here are some measures to protect yourself.
  • First, don't store sensitive information on your phone that can be accessed if it's lost or stolen.
  • Smartphones can get viruses, so protect yourself with software to keep them secure.
  • If you're using Wi-F in a public place, don't try to access your online bank accounts.
  • It is recommend against so-called 'jailbreaking' the Iphone to use third party software. That move disrupts its security measures and leaves it vulnerable to attack.
Click Here for 3 Simple Steps to Hack a Smartphone (Includes Video)
|
Geared by Amarjit Singh
For more articles similar to this post visit @ Mobile and Smartphone Hacking

Tuesday, January 5, 2010

Official Web site of Iran’s president, Ahmadinejad.ir, got hacked

Monday night in San Francisco, the official Web site of Iran’s president, Ahmadinejad.ir, had been attacked by hackers. Although the Web site appears to be down now, People trying to access it last night were redirected to this page, which contains the following message:

Dear God, In 2009 you took my favorite singer - Michael Jackson, my favorite actress - Farrah Fawcett, my favorite actor - Patrick Swayze, my favorite voice - Neda. Please, please, don’t forget my favorite politician - Ahmadinejad and my favorite dictator - Khamenei in the year 2010. Thank you.

The site was subsequently inaccessible, and speculated that it was “either intentionally pulled or … is simply being overloaded since so many people are looking to grab a peek at the hack.”

The apparent attack comes three weeks after a group calling itself the “Iranian Cyber Army” launched an attack that briefly redirected users of Twitter to a site that displayed a message that seemed to support Iran’s government. That message read, in part:

U.S.A. Think They Controlling And Managing Internet By Their Access, But They Don’t, We Control And Manage Internet By Our Power.

SOURCE: http://blog.austinheap.com
|
Geared by Amarjit Singh
For more articles similar to this post visit @ Hacking News

Thousands of income taxpayers received ‘fake’ emails from ‘phishers’ and ‘hackers’

Thousands of income taxpayers were flummoxed by ‘fake’ emails received from ‘phishers’ and ‘hackers’ on Monday seeking their personal and financial details ahead of refunds payment.

Fake mails also lead the taxpayers to links that are mirror images of the income tax (I-T) department’s website and seek sensitive information including bank accounts details, among other financial details. The mails in circulation are regarded by a huge section of I-Tax department as nothing but ‘spam mail’. But, others do see the vulnerability of the I-T department’s large database and its website that links crores of taxpayers, both individual and companies.
Gulshan Rai, director general, CERT-IN at the department of information technology, told Financial Chronicle, “Online security has been a huge concern for the industry. With the growth of websites, emails phishing and hacking has increased to a great extent. We do see a lot of spam emails being circulated for financial gains. We need to educate individuals on online security.”

These emails, which have their origin from a web address not related the I-T department, have led to confusion and anxiety on the security of financial data uploaded by individuals and companies.

But the I-T department has clarified that links with fake mails under circulation only reflect the mirror image of the I-T department's website. The I-T department has maintained that neither the website nor its intra-net data has been either hacked or compromised. The I-T department has also said that it does not send emails on refunds and does not seek any information regarding credit cards of taxpayers. “To create mirror image of a website, there is no need to hack it. The I-T website has not been hacked. We have taken appropriate steps to prevent such incidents,” said Shishir Jha, IT commissioner and spokesperson, central board of direct taxes.

In October, the I-T department received several complaints from taxpayers about phishing. An additional commissioner of the I-T department, who did not wish to be identified, confirmed that the site was hacked in October 2009. Following the incident, the I-T department in a news release, said, “Information has been received from several quarters that people are receiving electronic mail informing them of their income-tax refunds and seeking their credit card details. The email is sent from the following or similar mailing addresses — lhxbkw@ accounts.net or cvhfvs@ accounts.net.”

The department cautioned taxpayers against giving out information on credit cards and accounts details online. Mails received by taxpayers on Monday also originated from similar addresses. Efforts made by FC to contact the director general (systems) at the I-Tax department were unsuccessful. Lakshmi Prasad, in-charge of systems at I-T department was not available for comment.

SOURCE: mydigitalfc
|
Geared by Amarjit Singh
For more articles similar to this post visit @ Hacking News

Monday, January 4, 2010

A security researcher uncovered some holes in Google Calendar and Twitter that may allow an attacker to steal cookies and user session IDs.

A security researcher has uncovered vulnerabilities in Twitter and Google Calendar that could put users at risk.
In a proof of concept, researcher Nir Goldshlager demonstrated cross-site scripting (XSS) vulnerabilities in Google Calendar and Twitter that he said could be used to steal cookies and session IDs. He also uncovered an HTML injection issue affecting Google Calendar as well that he said could be used to redirect a victim to an attack site any time the user viewed his or her Google Calendar agenda events.

"We do not believe this report contains evidence of substantial security issues," a spokesperson for Google said. "Trying to trick someone into copying unfamiliar, suspicious code into a Google Calendar text field is neither a likely attack vector nor one that we are seeing being exploited. ... Nonetheless, we will check the input validation mechanisms in Google Calendar text fields to help prevent any abuse of this capability before an event is sanitized."

According to Goldshlager, a penetration testing expert with Avnet Information Security Consulting in Israel, the cross-site scripting vulnerability can be exploited if a victim adds malicious code to his quick add post calendar.

“When the victim … [adds] this malicious code, his cookies [and] session ID will be stolen and will be sent to the attacker site," he said. "Then the attacker will be able to get full control of the victim’s Google accounts like: Google Calendar account, Google Groups, iGoogle, etc.”
Goldshlager also demonstrated that the HTML injection vulnerability could be used to log a user out of his Google account, something the Google spokesman said “is of negligible security impact” and "can be avoided by not clicking on the link."

"They should fix this immediately because an attacker can redirect a victim to any site that he wants, and [with] the XSS issue an attacker can steal the victim's cookies and get full control of his accounts," the researcher said.

SOURCE: eWeek
|
Geared by Amarjit Singh
For more articles similar to this post visit @ Hacking News

Social networking sites such as Facebook and Twitter would become soft targets for cybercriminals to spoof in 2010.
In its 2010 Threat Predictions report, McAfee forecasts that Microsoft Operating systems have fallen prey to cyber attacks from hackers, but software and social networking sites are likely to be their new target. On the grounds that hackers want to get a sense of wielding far-reaching influence, they tend to be keen on breaking into universal operating systems and software. MS Office applications such as Adobe Flash and Acrobat Reader are expected to be the prey of malware writers. Except for Adobe, Mozilla's Firefox web browser and Apple' QuickTime are also likely to be threatened by cyber criminals.

The computer security company also expects that social networking site such as Twitter and Facebook would become playgrounds for cybercriminals intent on disseminating malware, such as computer viruses and spyware. For Facebook, malware disguised as instant messages from friends and application programs will be the most common form of cyber attack.

David Marcus, McAfee Labs' director of security research and communications, said, "Users of social networking sites often click on messages from friends' and their referrals without suspicion, a practice hacker gleefully takes advantage of this. On Facebook, when users download or open applications, they should take a second look at it, googling more information about them."

SOURCE: Korea IT Times
|
Geared by Amarjit Singh
For more articles similar to this post visit @ Hacking News

Sunday, January 3, 2010

Free Hacking & Security White Papers, Articles by Government Security

How to hide your online Identity - CLICK HERE

Security Articles - CLICK HERE

E-Mail Network Security Articles - CLICK HERE

FOR MORE WHITE PAPERS ON HACKING, SECURITY AND PENETRATION TESTING: CLICK HERE
|
Geared by Amarjit Singh
For more articles similar to this post visit @ White Papers

Oracle Security Papers, White Papers, Articles and Presentations

This is the collection of some of the white papers, articles and presentations out there on the internet about database security and Oracle security in particular. The lists below include papers written by Pete Finnigan for other websites, for this website and for many conferences world wide. This page also includes many papers and presentations written by many other people.

|
Geared by Amarjit Singh
For more articles similar to this post visit @ White Papers

Free Hacking & Security White Papers, Articles by Core Security

  • Core Security, with IMPACT at Version 8 and Customers above 800, Hits Its Strideby The 451 Group
  • Case Study: Penetration-Testing Tool Useby Gartner
  • “The PenTest GutCheck: The Economics of Penetration Testing”by Spire
  • Automated Penetration Testing: Can IT Afford Not To? by IDC
  • Penetration Testing: Taking the Guess Work out of Vulnerability Managementby IDC
  • SANS Penetration Testing by Stephen Northcutt, Jerry Shenk, Dave Shackleford, Tim Rosenberg, Raul Siles, and Steve Mancini
AND MANY MORE.......................

|
Geared by Amarjit Singh
For more articles similar to this post visit @ White Papers

Free Hacking & Security White Papers, Articles by Infoamn

Communicating in a crisis - What really works
An explanation of what commercially available communication systems really work in a crisis, drawing on real world examples of communication in both large and small scale incidents.

Telecom fraud: The cost of doing nothing just went up
In today's business environment, security is of vital importance. This importance extends to voice networks where the risk of a security breach is growing daily.

Effective intrusion detection
With careful configuration and management, intrusion detection systems can make a valuable contribution to IT infrastructure security.

Penetration testing
Why a methodical and proven approach to penetration testing is essential in formulating an effective security testing strategy.

New working practices and the security-aware network
How the security-aware network can help IT departments manage the security challenges introduced by new working practices.

|
Geared by Amarjit Singh
For more articles similar to this post visit @ White Papers

Free Hacking & Security White Papers, Articles by SANS

Most of the computer security white papers have been written by students seeking GIAC certification to fulfill part of their certification requirements and are provided by SANS as a resource to benefit the security community at large. SANS attempts to ensure the accuracy of information, but papers are published "as is". Errors or inconsistencies may exist or may be introduced over time as material becomes dated. If you suspect a serious error, please contact .

|
Geared by Amarjit Singh
For more articles similar to this post visit @ White Papers

Free Hacking & Security White Papers, Articles by ZDNet

Most Popular Content
  • Ten Ways Hackers Breach Security
  • 10 ways to detect computer malware
  • ITIL: What It Is and Why You Should Care
  • The 10 Most Dangerous Risks to Microsoft Security
  • Trial Download: Rational AppScan Standard Edition V7.9
  • 12 Things to Know When Troubleshooting Your Network
  • 10 more ways to detect computer malware
  • Take the Sophos Threat Detection Test: Is your current anti-virus catching everything it should?
  • 10 free security tools that actually work
  • Tune Windows XP to speed up boot and shutdown times
AND MANY MORE...........

CLICK HERE TO DOWNLOAD
|
Geared by Amarjit Singh
For more articles similar to this post visit @ White Papers

Download Free Hacking & Security White Papers, Articles by cigital

White Papers

Software Assurance: Agile Testing (March 2008)
Agile testing enables clients to achieve improved coordination of their test resources with the agile development team by allowing automated tests to be developed in tandem with code development on the same set of requirements. The methodology employed eschews the concept of building automated tests after code has been released, unit tested, and manually tested. Instead, the test team creates automated tests in parallel with the code development team for the same set of requirements.

Software Assurance: Test Automation (March 2008)
Test automation enables clients to achieve improved productivity of their test resources, and to reduce the length of regression testing cycles while increasing test coverage. It complements and vastly improves the efficacy of existing manual testing and integrates with the overall testing effort. Instead of executing basic system tests time and time again, test resources can instead concentrate on: test case design, execution of test cases via the use of automated tests, as well as execution of remaining manual tests. These are tasks that best utilize a tester’s domain expertise and knowledge of test methodologies and practices. The Cigital offering for Test Automation covers all levels of test at the various phases of the SDLC, from unit level to sub-system and system level.

Training: the secret to ongoing compliance (July 2007)
Hundreds of thousands of companies around the world have collectively spent billions of dollars in response to the security- and privacy-related compliance mandates of the past 10 years. They have all increased staffing, upgraded physical security, deployed technology point solutions, rolled out new processes and digested hundreds of vulnerability and application scanner reports. So, why are data breaches and other security failures still a common occurrence?

How Now Software Security? (June 2006), by Gary McGraw, Ph.D.
Today, everyone seems to agree that we need to do something to address the security problem at the software level, and a number of companies are even starting to do something about it. It's still early days for software security, though, and it's a very good time to assess the state of the problem, how far we've come to address it, and how far we have to go. In general, we are very optimistic about the state the industry is in, especially considering the progress that leading software producers are making.

Software Security (June 2004), by Gary McGraw, Ph.D.
Software security is the idea of engineering software so that it continues to function correctly under malicious attack. Most technologists acknowledge this undertaking's importance, but they need some help in understanding how to tackle it. This paper aims to provide that help by exploring software security best practices.

And Many More.............................

CLICK HERE TO DOWNLOAD

Security Articles
  • You Really Need a Software Security Group (December 21, 2009)
  • BSIMM Europe (November 10, 2009)
  • Startup Lessons (October 22, 2009)
  • BSIMM Begin (September 24, 2009)
  • Attack Categories and History Prediction (August 25, 2009)
  • Moving U.S. Cybersecurity Beyond Cyberplatitudes (July 16, 2009)
  • Measuring Software Security (June 18, 2009)
  • Twitter Security (May 15, 2009)
  • Software Security Comes of Age (April 16, 2009)
  • The Building Security In Maturity Model (BSIMM) (March 16, 2009)
  • Nine Things Everybody Does: Software Security Activities from the BSIMM (February 9, 2009)
  • Top 11 Reasons Why Top 10 (or Top 25) Lists Don't Work (January 13, 2009)
  • Software Security Top 10 Surprises (December 15, 2008)
  • Web Applications and Software Security (November 14, 2008)
  • A Software Security Framework: Working Towards a Realistic Maturity Model (October 15, 2008)
  • Getting Past the Bug Parade (September 17, 2008)
  • Software Security Demand Rising (August 11, 2008)
  • Application Assessment as a Factory (July 17, 2008)
  • DMCA Rent-a-cops Accept Fake IDs (June 12, 2008)
  • Securing Web 3.0 (May 15, 2008)
  • Paying for Secure Software (April 7, 2008)
AND MANY MORE........................

CLICK HERE TO DOWNLOAD
|
Geared by Amarjit Singh
For more articles similar to this post visit @ White Papers

Free Hacking & Security White Papers and Articles by cgisecurity

TOPICS ARE:
  • Socket Capable Browser Plug-ins Result In Transparent Proxy Abuse
  • Crafting a Security RFP
  • Building a Web Application Security Program, Part 8: Putting It All Together
  • Article: Security Assessment of the Internet Protocol
  • MD5 considered harmful today: Creating a rogue CA certificate
  • Software [In]security: Software Security Top 10 Surprises
  • Oracle Forensics Part 7: Using the Oracle System Change Number in Forensic Investigations
  • Article: What the NSA thinks of .NET 2.0 Security
  • Whitepaper: Bypassing ASP .NET “ValidateRequest” for Script Injection Attacks
.........And many more

|
Geared by Amarjit Singh
For more articles similar to this post visit @ White Papers

Download Free Hacking & Security Corsaire White Papers, Presentations and Articles

In keeping with transparent approach to sharing knowledge, Corsaire invests time writing white papers in order to help share best-practice principles and proven information security techniques.

This posts includes the latest technical white papers that have been placed in the public domain.

Technical White Papers DOWNLOAD HERE
Business White Papers DOWNLOAD HERE
Presentations DOWNLOAD HERE
Articles DOWNLOAD HERE
|
Geared by Amarjit Singh
For more articles similar to this post visit @ White Papers

Download Free Hacking & Security Foundstone Video Series

The Foundstone Hacme video series is designed to teach application developers, programmers, architects and security professionals how to create secure software by providing a first-hand viewing experience that complements the user guides for Hacme free tools.

The videos walk a user step by step through each attack allowing them to not only read about them in the user guide, but also see the attacks in action. Bringing the attacks to life gives the viewer a new way to experience the user guide and the attacks presented therein.

DOWNLOAD HERE
|
Geared by Amarjit Singh
For more articles similar to this post visit @ Hacking Videos

Download Free Hacking & Security Foundstone Case Studies

Foundstone has deep experience in enterprise risk management across a broad range of industries and has deployed a strategic combination of software, services, and education to tangibly address the digital risks inherent in doing business today.

DOWNLOAD HERE

Title Description Download
Incident Response Case Study
 The Incident Response Challenge to a World-Leading Financial Services Firm
 Download Now
Securing Confidential Customer Data
 PMI Mortgage Insurance Co uses a variety of Foundstone services to assess the security of its network infrastructure.
Download Now
|
Geared by Amarjit Singh
For more articles similar to this post visit @ Case Studies

Download Free Hacking & Security Foundstone White Papers

Organizations must protect their most valuable digital assets in an intelligent, measurable way. For this reason, Foundstone’s network security experts offer intelligent strategies that simplify security while fortifying the enterprise.

Foundstone white papers clarify the complex world of digital security and demonstrate how organizations can proactively monitor, manage and mitigate risk.

Download Foundstone white papers on a range of vital security issues and market trends.

DOWNLOAD HERE

Title Description Download
.NET White Paper
 Overview of the security architecture of Microsoft’s .NET Framework.
 Download Now
.NETMon™ White Paper
 .NETMon monitors the .NET common language runtime enabling detailed analysis of how the .NET framework enforces security controls.
 Download Now
2007 Top 10 Malicious Code Trends
 Details the trends that were observed in the evolution of malicious code over the course of 2007
 Download Now
802.11 Attacks
 Provides a step by step walkthrough of popular wireless attacks
 Download Now
AJAX Security White Paper
 Check out our Presentation on Ajax Security from the Rich Web Experience.
 Download Now
ASP.NET Forms Authentication
 This article describes limitations of the FormsAuthentication.SignOut method, and provides more information about how to ease cookie reply attacks when a forms authentication cookie may have been obtained by an malicious user.
 Download Now
AJAX Storage White Paper
 A look at AJAX applications using Flash "cookies" (shared objects) and Internet Explorer User-Data Persistence to store data out side of the standard browser cache.
 Download Now
CookieDigger™ White Paper
 CookieDigger helps identify weak cookie generation and insecure implementations of session management by web applications.
 Download Now
Corporate Incident Response Plan White Paper
 Whether your company needs to comply with new legislation, defend against financial loss, protect its corporate reputation - or a combination of the three - it is crucial that you have a comprehensive incident response plan.
 Download Now
Data Loss Prevention Program
 Safeguarding Intellectual Property
 Download Now
Foundstone SSLDigger™ - The Need for Strong SSL Ciphers
 SSLDigger is a tool to assess the strength of SSL servers by testing the ciphers supported. Some of these ciphers are known to be insecure.
 Download Now
Foundstone Hacme Books User Guide
 The Hacme Books application simulates a ‘real-world’ eCommerce bookstore and was built with known and common vulnerabilities to teach application developers, programmers, architects and security professionals how to create secure Java software.
 Download Now
Foundstone SiteDigger™ 2.0 - Identifying Information Leakage Using Search Engines
 Learn how to use search engines and Foundstone SiteDigger to identify accidental exposure of confidential information including financial records, passwords, and personal information via your Web site.
 Download Now
Foundstone Hacme Bank™ User and Solution Guide
 User and Solution Guide for Foundstone's Hacme Bank security application training tool.
 Download Now
Got Citrix? Hack It! Presentation
 Presentation deck used by Shanit Gupta at Shmoocon 2008
 Download Now
Hacking the Kiosk: Managing the Risk of Public Information Systems
 Find out how to identify threats and uncover common vulnerabilities in kiosks
 Download Now
How Virtualization Affects PCI DSS
 Part 1: Mapping PCI Requirements and Virtualization
 Download Now
How Virtualization Affects PCI DSS
 Part 2: Review of the Top 5 Issues
 Download Now
IIS Lockdown and URLScan
 Foundstone Review of Microsoft's IIS Lockdown and URLScan tools.
 Download Now
Insecure Trends in Web Technologies
 A Review of Insecure Implementations of Rich Internet Applications
 Download Now
ISA Server SP1 Audit White Paper
 Provides an overview of a security assessment conducted by Foundstone of Microsoft’s ISA Server 2000 after the addition of the Service Pack 1 (SP1).
 Download Now
Java Client Side Application Basics: Decompiling, Recompiling and Signing
 Java Web Start is a mechanism for program delivery through a web server. These programs are initiated by the client’s web browser, deployed, and ultimately executed independently on the system.
 Download Now
Key Components of a Risk-Based Security Plan
 How to Create a Plan That Works
 Download Now
Managing a Malware Outbreak
 Sality - A Case Study
 Download Now
Microsoft System Architecture 2.0
 Foundstone Security Review of Microsoft Systems Architecture 2.0 (MSA 2.0).
 Download Now
Microsoft/Foundstone IP SEC
 Using Microsoft Windows IPSec to Help Secure an Internal Corporate Network Server.
 Download Now
Mobile Application Security Testing
 Methodology, tools and techniques for testing mobile applications.
 Download Now
Passive Host Characterization Presentation
 Matthew Wollenweber Presentation at ShmooCon 2008
 Download Now
Remote Forensics System White Paper
 The Remote Forensics System application facilitates data acquisition, storage, and analysis in a forensically sound and efficient manner. The application was created by graduate students at Carnegie Mellon University in collaboration with Foundstone. The software is also available for download.
 Download Now
Securely Registering Applications
 Learn how to securely register applications that are automatically initiated. Intro to Foundstone free tool - DIRE
 Download Now
SecureUML
 Describes the SecureUML Visio template which is a custom Unified Modeling Language (UML) dialect to help system architects build roles based access control systems (RBAC).
 Download Now
Security Training – Why It Benefits Your Organization and How to Make Your Case to Management
 This whitepaper explores the reasons why you should invest in Information Security training, and how to present a case to company management.
 Download Now
Socket Hijacking
 Discusses the socket hijacking vulnerability, the impact of the vulnerability and what it takes to successfully exploit the vulnerability
 Download Now
Software Security: Going Beyond the Development Phase
 Find out why securing software from the start is important
 Download now
Validator.NET™
 Validator.NET enables developers to programmatically determine user input locations that could be potentially exploited by hackers and provides proactive steps to build data validation routines which are loaded into a protection module.
 Download Now
Virtualization and Risk
 Virtualization and Risk - Key Security Considerations for your Enterprise Architecture
 Download Now
Wireless Intrusion Detection System
 This paper presents an overview of the Whiff Intrusion Detection System, which was developed during the summer and fall of 2002 by a team of graduate students majoring in Information Security and Assurance at Carnegie Mellon University.
 Download Now
Writing Effective Policies Part 1: Dissecting an Email Use Policy
 The goal of this whitepaper is to outline the characteristics of an effective policy and explain clearly how to write an effective policy by showing both correct and incorrect examples.
 Download Now
|
Geared by Amarjit Singh
For more articles similar to this post visit @ White Papers
Newer Posts Older Posts Home
Subscribe to: Posts (Atom)