02/14/10 | Learn Ethical Hacking Tools Free Hacking Tricks How To Hack Hacking Passwords & Email Hacking

Saturday, February 20, 2010

Organizations should avoid Adobe if possible: Adobe a huge target of hackers

We knew before that Adobe was a huge target of hackers, but recent findings show just how bad their security really is. Out of all Internet exploits and attacks of 2009, 80% have been done by infecting Adobe’s PDF and Flash files.

According to ScanSafe, the California company that carried out this research, vulnerabilities in Adobe Reader and Adobe Acrobat were the most-exploited software in 2009, growing from 56% in in the first quarter of 2009, to 80% in the fourth quarter of 2009. These finding warn users to try to avoid PDF files and try to switch to other formats until Adobe fixes their security issues.

“I think organizations should avoid Adobe if possible. Adobe security appears to be out of control, and using their products seems to put your organization at risk. Try to minimize your attack surface. Limit the use of Adobe products where you can,” says Stephen Northcutt, president of the SANS Technology Institute.

SOURCE: Tech.Icrontic

Cyber Attackers Hack Australian Government Websites

A hacker group attacked government websites in Australia to protest against the proposal that prohibits pornography on the Australian Internet. Individuals masterminding the group named "Anonymous" assigned the title 'Operation Titstorm' to their campaign.

It (Operation Titstorm) involves unsolicited bulk e-mails, which will deal with 3 categories of "illegal material" that the government plans to prohibit. These categories are cartoon porn, female ejaculation and small-breasted women. Additionally, it is said that Anonymous will use DDoS (Distributed Denial-of-Service) attacks to slander the websites.

Alongside these, the protest operation will utilize other types of communication modes.

The hacked websites are the Department of Broadband, Communications and the Digital Economy, the main Australian government website and the Australian Parliament House.

Meanwhile, Anonymous threatened the Australian Government in an e-mail saying that no government is empowered to deprive the citizens of its country from accessing anything online just because authorities think that is undesirable. The message added that sooner or later the Australian Government would learn not to interfere with the country's pornography, as reported by NZHerald on February 11, 2010.

Stephen Conroy, a Spokeswoman for Communications Minister, in her criticism of the hacks' malicious nature, stated that the attackers demonstrated completely irresponsible behavior as well as potentially prevented the Australian people from accessing services, as reported by Upi on February 10, 2010.

The latest news underscores what Prolexic (a network protection company) found in its recently released report. It stated that in the latest phase of botnet evolution, activist and political inclinations were currently the key motivations for espionage, denial-of-service as well as other cyber assaults.

Furthermore, another country engaged in clean-up operations like Australia is China. Here workers have been recruited to scrutinize all '.cn' domains for porn along with other malevolent Internet sites, which are spreading malware.

Finally, as online porn is now a worldwide issue, legal advisors call for addressing it. The reason for its reining is its incessant growth in magnitude day by day. Further, modern porn is often related to malicious campaigns that through different kinds of cyber crime slander the Internet, according to legal advisors.

SOURCE: Spam Fighter

4th Largest Affiliate Network gets attacked by hackers: XY7.com is Back Up and Running Smoothly After Web Attack

Xy7.com the nation's 4th most popular Affiliate program underwent a well planned Internet attack which started on Tuesday, Feb. 16th, 2010 at 2:04 pm pst. and ended shortly thereafter thanks to a fast acting internal team.

The company's CEO Kevin De Vincenzi released this statement:

"I am pleased to announce that XY7 is back online and fully operational after suffering a significant DDoS attack. Although there was a brief disruption, our team was able to quickly restore operations and our click tracking was never affected.

"DDoS attacks are not uncommon. Recently Facebook, Twitter and LiveJournal were victims of Distributed Denial of Service attacks. During a DDoS attack, multiple computers send requests to one computer in attempt to overload a system.

"As the 4th largest affiliate network, XY7 looks forward to providing the excellent service that we are known for.

"DDOS attacks are illegal and Xy7 was quick to report these actions to the appropriate federal agencies."

SOURCE: http://www.prweb.com

Friday, February 19, 2010

WordPress network bug throws millions of blogs offline

Network problems knocked more than 10 million WordPress blogs offline in a two hour outage on 18 February.

WordPress.com said the problem was caused by a core router change at one of its data centre providers which "broke the site".

The company estimated that during the outage, the blogosphere lost about 5.5 million pageviews.

WordPress.com founder Matt Mullenweg said it was the firm's "worst downtime in four years".

"I know this sucked for you guys as much as it did for us — the entire team was on pins and needles trying to get your blogs back as soon as possible.

"I hope it will be much longer than four years before we face a problem like this again," said Mr Mullenweg.

On the company blog, he stressed that security was not an issue and that the site had not been hacked or hit by a denial of service attack.

"All of your data was safe and secure, we just couldn't serve it," he wrote.

Mr Mullenweg said the company would dig deeper to discover what happened and work out a better plan of how to cope if the problem recurs.

'Goodwill'

Reaction among users was fairly forgiving.

Those that posted comments on the WordPress.com site said they understood what was going on and appreciated the efforts Mr Mullenweg made to keep everyone informed.

However, not everyone thinks this will last for long.

"It seems the company has enough goodwill to spare a couple hours of failure," said Liz Gannes of technology blog GigaOm.com which was knocked offline. "But one thing's for sure, people won't be so friendly if it happens again,"

According to research company Quantcast, over 230 million people visit one or more of WordPress.com's blogs every month.

Among the company's showcase site of top customers is the Wall Street Journal's WSJ magazine, Forbes Blogs, musician Jay-Z and tech sites such as TechCrunch, AMD Blogs and SAP.info, among others.

Source: BBC News

Views of Pawan Kumar Singh, CISO, Tulip Telecom & Faraz Ahmed, CISO, Reliance Life Insurance on Wipro Fraud

Continuing to my previous post Wipro fraud may involve more than one person: Expert

The people and circumstances around me do not make me what I am, they reveal who I am,' said Laura Schlessinger, an American talk radio host and a socially conservative commentator and author. Companies like Satyam and Wipro are figuring out the truth of her words today. As per recent media reports, an employee of Wipro managed to embezzle $4 million from the company’s accounts.

It’s All About the People

Fingers have been pointed at the company’s IT infrastructure, their auditing methods and the finance team at the helm of affairs. However, one thing that we always seem to miss in such cases is the people of the company. "One can implement as many security solutions as available. However, how can you control the individuals, who are dealing with these solutions? After all, someone somewhere is going to know the passwords or how to get past these solutions," says Faraz Ahmed, CISO, Reliance Life Insurance.

Pawan Kumar Singh, CISO, Tulip Telecom, agrees and adds, "There is no controlling the temptation or greed of employees. IT works as an enabler for a company. At the end of the day, it is controlled by the people in the company. So, the focus of companies should be their employees more than mere technology. In fact, the dependence on technology in today’s age creates more problems than solutions".

Employee Verification: Need of the Hour

Singh and Ahmed both agree that a company should be extremely vigilant while hiring its employees. "A company the size of Wipro is always in need of people. Sometimes, due to business pressure, there is a possible gap that creeps into the verification process. Somehow, this is one area where the organisation cannot afford to compromise. Secondly, one should conduct psychometric tests of employees to know about their emotional state of being. It is important to know what your employees are going through so that they can be handheld in a better fashion," says Ahmed. He also adds that updating the risk assessment solutions regularly should become a common practice in the business community.

Communication is the Key

Singh agrees and says, "Communication with employees on a personal level is of utmost importance". He further states that one should have multiple motivational factors in place for employees. "Quite a few leadership programs are conducted for the top management but how many of these are offered at the junior level?" he asks. He further adds that one should create a culture of pride and ethics in the company. According to him, there is a need to revisit the chapter on ethics by all and sundry and have a good read of the same. "Another thing that one needs to do is to install the fear of punishment and loss of reputation among employees related to such incidents."

Suresh Iyer, Chief Security Officer-APAC, Aditya Birla Minacs, says, "The Information Security leader should ensure that all C-level functions have security-related KPIs among other performance metrics". He further adds that companies must have an operational practice of having all functions with significant risk exposure (which again needs to be evaluated through a detailed risk assessment procedure) being monitored on multiple channels, i.e. self-assessment, sample-based peer review, mandatory dual sign-off for high-value transactions – again maintaining a detailed 'Delegation of Authority' manual depending on the value of transaction.

Plugging the Loopholes

Though people’s temperaments and inclinations may not be totally in the employer’s hands, there are some things that are. Iyer says, "One should keep the company’s audit absolutely unbiased and totally independent. If the audit teams are part of the finance team, it defeats the entire purpose. Also, if Information Security audit teams have to report to the CIO’s office, independence is compromised".

Ahmed, on the other hand, believes that there should be a breakdown in process within the organisation. "The duties should be segregated in the financial team and one person should not be handed out the entire details of a company’s financial systems". Singh agrees and says, "The systems should have a feature wherein multiple passwords are needed to access financial data. Thus, it will make the job of the fraudster even more difficult".

Iyer further says, "One should implement two-factor authentication for access to critical applications. (In this case, the password was stolen, however, if digital certificates or soft/ hard tokens were involved, maybe the chances of having both compromised would have reduced significantly). Mandatory senior management sign-off for high-value transactions should be built into ERP systems. Application controls should have alert systems in place that would alert the finance head and the fraud prevention team in an auto trigger mode as soon as something goes wrong. It helps to have the fraud prevention cell reviewing these alert systems online on a regular basis."

Learning the Lesson

The incidents at Wipro and Satyam are open for all of us to learn from. Better communication with employees at all levels, instilling pride in company ethics and more stringent and robust IT security systems could help enterprise security leaders ride the waves of insecurity among people and as far as their data is concerned too.

SOURCE: http://biztech2.in.com

If you like this post and want us to post similar articles, Pls give us a feedback and leave a comment here

Cyber exercise aims to teach the good guys to think like the bad guys

The National Defense University plans to hold its second cybersecurity contest in March as a way to teach federal information security professionals how hackers try to penetrate systems to cause damage, a skill overlooked in training but needed to be able to spot and block such attacks.

NDU's iCollege will host the Cybersecurity Challenge on March 12, which will pit government teams against one another to test their skills in launching cyberattacks and defending their applications and networks. The university's first cyber exercise was held in November 2009 and was only open to participants from the Defense Department, but NDU plans to invite technologists from civilian agencies to join in the second contest.

"Most government agencies don't understand the attackers, because they don't have much opportunity to [launch attacks] themselves," said Maj. Stephen Mancini, faculty member at the university who runs the exercise. "Most earn credentials geared toward defense, with only a handful that understand penetration testing. This challenge gives them opportunity to attack and defend simultaneously."

Multiple teams, each consisting of two participants, will compete against each other. Each team will be given two computers, one for launching attacks, which will be armed with hacking tools, and one to defend, which will be loaded with standard software including the Microsoft Windows operating system and e-mail. Each team earns points for successfully infiltrating other teams' computers and, for example, capturing files or defacing a web site. Teams are docked points for failure to defend against attacks.

"There are security officers that only understand what an attack will look like after their systems get broken into, and often it's not until months later," Mancini said. "Rarely do they see what's happening in real time. This provides them the opportunity to be the bad guy in a nice segmented network."

NDU offers 24 slots for the exercise, with half the positions already filled.

Tom Kellermann, vice president of security awareness at Core Security Technologies and former senior data risk management specialist for the World Bank treasury security team, said cyber exercises like these focus on attacks that attempt to take down applications and networks, including denial-of-service attacks, which temporarily block access to an agency's network, or Web defacement, which alters online content.

But the attacks that are more damaging are those that keep the system up and running -- and therefore remain undetected -- so valuable information can be stolen without a trace. "The focus needs to be on integrity attacks, where I hack your box, but I don't knock it offline. I just change the integrity of the data that you rely upon and in doing so, make you deaf, blind and mute," he said. "I can control the way you behave. I make you my puppet. We're too focused on blitzkrieg, rather than the thousand grains of sand approach."

These are the kinds of attacks that hackers used to successfully to infiltrate 2,500 companies and government agencies, as reported by The Wall Street Journal on Thursday. The penetrations exposed large amounts of sensitive data and trade secrets, according to NetWitness Corp., which provides computer security for agencies and is headed by Amit Yoran, a former director of the National Cybersecurity Division at the Homeland Security Department.

SOURCE: NextGov

Firefox suffers critical bugs

Mozilla has released fixes for five security holes in older versions of Firefox, while a security company has warned of a zero-day flaw in the latest version of the popular browser.

On Wednesday, Mozilla issued patches for versions 3.5.8 and 3.0.18 of the browser, sending out fixes for the latter even though it had said it would stop supporting Firefox 3.0 in January.

In its security bulletin, the company said the vulnerabilities had previously been resolved in Firefox 3.6, which was launched on 21 January.

The five flaws addressed by Mozilla included three the company rated 'critical'. These three flaws involve an error in handling out-of-memory conditions; stability errors in the Gecko rendering engine; and a bug in the way Mozilla's implementation of web workers handles posted messages, Mozilla said. Web workers are used to carry out scripting tasks in a way that reduces the processing load on the user interface.

All three of these bugs can potentially be used to execute malicious code and take over a user's system, Mozilla said.

The two remaining flaws are less serious, potentially allowing an attacker to execute malicious JavaScript code.

The security updates to Firefox 3.5.8 and 3.0.18 are available for Windows, Mac OS X and Linux from Mozilla's website or via the browser's built-in update system.

Separately, Secunia on Thursday reported an unpatched bug in Firefox 3.6, the most recent version of the browser. The security research firm warned that the software contains a bug that could be used to execute malicious code on a user's system.

The zero-day bug was released as part of VulnDisco Pack, an add-on module for Immunity's Canvas penetration-testing software, according to Secunia. VulnDisco Pack developer Intevydis did not release details on the bug, but Secunia ranked it 'highly critical'.

SOURCE: http://news.zdnet.co.uk

Kneber botnet virus attacks 75,000 computers worldwide, including US government systems2

A new computer virus has infected almost 75,000 computers worldwide - including 10 U.S. government agencies - collecting login credentials from online financial, social networking sites and email systems and reporting back to hackers.

The virus, dubbed the Kneber botnet, is thought to be the brainchild of an Eastern European criminal group that is likely selling the information on the black market, according to the Internet security firm NetWitness, which uncovered the attacks in January.

The attacks are continuing and corporate losses are still being compiled, said NetWitness chief technology officer Tim Belcher.

The FBI, Department of State and Department of Homeland Security have been notified, Belcher said.

The crime groups "running this activity are every bit as expert at compromising systems and siphoning off information as nation states," according to Belcher.

"They're well funded, motivated and successful." Hackers using the new virus have infiltrated the computer networks of more than 2,400 companies in almost 200 countries over an 18-month period, the Herndon, Va.-based computer security firm reported.

Further investigation revealed that many commercial and government systems were compromised, including 68,000 corporate login credentials and access to email systems, online banking sites, Yahoo, Hotmail and social networks such as Facebook.

Infiltrated companies include pharmaceutical giant Merck & Co., Cardinal Health Inc., software firm Juniper Networks and Paramount Pictures, the Wall Street Journal reported Thursday.

Hackers reportedly used the virus to break into computers at 10 U.S. government agencies and in one case obtained the user name and password for a soldier's military e-mail account.

Companies in Egypt, Mexico, Saudi Arabia, Turkey and the U.S. are the most frequently targeted in the attack, according to a research paper released by NetWitness.

The attack uses a piece of software called ZeuS, designed in Eastern Europe, that takes control of large numbers of computers.

ZeuS is among the top five most reported computer infections, according to the Department of Homeland Security.

"These large-scale compromises of enterprise networks have reached epidemic levels," said Amit Yoran, CEO of NetWitness and former Director of the National Cyber Security Division.

"Cyber criminal elements like the Kneber crew quietly and diligently target and compromise thousands of government and commercial organizations across the globe."

Yoran said that conventional intrusion detection systems are "inadequate for addressing Kneber or most other advanced threats."

SOURCE: Daily News

Thursday, February 18, 2010

Wipro fraud may involve more than one person: Expert

Wipro plans to undertake internal restructuring of its finance department, reports CNBC-TV18, quoting sources. The move follows a fraud of USD 4 million committed by a staffer in the finance department.

Sources say the fraud was committed through online means and the amount siphoned into a personal account. Wipro is yet to report the matter to the police.

The IT major plans to tighten online security within the company and will appoint an agency to monitor accounts. It will also issue investigations into other departments as well.

In an interview with CNBC-TV18, Vijay Mukhi, Consultant - Cyber Law, DSK Legal gave an insight into how such embezzlement could have gone undetected, and what companies can do to strengthen their security systems.

Here is a verbatim transcript of the interview. Also watch the accompanying video.

Q: Why is it that the company hasn't proceeded with action against this employee apart from suspending him?

A: I have seen scams which have been bigger than this and when the company management talks to you, the first question they normally ask you is we don’t want to go to the press or the police. So I am not surprised at the fact what Wipro has done nothing about it so far.

Q: Where do you think the lapse has happened? This is a very through professional company with one employee over a period of time hacks into the system and Rs 20 crore is moved into his account. Why did this go undetected?

A: I think this went undetected because Wipro may have used auditing techniques which are manual. When you are the size of a company like Wipro you need a software which can keep track of all these transactions like the airline industry uses it to check that my credit card is not misused. So you need anti-money laundering to check for fraud which obviously Wipro didn’t do.

Q: What can Wipro do now? Keeping this quiet and suspending the employee is no solution and you would agree with that. Whether companies like to talk or go to the press or Wipro in this case has put out a statement and perhaps many companies wouldn’t even have done that, but under the law how should Wipro proceed and shouldn’t a person like this be brought to justice?

A: If Section 66 of the IT Act applies, it is a clear cut case of hacking. Now what Wipro needs to find out is, is it one employee or were there 50 other employees who were a part of it? It is odd that you have such a big scam and you have only one employee involved.

I believe this should go to the police and court and tell everyone that cyber crime in India doesn’t pay. Today the big problem is that there is no conviction. So the cyber criminal gets away with murder.

Q: So what would be the lessons from this incident, more specifically other IT companies?

A: First lesson is that when IT companies don’t take the cyber crime cases to court. The entire ecosystem doesn’t learn how to fight cyber crime. I think that is what we need to do. We need more companies to go to the police.

SOURCE: http://www.moneycontrol.com

If you like this post and want us to post similar articles, Pls give us a feedback and leave a comment here

Penetration Testing Is Sexy, But Mature?

Source from John H. Sawyer. He is a senior security engineer on the IT Security Team at the University of Florida. The views and opinions expressed in this blog are his own and do not represent the views and opinions of the UF IT Security Team or the University of Florida. When John's not fighting flaming, malware-infested machines or performing autopsies on blitzed boxes, he can usually be found hanging with his family, bouncing a baby on one knee and balancing a laptop on the other. Special to Dark Reading.

The buzz generated from Core Security's move to integrate with the Metasploit Framework has left me a little puzzled. Don't get me wrong: I love Metasploit. It's a fantastic tool that has certainly been put through its paces as a pen-testing tool -- it's free, open source, and extremely accessible to aspiring security professionals. And, of course, I've heard great things about Core's flagship product, Impact Pro. But the deal just seems like an odd move.

I've spoken with a few friends about the announcement, and they were equally scratching their heads. We threw around a few ideas about the integration, from it being a simple a publicity stunt for keeping Rapid7 from stealing the limelight, to a legitimate effort at promoting a multitool approach to penetration testing. Since I'm an optimist, I'm sticking with the latter because it holds true to reality for how pen testers actually approach their jobs.

Just like we security pros like to say, "There's no silver bullet for security," the same hold true for pen testing. There isn't a single tool that can really do it all, and that's why companies have to take a multitool approach, as mentioned by HD Moore, Rapid7's CSO and creator of the Metasploit Project. That's why tools like Nmap, Maltego, Fierce, BurpSuite, Metasploit Framework, Impact, and hundreds of others exist. Can you imagine trying to take the functionality of all of those tools and rolling it into one?

BUT, there's a lot of good to be said about interoperability among pen-testing tools (something that's sorely lacking), and that's what Core is adding through its integration with Metasploit. For example, if a system is compromised via an exploit in Metasploit, then a Core Impact Agent can be deployed and managed via the Impact interface. Information gained from using Metasploit's db_autopwn can be brought back into the Core interface, which makes it more accessible for newer pen testers not familiar with Metasploit's msfconsole.

In other words, the data from db_autopwn is now in a pretty GUI instead of a SQLite database accessed using commands like db_host, db_vulns, and db_services within the non-GUI msfconsole.

OK, back to my original question. We all know penetration testing is sexy, right? Seriously, how many of us got into the infosec industry because we thought hacking stuff was cool? Yeah, I know...probably more than would care to admit. And what is penetration testing? That's right. It's hacking stuff -- people, computers, whatever.

But is the pen-testing software market maturing? I guess that depends if you include free, open-source projects like the Metasploit Framework. It's the only pen-testing software that's making huge headlines because of its recent purchase by Rapid7 and integration into a commercial product by Core. Yeah, I'd say it's maturing, and more companies are realizing the value of comprehensive penetration tests, but there's a long way to go before we see widespread adoption.

Mobile Security Bug: Hackers can exploit Google Buzz: Google patched the flaw

Continuing to my previous post

A common Web programming error could give hackers a way to take over Google Buzz accounts. The flaw is a "medium-sized problem" with the Buzz for Mobile Web site, said Robert Hansen, CEO of SecTheory, who first reported the issue.

This type of Web programming error, called a cross-site scripting flaw, lets the attacker put his own scripting code into Web pages that belong to trusted Web sites such as Google.com. It is a fairly common flaw but one that can have major consequences when exploited on widely used Web sites.

The attacker "can force you to say things you don't want to say, to follow people," he said. "Whatever Google Buzz allows you to do, it allows him to do to you."

The bug was discovered by a hacker known as TrainReq, who e-mailed Hansen details of the flaw without explanation. TrainReq is best known for posting photos stolen from pop star Miley Cyrus' e-mail account to the Internet.

Now that Google has made several changes and patched the flaw.

Google released a statement regarding the flaw. "We fixed a vulnerability that could have affected users of Google Buzz for mobile on February 16th, hours after it was reported to us. We have no indication that the vulnerability was actively abused. We understand the importance of our users' security, and we are committed to further improving the security of Google Buzz."

Wednesday, February 17, 2010

Is The U.S. Ready For A Cyberwar ??

Imagine waking up in the morning and your electricity is out. No lights, no heat and no computers. You try to turn on your cell phone but the network is down and so is your access to the Internet. You suddenly feel alone and afraid.

An army of foreign computer hackers has brought down America's power grid and government operations.

According to cyber security advisors this kind of scenario is very real and the U.S. is unprepared to defend itself.

Cyber sieges do happen and can have a crippling effect on national defense. In August of 2008, Russia launched a cyber attack on the national websites of Georgia, its neighboring country. These attacks coincided with Russia's military campaign in the South Ossetia region. The attacks debilitated Georgian news and government websites and marked one of the first cyber/military wars in modern history.

The "Cyber ShockWave" event and was hosted by the Bipartisan Policy Center, a Washington based nonprofit organization. Their mission was to test the U.S. response to a coordinated, international attack on America's technological infrastructure.

The group hired experts in cyber warfare to compose a simulated scenario where a virus attaches itself to a "March Madness" college basketball phone application. In the simulation, the virus replicated and spread through smart phone contact lists until it eventually brought down cellular service for most Americans. Included in the exercise were a number of private companies, such as PayPal and General Dynamics, which have a vested interest in bolstering U.S. cyber defense capabilities.

So how did America fare against a such a strike?

Fail.

"It's very easy for hackers to hide in other people's computers and servers," said Lou Von Thaer, a top security expert with General Dynamics, a defense firm based in Falls Church, Va. "We spent a lot of time today trying to figure out who did it and it created a lot of chaos."

"What we're suggesting is the seat belt analogy," said Von Thaer. "These days we wouldn't imagine driving across town without wearing a seat belt. And that's because now there are laws and regulations that have made seat belt use a standard way of life. We need to have similar standards in the cyber world."

SOURCE: www.npr.org

Tuesday, February 16, 2010

Core Security Integrates CORE IMPACT Pro with Metasploit Project

Core Security Technologies, provider of CORE IMPACT Pro, the most comprehensive product for proactive enterprise security testing, today announced that it has created a fully supported technical integration between its flagship software solution and the Metasploit open-source exploit framework.

With today’s organizations using penetration testing to strategically test their vulnerabilities and IT defenses, Core Security now offers both professional penetration testers and operational security staffers who use IMPACT Pro the ability to tap directly into the open-source functionality of Metasploit to carry out vulnerability analysis.

By providing the opportunity to use Metasploit in concert with IMPACT Pro, penetration testers will now be able to appreciate all the benefits of Core’s commercial-grade, automated solution – with its massive library of professionally developed exploits, efficient and easy-to-use interface and in-depth reporting capabilities – alongside the well known open source project.

Through the integration, testers will now be able to:

1. Bring a system compromised during testing with Metasploit into the IMPACT environment and deploy an IMPACT Pro Agent. The Agent is a patented, syscall proxy payload that allows users to:

Launch IMPACT Pro’s full range of automated penetration testing capabilities from the compromised system.
Leverage IMPACT’s broad selection of commercial-grade exploits, plus multiple pre- and post-exploitation capabilities for in-depth, comprehensive attack replication.
Pivot penetration tests to other systems, mimicking an attacker’s attempts at identifying and exploiting paths of weakness to backend systems and data.

2. Use IMPACT Pro’s automated Rapid Penetration Test (RPT) to exploit vulnerabilities, then launch Metasploit’s db-autopwn feature and subsequently upload the results back into IMPACT Pro. This allows users with less training and expertise to view Metasploit testing information within the IMPACT environment.

“We’ve long respected the work of H.D. Moore, his team and the community of Metasploit contributors in creating a rich exploit framework that offers experienced testers a range of capabilities, and we wanted to make it easier for those who want to use Metasploit alongside CORE IMPACT Pro to do so,” said Fred Pinkett, vice president of product management at Core Security. “By offering professional testers and security staff greater ability to centralize their assessments and incorporate their Metasploit efforts into their IMPACT Pro deployments, we feel that we’re providing the market with an expanded opportunity to carry out even more inclusive and valuable penetration tests.”

The IMPACT Pro-Metasploit integration will officially arrive in the next version of CORE IMPACT Pro, due to ship from Core Security in April 2010.

“As someone who utilizes both CORE IMPACT Pro and Metasploit, it’s invaluable to see Core moving towards integrating in this way,” said Steve Shead, Director of IT & Information Security Officer and at CafePress.com. “It will give testers more scope for comprehensive testing and assessment, and another avenue of cross checking by importing Metasploit test results back into IMPACT Pro. It’s gratifying to see Core targeting their development efforts into providing automated penetration testing capabilities that are as flexible and dynamic as humanly possible; ultimately this means they listen to the needs of their customers and, more importantly, take action.”

“The integration the Metasploit framework with IMPACT Pro will define a new era for vulnerability confirmation,” said Chris Nickerson, CEO of Lares Consulting. “Professional penetration testers and enterprises alike will now benefit from the exploits of Metasploit while being able to leverage the powerful technology and reporting of IMPACT Pro. The most reliable commercial tool blended with the bleeding edge research of the open source community will surely be a hit for all.”

How Hackers hacks your cell phone to get information?? How Hackers spy conversations of your cell phone??

Hackers can get your information, and even spy on your conversations all through your cell phone.

Have you ever put your phone down for a few minutes, maybe left it on your desk, or on the table at a restaurant while you head to the ladies room?

If you’ve ever left it unattended you’re at risk.

When your phone rings, you answer. But your phone can pickup without making a sound, and turn into a hidden microphone.

Expert Tom Slovenski explains, “You can hear everything that is going on in the room.“

It happened to the Kuykendall family in Washington State. “They’ve totally taken over the phone,“ Heather Kuykendall says. And it was hard to convince authorities something was going on. “I can’t sleep at night I worry constantly,“ she says.

Monday, February 15, 2010

US Government looking for Cyber Warriors

For a battle which has not taken place

The US government is apparently looking for a coalition of the willing to take on cyber warriors. The US Defence Department estimates more than 100 foreign intelligence agencies have tried to hack into its systems, with its networks probed thousands of times a day.

According to the Sydney Morning News the US is formulating a cyber warfare doctrine which will be critical in deciding how the US Empire and its client kingdoms will respond to cyber attacks. Apparently the US is not certain if China is an ally or an enemy and is snuffling around its military chums to see if there are common areas in which they can work together.

While terrorists are finding it difficult to get bombs to go off they are having some success stuffing up Western networks and while it does not inspire terror it does keep their agenda at the top of the newspaper list.

However other commentators have pointed out there is little evidence of cyber warfare taking place anywhere and many attacks are overstated.

UDPFlood: UDP packet sender utility

UDPFlood is a UDP packet sender. It sends out UDP packets to the specified IP and port at a controllable rate. Packets can be made from a typed text string, a given number of random bytes or data from a file.

DOWNLOAD HERE

SOURCE: http://www.foundstone.com

Software used to detect the Task Scheduler vulnerability remotely

A Windows network admin utility for remotely detecting the Task Scheduler vulnerability on Microsoft Windows 2000 and Windows XP systems. NetSchedScan allows you to scan multiple IP ranges for the Task Scheduler buffer overrun.

Note: This tool does not require any authentication credentials.

DOWNLOAD HERE

SOURCE: http://www.foundstone.com

Learn how to Find SQL servers vulnerable to SQL "Slammer" or "SQHell" worm

SQLScan is a Windows GUI scanner tailored specifically to finding SQL servers that may be vulnerable to the recent SQL "Slammer" or "SQHell" worm that attacks vulnerable Microsoft SQL 2000 servers.

Use of the tool should be fairly self-evident. Enter a list of IP addresses to be scanned in the IP list. You can continually add to the list and can pull in a pre-built list of IP addresses from a file if you wish. IP addresses in the file can be specified as single IPs (10.1.2.3), or ranges (10.1.2.3-10.3.4.5, or 10.1.2.3-254 etc.). Right-clicking with the mouse on the IP list window will allow you to directly paste lists of IPs from the clipboard.

Choose which SQL port you would like to scan by entering it in the port selection edit box. Port 1434 is used by default but this can be changed to anything more appropriate for the network you are scanning.

When you are ready, click the Start button (right blue arrow). To stop the scan click the Stop button (blue square).

The program will attempt to extract and display the SQL query response string from responding hosts. If this is not able to be determined nothing will be shown in the response field.

Right-clicking on an entry in the list of discovered hosts will bring up a menu where you can select to copy the relevant IP address or the entire displayed line to the clipboard.

When the scan has completed you can save the list of discovered hosts to a file by clicking the "Save..." button at the bottom right of the window. You can save in either HTML or comma-separated (CSV) format by choosing an appropriate file extension. The file will be saved in the same manner as it is displayed i.e. if you have chosen to sort the list by clicking one of the column headers that is how it will appear in the file.

DOWNLOAD HERE

SOURCE: http://www.foundstone.com

Remotely detecting LSASS vulnerability using DSSCAN V1.0

A Windows® network admin utility for remotely detecting LSASS vulnerability released in the MS04-011 bulletin. Allows you to scan multiple IP ranges and send an alert message to vulnerable systems. Note: This tool requires the ability to establish a null session to each target host.

DOWNLOAD HERE

SOURCE: http://www.foundstone.com

How to catch an attackers if pass through corporate networks undetected and bypass perimeter security devices

Network monitoring software such as IDS typically examines only complete IP datagrams. Thus, attackers are able to fragment their IP traffic to pass through corporate networks undetected and bypass perimeter security devices. While most network monitoring software like IDS is now capable of handling fragmented traffic, intruders still often attempt this type of attack that can bypass IDS and take systems out of commission, or result in information being stolen or corrupted.

As part of its new charter, Foundstone Labs created IPv4Trace, a Win32 C++ programming library. Because IPv4Trace is a Win32 object-oriented port of the OpenBSD 2.8 kernel-land IPv4 fragment reassembly implementation, Win32 programmers can now use the tool to reassemble fragmented IPv4 traffic in programs that process captured network traffic, allowing them to proactively circumvent an attack that can take systems out of commission or result in information being stolen or corrupted.

DOWNLOAD HERE

SOURCE: http://www.foundstone.com

A TCP/UDP port listener. Act as a guard dog to notify you of attempted probes: ATTACKER V3.0

Attacker -A TCP/UDP port listener. You provide a list of ports to listen on and the program will notify you when a connection or data arrives at the port(s). Can minimize to the system tray and play an audible alert. This program is intended to act as a guard dog to notify you of attempted probes to your computer via the Internet.

Attacker is not intended to protect your computer from hackers in any way other than notifying you of what was always happening to your computer before you knew about it! Running this program may in fact attract more attention to your computer from people remotely scanning for vulnerabilities due to it appearing as a collection of open ports. However, it will definitely not lessen the security of your computer. It is strongly recommended you have a good anti-virus program installed and that you do NOT have File & Printer Sharing enabled for use over the Internet.

** NOTE: Some Anti-virus packages may falsely report this product as a keylogger/trojan application. Please upgrade to the latest anti-virus definitions as this has been corrected by most vendors.**

DOWNLOAD HERE

SOURCE: http://www.foundstone.com

Identify unknown open ports and their associated applications using FPORT V2.0

fport supports Windows NT4, Windows 2000 and Windows XP

fport reports all open TCP/IP and UDP ports and maps them to the owning application. This is the same information you would see using the 'netstat -an' command, but it also maps those ports to running processes with the PID, process name and path. Fport can be used to quickly identify unknown open ports and their associated applications.

Usage:

C:\>fport

Pid Process Port Proto Path

392 svchost -> 135 TCP C:\WINNT\system32\svchost.exe

8 System -> 139 TCP

8 System -> 445 TCP

508 MSTask -> 1025 TCP C:\WINNT\system32\MSTask.exe

392 svchost -> 135 UDP C:\WINNT\system32\svchost.exe

8 System -> 137 UDP

8 System -> 138 UDP

8 System -> 445 UDP

224 lsass -> 500 UDP C:\WINNT\system32\lsass.exe

212 services -> 1026 UDP C:\WINNT\system32\services.exe

The program contains five (5) switches. The switches may be utilized using either a '/'

or a '-' preceding the switch. The switches are;

Usage:

/? usage help

/p sort by port

/a sort by application

/i sort by pid

/ap sort by application path

DOWNLOAD HERE

SOURCE: http://www.foundstone.com

RootKit detection using Linux kernel module: Carbonite

Rootkits are collections of commonly trojaned system processes and scripts that automate many of the actions an attacker takes when he compromises a system. Rootkits will trojan ifconfig, netstat, ls, ps, and many other system files to hide an attacker's actions from unwary system administrators. They are freely available on the Internet, and one exists for practically every Unix release. The state-of-the-art rootkits are Loadable Kernel Modules (a feature unique to most Unix systems) that hide files, hide processes, and create illicit backdoors on a system. Solaris, Linux, and nearly all Unix flavors support Loadable Kernel Modules. Attacker tools that are Loadable Kernel Modules, or LKMs, have added to the complexity of performing initial response and investigations on Unix systems.

All operating systems provide access to kernel structures and functions through the use of system calls. This means whenever an application or command needs to access a resource the computer manages via the kernel, it will do so through system calls. This is practically every command a user types! Therefore LKM rootkits such as knark, adore, and heroin provide quite a challenge to investigators. The typical system administrator who uses any user space tools (any normal Unix commands) to query running process could overlook critical information during the initial response.

Therefore we created a Linux kernel module called Carbonite, an lsof and ps at the kernel level. Carbonite "freezes" the status of every process in Linux's task_struct, which is the kernel structure that maintains information on every running process in Linux.

DOWNLOAD HERE

SOURCE: http://www.foundstone.com

Microsoft Targets Windows 7 Activation Hackers

Microsoft said it will soon will feed Windows 7 users an update that detects illegal copies installed using more than 70 different activation cracks.

The update to Windows Activation Technologies (WAT), the anti-piracy software formerly known as Windows Genuine Advantage (WGA), will be posted to Microsoft 's download site on Feb. 17, and offered as an optional upgrade via Windows Update later this month, where it will be tagged as "important."

Out the gate, the update will reach Windows 7 Home Premium, Professional, Ultimate and Enterprise users, said Joe Williams, the general manager of Microsoft's activation and anti-counterfeit group. "I'd like to stress that the Update is voluntary, which means that you can choose not to install it when you see it appear on Windows Update," said Williams in an entry to the Genuine Windows blog.

According to Williams, the WAT update sniffs out more than 70 "activation exploits," Microsoft's term for what others call "cracks" that sidestep the product activation process, or use stolen keys to illegally activate counterfeit copies of Windows 7.

After the update has been installed, PCs running cracked copies will begin displaying a black background and the usual gamut of nagging notifications that mark the operating system as bogus. "Machines running genuine Windows 7 software with no activation exploits will see nothing," promised Williams.

Microsoft regularly refreshes its anti-piracy technology to identify new activation exploits -- it did the same two years ago in a Vista crack crack-down -- but the number of exploit "signatures" in the upcoming WAT update is magnitudes larger than any previous.

Among the 70-some cracks shut down by the update are a pair that surfaced last November , just weeks after the launch of Windows 7. At the time, Microsoft said it was aware of the cracks -- "RemoveWAT" and "Chew-WGA" -- and was working on ways to disable them. A Microsoft spokeswoman confirmed today that the WAT update will include signatures for both cracks.

SOURCE: pcworld

Do not use "iloveyou" as your password. Valentines Bearing a Virus Not So Loving

People still remember the I LOVE YOU virus that infected machines a decade ago but they still have not stopped using "iloveyou" as their password."iloveyou" is the fifth most common password, "lovely" is at number 18, "loveu" is number 23 and "loveme" is number 43. Apparently, hackers know this and they are all set to misuse personal information on social networks like Facebook.

Harmful Valentine Messages

Hackers have it all planned out--they will first get a complete list of friends for many users and then proceed to send Valentine messages to all of them. Receivers will unknowingly click on a seemingly harmless Valentine's Card and will get a virus instead of virtual chocolates or roses.

Sprint Selects Juniper Networks to Secure Its Mobile Data Network Infrastructure

Juniper Networks (JNPR 24.76, -0.50, -1.98%) today announced that Sprint Nextel Corp. has reached an agreement to purchase its Juniper SRX Series Services Gateways, which will enable the company to securely deliver mobile data services.

Juniper will provide a high-end, scalable security solution to accommodate potential growth in mobile data subscribers as well as handle increased data usage per subscriber.

The SRX5800 Services Gateways, equipped with multiple 1 Gigabit Ethernet and 10 Gigabit Ethernet connections, will be deployed in core and distribution data centers throughout the United States. The SRX Series will also enable Sprint to employ additional network and security capabilities.

The feature integration on the SRX Series is enabled by Juniper's Junos(R) software. The SRX Series is equipped with a robust list of features that include firewall, intrusion prevention system (IPS), denial of service (DoS), Network Address Translation (NAT), and quality of service (QoS). In addition to the benefit of individual features, incorporating the various features under one OS greatly optimizes the flow of traffic through the services gateway. Network traffic will no longer need to be routed across multiple paths/cards or even disparate operating systems within a single gateway.

SOURCE: Market Watch

Sunday, February 14, 2010

Need a professional email address w.r.t "HACKERS" OR Do you want free site traffic ???

Need a professional email address w.r.t "HACKERS"

... It can be urs for free. **Get Noticed ! Get Famous ! Mail us at

Do you want free site traffic ??? OR you want more readers ???

Freehacking.net is the right place. We are one of the top leading ethical hacking blog and promoting guest blogging on the web : Submit Guest Post to us at .

We invite you to write a guest article related to hacking/technology, which will be posted on Freehacking.net along with your signatures. You are allowed free backlinks to your site. Think out of the box and enhance your writing skills. We are here to share your knowledge and innovative contents to experts, geeks and bloggers.

All the guest articles are also posted to our Myspace, Facebook and Twitter pages which is helpfull to generate more traffic & free social media promotion.

Check below screenshots to know more about our web reputation.

Number 1 ethical hacking blog. Check the below screenshot for the same. Googling the most generic ethical hacking term, and our blog is ranked as number 1. To check our latest ranking on google,

Check the below screenshot. Our Technorati authority is 426 as on 14th February.

To check the latest Technorati authority click here

Move to tackle cybercrimes - Hackers got Golding

Prime Minister Bruce Golding has good enough reasons to support the Cybercrimes Bill after a recent incident left him holding thousands of US dollars in credit-card debt.

Golding told fellow parliamentarians he had the shock of his life after his bank told him that thousands of US dollars in purchases were made on his Jamaican-issued credit-card account during a two-day spending spree.

Golding, who had not travelled outside Jamaica in months, said his bank advised him that the money was used to buy several plane tickets.

The incident, which occurred three months ago, was traced back to hackers thousands of kilometres away in the United Kingdom.

SOURCE: http://www.jamaica-gleaner.com

Share This Post With Your Friends

Saturday, February 20, 2010

Organizations should avoid Adobe if possible: Adobe a huge target of hackers

Cyber Attackers Hack Australian Government Websites

4th Largest Affiliate Network gets attacked by hackers: XY7.com is Back Up and Running Smoothly After Web Attack

Friday, February 19, 2010

WordPress network bug throws millions of blogs offline

Views of Pawan Kumar Singh, CISO, Tulip Telecom & Faraz Ahmed, CISO, Reliance Life Insurance on Wipro Fraud

Cyber exercise aims to teach the good guys to think like the bad guys

Firefox suffers critical bugs

Kneber botnet virus attacks 75,000 computers worldwide, including US government systems2

Thursday, February 18, 2010

Wipro fraud may involve more than one person: Expert

Penetration Testing Is Sexy, But Mature?

Mobile Security Bug: Hackers can exploit Google Buzz: Google patched the flaw

Wednesday, February 17, 2010

Is The U.S. Ready For A Cyberwar ??

Tuesday, February 16, 2010

Core Security Integrates CORE IMPACT Pro with Metasploit Project

How Hackers hacks your cell phone to get information?? How Hackers spy conversations of your cell phone??

Monday, February 15, 2010

US Government looking for Cyber Warriors

UDPFlood: UDP packet sender utility

Software used to detect the Task Scheduler vulnerability remotely

Learn how to Find SQL servers vulnerable to SQL "Slammer" or "SQHell" worm

Remotely detecting LSASS vulnerability using DSSCAN V1.0

How to catch an attackers if pass through corporate networks undetected and bypass perimeter security devices

A TCP/UDP port listener. Act as a guard dog to notify you of attempted probes: ATTACKER V3.0

Identify unknown open ports and their associated applications using FPORT V2.0

RootKit detection using Linux kernel module: Carbonite

Microsoft Targets Windows 7 Activation Hackers

Do not use "iloveyou" as your password. Valentines Bearing a Virus Not So Loving

Sprint Selects Juniper Networks to Secure Its Mobile Data Network Infrastructure

Sunday, February 14, 2010

Need a professional email address w.r.t "HACKERS" OR Do you want free site traffic ???

Move to tackle cybercrimes - Hackers got Golding