Вы находитесь на странице: 1из 36

THEHACKERNEWS MAY201

1-I
ssue02

Edi
tion

Bec
auset
her
eisnoPATCH
f
orhumanSTUPI
DITY!
c
opyr
ight@s
oci
al
-engi
nee
r.or
g2011
DearReaders
As thecyberworld rocks theX Generation wehereatTHE HACK-
# NITIN BHARDWAJ ERS NEWS spin the kalidoscope oftechnology news on its axis .
Becauseofthat,Igetto warmlyandappreciativelywelcomeyouto
# Pattiegalle
ISSUE 2 of"THE HACKER NEWS MAGAZINE."
# Harsh Daftary
# KapilChaudhary THE HACKER NEWS was created from the need for up to date
# David Kennedy informative and practicalhacking news and information. we were
spinning from the over 50,000 downloads of the first issue of
# Anonymous THE HACKER NEWS MAGAZINE!
# Priyanshu Sahay
As Editor,Iwant you to know that issue 2 willkeep you reading
andlearningfrom theuniqueinformation compiledjustforyouby
securityprofessionals and hackers alike.

Notonlydowehaveatechsavvymonthlymagazinewealsoprovide
hackernews24 hoursaday,7 daysaweek. Wewantyou to bethe
bestinformed and educated on theweb today,tomorrow and well
into thefuture.

Thankyou for thepleasureofproducing this magazineand Ilook


forward to yourinputand
H
continued interestin THE HACKER NEWS.

Sincerely,
MohitKumar(Chief-in-Editor)
TheHackerNews

VisitOurOficialSite-www.thehackernews.com
EmailId-thehackernews@gmail.com
FacebookProfile-http://facebook.com/unix.root
FacebookTHN Page-http://facebook.com/thehackernews
TwitterProfile-http://twitter.com/TheHackersNews
I
NDEX
1.
)Soc
ial
Engi
neer
ing 1

2.
)OpS
onyByAnony
mous 11

3.
)AnnaHa
zar
e 14

4.
)Mes
sageByPa
tti
eGa
ll
e 16

5.
)Ha
cki
ngNews 17

6.
)Ha
cker
sTool
sUpda
tes
/Downl
oad 19

7.
)Def
acementNews 20
I
NDEX
8.
)Sec
uri
tya
ndHa
cki
ngE
vent
s 24

9.
)Cy
berCr
imeNews 26

10.
)Li
nuxNews 27

11.
)Sec
uri
tyNews 28

12.
)Vul
ner
abi
l
ityNews 30

13.
)Feedba
ckt
oTHN 32
THERE’S SOMETHING “HUMAN”TO
SOCIAL ENGINEERING
Aakash Mishra….GIVES US A GLIMPSE AT
THE PSYCHOLOGICAL SKILL
OF SOCIAL ENGINEERING

www.t
hehacker
news.c
om
01|
Ma y2011|I
ssue02
Pretexting
Pretextingistheabilityto createafalsescenario thatwouldmakeatar-
geted victim feel comfortable giving you information.it is more than
simple lying.Often it is impersonating an individual that the targeted
victim perceives has the right to know the information. it could be a
police officer,bank personnel,tax authorities,or insurance investiga-
tors.Sometimesallthatisneededisanauthoritativeandearnestsound-
ing voice.

Diversion theft
This technique originated in the east end of London and thieves who
employ this technique are well rehearsed,and are extremely effective.
Basically,itisthejobofthesocialengineerto divertgoodsto adiffer-
entlocation.Theengineermustpersuadetheadministratororpersonnel
ofatransportorcouriercompanyto issueinstructionsforthedriverto
redirecttheconsignmentorload.

Phishing
Phishing is a popular emailscam thatfraudulentlyobtains privateinfor-
mation. An emailsentfrom an officiallooking business warning ofsome
direconsequenceifthepersonalinformation is notprovided.
Phishing can involvecreating websites thatresemblea legitimateorgani-
zations site which convinces the targetitmustbe okayto give financial
orpersonalinformation.

ivrorphonephishing
This technique uses the phone to recreate a legimate sounding business
that the intended target is persuaded to call from an email or letter.
One technique uses voice prompts to get password or account informa-
tion or the person willbe transferred to the socialengineer posing as
thecustomerservicerepresentiveforquestioning.
phonephishing is also callvishing.
www.t
hehacker
news.c
om
02|
Ma y2011|I
ssue02
Baiting
This technique requires the engineer to make a malware infected floppy
disk,CD rom,orusbflash driveinaplaceanintendedtarget(s)mightpick
itup outofcuriosityor greed. the titles maybe corporate information
thatwould appearto allow thetargetinformation thatwould givefinan-
cialgain.Howeverpresented,oncethediskisinsertedtheusersinstalls
malware giving the engineer unfettered access to the targets pc or a
company’s internalcomputernetwork.

Quid pro quo


Quid pro quo is simply “something for something,” in other words the
social engineer calls the targeted victim and offers something,maybe
money,chocolates,merchandiseforpasswordorotherpersonalinforma-
tion.Surprisingly,largenumbers ofvictims readilygivethis information
believing theyaregetting something in return.
SocialEngineering God Father
Kevin David Mitnick
Kevin David Mitnick (born October
6,1963)isacontroversialcomput-
er hacker and convicted criminalin
theUnited States.

Mitnick was convicted in the late


1990s of illegally gaining access
to computernetworks and stealing
intellectual property.Though Mit-
nick has been convicted ofcomput-
errelatedcrimesandpossessionof
severalforged identification docu
ments,his supporters argue that
his punishmentwas excessive.
www.t
hehacker
news.c
om
03|
Ma y2011|I
ssue02
Kevin Mitnickbegan socialengineeringorperhapsdiscoveredhisfirsten-
gineerable situation at the age of 12.He realized he could bypass the
punchcardsystem usedfortheLosAngelesbussystem:bybuyinghisown
punch,he could get free bus rides anywhere in the greater LA area.
Social engineering became his primary method of obtaining information,
whether it be user names and passwords,modem phone numbers or any
numberofotherpieces ofdata.

In high school,hewas introduced to phonephreaking,theactivityofma-


nipulatingtelephoneswhichwasoftenusedtoevadelongdistancecharg-
es forhis benefit.

Mitnickbrokeinto hisfirstcomputernetworkin 1979,when afriendgave


him thephonenumber for theArk,thecomputer system atDigitalEquip-
ment Corporation (DEC) used for developing their RSTS/E operating
system software.Hebrokeinto DEC'scomputernetworkandcopiedDEC' s
software,forwhich hewaslaterconvicted.Thiswasthefirstofaseries
ofrun-ins with thelaw.
Acts byKevin Mitnick:
1.)Using theLos Angeles bus transfer system to getfreerides Evading
theFBI
2.)Hacking into DEC system(s)to view VMS sourcecode(DEC reportedly
spent$160,000 in cleanupcosts)
3.)Gaining fulladmin privileges to an IBM minicomputer attheComputer
Learning Centerin LA
4.)Hacking Motorola,NEC,Nokia,Sun Microsystemsand Fujitsu Siemens
systems

Kevin Mitnickis now a professionalcomputer consultant(doing business


as MitnickSecurityConsulting,LLC).

www.t
hehacker
news.c
om
04|
Ma y2011|I
ssue02
Interview with thecreatorofthesocial
engineering toolkit,David Kennedy!
THN Editor :First,tellus aboutyourself,your experienceand whatyou
haveproduced in thesocialengineering field?
David :I'm a Director of Information Security for a Fortune 1000 com-
pany.Don' tletthetitlefoolyou,beingaDirectorjustmeansIcan focus
on the stuffIlove which is breaking things.Ihave a heavy penetration
testing and exploitation background dating back to the military intelli-
gencedaysaswellasasecurityconsultantworkingwithanumberofFor-
tune500 and 1000 companies.As a penetration tester a few years back,
Social-Engineeringwasamajorportion ofwhatIneededto do in orderto
gain access either physically or through social-engineering attacks
againstorganizations.It'sbeen ablastworking in thesecuritycommunity
and contributingasmuch asIcan to open source.Myphilosophyin lifeis
IlovewhatIdo and whereIworkand mygoalis to giveas much backto
thesecuritycommunityandmakethem successfulandhelpifIcan.I' m one
of the founders of DerbyCon,a security conference in Louisville Ken-
tucky,creator ofthe Social-Engineer Toolkit,Fast-Track,member ofthe
Social-Engineer crew/podcast, and main blog post at
http://www.secmaniac.com.

THN Editor :Please explain what Social Engineering is and how we use
SocialEngineering?
David :Social-Engineering simplyputis themanipulation ofhuman behav-
ior to achievesometask.For us as penetration testers,Social-Engineer-
ing can beleveraged in multiplecapacities to compromisean organization
and gain accesswhich typicallycircumventsthemajorityofsecuritycon-
trolsin placein an organization.Forme,IleverageSocial-Engineeringon
a regular basis to identify weaknesses within my security program and
user awareness.Mostorganizations arespending a ton ofmoneyon the
latest shiny technology that promises to fix their security problems
whileourhumans arefinding theeasiestwayto getin.
www.t
hehacker
news.c
om
05|
Ma y2011|I
ssue02
THN Editor:Whatarethebestways to perform SocialEngineering?
David:Social-Engineeringtakessometimetolearnandsomethingthatre-
quirespractice.There'sno easyansweron whatthebestwayto social-en-
gineer a victim.When I'
m going after an organization Ilook atwhatthey
have on the Internet,who the personnelis,their language,whatcompa-
nies they own,and as much information Ican possibly learn from open
source intelligence (osint).I'
ll develop a pretext (my attack)based on
what Ilearn and practice it before hand to make sure it' s perfect and
flawless.A lot of times leveraging social networking sites in order to
learn a lotofinformation aboutmytargets is beneficialand leveraging
trustwith people theytrustcan always make thatlittle bitofa differ-
ence.

THN Editor :Whataretherecentusages ofSocialEngineering,such as


the,HBgaryhackbyanonymous OR RSA hack?
David :Ithinkthemostrecentonewould betheRSA hackwherethede-
tailsarestillabitvaguebutleveragedspear-phishingin orderto target
aselectamountofpeoplewith aFlash zero day.We' veseen theseattacks
becomemoreandmoreprevalentandsomethingwehavebeenpreachingon
theSocial-Engineer.org podcastfor a largetimethatthesetypes ofat-
tacksarecomingandit' sgoingto besomethingreallydifficultto protect
against.

THN Editor :How did "SET (SocialEngineering Toolkit)” come about and
Whydid you developit?
David :When SETwas firstconceived Chris Hadnagyand Iweresitting in
achatroom on IRC talkingtogetherandhementionedhewasstartingso-
cial-engineer.org to try to bring more awareness and education to the
community about social-engineering and how it relates directly to secu-
rity.We started chatting and found that there really was no tool out
thereforsocial-engineeringandsomethingthatwasahugegapforusas
penetration testers.Outofthattalk,araw version ofSETwas created
www.t
hehacker
news.c
om
06|
Ma y2011|I
ssue02
which was reallybasic in nature,ithad a mass mailer,somePDF exploits
and thatwas reallyit.Even with its early,earlyrelease itgota ton of
positivefeedback and ithas justgrown from there.Inever thoughtfor
oneminutethatSETwouldbecometheleadopen sourcetoolin social-en-
gineering and something thatpenetration testers leverageon a regular
basis,it'
s quiteimpressiveand I'
m humbled byit.

THN Editor:Is SocialEngineering dangerous ?

David:Social-EngineeringisextremelydangerousandTHE largestthreat
thatIseein information securityto date.Asmentioned before,wehavea
ton of technology in place that is specifically designed to stop buffer
overflows (or detect them),catch malware (kind ofa joke at this point),
and protect our web applications.Yet our user population is still com-
pletelyvulnerableand clueless on thesigns ofabreach.A finebalance
between technology and user awareness needs to be accomplished and
it'
ll never be 100 percent but it'
ll be a lot better than an uneducated
userpopulation.

THN Editor:How does someonemasterSocialEngineering ?

David :Social-Engineering requires you to changeyour behavior,remove


yourbarriers,and startto manipulatehumans to do yourbidding.Iknow
that sounds awful,but use Social-Engineering in a positive way at your
organization to seeifyou can affectadecision in yourmanner.Read and
learn from studies on behavioralanalysis and how humans interactwith
oneanother.Usethesocial-engineer.org framework to help you getthe
knowledgeto expand on.Ultimatelyit' sgoing to beyourselflearning the
techniques and applying them on a regular basis and be able to manipu-
lateyourown behaviorto getadesired outcomefrom someoneelse.

www.t
hehacker
news.c
om
07|
Ma y2011|I
ssue02
THN Editor:Giveusan overview ofthesocialengineeringtoolsandwhat
itoffers.
David :TheSocial-EngineerToolkit(SET)is an open-sourcepython driven
arsenalfor penetration testers aimed at testing how wellan organiza-
tion can withstand a social-engineer attack.SET has a number ofattack
vectors specifically aimed at targeting the user population.SET aids a
penetration tester in social-engineer attacks however doesn' tperform it
forthem.It' suptothepenetrationtestertoperform intelligencegather-
ing and form their pretextin order to haveasuccessfulattack.SEThas
a number oftools and attacks including theSpear Phishing Module,Web
AttackVectors,TeensyUSB Hid,WirelessAttackVectors,andanumberof
additionalcapabilities and features that make SET unique when it comes
to social-engineering and penetration testing.SETis being used interna-
tionallybypenetration testersandacriticaltoolto them in everycapac-
ity as social-engineering is a highly important attack vector to leverage
during normaltesting.

After that great interview with the creator of the social engineering
toolkit,David Kennedy,iwondered how many readers really understand
thedifferencein socialengineering as opposed to hacking.

TheEND

Vi
si
tHi
matht
tp:
//
www.
sec
mani
ac.
com/

www.t
hehacker
news.c
om
08|
Ma y2011|I
ssue02
Testyourunderstanding
On SocialEngineering
See ifyou can identify what technique ofsocialengineering was used in
thefollowing examples. (Answers atend ofarticle)

A)You receive an email where the sender is the manager or someone on


behalfofthesupportdepartmentofyour bankand is presenting a prob-
lem thatcan beresolved with you giving personalinformation aboutyour
account.

B)A person representing your company contacts the shipping company


thatdelivers your merchandiseand convinces them thattheymustdeliv-
eracertain deliveryto adifferentaddress.

C)You getan automated voicecallfrom afamiliarcompanyorbankasking


you to key in password information or other pertinent information. You
could betransferred from this callto alivecustomerservicerepresen-
tive.

D)You arewalking byyour bank and on thesidewalk you find a computer


diskthatistitled “accountsover100k.” Thismakesyou curiousand you
insertitinto yourcomputerto read theinformation.

E)An attacker calls random numbers ata companyclaiming to becalling


back from technicalsupport.Eventuallytheywillhitsomeonewith a le-
gitimate problem,grateful that someone is calling them back to help
them.Theattackerwill“help”solvetheproblem and in theprocess have
theuser givepasswords or accountinformation or typein commands on
theircomputerthatgivetheattackeraccess orlaunch malware.

www.t
hehacker
news.c
om
09|
Ma y2011|I
ssue02
Facing thefacts
Thetruth is socialengineering is rarelydiscussed.Peoplemostlyliketo
talkaboutcracking and phreaking.

Let’s bring social engineering out of the closet and onto discussion
blogs.Sharing information,learning thetechniques and knowing how to
protectyourselffrom socialengineering is thebestwayto beskilled in
this method ofhacking.

Answers
A)Pretexting

B)Diversion theft

C)IvrorPhonephishing

D)Baiting

E)Quid pro quo

www.t
hehacker
news.c
om
10|
Ma y2011|I
ssue02
Yous
# PSony
ayyouwantRe
vol
uti
on?
The yknowyourna me s....Youaret
heGl oba li
zedGOVERNMENTs ponsore
d
corporat
ionsandi nsti
tuti
ons.Theyknowyoua r
eguiltyofc ommitti
nga tr
ocit
ies
(warc ri
me s
,torture,toxicdumpinga ndstif
lingfreedom ofs peech,tonamea
few)a gai
nstma nkindi nthenameofgr ee
da ndpr ofi
t.Theys eease vi
dencethat
increa
s e
de conomi cgloba l
iz
ati
onandt heriseoft r
ansnat
iona lc
orpor at
epowe r
havec rea
tedtheunde niablecli
mateforcorporatehuma nrightsabus e
rs.

Theyknow t hatpredator
yc orporat
ionsaregovernedfir
standforemostbythe
codesofsuppl yandde manda nds howtheirunadul
terat
edloyal
tyonlytothei
r
st
ockholder
sa ndt healmightybottom li
ne.The yknow how corpor
ati
onshave
amassedgreatpowe ra ndinfl
ue nc
eonpubl icpolic
ya ndimme nsepowerover
worl
dgove rnme nts.
Asc orporat
ionsareal
lowe dtoactli
kecriminal
s,t
heyhave
t
herightandt hepowe rtostopthem.

ASGREED DRI VEN MULTI -NATI ONALCORPORATI ONSAND GOV-


ERNMENTSe ngageinthecr
ue l
ti
e sofGREEDAND Cor r
upt
ionaSI LENT
GLOBALARMYOFCOMPUTERTECHNO’ Sar
eusi
ngTHEIRt al
entsand
SKILLSTO thwa r
tTHEM.Ar oundt heworl
d-i
nVene
zuel
a,Ar
genti
na,India,
andtheUni
tedStat
esANDMULTI TUDESOFOTHERCOUNTRI ESc i
tize
ns
CYBERRe volut
ionar
iesa
res
teppingupt of
ost
erde
mocra
cyandholdcorpora
-
ti
onsacc
ount
ableFORTHEI Re gregi
ousCRIMES.

AstheAMERICANr evol
uti
onarySamuelAda
mss t
ated,
“Itdoe
snott
akeama-
jor
it
ytopre
vai
l.
..
butrat
heranir
ate,
tir
ele
ssminor
it
y,keenonset
ti
ngbr
ushf
ir
es
offr
eedomint
hemindsofme n.

www.t
hehacker
news.c
om
11|
Ma y2011|I
ssue02
Thosethatha
veabusedpowera
ndkneelonl
ytogreedshoul
dr e
c ogni
zet tA
ha
NEW REVOLUTI ON ISUNDERWAY.Agr owing,f
ullyforme danddeter
-
minedcyberARMYOFMANYha sf
ormed.
Thei
rrevol
utionisani ns
urr
ect
ion
agai
nstthecr
uelt
ie
sofGREED a ndCorr
upt
ionandisbeingwa gedincyber-
spac
efromPC’ Saroundt
heworl
d.

Ent
erSonyPl
ays
tat
ionNe
twor
k
I
fcor
por
ateowne
dgovernment
sandmul t
ina
tionalcor
por
ati
onsr
eal
lyt
hinktha
t
t
heta
kedownofsonypsnwasaboutpuni
shme ntfors
pyi
ngonthei
rus
ers,t
hey
s
houl
dandmustt
hinkagai
n.

Asa nygoodwars
tra
ti
gestmi
ght
doit
iswort
htakingal
ooka t
thel
eaduptoone
ofthebiggest
,mostexpe
nse
,mostembar
ras
sing,andlonges
tshutdownsin
cyberhis
tor
y.
Ti
mel
ine
Apri
l16th -Anonymouspl ansaboycottofSony
Apri
l22nd-Playsta
ti
onne tworkishackedandshut
down
Apri
l26th-Playst
ati
ona nnounces77mi l
li
onPSNc us
tomer
sinf
orma
tionwa
s
ha
cked
Apri
l27th -Thehackernewsl e
akschatlogofPSNhacker
s

Ast hi
siswrit
tenwea r
ee nt
eri
ngdaynineofthes
hutdownma nyus
ersandon-
lookersar
easki
ngque s
ti
ons.Ifyouar
enotoneofthe77mi l
li
onnetwor
kus er
s
youmi ghtbeaski
ng,“Whati stheplayst
ati
onnetwork?”TheSonyPlayst
a-
tionnetwor
kwi l
lconnectyourpl
ays
tati
on3totheint
erne
tandtosony’
scloud
se r
vic
es.

I
fyoua reoneoft he77mi l
li
onuserswa i
ti
ngtore
sumeyourga meplayi
ng,you
mightbeasking,“Howl ongwillt
hepl ays
tat
ionnetworkbedown? ”Ahacker
mightte
llyou,are vol
uti
ontakest
ime.Sonyha sst
atedthe
yhopet obebac
kup
i
nawe e
k.Aha c
ke rmightr
espondt
ot hatasa
noptimist
icpre
dict
ion.

Onethi
ngonmostpeopl
e’smi
ndsi
stheque
sti
on
“Ismydatas
afe?”

www.t
hehacker
news.c
om
12|
Ma y2011|I
ssue02
Sonyc omplainsthatt
hecompr omise
di nformat
ionmi ghtbeus e
dbyt hehacker
s
ort heinfor
ma t
ionc oul
dbes ol
dtoat hir
dpa rt
y.TheHac kerNe ws[THN]
thinkstha
t i
farevoluti
onisafoot,t
herebe l
swouldnot endangertheverypeopl
e
itistr
yingtoprotec
t.NotethatWell
sFa rgo,Ame r
icanExpress,andMa ste
rCa r
d
ha vebeenmoni t
oringcardhol
dersaccountsandha veseennouna ut
horiz
eda c-
tivit
yrela
tedtosony .

Pre
sent
ly,SonyCorpora
ti
oni sf
acingaclassac
tionla
wsuitbyagroupi
nCa l
i-
for
niaf
orfail
ingtoprot
ectuser
sinformat
ion.i
na ddi
ti
on,thi
sshut
downcoul
d
cos
tsonyupwa r
dsof24bill
iondollar
s.

Ast heworldwa t
che ssonys t
rugglet
or es
olvethei
rpre
sentconfoundi
ngsit
ua-
tionwemus twonde rwha tthe
s ecyberwarri
orsar
etryi
ngtoc onvey?Couldit
bea n“Awakening”i nconveni
encetothegame rsc
ouple
dwi t
hahe ftymonet
ary
lossandinc
onvenienc etosony?I nfa c
t,perha
pstheyareat
temptingtose
nda
biggerandmoreimpor tantmessagetothewor l
d.

Couldtheirmessa
gebeac allt
oarms ?Onec anonlysurmiseifcorpora
teowned
gover
nme ntsandgre
eddrivenmultinati
onalcorporat
ionsconti
nuetowa gewar
agai
nstma nki
ndinthenameofgr ee dandprofit
,thenthetakedownofSONY
PSNa ppe
a rst
ohavegive
nt hecyberarmya neventtorevel
inapr obabl
erecr
uit
-
ingt
ool.
Wear eAnonymous
Wear eLegion
WedonotFor give
WedonotFor get
Expe ctUs

www.t
hehacker
news.c
om
13|
Ma y2011|I
ssue02
A71ye arol
dma nname d
AnnaHa zar
edec i
destofast
untodeat
hunlessgovernment
rec
tif
iesi
tsi
lls
.

Wha
tdo
esi
tal
lme
anf
or
I
ndi
a.
..
?
Its
eemedunl
ikelyt
hatKis
anBaburaoHazare,t
heolde
stofsi
xsibl
ingsandof
humbl
ebegi
nningswoul
deverbei
nthepos
iti
onofalt
eri
nggover
nmentpra
c t
ice
s
wit
hthes
oundofjus
ttwowords
—“HungerStri
ke”.

Bornin1940i
nthevi
lla
geRa leganSi
ddi,Kisa
nBa bur
aoHa zare
,bet
terknownin
t
hewor l
dasAnnaAar
are,hasdonejus
tthat
.Ins
pir
edbyt heworksofVi
vekananda
,
Gandhi
,andVi
nobaBhave,hebe c
ameas oc
ialwor
ke ra
nda c
tivi
st
.

TodayAnnaHa zar
eisre
sponsi
bleforthegovernmentc
ons
ide
rat
ionoftheJ an
Lokpalbil
lwhi
chwouldest
abl
is
hi nindi
aac hi
efombuds
manandanti
-cor
rupt
ion
panelout
si
deofgover
nme
ntala
ndpoliti
cali
nfl
uence
.

But,hedi
dn’tcomebythi
sache
ivementwit
houtconsi
der
abl
eexpe
rie
nceandaper
-
sua
s i
vete
chniqueofsubmi
tt
ingtohungerst
rike
st obri
ngsomeenl
ight
enmentt
o
I
ndianpol
iti
cs.

Star
ti
ngin1975a ndworki
nginRa
leganSiddhivi
ll
age,hetr
ansfor
medthewa t
er
dis
tri
but
ionsys
tem whi
chledt
oawater
she
dde vel
opmenttha
tbroughtas
olut
ionto
ir
ri
gati
onprobl
ems .

Soinf
lue
nti
alandprogr
ess
ivewashisde
signthat
theIndi
angove
rnme
ntpl
anst
ode
-
vel
opamode lofi
tforot
hervi
ll
agesint
hec ount
ry.
In1991Hazarewasabl
etoexpos
ecoll
usi
onbet
we e
n
for
estof
fi
cial
sandti
mberme r
chant
sre
sul
tingi
nsus-
pensi
onoftheseof
fi
cia
ls.
www.t
hehacker
news.c
om
14|
Ma y2011|I
ssue02
I
n2003hee
nte
redafas
tla
sti
ngsi
xdaysbr
ingi
ngindi
ctme
ntsf
orc
orr
upt
iona
gai
nst
f
ourNCPMini
st
ersoft
heCongr
ess-
NCPGovernment.

Soonaf
ter
,Harazewassuc
cessfulinstr
engtheni
ngtheMa har
ashtr
arightt
oinf
orma-
ti
onactbyenteri
ngahungers tr
ikea gai
nl ast
ingsi
xda ysbefor
ethegove r
nment
agr
eedtoamendther
ightt
oinforma t
ionacttoexcl
udethefi
lenoti
ngsbythegover
n-
mentof
fic
ial
sfromit
spurvie
w.

In2011AnnaHarazei
nit
iat
edamovementt
opasst
heja
nlokpa
lbi
ll
.heoncea
gain
begana98hourhunge
rstri
ket
oforc
ethegove
rnmentt
opasst
hej
anlokpa
lbi
llby
15augus
t2011.

Short
lyaf
tert
hathede
ma ndedanamendme ntt
otheel
ect
roll
awt oinc
orpor
atethe
opt
ionof“noneoft
heabove”inthee
lect
ronicvot
ingmac
hinesduri
ngIndia
ne l
ec-
ti
ons.

Sport
ingthe
seaccompl i
shme nt
s,i
tis
n’tawonde
rtha
tthel
oot
erswhogover
nIndia
haveputupaunit
e dfrontt
ode rai
lHaraz
eandhismoveme
ntt
of r
eeIndi
afr
om the
cl
utchesofl
oot
inga ndcorrupti
on.

Astheeconomi
ccondi
ti
onofindi
ade
ter
ior
ate
sfur
therandf
urt
her
,Ii
mplor
ealli
ndi
-
anstori
seupanddemandthepri
nci
ple
sanddoct
rineofAnnaAaza
rebeins
ti
tut
ed
andfol
lowed.

Annahar
azec a
nnotsi
ngleha
ndedl
yst
opthede
eproot
edstat
eofc
orr
upt
ioninIndi
a.
HeneedsIndia
,thepeopl
eofIndi
a,t
ost
andwit
hhim,loudl
yandre
tur
nIndiagov-
er
nmenttoitsr
ight
fulowner
s.

The
rec
oul
dbenot
rue
rwor
dsofAnnaHaz
aret
hant
hes
e:
Theul
“ ti
mat
egoa
lofa
llpol
it
ic
sands
oci
alwor
k
s
houl
dbet
heupl
if
tme
ntofs
oci
et
yandoft
hena
tion.

Wri
e nBy:
Mohi
tKuma
r
Edi
tedBy:P
aeGal
l
e

www.t
hehacker
news.c
om
15|
Ma y2011|I
ssue02
Q/
A
Questi
on:Whys houldthegenerat
ionoffr
eelov
e,hippi
es,
and
pol
it
ica
ldis
sentbeawa r
e ,
int
eres
ted,educat
edandsupport
iveof
hac
kingandothercybermethodsofa wak
eningpeople?
Answer: Thesedayseven5yearoldshaveafacebookprole.Asa l
lage
groupsa r
eregula
rint
ernetus
erstheint
ernetbecomesac ri
ti
calpa
rtofever
y-
onesli
fe.Ifpeopl
edon'tknowhowt owor konl
inesafel
ythentheycanbe
vi
c t
im ofcybercr
imeanytime.

Oneoftheobjectiv
esofTHNistobri
ngther ea
lit
yofs ecur
it
ya ndi
t'
sconse-
quencest
oi nt
ernetuser
s.Thegener
ati
ony ourefertoinyourquest
ionis
comingalong,buttheyneedmoreeducat
iona nda warenessoft
hepowerand
thethr
eatoftheinter
net.

Ibel
ievewecaneducatepeopl
eonhowt obett
erprot
ectthemsel
vesand
bri
ngunder s
tandi
ngthatj
ustbeca
useabigcorpor
ati
ontell
syouyourinf
or-
ma t
ioniss
ecure,
don'
tbes oqui
cktobel
i
eveit.

Todaywec an"hack"intomos talls


ystems .Theindustryisnotones t
epa head
ofus,
,,
,,
wea r
eones tepa headofthem.T i
mef oreveryonet oreal
i
zet hatgov-
ernment sandc or
por ati
onsthatenga geincorrupti
on, decepti
ona nds t
eal
ing
ofci
tiz
ensha rdearneddol l
arswil
lbee xposed.Itmightbef airt
os aythat
hackersa r
etheba bysitt
ersoftheevilofthewor l
d.Wea rewatchi
nga ndwe
aredis
c overi
ngwha tt hesetheiv
esa r
edoi ngandt heya r
ebewi l
dereda sto
howt oc opewithit.

T
imeforal
lgener
ati
ons
,espec
ial
l
yt hegenera
tionofthe1960'
stha
tunder-
s
toodgover
nmentneededanoverhaul
,tosupportanduti
li
zethei
nter
netto
a
ccompli
shthi
s.

Ibel
i
evethi
sc ur
rentgener
ati
oncandowha tot
hersc
ouldnot .Wit
hout ri
ng
oneshot
,gat
heringinonepubli
csqua
re,c
arryi
ngoneprotestsi
gn,wecanv i
a
ourcomput
ersbringdowntheoutofcont
rolunet
hic
albeha v
iorofgov
ern-
mentandcorporati
ons.
Patt
iGal l
e,
ContentEditor,
TheHac kerNewsMagaz ine

www.t
hehacker
news.c
om
16|
Ma y2011|I
ssue02
1.
)Sos
orr
ySony….
.
SonyOnl
i
neEnt
ert
ainmentannouncedt
hati
thasl
ost12,
700cus
tomercr
edi
tcar
dnumber
sast
her
esul
tof

anat
tack,andr
oughl
y24.
6mi
l
li
onaccount eached.ReadMor
smayhavebeenbr e@ht
tp:
//
ti
nyur
l.
com/
3ry9675

2.
)Anonymousper
for
msOper
ati
onI
ran.(
TheHackerNewsGaveThem aSt
andi
ngOvat
ion)OpI
ranat
tackedt
hegover
nmen-

t
alwebs
it
esr
espons
ibl
eforoppr
ess
ingf
reedom ofs
peech,i
nfor
mat
ionori
deas
.Anonymoust
imedat
tackst
ocoi
nci
dewi
th

I
nter
nat
ionalWor
ker
s'Dayi
ntheUni
tedSt
at .ReadMor
es e@ ht
tp:
//
ti
nyur
l.
com/
5tsnpsg

3.
)DSLRepor
t.
com Hacked-t
hei
nfor
mat
ionandr
evi
ews
it
eonhi
ghs
peedI
nter
nets
ervi
ceswhi
choper
atesover200f
orums-

hasbeenhi
twi
thabl
i
ndSQLi
nject
ionat
tack,whi
chr
esul
tedi
nthecompr
omi
seofatl
eas
t9000account
s.ReadMor
e

@ht
tp:
//
ti
nyur
l.
com/
3pphma4

4.
)LadyGal
lat
wit
teraboutheraccountbei
nghacked.Ahackergai
nedacces
stoLadyGaga'
stwi
tt
eraccountandbeganpos
t-

i
nganumberofs
pam mes
sages
,al
lwr
it
teni
nSpani
sh.ReadMor
e@ht
tp:
//
ti
nyur
l.
com/
3g55t
6a

5.
)Hacker
str
ydat
ing.As
oci
alNet
wor
kingSi
te,Buddi
e.
mei
shackedandabout15809emai
l
s/pas
swor
dshavebeenexpos
ed

heWWW!ReadMor
ont e@ht
tp:
//
ti
nyur
l.
com/
3qcyu2x

6.
)Paki
st
anCyberAr
myder
ail
stheI
ndi
ant
rai
nsys
tem.PCAhackedi
ntoI
ndi
anr
ail
way'
semai
lsys
tem anddownl
oadal
loft
he

con dent
ialemai
l
saswel
lasemai
laddr
ess
esandt
hei
rpas
swor
ds.ReadMor
e@ht
tp:
//
ti
nyur
l.
com/
3jl
v8r
t

7.
)HackerdoesaNaught
ydeed.A26-
year
-ol
dmanf
aces13f
elonychar
gesaf
terbei
ngaccus
edofhacki
ngi
ntoFacebookac-

count
s,s
teal
i
ngphot
osofyoungwomenandpos
ti
ngt
hem onpor
nsi
t .ReadMor
es e@ht
tp:
//
ti
nyur
l.
com/
6dhs2j
5

8.
)Hacker
seatt
hei
rown.ATur
kis
hHacker
sGr
ouphacksCyber
hacker
s.
org.ReadMor
e@ht
tp:
//
ti
nyur
l.
com/
3nmbl
7j

www.t
hehacker
news.c
om
17|
Ma y2011|I
ssue02
9.
)I
ndi
aandPaki
st
anati
tagai
n.I
ndi
anHackerCodeBr
eaker
shackedPAF(
Paki
st
anAi
rFor
ce)s
erver.ReadMor
e@

ht
tp:
//
ti
nyur
l.
com/
3kwo43k

10.
)Empl
oyeet
urnedHackers
eesr
ed.Anempl
oyeecl
ai
msr
evengef
oran"
il
legi
ti
mat
eri
ng,
"st
ati
ngt
hathewasabl
etobr
eak

a200megawatwi
ndt
urbi
nes
yst
em ownedbyNext
EraEner
gyRes
our .ReadMor
ces e@ht
tp:
//
ti
nyur
l.
com/
6l42yg8

11.
)Ever
ythi
ngi
smadei
nChi
na……evenHacker
s!Ther
eisagr
owi
ngt
hreatt
oWes
ter
ngover
nment
sandcor
por
ati
onsast
hey

ar
eunderat
tackf
rom hacker
sbas
edi na.ReadMor
nChi e@ht
tp:
//
ti
nyur
l.
com/
3kkf
ac2

12.
)Hacker
sar
eoutoft
hiswor
ld!TheEur
opeanSpaceAgency(
ESA)
,es
tabl
i
shedi
n1975washackedbyTi .ReadMor
nKode. e

@ht
tp:
//
ti
nyur
l.
com/
3bnqe7u

13.
)Wor
dPr
esshasbeenhackedr
esul
ti
ngwhatt
hecompanys
aidwasal
ow-
level(
root
)br
eak-
int
osever
aloft
hei
rser
ver
s.

ReadMor
e@ht
tp:
//
ti
nyur
l.
com/
3baxshd

14.
)Hacker
sdot
hei
rownadver
ti
si
ng.Eps
il
on'
s(Mar
ket
ings
ervi
ces r
m)Cus
tomerLi
st
sofMaj
orBr
andsCompr
omi
sed.Read

Mor
e@ht
tp:
//
ti
nyur
l.
com/
3cg4x4l

15.
)Whoi
sbabys
it
ti
ngt
hebabys
it
ter
?Howdi
dahackermanaget
oinl
tr
ateoneoft
hewor
ld’
stopcomput
er-
secur
it
ycompa-

ni
es?Ar
eRSApr
oduct
snowuns
afet
o40mi
l
li
onus
er?ReadMor
s e@ht
tp:
//
ti
nyur
l.
com/
3w8knw6

www.t
hehacker
news.c
om
18|
Ma y2011|I
ssue02
HACKERZ
TOOL
KIT
1.
)Me t
asploi
tFr ame wo r
k3 .7.
0Re l
eased-h t
tp:/
/t
inyurl
.com/3j
efl8a
2.
)Tor0.2.
2.25-alphar el
eased-h ttp:
//t
inyurl
.c
o m/3kv856h
3.
)Hacky ourSo nyPSP:I SOTo olv1 .
975Re l
e as
ed-h tt
p:/
/t
inyurl
.com/3uba3zf
4.
)GoogleHa ckDa t
a baseToolv 1.1-h t
tp:
//t
inyurl
.com/3zwevl3
5.
)USBI mmu niz
e r:An ti
-Ma l
wa reTo ol-htt
p://
ti
ny ur
l.
com/3u5c5w3
6.
)ArpON2 .
2r el
ea s
e d-ARPh a ndle
rinspect
ion-h tt
p:/
/ti
nyurl
.com/3dlf
e6z
7.
)Hydrav 6.
3Re l
e a
se dwitho r
a cl
e&s nmp -
enummo dules-htt
p:/
/ti
nyurl.
com/3kco72m
8.
)PacketMan i
pulator0 .
3r el
eased-i ncl
udingWi ndowsI nst
all
er-http:
//
ti
nyu r
l.
com/3kpne
wl
9.
)LiveHa ckingDVDv 1 .
3Be ta-Do wn loa
d-h ttp:
//
tinyur
l.
com/3mm7 uqs
10.
)Ncrack0 .
4Al p ha-Ne wVe rs
iond ownload-h t
tp:/
/t
inyurl
.com/3b8n4j6
1
1.)JohntheRi pper1 .
7 .
7n ewv ersionReleased-h t
tp:
//
tinyur
l.
com/4 yr
u624
12.
)MicrosoftWi ndowsMa li
cio usSoftwareRe movalTool-h t
tp:
//
tinyurl
.c
om/ 3dpkws
h
13.
)Cain&Ab el4 .9.
40r el
eased, Do wn l
oadn ow-h tt
p:/
/ti
nyurl
.com/448wz2 u
14.
)Pangoli
nv 3.2.3Re l
eased,Do wn l
oadNo w-h t
tp:
//t
inyur
l.
com/3n zqgxk
15.
)TheSo ci
a l
-Eng i
n eerToolkitv1 .
3.5Released-http:
//
tinyur
l.
com/ 3py5o2e
16.
)Inf
on dl
inux-Se c uri
tytoolsinstal
lscri
ptforUb untu-h t
tp:
//
ti
ny ur
l.
com/3 s
pc4p9
17.
)Bodg eI
tStore:Vu lner
ableWe bAp pl
icat
ionFo rPT-h tt
p:/
/ti
nyurl.
com/4yh9uh4
18.
)fi
lei
nfo-gui-Fo ren s
ictoolforf i
leinf
orma t
ion-h t
tp:/
/t
inyurl
.c
o m/3ksqn68
19.
)THC- Ama pv 5.3-a ppli
cationp rot
ocoldetect
ionRe l
eased-h t
tp:
//t
inyur
l.c
om/6jwtr
9x
20.
)Phoenixe xpl
o i
tk i
t2 .
5l e
ak ed,Do wnloadNo w-h tt
p://
ti
nyurl.
com/4y2gkrc
21.
)Wireshar
k1 .
5.1De vel
opme ntRe leas
e-h t
tp:/
/ti
nyurl
.com/4xumg 46
22.
)OllyDbg2 .01a l
p ha3Re leased-h tt
p:/
/ti
nyurl.
com/3czxq4j
23.
)Sqlmapv .0.
9-a u t
o mati
cSQLi nj
ecti
on-h tt
p:/
/ti
nyurl.
com/3olt
5ez
24.
)RawCa ps nif
ferfo rWindowsr el
eased-h t
tp:/
/t
inyurl
.com/6y5gl
7 q
25.
)WiFiteTh eWEP/ WP ACr ac kerversi
onr68r el
eased-h tt
p:/
/t
inyurl
.com/3zv7ej
6
26.
)PenTBo x1 .
4–Pe n et
rat
ionTe sti
ngSe curi
tySu i
teDo wnload-http:
//
ti
nyu r
l.
com/42ydz
sx
27.
)DRIL:Do mainRe vers
eIPLo okupTo olDo wnload-h t
tp:
//
tinyurl
.c
om/ 3w5mlvg

www.t
hehacker
news.c
om
19|
Ma y2011|I
ssue02
'
TheHacker
sPar
adi
se'
hackedbyKhant
ast
iC

On30Apr
il2011,Khant
ast
iC(
Paki
st
anihacker
)Hackedi
nto

ht
tp:
//
www.
thehacker
spar
adi
se.
com andaddhi
sdef
acepageont
hat
.

ReadMor
e@ht
tp:
//
ti
nyur
l.
com/
3huasms

Pr
esi
dentofPaki
st
an–Dat
abas
eHackedByMohi
tPandeAkaTos
hu

On1may2011,Mohi
tPande(
Indi
anHacker
)hackPaki
st
aniPr
esi
dent
’s

Offici
alwebs
it
eandexpos
eddat
abas
eashackpr
oof-

ht
tp:
//
pas
tebi
n.
com/
Vta6hVWTHackedSi
te-

ht
tp:
//
www.
pres
ident
ofpaki
st
an.
gov.
pk/,

ReadMor
e@ht
tp:
//
ti
nyur
l.
com/
3hyl
zo6

Es
cuel
aUni
ver
si
tar
iaDi
seno-Spai
nhackedbyFr
0664/
FCA,26740

emai
l
s/pas
swor
dsDumped-On1may2011,Fr
0664/
FCAhackedda-

t
abas
eofEs
cuel
aUni
ver
si
tar
iaDi
seno–Spai
nanddumpt
hedat
a-

bas
eatht
tps
:/
/rapi
dshar
e.com/l
es/
460080122/
esne.
edu.
7z.

ReadMor
e@ht
tp:
//
ti
nyur
l.
com/
4y4g7r
v

Avi
ati
onWebs
it
ePl
anes
pot
ter
s.
nethackedByLi
onanees
h

On29Apr
il2011,Li
onanees
h(I
ndi
anHacker
)hackedPl
anes
pot
ter
s.
net

andExpos
edat
abas
eatht
tp:
//
pas
tebi
n.
com/
iqqaPway.

ReadMor
e@ht
tp:
//
ti
nyur
l.
com/
4y4ho5j
FamousI
sr
ael
icompanywebs
it
esHackedbyOl
dChi
l
dz(
Tur
kis
hHacker
s)

On29Apr
il2011,Ol
dChi
l
dz(
Tur
kis
hHacker
s)hackvar
iousFamousI
sr
ael
i

companywebs
it
es.ReadMor
e@ht
tp:
//
ti
nyur
l.
com/
4xh3t
6f

Cambr
idgeNet
wor
kshackedbyShak[
PCA]

On27t
hApr
il2011,Shak(
Paki
st
anihacker
)hacki
nto

cambr
idgewebwor
ks.
com andcambr
idge-
net
wor
ks.
co.
uk.

ReadMor
e@ht
tp:
//
ti
nyur
l.
com/
42csl
at

253webs
it
edef
acedbyi
mm0r
t4l(I
ndi
anhacki
ngcr
ew)

On27Apr
il2011,i
mm0r
t4lHackvar
iouss
it
esl
i
stedat

ht
tp:
//
pas
tebi
n.
com/
r57UmqZ0.

ReadMor
e@ht
tp:
//
ti
nyur
l.
com/
3b5w3nt

TheFi
l
m andPubl
i
cat
ionBoar
d’s(
FPB)webs
it
eHackedbyDr
.Kr
oOoZ-

By.
NeShTeR/TTG On26t
hApr
il
,TheFi
l
m andPubl
i
cat
ionBoar
d’s

(
FPB)webs
it
e,hos
tedatht
tp:
//
www.
f
pb.
gov.
za,hadbeenhackedby

Dr
.Kr
oOoZ-By.
NeShTeR/TTG.

ReadMor
e@ht
tp:
//
ti
nyur
l.
com/
43bg64u

www.t
hehacker
news.c
om
21|
Ma y2011|I
ssue02
Pakr
ail
.
com dat
abas
eandus
erdet
ail
shackedbyAngel4k44d0r
4b13

Angel(
Indi
anhacker
)hackedt
hedat
abas
eofPakr
ail
.
com on26t
hApr
il

2011.HackedDat
abas
e-ht
tp:
//
pas
tebi
n.
com/
y6WQ1Qr
r

ReadMor
e@ht
tp:
//
ti
nyur
l.
com/
3k33kvq

TheOakRi
dgeNat
ionalLabor
ator
yHacked

-On22Apr
il2011,TheOakRi
dgeNat
ionalLabor
ator
ygot

Hacked.ReadMor
e@ht
tp:
//
ti
nyur
l.
com/
3kr
w47d

20chi
nagover
nmentwebs
it
eshackedbyThe077(HamDiHaCker)

On20t
hApr
il2011,20chi
nagover
nmentwebs
it
esgothackedby

The077(HamDiHaCker)
.Hackeds
it
esLi
st:

ht
tp:
//
pas
tebi
n.
com/
YbyS1Ghm .

ReadMor
e@ht
tp:
//
ti
nyur
l.
com/
42db5mp

CEHTr
ainer(
Cent
enni
alMedi
aTr
aini
ng)GotHacked

On12Apr
ilAhackerhackedi
ntowebs
it
eofCEHt
rai
nerat

ht
tp:
//
www.
cmt
rai
ning.
com.
au/.

ReadMor
e@ht
tp:
//
ti
nyur
l.
com/
3vkz6me

www.t
hehacker
news.c
om
22|
Ma y2011|I
ssue02
70I
ndi
anWebs
it
esHackedByShadow008(
PakCyber
Army)

On10Apr
il2011,Shadow008(
PakCyber
Army)hack70I
ndi
anwebs
it
es.

Her
eisl
i
stofhackeds
it
es-ht
tp:
//
pas
tebi
n.
com/
8weEL5Bx.

ReadMor
e@ht
tp:
//
ti
nyur
l.
com/
3rhznzo

CatTechi
eakkavai
dehis
achi
n'
sal
lsi
tes
,Secur
it
yFi
rm &News

CompanygotHacked-On7t
hApr
il2011,CatTechi
eakkavai
dehi

s
achi
n'
sal
lsi
tes
,Secur
it
yFi
rm &NewsCompanygotHackedby

I
ndi
anl
33tHaxor
s.ReadMor
e@ht
tp:
//
ti
nyur
l.
com/
4x67dgk

Wi
ndowsSer
ver
sHackedatTheHar
tf
ordI
nsur
anceCompany

On7t
hApr
il2011,Hacker
shavebr
okeni
ntoTheHar
tf
ordi
nsur
ance

companyandi
nst
all
edpas
swor
d-s
teal
i
ngpr
ogr
amsons
ever
aloft
he

company'
sWi
ndowss
erver
s.

ReadMor
e@ht
tp:
//
ti
nyur
l.
com/
3qnpl
8o

GovtofOr
is
sawebs
it
eOwnedbyZHCXt
reMi
st[
ZHC]

On6t
hApr
il2011,GovtofOr
is
sawebs
it
e-zs
smayur
bhanj
.
gov.
i
nwas

hackedbyZHCXt
reMi
st[
ZHC]
.

ReadMor
e@ht
tp:
//
ti
nyur
l.
com/
3baku2m

www.t
hehacker
news.c
om
23|
Ma y2011|I
ssue02
Securi
tyEvents
Bel
netSecur
it
yConf
erence,5May2011i
nBr
uss
els

Secur
it
yont
heI
nter
neti
soneofBel
net
'shi
ghes
tpr
ior
it
ies
.Bel
netaf
teral
lhasext
ens
iveexper
ti
seati
tsdi
spos
ali
nthe

ar
eaofI
nter
nets
ecur
it
y.Mor
eover
,wi
tht
heexpans
ionofi
tss
ecur
it
yser
vices
,Bel
netwi
shest
orai
seawar
enes
sont
he

par
toft
heus
ercommuni
tywi
thr
espectt
osecur
it
y.

Ther
efor
eBel
netor
gani
zes:

What?Bel
netSecur
it
yConf
erence

When?Thur
sday5may2011

Wher
e?atMar
ivauxHot
el,Boul
evar
dAdol
pheMax98,

1000Br
uss
elsAcces
smap

ReadMor
e@ht
tp:
//
ti
nyur
l.
com/
3sbqzcg

OWASPHackademi
cChal
l
engesPr
oject

TheOWASPHackademi
cChal
l
engesPr
ojecti
sanopens
our
cepr
ojectt
hathel
psyout
estyourknowl
edgeonwebappl
i
-

cat
ions
ecur
it
y.Thecompet
it
ions
tar
tson21s
tApr
ilandwi
l
lrunf
or4weeksunt
il15t
hMay.

ReadMor
e@ht
tp:
//
ti
nyur
l.
com/
3hf
d6r
p
Securi
tyEvents
Cal
l
ingAl
lHacker
s-Gr
andPr
izei
nSuns
hineSt
ate“
Hackt
acul
ar”Chal
l
enge

Cal
l
ingal
lhacker
s:Dat
aAnal
yzer
s,LLC(
www.
dat
anal
yzer
s.
com)i
nOr
lando,

Fl
ori
da,i
shos
ti
ngt
heSuns
hineSt
ate"
Hackt
acul
ar"Chal
l
engewi
thabi
gpr
ize

f
ort
het
opcompet
it
or–af
ull
-t
imej
obwi
thbenet
sandr
elocat
ional
l
owance

i
fyoumovet
oOr
lando.

ReadMor
e@ht
tp:
//
ti
nyur
l.
com/
4xes3t
4

TheUnder
groundCyberHacki
ngChal
l
enge

0p3nH4xi
sthe r
stofi
tski
nd"
under
groundcyberhacki
ngchal
l
enge"
.A

chal
l
engebyhacker
sforhacker
stot
estr
eals
kil
l
sint
he el
d.Wear
echal
-

l
engi
ngal
lhacker
snomat
teri
fyouar
ebl
ackorwhi
te"
hat
ted"
.I
t'
sti
met
o

pr
ovet
hatyourpr
efer
redcommuni
tyi
snots
oski
d.Deadl
i
nef
orr
egi
st
ra-

t
ionsf
ort
heunder
groundhacki
ngchal
l
engei
s8t
hMay2011at00:
00

GMT.ReadMor
e@ht
tp:
//
ti
nyur
l.
com/
4ynukd7

Der
byConSecur
it
yConf
erence2011

Offens
iveSecur
it
ywi
l
lbes
pons
ori
ngDer
byCon.Der
byConi
sanewhackerconf
erencel
ocat
edi
nLou-

i
svi
l
leKent
ucky.Goali
stobr
ingbackanol
dst
yle,communi
tydr
ivenhackerconchockedf
ullofamaz-

i
ngt
alks
,li
veevent
sandal
lar
oundf
un.Der
byConwi
l
lbeatt
heHyat
tRegencyi
nLoui
svi
l
leKent
ucky,

t
icket
swi
l
lgoons
aleat8:
00AMonFr
idayApr
il29,2011f
or$125.
00f
ort
hatweekendandgoupt
o

$150.
00ont
hef
oll ngMonday.ReadMor
owi e@ht
tp:
//
ti
nyur
l.
com/
3vvl
t78
CYBER CRI
ME
Hackerpl
eadsaf
terbus
tedwi
th675Ks
tol
encar
ds

AGeor
giamanhaspl
eadedgui
l
tyt
ofr
audandi
dent
it
ythef
taf
terau-

t
hor
it
iesf
oundhi
minpos
ses
sionofmor
ethan675,
000cr
edi
tcar
dnum-

ber
s,s
omeofwhi
chheobt
ainedbyhacki
ngi
ntobus
ines
snet
wor
ks.

ReadMor
e@ht
tp:
//
ti
nyur
l.
com/
3eww6kv

For
merCi
scoEngi
neerAr
res
tedf
orHacki
ng

Af
ormerCi
scoengi
neerwasar
res
tedl
astyearonchar
gesofhacki
ngi
ntohi
s

f
ormerempl
oyer
'snet
wor
kandi
scur
rent
lyawai
ti
ngext
radi
ti
oni
nCanada.

Thechar
gesagai
nstPet
erAl
fr
ed-
Adekeye,aBr
it
is
hnat
ionalwhowor
kedf
or

Ci
scobef
orel
eavi
ngt
ost
arthi
sowncompany,wer
erepor
tedi
nlocalVan-

couvermedi
at sweek.ReadMor
hi e@ ht
tp:
//
ti
nyur
l.
com/
3sv5evq

Paki
st
anpr
esi
dent
'swebs
it
ehacki
ngcas
eadj
our
ned

Acour
ther
ehasadj
our
nedt
hecas
eofamanwhohackedi
ntot
hePaki
st
anpr
esi
-

dent
'swebs
it
eandupl
oadedmat
eri
aldef
ami
ngAs
ifAl
iZar
dar
i.Accor
dingt
oFed-

er
alI
nves
ti
gat
ionAgency(
FIA)enqui
ry,t
hehacker
,ShahbazKhan,hadt
he

us
ernameADI
L/Th3-
penet
rat
oranddef
acedt
hewebs
it
ewww.
pres
ident
-of
-

paki
st
an.
com andupl
oadedmat
eri
aldef
ami
ngZar
dar
iandt
hecount
ry.

ReadMor
e@ht
tp:
//
ti
nyur
l.
com/
4x7e83e

Hacker
sst
ealDel
l1000'
scus
tomeri
nfor
mat
ion

Theper
sonali
nfor
mat
ionoft
hous
andsofAus
tral
i
anshasbeens
tol
enbyhacker
s

whor
aidedaUS-
bas
eddat
abas
ecompany,i
nwhats
omeexper
tsar
ecal
l
ingt
he

bi
gges
tdat
athef
tinUShi
st
ory.I
nas
tat
ement
,Del
las
sur
edi
tscus
tomer
sthat

cr
edi
tcar
d,banki
ngandot
herper
sonal
l
y-i
dent
iabl
einf
ormat
ionwasnotatr
is
k

andr
emai
neds e.ReadMor
ecur e@ht
tp:
//
ti
nyur
l.
com/
3cuar
jt

www.t
hehacker
news.c
om
26|
Ma y2011|I
ssue02
LI
NUX NEWS
Ubunt
u11.
04Rel
eas
ed

Fort
hos
eofyouwat
chi
ngUbunt
u'swebs
it
erecent
ly,youmayhavenot
icedanew

ver
si
onoft
hepopul
arandeas
ytous
evar
iantofLi
nuxhasbeens
urf
aced-Nat
ty

Nar
wal
.Downl
oad:ht
tp:
//
www.
ubunt
u.com/
downl
oad.

ReadMor
e@ht
tp:
//
ti
nyur
l.
com/
3s95vl
9

ESETNOD32r
eleas
esAnt
ivi
rusf
orLi
nux4

ESETannouncedt
heavai
l
abi
l
ityofESETNOD32Ant
ivi
rus4Bus
ines
sEdi
ti
onf
orLi
nuxDes
k-

t
opandESETNOD32Ant
ivi
rus4f
orLi
nux.
ESETNOD32Ant
ivi
rus4f
orLi
nuxoffer
spr
otect
ion

agai
nstcr
oss
-pl
atf
orm andemer
gingt
hreat
s,enhanci
ngt
hes
ecur
it
yofLi
nuxpl
atf
orms
.The

s
canni
ngengi
neaut
omat
ical
l
ydet
ect
sandcl
eansmal
i
ciouscode,i
ncl
udi
ngt
hreat
sdes
igned

f
orWi
ndowsandMacbas
eds
yst .ReadMor
ems e@ht
tp:
//
ti
nyur
l.
com/
3jqt
usb

GNOME3.
0Rel
eas
ed,Avai
l
abl
eforDownl
oad

-GNOME3.
0isamaj
ormi
l
est
onei
nthehi
st
oryoft
heGNOMEPr
oject
.

Ther
eleas
eint
roducesanexci
ti
ngnewdes
ktopwhi
chhasbeende-

s
ignedf
ort
oday'
sus
ersandwhi
chi
ssui
tedt
oar
angeofmoder
ncom-

put
ingdevi
ces
.Downl
oadNow:ht
tp:
//
gnome3.
org/
tryi
t.
html.

ReadMor
e@ht
tp:
//
ti
nyur
l.
com/
3db52t
3

Mandr
iva2011Bet
a2i
sAvai
l
abl
eforTes
ti
ng

Mandr
iva2011bet
a2wass
uppos
edt
ober
eleas
edaweekago,butt
her
eleas
esched-

ul
ewasdel
ayedbyl
astmi
nut
edef
ect
sdi
scover
edbyt
hedevel
opmentandt
est
ing

t
eams
.Inor
dert
ogethol
dofbet
a2,youcanvi
si
tyourf
avor
it
eMandr
ivami
rr
orand

checkdevel
/i
s 2011.ReadMor
o/ e@ht
tp:
//
ti
nyur
l.
com/
3c388eq

www.t
hehacker
news.c
om
27|
Ma y2011|I
ssue02
Googl
e'
sChr
ome11 xes$16,
500wor
thofbugs

At
otalof27s
ecur
i
tyvul
ner
abi
l
it
iesar
e xedi
nthel
at
ests
tabl
erel
eas
eforWi
ndows
,

Mac,
Li
nuxandChr
omeFr
ame.
Indi
vi
dualr
ewar
dswer
efr
om $500upt
o$3,
000f
ora

par
ti
cul
ar
lynas
tyl
ooki
ngbugt
hatal
l
owedapos
si
bl
eURLbars
poofl
eadi
ngt
onavi
ga-

t
ioner
ror
sandi
nter
rupt
edpagel
oads
.

ReadMor
e@ht
tp:
//
ti
nyur
l.
com/
3hf
6vl
d

FBIcr
acksI
nter
nat
ionalBotNet
wor
k

TheDepar
tmentofJ
ust
iceandFBIdecl
ar
edt
hati
thascr
ackedanet
-

wor
kofhacker
s,whohavei
nf
ect
edal
mos
t2mi
l
li
oncomput
erswi
tha

har
mful"
bot
"pr
ogr
am,
Cor
eoodt
hats
teal
spr
i
vat
eandmonet
arydat
a

f
rom comput
ers
.ReadMor
e@ht
tp:
//
ti
nyur
l.
com/
4225el
q

Cyberj
i
hadi
st
scoul
dus
eSt
uxnetwor
mtoat
tackt
hewes
t

Thewor
stcas
escenar
i
oist
hatAl
-
Qaedaoranot
heror
gani
sat
ioncoul
dgai
n

acces
stot
hist
ypeofknowl
edgeandi
nf
ormat
ion,
andmakeus
eofi
ttol
aunch

at
tacksoncr
i
ticali
nf
ras
tr
uct
ure–l
i
kebl
owupnucl
earpowerpl
ant
sordos
ome-

t
hingt
oourf
oodchai
n.ReadMor
e@ht
tp:
//
ti
nyur
l.
com/
42sf
8qn

McAf
ees
tudy-I
ndi
aisf
our
thl
owes
tins
ecur
i
tyadopt
ion

Accor
dingt
other
epor
t ndi
ngs
,I
ndi
arankedf
our
thi
nter
msofl
owes
tlevel
s

ofs
ecur
i
tyadopt
ionaf
terBr
azi
l
,Fr
anceandMexi
co,
adopt
ingonl
yhal
fas

manys
ecur
i
tymeas
uresasl
eadi
ngcount
ri
ess
uchasChi
na,
It
al
yandJ
apan.

Concur
rent
ly,
Chi
naandJ
apanwer
eal
soamongt
hecount
ri
eswi
tht
hehi
gh-

es
tcon dencel
evel
si
ntheabi
l
it
yofcur
rentl
awst
opr
eventordet
erat
tacks

i
nthei
rcount
ri
esReadMor
. e@ht
tp:
//
ti
nyur
l.
com/
3g5hooh

www.t
hehacker
news.c
om
28|
Ma y201
1| I
ssue02
Si
emensAs
si
st
edwi
thSt
uxnet
'sDevel
opment
,cl
ai
medbyI
r
an

As
eni
orI
r
ani
anoffici
alaccus
esSi
emensofwi
l
li
ngl
yas
si
st
ingt
heSt
uxnetcr
e-

at
orsbypr
ovi
di
ngt
hes
our
cecodeneces
sar
yfort
hem t
oexpl
oi
ti
tss
oft
war
e.

"
Si
emenss
houl
dexpl
ai
nwhyandhowi
tpr
ovi
dedt
heenemi
eswi
tht
hei
nf
or-

mat
ionaboutt
hecodesoft
heSCADAs
oft
war
eandpr
epar
edt
hegr
oundf
ora

cyberat
tackagai
nstus
, ReadMor
". e@ht
tp:
//
ti
nyur
l.
com/
3uhapgd

Ver
i
zon2011Dat
aBr
eachI
nves
ti
gat
ionsRepor
tRel
eas
ed

Dat
alos
sthr
oughcyberat
tacksdecr
eas
eds
har
plyi
n2010,
butt
het
otal

numberofbr
eacheswashi
ghert
hanever
,accor
dingt
othe"Ver
i
zon2011

Dat
aBr
eachI
nves
ti
gat
ionsRepor
t."Thes
e ndi
ngscont
inuet
odemons
tr
ate

t
hatbus
ines
sesandcons
umer
smus
tremai
nvi
gi
lanti
nimpl
ement
ingand

mai
ntai
ni
ngs
ecur
i
typr
act
ices
.ReadMor
e@ht
tp:
//
ti
nyur
l.
com/
42vl
mx2

I
ndi
a'
sCBIpl
anst
osendt
eamst
oUS,
Eur
opet
otr
acehacker
s

Agai
nstt
hebackdr
opoft
heat
tackoni
tswebs
it
eby"
Paki
st
anCyber

Ar
my"
,theCBIi
scons
ider
i
ngt
osendi
tst
eam t
otheUSandEur
opet
o

t
racehacker
sinvol
vedi
nthedef
acement
.

ReadMor
e@ht
tp:
//
ti
nyur
l.
com/
3v673j
t

NewChi
nes
eMBRRoot
ki
tI
dent
ied

Anewr
oot
ki
tthatus
est
hemas
terbootr
ecor
d(MBR)t
ohi
dei
ts
elfhasbeen

di
scover
edi
nChi
naandi
sbei
ngus
edt
oins
tal
lanonl
i
negamepas
swor
d

s
teal
er
.

ReadMor
e@ht
tp:
//
ti
nyur
l.
com/
3vl
s6ho

www.t
hehacker
news.c
om
29|
Ma y201
1| I
ssue02
VULNERABI
LITY EXPOSURE
Vulnerabi
li
tyinFacebookEmai lfeatureExpos ed
Thi
st i
metheFacebookusernamefea t
ureisVulnerabl
e.Not
onlycanSpam'sbesentbutthi
sbugc a nbeusedt oposti
ll
egi
ti
-
ma t
emes s
agestoFacebookusersfrom thei
rfr
iendsoreit
her
fr
om unknownpeoplewi t
houtthec onsentofthesenderRead
.
Mor e@http:/
/ti
nyurl
.com/3pqxjxj
Not
e:"
Thi
sis
n'tas
eri
ous a
w,bugorv
ulner
abi
l
itybuthi
sispr
ooft
hatt
hewebs
it
esl
i
keF
acebookc
ont
ains
ecur
it
yhol
es."

0dayExpl oi
tReleased: Adobe, HP,Sun, Micr
osof tI
n-
teri
x&manymor eVendor sFTPhac kable
MultipleVendorsli
bc/glob(3)resour
ceex ha us
ti
on( +0day
remot eftpd-
anon) E
x pl
oitha sbeenreleasedandt hisex-
ploi
tc anha c
kFTPofv a
riousVendorslikeAdobe, HP, Sun,
MicrosoftInt
eri
x.
Readmor e@http://
tinyurl.com/3kngqj f

Facebooki snotExc l
usion,XMLVul nerabil
ity
Thisis
n'tseri
ous aworbug, vulnerabil
it
y ,
butthis
i
spr oovethatevensuchwebs it
e'scontainsecuri
ty
holes,andifyoulookthroughyouc ant a
k ethem
over.
ReadMor e@ht tp:/
/ti
nyurl.
com/ 5t7fd32

Mic ros of
tdi sclos esvul nerabil
it
iesinChr omeand
Oper aMicr osoftha si
ssuedt woa dvi
sori
esonChr ome
andOper a, deta i
lingremot ec odeexecuti
ona ndinfor
-
ma tiondisc losurev ul
nerabil
iti
es.Thedis
closurei
sthe
resultoftheMi c rosoftVulnerabil
i
tyResearch(MSVR)
system goi ngl i
v e, whichisoneoft hecoreitemswithi
n
theirCoor dina tedVul ner a
bili
tyDiscl
osur
e( CVD)pro-
gram. ReadMor e@ht tp://t
inyurl.
com/3hj 58bj

www.t
hehacker
news.c
om
30|
Ma y2011|I
ssue02
VULNERABI
LITY EXPOSURE
DHCPc li
entallowss hellcommandi nj
ecti
on
Dhcli
entversi
ons3.0.xto4.2.
xareal
lowsDHCPs er
ver
sto
i
njectcomma ndswhi chc oul
dall
owa nat
tackert
oobtai
n
rootpr
ivi
leges.
T heproblem isc
ausedbyincorr
ectlt
eri
ng
ofmetadatainserverresponse el
ds.

ReadMor
e@ht
tp:
//
ti
nyur
l.
com/
3bj
sv42

Mul tiplevulnerabil
iti
esinIBM Tivoli Dir
ec t
ory
ServerMul ti
plevulner
abil
it
ieshav ebeenr eport-
edinI BMT ivol
iDirect
oryServer
,whi chc anbeex -
ploitedbyma l
ici
oususerstodis
clos esensit
ivein-
forma ti
ona ndbyma l
ici
ouspeoplet oc ausea
Deni alofServi
cea ndcompromiseav ulnerabl
e
system.
ReadMor e@ht tp:/
/ti
nyurl.
com/ 3l8f4pm

Channel.facebook. com cross-si


te-scri
pti
ng( XSS)
vulnerabilit
ybyEdgar dChammas
Securi
tyresearcherE dgar
dCha mma s
,hassubmi t
ted
on02/04/ 2011ac ross-
si
te-sc
ripti
ng( XSS)vulnerabil
i
ty
affecti
ng1. 61.channel.
fac
ebook .com, whic
ha tt he
ti
meofs ubmi ssionranked2ont heweba ccordingto
Alexa.
Itiscurrentlyun xed.
ReadMor e@ht tp:/
/ti
nyurl.
com/ 3o7484g

Getal
lVulner
abil
it
yNews@
htt
p:/
/ti
nyurl
.c
om/6xl
nmwz

www.t
hehacker
news.c
om
31|
Ma y2011|I
ssue02
F
eedba
ck
DearRea der
s,
Thankyouforbei
ngapa rtofamovementof
awarenessandchange.Yoursupport
,pa r
ti
ci
pat
ionand
enc
our agementiswhywec onti
nuetoma k THEHACKER
e‘
NEWS’ thebests
ourceofint
ernetsec
urit
yontheweb.

T
oget herwec anbri
ngf or
wa rdthei nf
orma t
ionwe
needtoha veasust
a i
nableandhea lthyworld.Wec an'
t
waittobringy ounextmont h'
sedi t
ion,"Tot
alExposure"
thatwil
lcov er
,indepth,howv ulnerablegovernmentsand
corpora
tionsa re
.Youwon' twa nttomi ssi
t!

Plea
seforwar
dourma ga z
inet of
ri
ends,c
o-wor k
ers,
bosses
,fami
lyandbusinessesyouknowwoul denjoyread-
i
nga ndlear
ningaboutinternets
ecuri
tyandthewho's
whooft hei
nter
networ l
d.I nthemeanti
me ,Thankyou.
yourock!
TheHa c
kerNewsT ea
m

#Ema i
lUsyouFeedback/
Arti
clesatthehackernews@gma il
.
com
#Vis
itours
itehtt
p:/
/www.thehackernews .
com/
#Dona t
eus,
KeepusS t
rong:ht t
p://
tinyurl
.
com/ 64b7x
s 2
#Joi
nourfacebookpage:http:/
/ti
nyurl.
com/6de49r9
#Fol
lowusonT witt
er:htt
ps:
//twit
ter.c
om/ #!
/TheHacker
sNews

www.t
hehacker
news.c
om
32|
Ma y2011|I
ssue02

Вам также может понравиться