SourceForge vulnerable to XSS injection

A security researcher WilyXem from spain has discovered Reflected cross site scripting vulnerability in SourceForge(sourceforge.net).

SourceForge is a web-based source code repository. It acts as a centralized location for software developers to control and manage free and open source software development.

The vulnerability exists in the job finding page of sourceforge. The developer fails to validate input coming frin the text box that allows user to search jobs.

This left the text field vulnerable to attack.



The poc code:
sourceforge.net/jobs?age=1&text=1%22%3E%3Cscript%3Ealert%28%22WilyXem%20==%20UnderC0de.org%22%29%3C/script%3E&zip=10003&submit=Search

Pakistan army website hacked by Human mind cracker

The Tunisian hacker 'Human Mind Cracker' who discover critical vulnerability in high profile website.Again,this time he hacked into Pakistan Army website  and he get into their Database. He discovered SQL Injection vulnerability in their website 'www.pakistanarmy.gov.pk' .

In an email sent to EHN,the hacker provided us the vunerable link as a proof for his hacking.And he also provided a link to the dump (www.heypasteit.com/clip/0N5T).

" The reason of the hack is just to break the security of that website...I was thinking that Pakistan has a good cyber army but lool also they have a lot of vulnerable websites" hacker said in the email.

The dump contains database details, password, email address, admin id and password.

The hacker always try to hack into governments and banks website to improve his skills and want to know if government mind about security in their website.And the hacker said that more governments websites will be hacked by him soon.

#opleak29 : NASA database leaked by xl3gi0n hackers


The xl3gi0n hackers has breached one of the NASA subdomain ( Lunar Science Forum 2010) and compromised the database server.  The hackers leaked the stolen data in pastebin.

The leak(pastebin.com/HdFLpEMH) contains the email addresses, plain-text passwords, name of the user.  The leak also contains admin details including username, encrypted password.

There are three admin username and password listed in the leak. Hackers managed to crack the two out of three passwords and published the plain-text format of the password.

"This is why i were arrested the first time. hope you come and arrest me again cuz there are some files that will be leaked " Hacker said in the leak.

The hackers breached the database server by exploiting SQL Injection vulnerability.  In an Email send to EHN, hacker provided the vulnerable link of the target website.  Hacker requested me not to publish the vulnerable link.

CVE-2012-5664 :All Ruby on Rails versions vulnerable to SQL Injection vulnerability


A SQL Injection vulnerability has been discovered in Ruby on Rails that affects  all current versions of the web framework.

According to the advisory, due to the way dynamic finders in Active Record extract options from method parameters, a method parameter can mistakenly be used as a scope.

A Hacker can manipulate it carefully and thereby inject arbitrary SQL code leading to an SQL injection.

Dynamic finders use the method name to determine what field to search, so calls such as: Post.find_by_id(params[:id]) would be vulnerable to an attack.
 
The vulnerability has been fixed in the latest released version 3.2.10, 3.1.9, 3.0.18. All users running an affected release should either upgrade or use one of the work arounds immediately.

The Vulnerability was disclosed on the the Phenoelit blog in late December  where author used the technique to extract user credentials bypassing the authlogic authentication framework.

Clickjacking vulnerability in Microsoft Social Network Socl

clickjacking

An Indian Security Researcher , Nikhil P Kulkarni, has discovered Clickjacking vulnerability in the Microsoft's Social network SOCL(so.cl).
Clickjacking, also referred as "User Interface redress attack" and "UI redress attack", is one type of website hacking technique where hacker use multiple transparent layers to trick a user into clicking on something different to what the user perceives they are clicking on.


In a POC provided to EHN, the researcher demonstrated the clickjacking vulnerability.  In a html file, the top layer says "click below to win your prize money". But , in background, the SOCL page was loaded. When a user click the "click here" button, it will post message in the victim's wall.

The researcher discovered the vulnerability in August and sent notification to Microsoft. Initially, Microsoft rejected it nearly 5 times and told researcher that it was not a vulnerability.

But recently, they realized that all his POC's were right and have rectified that vulnerability. They have decided to put his name in their hall of fame page.

IE vulnerability allows attackers to track mouse cursor, even if IE window is inactive


Internaut often use virtual keyboard while typing their password in order to protect their data from being stolen from Keyloggers.  It seems like a new bug in IE makes the virtual keyboard insecure.

A security researcher from Spider.io claimed to have discovered a security flaw in the Internet Explorer versions 6 through 10, could allow hackers to track user's mouse movements , even if the IE window is minimized.

"Internet Explorer’s event model populates the global Event object with some attributes relating to mouse events, even in situations where it should not. " Explained in the Spider.io.

"Combined with the ability to trigger events manually using the fireEvent() method, this allows JavaScript in any webpage (or in any iframe within any webpage) to poll for the position of the mouse cursor anywhere on the screen and at any time—even when the tab containing the page is not active, or when the Internet Explorer window is unfocused or minimized. The fireEvent() method also exposes the status of the control, shift and alt keys."
The Demo of the bug can be found here:
http://iedataleak.spider.io/demo


They have also created a game(iedataleak.spider.io) to illustrate how easily this security vulnerability in Internet Explorer may be exploited to compromise the security of virtual keyboards and virtual keypads.

20+ Government websites hacked by Teamr00t



The well-known hacker collevite Teamr00t has managed to breach the government websites from several countries and defaced. The hacked sites are from Brazil, Paraguay, Philippine, Thailand,Indonesia, Bolivia and more.

The defacement was part of their ongoing hacking operation against the government of the world. They've send a message to the government.

"To the governments of the world, it is time you listened and acted upon what would benefit and help the people of your countries! It is now time for you to start listening to the voices of your nation and deal with the problems that are occurring every single day. " The defacement message reads.

" Everyone has the right to freedom of speech and your people must be allowed this freedom. Stop, listen and take action that will help benefit your nation!"

"Teamr00t Has Arrived!!! We are the voice for the suppressed people of the world, and we will show you the truth!"

The list of affected site includes  City of Flores de Goi├ís (floresdegoias.go.gov.br),Gov Brazil ( www.cidadedeguapo.go.gov.br), Gov Paraguay (intranet.annp.gov.py), Laoag City site (www.laoagcity.gov.ph), Gov Thailand (cityub.go.th) , National Adoption Ministry (mimp.gob.pe), senavex.gob.bo.

The list of hacked sites with mirror can be found here:
http://pastebin.com/KD5Gm6g3
http://pastebin.com/5bUckYZF


Anonymous #AutumnStatement to the tax avoiding rich and corrupt politicians



The Anonymous hacktivists have hacked into a number of websites and defaced them with "Autumn statement" to the tax avoiding rich and corrupt politicians.

The list of hacked websites includes SABA Consulting(sabaconsulting.eu) ,Maxwells Spanish Holiday Villas (maxwellsvillas.com), EF Medispa (efmedispa.com), Arena Wealth(arenawealth.com)



"While the UK continues to demonise and punish the poor, the sick and the unemployed for the corruption of the financial and political systems, we would like to remind all of the British tax-avoiding Monaco dwellers, the super-rich and politicians that:

We are watching you.

You will be held accountable for your greed.

Expect Us." The defacement page reads.

At the time of writing , most of the sties still displays the defacement message. After few minutes, users are being redirected to The defaced page redirects to HM Revenue and Customs website(hmrc.gov.uk).


Ministry Of Public Work In Bahia hacked by Brazilian Cyber Army

Brazillian Cyber army

The website of Ministry Of Public Work In Bahia(prt5.mpt.gov.br) has been breached by a hacker collective called Brazilian Cyber Army . Bahia is one of the 26 states of Brazil, and is located in the northeastern part of the country on the Atlantic coast.

The hack was announced by the official Twitter account of the hacker group(@TeamBCA). They tweeted a link to pastebin.

In the pastebin, hacker has leaked the data stolen from the compromised server. It includes database information, credentials of MySQL.  There are 14 entries with username and encrypted password.

In addition to the data dump, they have  also posted the vulnerable link and poc that extracts data.

http://pastebin.com/FP5kgRHp 


'Knight X Plus' - Cyber intelligence product from ClubHack2012



ClubHack Introducing 'Knight X Plus' - Cyber intelligence product which gives you Power of Queen & Knight in your cyber intelligence .

A big data based OSINT platform that harnesses the power of cloud, big data and highly scalable architecture to do proactive monitoring, analysis and automated response of live cyber threats and opportunities

Product Features:
  • Blazing Fast
  • Automated Information Retrieval
  • Knowledge Discovery
  • Cyber Media Monitoring
  • Geospatial Analysis
  • Analysis based on stats, time-series data, link analysis logic and more
  • Graphic Rich Visualizations for better understanding of the data
  • User Friendly UI
  • Drill Downs on almost anything

Platform Features:

  • Automated Alerts on Information / Knowledge Discovery
  • Pluggable approach to pour in any type of data
  • Unique Job Queue Management Design, built to scale in distributed processing
  • Post processing jobs can range from doing huge data crunching to “distributed ping” upto your imagination
  • Highly scalable, expand distributed engine in 10 minutes flat
  • Intelligent data storage for lightning fast retrieval
Further details can be found here:
http://knightxplus.com

List of Ethical Hacker Conferences & computer security conferences

Security and Hacker conferences

The best way to learn new things and get into the InfoSec world is attending Security and Hacker Conferences.  You can meet lot of security Experts and Black Hat hackers.

Here is a list of International IT Security and Hacker conferences with a short description about the conference.

DEFCON Hacking Conference:

DEF CON, one of the worlds largest and longest running hacking conferences, celebrates it's 20th year with an energetic and appropriately themed compilation, entitled "XX". Founder and head of the conference Jeff Moss, also known as Dark Tangent, tasked DEF CON "goon" and Muti Music artist Great Scott with curating the talent filled track selections; acknowledging that music can be pure hacker fuel.
www.defcon.org

*EHN is official media partner of DefCon India

www.defcon.co.in

Black Hat hacker conference::

The Black Hat Briefings are a series of highly technical information security conferences that bring together thought leaders from all facets of the infosec world - from the corporate and government sectors to academic and even underground researchers. The environment is strictly vendor-neutral and focused on the sharing of practical insights and timely, actionable knowledge. Black Hat remains the best and biggest event of its kind, unique in its ability to define tomorrow's information security landscape.

https://www.blackhat.com/

Nullcon :

The nullcon conference is a unique platform for security companies/evangelists to showcase their research and technology. Nullcon hosts Prototype, Exhibition, Trainings, Free Workshops, null Job Fair at the conference. It is an integrated and structured platform which caters to the needs of IT Security industry at large in a comprehensive way.

*E Hacking News(EHN) is official media partner of Nullcon

http://www.nullcon.net/


ClubHack:

ClubHack is a NOT-FOR-PROFIT initiative to bring security awareness in common people who use computers and internet in their daily life. It’s a member driven open community to make cyber security a common sense. The phenomenal growth of the Internet economy has led to a sharp increase in computer crimes and hacking incidents. ClubHack aims at making technology users aware of the risks associated with cyber transactions as well as the security measures.


*E Hacking News(EHN) is official media partner of ClubHack


http://www.clubhack.com/

C0C0N :

c0c0n, previously known as Cyber Safe, is an annual event conducted as part of the International Information Security Day.

c0c0n is aimed at providing a platform to discuss, showcase, educate, understand and spread awareness on the latest trends in information, cyber and hi-tech crimes. It also aims to provide a hand-shaking platform for various corporate, government organizations including the various investigation agencies, academia, research organizations and other industry leaders and players for better co-ordination in making the cyber world a better and safe place to be. It will also serve as a platform to devise strategies to prevent cyber crimes against women.

http://is-ra.org/c0c0n/

X.25 Ethical Hacking Conference :

X.25 Ethical Hacking Conferences is performed every year in Mexico and one of the busiest in terms of computer security issues.

*E Hacking News(EHN) is official media partner of ClubHack

www.x25.org.mx

Intelligence-Sec

Intelligence-Sec is a fully integrated Conferences and Exhibitions Company managing and producing topical events for the security industry. All our global events are well researched and discussed with industry experts. Intelligence-Sec's main objective is to ensure that all attendees gain the best value for money when they participate in one of our events.

http://www.intelligence-sec.com/


Hackers Halted

The Hacker Halted APAC event annually gathers around 500 individuals; this consists of everyone, from ethical hackers to key C-level executives from corporates, government bodies and solution seekers.

The event is aimed at providing the opportunity to CEOs, COOs, CIOs, CFOs, Senior IT Professionals and all other decision makers to assess the best practices in acquiring, implementing, managing and measuring information security.

http://hackerhaltedapac.org

OWASP AppSec Conference

OWASP AppSec conferences bring together industry, government, security researchers, and practitioners to discuss the state of the art in application security. This series was launched in the United States in 2004 and Europe in 2005. Global AppSec conferences are held annually in North America, Latin America, Europe, and Asia Pacific. Additionally, regional events are held in locations such as Brazil, China, India, Ireland, Israel, and Washington D.C. Presentations and videos are generally posted several months after each conference.

ISWec

Infosecurity World is an annual exhibition and conference dedicated to Asia Pacific information security marketplace. The event showcases latest innovation, products and services from established to emerging brands.

http://infosecurityworld.net/


ShmooCon

ShmooCon is an annual east coast hacker convention hell-bent on offering three days of an interesting atmosphere for demonstrating technology exploitation, inventive software and hardware solutions, and open discussions of critical infosec issues. The first day is a single track of speed talks called One Track Mind. The next two days bring three tracks: Build It, Belay It and Bring It On.

http://www.shmoocon.org/

Hackinthebox:

Asia’s largest network security conference held annually in Kuala Lumpur, Malaysia and more recently the Middle East.
http://conference.hackinthebox.org

NOTACON

Not quite sure what hacker cons are really about? Do you like building and creating stuff? Are you tired of infosec focused conferences? Do you want to have fun while actively learning about cool stuff and meeting awesome people? NOTACON is the conference for you! No degree in computer science, nor job in IT is required to have a great time at Notacon. In fact, we believe some of the best hacks occur in areas outside of technology altogether.
http://www.notacon.org/

CONFidence


CONFidence is an annual IT security conference that will take place on 23-24th May, 2012 in Krakow, Poland for the 10th time! The best speakers, latest issues, laid-back atmosphere and Krakow crazy night life – that is why CONFidence has become a meeting point of hackers’ community in Europe.

http://confidence.org.pl/

BruCON

BruCON is an annual security and hacker(*) conference providing two days of an interesting atmosphere for open discussions of critical infosec issues, privacy, information technology and its cultural/technical implications on society. Organized in Belgium, BruCON offers a high quality line up of speakers, security challenges and interesting workshops. BruCON is a conference by and for the security and hacker(*) community.

brucon.org

MalCon

MALCON is a premier international technology security conference focusing exclusively on proactive malware research and analysis. MalCon is a part of Information Sharing and Analysis Center, in support with the Government of India.

http://www.malcon.org/

AthCon

AthCon is an annual, European two-day conference targeting particular areas of information security. It’s aim: to bring leading information security experts together. Attacking techniques of exploitation and various forms of penetration testing have become an important component of any organisation. This conference aims to provide a venue for understanding the ever evolving changes as well as new threats.
http://www.athcon.org/


DerbyCon :

This is the place where security professionals from all over the world come to hang out. DerbyCon 3.0 will be held September 25-29th, 2013. DerbyCon 2012 pulled in over 1,100 people with an amazing speaker lineup and a family-like feel. We’ve listened to your feedback and plan on making this conference even better. Our goal is to keep it around the same size and maintain a close-knit conference where we all come together to learn and share ideas
http://www.derbycon.com/

ekoparty

Electronic Knock Out Party - Security Conference, is the annual computer security, for its unique features and its particular style, has become a benchmark for all of Latin America.
http://www.ekoparty.org

GrrCON

GrrCON is an information security and hacking conference being held in the Midwest. This conference was put together to provide the Midwest regional information security community with a venue to come together and share ideas, information, solutions, forge relationships, and most importantly engage with like minded people in a fun atmosphere. Whether you are a Fortune 500 executive, security researcher, security industry professional, student, or a hacker of “flexible” morals you will find something for you at GrrCON.
http://grrcon.org/

T2 Infosec conference


t2 was born at a time when there was a need for a conference that was “from hacker to hacker” when there was not one single independent, technically oriented, information security conference in Finland in existence.

The mission of t2 has remained the same from its commencement, to be an annual conference dedicated to those who are interested in the technical aspects of information security. t2 offers the opportunity to publish new research and ideas as well as networking, the latter an elemental part of its ideology.

http://t2.fi/

DefCamp

DefCamp is a national initiative dedicated to developing the skills of the young passionate by computer security, by creating a stimulating offline environment which allows offline and online exchange of knowledge between underground security specialists, academic and corporate entities in Romania. DefCamp is focusing on presenting technical information related to the security and insecurity of both virtual and real environment.

The idea of DefCamp came out in March 2011, after some informal discussions between more computer security addicts from Romania, passionate about various INFOSEC topics

http://defcamp.com

Root CON
ROOTCON is an annual Hacker Conference and Information Security gathering held in the Philippines and was founded by Dax Labrador a.k.a semprix.  The conferences aims to share best practices and technologies through talks by qualified speakers and demos of exciting stuff (hacks, tools, tips, disclosures, cyber warfare, cyber espionage, etc). ROOTCON is open to everyone and that previous participants have included InfoSec personnel, developers, programmers, engineers, hackers, businessmen, students, lawyers, feds, and the like.
www.rootcon.org

ACSAC(Annual Computer Security Applications Conference):

ACSAC has a tradition of bringing together security professionals from academia, government and industry who are interested in applied security. It is an internationally recognized forum where practitioners, researchers, and developers in information system security meet to learn and to exchange practical ideas and experiences. Started in 1984, the conference has grown over the years to achieve worldwide attendance and recognition for the high quality of its presentations, discussions, and interactions.

http://www.acsac.org


Blue Hat Microsoft Hacker Conference:


An event that is intended to open communication between Microsoft engineers and hackers is called Blue Hat Microsoft Hacker Conference. The event has led to both mutual understanding as well as the occasional confrontation.

www.bluehatsecurity.com


DeepSec

The DeepSec IDSC is an annual European two-day in-depth conference on computer, network, and application security.

https://deepsec.net/

CarolinaCon

CarolinaCon is an annual conference in North Carolina that is dedicated to sharing knowledge about technology, security and information rights. CarolinaCon also serves to enhance the local and international awareness of current technology related issues and developments. CarolinaCon also strives to mix in enough entertainment and side contests/challenges to make for a truly fun event.
http://www.carolinacon.org/

GreHack


GreHack is a non profit Security Conference (during day) and an Ethical Hacking Contest - aka CTF - (during night).
http://grehack.org/en/

Hack.lu

Hack.lu is an open convention/conference where people can discuss about computer security, privacy, information technology and its cultural/technical implication on society.

http://hack.lu

CanSecWest
The world's most advanced conference focusing on applied digital security, is about bringing the industry luminaries together in a relaxed environment which promotes collaboration and social networking

http://cansecwest.com/

RSA Conference

RSA Conference is helping drive the information security agenda worldwide with annual industry events in the U.S., Europe and Asia.
http://www.rsaconference.com/

SOURCE Conference:
SOURCE is a computer security conference in Boston, Seattle, and Barcelona that offers education in both the business and technical aspects of the security industry.

http://www.sourceconference.com

TROOPERS IT Security Conference:
Annual international IT Security event with workshops held in Heidelberg
https://www.troopers.de

The HackMiami Conference

The HackMiami Hackers Conference seeks to bring together the brightest minds within the information security industry and the digital underground.
http://hackmiami.com

If you think we have missed a great one, feel free to contact me with details .

Cyber criminals inject malicious java applet into Trading FOREX site


A FOREX Trading website was injected with a malicious java applet that is designed to drop the malware file on visitors system.

A Popular FOREX (foreign exchange market) website called "Trading Forex" (tradingforex.com) has been infected by the malware, according to WebSense report.

malicious java
Injected applet code

The dropped backdoor from the Trading Forex website is written in Visual Basic.Net and requires the Microsoft's .NET framework to be successfully installed and operational on a victim's computer. It seems like hacker target only those who use .NET framework or they only know .NET coding?!

It is not usual Java exploit Jar . It is simple Java file that loads an exe file hosted in the malware site.

"Basically the Java code is just another Java loader which requires user interaction to successfully load the binary file '123.exe'. One interesting point in the screenshot above is that we can also see in the MANIFEST-INF that the Java applet has been signed with a certificate." Researcher said.

Once again, Kapil Sibal's official website hacked by Anonymous India

Indian Anonymous hacktivists

Once again, Indian Anonymous hacker group has breached the official website of India's Communication and Information Technology Minister Kapil Sibal(www.kapilsibalmp.com).

On August 2012, they break into the website and published a number of screenshots on the social media website Facebook to demonstrate that they gained access to the site’s backend.

Now, they have defaced the website and left the following message:

Kapil Sibal is the world’s biggest retard. Born with a below 60 IQ he thought he could mess with the Internet and let the elite of his party suppress freedom of speech. Although a retard, he somehow formed the rules in such a way, that everyone can censor everyone there by hiding behind everyone to be able to censor when really hurt him and his party. Confusing isnt?

The hack was announced via the Anonymous India twitter account @opindia_revenge. The hackers said they hacked the website because "He (Sibal) had used the words 'Victims of freedom of Expression'. He is hiding the fact that #66A is breaking the internet media."

Besides the hack of Minister website, they have also hacked into the official website of Government of Mizoram, India and defaced the site with a protest message.


Anonymous declares Cyberwar on Syrian government sites - Syrian Embassy in China under attack

anonymous hackers

The hacktivist group Anonymous has announced a cyber war against Syrian Government websites hosted outside the country.

"Today, at precisely 10:30 AM ET all Internet traffic into and out of Syria ceased. Within a half hour of this sudden shut down, the PBX land-lines were degraded by 90% and Mobile connectivity was degraded by 75%. The nation of Syria has gone dark. And Anonymous knows all to well what happens in the dark places." Hacker said in the press release.

"When your government shuts down the Internet, shut down your government." ~ Anonymous Egypt.

" Beginning at 9:00 PM ET USA Anonymous will begin removing from the Internet all web assets belonging to the Assad regime that are NOT hosted in Syria. We will begin with the websites and servers belonging to ALL Syrian Embassies abroad" Hacker said.

The hacker collective has launched distributed denial of service (DDOS) attack against the  website of the Syrian Embassy of in China(syria.org.cn).

They also hacked and defaced the Syrian Embassy website in Belgium (syrianembassy.be)

*Update* As part of the operation, Anonymous Australia has defaced the Industrial Bank of Syria (industrialbank.gov.sy) and left a message: "Sorry admin but your page was taked by us - Because from Latin America, we are sad seeing destroyed between brother countries. - Please governments."

The press release can be found here:
http://www.anonpaste.me/anonpaste2/index.php?bb2a5f5ea4d78406#Kmh9zezlxKa3262RPC6TtgFwc5Vn2Ur+NEtOud0Q0bo=

The Syrian Embassy website in Belgium is still hacked and defaced

A hacker with the online handle 'CapoO_TunisiAnoO' has breached The Syrian Embassy website in Belgium and defaced the main page(syrianembassy.be).

"The Cartoon Syrian Army website has been hacked in response to the cyber bullying they're practicing supported by the governmental Syrian Computer Society and in the light of this defacement I'd like to address the world with few words" Hacker said in the defacement page.



"To United States and Europian countries, you claim that you protect the world, help the oppressed and claim democracy."

"But our revolution exposed your real faces and showed humanity that you are advocates of your own interests and that you don't have a humanitarian principle in what you claim, you only raise those banners to occupy nations, inslave their people and steal their treasures just like you did in Iraq and Afghanistan and other places, and maybe soon in Mali"