Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Ethical Hackers News. Show all posts

Ethical hackers try to destroy the virtual city at The Standoff

During the exercise, 10 teams of ethical hackers launched attacks on the infrastructure of the virtual city-state F, and security specialists defended it. 65 thousand people from different countries watched this confrontation.

“White” hackers tried to disable the main infrastructure facilities of the city-state: to arrange an oil spill and explosions, to turn off the power lines at the substation. The defenders had to investigate incidents to rule out such scenarios in real life.

In 35 hours, ethical hackers managed to arrange 19 unacceptable events. The winner was the Codeby&Nitroteam team. Its members disrupted the operation of treatment facilities, causing several million liters of sewage to spill into the environment. In total, the team arranged six incidents.

The organizers noted that none of the ethical hackers were able to implement the most critical scenarios. At the same time, the teams of defenders who investigated the incidents were able to identify 173 attacks.

The Standoff is organized by Positive Technologies, one of the leaders in the Russian information security market. The company presented the online platform The Standoff 365, designed to organize cyber-training on an ongoing basis.

The platform responds to the industry's demand for measurable and effective security, which means that critical risks to a company, industry, or country must not be realized. The Standoff 365 consists of a cyber polygon on which the operational and business processes of the fuel and energy complex are recreated. It will be launched next spring.

In addition, as part of the exercise, the Standoff Young Hats track for young IT security professionals and The Standoff Digital Art competition were held. Its participants checked the security of smart contracts. Six works by digital artists were presented in the form of NFTs (non-fungible tokens). Security experts were asked to find vulnerabilities in technologies and change smart contracts so as to appropriate NFTs for themselves. The organizers note that the competition is also aimed at drawing attention to the safety of the NFT technology.

Earlier, CySecurity News was reported that Russian President Vladimir Putin has set the task of digital transformation of key sectors of the economy. Therefore, to protect them, the country has created cyber polygons.

Demand for teen hackers rises


Shivam Subudhi is 15 and lives in London. Three years ago, he was so inspired by the movies he was watching that featured hackers, he coded a simple port scanner revealing network doors that might let a hacker enter uninvited. "I decided to put my skills into practice for the first time," Subudhi says, "by pentesting my school network and website." Penetration testing is also known as ethical hacking and involves probing networks, systems, and sites looking for security vulnerabilities that could be exploited by an attacker. It was this activity that, unsurprisingly, brought Subudhi to the attention of the deputy headteacher. That teacher was also an IT enthusiast and introduced the budding hacker to the Cyber Discovery program; a £20 million ($24 million) U.K. government-backed scheme to teach kids how to be cybersecurity superheroes. Could your kid be next?

Teenage hackers sought by government Cyber Discovery program

Back in 2017, the U.K. government issued a tender to run a £20m Cyber Schools Programme as part of the National Cyber Security Strategy 2016-2021 created to reduce the cyber skills gap by encouraging young people to pursue a career in the profession. The SANS Institute bid for this contract was successful, having run similar programs in the U.S. and able to demonstrate the success of using a "gamified" learning model.

"SANS is by far the largest and most trusted provider of cybersecurity training in the world," James Lyne, CTO at the SANS Institute says, "so we have a wealth of experience, training content and expert instructors." In the first year the Cyber Discovery program saw some 23,000 youngsters from the U.K. aged between 14 and 18 taking part in the initial assessment phase, and around 12,000 qualifying to participate in the primary learning phases, "CyberStart Game" and "CyberStart Essentials." The following year, 29,000 took part and 14,000 qualified. Registration for the third year of Cyber Discovery is now open and Lyne anticipates a significant increase in participation, not least as the entry age has now dropped to 13.

Albanian Anonymous threatens German Hackers

 Albanian Anonymous threatens German Hackers that they are going to launch massive Attack against them.  They announced it via Youtube video.

 Message:
Hello People . We are Anonymous .

All attacks against us , certainty to Albanian websites are not acceptable to us, and will result in massive attacks against you,
All multimedia publications that can stimulate the public attention and the right of us.
Of course we will not sit back and start to fix together largest operation to date against you.
?
We are Anonymous.

We are Legion.

We do not forgive.

We do not forget.

Expect us.

Youtube Video:

#LulzSec hacked Child Porn trading forum and leaked 7000+ accounts

#LulSec done some good work today. He hacked the Child Porn trading forum(densetsu.com) and leaked the account details in pastebin. The site describes its self as “ a site dedicated to asian games and entertainment. Anime Densetsu is an interactive site, which allows you to discover people around the world with similar interests.”

Pastebin Leak:
http://pastebin.com/SCdpTr2d

Source:CyberWarnews

Update:
Someone send me this " The only ones who possessed and uploaded child porn were ANONYMOUS MEMBERS. "

This is what i got in Email:
Hi, the Lulzsec hack of a \"child porn\" site you reported is fake. The hackers uploaded childporn themselves. For proof please see:
http://the-duck-pond-blog.blogspot.com/2011/08/lulzsec-lie.html

Ethical Hacker to Demonstrate 'Weak' Mobile Internet Security

BERLIN — A German computer engineer said Tuesday that he had deciphered the code used to encrypt most of the world’s mobile Internet traffic and that he planned to publish a guide to prompt global operators to improve their safeguards.

Karsten Nohl, who published the algorithms used by mobile operators to encrypt voice conversations on digital phone networks in 2009, said during an interview he planned to demonstrate how he had intercepted and read the data during a presentation Wednesday.

Mr. Nohl said he and a colleague, Luca Melette, intercepted and decrypted wireless data using an inexpensive, modified, 7-year-old Motorola cellphone and several free software applications. The two intercepted and decrypted data traffic in a five-kilometer, or 3.1-mile, radius, Mr. Nohl said.
The interceptor phone was used to test networks in Germany, Italy and other European countries that Mr. Nohl declined to identify. In Germany, Mr. Nohl said he was able to decrypt and read data transmissions on all four mobile networks — T-Mobile, O2 Germany, Vodafone and E-Plus. He described the level of encryption provided by operators as “weak.”

In Italy, Mr. Nohl said his interceptions revealed that two operators, TIM, the mobile unit of the market leader, Telecom Italia, and Wind did not encrypt their mobile data transmissions at all. A third, Vodafone Italia, provided weak encryption, he said.

A spokeswoman for the GSM Association, the industry group based in London that represents global telephone operators, said the group would await details of Mr. Nohl’s research before commenting. A spokesman for O2, which is owned by Telefónica of Spain, said the operator followed Mr. Nohl’s research closely and would take account his findings in its own operations.

Vodafone said in a statement that “We regularly review security measures and carry out risk assessments to prevent the kind of exploit described. We implement appropriate measures across our networks to protect our customers’ privacy.”

Mr. Nohl said he developed his interception technology on an internal broadband network he set up at his research firm, Security Research Labs, in Berlin. His tests focused on mobile data networks that ran on the General Packet Radio Service, or GPRS, technology, which is used widely across the globe.

GPRS networks were introduced in 2000 as successors to GSM digital networks and were the first mobile networks to deliver significant data besides short text messages. GPRS networks are still widely used as backups for newer, faster 3G wireless networks, and consumers are often diverted to GPRS grids when they reach the limits of their monthly data plans.

Rogers Communications, a Canadian operator, estimates that 90 percent of mobile data traffic still runs on GPRS networks.

Mr. Nohl said he was surprised to find that the two Italian operators, TIM and Wind, did not encrypt their data traffic at all. In a statement, TIM would not confirm Mr. Nohl’s claims.

“TIM confirms that it uses state-of-the-art radio mobile technologies from primary international vendors to guarantee the protection of its mobile communications,” it said.

Mr. Nohl, who said he works for mobile operators who hire him to detect vulnerabilities in their systems, said many operators continue to run unencrypted data networks because it allows them to more easily filter out competing, unwanted services like Skype, an Internet-based service that allows consumers to make voice and video calls without using the operators’ voice networks.

“One reason operators keep giving me for switching off encryption is, operators want to be able to monitor traffic, to detect and suppress Skype, or to filter viruses, in a decentralized fashion,” Mr. Nohl said. “With encryption switched on, the operator cannot ‘look into’ the traffic anymore while in transit to the central GPRS system.”

Mr. Nohl said he intended to release his instructions at a conference of the Chaos Computer Club, a computer hackers’ group, which is being held near Berlin in Finowfurt, Germany. They will describe how to convert a Motorola C-123 cellphone, which is designed to run open-source software, into an interception device. But he said he would not release the keys to unlock the encryption used by operators to secure GPRS networks.

Mr. Nohl said his research was intended to prod mobile operators to improve the security of the wireless Internet, which he said was rudimentary compared with the safeguards protecting data sent over conventional, fixed-line computer networks. He said he destroyed the data he had intercepted from networks in Europe, and did not condone eavesdropping, a crime in Europe.

“We are releasing the software needed to reprogram cheap Motorola phones to become GPRS interceptors,” Mr. Nohl said. “This exposes operators with no encryption, like those in Italy, to immediate risk.”

Mr. Nohl said the release of the information would give mobile operators “a few months” to improve security before other hackers recreated his results and attempted to breech security of the mobile broadband networks.

source: nytimes

Indian Govt wants special monitoring access for Twitter, Facebook

India's communications ministry has been asked by the home ministry to monitor social networking websites such as Twitter and Facebook amid fears that the services are being used by terrorists to plan attacks.

The request suggests that the Indian government is trying to broaden the scope of its online surveillance for national security.

Telecommunications service providers in India provide facilities for lawful interception and monitoring of communications on their network, including communications from social networking websites such as Facebook and Twitter, in accordance with their license agreements, Milind Deora, the minister of state for communications and IT, told Parliament, according to the country's Press Information Bureau.

But there are certain communications which are encrypted, Deora said Friday.

The government did not provide details of what encrypted data they would like to have access to. A spokesman for the home ministry said on Monday that additional information can only be provided in Parliament while it is in session.

Under new rules to the country's IT Act that came into force earlier this year, websites and service providers are required to provide government security agencies with information on private accounts, including passwords, on request without a court order.

Most companies, however, are not willing to share information with law enforcement agencies unless they have a court order.

More details found at cio

Indian Hacker hacked Pakcyberarmy Database


Lucky, leader of the Indian hacker group "Indishell" hacked into the Pakcyberarmy.net and cracked 1500+ user's passwords from their database.

Pakcyberarmy.net is the hub of most of the Pakistani hackers.  He leaked the info via an excel file.
"Most of the Users/Hackers used the same passwords to their emails and what ever u wanna do do it spam, play , abuse or what ever you feel like its all yours" According to Lucky.

The password List is available :
http://www.multiupload.com/ERWJ33UPI2
Archive password - proud_to_be_indian
Format - HASH : PASSWORD

Apple Mac Book vulnerable to hack using Battery

Ethical Hacker Charlie Miller has find a way to hack the MacBook using the battery.

"Laptop battery contains its own monitoring circuit which reports the status of the battery to the OS. It also ensure that the battery does not overcharge even when the laptop is turned off." Digitizor report reads.


He identified the battery chips are shipped with default password.  It means the hacker who finds the default password and learns to control the firmware is able to control them to do anything he wants.

 "You could put a whole hard drive in, reinstall the software, flash the BIOS, and every time it would reattack and screw you over. There would be no way to eradicate or detect it other than removing the battery." Digitizor quoted as Miller saying.

Wireshark 1.6 and 1.4 Released

Wireshark Team has released updated version 1.6.1 and 1.4.8 to fix the security flaw in previous versions.

According to their security advisory, the previous versions 1.4.0 to 1.4.7 are vulnerable to  Lucent/Ascend file parser and ANSI MAP vulnerabilities.

"It may be possible to make Wireshark crash by injecting a series of malformed packets onto the wire or by convincing someone to read a malformed packet trace file" security advisory reads. The vulnerabilities have been patched in the 1.4.8 version.

The same vulnerability affects the version 1.6.0 to 1.6.0 .  It has been fixed in the latest version 1.6.1

Official page:Download Wireshark