Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Ethical Hacking. Show all posts
ransomware builder
BreachForums Cyber Security Cybersecurity Dark Web Ethical Hacking good hacker hacking back honeypot strategy Penetration Testing Ransomware ransomware builder

Security Researcher Outsmarts Hackers with Fake Ransomware Tool

 

The debate surrounding the ethics and practicality of "hacking back" remains a heated topic within the cybersecurity community. When organizations face cyberattacks, is retaliating against the attacker a viable option? While opinions differ, one fact remains clear: breaking the law is breaking the law, regardless of intent.

However, in a fascinating case of strategic ingenuity rather than retaliation, a security researcher and penetration tester successfully infiltrated a notorious dark web criminal marketplace. This was less an act of hacking back and more a bold example of preemptive defense.

Quoting American philosopher Robert Maynard Pirsig, Cristian Cornea, the researcher at the heart of this operation, opened his riveting Medium post with, “Boredom always precedes a period of great creativity.” Inspired by these words, Cornea devised a clever honeypot strategy to target potential ransomware hackers frequenting the BreachForums marketplace on the dark web.

His plan revolved around creating a fake ransomware tool called the "Jinn Ransomware Builder," designed to lure cybercriminals. This supposed tool offered features to help bad actors deploy ransomware attacks. In reality, it was a honeypot—an elaborate trap with some real functionalities but embedded with hardcoded and backdoored command-and-control callbacks.

“Jinn Ransomware Builder is actually a honeypot,” Cornea explained, “but some of the features presented above are real.” For instance, the tool could initiate a remote connection and open a process with a server-hosted “CmD.eXE” executable. Other features, such as multi-language support and AES encryption, were merely designed to make the tool appear more authentic and appealing to malicious actors.

Cornea emphasized that his actions were performed within a controlled and simulated environment, ensuring no laws were broken. “I strictly discourage anyone else from executing such actions themselves,” he warned. He stressed the importance of staying on the ethical side of hacking, noting that the line between good and bad hacking is dangerously thin.

This operation highlights the creativity and strategic thinking ethical hackers use to combat cybercrime, reinforcing that innovation and legality must go hand in hand.
Read more »
SQL Injection
Cyber Attacks Ethical Hacking Pwn2Own QNAP SQL Injection

Hacking Contest: How QNAP Overcame Critical Zero-Day Flaws


One recent event that highlights the relentless pace of this digital arms race is QNAP's swift action to patch a second zero-day vulnerability. QNAP has addressed a second zero-day vulnerability that was exploited by security researchers during the recent Pwn2Own hacking contest.

The critical SQL injection (SQLi) flaw, identified as CVE-2024-50387, was discovered in QNAP's SMB Service. This vulnerability has now been patched in versions 4.15.002 or later and h4.15.002 and later. The fix was implemented a week after researchers YingMuo, participating through the DEVCORE Internship Program, successfully exploited the flaw to gain root access to a QNAP TS-464 NAS device at Pwn2Own Ireland 2024.

The Pwn2Own Competition

The Pwn2Own competitions are legendary in cybersecurity circles. These events invite the brightest ethical hackers from around the globe to demonstrate their skills by identifying and exploiting vulnerabilities in widely used software and hardware. The stakes are high, with significant monetary rewards and prestige on the line. The ultimate goal, however, is to strengthen the security of the products we rely on daily by exposing and rectifying their weaknesses.

At the 2024 Pwn2Own Ireland event, a critical vulnerability was uncovered in QNAP's HBS 3 Hybrid Backup Sync software, an essential tool for users seeking to secure their data through backup solutions. This vulnerability, identified as CVE-2024-50388, was an OS command injection flaw that allowed attackers to execute arbitrary commands on the host system. In simpler terms, this flaw could enable unauthorized individuals to gain root access to QNAP NAS devices—a severe security breach.

QNAP's Response

Upon learning of the exploit, QNAP's response was both prompt and thorough. The company's immediate actions underscore the importance of rapid response in cybersecurity. They quickly released a security patch to address the vulnerability, mitigating the risk to their users. This quick turnaround is crucial because the longer a vulnerability remains unaddressed, the greater the potential for malicious exploitation.

The patch not only protects users from potential attacks but also reinforces trust in QNAP's commitment to security. For any company in the tech space, maintaining user confidence is paramount, and QNAP's decisive action in patching the vulnerability goes a long way in assuring their user base.

Vigilance is Must

This incident with QNAP's HBS 3 software offers the importance of regular software updates and patches. Users must diligently apply updates to protect their systems against known vulnerabilities. Companies must maintain robust monitoring and response mechanisms to swiftly address any emerging threats.

Events like Pwn2Own stress the value of collaboration between tech companies and the ethical hacking community. By working together, they can identify and fix vulnerabilities before they can be exploited by malicious actors. This proactive approach to cybersecurity is essential in a world where the threat landscape is continually evolving.

Read more »
Hacking Techniques
AI technology AI tools Cyber Attacks Cyber Hacking. Data Analytics data security Ethical Hacking Hacking Techniques

The Growing Role of AI in Ethical Hacking: Insights from Bugcrowd’s 2024 Report

Bugcrowd’s annual “Inside the Mind of a Hacker” report for 2024 reveals new trends shaping the ethical hacking landscape, with an emphasis on AI’s role in transforming hacking tactics. Compiled from feedback from over 1,300 ethical hackers, the report explores how AI is rapidly becoming an integral tool in cybersecurity, shifting from simple automation to advanced data analysis. 

This year, a remarkable 71% of hackers say AI enhances the value of hacking, up from just 21% last year, highlighting its growing significance. For ethical hackers, data analysis is now a primary AI use case, surpassing task automation. With 74% of participants agreeing that AI makes hacking more accessible, new entrants are increasingly using AI-powered tools to uncover vulnerabilities in systems and software. This is a positive shift, as these ethical hackers disclose security flaws, allowing companies to strengthen their defenses before malicious actors can exploit them. 

However, it also means that criminal hackers are adopting AI in similar ways, creating both opportunities and challenges for cybersecurity. Dave Gerry, Bugcrowd’s CEO, emphasizes that while AI-driven threats evolve rapidly, ethical hackers are equally using AI to refine their methods. This trend is reshaping traditional cybersecurity strategies as hackers move toward more sophisticated, AI-enhanced approaches. While AI offers undeniable benefits, the security risks are just as pressing, with 81% of respondents recognizing AI as a significant potential threat. The report also underscores a key insight: while AI can complement human capabilities, it cannot fully replicate them. 

For example, only a minority of hackers surveyed felt that AI could surpass their skills or creativity. These findings suggest that while AI contributes to hacking, human insight remains crucial, especially in complex problem-solving and adaptive thinking. Michael Skelton, Bugcrowd’s VP of security, further notes that AI’s role in hardware hacking, a specialized niche, has expanded as Internet of Things (IoT) devices proliferate. AI helps identify tiny vulnerabilities in hardware that human hackers might overlook, such as power fluctuations and unusual electromagnetic signals. As AI reshapes the ethical hacking landscape, Bugcrowd’s report concludes with both a call to action and a note of caution. 

While AI offers valuable tools for ethical hackers, it equally empowers cybercriminals, accelerating the development of sophisticated, AI-driven attacks. This dual use highlights the importance of responsible, proactive cybersecurity practices. By leveraging AI to protect systems while staying vigilant against AI-fueled cyber threats, the hacking community can help guide the broader industry toward safer, more secure digital environments.
Read more »
Hacking
Cyber Crime cybercriminals data security Ethical Hacking Hackers Hacking

Unveiling the New Era of Hacking Ethics: Profit Over Principles

 

Hacking, once a realm of curiosity-driven exploration, has morphed into a complex ecosystem of profit-driven cybercrime. Originating in the 1960s, hacking was fueled by the insatiable curiosity of a brilliant community known as "hackers." These early pioneers sought to push the boundaries of computing and digital technology, driven by a passion for discovery rather than malicious intent. 

However, the perception of hacking has since undergone a dramatic transformation. Today, the term "hacking" often conjures images of lone individuals in hoodies, exploiting vulnerabilities to steal data or wreak havoc from the safety of dimly lit rooms. While this stereotype may be exaggerated, it reflects a disturbing reality: the rise of cybercriminals who exploit technology for personal gain. 

In recent years, there has been a notable shift in the attitudes and behaviours of hackers, particularly within criminal cyber rings. Once governed by unwritten codes of ethics, these groups are now redefining the rules of engagement, prioritizing profit above all else. What was once considered off-limits—such as targeting hospitals or critical infrastructure—is now fair game for profit-driven hackers, posing significant risks to public safety and national security. 

One of the most alarming trends is the rise of ransomware attacks, where hackers encrypt sensitive data and demand payment for its release. These attacks have become increasingly brazen and aggressive, targeting organizations of all sizes and industries. The Colonial Pipeline attack, while technically not disrupting deliveries, sent shockwaves through the cybersecurity community, highlighting the audacity and impunity of modern cybercriminals. 

Moreover, hackers are no longer content with targeting individuals or businesses just once. Exploiting vulnerabilities multiple times has become commonplace, reflecting a growing sophistication and ruthlessness among cyber criminals. Several factors have contributed to this evolution of hacking ethics. Global tensions, technological advancements, and the proliferation of online platforms have all played a role in shaping the behaviour of modern hackers. 

The accessibility of hacking tools and information has lowered the barrier to entry, attracting individuals of all ages and skill levels to the world of cybercrime. Despite efforts by law enforcement and cybersecurity professionals, the threat of cybercrime continues to loom large. 

Businesses and individuals must remain vigilant, investing in robust cybersecurity measures and staying informed about evolving threats. By understanding the changing landscape of hacking ethics, we can better defend against cyber attacks and protect our digital assets and identities in an increasingly connected world.
Read more »
IT
Cloud Computing cloud storage Cyber Attacks Ethical Hacking IT

An In-Depth Exploration Of Cloud Hacking And Its Methods

 


Regardless of the size of a business or industry, cloud computing practices are becoming an increasingly popular IT practice among companies. It is a technological process that provides different services through the Internet on an on-demand basis. The resources involved in this process are various kinds of tools and applications, including software, servers, databases, networking, and data storage. It has become the most common threat in the industry because cloud hacking has become more popular due to its growing popularity.

Cloud computing, by using the Internet to store files, offers the possibility of saving files to a remote database instead of a proprietary hard drive or a local storage device. If an electronic device has access to the internet, it can access the data on the web and the software program that runs the data. This is as long as it has internet access.

It has therefore become the preferred option for both people and businesses for several reasons, including cost savings, increased productivity, speed and efficiency, performance, and security. 

As cloud computing is growing more and more popular, it is hardly surprising that the cloud is a target for hackers, the threat of cyber-hacking has seen a rapid increase following the widespread adoption of cloud computing. 

Cloud computing resources must be integrated into a company's cybersecurity strategy as an integral part of the defense against cybercrime to bolster the company's defenses. Using ethical hackers to scan cloud computing environments for vulnerabilities will allow businesses to maintain the highest degree of security. This will enable them to patch any security flaws before the attackers can exploit them.

How Does Ethical Hacking Work in Cloud Computing?


Because the choices for cloud computing are so diverse, cloud computing is now being used in some form or another by 98 percent of companies. Cloud services are often perceived as more secure than their counterparts, although they have their own set of problems when it comes to cloud hacking. 

In the wake of the exponential rise of cyberattacks on cloud-based applications, businesses need to find trusted security experts who can fix vulnerabilities and close any holes that could lead to attackers entering their systems through these channels.

It is important to protect cloud computing resources from security vulnerabilities in ethical hacking, just as it is essential to protect any other part of the information technology system. In terms of ethical hacking, there are many hats that ethical hackers wear when it comes to cloud computing. A major part of what ethical hackers do in cloud computing is identify security weaknesses and vulnerabilities in the computing infrastructure for organizations. This is being done to strengthen the security of the cloud service.


The Types of Cloud Computing: What Are They?


It is imperative to know that there are several different types of cloud computing that you can select according to your requirements. As a first step to classifying cloud services, you should start by determining where the cloud services are physically located:

Cloud services that are available to the general public are often called public cloud services because they are hosted and provided by third parties.

Private clouds are the cloud services available only to private individuals who want to use them for personal purposes.  Depending on their needs, they can either be hosted by the company itself or by a third-party service provider.

Alternatively, we can say that the customer uses a hybrid cloud strategy, in which the customer uses both public and private cloud services, for e.g., he uses a public cloud application and a private cloud database to store sensitive data.

Ethical hackers should familiarize themselves with the following cloud computing offerings as examples of how they can make use of the internet:

There is a common misconception regarding what Software as a Service means. Software as a service (SaaS) means that the cloud provider is responsible for updating and maintaining the software applications for the customer. The use of SaaS for business purposes includes the use of productivity applications such as Microsoft Office 365 as a common example.

'PaaS' stands for the platform as a service, and it provides customers with the ability to develop and run applications on a platform to that they have access. There are several examples of cloud computing services available, such as Microsoft Azure and Google App Engine.

As the name suggests, Infrastructure as a Service (IaaS) offers its customers access to hardware resources, such as computing, memory, storage, and networks through a subscription-based service. It should be noted, however, that customers have to provide their software that runs on the infrastructure.

Cloud hacking methodology: Essentials


Following the explanation of “What is cloud hacking?” and “What is cloud exploitation?" we will examine the methodology of cloud hacking. These are some examples of the kinds of attacks that ethical hackers must be aware of in the world of cloud computing to protect themselves.

Attacks using brute force, a brute-force attack is the easiest way to break into a cloud-based service, which involves trying several different combinations of usernames and passwords to see which one works. After gaining access to the system, adversaries can proceed to wreak havoc on the system and exfiltrate data from the cloud the same way they can do with any other kind of attacker.

Phishing is a different strategy than brute force attacks. This is because it impersonates a trusted third party to steal credentials from users by impersonating that third party. This is a more sophisticated kind of attack where the message is tailored to a particular individual consisting of data that is very specific.

A credential stuffing attack is one in which employees at an organization reuse their usernames and passwords across multiple services within their company. This puts the company at risk of being the victim of a credential-stuffing attack. An adversary can verify whether or not a list of user credentials stolen from a previous attack is a valid account on a different IT system. This is done by browsing through its database containing the stolen credentials.

As the cloud computing industry moves further towards the advancement of cloud computing, ethical hackers play an active role in the process. There have been an increasing number of cyberattacks on cloud infrastructure over the past few years. Ethical hacking is a key factor in making sure all businesses of any size and in any sector have appropriate defenses in place.
Read more »
Vulnerability and Exploits
Bounty Ethical Hacking Facebook Microsoft Vulnerability and Exploits

Indian Origin Woman Rewarded with Rs 22 Lakh Bounty by Microsoft

 

Aditi Singh, a 20-year-old Delhi-based ethical hacker, was awarded $30,000 (Rs 22 lakh roughly) for detecting a bug in the Microsoft Azure cloud system. Just two months ago, Aditi uncovered an issue in Facebook and got a $7500 (around Rs 5.5 lakh) bounty. 

She further claims that both these firms have a relatively new remote RCE problem, but that is something new and is not paid much attention comparatively. With such weaknesses, hackers can access and maintain information on their internal systems. 

Aditi points out that it isn't simple to locate vulnerabilities and that ethical hackers need to keep up with new bugs in their game, report them, and still be eligible for pay-outs. She does not only emphasize getting money but also stresses gaining knowledge and learning about ethical hacking first. 

“Microsoft has only fixed the bug which I spotted two months back. They have not fixed all of them,” claimed Aditi, the first one to notice the flaw on the RCE. She added that the tech giant had taken almost two months to answer as they checked whether anybody had downloaded its faulty version or not. Aditi believes that individuals must ask the company's support team to host a bonus scheme before they even begin to uncover a bug. And, if the company confirms such a scheme, bounty hunters must yield results. 

Bug bounty hunters are mainly trained and certified cybersecurity professionals or security researchers who scan the web for bugs or loopholes via which hackers can sneak in and notify the company. Individuals are awarded cash when they succeed. 

Aditi explained that developers wrote the code immediately when a Node Package Manager was first downloaded –which is an affiliate of GitHub, where anyone can view the codes of these enterprises as they are open sources. 

For the last two years, Aditi has been ethically hacking. She first broke into the Wi-Fi password of her neighbor (which she sees as a personal triumph) and she hasn't looked back since.

In addition, she has earned letters of appreciation from Harvard University, Columbia University, Stanford University, and the Google Hall of Fame. 

“I took an interest in ethical hacking when I was preparing for NEET, my medical entrance in Kota,” Aditi says. “I didn’t get through in medical school but have found bugs in over 40 companies including Facebook, TikTok, Microsoft, Mozilla, Paytm, Ethereum, HP, among others." 

She immediately knew after reporting an OTP bypass bug in the TikTok Forgot password section, she intended to go to ethical hacking and also received a bounty of 1100 dollars. 

“There are multiple resources and Google, Twitter, and Hacker One that have write-ups with explanations about ethical hacking,” Aditi says. 

Aditi emphasizes that if individuals want to learn more about hacking, they need to know Python or JavaScript, a computer language. She also proposes OSCP, a credential program designed to help ethical hackers in bussing. She also says that most of her bounty goes into buying certified hacking courses and tools.
Read more »
Internet
Cybersecurity Ethical Hacker Ethical Hacking Hacking Internet

Hackers made $82 Million through Bug Bounties in 2019


Hacking as a profession has now become a viable option for the hackers out there. Yes, you've heard it right, ethical hackers have made more than $82 Million in Bug Bounties held at HackerOne. To top that, the ethical hacking community on HackerOne has now reached over 600,000, with around 850 new hackers joining every day. According to a '2020 Hacker Report' published by HackerOne, a Bug Bounty platform in San Francisco, around 18% of the members are full-time hackers, whose job is to find vulnerabilities and assure that internet becomes a safe place for everyone.


On the HackerOne platform, hackers from across the world, 170 countries to be accurate, which includes India too, are working every day to ensure the cybersecurity of 1700 organizations, which include Zomato and OnePlus also. The US tops the 2109 list in the earnings made by hackers through Bug Bounty with 19%, India comes second with 10%, Russia has 8%, China a 7%, Germany 5%, and at last Canada with 4%. These countries are the top 6 highest earning ones on the list.

According to Luke Tucker, who is the Senior Director of Global Hacker Community, Hackers are a global power working for a good cause to ensure the safety the connected society on the internet. The motivations for hacking may differ, but it is good to see that global organizations are embracing this new change and providing hackers a new platform to compete and grow as a community, making the internet a safe place for everyone, all together. Hackers from various countries earned a lot more than compared to what they did last year.

Hackers from Switzerland and Austria made more than 950% earnings than last year. Similarly, hackers belonging to Singapore, China, and other Asian countries made more than 250% compared to their earnings of 2018. Competitions like these Bug Bounty programs have helped Hackers land into respectful expert knowledge, as 80% of the hackers use this experience to explore a better career or jobs. According to the reports, these hackers spent over 20 hours every week to find vulnerabilities.
Read more »
white hat hacking
Amazon Ethical Hacking Samsung Vulnerabilities and Exploits white hat hacking

Amazon, Sony, Xiaomi, Samsung Devices Hacked at Pwn2Own Hacking Contest at Tokyo


In a hacking contest held at Tokyo, a duo of white-hat hackers known as Fluoroacetate breached pass devices of some of the most popular tech companies namely Amazon, Samsung, Sony, Xiaomi and others. On the first day itself, the team won prize money of $145,000 (around 1.02 crore) and 15 Master of Pwn points which secured them a dominant lead ahead of others in the competition. The contestants receive a bounty for each successful breach and points that add on to the total ranking. However, the overall winner obtains the grand title 'Master of Pwn'.

The leading team, Fluoroacetate which comprises Hacker Amat Cama and Richard Zhu, amassed a lot of success early on as they managed to bypass five devices. Making history, the duo cracked down Sony X800G, first-ever Television exploited in the contesting history of Pwn2Own. Moving onto their next targets, Amazon Echo Show and Samsung Q60 television, the hackers employed an integer overflow in JavaScript to compromise both the devices. While hacking Xiaomi Mi 9, the duo used a JavaScript exploit to extract a picture from the smartphone. Next up on their list was Samsung Galaxy S10, which the remarkable duo slashed down by pushing a file on the phone via a stock overflow. The last contributor for the team's winning streak was Netgear Nighthawk Smart Wi-Fi Router R6700 (LAN interface).

Points and bounty distribution 

Team Fluoroacetate piled up a total bounty of $145,000 and 15 Master of Pwn points at the end of the first day at Pwn2Own, in the following order.

Sony X800G smart TV: $15,000 and 2 Master of Pwn points.
Amazon Echo Show 5: $60,000 and 6 Master of Pwn points.
Samsung Q60 smart TV: $15,000 and 2 Master of Pwn points.
Xiaomi Mi9 smartphone: $20,000 and 2 Master of Pwn points.
Samsung Galaxy S10: $30,000 and 3 Master of Pwn points.

Pwn2Own is the top computer hacking contest that was first conducted in 2007 with the purpose of demonstrating the security flaws present in widely used software and devices. The hackers gather at the contest to demonstrate vulnerabilities for a pre-set list of software and devices, to earn points on successful discoveries the hackers must ensure that all the exploits put forth at the contest are new. After the contest, the event organizers take charge of all the bugs and vulnerabilities discovered throughout the competition and subsequently hand them over to the respective companies.

After the final day of the tournament, Fluoroacetate, accumulating total prize money of $195,000, 18.5 Master of Pwn points along with a shining trophy and other goodies, has emerged victorious and as the rightful owner of the title 'Master of Pwn'. Notably, the team's most striking accomplishment has to be the bypassing of Samsung Galaxy S10 that won the duo a whopping sum of $50,000 and 5 valuable Master of Pwn points.
Read more »
IT Security News
Ethical Hacking hacker news Information Security News IT Security News

Cyber Society of India wants to Ban Ethical Hacking course in India- Compares hackers to rapists


I was totally shocked when i heard the words came out from the President of Cyber Society of India(cysi.in) on local channel "Puthiya Thalaimurai'. The local channel covered a story about Ethical Hacking.

He told in the Puthiya Thalaimurai's interview that "Ethical hacking" is like ethical rape.  He asked "how one can claim it is legal by adding 'Ethical' word in front of Hacking".

He also added that "We are not doing rape in order to prevent rapes. Then, why we should do ethical hacking to prevent hacking?". 
  
It is ridiculous to compare ethical hackers with rapists. 

Here is Puthiya Thalaimurai's video covering Ethical Hacking (Tamil):


"I will say ban Internet, no Internet no Hacking we all will be safe. Even Pollution is increasing so shall we stop breathing????? " One hacker commented . " What I understand from my side is you should increase Cyber Forensics Courses so that we get good investigators."

"If you have good Cyber Forensics Investigators the crime rate will go down, and only those people will get enrolled to even Ethical Hacking Course who have good ethics as they know that if thet go wrong they will be arrested."

Yes, i agree with what hacker said.  An Ethical Hacking course with a cyber laws always produce a good ethical hackers.  We can't just simply ban ethical hacking course as India need more Ethical Hackers/PenTesters.  We just need to teach them cyber laws as well.

 "This is one of the most ridiculous discussions I have ever seen. Now guys will come and say don’t teach programming they will write virus" One cyber security expert comment.

"There is a great demand for “ethical” hackers all over the world and they are required to make cyber world secure. As its said in movie Spiderman “with great powers come great responsibilities” and should make kids understand the responsibilities associated with this great art."
Read more »
PenTesting
Ethical Hacking Ethical Hacking Training hacker news IT Security PenTesting

Break The Security - Hands on Ethical Hacking and Cyber Security Training for Corporate


Cyber Security & Privacy Foundation is proud to announce the Corporate training in Chennai. The attendees will be trained by four security researchers on various cyber security topics.

The training starts with introduction to information security field and various classes of hackers. It will be hands on training, we will demonstrate the usage of various security tools and will help the attendees to use it.

The course covers various tookits including TamperData, Hackbar, Maltego, FOCA , Live HTTP Headers plugin and more.

We also give training on advanced tools for vulnerability assessment and penetration testing which includes Metasploit, Nmap, Nessus, sqlmap, and more.

Attendees are requested to bring their own laptops installed with isolated network like VMware/Virtual box to gain hands on exposure.

Venue:

Computer Society Of India Head Quarters,
Educational Directorate- Taramani,
Chennai
Chennai, Tamil Nadu

Price:

The Corporate Training tickets would cost Rs. 2000/- per person.

Lunch and Tea/Snacks will be provided at the venue.

Registration Link:

http://www.meraevents.com/event/break-the-security-training–ethical-hacking-hands-on-for-corporate

For more details , visit : http://cwhh.cysecurity.org/?page_id=81
Read more »
Hacking Challenge
Ethical Hacking Hacking Challenge

The Global CyberLympics Ethical Hacking Challenge

The Global CyberLympics (www.cyberlympics.org) - the world’s first international team ethical hacking championships - will be held from September across six continents.

It is endorsed by the U.N.’s cybersecurity executing arm – IMPACT - and the EC-Council is sponsoring over $400,000 worth of prizes.

Regional championships will be held in various locations across different continents, and co-hosted with reputable IT/information security conferences and tradeshows, as follows:

  • North America (Eastern) | Hacker Halted USA – Miami, USA
  • North America (Western) | TakeDownCon – Las Vegas, USA
  • South America | H2HC – Sao Paolo, Brazil
  • Europe | Hacktivity – Budapest, Hungary
  • Middle East & India | GITEX – Dubai, UAE
  • Asia Pacific | Hacker Halted APAC – Kuala Lumpur, Malaysia
  • Africa | TakeDownCon – Johannesburg, South Africa

The CyberLympics world finals is tentatively scheduled for the first quarter of 2012, with its venue still being decided.

To compete at the games, simply form a team of between 4-6 players, ensure that all the players attempt and pass the proficiency test to earn a players code. These codes can then be used to register a team to compete against others in the region.

Registration team is waived for a limited time period. To find out how to participate in this groundbreaking event, please visit -> http://www.cyberlympics.org/TheGames/HowtoEnter.aspx

[source]

Read more »
Security Experts
Computer Security Ethical Hackers News Ethical Hacking Hackers News Security Experts

Apple Mac Book vulnerable to hack using Battery

Ethical Hacker Charlie Miller has find a way to hack the MacBook using the battery.

"Laptop battery contains its own monitoring circuit which reports the status of the battery to the OS. It also ensure that the battery does not overcharge even when the laptop is turned off." Digitizor report reads.


He identified the battery chips are shipped with default password.  It means the hacker who finds the default password and learns to control the firmware is able to control them to do anything he wants.

 "You could put a whole hard drive in, reinstall the software, flash the BIOS, and every time it would reattack and screw you over. There would be no way to eradicate or detect it other than removing the battery." Digitizor quoted as Miller saying.
Read more »
Subscribe to: Posts (Atom)