Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Google Hacks. Show all posts
hacker news
Defaced Website DNS Poisoning Featured Google Hacks hacker news

Google, YouTube, Gmail, Intel Turkmenistan Sites Hacked by Iranian Hackers


Turkmenistan major Sites are defaced by Iranian Hackers yesterday by DNS Poisoning attack. The defaces includes major sites of Google,Youtube,Orkut,Gmail,Intel,Xbox,etc.

These hacked domains are all registered at NIC Turkmenistan. The domain names include

  • www.google.tm 
  • www.youtube.tm 
  • www.xbox.tm 
  • www.gmail.tm 
  • www.msdn.tm
  •  www.officexp.tm 
  • www.windowsvista.tm 
  • www.intel.tm 
  • www.orkut.tm 


The Hacker just uploaded a simple html page to show off his deface. This is the first attack on NIC sites in 2013. MS SQL Vulnerability lead this to defeat and here is the entire image for it. The hackers have also got access to DNS records.

You can view the entire Data leak from here

http://ha.cker.ir/2013/01/data-leakage-from-nic-tm/

Mirrors of Defaced sites can be viewed here
 http://zone-h.com/archive/ip=198.105.216.250

http://append-hc.com/mirror/id/66204

Author of this article: Akshay Kumar.
Read more »
Ur0b0r0x
Breaking News Database Leaked Google Hacks Hackers News Ur0b0r0x

Guadeloupe Domain provider nic.gp hacked and Google, yahoo passwords leaked

nic.gp database leaked
Nic.gp domain provider database leaked

A hacker called as Ur0b0r0x has made a claim that he gained access to One of the top Domain provider in Guadeloupe. Network Information Center(NIC.gp) is the provider of .gp, .com.gp, .net.gp, .info.gp domains .

"Network Information Center Guadeloupe nic.gp #Hacked #dataleaks  @EHackerNews  http://pastebin.com/gWdnzakx" The tweet sent to E hacking News reads.
In the paste, he has published few sample data and download link to a 168kb text file that contains the rest of the data.

The leak consists of 1271 account details that contain username, email address and phone number as well as surname. The dump also contains 1238 passwords in encrypted form.

After analyzing the list of data provided, we found that there is data belong to lot of high profile sites including Google, Yahoo and more sites, as they have registered the domain with nic.gp.

The list of high profile sites that has registered domain in this site : google.gp, yahoo.gp, twitter.gp, paypal.gp. Their data can be found in the leak.

We notified the NIC.gp regarding the hack and waiting for their response.
Read more »
Google Hall of Fame
Breaking News Google Hacks Google Hall of Fame

1st security researcher earned $60,000 for Google Chrome hack : Pwnium

Security Researcher Sergey Glazunov, Russia, has been named as the First researcher who earned $60,000 as part of the Pwnium competition run by Google.

He hacked into fully-patched Windows 7 machine (64-bit) by exploiting a remote code execution vulnerability in Google’s Chrome web browser. His hack is qualified as a “Full Chrome” exploit, qualifying for a $60k reward.

This remote code execution vulnerability could be utilised by malicous hackers and cyber-criminals to take control of a user's computer after persuading them to visit a rogue web link.


Sundar Pichai SVP of Chrome and Apps at Google congratulated Glazunov and said :
"We're working fast on a fix that we'll push via auto-update. This is exciting; we launched Pwnium this year to encourage the security community to submit exploits for us to help make the web safer. We look forward to any additional submissions to make Chrome even stronger for our users."
There is Still $940,000 remains in the Pwnium prize fund. 
Read more »
Security News
Google Hacks Security News

Google Wallet dropped the support for Rooted Devices

While Google is on the process of fixing the vulnerabilities in Google Wallet, they dropped the Google Wallet support for the Rooted devices.

Last month, Joshua Rubin, a security researcher at zvelo discovered that Google Wallet PIN can be cracked easily by brute forcing on a device that is "rooted". Google immediately confirmed the vulnerability and encouraged users to not install Google Wallet on rooted devices.


Now Google reinforces that recommendation by restricting the Wallet’s installation on rooted devices.

According to the Droid Life report, Google wallet app started showing a little yellow bar at the top along with an “Unsupported device” note over the weekend.
Following the "Learn more" link will direct you to the page which explains the risk of using Google Wallet in rooted devices.

"Some users may disable important security mechanisms in order to gain system-level "root" access to their phone. We strongly discourage doing so if you plan to use Google Wallet. We are unable to support devices with unauthorized operating systems as the security layers of the device may be limited." reads Unsupported Device Policy page.

Read more »
Vulnerability
Application Vulnerability Breaking News Google Hacks Smartphone Hacks Vulnerability

Google Wallet's PIN System can be easily cracked from rooted devices

Joshua Rubin, a security researcher at zvelo, have discovered that Google Wallet PIN can be cracked easily by brute forcing on a device that is "rooted".

Google Wallet is the first publicly available Near Field Communication (NFC) Payment System that purports to turn to your smartphone into a credit card, allows to purchase by entering a PIN .

In order to facilitate secure transactions,  NFC use hardware component called Secure Element(SE) which is used to store your confidential data such as the complete credit card number.

In order to authenticate users and grant access to the SE, Google Wallet requires a 4-digit, numeric PIN when first launching the app. Unfortunately, the PIN is not stored on the SE , but instead it is stored as a salted SHA256 Hash on the device itself.
"Knowing that the PIN can only be a 4-digit numeric value, it dawned on us that a brute-force attack would only require calculating, at most, 10,000 SHA256 hashes."Joshua Rubin said ." This is trivial even on a platform as limited as a smartphone. Proving this hypothesis took little time."

Google Wallet only allows five invalid PIN entry attempts before locking the user out,but with root access you can bruteforce the PIN without a single invalid attempt.

Rubin concludes that the only way to solve this issue would be to move the PIN verification into the SE itself and to no longer store the PIN hash and salt outside the SE.


Google has issued this statement on the matter:
The Zvelo study was conducted on their own phone on which they disabled the security mechanisms that protect Google Wallet by rooting the device. To date, there is no known vulnerability that enables someone to take a consumer phone and gain root access while preserving any Wallet information such as the PIN.

This confirms that there should be no issue unless your phone has already been rooted. If you have rooted your smartphone, Google strongly encourage you to not install Google Wallet and to always set up a screen lock as an additional layer of security for their phone.(like activating the lock screen, disabling the USB debugging option in settings, and enabling full-disk encryption).
Read more »
Vulnerability
Browser Vulnerability Chrome Hacks Google Hacks Vulnerability

Google Patched High-Risk Vulnerability in Chrome Browser

Google released chrome version 15.0.874.121 that fix the High-Risk Vulnerability in Javascript Engine named V8. This vulnerability is an out-of-bounds error that can cause a memory-corruption condition and lead to remote code execution.

Google paid security researcher Christian Holler $1,000 for discovering and reporting this vulnerability.

Download the Latest Version From here:
http://www.google.com/chrome
Read more »
Web Application Vulnerability
Google Hacks Vulnerability Web Application Vulnerability

Google Maps URL Injection Vulnerability

Google maps is vulnerable to URL Injection(redirects to another page) , discovered by Sony.

Vulnerable Link:
http://maps.google.com/m/preferences?pref=s&bl=//st2tea.blogspot.com&hl=1&safe=strict&safe=images&safe=off&gwt=on&gwt=off&lochist=on&lochist=off&sigp=pref%20bl&sig=AMctaOIRgcTAHYXz1KuVsPHwVpqFKrQCJg

or

http://maps.google.com/m/preferences?pref=s&bl=//%73%74%32%74%65%61%2E%62%6C%6F%67%73%70%6F%74%2E%63%6F%6D&hl=1&safe=strict&safe=images&safe=off&gwt=on&gwt=off&lochist=on&lochist=off&sigp=pref%20bl&sig=AMctaOIRgcTAHYXz1KuVsPHwVpqFKrQCJg

Demo Video:

Author:
Sony
Read more »
Youtube Hacks
Bing Hacks Defaced Website drAg Facebook Hacking Gmail Hack Google Hacks Hackers News Mass Defacments Microsoft Hacks Youtube Hacks

GOOGLE | YOUTUBE | MYSPACE | FACEBOOK | GMAIL | BING | MICROSOFT Hacked


Can't Believe this: A Hacker called dr@g has Hacked Guadeloupe  Google / Microsoft/ Motorola / Orange / Facebook / Youtube / Myspace / Live / Hotmail / Bing / Visa / Opera / Gmail / Joomla / Ubuntu / Internet / Bank America and Defaced them. The Hacker is in the team called Moroccain Security Cr3w.
Looks like DNS Hijacking(but not sure).

Hacked Site List:
http://www.google.gp/
http://www.google.com.gp/
http://www.google.net.gp/
http://microsoft.gp/
http://internet.gp/
http://motorola.gp/
http://orange.gp/
http://www.oracle.gp/
http://opera.gp/
http://ubuntu.gp/
http://yahoo.gp/
http://www.facebook.gp/
http://www.youtube.gp/
http://www.bing.gp/
http://www.joomla.gp/
http://www.myspace.gp/
http://www.ciscosystems.gp/
http://www.googleplus.gp/
http://www.gmail.gp/
http://live.gp/
http://bankamerica.gp/

Mirror:
http://www.zone-h.com/mirror/id/14877986
http://www.zone-h.com/mirror/id/14877923
http://www.zone-h.com/mirror/id/14877133
http://www.zone-h.com/mirror/id/14877973
http://www.zone-h.com/mirror/id/14877865
http://www.zone-h.com/mirror/id/14877897
http://www.zone-h.com/mirror/id/14877917
http://www.zone-h.com/mirror/id/14877916
http://www.zone-h.com/mirror/id/14877915
http://www.zone-h.com/mirror/id/14877912
http://www.zone-h.com/mirror/id/14877082
http://www.zone-h.com/mirror/id/14877090
http://www.zone-h.com/mirror/id/14877091
http://www.zone-h.com/mirror/id/14877094
http://www.zone-h.com/mirror/id/14877096
http://www.zone-h.com/mirror/id/14877119
http://www.zone-h.com/mirror/id/14877171
http://www.zone-h.com/mirror/id/14877235
http://www.zone-h.com/mirror/id/14877294
http://www.zone-h.com/mirror/id/14877820
http://www.zone-h.com/mirror/id/14877983
http://www.zone-h.com/mirror/id/14877864



Read more »
Subscribe to: Posts (Atom)