RockYou Hacked – 32 Million Account Passwords Latest News

               RockYou Hacked – 32 Million Account Passwords Latest News

RockYou has suffered a serious hacker attack that has exposed 32 million of its customer usernames and passwords to possible identity theft. And it has apparently taken RockYou more than 10 days to inform its users of the breach. The security firm Imperva informed RockYou that its site had a serious SQL injection flaw, according to reports. Imperva said that some userse passwords had already been compromised as a result of the vulnerability by the time it notified RockYou of its findings. RockYou acted quickly to fix the flaw, but perhaps not fast enough. One hacker claimed to have gotten access to the accounts and posted some data as proof. Apparently, the database included the full list of unencrypted passwords in plain text. The flaw is a big one because RockYou usernames and passwords are, by default, the same as userse email names and passwords. Security experts are advising RockYou users to change their emails and passwords. RockYou has some of the most popular apps on Facebook, and it ranks third among Facebook developers with 55 million monthly active users, according to AppData. SQL injection exploits a vulnerability in an appes database layer and is a very common attack. It potentially lets hackers steal private information, and Yahooes jobs site recently suffered a similar attack. Imperva chief technology officer Amichai Shulman told eWeek Europe that users are particularly vulnerable if they use the same usernames and passwords for all of the sites that they visit. In a statement to Techcrunch, RockYou said, "On December 4, RockYoues IT team was alerted that the user database on RockYou.com had been compromised, potentially revealing some personal identification data for approximately 30M registered users on RockYou.com. RockYou immediately brought down the site
and kept it down until a security patch was in place. RockYou confirms that no application accounts on Facebook were impacted by this hack and that most of the accounts affected were for earlier applications (including slideshow, glitter text, fun notes) that are no longer formally supported by the company. RockYou has secured the site and is in the process of informing all registered users that the hack took place.. RockYou said it is planning to notify users. As others have noted, 10 days after it learned of the breach is far too late.

Read More

What is Trojan horse

What is Trojan Horse

 Working of Trojan Horse

 Types of Trojan Horse

 How They Introduced

 Tini Trojan

Classic Netbus

Beast RAT 2.07

*What is Trojan horse

    Trojan horse, or Trojan, is software that appears to perform a desirable function for the user prior to run or install, but (perhaps in addition to the expected function) steals information or harms the system.

*Working of Trojan

Attacker gets access to the infected(server) system as the system goes online.

Through the access given by the Trojan, an attacker can stage attacks of  different types.

*Types of Trojan Horse

1.Password Sending/ capturing

2.FTP Trojans

3.Key stroke captures

4.Denial Of Service (DoS)

5.Remote Access

6.Software Detection Killers

*How they introduced

1.Chat Clients ( Yahoo, Gtalk, IRC)

2. Email Attachments

3. Physical Access to the System

4. P2P (Torrent) and Freeware Sites

5. Wrappers

6. File Sharing

*Tini

Tini Trojan found at

 http://ntsecurity.nu/toolbox/tini

The Small 3kb size of this file left a small signature , hence the name Tini.

It only listen on port 7777 and returns a command prompt shell to the attacker. The static use of this port made easy to detect.

From a Tini client you can telnet to Tini server at port 7777 .

*Net bus

Netbus is a software program for remotely controlling a Microsoft Windows computer system over a network. It was created in 1998 and has been very controversial for its potential of being used as a backdoor.

*Beast Final V.2.7

Beast is a Windows-based backdoor Trojan horse more commonly known in the underground "script- kiddie" community as a RAT (Remote Administration Tool). It is capable of infecting almost all Windows versions i.e. 95 through XP. Written in Delphi and released first by its author Tataye in 2002, it became quite popular due to its unique features.

Read More

How To Reset Your Lost Bios Password

How To Reset Your Lost Bios Password

Bios password are used to secure your desktop and latop computer by preventing user from changing your bios setting or acessing to your computer while u are away.there is too type of password protection the first one is bios setup protection:to prevent user from changing bios setting thesecond one system proetction:to make the system unbootable intel entring the password. but sometime user can forget their password or even wrose they can get infected by bios Backdoor verus.so sending back the unit for reset bios is expensive here is some why how to recover or remove u lost bios password U can start first by mailing your Before hardware manufacturer support before attempting to bypass the BIOS password on a computer or laptop, then ask them if there is some bypass security.in the worest case u will not get any answer so here is the type oto follow

 1) u can start by using a manufacturers backdoor password to access the BIOS

 2) there is large range of password cracking software can be also used

 3)on of the most efficase way is to reset the bios cmos .just look to the motherboard somewhere near your battery thir should be a jumper placed in two pin.if there is no third pin just take out the jumper then place it back .if there is a thrid jumper just place it in 2-3 possition then back to normal possition .dont forget to fully switch off your pc or laptop.u

can risk of riuning your motherboard if u clear the cmos with powered up motherboard .

 4)the second way how to get the bios to default value is by removing the battery .just remove it for 30 min the put it back .again u must fully unplug any power cable during the process

 by Overloading the keyboard buffer.not always working but should help in some case

 The last way is toUse a professional service

Read More

World‟s First iPhone Worm Hits iPhone Owners In Australia

World‟s First iPhone Worm Hits iPhone Owners In Australia

Apple iPhone owners in Australia have reported that their smartphones have been infected by a worm that has changed their wallpaper to an image of 1980s pop crooner Rick Astley. Tricking victims in to inadvertently playing the song has become a popular prank known as Rickrolling.

The attacks, which researchers say are the world‘s first iPhone worm in the wild, target jailbroken iPhones that have SSH software installed and keep Apple‘s default root password of 

"alpine.‖ In addition to showing a well-coiffed picture of Astley, the new wallpaper displays the message "ikee is never going to give you up,‖ a play on Astley‘s saccharine addled 1987 hit "Never Gonna Give You Up.‖

A review of some of the source code, shows that the malware, once installed, searches the mobile phone network for other vulnerable iPhones and when it finds one, copies itself to them using the the default password and SSH, a Unix application also known as secure shell. People posting to this thread on Australian discussion forum Whirlpool first reported being hit on Friday. "I foolishly had forgot to change my root and user password last time i had jailbroke my phone,‖ wrote one forum participant. In addition to his own iPhone being attacked, he said a flatmate‘s iPhone 3G was also sullied with the image of Astley. Users who tried to delete the image were chagrined to find it reappear once they rebooted their device. The attack is a wakeup call for anyone who takes the time to jailbreak an iPhone. While the hack greatly expands the capabilities of the Apple smartphone, it can also make it more vulnerable. Programs such as OpenSSH, which can only be installed after iPhones have undergone the procedure, can be extremely useful, but if owners haven‘t bothered to change their root password, the programs also represent a gaping hole waiting to be exploited. Indeed, a hacker going by the moniker ikee and claiming to be responsible for the worm said here that he wrote the program to bring awareness to the widely followed practice of failing to change the iPhone‘s password.

"I was quite amazed by the number of people who didn‘t RTFM and change their default passwords,‖ the unidentified worm writer 149

said. "I admit I probably pissed of [sic] a few people, but it was all in good fun (well ok for me anyway).‖ Ikee said the worm disables the SSH daemon so it can‘t be targeted further. So far, there are no reports of people outside of Australia getting infected. And the attack appears to do nothing more than Rickroll victims with the Astley wallpaper. But because the writer released source code for four separate variants, it wouldn‘t be surprising for copycats in other regions to appropriate the attack code and potentially imbue it with more malicious payloads. Source:- The Register

Read More

Latest Hacking News Articles

Latest Hacking News Articles

Obama's and Fox News Twitter accounts Hacked By 18 year old.

n 18-year-old hacker with a history of celebrity pranks has admitted to Monday’s hijacking of multiple high-profile Twitter accounts, including President-Elect Barack Obama’s, and the official feed for Fox News. The hacker, who goes by the handle GMZ, told Threat Level on Tuesday he gained entry to Twitter’s administrative control panel by pointing an automated password-guesser at a popular user’s account. The user turned out to be a member of Twitter’s support staff, who’d chosen the weak password "happiness." Cracking the site was easy, because Twitter allowed an unlimited number of rapid-fire log-in attempts. "I feel it’s another case of administrators not putting forth effort toward one of the most obvious and overused security flaws," he wrote in an IM interview. "I’m sure they find it difficult to admit it." The hacker identified himself only as an 18-year-old student on the East Coast. He agreed to an interview with Threat Level on Tuesday after other hackers implicated him in the attack. The intrusion began unfolding Sunday night, when GMZ randomly targeted the Twitter account belonging to a woman identified as "Crystal." He found Crystal only because her name had popped up repeatedly as a follower on a number of Twitter feeds. "I thought she was just a really popular member," he said. Using a tool he authored himself, he launched a dictionary attack against the account, automatically trying English words. He let the program run overnight, 145

and when he checked the results Monday morning at around 11:00 a.m. Eastern Time, he found he was in Crystal’s account. That’s when he realized that Crystal was a Twitter staffer, and he now had the ability to access any other Twitter account by simply resetting an account holder’s password through the administrative panel. He also realized he hadn’t used a proxy to hide his IP address, potentially making him traceable. He said he hadn’t used a proxy because he didn’t think the intrusion was important enough to draw law-enforcement attention, and "didn’t think it would make headlines." He said he decided not to use other hacked accounts personally. Instead he posted a message to Digital Gangster, a forum for hackers and former hackers, offering access to any Twitter account by request. "I … threw the hack away by providing DG free accounts," he said. He also posted a video he made of his hack to prove he had administrative access to Twitter. President-Elect Barack Obama was among the most popular requests from Digital Gangster denizens, with around 20 members asking for access to the election campaign account. After resetting the password for the account, he gave the credentials to five people. He also filled requests for access to Britney Spears’ account, as well as the official feeds for Facebook, CBS News, Fox News and the accounts of CNN correspondent Rick Sanchez and Digg founder Kevin Rose. Other targets included additional news outlets and other celebrities. Fox won the hacker popularity contest, beating out even Obama and Spears. According to Twitter, 33 high-profile accounts were compromised in all. GMZ doesn’t know what the reset passwords were, because Twitter resets them randomly with a 12-character string of numbers and letters. On Monday morning, the Twitter accounts belonging to Obama, Britney Spears, FoxNews and others, begansending out bogus messages. Someone used the Obama account to send out a message urging supporters to click on a link to take a survey about the president-elect, and be eligible to win $500 in gasoline. A fake message sent to followers of the Fox News Twitter feed announced that Fox host Bill O’Reilly "is gay," while a message from Britney Spears’ feed made lewd comments about the singer. It was initially believed that the Twitter account hijackings were related to two phishing scams that surfaced over the weekend. But GMZ’s hack was unrelated. Shortly after GMZ posted his original message to Digital Gangster, the site’s administrator deleted it, along with the responses from members asking for access to other accounts. But a subsequent thread on the site supports GMZ’s account of the hack. GMZ said he didn’t access any of the high-profile accounts himself, and didn’t send out any of the bogus tweets. He thinks he was in Twitter a couple of hours before the company became aware of his access and locked him out. 146

Twitter co-founder Biz Stone confirmed for Threat Level that the intruder had used a dictionary attack to gain access to the administrative account, but wouldn’t confirm the name of the employee who was hacked, or the password. He also wouldn’t comment on how long the intruder was in the Twitter account resetting passwords before he was discovered. "Regarding your other questions, I’d feel more comfortable addressing them once we’ve spoken to counsel because this is still ongoing," he wrote Threat Level in an e-mail. Stone said that Twitter has already been contacted by the Barack Obama campaign about the hack and has been in touch with everyone whose account was accessed by the intruders. He said Twitter had not had contact with the FBI or any other law enforcement agency. "We’re waiting to hear back from our lawyer about what our responsibilities are about this and how to approach it," Stone said in a separate phone interview. As for addressing the security issues that allowed the breach, he wrote in a follow-up e-mail that the company is doing "a full security review on all access points to Twitter. More immediately, we’re strengthening the security surrounding sign-in. We’re also further restricting access to the support tools for added security." GMZ, who said he’s been hacking for about three years and is currently studying game development, said he conducted the dictionary attack using a script he wrote and used last November to break into the YouTube account of teen queen Miley Cyrus. That hack gained widespread attention when someone posted a video memorial to Cyrus on the account, claiming Cyrus had died in a car accident. GMZ said a friend of his was responsible for the hoax. GMZ said he’s used the same dictionary attack to breach the SayNow accounts of Disney star Selena Gomez and other celebrities. After YouTube blocked his IP and patched some vulnerabilities he was exploiting, he decided "for the fun of it (curiosity and self-entertainment) I’ll pen-test Twitter." He was "shocked to realize that there was no rate limit" to lock someone out after a specific number of failed password attempts. He said he’d never even heard of Twitter until he saw someone mention it on YouTube. Source:- The Register

Read More

How To Download Youtube Videos

How To Download Youtube Videos

Free Web services for downloading videos from video-sharing sites

ClipNabber allows you to download videos from YouTube, Metacafe, etc. by simply copying and pasting the URL. You'll then get a link whereby you can download the file to your computer, iPod, iPhone, or any other media player. You'll need to have an FLV player for the YouTube videos. Quick and very easy to use!

Zamzar is a free online file conversion web application that can not only convert videos off the Internet to AVI, MPEG, 3GP, MP4, MOV, etc., but also converts between audio, image, and document formats. Paste the URL into Step 1 and then convert the file to your favorite format.

Vixy.net is another site that not only downloads online videos, but will also convert them to AVI, MOV, MP4, 3GP, or MP3 (if you want to extract

the audio from the file). Using this site, you don't have to worry about downloading a FLV player as you can convert it to Windows format. (Same as Zamzar)

KeepVid also supports just about any video sharing site out there and the only difference about this site is that it also has a Top Videos section, so you can quickly download the most watched videos around the web.

Media Converter is similar to ZamZar and vixy.net, but requires you to create an account and log in. Also, it seems like it only supports downloading and converting videos from YouTube. You can also download their video download program, but it only supports 5 sites.

Hey! Watch is an online video encoding web service that encodes video into different formats including HD very quickly. The graphical interface is very nice and there are lots of features and options, such as the ability to transfer any video from the web directly to an FTP server or to online storage.

YouTubeX, as the name suggests, allows you to download videos from YouTube. Obviously, it only supports YouTube, but it has a couple of other features, such as the ability to play your video on the site and find popular videos quickly.

VideoRonk searches across multiple video-sharing sites such as Google Video, YouTube, MetaCafe and DailyMotion to find the most popular videos on each of them. You can either watch them on VideoRonk or download them to your computer in FLV format.

VidDownloader supports about 10 sites including the major ones and can download the videos in DivX AVI format. It's very easy to use and can also extract only the audio from a video by choosing "Just Audio" on the download page. You don't have to worry about having an FLV player since it converts the files to Windows format.

According to their web site, they support more than 98 video sites including MySpace, CollegeHumor, iFilm, etc. You'll have to rename the files you download from YouTube with the .FLV extension at the end.

This site is a foreign site, but is easy to use and supports most of the major sites. You can also download a free FLV player off their site to play videos from YouTube.

DownThisVideo has a nice tag cloud at the top that you can click on to find videos quickly. From what I could tell, this site is mostly used by Japanese because the popular videos are mostly Anime, etc. However, you can still use it to download any YouTube video.

Bishal obroy  Suggesion: - If you do not like above then I suggest go for orbit downloader free software for downloading ,it can directly download songs of youtube

Read More

Recover Lost Data from The Sim Card

                 Recover Lost Data from The Sim Card

1. Free to download Data Doctor Recovery - Sim Card and install it . Connect your sim card reader on port and insert sim card in it.

2. Click the Data Doctor Recovery - Sim Card desktop icon (or select from the Windows programs list) to launch the product. The initial screen (below) is displayed.

 3. Click on the Read Sim Card Icon. This will display.

4. Select appropriate Com Port, Data Baud and Parity or you can set the default setting. Then click "ok".

After this splash screen move. For Phone Book information Click on the Phone Book icon. Then Click on Contact in Phone Book Tree. This will show as below... For SMS information click on Sms Icon.This will show as below..

To Recover your deleted Sms click on Deleted on Tree. This will display as. You can also see the ASCII or Hex Value of selected phone number or SMS by click on Ascii value and Hex value Tab Button. To Know the ICC Identification and service provider name click on Others Button. These are displayed as.. ICC Identification Service Provider Name

About Sim card data recovery software Sim Card Data Recovery Software recovers your mobile phone sim card accidentally deleted text SMS messages. Data Doctor Sim Card Recovery Software is read only and non-destructive utility restore all lost message. Utility retrieve all deleted contact numbers (phone numbers), unreadable messages, corrupt phone book directory.

Bishal obroy‟s Suggesion: -“Very good free software you can download if from the official doctor data recovery webportal or www.ethicalhacking.do.am”

Read More