LATEST UPDATES

Hacking

Technology

Defacements

Local News

World News

Tuesday, January 20, 2015

Beware! Fake WhatsApp PLUS App Rumored to be Next Official WhatsApp Release

Several reports from the popular news websites had suggested that WhatsApp, the widely popular messaging application, is working on a new version of its instant messaging client, called WhatsApp PLUS, in order to provide its users a lot of handy new features. However the news seems to be completely fake!!
WhatsApp Plus has already been launched a long ago and is not at all genuine as it is not associated with the Facebook-owned WhatsApp. Many users claimed to have already used WhatsApp Plus before.
The latest news reports insist that WhatsApp Plus will bring 700 new themes and more number of emoticons, as well as will provide users with an option to change the font, and color among other things in an attempt to make the app look and feel more personalized. Moreover, the app will provide better privacy compared to the existing one. But, here you need to have a second thought.

If we talk about better privacy, the only genuine report about WhatsApp came late last year, when WhatsApp partnered with Open Whisper Systems, a collaborative open source project to offer end-to-end encryption in its Android client. But, that was also with the same label, WhatsApp.
The domain of WhatsApp Plus wasn't registered by WhatsApp, Inc, according to the Whois information of the alleged Whatsapp website. In order to find links to shady websites, BGR reports that they decompiled the WhatsApp Plus APK file circulating around the web, which revealed that the "app is communicating with illegitimate sources."
Beware those who find the app genuine and interesting to download. There are many fake and malicious messaging apps that trick users to download and install, what could potentially be a malware. WhatsApp Plus is also not a genuine, but an effort by unauthorised websites to trick people into downloading it.
We will strongly advise people to not download WhatsApp Plus, or any app that claims to be a new rather different version of WhatsApp. It has been confirmed that WhatsApp hasn’t launched any such app. The app could be a malware that can trouble your phone and downloading an alternative, would be laying your privacy and security at risk.

Want to Hire a Hacker? Check Out Hacker's List Website

Want to hack someone’s Facebook account? or Gmail account? or break into somebody’s network? But don’t have hacking skills to do so. There’s no need to worry at all. A new service is out there for you guys where you can search for professional hackers and hire them to accomplish any hacking task.
Dubbed Hacker's List, a new service that offers to connect customers and "professional" hackers for hire. The service would made any tech-illiterate person capable to break into his boss' email address. This really sounds like something that happens mostly in movies. As if I’m hiring a hacker to accomplish crimes for me.
"Hiring a hacker shouldn't be a difficult process, we believe that finding a trustworthy professional hacker for hire should be a worry free and painless experience," reads a description on the website. "At Hacker's List we want to provide you with the best opportunity to find your ideal hacker and for professional hackers around the world to find you."
Hacker’s List, the three-month old website — launched in November — has received over 500 hacking jobs so far and waiting for successful bidders. There are around 70 anonymous hacker profiles displayed on the website, but many of them are inactive at the moment.

The website charges a fee on a project and payment is cleared on completion of the work, just like freelancing sites. Based on hours, prices of hackers range between $28 to $300 and full hacking projects range in prices of $100 to $5000. As you might expect, it's all done anonymously — collection of fees when tasks are completed, nobody knows the identity of those involved in doing the work.
Several projects ranging from 'Hacking into Facebook account', 'Hacking into Gmail accounts', 'Hacking into websites' and 'Hacking into business accounts' are listed on the website. Surprisingly, many jobs listed on the website are for the customers pleading for hackers to break into school systems in order to change grades.
You can have a look below to see the list of some jobs, together with the price customers are willing to pay:
  • $300-$500: I need a hack for an Android Game called "Iron Force" developed by "Chillingo". It's a dynamic Server game, frequently updated. very hard to hack. I need a hack that give diamonds and cash on this game and if possible a auto-play robot system for my account.
  • $10-$350: Need some info and messages from a Facebook account. Other jobs to come if successful.
  • $300-$600: I need a hacker to change my final grade, it should be done in a week.
  • $200-$300: Hack into a company email account. Copy all emails in that account. Give copies of the emails employer. Send spam emails confessing to lying and defamation of character to everyone in the email list.
Hacker’s List, a website registered in New Zealand, has become the first website ever to provide "ethical hacking" services. While the activities listed on the site are clearly illegal in some cases, but the website asks users not to "use the service for any illegal purposes," as laid out in its 10-page long terms and conditions section.

Wednesday, January 14, 2015

KeySweeper — Arduino-based Keylogger for Wireless Keyboards


Security researcher has developed a cheap USB wall charger that is capable to eavesdrop on almost any Microsoft wireless keyboard.

MySpace mischief-maker Samy Kamkar has released a super-creepy keystroke logger for Microsoft wireless keyboards cunningly hidden in what appears to be a rather cheap, but functioning USB wall charger.

The stealthy Arduino-based device, dubbed "KeySweeper", looks and functions just like a generic USB mobile charger, but actually sniffs, decrypts, logs, and reports back all keystrokes from a Microsoft wireless keyboard.
"KeySweeper is a stealthy Ardunio-based device camouflaged as a wall charger that wirelessly sniffs, decrypts, logs and reports-back all keystrokes from any Microsoft wireless keyboard in the vicinity," Kamkar said.
The security researcher has also released instructions on how to build the USB wall charger online and surprisinglyits is cheap to build and quite capable. KeySweeper includes a web-based tool for live keystroke monitoring, capable to send SMS alerts for typed keystrokes, usernames, or URLs, and even continues to work after it is unplugged because of its rechargeable built-in battery.
"Even if we do not know the MAC address, we can decrypt the keystroke. Using a few-dollar Arduino and a US$1 Nordic RF chip we can decrypt these packets and see any keystroke of any keyboard in the vicinity that's using the Microsoft wireless keyboard protocol and it doesn't matter what OS is used."
Keysweeper stores the captured keystrokes both online and locally, and then send it back to the KeySweeper operator over the Internet via an optional GSM chip.

Usually, Microsoft wireless keyboards encrypt their data before sending it wirelessly, but Kamkar claims to have discovered several vulnerabilities in it that make the data easy to decrypt. Kamkar hasn't tested KeySweeper on every Microsoft wireless keyboard, but he believes that they will all be vulnerable.

Kamkar hasn't just outlined multiple vulnerabilities, but also released detailed instructions on how to build the device on GitHub. He's also produced a half-hour video on KeySweeper, which you can watch below:

According to the researcher, the unit cost for KeySweeper ranges from $10 to $80, depending on which functions a user requires. The hardware breakdown is mentioned as follows:
  • $3 – $30: An Arduino or Teensy microcontroller can be used.
  • $1: nRF24L01+ 2.4GHz RF Chip which communicates using GFSK over 2.4GHz.
  • $6: AC USB Charger for converting AC power to 5v DC.
  • $2 (Optional): An optional SPI Serial Flash chip can be used to store keystrokes on.
  • $45 (Optional): Adafruit has created a board called the FONA which allows you to use a 2G SIM card to send/receive SMS, phone calls, and use the Internet directly from the device.
  • $3 (Optional if using FONA): The FONA requires a mini-SIM card (not a micro-SIM).
  • $5 (Optional, only if using FONA): The FONA provides on-board LiPo/LiOn battery recharging, and while KeySweeper is connected to AC power, the battery will be kept charged, but is required nonetheless.
A Microsoft spokesperson told VentureBeat that they "are aware of reports about a 'KeySweeper' device and are investigating."

Monday, December 15, 2014

'SoakSoak' Malware Compromises 100,000 WordPress Websites

 
The users of WordPress, a free and open source blogging tool as well as content management system (CMS), are being informed of a widespread malware attack campaign that has already compromised more than 100,000 websites worldwide and still counting.
The news broke throughout the WordPress community earlier Sunday morning when Google blacklisted over 11,000 domains due to the latest malware campaign, that has been brought by SoakSoak.ru, thus being dubbed the ‘SoakSoak Malware’ epidemic.
While there are more than 70 million websites on the Internet currently running WordPress, so this malware campaign could be a great threat to those running their websites on WordPress.

Once infected, you may experience irregular website behavior including unexpected redirects to SoakSoak.ru web pages. You may also end up downloading malicious files onto your computer systems automatically without any knowledge.
The search engine giant has already been on top of this infection and has added over 11,000 websites to their blacklist that could have seriously affected the revenue potential of website owners, running those blacklisted websites.
The security team at the security firm Sucuri, which is actively investigating the potential vector of the malware, said that the infections are not targeted only at WordPress websites, but it appears that the impact seems to be affecting most hosts across the WordPress hosting spectrum.
SoakSoak malware modifies the file located at wp-includes/template-loader.php which causes wp-includes/js/swobject.js to be loaded on every page view on the website and this “swobject.js” file includes a malicious java encoded script malware.
If you run any website and are worried about the potential risk of the infection to your website, Sucuri has provided a Free SiteCheck scanner that will check your website for the malware. The exact method of intrusion has not been pointed out at this time, but numerous signals led to believe us all that many WordPress users could have fallen victim to this attack.
However, if you are behind the Website Firewall, CloudProxy, you are being protected from the SoakSoak malware campaign.

Wednesday, December 3, 2014

Pacquiao vs Algieri - Full Video Replay


Manny Pacquiao (56-5-2, 38 KOs) will defend his WBO welterweight title against rising WBO 140-pound titleholder Chris Algieri (20-0, 8 KOs) at the Venetian Macao’s Cotai Arena, Macau, China.

Why Binay is still the man to beat in 2016


MANILA - Despite all the corruption allegations being hurled against him, Vice-President Jejomar Binay is not likely to back down from his plan to run for President in 2016.
Political analyst Malou Tiquia, founder and general manager of Publicus Asia Incorporated, said Binay will still make a go for the presidency even if he is being pilloried in the Senate Blue Rribbon subcommittee, which is investigating allegations of corruption against him.
But given all the accusations being thrown against him, including allegedly hiding properties under the names of alleged dummies and benefiting from overpriced projects in Makati when he was still mayor of the city, is Binay, who has consistently topped surveys, still the man to beat in 2016?
According to Tiquia, Binay, who has repeatedly trumpeted his rise from poverty, has a "compelling story" to tell.
A compelling story is a major factor to win the presidency, University of the Philippines (UP) vice president for public affairs Prospero de Vera said.
De Vera, however, stopped short of saying that Binay will automatically win in the 2016 elections, noting that it is still a long stretch before the presidential polls.
He said the "defining development" would be the resolution of the Senate's investigation, which, he said, is also being awaited by other possible contenders.
"If they see the numbers of the vice-president going down, it will increase their hope and become more active in presenting themselves," de Vera said.
But for Dr. Grace Gorospe-Jamon of the UP political science department, there is no question that Binay is the "man to beat" in 2016.
Jamon said other candidates should have a "strategically well done" campaign to defeat Binay in the presidential polls.
"If we don't get a credible candidate that will oppose Binay, Binay will win," she said.
Dr. Antonio Contreras of the De La Salle University's (DLSU) political science department agreed. "If there is no miracle on the side of Mar [Roxas] and there is no better candidate, Binay will win."
He also believes that the more candidates run for president, the higher chances Binay will have of winning.
THE BINAY PARADOX
"The problem is 'pag bumaba masyado ang bilang niya, mas maraming lalakas ang loob na kumandidato. 'Yun ang irony dito... Dahil mas maraming gustong kumandidato, mas mape-preserve din 'yung probability na manalo siya kasi nga hati-hati na yung boto," he said.
"So you see he is in a very nice position right now," Contreras added. "Kaya nga, how do you solve a problem like him?"
University of Santo Tomas (UST) political science professor Edmund Tayao also pointed out that the two senators consistently "hitting and bamboozling" Binay do not seem to benefit from their attacks against the vice-president.
Senators Antonio Trillanes IV and Alan Peter Cayetano have been leading the Senate investigation on corruption allegations against Binay. The two, both from the Nacionalista Party (NP), have expressed intention to run for president.
Tayao said, "Look at what happened. Are their numbers going up? Not really."
"People are waiting for, 'Ano ba yan? Ano ba yang binebeneta mo sa amin?' Di pa malinaw," added Tiquia.
Tayao also said that so far, "none has formulated a really good strategy to have their names placed on the table and be considered by the public."
PNOY'S ENDORSEMENT
Meanwhile, de Vera said the idea that the endorsement of the President is a major factor in winning in the polls is "overrated."
He said an endorsement from President Benigno Aquino III for the 2016 elections will only be an "add-on" or a "bonus."
"You've got to be strong on your own merits... A weak candidate, even with all the resources, cannot simply overwhelm an opponent that is strong," he said.

Watch the video: here

Tuesday, December 2, 2014

Uber’s Android app is Literally Malware?


The popular ride-sharing service Uber has been hit by various controversies lately, but now the things gone even worse for the company when a security researcher made a worrying discovery this week and claims, "Uber’s app is literally malware."

The ride-hailing company is in disputes of handling privacy of its customers data. A Phoenix-based security researcher Joe Giron found that a surprising amount of users’ data is being collected by the company’s mobile application for Android.

Researcher, who runs a cyber security firm in Arizona, just reverse-engineered the code of Uber’s Android application and come to the conclusion that it is a malware. He discovered that the app "calls home" and sends data back to the company.

But this excessive amount of access to users’ data is not the sort of app data a taxi company should have access to in the first place. It really seems strange and unnecessary to collect.
"Christ man! Why the hell would it want access to my camera, my phone calls, my Wi-Fi neighbors, my accounts, etc?" Joe writes in his Security Blog. "Why the hell is this here? What’s it sending? Why? Where? I don’t remember agreeing to allow Uber accedes to my phone calls and SMS messages. Bad NSA-Uber."
Now one thing strikes in our mind that today a large number of Smartphone applications have access to users’ app data, so what’s the difference between others and Uber’s way of accessing your data??

Here we present you a long list of everything the Uber Android app can have about its users, revealed by a thread on Ycombinator:
  • Accounts log (Email)
  • App Activity (Name, PackageName, Process Number of activity, Processed id)
  • App Data Usage (Cache size, code size, data size, name, package name)
  • App Install (installed at, name, package name, unknown sources enabled, version code, version name)
  • Battery (health, level, plugged, present, scale, status, technology, temperature, voltage)
  • Device Info (board, brand, build version, cell number, device, device type, display, fingerprint, ip, mac address, manufacturer, model, os platform, product, sdk code, total disk space, unknown sources enabled)
  • GPS (accuracy, altitude, latitude, longitude, provider, speed)
  • MMS (from number, mms at, mmss type, service number, to number)
  • NetData (bytes received, bytes sent, connection type, interface type)
  • PhoneCall (call duration, called at, from number, phone call type, to number)
  • SMS (from number, service number, sms at, sms type, to number)
  • TelephonyInfo (cell tower id, cell tower latitude, cell tower longitude, imei, iso country code, local area code, meid, mobile country code, mobile network code, network name, network type, phone type, sim serial number, sim state, subscriber id)
  • WifiConnection (bssid, ip, linkspeed, macaddr, networkid, rssi, ssid)
  • WifiNeighbors (bssid, capabilities, frequency, level, ssid)
  • Root Check (root staus code, root status reason code, root version, sig file version)
  • Malware Info (algorithm confidence, app list, found malware, malware sdk version, package list, reason code, service list, sigfile version)
"Why the hell would they need this? I know I keep asking questions, but here’s some answers: Uber checks to see if your device is rooted. It doesn’t tell you of course, it just wants to know so it can phone home and tell them about it. I also saw checks for malware, application activity and a bunch of other stuff," the publication adds.
The ride-driving company might have some legitimate reason to make use of most of this collected information in the app, perhaps for fraud detection or an intelligence-gathering tool. But, the problem is that the information is being sent and collected by Uber’s servers without any knowledge or permission of the app user. Neither the extent of the data the Uber app collects seems to go beyond the data set shown on its permissions screen.
Uber responded to the issue and said in a statement to Cult of Mac, "Access to permissions including Wifi networks and camera are included so that users can experience full functionality of the Uber app. This is not unique to Uber, and downloading the Uber app is of 

Sony Pictures Hack — 5 Things You Need To Know


What a horrible start the holiday season in U.S. Over Thanksgiving weekend, Sony Pictures Entertainment suffered a massive data breach as "Guardians of Peace" hacked-into Sony Pictures' computer system that brought the studio's network to a screeching halt.

Following the hack, hackers leaked five unreleased Sony movies to Torrent file-sharing website during Black Friday. It's still not clear whether both the incident back to back with Sony Pictures belongs to same group of hackers or not, but here's what you need to know about the breach:

1. FBI MALWARE WARNING AFTER SONY PICTURES HACK
The U.S. Federal Bureau of Investigation (FBI) warned businesses that cyber criminals have used malicious software to launch destructive cyber-attacks in the United States, following the last week's massive data breach at Sony Pictures Entertainment, in which four unreleased films were stolen and pirate-shared.

In a five-page confidential 'flash' warning, FBI recommended users to strengthen the protection of their information systems and limit access to databases. But when asked if the same malicious software had been used against the Sony Pictures hack, FBI declined to comment.

This new "destructive" malware has capability to overwrite a victim host's master boot record and all data files. "The overwriting of the data files will make it extremely difficult and costly, if not impossible, to recover the data using standard forensic methods," according to Reuters who independently obtained the report.

2. IS NORTH KOREA BEHIND THE CYBER ATTACK ON SONY PICTURES ?
As we reported earlier, Sony Pictures is investigating the possibility that hackers working on behalf of North Korea were behind the hacking incident.

Sony hack is the payback for upcoming Kim Jong assassination comedy film. It is because the hack comes just a month before the scheduled release of Sony's upcoming comedy "The Interview," a comedy about two journalists who are recruited by the CIA to assassinate North Korean leader Kim Jong Un.

The film became a source of international controversy, and the Pyongyang government denounced the film as "undisguised sponsoring of terrorism, as well as an Act of War" in a letter to U.N. Secretary-General Ban Ki-moon in June.

But pointing finger towards North Korea without any strong evidence would be wrong. So, we still won't confirm whether its cyber war by North Korea or some other unknown, sophisticated hacker.

3. FIVE MOVIE LEAKED LINKED TO SONY PICTURES
Following the last weeks cyber-attack on Sony Pictures Entertainment, high-quality versions of five newest films – Annie, Fury, Still Alice, Mr. Turner and To Write Love on Her Arms – distributed by Sony Pictures leaked online during Black Friday.

Four of the leaked films have yet to hit the big screen. The remake of the 1982 released "Annie" is Sony's next big film, schedule to hit theaters on Dec. 19 with new stars Quvenzhané Wallis, Cameron Diaz and Jamie Foxx.

Two other new films, "Mr. Turner" and "Still Alice" are also considered possible Oscar contenders for their lead actors Timothy Spall and Julianne Moore.

4. SONY HIRED FIREEYE FOR INVESTIGATION
Sony Pictures Entertainment has hired Mandiant incident response team of FireEye Inc to help clean-up the damage caused by the huge cyber attack on its network, which forced its employees to put pen to paper over the last few weeks.

In addition to the FireEye, FBI is also investigating the matter and is looking into the devastating leak of four of its upcoming movies, although it has not been confirmed that the leak of all the films came from the same data breach.

Mandiant is a well-known security incident response team of FireEye which deals in forensic analysis, repairs and network restoration. Mandiant is the same team that helped in the catastrophic security breach experienced by one of the world's largest retailer Target in 2013.

5. SONY PICTURES HACK IS NOT THE COMPANY'S FIRST TIME HACK
In August, Sony's PlayStation Network was completely taken down by a distributed denial-of-service (DDoS) attack, a common technique used by hackers to overwhelm a system with traffic and make the network temporarily inaccessible to users.

The gaming network also suffered a more severe hack in 2011, which led to the exposure of 77 million PlayStation and Qriocity accounts along with 25 million Sony Online Entertainment accounts, bringing the total to more than 100 million in one of the largest data breaches ever. The hack cost Sony 14 billion yen ($172 million), and it took the networks -- for downloading and playing games, movies, and music -- offline for about a month before bringing them back up.
 

Top