Are you a spammer

Please note, that the first 3 posts you make, will need to be approved by a forum Administrator or Moderator before they are publicly viewable.
Each application to join this forum is checked at the Stop Forum Spam website. If the email or IP address appears there when checked, you will not be allowed to join this forum.
If you get past this check and post spam on this forum, your posts will be immediately deleted and your account inactivated.You will then be banned and your IP will be submitted to your ISP, notifying them of your spamming. So your spam links will only be seen for an hour or two at most. In other words, don't waste your time and ours.

This forum is for the use and enjoyment of the members and visitors looking to learn about and share information regarding the topics listed. It is not a free-for-all advertising venue. Your time would be better spent pursuing legitimate avenues of promoting your websites.

News For Latest Hacks Around The World

Build it and learn to secure your system/server.


News For Latest Hacks Around The World

Postby tanmay.01 » Fri Jul 26, 2013 7:44 am

hacked.jpg

This thread has been started to keep the forum members updated about hacked forums, websites, application databases so that they can secure their account and change passwords in time.
HP ENVY 15
•3rd generation Intel(R) Core(TheeMahn) i5-3210M Processor (2.5 GHz with Turbo Boost up to 3.1 GHz)
• 1GB Radeon(TheeMahn) HD 7750M GDDR5 Graphics [HDMI]
• 6GB 1600DDR3 System Memory (2 Dimm)
• 750GB 7200 rpm Hard Drive
• Intel 2x2 802.11a/b/g/n WLAN + Bluetooth(R)
• Full-size Radiance backlit keyboard.

Image
User avatar
tanmay.01
Moderator
 
Posts: 253
Joined: Wed Dec 07, 2011 1:03 pm
Location: India
Age: 27
Operating System: Other Linux



Re: News For Latest Hacks Around The World

Postby tanmay.01 » Fri Jul 26, 2013 7:48 am

Just now, Syrian Electronic Army has posted a tweet saying they have hacked into TrueCaller website(www.truecaller.com)

"Sorry @Truecaller, we needed your database, thank you for it :) http://truecaller.com #SEA #SyrianElectronicArmy" One of the Tweet reads.

In another tweet, the group has provided the database host address,database name, username, and password in plain-text.

Speaking to E Hacking News, the hackers said they have hacked into the TrueCaller's server and downloaded more than 7 databases. The said the main database is 450GB.

The downloaded database includes truecaller_ugc(459GB), truecaller (100GB),truecaller_profiles( 4GB), truecaller_api(123KB), truecaller_PushMe(2.2KB), tc_admin(7MB), tc_www:(70MB). - See more at: http://www.ehackingnews.com/2013/07/tru ... 4y1vi.dpuf

Image

Source
HP ENVY 15
•3rd generation Intel(R) Core(TheeMahn) i5-3210M Processor (2.5 GHz with Turbo Boost up to 3.1 GHz)
• 1GB Radeon(TheeMahn) HD 7750M GDDR5 Graphics [HDMI]
• 6GB 1600DDR3 System Memory (2 Dimm)
• 750GB 7200 rpm Hard Drive
• Intel 2x2 802.11a/b/g/n WLAN + Bluetooth(R)
• Full-size Radiance backlit keyboard.

Image
User avatar
tanmay.01
Moderator
 
Posts: 253
Joined: Wed Dec 07, 2011 1:03 pm
Location: India
Age: 27
Operating System: Other Linux



Re: News For Latest Hacks Around The World

Postby tanmay.01 » Fri Jul 26, 2013 9:03 am

Simple Machines Forum(SMF), one of the top free open Source forum software, has revealed that its official website was compromised by intruders on the 20th of July.

Hacker compromised one of the admins account password that allowed him to gain access to the database server which contains the users' data.

SMF admitted that user data has been compromised by saying "we are 100% sure that our user database has been stolen". The stolen data includes password, personal messages and other info.

"This is !!NOT!! a security issue with the SMF software. If you are running the latest SMF version you have nothing to fear from this hack if you use different passwords." SMF said in their community page.

Users are urged to change the passwords. If you have used the same password anywhere else, it is recommended to change the password there also.

Source
HP ENVY 15
•3rd generation Intel(R) Core(TheeMahn) i5-3210M Processor (2.5 GHz with Turbo Boost up to 3.1 GHz)
• 1GB Radeon(TheeMahn) HD 7750M GDDR5 Graphics [HDMI]
• 6GB 1600DDR3 System Memory (2 Dimm)
• 750GB 7200 rpm Hard Drive
• Intel 2x2 802.11a/b/g/n WLAN + Bluetooth(R)
• Full-size Radiance backlit keyboard.

Image
User avatar
tanmay.01
Moderator
 
Posts: 253
Joined: Wed Dec 07, 2011 1:03 pm
Location: India
Age: 27
Operating System: Other Linux



Re: News For Latest Hacks Around The World

Postby tanmay.01 » Wed Aug 07, 2013 9:44 am

A new hacking technique dubbed BREACH can extract login tokens, session ID numbers and other sensitive information from SSL/TLS encrypted web traffic, say researchers.

Secret data crucial to securing online banking and shopping can be lifted from an HTTPS channel in as little as 30 seconds, we're told.

BREACH (short for Browser Reconnaissance and Exfiltration via Adaptive Compression of Hypertext) attacks the common Deflate data compression algorithm used to save bandwidth in web communications. The exploit is a development of the earlier Compression Ratio Info-leak Made Easy (CRIME) exploit, which also involved turning compression of encrypted web requests against users.

The code-breaking research behind BREACH was unveiled by security researchers Angelo Prado, Neal Harris and Yoel Gluck during a presentation at the Black Hat hacking conference in Las Vegas on Thursday.

All versions of TLS/SSL are at risk from BREACH regardless of the encryption algorithm or cipher that's in play, the trio said.

The attacker just has to continually eavesdrop on the encrypted traffic between a victim and a web server before tricking marks into visiting a website under the miscreant's control.

The attacker's booby-trapped website hosts a script that runs the second phase of the attack: this forces the victim's browser to visit the targeted website thousands of times, over and over, each time appending a different combination of extra data. When the attacker-controlled bytes match any bytes originally encrypted in the stream, the browser's compression kicks in and reduces the size of the transmission, a subtle change the eavesdropper can detect.

This data leakage - a type of Oracle attack - means an eavesdropper can gradually piece together an email address or security token in a HTTPS exchange, byte by byte, using a technique akin to a high-tech game of Battleships. The time needed to perform a successful attack, and how many requests need to be sent, is dependant of the size of the secret information attackers are targeting, Ars Technica notes.

The leaked data provides enough clues to decrypt a user's supposedly protected cookies or other targeted content. The recovery of secret authentication cookies open the door for attackers to pose as their victims and hijack authenticated web sessions, among other attacks, the British Computer Society (BCS) notes in a blog post.

The practical upshot is that tokens and other sensitive information sent over SSL connections could be lifted even though the encrypted contents of emails and one-off orders sent to e-commerce websites are beyond the scope of the attack. Prado, Harris and Gluck released tools to test whether websites are vulnerable to BREACH, as well as techniques to defend against the exploit during their presentation at Black Hat.
Not so lucky

BREACH is the latest in a growing list of attacks against HTTPS encryption, the internet's gold standard for secure communication, following attacks such as CRIME, BEAST, Lucky 13 and others.

During a debate at Black Hat, security researchers expressed fears that over the medium term algorithms such as RSA and Diffie-Hellman will be weakened or broken as a result of advances in crypto-analysis as well as the development of attacks such as BREACH.

“There’s a small, but definite chance that RSA and non-ECC Diffie-Hellman will not be usable for security purposes within two to five years,” said Alex Stamos of Artemis Internet, a division of iSEC Partners. “We’re not saying this is definite," he added.

Kaspersky Lab's Threatpost blog has more on the debate here. Stamos is not alone in looking forward towards the end of life of cryptographic tools and techniques that have served us well but are increasing showing their age. The RSA algorithm is about to turn 40, for example.

Source
HP ENVY 15
•3rd generation Intel(R) Core(TheeMahn) i5-3210M Processor (2.5 GHz with Turbo Boost up to 3.1 GHz)
• 1GB Radeon(TheeMahn) HD 7750M GDDR5 Graphics [HDMI]
• 6GB 1600DDR3 System Memory (2 Dimm)
• 750GB 7200 rpm Hard Drive
• Intel 2x2 802.11a/b/g/n WLAN + Bluetooth(R)
• Full-size Radiance backlit keyboard.

Image
User avatar
tanmay.01
Moderator
 
Posts: 253
Joined: Wed Dec 07, 2011 1:03 pm
Location: India
Age: 27
Operating System: Other Linux


Return to Server and Security

Who is online

Users browsing this forum: No registered users and 2 guests