Hacker group Anonymous continued its battle with PayPal this week, encouraging users to cancel their accounts over recent arrests and the company's refusal to handle transactions for whistleblower site Wikileaks.
The effort, dubbed Operation PayPal (or #OpPayPal), kicked off around 4am Eastern time and called on Anonymous supporters to "immediately close their accounts and consider an alternative."
In December, Anonymous organized a distributed denial of service (DDoS) attack against PayPal, Amazon, Visa, and MasterCard after the companies pulled their support for Wikileaks, which had recently dumped 250,000 State Department cables. At the time, PayPal said the move was in response to "a violation of the PayPal Acceptable Use Policy" because Wikileaks "was encouraging sources to release classified material, which is likely a violation of the law by the source."
Their Official Press Release
Dear PayPal, its customers, and our friends around the globe,
This is an official communiqué from Anonymous and Lulz Security in the name of AntiSec.
In recent weeks, we've found ourselves outraged at the FBI's willingness to arrest and threaten those who are involved in ethical, modern cyber operations. Law enforcement continues to push its ridiculous rules upon us - Anonymous "suspects" may face a fine of up to 500,000 USD with the addition of 15 years' jailtime, all for taking part in a historical activist movement. Many of the already-apprehended Anons are being charged with taking part in DDoS attacks against corrupt and greedy organizations, such as PayPal.
What the FBI needs to learn is that there is a vast difference between adding one's voice to a chorus and digital sit-in with Low Orbit Ion Cannon, and controlling a large botnet of infected computers. And yet both of these are punishable with exactly the same fine and sentence.
In addition to this horrific law enforcement incompetence, PayPal continues to withhold funds from WikiLeaks, a beacon of truth in these dark times. By simply standing up for ourselves and uniting the people, PayPal still sees it fit to wash its hands of any blame, and instead encourages and assists law enforcement to hunt down participants in the AntiSec movement.
Quite simply, we, the people, are disgusted with these injustices. We will not sit down and let ourselves be trampled upon by any corporation or government. We are not scared of you, and that is something for you to be scared of. We are not the terrorists here: you are.
We encourage anyone using PayPal to immediately close their accounts and consider an alternative. The first step to being truly free is not putting one's trust into a company that freezes accounts when it feels like, or when it is pressured by the U.S. government. PayPal's willingness to fold to legislation should be proof enough that they don't deserve the customers they get. They do not deserve your business, and they do not deserve your respect.
Join us in our latest operation against PayPal - tweet pictures of your account closure, tell us on IRC, spread the word. Anonymous has become a powerful channel of information, and unlike the governments of the world, we are here to fight for you. Always.
Signed, your allies,
Lulz Security (unvanned)
Anonymous (unknown)
AntiSec (untouchable)
Another PasteBin Release Told
Operation Paypal
IRC: http://bit.ly/pDIZbY
Paypal is a corrupt corporation who voluntarily disabled donations to wikileaks with no legal base or reasoning whatsoever. They are actively working with the FBI to arrest and imprison the only people who stood up and protested against this injustice, Anonymous. Cancel your account today.
To close your account:
1. Log in to your PayPal account.
2. Click Profile near the top of the page.
3. Click My settings.
4. Click Close Account in the Account type section and follow the steps
On the 4th of august at the world’s largest technical security conference – BlackHat USA 2011, which will take place in Las Vegas, SAP security expert and CTO of ERPScan Alexander Polyakov will show how any malicious attacker can get access to the systems running on SAP via Internet using new critical vulnerability.
SAP systems are used in more than 100 000 world companies to handle business-critical data and processes. Almost in each company from Forbes 500 system data are set for the handling of any process beginning from purchasing, human resources and financial reporting and ending with communication with other business systems. Thus receiving an access by the malicious attacker leads to complete control over the financial flow of the company, which can be used for espionage, sabotage and fraudful actions against hacked company.
The given attack is possible due to dangerous vulnerability of the new type, detected by Alexander in J2EE engine of SAP NetWeaver software, which allows bypassing authorization checks. For example it is possible to create a user and assign him to the administrators group using two unauthorized requests to the system. It is also dangerous because that attack is possible on systems, protected by the two-factor authentication systems, in which it is needed to know secret key and password to get access. To prove it researchers from ERPScan created a program, which detects SAP servers in the Internet with help of secret Google keyword and checks found servers on potential dangerous vulnerability. As the result, more than half of available servers could be hacked with help of found vulnerability.
“Danger is in that it is not only a new vulnerability, but a whole class of vulnerabilities that was theoretically described earlier but not popular in practice. During our research we only detected several examples in standard system configuration, and because each company customizes the system under its own business processes, new examples of vulnerabilities of the given class can be potentially detected at each company in the future. We have developed a free program which can detect unique vulnerabilities of such type in order to protect companies on time and it is also included in our professional product – ERPScan Security Scanner for SAP.” — noted Alexander.
Routerpwn.com is a application which helps you in the exploitation of vulnerabilities in routers.
routerpwn is a compilation of ready to run local and remote web exploits. Programmed in Javascript and HTML in order to run in all "smart phones" and mobile internet devices. It is only one page, so you can store it offline for local exploitation without internet connection.
It has collection of 103 router exploits listed below:
# 103 Total (2 Generators) 7/26/2011 # Huawei HG5XX Mac2wepkey Default Wireless Key Generator Backdoor password in Accton-based switches (3com, Dell, SMC, Foundry and EdgeCore)
20x 27x authentication bypass (xss + info disclosure) 17x 18x 20x 27x CRLF denial of service remote MDC 17x 18x 20x 27x CRLF denial of service 17x 18x 20x 27x password_required.html authentication bypass 17x 18x 20x 27x CD35_SETUP_01 authentication bypass 17x 18x 20x 27x CD35_SETUP_01 password reset 17x 18x 20x 27x DSL denial of service 17x 18x 20x 27x mgmt_data configuration disclosure 17x 18x 20x 27x H04 authentication bypass 17x 18x 20x 27x 38x Add domain to hosts table CSRF Backdoor password in Accton-based switches (3com, Dell, SMC, Foundry and EdgeCore) iMC Intelligent Management Center configuration disclosure iMC Intelligent Management Center traversal OfficeConnect command execution AP 8760 auhentication bypass OfficeConnect configuration disclosure OfficeConnect 3CRWE454G72 configuration disclosure 3cradsl72 configuration disclosure 3cradsl72 information disclosure & authenication bypass 812 denial of service 812 denial of service 2 Arris Password of The Day (list.txt) Arris password of the day web interface F5D7234-4 v5 admin password md5 F5D8233-4 v3 configuration disclosure F5D8233-4 v3 router reboot F5D7230-4 factory reset F5D7230-4 change dns servers MIMO F5D9230xx4 configuration disclosure WAG120N Change admin password WAG120N Add admin user WAP54Gv3 debug interface (Gemtek:gemtekswd) WRT54G enable remote interface WRT54G config disclosure WRT54G restore factory defaults WRT54G last password in plain text WRT54G disable wifi encription WRT54G change admin password D-Link WBR-1310 Authentication Bypass set new password D-Link DIR-615, DIR-320, DIR-300 Authentication Bypass D-Link DAP-1160 Authentication Bypass D-Link DIR-615 change password & enable remote admin D-Link DIR-615 configuration disclosure DSL-G604T change DNS servers 704P denial of service DSL-G624T directory traversal DWL-7x00AP configuration disclosure DSL Routers "firmwarecfg" Authentication Bypass HG5XX mac2wepkey default wireless key generator HG520c HG530 enable remote management CSRF HG520c HG530 Listadeparametros.html information disclosure HG520c HG530 AutoRestart.html denial of service & factory reset HG520 LocalDevicejump.html denial of service SmartAX MT880 default password SmartAX MT880 add administrator account SmartAX MT880 disable firewall/anti-dos w/default pass ZyNOS configuration disclosure SBG900 change admin password SBG900 turn off firewall SBG900 enable remote access SBG900 disable DHCP & add custom DNS server FlexiISN auth bypass AAA Configuration FlexiISN auth bypass Aggregation Class Configuration FlexiISN auth bypass GGSN general Configuration FlexiISN auth bypass Network Access & services 5200 Default administrator account 5200 Host authentication bypass 5200 Configuration disclosure /.cfg SE461 denial of service ST585, TG585n user.ini arbitrary download vulnerability ST585 Redirect domain CSRF ST585 Add administrator account CSRF bthomehub call number (voice-jacking) auth bypass bthomehub authentication bypass bthomehub enable remote access and change tech password bthomehub disable wifi TEW-633GR A-to-C authentication bypass TEW-633GR unauthorized factory reset G-570S configuration disclosure Prestige configuration disclosure Prestige privilege escalation Prestige default password ZyWALL USG client side authorization config disclosure ZyNOS configuration disclosure Zywall2 Persistent Cross Site Scripting Prestige unauthorized reset WWNAP210 authentication bypass WNDAP350, WNAP210 BackupConfig.php config disclosure CG3100D privilege escalation RP614v4 config disclosure WNR2000 information disclosure WNR2000 information disclosure WNR2000 config disclosure DG632 auth bypass (config disclosure) DG632 auth bypass DG632 'firmwarecfg' denial of service WGR614v9 denial of service SSL312 VPN denial of service FVS318 content filtering bypass FVS318 log file arbitrary content injection DG834G enable telnet root shell WG602 undocumented admin account (superman) WG602 undocumented admin account (super)
We already have a whitepaper on router exploitation & its potential you can check it here
You can use the tool from this url:www.routerpwn.com
P0keu posted a link to PasteBin in his tweet which appeaed to be e-mail accounts and passwords of 300 military and government accounts used the same password as their actual e-mails, then the contents of their e-mail account will also be exposed.
The website that was exposed was A Rifkin Co. which describes itself as “a family-owned manufacturer and international distributor of security and multi-use reusable fabric bags and related products. Our products can be used in virtually every department of a business.”
The Pwnie Awards is an annual awards ceremony celebrating the achievements and failures of security researchers and the security community.The awards are given out once an year. The fifth annual ceremony will take place on Aug 3rd, 2011 in Las Vegas at the BlackHat USA security conference.
Anonymous , LulzSec and Stuxnet Have Their Names in Pwnie for Epic Ownage
Anonymous for hacking HBGary
If you have a externally-facing crappy custom CMS where you use the same password as your Google Apps administrator account, you probably don't want to go picking fights with any one hacker, let alone an angry swarm of them. As it turns out, HBGary did just that, and Anonymous deliveredexactly 1.21 giga-owws to them.
LulzSec for hacking everyone
LulzSecprovided many Lulz for all the hackers and security professionals around the world. They have attacked Fox News, PBS, Nintendo, pron.com, the NHS, Infraguard, the US senate, Bethesda, Minecraft, League of Legends, The Escapist magazine, EVE online, the CIA, The Times, The Sun; all the while generating a media fiasco and evading law enforcement.
Stuxnet
How many centrifuges did your rootkit destroy? How many national nuclear programs did your worm disrupt? How many 0day exploits and rootkits for equipment that no one you has ever heard of have you written? Exactly.
Highlights of Red Hat Enterprise Linux 5.7 include: Hardware enablement Support for new hardware from Red Hat partners encompassing processors, chipsets and new drivers for storage, networking, and graphics allows Red Hat Enterprise Linux 5 deployments to benefit from new hardware platforms delivered in 2011, including Intel, AMD, POWER and IBM System z.
Virtualization improvements Several virtualization enhancements in Red Hat Enterprise Linux 5.7 include improved migration performance for KVM, as well as several performance and scalability improvements for the Xen hypervisor.
SCAP support OpenSCAP introduces support for the Security Content Automation Protocol, including a library and set of utilities, giving a standardized approach to validating Red Hat Enterprise Linux security.
Introducing Subscription Manager in Red Hat Enterprise Linux 5 First introduced to Red Hat Enterprise Linux 6.1 customers and now to Red Hat Enterprise Linux 5 customers, the new X.509 certificate-based Subscription Manager feature delivers Red Hat Enterprise Linux subscriptions and software services in a flexible, scalable, and secure way. The Subscription Manager tracks subscriptions assigned to a system and configures software updates for better availability and faster update speeds.
Networking and storage enhancements Added features for network bridging and LDAP features for autofs improve centralized management of user filesystems in an enterprise environment.
Availability Fencing New fencing features boost cluster reliability in Cisco UCS system and VMware environments.
Red Hat also offers a security framework based on the OpenSCAP Security Content Automation Protocol, including a library and set of utilities, giving a standardised approach to validating Red Hat Enterprise Linux security.
Other features include networking and storage enhancements. Red Hat Enterprise Linux 5.7 now offers network bridging and LDAP features for autofs, which Red Hat says improves centralised management of user file systems in an enterprise environment.
It also offers a fencing feature, which aims to boost cluster reliability in Cisco UCS system and VMware environments, according to Red Hat.
Red Hat Enterprise Linux 5.7 is available to subscription customers today and is accessible online using Red Hat Network or by using the Subscription Manager feature.
Red Hat Enterprise Linux updates are released approximately twice a year, following a defined seven-year lifecycle described here. Subscription options are available to extend the lifecycle of Red Hat Enterprise Linux for up to 10 years.
Indian Hacker - Lucky managed to crack 1500+ user passwords from Pakcyberarmy.net database. Pakcyberarmy.net is the hub of most of the Pakistani hackers. Indian hacker group "Indishell" leader "Lucky" leaks all info via a excel file available for download. DOWNLOAD THE PASSWORD LIST Archive password - proud_to_be_indian
I personally feel this cyber wars are just a medium to get fame nothing more.This silly attacks leaking personal information is encouraging the youth to do the same so that they can also get a name in this www society. But you should also understand that fame doesn't matter knowledge does.
This logo suits you more..How dare you rise against to the World..Do you really think that you are Ottoman Empire? We thought you before that you cannot challenge with the world and we teach you cannot be social Now all of you go to your doghouse..
In Turkish
Biz TÜRKİYE yiz, Biz AKINCILAR ız... Bu Logo Sizlere Daha Çok Yakıştı... Dünya'ya Kafa Tutmak Sizin Neyinize Kendinizi OSMANLI mı? Sandınız... Size Daha Önce Dünyaya Kafa Tutamayacağınızı Öğrettiğimiz Gibi Şimdide Sosyal Olamayacağınızı Öğrettik... Hadi Şimdi Herkes Köpek Kulubesine Dönsün...
Finally, the count down begins for Windows XP. The software giant Microsoft said that it will stop support for Windows XP, the world's most popular operating system, after three years.
Microsoft began countdown to the end for Windows X on Monday, Jul 11 and will be end on 1000th day. The company also said that it will not any kind of support to the old operating system. Microsoft is aiming to boost the sale of Windows 7, the latest version.
"Windows XP had an amazing run and millions of PC users are grateful for it. But it’s time to move on," said Stephen Rose, Microsoft’s senior community manager. "Two reasons: 1- Extended support for Windows XP is running out in less than 1,000 days, and 2- there’s an OS out there that’s much better than Windows XP."
The countdown will end on 2014 and there after Windows XP users will nt get any kind of support or patches from Microsoft. If these users want any support, they would have to upgrade to Windows 7.
On April 8, 2014, security patches and hotfixes for all versions of Windows XP will no longer be available. So bottom line, PC’s running Windows XP will be vulnerable to security threats.
"Many third party software providers are not planning to extend support for their applications running on Windows XP, which translates to even more complexity, security risks, and ultimately, added management costs for your IT department if you’re still managing Windows XP environments," Stephen Rose added.
Meanwhile, Microsoft is planning to launch the next generation operating system, Windows 8, in 2012. The company recently demoed the Windows 8 prototype on a tablet computer and a laptop at the D9 Conference. The exciting feature on Windows 8 is its 'touch interface' that features tile-based Start screen
Joining a social network site for your website marketing is productive only when you know how to make best possible use of this free service. Google Plus has introduced a feature no social networking site could ever offer and this great Traffic boosting tool is called Google+ Sparks.
Sparks is the second most important features of Google+ after Circles. With sparks you can search for your favorite content, hobbies, sports, activities, tools, tutorials and much more. You can receive updated and most latest and recommended content on your Google+ homepage without having to search for it online using Google search or any other directory or service. Watch the video below to better understand how sparks work and how can you create your own sparks which in other words means "Favorite Topics"
How can webmaster use Sparks to Increase Site Traffic?
Now here comes the most important question. How can we use Google+ to generate traffic to our website or blogs the way we did and still do with Facebook. Can Google+ provide you with more relevant and high amount of web traffic than Facebook? My answer is simple and precise: "With Google+ Sparks, you will forget thinking about generating Traffic From Facebook forever"
In Facebook we create a like page, wait for the fan list to increase and then we share our Blog feed on Facebook so that readers could receive updates on FB and may then visit your site. The biggest drawback of this method is that only those can see your website or blog updates on Facebook who are your fans or have liked your page. What about the remaining 750 Million Facebook users who do not even know if you exist or not?
Now coming to sparks. Fortunately the biggest advantage this beautiful feature has over Facebook is that you can now share your content with millions of visitors using Google+ who does not necessarily have to be in your circles or following you. You just need to consistently share your posts on your Stream page selecting the Public Circle. Google+ Sparks Traffic Tricks:
There are some tips that you can apply to receive as much traffic as possible from Sparks. When you share/post a link, Google+ automatically fetches the page title and page description along with a thumbnail image. Your shared Post will appear in this format:
Without Thumbnail:
You can see three important sections here which are,
Page Title : On Clicking it the user will be taken straight to your webpage
Homepage Link: Users can see your blog or website link
Page Description: The first paragraph or first few lines of your webpage will be visible to Google+ users
If you observe carefully Google has formatted links in Google+ similar to the links on Google Search results page. This has an immense traffic significance and the tips and tricks below will further help you how to make best use of Google+ Sparks.
Sparks algorithm is based on fresh updates. The most recent share will make to the first page and old posts will die over time. So you must consistently share each and every webpage or blog post link on Google sparks daily to ensure you get maximum traffic. This is how you should share a link on Google+
Go To your Google+ homepage
Under the stream box choose the link option
3. Now paste your webpage link or blog post link inside the box and hit enter
4. Choose a good thumbnail using the arrow keys on the top of thumbnail as shown below
5. By default the Public circle will be chosen which means your link will be shared live on Google+ with all users. You must also choose your custom circles to drive even more traffic by clicking the "+Add more people" link
6. Finally hit the green share button and you are all done!
Your posts will be shared automatically in sparks/categories according to your Post Tiltle keywords. Repeat the same process every day for all fresh content on your webpage. You must do this even for already published blog posts.
How to Remain on Top on Sparks page?
The only logical answer is that share links as much as you can. As I earlier said that only real-time updates make it to the first page. Therefore you must Post each and every webpage link of your website regularly and do this as much as time allows you. You will find a significant change in your analytics and once you get an idea on how to use it you can expect to receive thousands of visitors per day from Google+ alone. I hope this little info proves helpful to all of you. If you have any suggestion, question or brilliant Google+ traffic tip then you are most welcomed to share it with us using the comments box below. Stay safe and be happy always. Peace out! :»
A hacker named V0iD hacked toshibawebsite and database leaked through a pastebin post. The leak includes the Username-Passwords of Admins too. It is also reported that, the same hacker hacked the database of National Assembly of Pakistan website too.
Toshiba Hacked National Assembly of Pakistan hacked
Routerpwn.com is a application which helps you in the exploitation of vulnerabilities in routers.
