Hacker The Dude | Hacking, Tech And News

1st Year at Jaypee University Of Engineering And Technology,Guna

noreply@blogger.com (HTD) — Wed, 15 May 2013 02:46:00 +0000

Adobe After Effects be at the grace of the god, that it made me work on this video which till the dawn of the youtube will be giving the high five of my 1st year of engineering life was awesome. Its all the memories which we would watch one day and will laugh at all the crazy things we did in youth.

XBox Live Hacked or Suffering Connection Issues

noreply@blogger.com (HTD) — Tue, 30 Mar 2010 17:38:00 +0000

Today Xbox Live users are suffering some Connection Issues and this is excepted as yesterday only the Xbox live account of Xbox’s Live Programming director’s was Hacked. So this points to the Xbox Live is been hacked aka compromised.

It is more likely that the Xbox live is hacked as the account of one of the makers of the Xbox live account was hacked yesterday only. While this can be a Connection issues too as the Expansion pack of Modern Warfare : “Stimulus Package” is out today which may have caused problems for the Xbox live servers as of large incensement in the connections ...

Xbox Support’s Twitter account is loaded with communications with customers about the problem, and the official support website at www.xbox.com/support is being bombarded by users.

“We’re aware of the issue and it is being worked on. Stay tuned for updates.”

An error code of 80150019 have been shown to the users of the Xbox live users. As the users are like not happy with this situation and would be likely as the Microsoft is in problems again.

… Talking about the Hacked account of Major Nelson’s of Xbox Live, Shortly after the hack happened, the Web site Lightzz took credit for the hack, posting a video of it, along with the hacker's Skype name. He is offering to hack other accounts as well.

Well whatever is going we will update this post as soon as Microsoft figures it out is it hacked or connection issues.

MacOSX Gets Massive Security Update

noreply@blogger.com (HTD) — Tue, 30 Mar 2010 16:47:00 +0000

This is kinda weird but safe for the users at the same time Apple have just launched the update for the Mac OSX with a severe patchment of 92 vulnerabilities. Well it have also breaked the previous record of the Mac OSX update released last year, when Apple 's largest patched 67 vulnerabilities .

The update brings Snow Leopard to version 10.6.3, making this the third major update to the OS that Apple launched in August 2009. Apple also addressed a list of nearly 30 non-security issues in the 10.6.3 update. Leopard users, meanwhile, received only the security patches ..

As a matter of fact, most of the patches were for the QuickTime player for the Leopard OS and it was expected as we have already been knowing many of the Mp4 Zero Day exploitations etc and due to the Pwn2ownage conference the exploits shown there was a big reason for this turn out.

"The sheer number, it's almost so daunting that you don't even want to look," said Andrew Storms, director of security operations at nCircle Network Security.

Today on 30th Apple came out with a update of 42 security fixes which is about the 40% of the total number of the security apple is working onn. The other thing which is kinda in favour of apple is that they don't rate/score there patches like some of the other giants like Microsoft and Oracle.

RSnake’s Magic

The other news we got for you is that RSnake and his friends have done some research on this and found some of the exploitations in the safari browser which is regarding the port number float/integer overflow which can cause alot of damage.

“Safari has a typical integer overflow in the way they look at ports. So if you add the number 65,536 to the port you want to connect to (in this case 25 + 65,536 = 65,561) you can bypass their port blocking.”

And the best thing to note here is that Apple beat with the blacklist of ports or even whitelist of ports as it can be used in mass exploitation for hackers. Well lets see whats next.

Charlie Miller, the researcher who cracked Snow Leopard's security defenses to take down Safari, said today that Apple had not patched the vulnerability he used last Wednesday.

"New patch doesn't fix pwn2own bug," Miller said via Twitter .

"Sorry suckers, gonna have to wait for the next patch."

VMWare Fusion 3.1 Beta On Grounds

noreply@blogger.com (HTD) — Tue, 16 Mar 2010 14:08:00 +0000

Check out the VMWare Fusion 3.1 Beta which have been out just now. Its includes some of the significant features which many of the users have been waiting for. Some of them are really good which mostly includes graphic issues.

VMWare have been the major choice for the users to run Windows on Mac and pentesting for most of us on windows. The Beat 3.1 is out which have some major improvements in 3D application like games and windows Aero stuff…

OpenGL 2.1 is now also supported in this version for Windows 7 and Windows Vista. They claim better DirectX 9.0 SM3 performance as well (and hopefully that means more DirectX 9.0C app compatibility).

You can configure larger virtual machines as well, with the maximum virtual disk expanded from 950 GB to 2 TB. They now support up to 8-way symmetric multiprocessing as well. These are some of the features you will see in this Beat version.

You can download the beta here, test it, and have some of the nice features early for your use. If you want you can also give some tips to them and help them get doing the thing done fast for the final version.

So there you go - Download

Dear Mozilla, Please “DONT” fix this. [Pic]

noreply@blogger.com (HTD) — Mon, 15 Mar 2010 15:14:00 +0000

Today only i found this pic on Digg and i thought there should be a “DONT” in it. isn't it ?

Check Network Connectivity With Power of PowerShell [Script]

noreply@blogger.com (HTD) — Mon, 15 Mar 2010 14:50:00 +0000

Some days ago i got some scripts from one of my friend which was certain to use when pentesting stuff for Testing the internet connectivity of a window’s computer (version ahead of windows xp). well it have many usages but you can use it as you want.

[Activator]::CreateInstance([Type]::GetTypeFromCLSID([Guid]'{DCB00C01-570F-4A9B-8D69-199FDBA5723B}')).IsConnectedToInternet

There it so, use it if you want because its made for you only.

If TRUE, the local machine is connected to the internet; if FALSE, it is not.

I Didn't find it much useful to me as it doesn't work on windows Xp but still its good for the storage of scripts. The Script works on windows computer which have vista, windows 7 or windows server 2008.

Personally, i am not so big fan of power shell but still its a good utility by windows, but as you see its too much complicated that you need to learn things.

“Well this is what is Hacking, Learning learning and Learning.” – HTD

Who said i cant make quotes :D

Happy Hacking @hackerthedude

Ubisoft Hacked : Fake or Real ?

noreply@blogger.com (HTD) — Mon, 15 Mar 2010 14:21:00 +0000

Some days ago we got news about Ubisoft being hacked by some hackers and was being believed till yet but after then some news breached out that the images of the hack was fake.

So, this is kind of big story. The ubisoft is a company which is been known and you can say is good in DRM and Anti-Hackers activity, as you can see there games such as Assassin's Creed and many others have been out of cracked games folder and are a DRM king game…

But as you can see we and most ‘em gamers won't be happy with the Ubisoft’s way of gamming. So what they do they hacked the Ubisoft’s website for a short while some days ago on 14th March 2010.

Its right if you see it from my mindset :D but as they gamers are freaked out on the ubisoft for there way of gaming products. This is what would be happing as of crackers won't be so patient to crack some ubisoft shit.

Screen’s

When it Faked out

2nd part starts now when some news break out that the images of the hack were fake and The ubisoft’s was down just for the maintenance work. Well we don't know if the site was hacked or not but various sources are saying it was and some are saying it wasn't.

Whatever is the truth the thing here is that DRM is what lets every hacker to work against any company. You don't believe me then see iPhone, iPod, Halo, Call Of Duty etc are some victims of DRM which hackers and crackers have cracked out.

Screen’s

This image shows another story of the incident which Ubisoft would have gone through. Whatever happened.

What Do You Think Fake Or Real ?

Yeah, We are Back !

noreply@blogger.com (HTD) — Mon, 15 Mar 2010 13:34:00 +0000

Guys, i know its been a long time since i haven't blogged the things in information sec. but if you see it was worth it. I got to learn some new things and some old one’s.

But if you ask me why i was doing then i got no answer to you, Lets say i was on a Holiday. But the great news now is that we are back again to rock the as* out of the information security…

Its been over a month since the blog haven't been updated with fresh news and ass kicking news but now get ready to start over. Well i was away from the hacking stuff too, as a matter of fact, but hey you gotta learn new things.

Well i know i was being a dick and some of the things were going onn in the info sec world but we will cover them soon.

And yeah how can i forget about the Endor and Hax, i would be releasing them soon as BETA because of em are not so done to be out so you can use them. But that's why BETA’s are made.

I am really looking forward to Hacker The Dude, as its been 6 months in it and i have learnt many things and i have taught you guys also some of the cool things.

AND

We have something special for you guys too, this is gift for you guys i made this as i was had some time and i wanted to try to jump in the big pool of machinima. So, i took my friends to try a new Halo CE mod and made this little Machinima.

And don't forget to visit our Official YouTube channel to get the latest video updates, and don't forget to comment, rate and Subscribe ;-)

Soo, Lets roll

Happy Hacking @hackerthedude

Mozilla Caught in a Bad Romance with Add-On

noreply@blogger.com (HTD) — Mon, 08 Feb 2010 17:01:00 +0000

Ok, i know the title of this post is kinda funny but that's what this news is all about, one of the greatest internet browsers of this time Mozilla Firefox and with other products also. This have been spread in the form of Add-on’s.

These aren't just add-on’s the real problem is that they are infected with Malwares and they have downloaded by many of the people worldwide.

According to the researchers “Two Firefox add-on’s available for months on Mozilla’s website infected users with malware that stole passwords and opened a backdoor on Windows machines, the open-source browser maker has confirmed.”…

According to Mozilla, version 4.0 of So think Web Video Downloader is infected with password sniffer Win32.LdPinch.gen and Master Filer is infected with the backdoor trojan Win32.Bifrose.

Which is worst for a popular web browser company as it would spread rapidly and would be more dangerous. But this is where it gets embarrassing for Mozilla – the infected add-ons have been available from the official download site for several months and, according to Mozilla, have together been downloaded around 4,600 times.

These were discovered about on the days between 25th of Jan to somewhat near and sure they have removed them and working on it to remove them fast as many of the antivirus software's have already recognized and are removing them.

That script, designated HTML.Xorer also appears to have slipped past Mozilla's anti-virus scanner. As a result, Mozilla developers announced that the add-on directory would in future be checked for malware on a daily basis.

So, What do you think ? Is it just mozilla or Google Chrome would be next ?

Apple Security Standards [Pic]

noreply@blogger.com (HTD) — Mon, 08 Feb 2010 16:48:00 +0000

BlackBerry Smoked at ShmooCon : Spyware

noreply@blogger.com (HTD) — Mon, 08 Feb 2010 15:49:00 +0000

Just few days ago the big ShmooCon 2010 took place at the Washington DC from 5th to 7th of this month. It was obvious that some new would come from the con, and yes, one security researcher have done it.

BlackBerry phones have been hit this time with a new spyware which can do alot of stuff like the ability to access and dump the BlackBerry's contacts, email messages, phone logs, the device's current location and the recording made by the BlackBerry's microphone….

And the program which hacks the blackberry is called txsBBSPY written by Tyler Shields, a senior security researcher at Veracode, Well it seems that the engineers would be working on it.

The great thing about this software is that we don't need to make it hidden on some firmware or something its an application for the BlackBerry phones. Just install it and you can monitor the stuff you want to do.

“ The application was built using the controlled APIs that Research In Motion, the BlackBerry's maker, makes available to developers. In order to sign a BlackBerry application developed using these APIs, the developer has to apply for the signing keys and pay a small fee.

Once he has the keys, he can sign the application and a hash of the code is sent to RIM. However, RIM doesn't get the full source code of the application. ”

"Finally, it should be noted that while we chose BlackBerry for our proof-of-concept, this is not just a BlackBerry problem. All mobile platforms provide similar mechanisms for writing applications that have access to the user’s personal, potentially sensitive information," Eng writes.

TXSBBSpy Demo from Veracode on Vimeo.

Here is the video which they have used to demonstrate the idea behind this spyware. Hope you guys enjoy it and there are some good news too which adds fire to this thing is that these guys have also released the spyware source code.

Here are the source codes and the slides of this demonstration which you will need more then me.

Slides: Blackberry Mobile Spyware — The Monkey Steals the Berries
Source: txsBBSpy.java

Conclusion

This brings me to a conclusion that its not necessary that the official App stores are always safe as the if i could make this application and distribute in the open then anybody can do that.

Well that's what they also want to prove with this spyware to the industry and it makes sense to me as they have also said this can be done to many of the other mobile phones like iPhones etc.

Happy Hacking @hackerthedude

How To Root Your Nexus One Android Phone [Tutorial]

noreply@blogger.com (HTD) — Mon, 01 Feb 2010 06:03:00 +0000

There have been a long time i haven't wrote any tutorial so that's why i have written this tutorial for you guys but as a matter of fact i don't have a Android phone i would only give you guys a prospective on how to hack or even root your Android phones.

Well its kinda very easy tutorial and can be found on many places on the internet but i am like very lazy or you might be so i have written from my heart inside just for you guys believe me.

Ok jokes over lets move onn with the procedure of hacking aka rooting your android box for like forever. Before getting started, remember to back up your phone, including your contacts, SMS messages, files and photos…

Steps

Ok here we go,

1. The first step is to download and install Superboot, a boot image that, when flashed, will root the device the first time you boot up.

You can grab a copy of the Superboot zip file from the Modaco forums here.

2. Dude, extract it !

Use Winrar or Winzip etc

3. Now the tuff work, we need to boot our android phone on bootloader mode.

To do so, turn off the phone, remove the battery, and plug in the USB cable. When the battery icon appears onscreen, pop the battery back in. Now tap the Power button while holding down the Camera key.

O.o

4. Depending on your computer's OS, do one of the following:

Windows: Double click "install-superboot-windows.bat"
Mac: Open a terminal window to the directory containing the files, and type "chmod +x install-superboot-mac.sh" followed by "./install-superboot-mac.sh"
Linux: Open a terminal window to the directory containing the files, and type "chmod +x install-superboot-linux.sh" followed by "./install-superboot-linux.sh"

5. Ok we are done !

So you are little bit confused in this process right then lets see what i can do,
Ya, i got something for you, Instant Root offloads all the effort and rooting is just single-click away.

Download “Instant Root” APK
Here’s how to Root Android, quickly:

Install & Run the APK file.
On receiving confirmation message, Restart your phone and that’s it.

That was easy right.

Screens

Not this one

System Recovery Console

Rooted !

Conclusion

We have previously also have written on how to hack aka root aka jailbreak your iPhone which was pretty big article and i have learnt from it, that i should write small articles, because of you guys.

Android Wallpaper !

This was a good article and would help you in future and some other days like them, whatever. Well we are not letting you get out of my blog so soon we have got something for you. A wallpaper…

Happy Hacking @hackerthedude

RSA Crypto 768-Bit Keys Cracked

noreply@blogger.com (HTD) — Mon, 01 Feb 2010 04:28:00 +0000

Yes, you heard it right one of the most famous and which have been for years to encrypt the communication standards have been cracked by a bunch of scientists who took about two-and-a-half years and hundreds of general-purpose computers.

This accomplishment was reached on December 12. In my eyes it would have been very much harder to crack this kind of cryptography because it is so much calculated and so much hard to to crack…

The team managed to factor the 232-digit number that RSA held out as a representative 768-bit modulus from a now-obsolete challenge. They spent half a year using 80 processors on polynomial selection.

Sieving took almost two years and was done on "many hundreds of machines". Using a single-core 2.2GHz AMD Opteron with 2GB RAM, sieving would have taken about 1,500 years, they estimated.

The only word come in my mouth right now is WOW.

"There's indisputable evidence here that 768-bit key are not enough. It's a pretty interesting way to close out a decade."

But as a matter of fact this is not the end as the new RSA crypto, which would be coming soon, is 1024 – Bit which would be much more harder to crack then all the previous one’s .

"If we are optimistic, it may be possible to factor a 1024-bit RSA modulus within the next decade by means of an academic effort on the same limited scale as the effort presented here," authors of the research wrote.

"From a practical security point of view this is not a big deal, given that standards recommend phasing out such moduli by the end of the year 2010."

So, its kinda like a win win for the scientists but not for the general purpose hackers as they cant be used until we get that amount of hardware to use and hence to crack that 768-bit crypto.

"It's an important milestone," said Benjamin Jun, vice president of technology at security consultancy Cryptography Research.

RSA 768 Bit Crypto Cracked

We have the research paper just for you guys, its all like maths thing if you want to read you can or you can download it too.

Happy Hacking @hackerthedude

Can You Believe Playstation 3 Just Got Rooted - Geohot

noreply@blogger.com (HTD) — Tue, 26 Jan 2010 13:21:00 +0000

Well its kinda like the days are over of PS3 to be called secure because of a true fact that, the hacker behind some of the iPhone jail breaking and iPod too is behind the Playstation 3 Hardware and is nearly finished with the exploit.

On 22nd of this month the so known hacker George Hotz aka Geohot have claimed that he have successfully hacked the play station 3 box which he got from his friend.

“I have read/write access to the entire system memory, and HV level access to the processor. In other words, I have hacked the PS3. The rest is just software. And reversing. I have a lot of reversing ahead of me, as I now have dumps of LV0 and LV1. I've also dumped the NAND without removing it or a modchip.”

The exploit which he is talking about and is working on is not till yet done and haven't been released by him….

As of now the Geohot is kind of quite about the exploit and its usage and writing about it :

“As far as the exploit goes, I’m not revealing it yet. The theory isn’t really patchable, but they can make implementations much harder.”

Well lets see what happens when the exploit would be out and there would be fight between the sony and geohot on the security hole as he is also not sure about the whole thing that it could be patched or not.

In particular, he said, he would publish details of the console's "root key", a master code that once known would make it easier for others to decipher and hack other security features on the console.

On the other hand the sony officials are working hard to find what the George finded in the console. As of now they have said "We are investigating the report and will clarify the situation once we have more information,".

He says alot of reverse engineering have been left for him with the box to hack it fully.

Lets hop he finds the right exploit to hack the ps3. As it would be the first time after 3 Years and 2 months and some days that the Sony ps3 which is so know for its security is hacked successfully in which anybody can run pirated games and even modify them.

Hope For the Best ..

Techcrunch Hacked

noreply@blogger.com (HTD) — Tue, 26 Jan 2010 06:56:00 +0000

TechCrunch : The biggest network of tech news showdown and one of the most visited websites in the world have been hacked just 11 minutes later we got this news. I am investigating about it, as soon we will get the news we will update this post.

Update 1 : The Blog is back after 15 minutes of hacked state.

Update 2 : We got some more screens and at 25 minutes after the hack the blog got again hacked with a new words from the hacker..

Update 3 : Official Message come from the TechCrunch Team ":

“Earlier tonight techcrunch.com was compromised by a security exploit.
We're working to identify the exploit and will bring the site back online shortly.”

The Hack is some kind of a link which have a anchor text of “Rapidshare Download”, as it is the most obvious reason people will click on it.

But in the meantime the geniuses behind the techcrunch team have seen this and is working on this matter showing a notice on their blog “We'll be back shortly.”

Screens

Here are some of the screens when the techcrunch was hacked and the later one’s also.

Time when hacked

11 Minutes later

New Hacked notice

The Hackers Link

Well we don't know till yet how the website was defaced and where the link took the visitors too as soon as the team behind the techcrunch reveals it.

Its a big news as its the first time a big blog like techcrunch have been hacked. The link which the hacker is tooking to is a some kind of a torrent sharing portal which would be his only.

What do you think ?

BT4 Final, Nmap and Immunity Debugger Updated : There is Something In Air

noreply@blogger.com (HTD) — Thu, 21 Jan 2010 16:57:00 +0000

Yeah there is definatly something in the Air, as there are some major tools updates this which are kick ass starting of with the New Backtrack 4 Final release, then there the new Nmap v5.20 released and the most anticipated Immunity Debugger 1.74 released all in the just one week.

Yup, this is exciting and we are all set to use them Dude, this is Hardcore this is pretty much great week for hackers and if you see at the upcoming soft’s you would be more excited, i am talking about Endor and Hax, would be launching soon…

Backtrack 4 Final

Starting with the Backtrack 4 Final version released, the pre final release of Backtrack 4 was released in june of 2009 and its final version was released about 4 days ago. This is awesome news from the Offensive guys.

With this release includes a new kernel, a larger and expanded toolset repository, custom tools that you can only find on BackTrack, and more importantly, fixes to all (well, most..) major bugs that we knew of. This release we received an overwhelming support from the community and we are grateful to everyone that has contributed to the success of this release.

Download: http://www.backtrack-linux.org/downloads/

Nmap 5.20

Can you believe this, this new version of the most important and awesome tool is out with a new updates and i am loving it. well i got this news pretty back in my mail but was waiting to tell you guys.

The latest edition of Nmap come with some of the following Updates :-

30+ new Nmap Scripting Engine scripts
enhanced performance and reduced memory consumption
protocol-specific payloads for more effectie UDP scanning
a completely rewritten traceroute engine
massive OS and version detection DB updates (10,000+ signatures)…

There are many other updates in this new version which you can view at the official change log of Nmap.

Download : http://nmap.org/download.html

Immunity Debugger 1.74

The most anticipated debugger atleast for me is out now with a new version Update and is awesome. Yepee Yeah it got the new python support in it !! i just love this bugger and the good news is that it is not pre, alpha or any f*#ed version of it, it is hardcore and is ready to download.

Immunity Debugger is a powerful new way to write exploits, analyze malware, and reverse engineer binary files. It builds on a solid user interface with function graphing, the industry's first heap analysis tool built specifically for heap creation, and a large and well supported Python API for easy extensibility.

Some features of Immunity Debugger :

1. A debugger with functionality designed specifically for the security industry
2. Cuts exploit development time by 50%
3. Simple, understandable interfaces
4. Robust and powerful scripting language for automating intelligent debugging
5. Lightweight and fast debugging to prevent corruption during complex analysis
6. Connectivity to fuzzers and exploit development tools...

Download : http://www.immunityinc.com/products-immdbg.shtml

Conclusion

Awesome news coming from the far end we need to work hard and this is just the begging of something cool.

Happy Hacking @hackerthedude

Danger : Warning From Electricity [Pic]

noreply@blogger.com (HTD) — Thu, 21 Jan 2010 15:05:00 +0000

* Click to view full size

Deep Look At Netdevilz XSS : Whois.com Hacked

noreply@blogger.com (HTD) — Thu, 21 Jan 2010 14:16:00 +0000

These days xss and sql injection and mostly blind sql injections are working allot as we have also covered many of them like the Intel one, and many others too but this time the big domain tool whois.com is hacked.

Well i am not sure that many of you guys won't know what is whois, so here is the basic information about it.

WHOIS (pronounced as the phrase who is) is a query/response protocol that is widely used for querying databases in order to determine the registrant or assignee of Internet resources, such as a domain name, an IP address block, or an autonomous system number. ~ via Wiki

The WHOIS system originated as a method for system administrators to obtain contact information for IP address assignments or domain name administrators So, the end of the story tells that it is useful…

The Website was hacked about 1 to 2 days ago, by any hacker named Netdevil as of till now the hacker is pretty good in it as he have also previously hacked photobucket.com, which is another pretty popular photo sharing website, back in 2008.

This Turkish hacker have also Hacked ICANN website back also and have stricked again now in 2010 attacking Whois.com. Well i am not sure about it but some guys are saying that Netdevilz have also Hacked xiana.com and xssed.com before.

Screen Shots

*Click to view Full Size

XSS

Well until now you would be sure that Netdevilz used the XSS vulnerability in the web form to attack the website and hack the whole domain or you can say Full Ownage. The attack is a kind of clever and is my favorite XSS, A poisoned whois xD

If you look at the screenshot above of the xss, you would find the attacker script have been initialized the vector on the name of the form ..

http://domains.whois.com/domain.php?action=check_availability&goto=metarefresh&formaction=%22%3E%3Cscript%3Ealert(String.fromCharCode(88,83,83))%3C/script%3E

Well the &formaction is a kind of vulnerable to XSS and is hence attacked, i would like to thanks Security-Shell for this information of the XSS initializer and looking at the xss in the website.

Conclusion

Try it, if this works then awesome or it might be fixed till yet Enjoy this little hack, if you guy would like to learn more about xss hacking then you can see the
Basic XSS hacking article on the blog.

Thanks to d3v1l from Security-Shell For this information about the xss.

Happy Hacking @hackerthedude

2 New Interesting Xss This Week

noreply@blogger.com (HTD) — Thu, 14 Jan 2010 13:19:00 +0000

This Week some of the genius hackers have found some really cool XSS vectors and which i want to introduce to you. These are some which are currently Unpatched and are Hot to use.

Lets see if you guys like them, these are basically good ones and would be useful to you. as i have tested them on some browsers and was found to be working when they were released...

IE8 XSS Filter Distorting Facebook

The First one is from Michael Coates, he have written this Facebook Xss in his blog post which is based on IE8, and which is currently Unpatched too. A Hacker can Code a malicious link and send this to the Victim.

He also said this haven't been disabled by the facebook security guys and is prone to attack. This provided a great example on the effects of the IE8 XSS filter. He have also written in his previous post about this attack.

He also have given this screenshot for the demo of the attack and the malicious Link :

http://www.facebook.com/search/?ref=search&q=IE8%3Cscript%3E&init=quick

Google Maps XSS

Discovered by two Indians this vulnerability hit the charts on twitter and was awesome, based on the Google Maps. Pratul Agrawal, Gaurav Baruah were the two authors.

The Xss is a Simple PoC right now and as per the two authors is currently Unpatched . You should check it out!

http://maps.google.com/maps?f=q&source=s_q&hl=en&geocode=&q=%3Cscript%3Ealert(%22Google%20Sucks%20!%22)%3C/script%3E&vps=1&sll=28.613554,77.20906&sspn=0.009136,0.013797&ie=UTF8

Happy Hacking @hackerthedude

Gmail Goes https For Secure : Wi-Fi Protection

noreply@blogger.com (HTD) — Thu, 14 Jan 2010 08:21:00 +0000

Google Just announced they are now moving to the Stable connection of https rather then the traditional connection of http. Gmail previously have also announced that they are making the Mails on https security but now Google is changing the whole connection to https.

The Reason are straight the Google is pretty much haded with the Chinese issues going onn. So its just the China which made this possible and special thanks to the hackers, as many of the people are now using SLL on their Gmail.

A group of 37 security and privacy specialists sent Google a letter (PDF) last June, urging the company to offer this feature. Gmail became the third-largest email provider last August, with more than 37 million unique visitors...

You can also change the Default use of https on your Gmail account by going into settings and checking Not always use https. The new turn in this story of Gay is that, Google is making this because of the Wi-Fi owners as many people are now using wifi and making a secure connection will be good.

This is pretty obvious that Google is haded with its security and is on a way to change the way it is done. Lets see if this https stops us from Hacking.

What you say ?

Are You Ready For Nullcon - Goa 2010

noreply@blogger.com (HTD) — Thu, 14 Jan 2010 07:49:00 +0000

Nullcon are some conferences in India which are made for hackers and security guys, i was pretty exited to know about them as they are going to took place on the 6th - 7th of February of 2010.

The con is pretty respected as many of the known security officials are joining inn the con. Some of the Speakers at the con are Veysel Ozer, Cassio Goldschmidt, Lavakumar Kuppan and many others. You can view the whole Plot here.

Many of the cons are being started like the Shoo and others also. But its great to see some starting in India too. Null con is going to be awesome and i am pretty sure you should join in too...

With the Association of SANS these cons would be landed in Goa, Bangalore and some of them in Puna. This is gona be Big.

Some Shoots

Well i am not going to be in the con as of my schools, so i just got some pics for you guys.

[ Source : Flick ]

Conclusion

I wouldn't be there but you should join it as a great man comes with a great resources. Here are some of the information regarding the con.

Conference Pass

Time Period	Price
Till 15th Jan 2010	INR 2000/-
15th Jan – 6th Feb 2010	INR 2500/-

STATUTORY WARNING: nullcon can cause severe exposure to high octane gyan and could leave participants exhausted with wild shack parties. Beware, Be There.

You can Register Here.

Happy Cons @hackerthedude

Angelina Jolie and Barack Obama #1 Choice of Spammers [Report]

noreply@blogger.com (HTD) — Tue, 12 Jan 2010 09:41:00 +0000

MacAfee inc have just released there monthly report on the most Spammed people in the world and this month was special as it is the 1st month of the new year 2010.

There are many others also included in the report published yesterday and you care right the most obvious subjects for spammers are none other then the president of United States "Barak Obama" and one of the most beautiful Actress "Angelina Jolie".

“Free-hosting” websites to provide spam URLs have also become a major target for spammers in this arena. As this to me is obvious as most of us want Free-Hosting for our files and web space.

McAfee Labs™ Discovers and Discusses Key Spam Trends By Adam Wosotowsky and Elan Winkler. Going Straight away to the reports lets look at the Top Most Spammed Actress in the world...

Top Most Spammed Women's

Well if you ask me then its brutal, just see the no. of spam's around the Angelina Jolie there is. But if you see the reports of Oprah Winfrey then its just about the same of the Angelina Jolie.

Top Most Spammed Men's

The Figure looks pretty mind Blowing as you can see the no #1 is Barak Obama and then comes Michael Jackson. But As a matter of fact the No. of spam's for the Angelina Jolie just are very behind the number of spam's for the US president Barak Obama.

Its a shame, We nailed it XD

Conclusion

Whosoever is the #1 or #2 doesn't matter as the number of spam's are increasing around the world and the most of them are popular people's around the world from the Barak Obama to Angelina Jolie.

Looking at the fact that the Free Hosting is the one most added spam's. It will always be there as many people are now getting aware of the web services and most of them wants it free and that's how the spamming would goes.

Interesting Approach To Computer Security : Fail [Pic]

noreply@blogger.com (HTD) — Tue, 12 Jan 2010 09:26:00 +0000

Image Credit [formalfallacy @ Dublin (Victor)]

HITB Ezine Issue 1 Released : Keeping Knowledge Free

noreply@blogger.com (HTD) — Tue, 12 Jan 2010 07:35:00 +0000

Hack in the box and popularly known as HITB have released the new Ezine's for their magazine. The new ezine contains some of the major updates and to provide security researchers a new Outlet for the reading digests.

Set with the release on the New Year 2010, the new ezine covers some of the most popular and some of the interesting news for the security researchers and pentesters. The Ezine which will be distributed in the [.pdf ] extension are freely to download and to publish also.

The Ezine in my views is a good initiative in the field of security. We haven't got the stats of the downloaded copies but as we will be updated, we will press it...

The contents are pretty awesome if you see from my eyes consisting of some of the arts of intrusions and some good articles.

As you can see in this above [pic] the contents are based on some of the intrusion terms like The Art of DLL injection, LDAP Injections . They seem to be best for hackers like us based on the crucial factor as they are made by some Security experts.

Decorated with some useful photos and diagrams these are some high quality magazines to look for and we hope that it is useful for other too.

So, What do you Think ?

US Army Website Defaced : TinKode Strike Again

noreply@blogger.com (HTD) — Sun, 10 Jan 2010 07:17:00 +0000

Tinkode is an awesome hacker who have hacked many websites previous with his qualities in sql injections and Xss abilities and have defaced many big websites.

But this time Tinkode website is also down. Tinkode some days before hacked and defaced the website of UN Army website named http://onestop.army.mil with the vulnerability of Blind Sql injection in it.

But Apparently his website is down too and the reason remains the same he hacked the website of UN Army. The day Army website was hacked just the other day of it the website of Tinkode was down. I was having a eye on this and was pretty sure about this incident...

The US army website is Down and as is the website of Tinkode. The vulnerability he used was same as most of the big website including Intel, and many others are being hacked. Which we have covered in the previous posts.

SceenShots

Screen Shots tells the story easy way. So enjoy them -

1=1– (True)

1=2– (False)

all main informations about webserver.

so let’s see the tables from principal database “AHOS”

Note : Last Screenshot isn't Here because of privacy.

Conclusion

This is a clear vision of what happens to the hackers, when they found a vulnerability in the website and hack them. But whatever is the main reason of letting down the website of Tinkode the matter remains the same.

Tinkode which have previously hacked many ig websites like Kaspersky Thailand, Nasa.gov, ESET NOD 32, Apple, Yahoo Blind SQL Injection etc Ya, he is awesome .

You can follow him on Twitter Here

Hacker The Dude | Hacking, Tech And News

1st Year at Jaypee University Of Engineering And Technology,Guna

XBox Live Hacked or Suffering Connection Issues

MacOSX Gets Massive Security Update

VMWare Fusion 3.1 Beta On Grounds

Dear Mozilla, Please “DONT” fix this. [Pic]

Check Network Connectivity With Power of PowerShell [Script]

Ubisoft Hacked : Fake or Real ?

Screen’s

When it Faked out

Screen’s

Yeah, We are Back !

AND

Mozilla Caught in a Bad Romance with Add-On

Apple Security Standards [Pic]

BlackBerry Smoked at ShmooCon : Spyware

Conclusion

How To Root Your Nexus One Android Phone [Tutorial]

Steps

Screens

Conclusion

RSA Crypto 768-Bit Keys Cracked

Can You Believe Playstation 3 Just Got Rooted - Geohot

Techcrunch Hacked

Screens

BT4 Final, Nmap and Immunity Debugger Updated : There is Something In Air

Backtrack 4 Final

Nmap 5.20

Immunity Debugger 1.74

Conclusion

Danger : Warning From Electricity [Pic]

Deep Look At Netdevilz XSS : Whois.com Hacked

Screen Shots

XSS

Conclusion

2 New Interesting Xss This Week

IE8 XSS Filter Distorting Facebook

Google Maps XSS

Gmail Goes https For Secure : Wi-Fi Protection

Are You Ready For Nullcon - Goa 2010

Some Shoots

Conclusion

Angelina Jolie and Barack Obama #1 Choice of Spammers [Report]

Top Most Spammed Women's

Top Most Spammed Men's

Conclusion

Interesting Approach To Computer Security : Fail [Pic]

HITB Ezine Issue 1 Released : Keeping Knowledge Free

Contents

US Army Website Defaced : TinKode Strike Again

SceenShots

Conclusion