Disqus for Cyber Fort

Showing posts with label hacker's view. Show all posts
Showing posts with label hacker's view. Show all posts

Saturday 17 August 2013

Email Spoofing – Basic Policies to Keep You Safe

Be The First To Comment
Your PayPal account has been locked!

Confirm your Bank Information Now!
You’ve Received a Secure Fax From The IRS.
Email spoofing  is the creation of email messages with a forged sender address - something which is simple to do because the core protocols do no authentication. Spam and phishing emails typically use such spoofing to mislead the recipient about the origin of the message.
A number of measures to address spoofing are available including: SPF, Sender ID, DKIM, and DMARC. Although their use is increasing, it is likely that almost half of all domains still do not have such measures in place. Email spoofing, the process of sending emails designed to appear as if they were sent by another sender, is certainly not a new method of distributing malware that harvests personal information or financial data. Each year, potentially hundreds of new spoofing schemes appear, ranging from emails claiming to contain faxes from the IRS to videos of social events such as the Boston marathon bombing.
email securityMere hours after the recent Oklahoma tornadoes, the various email traps (often referred to as SpamPots, a take on the term HoneyPot) used by the StopSign research and development team to collect samples and monitor trends had already seen several large surges of emails attempting to capitalize on the disaster, almost all of which containing attached viruses or links to malicious web sites.
There are several key actions you can take to protect yourself.
  • Don’t Click the Link — If a bank or merchant needs your information, you will always be able to enter it directly on their website, logging in as you normally would.
  • Don’t Open the Attachment — If you are not expecting an email attachment, or if it seems out of character for the sender, don’t open the attachment, even if the sender is someone you know personally.
  • Update Your Virus Scanner — Even emails you were expecting, and from people you know and trust, can contain viruses and links to malicious sites the sender may not have noticed.
Scanning every unknown file is always good policy, regardless of its origin. Even large corporations, which may rely on the browsing and email habits of hundreds if not thousands of people, are not free from the risk of infection. On more than one occasion, history has even seen companies accidentally distribute viruses via CD and even seemingly harmless devices containing flash memory. You can safeguard your own computer, but you can never account for another’s actions.
When an SMTP email is sent, the initial connection provides two pieces of address information:
  • MAIL FROM: - generally presented to the recipient as the Return-path: header but not normally visible to the end user,and by default no checks are done that the sending system is authorized to send on behalf of that address.
  • RCPT TO: - specifies which email address the email is delivered to, is not normally visible to the end user but may be present in the headers as part of the "Received:" header.
Together these are sometimes referred to as the "envelope" addressing, by analogy with a traditional paper envelope.
Once the receiving mail server signals that it accepted these two items, the sending system sends the "DATA" command, and typically sends several header items, including:
  • From: Joe Q Doe <joeqdoe@example.com> - the address visible to the recipient; but again, by default no checks are done that the sending system is authorized to send on behalf of that address.
  • Reply-to: Jane Roe <Jane.Roe@example.mil> - similarly not checked
The result is that the email recipient sees the email as having come from the address in the From: header; they may sometimes be able to find the MAIL FROM address; and if they reply to the email it will go to either the address presented in the MAIL FROM: or Reply-to: header - but none of these addresses are typically reliable
Safe browsing!. is my responsibility to keep u more secure ...
 
Read More

Friday 9 August 2013

Indian Hacker Godzilla hacked Pakistan Army Website on EID

Be The First To Comment

In Indian today is Eid and on this occasion, an Indian Hacker “GODZILLA” who is famous for hacking Pakistan Govt. websites again hacked and defaced the official website of the Pakistan Army(pakistanarmy.gov.pk).
Hacker also hacked three Pakistan Army Facebook pages:

If you are puzzled that how a hacker able to do these hacks so here is your answer:

Hacker Gaodzilla told E Hacking News that he planted a PDF exploit on the website which allowed him to install a piece of malware on the administrator’s computer.
After the hacks, the pages were removed.
Hacker Godzilla said:
“Now no more deals, if you can fire then we can bombard You are punished for breaking ceasefire we are coming for you,”
Currently, the Pakistan Army’s website and the Facebook pages are restored and working properly.
Here are the previous hacks by Hacker GODZILLA:

GODZILLA Pakistan Hack completed , Database has been Leaked socially


Like we said we are keeping you update on GODZILLA who is hacking Pakistan Government website from three days and yesterday also we reported that Pakistan websites are not running up and  now “GODZILLA” aka G.O.D has completed his Cyber Attack on Pakistan.
The great News is this that he has leaked the database of Pakistan Government Websites and posted socially online at Pastebin here-http://pastebin.com/ZWdxE8CW
There are total three admins managing the whole stuff of imp Pakistan cyber space. There is almost a common database for all the websites and these websites are Vulnerable to SQL Injection.

What has been Leaked?

  • Username
  • Password(plain-text)
  • Database name
  • Table name and other details.
Hackers Voice

Reason for attack: Pakistan’s Support to Terrorism
I must say without you it would have been difficult for us to penetrate into the system and your common password “111111″ was like a magical stick for us.
Pakistan is a country which is currently supporting terrorist activities through ISI, and if they regret Pakistan army and Ministry of Defense mail server backups are enough to proof how closely the are related to terrorism. Pakistan stop these activities before its too late.

Pakistan again under Godzilla Attack- A revenge from Indian Patriot Hacker


Again and again Pakistan websites are going hacked by “Godzilla” we are in touch with the news that what is next and yesterday when Godzilla took control on the Proxy server which was used by PakistanGovernment website and they all were down yesterday.
Today what happened Godzilla now have got access to the backup server and he told that backup server is also saved on the same network.
According to Godzilla Pakistan.gov.pk only just pretending that it is up and in actually they are not running.
Hackers Voice
“One thing is true Pakistan is good at pretending like nothing happened, let it be a cyber attack or a TERRORIST attack. “ 

After clicking the login button on Pakistan.gov.pk it is redirecting to an IP Address (202.83.164.27) this was using by the Pakistan Government when they didn’t have proxy system.
Now Hacker is Extracting the Database and once he extracted the data, he will take down rest of the IP Addresses. 

Pakistan Intelligence Agency was Hacked by an Indian Hacker

You know one news while whole world was busy in Anonymous hacking a Hacker hacked Pakistan Intelligence Agency (ISI).

The hacker name is “Godzilla” and he has claimed that he has hacked into the server of ISI website (http://isi.org.ok) and you know that he has hacked all the sensitive information about
Pakistan Intelligence.

And he has claimed also to access Remote Desktop Protocol (RDP) of the server located at 173.193.110.72.

He disclosed the complete info of the System that it has Windows 2008 server standard edition and having three derives i.e C,D,E with operating system in C and Hostname ‘AHCORP‘.
He also hacked into MSSQL server which containing 3 databases with 9 users and the url is  http://mssql.isi.org.pkand Screenshots taken by him which is below:-
Some partial tables of the database ‘msdb‘ as listed below:
  • bakupfile
  • bakupmediafile
  • bakupmediaset
  • backupset
  • logmarkhistory
  • restorefile
  • restorehistory
  • suspect_pages
Please for supporting us more Don’t Forget to Like us on Facebook because we want your Support to do more for you..like it..
Read More

Wednesday 7 August 2013

About Hacker ! Types of Hacker & World's 5 Most Famous Hackers

Be The First To Comment
hi...guys today i am here with u best article about hacker also types of hacker and world's most famous hackers.


About Hacker:                                                                                                                             hacker is someone who seeks and exploits weaknesses in a computer system or computer network. Hackers may be motivated by a multitude of reasons, such as profit, protest, or challenge. The subculture that has evolved around hackers is often referred to as the computer underground and is now a known community. While other uses of the word hacker exist that are not related to computer security, such as referring to someone with an advanced understanding of computers and computer networks, they are rarely used in mainstream context. They are subject to the long standing hacker definition controversy about the true meaning of the term hacker. In this controversy, the term hacker is reclaimed by computer programmers who argue that someone breaking into computers is better called a cracker, not making a difference between computer criminals (black hats) and computer security experts (white hats).Some white hat hackers claim that they also deserve the title hacker, and that only black hats should be called crackers.

Final words:

    “Being a hacker isn't about taking down noobs. It's a passion and a commitment to always learning. It's sharing that passion with others”
  Now you all know about hackers, now let’s discuss the types of hackers. I’m sharing this information because who so ever want to be a computer security expert, he should clear his mind what kind of hacker or security expert he want to be. So without wasting any more time let’s begin with,

Types of Hacker:

There are three main types of Hacker.

• White Hat Hacker:

white hat hacker breaks security for non-malicious reasons, perhaps to test their own security system or while working for a security company which makes security software. The term "white hat" in Internet slang refers to an ethical hacker. This classification also includes individuals who perform penetration tests and vulnerability assessments within a contractual agreement. The EC-Council, also known as the International Council of Electronic Commerce Consultants, is one of those organizations that have developed certifications, course-ware, classes, and online training covering the diverse arena of Ethical Hacking.

Final words:

  - A good hacker who helps in secure systems and works for ethical.

• Black Hat Hacker:


A "black hat" hacker is a hacker who "violates computer security for little reason beyond maliciousness or for personal gain" (Moore, 2005) Black hat hackers form the stereotypical, illegal hacking groups often portrayed in popular culture, and are "the epitome of all that the public fears in a computer criminal". Black hat hackers break into secure networks to destroy data or make the network unusable for those who are authorized to use the network. They are the people that hack banks, steal credit cards, username and password, and deface websites.  They will maintain knowledge of the vulnerabilities and exploits they find for a private advantage, not revealing them to the public or the manufacturer for correction.

Final words:

 - A hacker with criminal intent mostly idulge in crimes work for crime.

• Grey Hat Hacker: 

A grey hat hacker is a combination of a black hat and a white hat hacker. A grey hat hacker may surf the internet and hack into a computer system for the sole purpose of notifying the administrator that their system has a security defect, for example. Then they may offer to correct the defect for a fee.They usually do not hack for personal gain but may or may not occasionally commit crimes during the course of their technological exploits.


Final words:

- A hacker with no particular agenda works for both good or bad.

                                     I have already told you the three main types of hackers, but I feel this is not enough so I’ll now further divide these types into sub categories. Means I would like to define more these three types. This will help you to differentiate among the types of hackers.

Phreaker:

A phreaker is simply a hacker of telecommunications. An example of this is tricking the phone system into letting you make free long distance calls.

Script Kiddy:

script kiddie (also known as a skid or skiddie) is a non-expert who breaks into computer systems by using pre-packaged automated tools written by others, usually with little understanding of the underlying concept—hence the term script (i.e. a prearranged plan or set of activities) kiddie (i.e. kid, child—an individual lacking knowledge and experience, immature).

Hacktivist:

A hacktivist is a hacker who utilizes technology to announce a social, ideological, religious, or political message. In general, most hacktivism involves website defacement or denial-of-service attacks.This is a person with political motivations, such as someone defacing a website and leaving messages on the hacked site for the world to see.

Academic Hacker:

This type is typically an employee or student at an institution of higher education. They would use the institutions computing resources to write malicious programs.

World's 5 Most Famous Hackers:

• Jonathan James 

                                                                                                                      
Jonathan Joseph James (December 12, 1983 – May 18, 2008), was an American hacker who was the first juvenile incarcerated for cybercrime in the United States. The South Florida native was 15 years old at the time of the first offense and 16 years old on the date of his sentencing. He died on May 18, 2008, of a self-inflicted gunshot wound He was known as “c0mrade” on the Internet. His main targets were blue chip corporate organizations. Using the backdoor, he was able to read sensitive e-mail messages and capture usernames and passwords of the agency employees stored in the database. He hacked into NASA’s network and downloaded enough source code to learn how the International Space Station worked. On realizing this, NASA was compelled to switch off its computer systems costing them approximately $41,000 in the process.

For more information about Jonathan Jamesclick here.

• Kevin Mitnick

 Kevin David Mitnick (born on August 6, 1963) is an American computer security consultant, author, convicted criminal, and hacker. In the late 20th century, he was convicted of various computer and communications-related crimes. At the time of his arrest, he was the most-wanted computer criminal in the United States. Kevin Mitnick’s journey as a computer hacker has been so interesting and compelling that the U.S. Department of Justice called him the “most wanted computer criminal in U.S. history. He was a self-proclaimed hacker with the nickname “hacker poster boy”. Media managed to make him as one of the most feared hackers.

For more information about Kevin Mitnickclick here.

• Kevin Poulsen

Kevin Lee Poulsen (born November 30, 1965) is an American former black hat hacker who is a News Editor at Wired.comKevin Poulsen is also referred to as Dark Dante. He rose to fame for hacking into LA radio’s KIIS-FM telephone lines and fixed himself as the winning caller, earning him a brand new Porsche. According to media, he was called the “Hannibal Lecter of computer crime.”  He got into trouble with the law when he decided to hack into the FBI database and stole wiretap information. Unlike other hackers, his hacking activities mainly revolved around hacking into telephone networks. Surprisingly, when his picture was eventually released on television show, the telephone lines crashed. He was later captured in a supermarket and sentenced to 51 months in prison, as well paying $56,000 in restitution. He changed his ways after being released from prison. He began working as a journalist and is now a senior editor for Wired News. At one point, he even helped law enforcement to identify 744 sex offenders on MySpace.

For more information about Kevin Poulsenclick here.

• Adrian Lamo

Adrian Lamo (born February 20, 1981) is an American threat analyst and "gray hathacker. He first gained media attention for breaking into several high-profile computer networks, including those of The New York TimesYahoo!, and Microsoft, culminating in his 2003 arrest.n 2010, Lamo reported U.S. serviceman Bradley Manning to federal authorities, claiming that Manning had leaked hundreds of thousands of sensitive U.S. government documents to WikiLeaks. Manning was arrested and incarcerated in the U.S. military justice system. What made Lamo’s activities illegal is that he was not hired by any of the companies to find and rectify flaws in their systems. He is also known for identifying security flaws in computer networks of Fortune 500 companies and then notifying them of any flaws he found. After breaking into New York Times local area network, he was able to include himself as part of the network administrators thus giving him access to personal data, i.e. social security numbers.

For more information about Adrian Lamoclick here.

• Robert Tappan Morris

Robert Tappan Morris (born November 8, 1965) is an American computer scientist, best known for creating the Morris Worm in 1988, considered the first computer worm on the Internet—and subsequently becoming the first person convicted under the Computer Fraud and Abuse Act.
He went on to co-found the online store Viaweb, one of the first web-based applications, and later the funding firm Y Combinator—both with Paul Graham. He is a tenured professor in the department of Electrical Engineering and Computer Science at the Massachusetts Institute of Technology.
His father was the late Robert Morris, a coauthor of UNIX and the former chief scientist at the National Computer Security Center, a division of the National Security Agency (NSA).
For more information about Robert Tappan Morrisclick here.


hope u like this article pls leave us  comment you have any ideas about this...

Read More