Sony claims to have a more stronger PSN than before

Sony one of the biggest organizations that was badly hit by cyber attacks.The hackers gave complete boom to the personals credentials of its customers and showed the truth about the security used by this entertainment and electronics giant.According to the CEO of Sony Mr. Howard Stringer claims the PlayStation Network is more secure than ever.

"I'm pleased to tell you that the PSN is more secure and better than ever," Stringer said at a news conference at the IFA electronics show here. "We are aggressively expanding its content. We have more than 3 million new customers since the network came back online, and sales are exceeding what we had before the cyberattacks.",he said

Lets see if this time the SONY is really secured or the hackers whitewash their pockets again.

Theregister.co.uk hacked by Turkguvenligi

Theregister.co.uk hacked by Turkguvenligi

theregister.co.uk is one of the biggest news portal site hacked by Turkguvenligi. theregister.co.uk is hacked by dns hijacking.Still theregister.co.uk is accessible via the original IP address (68.68.20.116) from several places around the world.

Here is zone-h mirror

Steve Jobs Resigns As CEO Of Apple

Today apple CEO Steve Jobs resigned here is the letter by steve jobs

To the Apple Board of Directors and the Apple Community:

I have always said if there ever came a day when I could no longer meet my duties and expectations as Apple’s CEO, I would be the first to let you know. Unfortunately, that day has come.

I hereby resign as CEO of Apple. I would like to serve, if the Board sees fit, as Chairman of the Board, director and Apple employee.
As far as my successor goes, I strongly recommend that we execute our succession plan and name Tim Cook as CEO of Apple.

I believe Apple’s brightest and most innovative days are ahead of it. And I look forward to watching and contributing to its success in a new role.
I have made some of the best friends of my life at Apple, and I thank you all for the many years of being able to work alongside you.
Steve



Apple has confirmed that Apple COO Tim Cook will replace Jobs as CEO, following Jobs’ own recommendation. Considering that Cook has filled in for Jobs in the times of his medical leaves (including the one he has been on this year), this has been widely expected if and when it came time for Jobs to step down. Also as requested, Jobs has been elected as Chairman of the Board and will remain with the company in that capacity. Cook will join the Board as well.

BART Police Database Hacked by Anonymous #OpBART

Database with information about the members of the police BART (Bay Area Rapid Transit) is exposed by anonymous hackers in the #OpBart operation.

The database, published on Pastebin, contained information on names, addresses and accounts for more than 100 police officers. The Pastebin also contained a link to the campaign OpBart that is executed by Hacktivist group Anonymous.

The reason behind Anonymous operation is “censorship” of the subterranean cellular voice and data network in San Francisco’s Bay Area Rapid Transit system (BART) while people protesting about the fatal shooting of a homeless man by BART(Bay Area Rapid Transit) police.

Anonymous user database attacked BART before. During the campaign OpBart published data on the 3000 accounts of the police obtained from the site MyBart.

The group argues that they protest the recent shootings, organized by Bart Police, as well as the agency’s decision to disable wireless connections to disrupt the protests in San Francisco.

While the Police Officers Association website BART (BART Police Officer’s Association) was unavailable, the agency published a message on their official website, which condemned the attack.

“We condemn this latest attack on the working men and women of BART,” interim general manager Sherwood Wakeman said in a statement. “We are deeply concerned about the safety and security of our employees and their families. We stand behind them and our customers who were the subject of an earlier attack. We are deeply troubled by these actions.”

No matter who carried out this attack securing the data is one of the most important steps that we should care about, if we have such sensitive information we need to keep them offline so no one can have them. Or we need to have a security audit and periodic penetration test to have a clear idea if our databases are vulnerable to attack or not.

Twitter petition-new trend of twitter phishing

Black hats keep finding new ways of smart social engineering recently new scam was exposed where users were threatened for twitter petition which was phishing attempt-The tweets being sent out read "Twitter might start to charge in October, sign this petition to keep the service free! -URL-."

The real source of short url takes to a twitter phishing site running on chinese dns servers
At least one Twitter user seems to be having some fun with this and has produced her own copy of the scam...
This morning @trojankitten tweeted  "Twitter might start charging in October, a petition is picking up speed to keep it free.-URL-."
which is redirected a pastie.org page that reads:

"Hi,
This is Trojan Kitten. Twitter won't "start charging in October," but there's yet-another-twitter-malware, which will send tweets like these from your account, once you're affected:
"Twitter might start to charge in October, sign this petition to keep the service free! link.here/to-malware" "Twitter is going to charge now? read this article on twitter :( link.here/to-malware"
And since you see the text you're currently reading, you could've been affected: you clicked the link. I don't actually blame the users. So let's blame Twitter for its loose control on apps (in terms of security).

If you have been hit with this scam, be sure to change your Twitter password immediately and it would be prudent to log in and revoke all application API access as well.

Don't forget to subscribe to our rss feeds.We wish you a secure day :)

#OpFacebook - Anonymous Going To Attack Facebook on November 5 , 2011

#OpFacebook - Anonymous Going To Attack Facebook on November 5 , 2011

Anonymous have declared to destroy Facebook on Nov 5 or may be this is another fake anonymous hacker with a fake operation who made accounts named Op_Facebook (Twitter)  FacebookOp (Youtube) .


Anonymous notices the citizens  
" We wish to get your attention, hoping you heed the warnings as follows:
Your medium of communication you all so dearly adore will be destroyed. If you are a willing hacktivist or a guy who just wants to protect the freedom of information then join the cause and kill facebook for the sake of your own privacy. "

The group said in its message that "Operation Facebook" would be begin November 5. It claimed the social network, based in Palo Alto,Calif., provides information to "government agencies" so they can "spy on people." If Operation Facebook is real, it could mark a new phase for Anonymous, which in recent weeks has joined forces with the remnants of the more tightly knit hacker group LulzSec to target law enforcement agencies in an ongoing operation called Antisec.

                                                                                       One of the Anonymous Leader Claim that "Operation                  Facebook" is Fake. He tweeted as shown above.

Press Release of #Op_Facebook 

Operation Facebook

DATE: November 5, 2011.

TARGET: https://facebook.com

Press:
Twitter : https://twitter.com/OP_Facebook
http://piratepad.net/YCPcpwrl09
Irc.Anonops.Li #OpFaceBook
Message:

Attention citizens of the world,

We wish to get your attention, hoping you heed the warnings as follows:
Your medium of communication you all so dearly adore will be destroyed. If you are a willing hacktivist or a guy who just wants to protect the freedom of information then join the cause and kill facebook for the sake of your own privacy.

Facebook has been selling information to government agencies and giving clandestine access to information security firms so that they can spy on people from all around the world. Some of these so-called whitehat infosec firms are working for authoritarian governments, such as those of Egypt and Syria.

Everything you do on Facebook stays on Facebook regardless of your "privacy" settings, and deleting your account is impossible, even if you "delete" your account, all your personal info stays on Facebook and can be recovered at any time. Changing the privacy settings to make your Facebook account more "private" is also a delusion. Facebook knows more about you than your family. http://www.physorg.com/news170614271.html

http://itgrunts.com/2010/10/07/facebook-steals-numbers-and-data-from-your-iph....

You cannot hide from the reality in which you, the people of the internet, live in. Facebook is the opposite of the Antisec cause. You are not safe from them nor from any government. One day you will look back on this and realise what we have done here is right, you will thank the rulers of the internet, we are not harming you but saving you.

The riots are underway. It is not a battle over the future of privacy and publicity. It is a battle for choice and informed consent. It's unfolding because people are being raped, tickled, molested, and confused into doing things where they don't understand the consequences. Facebook keeps saying that it gives users choices, but that is completely false. It gives users the illusion of and hides the details away from them "for their own good" while they then make millions off of you. When a service is "free," it really means they're making money off of you and your information.

Think for a while and prepare for a day that will go down in history. November 5 2011, #opfacebook . Engaged.

This is our world now. We exist without nationality, without religious bias. We have the right to not be surveilled, not be stalked, and not be used for profit. We have the right to not live as slaves.

We are anonymous
We are legion
We do not forgive
We do not forget
Expect us

AnonPlus Hacked By SyRiAn Cyb3r Army

Boom Third Attack on AnonPlus.com  . Anonplus.com had been hacked once by AKINCILAR and then Th3 Pr0 & SaQeR SyRia now The SyRiAn Cyb3r Army Hacked it for the third time 


After the hacking gang Anonymous took credit for defacing Syria's Ministry of Defense website, a Syrian group retaliated on Monday by posting gruesome photos on Anonymous embryonic social network. 
The defacement of AnonPlus (http://anonplus.com/), the site Anonymous set up last month when it was booted off Google+ — did not include the name of the group responsible.


Where as Anonymous Claim that, AnonPlus is not their any Official site. Lulzsec leader Sabu tweeted "Turns out people were correct: anonplus.com was a troll domain. Belongs to "fro" aka "cnaperth" aka "Adam Bennett" from Perth, Aussie."

AntiSec Leaks 10GB data of law enforcement agencies

AntiSec ackers once again leak a huge data of 10GB at https://vv7pabmmyr2vnflf.tor2web.org/ , hacked from 70 law enforcement agencies. The leak contain hundreds of compromising email spools, personal information about officers, police training videos, and the contents of insecure anonymous tip systems.Also Over 300 mail accounts from 56 law enforcement domains. Missouri Sheriff account dump (mosheriffs.com)7000+ usernames, passwords, home addresses, phones and SSNs. Online Police Training Academy filesPDFs, videos, HTML . Plesk plaintext server passwords (ftp/ssh, email, cpanel, protected dirs).files.


Stolen Credit Card information from mosheriffs.com online store also leaked on Pastebin

RefRef - DDOS Tool By The Anonymous

RefRef - DDOS Tool By The Anonymous

Previously you saw the source code of XerXes by The Jester . The Anonymous Team Have Also Developed their own DDoS tool which is said to exploit SQL vulnerabilities to support the group's future campaigns. Previously they had been using LOIC for many of their operation . But due to this tool many of the Anonymous got caught may the tool was not capable of hiding their tracks . So this time they made their own.


According to Developer "RefRef is a revolutionary DoS java site. Basically, by using an SQL and .js vulnerability, you can send a page request packet from your home computer with embedded .js file, because of the vulnerability in the SQL/Javascript engine on MOST websites, the site actually TEMPs the .js file on its own server. So now the .js is in place on the host of the site. Next since you still have the request, it picks up the .js file, and all of the requesting for packets power happens on the server, not the requestee. I send two packets from my iphone, and everything else happens on the server. Basically eats itself apart, because since both are on the server, its all a local connection."


This DDOS tool #RefRef s set to be released in September, according to an Anon promoting it on IRC this afternoon Developed with JavaScript, the tool is said to use the target site’s own processing power against itself. In the end, the server succumbs to resource exhaustion due to #RefRef’s usage. An attack vector that has existed for some time, resource exhaustion is often skipped over by attackers who favor the brute force of a DDoS attack sourced from bots or tools such as LOIC.


The tool is very effective, a 17-seconds attack from a single machine resulting in a 42-minute outage on Pastebin yesterday. The Pastebin Admins Weren't happy and tweeted 

The effectiveness of RefRef is due to the fact that it exploits a vulnerability in a widespread SQL service. The flaw is apparently known but not widely patched yet. The tool's creators don't expect their attacks to work on a high-profile target more than a couple of times before being blocked, but they don't believe organizations will rush to patch this flaw en masse before being hit.


This means there are a lot of possible targets out there that will be hit at least once. "This tool only makes you vulnerable if you don't keep your systems patched, perform the basic security, which is how Sony got caught with it's pants down," the RefRef developers said.


The tool works by turning the servers against themselves. It sends malformed SQL queries carrying the payload which in turn forces the servers to exhaust their own resources. However, the tool's GUI does have a field for inputting the refresh interval so it might combine traditional forms of HTTP hammering with the new technique.
Some security experts have been skeptical that the success of Anonymous's DDoS attacks can be explained through LOIC alone. They proposed that some of the group's supporters also have access to botnets, a theory that has partially proven to be correct.


source

Operation Paypal | More Than 3500 Accounts Closed

Hacker group Anonymous continued its battle with PayPal this week, encouraging users to cancel their accounts over recent arrests and the company's refusal to handle transactions for whistleblower site Wikileaks.

The effort, dubbed Operation PayPal (or #OpPayPal), kicked off around 4am Eastern time and called on Anonymous supporters to "immediately close their accounts and consider an alternative."

In December, Anonymous organized a distributed denial of service (DDoS) attack against PayPal, Amazon, Visa, and MasterCard after the companies pulled their support for Wikileaks, which had recently dumped 250,000 State Department cables. At the time, PayPal said the move was in response to "a violation of the PayPal Acceptable Use Policy" because Wikileaks "was encouraging sources to release classified material, which is likely a violation of the law by the source."

Their Official Press Release 

1. Dear PayPal, its customers, and our friends around the globe,
3. This is an official communiqué from Anonymous and Lulz Security in the name of AntiSec.
5. In recent weeks, we've found ourselves outraged at the FBI's willingness to arrest and threaten those who are involved in ethical, modern cyber operations. Law enforcement continues to push its ridiculous rules upon us - Anonymous "suspects" may face a fine of up to 500,000 USD with the addition of 15 years' jailtime, all for taking part in a historical activist movement. Many of the already-apprehended Anons are being charged with taking part in DDoS attacks against corrupt and greedy organizations, such as PayPal.
7. What the FBI needs to learn is that there is a vast difference between adding one's voice to a chorus and digital sit-in with Low Orbit Ion Cannon, and controlling a large botnet of infected computers. And yet both of these are punishable with exactly the same fine and sentence.
9. In addition to this horrific law enforcement incompetence, PayPal continues to withhold funds from WikiLeaks, a beacon of truth in these dark times. By simply standing up for ourselves and uniting the people, PayPal still sees it fit to wash its hands of any blame, and instead encourages and assists law enforcement to hunt down participants in the AntiSec movement.
11. Quite simply, we, the people, are disgusted with these injustices. We will not sit down and let ourselves be trampled upon by any corporation or government. We are not scared of you, and that is something for you to be scared of. We are not the terrorists here: you are.
13. We encourage anyone using PayPal to immediately close their accounts and consider an alternative. The first step to being truly free is not putting one's trust into a company that freezes accounts when it feels like, or when it is pressured by the U.S. government. PayPal's willingness to fold to legislation should be proof enough that they don't deserve the customers they get. They do not deserve your business, and they do not deserve your respect.
15. Join us in our latest operation against PayPal - tweet pictures of your account closure, tell us on IRC, spread the word. Anonymous has become a powerful channel of information, and unlike the governments of the world, we are here to fight for you. Always.
17. Signed, your allies,
19. Lulz Security (unvanned)
20. Anonymous (unknown)
21. AntiSec (untouchable)
    
    
    
    
    
    
    

Another PasteBin Release Told 

1. Operation Paypal
2. IRC: http://bit.ly/pDIZbY
4. Paypal is a corrupt corporation who voluntarily disabled donations to wikileaks with no legal base or reasoning whatsoever.  They are actively working with the FBI to arrest and imprison the only people who stood up and protested against this injustice, Anonymous. Cancel your account today.
6. To close your account:
8.    1. Log in to your PayPal account.
9.    2. Click Profile near the top of the page.
10.    3. Click My settings.
11.    4. Click Close Account in the Account type section and follow the steps
    
    
    More Than 3500 Accounts Are Closed 

SAP Systems on the Internet will be Hacked Next Week

On the 4^th of august at the world’s largest technical security conference – BlackHat USA 2011, which will take place in Las Vegas, SAP security expert and CTO of ERPScan Alexander Polyakov will show how any malicious attacker can get access to the systems running on SAP via Internet using new critical vulnerability.

SAP systems are used in more than 100 000 world companies to handle business-critical data and processes. Almost in each company from Forbes 500 system data are set for the handling of any process beginning from purchasing, human resources and financial reporting and ending with communication with other business systems. Thus receiving an access by the malicious attacker leads to complete control over the financial flow of the company, which can be used for espionage, sabotage and fraudful actions against hacked company.

The given attack is possible due to dangerous vulnerability of the new type, detected by Alexander in J2EE engine of SAP NetWeaver software, which allows bypassing authorization checks. For example it is possible to create a user and assign him to the administrators group using two unauthorized requests to the system. It is also dangerous because that attack is possible on systems, protected by the two-factor authentication systems, in which it is needed to know secret key and password to get access. To prove it researchers from ERPScan created a program, which detects SAP servers in the Internet with help of secret Google keyword and checks found servers on potential dangerous vulnerability. As the result, more than half of available servers could be hacked with help of found vulnerability.

“Danger is in that it is not only a new vulnerability, but a whole class of vulnerabilities that was theoretically described earlier but not popular in practice. During our research we only detected several examples in standard system configuration, and because each company customizes the system under its own business processes, new examples of vulnerabilities of the given class can be potentially detected at each company in the future. We have developed a free program which can detect unique vulnerabilities of such type in order to protect companies on time and it is also included in our professional product – ERPScan Security Scanner for SAP.” — noted Alexander.

Source