Day: June 4, 2011

Google to abandon older browsers

Posted on


IE6 countdown campaign, BBC

Those using IE7, Safari 3, Firefox 3.5 and their predecessors to view Gmail, Google Calendar, Talk, Docs and Sites will then lose some functions.

Eventually, it warned, these web services will stop working for those sticking with older browsers.

The move is part of a trend to stop the use of ageing browsers which can be insecure and not sophisticated enough to handle the latest web technologies.

Code malfunction

Statistics on browser versions gathered by StatCounter suggest about 17% need to change in the light of Google’s decision.

Google made its announcement in a blogpost saying its engineers were keen to make use of the latest capabilities in browsers, and that required support for HTML5 technology.

As a result, from 1 August, Google will only support what it calls “modern browsers”. By this it means the latest versions and major prior releases of Chrome, Firefox, Internet Explorer and Safari.

As new versions of these are released, Google will get its web services working with that and then drop support for the third-oldest version.

Support in this sense means that Google will only do compatibility testing with more up-to-date browsers. It will not carry out tests with older programmes and can make no guarantees that web services will work with them.

Concluding the blogpost, Venkat Panchapakesan, vice president of engineering at Google, wrote: “These new browsers are more than just a modern convenience, they are a necessity for what the future holds.”

In mid-May, Mozilla, which oversees development of Firefox, kicked off a plan to get the 12 million or so people using version 3.5 of its browser to update.

It said it was “frustrated” with efforts to get people to upgrade and had taken a series of steps to force change.

It used pop-up screens, adverts, re-directs and updates to steer people towards more recent versions of Firefox.

Figures gathered by Mozilla suggest the campaign has had some success as the number of users on Firefox 3.5 has now dropped to about one million.

Microsoft’s campaign to stop people using Internet Explorer 6 is one of the longest running upgrade efforts.

The software giant has used its automatic update system to get newer versions of its browser out to many users.

However, many companies prefer not to use this system and that has meant IE6 clinging on in some firms and nations.

Globally about 11% of browsers are IE6, suggest figures compiled by Microsoft, and there is a wide variation around the world.

About 34% of Chinese net users are on IE6, as are 22.3% of South Koreans and 11.6% of Vietnamese people.

Contact me at : contactme.bijay@gmail.com

http://computeraddicted.wordpress.com

http://shenanigans-nepal.blogspot.com/

http://losthacker-deadbj.blogspot.com/

Exclusive: CEO says hackers tried to extort data, money !

Posted on


Karim Hijazi knew his nightmare was just beginning when he saw that a mysterious e-mail had arrived in his inbox at 3 a.m. on May 26 that included his e-mail password and the subject line “Let us talk.”

That would mark the beginning of a weeklong saga of e-mail exchanges and Internet Relay Chat (IRC) discussions in which Hijazi says a group of hackers told him they wouldn’t publicly divulge information they had gotten from snooping on his accounts if he revealed sensitive security information acquired by the botnet-tracking firm,Unveillance, that he launched last year. The hackers, who call themselves LulzSec, wanted to know the whereabouts of compromised computers on the Internet that when remotely controlled are used en masse to attack Web sites, he told CNET in an exclusive phone interview late last night.

When he refused, LulzSec went public with his data, Hijazi says, posting his personal contact information, e-mails, and chat logs for download online yesterday as part of a campaign to embarrass the FBI and its InfraGard partner. The group had hacked the Web site of InfraGard Atlanta and grabbed usernames and passwords for about 180 members, including Hijazi. Because Hijazi had used the same password on the InfraGard site that he used on his personal Gmail account and his corporate Google Apps account, the hackers were easily able to spy on his personal and business activities.

Hijazi contacted the FBI right after that first LulzSec e-mail and said he plans to prosecute if he can.

“They had me under the gun for a little over a week with threats and extortion,” said Hijazi, chief executive of Unveillance. “The very nature of having to contend with someone who is holding something ransom is not pleasant.”

“I don’t believe it will impact our organization; it just sucks for my family and me,” he said when asked whether his business would suffer as a result of the incident.

Read more: http://news.cnet.com/8301-27080_3-20068939-245/exclusive-ceo-says-hackers-tried-to-extort-data-money/#ixzz1OK2YDwTG

Contact me at : contactme.bijay@gmail.com

http://computeraddicted.wordpress.com

http://shenanigans-nepal.blogspot.com/

http://losthacker-deadbj.blogspot.com/

 

13th SONY HACK : Sony Europe hacked by Lebanese hacker… Again

Posted on


By my count this is unlucky hack number 13 for Sony. A Lebanese hacker known as Idahc dumped another user database at Sony Europe containing approximately 120 usernames, passwords (plain text), mobile phone numbers, work emails and website addresses.

The attacker claims that he used standard SQL injection techniques to acquire the database. I think it is fair to say it appears that Sony has not learned anything from the previous 12 attacks.

SQL injection flaw? Check. Plain text passwords? Check. People’s personally identifiable information totally unprotected? Check.

Idahc tweet about Sony hackIdahc is the same attacker who targeted the Canadian Sony Ericsson site in May, 2011. In his note on pastebin he states: “I was Bored and I play the game of the year : ‘hacker vs Sony’.” He posted the link to pastebin with the simple note “Sony Hacked: pastebin.com/OMITTED lol.”

If you are a database administrator (especially a Sony one) and want to avoid your sensitive data from ending up in the headlines I recommend you actually test your web applications for SQL vulnerabilities.

Contact me at : contactme.bijay@gmail.com

http://computeraddicted.wordpress.com

http://shenanigans-nepal.blogspot.com/

http://losthacker-deadbj.blogspot.com/

Infragard Atlanta, an FBI affiliate, hacked by LulzSec

Posted on


Infragard logo

In a self-titled hack attack called “F**k FBI Friday” the hacking group known as LulzSec has published details on users and associates of the non-profit organization known asInfragard.

Infragard describes itself as a non-profit focused on being an interface between the private sector and individuals with the FBI. LulzSec published 180 usernames, hashed passwords, plain text passwords, real names and email addresses.

Where did the plain text passwords come from? Considering LulzSec was able to decrypt them it would imply that the hashes were not salted, or that the salt used was stored in an insecure manner.

One interesting point to note is that not all of the users passwords were cracked… Why? Because these users likely used passwords of reasonable complexity and length. This makes brute forcing far more difficult and LulzSec couldn’t be bothered to crack them.

In addition to stealing data from Infragard, LulzSec also defaced their website with a joke YouTube video and the text “LET IT FLOW YOU STUPID FBI BATTLESHIPS” in a window titled “NATO – National Agency of Tiny Origamis LOL”.

defaced website below…pics.proof.

Aside from defacing their site and stealing their user database, they tested out the users and passwords against other services and discovered many of the members were reusing passwords on other sites – an violation of FBI/Infragard guidelines.

LulzSec singled out one of these users, Karim Hijazi, who used his Infragard password for both his personal and corporate Gmail accounts according to the hackers.

They’ve published a BitTorrent with what they claim are nearly 1000 of Hijazi’s corporate emails and a IRC chat transcript that proclaims to be a conversation they had with him.

They also disclosed a list of personal information including his home address, mobile phone and other details.

It’s hard to say when these attacks will end, but a great start would be to carefully analyze your security practices and ensure that your data isproperly encrypted and to regularly scan your servers for vulnerabilities.

As for LulzSec? It appears they have declared war on one of the premier police forces in the world… Their fate remains a mystery.

src :http://nakedsecurity.sophos.com/2011/06/04/infragard-atlanta-an-fbi-affiliate-hacked-by-lulzsec/

Contact me at : contactme.bijay@gmail.com

http://computeraddicted.wordpress.com

http://shenanigans-nepal.blogspot.com/

http://losthacker-deadbj.blogspot.com/

French Ban Words ‘Twitter’ And ‘Facebook’ From TV, Radio

Posted on


France Ban French Twitter Facebook Word

How do you say Twitter and Facebook in French? You don’t say them at all.

France has banned the names of both social networking sites from being spoken on radio or television, unless they are part of a news story.

The reason for the ban goes back to a 1992 decreethat says mentioning such services by name is an act of advertising. Therefore, using the terms “Twitter” and “Facebook” constitutes preferential treatment.

Christine Kelly, a spokesperson for France’s Conseil Superieur de l’Audiovisuel (CSA), explained the ban.

“Why give preference to Facebook, which is worth billions of dollars, when there are many other social networks that are struggling for recognition,” she toldL’Express. “This would be a distortion of competition. If we allow Facebook and Twitter to be cited on air, it’s opening a Pandora’s Box– other social networks will complain to us saying, ‘why not us?’”

But critics highlight the absurdity of such an edict.TechCrunch writes:

Instead of referring to specific social networking pages, like saying “Find us at Facebook.com/Audi” or follow us on “Twitter.com/Pepsi” brands will have to skirt around the issue, saying things like “Find us on social networking sites!,” or directing viewers to their community pages and hoping that viewers will just pick up on where to go.

Ex-pat blogger Matthew Fraser attributed the new restrictions to traditional French protectionism when it comes to the spread of American culture.

ADVERTISEMENT

“Facebook and Twitter are, of course, American social networks,” he wrote. “In France, they are regarded — at least implicitly — as symbols of Anglo-Saxon global dominance — along with Apple, MTV, McDonald’s, Hollywood, Disneyland, and other cultural juggernauts. That there is a deeply-rooted animosity in the French psyche towards Anglo-Saxon cultural domination cannot be disputed.”

Back in 2003, the French banned the use of the word “email” in all government communications and publications.

Contact me at : contactme.bijay@gmail.com

http://computeraddicted.wordpress.com

http://shenanigans-nepal.blogspot.com/

http://losthacker-deadbj.blogspot.com/

Extreme Networking: App Tells You Who’s In the Room, How You’re Connected

Posted on


Name: Sonar

Quick Pitch: Sonar tells you who is in the room and how you’re connected.

Genius Idea: Leveraging social networks for real-world connections.


Some of us are naturally gifted networkers. We walk into a room of 50 strangers and giddily begin introducing ourselves to 50 new friends.

For those of us who are less outgoing, however, it helps to start with some sort of connection. However many degrees we are separated by, Sonar wants to map them out.

The iPhone app [iTunes link], which launched in May, shows you who is in the room by using data from social networks. After connecting accounts, you can see who else is checked in on Foursquare or Facebook Places, as well as which one of them shares your Twitter or Facebook friends. You can send a message to any of them with a click in order to make a connection in real life.

“Talking to someone on the street is harder than talking to someone in a bar,” says founder and CEO Brett Martin. “Talking to someone in a bar is harder than talking to someone at a house party. What we’re trying to do with Sonar is show people when the person on the street is the same person at the house party.”

 

 

 

 

Sonar works because “people have spent the last 25 years uploading their identities to the internet,” Martin says. It uses the profiles people have created elsewhere instead of being dependent on a critical mass of users. The app works whether or not other people in the room are using it. However, those people do need to check in with either Foursquare or Facebook Places. And that limits Sonar’s scope. One recent study found that only up to 17% of the mobile population uses checkin services.

Martin hopes to reduce this problem by adding implicit checkins — such as when people respond to anEventbrite invite. He also hopes to broaden the checkin pool to include geotagged tweets, Instagram photos and foodspotting images.

As for monetization, Martin says that the startup’s current plan is to borrow a model often used on dating sites: promoted visibility. If a company is hosting a conference and wants its executives to be on the top of everyone’s “most relevant” lists, they could pay Sonar to make it happen. It’s a similar concept to Twitter’s promoted tweets, but Martin says that a sponsor would only be able to promote people — never its brand itself.

Personally, I’ve always wanted a Shazam for people, and this is the closest thing I’ve found. While the app doesn’t work that well in checkin-shunning crowds, at the right conference or even the right party, it’s likewaterwings for networking.

Image courtesy of iStockphotogehringj

iFive: Sony Hacked Again, Gmail Scam Hit White House, Facebook Vs. Ceglia, Adobe Vs. Apple, Sales Tax Going Online

Posted on


icloudlogo

Monday’s when we finally hear all about Apple’s cloud services offering iCloud. We don’t know much, but thanks to enterprising photographers at the Moscone West center where Apple’s event will be held, we now know what the logo looks like.

1. Sony has been hit with yet another hack attack, this time targeting its Pictures website. Hackers LulzSec say they pulled off a standard SQL injection, and managed to gain access to one million passwords of the sites users, which were stored in plain text files allegedly. The hack was intended to expose Sony’s “disgraceful” security, and Sony’s now busily investigating the claims and its security setups…again.

2. Google’s Gmail phishing scam apparently targeted people who work at the White House as well as other government figures, according to new reports. No official messages were compromised, the administration has promised, but the hackers–still being reported as originating in China, despite China’s protestations–were most likely hoping to glean information about official business of government from private user email accounts.

3. Facebook has struck back against the ownership lawsuit filed by Paul Ceglia, alleging that Ceglia fabricated evidence to support his claims. Facebook has supplied “real” emails, pulled from Harvard’s server archives, that relate to the business deals between Mark Zuckerberg and Ceglia, and they show a different relationship to the alleged deal by Ceglia. Facebook’s legal team is even saying Ceglia was involved in land sales scams.

4. Adobe’s CEO, speaking at the AllThingsD conference, has revealed that there is no “war” with Apple, and it’s all about different business models–a very different story to Steve Jobs’ allegations about Flash’s ill performance and security. Unable to defend accusations that Flash doesn’t work well on Android devices (one key sales pitch for Google’s smartphone web experience versus the iPhone) Shantanu Narayen still suggested Android tablets will soon overtake the iPad.

5. The U.S. Senate is considering a new proposal that would end the free ride ecommerce has enjoyed in much of the nation in terms of collecting sales tax. The exemption was initially allowed to protect the fledgling online economy, but now that web-stores are established there’s a feeling that sales tax should be collected. The main “target” is most likely Amazon, which has been rattling its saber in a few states that tried to independently enforce sales tax collection.

[Image: Macstories]

Contact me at : contactme.bijay@gmail.com

http://computeraddicted.wordpress.com

http://shenanigans-nepal.blogspot.com/

http://losthacker-deadbj.blogspot.com/

British intelligence hacked al-Qaeda website magazine and embedded cupcake recipes

Posted on


British intelligence operatives hacked into an English-language al-Qaeda online magazine and replaced an article on bomb-making instructions with garbled code from a recipe book for cupcakes,The Daily Telegraphreports.

 

The operation last June was aimed at disrupting efforts by the terrorist organization to recruit new followers with Inspire, its slick, 62-page color publication.

The Telegraph say that when anyone tried to download the magazine, instead of getting instructions in an article on How to Make a Bomb In Kitchen of Your Mom, readers instead got garbled computer code of a Web page of recipes for The Best Cupcakes in America published by the Ellen DeGeneres talk show.

The recipes included one for Mojito cupcakes, featuring white rum cake and covered in vanilla buttercake, and one for the Rocky Road Cupcake that adds, “warning: sugar rush ahead!”

The cyberattack also removed articles by Osama bin Laden, his deputy Ayman al-Zawahiri and a piece called What to expect in Jihad, the newspaper says.

Initially, British and U.S. intelligence planned to mount separate hacking operations, but the Americans withdrew out of concern by the CIA that it would expose sources and methods and disrupt an important source of intelligence, The Washington Post reports.

Contact me at : contactme.bijay@gmail.com

http://computeraddicted.wordpress.com

http://shenanigans-nepal.blogspot.com/

http://losthacker-deadbj.blogspot.com/

Hackers go wild: An overview of recent incidents

Posted on


A new burst of hacks has left companies and government organizations picking up the pieces.

Earlier today, The Hacker News reported it had received a message from hacking group Pakistan Cyber Army, claiming the PCA had hacked an Acer Europe server and stole sensitive information. The publication posted a screenshot of the data reportedly collected, which included the personal information of 40,000 customers, including their names, addresses, phone numbers, e-mail addresses, and the names of products they had purchased.

According to The Hacker News, the PCA plans to release more data within the next 24 hours, and will follow that up with a press release discussing its reasons for hacking Acer’s Europe division.

Acer did not immediately respond to a request for comment.

Not to be outdone, Anonymous, which made headlines last year by hacking financial institutions and other sites in defense of WikiLeaks founder Julian Assange, recently made public more than 10,000 e-mails it stole from Iran’s Ministry of Foreign Affairs. According to the International Business Times, which cited a source who viewed the documents, most of the files are passports and visas, and relate to an “oil meeting.”

But Anonymous hasn’t stopped there. The organization has also launched a new operation it’s calling Op NATO Black Fax/E-mail Bomb. Users can surf to the OpNATO page and send a free prewritten fax to the North Atlantic Treaty Organization in defense of Anonymous. The organization has posted a list of fax numbers to the page, and has asked supporters to send “as many [faxes] as you can” to those numbers.

“It has come to our attention that you have classified Anonymous a ‘potential threat to the security of [your] member states,’ and that you seek retaliation against us,” reads the letter to NATO, which is made up of the U.S., Canada, and the U.K., among other countries. Anonymous goes on to ask the member nations to “retaliate against us in any manner you choose.” However, even if some of its members are jailed, the letter reads, the nations will find “that Anonymous continues to live on.”

Anonymous’ letter ends with a threat.

“Think carefully before you continue from here,” the letter reads. “You still have the power to stand up for good. Do NOT come between us and our freedom. You have been warned.”

Other hacking groups have been busy, as well. Earlier today, a hacker known only as “pr0f” posted the e-mails and passwords of more than a hundred United Arab Emirates government employees. However, the hacker said the list was “historic” and that the e-mail passwords were not current.

Even British intelligence officials have gotten into the mix. According to a Daily Telegraph report yesterday, MI6 hacked into an al-Qaeda online magazine recently and replaced bomb-making techniques with recipes on making “The Best Cupcakes in America.”

The latest string of hacks started in earnest in April when hackers launched a sophisticated attack against Sony’s PlayStation Network and Qriocity services. The hackers also breached Sony Online Entertainment. After discovering the breach, Sony was forced to take the services down. The company reported that the personal information of more than 100 million users had been exposed. Sony reassured users at the time that credit card data was encrypted. It has also said no identity theft has been reported because of the breach.

So far, Sony hasn’t been able to pinpoint who overcame its defenses, but the company did find a file named “Anonymous” on its servers. That file contained part of the hacking organization’s slogan: “We are legion.” Anonymous has said it was not responsible for the Sony hacks. It did acknowledge, however, that some of its members might have acted independently to attack Sony.

Though Sony might have hoped it was out of the woods following the PlayStation Network breach, the company still faces attacks from hackers. Just yesterday, a hacking organization called LulzSec posted links on its Twitter account to data it had stolen from Sony’s internal networks, as well as from the networks of Sony Pictures, Sony Music Belgium, and Sony Music Netherlands.

“We recently broke into SonyPictures.com and compromised over 1 million users’ personal information, including passwords, e-mail addresses, home addresses, dates of birth, and all Sony opt-in data associated with their accounts,” LulzSec wrote on Pastebin, the site where it posted some data. “Among other things, we also compromised all admin details of Sony Pictures (including passwords) along with 75,000 ‘music codes’ and 3.5 million ‘music coupons.’ “

The group claimed the data was not encrypted and had been left for the taking. Sony confirmed the attack this evening, saying it had contacted the FBI in an effort to track down the individuals who posted the data.

LulzSec’s attack on Sony was the second major hack the organization engaged in over the past week. This past weekend, the group showed off its hacking ability by engaging in what it called a “fun battle” with the Public Broadcasting Service. LulzSec posted a fake news story on the PBS site, saying that musical artist Tupac was still alive, and reportedly published log-in data for the PBS workforce. The hack was a response to an airing of a PBS “Frontline” episode called “WikiSecrets” that presented WikiLeaks in a somewhat unfavorable light.

The LulzSec hack followed a statement earlier this week from Google claiming it had “detected and disrupted” a phishing attack that attempted to give the hackers access to hundreds of Gmail accounts belonging to senior U.S. government officials. Google said it believed the attacks originated from Jinan, China, but stopped short of blaming the Chinese government.

The U.S. government has denied that state-run e-mail accounts were hacked, but it has launched an investigation into the possibility of officials’ Gmail accounts being targeted.

“Speaking on behalf of the U.S. government, we’re looking into these reports and seeking to gather the facts,” Caitlin Hayden, deputy spokesperson for the National Security Council, said in a statement to CNET yesterday. “We have no reason to believe that any official U.S. government e-mail accounts were accessed.”

Read more: http://news.cnet.com/8301-13506_3-20068763-17/hackers-go-wild-an-overview-of-recent-incidents/#ixzz1OHUwwFfV

Contact me at : contactme.bijay@gmail.com

http://computeraddicted.wordpress.com

http://shenanigans-nepal.blogspot.com/

http://losthacker-deadbj.blogspot.com/

Hackers Target Social-Network Accounts

Posted on Updated on


New York Congressman Anthony Weiner insists he did not send a lewd photo of himself through his Twitter account. However, he’s not ruling out the photo may be of him. (more)

Differences

Contact me at : contactme.bijay@gmail.com

http://computeraddicted.wordpress.com

http://shenanigans-nepal.blogspot.com/

http://losthacker-deadbj.blogspot.com/