BSNL Website Hacked by Pakistani Hacker

BSNL just can’t get enough of the negative lime-light. It has not even been two months since we reported BSNL getting compromised, and here we are again. A self-proclaimed Pakistani hacker has defaced a public BSNL page. Last time, we revealed a serious security flaw in an internal application at BSNL called Dotsoft, and funnily enough, the vulnerability still exists.
dotsoft-hack
Apparently, Dotsoft became a hot topic with ethical hackers earlier in 2009, here is a clear proof-of-concept hack attempt aimed at Dotsoft. Though, this time, the situation is even worse. Today, a sub-directory on the BSNL website was hacked by a Pakistani hacker. The hacker, who calls himself ‘KhantastiC haX0r’, placed an index.html file on the sub-directory to prove that he has write-access to the web server.   He has also stated he has copied and removed all logs of the intrusion, as well as copied the databases — possibly being held for ransom? The defaced site is available at http://www.bsnl.co.in/tender1/ and doesn’t seem to affect any other pages within the same sub-directory, like http://www.bsnl.co.in/tender1/archive3.php.

khantastic-hacker

It is worth mentioning that although ‘Khantastic haXor’ claims to have connections with the PCA, he was actually thrown out of the PCA according to online reports. The situation was so bad that his personal details were exposed by a rival online ‘crew’. They went so far as to include personal photographs of the person in question. In any fashion, KhantastiC haX0r doesn’t seem to take his online anonymity very serious, as his Google+ account features pictures in high detail.

BSNL seriously needs to strengthen itself against attacks like these, with over 90 million subscribers, it’s a wonder they’ve managed to stave off theft of credit cards, passwords and other internal databases. It would seem like this is an online turf-war and BSNL was simply caught in the middle, perhaps their state ties can help them with building a more robust and secure network.

This makes for a good Diwali gift for BSNL from Pakistan.

Opera Browser Vulnerable to Memory Corruption Exploit

In the raging browser wars, features, security and stability are paramount to competing. Opera might want to get a serious handle on things with the next release they push.

There is a memory corruption bug that has been present in Opera 10, 11 and the pre-release of 12 on Windows XP SP3. The vulnerability exists within SVG (Scalable Vector Graphics) layout handling. By nesting SVG functions within XML calls, an attacker is able to crash Opera. While crashing a browser might not seem like a huge deal to some, couple it with code injection and you have an exploit that can lead to complete remote code execution, and then it’s game over.

The exploit, which was discovered over a year ago, was reported to Opera but never fixed. Jose Vasquez, the original author, has published full details on the vulnerability as well as written and released a complete Metasploit module. Metasploit is a security framework for penetration testing, allowing a large number of security professional to collaborate on software and service vulnerabilities.

What might seem like a benign crash of your browser, might turn out to be an attacker positioning themselves to take control of your computer and network. Although it’s been previously broken, Jose also indicates it may be possible to bypass DEP, which is an active security feature provided by Microsoft,  specifically made to prevent unwanted code execution.

In an interview, Opera’s co-founder,  Jon Stephenson von Tetzchner indicated their number of users grew from 50 million in 2009 to over 150 million in just one year. There are a lot of users who are potentially vulnerable to exploitation of this bug. When Opera 11.51 was released, major security and minor stability issues were the reason for the update. If we consider that  this bug has been present since 10.50, disclosed to Opera over a year ago, and still left unfixed — many users may want to look at switching to the very popular Chrome  or Firefox 7  until Opera fixes this issue.

LulzSec Havoc: Change Your Important Passwords Before You Get Hit

The unknown and anonymous group (or single person) LulzSec is creating havoc, not just for companies like Sony, but also for government organizations like CIA and FBI. Most recently, the targets of the group has been common individuals like you and me.

In today’s data dump, LulzSec uploaded 62000 username and passwords for various users. Using this data anyone could login to your email account, , , bank account and more. It is definitely a huge privacy and security issue.

If you go through the Twitter feed of @LulzSec, you will see how the leaked passwords are being used. Some of those updates are really scary, take for example the one below where someone managed to destroy relationships over Facebook using those stolen accounts.

LulzSec Destruction

As you can see from the above screenshot, several users have used those accounts to access Xbox Live, PayPal, Facebook, Twitter, accounts. Some users even withdrew money from PayPal accounts and claimed to ruin relationships. This is definitely sickening.

Gizmodo has written an article to check if your passwords were leaked and find them out, however, don’t sit back happy if you are not one of the people who were not compromised. Regardless of whether or not your data was leaked, take about 15-20 minutes out of your time today and update the passwords for your Facebook, Twitter, Bank accounts and email providers like (, Hotmail, Yahoo) and other important services you use.

Make sure to create a new password for these services and if possible use different passwords on all of them. If you are having trouble with creating strong passwords read our guides on how to create strong passwords and more or use some password creation tools which can help you generate strong passwords

Though you might use hundreds of services, upgrading your passwords for some key services might save you trouble other individuals are going through. As a practice, try and use different passwords for different services and use alternative logins like (login through Twitter or Facebook) wherever you can.

LulzSec Takes Down CIA.gov Website, Forwards Prank Calls to FBI

In a brutal and continuous attack, a hacker group going by the name of LulzSec have been causing havoc in the web world. Earlier this month, LulzSec had taken down high profile sites such as Sony Developer Network and Sony Pictures.

Lulzsec CIA Down

Since then they have hacked several other high profile websites including gaming servers and more. Quite recently, @LulzSec have become quite active on and have been posting details about their exploits and asking users for suggestions for future hack targets.

LulzSec FBI Calls

In a day today, they have managed to bombard the FBI with calls and taken down the CIA website CIA.gov. The group who are behind this are anonymous (not be be confused with the group "Anonymous"), but their exploits are definitely creating quite a flutter within security circles.

This is definitely not the last time we are going to hear about @LulzSec, it is going be a long road ahead…

More updates coming..

Sony Public Relations Posts Grim Update On PSN Situation.

HUGE ALERT TO ALL THOSE READING THIS: If you use one password on all services online then stop reading this post and go change ALL of those passwords. Done? Okay, good. Read on.

PSNup

Here is the bad news: your Credit Card information has probably been stolen. Here is the extremely bad news: the hackers also know where you live and your phone number, as well as the password that you use on most of your services (if you are the one password is enough for a bajillion accounts I am very secure!kind of person). Here’s the gist:-

What they have stolen:-

  • Name
  • Address
  • Country
  • Birthday
  • Email Addresses
  • PSN ID/Password
  • Probably Your Trophies As Well

What they might have stolen:-

  • Purchase History
  • Credit Card numbers used for purchase
  • Security question on your PSN account (which is usually the same across many platforms, so change this one too)

What Sony officially advises you to do:-

If you have provided your credit card data through PlayStation Network or Qriocity, to be on the safe side we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.

To protect against possible identity theft or other financial loss, we encourage you to remain vigilant to review your account statements and to monitor your credit or similar types of reports.

How did the hackers obtain your password in the first place?

Why, it was in plaintext, my good man!

<user2>  creditCard.paymentMethodId=VISA&creditCard.holderName=Max&
creditCard.cardNumber=**********&creditCard.expireYear=****&creditCard.
expireMonth=*&creditCard.securityCode=***&creditCard.address.address1=
example street%2024%20&creditCard.address.city=city1%20&creditCard.
address.province=abc%20&creditCard.address.postalCode=12345%20

<user2>  sent as plaintext

<user3>  uh

<user3>  did you censor that card?

<user2>  ya its fake

<user3>  good

<user1>  wow, plaintext :S

<user5>  plaintext wow

<user3>  im never putting in my details like that

<user2>  ya is all fake lol

<user2>  i never used cc on ps3

<user2>  normally you ATLEAST enccrypt the securtity code, even if its ssl

PSNDRM

As the entire chat log of the hackers while they were penetrating the PlayStation Network shows at one point of time, I really cannot believe that a network that puts so much Digital Rights Management (DRM) protection on every game manages to store passwords without any kind of encryption. Thoroughly unbelievable. It is going to take a lot of coaxing from them for me to get back to the network. Thoroughly disgusting and outrageous.

Sony Raids Prominent PS3 Hacker’s House

The Sony PlayStation 3 (PS3) hacker scene got a shock recently when prominent German PS3 hacker graf_chokolo had his house raided by German Police due to a complaint made by Sony. The raid ended up with the confiscation of all his accounts, so to speak, and peripherals that might have been related to hacking the Sony home console. This harsh step up from Sony follows many put-downs of hackers and security researchers who have openly exploited the PS3’s security flaws.

PS3Versions

However, graf_chokolo had a ready last line of defense against Sony. The hacker had once claimed that he had quite a lot of knowledge about the PS3’s hypervisor (a virtualization technique), and that if Sony does annoy him, he will release it to the world. He made good on the promise as well by releasing the Hypervisor Bible (HV Bible) to the entire world. Using the HV Bible, other users can reverse engineer the PS3’s internal mechanisms to further open the console to the world:-

Guys, i don’t joke, it’s serious.
And to prove it, i kept my word and uploaded all my HV reversing stuff.
Upload it everywhere so SONY couldn’t remove it easily. Grab it guys, it contains lots of knowledge about HV and HV procs.

It is kind of sad that Sony is doing all of this if only they knew that piracy is not the main reason why these people work on Sony’s hardware; the homebrew scene is where most of their energy is focused. Let’s all hope this drama reaches a peaceful conclusion.

Noble Peace Prize Website Attacked By Hackers, Possibly From China

Chinese dissident, Liu Xiaobo is their Gandhi and sees enormous  support from pro-democrats. He has taken the path of non-violence to fight for human rights in China and this has led him to win a Nobel Prize for Peace apart from an 11-year old sentence.

Next, following the decision to award him, the Norway based website of the Noble Peace Prize was targeted by cyber-attacks, possibly originating from China.

The author of this  post at C S Monitor writes saying,

My assumption is that it is a Chinese-based actor. I assume a lot of traffic interest is in people coming to the [Nobel] Peace Prize site. The attacker can identify the identity of people of interest to them.

That is not enough fact to claim that the origin is indeed China. However, the Chinese government is particularly upset with the Nobel Committee in this matter as the act of rewarding a convict is a clear disrespect of the judicial system of China.

The trojan used in this case was from Taiwan but might just have sino origins. This attack gives a deja-vu as a similar attack was carried out on Tibetan activists in 2008.

China is long suspected to have an elite team of hackers at its disposal but these could have been shed as rumors up until now.  Now that we are seeing more on-demand action from China, it gets easier for us to believe such rumors. On a related note,  we still dread the Operation Aurora.

Installing Zone Alarm Free Firewall

Do you understand what a firewall really does? Most people would tell you that a firewall protects you from hackers out there on the internet. They’re right, but there’s a little more to it.

Every modern operating system has a firewall. Windows PCs are a special case, because they are specifically targeted by the dark forces out there. That’s mainly true because of the huge user base of Windows computers around the world.

Your firewall is meant to protect you from evil computers trying to access your computer without your knowledge (inbound protection). However, good firewalls also prevent your PC from broadcasting your private information or spreading worms, viruses and spam to other computers (outbound protection).

Many years ago, Windows shipped XP without any firewall protection turned on by default. That was a huge mistake and millions of people paid the price for it. The mistake was fixed by XP Service Pack 1, but many of us have never forgotten what happens when you don’t use a firewall.

zone-alarm-icon Back in the days of Windows 95 and 98, I used a firewall called ZoneAlarm, because Microsoft didn’t even offer one at the time. These days, the Windows firewall for XP, Vista and 7 is adequate, but it doesn’t offer very good outbound protection. That’s why it may be a good idea to try out the newest ZoneAlarm Free. Here’s what the folks at ZA say about their product.

YOUR PROTECTION INCLUDES:

Firewall
Monitors inbound and outbound traffic flowing through your computer
Requests from an unknown or unsolicited source are identified and blocked
Hides your computer from hackers

DefenseNet
Leverages real-time threat data from community of millions of ZoneAlarm users to detect and block the latest attacks
All programs launched on your computer are compared against a database of known programs; malicious program are blocked and safe programs allowed, rare unknown programs result in a warning
Delivers stronger, quieter security

Anti-phishing
Warns you of phishing sites and spyware distribution sites
Uses signatures and heuristics to identify more fraudulent websites than standard protection

Online Backup
Securely upload/download files with User-defined encryption keys.
Retrieve data from any location – login via any web browser to your account and access backed up data.
Automated backup schedules the backup of data per your convenience.

Below, I’ll run through a typical install of ZoneAlarm Free, with screenshots and tips to help you get through it.

Is it the Information Highway to Hell?

agent-ico As many of you know, the Internet is sometimes called the Information Superhighway. What most of you have not heard, is that the destination of this superhighway may not be what you had hoped. Where is it leading us?

What do you consider as threats to our privacy today?

• Cookie tracking
• Shopping data
• Search data
• Personal info from registrations
• Business info from credit agencies
• Medical data
• Government data
• Comments, Forums, Social sites
• GPS location tracking
• Cameras in Streets and Stoplights
• Cameras in Stores
• Cameras in Public Areas
• Nanny Cameras
• Home Security Cameras
• Satellite tracking cameras
• and more …

redlight-camera satellite

Doesn’t it make sense that someday, these will all be linked into the net and someone or something will be tracking your every movement? Who’s going to be watching? Governments are the obvious answer. For an example of this idea, watch “Enemy of the State“.

Another group to consider is the hacker community. They’ve discovered the profit in stealing your personal data.

If the governments and the hackers aren’t enough for you, let’s add more for you to worry about.

Your personal information is already a valuable commodity to businesses wanting to sell you products. What’s going to happen as those companies get access to ever more increasing amounts of data about you, where you are and what you are doing? Stephen Saunders at InformationWeek thinks the Internet will become:

… a sophisticated targeting system for companies to sell “stuff” to consumers, for governments to keep track of citizens, and for law enforcement to track illicit activity. In commercial terms, it will be an Internet where the user becomes the used.

I think Stephen may not be paranoid enough. After all, many are predicting the introduction of true machine intelligence by 2025. What could super-intelligent computers could do with all that information about us? I’m not afraid that Skynet will nuke us, but how long can we retain any illusion of freedom when our machines know everything about us and they’re smarter than we are? Watch the movie Eagle Eyefor a hint.

Bill Joy, co-founder of Sun Microsystems, expressed the same concerns ten years ago, in his post “Why the Future Doesn’t Need Us“. I remember his question:

Can we doubt that knowledge has become a weapon we wield against ourselves?

Now you might understand why I’m a little paranoid about the future. I think we’ll have a choice to become “one with the machine”, like the Borg, or become useless slaves to our technology. The governments, corporations and hackers will be the least of our worries. Welcome to the machine.


Dangerous Bug in Windows XP Turns Windows Help into Windows Hell

red-x-ico If you haven’t already, you need to fix your Windows XP or Windows Server 2003 machines to protect you against a recently discovered flaw. It’s called the HCP Flaw.

microsoft-hpc

Is it dangerous? Yes, all you have to do is view a specially coded page on the net, and your control over your PC can be stolen right out from under you.

Here’s what the problem is. A flaw in the Windows Help and Support Center (helpctr.exe) was discovered recently, and shortly after that, the information telling people how to take advantage of it was also published. It’s good when Windows flaws are reported, but it’s very bad when the information on how to use those flaws is also broadcast. You can bet that there are some black hats out there already infecting PCs with this new flaw.

There is a fix out from Microsoft. Go to this page and click on the Fixbutton to download the fix (KB2219475).

microsoft-hpc-fix

This fixisn’t a real solution. It disables the Help and Support Center in Windows, but if you are like me, you never use it anyway. Some time after Microsoft offers a real update to solve this problem, I’ll go back and re-enable the help center.

People running running Windows 7, Vista, 2000 or Server 2008 are safe from this bug. The affected operating systems are:

Microsoft Windows Server 2003 Service Pack 2, when used with:
Microsoft Windows Server 2003, Standard Edition (32-bit x86)
Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
Microsoft Windows Server 2003, Web Edition
Microsoft Windows Server 2003, Datacenter x64 Edition
Microsoft Windows Server 2003, Enterprise x64 Edition
Microsoft Windows Server 2003, Standard x64 Edition
Microsoft Windows XP Professional x64 Edition
Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems
Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
Microsoft Windows XP Service Pack 2, when used with:
Microsoft Windows XP Home Edition
Microsoft Windows XP Professional
Microsoft Windows XP Service Pack 3, when used with:
Microsoft Windows XP Home Edition
Microsoft Windows XP Professional

Here’s a good place to find more information on the HCP Flaw if you need it.

Many thanks to Terry’s Computer Tips for this tip.