Hack Blogspot

Kasus penyadapan memang sedang menarik saat ini, tidak saja antara Indonesia dan Australia, melainkan juga menghinggapi berbagai belahan dunia. Jauh, sebelum mengenai aksi penyadapan orang-orang nomor satu dan penting di Indonesia, salah satu sumber penyedia dan analisis dari Kasperky telah melansir sebuah infografik yang memuat sejumlah negara menjadi incaran mata-mata (cyber espionage).

Image via Wikipedia Tahun 2011 sudah di depan mata. Berbicara mengenai serangan cyber, apa kira-kira yang menjadi target para penjahat cyber di tahun 2011? Vendor keamanan McAfee merilis sasaran utama serangan cyber, mulai dari produk-produk Apple hingga sejumlah layanan gratis yang makin digandrungi. Simak lebih lanjut daftar tersebut agar Anda lebih berhati-hati. 1.  URL-shortening service Layanan penyingkat URL atau  URL-shortening service  makin banyak digunakan dengan situs seperti Twitter yang menjadi pendongkraknya. Layanan yang mampu meringkas alamat situs seperti bit.ly dan TinyURL ini ternyata mengeluarkan 3.000 URL setiap menitnya, demikian menurut McAfee Lab. Maka tak mengherankan jika layanan ini menjadi sasaran empuk kriminal cyber. Diprediksi, mereka akan memanfaatkan layanan tersebut untuk menyuntikkan spam,  scam  (penipuan online) dan program jahat lainnya. 2. Layanan  Geolocation Bagi Anda yang gemar memakai Foursquare, sebaiknya berha...

hack verb \ˈhak\ a : to write computer programs for enjoyment b : to gain access to a computer illegally   ac·tiv·ism noun \ˈak-ti-ˌvi-zəm\ a : a doctrine or practice that emphasizes direct vigorous action especially in support of or opposition to one side of a controversial issue

Image by New Media Days via Flickr For Julian Assange , the WikiLeaks founder and guiding spirit, it must have been sweet. Secretary of State Hillary Rodham Clinton was trying to smooth over the embarrassment, while the White House huffed that a criminal investigation was underway. The French government was decrying "the height of irresponsibility," and Pakistan was reckoning with a rebuke from its traditional patron, Saudi Arabia. Meanwhile, the pasty-faced Assange, a self-appointed knight-errant who has been doing battle with official secrecy since 2006, was in the shadows somewhere - few knew where - undoubtedly savoring the ruckus caused by WikiLeaks' exposure of confidential State Department cables. In an uncomfortable irony, however, he had to do the savoring in a secret location, because Interpol, the international anti-crime organization, has issued a high-priority "red notice" asking member countries to arrest him. President Obama's spok...

Image via Wikipedia Can WikiLeaks be gagged? A massive DDoS attack crashed the controversial site and its "cablegate" archive, forcing WikiLeaks founder Julian Assange to find new hosting. He did, thanks to Amazon. Now, after an intervention from an unlikely source--Joe Lieberman--Amazon has turned Assange away again. For a brief period, WikiLeaks was back up and running on through the Seattle-based company's servers. Amazon's A3 service offers self-serve cloud hosting, an ideal though temporary solution for the site's trove of confidential diplomatic documents. But Assange and Co. were kicked off Amazon's servers Wednesday, and again forced to find different hosting. Senator Joe Lieberman told AP that Amazon took down the site after inquiries from congressional staffers Tuesday. The company has stopped responding to requests for WikiLeaks, which reportedly has returned to a Swedish provider. According to reps for Sen. Lieberman, the issue is being handl...

Image via Wikipedia By now, you've probably heard of Stuxnet, the mysterious computer worm that infects Windows computers running software designed by Siemens, the German industrial giant. The software, Simatic WinCC, is what's known as a SCADA system -- "supervisory control and data acquisition" -- and it's used to help run everything from traffic systems and pipelines to nuclear plants. Siemens has known about Stuxnet for some time, and has been tracing the worm's spread on its website. In July 2010, the company knew of only one industrial facility affected. By September 7, it was reporting that 15 systems had been hit worldwide. (The worm was first discovered in June by VirusBlokAda, a little-known Belarussian security firm.) For months, the discussion about the virus stayed within the cybersecurity community, but once speculation began to mount that it was aimed at Iran's nuclear facilities, the news went, er, viral. Amid the uproar last week, Ira...

YouTube is under attack from a user named 'ebaumsworld' who has placed malicious links in the comments are of the website. Several videos on the web have been under the attack. Though it is common for users to place links that redirect other users to other websites and pop-ups but the recent posts by 'ebaumsworld' and '4chan' has lead to various disturbing and abusive videos and pop-ups that can pose a potential virus threat for the users. The comments ad links posted started with the users like '4chan' and 'ebaumsworld' targeting the Justin Bieber videos. The star has already been plagued by several obscene rumors over the last few months. The recent hacking of the net by the users have caused several other videos being affected. Users have been redirected to several unwanted pages and videos. '4chan' has claimed responsibility for the corrupting of the video links of Justin Bieber. YouTube has been trying to solve the issue by blockin...

Is there a possibility for Twitter to be related to rogue? It looks that the answer to this question is YES. Security experts from Websense have recently detected a new Twitter-related spam campaign spreading rogueware. Let's find out the whole truth about this threat together. First of all, it has to be noted that the attack starts with a spam message purportedly being sent by Twitter and coming with the subject line "Reset your Twitter password". Victimized users are asked to click on the provided link or paste it into the browser. Websense claims to have detected about 55,000 cases of this malicious Twitter spam campaign. So what happens if the recipient clicks on the provided link? As it may be expected, that is where the real malicious attack begins. The link asks the victimized user to download an executable called password.exe. This is a malicious file and drops on the infected system rogue anti-virus application called Protection Center. An interesting thi...

A Facebook phishing attack is on the loose this weekend — the third widespread attack on the site in the past three weeks. The attack attempts to steal your Facebook login credentials, install malware on your computer, and even get your home address. The attack is spread via a “hilarious video” posted to Facebook walls, reports WebSense — when clicked, a form appears requesting your Facebook login. The attack then returns you to Facebook, installs an app called “Media Player HD”, and asks you to download the “FLV player” — doing so installs malware on your machine. It gets worse: Depending on your location, you may also be presented with a contest to win an iPad … if you just enter your home address. To avoid getting caught, simply remove the “hilarious video” if you find it on your Facebook wall. If you see it elsewhere on Facebook, don’t click it … and of course remember the obvious rule: Don’t enter your Facebook login anywhere other than Facebook.com. If you already fell fo...

All current versions of Windows are prone to external attack due to a flaw within the Java Web Start Framework. Two security researchers made this announcement yesterday about the flaw. The flaw could lead into very simple Web attacks, to fatal attack on the system. Researchers Tavis Ormandy and Ruben Santamartamade separate statements on this. You can find Travis's one over here and Santamarta's one over here. If you send the information from the command line, Java Web Start doesn't validate it. That enables the attackers to send especially HTML tags from a Web page. All versions of Java SE 6 update 10 for Microsoft Windows are vulnerable to this attack. If you disable the plugin, it doesn't necessarily mean that you will be able to avoid the attack because the toolkit can be installed independently.

Hackers have flooded the Internet with virus-tainted spam that targets Facebook's estimated 400 million users in an effort to steal banking passwords and gather other sensitive information. The emails tell recipients that the passwords on their Facebook accounts have been reset, urging them to click on an attachment to obtain new login credentials, according to anti-virus software maker McAfee Inc. If the attachment is opened, it downloads several types of malicious software, including a program that steals passwords, McAfee said on Wednesday. Hackers have long targeted Facebook users, sending them tainted messages via the social networking company's own internal email system. With this new attack, they are using regular Internet email to spread their malicious software.

According to a Beijing-based press association, the email accounts of foreign journalists in China and Taiwan got hacked. Recently, Google got into a row with Chinese authorities because Gmail accounts based China have been hacked. The Foreign Correspondents' Club of China (FCCC) reported eight cases of hacking of Yahoo Email accounts in China. The company condemned this Cyber attack. A reporter of Irish Times complained that he got an error message while he tried to log into Yahoo. FCCC charged Yahoo for not giving the user about the information of possible cyberattack. Yahoo has not answered the FCCC's questions about the attacks, nor has it told individual mail users how the accounts were accessed," a spokesman told the news agency.

The Perspectives Firefox Extension is a useful free add-on for Firefox that improves the usability of the browser and provides an additional layer of security when connecting to sites using SSL. When you use a protocol like SSL to connect to a secure web site, your communication with that site is vulnerable to a “ man-in-the-middle ” attack unless you’re able to identify the remote server in a secure manner. Most sites can be securely identified because they buy a certificate from a Certificate Authority like VeriSign. Unfortunately, as certificates can be expensive and tricky to administer, some sites prefer to self-certify, and some have expired certificates. Attempting to connect to one of these sites will lead to Firefox issuing the “Website Certified by Unknown Authority” warning that you’ve probably seen many times: Have you ever just clicked “OK” to accept a certificate without checking it out? Most of the time, it’s probably fine, but you could be leaving yo...

Microsoft’s Security Response team just announced that they will be publishing an out of band cumulative update for Internet Explorer due to a publicly disclosed security vulnerability that is affecting Internet Explorer 6 and Internet Explorer 7. The team notes that Internet Explorer 8 installations are not affected by the security vulnerability and that the security update will be released on March 30 at approximately 10:00 a.m. PDT. The update for Internet Explorer will be provided through Windows Updates or from the usual Microsoft sites where updates can be downloaded manually. The reason for the out of band update is Microsoft’s monitoring of the vulnerability which seemed to have uncovered an increased exploitation of the security vulnerability. The update for Internet Explorer is cumulative as it contains nine additional vulnerability fixes that all were supposed to be released on Microsoft’s monthly patch Tuesday on April 13.

Today there's a phishing run underway in Twitter, using Direct Messages ("DMs"). These are private one-to-one Tweets inside Twitter. The messages look like these:

Today millions of people need to access the World Wide Web on a daily basis and the email and search related services are required by them every now and then. That explains why the breakdown of such services can put a stop to their workflow and activities. Yesterday, the wiki users got a taste of the service breakdown and the Wikipedia site problem took the users by surprise. The Wiki site is accessed by millions of users for various purposes and they saw red when the site could not be accessed. It took them a while to understand what was going on. Later, the confusion was clear and the users got to know that the breakdown was triggered by a server overheating problem. The Wikipedia European Data center got overheated and a number of Wiki servers closed down the service to stop damage to the data bank. This problem resulted in a DNS resolution failure which thwarted the attempts of the Wiki team that was trying to divert the traffic to other running servers. The users who got a '...

The attack dogs of Twitter are on the rampage once again, and this time they have Daily Telegraph columnist Toby Young in their sights. He has been savaged by users of the social networking site for a third time in two weeks for having the temerity to write an article in the Spectator in which he takes umbrage at his previous 'flamings' (orchestrated attacks by users). Young's initial crime was to write a piece for the Telegraph after the death of Alexander McQueen in which he questioned the fashion designer's "genius", given how flippantly the word is used in fashion circles, and talked about the "cult of personality" that had grown up around McQueen.

Over the past few days, Twitter has been helping folks victimized by a phishing attack. Phishing is a deceitful process by which an attempt is made to acquire sensitive information such as Twitter usernames and passwords. The bad guys masquerade as someone you trust and may send you a Direct Message (DM) with a link. This DM may say something along the lines of, "LOL that you??" followed by a link to a fake Twitter login page. If you enter your credentials on that fraudulent page, the phishers can sign in as you and trick more people. Anatomy of A Phishing Scam Generally a phishing attack against Twitter users breaks down to a three-part process. First, accounts compromised in the manner described above send out messages to all accounts following them. Second, accounts that are newly compromised send out more messages. Third, the scammers behind the phishing attack make an attempt at monetization by sending out spam links instead of links to a fake login page. We fight phi...

Cyber attacks on Facebook pages set up to pay tribute to two murdered Australian children has prompted calls for the social networking site to be more accountable for its users. Social media experts say it is natural that people who use sites such as Facebook or MySpace as a major form of communication should turn to these sites with personal tragedies. These memorial sites often attract thousands of friends and well-wishers, as in the case of the pages set up after the deaths this month of Elliott Fletcher, 12, and Trinity Bates, 8.

Thanks to the media, the word “hacker” has gotten a bad reputation. The word summons up thoughts of malicious computer users finding new ways to harass people, defraud corporations, steal information and maybe even destroy the economy or start a war by infiltrating military computer systems. While there’s no denying that there are hackers out there with bad intentions, they make up only a small percentage of the hacker community. The term computer hacker first showed up in the mid-1960s. A hacker was a programmer — someone who hacked out computer code. Hackers were visionaries who could see new ways to use computers, creating programs that no one else could conceive. They were the pioneers of the computer industry, building everything from small applications to operating systems. In this sense, people like Bill Gates, Steve Jobs and Steve Wozniak were allhackers — they saw the potential of what computers could do and created ways to achieve that potential.