loading...
berbagi-itu-indah-dan-menyenangkan

12 April, 2004

Miley Cyrus Account have been Hacked


The man, who is currently facing up to 121 years behind bars, has been charged with 26 counts of identity theft, wire-tapping and unauthorised access to protected computer.Chaney, who has been in contact with TMZ for the last two years, has contacted the gossip website with details on how he hacked into Miley Cyrus's Gmail account.

With celebrity phone hacker Christopher Chaney arrested, another hacker has reached out to TMZ to share how laughably easy it was for him to hack into Miley Cyrus‘ Gmail account. Here’s a lesson in the Internet, Miley: Don’t use the name of your best friend (which the Internet knows) as your security question.First he tracked down her Gmail name; though he doesn’t say what it is, I just did a quick Google search and came up with two possibilities through Yahoo! Answers already. Obviously that part won’t take long. When he tried to log in, he got a security question—the name of one of Miley’s girlfriends. All the hacker had to do was search which girl Miley’s been friends with the longest (could it have been Mandy, from their YouTube days?), and voila!

Someone needs to tell Miley that she should try to make her passwords harder to guess, maybe? Are you surprised that she used something so easy to access her account?

But Miley Cyrus is not the only one who uses friend's names, dog names and their own birthday date as security. This is not safe, even if you are not a celeb and have no nude pictures aboard. Try a bit of thinking. Instead of your best friend, name that little curly-haired girl you hated in kindergarten. For numbers, use the weight you wish you were. Or your SAT scores. Something memorable only to you!And for Miley Cyrus and Scarlett Johansson—better luck next time.

Next Generation "DuQu"


The Stuxnet cyberworm could soon be modified to attack vital industrial facilities in the US and abroad, cybersecurity experts warned Wednesday at a Senate hearing.

Computer security companies agree that these virus is unprecedented and it means the dawn of a new world. Stuxnet and Duqu were not designed to steal money or send spam but to sabotage plants and cause damage in industrial environments. Expect the appearance of additional copies.

The Stuxnet virus that attacked Iran's nuclear program can cripple the country's nuclear facilities for two years, a German computer expert announced on Wednesday, December 15, 2010.

From what researchers can tell, Duqu's mission is to gather intelligence data and assets from entities like industrial control system manufacturers, to more easily conduct a future attack against another third party.

According to Symantec, the next threat, dubbed “DuQu” because the code has the code string ~DQ within it, is a surveillance-based Trojan horse, designed to relay information back to a command and control center. DuQu uses mock .jpg files along with other dummy files, all encrypted, to exfiltrate data. Unlike Stuxnet, which specifically damaged Siemens PCS 7 systems, DuQu appears to be only collecting information about the design of other industrial control systems. DuQu only has an active lifetime of about 36 days, but this is probably to limit its discovery.

The Symantec report states “the threat was written by the same authors, or those that have access to the Stuxnet source code, and appears to have been created after the last Stuxnet file we recovered.” F-Secure’s Mikko Hypponen tweeted “Duqu’s kernel driver (JMINET7.SYS) is so similar to Stuxnet’s driver (MRXCLS.SYS) that our back-end systems actually thought it’s Stuxnet.”

At this time DuQu does not propagate and has been released only within targeted industries, although Symantec admits it may also be elsewhere and not yet discovered. The original compile dates on some of the variants of DuQu so far analyzed suggest it may have existed as far back as November 3, 2010. Stuxnet compile dates were between June 2009 and March 2010 and therefore pre-date DuQu.


The Mole - Another Automatic SQL Injection exploitation tool



The Mole is an automatic SQL Injection exploitation tool. Only by providing a vulnerable URL and a valid string on the site it can detect the injection and exploit it, either by using the union technique or a boolean query based technique.



Features

Support for injections using Mysql, SQL Server, Postgres and Oracle databases.
Command line interface. Different commands trigger different actions.
Auto-completion for commands, command arguments and database, table and columns names.
Support for query filters, in order to bypass certain IPS/IDS rules using generic filters, and the possibility of creating new ones easily.
Exploits SQL Injections through GET and POST methods.
Developed in python 3.