New Kernel Update Available for All Ubuntu OS

Canonical announced earlier today, June 29th, in a security notice, that new Linux kernel updates for its Ubuntu 12.04 LTS (Precise Pangolin), Ubuntu 11.10 (Oneiric Ocelot), Ubuntu 11.04 (Natty Narwhal), Ubuntu 10.04 LTS (Lucid Lynx) and Ubuntu 8.04 LTS (Hardy Heron) operating systems is now available, fixing three important security vulnerabilities discovered in the Linux kernel packages by various developers. 

The following vulnerability affects the Ubuntu 12.04 LTS and Ubuntu 11.10 kernels: CVE-2012-2375.

The following three vulnerabilities affect the Ubuntu 11.04 kernel: CVE-2012-2313, CVE-2012-2319 and CVE-2012-2375.

The following two vulnerabilities affect the Ubuntu 10.04 LTS and 8.04 LTS kernels: CVE-2012-2313 and CVE-2012-2319.

For details about the vulnerabilities found in the Linux kernel packages you can click on each one, as it affects other Linux operating systems as well.

The security flaws can be fixed if you upgrade your system(s) now. To apply the update, run the Update Manager application or follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

Don't forget to reboot your computer after the upgrade!


Reference : Link

DNSChanger Trojan Still Prevalent In 350K Computers

Over Ten Percent of Fortune 500 Still Infected by DNSChanger

Google is embarking on an effort to notify Internet users if their computers or home routers are still infected with the DNSChanger Trojan, a piece of sophisticated malware that has compromised an estimated 500,000 systems. The outreach campaign comes a little more than a month ahead of July 9, the date on which the FBI is set to take all computers corrupted with the malware offline.

The FBI ended a major online DNS threat last year, but the arrest of the criminals, and killing the servers would have left millions without internet service, so the servers were replaced. Here’s how to find out if you could lose your internet connection July 9th.

The trojan is usually a small file (about 1.5 kilobytes) that is designed to change the 'NameServer' Registry key value to a custom IP address. This IP address is usually encrypted in the body of a trojan. As a result of this change a victim's computer will contact the newly assigned DNS server to resolve names of different webservers.

Variant 

Trojan.Win32.DNSChanger.al 
Lately we got a few samples of this trojan that were named 'PayPal-2.5.200-MSWin32-x86-2005.exe'. This trojan was programmed to change the DNS server name of a victim's computer to 193.227.227.218 address. 

The Registry key that is affected by this trojan is: 

•  [HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces] 
    "NameServer"

Registry Modifications 
Creates these keys:

•  HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{random} 
  DhcpNameServer = 85.255.xx.xxx,85.255.xxx.xxx
• HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{random} 
  NameServer = 85.255.xxx.133,85.255.xxx.xxx
• HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ 
  DhcpNameServer = 85.255.xxx.xxx,85.255.xxx.xxx
• HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ 
  NameServer = 85.255.xxx.xxx,85.255.xxx.xxx

Manual Way to Remove it:

If a manual check of the DNS nameserver system is desired, then here are the steps for Windows XP and newer:

•     Click on: Start-->run-->then type “cmd” in the box, no quotes.
•     Type in the command window, “ipconfig/all” again no quotes.
•     Scroll down through all the other data and find “DNS servers.” This will either look like this: 192.168.2.1, if it looks like this: fec0:0:0:ffff::1%1, then your router uses IPv6 and you can’t manually check the connection. Write the addresses of the nameservers you are using down.
•     Go to: https://forms.fbi.gov/check-to-see-if-your-computer-is-using-rogue-DNS, and enter your DNS server addresses into the checker box and hit the “Check Your DNS” button. Your results will only take a few seconds.

If You Have DNSChanger In Your System

That all :)

Texas Students Hijack a U.S. Government Drone in Midair

There are a lot of cool things you can do with 1,000 bucks, but scientists at an Austin, Texas college have come across one that is often overlooked: for less than a grand, how’d you like to hijack a drone? And Play with it?

The University of Texas at Austin team successfully nabbed the drone on a dare from the Department of Homeland Security. They managed to do it through spoofing, a technique where a signal from hackers pretends to be the same as one sent to the drone's GPS.

A group of researchers led by Professor Todd Humphreys from the University of Texas at Austin Radionavigation Laboratory recently succeeded in raising the eyebrows of the US government. With just around $1,000 in parts, Humphreys’ team took control of an unmanned aerial vehicle owned by the college, all in front of the US Department of Homeland Security.

After being challenged by his lab, the DHS dared Humphreys’ crew to hack into a drone and take command. Much to their chagrin, they did exactly that.

Explanation:
Humphrey tells Fox News that for a few hundreds dollar his team was able to “spoof” the GPS system on board the drone, a technique that involves mimicking the actual signals sent to the global positioning device and then eventually tricking the target into following a new set of commands. And, for just $1,000, Humphreys says the spoofer his team assembled was the most advanced one ever built.
“Spoofing a GPS receiver on a UAV is just another way of hijacking a plane,” Humphreys tells Fox. The real danger here, however, is that the government is currently considering plans that will allow local law enforcement agencies and other organizations from coast-to-coast to control drones of their own in America’s airspace.
“In five or ten years you have 30,000 drones in the airspace,” he tells Fox News. “Each one of these could be a potential missile used against us.”
Domestic drones are already being used by the DHS and other governmental agencies, and several small-time law enforcement groups have accumulated UAVs of their own as they await clearance from the Federal Aviation Administration. Indeed, by 2020 there expects to be tens of thousands of drones diving and dipping through US airspace. With that futuristic reality only a few years away, Humphreys’ experiment suggests that the FAA may have their work cut out for them if they think it’s as easy as just approving domestic use anytime soon. After all, reports Newser, domestic drones are likely to use the same unencrypted GPS signals provided to civilians, allowing seemingly anyone with $1,000 and the right research to hack into the system and harness a UAV for their own personal use.

References: Link1 , Link2 

Banking Trojan Cleans Out Your Account Silently

Researchers at Tokyo-based anti-virus firm Trend Micro have discovered a new twist on banking Trojans that doesn't interact with the victim at all.
Standard banking Trojans dupe an account holder to log into a duplicate of his bank's website, thereby conning him into giving up his username, password and account number, which they use to log in after he's done.
    This new variant, which can be grafted into the existing banking Trojans ZeuS or SpyEye, infects computers the old-fashioned way: It either infects Web browsers via a drive-by download or piggybacks as an attachment on a phishing email.

    It then hides in the Web browser and waits for the user to log into his bank's site. Once he does, it introduces special software that triggers an automatic transfer system that moves money out of the victim's account to another account within the same bank, and covers up the evidence so that neither the user nor the bank notice right away.

    "As long as a system remains infected with an ATS, its user will not be able to see the illegitimate transactions made from his/her accounts," wrote Trend Micro researcher Loucif Kharouni. "This essentially brings to the fore automated online banking fraud because cybercriminals no longer need user intervention to obtain money."

    Pulling off such a heist is complicated. The malware must often be custom-made for each bank website, which involves lots of research and coding on the part of the malware authors, and results in expensive prices for each piece in cybercrime bazaars.

    Destination accounts must also be created at the targeted banks so that the malware has a place to deposit the stolen money, and a network of "money mules" must be recruited to access the destination accounts and move the money again, this time out of the bank.

    Furthermore, writes Kharouni, the amounts transferred must be fairly small in order not to trigger alerts within the banking system. The Trend Micro researchers saw amounts ranging from 500 euro to 13,000 euro ($635 to $16,500 in U.S. dollars).

    The most commonly targeted banks are in Britain, Italy and Germany, countries where, according to Trend Micro, online-banking verification practices are strong — and hence necessitate the use of stealthy malware that needs no verification at all.

     American banks are apparently not on the menu yet. Kharouni cites two reasons: First, it's not easy for online criminals based in Eastern Europe to open up accounts in U.S. banks; and second, most American banks have weak verification methods that make the older, cheaper variants of banking Trojans still profitable on these shores.

     To avoid being hit by a banking Trojan, whether old or new, make sure to have robust anti-virus softwareinstalled on your PC or Mac, and set it to automatically update its malware definitions.

Reference : Link1

Zemra DDOS Crimeware Kit Revealed that Make Hell for Organizations

A new crimeware kit identified by Security Experts that’s mainly designed to launch distributed denial-of-service (DDOS) attacks against companies, with the purpose of damaging there reputation and blackmailing them. It was firstly revelled by underground hacking forum about June 25, 2012. And it cost only 100 EUR. 

Zemra is similar to other crime packs such as ZeuS and SpyEye, being controlled from the same type of panel which allows the botmaster to launch commands and view the number of infections.

Backdoor.Zemra’s main functionality is to launch DDOS attacks, but it also comes with a number of other interesting features. It’s able to monitor devices, collect system information, execute files, and even update or uninstall itself if necessary. 

Following are functions in Zemra

 - Intuitive control panel

 - DDos (HTTP / SYN Flood / UDP)

 - Download and execution of binary files

 - Loader (Load and run).

 - Cheat visits (visits to the page views).

 - USB Spread (spread through pen drives)

 - Socks5 (picks up socks proxy on the infected machine)

 - Update (Updates the bot)

 - [color = red] The process can not be completed because the He is critical.

 - 256 Bit AES encryption of traffic from the bot to the server

 - Anti-Debugger

 - Self uninstall

 - System information collection

Download Zemra

To reduce the possibility of being infected by this Trojan, Symantec advises users to ensure that they are using the latest Symantec protection technologies with the latest antivirus definitions installed.

References :  Link1 , Link2

24 nabbed in US-led cybercrime finance sting

Mir Islam exits the Manhattan Federal Court in New York June 26, 2012. Islam, known online as "JoshTheGod," was one of two people arrested in the New York area. PHOTO: REUTERS

NEW YORK: At least 24 people were arrested in the United States and abroad in a US-led sting operation targeting cyber criminals buying and selling stolen credit card information, officials said Tuesday.

“Operation Card Shop” targeted “sophisticated, highly organized cyber criminals involved in buying and selling stolen identities, exploited credit cards, counterfeit documents, and sophisticated hacking tools,” FBI’s assistant New York director-in-charge Janice Fedarcyk said.

The case involved law enforcement agencies in Britain, Australia, Bosnia, Bulgaria, Denmark, Canada, France, Germany, Italy, Japan, Macedonia and Norway, officials said.

US Attorney Preet Bharara said the probe uncovered “a breathtaking spectrum of cyber schemes and scams.”

Those accused in the scheme, he said “sold credit cards by the thousands and took the private information of untold numbers of people… the defendants casually offered every stripe of malware and virus to fellow fraudsters, even including software enabling cyber voyeurs to hijack an unsuspecting consumer’s personal computer camera.”

The two-year operation began in June 2010, when the FBI established an undercover “carding forum,” aimed at mimicking the sites operated by criminals to buy and sell account numbers, or trade other information.

The site called “Carder Profit” was configured to allow the FBI to monitor and to record the discussion threads and private messages, and to track those using the site through their IP addresses.

Because the FBI was able to warn those affected by compromised accounts, the operation “prevented estimated potential economic losses of more than $205 million, notified credit card providers of over 411,000 compromised credit and debit cards, and notified 47 companies, government entities, and educational institutions of the breach of their networks,” a statement by prosecutors said.

Eleven people were arrested in the United States and 13 others arrested overseas, in seven different countries, a statement by prosecutors said.

Six people were arrested in Britain, two in Bosnia, and one each in Bulgaria, Norway and Germany on charges in those countries.

Two others were detained in Italy and Japan on warrants arrested in foreign countries based on provisional arrest warrants obtained in connection with complaints in New York.

“As the cyber threat grows more international, the response must be increasingly global and forceful,” Bharara said.

“The coordinated law enforcement actions taken by an unprecedented number of countries around the world today demonstrate that hackers and fraudsters cannot count on being able to prowl the Internet in anonymity and with impunity, even across national boundaries.”

Of the 11 held in the United States, two are minors.

One of those arrested, Mir Islam, who uses the name “JoshTheGod,” claimed to be a member of UGNazi, a group that has claimed credit for numerous recent online hack attacks, and a founder of Carders.Org, a carding forum on the Internet. Officials said he had information for more than 50,000 credit cards.

As a result of the operation, the FBI seized the web server for UGNazi.com, and seized the domain name of Carders.org, taking both sites offline.

In a separate, unrelated development, a security report Tuesday said a wave of cyber attacks has likely stolen at least $80 million from bank accounts in Europe.

The joint report by Guardian Analytics and McAfee said “Operation High Roller” was led by criminals attacking cloud-based servers in a global fraud campaign.

The report from the two US firms said the attacks tried to steal between $75 million and $2.5 billion (60 million to two billion euros) from at least 60 banks worldwide.

Hacker Mr.Badoo Arrested by FBI

Mr.Badoo is one of most famous and old hacker of Pakistan in cyber space.He is arrested by FBI on June, 25, 2012 for hacking into PC of Andy who create any event of drawing Prophet Muhammad’s(SAW). He hacked Andy account and remove that event from facebook.

 It has been almost 2 Years from now. It all started with a maniac’s malicious efforts of maligning Islam when he, the name’s Andy, started a facebook event of drawing Prophet Muhammad’s(SAW) picture with only one intention of maligning the image of Islam and hurting the millions of followers of Islam throughout the world. Though he and many of his supporters call this as an act of “freedom of speech”, they failed to reason as to why only Prophet Muhammad’s(SAW) was considered.

Their aim is crystal clear, they only want to create ruckus and anger among 1.5 billion muslims across the globe, to malign the image of our beloved Prophet Muhammad’s(SAW) image.

 They almost succeeded in their efforts but thanks to muslims all over the world and specially to Pakistan Government that they without an iota delay, protested to this event. Pakistani government took a very good step in devising a temporarily ban to facebook, youtube and some other such websites that were the communication mode of the drawing event.

There are many other media sites also give lot about this news

http://savealihassan.wordpress.com/

http://propakistani.pk/2010/05/18/breaking-facebook-is-going-to-get-banned-in-pakistan/

http://www.telegraph.co.uk/news/worldnews/asia/pakistan/7740295/Facebook-blocked-in-Pakistan-over-Prophet-Mohammed-cartoon-row.html

http://www.gopetition.com/petitions/stop-everybody-draw-mohammad-day/sign.html
http://www.drawmuhammadday.net/
........ And many more....

Interview With Mr.Badoo (Ali Hasan) On Air Radio Live

Radio Jokey:John Matthews
Mr.Badoo:Ali Hasan

 ~ Download Interview

We have the power of e-media. Spread this as much as possible through blogs, youtube videos, discussion threads, forums, communities. Make it so frequent and often that in every search query of google, our messages are displayed, everywhere. Mr.Badoo(Ali) needs us, we must not step back.

Remember, we will be questioned by Allah what we did to support our brother when he stood alone for us. Let us not make ourself sinners for that day. Please do stand, our brother needs us. Don’t step back.

May Allah give us hidayah courage to stand for our brother and brother Ali the courage to stand against the biased peoples.

Awesome News – Facebook Acquires Face.com

Facebook has acquired Face.com! Our mission is and has always been to find new and exciting ways to make face recognition a fun, engaging part of people’s lives, and incorporate remarkable technology into everyday consumer products. If you’re anything like us, Facebook is a part of your life every single day.  We keep up with our friends and family, share interesting (or mundane) experiences from our daily lives, and perhaps most importantly for us, we share a LOT of photos.


We love building products, and like our friends at Facebook, we think that mobile is a critical part of people’s lives as they both create and consume content, and share contentwith their social graph. By working with Facebook directly, and joining their team, we’ll have more opportunities to build amazing products that will be employed by consumers – that’s all we’ve ever wanted to do.  :)

Now, lots of developers use Face.com technology to power various apps and make wonderful products.  We love you guys, and the plan is to continue to support our developer community.  If there are new developments you can expect to hear from us here, on the developer blog, and through our developer newsletter.
Thank you to all of our supporters, our amazing dev community, to our employees and to our friends and family who have seen us through many long days and longer nights. The next steps are going to be exciting for all of us.

Android app hacks Facebook and Twitter accounts in seconds

Someone who happens to be connected to the same Wi-Fi network as you could hack your Facebook or Twitter accounts in seconds — just by downloading an Android app and tapping a button.
Engadget reports that an Android app called FaceNiff is basically turning the process of hacking social media accounts into a laughably simple process. It uses a technique called cookie-jacking — meaning that it essentially sniffs out and copies the security token which identifies you to a site — and basically functions just like the sneaky FireSheep Firefox extension which caused security panic a few months ago.
As you can see in the video demonstration below, all that someone with malicious intent needs to do is install FaceNiff on a rooted Android device, connect to a Wi-Fi network, open the app, and wait for someone to log into Facebook, Twitter, YouTube, or another supported site. The instant that happens, the app will present access to the victim's account and allow the hacker to use it just as if he or she'd logged into it personally.
So what exactly can you do to keep yourself safe? The same thing you did to protect yourself from FireSheep attacks: Watch out for shady Wi-Fi networks and use HTTPS.
As FaceNiff works on secured and unsecured Wi-Fi networks — this means that WEP, WPA-PSK, or WPA2-PSK enabled networks are vulnerable as well — you really need to be careful. Do you trust whoever set up the network you're logging on to? Do you even know who runs it? Think twice about using free public networks.
Simple paranoia and vigilance isn't enough to keep you safe though. You need to actually take some steps to secure your accounts and services.
We've got instructions on how to lock down your Facebook account with HTTPS here and a quick guide on protecting your Twitter account here. If you haven't already gone through those processes, do it now. It'll only take a few moments and half a dozen clicks, but it'll let you use a more secure version of each service.

How To Hack Someone's Facebook With Your Android

Firesheep caused quite a stir when it was released last October, giving both hackers and non-hackers instant access to people's account information when on a public Wi-Fi connection.
When logged into an insecure website on the same network as someone with Firesheep, you're giving them access to the cookies that keep you logged in. This is called session hijacking, and grants them easy access to your accounts, like Facebook, Flickr and Twitter. Now, there's an even easier way to do this—a mobile way.

(Spencer E Holtaway)

A recent Android application called FaceNiff can hijack unencrypted login credentials from users on the same Wi-Fi network. But here's the kicker: It also works on networks encrypted with WEP, WPA or WPA2 protection. In order to use FaceNiff, your Android smartphone must first be rooted (here's a list of devices confirmed to work). Right now, FaceNiff works with Amazon, Facebook, Twitter, YouTube and Nasza-Klasa, but more are sure to follow. A video with it in action is below.
And now check out the video below for instructions on installing the FaceNiff application on your rooted Android device, then using it to hijack Facebook accounts. Apparently, the APK only works on three accounts at a time. For unlimited access, you have to buy the application via PayPal.
The FaceNiff website does state this app as being "for educational purposes only," but it's highly doubtful that was the intention.

Android app makes hacking Facebook easy

A new app allows Android-based smartphones to hack into the Facebook or Twitter accounts of other users using the same Wifi network.

FaceNiff gives hackers access to a user's contact details, as well as those of all their friends - a phisher's dream. Developed by Polish computer science student Bartosz Ponurkiewicz, it needs to be loaded onto a jail-broken Android device.
"It's kind of like Firesheep for Android. Maybe a bit easier to use (and it works on WPA2!)," he says.
Ponurkiewicz claims that it works not only on open networks, but also on those secured by the WEP, WPA-PSK and WPA2-PSK network protocols - although not those accessed via https. This is of course an option on Facebook and Twitter, but is not activated automatically.

And it can be used to access the personal information of users of Facebook, Twitter, YouTube and Amazon. Ponurkiewicz says his free version gives access to three hacked profiles, but that he'll sell the unlock code for more through PayPal.
He does add a little disclaimer on the site: "Legal notice: this application is for educational purposes only. Do not try to use it if it's not legal in your country." Hmm.

How to hack a facebook account. all tricks listed.

Facebook accounts have a large demands for hacking as they are much more personal than any other email accounts. The Facebook accounts are also safer than any other thing on the net and thus it is really hard to hack them. But, as there are hacks and cracks for everything on the net. Here are we with some of the best Ideas and tricks to hack a facebook account.
Facebook accounts have a hell of a work to do and much more to be followed but the tricks here are much simpler. You may also need access to the victim’s computer to be able to do that. One of the important things that you may also need to know is that the facebook accounts allow only three accounts and also you need to have only two trials in one average day.
The tricks that you need to do always include that you should be a friend of the victim on facebook and also you need access to its profile. It is harder if the victim have locked his/her facebook profile to all of the friends only. Also facebook hacking is only possible if you are able to understand some codes and also know how to write some. Here are the original facebook hacking tricks on blogogeek.
So, trying to hack a facebook account is actually not so hard. Actually, maybe it just needs some of the wits and social info of the victim.
Here we go:

How to hack a facebook account?

There are three ways in which you can hack somebody’s facebook account. Listed below are the tricks:

---

#1 : Key Logger : Ofcourse, the name is new to you. Actually, it is a hacking software available for free and known to some tech-pros only. What the software actually does is only record the keystrokes of the victims keyboard and thus reveals you the password of your enemy. Even, you can go for the keystrokes and come to know the password very easily.
Now, you need to access to the personal computer in which the user access his/her facebook account. Maybe, it is difficult, but believe me, it is excellent when you use it on a cyber cafe. So, start hacking now with this wonderful tool.

---

#2 : Phishing : This trick is way harder than the previous trick and is still more effective in all ways. This is not so easy as it looks. What you need to do is to be excellent in coding (PHP, Java, Forms and HTML). Thus, this one is not for starters. But, you can still try it out by placing your form ( For example: Login form) for your hack on a google sites page or any other part of your blog.
The phishing scam is way to effective and useful as it doesn’t leaves you with clues but the original password. The phishing pages have a login form on them or even the whole layout looks like the facebook login page, when the victim tries to login to his account through that login form. It makes one of the copy of the entered data to the hackers account or mail and even redirects it to the Facebook page without leaving any evidence.

---

#3 : The Primary mail hack : If you want to hack the account of your very close friend. Then, why don’t you start with this trick. The trick includes you to enter the primary mail ID as your personal mail Id so that you can have access to the mail anytime you want and anyhow you want. You may even need the user/victim to enter your mail Id in the primary mail.
Thus, whenever you want access, you can click on forgot password and also use the email conformation link in your mail account.

---

So, these were some of the most liked and shared tricks of Facebook hacking, if you want any of the tricks a little to the next step. Please contact us. We are pretty sure that you know now how to hack a facebook account. Thanks for reading and keep coming

How To Scure Hacking Facebook And Twitter On Shared Computers.

    
Have You Ever accessed Facebook or Twitter in cyber cafe's or your office or your school? If Yes then there are chances that your Facebook or twitter account was hacked then and there. By the teacher, your boss or the cafe owner. 




I've discussed just this trick here. You don't need to be a programming expert from that, anyone with basic knowledge of computers can do it. 
                                                                                                           
First there's a thing maybe you have noticed already that whenever you open Facebook or twitter the web address is like "http://www.facebook.com"  and whenever you have browsed GMAIL note the difference. its like "https://www.gmail.com". So as you have seen Gmail uses a secure server to conncet to the net, while Facebook or twitter do not. 




So what you need to do is:
Download the below plugin from the below link
Download Plugin


Once Installed A sidebar would open on your Firefox browser. So that whenever people login into there account, you can easily login into there account too. The thing is that the computers must be connected through data-cable, Wifi like in cyber cafe's.
Enjoy this little hacking. And please pass comments.