Showing posts with label Blog. Show all posts
Showing posts with label Blog. Show all posts

Thursday, 27 November 2014

Fresh list of Sql vulnerable sites list exposed by YSecurity 

This is for Educational Purpose 

By Using This Google Dork You Can Hack Number Of Web Easily If u Know The Basic Sqli Injection.

Fresh SQL Vulnerable web List for Hacking latest 2014

Sunday, 23 November 2014

Be Careful World Health Organization you're disconcerting, Associate in Nursing offender acknowledged he picked a wrong put-upon person once the exploited person selected to use $20,000 to get him. 

Roger Ver, the person referred to as "Bitcoin Israelite, World Health Organization is that the Angel speculator in loads of Bitcoin new businesses, reportable a thirty seven.6btc reward(about $20k) for knowledge that prompts the capture of the Hacker World Health Organization captured his Hotmail record and debilitated to demolish his life. 

Everything began once the Hacker found out a way to highjack Associate in Nursing previous Hotmail record of Roger by noting the safety queries. 

As per reddit, the aggressor utilised the hotmail record to urge access to Roger's previous facebook record and one among his space accounts at The aggressor likewise endeavors to hack his essential email record and area name. 

The offender utilizing the screen name "savaged" reached Roger by means that of Skype and requested "37.63289114 BTC" 

"I suppose we have a tendency to each apprehend this may not be pleasent and let's be realistic there's nothing you'll do to own Pine Tree State got, i have been around overly long" The offender same. 

"Let's be realistic i'll supply [ssn Redacted] + your knowledge to fraudsters which will credit f*** you then get your mothers social and credit f*** her moreover and ruin each your lives" 

The Hacker to boot declared he's the one who hacked @uberfacts twitter account that has half dozen.7 M supporters. 

A Bounty on the Hacker: 

In any case, Roger selected to require once a method utilised as a district of the film referred to as 'Payoff': instead of giving the money to lawbreakers, he denote he was golf shot Associate in Nursing abundance on the Hacker. 

At the purpose once the aggressor educated of the abundance on his head, he got frightened and erased Roger's hotmail and gave the key key for all completely different records and fled. 

"I recently got to raise stores for my mother, nonetheless since you are not about to facilitate, all of your passwords are: Nigger55" The individual on the tip of skype same. 

"Farewell, Sir, i'm genuinely unhappy i'm merely a go between i used to be systematically suggested what to allow you to apprehend." 

Roger same in his tweets the items area unit over to regulate and not a solitary Bitcoin was taken.

Hacking News

Hacker surrenders, once Roger Ver puts $20,000 abundance on the Hacker 

A Bounty on the Hacker

Hacker surrenders, once Roger Ver puts $20,000 abundance on the Hacker

Michael jordan Jones(@CEHSecurity), any Protection examiner, claims to own found a crucial security weeknesses within the auction web sites web site intended for staff members which authorized them to be able to publish any backdoor shell.
Michael jordan explained in his twitter that he recommended about the weeknesses to be able to auction web sites. A new screenshot published in his tweets bank account implies that they can publish any 'shell. php' data file within the subsequent area:

"https: //dsl. auction web sites. com/wp-includes/Text/Diff/Engine/shell. php"

At the time of publishing, the data file remains. The final changed day in the data file is actually 12 , 2012. It truly is pretty doable to change the TimeStamp. And so, i am unclear through if your data file possibly there is.

Seeking to accessibility the covering results in blank site. It means often the examiner possess changed the covering to own only if a unique enter is actually handed down or even it's not at all any covering.

Michael jordan in addition have found any corner website scripting weeknesses within the auction web sites Investigation Labs page(labs. auction web sites. com).

Investigator finds vulnerability in ebay web sites as well as claims he uploaded a shell on ebay

Saturday, 22 November 2014

Now Get Full Version Of IDM for Life TIme.Free of cost 100%working.By downloading this patch version from ysecurity.

How To Install It

  • Download Below
  • Install IDM Setup
  • Close the IDM from tray icon
  • Open Crack Folder and Run Patch and tgen Click Auto Reg.
  • Now you have done and enjoy
  • If you like then share my post 
                                                          Click Here For Download

IDM 6.18 Build 8 Full Crack Version with Patch Free Download

Avast antivirus can be worldwide well-liked antiviruse pertaining to dangurouse malwares. It obstructs disease on setup. Any viruse like Autorun. Ini and the like trojans are nothing resistant to the power involving Avast Expert Antivirus 2014.

Downloading Link: Download Now

This is Liecense Key For Avast


Leave your feedback if it not working :) 

Avast pro 2014 Free Along with Full Version and Serial Key

Today I will tell you how you can become Certified WhiteHat Hacker or C.E.H. C.E.H stand for Certified Ethical Hacking.There are many jobs for C|EH hacker.You can make alot of money with your hacking skills.

Click Here For tutorials: C|EH Hacking 

Certified WhiteHat Hacker Video Tutorials Free

Safety measures scientists have found an entire fresh  type  associated with  "Man-in-the-Middle" (MitM) attack  in the  wild targeting smartphone  AND ALSO  tablets users  at   machines   operating  either iOS  or maybe  Android  About the  world.

The MitM attack, dubbed DoubleDirect,  allows   a  attacker  to help  redirect  a great  victim’s traffic  involving   greatest  websites  just like  Google, Facebook  ALONG WITH  Twitter  to   a great  device controlled  with the  attacker.  soon after  done, cyber crooks  may  steal victims’  helpful   Particular  data,  like   e-mail  IDs,  Sign in  credentials  AND  banking  particulars   ALONG WITH   will  deliver malware  towards the  targeted mobile device.

San Francisco-based mobile  protection   business  Zimperium  comprehensive   the  threat  inside   a  Thursday blog post, revealing  that this  DoubleDirect  technique   is usually  being  used   by  attackers  at the  wild  in  attacks against  ones  users  regarding   world-wide-web  giants  similar to  Google, Facebook, Hotmail,  AND ALSO  Twitter, across 31 countries,  such as   your current  U.S.,  your current  U.K.  ALONG WITH  Canada.

DoubleDirect makes  USE   involving  ICMP (Internet Control Message Protocol) redirect packets  in order to  change  your own   nav  tables  of the  host —  taken   from  routers  to  announce  a great  machine  of the   far better  route  regarding   the  certain destination.

In addition  to  iOS  AND ALSO  Android mobile phone units, DoubleDirect likely focuses on Macintosh OSX users  Equally  well. However, users  regarding  Windows  AND ALSO  Linux  are usually  immune  for the  attack  considering that the   their   operating  systems don't accept ICMP re-direction packets  It   carry   your own  malicious traffic.

"An attacker  will   likewise   MAKE USE OF  ICMP Redirect packets  in order to  alter  your current   nav  tables  on the  victim host, causing  your current  traffic  to  flow  from   a good  arbitrary network path  with regard to   a   Personal  IP," Zimperium warned. "As  a good  result,  your current  attacker  will probably   intro   a  MitM attack, redirecting  your  victim’s traffic  to help  his device."

"Once redirected,  ones  attacker  will  compromise  the  mobile device  coming from  chaining  your  attack  in   a good   excess   consumer  Side vulnerability (e.g.: browser vulnerability),  AS WELL AS   with  turn,  provide   a  attack  within   gain access to   for the  corporate network."

The  protection   company   validated   the  attack  AND   The item   functions   towards  latest  ones   of  iOS,  just like  version 8.1.1;  almost all  Android devices,  including  Nexus  5   AND ALSO  Lollipop;  AND ALSO   from  OS X Yosemite.  your   corporation   also  showed users  How you can  manually disable ICMP Redirect  on   it is  Macs  to help  remediate  the  issue.

"Zimperium is usually liberating this facts in your   date   in order to  increase awareness  Equally   a few   functioning   method   vendors  have yet  to help  implement  protection   right now   from  ICMP Redirect attacks  In the same way   There are  attacks in-the-wild,"  your current  post reads."

The  institution   offers   provided   an overall total  Proof-of-Concept (PoC)  to its  DoubleDirect Attack, users  can  downloaded  The item   from the  web.  This  demonstrates  your current  possibility  of any  full-duplex ICMP redirect attack  coming from  predicting  your own  IP addresses  your own  victim tries  in order to   Relate  to,  by  sniffing  your own  DNS traffic  of your  target;  ones   after that  step  includes  sending  the  ICMP redirect packet  to help   all  IP addresses.

DoubleDirect MitM Attack Targets Android, iOS ALONG WITH OS X Users

Antivirus company Avast claimed the item got the online community not online following a hacking assault affected the databases.

Consumer brands, electronic mail details, chip brands as well as account details were being affected in this particular assault. Your break the rules of failed to involve almost any financial information, licence or every other information.

As you move the account details are usually hashed(SMF community application utilizes SHA-1 which has a salt for you to keep ur passwords), it will not acquire miss the hacker for you to crack the particular hashes. Your longer the particular password, the particular tougher it's for you to crack.

In accordance with Avast blog post, the particular security precautions split the actual rules of impacts lower than 0. 2% (about 500, 000) of Avast's 2 hundred mil consumers.

People who utilizes a similar password on some other internet websites ought to adjust individuals account details quickly.

Until now, their own community employed a great start supplier community application referred to as "Simple Products Forum(SMF)". It appears the particular Avast will be having an dated type of SMF.
Avast claimed it's right now "We are now rebuilding the particular community as well as shifting the item to another application platform" which will be protected a single.

Avast online community hacked, user name as well as password stolen

Today, security devotees woke up with a stunning news that Truecrypt has finished its advancement and cautions clients that the instrument utilized for scrambling drive is not protected to utilize. 

Clients who attempt to get to the authority Truecrypt site are consistently redirected to the authority sourceforge page of Truecrypt( The page shows the accompanying message: 

"ALERT: Applying Truecrypt just isn't safeguarded as it may contain unfixed safety issues".

The message proceeded with "The advancement of Truecrypt was finished in 5/2014 after Microsoft ended backing of Windows XP. Windows 8/7/Vista and later offer coordinated backing for scrambled circles and virtual plate pictures. Such coordinated backing is likewise accessible on different stages (click here for more data)." 

The page proposes clients to move any information scrambled by Truecrypt to encoded plates upheld on their stage. It likewise has given steps to moving to a scrambled Bitlocker drive. 

A lot of people, including me, are not ready to accept our eyes. It is indeterminate whether it is official publication from the advancement group or somebody has hacked the Truecrypt site. 

Matthew Green, who shows cryptography at Johns Hopkins, specialist included with the Truecrypt review, tweeted that he supposes the news is real. 

Another parallel (Truecrypt v7.2) has been transferred to sourceforge page in the most recent 24 hours. After opening this double, the accompanying blunder message is generally shown: 

The double is not permitting clients to "make new volume". It just permits you to mount the volumes. Clients are exhorted not to download this most recent adaptation, as it may contain pernicious code.

"Using Truecrypt is not secure", Conclude regarding Truecrypt Advancement."

Friday, 21 November 2014

ToDay I will show you how to hack Credit Card.Now a days hacker hack Credit Card and make alot of shopping with it.

This Article is about how hacker hack Credit Card. 

This is For Educational Purpose ... Try it At Your Own Risk

Go Go Gone :p

How To Hack Credit Card

Today I Will Tell You How To Get Free Iphone From Apple.This is my personal trick now i decided to post it on my blog.

Method : Ysecurity

How I received a free iphone from APPLE

Today i will show you how to make a virus to format Hard disk. Don't Try on your own computer.

This is for Educational Purpose.

Try At Your Own Risk.

Click Here: Ysecurity

Today I Will Show You How To Make A Virus

This Is For Education Purpose Try It At Your Own Risk

Dork list of Israel website :

or Click Here.... 

Google Dork For Israel Website

Hackers United Nations agency claimed to own compromised the info server of Domino's dish have demanded a ransom of €30,000 to forestall the general public revelation of customer's information. 

The hacker cluster going by the name of Rex Mundi aforesaid they hacked into the servers of Domino's dish France and Belgique. 

The hackers have managed to transfer quite 592,000 client records from Dominos France and fifty eight,000 records from Belgian web site. They claim the compromised info contained sensitive data like customer's full names, addresses, phone numbers, delivery directions, email IDs and passwords. The cluster gave a point in time of 8PM CET for Dominos to pay regarding all of them. "If there actually are undertaking not perform hence., we're going to post all of the info in our possession on the net." The cluster aforesaid. Domino's France announce a series of tweets within which it acknowledged the hack and suggested users to alter their passwords.

Dominos Pizza hacked, details of 650k customers leak

Thursday, 20 November 2014

UPS Store, a subsidiary of UPS, same that fifty one North American nation Stores in twenty four States were hit with a malware that wasn\'t detected by current Antivirus code.

The breach puts customers WHO used a credit or charge account credit at one amongst the affected locations between Gregorian calendar month twenty,2014 and August eleven in danger. 

Customer info which will are exposed during this breach includes names, communicating addresses, email addresses and payment info. the corporate employed associate degree IT Security firm to conduct rhetorical investigation when receiving a notification a few "broad-based malware "intrusion" from U.S.. The UPS Store same it eradicated the" malware as of August eleven. the corporate is giving identity protection and mastercard watching services to wedged customers.

UPS store from 51 destinations struck having Adware and spyware, Clients' Card files vulnerable.

The aegis some weakness in Android os convenient managing design designs down below 5. 0 which places possibly just about every Android os accent from accident regarding advantages accretion problems, have been patched in Android os 5. 0 Lollipop – the most recent version in the convenient operating system.

The actual aegis susceptability (CVE-2014-7911), apparent by the aegis researcher alleged Jann Horn, could acquiesce almost any abeyant villain for you to go around your Household Space Plan Randomization (ASLR) aegis in addition to assassinate rough cipher of these greatest over a desire accent down below aggressive circumstances. ASLR is often a household intricate in aegis coming from absorber flood problems.

The actual zit exists in capuccino. io. ObjectInputStream, that doesn't research whether a write-up which is getting deserialized is usually any serializable target. The actual susceptability was look because of the researcher for you to Yahoo aegis aggregation beforehand this coming year.

Based on the aegis researcher, android software may familiarize together with system_service, that operates down below admin legal rights (UID 1000) in addition to app Intents while using soaked up Packages, these are generally "transferred seeing that arraymap Parcels in addition to arraymap Parcels may accommodate afterwards files, inches that way, almost any android iphone app may progress your system_service.

Right after audition any allocution with a college or university about a susceptability in a PHP internet iphone app involving deserialization of attacker-provided ascribe files, Horn anticipations with regards to serialization in additional contexts, for instance Android os operating system.

Based on the endorsement which Capuccino makes sure that your instructional classes acclimated are actually afterwards understanding that ObjectInputStream may well at times agree to untrusted advices, he adequate out if the Android os programmers took your anticipations for you to examine regarding deserialization achievability down below "this circumstance. "Went property or home, analyzed, your current [vulnerability]" was right now there, inches Horn produces in a cilia about the aegis susceptability about Reddit.

"When ObjectInputStream will be acclimated about untrusted advices, a great villain may could cause an instance of almost any stylish with a non-private parameterless builder for being designed, inches your aegis guidance coming from Horn affirms. "All job areas of these illustration might be arranged for you to rough values."

"The bad write-up will certainly again with regards to either be left behind or even throwing with a blazon for you to that it won't healthy, implying which simply no techniques will likely be alleged into it with out abstracts coming from it'll be used. On the other hand, whether it is tranquil because of the GC, your GC will certainly alarm system your object’s acknowledge process. inches

Throughout modification to describe the challenge, your aegis researcher has presented abstruse abstracts in addition to aswell developed any proof-of-concept (PoC) which accidents system_service. Right up until now, any abounding achievement in the insect is not designed in addition to aswell Horn isn't certainly abiding about how expected your household plan in the system_server certainly will be or even the way basic it truly is to cope with any adequate almost all abstracts straight into system_server’s lot. On the other hand, in modification for you to achievement this susceptability over a available product, 1 fee to secure a bad iphone app assimilate your desire product.

Horn look your aegis insect for you to Android os progress aggregation about July 25 in addition to afterwards acclamation your insect, about The fall of 3, any app was provided in Android os Lollipop seeing that allotment in the AOSP (Android Open Supply Project) cipher relieve, but reduced designs of Android os OPERATING-SYSTEM continue to be weak.

Android os 5. 0 Lollipop may be the newest convenient managing design "simply by The search engines, which often make contact with Lollipop since "the superior Android os absolution yet, inches together with additional when compared with 5, 000 fresh APIs. Yet consumers of Lollipop tend to be admonishing people not to anon advancement his or her convenient OPERATING-SYSTEM, afterwards going through ripped software, again accidents, in addition to accent slowdowns.

Advantages Accretion Apart from Android os 5. 0 Lollipop

Google on Tues launched a Security testing tool "Firing Range", that geared toward up the potency of automatic internet application security scanners by evaluating them with a good vary of cross-site scripting (XSS) and a couple of alternative internet vulnerabilities seen within the wild.

Firing Range primarily provides an artificial testing atmosphere largely for cross-site scripting (XSS) vulnerabilities that area unit seen most often in internet apps. in line with Google security engineer Claudio Criscione, seventy p.c of the bugs in Google’s Vulnerability Reward Program area unit cross-site scripting flaws.

In addition to XSS vulnerabilities, the new internet app scanner additionally scans for alternative kinds of vulnerabilities together with reverse clickjacking, Flash injection, mixed content, and cross-origin resource sharing vulnerabilities.

Firing Range was developed by Google with the assistance of security researchers at Politecnico di metropolis in an endeavor to create a take a look at ground for automatic scanners. the corporate has used target range itself "both as endless testing aid and as a driver for our development, shaping as several bug varieties as potential, as {well as|together with} some that we cannot observe (yet!)."
What makes it completely different from alternative vulnerable take a look at applications offered is its ability to use automation, that makes it additional productive. rather than specializing in making realistic-looking testbeds for human testers, target range depends on automation supported a set of distinctive bug patterns drawn from in-the-wild vulnerabilities determined by Google.

Firing Range may be a Java application that has been designed on Google Play. It offers behaviour with the scanner to be able to specialise in DOM-based, redirected, reflected, tag-based, at liberty and remote inclusion bugs.

At the Google Testing Automation Conference (GTAC) last year, Criscione same that sleuthing XSS vulnerabilities by hand “at Google scale” is like drinking the ocean. longing the data manually is each exhausting and counter-productive for the research worker, therefore here target range comes into play that might basically exploit the bug and observe the results of that exploitation.

"Your testbed doesn't seek to copy an authentic application, nor exercise the creeping capabilities of a scanner: it’s a set of distinctive bug patterns drawn from vulnerabilities that we've seen within the wild, geared toward corroboratory the detection capabilities of security tools," Criscione explained on the Google on-line Security diary."

Firing Range tool has been developed by the programme large whereas functioning on "Inquisition", an interior internet application security scanning tool designed entirely on Google Chrome and Cloud Platform technologies, with support for the most recent HTML5 options and encompasses a low false positive rate.

A deployed version ( of target range is on the market on Google App Engine and since the tool is open supply you'll be able to additionally notice and examine the ASCII text file on GitHub. Users area unit inspired to contribute to the tool with any feedback.

Firing Range — Open supply internet App Vulnerability Scanning Tool From Google

Wednesday, 19 November 2014

Finally the wildly widespread electronic communication app WhatsApp has created end-to-end cryptography a default feature, stepping the simplest way forward for the net privacy of its users round the world.

WhatsApp, most well liked electronic communication app with 600 Million users as of October 2014, has partnered with Open Whisper Systems to spice up its privacy and security by implementing sturdy end-to-end cryptography on all text messages.

The sturdy end-to-end cryptography here implies that even Mark Zuckerberg himself cannot pry into your conversations, notwithstanding asked by enforcement officers. The app maker describe this move because the "largest preparation of end-to-end cryptography ever."

The Open Whisper System could be a non-profit computer code organisation started by security man of science sand hand tool, UN agency is behind the event of TextSecure app used for cryptography. Over the past 3 years, his team has been within the method of developing a 'modern, open supply, sturdy cryptography protocol' for electronic communication service, that is currently being incorporated into Whatsapp.

"We have a ways in which to travel till all mobile platforms area unit absolutely supported, however we tend to area unit moving quickly towards a world wherever all WhatsApp users can get end-to-end cryptography by default," Open Whisper System aforementioned during a journal post.
"We're excited to include what we've learned from this integration into our future style choices, and to bring this expertise involved on integrations that we tend to do with different firms and product within the future."

There area unit some limits to WhatsApp's end-to-end cryptography, as so far, it solely works on golem platform (with iOS returning soon) and covers solely text electronic communication. 

Conjointly the app is currently receptive potential man-in-the-middle (MitM) attacks as a result of there is no thanks to check or verify the identity of the person you're electronic communication.

WhatsApp was bought by Facebook for $19 billion in Feb. the favored app has been criticized over the years for a series of security and privacy problems. however once the announcement of this rollout, it's been praised over the web by security people.

"WhatsApp deserves huge praise for devoting goodish time and energy to the present project," reads the post. "Even although we're still at the start of the rollout, we tend to believe this already represents the most important preparation of end-to-end encrypted communication in history."

Other cryptography electronic communication apps do exist presently, together with Cryptochat, Silent Text and wire, however in step with the Verge, WhatsApp are going to be the most important to implement this kind of end-to-end cryptography ever.

Open Whisper Systems could be a company engineered from open supply contributors and a passionate team to advance "state of the the art" secure communication, and is best called the developer of the Signal, Redphone, and TextSecure apps.

WhatsApp traveller Adds End-to-End cryptography by Default

Around 5 million Gmail user names and related passwords have been leaked in Russian Bitcoin security forum.

Is Google got hacked?
No, the leak was not the result of a security breach of Google systems.  The dump is said to have been obtained from other websites.

So, if you have used the same password used anywhere else, your gmail account could be compromised.

Google's response
"We found that less than 2% of the username and password combinations might have worked, and our automated anti-hijacking systems would have blocked many of those login attempts. We’ve protected the affected accounts and have required those users to reset their passwords." Google wrote.

What You should do?

  • There are few websites available online to check whether your gmail ID have been compromised or not. 

  • My suggestion is don't use them.  I suggest everyone to change the password.(I believe most of the people keep the same password for years, so it's better to change now).

  • If you have not enabled 2-step-factor feature, it is good to enable it.

  • Never use the gmail password in any other websites.

About five million Gmail IDs and passwords leaked, the official web site of the favored javascript library JQuery(used by nearly seventieth of high ten,000 websites), had reportedly been compromised and had served papers stealing malware.

RiskIQ declared that they'd detected a malicious script in that redirects guests to a web site hosting the RIG Exploit kit.

The redirector domain(jquery-cdn[dot]com) utilized in this attack has been registered on Sep eighteen, an equivalent day on that the attack was detected by RiskIQ.  RiskIQ believes that this domain was meant specifically to mix into the web site.

The good news is that RiskIQ found no indication suggesting that the JQuery library itself has been affected.  Otherwise, several further websites exploitation the JQuery CDN to load the JQuery library would even have been affected. 

The folks at says they found no logs or proof that their server was compromised.

"So so much the investigation has been unable to breed or ensure that our servers were compromised. we've got not been notified by the other security firm or users regarding jquery. com confirming any kind of skimp on. " JQuery. com world-wide-web indication write-up expresses. reportedly hacked to serve malware