Tag Archives: crack

IP-Überwachungskameras von Aldi mit massiven Sicherheitslücken | heise online

 

Aldi hatte vergangenes Jahr mehrfach IP-Überwachungskameras mit denkbar schlechten Voreinstellungen verkauft. Die Geräte sind zu Hunderten fast ungeschützt über das Internet erreichbar.

 

Die bei Aldi verkauften IP-Überwachungskameras der Marke Maginon haben massive Sicherheitsprobleme: Unbefugte könnten über das Internet auf das Kamerabild zugreifen und sogar den Ton anzapfen. Zudem verraten die Geräte unter anderem die Passwörter für WLAN, E-Mail und FTP-Zugang ihres Besitzers. Hunderte Aldi-Kameras sind nahezu ungeschützt über das Internet erreichbar. Darauf hat uns der Zusammenschluss Digitale Gesellschaft aufmerksam gemacht.

via

Anonymous – Operation Paris Continues #OpParis | YouTube

Veröffentlicht am 18.11.2015

Anonymous – Operation Paris Continues #OpParis
JOIN US: https://www.facebook.com/AnonymousDirect
– Connect with Anonymous –
Subscribe ● http://www.youtube.com/subscription_c…
Anonymous Google+ ● https://google.com/+AnonymousWorldvoce
Anonymous Facebook ● http://facebook.com/anonymousdirect
Anonymous Twitter ● http://twitter.com/anonymousOfcl
Anonymous T-Shirts ● http://anonymousofficial.spreadshirt.com
Anonymous Website ● http://anonofficial.com

List: http://pastebin.com/raw.php?i=HXjgGiHp

Hello citizens of the world, we are anonymous.

It is time to realize social media is a solid platform for ISIS’s communication as well as neutering there ideas of terror amoung youth, but at the same time social media has proven that it is an advanced weapon. We must all work together and use social media to eliminate the accounts belonging to terrorists. More than 20,000 Twitter Accounts belonging to ISIS were just taken down by Anonymous. You can find a list of all the Twitter Accounts in the description. This is only the beginning.

ISIS; we will hunt you, Take down your sites, Accounts, Emails, and expose you…From now on, no safe place for you online…You will be treated like a virus, and we are the cure.

We are anonymous.
We are legion.
We do not forgive.
We do not forget.
ISIS…it is too late to Expect Us.

– Watch some of our other videos –

Anonymous Documentary – How Anonymous Hackers Changed the World Full Documentary:
https://www.youtube.com/watch?v=FAECy…

Anonymous – The Story of Aaron Swartz Full Documentary:
https://www.youtube.com/watch?v=gpvcc…

Anonymous – Plan to defeat the Illuminati and New World Order 2015:
https://www.youtube.com/watch?v=kobrw…

Anonymous – Operation Paris #OpParis:
https://www.youtube.com/watch?v=ybz59…

Anonymous – The Hacker Wars Full Documentary:
https://www.youtube.com/watch?v=ku9ed…

‚Copyright Disclaimer Under Section 107 of the Copyright Act 1976, allowance is made for ‚fair use‘ for purposes such as criticism, comment, news reporting, teaching, scholarship, and research. Fair use is a use permitted by copyright statute that might otherwise be infringing. Non-profit, educational or personal use tips the balance in favor of fair use‘

HTTPS-crippling attack threatens tens of thousands of Web and mail servers | Ars Technica

 

 

Tens of thousands of HTTPS-protected websites, mail servers, and other widely used Internet services are vulnerable to a new attack that lets eavesdroppers read and modify data passing through encrypted connections, a team of computer scientists has found.

 

[…]

 

The new attack, which its creators have dubbed Logjam, can be exploited against a subset of servers that support the widely used Diffie-Hellman key exchange, which allows two parties that have never met before to negotiate a secret key even though they’re communicating over an unsecured, public channel.

 

The weakness is the result of export restrictions the US government mandated in the 1990s on US developers who wanted their software to be used abroad.

via

Noobs can pwn world’s most popular BIOSes in two minutes | The Register

Nobody expects the BIOS inquisition, so nobody patches them

 

Millions of flawed BIOSes can be infected using simple two-minute attacks that don’t require technical skills and require only access to a PC to execute.

 

Basic Input/Output Systems (BIOS) have been the target of much hacking research in recent years since low-level p0wnage can grant attackers the highest privileges, persistence and stealth.

 

LegbaCore researchers Xeno Kopvah and Corey Kallenberg revealed the threat to El Reg ahead of a presentation How Many Million BIOSes Would You Like to Infect? at CanSecWest tomorrow.

via 

NSA-Trojaner: Kaspersky enttarnt Regin | SPIEGEL ONLINE

SPIEGEL-Veröffentlichung: Experten enttarnen Trojaner „Regin“ als NSA-Werkzeug

Von Marcel Rosenbach, Hilmar Schmundt und Christian Stöcker

 

Softwarecode im Vergleich: Links Trojaner

Kaspersky Softwarecode im Vergleich: Links Trojaner „Regin“, rechts vom SPIEGEL veröffentlichter NSA-Code

 

Telekom-Unternehmen, die EU-Kommission und eine Mitarbeiterin des Kanzleramts – alle wurden zum Opfer der Schadsoftware „Regin“. Die Analyse eines vom SPIEGEL veröffentlichten Codes zeigt nun: „Regin“ ist ein NSA-Werkzeug.

 

Als der SPIEGEL Mitte Januar anhand neuer Unterlagen aus dem Snowden-Archiv das digitale Wettrüsten der Nachrichtendienste mit immer ausgefeilteren Cyberwaffen beschrieb, veröffentlichte SPIEGEL ONLINE auch das Beispiel einer in den Snowden-Materialien enthaltenen Schadsoftware namens „QWERTY“ als Quellcode.

via 

Google provided WikiLeaks journalists‘ metadata in Julian Assange investigation | Technology

 Sarah Harrison, assistant to Julian Assange, thanks supporters outside Ecuador'’s embassy in London in 2012. She is among the journalists whose details were provided to authorities.

EXCLUSIVE

 

Google secretly gave the emails of WikiLeaks journalists to the US government in response to an espionage investigation targeting Julian Assange, according to documents disclosed by the internet giant.

 

Three journalists who have worked for WikiLeaks since 2010 – Sarah Harrison, Joseph Farrell and Kristinn Hrafnsson – have been informed by Google that all their Gmail account content, metadata, subscriber information, and other content were provided to US federal law enforcement in response to search warrants issued in March 2012.

via 

Breaking: Stealth „Turla“ Malware Infects Unknown Number of Linux Systems | Softpedia

Linux is attacked

Linux is attacked

A new threat has been found by Kasperky Labs

 

The Linux Turla is a new piece of malware designed to infect only Linux computers, which has managed to remain relatively hidden until now and has the potential of doing a lot of harm. Unfortunately, very little is known about it or how to fix it.

 

[…]

 

It doesn’t need root

 

One of the most interesting aspects of this Turla cd00r-based malware is that is doesn’t require elevated privileges, which is probably one of the reasons it’s so dangerous. It needs to be activated remotely with a „magic packet“ (similar to port knocking) and it needs existing network interface name. The end result is that it provides a backdoor to the user’s computer, and that the attacker can send commands with „/bin/sh -c “ script.“. It’s a little bit more complicated than this, but that is just the summary of it.

via

Regin: Top-tier espionage tool enables stealthy surveillance | Symantec Connect

An advanced piece of malware, known as Regin, has been used in systematic spying campaigns against a range of international targets since at least 2008. A back door-type Trojan, Regin is a complex piece of malware whose structure displays a degree of technical competence rarely seen. Customizable with an extensive range of capabilities depending on the target, it provides its controllers with a powerful framework for mass surveillance and has been used in spying operations against government organizations, infrastructure operators, businesses, researchers, and private individuals.
 
[…]

 

fig1-architecture.png

Figure 1. Regin’s five stages

 

via

s.a.: technical whitepaper from Symantec

CVE-2014-4877: Wget FTP Symlink Attack Vulnerability | The Hacker News

 

The open-source Wget application which is most widely used on Linux and Unix systems for retrieving files from the web has found vulnerable to a critical flaw.

 

GNU Wget is a command-line utility designed to retrieve files from the Web using HTTP, HTTPS, and FTP, the most widely used Internet protocols. Wget can be easily installed on any Unix-like system and has been ported to many environments, including Microsoft Windows, Mac OS X, OpenVMS, MorphOS and AmigaOS.

 

When a recursive directory fetch over FTP server as the target, it would let an attacker „create arbitrary files, directories or symbolic links“ due to a symlink flaw.

via