About Me

Saturday, 13 October 2012

US prepares first-strike cyber-forces

Aftermath of 9/11 attacksCyber-attacks could inflict as much damage on the US as the physical attacks on 11 September 2001, the US defence secretary has warned.
Leon Panetta said the country was preparing to take pre-emptive action if a serious cyber-attack was imminent.
He said US intelligence showed "foreign actors" were targeting control systems for utilities, industry and transport.
Advanced tools were being created to subvert key computer control systems and wreak havoc, said Mr Panetta.
"An aggressor nation or extremist group could gain control of critical switches and derail passenger trains, or trains loaded with lethal chemicals," said Mr Panetta in a speech to business leaders held on the USS Intrepid - a former aircraft carrier that is now a museum.
"They could contaminate the water supply in major cities, or shut down the power grid across large parts of the country.
"Such a destructive cyber-terrorist attack could paralyse the nation and create a profound new sense of vulnerability," he said.
Smaller scale cyber-attacks were now commonplace, said Mr Panetta.
Cyber-attacks could inflict as much damage as 9/11. warned the US defense secretary
In recent weeks, many large US firms had suffered attacks that had involved them being bombarded with huge amounts of data, he said. In addition, oil companies in Qatar and Saudi Arabia had been hit by the Shamoon attack, which had tried to replace computer data with gibberish. About 30,000 machines were hit by the Shamoon attack.
The US defence department had developed tools to trace attackers, he added, and a cyber-strike force that could conduct operations via computer networks. And it was now finalising changes to its rules of engagement that would define when it could "confront major threats quickly".
"Potential aggressors should be aware that the United States has the capacity to locate them and hold them accountable for actions that harm America or its interests," he said.
"If we detect an imminent threat of attack that will cause significant physical destruction or kill American citizens, we need to have the option to take action to defend the nation, when directed by the president.

Saturday, 26 May 2012

Hackers threaten fresh wave of anti-capitalist web rioting

Hackers threaten fresh wave of anti-capitalist web rioting

Sticking it to The Man, man, but for lulz too
A new activist group is drumming up recruits for a cyberwar campaign against corporate giants due to launch on Friday, 25 May.
TheWikiBoat intends to hit a high profile list of more than 40 multinationals - including BT, Best Buy, Tesco, McDonald's, Wal-Mart and Apple - with denial of service attacks as well as attempts to raid corporate systems for intelligence.
The precise motivations behind OpNewSon, which was announced around a month ago, remain unclear but the overall flavour is part anti-capitalist and part general devilment, a characteristic found in many Anonymous-style hacktivist protests.
"While attacking the major companies of this planet may seem lulzy, we also wish that this operation make a difference," the group said in a manifesto for OpNewSon. "We are 'sticking it to the man' so to speak."
Would be participants in the campaign, which aims to take out targeted sites for at least two hours, are been encouraged to use the LOIC denial of service tool, a favourite with hacktivists. By default LOIC does nothing to shield the anonymity of its users, a factor that has allowed police to track down and arrest many suspected hacktivists across the world over recent months.
Previous pre-announced activist operations to take down Facebook or launch assaults against the internet's DNS structure have turned out to be damp squibs. Security firms nonetheless argue that corporations targeted as part of Operation NewSon ought to take the threat seriously.
"It remains to be seen if the hacking group live up to their claims, but any organisation which is a target would be unwise to dismiss the threat," said André Stewart, president international at Corero Network Security.
"With prior knowledge of an impending attack, they have the opportunity to pro-actively put in place additional security measures to ensure that they remain secure."
Stewart explained that TheWikiBoat pre-announced its intended as a tactic designed to rally recruits to its cause.
“It’s not uncommon for hacking groups to announce their targets, particularly when they are ahead of a Distributed Denial of Service (DDoS) attack," he explained. "This enables them to ‘recruit’ like-minded individuals who support the ideology of the hacktivist group to join in on the attack. However, the majority of DDoS attacks are often carried out using an army of automated computers, called botnets, which can be controlled by a single user."
"The hacking group is planning a second stage attack, in which they will attempt to infiltrate the organisation’s network and steal sensitive information. DDoS attacks are often used as a smokescreen to hide further, more dangerous attacks, and due to the long list of potential targets, there is a high probability that they will succeed."
Additional commentary from application security firm Radware can be found here.
#OpNewSon is due to begin begin at 4pm PST.

Top 10 Android Mobile Security Apps

While 2011 was the year of the hacktivist, it looks like 2012 will be the year of mobile malware with Android users in particular facing the reality that their device may not be as secure as they'd like to think.
F-Secure, McAfee, Trend Micro and pretty much every other security vendor under the sun have reported seeing a massive boom in the number of attacks targeting smartphone devices.
Indeed, McAfee reported that Android malware has rocketed by a staggering 1,200 per cent in the last year as the platform continues to attract the attention of cyber criminals.
There's plenty of vendors out there seeking to capitalise on the boom, with hundreds of anti-virus and security services flooding the market claiming to make your device as secure and safe as possible. However, with so much choice knowing which one to pick can be tough.
But fear not as V3's here to help. We've drawn up a list detailing the ins and outs of the 10 best mobile security apps currently available for Android smartphones to keep your beloved device free from the claws of cyber criminals.
10. Super Security: Free
Super Security Android app
Super Security is a free cloud-based antivirus app that adds a "strongbox" storage area to the device. The strongbox is a storage area on the phone that lets users password protect three different folders: Pictures, Videos and SMS.
As well as the strongbox, the service also boasts the standard virus scan, app manager, task manager and phone finder features seen on most other security apps.
As a free service, though, the features aren't as good as certain other paid for services. It also has a significantly less polished user interface and can at times feel a little clunky to use. Still, it's not a bad place to start.

9. Webroot Security and Antivirus: Free
Webroot SecurityAnywhere Android app
Webroot Security and Antivirus is another free app that offers users online identity protection as well as defences against malware, phishing and SMS attacks.
Webroot automatically scans apps when they are added to the device. Like some of the other services on the list, Webroot can also help you to locate a lost or stolen device.
The app is perfectly adequate, with the only problem we detected that it can, at points, slow down performance on lower-end handsets.
This only really occurs when you're using the software on an old or underpowered 800MHz processor but is still an annoyance.

8. AVG Antivirus: Free or £6.50 Pro version
AVG Anti Virus Android appAvailable as a free download, AVG is a cheap, reliable option for any Android user.
The app automatically scans apps as they're downloaded and also checks to see if files added via other connection methods like Wi-Fi or USB are safe.
As well as checking files and apps being added to the device, the free version also lets you find your phone if lost or stolen via Google Maps. It also features lock and wipe your device services.
There is a Pro version available on the Google Play store, which costs £6.50 and adds a few features like a task killer, though for the money, given how good the free version is, we found little incentive to upgrade.
7. Norton Mobile Security: £29.99
Norton Mobile Security Android appNorton Mobile Security offers Android customers all the standard services and tools you'll require to protect your smartphone's data.
The app boasts the usual anti-virus protection backed up by remote locate, lock and wipe, call and text blocker and anti-phishing web protection features.
As an added bonus, the company's recently inked a deal with UK retailer Carphone Warehouse, meaning you can pick it up for half-price at £14.99 instead of £29.99.

6. Trend Micro Mobile Security Personal Edition: Free or £19 a year
Trend Micro Mobile Security Android appTrend Micro's Mobile Security app is available in free and paid for versions, though the paid for option is the only one that offers a full security service.
The free app is available on Google Play and includes a basic malware scanner that scans your phone or SD-card for malicious software.
The paid for premium version is available for £19 per year. For the money you get a host of new features including parental controls, the ability to remotely locate your device and a fraudulent-website blocker that checks sites using Trend Micro's Smart Protection Network.
One annoyance that can seem a little pointless for business users is the addition of parental control features to the app. While control options may be desirable for parents looking to stop their child downloading dangerous apps, they really aren't relevant to business or adult users.
5. F-Secure Mobile Security: £8.08 per six months
F-Secure Mobile Security Android appF-Secure's Mobile Security app offers a number of mobile security features including firewall and anti-theft protection and costs £8.08 per half year.
The features on it work incredibly well and the app would rank higher if it didn't lack certain key features like an app scanner.
Given the boom in Android Trojans this year, the lack of an app scanning feature is a serious flaw and means you may have to get a second security app to really protect your handset.
The app also has parental control features, though as was the case with Trend Micro's app, they aren't all that useful for adult smartphone users, but nice to know they're there, just in case.

4. McAfee Mobile Security: £29.99 a year
McAfee Mobile Security Android appMcAfee Mobile Security application offers a desktop anti-virus and protection service on a smartphone.
The service is free for the first seven days but costs £29.99 per year after that. As well as Android, there are also BlackBerry and Symbian versions.
In terms of features Mobile Security 2.0 offers the complete package, boasting anti-virus protection, app screening, anti-theft remote wiping, unlimited backup and call filtering services.
The only reason the app didn't rank higher in our list is its liberal use of alerts. The app will pop up and intrude on your smartphone web and app browsing experience on a regular basis.
One particularly annoying feature is the fact that app actually starts alerting you on a regular basis that your free trial is about to run out a full day before it happens.
3. Bitdefender Mobile Security: Free or $9.99 a year
Bitdefender Mobile Security Android app
Bitdefender Mobile Security comes in free and premium versions, the latter retailing for a fairly reasonable $9.99 per year.
The app is a solid choice for most Android users, featuring an intuitive user interface and retailing at an affordable price.
The only downside is that the app doesn't have any SIM-card removal notification features and its Firewall protection only works on Android's native browser. That means Ice Cream Sandwich handset owners surfing the internet using the infinitely superior Chrome browser won't be protected.

2. Kaspersky Mobile Security: Free or £11.95
Kaspersky Mobile Security Lite is a fantastic Android security app that's available in free and paid for versions.
Kaspersky Mobile Security Android app
The paid for version costs £11.95 and offers the same features as a number of more expensive premium services.
The app grants access to Kaspersky's cloud-based Security Network, which automatically checks any app you install to make sure its safe.
One feature we particularly like is the educational element included in the app. Kaspersky Mobile Security doesn't take as draconian approach as other apps, with helpful hints explaining the importance of each feature being available as a shortcut on the app's user interface.
The paid for version of the app also houses all the standard device wipe, call and message filter and phone tracking services expected of any security app.
1. Lookout for Android: Free or $29.99 a year
Lookout Android appLookout is one of a select number of security companies purely dedicated to developing mobile security services and we have to say its Android app offers the most complete protection service currently on market.
Its Android app comes in free and paid for versions, with the paid for version costing a fairly hefty $29.99 per year.
The reason we'd really recommend the app is its intuitive user interface (UI). While the device features the same anti-virus protection, remote wipe controls, data backup, firewall defences and an app auditor services seen on other apps, Lookout is much more streamlined.
This could be because of Lookout's specific mobile focus, with the UI being far easier to navigate and understand than a number of its competitors. This streamlined feel is enhanced by the apps nonintrusive nature, with its protection features remaining nicely out of sight.

US Mayor And Son Charged With Hacking Into Opposition Site

US mayor and son charged with hacking into opposition site

We'd rather be fending off global cyberwar, sniff Feds
Dr Felix Roque, 55, the mayor of West New York, New Jersey, and Joseph Roque, 22, of Passaic County, allegedly hacked into recallroque.com and illegally accessed e-mails in February. Joseph Roque is accused of gaining control of the administrative email account associated with the dot-com before interacting with its web host, Go Daddy, to shut the site down, The New York Times reports.
The father and son team also "sought to identify, intimidate and harass" those who operated the website and other critics of Roque's administration, the Department of Justice alleged:
By the late afternoon of February 8, 2012, Joseph Roque had successfully hacked into various online accounts used in connection with the recall website. Joseph Roque then used that access to disable the website. Mayor Roque harassed and attempted to intimidate several individuals whom he had learned were associated with the recall website.
The pair face conspiracy and computer hacking charges over the alleged political dirty tricks. Both charges carry possible fines on conviction of up to $250,000 and the risk of a substantial spell behind bars. The alleged abuse of public trust involved in the case means the charges are being treated especially seriously.
FBI Special Agent in Charge Michael B. Ward commented: "In this instance, an elected official conspired to hack into a website and email account.
"It's incredibly disappointing that resources have to be diverted from protecting the US against cyber intrusions targeting critical infrastructure, federally funded research and military technology, to address a public official intruding into computer systems to further a political agenda."
US Attorney Paul Fishman added: "The elected leader of West New York and his son allegedly hacked into computers to intimidate constituents who were simply using the internet to exercise their Constitutional rights to criticise the government."
Mayor Roque only gained office last year after leading a successful recall against the previous mayor, Sal Vega, and beating him in the subsequent election. West New York has a population of 50,000 and is located around seven miles from Manhattan. It's unclear whether or not Roque, who describes himself as an "independent conservative democrat", intends to resign as a result of the charges, The Jersey Journal reports

Friday, 25 May 2012

Comcast phishing site contains valid TRUSTe seal

Summary: Security researchers from Sophos are reporting on an intercepted Comcast-themed phishing email, which contains a valid TRUSTe seal.

Security researchers from Sophos are reporting on an intercepted Comcast-themed phishing email, which contains a valid TRUSTe seal.
More on the phishing email:
Like many other sites that are compromised to host phishing pages, this one appears to have been compromised through vulnerable FrontPage server extensions.Yes, I said FrontPage. The old Microsoft Office package used for building and publishing web sites. Microsoft discontinued support for FrontPage publishing extensions in 2006 and they have been the source of many web site vulnerabilities over the last 15 years.The fake page is an identical copy of the real Comcast XFINITY login page, and surprisingly includes a fully functional TRUSTe logo which may lend further credibility to the site.
Cybercriminals often take advantage of visual social engineering elements, by embedding logos of reputable and trusted brands in order to improve of authenticity of their bogus content.
Users are advised to keep in mind the fact that these security and privacy seals often have limited applicability in real-life situations, in particular in the process of ensuring a web site’s CIA (Confidentiality, Integrity and Availability).

35,000 Passwords Reset After BigPond GameArena Hacked

BigPond GameArena hacked, 35,000 passwords reset

Quick disclosure from Telstra
Telstra has taken the unusual – in Australia – step of proactively announcing that a service has been compromised.
The carrier has announced that it’s reset the passwords of 35,000 users of its GameArena and Games Shop services, stating that “the sites, operated by a third party company, were victims of a hacking attack.”
The carrier states that “no financial or credit card details were kept on the sites”.
“Information that might have been obtained was limited to BigPond Games usernames, the email address used to join the site and the encrypted GameArena and Games Shop passwords of up to 35,000 customers,” the statement said.
Users’ BigPond Broadband passwords were not affected. Telstra will be contacting affected customers with their new passwords.
Last year, a third-party customer-service provider used by BigPond was taken offline after an exposure that resulted in around 60,000 password resets, while in January, customer data was posted to a cloud-based spreadsheet. In both cases, the data breach was the result of process failures rather than external attacks.
Perhaps because of the criticism it suffered in those two incidents, the carrier has taken the commendable decision both to disclose and to act quickly

Yahoo! leaks! private! key! in! Axis! Chrome! debut!

Extension launch scuppered by certificate blunder

Yahoo! today released its Axis extension for Chrome – and accidentally leaked its private security key that could allow anyone to create malicious plugins masquerading as official Yahoo! software.
Australian entrepreneur Nik Cubrilovic, who last year garnered notice for identifying Facebook's tracking cookies, revealed the certificate blunder on his blog, and said users should not install the extension “until the issue is clarified”.
Cubrilovic peeked into the extension’s source code and found the private certificate, which Yahoo! uses to sign the application to prove it is genuine and unaltered. The result, he says, is that a miscreant could forge a malicious extension that would be verified by Google's web browser as coming from Yahoo!
There are all sorts of attacks that could be executed with a spoofed extension; the most obvious of these, as Cubrilovic notes, would be to create and sign a traffic logger to capture a victim’s web activity. He wrote:
The certificate file is used by Yahoo! to sign the extension package, which is used by Chrome and the webstore to authenticate that the package comes from Yahoo! With access to the private certificate file a malicious attacker is able to create a forged extension that Chrome will authenticate as being from Yahoo! The clearest implication is that with the private certificate file and a fake extension you can create a spoofed package that captures all web traffic, including passwords, session cookies, etc. The easiest way to get this installed onto a victim's machine would be to DNS spoof the update URL. The next time the extension attempts to update it will silently install and run the spoofed extension.
He’s also produced a proof-of-concept of a spoofing attack and written up instructions on how to remove the extension.
Yahoo! has since apologised and posted a replacement web search extension that doesn’t include the private half of the security certificate. The new plugin, billed as a search browser, is also available for Firefox, Internet Explorer, Safari, and iPhones and iPads.

New SpyEye plugin takes control of crimeware victims!

Summary: Security researchers from Kaspersky have profiled a new SpyEye plugin known as flashcamcontrol.dll which takes control of the victim’s webcam and microphone.

Security researchers from Kaspersky have profiled a new SpyEye plugin known as flashcamcontrol.dll.
What does it do? Basically, it modifies an infected host’s Flash permissions, allowing cybercriminals the opportunity to control and webcam and the microphone of the infected victims.
More details:
If an infected user visits the site of a specified bank and the browser processing the page requests a flash-document via a link from the first column, the webfakes.dll plugin (which runs in a browser context) detects that request and replaces it with an address from the second column – an address controlled by the intruders. As a result, the browser will load a malicious document from the intruder’s server (statistiktop.com) instead of a flash document from the bank site.
It turned out that both flash documents merely create a window with a picture from the webcam. One of them sends a video stream to the intruder’s server.
It appears that someone is experimenting, with long-term ambitions on their mind. Face recognition for online banking as a concept has been around for years, however, financial institutions globally have failed to implement the solution on a large scale. Personally, I believe that facial recognition as a value-added protection mechanism is a futile attempt to prevent a successful crimeware attack on the infected host.
Taking into consideration the fact that on the majority of occasions users don’t know that they’re infected with crimeware, a visual representation of the fact that a particular end user is indeed in front of the computer wouldn’t change this. And now cybercriminals have developed an efficient way to undermine the facial recognition process with ease.
This latest development once again proves that cybercriminals are steps ahead of the security industry, and will continue to innovate in an attempt to increase their fraudulently obtained revenues.

Tuesday, 22 May 2012

Hacking ebooks collection!

(Ebook - Computer) Hacking The Windows Registry.pdf 0 MB
(eBook - PDF) Hugo Cornwall - The Hacker's Handbook .pdf 0 MB
(eBook pdf) Hacking into computer systems - a beginners guide.pdf 1 MB
(ebook_-_pdf)_Hacking_IIS_Servers.pdf 0 MB
0321108957.Addison-Wesley Professional.Honeypots- Tracking Hackers.pdf 2 MB
0764578014.Wiley.The Database Hacker's Handbook- Defending Database Servers.chm 1 MB
076459611X.John Wiley &_ Sons.Hacking GMail (ExtremeTech).pdf 0 MB
076459611X.John Wiley &amp_ Sons.Hacking GMail (ExtremeTech).pdf 5 MB
1246523-Hacking.Guide.V3.1.pdf 1 MB
1931769508.A-List Publishing.Hacker Linux Uncovered.chm 4 MB
2212948-Hacker'S.Delight.chm 2 MB
285063-Hacker.Bibel.[278.kB_www.netz.ru].pdf 0 MB
3077366-HackerHighSchool.pdf 3 MB
731986-Hacker's Desk Reference.pdf 1 MB
A Beginners Guide To Hacking Computer Systems.pdf 1 MB
Addison Wesley - Hackers Delight 2002.pdf 6 MB
Addison Wesley, The Outlook Answer Book Useful Tips Tricks And Hacks (2005) Bbl Lotb.chm 14 MB
Anti-Hacker ToolKit - McGraw Hill 2E 2004.chm 29 MB
Attacking the DNS Protocol.pdf 0 MB
Auerbach.Practical.Hacking.Techniques.and.Countermeasures.Nov.2006.pdf 144 MB
Auerbach.Pub.The.Hackers.Handbook.The.Strategy.Behind.Breaking.into.and.Defending.Networks.Nov.20.pdf 18 MB
Certified Ethical Hacker (CEH) v3.0 Official Course.pdf 26 MB
Computer - Hackers Secrets - e-book.pdf 0 MB
Crc Press - The Hacker'S Handbook.pdf 18 MB
Credit.Card.Visa.Hack.Ucam.Cl.Tr.560.[223.kB_www.netz.ru].pdf 0 MB
DangerousGoogle-SearchingForSecrets.pdf 2 MB
Dummies - Hack How To Create Keygens (1).pdf 0 MB
For.Dummies.Hacking.Wireless.Networks.For.Dummies.Sep.2005.eBook-DDU.pdf 11 MB
For.Dummies.Hacking.for.Dummies.Apr.2004.eBook-DDU.pdf 9 MB
Hack IT Security Through Penetration Testing.pdf 12 MB
Hack Proofing - Your Network - Internet Tradecraft.pdf 3 MB
Hack Proofing Linux A Guide to Open Source Security - Stangler, Lane - Syngress - ISBN 1-928994-34-2.pdf 12 MB
Hack Proofing Sun Solaris 8.pdf 7 MB
Hack Proofing Your E-Commerce Site.pdf 7 MB
Hack Proofing Your Identity In The Information Age.pdf 9 MB
Hack Proofing Your Network Second Edition.pdf 9 MB
Hack Proofing Your Network_First Edition.pdf 3 MB
Hack Proofing Your Web Applications.pdf 9 MB
Hack_Attacks_Revealed_A_Complete_Reference_With_Custom_Security_Hacking_Toolkit.chm 6 MB
Hack_IT_Security_Through_Penetration_Testing.chm 5 MB
Hacker Disassembling Uncovered.chm 5 MB
Hacker Linux Uncovered.chm 4 MB
Hacker Web Exploitation Uncovered.chm 1 MB
Hacker'S.Delight.chm 2 MB
Hacker_s_Guide.pdf 4 MB
Hackers Beware.pdf 5 MB
Hackers Secrets Revealed.pdf 0 MB
Hackers Secrets.pdf 0 MB
Hackers, Heroes Of The Computer Revolution.pdf 0 MB
Hackers_Secrets.pdf 0 MB
Hacking - Firewalls And Networks How To Hack Into Remote Computers.pdf 3 MB
Hacking - The Art of Exploitation.chm 1 MB
Hacking Cisco Routers.pdf 0 MB
Hacking Exposed - Network Security Secrets & Solutions, 2nd Edition.pdf 10 MB
Hacking Exposed Network Security Secrets & Solutions, Third Edition ch1.pdf 2 MB
Hacking For Dummies 1.pdf 0 MB
Hacking For Dummies 2.pdf 0 MB
Hacking For Dummies.pdf 0 MB
Hacking GMail.pdf 5 MB
Hacking IIS Servers.pdf 0 MB
Hacking Windows XP.pdf 10 MB
Hacking into computer systems - a beginners guide.pdf 1 MB
Hacking the Code - ASP.NET Web Application Security Cookbook (2004) .chm 5 MB
Hacking-Hacker's Guide.pdf 4 MB
Hacking-Hackers Secrets Revealed.pdf 0 MB
Hacking-Hugo Cornwall-The Hacker's Handbook .pdf 0 MB
Hacking-The Hacker Crackdown.pdf 1 MB
Hacking-ebook - CIA-Book-of-Dirty-Tricks1.pdf 0 MB
Hacking.For.Dummies.Access.To.Other.People's.System.Made.Simple.pdf 1 MB
Hacking.Guide.V3.1.pdf 1 MB
Hackproofing Oracle Application Server.pdf 0 MB
Halting.The.Hacker.A.Practical.Guide.To.Computer.Security.chm 1 MB
How to Crack CD Protections.pdf 0 MB
John Wiley & Sons - Hacking For Dummies.pdf 9 MB
John.Wiley.and.Sons.Hacking.Windows.XP.Jul.2004.eBook-DDU.pdf 10 MB
John.Wiley.and.Sons.Hacking.Windows.XP.Jul.2004.eBook.pdf 10 MB
John.Wiley.and.Sons.The.Art.of.Intrusion.The.Real.Stories.Behind.the.Exploits.of.Hackers.Intruders.and.Deceivers.Feb.2005.ISBN0764569597.pdf 3 MB
Jon.Erickson.Hacking.The.Art.Of.Exploitation.No.Starch.Press.2003.chm 1 MB
Linux-Server.Hacks-OReilly.pdf 34 MB
McGraw Hill - Web Applications (Hacking Exposed).pdf 8 MB
McGraw-Hill - Hacking Exposed, 3rd Ed - Hacking Exposed Win2.pdf 6 MB
McGraw.Hacking.Exposed.Cisco.Networks.chm 10 MB
McGraw.Hill.HackNotes.Linux.and.Unix.Security.Portable.Reference.eBook-DDU.pdf 3 MB
McGraw.Hill.HackNotes.Network.Security.Portable.Reference.eB.pdf 4 MB
McGraw.Hill.HackNotes.Network.Security.Portable.Reference.eBook-DDU.pdf 4 MB
McGraw.Hill.HackNotes.Web.Security.Portable.Reference.eBook-.pdf 3 MB
McGraw.Hill.HackNotes.Web.Security.Portable.Reference.eBook-DDU.pdf 3 MB
McGraw.Hill.HackNotes.Windows.Security.Portable.Reference.eB.pdf 5 MB
McGraw.Hill.HackNotes.Windows.Security.Portable.Reference.eBook-DDU.pdf 5 MB
Mind Hacks - Tips & Tricks for Using Your Brain.chm 3 MB
No.Starch.Press.Hacking.The.Art.Of.Exploitation.chm 1 MB
O'Reilly - Online Investing Hacks.chm 5 MB
O'Reilly.-.Network.Security.Hacks.chm 2 MB
O'Reilly.Windows.Server.Hack.chm 2 MB
O'Reilly.Windows.Server.Hack.rar 2 MB
OReilly Google Hacks, 1st Edition2003.pdf 3 MB
OReilly - Flickr Hacks Tips and Tools for Sharing Photos Online (Feb 2006).chm 5 MB
OReilly - Google Hacks.pdf 3 MB
OReilly,.Digital.Video.Hacks.(2005).DDU.LotB.chm 3 MB
OReilly,.IRC.Hacks.(2004).DDU.chm 3 MB
OReilly.Google.Hacks.2nd.Edition.Dec.2004.ISBN0596008570.chm 5 MB
OReilly.Google.Maps.Hacks.Jan.2006.chm 9 MB
OReilly.Linux.Server.Hacks.Volume.Two.Dec.2005.chm 2 MB
OReilly.Network.Security.Hacks.chm 2 MB
OReilly.PC.Hacks.Oct.2004.eBook-DDU.chm 6 MB
OReilly.PayPal.Hacks.Sep.2004.eBook-DDU.chm 2 MB
OReilly.Perl.Hacks.Tips.and.Tools.for.Programming.Debugging.and.Surviving.May.2006.chm 1 MB
OReilly.SQL.Hacks.Nov.2006.chm 2 MB
OReilly.Skype.Hacks.Tips.and.Tools.for.Cheap.Fun.Innovative.Phone.Service.Dec.2005.chm 4 MB
OReilly.Statistics.Hacks.May.2006.chm 1 MB
OReilly.Ubuntu.Hacks.Tips.and.Tools.for.Exploring.Using.and.Tuning.Linux.Jun.2006.chm 4 MB
OReilly.VoIP.Hacks.Tips.and.Tools.for.Internet.Telephony.Dec.2005.chm 3 MB
OReilly.Word.Hacks.Oct.2004.eBook-DDU.chm 3 MB
OSB.Ethical.Hacking.and.Countermeasures.EC.Council.Exam.312.50.Student.Courseware.eBook-LiB.chm 14 MB
O_Reilly_-_Windows_XP_Hacks.chm 5 MB
Oreilly Access Hacks Apr 2005.chm 18 MB
Oreilly, Paypal Hacks (2004) Ddu.chm 2 MB
Oreilly.Amazon.Hacks.eBook.LiB.chm 3 MB
Oreilly.Linux.Desktop.Hacks.Mar.2005.eBook-LiB.chm 0 MB
PC Games - How to Crack CD Protection.pdf 0 MB
Que - UNIX Hints Hacks.chm 1 MB
Que.Certified.Ethical.Hacker.Exam.Prep.Apr.2006.chm 8 MB
SQL Hacks.chm 2 MB
SQLInjectionWhitePaper.pdf 1 MB
Security and Hacking - Anti-Hacker Tool Kit Second Edition.chm 29 MB
SoTayHacker1.0.chm 76 MB
Syngress - Hack Proofing Linux (2001).pdf 12 MB
Syngress - Hack Proofing Your Identity in the Information Age - 2002.pdf 9 MB
Syngress - Hacking a Terror Network. The Silent Threat of Covert Channels.pdf 9 MB
Syngress -- Hack Proofing Your Wireless Network.pdf 7 MB
Syngress Hack Proofing Your Identity in the Information Age.pdf 9 MB
Syngress.Buffer.Overflow.Attacks.Dec.2004.eBook-DDU.pdf 5 MB
Syngress.Hack.the.Stack.Oct.2006.pdf 7 MB
Syngress.Hacking.a.Terror.Network.Nov.2004.ISBN1928994989.pdf 8 MB
The Little Black Book Of Computer Virus.pdf 1 MB
The_20Little_20Black_20Book_20of_20Computer_20Viruses.pdf 1 MB
Websters.New.World.Websters.New.World.Hacker.Dictionary.Sep.2006.pdf 5 MB
Wiley.Hacking.Firefox.More.Than.150.Hacks.Mods.and.Customizations.Jul.2005.eBook-DDU.pdf 14 MB
Wiley.Hacking.GPS.Mar.2005.ISBN0764598805.pdf 10 MB
Wiley.Hacking.Google.Maps.and.Google.Earth.Jul.2006.pdf 11 MB
Wiley.Lifehacker.Dec.2006.pdf 7 MB
Wiley.The.Database.Hackers.Handbook.Defending.Database.Servers.chm 1 MB
Win XP Hacks oreilly 2003.chm 5 MB
WinXP SP1 Hack.pdf 0 MB
Windows Server Hacks.chm 2 MB
Xbox-hack - AIM-2002-008.pdf 1 MB
Yahoo.Hacks.Oct.2005.chm 7 MB
[0735710090]Hackers Beware Defending Your Network From The Wiley Hacker.pdf 5 MB
addison wesley - web hacking - attacks and defense.chm 6 MB
amazon-hacks.chm 3 MB
bsd-hacks.pdf 2 MB
ceh-official-certified-ethical-hacker-review-guide-exam-312-50.9780782144376.27422.pdf 5 MB
cracking-sql-passwords.pdf 0 MB
database hacker handbook.chm 1 MB
eBooks.OReilly.-.Wireless.Hacks.100.Industrial.-.Strength.Tips.and.Tools.chm 4 MB
ebay-hacks-100-industrial-strength-tips-and-tools.pdf 4 MB
ebook.oreilly.-.windows.xp.hacks.sharereactor.chm 5 MB
ethical hacking, student guide.pdf 7 MB
excel-hacks.chm 3 MB
google-hacks.pdf 3 MB
hacker ethic.pdf 13 MB
hacker-disassembling-uncovered.9781931769228.20035.chm 5 MB
hacking the windows registry .pdf 0 MB
hacks.sfv 0 MB
linux-server-hacks.pdf 33 MB
little_black_book_oc_computer_viruses.pdf 1 MB
mac-os-hacks.chm 9 MB
network-security-hacks.chm 2 MB
online-investing-hacks.chm 5 MB
oreilly,.visual.studio.hacks.(2005).ddu.lotb.chm 6 MB
oreilly.firefox.hacks.ebook-lib.chm 3 MB
oreilly.windows.xp.hacks.2nd.edition.feb.2005.lib.chm 13 MB
prentice hall - pipkin - halting the hacker- a practical guide to computer security, 2nd edition.chm 1 MB
spidering-hacks.chm 1 MB
the-database-hackers-handbook-defending-database-servers.9780764578014.25524.chm 1 MB
tivo-hacks.100-industrial-strength-tips-and-tools.pdf 9 MB
u23_Wiley - Hacking GPS - 2005 - (By Laxxuss).pdf

Torrent Link - Click!

Backdoor sniffed in ZTE's US Android smartphones

Chinese handset manufacturer ZTE has confirmed the presence of a backdoor in one of its Android smartphones.
ZTE's Score M ships with an application featuring a hardcoded password that gives the user, or software running on the device, administrator-level access. Running the program with the password spawns a root shell prompt on the Linux-powered mobes, allowing the phone to be completely taken over.
News of the ZTE Score M smartphone backdoor first surfaced last week in posts on the code-sharing website pastebin.com. The password needed to access the backdoor, located in the /system/bin/sync_agent file, is readily available online.
The world's fourth largest mobe-maker acknowledged a problem, but said it was restricted to the Score M, which runs Android 2.3.4 and is distributed through MetroPCS in the US. ZTE is working on an "over the air" patch to close the security hole, and the handset manufacturer insists that the issue does not affect Skate smartphones - contrary to internet rumours.
Mobile security firm Lookout advises users of the model to be particularly careful about apps they download and websites they visit until they get the security patch from ZTE. The poorly protected setuid executable on the smartphones allows an application to grant itself superuser privileges and run as the root user, Lookout explains.
"This type of access allows an attacker full control over a target device – which includes the ability to install or uninstall applications without notice and access to any sensitive personal information on a device," Lookout warns.
"While this issue does not expose a remotely accessible vulnerability on affected phones, it is an issue that could be exploited by targeted, malicious applications installed to the phone. In addition, affected users should download and install patches provided by ZTE and/or Metro PCS as soon as they are rolled out to their device," it adds.
The sync_agent tool might have been put there to manage preloaded applications, such as MetroPCS Visual Voicemail or MetroStudio, according to Lookout.
Dmitri Alperovitch, co-founder of security startup CrowdStrike, said ZTE was using the backdoor to update the smartphone's software, suggesting that the feature was placed there deliberately. However he said that it was unclear to him if the application was planted with malicious intent or left available as the result of some careless oversight, Reuters reports.
"There are rumours about backdoors in Chinese equipment floating around," Alperovitch said. "That's why it's so shocking to see it blatantly on a device."
The circumstances of the problem, especially the fact that the problem was restricted to smartphones supplied to the US, is bound to provide plenty of fodder for conspiracy theorists. China is repeatedly accused of using technology to spy on the West's high-tech biz, defence contractors, human right activists and energy firms. Allegations of backdoors in devices supplied by Chinese network equipment manufacturers have been a hot topic among Western politicians.