jimmyLi's blog

NullCrew hackers once again show their support for WikiLeaks founder Julian Assange. This time, they claim to have breached data.gov.uk – a UK government project that provides citizens with non-personal data which can be freely re-used. They published a 700 megabyte archive that holds numerous .cvs files which contain all sorts of information. Although we haven’t spotted any sensitive details in the massive leak, the website does have a login section, which may mean that user credentials might have been obtained by the hackers. Apparently, similar to other data breaches, the attackers exploited an SQL Injection vulnerability to gain access to the files. He have sent an inquiry to data.gov.uk representatives a few hours before this post was published, but so far they haven’t responded. Hopefully, they can confirm or deny the hackers’ claims and provide further explanations. Source: softpedia | @EduardKovacs

Hacktivists continue their operations against companies they believe to be responsible for using the “harmful” mineral known as coltan (columbite–tantalite). The latest victims of OpColtan and OpGreenRights are the websites of Fujitsu General Brazil (fujitsugeneral.com.br) and Siemens Switzerland (siemens.ch).  The hackers have published massive amounts of data – including some email addresses, usernames and passwords –, allegedly stolen from these websites. Judging by the files posted on PrivatePaste, it appears that the attackers once again leveraged SQL Injection vulnerabilities to breach the sites and gain access to their databases . “Our attention turns to you, unscrupulously and greedy multinationals. Behind your famous commercial images, fabricated and marked on an false Ethic, the most cruel barbarites are hidden,” the Anons who run the campaign stated. “Coltan, the mineral that you use to produce capacitors of mobile phones, besides being ...

http://pastebin.com/raw.php?i=xV6LpFAy _ _ _ _ _____ | \ | | | | / __ \ | \| |_ _| | | / \/_ __ _____ __ | . ` | | | | | | | | '__/ _ \ \ /\ / / | |\ | |_| | | | \__/\ | | __/\ V V / \_| \_/\__,_|_|_|\____/_| \___| \_/\_/ @Saturnine_NC ####################################### www.paypal.co.uk ####################################### PayPal is a global e-commerce business allowing payments and money transfers to be made through the Internet. Online money transfers serve as electronic alternatives to paying with traditional paper methods, such as checks and money orders. PayPal is a...

  Yahoo confirmed that approximately 400,000 accounts were compromised as a result of a hack by a group calling themselves the D33D Company. According to CNET , the credentials were stored in plain text and were allegedly taken from a Yahoo subdomain, Yahoo Voices. The group claims to have breached Yahoo's security by using a "union-based SQL injection technique." Yahoo released this statement to Tech Crunch : At Yahoo! we take security very seriously and invest heavily in protective measures to ensure the security of our users and their data across all our products. We confirm that an older file from Yahoo! Contributor Network (previously Associated Content) containing approximately 400,000 Yahoo! and other company users names and passwords was stolen yesterday, July 11. Of these, less than 5% of the Yahoo! accounts had valid passwords. We are fixing the vulnerability that led to the disclosure of this data, changing the passwords of the affected Y...

The Australian hacker known as s3rver.exe has breached the website of USAFIS, the American Green Card DV lottery program (usafis.org). “I hacked usafis because they are big scammers. If you search about them on Google it will show you scam results,” he told us. As a result, he has published the website’s entire database, including user comments, usernames, password hashes and email addresses. The administrator’s credentials have also been made available. s3rver.exe also hacked the website of Karma Films, a Spanish independent movie distributor. According to the hacker, this isn’t part of a protest, but a way to force the webmasters to patch up the SQL Injection, Malicious Post Injection and File Inclusion vulnerabilities that currently affect the site. To demonstrate his findings, s3rver.exe has published not only database information, but also the exact location of the security holes. Source: @EduardKovacs | softpedia

==================================== = https://twitter.com/m0m_r00tw0rm = ====================================   Target: http://www.dma.state.mn.us Vuln target: http://www.dma.state.mn.us/press_room/e-zine/articles/index.php?item=280 IP: 156.98.187.50 Web-Server: Apache PHP Version:  156.98.187.50   Vuln Type: SQL Injection   Database: ng_internet Tables: tbl_ezinetype, tbl_jobvac, tbl_journalists, tbl_newsevents, tbl_pages, tbl_ripleyuploads, tbl_service, tbl_unit, tbl_unitlocation, tbl_unitpage, tbl_webpages   Table tbl_journalists columns: intJournalistID, strJournalistFirstName, strJournalistInitial, strJournalistLastName, strJournalistRank   Table tbl_journalists data:   ID FirstName LastName Rank   1 John Angelo Sgt. 2 Daniel Ewer Master Sgt. 3 Rich Kemp Master Sgt. 4 Patrick Loch Sgt. 5 Dajon Ferrell Sgt. 6 Eric Jungels Staff Sgt. 7 Public Affairs 8 ...