jimmyLi's blog

http://www.twitter.com/Gr33nRage          Hacker: Gr33nRage Target: www.fisu.gov.ua (Intelligence service of Ukraina) available databases [4]: [*] information_schema [*] mysql [*] szru [*] test Database: mysql [17 tables] +---------------------------+ | columns_priv | | db | | func | | help_category | | help_keyword | | help_relation | | help_topic | | host | | proc | | procs_priv | | tables_priv | | time_zone | | time_zone_leap_second | | time_zone_name | | time_zone_transition | | time_zone_transition_type | | user | +---------------------------+ Database: mysql Table: user [7 entries] +------------------+ | Password | +------------------+ | *a0*7*d*64f*96*b | | 3b**14g*34j**6qt | +------------------+

Hacktivists continue their operations against companies they believe to be responsible for using the “harmful” mineral known as coltan (columbite–tantalite). The latest victims of OpColtan and OpGreenRights are the websites of Fujitsu General Brazil (fujitsugeneral.com.br) and Siemens Switzerland (siemens.ch).  The hackers have published massive amounts of data – including some email addresses, usernames and passwords –, allegedly stolen from these websites. Judging by the files posted on PrivatePaste, it appears that the attackers once again leveraged SQL Injection vulnerabilities to breach the sites and gain access to their databases . “Our attention turns to you, unscrupulously and greedy multinationals. Behind your famous commercial images, fabricated and marked on an false Ethic, the most cruel barbarites are hidden,” the Anons who run the campaign stated. “Coltan, the mineral that you use to produce capacitors of mobile phones, besides being ...

Blizzard.com.ua – a Ukrainian website dedicated to Blizzard games fans – has been breached by hackers operating under the Anonymous and AntiSec banners.   “About time you get you Content Management Systems updated son?!” they wrote next to the data leak sample. This indicates that the attackers leveraged an unpatched security hole in order to gain access to the site’s databases. The paste published on peoplesliberationfront.net contains a link to a 7 megabyte file that stores 19,106 usernames, passwords, email addresses and other user details. According to Cyber War News , besides this file, there are two other databases out there, apparently containing administrator details and information belonging to World of Warcraft players.  Hopefully, this will act as a wakeup call for the site’s administrators and they’ll address the vulnerability, but also notify their users to ensure that their details cannot be misused. Source:...

CyberZeist , the hacker who has recently left the UGNazi collective, has leaked a few hundred login credentials that he allegedly obtained by launching a spear phishing attack on US   federal employees.   “This federal account release is not a result of some fancy and HiFi hack, it’s a result of a common flaw in human factor – Trust. These all federal accounts were jacked by using a simple method known as 'Spear Phishing'! These accounts are just a half part of a forthcoming #gov #leak,” he wrote next to the data dump. The leak contains over 250 record sets comprising email addresses and clear text passwords. According to the hacker, he obtained the credentials by spoofing a login portal. “They have a login portal at [.mil domain] (intranet only). Their SSLv2 certificate can be spoofed easily so I replaced the original certificate with my fake one so that users can’t make out that they are logging at a fake portal,” the hacker told Softpedia. “In my f...

Nvidia suspended its Developer Zone forum and started an investigation after 400,000 hacked credentials were posted online. Though it described the attack as targeting only “a small proportion of users,” the company warned members should change identical passwords they use elsewhere.     “Nvidia suspended operations today of the Nvidia Developer Zone,” the firm’s representatives said after the password breach. “We did this in response to attacks on the site by unauthorised third parties who may have gained access to hashed passwords.” Users are also advised not to give personal, financial or sensitive information (including new passwords) in response to any email purporting to be sent by an Nvidia employee, as the company won’t request this type of information by email. The Nvidia password breach follows a recent Yahoo Voice hack that made more than 450,000 credentials vanish in one go. Yahoo apologized for the affected users who had their passwords and...

Have you had to change your login information in a paranoid fever after discovering that a major online service provider has been hacked in the last few weeks? Well, if you have a Yahoo! account, you might have some worrying to do. A hacker group called D33DS Company has apparently dumped 453,492 usernames and passwords obtained in plaintext from a Yahoo! service. Ars Technica is reporting that usernames and passwords allegedly from Yahoo! were posted online by the D33DS Company group. Other sources indicate that the user information was specifically from the Yahoo! Voice service, formally known as Associated Content. Apparently, the hackers were able to obtain the plaintext list of passwords and usernames using a MySQL injection attack. Ars explains the methodology behind the attack thusly: The hacking technique preys on poorly secured web applications that don’t properly scrutinize text entered into search boxes and other user input fields. By injecting powerful ...

LinkedIn yesterday confirmed that there was a breach of security, and that member passwords were dumped by the attackers. The password hashes have been posted on the Internet in a 250 Megabyte text file, and it is generally assumed that people have started to break the hashes to reveal the underlying passwords. All in all, about 6.5 million LinkedIn user accounts are affected by this. LinkedIn itself has taken counter measures to protect affected users accounts from being compromised. Probably the biggest protection in this regard is that affected account passwords have been invalidated, so that they can’t be used anymore to log in to LinkedIn. All affected members will receive an email from LinkedIn that contains instructions on how to reset the account passwords. LinkedIn notes that these emails will not contain links, to avoid copy cat emails that use this for phishing. It basically comes down to reseting the user account password to receive a new one. Affected mem...

. /$$                 /$$            /$$$$$$                    .| $$                | $$           /$$__  $$                    .| $$       /$$   /$$| $$ /$$$$$$$$| $$  \__/  /$$$$$$   /$$$$$$$ .| $$      | $$  | $$| $$|____ /$$/|  $$$$$$  /$$__  $$ /$$_____/ .| $$      | $$  | $$| $$   /$$$$/  \____  $$| $$$$$$$$| $$      .| $$    ...

Microsoft Store India has been hacked! Database hacked, Passwords exposed As you can see from the image above, it has been hacked by EvilShadow team – 7z1&Ancker. From the tiny little flag and blog links, it looks like the hackers are from China. Their motivation is unknown at this point. From   7z1′s blog :  ” Do not explain, line and over ~  Black page Address:  http://www.microsoftstore.co.in/evil.html  ” The reason for this hack hasn’t been stated but they have managed to upload a file called evil.html which says “Unsafe system will be baptized”.   Also worth noting is that you can browse the rest of the website by going to their category   directly . Stay tuned, we’ll keep you update on this and will get Microsoft’s word on this. Update : This is huge guys. This is terrible news. Database of MS Store India has been exploited as well and the worst has happened. The passwords were saved in plain text. Y...

In urma analizei catorva zeci de milioane de conturi de pe Internet, Imperva a intocmit o lista a celor mai folosite parole de pe Internet care ar trebui evitate de utilizatori. Studiul "Cele mai proaste parole" a fost realizat de cei de la  Imperva   dupa ce in decembrie anul trecut un hacker a trecut de securitatea site-ului  RockYou   si a intrat in posesia parolelor celor 32 de milioane de abonati ai site-ului, scrie  TG Daily.  Dintre cele 32 de milioane de parole, cele mai des utilizate (si poate cele mai nefericite) sunt:  1.  123456 2.  12345 3.  123456789 4.  Password 5.  iloveyou 6.  princess 7.  rockyou 8.  1234567 9.  12345678 10.  abc123 Directorul tehnic al companiei Imperva,  Amichai Shulman a declarat ca atacul ar trebui sa fie o lectie, adaugand ca oamenii ar trebui sa inteleaga ca aceste parole slabe incurajeaza si faciliteaza atacurile cibernetice.   "Cu un...