Tuesday, September 4, 2012

Hackers exposed 1,000,001 Apple Devices UDIDs



Antisec shared a list of 1,000,001 Apple Devices UDIDs pulled from an FBI notebook [ hacking :) ]. System was hacked using an AtomicReferenceArray vulnerability in Java.


Original file NCFTA_iOS_devices_intel.csv contains a total data 12,367,232 iOS devices including UDIDs with user names, device name, device type, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc.

 Antisec says "there you have. 1,000,001 Apple Devices UDIDs linking to their users and their APNS tokens.
the original file contained around 12,000,000 devices. we decided a million would be enough to release. we trimmed out other personal data as, full names, cell numbers, addresses, zipcodes, etc."

 Although the file is encrypted and availble over internet but decryption method is also listed on pastebin.

 Lets see what is inside. :P

 Read original post here:
http://pastebin.com/nfVT7b0Z

nj0y !!!  :-)
at

Tuesday, October 18, 2011

Spyware

Little info . . .

at

Friday, July 15, 2011

Achievement

Today I have cleared GREM, another milestone in my career after last year's GCIH.

Privileged to be one out of 573 round the globe.
http://www.giac.org/certified-professionals/directory/forensics

You can find my profile here:


GREM


GCIH
http://www.giac.org/certified-professional/bhupendra-singh-awasya/123355



nj0y !!!
at

Tuesday, June 14, 2011

SpyEye V.1.3.4.X


A new crimeware toolkit emerged in underground economy in December 2009 named SpyEye. It took a chunk of Zeus crimeware toolkit space. Now after take down of Zeus and revealing of Zeus code, recently SpyEye guys introduced their new version "SpyEye V.1.3.4.X" incorporating Zeus in it.

Analysis done and published by TrendMicro lab, can be found in TrendLabs MalwareBlog.

To read more, follow:


#@V3 $@F3 BR0W$!n9 !!!

nj0y !!!

at No comments:

Tuesday, May 24, 2011

Google search to find Compromised Google Images


Since few weeks, we heard about google image searches infected by Search Engine Optimization (SEO) poisoning. Many legitimate sites linked to scareware trojans and exploits via Google Image results are discovered every day. Many of these sites would otherwise be considered as safe but they've been compromised by a hack of some sort.

Do not search for inurl:wp-images unless you are using test network or use Google SSL as the poisoned SEO sites will only attack if visited from http://www.google.com.

Read more at f-secure

#@v3 $@f3 br0w$!n9 !!!

nj0y !!!

at No comments:

Tuesday, April 26, 2011

'Stars' Hits Iran


It is in reports that a new computer worm codenamed 'Stars' have been identified as a malicious software and/or part of cyber attacks against Iran.

This could be another/second computer worm to target Iran in the past eight months, after Stuxnet.

Analysts are analysing the peiece of code, no futher details revealed to the rest of the world.

To read more, please follow:


Lets see, walk with present to see the future.
at 1 comment:

Monday, April 18, 2011

Propagating Malware via legitimate websites

Few years ago, In 2006 and earlier, “No one ever thought of spreading malware via legitimate websites. Popular Infection Vectors (before 2006) are:

  • Go to system and install a malicious piece of code (Rarely heard of it or very few cases),

  • Supply malware in USB drives with autorun (pretty common and still effective, spreading malware enormously)

  • Distribute malware as an email attachment (pretty common and still effective unfortunately)

  • Convincing users to download legitimate looking software but actually MALWARE (providing direct link in email, chat or other mechanism)
Malware authors are shifting their focus from traditional desktop bases attack methodology to the new emerging dynamic and user interactive web applications for spreading malware.

Drive-by-download. Drive-by-download is working covertly, which make it difficult to suspect or detect. Since last 3-4 years, awareness in web administrators and security professionals regarding server side vulnerabilities has increased. Eventually, they are doing their job quite nicely, securing all six OSI layers except the last and most vulnerable layer- "Application layer".


Motive of malware authors:

  • Access on the infected computer

  • Steal user credentials, banking or other passwords

  • Use as a launching pad for further attacks

  • Install more sophisticated malwares/viruses

  • Gain chain of access to corporate networks via VPN etc for which user or user's system is allowed for.
Web 2.0 functionalities are also being effectively used for controlling botnet.

Details may be find in presentations.
1. WCMP-Web2.0 Attacks.pdf
2. Tweet for DDoS.pdf

To know more, follow:
http://www.cert-in.org.in/s2cMainServlet?pageid=PRSTNVIEW03&reCode=CIWS-2011-1910

http://www.cert-in.org.in/Downloader?pageid=5&type=2&fileName=CIPS-2011-0066.0%20Attacks.pdf

http://www.cert-in.org.in/Downloader?pageid=5&type=2&fileName=CIPS-2011-0067.pdf

#@v3 #@f3 8r0w$!n9 . . .

nj0y !!!
at No comments:
Subscribe to: Posts (Atom)

Reporting Cyber Crime

            Govt. of India took great initiative by facilitating citizens with “National Cyber Crime Reporting Portal”  ( https://cybercrime...

  • Microsoft released workaround for DLL vulnerability
    Microsoft released workaround for DLL vulnerability Microsoft has released an advisory explaining the DLL preloading attacks and provides wo...
  • Fake prize call from +92**********
    Today early morning (12:07 AM), I got missed call from a number starts from +92 . I know about this number very well so didn't picked up...
  • Fake POS Devices
    Nowadays, hardware have become so cheap that cybercriminals can easily reproduce fake point-of-sale (POS) devices that can be used to skim ...