King OF Games: June 2013

Sunday, 30 June 2013

Microsoft.com.my, Bing, Skype, Kaspersky local domains of "Malaysia" Hacked by TiGER-M@TE, Bangladeshi Hacker

Microsoft.com.my, Bing, Skype, Kaspersky local domains of "Malaysia" Hacked by TiGER-M@TE, Bangladeshi Hacker

TiGER-M@TE is considers as one of most dangerous blackhat of world. There is not any specific reason mention about this hack on deface page but this rise many questions for security experts that how much these hacker are getting powerful. All sites are still defaced at the time of publishing. Basically MYNIC is compromised. Few month ago same hacker attack Kenya and hack Google.co.mw and many more.

Deface page say's:

"HackeD

TiGER-M@TE

#Bangladeshi HackeR

Hello malaysia,you think you are more advanced than us? Respect our workers,we will respect you!

Running it since 2007 :)

Greetz : kinG oF coNTroL ; Barbaros-DZ ; F0RTYS3V3N ; aBu.HaliL501 ; W7sH.SyRiA ; h311 c0d3 ; m1l05 ; j0 ; l0calh0st ; Ne0-h4ck3r ;

# TiGER-M@TE

# localhost_80@programmer.net

#EOF"

Hacked Sites List:

http://microsoft.com.my/
http://dell.com.my/
http://skype.com.my/
http://kaspersky.com.my/
http://msn.com.my/
http://bing.com.my/

Mirrors:
http://www.zone-h.org/archive/notifier=tiger-m@te

DNS spoofing Attack Detail's:

DNS spoofing (or DNS cache poisoning) is a computer hacking attack, whereby data is introduced into a Domain Name System (DNS) name server's cache database, causing the name server to return an incorrect IP address, diverting traffic to another computer (often the attacker's).
Every country have registrar server which return the IP of local huge sites like google, msn etc. If registrar sever is compromised then we can redirect all those domains to specific ip which make it believe that sites are hacked. Basically sites are functioning properly, only there ip is hacked to hacked ip.

Kane & Lynch 2: Dog Days

Kane & Lynch 2: Dog Days

Developer: Io Interactive
Publisher: Square Enix Eidos Interactive
Genre: Action
Release Date: August 17, 2010 (US)

About Kane & Lynch 2: Dog Days

Kane & Lynch 2: Dog Days is a raw and brutal crime shooter designed to take players on an even more intense story experience, following two of gaming's most disturbed criminals, through the gritty Shanghai underworld. Introducing a new visual experience, Kane & Lynch 2: Dog Days is inspired by documentary filmmakers and the user-generated era. Every aspect of the game has been designed to deliver a fresh perspective to the words 'intensity' and 'realism' in videogames.

Minimum System Requirements

OS: Windows XP/Vista/7
Processor: Intel 3.0 GHz or AMD 2.5 GHz or higher
Memory: 1 GB (XP), 2 GB (Vista)
Video Memory: 512 MB (NVIDIA 7800/ATI X1800)
Sound Card: DirectX Compatible
DirectX: 9.0c
Keyboard and Mouse
DVD Rom Drive

Kane & Lynch 2 Dog Days (5)

Kane & Lynch 2 Dog Days (1)

Kane & Lynch 2 Dog Days (2)

Kane & Lynch 2 Dog Days (3)

Kane & Lynch 2 Dog Days (4)

Download Kane & Lynch 2: Dog Days – Direct Links

Part 1 – 700 MB

Part 2 – 700 MB

Part 3 – 700 MB

Part 4 – 700 MB

Part 5 – 700 MB

Part 6 – 584 MB

Part 7 – 700 MB

Part 8 – 700 MB

Part 9 – 700 MB

Part 10 – 700 MB

Part 11 – 401 MB

Crack

www.elj-games.blogspot.com

Pakistani Hacker Sentenced 18 months in Prison due to Mutimillion Dollar ATM heists

Pakistani man "Imran Elahi" who was involve in two Multimillion-dollar ATM heists targeting debit card processors was sentenced in Brooklyn federal court on Friday to 18 months in prison.

Imran Elahi pleaded guilty last year to access device fraud and conspiracy, largely for his involvement in two precision strikes: a $9 million heist in 2008 involving RBS WorldPay and a $14 million hack in 2011 against Fidelity Information Services.

Investigators said these two incidents were similar to another massive heist for which 8 individuals were charged in May, 2013.

Elahi has helped investigators, so he might be released soon and sent back to Pakistan.

References: Softpedia, Reuters

Thursday, 27 June 2013

Hacking Facebook Account with just a text message

Can you ever imagine that a single text message is enough to hack any Facebook account without user interaction or without using any other malicious stuff like Trojans, phishing, keylogger etc. ?

Today we are going to explain you that how a UK based Security Researcher, "fin1te" is able to hack any Facebook account within a minute by doing one SMS.

Because 90% of us are Facebook user too, so we know that there is an option of linking your mobile number with your account, which allows you to receive Facebook account updates via SMS directly to your mobile and also you can login into your account using that linked number rather than your email address or username.

According to hacker, the loophole was in phone number linking process, or in technical terms, at file /ajax/settings/mobile/confirm_phone.php

This particular webpage works in background when user submit his phone number and verification code, sent by Facebook to mobile. That submission form having two main parameters, one for verification code, and second is profile_id, which is the account to link the number to.

As attacker, follow these steps to execute hack:

Change value of profile_id to the Victim's profile_id value by tampering the parameters.
Send the letter F to 32665, which is Facebook’s SMS shortcode in the UK. You will receive an 8 character verification code back

3.Enter that code in the box or as confirmation_code parameter value and Submit the form.

Facebook will accept that confirmation code and attacker's mobile number will be linked to victim's Facebook profile.

In next step hacker just need to go to Forgot password option and initiate the password reset request against of victim's account.

Attacker now can get password recovery code to his own mobile number which is linked to victim's account using above steps. Enter the code and Reset the password!

Facebook no longer accepting the profile_id parameter from the user end after receiving the bug report from the hacker.

In return, Facebook paying $20,000 to fin1te as Bug Bounty.

Windows 8.1 ISO File available for Download

Microsoft have launched its new version of Windows i.e. Windows 8.1 Preview successfully. Windows 8 has not been so successful as compare to Windows 7, so lets see how users will rate to Windows 8.1 Preview.
Yesterday, As I have wrote that users who are having Windows 8 can upgrade to Windows 8.1 Preview from the Windows store and that also for free, just because the ISO file were not available for download yet.
But now finally Windows 8.1 Preview ISO file have been available for download from the Microsoft official site. As said Windows 8.1 Preview will be available in multi-language hence there it is. Here I am giving the Download link of English version only so for other please visit here. <<

ISO files
Product Key: NTTX3-RV7VB-T7X7F-WQYYY-9Y92F
Important: Windows 8.1 Preview isn't currently supported on some tablets and PCs with newer 32-bit Atom processors.
LanguageLink to downloadSHA-1 hash value

English 64-bit (x64) Download (3.3 GB) 0xD76AD96773615E8C504F63564AF749469CFCCD57

English 32-bit (x86) Download (2.5 GB) 0x8BED436F0959E7120A44BF7C29FF0AA962BDEFC9

Friday, 21 June 2013

Yahoo Advertising Service vulnerable to XSS attacks

Yahoo! Advertising Service has is vulnerable to cross-site scripting security bugs, discovered by Soumyodeep Mondal. Vulnerability is yet unfixed and exploitable using a simple payload as shown in screenshot. There is a demo video also available to show Proof of concept. Back in January, Yahoo! said that it had fixed a cross-site scripting (XSS) vulnerability in its webmail service which was blamed for a spate of account hijackings. The compromised accounts were used to send spam. Also The Yahoo! blog was vulnerable to XSS attacks because it utilized an outdated version of WordPress.

Thursday, 20 June 2013

Rwanda Bing Hacked By Pakistani l33t H4x0r's

Website:

http://bing.rw

Mirror:

http://www.zone-h.org/mirror/id/20068135

Message on Deface Page:

======================================================================

[#] Bing.rw Owned

[#] Where is the security ?/* */

Simbaa - THA X-Haxor - DJArs Haxor - Waheed Gul - Reaper Grim - CoOl bOY Haxor - THA ZipCode - THA Mc Mods - THA Gi.igzy jc - Naino Diaster

======================================================================

Wednesday, 19 June 2013

Brazil Government Hacked By Muslim Cyber Sh3llz

Website:

http://e-governo.blumenau.sc.gov.br/index.htm

Mirror:

http://www.mirror-ma.com/mirror/id/338695/
http://www.hack-db.com/541970.html

Brazilian Hackers Hacked FIFA Official Website

Hackers have reportedly hacked the official website for the Brazil Football World Cup 2014 and replaced the site with a video of a violent police response to a peaceful protest.

According to News.com.au, the FIFA website was replaced with an embedded YouTube video, showing protesters marching, before riot police release tear gas and fire on the protesters with rubber bullets.

The report further said that protestors are seen shouting “sem violencia” throughout the video, which translates into ‘no violence’ in English.

However, the report added, the FIFA site has now been restored. According to the report, the protest in the video is apparently a part of the recent demonstrations across the country, sparked earlier this month by a hike in public transport fares, as well as government spending on the World Cup and the Olympics.

Sunday, 16 June 2013

Google Uzbekistan DNS Hijacked By 1337, Pakistani Hacker

A Pakistani hacker, whose alias is 1337 claimed responsibility for what appeared to be a DNS Hijacked www.google.co.uz , the Uzbekistani version of Google’s search engine.

Google.co.uz Domain Details:

http://www.nic.uz/whois/?domain=google&zone=co.uz

Friday, 14 June 2013

Facebook Introduced Hash tag Features

Hope every one is aware of hash tag (#), that is popularly used to tag the people or page or other item on twitter.
As we all know that Facebook regularly introduce new things for its users, and there was news also going on that Facebook will also roll out the hash tag function, so here is the day came.
Facebook finally adopted the Hashtag function on its site. Hashtags will be both clickable and searchable on Facebook.

This news was officially published on the Facebook official blog post. This will help you to tag other context, page or others post indicating that it is the part of the large discussion. It’s also possible to search for a specific hashtag from the search bar, to click on hashtags that originate on other services
The social network will still let you control the audience of the posts, including those with hashtags.

US Govt is Watching Your Emails, Images, Videos, Search History, Skype Calls, Files, Chats

There are chances that you might have thought of being watched by US government through Gmail, Facebook and other internet giants who are holding your sensitive and most private data.

The news is that all your fears were real, as a new secret document has proven the existence of a US government program that grants NSA (National Security Agency) and FBI the direct access to the servers of Google, Facebook, Microsoft, Skype, Yahoo, Apple and other internet companies, from where they can extract any user information at their will.

Named as PRISM, the program was sanctioned by President Bush in 2007, which is now renewed again by President Obama in December 2012.

Under this program, tech giants gave the direct access to its servers to US government agencies, through which they can grab any information they want, without any hurdle.

The information that NSA can access may include your emails, chats, search history, images, videos, skype calls (even the content of skype calls), YouTube videos (even those which are private), files that are stored in your computer, call records of your smartphones, SMS, MMS, places you visit and much more.

Microsoft joined this program before anyone, followed by Yahoo and Google. Facebook, Skype, Youtube, AOL and Apple are also the program partners who have given the direct access and they can obtain information of any kind for any user who uses these services.

Dropbox is likely to be added in the list of partner companies soon.

PRISM enables US government agencies to reach directly into the servers of the participating companies and obtain both stored communications as well as perform real-time collection on targeted users.

Interestingly, US agencies call PRISM “one of the most valuable, unique and productive accesses for NSA”.

Another fact, which may worry our local “Privacy and Internet Freedom Activists” to a greater level is that Pakistan is second largest spying target of NSA, after Iran. Over 13.5 billion reports were gathered from Pakistan in March 2013 only.

Given the amount of data we share with these companies, including our personal and private information, this revelation is alarming and raise countless serious questions, concerning the morality of tech companies and US government.

Wednesday, 5 June 2013

Battlestations: Pacific

Battlestations: Pacific

Developer: Eidos Studios – Hungary
Publisher: Eidos Interactive
Genre: Action Simulation
Release Date: May 12, 2009 (US)