DDoS can be legal with your help

No, this is not a joke and yes it can be done. Anonymous, the hacktivist group, has filed a petition online on the White House website claiming that Distributed denial-of-service (DDoS) shouldn’t be illegal because it is a form of protest. They claim, and it is correct in my opinion, that DDoS is the digital version of the “occupy” form of protest. It is the equivalent of users hitting the refresh button on a website repeatedly. It slows or stops the traffic to that website. For the time being there are 3500 votes and another 21500 needed for the Obama administration to gain their attention. The goal of 25000 is not very high for Anonymous and their supporters but the goal of 25000 needs to be reached by February 6. You can find the petition and vote for it on the source link.

You can buy a Yahoo mail exploit

Few years ago, gaining exploits was available only in some underground forums or chat rooms. Today there are many forums to get them and some hackers sell their founding. Some of them they even advertise them in public. Like “TheHell” which is showing a Yahoo! mail exploit and says that it sells it for $700. It is a cross-site scripting (XSS) vulnerability and according to the hacker, it works on all the browsers. What it does, it steals the cookie from the victim. Don’t be afraid just yet, in order to work the attacker must send a link to his victim and the victim click on that link. Of course it is very easy to create a website, offer something for free and have this link instead. Yahoo! is aware of that and they are working on a fix, I hope soon.

TYLER: Anonymous WikiLeaks

The hacker group Anonymous is going to create its own WikiLeaks and the project’s name is TYLER. This is a decision derived from the conflict of the Anonymous and Julian Assange for the forced funding. Anonymous will publish secret government documents to their own platform which is scheduled to the end of this year (21 December). Also, they don’t like when Assange was threatened to close WikiLeaks and they want to keep such information public and available to everyone. Maybe there is also the need to create another platform for secret commercial documents to see the dirty work of large organizations and their way to rule the world.

A possible way for mass murder

Pacemakers send and receive signals and it seems that pacemaker transmitters can be reverse engineered. This means that criminals can hack them and make them send a high voltage electric shock to pacemakers. The most scary part is that this can be done wireless and the attackers can be anywhere within few meters range. The distance can vary with different antennas and different environment (walls, windows, etc). It is also possible to change the firmware of a pacemaker and create some king of virus which will spread from pacemaker to pacemaker.

Anonymous takes down Greek government websites

Anonymous took down several Greek government websites and the reason is maybe the visit of German Chancellor Angela Merkel. This is not the first time that Anonymous takes down Greek government webpages and if they continue to support the people of Greece then it will not be the last. A big percentage of the people there is fighting to survive and any kind of support is appreciated. Police and government didn’t upgraded their security enough since the last attack by Anonymous.

Backdoored PhpMyAdmin from SourceForge

PhpMyAdmin is one of the most popular MySQL administration tools written in PHP. A compromised version of PhpMyAdmin was distributed via a SourceForge mirror and after a security issue was reported, malicious people exploited it. That version had server_sync.php modified and the backdoor is allowing to the attacker to execute PHP code remotely. Because of the fact that SourceForge is the largest open source software development website, if infected many systems. This is not the first time attackers exploit the open source community to distribute their backdoor.

CRIME can hijack HTTPS sessions

CRIME is the name of the new attack that can hijack HTTPS sessions. When you visit websites with HTTPS you expect them to be safe but researchers find new vulnerabilities. With CRIME, if you visit a site and you log in with your credentials like a bank, Google or Facebook the attacker can then decrypt the information of the session cookies and log in to those site and pretend to be you. If this is not scary then I don’t know what is. They can do it by exploiting a security hole in TLS 1.0.

App Store can be bypassed without jailbreaking

Apple’s App Store is vulnerable and can be bypassed easily, even without jailbreaking. ZonD80, a Russian hacker found a way to bypass the payment and get paid apps for free. The amazing thing is that it is very easy and almost everyone can do it. The idea is to communicate and send the purchasing requests to a server operated by the hacker instead of the official one. ZonD80 posted a video on YouTube showing his hack but the video was deleted by Google and now he is requesting donations to setup a website to promote his hack.

Malware for all systems

F-Secure, a finnish security company recently found a malware which installs itself to almost all operating systems. It is a web exploit which recognizes the OS of the visitor and then installs the corresponding malicious code for that OS. This one is not installed on your system unless you approve a Java applet installation. In all operating systems the code does the same thing, it connects to a command and control server (with IP and then it downloads additional code to execute. The name of this scary but intelligent malware is GetShell.A. There are millions of malware out there and you can’t be too careful.

Yahoo Voice Hacked

Yahoo! Voice has been hacked and 400,000 passwords were leaked. If you use Yahoo Voice then you should change your password A.S.A.P. Also, if you are using the same password on other websites and services, now it is a good time to change those too. Once again, the hack was based on SQL injection. Yahoo! has released a statement where apologizes for the attack to the users. If hackers have the password of your email account then they can access any other accounts where you used this email to sign up.