Mutillidae is a free and open source web application which can be used by security experts who want to use their penetration testing tools and hack a website. Mutillidae can be installed on any computer with a web server. You can easily install a web server on your personal computer by using XAMPP which installs a web server (Apache), a database (MySQL) and several other tools. Mutillidae has several vulnerabilities and hints which makes hacking very easy. It can be used by security experts who want to test their penetration testing applications, by students who learn about web application security and in general by any security enthusiast who wants to learn the vulnerabilities of a web application and how hackers exploit them to gain access. You can visit SourceForge website to see the full list of Mutillidae’s features and download it.
Chrome is not as safe as Google thinks
Google have created Pwnium, a competition for hackers able to hack Chrome (Google’s web browser) and the prices were a total of one million dollars. A Russian university student hacked a PC using Chrome and got the $60000 prize. He used an exploit to bypass Chrome’s sandbox, a security measure that it was designed to stop hackers from accessing the PC even if they were able to hack the browser. In the same time at Pwn2Own event by HP a security firm was able to hack Chrome in five minutes. Hackers gave the information on how they were able to perform the hacks because it is mandatory to get the prize. After this Google realized that its web browser is not as safe as they thought it was but they can use the information and make Chrome safer. I tried Chrome and it is a good web browser but I will stay with Firefox which is, in my opinion, the best choice.
Duqu trojan framework written in unknown language
Kaspersky was called to investigate Duqu Trojan and the researchers have found some strange things. First of all, the framework of the Trojan is written in a programming language that is unknown to the researches at the Russian security company. This means that a section of the Trojan was developed in a rare programming language or the creator(s) also created a new programming language. The majority of the code is in C++, one of the most famous programming languages today. The second strange thing about Duqu Trojan is that it has many similarities with Stuxnet worm that targeted Iran’s nuclear facilities. It has the same behaviour and uses similar methods to spread its self. Researches believe that the same group that created Stuxnet worm also created Duqu Trojan. To be able to create a Trojan so sophisticated needs some serious knowledge in computers, networks, programming languages and compilers.
AnonymousSabu is a snitch
Hector Xavier Monsegur, also known as @AnonymousSabu, the leader of the group #LulzSec was providing information to the FBI that led to the arrests of other LulzSec members. The arrests where a joined operation between Ireland, United Kingdom and United States of America. Sabu started providing information to the FBI after they arrested him to obviously reduce his sentence or even walk away. This is not a way that a leader should behave no matter what. It doesn’t matter if it is an army, a hacking group, a company CEO or a football team, the leader must be there for the others and not be a snitch. If someone is a weak character or is afraid of the consequences then he should not be taking part in such actions. When I learn such news it makes me sick, there are some unwritten rules that everyone must follow. #Anonymous have blocked Sabu’s twitter account and suggests that everyone do the same because the account is now handled by the FBI. Anonymous will not have the same fade as LulzSec because they are not a hacking group and they don’t have leaders. Anonymous is an idea and it is obvious that you can not arrest an idea.
Cops playing Anonymous
Anonymous is open for anyone, if you want to be part of them you are free to do it. You can follow them on Twitter to see what is new in their operations or chat with them on IRC. You are free to join them but if you want to take a part on their operations then you should take your steps to hide your identity. Most Anonymous hackers are successfully encrypt their identities and they are taking steps to ensure that they don’t leave traces to lead to them. Suddenly, some people that agree with their philosophy and ideas don’t have the knowledge to ensure that they stay… Anonymous. Cops are also joining Anonymous to IRC chat rooms and they try to find the person behind the mask. For those who want to take part on Anonymous operations, at least be careful not to get caught, learn to hide your identity. If you don’t you will end up in jail, unless this is something you want.
Anonymous declared as threat to national security
National security agency (NSA) has declared Anonymous a threat to national security because they gain a lof of power. According to #NSA #Anonymous in few years could shut off power by attacking the energy grid. In my understanding they try to find a reason to declare them as national security to be able to have a better control of them. Government try to scare Anonymous but this will not happen any time soon as many of them are not American citizens. Some people don’t care if they go to jail for doing the right thing. Anonymous has announced that they will have weekly attacks, every Friday they perform an attack to a target they will decide.
Anonymous hacked Greek ministry of justice again
Anonymous hacked and defaced the Greek ministry of justice website almost a month ago. Then they targeted Greek government websites to support people-powered uprising in Athens. Police arrested three Greek schoolboys, ages 16, 17, and 18 for taking part in the attack. They found electronic traces that they claim that they belong to Anonymous and police seized their notebooks and 12 hard drives. The suspected Anonymous members are known as ’delirium’, ‘nikpa’ and ‘extasy’. Anonymous has hacked once again the website of Greek ministry of justice during the operation #OpGreece. They will continue and will probably increase their attacks if police continue arresting youngsters.
Fake rumor that Anonymous will take down the internet
There are many fake rumors for Anonymous operations. One of the first ones was the attack on Facebook on November 5 2011 and then again another fake Facebook rumor. As we said before, there are several reasons why someone spread fake rumors about Anonymous. This time they say that Anonymous will take down the internet for hours or days at the end of March. Anonymous accounts on Twitter say that this is not the case, they don’t plan to attack dns servers and take down the internet. An many of them say, they don’t see the point on attacking to their greatest weapon. Anonymous see the internet as a weapon, as a tool to fight for their rights. Many bloggers and journalists spread the rumors before even check by themselves the validity of the news they learn. It is a very sad thing but this is internet, you should not believe anything you read.
Anonymous targets Greek government websites
After the website of the Greek Justice Ministry being hacked by Anonymous, they targeted almost all Greek government websites. The reason is to support people-powered uprising in Athens. They have taken down the websites of Greek Prime Minister, the National Police, the Ministry of Finance, the Greek Parliament, the Minister of finance Evangelos Venizelos (personal site) and some more. Anonymous try to support the Greek people that react to the measures of their government to avoid national bankruptcy. Greeks appreciated Anonymous actions and they felt that they are not fighting alone.
Google Wallet is vulnerable
Recently researches found at least two vulnerabilities of Google Wallet. The previous one requires the phone to be rooted and a brute force decryption of a file which is for hackers. The new one has none of those requirements, it is very easy and it is demonstrated in the video at the end of this post. It is very easy, the only thing you need to do is go into Google Wallet application settings menu and press the button to clear the data. The next time you will open the app it will ask you to set a new pin. After setting the new pin and adding the Google prepaid card you have full access to the funds. As you see, no rooting and no external app are used, just resetting the Google Wallet. Try not to loose your phone and be very careful to whom you giving it to as he requires only about 2 minutes to access Google Wallet.