New Hacking Threat Could Impact Traffic Systems

Motorists drive by traffic lights every day and trust they will work. But NBC 5 Investigates found that as more cities turn to wireless traffic systems, some of those systems are unprotected and open to a cyber-attack.

“We implicitly trust these devices,” said Branden Ghena, a University of Michigan PhD student who studies how easy it is to manipulate electronics. “We drive through the intersection knowing that red means we should stop and green means we should go and there’s not going to be any trouble. The light will work as intended.”

“We could actually make the lights all red,” said Ghena. “We could change the light to be green in our direction. These are clearly not the intended behavior of these systems.”

Ghena and a research team at the University of Michigan discovered that with a basic laptop and a wireless radio it could hack into the software system of a company called Econolite. The research team worked with a road crew to make this happen. And In their experiment, Ghena says they were able to manipulate more than 1,000 traffic lights in one town alone – turning red lights green, and green lights red.

“It was surprisingly easy,” said Ghena.

The reason is simple.

“It doesn’t have passwords on it or encryption on the wireless communications,” said Ghena. “They’re basic things, but they’re not enabled by default because the vendor wasn’t thinking about that and assumed the road agency would do something. And the road agency assumed they were good enough the way they came.”

NBC5 Investigates discovered similar vulnerabilities with another company called Sensys Networks, which controls wireless traffic systems in major hubs including Washington DC, Los Angeles, New York City, San Francisco and Chicago.

Just two months ago the U.S. Department of Homeland Security issued this advisory, warning of these “vulnerabilities” after learning about the research of Argentinian security expert Cesar Cerrudo. Cerrudo used a cheap drone flying hundreds of feet above to show how he could hack into Sensys’s traffic signals below.

“The problem is that it’s not protected information,” said Cesar Cerrudo, Chief Technology Officer for IOActive Labs. “I just programmed it to send fake data to the traffic control system so I can make them do things they are not supposed to do.”

Here’s how a traffic control system works: There are sensors buried in the road that detect cars. That information is then sent to the access point which is connected to the traffic control system and controls the lights. And all of this is done wirelessly.

These Sensys Networks systems are used in 10 countries, 45 states, and throughout Illinois.

“(Cerrudo) did identify an area where we had not encrypted the data stream,” said a Sensys Networks spokesman, during a phone conversation with NBC 5 Investigates. He also explained that the company recently issued a software fix, but that it is up to each city, whether to use the fix - and that some cities across the us could still be vulnerable.

NBC 5 Investigates had a lengthy phone conversation with the spokesman from Sensys Networks. We offered the company the opportunity to answer our questions in an on-camera interview. It declined and instead provided us with this two-page statement.

A spokesman from the Chicago Department of Transportation tells us of the 3,100 intersections in Chicago, only 12 of them utilize Sensys Networks wireless technology. But he could not say whether the city has upgraded the software to make Chicago’s traffic lights more secure.

“They are as vulnerable as any cellphone system,” said Transportation Engineer Erick Rivera, who has worked with both Sensys Networks and Econolite traffic systems

Without passwords or encryption, these systems are only as secure as your basic cell phone.

“If the person is able to hack into one intersection, it could mess up an entire corridor,” said Rivera.

Security researchers say simply using passwords and encrypting the systems could prevent future attacks.

“The real attacks here are where you clog up congestion in a city so you can turn all the lights to red and people will be stuck in traffic jams for hours,” said Ghena.

Facebook Now Accessible Via Tor Network Using Official .Onion Address

If you are fan of the largest social networking site Facebook, but also want to remain anonymous while using your Facebook account, then there is really a Good news for you.

Facebook on Friday began offering a way for security and Privacy conscious users to connect to its social networking service using the anonymizing service running on the Tor network, by launching a .onion address. This is really a historic move of the social network.

Tor Browser is an open source project, launched in 2002, designed to increase the anonymity of your activities on the Internet by not sharing your identifying information such as your IP address and physical location with websites and your service providers. Browsing and data exchange over a network is made through encrypted connections between computers.

The social network just created a special URL – https://facebookcorewwwi.onion – that will allow users running Tor-enabled browsers to connect Facebook’s Core WWW Infrastructure. Hidden services accessed through the Tor network allow both the Web user and website to remain anonymous. Do note that the Tor link will only work on Tor-enabled browsers.

"Facebook’s onion address provides a way to access Facebook through Tor without losing the cryptographic protections provided by the Tor cloud," Alec Muffett, a software engineer with Facebook’s security infrastructure group, said in a blog post. "It provides end-to-end communication, from your browser directly into a Facebook datacenter."

Facebook has previously been criticised by Tor users as the company’s security features treated Tor as a botnet — a collection of computers designed to attack the site. Users were able to access their Facebook account before today, but it often loaded irregularly with incorrectly displayed fonts and sometimes didn't load at all.

Back in 2013, the social network assured Tor users that the company would work with Tor service on a possible solution. Now, after a year, we can see a great move from Facebook’s side with the launch of a dedicated Tor access address. However, the company said that the Tor network may poses some risks as the .onion address is described as an "experiment" by the social network.

"Tor challenges some assumptions of Facebook's security mechanisms – for example its design means that from the perspective of our systems a person who appears to be connecting from Australia at one moment may the next appear to be in Sweden or Canada," Alec Muffett said.

"In other contexts such behaviour might suggest that a hacked account is being accessed through a "botnet", but for Tor this is normal. Considerations like these have not always been reflected in Facebook’s security infrastructure, which has sometimes led to unnecessary hurdles for people who connect to Facebook using Tor."

Furthermore, the company also offers encryption using SSL over Tor with a certificate that cites the unique Tor address, so that users won’t have to deal with SSL certificate warnings and can therefore be assured they are connecting to a secure and real Facebook, preventing users from being redirected to fake sites.

Runa Sandvik, a security researcher who was consulted by Facebook on the project and previously worked at the Tor Project, tweeted, "The launch of the Facebook Tor hidden service also marks the first time a CA has issued a legitimate SSL cert for a .onion address."

Millions of websites hit by Drupal hack attack

 

 

 

Up to 12 million websites may have been compromised by attackers who took advantage of a bug in the widely used Drupal software.

The sites use Drupal to manage web content and images, text and video.
Drupal has issued a security warning saying users who did not apply a patch for a recently discovered bug should "assume" they have been hacked.

It said automated attacks took advantage of the bug and can let attackers take control of a site.

'Shocking' statement
 
In its "highly critical" announcement, Drupal's security team said anyone who did not take action within seven hours of the bug being discovered on 15 October should "should proceed under the assumption" that their site was compromised.

Anyone who had not yet updated should do so immediately, it warned.
However, the team added, simply applying this update might not remove any back doors that attackers have managed to insert after they got access. Sites should begin investigations to see if attackers had got away with data, said the warning.

"Attackers may have copied all data out of your site and could use it maliciously," said the notice. "There may be no trace of the attack." It also provided a link to advice that would help sites recover from being compromised.
Mark Stockley, an analyst at security firm Sophos, said the warning was "shocking".

The bug in version 7 of the Drupal software put attackers in a privileged position, he wrote. Their access could be used to take control of a server or seed a site with malware to trap visitors, he said.

He estimated that up to 5.1% of the billion or so sites on the web use Drupal 7 to manage their content, meaning the number of sites needing patching could be as high as 12 million.

Drupal should no longer rely on users to apply patches, said Mr Stockley.
"Many site owners will never have received the announcement and many that did will have been asleep," he said. "What Drupal badly needs but doesn't have is an automatic updater that rolls out security updates by default."

Aaron Swartz, internet hero, hounded to death by powers that be

Aaron Swartz was a young internet prodigy facing computer fraud charges when he took his own life. Source: ABC

TV editor Lyndall Crisp selects The Internet’s Own Boy as her pick of the week on free-to-air television.

The Internet’s Own Boy
Sunday, 8.30pm, ABC2
Aaron Swartz was a precocious child with extraordinary learning abilities. As a teenager he was a computer programming prodigy and as an adult he was a political activist hellbent on making the world a better place. Described as “the brightest light on the internet … an astonishing intellect”, he was — like his hero Tim Berners-Lee who invented the world wide web and gave it away for nothing — not interested in money. We’ll never know what he might have achieved because last year, aged 26, he committed suicide in his Brooklyn apartment. Using family home movies, clips from old interviews and conversations with the people closest to him, this fascinating documentary profiles the young genius. Swartz was facing 13 charges of wire fraud, computer fraud and unauthorised access to a computer according to antiquated legislation that carried a 35-year prison term. He devised a brilliant system that allowed him to access general information and make it commonly available. The company he targeted didn’t want to pursue the charges, but the US government insisted the case go on as a deterrent to others. There were also political reputations at stake. Swartz’s lawyer was sure he could win the case, but fear of what might lie ahead terrified Swartz. An outpouring of grief and anger flooded the internet following his death. A tragic story well told.
ALSO RECOMMENDED
Gardening Australia
Saturday, 6.30pm, ABC
It’s that gorgeous time of year when all those plants you thought were dead turn out to have been sleeping. A spot of warmer weather and they burst into bud. A trip to the nursery and a ramble through open gardens are among the many joys of spring. For 25 years this show has been sharing advice on how to make it all happen in your garden, and tonight, to celebrate the milestone, the first of four specials on the building blocks of gardening looks at healthy soil. Sophie Thomson visits a cherry orchard in South Australia where an experiment using bees to deliver antifungal spore is proving a success.
The Graham Norton Show
Sunday, 9.30pm, Ten
It’s fair to mention this show again because I haven’t for a while (at least two weeks). It’s so jolly good. A laugh a minute. In this episode Norton’s guests include Hugh Grant, Emma Thompson, Luke Evans and Lenny Kravitz. Grant tells the story of his first audition in Hollywood in front of a famous director who projectile-vomited halfway through the first page of the script. And Thompson tells how she made two co-stars in Mr Banks laugh by taking off her bra and putting two Mickey Mouse stickers on her nipples. Love her!
Gough Whitlam — In His Own Words
Sunday, 8.30pm, SBS One
Much has been written and said about this giant of Australian politics since he died, aged 98, in Sydney on October 21. Most of it was good, but many people still harbour doubts, even bitterness, about the former Labor prime minister’s legacy. No one, surely, can deny that in so many ways he was a shining light on a sea of mediocrity. This documentary, commissioned by SBS, was filmed 12 years ago. It was the last television interview Gough Whitlam did. In it, he talks about his remarkable 50 years in public life. It charts his earliest days in parliament, his rise as deputy leader, then leader, of the ALP and finally his success in ending 23 years of Liberal government. A chance to hear it from him.
Michael Mosley: Should I Eat Meat?
Monday, 7.30pm, SBS One
As the BBC’s medical correspondent, Michael Mosley has put himself through some of the weirdest tests to get the facts for a good story. Here he ups his daily intake of red meat to 130g to see what impact it will or won’t have on his health. As the man behind the phenomenally successful (commercially) 5:2 diet, Mosley knows all about sensible eating. But he has always wondered about how much red meat is too much. Apart from the ethical argument that we should all be vegetarians, there’s at least one good reason we should stand back from the barbie: cardiovascular disease is the biggest killer in the Western world. Yet, despite speaking to experts in Britain and US, Mosley doesn’t find the answer. I say pass the lamb chops and don’t think too much about it.
Salamander
Monday, 11pm, SBS One
Sorry to see this fine Belgian drama moved to such an ungodly hour on a school night, but thank heavens for the record button. Paul Gerardi (Filip Peeters) is a detective with Brussels police suspended for insisting on pursuing a private-bank robbery. The embarrassing contents of 66 safety deposit boxes were stolen but the robbery was not reported because they belonged to VIPs who have a lot to lose. Although his wife and daughter have been threatened and he’s a wanted man, Gerardi refuses to back off after three people connected to the robbery are murdered. Here, in the fourth of 12 episodes, the mastermind behind the robbery is revealed to be millionaire Gil Wolfs (Vic de Wachter), who wants each of the 66 owners — who belong to a secret group called Salamander — eliminated.
The Melbourne Cup Carnival
Tuesday, 10am, Seven
It’s that time of year again. Although Melbourne Cup Day has become something of a social event, serious horse people say the $3 million Cox Plate is the more important race. That aside, the first Tuesday in November has gained traction as the event, particularly among fashionistas who wouldn’t know one end of a horse from another. But hey, it’s fun to dress up and knock back a few champers. And it’s not just locals watching the 24 thoroughbreds compete; it’s estimated that about 650 million people across the world tune in at 3pm. The $6 million prize money may have something to do with that; the past four winners — Fiorente (Irish), Green Moon (Irish), Dunaden (French) and Americain (American) — were imports. The whole day is covered live.
At the Movies
Tuesday, 9.30pm, ABC
When David Stratton, 75, and Margaret Pomeranz, 70, call it quits next month after 28 years sharing their thoughts on the latest films, they will leave big shoes to fill. Incisive, quirky, knowledgeable — what they have to say is worth hearing, especially when they disagree. Here they review five films: John Wick starring Keanu Reeves; Interstellar starring Matthew McConaughey (True Detective); Two Days, One Night starring Marion Cotillard; My Mistress with Emmanuelle Beart; and Rise with Jessica Green.
Madam Secretary
Thursday, 8.30pm, Ten
College professor and former CIA analyst Elizabeth McCord (Tea Leoni) hesitated when President Conrad Dalton (Keith Carradine) wanted to appoint her secretary of state after the incumbent was killed in a suspicious plane crash. But once behind the desk she established herself as a tough negotiator and no-nonsense leader. In five episodes so far, she has helped two American teenagers facing execution in Syria, brokered a peace treaty between China and Japan, and managed sensitive negotiations with Iran over its nuclear program. Here in The Call, McCord asks the president to help with a tricky situation in West Africa.
Classical Destinations — Salzburg
Friday, 6pm, SBS One
Remember Aled Jones, the young Welsh boy with a voice like an angel until it broke? His rendition of Walking In the Air was goose-bump material. By the time he was 16 he’d sold six million albums and sung for pope John Paul II and the Queen (presumably not at the same time). He then took up acting, appearing in theatre and on radio and television. In this gorgeous series combining fabulous scenery and music, Jones, now 43, visits the cities that influenced the great composers, beginning with Salzburg, home of Mozart.
Better Homes and Gardens
Friday, 7pm, Seven
No matter how realistic your renovation budget it will always end up costing you more. In Small Budget, Big Makeover, Rob Palmer and the team show how to stretch the dollar. I love this show: it’s full of interesting stuff told in short, sharp takes. A fish recipe, Versailles’ gardens and a new hi-tech dog tag ... something for everyone.

xss vulnrability in wordpress

Hey guys i wanted to share with u a vulnerability in a WordPress plugin i found.

# WordPress WP-Password Plugin XSS Vulnerability

###########################

[+] Exploit Title: WordPress WP-Password Plugin XSS Vulnerability
[+] Find: 2014
[+] Category: WebApp
[+] Google Dork: inurl:"/wp-content/plugins/wp-password/login.php"
[+] Tested On: Windows - Linux
[+] Site:

###########################################
###########################################

# Type: XSS Vulnerability

# Exploit: http://Site.com/{Path}/wp-content/plugins/wp-password/login.php?err={Your Text}

# Explaination: Copy The Dork In Google - Open A Site - Delete All Texts After login.php

Copy This Code At The End Of The Url: ?err={Your Text} - And End

###########################################
###########################################
Greets to: to alll hacker and newbi and lammer ;p
###########################################
###########################################

this exploit works exceptionally well.
if any of you have any ideas to add to this or want to share your own exploits please drop them down in the comments. would love to hear back from you guys.

These Sites Tell Which Of Your Accounts Have Been Hacked

Heartbleed, the massive flaw in web encryption recently made public, is just one of the unending stream of vulnerabilities that enables hackers to steal personal details and passwords from companies with which you do business.

Of recent, a number of websites have opened up shop to alert users when such attacks happen.

For example, haveibeenpwned.comallows you to enter in an email address to see if hackers have compromised it. For example, a check of one email address I use only with companies showed that it had been breached in October – along with 153 million others — when Adobe’s accounts were hacked.

A check of an email address I use just for Forbes.com (and one I knew had an issue earlier this year) also showed it had been breached, with a useful explanation below. “In February 2014, the Forbes website succumbed to an attack that leaked over 1 million user accounts,” the site said. “The attack was attributed to the Syrian Electronic Army, allegedly as retribution for a perceived ‘Hate of Syria.’”

Another site, PwnedList, found those where both email addresses had been hacked and gave a date of the hack, but did not say where the issues occurred.Shouldichangemypassword.com offers a similar service. All are free and offer to notify users in the future if an email address is compromised.

Screens shot of PwnedList.

These sites may see more traffic in coming weeks if theHeartbleed security flaw leads to a whole new series of hacked sites, as many experts forecast.

“If this issue isn’t fixed immediately at all companies (which it won’t be), then we can expect to see a large number of breaches and leaks enabled by this vulnerability,” said Steve Thomas, the co-founder of PwnedList. “We are preparing our database for a rapid increase in the number of compromised credentials, which Heartbleed will certainly contribute to.”

PwnedList makes its money by alerting corporate clients to hacking attacks, which in many cases affect not the firms themselves but their outside vendors. It says its clients include publisher Reed Elsevier RUK -0.43%, password service LastPass, one of world’s largest social networks, and one of largest aeronautics  and personal appliance firms.

It catches wind of new breaches by hanging around Internet hacker sites. “Once we join those we get access to everything that is getting passed around,” says Thomas. “Primary hackers will say ‘I just broke into XYZ company, here is their user list.’” Sometimes hackers broadcast their accomplishments on Twitter, but some boasts have not actually occurred.

He estimates that PwnedList learns of about a dozen different data leaks every day, with 100,000 to 500,000 compromised credentials.

Alen Puzic (seated) and Steve Thomas, co-founders of PwnedList (Photo courtesy of PwnedList)

The site haveibeenpwned.com, set up late in 2013, is the pet project of Troy Hunt, an Australian who works as an architect at a large company by day.  He concentrates on the larger data breaches, and adds one to two different data sets a week to his site. “It is a bit of a laborious process,” he said. “It doesn’t make any money. I guess it is a hobby and public service.”

Hunt would like to see companies whose systems are breached be more responsive in reaching out to their affected customers. Often, he said, there is a long lag time before they own up to what has happened.

“People, sort of rightly say, ‘Wait, hang on a second, why didn’t these guys tell me?’” he said. “What surprises me a little about it is when there is a compromise, the company that is being compromised is in the best position of all to say whether it is legitimate or not. The vacuum of information from companies that are alleged to have been compromised is not a healthy thing.”

“One thing we have got to be cautious about is there is a lot of people go out and beat the drums and say we’ve just compromised the NSA, for example, here’s all their passwords, and it’s just fraudulent.”

After processing so many breaches through his site, Hunt has strengthened his own personal security drill and recommends the same for others: he uses only strong, unmemorable passwords for each account, and turns to a secure password manager to keep track of all that information.

Microsoft Word Is Under A Hack Attack: Do Not Open Documents Named '.RTF'

Microsoft Corp. on Monday issued an emergency security warning saying that hackers have found a way to booby-trap certain common Word files with the .rtf extension.Microsoft says it's aware of attacks going on now, but there's no fix yet to stop the hackers. It's working on a way to stop the bug.

The only way to be sure your computer won't get infected is not to open a document with the .rtf file extension until Microsoft says it's fine to do so.
This is the worst kind of attack. A hacker who manages to get you to open a booby-trapped file can gain control of your computer. From there, the hacker can do all kinds of things. For instance, the hacker can turn your computer into a so-called zombie by putting it on an illegal botnet. That means hackers can use your computer as part of a bigger network of computers to do all kinds of illegal things — like send spam, spread viruses, and commit fraud.
Even scarier is that the hack could work in preview mode. That's where you don't actually open the file but view it in an email instead. Outlook, for instance, lets you preview attachments.
Microsoft is recommending that you block all .rtf documents from your computer. It released a free tool that will set that up for you.
While .rtf files are not the default for Microsoft Word — the default is .docx or .doc — this is not a strange or unusual type of document. RTF stands for rich text format. For example, it's the default file format used by TextEdit, the free word-processing app that comes with Macs.
If people tend to email you a lot of Word documents, and you don't want to block all .rtf documents, another good choice is to set up your email to be in text mode, recommends security blogger Paul Ducklin via the Sophos security blog. The downside: This can make formatted emails, like newsletters, more difficult to read.

Read more: http://www.businessinsider.com/hackers-are-attacking-microsoft-word-2014-3#ixzz2x0V5361y

‘Password’ is the password: Feds easy target for hackers despite billions spent

 

Government agencies in the United States are often failing to implement even the most basic deterrents that would boost their cybersecurity efforts, a new Senate report found.
According to the report – authored by Senator Tom Coburn (R-Okla.) and staff members at the Homeland Security and Governmental Affairs Committee – numerous federal agencies are leaving themselves open to cyberattacks simply by declining to fix simple, straightforward network problems.
The new findings surfaced despite the fact that the United States has boosted spending on cybsersecurity. Roughly $65 billion has been spent on securing computers and networks since 2006, the survey stated, but agencies “continue to leave themselves vulnerable, often by failing to take the most basic steps towards securing their systems and information.” One disturbing example was the lack of strong passwords in the government networks; a common key code was simply the word “password.”
Deficiencies in federal systems spanned multiple agencies, including those housing sensitive information such as the Nuclear Regulatory Commission, the Securities and Exchange Commission, and the Internal Revenue Service.
Even the Department of Homeland Security, which is responsible for supervising the security of all unclassified federal networks, is apparently lacking in its preparation. The report found “hundreds of vulnerabilities” on its systems, including “failures to update basic software [anti-virus programs, Microsoft Office, etc.]...the sort of basic security measure just about any American with a computer has performed.”
“None of the other agencies want to listen to Homeland Security when they aren’t taking care of their own systems,” Coburn, the ranking Republican on the committee that drafted the report, told The Washington Post. “They aren’t even doing the simple stuff.”
Some security breaches have been chalked up to pranks, such as last year’s hack that used the Emergency Broadcast System to air messages warning of zombie attacks in Michigan, Montana, and North Dakota.
Others have been more serious. A year ago, hackers stole a database of information regarding the United States’ 85,000 dams, including the “potential for fatalities if breached.” Meanwhile, the report found the Nuclear Regulatory Commission routinely stored security information for nuclear plants on a shared, unprotected drive. The SEC risked disaster as well, exposing sensitive information about the stock market’s systems and security.
In addition to these cases, more than 48,000 other “incidents” involving federal systems were reported to the DHS in the 2012 fiscal year. To make matters even more worrying, federal tests found that civilian agencies don’t detect about 40 percent of intrusions into their networks.
In the face of the Senate report, the White House acknowledged there’s still more work to be done in order for federal agencies to secure their networks.
“Almost every agency faces a cybersecurity challenge,” Michael Daniel, special assistant to the president on cybersecurity policy, said to the Post. “Some are farther along than others in driving awareness of it. It often depends on whether they’ve been in the crosshairs of a major cyber incident.”
Over the course of the past year, US officials have warned that cyberattacks now constitute the number one security threat to the country, and that China in particular has been responsible for a new digital offensive. In a particularly troubling case for the US, Chinese hackers were able to access sensitive information regarding some of the country’s most sophisticated weaponry.
China, for its part, adamantly denies the accusations. It claims to have “mountains of data” detailing attacks from the United States, and regards the US itself as the leading digital hacker.

Happy Birthday Internet! World Wide Web Turns 25

 
(CNN) – It was 1993 when David Wood got his first look at the World Wide Web.

Working as a consultant for the city of Palo Alto, California, in the epicenter of the dotcom universe, some researchers pulled up a Web page created by the Vatican, showcasing some of its artwork.

“The Web pages back then had that gray and black text and embedded images. There was no fancy layout; it was very simplistic,” he said.

“But it was powerful. I said, ‘My God, this is it. This is what’s going to define the next phase of my life.’ It was a quite powerful, transformative concept.”

It’s hard for some of us to imagine now. But before broadband and YouTube, before instant streaming and overnight deliveries from Amazon, the early Web was a slow, simple and sparsely populated place.

As the Web turns 25 this week, folks who remember those early days have been reminiscing about life online in the early to mid-1990s. One word that comes up over and over again? “Slow.”

A 1995 survey by the Pew Research Center found that just 14% of U.S. adults had Internet access, and among them, only 2% had access via a top-of-the-line 28.8k modem.

“That was screaming (fast),” said Lee Rainey, the director of Pew’s Internet Project. “Now, that would make people riot in the streets, it’s so slow.”

Wood, now chief technology officer with linked-data company 3 Round Stones, would go on to a career on the Web and to author several books about it. But in the early to mid-’90s, it wasn’t always an easy sell.

“When I would show people the Web on dial-up, you’d whip out a laptop and dial up with a 14.4k modem,” he said. “The page might take a minute or two or three or five to come down. You could see the hasher lines coming across from left to right as the page would slowly load.
“People would look at this and say, ‘Why is this interesting?’ “

Invented by Tim Berners-Lee, the Web made accessing the Internet (no, they’re not the same thing) easier for millions.

“The really early users were total geeks,” Rainey said. “They had to know coding. They had to know sophisticated prompts to get information from different places. They had to tell their computers so they would know exactly where to go.”

That started changing as folks started opening their mailboxes and finding discs from Web-portal services like AOL, Compuserve and Prodigy. But even that more-accessible Internet was a far cry from what we know today.

“It was mostly a text experience that was dominated, to some degree, by websites of major publishers who were just trying to use this new platform to essentially replicate what they already had,” Rainey said. “CNN.com was basically what was on television. The New York Times was basically what was in the paper.”

Take a look at early versions of some of today’s most popular websites, and the contrast is stark. Now, the homepage for the White House features an elegant design that incorporates hundreds of links to videos, photo galleries, podcasts and other media. In 1996, the same URL took you to a stretched-out glob of black text on a plain white background, topped by the oh-so-catchy headline “Search White House Press Releases, Radio Addresses, Photos and Web Pages.”

Go to Yahoo today, and you can scroll through a 95-image gallery of links to news stories, choose from a list of links to trending topics, check on your stocks or jump straight to Yahoo-owned services like Tumblr and Flickr.

Time warp to 1996, and there’s not a photo to be seen. Yahoo’s homepage featured little more than a pile of hyperlinks that left half the page blank.

Oh, and that movie you streamed last night? Or the song it took you 20 seconds to download from iTunes or Google Play? Few Web users were even dreaming about them.

“If you had a music player or other streaming device, it was very scratchy,” Rainey said. “Words were interrupted. There were lots of hiccups in the server. But people lived with that because it was kind of exciting to have it happening in the first place.”

Wood concurs. For Web pioneers, and those who followed soon behind, experimenting with its emerging capabilities was, in part, its own reward.

“It’s like coffee culture versus tea culture,” he said. “With coffee, you’re gulping it down, trying to get your caffeine. Tea culture is more sipping and experiencing the taste.

“We had a sipping culture back then, and now we have a gulping culture. That’s the big change. It was a small number of geeks who were tasting this concept for the first time. We were getting little bits. We were tasting them, and we were saying, ‘How could this change the world?’ “

iOS 7.1 Kills Evasi0n7 Jailbreak Tool While Apple Gives Credit To Evad3rs For Key Security Changes

Jailbreak users are recommended not to update their devices to the new iOS 7.1 if they want keep their jailbreak unharmed. Reuters

Apple’s (NASDAQ:AAPL) latest iOS 7.1 firmware update patched evasi0n7, the untethered jailbreak tool that was released to jailbreak devices running on iOS 7, while the company also gave credit to evad3rs -- the jailbreakers’ team that created evasi0n7 -- for some significant security changes introduced in iOS 7.1.

ADVERTISEMENT

Following the release of the iOS 7.1 on Monday, reports began appearing on the Internet claiming that the latest iOS version has killed all the exploits that were used by the hackers to develop evasi0n7 to perform an untethered jailbreak on iOS 7 devices. According to the reports, jailbreak users should not update their devices to the new iOS 7.1 if they want to keep their jailbreak unharmed.
MuscleNerd, a renowned iOS hacker and jailbreak developer, also recommended the same for his followers on Twitter.

 

Currently, there is no indication from evad3rs that evasi0n7 will be updated to support iOS 7.1.
Meanwhile, Apple has updated the support web page on its website with a newly created document, which describes multiple iOS 7.1 security changes and improvements. In the document, the company gave credit to evad3rs members for reporting issues and helping Apple implement four key changes to the iOS 7.1 firmware.
The first improvement deals with a bug, which allowed a maliciously crafted backup to alter the iOS file system in devices, including the iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later.
The second security change was related to a crash-reporting issue, which could allow a local user to change permissions on arbitrary files on the affected devices.
The third security concern dealt with a kernel issue that could allow for an unexpected system termination or arbitrary code execution in the kernel itself, which goes into the making of jailbreaks. Here is how Apple described the issue:

An out of bounds memory access issue existed in the ARM ptmx_get_ioctl function. This issue was addressed through improved bounds checking.

The remaining security issue was related to a bug, which could enable an unauthorized user to bypass code-signing requirements on the affected devices.
In addition, Apple also credited Stefan Esser, another iOS hacker, for a bug that could enable an attacker to entice a user into downloading a malicious app via Enterprise App Download.
Apple has thanked iOS hackers for their exploits in the past as well. In 2012, the company gave credit to the iOS Jailbreak Dream Team for discovering a kernel exploit that was patched in iOS 5.1. After the release of iOS 6.1.3 in March 2013, Apple thanked evad3rs for helping it fix four bugs, iDownloadBlog reported.

Latest Google Hacking Entries

 Latest Google Hacking Entries

Date	Title	Category
2014-02-28	intitle:Admin inurl:login.php site:.co.in	Pages containing login portals
2014-02-05	intitle:not accepted inurl:"union+select"...	Various Online Devices
2014-02-05	allinurl:"zimbra/?zinitmode=http" -googl...	Pages containing login portals
2014-02-05	intext:"Access denied for" intitle:"...	Error Messages
2014-02-05	allinurl:/hide_my_wp=	Sensitive Directories
2014-02-05	inurl:"/reports/rwservlet" intext:"...	Vulnerable Servers
2014-02-05	intitle:"pChart 2.x - examples" intext:&...	Advisories and Vulnerabilities
2014-02-05	"[function.getimagesize]: failed to open stre...	Error Messages
2014-02-05	site:bitbucket.org inurl:.bash_history	Files containing juicy info
2014-01-03	allinurl:"/main/auth/profile.php" -githu...	Pages containing login portals

Vietnamese blogger jailed for two years for 'abusing democratic freedoms'

A Vietnamese blogger, Truong Duy Nhat, has been sentenced to two years in prison on a charge of "abusing democratic freedoms to infringe on the interests of the state and on the legitimate rights and interests or organisations and citizens."
Nhat, 50, who lives in the central city of Danang, insisted on his innocence throughout his trial. He acknowledged posting content critical of the authorities but denied that it violated any law.
He has been under detention since his arrest in May 2013. He used to work for various state-controlled newspapers – including the police paper, Bao Cong An Quang Nam Danang – until launching his blog, "Another point of view," in 2011.
Benjamin Ismaïl, of the press freedom watchdog, Reporters Without Borders, said: "We are outraged by the continuing persecution of bloggers. Like Le Quoc Quan, whose jail term was upheld two weeks ago, Nhat is being jailed for his commitment to Vietnam's right to an alternative to the information provided by the state propaganda machine.
"We demand the release of Nhat and all the other detained bloggers, who are guilty solely of promoting freedom of information in Vietnam."
Sources: RSF/Washington Times. To sign the petition calling for the release of 35 Vietnamese bloggers go here

Top 10 Important command prompt's commands

i know right what hacker still uses windows but if u are this post is for u

1. ipconfig :
                  This is the top most command for seeing the ip address,subnet mask and default gateway also includes display and flush DNS cache, re-register the system name in DNS..  This will most useful tool for viewing and troubleshooting TCP/IP problem.

• To view ip ,subnet mask address : ipconfig
• To view all TCP/IP information, use: ipconfig /all
• To view the local DNS cache, use: ipconfig /displaydns
• To delete the contents in the local DNS cache, use: ipconfig /flushdns 
 

2.systeminfo

Have a need to display operating system configuration information for a local or remote machine, including service pack levels? Then systeminfo is the tool to use. When I need to connect to a system that I am not familiar with, this is the first tool I run. The output of this command gives me all the info I need including: host name, OS type, version, product ID, install date, boot time and hardware info (processor and memory). Also knowing what hot fixes are installed can be a big help when troubleshooting problems. This tool can be used to connect to a machine remotely using the following syntax: SYSTEMINFO /S system /U user

3. tasklist and taskkill 

If you work with Task Manager (ctrl+alt+del) ,you can easily understand this.  Task list is list of task which are running on windows currently.  If you open any application,it will be added to task.

To List the Tasks type in cmd as :

          tasklist

 This will show the list of task which are running as shown in the picture

To stop the Process or task ,there is two methods :
Using Image Name:
   We can kill the task using its Image Name as follows:

                       tasklist /im notepad.exe

Using Process Id:
  we can stop the process using its process id as follows :

                tasklist /pid 1852

4. type
 type is used to read the text document in command prompt .  You can read multiple text in continuously

type filename.txt

5.netstat
Need to know who (or what) is making a connection to your computer? Then netstat is the tool you want to run. The output provides valuable information of all connections and listening ports, including the executable used in the connections. In additon to the above info, you can view Ethernet statistics, and resolve connecting host IP Addresses to a fully qualified domain name. I usually run the netstat command using the -a (displays all connection info), -n (sorts in numerical form) and -b (displays executable name) switches.

6.net command
Although this tool is more known as a command, the net command is really like a power drill with different bits and is used to update, fix, or view the network or network settings.
It is mostly used for viewing (only services that are started), stopping and starting services:

• net stop server
• net start server
• net start (display running services)

and for connecting (mapping) and disconnecting with shared network drives:

• net use m: \\myserver\sharename
• net use m: \\myserver\sharename /delete

Other commands used with net command are, accounts (manage user accounts), net print (manage print jobs), and net share (manage shares).
Below are all the options that can be used with the net command.

[ ACCOUNTS | COMPUTER | CONFIG | CONTINUE | FILE | GROUP | HELP |HELPMSG | LOCALGROUP | PAUSE | PRINT | SESSION | SHARE | START |STATISTICS | STOP | TIME | USE | USER | VIEW ]

7 - nslookup - With the Internet, DNS (Domain Name Service) is the key for allowing us to use friendly names when surfing the web instead of needing to remember IP Addresses. But when there are problems, nslookup can be a valuable tool for testing and troubleshooting DNS servers.
Nslookup can be run in two modes: interactive and noninteractive. Noninteractive mode is useful when only a single piece of data needs to be returned. For example, to resolve google.com:

To use the interactive mode, just type nslookup at the prompt. To see all available options, type help while in interactive mode.

Don't let the help results intimidate you. Nslookup is easy to use. Some of the options I use when troubleshooting are:
set ds (displays detailed debugging information of behind the scenes communication when resolving an host or IP Address).
set domain (sets the default domain to use when resolving, so you don't need to type the fully qualified name each time).
set type (sets the query record type that will be returned, such as A, MX, NS)
server NAME (allows you to point nslookup to use other DNS servers than what is configured on your computer)
To exit out of interactive mode, type exit .

8 - ping and tracert - These tools can be helpful with connectivity to other systems. Ping will test whether a particular host is reachable across an IP network, while tracert (traceroute) is used to determine the route taken by packets across an IP network.
To ping a system just type at the prompt: ping www.google.com. By default, ping will send three ICMP request to the host and listen for ICMP “echo response” replies. Ping also includes switches to control the number of echo requests to send (-n ), and to resolve IP addresses to hostname (-a ).
To use tracert, type at the prompt: tracert www.google.com. You can force tracert to not resolve address to hostnames by using the -d switch, or set the desired timeout (milliseconds) for each reply using -w switch.


9 - gpresult - Used mostly in environments that implement group poicies, gpresults (Group Policy Results) verifies all policy settings in effect for a specific user or computer. The command is simple to use, just enter gpresults at the prompt. It can also be used to connect to computers remotely using the /S and /U switches.

10 - netsh - Without a doubt the most powerful command line tool available in Windows. Netsh is like the swiss army knife for configuring and monitoring Windows computers from the command prompt. It capabilities include:

• Configure interfaces
• Configure routing protocols
• Configure filters
• Configure routes
• Configure remote access behavior for Windows-based remote access routers that are running the Routing and Remote Access Server (RRAS) Service
• Display the configuration of a currently running router on any computer

Some examples of what you can do with netsh:

• Enable or disable Windows firewall:

netsh firewall set opmode disable
netsh firewall set opmode disable

• Enable or disable ICMP Echo Request (for pinging) in Windows firewall:

netsh firewall set icmpsetting 8 enable
netsh firewall set icmpsetting 8 disable

• Configure your NIC to automatically obtain an IP address from a DHCP server:

netsh interface ip set address "Local Area Connection" dhcp

(For the above command, if your NIC is named something else, use netsh interface ip show config and replace the name at Local Area Connection).
As you can see netsh can do alot. Instead of re-inventing the wheel, check out the following Microsoft article for more info on netsh.