Showing posts with label Hackers. Show all posts
Showing posts with label Hackers. Show all posts
Google has local domains for most of the countries in the world. Just few minutes ago some group of hackers hacked into Google's Palestine Domain, however Google has recovered the domain, we still managed to take the screen shot of the defaced page.
"uncle google we say hi from Palestine to remember you that the country in Google map not called Israel. Its called Palestine" The hacker wrote in the defacement.
"#Question : What would happens if we changed the country title of Israel to Palestine in Google Maps..!" The defacement message reads. "It would be revolution. So Listen rihanna and be cool".
If you still wants to see the deface page you can see that using the Google's cache for few hours more.
Search in Google " google.ps/ " as below
★ DDoS =
Distributed Denial of Service
★ DrDoS =
Distributed Reflected Denial of Service Attack, uses a list of reflection servers or other methods such as DNS to spoof an attack to look like it's coming from multiple ips. Amplification of power in the attack COULD occur.
★ FTP =
File Transfer Protocol. Used for transferring files over an FTP server.
★ FUD =
Fully Undetectable
★ Hex =
In computer science, hexadecimal refers to base-16 numbers. These are numbers that use digits in the range: 0123456789ABCDEF. In the C programming language (as well as Java, JavaScript, C++, and other places), hexadecimal numbers are prefixed by a 0x. In this manner, one can tell that the number 0x80 is equivalent to 128 decimal, not 80 decimal.
★ HTTP =
Hyper Text Transfer Protocol. The foundation of data communication for the World Wide Web.
★ IRC =
Internet Relay Chat. Transmiting text messages in real time between online users.
★ JDB =
Java drive-by, a very commonly used web-based exploit which allows an attacker to download and execute malicious code locally on a slave's machine through a widely known java vulnerability.
★ Malware =
Malicious Software
★ Nix =
Unix based operating system, usually refered to here when refering to DoS'ing.
★ POP3 =
This is the most popular protocol for picking up e-mail from a server.
★ R.A.T = Remote Administration Tool
★ SDB =
Silent drive-by, using a zero day web-based exploit to hiddenly and un-detectably download and execute malicious code on a slave's system. (similar to a JDB however no notification or warning is given to the user)
★ SE =
Social Engineering
★ Skid =
Script Kid/Script Kiddie
★ SMTP =
A TCP/IP protocol used in sending and receiving e-mail.
★ SQL =
Structured Query Language. It's a programming language, that used to communicate with databases and DBMS. Can go along with a word after it, such as "SQL Injection."
★ SSH =
Secure Shell, used to connect to Virtual Private Servers.
★ TCP =
Transmission Control Protocol, creates connections and exchanges packets of data.
★ UDP =
User Datagram Protocol, An alternative data transport to TCP used for DNS, Voice over IP, and file sharing.
★ VPN =
Virtual Private Network
★ VPS =
Virtual Private Server
★ XSS (CSS) =
Cross Site Scripting
Words
Algorithm =
A series of steps specifying which actions to take in which order.
ANSI Bomb =
ANSI.SYS key-remapping commands consist of cryptic-looking text that specifies, using ansi numeric codes to redefine keys.
Back Door =
Something a hacker leaves behind on a system in order to be able to get back in at a later time.
Binary =
A numbering system in which there are only two possible values for each digit: 0 and 1.
Black Hat =
A hacker who performs illegal actions to do with hacking online. (Bad guy, per se)
Blue Hat =
A blue hat hacker is someone outside computer security consulting firms who is used to bug test a system prior to its launch, looking for exploits so they can be closed. Microsoft also uses the term BlueHat to represent a series of security briefing events.
Bot =
A piece of malware that connects computer to an attacker commonly using the HTTP or IRC protocal to await malicous instructions.
Botnet =
Computers infected by worms or Trojans and taken over by hackers and brought into networks to send spam, more viruses, or launch denial of service attacks.
Buffer Overflow =
A classic exploit that sends more data than a programmer expects to receive. Buffer overflows are one of the most common programming errors, and the ones most likely to slip through quality assurance testing.
Cracker =
A specific type of hacker who decrypts passwords or breaks software copy protection schemes.
DDoS =
Distributed denial of service. Flooding someones connection with packets. Servers or web-hosted shells can send packets to a connection on a website usually from a booter.
Deface =
A website deface is an attack on a site that changes the appearance of the site or a certain webpage on the site.
Dictionary Attack =
A dictionary attack is an attack in which a cyber criminal can attempt to gain your account password. The attack uses a dictionary file, a simple list of possible passwords, and a program which fills them in. The program just fills in every single possible password on the list, untill it has found the correct one. Dictionary files usually contain the most common used passwords.
DOX =
Personal information about someone on the Internet usualy contains real name, address, phone number, SSN, credit card number, etc.
E-Whore =
A person who manipulates other people to believe that he/she is a beautiful girl doing cam shows or selling sexual pictures to make money.
Encryption =
In cryptography, encryption applies mathematical operations to data in order to render it incomprehensible. The only way to read the data is apply the reverse mathematical operations. In technical speak, encryption is applies mathematical algorithms with a key that converts plaintext to ciphertext. Only someone in possession of the key can decrypt the message.
Exploit =
A way of breaking into a system. An exploit takes advantage of a weakness in a system in order to hack it.
FUD =
Fully undetectable, can be used in many terms. Generally in combination with crypters, or when trying to infect someone.
Grey Hat =
A grey hat hacker is a combination of a Black Hat and a White Hat Hacker. A Grey Hat Hacker may surf the internet and hack into a computer system for the sole purpose of notifying the administrator that their system has been hacked, for example. Then they may offer to repair their system for a small fee.
Hacker (definition is widely disputed among people...) = A hacker is someone who is able to manipulate the inner workings of computers, information, and technology to work in his/her favor.
Hacktivist =
A hacktivist is a hacker who utilizes technology to announce a social, ideological, religious, or political message. In general, most hacktivism involves website defacement or denial-of-service attacks.
IP Address =
On the Internet, your IP address is the unique number that others use to send you traffic.
IP Grabber =
A link that grabs someone's IP when they visit it.
Keylogger =
A software program that records all keystrokes on a computer's keyboard, used as a surveillance tool or covertly as spyware.
Leach = A cultural term in the warez community referring to people who download lots of stuff but never give back to the community.
LOIC/HOIC =
Tool(s) used by many anonymous members to conduct DDoS attacks. It is not recommended to use these under any circumstances.
Malware =
Software designed to do all kinds of evil stuff like stealing identity information, running DDoS attacks, or soliciting money from the slave.
Neophyte =
A neophyte, "n00b", or "newbie" is someone who is new to hacking or phreaking and has almost no knowledge or experience of the workings of technology, and hacking.
smith =
Somebody new to a forum/game.
OldFag =
Somebody who's been around a forum/game for a long time.
Packet =
Data that is sent across the Internet is broken up into packets, sent individually across the network, and reassembled back into the original data at the other end.
Phreak =
Phone Freaks. Hackers who hack cell phones for free calling. Free Long distance calling. Etc.
Phreaking =
The art and science of cracking the phone network.
Proxy =
A proxy is something that acts as a server, but when given requests from clients, acts itself as a client to the real servers.
Rainbow Table =
A rainbow table is a table of possible passwords and their hashes. It is way faster to crack a password using rainbow tables then using a dictionary attack (Bruteforce).
Remote Administration Tool =
A tool which is used to remotely control (an)other machine(s). These can be used for monitoring user actions, but often misused by cyber criminals as malware, to get their hands on valuable information, such as log in credentials.
Resolver =
Software created to get an IP address through IM (instant messenger, like Skype/MSN) programs.
Reverse Engineering =
A technique whereby the hacker attempts to discover secrets about a program. Often used by crackers, and in direct modifications to a process/application.
Root =
Highest permission level on a computer, able to modify anything on the system without restriction.
Rootkit (ring3 ring0) =
A powerful exploit used by malware to conceal all traces that it exists. Ring3 - Can be removed easily without booting in safemode. Ring0 - Very hard to remove and very rare in the wild, these can require you to format, it's very hard to remove certain ring0 rootkits without safemode.
Script Kiddie =
A script kid, or skid is a term used to describe those who use scripts created by others to hack computer systems and websites. Used as an insult, meaning that they know nothing about hacking.
Shell =
The common meaning here is a hacked web server with a DoS script uploaded to conduct DDoS attacks via a booter. OR A shell is an script-executing unit - Something you'd stick somewhere in order to execute commands of your choice.
Social Engineer =
Social engineering is a form of hacking that targets people's minds rather than their computers. A typical example is sending out snail mail marketing materials with the words "You may already have won" emblazoned across the outside of the letter. As you can see, social engineering is not unique to hackers; it's main practitioners are the marketing departments of corporations.
Spoof =
The word spoof generally means the act of forging your identity. More specifically, it refers to forging the sender's IP address (IP spoofing). (Spoofing an extension for a RAT to change it from .exe to .jpg, etc.)
SQL Injection =
An SQL injection is a method often used to hack SQL databases via a website, and gain admin control (sometimes) of the site. You can attack programs with SQLi too.
Trojan =
A Trojan is a type of malware that masquerades as a legitimate file or helpful program with the ultimate purpose of granting a hacker unauthorized access to a computer.
VPS =
The term is used for emphasizing that the virtual machine, although running in software on the same physical computer as other customers' virtual machines, is in many respects functionally
equivalent to a separate physical computer, is dedicated to the individual customer's needs, has the privacy of a separate physical computer, and can be configured to run server software.
Warez =
Software piracy
White Hat =
A "white hat" refers to an ethical hacker, or a computer security expert, who specializes in penetration testing and in other testing methods to ensure the security of a businesses information systems. (Good guy, per se)
Worm =
Software designed to spread malware with little to no human interaction.
Zero Day Exploit =
An attack that exploits a previously unknown vulnerability in a computer application, meaning that the attack occurs on "day zero" of awareness of the vulnerability. This means that the developers have had zero days to address and patch the vulnerability.
Hackers are aggressively exploiting a just-patched Flash vulnerability, serving attack code "on a fairly large scale" from compromised sites as well as from their own malicious domains, a security researcher said Friday.
The attacks exploit the critical Flash Player bug that Adobe patched June 14 with its second "out-of-band," or emergency update, in nine days.
"CVE-2011-2110 is being exploited in the wild on a fairly large scale," said Steven Adair, a researcher with the Shadowserver Foundation, a volunteer-run group that tracks vulnerabilities and botnets. "In particular this exploit is showing up as a drive-by in several legitimate websites, including those belonging to various NGOs [non-government organizations], aerospace companies, a Korean news site, an Indian government Web site, and a Taiwanese university."
CVE-2011-2110 is the identifier for the Flash vulnerability assigned by the Common Vulnerabilities and Exposures database.
Attackers are also using the exploit in "spear phishing" attacks aimed at specific individuals, said Adair on the Shadowserver site.
Adair called the attacks "nasty" because the exploit "happens seamlessly in the background," giving victims no clue that their systems have been compromised.
When Adobe patched the vulnerability last week, it conceded that exploits were already in use.
Adair also said there's been an increase in Flash-based attacks. "There has been an ongoing assault against Flash Player for several years now, but especially so in the last three months," Adair said.
Adobe has patched Flash Player four times in the last two months, and six times so far this year. Of the six updates, five addressed "zero-day" bugs that attackers were already exploiting at the time the patches were issued.
Brad Arkin, Adobe's director of product security and privacy, acknowledged the problems in keeping ahead of attackers, but blamed the popularity of Flash Player for the attention.
"The installed base [of Flash Player] is a real big part of it," said Arkin. "It's such a widely distributed technology that attackers find it worthwhile to invest the time to carry out some kind of malicious activity. They're making an investment for the biggest return possible."
Arkin also argued that attackers get more bang for their buck by rooting out Flash vulnerabilities than they do looking for bugs in individual browsers because virtually every personal computer has the Flash plug-in installed. "Flash is the code [used in the browser] that has the highest market penetration," he said.
According to Adair, the exploit of CVE-2011-2110 has been in use since June 9, five days before Adobe issued its latest security update. Arkin corroborated that timeline.
Although Adobe's working on boosting Flash's security -- it's collaborated with Google, for example, to sandbox Flash in Chrome -- for now, its best defense is to quickly react to exploits with a patch.
"I think we're more aggressive than Microsoft," said Arkin, referring to the two companies' approaches to shipping out-of-band updates. "Basically, if we have information about attacks in the wild, or if the information is out there on a [security] mailing list -- which means attacks are imminent -- that tends to be a trigger for us to think about an out-of-band."
Microsoft's criteria for deciding whether to issue an emergency patch is confidential, but the company has said it generally considers an out-of-band fix if it sees attacks increasing in volume.
By pushing out a patch as quickly as possible, Adobe believes it squelches discussion among security researchers and attackers.
"If there are attacks in the wild, there will be lots of blog posts analyzing the vulnerability and exploit," said Arkin. "The information migrates from the high end to the low end very quickly. So we squash the debate by fixing it."
Arkin said Adobe has focused on getting patches out quickly, and that the fix for an earlier Flash vulnerability -- one Adobe released June 5 -- had a turn-around of less than 72 hours.
"The more practice we have, the faster we turn around [patches]," Arkin said.
Adair urged everyone to keep Flash Player up-to-date. "If you or your organization runs Adobe Flash and you're not keeping up on these patches ... you are in bad shape," he said.
The newest version of Flash Player can be downloaded from Adobe's Web site. Alternately, users can run the program's integrated update tool or wait for the software to prompt them that a patched edition is available.
The attacks exploit the critical Flash Player bug that Adobe patched June 14 with its second "out-of-band," or emergency update, in nine days.
"CVE-2011-2110 is being exploited in the wild on a fairly large scale," said Steven Adair, a researcher with the Shadowserver Foundation, a volunteer-run group that tracks vulnerabilities and botnets. "In particular this exploit is showing up as a drive-by in several legitimate websites, including those belonging to various NGOs [non-government organizations], aerospace companies, a Korean news site, an Indian government Web site, and a Taiwanese university."
CVE-2011-2110 is the identifier for the Flash vulnerability assigned by the Common Vulnerabilities and Exposures database.
Attackers are also using the exploit in "spear phishing" attacks aimed at specific individuals, said Adair on the Shadowserver site.
Adair called the attacks "nasty" because the exploit "happens seamlessly in the background," giving victims no clue that their systems have been compromised.
When Adobe patched the vulnerability last week, it conceded that exploits were already in use.
Adair also said there's been an increase in Flash-based attacks. "There has been an ongoing assault against Flash Player for several years now, but especially so in the last three months," Adair said.
Adobe has patched Flash Player four times in the last two months, and six times so far this year. Of the six updates, five addressed "zero-day" bugs that attackers were already exploiting at the time the patches were issued.
Brad Arkin, Adobe's director of product security and privacy, acknowledged the problems in keeping ahead of attackers, but blamed the popularity of Flash Player for the attention.
"The installed base [of Flash Player] is a real big part of it," said Arkin. "It's such a widely distributed technology that attackers find it worthwhile to invest the time to carry out some kind of malicious activity. They're making an investment for the biggest return possible."
Arkin also argued that attackers get more bang for their buck by rooting out Flash vulnerabilities than they do looking for bugs in individual browsers because virtually every personal computer has the Flash plug-in installed. "Flash is the code [used in the browser] that has the highest market penetration," he said.
According to Adair, the exploit of CVE-2011-2110 has been in use since June 9, five days before Adobe issued its latest security update. Arkin corroborated that timeline.
Although Adobe's working on boosting Flash's security -- it's collaborated with Google, for example, to sandbox Flash in Chrome -- for now, its best defense is to quickly react to exploits with a patch.
"I think we're more aggressive than Microsoft," said Arkin, referring to the two companies' approaches to shipping out-of-band updates. "Basically, if we have information about attacks in the wild, or if the information is out there on a [security] mailing list -- which means attacks are imminent -- that tends to be a trigger for us to think about an out-of-band."
Microsoft's criteria for deciding whether to issue an emergency patch is confidential, but the company has said it generally considers an out-of-band fix if it sees attacks increasing in volume.
By pushing out a patch as quickly as possible, Adobe believes it squelches discussion among security researchers and attackers.
"If there are attacks in the wild, there will be lots of blog posts analyzing the vulnerability and exploit," said Arkin. "The information migrates from the high end to the low end very quickly. So we squash the debate by fixing it."
Arkin said Adobe has focused on getting patches out quickly, and that the fix for an earlier Flash vulnerability -- one Adobe released June 5 -- had a turn-around of less than 72 hours.
"The more practice we have, the faster we turn around [patches]," Arkin said.
Adair urged everyone to keep Flash Player up-to-date. "If you or your organization runs Adobe Flash and you're not keeping up on these patches ... you are in bad shape," he said.
The newest version of Flash Player can be downloaded from Adobe's Web site. Alternately, users can run the program's integrated update tool or wait for the software to prompt them that a patched edition is available.
Black Hat Hackers
Black hat hackers or crackers perform illegal activities typically with malicious intent. Black hat hacking techniques include advanced programming skills, social engineering tactics or use of semi-automated softwares. Thus these black hat hackers are experienced cyber professionals who are familiar with the working of various operating systems, electronic devices and are familiar with various programming languages like C, Python, Bash etc. They are highly capable of breaking the security and exploiting various digital machines or systems.
White Hat Hackers
These hackers are as capable and experienced as the black hat hackers but they hack to protect the system rather than destroying it i.e. these are ethical hackers who do not abuse the use of computers and help protect the system. Ethical hackers use their abilities in a constructive way and come up with useful hacks that can help the people or protect them from black hat hackers. White hat hackers find loop-holes in a system or system security that are vulnerable to cyber attacks and guard the system by blocking these loop holes.
Grey Hat Hackers
Grey hat hackers fall in between the extreme white and black ends of hacking. You may think of them as half angels and half demons. Their intent of hacking might be malicious or profit-based, or they might be seeking self-satisfaction. These hackers occasionally might break cyber laws but usually work in legal terms. Grey hat hackers usually do not have as much knowledge or experience as white and black hat hackers, but they are highly capable of performing various types of attacks according to their requirement. Just to disambiguate the type of activity that a grey hat hacker might indulge in, let us consider an example - a grey hat hacker may hack a website and subsequently inform the webmaster of the hack in order to help him protect his website from similar attacks.
Script Kiddies
Script Kiddies are the beginners who do not have much knowledge or experience about hacking, but they eventually get trained according to the goals set by themselves or by someone else. These cyber kids do not have much idea of the consequences of their hacking activities because of the inexperience. The reasons behind why they hack are also very trivial like flaunting their skills or taking revenge from someone.
Black hat hackers or crackers perform illegal activities typically with malicious intent. Black hat hacking techniques include advanced programming skills, social engineering tactics or use of semi-automated softwares. Thus these black hat hackers are experienced cyber professionals who are familiar with the working of various operating systems, electronic devices and are familiar with various programming languages like C, Python, Bash etc. They are highly capable of breaking the security and exploiting various digital machines or systems.
White Hat Hackers
These hackers are as capable and experienced as the black hat hackers but they hack to protect the system rather than destroying it i.e. these are ethical hackers who do not abuse the use of computers and help protect the system. Ethical hackers use their abilities in a constructive way and come up with useful hacks that can help the people or protect them from black hat hackers. White hat hackers find loop-holes in a system or system security that are vulnerable to cyber attacks and guard the system by blocking these loop holes.
Grey Hat Hackers
Grey hat hackers fall in between the extreme white and black ends of hacking. You may think of them as half angels and half demons. Their intent of hacking might be malicious or profit-based, or they might be seeking self-satisfaction. These hackers occasionally might break cyber laws but usually work in legal terms. Grey hat hackers usually do not have as much knowledge or experience as white and black hat hackers, but they are highly capable of performing various types of attacks according to their requirement. Just to disambiguate the type of activity that a grey hat hacker might indulge in, let us consider an example - a grey hat hacker may hack a website and subsequently inform the webmaster of the hack in order to help him protect his website from similar attacks.
Script Kiddies
Script Kiddies are the beginners who do not have much knowledge or experience about hacking, but they eventually get trained according to the goals set by themselves or by someone else. These cyber kids do not have much idea of the consequences of their hacking activities because of the inexperience. The reasons behind why they hack are also very trivial like flaunting their skills or taking revenge from someone.
Hacking is a technique used to exploit the weakness in a system in order to view or damage someone's confidential information or data which is not easily available to the common cyber public.
Hackers are cyber criminals who act maliciously and break into security and access to confidential information without any permission.
Ethical Hackers are the good people who are responsible for testing the level of security and pointing out vulnerabilities present in the system and the are actually Crackers.
Hackers are cyber criminals who act maliciously and break into security and access to confidential information without any permission.
Ethical Hackers are the good people who are responsible for testing the level of security and pointing out vulnerabilities present in the system and the are actually Crackers.