The Hack o blog

Reinventing the weel

Category Archives: 0Day News

Google+(plus) silently censors the “7 dirty words” from streams.

Image representing Google as depicted in Crunc...

Image via CrunchBase

A user of the r/YouShouldKnow subreddit of Reddit has brought to my attention of the a new Google plus social networking platform censorship filter.

 

Posts with any of the “Seven Dirty Words” will not show up on your or your friend’s stream. It’ll be visible on your profile to anyone who browses there, but will be blocked from the “streams” pages. This means that someone has to be browsing your profile directly to see the post. Noone in your shared circles will know it’s there otherwise. As of yet, there’s no preference for choosing to view such censored content.

 

Read more of this post

Advertisements

Sony (XSS) cross site scripting.

Image representing Sony as depicted in CrunchBase

Well it is most definitely by now no secret that Sony’s online security is some what lacking,  I’m not sure when Sony will get there act together lets hope soon the only Xbox game I have is The Orange Box.

Read more of this post

​ X Factor & fox.com hacked, contestants database leaked.

The X Factor (Australia)

Image via Wikipedia

A new teem of hackers that go by the name LulzSec has hacked the X Factor contestants database, More information to come so subscribe for updates, i’m assuming there were big  holes left open.

Dropbox authentication exploit, dbClone.

Image representing Dropbox as depicted in Crun...

Image via CrunchBase

After reading this article on dereknewton.com about Dropbox’s insecure design, sablefoxx: a resourceful young coder on the forum created a python application to exploit the insecure design of the most popular file synchronisation tool Dropbox.

Read more of this post

The Comodo Hacker Released Mozilla certificate for “real dumbs”

Category:WikiProject Cryptography participants

Image via Wikipedia

The Hacker that fraudulently obtained the Comodo.com SSL certificate published it on paste bin, i have not had time to verify yet, so subscribe for updates. ( Hes English is all most a good as mine)

Read more of this post

An Anonymous hacker decompiles Stuxnet, posts on Github.

SVG version of Bug silk.png by Avatar

Image via Wikipedia

An Anonymous hacker de-compiles StuxNet, and posts source code on Github.

Stuxnet is a Windows computer worm discovered in July 2010 that targets industrial software and equipment While it is not the first time that hackers have targeted industrial systems, it is the first discovered malware that spies on and subverts industrial systems, and the first to include a programmable logic controller (PLC) rootkit.

https://github.com/Laurelai/decompile-dump

How to get root on rootkit.com, a step-by-step of how Anonymous gained root access.

Auth ssh

Image via Wikipedia

This brief text file shows how simple it was for anonymous to get  access  to Greg Hoglands website rootkit.com:

Read more of this post

Researchers steal iPhone passwords in six minutes

Image representing iPhone as depicted in Crunc...

Image via CrunchBase

 

 

The paper highlights risks that accompany losing a locked iOS device regarding confidentiality of passwords stored in the key chain. It presents results of Handson tests that show the possibility for attackers to reveal some of the key chain entries. For the described approach, the knowledge of the user’s secret pass code is not needed, as the protection provided by the pass code is bypassed.

link to pepper

 

 

Researchers at the Fraunhofer Institute Secure Information Technology (Fraunhofer SIT) can jailbreak and decrypt passwords from the iPhone‘s for your Mail account, corporate VPN, WiFi, among others.

 

 

Hotmail exploit that allows changing of a large percentage of peoples passwords.

Windows Live Hotmail logo

Image via Wikipedia

It is now fixed, but here is the Hotmail exploit.

The link: https://maccount.live.com/ac/resetpwdmain.aspx

How it worked:

  1. Type in the Hotmail email you want to change the password for.
  2. Fill out the captcha.
  3. View page source on the next page and see what the users secondary email is (if it exists).
  4. Check to see if the email is registered (alot of people don’t even bother registering them). If it is, do the same thing you just did and keep going back until you have control over the first account you can.
  5. Reset passwords to those emails address in a daisy-chain fashion until you have control.

The old email used to be a hidden input element on the password reset form, but they just fixed it.

(source)

Kinect open source driver’s

Image representing Xbox as depicted in CrunchBase

Image via CrunchBase

Microsoft Kinect  has been reversed and there is now an open source driver, ooo the fun we will have.

What is Kinect?

Kinect for Xbox 360, or simply Kinect (originally known by the code name Project Natal (pronounced /nəˈtɒl/ nə-tahl)), is a “controller-free gaming and entertainment experience” by Microsoft for the Xbox 360 video game platform, and may later be supported by PCs via Windows 8. Based around a webcam-style add-on peripheral for the Xbox 360 console, it enables users to control and interact with the Xbox 360 without the need to touch a game controller through a natural user interface using gestures, spoken commands, or presented objects and images. The project is aimed at broadening the Xbox 360’s audience beyond its typical gamer base. It will compete with the Wii Remote with Wii MotionPlus and PlayStation Move motion control systems for the Wii and PlayStation 3 home consoles, respectively. Kinect is scheduled to launch worldwide starting with North America in November.

the source is here http://git.marcansoft.com/?p=libfreenect.git

This will only work under Linux but the windows drivers for the Kinect I’m positive will not be that far behind, I will update as fast as a can on any projects, also I hope he gets the $2000 prize.