Darknet - The Darkside

Don`t Learn to HACK - Hack to LEARN. That`s our motto and we stick to it, we are all about Ethical Hacking, Penetration Testing & Computer Security. We share and comment on interesting infosec related news, tools and more. Follow us on Twitter, Facebook or RSS for the latest updates.

30 May 2006 | 8,452 views

Cambodia Bans 3G So The People Can’t Get P*rn

Don't let a Dragon into your website!

It’s sad when a country has to resort to this to control it’s people, freedom to watch p*rn for Cambodians!

Heeding a request from his wife, Prime Minister Hun Sen on Friday banned the latest generation of mobile phone services in Cambodia to curb the dissemination of p*rnography.

Bun Rany, along with the wives of several other senior government officials, recently urged Hun Sen to prohibit the use of third-generation, or 3G, phones in the impoverished country because they can be used to spread obscene images.

Such phones – which few can afford in Cambodia – are capable of displaying high-quality video and images over wireless broadband connections.

I really don’t see what the big issue with p*rnography is, don’t Cambodians have sex? I mean there is a VERY high rate of mental health issues there, after the khmer rouge regime…but still? Isn’t this a little harsh?

On Friday, Hun Sen said he agrees with his wife and that while Cambodia is still unable to cope with p*rnography on the Internet, “how can we go for video phones?

“Hold it. Do not yet start the mobile phone services through which the callers can see each others’ images,” he said in a speech during a visit to a Buddhist pagoda in the capital, Phnom Penh.

“Maybe we can wait for another 10 years or so until we have done enough to strengthen the morality of our society,” he said.

Alcatel, a French telecommunications firm, announced in February that it would provide 3G mobile services to CamGSM, a Cambodian mobile phone network.

Strengthen the morality? Hello?

It seems like he somewhat looks down upon his populous.

The 3G mobile phone “is way too advanced for us. Hearing each other’s voices and exchanging text messages should be enough. If we go further than this, it could be more difficult for us to control” p*rnography, he said.

It was unclear if legislation is necessary for the ban to take effect. Hun Sen’s orders are often carried out without challenge by Cambodia’s government and lawmakers.

Cambodia is predominantly Buddhist and socially conservative. People normally do not talk openly about sex.

Source: Associated Press

Digg This Article

Advertisements



29 May 2006 | 3,718 views

Amnesty International Irrepresible Internet Campaign

Irrepressible Adj. 1) Impossible to repress or control.

Chat rooms monitored. Blogs deleted. Websites blocked. Search engines restricted. People imprisoned for simply posting and sharing information.

The Internet is a new frontier in the struggle for human rights. Governments “with the help of some of the biggest IT companies in the world” are cracking down on freedom of expression.

Amnesty International, with the support of The Observer, is launching a campaign to show that online or offline the human voice and human rights are impossible to repress.

The web is a great tool for sharing ideas and freedom of expression. However, efforts to try and control the Internet are growing. Internet repression is reported in countries like China, Vietnam, Tunisia, Iran, Saudi Arabia and Syria. People are persecuted and imprisoned simply for criticising their government, calling for democracy and greater press freedom or exposing human rights abuses, online.

The Great Firewall of China of course being a major one..

Read More

You can undermine the censorship by adding censored content to your site

http://irrepressible.info/addcontent

You can also sign the pledge here

http://irrepressible.info/pledge

In November 2006, governments and companies from all over the world will attend a UN conference to discuss the future of the Internet. You can help us send a clear message to them that people everywhere believe the Internet should be a force for political freedom, not repression.

Fight the power!


29 May 2006 | 6,076 views

Malicious Cryptography – Cryptology & Cryptovirology

I know this maybe old news for some of you, however, I just got the chance of reading this great article on Security Focus (it’s been 2 weeks since I add it to my Favorites)

This two part article discusses some good points of Cryptology, more precisely in the field of Cryptovirology.

Writing a virus is just like writing any other piece of software, unfortunately. The designer tries to put some cleverness in the application to improve its function (or stealth), its robustness, its replication strategies, or even its payload. However, when an anti-virus analyst gets ahold of such a piece of code, he learns how it works, what it does, and so on. In the end, both the writer and the analyst share the same view of the virus, in what amounts to a Turing machine (we have a state-transition table and a starting state).

You read about the WoW Trojan and the Trojan Writers Coding for Money here at Darknet. This article will give you a clear idea of how things work.

To open your appetite, let me give you a little excerpt from the article:

A basic model seen today

This basic model can be seen according to intended targets:

  • The virus writer creates an RSA key:
    • The public key appears in the body of the virus.
    • The private key is kept by the author.
  • The virus spreads and the payload uses the public key. For example, it ciphers the data (hard drives, files, e-mail, whatever) of the targets with the public key.
  • The virus writer requires a ransom before sending the private key.

Even if you’re not into Cryptology, I strongly recommended this reading.

Part 1 & Part 2

Source: Security Focus


28 May 2006 | 7,382 views

MySpace Hackers in Police Custody

MySpace owned again..let’s quote them for a penetration test or vulnerability assessment haha.

TWO New York teenagers are reportedly in police custody after allegedly threatening to give out the personal information of users of MySpace.com unless they are paid $US150,000 ($200,000). Associated Press reported Shaun Harrison, 18, and Saverio Mondelli, 19, of Suffolk County, face computer crime and extortion charges after they allegedly hacked into the social networking site and stole personal information from MySpace users.

Isn’t it time they really started considering security, rather than thinking up new ways to let users make their space uglier.

After MySpace blocked them them from the site, the pair allegedly threatened to distribute a method for stealing information unless MySpace paid them $US150,000.

Mr Mondelli and Mr Harrison were arrested last Friday when they travelled to Los Angeles to allegedly collect the payoff, AP said.

A pretty heft bail..

A Los Angeles Superior Court judge set bail at $US35,000. A preliminary hearing has been set for June 5.

Oh well, it’s just MySpace aye? I’m sure none of us use that..


26 May 2006 | 7,371 views

Serious Symantec Anti-Virus Vulnerability

Apparently a gaping security flaw in the latest versions of Symantec’s anti-virus software suite has been discovered that could put millions of users at risk of a debilitating worm attack. According to eEye Digital Security, the company that discovered the flaw, the vulnerability could be exploited by remote hackers to take complete control of the target machine ‘without any user action’.

It sounds pretty serious.

“This is definitely wormable. Once exploited, you get a command shell that gives you complete access to the machine. You can remove, edit or destroy files at will,” said eEye Digital Security spokesperson Mike Puterbaugh.

Shame there are no real technical details, there is a brief advisory from eEye.

A remotely exploitable vulnerability exists within the Symantec Antivirus program. This flaw does not require any end user interaction for exploitation and can compromise affected systems, allowing for the execution of malicious code with SYSTEM level access.

It is a vector that hasn’t been fully exploited yet, AV and Firewall software tends to run at system level, so if you can exploit it you pretty much have full control over the machine.

Internet security experts have long warned that flaws in anti-virus products will become a big target for malicious hackers. During the last 18 months, some of the biggest names in the anti-virus business have shipped critical software updates to cover code execution holes, prompting speculation among industry watchers that it’s only a matter of time before a malicious hacker is motivated to create a devastating network worm using security software flaws as the attack vector.

Something new to look out for?

Source: eWeek


26 May 2006 | 4,972 views

The Enemy Within The Firewall

I’ve seen similar figures from other organisations and countries, so the stats don’t surprise me.

My peers and I have always called this Armadillo security, hard on the outside, soft on the inside.

Firewall, IDS, etc…all protecting the exterior of the network, only edge devices, nothing inside, not much policies, not much privilege segregation, anyone inside can wreak havoc.

Employees are now regarded as a greater danger to workplace cyber security than the gangs of hackers and virus writers launching targeted attacks from outside the firewall.

That is the perception of 75 per cent of Australian information technology managers who took part in an international IBM security survey.

Also e-mail and instant messaging is becoming increasingly pervasive, with the advent of things like Google Talk capabilities in the GMail interface, sending information outside the protective layer of the company is getting easier and easier.

From my professional experience, I do know some companies have extremely strict standards which are audited regularly (these include rules about removable media, BIOS passwords and OS hardening standards).

While 32 per cent of survey respondents were intent on upgrading firewalls, only 15 per cent planned to invest in awareness and education training for employees and only 10 per cent restricted the use of mobile devices such as wireless handheld computers not specifically sanctioned by the IT staff.

“Organisations need to understand what are the key pieces of information that need to be protected and be able to track who has had access to them,” she said.

Sounds normal, good intent, but no action. Time for companies to sort themselves out I think.

A recent security report from antivirus company Symantec said cybercrime represented today’s greatest threat to consumers’ digital lifestyle and to online businesses in general.

“While past attacks were designed to destroy data, today’s attacks are increasingly designed to silently steal data for profit without doing noticeable damage that would alert a user to its presence,” the company said.

Source: The Age


25 May 2006 | 5,827 views

South-East Asia Vulnerable to Cyber Terrorism

Interesting to see this just a little while after Malaysia announced IMPACT, it’s anti cyber-terrorist task force..

IMPACT is its name, and making an impact in the battle against cyber-terrorism is its mission. Unveiled in Austin, Texas, the Malaysian initiative seeks to bring together governments and the international private sector to deal with increasing threats in cyberspace.

Known as the “International multilateral partnership against cyber-terrorism” or “IMPACT” it will serve as a pioneer platform to allow governments of the world to exchange notes and ideas, as well as to facilitate the sharing of skills and best practices, with the ultimate objective of combating these constantly evolving threats.

Now, this report conviently surfaces.

Southeast Asia will inevitably face an Internet-based attack by terrorists against key institutions, even though militant groups lack the technical savvy so far, security experts said Monday.

Developing nations remain especially vulnerable to a cyber assault because they haven’t built up defences for their computer, banking and utility systems, said Yean Yoke Heng, deputy director general of the Kuala Lumpur-based Southeast Asian Regional Center for Counterterrorism.

Well, seems reasonable to assume the above, but what effects would it have? This region isn’t heavily online, the broadband penetration is low and the system isn’t ‘e-government’ yet.

Regional authorities currently have no specific information about possible threats, which could include the hacking of public networks or the spread of a computer virus, but “it’s always good to be one step ahead of this terrorist threat,” Yean said.

The five-day conference, which brings together security officials and analysts from Malaysia, the United States, Japan, Cambodia, the Philippines, Singapore and Thailand, will discuss how governments can prevent terrorists from exploiting information technology.

It seems like terrorist cell groups use the net to recruit, plan and research attacks.

So far, Southeast Asian militant groups such as the al-Qaida-linked Jemaah Islamiyah network have mainly used the Internet to channel propaganda, recruit members, raise funds and coordinate bomb attacks, said Rohan Gunaratna, a Singapore-based militant expert.

“It will take a very long time for Southeast Asian terrorist groups to develop the capability to attack the Internet,” Gunaratna said.

“For now, groups such as Jemaah Islamiyah are using the Internet as a medium to create a new generation of radicalised Muslims.”

Its a good idea in theory, we just need to see if they have the technical skill to pull anything off, judging by the Malaysian CERT..I’d say no.

Source: The Star


25 May 2006 | 7,260 views

Carders Scamming Spammers!

Sounds complicated, it’s almost a tongue-twister.

It turns out the carders (people using stolen credit card details fraudulently) have worked out how to get money out of the spammers (spamming being massive nowdays)

Fraudsters who deal in stolen credit card data have devised a means to extract money from sponsors of junk mail campaigns.

Carders have signed up as affiliates to spam campaigns, but instead of sending out junk mail themselves they are using stolen credit card data to make purchases from the sponsors of spam campaigns, such as online pharmacies.

The carders earn a cut of these sales of anything between 40 to 50 per cent, the Washington Post’s security site reports, more than enough to make the scam viable.

It’s pretty funny that the people sending the spam out are complaining about this, as they losing money due to the bank charges.

But the sponsors of spam campaigns end up losing out because of charge backs generated when fraudulent purchases are identified. Higher incidents of charge-backs result in higher merchant fees while drawing the attention of banks and credit cards sponsors to dubious businesses. Far from benefiting from increased sales, spam sponsors end up losing out. In this way, card fraudsters are scamming the backers of spam.

Spam sponsors are complaining about been ripped off, a factor that allowed net security firm CipherTrust to identify the new ruse during the course of its work monitoring online spam and fraud forums.

So finally the spammers are getting some payback :D

“Basically, we’re seeing the carders and phishers starting to look for other ways to make money and starting to discuss new methods of making profits from their scams,” CipherTrust research scientist Dmitri Alperovitch said

We need to kill the spammers, spam eww…hopefully this will bankrupt them or something.

Good job carders.


24 May 2006 | 3,800 views

Security Researchers Afraid to Reveal Vulnerabilities

Well it happened a while back, remember? The French researcher Guillaume Tena who got in trouble for breaching French copywrite laws by decompiling some software.

Now people are generally starting to worry about disclosing vulnerabilities through any channels, does there need to be some kind of anonymous PGP key based system for vulnerability disclosure? So people can do it without fear of getting sued?

The CERIAS weblog examines the risks associated with reporting vulnerabilities. In the end, he advises that the risks (in one situation, at least) were almost not worth the trouble, and gives advice on how to stay out of trouble. Is it worth it to report vulnerabilities despite the risks, or is the chilling effect demonstrated here too much?

A typical difficulty encountered by vulnerability researchers is that administrators or programmers often deny that a problem is exploitable or is of any consequence, and request a proof. This got Eric McCarty in trouble & the proof is automatically a proof that you breached the law, and can be used to prosecute you!

It’s an interesting point when it comes to public disclosure, unless you have permission, how do you prove you’ve found a vulnerability without getting in trouble?

HD Moore also discussed this recently with:

Breach case could curtail Web flaw finders


23 May 2006 | 23,079 views

hackers playground… windows?

Only as I am writing these lines I can imagine some people who will start laughing when reading this article… But my dear friends this may be the real thing… will see who will laugh 10 years from now…

I. Introduction
This article was ment to be, because, as you will notice, more and more hacking tools for windows have appeared…. Of course, you will say that hackin’ histeria began on *nix systems… and will exist forever… R.I.P.

II. Tools
Now this is were all the fun starts… because, as you will notice there are a number of tools that are ported, or very similar to *nix tools, that can be found for windows…

1. Mozilla [Firefox] – this is a must be (for security reasons), also a browser is comonly needed for anybody who wants to do webhacking…. so get it while it’s hot

2. nmap – didn’t you now? NMap was ported to Windoze, without the GUI, but that doesn’t bother anybody, does it? [ www.insecure.org ]

3. Putty – our grandious telnet/rlogin/ssh client… basicaly you can do with it any unencrypted type of conection; from telnet, ftp, smtp to http… [ grab it ]

4. Nemesis – your daily packet builder for Windows, not as good as HPing but an alternative… at least you can Remote LanD with it ;) [ http://nemesis.sourceforge.net/ ]

More tools:
PacketStormSecurity: http://www.packetstormsecurity.org/assess/win/
SecurityFocus: http://www.securityfocus.com/tools
WindowsRootkits: http://www.darknet.org.uk/2006/03/windows-rootkits/
NewWaveRootkits: http://www.rootkit.com

III. Brains
You’ll need to have a basic knwolege about hacking, which I supose you have so i’ll give you a list with usefull links for exploits, whitepapers, etc… you will just need some time, to read them, or to be pacient…

0Day Exploits: http://www.milw0rm.com/
BugTraq: http://www.securityfocus.com/archive/1
Vulnerabilities: http://www.securityfocus.com/vulnerabilities

IV. Ambition
This is a must be… because without ambitions you will give up very quickly and will start posting on huge groups things like:

can someone help me hack yahoo
how do I flood someone
I want to be a hacker can someone help me
I’m a win user can somebody give me a shell?

V. Epilogue

I don’t like that much Windows, but it’s gonna be [and it is] a great alternative for the ones who don’t use *nix systems… so cut the crap and learn… peace