Archive | August, 2009

Twitter & Facebook Taken Offline By DDoS Attacks

Outsmart Malicious Hackers

Both Facebook and Twitter were hit with pretty severe DDoS attacks rendering them useless and unavailable to the majority of users.

The thing is it seems like it wasn’t a traditional network based botnet style DDoS attack, but a ‘joejob‘ attack where spam is sent out containing a link and the users clicking on the link contribute to the site becoming overwhelmed with requests.

The DoS attack has been confirmed on the Twitter Status page here – Ongoing denial-of-service attack.

The attack theory comes from Bill Woodcock, as reported by The Register.

Users looking to update their Twitter feeds or Facebook pages were likely disappointed Thursday morning, as a denial-of-service attack made both services hard to reach.

Around 9 a.m. Eastern Time, the number of responses from micro-blogging service Twitter fell precipitously, reaching a bandwidth of 60 Mbps by 10:40 a.m. ET, according to Arbor Networks, a networking services firm. Twitter had reached nearly 200 Mbps prior to the drop.

The service continued to be impacted Thursday afternoon, reaching a peak of 150 Mbps, about half of its normal peak for that time of day, according to Arbor.

It seems to be a politically motivated attack aimed at a certain anti-Russian blogger known as Cyxymu.

It targeted all web properties where had profiles, the main ones of course being Facebook and Twitter but also included Livejournal (where he hosts his blog) and his Youtube account.

It’s a simple but seemingly very successful method of attack, shown by the fact that it took out a couple of major sites which already manage large amounts of traffic.

Users also complained of issues accessing Facebook. The service confirmed midday on Thursday that, it too, had suffered a denial-of-service attack.

“You may have had trouble accessing Facebook earlier today because of network issues related to an apparent distributed denial-of-service attack,” the social network stated on its own Facebook page. “We have restored full access for most people. We’ll keep monitoring the situation to make sure you have the reliable experience you expect from us.”

You might have noticed a lot of failed requests if you use Facebook (JavaScript timeout errors and network pipe errors).

Facebook fell because of the same targetted attack on Cyxymu, they acknowledged such on their Facebook page.

Source: Security Focus

Posted in: General News

Tags: , , , , , , , , , , , , ,

Posted in: General News | Add a Comment
Recent in General News:
- Security Vendor Trustwave Bought By Singtel For $810M
- Teen Accused Of Hacking School To Change Grades
- Google’s Chrome Apps – Are They Worth The Risk?

Related Posts:

Most Read in General News:
- Hacking Still Can’t Outdo Stupidity for Data Leaks - 125,535 views
- eEye Launches 0-Day Exploit Tracker - 86,220 views
- Seattle Computer Security Expert Turns Tables On The Police - 45,324 views

FakeIKEd – Fake IKE Daemon Tool For MITM

Outsmart Malicious Hackers

FakeIKEd, or fiked for short, is a fake IKE daemon supporting just enough of the standards and Cisco extensions to attack commonly found insecure Cisco PSK+XAUTH VPN setups in what could be described as a semi MitM attack. Fiked can impersonate a VPN gateway’s IKE responder in order to capture XAUTH login credentials; it doesn’t currently do the client part of full MitM.

Fiked is partially based on vpnc and uses libgcrypt and optionally libnet.

Fiked supports IKEv1 in aggressive mode, using pre-shared keys and XAUTH. Supported algorithms are DES, 3DES, AES-128, AES-192, AES-256; MD5, SHA1; and DH groups 1, 2 and 5. IKE main mode is not supported.

The Attack

Basically, if you know the pre-shared key, also known as shared secret or group password, you can play Man in the Middle, impersonate the VPN gateway in IKE phase 1, and learn XAUTH user credentials in phase 2.

This attack is not new. It has been known for a long time that IKE using PSK with XAUTH is insecure, and this is not the first actual implementation of the attack.

To successfully demonstrate an attack on a VPN site, you need to know the shared secret, and you must be able to intercept the IKE traffic between the clients and the VPN gateway.

There are several ways to find out the shared secret, including being a legitimate user, grabbing it from some Cisco config file, using ike-crack, or layer 8 hackery.

There are also several ways to redirect the IKE traffic to your running fiked instance, including ARP spoofing, 802.11 hostap, or layer 1 hackery.


See the README file and fiked(1) manpage for more details.

Fiked builds and runs on FreeBSD, OpenBSD and Linux, and probably other BSD variants too. MacOS X is reported not to work.

You can download FakeIKEd here:


Or read more here.

Posted in: Hacking Tools, Network Hacking

Tags: , , , , , , ,

Posted in: Hacking Tools, Network Hacking | Add a Comment
Recent in Hacking Tools:
- Pybelt – The Hackers Tool Belt
- Github Dorks – Github Security Scanning Tool
- scanless – A Public Port Scan Scraper

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 2,021,194 views
- Brutus Password Cracker – Download AET2 - 1,594,558 views
- wwwhack 1.9 – Download Web Hacking Tool - 704,892 views

Dan Kaminsky & Kevin Mitnick Hacked

Outsmart Malicious Hackers

If any of you follow the mailings lists or the ‘scene’ as it’s known, you’d be familiar with PHC, Phrack, Gobbles, ~el8, Silvio, gayh1tler and the whole Whitehat Holocaust AKA pr0j3kt m4yh3m. (Back when it went public).

The war against whitehats has started up again more vehemently recently with zine known as zero for owned or ZFO.

The latest edition has just hit the streets with some really high profile hacks this time and a HUGE amount of information disclosure. They don’t release any exploits or code, but they do point out sections of certain apps that may be vulnerable. It’s an interesting read, especially the commentary.

You can find the full zf05.txt issue here:

zf05.txt – be warned it’s a 29,000 line text file.

The highest profile hacks must be of Mitnick and Kaminsky, as of now is still down.

Two noted security professionals were targeted this week by hackers who broke into their web pages, stole personal data and posted it online on the eve of the Black Hat security conference.

Security researcher Dan Kaminsky and former hacker Kevin Mitnick were targeted because of their high profiles, and because the intruders consider the two notables to be posers who hype themselves and do little to increase security, according to a note the hackers posted in a file left on Kaminsky’s site.

The files taken from Kaminsky’s server included private e-mails between Kaminisky and other security researchers, highly personal chat logs, and a list of files he has purportedly downloaded that pertain to dating and other topics.

No one has ANY idea how long they’ve owned these boxes and been up your mailspoolz. Are they watching you, have they owned your box? If you’re a ‘notable’ whitehat, you speak at conferences and market yourself like a whore.

Most likely yes they are up in your shit.

One day they will rm -rf it and publish all your e-mails in the next edition of zfo zine.

The hacks also targeted other security professionals, and were apparently timed to coincide with the Black Hat and DefCon security conference in Las Vegas this week, where Kaminsky is unveiling new research on digital certificates and hash collisions.

Kaminsky made headlines last year for his Black Hat talk about vulnerabilities in the Domain Name System. He was accused by many in the security community of hyping the issue after he teased the topic in a press conference call a month before his talk without revealing details of the vulnerability, leading everyone to speculate on the nature of it. He was presented with a Pwnie award for Most Overhyped Bug and for “owning” the media.

The hackers criticized Mitnick and Kaminsky for using insecure blogging and hosting services to publish their sites, that allowed the hackers to gain easy access to their data.

Pretty scary stuff, considered all these self-proclaimed experts are having their own sites hacked. What hope do the rest of us mere mortals have?

Little to none, as always a skilled persistent attacker will ALWAYS get in.

A bunch of others got pwned too including hak5, Robert Lemos, Blackhat Forums, PerlMonks, Elite Hackers and BinRev (Binary Revolution).

Source: Wired (Thanks Navin)

Posted in: Exploits/Vulnerabilities, General Hacking

Tags: , , , , , , , , , , , ,

Posted in: Exploits/Vulnerabilities, General Hacking | Add a Comment
Recent in Exploits/Vulnerabilities:
- WannaCry Ransomware Foiled By Domain Killswitch
- Intel Finally Patches Critical AMT Bug (Kinda)
- Shadow Brokers Release Dangerous NSA Hacking Tools

Related Posts:

Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 238,084 views
- AJAX: Is your application secure enough? - 120,649 views
- eEye Launches 0-Day Exploit Tracker - 86,220 views