How Strangers Can Read Your Private Facebook Messages

Here's something you probably didn't know: Facebook has a team of employees who read your private messages if they have been flagged by an automated tool. The tool searches for content that appears to violate their terms of service, namely malicious (infected) URLs or child pornography. It's imperfect, of course — that's where humans come in.

If a private message is flagged, actual people will jump in and read it. If there is something that could be illegal — particularly regarding child exploitation — those people contact law enforcement. The intent here is clear and defensible, yet the fact remains: All that stands between your "private" messages and the eyes of a stranger is the snap judgment of an algorithm.

"There are strong internal controls around the use of these tools to prevent misuse and abuse," Facebook told BuzzFeed, "and stringent guidelines for the way we cooperate with law enforcement."

It's not just Facebook. Dating site OkCupid has humans read private messages that have been flagged by its users.Twitter doesn't monitor direct messages either through automated tools or humans.

(Taken from BuzzFeed)

Read More

Interpol swoop nets 25 suspected 'Anonymous' hackers

Interpol has arrested 25 suspected members of the 'Anonymous' hackers group in a swoop on over a dozen cities in Europe and Latin America, the global police body said Tuesday.

"Operation Unmask was launched in mid-February following a series of coordinated cyber-attacks originating from Argentina, Chile, Colombia and Spain," said the world police body based in the French city of Lyon.

The statement cited attacks on the websites of the Colombian Ministry of Defence and the presidency, as well as on Chile's Endesa electricity company and its National Library, among others.

The operation was carried out by police from Argentina, Chile, Colombia and Spain, the statement said, with 250 items of computer equipment and mobile phones seized in raids on 40 premises in 15 cities.

Police also seized credit cards and cash from the suspects, aged 17 to 40.

"This operation shows that crime in the virtual world does have real consequences for those involved, and that the Internet cannot be seen as a safe haven for criminal activity," said Interpol's acting director of police services.

However, it was not clear what evidence there was to prove those arrested were part of Anonymous, an extremely loose-knit international movement of online activists, or "hacktivists."

Spanish police said earlier they had arrested four suspected hackers accused of sabotaging websites and publishing confidential data on the Internet.

They were accused of hacking political parties' and companies' websites and adding fangs to the faces of leaders in photographs online, and publishing data identifying top officials' security guards, Spanish police said.

The operation, carried out after trawling through computer logs in order to trace IP addresses, also netted 10 suspects in Argentina, six in Chile and five in Colombia, Spanish police said.

They said one of the suspects went by the nicknames Thunder and Pacotron and was suspected of running the computer network used by Anonymous in Spain and Latin America, via servers in the Czech Republic and Bulgaria.

He was arrested in the southern Spanish city of Malaga.

Two of the suspects were in detention while one was bailed and the fourth was a minor who was left in the care of his parents.

Read More

Hackers Leak The Source Code For Symantec Product

A group calling itself the "Lords of Dharmaraja" posted an Adobe document online Wednesday that it claimed was a glimpse of the source code for the internet security software. But Symantec spokesman Cris Paden said "no source code was disclosed" in the post, which was a 12-year-old document describing how the software worked, but not the code. Paden said Symantec continues to investigate the hackers' claim that they have source code.

But now Symantec, the makers of Norton AntiVirus, has confirmed that a hacking group has gained access to some of the security product's source code.

"Symantec can confirm that a segment of its source code has been accessed. Symantec’s own network was not breached, but rather that of a third party entity.We are still gathering information on the details and are not in a position to provide specifics on the third party involved.Presently, we have no indication that the code disclosure impacts the functionality or security of Symantec's solutions. Furthermore, there are no indications that customer information has been impacted or exposed at this time."

In a post to the site Pastebin, the hackers maintain they discovered the information in a hack of India's military computer network. The group claims to have found source code "of a dozen software companies" which have signed agreements to share code with Indian intelligence agencies.

After preliminary analysis appeared to contain source code for the 2006 version of Symantec's Norton antivirus product. Though the code is for an older version of the Norton antivirus product, the impact of the exposure is still as of yet undetermined. Symantec officials have indicated they will be providing more information as they continue their investigation, and certainly more will be known if the entirety of the compromised data YamaTough claims to be in possession of is finally released to the public as has been threatened.

Read More

DNS Cache Poisoning attack on Google ,Gmail , Yahoo ,Youtube

Ha

Hacker with nickname AlpHaNiX deface Google, Gmail, Youtube, Yahoo, Apple etc domains of Democratic Republic of Congo. Hacker use strategy so-called DNS cache poisoning.

What is Cache Poisoning

Cache poisoning, also called domain name system (DNS) poisoning or DNS cache poisoning, is the corruption of an Internet server's domain name system table by replacing an Internet address with that of another, rogue address. When a Web user seeks the page with that address, the request is redirected by the rogue entry in the table to a different address. At that point, a worm, spyware, Web browser hijacking program, or other malware can be downloaded to the user's computer from the rogue location

Hacked Websites are:

http://apple.cd/
http://yahoo.cd/
http://gmail.cd/
http://google.cd/
http://youtube.cd/
http://linux.cd/
http://samsung.cd/
http://hotmail.cd/
http://microsoft.cd/

Read More

Maharastra Highway Police Website Got Hacked

                                   Not only International Law Enforcement and Police Under Hacker's attack, Even our Local Police websites and Database also become of Victim of breaches mostly once a day.

A hacker With name "powerin10" take responsibility to hack Maharashtra Highway Police website. A mirror of this hack is available here.

Hacker is member of Bangladesh Cyber Army.

Read More

Google offers encrypted Web search by default

Google announced today that it will encrypt by default Web searches and results for users who are signed in.

People who don't have a Google account or are signed out can go directly to https://www.google.com, the company said in a blog post.

Encrypting the communications between an end user and the Google search engine servers will protect against snooping by anyone who might be sniffing on an unsecured Wi-Fi network, for instance. Secure Sockets Layer (SSL) is available now for Web search, image search and all the search modes except for Maps, Google said in this separate post.

For example, when you search over SSL for "dogs," Google encrypts the search and results that are returned, but clicking on a result ends the encrypted connection unless the destination is on "https://."

"Although SSL offers clear privacy and security benefits, it does not protect against all attacks. The benefits of SSL depend on your browser's list of trusted root certificates, the security of the organizations that issue those certificates, and the way in which you and your browser handle certificate warnings," Google says. "In addition, while the connection between your computer and Google will be encrypted, if your computer is infected with malware or a keylogger, a third party might also be able to see the queries that you typed directly."

Google began SSL default in Gmail in January 2010 and began offering an encrypted search option four months later.

Originally posted at InSecurity Complex

Read More

Mobile Malware Is on the Rise, but Is It a Real Threat?

Smartphones and tablets may be the hottest tickets in electronics today, but with that marquee status comes a dark side. Mobile viruses on the rise, and 2010 saw a huge increase in malware on mobile devices, up 46 percent from 2009, says a new threat report from security software maker McAfee.

The increase in mobile malware isn't unexpected, as smartphones have become more popular in the last year, with smartphones recently passing PCs in sales for the first time ever. Adam Wosotowsky, an engineer at McAfee, says Symbian is the most at-risk mobile platform, though Google Android devices and jailbroken iPhones are popular targets, too.

"I wouldn't call it unexpected," he says. "We've seen mobile malware growing exponentially year-over-year for a while. It's much more of a big deal now that smartphones are basically becoming little computers."

Besides being greater in number, mobile malware is getting more sophisticated, Wosotowsky says. Viruses that infect cell phones typically force the phone to do things like send texts or make calls to specific numbers and at specific times so the malware creator profits. Now that phones are capable of so much more, the viruses that infect them are following suit.

"There are a lot more ways for the criminal enterprise to make money," he says. "You have the ability to infect the phones and actually build some kind of botnet infrastructure. We have seen indications of ways to start to establish command and control [on phones]."

Seeing "indications" and seeing a virus are two different things, however. Ondrej Vlcek, CTO of Avast, a security software company that gives away its product, says the mobile malware threat, while a problem, isn't anywhere near as threatening as malware on PCs.

"It's still relatively small compared to the traditional platforms," Vlcek says. "Also, the payloads are usually less invasive—sort of like Windows malware ten, fifteen years ago."

Vlcek is on board with the McAfee report's conclusions about the vulnerabilities with Adobe products, however. The report says malware developers "heavily" exploited weaknesses in Flash and PDF applications. Flash videos are especially ripe targets, Wosotowsky says, since the application runs code on both the client and server sides.

"Flash is extremely popular and everybody's using it. That makes it a big target," he says. "I'm sure Adobe is going to re-architect some of the security that's associated with it."

Read More

White hat hacker exposes NASA servers' vulnerabilities

White hat hacker exposes NASA servers' vulnerabilities

A Romanian "white hat" hacker has claimed to have broken into a site of the National Aeronautics and Space Administration (NASA), and published a screenshot of the compromised server on his site.

White hat hackers are programmers who break into computer systems for the sake of exposing security flaws, instead of exploiting them for malevolent purposes.

In this case, "TinKode" hacked a file transfer protocol (FTP) server related to NASA's Earth Observation System at Goddard Space Flight Center.

"I don't do bad things. I only find and make public the info. Afterwards I send an email to them to fix the holes. It's like an security audit, but for free," TinKode said in an interview posted on NetworkWorld.

The NetworkWorld story said that, after hacking into servir.gsfc.nasa.gov, TinKode sent an email alert of the hack to NASA's webmaster.

His screenshot shows folders like RADARSAT, ASAR, ASAR_Aus, ASAR_Africa, and ASAR_Haiti.

ASAR is short for Advanced Synthetic Aperture Radar, a technology used by NASA.

One month ago, TinKode exposed a similar security hole at another space agency by hacking into a server operated by the European Space Agency at www.esa.int.

He then leaked a list of FTP accounts, email addresses and passwords for administrators and editors.

Early this year, TinKode and hackers Ne0h and Jackh4x0r hacked into the Web servers hosting MySQL.com, proving it was vulnerable to SQL injection as well as XSS.

In the NetworkWorld interview, TinKode said making the breaches public makes the companies fix the vulnerability faster.

He also said finding security holes is a "hobby" for him.

"I am doing this because finding security holes represents a hobby for me. If someone wants to hire me, we can discuss, isn't a problem," he said.

Read More