AdminSpy Latest Gadgets and Gizmos

Symantec hacked and tried to keep everyone quiet

Tue, 07 Feb 2012 23:46:00 +0000

Symantec has been in the media spotlight over the past 2 months since Indian hackers announced that they have full source code for some of Symantec’s flagship products.

Rather than writing about Symantec like traditional media do and make everyone feel sorry about them, let’s examine some facts and see if you should be really using Symantec products now that everything is out in the open.

What prompted me to write this article is Symantec’s latest blunder where they tried to negotiate with hackers (Lords of Dharmaraja) and offered them $50.000 just to keep quiet and not to release the source code publicly. It’s obvious from the style of writing and terms used in that negotiation that it was run by the FBI but the whole sting was run from Symantec’s IP addresses and for that they are guilty as hell and they should never be trusted again. “Symantec” also wanted Lords of Dharmaraja to release a statement that the group did not hack Symantec during 2006. As a non-technical user you might not see anything wrong with that but the impact on Symantec’s user base is huge and I just can’t believe that they want to sweep everything under the rug and let millions of users open to 0day vulnerabilities.

Some of the source code is from 2006. Symantec never publicly admitted that breach and they still claim that they don’t know how their source code was found on Indian Government servers. Just imagine how many exploits a talented team of government programmers could have developed over the past 6 years. Also consider that a recent ip scan found 1.4million hosts worldwide running Symantec PC Anywhere software basically screaming hack me hack me!!. Many of those systems are Point of Sale systems accessible remotely by their support companies and staff and the implications are HUGE seeing that I’ve already found 2 active 0days posted on Twitter and the source code release is less than 12h old.

pcAnywhere source code was posted on The Pirate Bay torrent site some 12h ago and had already been downloaded more than 600 times.

The message says: "Symantec has been lying to its customers. We exposed this point thus spreading the world that ppl need" - #AntiSec #Anonymous
Spread and share!

If you are unfortunate enough to have pcAnywhere installed on your network or on your client PC’s I would suggest you to disable it immediately and switch to a different program before hackers find your publicly exposed machines running vulnerable software.

I was hoping that Symantec would be more open and transparent about this issue but all I see from them is attitude such as “lets accuse the bad guys” with headlines such as “‘Anonymous’ group attempted to extort a payment from Symantec” rather than to tell people we messed up, this is how it happened, what’s at risk and you shouldn’t really be using our software anymore.

Lords of Dharmaraja are expected to release other source code in their possession such as 2006 versions of Norton Antivirus Corporate Edition and Norton Internet Security. Meanwhile Symantec is still claiming that their software is safe as long as it’s patched. God help us all, let us all buy Symantec products because they are safe. What a fool I was for worrying for no reason.

Follow YamaTough on Twitter (Lords of Dharmaraja)
Logo by Freelancer00

Article by: Adam Moskin

Article Source Symantec hacked and tried to keep everyone quiet

iPhone 4s goes on sale in the UK

Fri, 14 Oct 2011 11:19:00 +0100

iPhone 4s goes on sale today in London. Hundreds of diehard iPhone iFools queued in front of Apple's flagship store in London this morning.

The new iPhone 4s does not look any different to its predecessor, it features an updated operating system, cable-free syncing and a voice-operated inbuilt personal assistant called "Siri".

A basic iPhone 4s version costs £499 while the 64GB model costs £699.
Apple UK expects to sell over 4 million units just in the first 2 weeks. That figure sounds very ambitious considering the price, current economic state and the lack of any extra amazing feature people would expect from a "new device".

So what’s new?
Siri on iPhone 4S lets you use your voice to send messages, schedule meetings, make phone calls and more.
Two cores in the A5 chip deliver up to two times more power and up to seven times faster graphics
The iPhone 4S camera gives you 8 megapixels — that’s 60 per cent more pixels than the camera on iPhone 4.
IOS5 comes with a bunch of new features such as Notification Centre, iMessage messaging app which is Apple's answer to Blackberry's BBM, Reminders App, Twitter Integration ( i'd recommend you to use Tweetdeck instead), Photo editing features, Camera enhancements, Parental controls and longer battery life

Article Source iPhone 4s goes on sale in the UK

Microsoft Windows XP is 10 years old today

Wed, 24 Aug 2011 14:03:00 +0100

Ten years ago Microsoft launched and started selling Windows XP operating system. Windows XP remains the most used operating system today even though we have Vista, Windows 7, Apple and a number of Linux distributions.

According to a study released back in March 2011 by analyst firm Forrester Research almost 60 per cent of systems worldwide run Windows XP operating system. Good news for XP users is that Microsoft will support it until 2014.

Being the most used operating system also means that XP is the primary target for malware developers and new security holes are being discovered on a daily basis.

We should also mention that Windows 95 was released 16 years ago today.

Maybe it's time to update your system to Windows 7? Or if you are tech savvy and not scared of change why not try Ubuntu or some other Linux flavour.

Article Source Microsoft Windows XP is 10 years old today

Facebook introduces new privacy controls

Thu, 25 Aug 2011 11:42:00 +0100

In another PR stunt Facebook, The Bastion of no privacy comes up with a feature that it says will prevent cyber bullying and allow users to control their "privacy" on the site.

Now, instead of hiding privacy controls deep under a load of hard to find menus and options when you are tagged in a post or a photo/video you will be able to confirm or dismiss that tag before it shows up on your profile.

Facebook's photo tagging was widely abused by malware creators and used to trick users into authorizing apps which were designed to steal as much personal data as possible. Also due to lack of controls anyone could put a nasty pic of something and tag it with your name - now you will be able to prevent that from appearing anywhere before you approve it.

Once you look past the headlines and "new features" you will see Facebook is endangering your privacy even more by introducing "Universal tagging". Universal tagging allows you to tag anyone even if that person is not on Facebook. By doing that Facebook hopes you will help them create the largest face recognition database on earth.

I would strongly advise you to never give them your real date of birth and your cell number and if you really can't live without social networks then at least learn how to protect your data and don't give out all your info to every Joe Blogs that requests it.

Article Source Facebook introduces new privacy controls

Sony Playstation Network Hacked – Only 77 Million Accounts Compromised

Wed, 27 Apr 2011 19:14:00 +0100

While Sony is splashing their cash on different lawsuits and chase people who crack their legitimately bought consoles they welcomed hackers into their network with open arms and allowed them to walk away with 77 million free identities.

So if you are one of Sony’s Playstation Network and Qriocity “valued customers” you should know that your personal details are being prepared to be sold on underground forums near you.

PlayStation Network and Qriocity user account information was successfully offloaded between April 17 and April 19 and the attackers walked away with tons of information.

The information stolen according to Sony is: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID.

You credit card number and expiry date have also been compromised – that is if you used your card through PlayStation or Qriocity.

Sony doesn’t know if your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers have been obtained but if they say that they “don’t know” you can safely assume that they have obtained that info and they are just trying to downplay the impact of this event.

Subaccount (dependants accounts) data have also been compromised so the attackers also know your child’s name and other info.

If you are one of Sony PSN “customers” you should get an email from Sony telling you more about this mega breach.

In an online statement after the hack Sony said:

Sony takes information protection very seriously and will continue to work to ensure that additional measures are taken to protect personally identifiable information.

Errm is it not a bit late for that?

If you always use the same password on different websites, then you should seriously start changing them now before attackers compromise your email and social network accounts. You might also want to keep an eye on your bank account statements.

While all this is going on Microsoft is rubbing their hands and Apple is thanking Sony for making everyone forget about their iPhone location tracking privacy issue.

Article Source Sony Playstation Network Hacked – Only 77 Million Accounts Compromised

How private is your data on Twitter and other social media websites?

Sun, 09 Jan 2011 01:11:00 +0000

I’ve been following attempts to gag Wikileaks and their supporters over the past few months and have seen everything from Amazon Web Services kicking WikiLeaks off their servers to Paypal, Mastercard, Visa and Bank of America suspending payments to Wikileaks. All that under political pressure from American Government and so called politicians and congressmen.

Last night Icelandic’s member of parliament Birgitta Jónsdóttir tweeted the following:

birgittaj Birgitta Jónsdóttir
just got this: Twitter has received legal process requesting information regarding your Twitter account in (relation to wikileaks)

followed by this tweet:

@birgittaj Birgitta Jónsdóttir
usa government wants to know about all my tweets and more since november 1st 2009. do they realize i am a member of parliament in iceland?

Later it transpired that Birgitta is not the only one affected. DoJ also wants Jacob Appelbaum’s (@ioerror), Wikileaks (@wikileaks) and Rop Gonggrijp’s (@rop_g) tweets, direct messages, geo data and other private details. DoJ requested all that info back in December 2010 and gave Twitter 3 days to deliver all the info DoJ requested . DoJ also ordered Twitter to keep it quiet and not to let their users know about this request.

Twitter challenged that gagging order and won but it is still unclear if they submitted all the info DoJ requested seeing that they only had 3 days to comply with that order.

To find out more about that story see this great article written by Glenn Greenwald.

It is widely believed that other Internet giants such as Google and Facebook received the same order, complied with it and gave all the data to DoJ without notifying their users. As I am writing this Mark Stephens (Julian Assange’s lawyer) confirmed that subpoena has been served on Skype.

In his reply to Faisal Islam he also said:
@faisalislam true and all other social networks and some isp's are saying "no comment" not "we haven't got one". That's telling.

Now let’s get to the point
Twitter, Yahoo, MSN, AOL, Facebook, Google and all the other major Internet and social media websites are US based companies who are required to comply with US laws. Nothing wrong with that is there? WRONG AGAIN.

What if you are for example based in UK or Europe and let’s say you are politician or freedom fighter and you use Twitter, Facebook or any other website. Normal person would think you are safe from prying eyes but that is obviously not the case. It looks like any American Joe Blogs can request your emails, tweets, chats, addresses and geo data from these companies and there is nothing you can do about it and even worse you won’t be notified about such a request thus you will never know.

Internet Privacy

What privacy? The moment you decide to step out on the internet your every step is being followed and thanks to a combination of Google, Social Media and cookie tracking your every step can be reconstructed and traced back to you. (Secret profiling springs to mind).

What can you do to protect your privacy online?

Use VPN or Tor network for your day to day surfing.
Host your own email server – that way no one can request to see your emails without your knowledge ( In other words don’t use Gmail, Yahoo, MSN or any other provider).
Don’t use Direct Messaging system on Twitter because Big Brother can see your messages.
Do not discuss private matters anywhere online if you don’t wish for any 3rd party to see your conversations.
Don’t use Skype chat to discuss private matters because any law enforcement agency can request to see your chat history because your chat history is stored on Skype’s servers.
Configure your browser to delete all temporary files including cookies whenever you close your browser.
Always use different and complex passwords – never use same password on more than one website
Use encryption system on your computer to encrypt your data. (Bear in mind that Bitlocker encryption on Windows 7 and Vista is not secure as you might think – You encryption key can be recovered from your RAM thus allowing authorities to decrypt your drives)
If you need to use hosting services or cloud based hosting make sure that your hosting provider is not an American company and that your data will be hosted in your own country or in a country where privacy is respected and where companies won’t hand over your data to increasingly totalitarian regime that seems to be taking over United States.

Article by: Nenad Rajsic

Article Source How private is your data on Twitter and other social media websites?

Top 10 Trends on Twitter in 2010

Mon, 13 Dec 2010 12:11:00 +0000

Twitter has just published their top 10 trends list for 2010 which you can see below.

After analyzing 25 billion tweets they identified the year's top 10 trends.

Wikileaks supporters are questioning again why Wikileaks isn't on that list?

I guess the reason for that is that Wikileaks, although the most tweeted word over the past month or so was not so much in the media earlier this year. Guardian’s results below confirm that.

UK news agency Guardian said today "WikiLeaks is 2010's most searched for topic on guardian.co.uk"

"WikiLeaks has made it to the number one spot with a late rush. We only saw 283 searches for WikiLeaks in the first three months of the year, compared to nearly 34,000 in the last couple of weeks alone."

Top 10 Twitter Trends of 2010

1. Gulf Oil Spill
2. FIFA World Cup
3. Inception
4. Haiti Earthquake
5. Vuvuzela
6. Apple iPad
7. Google Android
8. Justin Bieber
9. Harry Potter & the Deathly Hallows
10. Pulpo Paul

Article Source Top 10 Trends on Twitter in 2010

Twitter suspends Anon_Operation account

Wed, 08 Dec 2010 23:40:00 +0000

Twitter has suspended Anon Operations account after they published their last tweet with a link to a website with hundreds of Mastercard credit card details which they apparently obtained during the DDoS attack on mastercard.com.

The group in question (Anonymous) is behind attacks on visa.com, swiss bank, Swedish prosecutors office and mastercard.com In one of their earlier tweets they also called for people to help them with attacks on visa.com and provided a link to download a tool called LOIC. In the meantime their Facebook fan page has also been disabled.

Anon Operation’s last tweet reads:
To people of the industrial world, dismiss your #Mastercard now!!! #ddos #payback Leaked Credit Cards (URL Removed)

Article Source Twitter suspends Anon_Operation account

Wikileaks supporters strike back

Wed, 08 Dec 2010 21:20:00 +0000

Mastercard’s website has been under heavy DDOS (Distributed Denial of Service) attack for the past 20hrs because of their decision to stop processing payments for Wikileaks. As you can see from the image the website is totally inaccessible anywhere in the world. We tried to access it from UK, US, Serbia, and Germany without any success.

(Update: mastercard.com is back online - PayPal is under DDoS now)
(Update 2: visa.com is down now and Operation Payback says "It's down. Keep Firing") Tweet

This is the second revenge attack of this nature. The first DDoS attack brought down the Switzerland Post Finance Bank because they had closed down Julian Assange’s bank account. The closure of his account is thought to be of a political nature but as with all good PR releases they justify their actions by either clients breaking their terms and conditions or in this case the reason for account closure was that he provided false information regarding his place of residence.

The group calling itself Operation Payback claims the credit for the latest attacks.

Seeing that Paypal, Mastercard, Visa, Amazon, EveryDNS and Tableau Software crumbled under political pressure and suspended their dealings with Wikileaks it is widely believed that they will be forced offline soon because suppressing free speech and ending contracts under political pressure like that just gives freedom activists more ammunition to go against those companies.

There are lots of Facebook and Twitter users and groups calling for boycott of the above named companies.

Now that I mentioned Twitter it looks like they are censoring Wikileaks Trends and not allowing them to show up in their “trends” list even though #wikileaks and #cablegate are mentioned over 300 times in less than a minute. See Twitter gagging wikileaks article.

For those of you who don’t know, Wikileaks now operates from wikileaks.ch and there are currently 1005 mirror sites around the globe. You can see the list here: http://wikileaks.ch/mirrors.html

Last night Wikileaks posted a tweet/statement titled “We will not be gagged”. You can read that statement here

Please show your support to Wikileaks and spread the word and fight for Freedom of Information and Freedom of Speech because if you don’t it will take years if not decades for another Julian Assange to emerge.

Article Source Wikileaks supporters strike back

Is Twitter playing a part in the global Wikileaks gagging game?

Wed, 08 Dec 2010 20:17:00 +0000

It appears that Twitter is censoring Wikileaks Trends and not allowing them to show up in their “trends” list even though #wikileaks and #cablegate are mentioned over 300 times in less than a minute.

Also search results for #wikilleaks give you old results with huge gaps in the time line. Considering that they are mentioned 300 times per minute you do the math and tell us that something fishy isn’t happening behind the scenes.

To illustrate we took 2 screenshots. 1st screenshot is when we searched for wikileaks and it appears that there is an average 1 post about Wikileaks per hour. Then I run another search for Justin Bieber just to see if their timeline is working properly and as you can see their search is working perfectly well and it gives me “real time results”. If that is not proof enough then I don’t know what it is.

You might get another statement from Matt Graves about how it works and blah blah but even a blind person can see what Twitter is doing.

Twitter’s spokesperson Matt Graves released a statement saying:

“Twitter is not censoring #wikileaks, #cablegate or other related terms from the Trends list of trending topics.
There’s a number of factors that may come into play when seemingly popular terms don’t make the Trends list. Sometimes topics that are popular don’t break into the Trends list because the current velocity of conversation (volume of Tweets at a given moment) isn’t greater than in previous hours and days. Sometimes topics that are genuinely popular simply aren’t widespread enough to make the list of top Trends. And, on occasion, topics just aren’t as popular as people believe.”

Yeah right!

Please spread the word and support Wikileaks and Freedom of Information.

Article Source Is Twitter playing a part in the global Wikileaks gagging game?