Latest Post

Are Free Public Wifi Networks Safe?


Recently the Minister of Information and Communication Technology of Mauritius, Mr Tassarajen Pillay Chedumbrum has launched a project of providing free wifi internet connection to the public. 150 spots were identified and some of them are already operating. People in the wifi range will take full advantage of this free service. Like them, hackers will also take full advantage of this service to harvest personal information(data) of the users.
As such, to raise awareness for these free wifi users, we thought of sharing  some security risks which users may face when using free wifi connections.

Sniffing of unencrypted data
When you connect to an open wifi network, the network is normally unencrypted because you don't have to enter any password to connect. Thus, if a hacker is connected to the same free wifi network, he/she can easily see what webpages you are visiting and what form you are submitting, example logging in your Facebook account.
This is done by using network sniffing tools,which are freely available online. These tools capture packet sent and received on the network.These packet are later analysed and very often, username and passwords can be retrieved from them.

Rogue Access Point
When connecting to a public network, it is difficult to identify whether it is a legitimate network or a rogue access point. In these rogue access point, the user is sent to fake webpages identical to legitimate ones. Once the user enters his or her personal credentials, the hacker get holds of these. These credentials can be used for account hijacking.

Network File Sharing
Wrongly configuring your network file sharing option can allow other users on the same network to have access to your device and view or even copy your personal data. For example, if the folder in which you keep your pictures is visible on the network, other users will be tempted to see what's in.

Our advise

  • Do not make bank transaction on free Wi-Fi connection.
  • Do not use websites where you have to enter credentials (username and password)
  • Use up to date antiviruses.
 

Steve-O Twitter Account Hacked after Challenging iCloud Hackers

Steve-O has challenged the iCloud hackers to get into his account. Yesterday, 23 September, he twitted that he recently added some nude pictures of himself in his iCloud account and wanted to know how good the hackers were.


We noticed some minutes ago that Steve-O twitted that he is thanking twitter for getting him his account back. He even congratulated the hacker who was able to get hold of his official account.


Was the challenge accepted by hackers?
 

36th International Conference of Data Protection and Privacy Commissioners in Mauritius

Mauritius Data Protection Office is hosting the 36th International Conference of Data Protection and Privacy Commissioners. The event will take place at the Intercontinental Resort Balaclava from 13 to 16 October 2014.
Several international participants will be present and will be talking about the importance of data protection and privacy. The conference will be divided in two sessions, a closed session where only members of the committee will be able to participate, and an open session. The open session is open to the public. Those interested will have to register themselves on the official website of the 2014 Conference and complete the payment.
More can be read from official website here: [Data Protection 2014]
 

Data Encryption By Default in New Version of Android

Google confirmed on Thursday that the next version of Android will encrypt data by default. This will prevent both thieves and law enforcement officials to gain access to personal information running the mobile operating system.
Optional encryption has been present in some devices since 2011, but,  according to security experts, only few user knew how to turn the feature in. As such, Google will make the encryption take place automatically(by default). Only people who enter the device's password will be able to see the pictures, videos and communications stored on the device.

"For over three years Android has offered encryption, and keys are not stored off of the device, so they cannot be shared with law enforcement," Google said in a statement. "As part of our next Android release, encryption will be enabled by default out of the box, so you won't even have to think about turning it on."

Source:[Washington post]
 

Bitcoin Creator Satoshi Nakamoto's Email Hijacked

A hacker using the name of Jeffrey is claiming to be having control of the email of the Bitcoin founder Satoshi Nakamoto. He also stated that he obtained information about Nakamoto that could be used to identify him. Jeffrey posted a pastebin document where it was written that he is offering to trade Nakamoto’s personal data for 25 Bitcoins. He provided his Bitcoin address for those interested and also added two screenshot of the inbox of the email hijacked.
 
Message on pastebin:
Releasing the so called "gods" dox if my address hits 25 BTC.
And no, this is not a scam, you can see the below screenshots for proof of inbox ownership and a little teaser.
BTC:[account removed]
Same one posted on p2pfoundation^
Teasers:[images link removed]

It is still unclear how Jeffrey took over the email of Satoshi Nakamoto. Through this email address, the hacker seems to have taken control of different other accounts. On Monday he posted a message on the P2P Foundation forum where the following was written,
Dear Satoshi. Your dox, passwords and IP addresses are being sold on the darknet. Apparently you didn't configure Tor properly and your IP leaked when you used your email account sometime in 2010. You are not safe. You need to get out of where you are as soon as possible before these people harm you. Thank you for inventing Bitcoin.

On Monday itself, the head administrator of Bitcointalk discussion forum stated that he received a message from an old email of Satoshi which led him to believe that the account had been compromised.
Today I received an email from satoshin@gmx.com (Satoshi's old email address), the contents of which make me almost certain that the email account is compromised. The email was not spoofed in any way. It seems very likely that either Satoshi's email account in particular or gmx.com in general was compromised, and the email account is now under the control of someone else. Perhaps satoshin@gmx.com expired and then someone else registered it.
Don't trust any email sent from satoshin@gmx.com unless it is signed by Satoshi. (Everyone should have done this even without my warning, of course.)
I wonder when the email was compromised, and whether it could have been used to make the post on p2pfoundation.ning.com. (Edit: I was referring here to the Dorian Nakamoto post. After I posted this, there was another p2pfoundation.ning.com post.)

Pastebin Document: http://pastebin.com/7gbPi8Qr
P2P Foundation Forum Message: [Click Here!]
BitcoinTalk Forum Statement: [Click Here!]

Source: WIRED
 

5 Million Google Accounts Leaked

A database containing 5 millions of Google account was leaked on a Bitcoin Security board late on the 9th September 2014.These accounts gives access to  Gmail mail service, G+ social network and other products of the US-based internet giant. The forum user, tvskit, who published this database, stated that 60% of these credentials were still valid.
Users who want to check if their account's credential has been leaked can visit isleaked.com, a service which will check whether your account is in the list. Any user who's fallen victim of the leak is advised to change his/her password immediately and to turn on the TWO-FACTOR ATHENTICATION service on their account.

Source:[RT]
 

Adobe Flash Player 15 Fixes 12 Vulnerabilities

Adobe Flash Player 15.0.0.152 which was released on Tuesday fixes a total of 12 vulnerabilities. Many among these could be exploited for code execution. These flaws affect Flash Player 14 and all previous versions for Windows and Mac.

These updates resolve memory leakage vulnerabilities that could be used to bypass memory address randomization (CVE-2014-0557)
These updates resolve a security bypass vulnerability (CVE-2014-0554).
These updates resolve a use-after-free vulnerability that could lead to code execution (CVE-2014-0553).
These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2014-0547, CVE-2014-0549, CVE-2014-0550, CVE-2014-0551, CVE-2014-0552, CVE-2014-0555).
These updates resolve a vulnerability that could be used to bypass the same origin policy (CVE-2014-0548).
These updates resolve a heap buffer overflow vulnerability that could lead to code execution (CVE-2014-0556, CVE-2014-0559).

We advise our readers to update their Flash Player as soon as possible.

Source:[Adobe Security Bulletin]
 

37 Cape Verde Government Websites Defaced By Bangladesh Grey Hat Hackers

After defacing McDonald website last week, Bangladeshi hacker of Bangladesh Grey Hat Hackers, Ablaze Ever, defaced 37 Cape Verde Government Websites this time. The US Embassy, National Police of Cape Verde, and National Portal of Cape Verde were included.
At the time of publishing, all the websites were under construction. A list of all the website and mirrors is available below.
List of all websites defaced: [Click Here!]
 

Mauritian Government Sub Domain Compromised

Hacker using the codename of Maniak k4sur defaced a sub-domain of the Mauritian Government website. The hacker uploaded a defaced page on which the following message was written,
"« Maniak k4sur w4z here !! »"

At the time of publishing, the webpage was edited on which  "This page is under construction" message was seen. The news came as a comment on Mauritian Linux enthusiast Ish Sookun blog around 19hr.

We seized this opportunity to do some further search and discovered that this particular sub domain has been defaced twice. Below are mirrors of each time it was reported defaced,

2014-08-18 09:25:01
http://www.zone-h.org/mirror/id/22796257

 2010-10-01 00:09:45
http://www.zone-h.org/mirror/id/11723437

 

#‎OpIsraelReborn‬: AnonGhost Hacked 130+ Israeli Websites

Mauritania Hackers have defaced over 130 Israeli websites in an operation called #‎OpIsraelReborn. The same defacement page was uploaded on each of these websites. By the time of publishing, many of these websites were restored. Mirrors and the full list of websites defaced have been provided below for our readers.
List of all defaced Websites:
 
 
Support : MauriHackerS | Personal Template | Smoker
Copyright © 2012. MauriHackers - All Rights Reserved
Template Created by Creating Website Powered by Hackers
Proudly powered by Hackers