Generating Fingerprint From Photos

Jan Krissler, member of the Chaos Computer Club (CCC) hacker network claimed that he was able to clone the fingerprint of German Defense Minister Ursula von der Leyen using commercial software and images. In a hacker conference which was held in Hamburg, Jan Krissler, also known as Starbug, held a presentation where he explained how the biometric fingerprint can be cloned from photos of a finger. He managed to get several photos of the politician from different angles and distance in a news conference in October. The tool he has been using is a software which is designed for biometric system integrators.
Starbug is a security researcher at Technical University of Berlin.

With the availability of high performance camera on the market and using the Starbug's method, targeted attacks will be easier for criminal.

Video of the Presentation [In German]

Source: [Click Here!]

Mauritian Girl Fell Victim To Online Sextortion

A 22 year old Mauritian girl has fallen victim of online sextortion. The man behind this criminal act is no other than the one she was planning to get married with, a French. She met the man on a dating site 4months ago. Two weeks ago, she received a link to a YouTube video of duration of one minute in which she was doing a striptease for the French. To have the video removed, she was asked to pay 800 Euros. After negotiating, she paid 100 Euros and the video was removed. But the story does not end here. She was this time asked 500euros; otherwise the video will be leaked on the internet. The girl stated that the man already talked to her parents and was suppose to be coming to Mauritius in February to fix their marriage. He told her that his name was Frank, 32 years and was working as a salesman in a supermarket.

"It's on the dating site Badoo as I've known him. We have started discussions. He never got the disrespect. Every day we discuss on whatsapp and skype. We connected via webcam to make more detailed knowledge. Three weeks ago, we started conversations of a sexual nature. He claimed me a little sexy dance to show him some parts of my body. I refused any short. He insisted that I perform a dance. After much reluctance, I gave. I did that once", stated the girl (Translated by Bing Translator from source)

The case was reported to the Mauritius Police Cybercrime Unit. The Skype account of the man is no more available and the payment which she did via western union was on the account of a certain Ekra Martin in Abidjan.

Source:[Defi Media]

Apple First Automatic Security Update for Mac Users

Apple is updating its Macs to prevent hackers from taking control. This is the very first time that updates were sent automatically without asking a user for permission. This particular update protect Apple laptops and desktop from a newly discovered vulnerability (CVE-2014-9295). This vulnerability was revealed Friday by the US Department of Homeland Security and the Carnegie Mellon University Software Engineering Institute. Updates which were released on Monday, fixes the critical security vulnerabilities on OS X operating system called the Network Time Protocol. The NTP is used to synchronise clocks on a computer system.
The technology of automatic updates was already there since two years, but it’s the first time that it has been used.

Source: [Reuters]

InfoTech 2014 Will Focus On CyberSecurity

The 21st edition of InfoTech will be held from Thursday 27 to Sunday 30 November 2014 at the Swami Vivekananda International Convention Centre, Pailles, Mauritius. Over 100, 000 is expected to visit this event. Tassarajen Pillay Chedumbrum, the actual ICT minister of Mauritius along with members of the National Computer Board stated that this year they will focus on Cyber Security, which is a key element in the field of computer science. They will seize this opportunity to inform the general public about the importance of cyber security.

With recent vulnerabilities discovered in Mauritian government website and having the government lottery website defaced twice, many will want to know what will they be talking about. IT Security professionals of the country will surely seek answers from the National Computer Board which will be present on this occasion.

Maurihackers Celebrating its 3rd Anniversary

Today, 9th November 2014, we are celebrating our 3rd anniversary. On this occasion, we would like to thank all our readers, hackers, news providers and our friends who have been supporting us during these successful years.

We are proud to be the only Mauritian website which provides news relating solely to IT security and hacking. We have been reporting several security issues lately and we promise, we will continue our work for the coming year.


Thanking you all
Maurihackers - Mauritian Hacker Society






The Pirate Bay Co-founder Sentenced to 3.5 Years Imprisonment

After being found guilty on Thursday, Gottfrid Svartholm Warg,aka Anakata, the co-founder of The Pirate Bay was sentenced to 3.5 years imprisonment on Friday in the largest hacking case in Denmark's history.
The prosecutor made a request of six year in jail for Warg and two years in jail for his 21 year old co defendant Dane. Dane received a 6 month sentence instead. The Court said that they hacked into the Danish systems of IT giant CSC and illegally downloaded social security numbers from Denmark’s national driving license database, illegally accessing information in a Schengen Region database and cracking police email accounts between Febuary and August 2012. Anakata argued that his computer was been used remotely to carry out the attack but Court did not accept this argument.
In 2009, Warg was sentenced to one year in jail and ordered to pay criminal damages to the music and film industry for his part in founding the website.
Source:[RT]

Beware of MCB Phishing Email "URGENT MVR Required for your accounts"[UPDATED]

Phishing Email Screenshot
A phishing email pretending to be from The Mauritius Commercial Bank is at the moment making the round. The email is titled as "Update: URGENT MVR Required for your accounts" and contains the official logo of the Mauritius Commercial Bank. Along with the logo and picture, the following message was written,

Dear customer,
Your account(s) is no longer active as it has been suspended due to MVR (MCB Verification Requirements).
Your attention is required to activate your account now.
Activate Account Now(Link Removed)
Thanks and have a great day.

Fake Website of the Bank

When the recipient clicks on the link provided, he/she is directed to a website looking like a legitimate MCB website where a banner having the official logo of the bank is displayed on the top of the scam webpage. Following the banner, there are several warning message which ask recipients to reactivate their account. Scrolling down, there is a form where recipients need to insert their credentials such as, USER ID, USER PASSWORD, TRANSACTION PASSWORD, EMAIL ADDRESS and EMAIL PASSWORD. After clicking on the activate button, the website is directed to a PDF file from the official website of the bank. But it seems that the PDF file is no more available on the bank's site causing the browser to freeze for around 5seconds and afterwards remaining blank. In the meantime, cybercriminals behind the phishing scam have already received your login credentials which they may use to transfer money.

We advise our readers to be alert. The email and the phishing website have been professionally designed, not leaving noticeable errors which can prove they are fakes. The only two ways to find out is to have a look at the URL, which is a porn website domain name and secondly in the email, “Thanks and have a great day.”, an official email will never use and informal way of thanking a recipient. If you think you have been a victim of this email, change your password as soon as possible and contact the bank.

We reported the email to The Mauritius Commercial Bank and received an automated reply where it stated "MCB will NEVER ask for your Internet Banking login and transaction passwords under any circumstances". This is already a confirmation that the email is a fake one.

UPDATE
Yesterday, 27 October 2014, we received confirmation from The Mauritius Commercial Bank that this is a phishing email. The content of the confirmation email goes as follows:

Dear Sir/ Madam

We acknowledge receipt of your e-mail dated yesterday, and thank you for escalating the issue to us.
This e-mail is indeed a scam whereby fraudsters aim at obtaining personal details of our customer, with the intention of carrying out fraudulent transactions on the customer’s accounts.
These fraudsters operate by sending e-mails that appear to come from the Bank.
The MCB requests you to disregard these bogus messages and not to respond to any instructions contained therein. Instead, Internet Banking customers should forthwith delete the messages.
IB customers who have responded to such messages are advised to change their password immediately and call the MCB on (230) 2026060 without delay.
May we remind you that access codes (be the “User IDs” or “passwords” for Internet Banking or “PIN” for credit and debit cards) are strictly personal and must not be revealed to third parties or used otherwise than in the appropriate authenticated environment.
Rest assure that all possible steps are taken to promptly ban the fraudulent domains and to inform our customers not to respond to these fraudulent attempts.

We reiterate our thanks for advising us of this issue and assure you of our best services at all times.

Mauritius Tourism Promotion Authority (MTPA) Official Website Vulnerable

Ish Sookun, Mauritian Linux enthusiast and blogger who discovered vulnerability on the MNIC website recently is back with another ‘data leaking’ discovery. The vulnerabilities this time is on the official website of Mauritius Tourism Promotion Authority (MTPA).
According to Mr Sookun, 269,146 email addresses are publicly available. This is because the directories where the files are kept on the server allow public access. As he stated in his blog post, this database would be a gold mine for spammers.
Not satisfied with this, he decided to do some further search by visiting other directories.He was once again shocked when he came across two  administrator’s unencrypted credentials, that is, usernames and plain text passwords. One was for the blog MySQL database and the other for the newsletter application.  Mr Sookun reported this issue to CERT-MU and at the time of publishing, he stated he hasn’t received any reply from them.

Source: [Click Here!]

Dropbox Blames Third Party Services For Credentials Leaked

A series of dropbox credentials are being posted on pastebin and Reddit since Monday. These documents consist of user email addresses and passwords in plain text. In each of these pastebin documents, the hacker has been writing a message stating that there is around 6,937,081 accounts which has been hacked and has given a bitcoin account number so that people donates for the hacker to release more. The message goes as follows,
"Dropbox Hack Second Teaser.
As promised here is another batch of Hacked Dropbox accounts from close to 7 million total hacked accounts.
We will keep releasing more to the public as donations come in, show your support.
Send bitcoin donations to 1Fw7QqUgzbns7yWHH32UnmMxmMMwu6MC6h
Enjoy! More to come. As previously, all Dropbox logins are in the same format, login:Password"

Dropbox through a blog post stated that they were not hacked. They added that the usernames and passwords were stolen from unrelated services and attackers are using these credential to try to log into dropbox accounts. Dropbox is advising its users to enable the 2 step verification in their account.

Source:[Dropbox Blog]

The Snappening : SnapSaved.com Hacked and Database Leaked On The Internet

SnapSaved.com is a third party service which allowed users of Snapchat to save senders image and videos without the latter knowing about it. On 11th October 2014, SnapSaved.com published a post on its official Facebook Page stating that SnapSaved.com was hacked.

The private images and videos have been leaked on Torrent and 4chan under the name of "Snappening".  The name came after the recent event where celebrities’ naked pictures were leaked on the internet, The frappening. According to the threads on 4Chan, around 200,000 pictures and videos are in this Snappening leak.

In the Facebook post, Snapsaved.com stated that they had a misconfiguration in their Apache server and that SnapChat has not been hacked. All the images are from snapsaved.com's database. Find below the full Facebook Post,

"I would like to elaborate on the recent events regarding Snapsaved.com
Snapsaved.com Was a website used to save SnapChat's, precisely as the app snapsave.
In response to recent media events and the statement made by http://pastebin.com/cJcTbNz8, I would like to inform the public that snapsaved.com was hacked, the dictionary index the poster is referring to, was never publicly available. We had a misconfiguration in our Apache server.
SnapChat has not been hacked, and these images do not originate from their database.
Snapsaved has always tried to fight child pornography, we have even gone as far, as to reporting some of our
Users to the Swedish and Norwegian authorities.
As soon as we discovered the breach in our systems, we immediately deleted the entire website and the database
Associated with it. As far as we can tell, the breach has effected 500MB of images, and 0 personal information
From the database.
The recent rumors about the snappening are a hoax. The hacker does not have sufficient information to live up to his claims
Of creating a searchable Database.
Our users had to consent to all the content they received via SnapSaved.com, as we mentioned, we tried to cleanse the database of inappropriate images as often as possible.
The majority of our users are Swedish, Norwegian and American.
I sincerely apologize on the behalf of snapsaved.com we never wished for this to happen. We did not wish to cause SnapChat or their users any harm, we only wished to provide a unique service."


Beware of Vodafone New Message Phishing Scam

A new phishing email pretending to be from Vodafone is at the moment making the round. This scam can make plenty of victims if it hits the right audience as Vodafone has many customers who keep the voice message service activated.

The phishing email is very simple,
"Subject: Vodafone New Message
Dear Customer,
You have one unread Message on your Online Vodafone Account.
VIEW YOUR MESSAGE
Regards,
2014 Vodafone Limited
"

The recipient is provided with a link in the mail, which redirects he/she to a fake website identical to the original login page of Vodafone. Once the recipient enters the username and password, the credentials are sent to the crooks behind the scam.  These credentials can be used to hijack accounts.

We advise our readers to be vigilant.

13 year old China Youngest Hacker Wants to Be a White Hat

Wang Zhengyang, only 13 and is known in his country as the youngest hacker.He has been attracting the press during the China Internet Security Conference which took place from the 24th to 25th September.
Wang who is a student from a junior high school affiliated with Tsinghua University in Beijing said that he would like to be known as an ethical hacker or a white hat. He stated that he hacked his school website to avoid submitting homework. He also hacked an online store, after he discovering a flaw, to alter the price of an item from 2500 Yuan to 1 Yuan. Wang stated that he did notify the store about the vulnerability and has not purchased the item.
Earlier this year in April, he contacted a software company in Beijing to report about vulnerabilities he discovered which could affect over 100 educational institutions in the country.

Wang said:
"I think those who hack all day for profit are immoral,".."It is interesting to look for website security risks and I am overwhelmed with joy when I find one. But I will not use my talent for something illegal."

He added,
"By attending the conference, I want the other to notice me and know that someone my age could work on internet security,"

Source:[Want China Times]

Beware of Red Cross Job Offer Scam Email

An email pretending to be from Red Cross is at the moment making the round in which it is saying that Red Cross is recruiting staffs. The newly recruited staff will be paid $250 / €200 per day. A series of job positions have been listed in the email and those interested are requested to fill in the 'form' and to pay an enrollment fee.

This email is not from Red Cross and we advise our readers to ignore this email if they received it. This is  a way for cyber criminals to collect easy money.

Source:[Hoax-Slayer]

New Android Trojan Wipes Data and Blocks Communication

Security Researchers from Dr.WEB discovered a new android malware posing as Angry Bird Transformers. It has been categorised as a "vandal programs" as researchers has not find any code which indicates that the creators of the malware will have any financial benefits from it.
These types of malicious programs are rare nowadays and are done only to show the programming skills or to make mischief. Dr.Web added the malware to its database under the name of Android.Elite.1.origin.
Once this malware is granted permission, it starts formatting the SD card. The malware also blocks access to popular messengers like whatsapp messenger, hangouts or standard SMS application by displaying a message "OBEY or Be HACKED".
Adding to these, the Trojan also sends a text message to all contacts on the device which goes as follows,
"HEY!!! [contact_name] Elite has hacked you. Obey or be hacked.
A similar text is sent as a reply to all incoming SMS from valid mobile phone numbers:
Elite has hacked you.Obey or be hacked."

We advise our readers to be cautious and to install application from trusted developers only.

Source: [Dr.WEB News]

Are Free Public Wifi Networks Safe?


Recently the Minister of Information and Communication Technology of Mauritius, Mr Tassarajen Pillay Chedumbrum has launched a project of providing free wifi internet connection to the public. 150 spots were identified and some of them are already operating. People in the wifi range will take full advantage of this free service. Like them, hackers will also take full advantage of this service to harvest personal information(data) of the users.
As such, to raise awareness for these free wifi users, we thought of sharing  some security risks which users may face when using free wifi connections.

Sniffing of unencrypted data
When you connect to an open wifi network, the network is normally unencrypted because you don't have to enter any password to connect. Thus, if a hacker is connected to the same free wifi network, he/she can easily see what webpages you are visiting and what form you are submitting, example logging in your Facebook account.
This is done by using network sniffing tools,which are freely available online. These tools capture packet sent and received on the network.These packet are later analysed and very often, username and passwords can be retrieved from them.

Rogue Access Point
When connecting to a public network, it is difficult to identify whether it is a legitimate network or a rogue access point. In these rogue access point, the user is sent to fake webpages identical to legitimate ones. Once the user enters his or her personal credentials, the hacker get holds of these. These credentials can be used for account hijacking.

Network File Sharing
Wrongly configuring your network file sharing option can allow other users on the same network to have access to your device and view or even copy your personal data. For example, if the folder in which you keep your pictures is visible on the network, other users will be tempted to see what's in.

Our advise

  • Do not make bank transaction on free Wi-Fi connection.
  • Do not use websites where you have to enter credentials (username and password)
  • Use up to date antiviruses.

Steve-O Twitter Account Hacked after Challenging iCloud Hackers

Steve-O has challenged the iCloud hackers to get into his account. Yesterday, 23 September, he twitted that he recently added some nude pictures of himself in his iCloud account and wanted to know how good the hackers were.


We noticed some minutes ago that Steve-O twitted that he is thanking twitter for getting him his account back. He even congratulated the hacker who was able to get hold of his official account.


Was the challenge accepted by hackers?

36th International Conference of Data Protection and Privacy Commissioners in Mauritius

Mauritius Data Protection Office is hosting the 36th International Conference of Data Protection and Privacy Commissioners. The event will take place at the Intercontinental Resort Balaclava from 13 to 16 October 2014.
Several international participants will be present and will be talking about the importance of data protection and privacy. The conference will be divided in two sessions, a closed session where only members of the committee will be able to participate, and an open session. The open session is open to the public. Those interested will have to register themselves on the official website of the 2014 Conference and complete the payment.
More can be read from official website here: [Data Protection 2014]

Data Encryption By Default in New Version of Android

Google confirmed on Thursday that the next version of Android will encrypt data by default. This will prevent both thieves and law enforcement officials to gain access to personal information running the mobile operating system.
Optional encryption has been present in some devices since 2011, but,  according to security experts, only few user knew how to turn the feature in. As such, Google will make the encryption take place automatically(by default). Only people who enter the device's password will be able to see the pictures, videos and communications stored on the device.

"For over three years Android has offered encryption, and keys are not stored off of the device, so they cannot be shared with law enforcement," Google said in a statement. "As part of our next Android release, encryption will be enabled by default out of the box, so you won't even have to think about turning it on."

Source:[Washington post]

Bitcoin Creator Satoshi Nakamoto's Email Hijacked

A hacker using the name of Jeffrey is claiming to be having control of the email of the Bitcoin founder Satoshi Nakamoto. He also stated that he obtained information about Nakamoto that could be used to identify him. Jeffrey posted a pastebin document where it was written that he is offering to trade Nakamoto’s personal data for 25 Bitcoins. He provided his Bitcoin address for those interested and also added two screenshot of the inbox of the email hijacked.
 
Message on pastebin:
Releasing the so called "gods" dox if my address hits 25 BTC.
And no, this is not a scam, you can see the below screenshots for proof of inbox ownership and a little teaser.
BTC:[account removed]
Same one posted on p2pfoundation^
Teasers:[images link removed]

It is still unclear how Jeffrey took over the email of Satoshi Nakamoto. Through this email address, the hacker seems to have taken control of different other accounts. On Monday he posted a message on the P2P Foundation forum where the following was written,
Dear Satoshi. Your dox, passwords and IP addresses are being sold on the darknet. Apparently you didn't configure Tor properly and your IP leaked when you used your email account sometime in 2010. You are not safe. You need to get out of where you are as soon as possible before these people harm you. Thank you for inventing Bitcoin.

On Monday itself, the head administrator of Bitcointalk discussion forum stated that he received a message from an old email of Satoshi which led him to believe that the account had been compromised.
Today I received an email from satoshin@gmx.com (Satoshi's old email address), the contents of which make me almost certain that the email account is compromised. The email was not spoofed in any way. It seems very likely that either Satoshi's email account in particular or gmx.com in general was compromised, and the email account is now under the control of someone else. Perhaps satoshin@gmx.com expired and then someone else registered it.
Don't trust any email sent from satoshin@gmx.com unless it is signed by Satoshi. (Everyone should have done this even without my warning, of course.)
I wonder when the email was compromised, and whether it could have been used to make the post on p2pfoundation.ning.com. (Edit: I was referring here to the Dorian Nakamoto post. After I posted this, there was another p2pfoundation.ning.com post.)

Pastebin Document: http://pastebin.com/7gbPi8Qr
P2P Foundation Forum Message: [Click Here!]
BitcoinTalk Forum Statement: [Click Here!]

Source: WIRED

5 Million Google Accounts Leaked

A database containing 5 millions of Google account was leaked on a Bitcoin Security board late on the 9th September 2014.These accounts gives access to  Gmail mail service, G+ social network and other products of the US-based internet giant. The forum user, tvskit, who published this database, stated that 60% of these credentials were still valid.
Users who want to check if their account's credential has been leaked can visit isleaked.com, a service which will check whether your account is in the list. Any user who's fallen victim of the leak is advised to change his/her password immediately and to turn on the TWO-FACTOR ATHENTICATION service on their account.

Source:[RT]

Adobe Flash Player 15 Fixes 12 Vulnerabilities

Adobe Flash Player 15.0.0.152 which was released on Tuesday fixes a total of 12 vulnerabilities. Many among these could be exploited for code execution. These flaws affect Flash Player 14 and all previous versions for Windows and Mac.

These updates resolve memory leakage vulnerabilities that could be used to bypass memory address randomization (CVE-2014-0557)
These updates resolve a security bypass vulnerability (CVE-2014-0554).
These updates resolve a use-after-free vulnerability that could lead to code execution (CVE-2014-0553).
These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2014-0547, CVE-2014-0549, CVE-2014-0550, CVE-2014-0551, CVE-2014-0552, CVE-2014-0555).
These updates resolve a vulnerability that could be used to bypass the same origin policy (CVE-2014-0548).
These updates resolve a heap buffer overflow vulnerability that could lead to code execution (CVE-2014-0556, CVE-2014-0559).

We advise our readers to update their Flash Player as soon as possible.

Source:[Adobe Security Bulletin]

37 Cape Verde Government Websites Defaced By Bangladesh Grey Hat Hackers

After defacing McDonald website last week, Bangladeshi hacker of Bangladesh Grey Hat Hackers, Ablaze Ever, defaced 37 Cape Verde Government Websites this time. The US Embassy, National Police of Cape Verde, and National Portal of Cape Verde were included.
At the time of publishing, all the websites were under construction. A list of all the website and mirrors is available below.
List of all websites defaced: [Click Here!]

Mauritian Government Sub Domain Compromised

Hacker using the codename of Maniak k4sur defaced a sub-domain of the Mauritian Government website. The hacker uploaded a defaced page on which the following message was written,
"« Maniak k4sur w4z here !! »"

At the time of publishing, the webpage was edited on which  "This page is under construction" message was seen. The news came as a comment on Mauritian Linux enthusiast Ish Sookun blog around 19hr.

We seized this opportunity to do some further search and discovered that this particular sub domain has been defaced twice. Below are mirrors of each time it was reported defaced,

2014-08-18 09:25:01
http://www.zone-h.org/mirror/id/22796257

 2010-10-01 00:09:45
http://www.zone-h.org/mirror/id/11723437

#‎OpIsraelReborn‬: AnonGhost Hacked 130+ Israeli Websites

Mauritania Hackers have defaced over 130 Israeli websites in an operation called #‎OpIsraelReborn. The same defacement page was uploaded on each of these websites. By the time of publishing, many of these websites were restored. Mirrors and the full list of websites defaced have been provided below for our readers.
List of all defaced Websites:

McDonalds Indonesia Website Sub-Domains Hacked By Bangladeshi Hacker

Bangladeshi hacker who is a member of the Bangladesh Grey Hat Hackers and using the codename of Ablaze Ever defaced two sub domain of the official website of McDonald Indonesia. The same defacement page was uploaded on each sub-domain on which the following message was written,

"Hacked by Ablaze Ever
McDonald's Indonesia has been Hacked by Bangladesh Grey Hat Hackers
Our message to all stinky Israelis: You were born to go to Hell, you keep attacking our brothers and sisters,We keep attacking on your cyberspace. Last but not Least, "Allahu Akbar"
Gretz To: BD Xtor - Rotating Rotor - Cr4Ck Br41N - Murkho Manob - Ly Ly - Core Tuner - Chy - Dark Fox - Red Core - Sharif - Bokamanus - Asotha - Pakhi - Doremon - Fakessh - Salim - Himel - Dracula And All Muslim Hackers
ablaze_ever@yahoo.com
© BD GREY HAT HACKERS
"

At the time of publishing, both webpage were unavailable.Mirror of how they looked at the time of defacement has been provided below. Along with this, a series of other websites were defaced by another Bangladeshi hacker of the same hacking group.The list has been provided below.

Sub-domains Defaced:
http://order.mcdonalds.co.id/
http://myhappybox.mcdonalds.co.id/

Mirrors:
http://zone-h.org/mirror/id/22853184
http://zone-h.org/mirror/id/22853185

List of all other websites defaced:
http://pastebin.com/iGc26Lzv

Mauritian Expert Witness Demonstrated How Data Can Be Stolen From The Biometric ID Card

After granted persmission yesterday by the Judge Eddy Balancy, every eyes were on the Mr Sookun today. He had to do a presentation but this was not projected as State lawyers stated that they do not have an expert to refute his sayings. The Judge therefore confirmed his findings which will be considered as evidence.
Mr Sookun showed how data stored on the Biometric ID Card can be copied to a laptop by using a simple RFID Card reader. The card reader can capture the data from a distance of 5 centimeters, as such, the holder of the card reader does not really need to have the card in hand to get the data.
He added that this type of card reader are easily available for sale on the internet and has been buying one himself. The card reader did get through the custom office without any problem.
He also talked about the vulnerabilities on the MNIC website where he was able to retrieve personal information of 67 people. According to him, the way of coding gives the impression that these were written by script kiddies, that is, those having a very low level of coding experience.
Mr Sookun did not miss this opportunity to talk about the vulnerabilities on the Government website (www.gov.mu) caused by the "mis-managing" of the Sharepoint. As such, the website can easily fall prey to hackers. The Linux enthusiast mentioned that the Government domain name was also registered by a private company, Internet Direct Limited.

The next hearing is due for Monday 8th September 2014 and the Judge said that Tuesday could be the last one.

Thanks to Mr Ish Sookun who provided us with the information for this article

Mauritian Linux Professional Granted Permission To Be An Expert Witness In Court

The young Mauritian Linux enthusiast and blogger who discovered vulnerability on the MNIC website, Ish Sookun, was granted the permission by Judge Eddy Balancy to do a presentation as a witness. The State who was represented by Rabindra Namdarkhan, argued that Mr Sookun cannot give his expert knowledge because he has no academic degree.
Mr Sookun stated that he is a Linux Certified Professional and has aquired knowlegde in the field through practical experience. The judge was satisfied with the explanation and agreed that Ish does the presentation on the next hearing, 5th September 2014.

On the other side, a message relating to the last date for registration of the new ID card was posted on the official page of No to biometric data on ID card. The messages go as follows:
"MNIIC is now giving the 30TH OF SEPTEMBER as the last date for registration when being asked today. That date was already stated in court before the Supreme Court went on holiday in August. MNIC seized the opportunity to give false date to pressurize people. We are sorry for those who went to do the card in fear. Follow the news and our group closely because this date can be postponed at any time. All we are asking now is to be patient.

MNIIC nous a informé de la prolongation de la date limite pour le renouvellement de vos cartes; soit jusqu'au 30 septembre 2014. Cette date avait déjà été annoncée lors de l'audience en Cour Suprême en Août avant que celle-ci ne soit en vacances. MNIC a depuis manqué d'informer la population de cette prolongation laissant planer le climat de pression à l'arrivée de la précédente date butoir. Nous sommes désolés pour ceux qui pris de peur sont allés faire leur carte. Nous vous invitons à consulter régulièrement notre page afin de recevoir les dernières informations. Il se pourrait que cette date soit à nouveau revue. Il nous faudra être patient et nous comptons sur vous.
"


Apple confirms,iCloud System Was Not Breached

During the weekend, nude pictures of several celebrities were leaked on the internet. The hacker stated that these were obtained from their iCloud account. As soon as Apple came to know about the incident, they gathered all their engineers to find out if there was any vulnerability which has been breached by the hacker.
More than 40hours were spent on investigation and Apple discovered that certain celebrities’ accounts were compromised by attacking on username, password and security question, that is, by techniques like brute force and social engineering.

The statement of the company stated:
"None of the cases we have investigated has resulted from any breach in any of Apple’s systems including iCloud® or Find my iPhone."

The company is still working with law enforcement to identify the hackers behind this attack. The company is also advising its customers to use strong password and enable two-step verification.

Source: [Apple Press]

Hacker leaks Nude Pictures of Several Celebrities

An anonymous hacker has published several naked pictures of celebrities which he said he obtained from their iCloud accounts. A total of 17 celebrities picture were posted on 4Chan during the weekend. The hacker also posted a list of all the celebrities of whom he has personal picture, 100 celebrities in total.

Mary Winstead has tweeted that these pictures of her were deleted long ago.
Actress Jennifer Lawrence has a small collection of her photos leaked.  Ariana Grande whose pictures as well has been posted stated that these were fake. What remains unclear is, how did the hacker obtained all these pictures from the iCloud account? Is it mere password guessing, social engineering or by breaking into the system?
At the time of publishing, administrators of 4Chan have blocked access to these threads as these victims are high profile personality. There will surely be strong investigation which will follow.

Stanford University Website Hacked By Indian Hacker SaHoo

After defacing MIT website last week, Indian hacker using the codename of ~Sahoo~ penetrated and uploaded a defacement page on Stanford University website two days back. At the time of publishing, the website was still holding the defacement page on which the following message has been written,
"Hacked by ~SaHoo~
 Stanford University g0t 0wned!!! Shocked???
Indian Hacker ~SaHoo~ was here!!!
FEEL THE POWER
/.logout
"

Url Defaced:
stanford.edu/~mclindon/cgi-bin/
web.stanford.edu/~mclindon/cgi-bin/

Mirrors:

No To Biometric Data On ID Card Platform Calls For Civil Disobedience

Since the announcement of the new Biometric ID Card in Mauritius, many activists, including high profile personality have been working together to stop this implementation. Several cases have been lodge in Courts and among these; the most awaited one will be heard on September 3rd.

What everyone is waiting for is the presentation of Nitin Sookun, the young Mauritian Linux enthusiast and blogger who discovered vulnerability on the MNIC website. Nitin will be a witness in the case and will also do a presentation. As such, the platform No to biometric data on ID Card is asking all those against this new ID card to be present on the day of the case at Port-Louis, in front of the Supreme Court of Mauritius as from 9 am.

The invitation has been sent to 1.3k people through an 'event' on Facebook (link below). This has been described as "the voice of the new generation".


Event Created On Facebook: [Click Here!]
Official Page of the Platform: [Click Here!]

Beware of Facebook Scam Post Disgracing Respected Mauritian Barrister

 

For the past two days, a post on a Facebook page called "BOGUS AGENT" is making the round. In this particular post, the owner of the page has published fake news regarding a respected Mauritian barrister. To our great surprise, we noticed that many Mauritians are sharing, commenting and tagging their friends to this fake article.

According to the post, the barrister in the picture is being disgraced and they stated that if any person who knows where the barrister is should report him to The Office of the Immigration Services Commissioner UK for giving fake advice. We would like our readers to know that this is a SCAM! Do not share or comment on these types of fake post.

Talking to the barrister in question, he stated that he has already lodged a complaint at the Cybercrime of Mauritius and the National Computer Board. The police are investigating into the matter.

Anatomy of the SCAM post
The picture was taken from a recent interview of the barrister which appeared in a local newspaper where he has been talking about immigration problem which people faces. The page owner edited the picture and added some unpleasant comment on it.
The story of the first two paragraphs is related to the interview. It seems that the Facebook page owner has based himself of the comments of the articles.
The rest of the post is merely a copy of what has been written on the Home Office website regarding complaints.
A mixture of all these was made and posted on the page.

We advise our readers to report the page and not to believe, share or comment any post which they are not sure of.

Recent Interview Which appeared: [Click Here!]
Home Office Article Copied: [Click Here!]

Facebook Page: https://www.facebook.com/pages/BOGUS-AGENT/695406010522769

Dropbox For Business Increases Security Features For Users

Users having Dropbox For Business are having new security features. This was announced on the official Dropbox blog on Tuesday 19th August. These tree new features will allow the users to better manage their content via Dropbox links.
 
The three new features are:
  • View-only permissions for shared folders
  • Passwords for shared links
  • Expirations for shared links

 “Dropbox for Business has increased our team’s productivity and efficiency dramatically. With view-only permissions for shared folders, we can easily provide our entire sales teams with the latest tools while giving only a few people the ability to make edits. We’re working together better than ever.” said Geoff Stevens, the IT Technical Analyst & Network/Systems Administrator.

Source:[Dropbox Blog]

Massachusetts Institute of Technology Subdomain Hacked By Indian Hacker ~SaHoo~

Indian Hacker using the codename of "~SaHoo~" defaced the sub domain of MIT (Massachusetts Institute of Technology). The following message was written on the defacement page:
"Hacked by ~SaHoo~
Massachusetts Institute of Technology (MIT) g0t 0wned!!! Shocked???
Indian Hacker ~SaHoo~ was here!!!
FEEL THE POWER
/.logout
"

By the time  of publishing, the defacement page was unavailable. A mirror of how it looked has been provided below.

Facebook Pedophile Jailed For 14 Months After Victim's Mother Turned Detective

In Cardiff Crown Court, Adam Brown, 21, who changed his name to Logan Brown, was jailed for 14 months after he admitted that he sexually grooming a kid on Facebook. The mother left her son and other children with their grandmother when she left for work. When she returned back, she noticed that her son was not at home. She called him and asked where was him, the boy replied that he was out for a walk.

'She got back in her car, found him and confiscated his phone and later his computer, insisting he gave her the passwords." ... 'The conversation she saw online between her son and the defendant made her feel sick.' said Prosecutor Gareth James

It all started when the boy clicked 'like' on one of the predator's video. Adam replied to the post by asking the boy to be his Facebook friend.

"He told him he was cute and then made a sexual suggestion".."Then he said he might commit suicide if he didn't reply and there was an agreement to meet up in a park. The child left his home in the early hours and the defendant met him and gave him a hug. The boy thought the whole thing was weird and returned home where his mother immediately contacted Adam Brown and told him to block contact with her son. But instead, shortly after, he contacted the boy again, telling him, "I have just spoken to your Mum - you are an amazing guy - all I want is for you to be happy" and following it with "you and I are having to have a good chat later, ok Hun?" Added Mr. James

When Adam was arrested by the police, he said he wanted to kiss the boy but would not have done anything more.

Recorder Wyn Lloyd Jones said 'You preyed on the mind of a young boy, threatening to kill yourself and saying he would responsible for assisting a suicide,"

Source:[Dailymail]

Beware of Ebola Virus Epidemic Phishing Scams


 
Security researchers from Symantec have discovered several phishing scams making the round recently. These emails claim to be providing news and reports about the Ebola virus which struck the western Africa region.
One of the phishing campaigns pretends to be a breaking news from CNN. It gives a brief story and a added a links to and "untold story". Once a recipient click on the link, he/she is directed to a page where they recipient will have to select an email provider and then insert the email login information. These are collected by the cybercriminal behind the scam. After clicking on the submit button, the user is directed to the official CNN website.

Another identified phishing email is where a person receives a mail containing some attachment pretending to be reports of Ebola. Once the user downloads and opens it, the machine is infected by Zeus Trojan, also known as Zbot. If you have an up to date antivirus, it will detect it immediately.
A more complex in nature has also been identified. The email contains a file purporting to be a PDF presentation. Once executed, a newly discovered Trojan is installed on the machine. Symantec has identified this Trojan as Blueso. “The malware is also crafted to inject W32.Spyrat into the victim’s Web browser,

We advise our readers to me vigilant. Do not download and open any file from untrusted emails.

Source:[Symantec]

1200+ Indian Websites Hacked and Defaced By Kashmir Cyber Army

A total of 1216 Indian websites were hacked and defaced by members of the hacking group Kashmir Cyber Army on the occasion of the Indian independence day, 15 August. The same defacement page was uploaded on each of these websites.
By the time of publishing, most of them were restored. A full list of all the websites was uploaded on pastebin.
Link to pastebin document : [Click Here!]

Latest Google Chrome 36 Stable Fixes 12 Vulnerabilities

Google Chrome 36 Stable Release Fixes 12 Vulnerabilities

A total of 12 vulnerabilities were addressed in the latest Google Chorme release. Some of the vulnerabilities were discovered by external security researchers and were awarded.
Collin Payne was awarded $2000 for discovering use-after-free security flaw (CVE-2014-3165) in web sockets. Another researcher, Antoine Delignat-Lavaud, discovered a vulnerability which could disclose information in SPDY.

We advise our readers to update their Google Chrome to the latest stable version.

Source:[Chrome Releases]

Domain Registrar And Web Hosting Company Namecheap Suffered DDoS Attack

The ICANN-accredited domain registrar and web hosting company Namecheap announced today that they suffered a DDos attack against their default DNS system V2.By the time of publishing, the problem was already resolved. During the attack, Namecheap has been advising its customers to use their backup DNS System v1 as an alternative. They provided detailed steps for customers to make the change.

Customers were also updated about new development regarding the issues.

Update @ 6:32 EDT | 10:32 GMT
We are currently experience an extremely large attack on our DNS infrastructure. Up to 50% of our DNS servers are affected, resulting in some downtime. We are working on the issue and are changing the DDoS filters we have in place as we work to mitigate this DDoS attack.

Update @ 6:58 EDT | 10:58 GMT
The target of the DDoS attack has been located. We are working to filter out the malicious DDoS traffic now. We expect to have an ETA on service resolution soon.

Update @ 7:35 EDT | 11:35 GMT
We are still working on filters to stop all of the DDoS traffic. Your patience and understanding in this matter are highly appreciated.

Update @ 8:15 ETD | 12:15 GMT
We continue to filter the attack, and expect over 50% of our DNS infrastructure to be back online in under 30 minutes. All of our technical staff and management are mobilized and we are working with our upstream providers and DDoS mitigation services to bring all services back online ASAP.

Updated @ 8:50 EDT | 12:50 GMT
Our DNS infrastructure is now fully back in production. With any attack we experience, we fully investigate the attack and the defense mechanisms we have in place. We employ the leading DDoS defense and mitigation solutions at all levels of our infrastructure and continue to do all that we can to fight off these malicious attacks. Thank you for your patience during the issue this morning.

Source: [Namecheap]

Cybercrime Workshop: Mauritian ICT Minister Announces a Strengthening of Laws

A workshop of four days on cyber-crime has been launch in Mauritius today, 11th August. During this event, the Mauritian ICT Minister stated that Mauritius is not sufficiently equipped to fight cybercrimals and as such, the ICT Ministry is working on the development of a Cyber Security Strategic Plan. The Minister stated that there is an urgent need to strengthen the existing legislation to deal with this problem. The plan, which will be ready by the end of the year, will help the authorities to better understand issues relating to cyber crime. The government will take expert advice from the Council of the European Union.

Source:[L'express]

Bell Canada Hacker Arrested and Charged

Last Friday the police arrested a teen hacker, who they believed is a member of the hacktivist group called NullCrew. This arrest was carried out in relation to the hacking incident which took place in February 2014 where a third party IT supplier of Bell telecommunications company was targeted.
During an interview, a representative of the group stated that they did inform Bell about this vulnerability but nothing was done. They exploited it and were able to get access to customer's information. In a press release from Bell Canada, it was announced that a total of 22421 usernames and passwords of Bell small-business customers had been posted on the Internet the previous weekend. There were also 5 valid credit cards which were leaked.

The teenager has been changed with one count of unauthorized use of computer and two counts of mischief in relation to data.

Source:[Click Here!]
The NullCrew Interview: [Click Here!]

Mozilla Firefox 30 Released, 7 Security Fixes Addressed

Internet browser Firefox 30 has been released officially. A total number of 7 security flaws have been addressed among which, 5 have been marked as critical. The remaining two are labeled as having high security impact.

Fixes in Firefox 30:
  • MFSA 2014-54 Buffer overflow in Gamepad API
  • MFSA 2014-53 Buffer overflow in Web Audio Speex resampler
  • MFSA 2014-52 Use-after-free with SMIL Animation Controller
  • MFSA 2014-51 Use-after-free in Event Listener Manager
  • MFSA 2014-50 Clickjacking through cursor invisability after Flash interaction
  • MFSA 2014-49 Use-after-free and out of bounds issues found using Address Sanitizer
  • MFSA 2014-48 Miscellaneous memory safety hazards (rv:30.0 / rv:24.6)

Adding to this, there have been some extra features which were added, such as:
  • Sidebars button in browser chrome enables faster access to social, bookmark, & history sidebars
  • Mac OS X command-E sets find term to selected text
  • Support for GStreamer 1.0

We advise our readers to update their Firefox to get the latest security fixes and also to enjoy the new features added.

Source:[Mozilla]

Beware of Fake British Airways ‘Your Flight Ticket Not Activated’ Scam Email Distributing Malware

An email pretending to be from British Airways, title as Your flight ticket is not activated yet, is at the moment in circulation. The email contains a zip file which contains malware installer.
This email is not from British Airways and we advise recipients not to open it. This email claims that your air flight ticket has not yet been activated and to activate it, you are advice to download the zip attachment. Once you open the zip file, you will find a file with .exe extension and if you open the .exe file, you can install the malware on your device. Malwares usually collect personal and sensitive information such as password and usernames. They can also install other unwanted programs.

We request all those who received the email to ignore and delete it. Those who already opened the .exe file,  update your antivirus and do a complete scan of your device and change all your login credentials.

Source:[Hoax Slayer]

North Bengal International University Website Hacked By Myanmar Hackers

Members of the hacking group Myanmar Hackers United defaced the official website of the North Bengal International University Rajshahi , Bangladesh. The hackers uploaded an animated defacement page where they added the map of their country and the following message,
"We are HACKTIVISTS for POLITICAL OUTCOMES & JUSTICE for what we've lost.
At the time of publishing, the website was still defaced. The defacement was announced on their official Facebook fan page which is followed by over 7000 fans.

Website:
http://www.nbiu.edu.bd/
Mirror:


Visitors

Free counters!

Translate

MauriHackerS - Providing Latest IT Security and Hacking News !