Are Free Public Wifi Networks Safe?


Recently the Minister of Information and Communication Technology of Mauritius, Mr Tassarajen Pillay Chedumbrum has launched a project of providing free wifi internet connection to the public. 150 spots were identified and some of them are already operating. People in the wifi range will take full advantage of this free service. Like them, hackers will also take full advantage of this service to harvest personal information(data) of the users.
As such, to raise awareness for these free wifi users, we thought of sharing  some security risks which users may face when using free wifi connections.

Sniffing of unencrypted data
When you connect to an open wifi network, the network is normally unencrypted because you don't have to enter any password to connect. Thus, if a hacker is connected to the same free wifi network, he/she can easily see what webpages you are visiting and what form you are submitting, example logging in your Facebook account.
This is done by using network sniffing tools,which are freely available online. These tools capture packet sent and received on the network.These packet are later analysed and very often, username and passwords can be retrieved from them.

Rogue Access Point
When connecting to a public network, it is difficult to identify whether it is a legitimate network or a rogue access point. In these rogue access point, the user is sent to fake webpages identical to legitimate ones. Once the user enters his or her personal credentials, the hacker get holds of these. These credentials can be used for account hijacking.

Network File Sharing
Wrongly configuring your network file sharing option can allow other users on the same network to have access to your device and view or even copy your personal data. For example, if the folder in which you keep your pictures is visible on the network, other users will be tempted to see what's in.

Our advise

  • Do not make bank transaction on free Wi-Fi connection.
  • Do not use websites where you have to enter credentials (username and password)
  • Use up to date antiviruses.

Steve-O Twitter Account Hacked after Challenging iCloud Hackers

Steve-O has challenged the iCloud hackers to get into his account. Yesterday, 23 September, he twitted that he recently added some nude pictures of himself in his iCloud account and wanted to know how good the hackers were.


We noticed some minutes ago that Steve-O twitted that he is thanking twitter for getting him his account back. He even congratulated the hacker who was able to get hold of his official account.


Was the challenge accepted by hackers?

36th International Conference of Data Protection and Privacy Commissioners in Mauritius

Mauritius Data Protection Office is hosting the 36th International Conference of Data Protection and Privacy Commissioners. The event will take place at the Intercontinental Resort Balaclava from 13 to 16 October 2014.
Several international participants will be present and will be talking about the importance of data protection and privacy. The conference will be divided in two sessions, a closed session where only members of the committee will be able to participate, and an open session. The open session is open to the public. Those interested will have to register themselves on the official website of the 2014 Conference and complete the payment.
More can be read from official website here: [Data Protection 2014]

Data Encryption By Default in New Version of Android

Google confirmed on Thursday that the next version of Android will encrypt data by default. This will prevent both thieves and law enforcement officials to gain access to personal information running the mobile operating system.
Optional encryption has been present in some devices since 2011, but,  according to security experts, only few user knew how to turn the feature in. As such, Google will make the encryption take place automatically(by default). Only people who enter the device's password will be able to see the pictures, videos and communications stored on the device.

"For over three years Android has offered encryption, and keys are not stored off of the device, so they cannot be shared with law enforcement," Google said in a statement. "As part of our next Android release, encryption will be enabled by default out of the box, so you won't even have to think about turning it on."

Source:[Washington post]

Bitcoin Creator Satoshi Nakamoto's Email Hijacked

A hacker using the name of Jeffrey is claiming to be having control of the email of the Bitcoin founder Satoshi Nakamoto. He also stated that he obtained information about Nakamoto that could be used to identify him. Jeffrey posted a pastebin document where it was written that he is offering to trade Nakamoto’s personal data for 25 Bitcoins. He provided his Bitcoin address for those interested and also added two screenshot of the inbox of the email hijacked.
 
Message on pastebin:
Releasing the so called "gods" dox if my address hits 25 BTC.
And no, this is not a scam, you can see the below screenshots for proof of inbox ownership and a little teaser.
BTC:[account removed]
Same one posted on p2pfoundation^
Teasers:[images link removed]

It is still unclear how Jeffrey took over the email of Satoshi Nakamoto. Through this email address, the hacker seems to have taken control of different other accounts. On Monday he posted a message on the P2P Foundation forum where the following was written,
Dear Satoshi. Your dox, passwords and IP addresses are being sold on the darknet. Apparently you didn't configure Tor properly and your IP leaked when you used your email account sometime in 2010. You are not safe. You need to get out of where you are as soon as possible before these people harm you. Thank you for inventing Bitcoin.

On Monday itself, the head administrator of Bitcointalk discussion forum stated that he received a message from an old email of Satoshi which led him to believe that the account had been compromised.
Today I received an email from satoshin@gmx.com (Satoshi's old email address), the contents of which make me almost certain that the email account is compromised. The email was not spoofed in any way. It seems very likely that either Satoshi's email account in particular or gmx.com in general was compromised, and the email account is now under the control of someone else. Perhaps satoshin@gmx.com expired and then someone else registered it.
Don't trust any email sent from satoshin@gmx.com unless it is signed by Satoshi. (Everyone should have done this even without my warning, of course.)
I wonder when the email was compromised, and whether it could have been used to make the post on p2pfoundation.ning.com. (Edit: I was referring here to the Dorian Nakamoto post. After I posted this, there was another p2pfoundation.ning.com post.)

Pastebin Document: http://pastebin.com/7gbPi8Qr
P2P Foundation Forum Message: [Click Here!]
BitcoinTalk Forum Statement: [Click Here!]

Source: WIRED

5 Million Google Accounts Leaked

A database containing 5 millions of Google account was leaked on a Bitcoin Security board late on the 9th September 2014.These accounts gives access to  Gmail mail service, G+ social network and other products of the US-based internet giant. The forum user, tvskit, who published this database, stated that 60% of these credentials were still valid.
Users who want to check if their account's credential has been leaked can visit isleaked.com, a service which will check whether your account is in the list. Any user who's fallen victim of the leak is advised to change his/her password immediately and to turn on the TWO-FACTOR ATHENTICATION service on their account.

Source:[RT]

Adobe Flash Player 15 Fixes 12 Vulnerabilities

Adobe Flash Player 15.0.0.152 which was released on Tuesday fixes a total of 12 vulnerabilities. Many among these could be exploited for code execution. These flaws affect Flash Player 14 and all previous versions for Windows and Mac.

These updates resolve memory leakage vulnerabilities that could be used to bypass memory address randomization (CVE-2014-0557)
These updates resolve a security bypass vulnerability (CVE-2014-0554).
These updates resolve a use-after-free vulnerability that could lead to code execution (CVE-2014-0553).
These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2014-0547, CVE-2014-0549, CVE-2014-0550, CVE-2014-0551, CVE-2014-0552, CVE-2014-0555).
These updates resolve a vulnerability that could be used to bypass the same origin policy (CVE-2014-0548).
These updates resolve a heap buffer overflow vulnerability that could lead to code execution (CVE-2014-0556, CVE-2014-0559).

We advise our readers to update their Flash Player as soon as possible.

Source:[Adobe Security Bulletin]

37 Cape Verde Government Websites Defaced By Bangladesh Grey Hat Hackers

After defacing McDonald website last week, Bangladeshi hacker of Bangladesh Grey Hat Hackers, Ablaze Ever, defaced 37 Cape Verde Government Websites this time. The US Embassy, National Police of Cape Verde, and National Portal of Cape Verde were included.
At the time of publishing, all the websites were under construction. A list of all the website and mirrors is available below.
List of all websites defaced: [Click Here!]

Mauritian Government Sub Domain Compromised

Hacker using the codename of Maniak k4sur defaced a sub-domain of the Mauritian Government website. The hacker uploaded a defaced page on which the following message was written,
"« Maniak k4sur w4z here !! »"

At the time of publishing, the webpage was edited on which  "This page is under construction" message was seen. The news came as a comment on Mauritian Linux enthusiast Ish Sookun blog around 19hr.

We seized this opportunity to do some further search and discovered that this particular sub domain has been defaced twice. Below are mirrors of each time it was reported defaced,

2014-08-18 09:25:01
http://www.zone-h.org/mirror/id/22796257

 2010-10-01 00:09:45
http://www.zone-h.org/mirror/id/11723437

#‎OpIsraelReborn‬: AnonGhost Hacked 130+ Israeli Websites

Mauritania Hackers have defaced over 130 Israeli websites in an operation called #‎OpIsraelReborn. The same defacement page was uploaded on each of these websites. By the time of publishing, many of these websites were restored. Mirrors and the full list of websites defaced have been provided below for our readers.
List of all defaced Websites:

McDonalds Indonesia Website Sub-Domains Hacked By Bangladeshi Hacker

Bangladeshi hacker who is a member of the Bangladesh Grey Hat Hackers and using the codename of Ablaze Ever defaced two sub domain of the official website of McDonald Indonesia. The same defacement page was uploaded on each sub-domain on which the following message was written,

"Hacked by Ablaze Ever
McDonald's Indonesia has been Hacked by Bangladesh Grey Hat Hackers
Our message to all stinky Israelis: You were born to go to Hell, you keep attacking our brothers and sisters,We keep attacking on your cyberspace. Last but not Least, "Allahu Akbar"
Gretz To: BD Xtor - Rotating Rotor - Cr4Ck Br41N - Murkho Manob - Ly Ly - Core Tuner - Chy - Dark Fox - Red Core - Sharif - Bokamanus - Asotha - Pakhi - Doremon - Fakessh - Salim - Himel - Dracula And All Muslim Hackers
ablaze_ever@yahoo.com
© BD GREY HAT HACKERS
"

At the time of publishing, both webpage were unavailable.Mirror of how they looked at the time of defacement has been provided below. Along with this, a series of other websites were defaced by another Bangladeshi hacker of the same hacking group.The list has been provided below.

Sub-domains Defaced:
http://order.mcdonalds.co.id/
http://myhappybox.mcdonalds.co.id/

Mirrors:
http://zone-h.org/mirror/id/22853184
http://zone-h.org/mirror/id/22853185

List of all other websites defaced:
http://pastebin.com/iGc26Lzv

Mauritian Expert Witness Demonstrated How Data Can Be Stolen From The Biometric ID Card

After granted persmission yesterday by the Judge Eddy Balancy, every eyes were on the Mr Sookun today. He had to do a presentation but this was not projected as State lawyers stated that they do not have an expert to refute his sayings. The Judge therefore confirmed his findings which will be considered as evidence.
Mr Sookun showed how data stored on the Biometric ID Card can be copied to a laptop by using a simple RFID Card reader. The card reader can capture the data from a distance of 5 centimeters, as such, the holder of the card reader does not really need to have the card in hand to get the data.
He added that this type of card reader are easily available for sale on the internet and has been buying one himself. The card reader did get through the custom office without any problem.
He also talked about the vulnerabilities on the MNIC website where he was able to retrieve personal information of 67 people. According to him, the way of coding gives the impression that these were written by script kiddies, that is, those having a very low level of coding experience.
Mr Sookun did not miss this opportunity to talk about the vulnerabilities on the Government website (www.gov.mu) caused by the "mis-managing" of the Sharepoint. As such, the website can easily fall prey to hackers. The Linux enthusiast mentioned that the Government domain name was also registered by a private company, Internet Direct Limited.

The next hearing is due for Monday 8th September 2014 and the Judge said that Tuesday could be the last one.

Thanks to Mr Ish Sookun who provided us with the information for this article

Mauritian Linux Professional Granted Permission To Be An Expert Witness In Court

The young Mauritian Linux enthusiast and blogger who discovered vulnerability on the MNIC website, Ish Sookun, was granted the permission by Judge Eddy Balancy to do a presentation as a witness. The State who was represented by Rabindra Namdarkhan, argued that Mr Sookun cannot give his expert knowledge because he has no academic degree.
Mr Sookun stated that he is a Linux Certified Professional and has aquired knowlegde in the field through practical experience. The judge was satisfied with the explanation and agreed that Ish does the presentation on the next hearing, 5th September 2014.

On the other side, a message relating to the last date for registration of the new ID card was posted on the official page of No to biometric data on ID card. The messages go as follows:
"MNIIC is now giving the 30TH OF SEPTEMBER as the last date for registration when being asked today. That date was already stated in court before the Supreme Court went on holiday in August. MNIC seized the opportunity to give false date to pressurize people. We are sorry for those who went to do the card in fear. Follow the news and our group closely because this date can be postponed at any time. All we are asking now is to be patient.

MNIIC nous a informé de la prolongation de la date limite pour le renouvellement de vos cartes; soit jusqu'au 30 septembre 2014. Cette date avait déjà été annoncée lors de l'audience en Cour Suprême en Août avant que celle-ci ne soit en vacances. MNIC a depuis manqué d'informer la population de cette prolongation laissant planer le climat de pression à l'arrivée de la précédente date butoir. Nous sommes désolés pour ceux qui pris de peur sont allés faire leur carte. Nous vous invitons à consulter régulièrement notre page afin de recevoir les dernières informations. Il se pourrait que cette date soit à nouveau revue. Il nous faudra être patient et nous comptons sur vous.
"


Apple confirms,iCloud System Was Not Breached

During the weekend, nude pictures of several celebrities were leaked on the internet. The hacker stated that these were obtained from their iCloud account. As soon as Apple came to know about the incident, they gathered all their engineers to find out if there was any vulnerability which has been breached by the hacker.
More than 40hours were spent on investigation and Apple discovered that certain celebrities’ accounts were compromised by attacking on username, password and security question, that is, by techniques like brute force and social engineering.

The statement of the company stated:
"None of the cases we have investigated has resulted from any breach in any of Apple’s systems including iCloud® or Find my iPhone."

The company is still working with law enforcement to identify the hackers behind this attack. The company is also advising its customers to use strong password and enable two-step verification.

Source: [Apple Press]

Hacker leaks Nude Pictures of Several Celebrities

An anonymous hacker has published several naked pictures of celebrities which he said he obtained from their iCloud accounts. A total of 17 celebrities picture were posted on 4Chan during the weekend. The hacker also posted a list of all the celebrities of whom he has personal picture, 100 celebrities in total.

Mary Winstead has tweeted that these pictures of her were deleted long ago.
Actress Jennifer Lawrence has a small collection of her photos leaked.  Ariana Grande whose pictures as well has been posted stated that these were fake. What remains unclear is, how did the hacker obtained all these pictures from the iCloud account? Is it mere password guessing, social engineering or by breaking into the system?
At the time of publishing, administrators of 4Chan have blocked access to these threads as these victims are high profile personality. There will surely be strong investigation which will follow.

Visitors

Free counters!

Translate

MauriHackerS - Providing Latest IT Security and Hacking News !