PS3 & PSP: PSN services are down following a massive hackers attack

4/27/2011 07:09:00 PM | Written by Shichemt Älen | 0 comments


Sony is revealing the reason for the disabling of the PSN: hackers succeeded in hacking and stealing personal information of the service’s users.

Do you have a PSN account? Your personal details may be in danger. In an announcement issued by Patrick Seybold director of communication and social media for Sony, the reason for the disabling of the PSN network for over a week has been revealed: apparently, hackers succeeded hacking the PSN servers and stealing personal information about the users of the service.

In the announcement posted on the PlayStation’s blog, Seybold writes that Sony discovered that between April 17-19 an illegal and unauthorized hacking was performed to its network. The moment the hack was discovered, Sony disabled the network and since then, the PSN has been down.

Sony estimates that a lot of personal information was stolen from their servers. The information includes logging details (email and password), address, date of birth and full name. in addition, details such as purchasing history, billing address, credit card and security question for the service are also in danger, but Sony haven’t reached a final conclusion whether these details were stolen or not.

In addition, Sony warn that a certain risk exists that credit cards through which purchases on the PSN store were conducted were stolen, and recommend customers examine their charge details, and if necessary turn to their credit cards’ fraud division.

The biggest concern due to such a hacking is the abuse of these details, that can be used by hackers to hack PSN users email accounts (if they use the same password on their email and Sony’s network) and from there hack Facebook, PayPal and other accounts.

Due to this hacking, Sony’s PSN network has been disabled for over a week. This means that PS3 and PSP console users cannot participate in mass online games, make purchases on the virtual store and use other network service.

Sony are working hard these days to strengthen their security grid massively and estimate it will be back online in about a week. It’s not clear why Sony didn’t reveal this critical information immediately and if the company know personal details were stolen off of its servers days before its released the information.

If you have a PSN account and are concerned about the hack, here are a number of actions to take in order to be secure:

1. Changing passwords – if you’re using the same password in different network services, you should quickly change it. generally you want to use a different password for each service your register to. Change your email password immediately and then your password to financial services such as PayPal.

2. Change your security question – similarly to changing your password, make sure you change your security question to the services you registered to.

3. Watch your credit card – fortunately, credit card companies have fraud prevention call centers that succeed in tracking in advance and preventing theft. If your credit card number has been stolen, it is more than likely that your credit card will track it long before financial damage is done. Be available in case your credit card company tries to contact you. It is also recommended to sign up to a text messaging service that alerts you for every purchase made through your credit card online.






Read the Anonymous' letter here for more information.
Read more »

Anonymous Hacker broke into wind turbine systems

4/27/2011 07:01:00 PM | Written by Shichemt Älen | 0 comments


Claiming revenge for an "illegitimate firing," someone has posted screenshots and other data, apparently showing that he was able to break a 200 megawat wind turbine system owned by NextEra Energy Resources, a subsidiary of Florida Power & Light.

The data was posted to the Full Disclossure security mailing list Saturday anonymously, by someone using the name "Bgr R." In the post, he (or she) wrote, "Here comes my revenge for illegitimate firing from Florida Power & Light Company... ain't nothing you can do with it, since your electricity is turned off !!!"

In an e-mail interview, Bgr R said he's a former employee who discovered a vulnerability in the company's Cisco security management software that he then used to hack into the SCADA (supervisory control and data acquisition) systems used to control the turbines. His motive was to embarrass the company, he said. "I want people to know about them and how they really work on SCADA security," he said.

It's not clear whether or not the posting is a hoax, or if any systems have been affected, but the screen shots of the Wind Turbine management interface looked legitimate, said Wesley McGrew, an industrial systems security researcher with McGrew Security. "My best guess is that it's legit, and this guy will probably be picked up pretty quick if it's really a disgruntled employee," he said in an instant message interview. "The whole thing looks like just a grab bag of stuff he had access to."

"If it's all a hoax, it's really well done," he said.

On the other hand, there are some big question marks, McGrew said. In his interview with IDG News, Bigr R didn't say much about how he broke into the SCADA systems themselves and he didn't demonstrate much insider knowledge of Florida Power & Light (FPL) systems. At one point he mistyped the FPL acronym.

Bigr R posted screen shots apparently showing that he had access to management systems at the 136-turbine Fort Sumner wind farm, located about 170 miles southeast of Alberquerque New Mexico. Depending on how the software was configured, he could have shut down the 200 megawatt facility or possibly even damaged hardware there, McGrew said.

Florida Power & Light (FPL) owns and operates the Fort Sumner turbines, but the power they generate is used by PNM, an Arizona utility company. The facility has been in use since October 2003.

PNM is not aware of any incidents affecting the company's Fort Sumner facility, said company spokeswoman Susan Sponar. She referred inquiries to FPL. FPL officials were not immediately able to comment on the matter.

The data posted by Bigr R show screenshots of the Wind Turbine's management interface -- Siemens-built software called WinCCC -- along wtih screenshots of an FTP server and a company project management system. There is also Web server header information and configuration data from a Cisco router, apparently hosted for the company by AT&T.

According to the router information, one of the company's passwords for the router was "cisco."

The security of industrial systems like this has come under scrutiny in the past year following the release of the Stuxnet computer worm, which is thought to have sabotaged systems used by Iran's nuclear program.

In this case, though, the hacker says he's a disgruntled insider. Insiders seeking revenge are responsible for about 10 percent to 15 percent of all industrial security computer incidents, said John Cusimano, director at the Security Incidents Organization. His company maintains a database of cyber-incidents documenting failures of computer systems used by SCADA systems.

"It's probably still up in the air as to whether this was a real threat or a hoax," Cusimano said.

Taken from: computerworld.com
Read more »

Infondlinux - Security Tools Script for Ubuntu

4/23/2011 09:21:00 PM | Written by Shichemt Älen | 0 comments


Infondlinux is a post configuration script for Ubuntu Linux. It installs useful security tools and Firefox Add-ons. Tools installed by script are listed at the beginning of source code.

** Download:
$ wget http://infondlinux.googlecode.com/svn/trunk/infondlinux.sh



** Install:
$ sudo infondlinux.sh



** Packages :
# Debian Packages
+ imagemagick
+ vim
+ less
+ gimp
+ build-essential
+ wipe
+ xchat
+ pidgin
+ vlc
+ nautilus-open-terminal
+ nmap
+ zenmap
+ sun-java6-plugin et jre et jdk
+ bluefish
+ flash-plugin-nonfree
+ aircrack-ng
+ wireshark
+ ruby
+ ascii
+ webhttrack
+ socat
+ nasm
+ w3af
+ subversion
+ wireshark
+ mercurial
+ libopenssl-ruby
+ ruby-gnome2
+ traceroute
+ filezilla
+ gnupg
+ rubygems
+ php5
+ libapache2-mod-php5
+ mysql-server
+ php5-mysql
+ phpmyadmin
+ extract
+ p0f
+ spikeproxy
+ ettercap
+ dsniff :
+ arpspoof - Send out unrequested (and possibly forged) arp replies.
+ dnsspoof - forge replies to arbitrary DNS address / pointer queries on the Local Area Network.
+ dsniff - password sniffer for several protocols.
+ filesnarf - saves selected files sniffed from NFS traffic.
+ macof - flood the local network with random MAC addresses.
+ mailsnarf - sniffs mail on the LAN and stores it in mbox format.
+ msgsnarf - record selected messages from different Instant Messengers.
+ sshmitm - SSH monkey-in-the-middle. proxies and sniffs SSH traffic.
+ sshow - SSH traffic analyser.
+ tcpkill - kills specified in-progress TCP connections.
+ tcpnice - slow down specified TCP connections via “active” traffic shaping.
+ urlsnarf - output selected URLs sniffed from HTTP traffic in CLF.
+ webmitm - HTTP / HTTPS monkey-in-the-middle. transparently proxies.
+ webspy - sends URLs sniffed from a client to your local browser
+ unrar
+ torsocks
+ secure-delete
+ nautilus-gksu
+ sqlmap
+ john the ripper

* Third Party Packages
+ tor
+ tor-geoipdb
+ virtualbox 4.0
+ google-chrome-stable

* Manually Downloaded Softwares and Version
+ DirBuster (1.0RC1)
+ truecrypt (7.0a)
+ metasploit framework (3.6)
+ webscarab (latest)
+ burp suite (1.3.03)
+ parosproxy (3.2.13)
+ jmeter (2.4)
+ rips (0.35)
+ origami-pdf (latest)
+ pdfid.py (0.0.11)
+ pdf-parser.pym (0.3.7)
+ fierce (latest)
+ wifite (latest)
+ pyloris (3.2)
+ skipfish (1.86 beta)
+ hydra (6.2)
+ Maltego (3.0)
+ set
+ volatilty (1.3 beta)

* HomeMade Scripts
+ hextoasm
+ md5crack.py (written by Corbiero)
+ chartoascii.py
+ asciitochar.py
+ rsa.py

* Firefox Extensions
+ livehttpheaders
+ firebug
+ tamperdata
+ noscript
+ flashblock
+ flashgot
+ foxyproxy
+ certificatepatrol
+ chickenfoot 1.0.7
Read more »

Mozilla Firefox 6.0a1 is available for download!

4/23/2011 06:28:00 PM | Written by Shichemt Älen | 0 comments


I just checked the top daily news on Firefox website and i saw that Mozilla Firefox. It was like "wth?" the 4th edition just out in March 22th 2011, and it's a month ago for its release and we see that Mozilla just launched the 1st alpha edition of 6th version of Firefox. It's so good to see a company like it launch every week or every 15 days surprises us with a new edition! They said in October 2010, Firefox 4 will be inaugurated And we know that the 4th edition was too late and making suspense to their users and fans.

So here is Download Link for Mozilla Firefox 6.0a1 and 5.0a2 (from Softpedia)
Read more »

FoxTab - Firefox 3D Tab Switcher Add-on

4/22/2011 09:05:00 PM | Written by Shichemt Älen | 0 comments


A good add-on available for Mozilla Firefox, tested on 3.6.* and 4 platform,
This add-on is a tab switcher and it looks like Windows Tab Switcher (available in Windows Vista/Seven), but this edition is available to Mozilla Firefox which is a browser not an operation system and this is how it qualified.

This is a video made by me on My YouTube Channel:
Read more »

Use Tor Proxy with Firefox and Google Chrome Tutorial

4/16/2011 02:05:00 PM | Written by Shichemt Älen | 0 comments


Quick Info about Tor: Tor is a system intended to enable online anonymity, composed of client software and a network of servers which can hide information about users' locations and other factors which might identify them. Use of this system makes it more difficult to trace internet traffic to the user, including visits to Web sites, online posts, instant messages, and other communication forms. It is intended to protect users' personal freedom, privacy, and ability to conduct confidential business, by keeping their internet activities from being monitored. In March 2011 The Tor Project was awarded the Free Software Foundation's 2010 Award for Projects of Social Benefit on the following grounds: "Using free software, Tor has enabled roughly 36 million people around the world to experience freedom of access and expression on the Internet while keeping them in control of their privacy and anonymity.

This video below will show you how to use Tor Browser with no extension or add-on needed, just all configuration is manually.
Read more »

Fade Inactive Windows to Transparent

4/15/2011 07:05:00 PM | Written by Shichemt Älen | 0 comments

E. really liked a setting in the Linux XFCE desktop that gave inactive windows a dimmed, translucent look. With the power of AutoHotkey, he created a small script that offers the same powers on Windows desktops. It's all yours, too, if you'd like the same look.

You'll need to install AutoHotkey to use this script, but once you do, you simply double-click the .ahk file to launch the utility. It plants a small icon in your system tray to allow for exiting, as well as controlling the level of transparency and the time delay for considering a window "inactive."

Fade to Black is a free download from, well, our Dropbox stash (temporarily). It was written by Lifehacker reader David E.—if you have any fixes to the script, or, better still, a self-contained executable to offer, let us know in the comments.


Written by Kevin Purdy

Read more »
Subscribe to: Posts (Atom)
© 2011 Life Like A Geek | Designed by Noct