The Edge of I-Hacked

from SecuriTeam Blogs

Ever wondered what name is behind some obscure gmail address? Maybe your preferred gmail address was taken and you’re wondering who took it?
Here’s a cute vulnerability in the gmail system that comes from the strong tie-ins between gmail, the google calendar and all the other services.

How to do it:

- Go to the ’share this calendar’ tab

- Enter the email address in the ‘person’ box

- Click ‘add person’ and ’save’

- When you return to this screen you will see the first and last name along with the gmail address

Screenshots at the site

from Episode114 - PaulDotCom Security Weekly

Wow, all kinds of fun stuff here. The first thing it does is setup a database, which is where all of our results will be stored. Next, it loads modules to put up a captive portal for the user and collect all user cookies. It does this in an ingenious way, it actually tells the browser to connect to a list of popular web sites (which can be modified, do a “show options” once metasploit loads after running evilap.sh to see where to edit the files). Once the browser connects to the web sites, metasploit logs all of the requests and cookies to the database.

I just finished testing this with my eee. Let me tell you, it is EVIL. Check it out, you wont be sorry.

from arstechnica.com

A ZDNet reader tipped the site to the fact that Apple has finally filed suit against Psystar in the US District Court for the Northern District of California. The lawsuit accuses Psystar of violating Apples licenses and trademarks, as well as copyright infringement. While the lawsuit comes as no surprise, the fact that Apple waited to file suit until July 3 to sue Psystar is. Strangely enough, a copy of the complaint is not yet available on PACER, although there’s no indication that it’s under seal.

from TorrentFreak

A German court has ruled that Internet users operating a WiFi router are not responsible if others use their equipment to infringe copyright on P2P networks. The news is likely to be seen as yet another blow for lawyers Davenport Lyons who have been insisting that German law decisions would be mirrored in the UK.

from PodcastersMeetup.com

Well, this year marks the first annual DEFCON Podcaster’s Meetup, and we will be doing it in STYLE. For those of you who made it out to the second annual Podcaster’s Meetup at ShmooCon, we ran into some hitches like sound, but as we grow, so do the problems. Let me start off by telling you some sweet news. We are nailing down time in a SkyBox So we will have plenty of room, piece and quite for recording, and a nice view over the con, plus NO WALKING TO THE PARTY. We will have it right there in the box

To Podcasters,
I need to know as soon as possible how many already are set to go, those intending on getting set up and those who can’t make it. Also, if the idea of getting in free pushes you over the ‘going’ edge, we may be able to work that as well. Also, on that note, please forward this, like a Microshaft chain letter to any other podcasters that may be going, give them my email address so we can start a dialog and work out any kinks in their plans.

To Potential Sponsors,
I have included you in this email because I want you to understand the possibilities of this event. It will be at DEFCON 16. The most well known security / hacker conference. If you want to send fliers, stickers, drinks, money, or prizes, we can work out the details. We will be recording and broadcasting a live show from DEFCON which usually brings in 100 local and up to 500 remote viewers. It is then rebroadcast on which ever podcasters or vidcasters distribution that wants to and that could range from 10,000 to 1 million potential viewers.

As information is updated and confirmations come in, I will be updating the collaboration site: http://www.podcastersmeetup.com/ . Feel free to post or forward this information on to who every you like.

If you would like an account in order to broadcast your presence at the event, please signup and I will upgrade your user level.

For those who may not know: DEFCON 16: August 8-10, 2008

Thank you for your time, and I look forward to hearing from you,
Rob Fuller, a.k.a. Mubix

I-Hacked will be the host for the Podcaster’s meetup, and will be throwing a party later that night.. Any and all are invited. Those I-hacked readers that find us might get something special.

from SC Magazine US

The SQL injection attack this week on the Sony PlayStation website is a high-profile example of what continues to be a rampant number of legitimate websites falling victims to insecure coding, researchers said on Wednesday.

In the case of the PlayStation site, hackers were able to insert a tiny sliver of malicious JavaScript into some of the pages, Graham Cluley, senior technology consultant at anti-virus firm Sophos, told SCMagazineUS.com.

The result was that visitors to the compromised pages on Tuesday were assaulted with pop-up advertisements hawking anti-virus software that does not work, he said.

from Popular Mechanics

In the world of IT security, it must seem that the villains outnumber the heroes—but there are some good-guy celebrities in the world of cyber security. In my years of reporting on the subject, I’ve often heard the National Security Agency’s red team referred to with a sense of breathless awe by security pros. These guys are purported to be just about the stealthiest, most skilled firewall-crackers in the game. Recently, I called up the secretive government agency and asked if it could offer up a top red teamer for an interview, and, surprisingly, the answer came back, “Yes.”

What are red teams, you ask? They’re sort of like the special forces units of the security industry—highly skilled teams that clients pay to break into the clients’ own networks. These guys find the security flaws so they can be patched before someone with more nefarious plans sneaks in. The NSA has made plenty of news in the past few years for warrantless wiretapping and massive data-mining enterprises of questionable legality, but one of the agency’s primary functions is the protection of the military’s secure computer networks, and that’s where the red team comes in.

In exchange for the interview, I agreed not to publish my source’s name. When I asked what I should call him, the best option I was offered was: “An official within the National Security Agency’s Vulnerability Analysis and Operations Group.” So I’m just going to call him OWNSAVAOG for short. And I’ll try not to reveal any identifying details about the man whom I interviewed, except to say that his disciplined, military demeanor shares little in common with the popular conception of the flippant geek-for-hire familiar to all too many movie fans (Dr. McKittrick in WarGames) and code geeks (n00b script-kiddie h4×0r in leetspeak).

So what exactly does the NSA’s red team actually do? They provide “adversarial network services to the rest of the DOD,” says OWNSAVAOG. That means that “customers” from the many branches of the Pentagon invite OWNSAVAOG and his crew to act like our country’s shadowy enemies (from the living-in-his-mother’s-basement code tinkerer to a “well-funded hacker who has time and money to invest in the effort”), attempting to slip in unannounced and gain unauthorized access.

These guys must conduct their work without doing damage to or otherwise compromising the security of the networks they are tasked to analyze—that means no denial-of-service attacks, malicious Trojans or viruses. “The first rule,” says OWNSAVAOG, “is ‘do no harm.’?” So the majority of their work consists of probing their customers’ networks, gaining user-level access and demonstrating just how compromised the network can be. Sometimes, the red team will leave an innocuous file on a secure part of a customer’s network as a calling card, as if to say, “This is your friendly NSA red team. We danced past the comical precautionary measures you call security hours ago. This file isn’t doing anything, but if we were anywhere near as evil as the hackers we’re simulating, it might just be deleting the very government secrets you were supposed to be protecting. Have a nice day!”
assive data-mining enterprises of questionable legality, but one of the agency’s primary functions is the protection of the military’s secure computer networks, and that’s where the red team comes in.

from lifehacker.com

No matter how easy Linux distributions make it for newcomers to install and use a free, open-source operating system, nearly everyone has at least one program that only works in Windows. Wine, a free Windows compatibility tool for Linux and other Intel-based systems, aims to make those programs run without too much cross-system trickery. If you can’t get around needing to open true Microsoft Office files, Adobe Photoshop, or your addictive game of choice on your Linux desktop, Wine is for you. With Wine’s stable 1.0 version just released, it’s a good time to check out this quietly awesome app. Let’s get a few Windows applications running in Linux.

This is a great rundown of installing/configuring wine

from Jaunted

American Airlines will test its in-flight WiFi system tomorrow on a round-trip between JFK and LAX. We’re hearing that wireless for the rest of American’s 15-plane 767-200 fleet is ready to go. In other words, if this test is a success, they’ll flip the “on” switch.

The carrier is using Aircell technology that’ll be available under the Gogo brand name. Pricing will be what the company announced in March: $13 for longer flights, $10 for shorter flights. On Wednesday, though, access will be free.

Currently the only other in-air wireless is from JetBlue, which only has limited internet access on one plane, BetaBlue. Virgin America is slated to start up Aircell WiFi sometime this year, too.

Quote Surbo: “Wifi on a plane? Gives new meaning to Air-pwn”

download at Remote-Exploit.org

Backtrack is a live “Slax” distrobution full of almost every hacker/security tool out there… Download and start crackin.