United Arab Emirate's site for security news, latest security blog posts, security podcasts, hardware hacks and security related links.

Sunday, December 28, 2008

Mod Ed iPhone.com - UAE Hackers' guide to everything iPhone

modediphone.com is our new website :) Looks like UAEHackers.com but is dedicated to the iPhone and modding it! Arabic guides will be added soon inshallah :) For now, give the site a visit and give us some feedback! It has all your iPhone news, links and rss feeds in one convenient place.

iphone at uaehackers dawt com!

http://www.modediphone.com/

Friday, December 26, 2008

Dubai Hacker , Dubai Sec.com and UAE Hacker.com are now our Domains :)

We have successfully acquired the following domains names:

- UAE Hackers .com
- UAE Hacker .com
- Dubai Hackers .com
- Dubai Hacker .com
- Dubai Con .com
- Dubai Sec .com
- UAE IT .com
- UAE WWW .com
- UAE GSM .com

We even have UAE RAK .com representing all the hackers from RAK (Ras Al Khaimah!)



Some of these domains already point to uaehackers.com while others are in the process of being ported :) DubaiHacker.com is an exception as it is a stand alone site that has nothing to do with security but rather the hacking involved is Life Hacking ;)

Thanks for all the loyal readers for supporting us so far and providing us with tips on stories and upcoming events in the UAE and the Middle East region :) Also, for supporting us by clicking our sponsors' ads.

If you are interested in buying any of the domains above, please let us know :) These domains are only sold to people who will provide them with a good home though :P

Saturday, December 13, 2008

Top 9 IT security threats for 2009

Threat #1 Malicious Insiders (Rising Threat)

Threat #2 Malware (Steady Threat)

Threat #3 Exploited Vulnerabilities (Weakening Threat)

Threat #4 Social Engineering (Rising Threat)

Threat #5 Careless Employees (Rising Threat)

Threat #6 Reduced Budgets (Rising Threat)

Threat #7 Remote Workers & Road Warriors (Steady Threat)

Threat #8 Unstable 3rd Party Providers (Rising Threat)

Threat #9 Downloaded Software Including Open Source and P2P files (Steady Threat)

More details here:
Top 9 IT security threats for 2009

Google's Browser Security Handbook

A comprehensive, 60-page document meant to provide web application developers and information security researchers with a one-stop reference to several hundred key security properties and sometimes counterintuitive quirks in contemporary web browsers:
To start reading the hand book, head to:
Browser Security Handbook landing page

Thursday, December 11, 2008

Pirates of the Amazon - A taste of things to come?



There is a new FireFox add-on that adds a "Download 4 Free" button to the Amazon.com website. This a new method for making content available to end users and continues the trend of making content available to consumers through ad supported websites and services rather than the consumers paying for the content.

These sites like Pirate Bay are ad supported. Similar ways of making content available through alternative channels to consumers include attacks on iTunes with dTunes and on the App Store with AppShare.

For more on this visit:
http://ipodtouched.net/index.php?p=1563

Another trend is media streaming of content on ad supported sites. Hulu.com and NinjaVideo.com are just two examples of sites that do exactly that. More sites can be found on ovguide.com.

We at uaehackers.com do not endorse any of these sites but rather we shed a light on their existence so our readers are not kept in the dark about such emerging trends :)

Sunday, December 7, 2008

What is the Best Anti-Virus (AV)?

We get asked this question all the time! If anyone knows that you are a nerd or that you have anything to do with IT or security, this is the question they are going to ask you first.

So how do you answer such a question? The short answer is simply: It depends!

The long answer is: It depends on what system you are running and a whole other factors such as the user's nerdiness level and many other factors.

If the person asking the question is a nerd, then the answer is easy: Check out the latest academic or industry papers on the subject:

Here is an industry paper on the subject:
http://arstechnica.com/journals/microsoft.ars/2008/12/04/av-comparatives-november-2008-report-only-nod32-worthy

Here is an academic paper on the subject:
http://scissec.scis.ecu.edu.au/conferences/viewabstract.php?id=70&cf=2

One thing to keep in mind is that you have to check AV software evaluations frequently. This is because what happens to be the best software today might not be the best in year or so. So you have to keep yourself up-to-date all the time.

Wednesday, November 12, 2008

(ISC)² SecureDubai Event - 4 December 2008

Date: 4 December 2008
Venue: Etisalat Academy, P.O.Box 99100, Dubai, United Arab Emirates
Time: 9:00am - 6:00 pm

Please join (ISC)² at their first ever, Secure Dubai event. You can earn 8 CPEs at this event if you are an (ISC)² Member in good standing. The focus of this 1-Day programme will be Emerging Threats.

This 1-Day conference will shed light on the most recent SCADA security incidents, available standards and SCADA security best practices. Attendees will be given insight into the risks and vulnerabilities of IP-enabled ATM's as well as their supportive
infrastructure with a focus on security best practices, configuration and operation of ATM architecture. Sessions will engage in emerging threats in the UAE, their impact on businesses and the users, Web 2.0 security, Botnets and their effect on our Web activity and the best ways of protecting ourselves against this phenomenon.

Don't miss "Hacking the Human" and keynote session by Lance Spitzner, President and CEO, HONEYTECH.

Hear from top IT security industry experts such as Omar Sherin, Analyst, Critical Infrastructure Protection, Q-Cert, Tareque Choudhury, Head of BCSG Practice, MEA, BT Global Services, Dimitris Petropoulos, Managing Director, ENCODE. The conference is
chaired by the (ISC)2 EMEA Managing Director, John Colley.

Seating Is Limited!

Register now to reserve your seat or visit the (ISC)² Website for more detailed information about the conference:

SecureDubai Event Details

NOTE: This conference is complimentary for all (ISC)² members. A 10% discount is also offered for ISSA/ISACA/ALIG members and an additional 10% discount is offered to RSA Attendees.

Sunday, November 9, 2008

The 50 Skills Every Geek Should Have - Gizmodo Australia

1. Install a hard drive in a laptop
2. Perform a clean OS install on a machine with two OSes
3. Swap out the battery on your iPod/iPhone
4. Jailbreak an iPhone
5. Wire your house for Ethernet and Coax cable
6. Use BitTorrent and RSS to automatically download new shows from trackers
7. Use an A/V receiver to its fullest capability (every port is taken)
8. Calibrate an HDTV without the manual
9. Use a DSLR in full manual mode
10. Hack the encryption and mooch your neighbour's Wi-Fi
11. Solder cleanly enough to get around a circuit board
12. Use your 3G phone as a Wi-Fi access point
13. Shove the guts of a modern game console into a retro game console
14. Design a webpage in HTML by hand that features a picture of your cat
15. Use Photoshop to imperceptibly doctor a photo
16. Abstain from buying extended warranties
17. Know where to buy cheap cables and accessories
18. Fix your parents' computer over the phone without looking at a computer
19. Enter the Konami code
20. Comment on Gizmodo from your phone
21. Type quickly using T9 texting
22. Program a universal remote
23. Contribute code to the Linux kernel
24. Hide porn from your significant other
25. Avoid DRM on everything
26. Know how to back up your data to networked storage—and actually do it
27. Watch TV shows on the internet for free
28. Edit together digital video ripped from YouTube
29. Play any SNES game on your computer through an emulator
30. Reset expired trial software by messing with the registry
31. Hackintosh your PC
32. Download pre-release movies from Usenet
33. Hack the Wii to play homebrew games
34. Get around web content filters on public computers
35. Get into a Windows computer if you forgot your password
36. Securely erase your data so it can't be recovered
37. Share a printer between a Mac and a PC on a network
38. Build a fighting robot
39. Write your own Firefox plugins
40. Navigate and reorganise the files on your computer in DOS
41. Get something on the front page of Digg
42. Get through to executive customer service
43. Rip a CD to V0 quality MP3s
44. Rip a DVD to DivX
45. Build your own computer from parts
46. Swap out the hard drive in your DVR for a bigger one
47. Get an NES cartridge working again by blowing in it
48. Calibrate a 7.1 surround-sound system
49. Play downloaded games on a Nintendo DS
50. Talk about things that aren't tech related


For the source and more information, visit:

Gizmodo Australia

Sunday, October 26, 2008

Gulfnews: UAE set to change domain name norm

Gulfnews: UAE set to change domain name norm:

"'In [the] third quarter of 2009, we will start implementing the Arabic domain names,' Mohammad Al Zarouni, chief technology officer at the .ae Domain Administration of the Telecommunications Regulatory Authority (TRA) told Gulf News.
He added that the UAE 'will very likely be the first country' worldwide where a complete non-English domain name would be available.
Internet Corporation for Assigned Names and Numbers (ICANN), a worldwide organisation responsible for internet management worldwide, is finalising the process of assigning languages to countries, according to Al Zarouni.'In [the] third quarter of 2009, we will start implementing the Arabic domain names,' Mohammad Al Zarouni, chief technology officer at the .ae Domain Administration of the Telecommunications Regulatory Authority (TRA) told Gulf News.
He added that the UAE 'will very likely be the first country' worldwide where a complete non-English domain name would be available.
Internet Corporation for Assigned Names and Numbers (ICANN), a worldwide organisation responsible for internet management worldwide, is finalising the process of assigning languages to countries, according to Al Zarouni."

The American University in Dubai organizes the 11th ISSAF Conference | AUD




The 11th Information Systems Security Assessment Framework (ISSAF) conference was held on Thursday, the 23rd of October, at The American University in Dubai (AUD) in the presence of the University's faculty and student bodies, along with prominent dignitaries and local and international company representatives from within the Information Technology sector.

For more information, please visit:
The American University in Dubai organizes the 11th ISSAF Conference | AUD

Or visit AUD at:
http://www.aud.edu/

Monday, October 20, 2008

VISIT GITEX TECHNOLOGY WEEK!




Visit the official website below:
GITEX TECHNOLOGY WEEK

Can't make it? Then follow GITEX on Gulf News:
http://www.gulfnews.com/indepth/gitex2008/index.html

The Launch of aeCERT Operations

aeCERT, shortly after gaining the official accreditation by the UAE Cabinet as the national Computer Emergency Response Team (CERT) under Direct number (89/5), has launched its operations on Monday 14th of July 2008. The launch was announced during a news conference that took place in Abu-Dhabi at the Emirates Palace Hotel.
Read more on this at the aeCERT Website:
http://www.aecert.ae/aecertoperations.html

You can visit the aeCERT stand in Gitex from October 19 - 23, 2008.

Tuesday, October 14, 2008

UPDATED 2012: Get an iTunes Account Without a Credit Card

Get an iTunes account username and password even if you are outside the Unied States, Canada, Australia and other iTunes countries! An iTunes account without a gift card or a credit card. Just follow the Step-by-step guide for getting an iTunes account for downloading Apple iPhone apps for free without needing a credit card. Nothing illegal here :)

So, you’ve got a shiny new iPhone or iPod touch, and you’d like to load all those shiny apps that everyone keeps talking about. But, oh noes! You don’t have a credit card, or the App you want isn’t available in your country’s store. Or, you’re sick of this week’s Free Single Of the Week. This guide will let you create a free account for any country the iTunes store runs in. Interested? Good, let’s continue!

1. First of all – select the iTunes store in which you’d like to have an account. You can use the store selector towards the bottom of the iTunes store homepage.
2. When the front page loads up for your desired country – go and click on the top app from the “Top Free App” section.
3. When the app page loads, hit the ‘Get App’ button.
4. The login prompt will appear – click on ‘Create New Account’
5. Click Continue, then tick the “I Accept” box, and click Continue again
6. Fill out your details on the next page (you’ll need a real, valid email address), and click continue
7. And now, here is where it gets interesting. If you have followed each of the previous steps, you should now have a ‘None’ option as a payment method. Select that :)
8. After that, fill out your details. If you don’t live in the country you’re creating the account in, make up an address. (Like say, for example, one of Apple’s Retail Store locations if they have some in that country. – http://apple.com/retail ), then click Continue
9. You will now see a message telling you to click on the confirmation link sent to the email you supplied earlier.
Then check your email inbox (or spam folder), open the email and click the confirmation link
10. iTunes will pop up, and here you’ll enter your brand new iTunes account data
11. If all goes to plan, you will be greeted with a congratulations page.
12. You’re done! You can now download free music (namely the ‘Free Single Of The Week’), as well as some free TV shows in some stores, and all the free apps that are available to you in the App Store

Now, I have iTunes accounts for Australia, the United Kingdom, the USA, and now Canada!

Wait… why couldn’t I just create an account without going to the app store first?
If you try and create an account straight from the log on box/when you purchase some music, you will be missing the ‘None’ option from Step 7.

Can I fill out my credit card details for another country’s store?
Not unless it was issued in the country that you’re trying to add it to – iTunes will verify the location of where the card was issued. So, for example, you couldn’t use an Australian Visa card in the United States store.

Hey, I have a question that isn’t answered here….
Just leave a comment below, and I’ll try and help where I can.
This was yet again a reader request :) Thank you again :)

LayerOne 2008 - David Hulton - Intercepting GSM Mobile Phones and Cracking GSM encryption A5/1

This talk is about GSM sniffing and GSM security. The presenter will explain the security, technology and protocols of a GSM network. He will also present a solution to build a GSM scanner for 900 USD. The second part of the talk reveals a practical solution to crack the GSM encryption A5/1. It is a long one! So take a break, make a trip to the fridge and come back to this :)



More on david and his company including information about the commercial product:
http://www.forbes.com/2008/02/21/cellular-spying-decryption-tech-security-cx_ag_0221cellular.html


Again, this was another request from one of our subscribers :) We do answer requests even if it takes a a while to do so! So, send us your suggestions, links, complaints, requests, questions, concerns, additions, corrections or any other input to:

contribute- at-uaehackers=.=com

FUN FACT:

David on his way this week to speak at the HITB Dubai conference about mobile phone security was stopped by British authorities at Heathrow Airport and questioned before being relieved of his Nokia phone, SIM card and USRP! Read more about it below:
http://blog.wired.com/27bstroke6/2008/04/gsm-researcher.html
More details here:
http://blog.thc.org/index.php?/archives/1-GSM-Researcher-stopped-at-Heathrow-Airport-by-UK-government-officials.html

How to hack through 23 (Telnet)

This was a special request submitted to us via the email... So, enjoy

Monday, October 13, 2008

Mobile phones can never be totally wiped clean of data

An interesting news article about the work of BT (formerly British Telecom), Glamorgan University, Australia’s Edith Cowan University and Sim Lifecycle Services where researchers recovered data from handsets from mobile phone recycling companies:

Mobile phones can never be totally wiped clean of data

To get more information on the research at Edith Cowan University and its upcoming conferences please visit:

http://www.secau.org/

and

http://conferences.scis.ecu.edu.au/

December 2008 Security Conferences World Wide

Here is a list on the security related conferences coming up this December (2008):
virtuallyinformed.com

Friday, October 10, 2008

العربية.نت" تحت قصف الهاكرز - Alarabiya.net Under Attack from Hackers

تعرض موقع العربية.نت مساء الخميس 9-10-2008 لهجوم من قبل مجموعة من المخترقين (الهاكرز) منعوا الوصول إلى صفحته الرئيسية ووضعوا بدلا منها تحذيرا اعتبر أن عملية الاختراق تأتي في إطار هجوم شيعي على ما اعتبرته مواقع سنية ردا على عملية اختراق مواقع شيعية، وأعلنت إدارة الموقع التحول إلى الموقع الرديف بشكل مؤقت وهو www.alarabiya.tv.





وقال نص التحذير الذي تركه الهاكرز على الصفحة باللغتين العربية والإنجليزية "تحذير هام.. إن استمرت الاختراقات على المواقع الشيعية من بعد هذا فلن يسلم أي موقع من مواقعكم وشبكاتكم" كما حمل صورة لعلم إسرائيلي محترق، وأسفل التحذير أورد المخترقون قائمة بأكثر من 100 مواقع إسلامي سنية قالوا إنها تم اختراقها من بينها موقع الشيخ الراحل عبد العزيز بن باز رئيس هيئة كبار العلماء بالمملكة العربية السعودية، ووضعوا على رأس هذه القائمة موقع العربية.نت.

وبعد نحو ساعات من عملية الاختراق قام الهاكرز بتغيير الصفحة التي تحمل تحذيرا بصفحة أخرى تحمل صورة لفهد مرقط وفي أسفلها أسماء مستعارة لمخترقين دون أن تحمل أية رسالة تحذيرية ودون أن تحمل طابعا دينيا.

الصورة الثانية كما ظهرت بعد ساعات من اختراق الموقع



It appears that the website itself was not hacked but rather the attack targeted the name servers and diverted the domain name to the hacker's own servers. It is also worth mentioning that the page was defaced twice within a few hours as shown in the images above. For more information go to:

http://www.alarabiya.tv/articles/2008/10/10/57975.html

Thursday, October 2, 2008

(ISC)² Cyber Exchange



Did you know that October is Cyber Security Awareness Month? In support of the month, (ISC)² have launched "Cyber Exchange" where you can download original cyber security awareness materials. (ISC)² Cyber Exchange Matterials include Posters, Power Point Presentations and Word and PDF Documents, and more... You can also rank the materials and add your own.

The free security awareness tools from around the world are designed to be used by any organization or individual that wishes to promote online safety at work or within their community. It can also serve as a support tool for private and public sector organizations required to meet cyber security awareness training requirements under directives such as the Federal Information Security Management Act (FISMA).

Saturday, September 27, 2008

ISAFE - 2008 Dubai

The conference will be held at the Sheraton Dubai Creek Hotel & Towers, Dubai, UAE on the 29th & 30th of October 2008.

The theme of the conference is Corporate Challenges in Information Governance.

The acronym I-SAFE (Information-Security, Audit & Assurance, Forensics and Emerging Technologies) represents various aspects of information Governance, to be covered in the conference.

Visit the conference website at:
ISAFE - 2008 Dubai

or:

http://www.isacauae.org/isacaorg/NoticeContent.aspx?code=42

The brochure (http://www.isacauae.org/isafe2008/ISACA-ISAFE-2008.pdf) contains all the relevant details and information on the conference.

Free practice exams for the CISSP, CISA, SSCP, GSEC- cccure.org

The older URL was http://www.cccure.org/quiz/quiz.php and it was moved to the new URL listed below:

Free practice exams for the CISSP, CISA, SSCP, GSEC- cccure.org - Bringing Education to the World.

Happy Times :P

CHANGE OF VENUE FOR CLEMENT'S DUBAI CISSP WORKSHOP

The workshop will now take place at the Capitol Hotel in Bur Dubai, the dates are the exact same, it will be from the 11th to the 16th October 2008.

For less information and more details about other OISSG Events in Dubai and the GCC Region please visit:
Certification Workshops - Open Information Systems Security Group.

Clement's http://www.cccure.org website is an excellent resource for CISSP Certification preparation.

Sunday, September 14, 2008

Massive ATM fraud in the Arabian Gulf Region

Banks across the United Arab Emirates are fighting to restore confidence in its banking system after hackers used counterfeit cards to withdraw funds from cash machines.

It's unclear how many customer accounts have hit by the attack much less how much money has been lost over the last three days, when the issue came to the fore. Local banks including Citibank, HSBC, Lloyds TSB, National Bank of Abu Dhabi and Emirates NBD have all issued statements.


More information and links at:
The Register.co.uk

Samurai Web Testing Framework - The Metasploit (Live Disk) of Web Security

The Samurai Web Testing Framework is a live linux environment that has been pre-configured to function as a web pen-testing environment. The CD contains the best of the open source and free tools that focus on testing and attacking websites. In developing this environment, we have based our tool selection on the tools we use in our security practice. We have included the tools used in all four steps of a web pen-test.

Starting with reconnaissance, we have included tools such as the Fierce domain scanner and Maltego. For mapping, we have included tools such WebScarab and ratproxy. We then chose tools for discovery. These would include w3af and burp. For exploitation, the final stage, we included BeEF, AJAXShell and much more. This CD also includes a pre-configured wiki, set up to be the central information store during your pen-test.


For more information read:
Samurai Web Testing Framework

visit the official website here:

http://samurai.intelguardians.com/

Thursday, September 11, 2008

Apple announces iPhone firmware 2.1 availability | iPhonefreak

It is supposed to fix some of the security problems with 2.0.x and provide better battery life. For more information visit:

Apple announces iPhone firmware 2.1 availability

Tuesday, September 9, 2008

Exploit Chrome and make people run your EXEs




A flaw in Apple Safari (WebKit) combined with a Java bug tricks users into launching executables from the new browser. Get more information from the link below:

Chrome - Vulnerabilities on First Day

More info and PoC from the author:

http://aviv.raffon.net/

Thursday, August 28, 2008

Hacking Online Accounts Through Password Reminders

If you ever forgot your password for your online account like MSN or yahoo or facebook, you almost always have the option of clicking on the 'Forgot your password' option below the user name and password text boxes.

What many people don't realize it this option can be also used to hack into your account and reset your password. So be careful what information you provide people with on internet sites such as facebook. A pet's name for example is one of them. To learn more about this issue you can read the article below:

‘Forgot your password?’ may be weakest link

Friday, August 15, 2008

Why you shouldn't hardware SIM unlock your iPhone 3G!

The baseband chip in the iPhone 3G is:
designed around SIM-based hardware hacks, and so any attempt at them must use fake identifiers. This information is said to "leak" into cellular networks, generating errors.


Therefore, these errors are stored in the operator's network and might be considered as tampering with the mobile phone network.

In countries like Germany, as a result, a person could allegedly face up to three years in prison, and in the US, it may fall under legislation designed to combat terrorism.


For more information, follow the link:

Wednesday, May 21, 2008

GSM Hacking on the Cheap!

It is not new, but it is now done cheaply ;) and very fast:

BlackHat GSM Hacking Presentation

Keynote videos from HITBSecConf2008 - Dubai released

Be warned, the videos are in MOV format and they are HUGE! Enjoy, if you didn't make it there already!

Keynote videos from HITBSecConf2008

Wednesday, April 30, 2008

Wednesday, April 23, 2008

Hack Your Laptop with Sleeves, Skins, Stickers and a Custom Paintjob!

My favourite is iToppers Custom which allows you to send in your own design or photo and they send you a sticker which you can stick to the top of your Mac laptop.

visit the link below for more pictures of laptop skins sleeves, and stickers:
http://www.smashingmagazine.com/2008/03/17/laptop-sleeves-skins-and-stickers/

For a more extreme overhaul of your Mac laptop, why not custom paint it? Look at this website for example of Colorware Pc's custom colored Macbook Air:
http://www.colorwarepc.com/p-126-macbook-air.aspx

Sunday, March 16, 2008

McAfee Avert Labs Mass Hack Demo

This is huge. In the matter of days more than 200,000 sites were effected by these mass hacks. Some with JS while others with ASP! Some of the attacks were on the popular phpBB. Even Trend Micro fell victim to the web hack!

Here is a video demo:


March 2008 - Mass Hack Demo from Schmooog on Vimeo.


For More information please visit:
Computer Security Research - McAfee Avert Labs Blog

RFID Cloning Hack Opens 2 Billion Doors!

The hack attacks the weak encryption in the MiFare Classic, an RFID chip manufactured by NXP Semiconductors. All you need is a laptop, a scanner and a few minutes to decrypt the key to an RFID door lock and create a duplicate card to open it at will! Read More below:

RFID hack could crack open 2 billion smart cards

I know you guys like videos so here you go :) This is a demo of a similar attack:



Here Bruce's take on this:
http://www.schneier.com/blog/archives/2008/03/london_tube_sma.html

News video of a similar hack:

Windows hacking through Firewire

The hack was first demonstrated in Sydney in 2006 but the code was only made available lately.

The hack involves the following:
Python Exploit Code + Access to a Windows Machine via Firewire = Ownage of the Windows machine! See the video below for a demonstration:



Hi-Res video can be found on youtube:
http://www.youtube.com/watch?v=5N-C5s_07Ts&fmt=18

Still don't get it? Then visit:
http://storm.net.nz/projects/16

For an interview with the coder (Adam Boileau) please visit:
http://www.itradio.com.au/security/

Tuesday, March 4, 2008

MAKE: Hack-a-Day Style Projects

The MAKE Blog teaches you how to build things over the weekend or hack your existing devices.

Monday, March 3, 2008

RAM Freezing and Recovery of Encryption Keys

If you don't already know about this then watch the youtube video:



Then visit the page below and read the paper:

Lest We Remember: Cold Boot Attacks on Encryption Keys

Read about the people who are considering this hack to be over hyped:

http://searchsecurity.techtarget.com.au/topics/article.asp?DocID=6101214

and finally read Microsoft's take on this:

http://www.channelregister.co.uk/2008/02/27/bitlocker_hack_prevention/

Gulfnews: Middle East websites are more vulnerable

Gulfnews: Middle East websites are more vulnerable to web virus threats and botnets.

Are your FTP accounts Hacked? New FTP hacking toolkit spreads on black market

It is true and varified by Finjan, a security company whcih announced that it uncovered a database containing more than 8,700 harvested FTP account credentials, including usernames, passwords and server addresses! Find out more about this here.

Wednesday, February 20, 2008

MegaSecurity.org

MegaSecurity.org




Somebody asked me for this, so there you go! It is a website containing information about Trojan horse programs.

Monday, February 18, 2008

Max: Hacking in Good Fun :)

This guy hacks outdoors just for fun! Here's an example: He is hacking an LCD screen at a trainstation using a Nokia N95 :)



and in this one, he is hacking trafic signs:




Visit http://www.infosupport.nl/Max for more videos!

Saturday, January 26, 2008

Top Web Based Hacks of 2007

Jeremiah Grossman: Top Ten Web Hacks of 2007 (Official)

Web Hacks of 2007:

Top Ten
XSS Vulnerabilities in Common Shockwave Flash Files
Universal XSS in Adobe’s Acrobat Reader Plugin
Firefox’s JAR: Protocol issues
Cross-Site Printing (Printer Spamming)
Hiding JS in Valid Images
Firefoxurl URI Handler Flaw
Anti-DNS Pinning ( DNS Rebinding )
Google GMail E-mail Hijack Technique
PDF XSS Can Compromise Your Machine
Port Scan without JavaScript

Honorable Mention:
Microsoft ASP.NET Request Validation Bypass Vulnerability (POC)

The rest of the top web hacks:

Cross-Site Printing (Printer Spamming)Stealing Pictures with PicasaHScan ReduxISO-8895-1 Vulnerable in Firefox to Null InjectionMITM attack to overwrite addons in FirefoxMicrosoft ASP.NET Request Validation Bypass Vulnerability (POC)Non-Alpha-Non-Digit 3Steal History without JavaScriptPure Java™, Pure Evil™ PopupsGoogle Adsense CSRF holeThere’s an OAK TREE in my blog!?!?!BK for Mayor of Oak Tree ViewGoogle Docs puts Google Users at RiskAll Your Google Docs are Belong To US…Java Applets and DNS RebindingScanning internal Lan with PHP remote file opening.Firefox File Handling WoesFirefoxurl URI Handler FlawBugs in the Browser: Firefox’s DATA URL Scheme VulnerabilityMultiviews Apache, Accept Requests and free listingOptimizing the number of requests in blind SQL injectionBursting Performances in Blind SQL Injection - Take 2 (Bandwidth)Port Scan without JavaScriptFavorites Gone WildCross-Browser Proxy UnmaskingSpoofing Firefox protected objectsInjecting the script tag into XMLLogin Detection without JavaScriptAnti-DNS Pinning ( DNS Rebinding ) : Online Demonstration Username Enumeration Timing Attacks (Sensepost)Google GMail E-mail Hijack TechniqueRecursive Request DoSExaggerating Timing Attack Results Via GET FloodingInitiating Probes Against Servers Via Other ServersEffects of DNS Rebinding On IE’s Trust ZonesPaper on Hacking Intranets Using Websites (Not Web Browsers)More Port Scanning - This Time in FlashHTTP Response Splitting and Data: URI scheme in FirefoxRes:// Protocol Local File EnumerationRes Timing AttackIE6.0 Protocol GuessingIE 7 and Firefox Browsers Digest Authentication Request SplittingHacking Intranets Via Brute ForceHiding JS in Valid ImagesInternet Archiver Port ScannerNoisy Decloaking MethodsCode Execution Through Filenames in UploadsCross Domain Basic Auth Phishing TacticsAdditional Image Bypass on WindowsDetecting users via Authenticated RedirectsPassing Malicious PHP Through getimagesize()Turn Any Page Into A Greasemonkey PopupEnumerate Windows Users In JSAnti-DNS Pinning ( DNS Rebinding ) + Socket in FLASHIframe HTTP PingRead Firefox Settings (PoC)Stealing Mouse Clicks for Banner Fraud(Non-Persistent) Untraceable XSS AttacksInter Protocol ExploitationDetecting Default Browser in IEBypass port blocking in Firefox, Opera and Konqueror.LocalRodeo DetectionImage Names Gone BadIE Sends Local Addresses in Referer HeaderPDF XSS Can Compromise Your MachineUniversal XSS in Adobe’s Acrobat Reader PluginFirefox Popup Blocker Allows Reading Arbitrary Local FilesIE7.0 Detectoroverwriting cookies on other people’s domains in Firefox. Embeding SVG That Contains XSS Using Base64 Encoding in FirefoxFirefox Header Redirection JavaScript ExecutionMore URI Stuff… (IE’s Resouce URI)Hacking without 0days: Drive-by JavaGoogle Urchin password theft madnessUsername Enumeration VulnerabilitiesClient-side SQL Injection AttacksContent-Disposition HackingFlash Cookie Object TrackingJava JAR Attacks and FeaturesSevere XSS in Google and Others due to the JAR protocol issuesWeb Mayhem: Firefox’s JAR: Protocol issues (bugzilla)0DAY: QuickTime pwns FirefoxExploiting Second Life

السعودية تصدر قانونا جديدا لمكافحة جرائم المعلوماتية

أصدرت وزارة الداخلية السعودية اليوم قانونا جديدا لمكافحة جرائم المعلوماتية التي تشمل التهديد والإبتزاز والتشهير بالآخرين في مواقع الإنترنت وانشاء مواقع الإنترنت الإرهابية. النظام الجديد يشمل 16 مادة تتضمن عقوبات صارمة ضد مرتكبي هذه الجرائم تتراوح بين سنة و10 سنوات سجنا وغرامات مالية تصل الى خمسة ملايين ريال سعودي.

For More details visit the link below:

السعودية تصدر السعودية تصدر قانونا جديدا لمكافحة جرائم المعلوماتية

Tuesday, January 8, 2008

Secur Middle East - 18-19 February 2008 - JW Marriott, Dubai, UAE.



Marcus Evans presents the inaugural Secur Middle East Congress. CISSPs earn up to 12 CPEs at the event which will focus on: "Implementing a successful, proactive approach against information security breaches".

It features a 2-Day conference coupled with a major IT security-specific exhibition. (ISC)2 members receive a 15% discount off the conference price.

Specific sessions include:

Feb 18
Session 1: Securing Wireless Technology
Session 2: Identification & Authentication
Session 3: Hacking & Threats Counter Measures
Feb 19
Session 1: Enterprise Security Architecture
Session 2: Network Security for Corporate Defence
Session 3: Information Security


For more information, visit the Secur Middle East Website.

NEWS FEEDS:

SecurityStreet:

PandaLabs Blog

Webroot Threat Blog

Daily Infosec News

HITBSecNews

Naked Security - Sophos

Taddong

Zone-H.org News

CGISecurity

ArsTechnica:

HACK A DAY

Help Net Sec

The Spanner

Middle East Technology News

Selil Blog

HACKING IN THE NEWS

Special Defacements

The Certified Geek

DoS Files ≈ Packet Storm

E Hacking News

Banned in UAE:

The following websites are blocked by ISPs in UAE.

News ≈ Packet Storm

DARKNET

MySecured.com

Copyright © 2008-2009 UAE Hackers.com .
All rights reserved.