Thursday, 28 October 2010

IJJI.com Hacked.

Update - it seems like IJJI.com has been hacked about 4 times now, each by different groups. As of this update it directs to DXT gaming (http://dxtgaming.com/) All I can say is iJJi is getting owned pretty hard, you would think that they would have some sort of protection for such a sophisticated gaming network but instead they've left themselves vulnerable to many attacks. Let's hope the sites DB or any personal information wasn't extracted. Just goes to show not every site is safe from attack.

Had to post about this one. IJJI was hacked. Little information is out on who did it except that the website redirects to (
http://pastebin.com/raw.php?i=L3L0963Z) and quoted "Owned by n0ths hacker group." Video below to prove it was real. (may still be processing)

video

Some are saying it was an ex-webmaster but nothing has been confirmed atm. Either way props to the group and hopefully this will be a lesson to Ijji to fix up their security.

Sunday, 4 July 2010

YouTube Gets Exploited.

Updated #2 - I've heard reports that Tinkode came out with the 0day exploit. Props to him for an pretty awesome find. Many of you will recognize TinKode if you read his security blog or have seen him around at HF.

Updated: All comments have been hidden whilst YouTube fixes the situation. Maybe now would be the time for them to sanitize inputs?

YouTube was bombarded with spam today after a code was released which allowed HTML to be posted in comments. This was advanced on and led to customisable javascript alerts and full page "ads" as well as complete page redirects now. See images below and check out YouTube whilst it's still not been fixed.




Friday, 11 June 2010

Taking Back Hacker.

I thought it was about time I wrote this up. This post is in response to Omniscient's post regarding Taking Back Hacker.

"I am sick of hearing how the term "hacker" means you're a criminal. I'd like to start a serious campaign to spread the message that hackers are people that are computer enthusiasts using computers in unorthodox and creative ways. Hackers are people that think outside the box. Hackers learn to manipulate code, hardware, and software.

I think the time has come to undo the damage the media has done to the good name of hackers by slurring the term on the airwaves and damaging reputations everywhere.

Any good website will give multiple meanings for the term hacker. It was originally not intended to be criminals that use computers to commit crime. But now this is the public perception and it hurts all of us. I don't see why I can't be a proud hacker and have to hide it amongst friends as if it's something shameful. "

This is my part in this campaign if you will. Firstly, I think the term hacking has been almost criminalised by the media. Nearly all of the time when hackers or any sort of hacking is mentioned in the media it is in a negative view. The rare times that it's shown in a good light, it's not very beneficial to the world, so most just dismiss it. This only shows one side of the story and shouldn't act as a reference to the whole idea of a hacker. Hacking can be viewed in different ways, but firstly we must understand that they're are different types of hackers.

  • White Hat Hackers.
These are the good guys. White Hat hackers are the angels of the computing world. They are people who use unorthodox and uncommon ways of protecting computers. Whilst most do not dabble in any sort of blackhat activity, many are skilled in (and some are ex blackhats) and have vast knowledge of how blackhats operate and the techniques they use. They can then use this knowledge to come up with a defence of their own.
  • Grey Hat Hackers.
Grey hat hackers are in the middle. They have knowledge of both black hat and white hat activities, however they can go either way. Some decide to protect themselves by using blackhat techniques against their attackers (eye for an eye mentality.) whilst others just choose to go either way whenever they feel like it. It really depends on the person.
  • Black Hat Hackers.
Black hat hackers exist simply to cause damage or do anything to get their own way. They will not give a second thought about causing damage or breaking into a system for their own needs.

So as you can see, there are many aspects to hacking then you originally think. The aim of hacking is not always to cause damage, but instead it can be used for various thing - protection, to gain more knowledge and even for fun and creativity.

As we have advanced into a new age, a new generation must arise. This is no different in the hacking community. Over the past few years (and even from the start in some cases) a new generation of so called hackers has arisen. The hacking community refers to these as script kiddies. Script kiddies (or skiddies.) are people who use tools created by legitimate hackers without having any idea what they do. A good example of this was David Lennon who used Avalanche - a mail bomber to email bomb his employer, which crashed the email servers (source.) Script kiddies often have no understanding of how things work, sometimes even leeching other's work without credit. Then we move onto the hackers who think they are actually hackers because they use tools like RATs or hostbooters. I think I speak for the rest of the community when I say that they do not represent us as a whole. They have tarnished the name of hackers just because they can pay someone to set up a botnet for them and enter some simple commands.

If you've ever seen Hackers Wanted it sums up how I feel about this. The movie makes some good points, and some I agree with strongly. Society is based around conformity, you all answer to a higher authority - whether it be a boss, parent or even God. You all answer to someone. You all have some sort of job, go to school and conform in some sort of way. So when someone like a hacker breaks that conformity, society isn't going to accept it nicely. As long as someone who breaks that conformity exists, society will always have someone to blame - and why's that? Because they're different. You wouldn't blame them if they followed your way. However, what most people fail to realise is that if you don't dare to break the current boundaries, you can't ever expect to advance. Your just stuck inside your box, living the same way.

So the next time you decide to label a hacker, have a think. Some of them are the reason your living the way you are right now.