n|u –The Open Security Community

Trivandrum Chapter

Security Bytes – July 2013

By

Pranav (sh3rl0ck@null.co.in)

1

“Edward Snowden files” has blueprint of NSA surveillance programs

• Edward Snowden has enough information to cause more damage to the US government in a minute alone than anyone else has ever had in the history of the United States, but he has insisted that they not be mage public, including the blue prints of NSA surveillance program. Glenn Greenwald, the Guardian Journalist , who was the first to report this, says Snowden has an "instruction manual for how the NSA built"

2

And got nominated for Nobel Prize !!!

• Edward Snowden has helped to make the world a little

better and safer. A Swedish professor of sociology has

nominated NSA whistle-blower Edward Snowden for the

2014 Nobel Price.

• In his letter to the Nobel Committee, Sociology Professor

Stefan Svallfors recommended Snowden, for his "heroic

effort at a great personal cost" shedding light on the

expansive cyber spying conducted by the NSA.

3

New Anonimizing Tool - Tortilla

• Tortilla provides a secure,

anonymous means of routing

TCP and DNS traffic through

Tor regardless of client

software and without the

need for a VPN or secure

tunnel.

4

New Anonimizing Tool - Tortilla

• Redeems the bad aspects of Tor

• No additional hardware or VM to support SOCKS proxy

• Unveiling at ‘Black Hat’ Las Vegas in two weeks

• Releasing as Open Source Tool

5

Signal Booster into Mobile Hacking Machine

• A group of hackers from Security

firm iSEC tapped into Verizon

wireless cell phones using a signal-

boosting devices made by

Samsung to Verizon and cost about

$250.

6

• The network Extender turns into miniature cell phone tower.

• Fits inside a backpack.

• Capable of capturing and intercepting calls, texts and data

• Declined to disclose how they modified the software.

• Plans to give demos in various hacking cons this year.

7

Signal Booster into Mobile Hacking Machine

True Caller Hacked by Syrian Electronic Army

• True Caller, a popular app, the

world's largest collaborative

phone directory compromised

by Syrian Electronic Army

hackers.

8

• Was running an outdated Version of WordPress(3.5.1)

• Contains millions of access codes of Facebook, Twitter, Linkedin, Gmail

accounts.

• Hackers downloaded 7 databases of 450GB in size.

• True Caller website still under maintenance.

• Stop Using such Apps which harvest our data and violates our privacy.

9

True Caller Hacked by Syrian Electronic Army

Anonymous hackers expose U.S FEMA contractors

• Anonymous hackers broken into Federal

Emergency Management Agency(FEMA)

servers and leaked the database includes

names, addresses and other information of

FEMA contractors, federal agents and local

authorities.

10

• In their message anonymous said " This is a message to FEMA, to various world

governments and to their complicit corporate lackeys as to the 2.5 regular

people who use the internet and have found that their right to privacy has

been utterly destroyed"

• They stated : “This leak is dedicated to our fallen comrades, allies and those

who fight for the same causes as us. For Jeremy Hammond, for weev, for

Edward Snowden, for everyone who has risked and continues to risk their

freedom for their belief in a world free from constant, invasive surveillance.”

11

Anonymous hackers expose U.S FEMA contractors

Hacking Google Glass with Malicious QR code

• Researchers at mobile security firm Lookout discovered

a security flaw in Google Glass which allowed them to

capture data without user's Knowledge, when the user

merely took a photo that captured a malicious QR code.

• The problem was that Google could be told to execute a

QR code without the user having to give permission.

Because of Glass's limited user interface. Google set up

the device's camera to automatically process any QR

code in a photograph. 12

13

Hacking Google Glass with Malicious QR code

Tango website hacked by Syrian Electronic Army

• Syrian Electronic Army hacked into Tango.me and compromised more than 1.5 TB

Daily backup of the servers.The databases is reportedly contains more than millions

of the Application users phone numbers and contacts and their emails.

• "Sorry @TangoMe, We needed your database too, thank you for it! http://tango.me

#SEA #SyrianElectronicArmy" The tweet posted by Syrian Electronic Army.

• The Hackers breached the Tango.me with same method- The outdated Wordpress

CMS allowed them to gain unauthorized access to the database server.

14

E-Hack 2013

• E-HACK, will be the largest ever workshop

on Information Security on 27-28th July .

• You’ll be on The Indian Book of Records,

The Asian Book of Records and The

Guinness Book of World Records

• Workshop

• Capturing The Flag(CTF)

15

Sources :

• www.thehackernews.com

• www.ehackingnews.com

• www.news.cnet.com/security/

16

17