Turkish hacking group defaces UPS, TheRegister, Acer, Telegraph, Vodafone
04/09/2011 Written by Kevin Fernandez (Siegfried)
At the time of writing these websites are still defaced, with a black page written “TurkguvenLigi” and “4 Sept. We TurkGuvenligi declare this day as World Hackers Day - Have fun ;) h4ck y0u”.
Zone-H banned by some Indian ISPs: some workarounds
20/07/2011 Written by Kevin Fernandez (Siegfried)
As some of you probably know, Zone-H has been banned from some indian ISPs following the E2-labs scandals and a lawsuit from E2labs and Zaki Qureshey in an indian court, who claimed our documents and articles were defamatory (great joke!).
Zone-H was unable to defend itself as we didn’t receive any notification from the court. What is even funnier (scarier?), is that bloggernews.net has also been banned… for writing about the case!
New attack vector in DDoS observed
19/05/2011 Written by minor
This article is a result of the common research of Jakub Alimov from the Seznam.cz and minor from Zone-h.org. If you have anything to say about this, write to comments [a} zone-h{dot]org. The topic was presented at the SPI conference in Brno/CZ.
While protecting the users from receiving a huge amount of the unsolicited bulk mail, a new attacking scenario against the DNS servers was observed. The scenario involves sending the spam messages to the SMTP services with a big bandwidth. Since such services are mostly the free email services such as Google, Yahoo, Hotmail, etc, they are the main candidates to be a “white horse”. But because of the SMTP definition, all the SMTP services have to behave on the same way, therefore they are also potential candidates.
The old "new" Japanese scams
16/03/2011 Written by Boris Mutina (minor.float)
Dear friends, in these days we all turned our minds to Japan, to the Japanese people, some of them are our friends, or some of our friends live in Japan.
We would like to express the condolences to the families which lost their family members. We are deeply concerned about the injuries and losses caused by the earthquake set, tsunami flooding and the nuclear catastrophe.
Nevertheless, we have to express also our anger. We already recorded first set of the scam emails asking the unaware users to donate for the charity, but as usual the money will never come to the victims. The scam scenario is very similar to other scams using donating over PayPal, WU, Moneygram etc…
Another form of the scam is the Facebook clickjacking/likejacking scam with the sick title “Japans Tsunami Sends whale Smashing Into A Building” or similar. While the people are hot for the news from Japan, this and similar scams serve to the viral spreading of the link, some of them also deliver an unsolicited ads. Already many security companies informed about this issue (for example Sophos reported it here).
Such scam websites are also trying to trick the users into entering their data into the fake surveys…
Defacements Statistics 2010: Almost 1,5 million websites defaced, what's happening?
06/01/2011 Written by Marcelo Almeida (Vympel), Boris Mutina (Minor)
Last year the Zone-H archived a sad record number, we archived 1.419.203 websites defacements.
Why and how this is happening?
If you are looking at on the stats, the things remain the same: file inclusion, sql injection, webdav attacks and shares misconfiguration are still at the top ranks of the attack methods used by the defacers to gain first access into the server. As an important factor influencing the stats we consider the fact that last year brought a very high number of the local linux kernel exploits.
Since many years ago, Linux became the most used OS for webservers and of course the preferred target for the defacers. Last year we archived 1.126.987 attacks against websites running on the Linux systems. The most used exploit by the defacers is the CVE-2010 – 3301,
that was fixed in 2007 and was mysteriously reintroduced in 2008, in a large pile of kernel versions x86_64.
But should be the out-of-date Linux server the only reason of this huge amount of defacements?
Yes and no.