Sandisks World�s First 200Gb microSD Card Arrives

There isn't any troll in the title. The "World's Largest microSD" card sized at 200GB is now officially available for purchasing from Amazon and number of retailers.

Order a Sandisk's new high-capacity microSD card from Amazon now. However, the only issue is that it is not exactly very cheap. You will have to pay Around $240 to Buy one.

Sandisk's World's First 200GB MicroSD Card :-

Back in March when Sandisk first announced the world's first 200GB microSD card, it was expected to be priced at around $400. However, $240 has been marked as the price for the highest-capacity microSD card available in the market.

Sandisk's 200GB microSD card, or Ultra microSDXC UHS-I card, offers a transfer speed of up to 90MB per second, which is double the speed provided by its 128GB counterpart.

Transfer Speed: 1200 Photos Per Minute

The company claims that the speed will allow you to transfer up to 1,200 photos in just a single minute. The card is something of great use for photographers and filmmakers who need more storage capacity to store high-resolution photographs and videos.

Moreover, Sandisk's 200GB MicroSD card comes packaged with an SD adapter and a 10-year limited warranty.

Furthermore, the 200GB MicroSD card is waterproof, shockproof, temperature proof, magnet proof and X-ray proof to deal with any possibility of destruction.

However, if you can not spent this much for 200GB of storage space, there always remains an option for you to buy a 128GB MicroSD card that still provides you plenty of space and costs as much as $80

Read more...

Hacking WordPress Website with Just a Single Comment !

Most of the time, we have reported about WordPress vulnerabilities involving vulnerable plugins, but this time a Finnish security researcher has discovered a critical zero-day vulnerability in the core engine of the WordPress content management system.

The vulnerability, found by Jouko Pynn�nen of Finland-based security firm Klikki Oy, is a Cross-Site Scripting (XSS) flaw buried deep into the WordPress� comments system.

The vulnerability affects the WordPress versions 3.9.3, 4.1.1, 4.1.2, and the latest WordPress version 4.2.

Pynn�nen disclosed the details of the zero-day flaw, along with a video and a proof-of-concept code for an exploit of the bug, on his blog post on Sunday before the WordPress team could manage to release a patch.

Why the researcher made the 0-Day Public?

A similar cross-site-scripting (XSS) vulnerability was patched this week by WordPress developers, which was nearly 14 months after the bug was reported to the team.

Due to fear of delay in fixing this hole, Pynn�nen went public with the details of critical zero-day vulnerability in WordPress 4.2 and below, so that the users of the popular content management system could be warned beforehand.

Moreover, Pynnonen reported the vulnerability to the WordPress team but they "refused all communication attempts" he made since November 2014.

The exploitation of the 0-Day vulnerability:

The vulnerability allows a hacker to inject malicious JavaScript code into the comments section that appears at the bottom of Millions of WordPress blogs or article posts worldwide. However, this action should be blocked under ordinary circumstances.

This could allow hackers to change passwords, add new administrators, or take other actions that could only be performed by the legitimate administrator of the website. This is what we call a cross-site scripting attack.

Pynnonen described the 0-day flaw as below:

"If triggered by a logged-in administrator, under default settings the attacker can leverage the vulnerability to execute arbitrary code on the server via the plugin and theme editors,"Pynn�nen wrote in a blog post published Sunday evening.
"Alternatively the attacker could change the administrator's password, create new administrator accounts, or do whatever else the currently logged-in administrator can do on the target system."

How the 0-Day exploit works?

The zero-day exploit provided by the researcher works by posting a simple JavaScript code as a comment and then adding as long as 66,000 characters or over 64 KB in size.

When the comment is processed by someone with WordPress admin rights to the website, the malicious code will be executed without giving any indication to the admin.

By default, WordPress does not automatically publish a user's comment to a post until and unless the user has been approved by the administrator of the site.

Hackers can bypass this limitation by fooling the administrator with their benign first comment, which once approved would enable any further malicious comments from that person to be automatically approved and published to the same post.

WordPress patches the 0-Day flaw:

In order to fix the security hole, administrators should upgrade their CMS to Wordpress 4.2.1, which was released few hours ago.

"This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately," the WordPress team said of the latest version.

WordPress version 4.2.1 reportedly fixes the zero-day vulnerability reported by Pynnonen. So if you own a WordPress website, make sure that you run an updated version of the CMS with all the plugins up-to-date.

Stay connected!!

Read more...

15-Year-Old Admits Hacking NASA Computers

A 15-year-old computer hacker caused a 21-day shutdown of NASA computers that support the international space station, and invaded a Pentagon weapons computer system to intercept 3,300 e-mails, steal passwords and cruise around like an employee.

The boy, known on the Internet as �c0mrade,� pleaded guilty today to juvenile delinquency in a sealed federal case.

Six Months in Jail

He became the first young hacker to be incarcerated for computer crimes, the Justice Department in Washington said in a summary.

He will serve six months in a state detention facility.

�Breaking into someone else�s property, whether it�s a robbery or a computer intrusion, is a serious crime,� said Attorney General Janet Reno. The prosecution �shows that we take computer intrusion seriously and are working with our law enforcement agencies to aggressively fight this problem.�

Chris Rouland, who monitors computer attacks for Internet Security Systems Inc. in Atlanta, said the unusual part of the case was that the boy was caught, not that he got where he did.

The boy�s identity was withheld because he�s a juvenile.

Stole Software, E-Mails

Now 16, he admitted accessing 13 computers at the Marshall Space Flight Center in Huntsville, Ala., for two days in June 1999 and downloading $1.7 million worth of NASA proprietary software that supports the space station�s environment, including temperature and humidity.

NASA responded by shutting down the computers for 21 days to determine the extent of the attack at a cost of $41,000 in contractor labor and replaced equipment.

In August and October 1999, c0mrade entered the computer network run by the Defense Threat Reduction Agency, whose mission is to reduce the threat from nuclear, biological, chemical, conventional and special weapons to the United States.

By entering through a router in Dulles, Va., and installing a back door for access, he intercepted DTRA e-mail, 19 user names and passwords of employees, including 10 on military computers.

The criminal case and plea bargain have been in the works for about six months, said a source familiar with the case.

If prosecuted as an adult, he would have been charged with wiretapping and computer abuse violations.

As part of his sentence, the boy must write letters of apology to the secretary of defense and the NASA administrator.

�The charges do not necessarily denote the actual threat to national security,� said Russ Cooper of ICSA.net, a Reston, Va.-based network security provider. He believes the NASA computer shutdown was time spent determining whether the intruder left anything behind that could harm the system.

Gov�t Computer Scares Common?

But Cooper also believes that kind of shutdown is more common than federal agencies acknowledge.

�I would suspect that that type of delay is occurring very, very regularly,� he said. �It�s quite likely that companies and government agencies, et cetera are scared into thinking that they might have been compromised.�

The case reflects growing technical sophistication among hackers, who found 10 new ways to break into computers in 1996 but now invade at the rate of 100 a month, Rouland said. He rates government security at a D in terms of school grades.

�This is a great bellwether as to the state of security where juveniles can traipse across computer systems with little or no fear� of being caught, he said.

COmment below If u like the posts-

Read more...

China Using A Powerful 'Great Cannon' Weapon to Censor The Internet

China has something very impressive that we are not aware of. The country has a powerful and previously unknown weapon that its government is using to bolster their cyber attack capabilities:

Dubbed "The Great Cannon."

INTERNET CENSORSHIP IN CHINA

When I talk about Internet censorship, it is incomplete if I don't mention China. China is famous for its Great Wall of China and Great Firewall of China. The censoring of Internet access and blocking an individual website in China by its government, known as the Great Firewall of China.

But, why the Chinese government does that? The answer is very simple:

The Chinese government restricts those contents it deems sensitive for its country's so-called democracy. It illegalize certain online speech and activities, block selected websites, and filter keywords out of searches initiated from computers located in Mainland China.

The worse:

Those Chinese citizens who offend authorities against Internet censorship in the country can also face judicial consequences.

GITHUB HIT BY MASSIVE DDoS ATTACK

Now:

The same thing I mentioned above China did few days ago to Github by launching a massivedistributed denial of service (DDoS) attack.

Github is a popular source code hosting website used by programmers to collaborate on software development.

The massive DDoS attacks, that intermittently shut down GitHub for more than 5 days, specifically targeted two popular Github projects �

• GreatFire.org � Anti-censorship tool, hosted on GitHub, used to help Chinese citizens circumvent The Great Firewall Of China.
• CN-NYTimes � A group on Github that hosts New York Times mirrors to allow Chinese netizens access to the news website, which is normally blocked in China.

But, how did the Chinese manage to produce DDoS attacks of so much strength and Bandwidth?

Yes, the answer is the "Great Cannon" (GC). Chinese government is now using a new cyber weapon in an effort to silence not only its citizens, but critics around the world, according to the latest report released by Citizen Lab.

THE GREAT CANNON � A NEW POWERFUL WEAPON

What's the Great Cannon?

The Great Cannon is a special cyber attack tool essentially capable of hijacking Internet traffic at the national level and then direct that traffic at targeted networks the attackers want to knock offline, sending back spyware or malware, or using the target to flood another website with traffic.

It is believed that Github's attackers used the Great Cannon as a DDoS attack tool to redirect the Internet traffic of visitors to Chinese search engine giant 'Baidu' or any website that used Baidu�s extensive Advertisement network in order to cripple the popular code-sharing website.

In simple words:

Those visiting a Baidu-affiliated website from anywhere in the world were vulnerable to getting their Internet traffic hijacked by the attackers, which could then be turned into a weapon to flood anti-censorship websites, like GitHub, with too much of junk traffic.

Let�s have a look on how the Great Cannon was deployed in the GitHub and GreatFire.org attacks:

HOW THE GREAT CANNON WORKS?

The Great Cannon works by intercepting data which is sent between two nodes and then redirecting the data to a third one. This powerful cyber weapon seems to leverage an analytic script, which is commonly distributed by the Chinese search engine Baidu.

Now:

Generally this script is not malicious, but according to Citizen Lab, the Cannon's creators tampered with the script code a little bit in order to redirect the user to Github, instead of sending a data packet, thus flooding the target website with traffic from unsuspecting users.

The weapon is also capable of producing a full-fledged man-in-the-middle (MITM) attack, so it could also be used to intercept unencrypted emails.

It makes me remind of:

QUANTUM � an NSA's similar weapon that was capable to redirect victims to fake websites containing malware served through unencrypted sites using Man in the middle attacks to a spoofed server, which can respond faster than the real one that is placed somewhere on the Internet backbone.

These secret Internet backbone nodes, which the National Security Agency, dubbed Quantum nodes.

What's more:

This new move by Chinese government could signal a trouble in China's online behavior � Shifting from the passive censorship of the Great Firewall of China to the active censorship by readily attacking foreign websites with the Great Cannon.

Cyber attacks originating in China are not at all surprising. But...

..."the operational deployment of the Great Cannon represents a significant escalation in state-level information control: the normalization of widespread use of a [cyber] attack tool to enforce censorship by weaponizing users," the security researchers from the University of Toronto and University of California wrote in a report published Friday.

MEASURES TO MITIGATE THE GREAT CANNON

According to the researchers, the Great Cannon weapon used by Chinese authorities could be neutralized to a great extent if the websites communicate over encrypted HTTPS connections.

Why? The reason:

Those websites whose communications are end-to-end encrypted is difficult to modify for an attacker sitting in between the sender & the receiver, unless and until those websites are not loading files or resources via unencrypted i.e. non-HTTPS connections.

Read more...

Hacker Who Stole Money From Bill Gates Arrested in Philippines 2015

What if you get into the bank account of the World�s most richest person?

 Maybe it could be difficult for you as well as I. But not for this guy�

Konstantin Simeonov Kavrakov, a Bulgarian hacker, who hacked into the ATM and stole thousands of dollars from the bank account of Microsoft mogul Bill Gates with fake ATM cards arrested in Philippines, according to the Philippine National Police.

The 31-year-old man was arrested red-handed by the Philippine National Police while he was withdrawing cash from an ATM using fake cards.

He had stolen tens of thousands of dollars from many victims by hacking into the automated teller machines (ATMs).

In 2011, Kavrakov got arrested and was jailed in Paraguay for hacking into the Bill Gates' account in The Philippines' densely-populated Quezon City and stealing thousands of dollars. Since then Kavrakov was on the hit list of many countries police.

During the arrest, the police recovered seven cloned credit cards, nine PPS Bank Quezon Avenue ATM branch receipts, and P76,570 (US$1715) in hand.

The assorted credit cards include a Citi Visa, Eastwest Bank Vice, Citibank MasterCard, Standard Chartered MasterCard, Citibank Visa, Citi MasterCard and a blank Gold card.

The arrest took place in a joint operation of the Presidential Anti-Organized Crime Commission (PAOCC) and Philippine National Police�s Criminal Investigation and Detection Group (CIDG).

The police believe that Kavrakov is the head of an International network of cloning bank cards, which was actively working in United States and European countries from last 10 to 12 years.

Kavrakov was under surveillance operations, Operation Jugador ('Gambler'), by the authorities that target foreign carders and online gamblers.

!!!!!!

Read more...

White House computers hacked by Russians 2015

Russian hackers penetrated a White House computer system and were able to eyeball sensitive information � including details of President Obama�s schedule that were supposed to be secret, a new report said Tuesday.

The hackers were believed to be the same ones who cracked into computers at the State Department in recent months, CNN reported.

White House sources said the hackers had not accessed any classified information � but that other information considered �sensitive� was breached, including Obama�s schedule.

The FBI, Secret Service and US intelligence agencies are all investigating the embarrassing breakdown in cyber security, which they say was among the most sophisticated attacks ever launched against the US government, the network reported.?

A top Obama aide insisted the president�s classified computer system was secure � but acknowledged weaknesses in its unclassified system.

�There�s always vulnerability,� said adviser Ben Rhodes.

But he would not confirm exactly what nonclassified data was swiped or identify the Russians as the culprits.

And a spokesman for the National Security Council downplayed the revelation.

�This report is not referring to a new incident � it is speculating on the attribution of the activity of concern on the unclassified EOP network that the White House disclosed last year,� NSC rep Mark Stroh told The Post.

�We took immediate measures to evaluate and mitigate the activity.�

The White House acknowledged in October that it detected suspicious activity on its unclassified network while assessing possible cyber threats.

The network said the hackers targeted sensitive information � such as real-time details of the president�s schedule.

Such information is not classified but is still highly sensitive and prized by foreign intelligence agencies, sources said.

To get to the White House, the hackers first broke into the State Department�s computers � and may still be able to gain access at State despite beefed-up security efforts.

Reports about the State Department and White House hacks also come as former Secretary of State Hillary Clinton is in hot water over her use of a private e-mail server in her Westchester home to conduct official government business.

Read more...

ETHICAL HACKING CEH TEST SERIES 2015 UPDATED

CEH [Certified Ethical Hacking] TEST ORGANISED BY ETHICAL HACKING TRICKS

Free TEST for our Dear, Hacking Lovers..

I want Your More and more responce on this test

Must invite your friends to check their knowledge about

hacking specially ETHICAL HACKING

And after Doing this exam Comment your Result!!

Toppers must be selected For other exams and also a big 

REWARD   For all our Best Resulters

Click Here To Start Your Test-  START TEST

Thanks!!

� Ethical Hacking Tricks 2015

Read more...

How Hackers Could Delete Any YouTube Video With Just One Click!

A security researcher has discovered a simple but critical vulnerability in Google-owned YouTube that could be exploited by anyone to knock down the whole business of the popular video sharing website.

Ethical Hacking News

Kamil Hismatullin, a Russian security bod, found a simple logical vulnerability that allowed him to delete any video from YouTube in one shot.

While looking for Cross-Site Scripting (XSS) or Cross-Site Request Forgery (CSRF) flaws in YouTube Creator Studio, Hismatullin came across a simple logical bug that could wipe up any video by just sending an identity number of any video in a post request against any session token.

The bug was simple but critical as it could be exploited by an attacker to fool YouTube easily into deleting any video on its system.

"I've fought the urge to [delete] Bieber's channel," Hismatullin wrote in his blog post. "Luckily no Bieber videos were harmed."

Citing the consequences of the issue, Hismatullin said "this vulnerability could create utter havoc in a matter of minutes in [attackers'] hands who could extort people or [just] disrupt YouTube by deleting massive amounts of videos in a very short period of time."

The researcher reported the bug to Google, and the search engine giant fixed the issue within several hours. Hismatullin won $5,000 cash reward from Google for finding and reporting the critical issue and an extra $1337 under the company�s pre-emptive vulnerability payment scheme.

Over a month ago, a similar bug was reported in Facebook's own systems that could have exploited by attackers to delete any photo from anyone�s Facebook account. However, the social networking giant fixed the relatively simple issue.

Read more...

Minecraft hacked! More than 1800 Minecraft account Credentials Leaked

Ethical Hacking News 2015 

A sad reality for gamers all around the world who enjoy playing the very popular game Minecraft on their PCs. If you are one of them, you'll want to pay attention here.

Ethical Hacking News

A plain text file containing over 1,800 Minecraft account usernames and passwords has just been leaked online, German media reports. The details available in the leak has been posted to Pastebin, which would allow anyone to log into a legitimate user's account in order to play online and download the full version of the game to their own computers.

However, the more serious implication of the leaked credentials would be for those affected users who had used the same username and password combination for other online services, like shopping site, banking site, email service or for any social networking site.

Minecraft is an incredibly popular online game bought by Microsoft just few months back for $2.5 billion. The game has more than 100 million registered accounts for its PC version alone, and 1800 leaked accounts is just a fraction of the overall Minecraft population. This means its an extremely minor breach.

However, the problem could be serious for both Minecraft�s developer Mojang and its parent company Microsoft if the leaked player data turns out to be just the beginning of the data breach.

Microsoft�s Xbox Live gaming service has regularly been a target for hackers. On Christmas day, Microsoft�s Xbox Live service knocked offline by hackers group, Lizard squad, who launched Distributed Denial of Service (DDoS) attack against the gaming network. Sony�s Playstation was also targeted by the group at the same time. And now another gaming brand of Microsoft is under attack.

So far, there's no clue as to where the credentials obtained, or if the leak itself is a herald to a much larger attack targeted at Minecraft.

"There�s no guarantee that whoever gained access to them hasn't got a whole lot more in their back pocket which they haven�t chosen to release to the rest of the world," wrote Graham Cluley.

"There is no mention of the security breach on Minecraft�s homepage, but my recommendation would be that if users have any concern that their accounts might be exposed to hackers that they should change their passwords immediately. It goes without saying that they should be particularly concerned if they are using the same password anywhere else on the web."

At the moment, both Microsoft and Minecraft have not publicly acknowledged the leak. Just to keep yourself safe, we strongly recommend you to change your passwords to your Minecraft�s account and others if you use the same as soon as possible.

MUST READ- Hackers leak 13,000 Passwords Of Amazon, Walmart and Brazzers Users

Copyright Ethical Hacking Tricks - 2015 - . All rights reserved.

Read more...