Posted on Saturday, 22nd May 2010 by ProtectedNET
Google Celebrates Pac-Man 30th Anniversary and puts a pacman game in the index page.
A lovely old-school game!
Posted in General | Comments (0)
Posted on Tuesday, 23rd February 2010 by ProtectedNET
Hey ;]
I found another c&c server with stolen passwords’ files there (more than 4K file).
Email addresses ,paypal accounts, twitter accounts, facebook accounts, etc etc.
So i have good news and bad news.
I will start with the bad news.
The bad news is the hacker may have downloaded it.
Good news is ,the logs are deleted, your data are no longer online.
Here is some twitter accounts compromised:
zEro_Goalla
vitinho_abranches@hotmail.com
hns.kenzie@yahoo.com
guido.scinto@gmail.com
mcnicnicz
awsomo3000@gmail.com
ThGomez
crazylizard42@yahoo.com
dinolords
cyclonemarine
Dude57823@gmail.com
Cross117@live.com
rennop
samdheeraj
kidshinex
spencyspazzic
mikeluies
locke.eramus@gmail.com
nicky10107@yahoo.com
nickfritsch@ymail.com
nmccouch@gmail.com
number1wwe
dylanstep@gmail.com
mrbrandnew12
davidwartenbe@gmail.com
trupacupa21
twitt4muslims
ThaEmoKid
crazycat542
R_eynolds
Infrantage2
marcisriekstins
travislowe@myway.com
Leusel7
luislisandro
desman197@yahoo.com
DJBAD
kennethwinder
Hii_iM_Bass
computerwhack
jeremy111
denisacoolgirlz@gmail.com
realhaxor
Happyweirdos@hotmail.com
krentz_unico@hotmail.com
ralph_lakers08@yahoo.com
http://twitter.com
skybox0404@aim.com
SecertAgentMan
ben.39@hotmail.co.uk
RsDeveloper
dsijancarlo
snowcatsh
noilldillon
preet2445@hotmail.com
darriusdavis@gmail.com
genspenst@gmail.com
f.sommerhoff@gmx.de
nevermindzx@gmail.com
hello2331995@hotmail.com
callumseven
brokenAngelx520
pcemptysoulz
scootboyle@gmail.com
NONSTOPMAFIA@HOTMAIL.COM
Destroy782
billdubwu
benjammin17
benjammin17
Midnightfoxkovu
PCCoolKid
shamahaja
mumbles08
halo8089
diablo9333
mimi_sheshe_bbs@hotmail.com
Adam.4994@live.com
cranK2k
cgkingrobert@gmail.com
robscast@gmail.com
youngavz@yahoo.com
I got thousands of email addresses.
Lets hope the cracker didn’t do much damage.
Stay safe.
-0xAli
Tags: email, facebook, hack, password, server, twitter
Posted in News | Comments (1)
Posted on Sunday, 14th February 2010 by ProtectedNET
Hello gang.
So here is what happened briefly
I made a new facebook honeypot account.
Left it with default privacy settings (only friends can see email address)
Joined a random group.
I get added by two accounts:
Lee Colin (No avatar, it has a few twin/duplicate accounts, all the same)
So it sounds usual, right?
Yeah except it added the email as msn :D
//did you notice i say it? :P
So zacharyshealy42[@]hotmail.com adds me.
“zacharyshealy42h[@]hotmail.com – Is chilling at home!! so tired..”
It never starts talking unless you do.
As every bot it recognizes a word and act upon it.
It never answers immediately.
It doesn’t write, It never shows the “xx is writing or so”.
Here is a convo.
AM
Anyway the bit.ly link redirects to http://www.freelocalcams.com/?cid=19047
The character name there is jenny so yeah.
The site is SFW, no nudity (just some pics) and no javascript and other scripts or anything.
Just a frame
[http://securejoinsite.com/join.php?act=el3030.19047&siteid=elx_vadultd&iframe=y&ud_xSiteID=19047&ud_xSiteName=elx_msafer&ud_xSiteTemp=CU&ud_IP=41.23x.xxx.xx&ud_refUrl=&tnum=12&ci_j2_ccn=c1&ci_j2_ccn_key=ffa4a33d122f820afd68b2670dce96d3&ci_max_width=450]
Like i’d trust securejoinsite.com cuz it says so :P
So yeah another facebook smart bot but now talking on MSN too!
Peace
-0xAli
Posted in Social-Media | Comments (1)
Posted on Wednesday, 3rd February 2010 by ProtectedNET
Whenever i see something like this i think:
What?
Who?
Why?
How?
Bullseye?
_____________
Yeah, someone got somehow enough privilege to make 50K twitter accounts follow him.
Here is a snapshot of the google
_____________
Who?
Good question.
I believe the attacker is the account owner @THCx and the owner of http://thcx.org/.
He also have the adsense public id of 6526580082060981, google can get his [G]email from the id pub-6526580082060981 which is in his adsense [ads] in the blog.
(And Google analytics id “UA-7485327-24″ aswell)
It’s maybe bogrrrrrrrrrrrr56[@t]gmail.com
Ask google or ask the chinese :D
Contact info of some domains:
Mark Walhberg
6456845456555
Whatever Yo 13-37
Leet, 31337
FR
Obviously not the most accurate info.
IP: 91.121.221.37 Roubaix, France
ISP: Ovh Systems
Hosted sites on the same IP:
dehe.com (Creation date: 17 Dec 2004)
dupedb.com (Creation date: 15 Jul 2009)
forums.dupedb.com (Creation date: 15 Jul 2009)
ks305660.kimsufi.com (Creation date: 19 Sep 2006)
mininova-alternative.com (Creation date: 26 Nov 2009)
thcx.org (Creation date: 27 Jan 2010)
tracker.dupedb.com (Creation date: 15 Jul 2009)
twitterx.org (Creation Date: 26 Jan 2010)
vps504.dehe.com (Creation date: 17 Dec 2004)
www.dupedb.com (Creation date: 15 Jul 2009)
Domains purchased from eNom.
_____________
Why?
Money.
It’s the most simple equation of “making money online”.
Blog [domain+hosting]+content+traffic = Money.
He made a mistake which is using adsense, why? simply becuase google will close the account before he even knows it.
They got good ways of detected blackhat/spam/bad traffic.
Also he will have to wait to get the check from google so good luck waiting a month or more.
_____________
How?
Neither twitter nor the attacker have spoken so it’s all a theory.
He definitely didn’t hack twitter.
And it can’t be a phishing attack, not that number in couple of days.
So it’s the weakest link, a third party application which had access to those people’s accounts privilege via twitter API.
So he hacked one (people have mentioned TweetMeme and NutshellMail being the one, noone is sure tho).
Then made the other accounts follow him.
If you find yourself have followed @THCx please post what applications have access to your account.
_____________
Bullseye?
Yes sure, he got the traffic and advertising he wanted.
http://search.twitter.com/search?q=thcx.org&rpp=100
Thousands of retweets ,i think they are automated too.
So he only needed access to the 3rd party app and then the money would flow into his pocket (in a perfect world :D).
_____________
So he registers on twitter, bought a domain in January 26, 2010 hosted it (twitterx.org), with the help of magic he gets 20K followers and 0 tweets.
About the blog twitterx.org the default post-install is Posted @ 6:55 AM on January 26, 2010.
The blog was about twitter only (tools&tips etc..) he wanted to make it bigger for more profit.
So he bought thcx.org on the 27th of jan, fills it with collection of other articles (Business ,Celebrity ,Entertainment ,Gadgets ,Gaming ,Health ,Other ,Politics ,Science ,Security ,Software ,Sports ,Tech News ,World News).
And not manually of course ,He is taking the news/articles from RSS feeds of other sites.
Anyway he got more 30K followers.
Here is a snapshot of the page if google deleted the cache for some reason
http://protectednet.com/files/THC.htm
And twitter finally noticed so they suspended his account.
Some sites say it was a big phishing attempt but that is not true.
Twitter have forced password restore/change for the users that were following @THCx.
Thanks twitter?
http://thenextweb.com/socialmedia/2010/02/02/twitter-forcing-users-change-password-reported-threat-phishing-attacks/
http://www.switched.com/2010/02/02/twitter-resetting-passwords-following-phishing-attack/
http://www.pcworld.com/article/188382/twitter_phishing_forces_users_to_reset_passwords.html
http://www.digitaltrends.com/computing/twitter-phishing-attack-time-for-tweeters-to-reset-passwords/
http://www.readwriteweb.com/archives/new_twitter_phishing_scam_is_making_the_rounds.php
http://mashable.com/2010/02/02/twitter-under-phishing-attack/
http://blogs.zdnet.com/security/?p=2349
That’s all.
Stay safe.
-0xAli
Posted in News, Vulnerabilities | Comments (1)
Posted on Friday, 22nd January 2010 by ProtectedNET
Size: 2.1 MB – 4.8 MB
Security issues have been identified that could allow an attacker to compromise a system that is running Microsoft Internet Explorer and gain control over it. You can help protect your system by installing this update from Microsoft. After you install this item, you may have to restart your computer.
More information for this update can be found at http://go.microsoft.com/fwlink/?LinkId=179104
Posted in Vulnerabilities | Comments (0)
Posted on Wednesday, 20th January 2010 by ProtectedNET
“Computer programming is tremendous fun. Like music, it is a skill that derives from an unknown blend of innate talent and constant practice. Like drawing, it can be shaped to a variety of ends – commercial, artistic, and pure entertainment. Programmers have a well-deserved reputation for working long hours but are rarely credited with being driven by creative fevers. Programmers talk about software development on weekends, vacations, and over meals not because they lack imagination, but because their imagination reveals worlds that others cannot see.”
Larry O’Brien and Bruce Eckel
Posted in General | Comments (0)
Posted on Tuesday, 19th January 2010 by ProtectedNET
He has now 124,367 Followers on 9:24 AM 1/20/2010 GMT
He is gaining now 200 follower on every minute.
Freaking fast ratio.
Follow Bill gates on twitter
Edit[1]: he has now 253,340 Followers //6:12 AM 1/21/2010 GMT
Edit[2]: he has now 465,593 Followers //7:09 PM 2/14/2010
Posted in News | Comments (1)
Posted on Saturday, 9th January 2010 by ProtectedNET
My personal site, i will post my latest projects there maybe exploits aswell ;P
0xA.li
Posted in General | Comments (0)
Posted on Saturday, 9th January 2010 by ProtectedNET
click me
Was searching for something in google (srsly not music or crack/keygens :P)
US Digital Millennium Copyright Act
Never saw that before.
peace.
Posted in General | Comments (1)
Posted on Tuesday, 5th January 2010 by ProtectedNET
Don’t worry guys (and girls :P) i am not dead.
Just busy with a new project
Peace
Posted in General | Comments (0)
