"This is the largest hacking case to date. The crime is very serious, and this must be reflected in the sentence," Prosecutor Maria Cingali said.

"My recommendation has always been that the investigation has focused on finding clues that point to my client, even though the tracks have also pointed in another direction," lawyer Louise Høj said, as cited by TorrentFreak. "It is clear that my client’s computer has been the subject of remote control, and therefore he is not responsible."

Appelbaum expressed his disappointment with the conviction on Twitter. "Gottfrid convicted. I'm sad to hear that only two of the jurors understand the technology involved," Appelbaum tweeted yesterday.

"The punishment should be close to the maximum punishment, which can be six years in prison," the senior prosecutor in the case, Maria Cingari, said according to local media. "It shouldn’t be under five years."

The Internet has revolutionized shopping around the world. Security researchers F-Secure reported recently in a post that hackers are Selling Cheap DDOS services on Various Foru

PwnieExpress providing one of the best Pentesting suite for the Nokia N900 .It  Includes Aircrack, Metasploit, Kismet, GrimWEPa, SET, Fasttrack, Ettercap, nmap, and more, Custom pentesting screen with shortcuts to macchanger, injection on/off, etc. Built-in wireless card supports packet injection, monitor mode, and promiscuous mode also available :

Try It

It is amazing how fast security measures are bypassed by hackers. it seems Windows 8 is now Malconed! Peter Kleissner has created the world's first Windows 8 Bootkit which is planned to be released in India at the International Malware Conference MalCon.

An independent programmer and security analyst, peter was working for an anti-virus company from 2008 to 2009 and was speaker at the Black Hat and Hacking at Random technical security conferences. While his main operating fields are Windows security and analysis of new malware, his recent Important projects include the development of the Stoned Bootkit, a research project to subvert the Windows security model.

A bootkit is built upon the following broad parts:

And as put by peter, those parts are easy to split up in a criminal organization: Teams A-D are writing on the different parts. If you are doing it right, Team D (the payload writers) need no internal knowledge of the bootkit! Peter's research website: http://www.stoned-vienna.com/

As per the MalCon website, peter's travel is still not confirmed citing VISA issues, however, there are chances that the presentation may be done over the video or a speaker may step in on behalf of peter and release it at MalCon.

Recently We Expose about 25 Facebook phishing websites and also write about biggest Facebook phishing in French which steal more then 5000 usernames and passwords. Today another new attack on Facebook users with Zeus Bot comes in action. The researchers of Danish security firm CSIS, has spotted a worm spreading within the Facebook platform. A new worm has popped up on Facebook, using apparently stolen user credentials to log in to victims' accounts and then send out malicious links to their friends. The worm also downloads and installs a variety of malware on users' machines, including a variant of the Zeus bot.

If followed, the link takes the potential victim to a page where he or she are offered what appears to be a screensaver for download. Unfortunately, it is not a JPG file, but an executable (b.exe). Once run, it drops a cocktail of malicious files onto the system, including ZeuS, a popular Trojan spyware capable of stealing user information from infected systems. The worm is also found to have anti-VM capabilities, making it useless to execute and test in a virtual environment, such as Oracle VM VirtualBox and VMWare.

Zeus is a common tool in the arsenal of many attackers these days, and is used in a wide variety of attacks and campaigns now. It used to be somewhat less common, but the appearance of cracked versions of the Zeus code has made it somewhat easier for lower-level attackers to get their hands on the malware. Zeus has a range of capabilities, and specializes in stealing sensitive user data such as banking credendtials, from infected machines.

"The worm carries a cocktail of malware onto your machine, including a Zbot/ZeuS variant which is a serious threat and stealing sensitive information from the infected machine," warn the researchers.The worm is hosted on a variety of domains, so the link in the malicious message may vary. Other servers are used to collect the data sent by the aforementioned malware and to serve additional malicious software.

This type of thing is very rare to just send to your email without you requesting it so I would advise anyone who thinks that you may have seen an email like this to delete it and mark it as spam right away.

''This is arguably the first case where we have had a hack of critical infrastructure from outside the United States that caused damage,'' a managing partner at Applied Control Solutions, Joseph Weiss, said.

The network breach was exposed after cyber intruders burned out a pump. ''No one realised the hackers were in there until they started turning on and off the pump,'' he said.

It said hackers apparently broke into a software company's database and retrieved usernames and passwords of various control systems that run water plant computer equipment.Using that data, they were able to hack into the Illinois plant.

The U.S. Department of Homeland Security and the Federal Bureau of Investigation are examining the matter, said DHS spokesman Peter Boogaard.

"At this time there is no credible corroborated data that indicates a risk to critical infrastructure entities or a threat to public safety," he said, declining to elaborate further. An FBI spokesman in Illinois did not return phone calls seeking comment.

Increasing attacks on cyberspace in India has brought several professionals and experts from the Industry, in support with the Government of India to jointly form a national level program to identify credible and valuable information security experts. The program "National Security Database" is all set to launch this Saturday in Mumbai at a major Information security conference, MalCon. The database will include ethical hackers and programmers who can protect country’s cyberspace. They will all be registered with the National Security Database, a brainchild of Information Sharing and Analysis Centre (ISAC), a non profit foundation which works closely with the Government on the issue of cyber security.

The need of such database originated after 2008 attacks in Mumbai when the cyber security professionals realised that a lot needed to be done in the area. "It is observed that some or other form of electronic notification is usually sent before a major terrorist attack, followed by defacement of government web sites. Professional cyber security professionals can make a lot of difference in investigations and help in the entire episode," said Rajshekhar Murthy, director of ISAC. Issue of forming a credible repository of such cyber security professionals who can be trusted with sensitive information can be of use in case of an emergency, and was also raised in a conference held last year.

"After a lot of brainstorming and analysis the database is in place and will be flagged off on November 26 in Mumbai," said Murthy. As per estimates there are over a lakh cyber security experts and hackers in India who as of now function individually. Each one of them has a certain area of specialisation. "They will be brought in to the NSD after a rigourous test which would test their skills. Also they would be made to undergo psychometric tests over and above the tasks that they would have to perform to test their personal skills. Once they clear all levels they would be empaneled in NSD program in applied areas of specialisation," added Murthy. Fraud investigation, web security, mobile security are some of the areas of specialisation in NSD.

The Database, which was secretly being worked on from last two years on invitation only basis has already a sizeable number of experts who have developed malwares and softwares to hack into devices like iPhone and XBox Kinect, which are slated for release at the malware conference MalCon. The database will come in handy each time country is under threat on cyberspace front. "The next generation of attacks will not be only on ground but also on country’s cyberspace," said Murthy citing the example of recent attack on some government computers after which the hackers released sensitive information pertaining to the miltary and communication between India and Moscow.

Companies like QuickHeal and Security Compass among others have already given support to the database and will be hiring security professionals with a direct final interview. "Since NSD professionals will have to go through a tough eight hour lab exam, major companies have written in expressing their interest in hiring NSD empaneled professionals. While NSD does not award certification, we are glad about the support from the Industry" stated Murthy.

The biggest challenge for NSD now is to reach both hackers and professionals and identify them with skills in existing areas of specialization.. "We have already identified several accross the country. Their motivations is that once they are registered with NSD they not only get to upgrade their skills and knowledge but will also be of service to the country. We are collaborating with government agencies looking after cyber security, all of whom are looking forward to the NSD," said Murthy.

The program will be flagged off in the International Malware Conference, MALCON, scheduled to be held at JW Marriott on November 26. Sachin Pilot, Minister of State for Communication and Information Technology is also going to join the conference via video conference from Delhi. His office confirmed that Pilot would share his views on cyber security and extend their endorsement to the National Security Database. Officials from National Technical Research Organisation, a government body which looks at cyber security, too have shown keen interest in the NSD. "It is great initiative which will be of use to the nation and will provide a databse of cyber security professionals," said an NTRO official refusing to be named.

A week-long DDoS attack that launched a flood of traffic at an Asian e-commerce company in early November was the biggest such incident so far this year, according to Prolexic, a company that defends websites against such attacks. The distributed denial-of-service attack consisted of four consecutive waves launched from multiple botnets between Nov. 5 and Nov. 12, 2011.

The attack on the unnamed organisation and its DNS provider happened between 5 and 12 November and reached 45Gbit/s at peak, equivalent to 69 million packets or 15,000 connections per second, way above the level that can be easily stemmed using standalone appliances, the company claimed. This attack was three times larger in packets per second volume than the biggest attack Prolexic has mitigated previously, which also occurred in 2011.

Prolexic technicians identified a randomised attack consisting of the largest volume of GET, SYN, ICMP, UDP and DNS floods launched in a single attack campaign this year. They identified that the attack was coming from botnets in multiple worldwide locations.In addition, unlike typical DDoS attacks that are coordinated from one geographic source, this attack was coordinated globally.

Sudan Airways mailbox database Hacked By Sudan Cyber Army - SD. Alsa7r and Leaked on Pastebin. The Targeted domains are sudanair.com  & omyalphaserver.com . This Include more than 100's of Usernames, Emails, Passwords. Sudan Cyber Army in past hack lots of Sudan Government Sites.

The paper does go on to suggest some ways to ameliorate these issues, though Better awareness at the evidence-gathering stage would help, but it also suggests “on-scene forensic acquisition” of data, which involves ripping unencrypted data from volatile, live memory with the cryogenic RAM freezing technique, presumably). Ultimately, though, the researchers aren’t hopeful: “Research is needed to develop new techniques and technology for breaking or bypassing full disk encryption,” concludes the paper.

The idea behind it is similar to that of FXI’s Cotton Candy, in the sense that you will need to boot Android from a USB stick. Alternatively you could use an SD card as well. They’ve managed to get just about everything up and running, including Android Market, but it seems that the majority of users who managed to get this running successfully have been owners of ASUS branded PCs, although we can’t be sure of the reason behind that particular phenomenon.

For more information about the Android-x86 project, or if you’re looking for a way to load up Android’s Honeycomb 3.2 onto your laptop or PC, head on down to Android-x86’s website for the details. In the meantime you can check out this guy who managed to load Honeycomb 3.2 onto his ASUS Eee PC.

From developers to students to mobile workers, there are a number of groups that could find innovative ways to use a computer the size of a USB stick. However, you won’t see a consumer product shipping anytime soon from FXI. The company plans to sell the Cotton Candy to developers and let OEMs license the technology and turn it into something that can appeal to a wide audience.

"When warranted, we will respond to hostile acts in cyberspace as we would to any other threat to our country," the DoD said in the report. "All states possess an inherent right to self-defense, and we reserve the right to use all necessary means – diplomatic, informational, military, and economic – to defend our nation, our allies, our partners, and our interests."

This means that if anyone carries out a decent attack on the Pentagon website, the Navy Seals will land on his roof, run through his house shooting anything that moves and bury the body at sea. US security agencies are also training a crack team of highly skilled cyber forensics experts and are working with international partners to share information about cyber threats, including malicious code and the people behind it, it said.

[Source]