Click to View Full Image
Recently we released a bulletin about X-NerD 250+ domains defacement. This time X-NerD targets PandaSecurity’s channel domain for Pakistan.
Panda Security is a well known AntiVirus Company that delivery Antivirus applications globally to million of home and business users world wide.
As usual X-NerD publishes a message at http://www.pandasecurity.com.pk/why_panda.php
"OoooOOPss...I am ShockeD At YouR SecuritY..S3cuR!tY L3vEL Z3r0...YOu Dont KnoW
HOw To SecurRe Your AsS n Pr0vidinG SEcurity to 0therS...Big LauGh..."
X-NerD performed SQL injection. There is no news about server’s security breach.
Once again Linux.com, Linuxfoundation.org and sub-domains have been taken offline for a possible security breach that is discovered on 8th September, 2011.
News bulletin from Linux.com says in the best interest of Linux community and security precautions we have taken all domains offline. Initial analysis shows this breach is connected to intrusion on kernel.org
Recommendations for the Linux.com users :
Change your password, if you are using the same password on other sites.
Services affected :
- Linux.com
- Open Printing
- Linux Mark
- Linux Foundation events.
Note : Kernel repositories are not affected. It is safe.
We will update you further, as soon we have further announcements from Linux.com
X-NerD identify his self as a part of Pakistan Cyber Army. X-NerD has defaced many websites that includes blogs, forums, brand domains. This time the attacked seems to be RFI/LFI type.
A sample page can be seen on
http://www.cga.com.pk/x.php
You can see complete list of domains on pastbin
http://pastebin.com/b6wSGzC8
You can find our previous post regarding HowTo use Firesheep on linux.
FireSheep is a small firefox extension that does big jobs for you 
e.g http sessions hijacking
What is FireSheep Extended?
This release is focused on Google search. If you are using Google Search services using a unsecured Wifi network, you searches are visible to MITM guys.
How it work?
When you are logged in on gmail.com and use google searches, Google’s sid cookie is easily captured through FireSheep. As soon you see sid cookie click on it and see visited links by victim.
How to be safe from FireSheep extended release?
Don’t use Google search while you are logged in on gmail.com on unsecured WiFi Networks.
What do you suggest for mitigation ? Share your thought in comments 
What is FBPwn?
FBPWN is a crossplateform java based Facebook profile dumper developed by Information Security Analyst team from RISST, released under GPL License. This tiny but worth full application is still in beta phase but can do plenty of usefull jobs for you
How FBPwn works?
FBPwn sends requests to your facebook friends/polls and wait for the acceptance notification. Once your target(victim) accepts friend request, it dumps all info that includes everything(username,email,friends list, etc) it is visible.
What if your victim UnFriend/Delete from friend list you?
This application is super fast and it fetches data rapidly as soon victim access requests. It will dump all victim information including username, email, friend list, photos and other info. So it doesn’t matter if victim figures out it as a fake account because it is too late
Crawl Facebook Contact list, profiles that contain email addresses and build a
mailing list of million emails contact by writing a small piece of bash script.
How to use FBPwn?
As we said, it is cross platform so it can be run on any operating system that have java installed. In our example, i am using it on BackTrack Linux.
wget http://fbpwn.googlecode.com/files/FBPwn-beta-0.1.4.zip
unzip FBPwn-beta-0.1.3.zip
cd FBPwn-beta-0.1.3
./run.sh
We have shoot FBPwn Video Tutorial. It covers how can you use this application. But due to codecs we could not upload it youtube. that will be posted soon. Stay tune.
Update – 15th Sep, 2011:
Sorry guys we couldn’t convert it, ofcourse we tried few times but failed . So STOP sending Video tutorial REQUESTS emails.
Download FBPwn Video Tutorial directly from
https://rapidshare.com/files/507532677/FBPwn-Video-Tutorial.ogv
Google suggested all users that access gmail accounts from Iran. Google broadcasted this news on GoogleOnlineSecurity Official blog.
Last month Google updated a similar thread on blog where MITM (Man in the middle attack) was attempted.
Some precautions recommended by Google is as follows
- Change your Gmail password.
- Verify your account recovery options. e.g second mail address, phone numbers, and other info that is filled to use in account recovery time.
- Review websites that is allowed to access your account.
- Check for suspicious forwarders/remote smtp.
- Be smart to warnings/popups appears.
