Defacements Statistics 2010: Almost 1,5 million websites defaced, what's happening?

06/01/2011 Written by Marcelo Almeida (Vympel), Boris Mutina (Minor)

Last year the Zone-​H archived a sad record num­ber, we archived 1.419.203 web­sites deface­ments.
Why and how this is hap­pen­ing?
If you are look­ing at on the stats, the things remain the same: file inclu­sion, sql injec­tion, web­dav attacks and shares mis­con­fig­u­ra­tion are still at the top ranks of the attack meth­ods used by the defac­ers to gain first access into the server. As an impor­tant fac­tor influ­enc­ing the stats we con­sider the fact that last year brought a very high num­ber of the local linux ker­nel exploits.

Since many years ago, Linux became the most used OS for web­servers and of course the pre­ferred tar­get for the defac­ers. Last year we archived 1.126.987 attacks against web­sites run­ning on the Linux sys­tems. The most used exploit by the defac­ers is the CVE-​2010 – 3301,
that was fixed in 2007 and was mys­te­ri­ously rein­tro­duced in 2008, in a large pile of ker­nel ver­sions x86_​64.

But should be the out-​of-​date Linux server the only rea­son of this huge amount of deface­ments?
Yes and no.

Read more

Notes on the Wikileaks case

10/12/2010 Written by Minor

First of all, we would like to empha­size that Zone-​H is not related to any party in the Wik­ileaks case. We are do not agree nor dis­agree with any action hap­pened, we just want to share our opin­ion on the forth­com­ming events. Already many news media released infor­ma­tion about the cables, sources, how it hap­pened etc.

But now, it is clear that the Wik­ileaks will not stop to pub­lish the cables. There are plenty of the mir­rors all around the globe and infor­ma­tion are shared over the Face­book and Twit­ter. Also the arrest of Julian Assange can’t stop the day-​by-​day pub­lish­ing of the cables. Whole case raises more ques­tions, some can­not be answered. Like first one: how is it pos­si­ble that Bradley Man­ning was able to get 250k of cables? As from the Guardian arti­cle, he had “unprece­dented access to clas­si­fied net­works 14 hours a day 7days a week for 8+ months”.

Read more

Defacements Statistics 2008 - 2009 - 2010*

27/05/2010 Written by Marcelo Almeida (Vympel)

When Zone-​H started back in 2002, we were receiv­ing an aver­age of 2500 deface­ments monthly, this num­ber keeps on increas­ing year after year. For exam­ple, the last month we reg­is­tered over 95.000 deface­ments, while we only had 60.000 in 2009 for the same period.

What we can also say from these num­bers is that the meth­ods used are still the same: most of the vul­ner­a­bil­i­ties exploited are on web appli­ca­tions. We also know from what we mon­i­tored that reg­is­trar attacks greatly increased the past years even if this num­ber is quite low com­pared to the total of attacks. But not only web appli­ca­tions are guilty, as poor local sys­tem secu­rity on var­i­ous web host­ings usu­ally allow crack­ers to get full access to the servers.

Read more

Twitter and Baidu hijacked by "Iranian Cyber Army"

13/01/2010 Written by Kevin Fernandez (Siegfried)

You prob­a­bly read that story some­where last month, on Decem­ber 17 2009 Twitter’s home­page has been replaced by this mes­sage:

“Iran­ian Cyber Army

THIS SITE HAS BEEN HACKED BY IRAN­IAN CYBER ARMY

iRANiAN.​CYBER.​ARMY@​GMAIL.​COM

U.S.A. Think They Con­trol­ling And Man­ag­ing Inter­net By Their Access, But THey Don’t, We Con­trol And Man­age Inter­net By Our Power, So Do Not Try To Stim­u­la­tion Iran­ian Peo­ples To….

NOW WHICH COUN­TRY IN EMBARGO LIST? IRAN? USA?
WE PUSH THEM IN EMBARGO LIST ;)
Take Care.


They “sim­ply” hacked their reg­is­trar (dyn­dns) and mod­i­fied their DNS entries.

Yes­ter­day the Baidu home­page, China’s n°1 search engine, got defaced by the same attacker and with the same method, but this time reg​is​ter​.com was the vul­ner­a­ble registrar.

Read more

E2-labs' project Ethan dissected. Anatomy of a franchise proposal based on non-existing partnerships (UPDATED)

22/11/2009 Written by Roberto Preatoni

In case you didn’t under­stand, this is the solu­tion of our *crypto* jeop­ardy game posted in the last news.

We received a notice that on Wik­iLeaks some­body uploaded an inter­est­ing doc­u­ment. It’s a PDF file, called Project Ethan (after Tom Cruise’s Mis­sion Impos­si­ble car­ac­ther?) and it refers to E2-​labs very recent plans to open in India an edu­ca­tional and IT secu­rity fran­chise net­work. We down­loaded the doc­u­ment and we found some very inter­est­ing infor­ma­tion in it, regard­ing E2-​labs future plans and how the name of Zone-​H (and a few oth­ers) was used to back up the whole plan to con­vince pos­si­ble investors to invest money in Mr. Zaki Qureshey expan­sion plans. Need­less to say, Zone-​H was never informed about such plans and never gave any con­sent to be included in it.

The doc­u­ment is a finan­cial invest­ment por­posal, made up by 28 pages. It seems to be writ­ten by Grant Thorn­ton, a well-​known finan­cial advi­sor com­pany. We have no doubt that the doc­u­ment was orig­i­nally pro­duced by such com­pany, it’s too well struc­tured, E2-​labs and Zaki Qureshey def­i­nitely don’t posses the busi­ness skills to do that. Nev­er­the­less, the doc­u­ment it’s filled by improper state­ments. We don’t think that Grand Thorn­ton did it on pur­pose, we just imag­ine the sit­u­a­tion where they were given some state­ments and mate­r­ial by Zaki Qureshey and they granted it for real, with­out ver­i­fy­ing it. And that is bad, after all, the entire businell pro­posal carry their name.

The result is a well writ­ten doc­u­ment meant to attract pos­si­ble investors, backed up by Grant Thorn­ton name, which sounds to the ears of pos­si­ble investors as a guar­an­tee that it is refer­ring to a seri­ous pro­posal. This is prob­a­bly the rea­son why E2-​Labs Mr.Zaki Qureshey decided to invest some money to look for Grant Thorn­ton advo­cacy. Just another case to use somebody’s name for his plans.

In this arti­cle, we are going to show some excerpts from that doc­u­ment, fol­lowed by some of our com­ments. Why did we decide to make this doc­u­ment pub­lic? Because that doc­u­ment is yet another exam­ple of Mr. Zaki Qureshey uneth­i­cal busi­ness prac­tices and because it’s involv­ing directly my an Zone-​H name and because this is the only way we have to make clear to the gen­eral pub­lic that we have noth­ing to do with Mr. Zaki Qureshey bogus pro­pos­als.


Read more

1 2 3 4 5 6 7 8 9 10
ZONE-H In Numbers
  • News: 4.739
  • Admins: 3
  • Registered Users: 169.397
  • Early Warning subscriptions: 8188
  • Digital Attacks: 15.354.530
  • Attacks On Hold: 486.122
  • Online Users: 156
Login




 Lost password ?

Events
  • M
  • T
  • W
  • T
  • F
  • S
  • S
  •  
  •  
  •  
  •  
  •  
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  •  
  •  
  •  
  •  
  •  
  •