Geohot finally released his exploit so the world could see for itself exactly what the hack does and doesn’t accomplish.

According to the instructions, it involves compiling and running the kernel module and then pulsing a memory bus on the PS3’s motherboard.

“Try this multiple times,” his instructions state. “I rigged an FPGA button to send the pulse. Sometimes it kernel panics, sometimes it lv1 panics, but sometimes you get the exploit!! If the module exits, you are now exploited.”

While the idea is sound, this hack is clearly not for the faint of heart.

From there, PS3 users get full memory access, including ring 0 access from OtherOS, geohot, whose real name is George Hotz, said here. He’s now turning follow-on work to the PS3 community, directing members to report their findings to the psDevWiki.

His instructions conclude: “The PS3 is hacked, its your job to figure out something useful to do with it.”

Source: The Register

FindDomains is a multithreaded search engine discovery tool that will be very useful for penetration testers dealing with discovering domain names/web sites/virtual hosts which are located on too many IP addresses. Provides a console interface so you can easily integrate this tool to your pentest automation system.

It retrieves domain names/web sites which are located on specified ip address/hostname.

This tool is prepared by starting with Bing API 2.0 code sample.

In order to use FindDomains :

• Create an appid from “Bing Developers”, this link.
• It’ll be like that : 32AFB589D1C8B4FEC73D4BCB6EA0AD810E0FA2C7
• When you have registered an appid, enter it to the “appid.txt” which is on program directory.

Some outlines :

• Uses Bing search engine. Works with first 1000 records.
• Multithreaded on crawling and DNS resolution.
• Performs DNS resolution for extracted domains to eleminate cached/old records.
• Has a console interface so it can be very useful with some command-line foo.
• Works with Mono. But running under Windows is more efficient.

Sample usage :

1) FindDomains.exe 1.2.3.4
2) FindDomains.exe www.hotmail.com

Requirements :
1) NET Framework 3.5. Also working with Mono.

Download: FindDomainsv0.1.1.rar

More Info: FindDomains Project Home

Researchers have decomposed a 768-bit number with 232 decimal places into its two prime factors and published a paper with their results. The number is the string released as “RSA-768″ under the now defunct RSA Challenge. As a result, RSA encryptions with 768-bit keys must, from now on, be considered cracked.

It took the team of researchers from Switzerland, Japan, Germany, France, the US and the Netherlands about two and a half years to perform the factorisation. The first step of the calculation, polynomial selection, required half a year on a cluster consisting of 80 PCs, while the second and considerably more labour-intensive sieving step took about two years on a cluster of several hundred computers. According to the researchers, a single Opteron processor with 2 Gbytes of RAM would have needed about 1,500 years to complete the sieving step.

As RSA-512 was cracked about a decade ago, the researchers assume that the computing power required to master RSA-1024 is likely to become available in about ten years. They therefore recommend that all 1024-bit RSA keys be decommissioned by 2014 at the latest.

Source: The H Security

RockYou has suffered a serious hacker attack that has exposed 32 million of its customer usernames and passwords to possible identity theft. And it has apparently taken RockYou more than 10 days to inform its users of the breach.

The security firm Imperva informed RockYou that its site had a serious SQL injection flaw, according to reports. Imperva said that some users’ passwords had already been compromised as a result of the vulnerability by the time it notified RockYou of its findings. RockYou acted quickly to fix the flaw, but perhaps not fast enough. One hacker claimed to have gotten access to the accounts and posted some data as proof. Apparently, the database included the full list of unencrypted passwords in plain text.

The flaw is a big one because RockYou usernames and passwords are, by default, the same as users’ email names and passwords. Security experts are advising RockYou users to change their emails and passwords. RockYou has some of the most popular apps on Facebook, and it ranks third among Facebook developers with 55 million monthly active users, according to AppData.

SQL injection exploits a vulnerability in an app’s database layer and is a very common attack. It potentially lets hackers steal private information, and Yahoo’s jobs site recently suffered a similar attack. Imperva chief technology officer Amichai Shulman told eWeek Europe that users are particularly vulnerable if they use the same usernames and passwords for all of the sites that they visit.

In a statement to Techcrunch, RockYou said, “On December 4, RockYou’s IT team was alerted that the user database on RockYou.com had been compromised, potentially revealing some personal identification data for approximately 30M registered users on RockYou.com. RockYou immediately brought down the site and kept it down until a security patch was in place. RockYou confirms that no application accounts on Facebook were impacted by this hack and that most of the accounts affected were for earlier applications (including slideshow, glitter text, fun notes) that are no longer formally supported by the company. RockYou has secured the site and is in the process of informing all registered users that the hack took place.”

RockYou said it is planning to notify users. As others have noted, 10 days after it learned of the breach is far too late.

Source: DigitalBeat

inSSIDer is an award-winning free Wi-Fi network scanner for Windows Vista and Windows XP. Because NetStumbler doesn’t work well with Vista and 64-bit XP, an open-source Wi-Fi network scanner designed for the current generation of Windows operating systems.

What’s Unique about inSSIDer?

• Use Windows Vista and Windows XP 64-bit.
• Uses the Native Wi-Fi API.
• Group by Mac Address, SSID, Channel, RSSI and “Time Last Seen”.
• Compatible with most GPS devices (NMEA v2.3 and higher).

How can inSSIDer help me?

• Inspect your WLAN and surrounding networks to troubleshoot competing access points.
• Track the strength of received signal in dBm over time.
• Filter access points in an easy to use format.
• Highlight access points for areas with high Wi-Fi concentration.
• Export Wi-Fi and GPS data to a KML file to view in Google Earth.

Download: Inssider_Installer.msi

More Info: inSSIDer Wi-Fi Scanner | Metageek