When Zone-H started back in 2002, we were receiving an average of 2500 defacements monthly, this number keeps on increasing year after year. For example, the last month we registered over 95.000 defacements, while we only had 60.000 in 2009 for the same period.
What we can also say from these numbers is that the methods used are still the same: most of the vulnerabilities exploited are on web applications. We also know from what we monitored that registrar attacks greatly increased the past years even if this number is quite low compared to the total of attacks. But not only web applications are guilty, as poor local system security on various web hostings usually allow crackers to get full access to the servers.
You probably read that story somewhere last month, on December 17 2009 Twitter’s homepage has been replaced by this message:
“Iranian Cyber Army
THIS SITE HAS BEEN HACKED BY IRANIAN CYBER ARMY
U.S.A. Think They Controlling And Managing Internet By Their Access, But THey Don’t, We Control And Manage Internet By Our Power, So Do Not Try To Stimulation Iranian Peoples To….
NOW WHICH COUNTRY IN EMBARGO LIST? IRAN? USA?
WE PUSH THEM IN EMBARGO LIST ;)
They “simply” hacked their registrar (dyndns) and modified their DNS entries.
Yesterday the Baidu homepage, China’s n°1 search engine, got defaced by the same attacker and with the same method, but this time register.com was the vulnerable registrar.
E2-labs' project Ethan dissected. Anatomy of a franchise proposal based on non-existing partnerships (UPDATED)22/11/2009 Written by Roberto Preatoni
In case you didn’t understand, this is the solution of our *crypto* jeopardy game posted in the last news.
We received a notice that on WikiLeaks somebody uploaded an interesting document. It’s a PDF file, called Project Ethan (after Tom Cruise’s Mission Impossible caracther?) and it refers to E2-labs very recent plans to open in India an educational and IT security franchise network. We downloaded the document and we found some very interesting information in it, regarding E2-labs future plans and how the name of Zone-H (and a few others) was used to back up the whole plan to convince possible investors to invest money in Mr. Zaki Qureshey expansion plans. Needless to say, Zone-H was never informed about such plans and never gave any consent to be included in it.
The document is a financial investment porposal, made up by 28 pages. It seems to be written by Grant Thornton, a well-known financial advisor company. We have no doubt that the document was originally produced by such company, it’s too well structured, E2-labs and Zaki Qureshey definitely don’t posses the business skills to do that. Nevertheless, the document it’s filled by improper statements. We don’t think that Grand Thornton did it on purpose, we just imagine the situation where they were given some statements and material by Zaki Qureshey and they granted it for real, without verifying it. And that is bad, after all, the entire businell proposal carry their name.
The result is a well written document meant to attract possible investors, backed up by Grant Thornton name, which sounds to the ears of possible investors as a guarantee that it is referring to a serious proposal. This is probably the reason why E2-Labs Mr.Zaki Qureshey decided to invest some money to look for Grant Thornton advocacy. Just another case to use somebody’s name for his plans.
In this article, we are going to show some excerpts from that document, followed by some of our comments. Why did we decide to make this document public? Because that document is yet another example of Mr. Zaki Qureshey unethical business practices and because it’s involving directly my an Zone-H name and because this is the only way we have to make clear to the general public that we have nothing to do with Mr. Zaki Qureshey bogus proposals.
This is a crypto-message for E2-Labs Mr. Zaki Qureshey. Are your *skills* good enough to decrypt it? If not, stay tuned and the solution will be revealed to you (and to the Indian community as well…)
Today, I was flying from London Gatwick to Milan Malpensa with my girlfriend and our two kids and I witnessed the maddest airport security procedures ever.
You certainly remember, a few years ago the incident at the Heathrow airport, those presumed terrorists carrying liquid bombs and threatening sacred Queen’s airspace.
The trial of the three suspected ended with several shadows. Nevertheless since then we cannot carry anymore liquids, creams, deodorants in volume larger than 100ml. As if 100ml of nitroglycerine would’t be enoug to blow a plane anyway.
Since that time, we have been taught to stay countless minutes in line to attend careful x-raying, absolutely pointless as there are both special materials and clothes that can securely conceal a weapon from a traditional metal detector.
We are often asked to “switch on the laptop” to see if it’s a real laptop, as if it was impossible to use half of the battery space to conceal explosive, still having the laptop powering on and working. The ignorancy of the people at the airport cheks it’s humongus, I have been asked once to power on my laptop and to open up an excel file that was on my desktop. As humongous it’s often their arrogancy, usually they are underpaid private guards who find their 5 minutes of glory and power by harrasing and treating us as criminals.
We have been taught to stand those airport security people’s faces, screaming at you and staring at you with an evil eye whenever you forgot to take away the nail-clipper from your purse. Yes, nail-clippers, terrorists’ most favorite hijacking tool. It’s just plain ridiculous.