0 comments Wednesday, July 10, 2013

Snowden made some interesting discloser "US & Israel co-created STUXNET" Checkout this pastebin entry http://j.mp/15xLNgF via Buffer

0 comments Monday, July 08, 2013

[Cartoon] If you have nothing to hide... http://j.mp/1d9S4QD #PRISM #NSA via Buffer

0 comments Wednesday, July 03, 2013

[Comic] Freedomination by Fredo and Pidjin #NSA #PRISM http://j.mp/120iBOF via Buffer

0 comments Monday, July 01, 2013

Hackers actively scanning scada and ics http://j.mp/18sbGlj via Buffer

0 comments

Nice article on history of cybercrime http://j.mp/14LnVng via Buffer

0 comments

ZeroAccess botnet revealed http://j.mp/13ncwgJ via Buffer

0 comments

Energy sector see increase in cyber attacks http://j.mp/14JYOBx via Buffer

0 comments

Microsoft Malaysia domains hacked http://j.mp/11TMUXn via Buffer

0 comments

RT @clubhack: 41st issue of ClubHack journal is out. Covering NSA PRISM program in special feature, oracle hardening… http://j.mp/1au4sxM via Buffer

0 comments Sunday, June 30, 2013

Nokia buys all stake of Siemens in NSN http://j.mp/1b12lAb via Buffer

0 comments

How copyright industry pushed internet surveillance http://j.mp/18pFmPM via Buffer

0 comments Thursday, June 27, 2013

"Open Source Report Card" from GitHub stats http://j.mp/12mdVSU Too cool a project via Buffer

0 comments

[comic] The State of almost all theWeb Articles http://j.mp/14YYOjl via Buffer

0 comments Tuesday, August 30, 2011

Have heard this question so many times from many friends & well wishers lately.

  • Where are you absconding these days?
  • What projects are you doing these days?
  • What keeps you busy these days?

Se here's the answer.
Friends, I'm taking a lean time in my career as of now to spend more time with Sanay.

I'm still active on facebook but almost inactive on twitter and other places.
Work wise gone into a safe zone so that I can keep earning enough and still enjoy Sanay's daily growth.

I plan to be in this phase for sometime now and then relook at other stuff later.

Till that time, here're a few e-activities with Sanay for you


His website: http://sanay.in


0 comments Thursday, February 24, 2011

Yeah! You read it right. Someone is trying to hack me!

While you'll be reading it as "HACK me", I'm still thinking "hack ME".

----------------------------
Dear Attacker,
I don't have anything interesting enough for you to break into my machine and steal it.

a) I don't have anything related to national security on my laptop which you can make use of
b) I'm not a billionaire that you can scoop off something, rather people know I'm as broke as any other average guy :)
c) Info about my clients & future plans goes somewhere else & no traces of that will be found on my laptop/phone/home network

----------------------------

Although I used to get gmail password reset request atleast twice a week, but this is a real good one & the attacker deserves a round of applause for it. The amount of time & knowledge he has put in here, I can offer him a very lucrative job with handsome salary (are you listening Mr AV?, we got a candidate). And with this much dedication he can break into corporate or even more secure networks.

For the knowledge & food for thought of my readers, this is how it all looks like.
As far as I know/understand, this started in the beginning of Feb 2011. My personal laptop has enough protective layers (antivirus, patches, firewall, blah blah) and as anybody would guess I keep it more up-to-date compared to many people out there.

So the attack (when I detected) was done using Metasploit, a wonderful attack/security testing framework by @hdmoore and the attacker caught me on CVE-2010-0840 which is a Java runtime vulnerability allowing remote code execution. It was sent to me via some malicious web page which I might have stumbled somehow. (I'm pretty much into exploring lot of garbage online). I know my JRE was 2 subversions older which made this attack possible.

I felt something fishy when on my home broadband (not a shared LAN) I started getting
SSL errors. Thanks to stubbornness of Google Chrome, it didn't allowed me to ignore it & made me think twice. When scanned my RAM, I found "meterpreter" running in my explorer.exe (pretty neat dude). This was the time when I knew someone is deliberately trying to get into my machine & it can't be a work of a malware.

Damn you attacker, you forced me to change 83 passwords in total.

Moving ahead I started keeping a (more) vigil eye on my machine for the attack to re-occur, I also created a honeypot with a lot of legitimate looking traffic to lure him. But seems like the attacker understood that I have found his meterpreter trick & have killed the session once. So now his attack strategy changed and looking at the strategy used further, I'm not sure if it is work of a single guy or bunch of them together or even individually. If it's by a single guy, I seriously have a good job for him waiting.

This time the attacker seems to have got access to the firmware of my home router or wifi access point (I'm still to investigate my firmware). I started getting SSL warnings even on my phone when connected to wifi at home but not on my GPRS. Now this can't be done with access to my machine only, for this the attacker needs access to the network infrastructure. More interestingly the SSL warnings are only for some specific sites (gmail/twitter/facebook).

The attacker presented me a fake SSL certificate for api.twitter.com and this is what he did wrong. He created a fake certificate with validity of 10 years. In no good senses , twitter will buy a certificate from verisign (twitter actually uses equifax) for 10 years in one go. This fake certificate was encountered on my phone, when I rechecked actual certificate of api.twitter.com (this time using my USB internet dongle) it is issued by equifax and for one year only. See images below & click them for enlarged view.


There are few more screenshots & reverse trace reports but I'm not posting online for legal reasons. I'd need them to be produced as evidence.

I've spent enough time on this attack, reported it to appropriate authority & want to keep my hunt on to find my well wisher. The only problem is I have a life to live & a lot of work to do, which seems like the attacker doesn't have.

----------------------------
So dear attacker,
Go and get a life, you won't find anything more juicy on my machine/phone/network. If you wanted to prove it to the world that you can "Hack Rohit", I think I have done your work easy with this blog post.

----------------------------

An open letter to all my friends, family & followers,

If you receive some garbage mail or tweet from my side (@rohit11, @_rohit11, @clubhack) be assured that it wasn't me. You can still expect garbage videos shared on my facebook wall & you know that I keep sharing those stupid videos there :)


Wish me good luck & good life to the attacker(s)

PS - If this can happen to me, this can happen to you too. I'd again request you all to be little more careful online. As in "brand new days" song, STING said "It could happen to you - just like it happened to me. There's simply no immunity - there's no guarantee"


PS - I have used "he", "his", "him" to address the attacker but I'm not being gender biased. I don't think I have a "my super ex-girlfriend" kind of ex who would take so much of pain to attack me. Having said that, I'm still not under estimating the skills of female attackers.


PS - I used word "hack" cause that's what 90% of this world understand :)