VIRUS STUXNET Sources code

In June last year, a computer virus called Stuxnet was discovered lurking in the data banks of power plants, traffic control systems and factories around the world.

Pandora's box has been opened; on the new battlefield the aggressors are anonymous, the shots are fired without starting wars and the foot soldiers can pull their triggers without leaving their desks.

Last week the United States government announced they would retaliate to a cyber-attack with conventional force. The threat is real, and the age in which a computer bug could cost lives has begun.

Download Sources Code Mirror 1

W32.Duqu: The Precursor to the Next Stuxnet

On October 14, 2011, a research lab with strong international connections alerted us to a sample that appeared to be very similar to Stuxnet. They named the threat "Duqu" [dyü-kyü] because it creates files with the file name prefix “~DQ”. The research lab provided us with samples recovered from computer systems located in Europe, as well as a detailed report with their initial findings, including analysis comparing the threat to Stuxnet, which we were able to confirm. Parts of Duqu are nearly identical to Stuxnet, but with a completely different purpose.
Duqu is essentially the precursor to a future Stuxnet-like attack. The threat was written by the same authors (or those that have access to the Stuxnet source code) and appears to have been created since the last Stuxnet file was recovered. Duqu's purpose is to gather intelligence data and assets from entities, such as industrial control system manufacturers, in order to more easily conduct a future attack against another third party. The attackers are looking for information such as design documents that could help them mount a future attack on an industrial control facility.
Duqu does not contain any code related to industrial control systems and is primarily a remote access Trojan (RAT). The threat does not self-replicate. Our telemetry shows the threat was highly targeted toward a limited number of organizations for their specific assets. However, it’s possible that other attacks are being conducted against other organizations in a similar manner with currently undetected variants.
The attackers used Duqu to install another infostealer that could record keystrokes and gain other system information. The attackers were searching for assets that could be used in a future attack. In one case, the attackers did not appear to successfully exfiltrate any sensitive data, but details are not available in all cases. Two variants were recovered, and in reviewing our archive of submissions, the first recording of one of the binaries was on September 1, 2011. However, based on file compile times, attacks using these variants may have been conducted as early as December 2010.
One of the variant’s driver files was signed with a valid digital certificate that expires August 2, 2012. The digital certificate belongs to a company headquartered in Taipei, Taiwan. The certificate was revoked on October 14, 2011.
Duqu uses HTTP and HTTPS to communicate with a command-and-control (C&C) server that at the time of writing is still operational. The attackers were able to download additional executables through the C&C server, including an infostealer that can perform actions such as enumerating the network, recording keystrokes, and gathering system information. The information is logged to a lightly encrypted and compressed local file, which then must be exfiltrated out.
The threat uses a custom C&C protocol, primarily downloading or uploading what appear to be JPG files. However, in addition to transferring dummy JPG files, additional data for exfiltration is encrypted and sent, and likewise received. Finally, the threat is configured to run for 36 days. After 36 days, the threat will automatically remove itself from the system.
Duqu shares a great deal of code with Stuxnet; however, the payload is completely different. Instead of a payload designed to sabotage an industrial control system, the payload has been replaced with general remote access capabilities. The creators of Duqu had access to the source code of Stuxnet, not just the Stuxnet binaries. The attackers intend to use this capability to gather intelligence from a private entity to aid future attacks on a third party. While suspected, no similar precursor files have been recovered that predate the Stuxnet attacks.
You can find additional details in our paper here. The research lab that originally found the sample has allowed us to share their initial report as an appendix. We expect to make further updates over the coming days.
Key points:
•    Executables using the Stuxnet source code have been discovered. They appear to have been developed since the last Stuxnet file was recovered.
•    The executables are designed to capture information such as keystrokes and system information.
•    Current analysis shows no code related to industrial control systems, exploits, or self-replication.
•    The executables have been found in a limited number of organizations, including those involved in the manufacturing of industrial control systems.
•    The exfiltrated data may be used to enable a future Stuxnet-like attack.
Note: At press time we have recovered additional variants from an additional organization in Europe with a compilation time of October 17, 2011. These variants have not yet been analyzed. More information will follow.

Up close with iOS 5: Wireless syncing and updating

One of the best parts of iOS 5--regarding device management, at least--is that you no longer have to connect your device to your Mac or PC when you want to sync your information or download a subsequent software update. There are two features at work here:
iTunes Wi-Fi Sync and Software Update.
iTunes Wi-Fi Sync
Constantly connecting your iOS device to your computer to keep it in sync and backed up can be a real pain. Lucky for you, you don't have to do it anymore, thanks to iOS 5's new Wi-Fi Sync feature.
Wi-Fi Sync (as its name might suggest) allows your device to sync with your computer over a Wi-Fi network rather than through a USB connection. It's slightly slower, but you can do it any time your device is on the same Wi-Fi network as your desktop. Better still, your device stays perpetually connected: You can adjust settings and re-sync without having to disconnect and reconnect any cables. (You can always continue to sync the old-fashioned way, of course.) Another benefit to this perpetual connection is that when syncing, you're no longer stuck with the Do Not Disconnect screen every time you're updating your song list or changing a setting; instead, it all happens in the background, allowing you to multitask and use your device during a sync session.
Set up Wi-Fi Sync: To enable Wi-Fi sync for your device, you need to connect your device to your computer--one last time!--and open up iTunes. Click on your device in the Source list and then scroll down to the bottom of the summary pane.
(Image Caption: Check the Sync With This device Over Wi-Fi box and press the Sync button to enable Wi-Fi syncing for your iPhone, iPod touch, or iPad.)
Check the box that enables syncing, press the Sync button to save your changes, and you're all set. By default, your device will sync with your computer any time it's plugged in and both are on the same Wi-Fi network; you can also force a sync by going to the Settings app and tapping General -> iTunes Wi-Fi Sync and then tapping Sync Now.
Software Update
With Wi-Fi Sync, you can keep your day-to-day activities running smoothly. But what about when the next iOS update inevitably comes out? You don't want to have to connect your device back to your computer. And good news: With iOS 5, you don't have to.
Install updates on your iOS device: If you've ever used an iOS device before, you're probably fairly familiar with the process of downloading app updates from the App Store app: When a little red badge appears in the upper right corner of the App Store icon, you open the App Store, navigate to the Updates tab, and download your app updates all at once, or one by one. The Software Update process for iOS 5 is remarkably similar; but instead of going to the App Store, you go to the Settings app for any system updates.
Like the App Store, your device perpetually checks for new software updates in the background. When one is available, you see a red badge appear on the Settings app; to download it, open the app and navigate to General -> Software Update. There, you see some brief information about the update and a button to install it. You can also force the system to check for an update by navigating to the Software Update pane.
Because these iOS updates are "delta updates" (they contain only the parts of the system that have changed, so you don't have to download the entire system each time there is an update), they're smaller; therefore, you can download them just about anywhere you have a decent 3G or Wi-Fi connection--on the bus, at home, walking down the street, you name it. To install these updates, however, you need to have at least 50 percent battery life on your device, or have it plugged into a power source.
Just as a friendly reminder: Even though you can install these updates anywhere, you should always (always, always) back up your device before you do. You can use Wi-Fi Sync to back up to your computer, or, if you have iCloud Backup enabled, you can use that. (See the "Work in the Cloud" section later in this chapter for more information on iCloud Backups.)
Install updates from your computer: Maybe you're not that adventurous, and you'd prefer to install your software update the old-fashioned way. No problem: Just connect your device to your computer and check for updates in iTunes. (If you're using Wi-Fi Sync, you can also do this by plugging your device into a power source and connecting it and your computer to the same Wi-Fi network, and then opening iTunes.)
Serenity Caldwell is a Macworld staff editor.

Google fall sweep

10/14/2011 10:03:00 AM

We aspire to build great products that really change people’s lives, products they use two or three times a day. To succeed you need real focus and thought—thought about what you work on and, just as important, what you don’t work on. It’s why we recently decided to shut down some products, and turn others into features of existing products.

Here’s the latest update on what’s happening:

• Code Search, which was designed to help people search for open source code all over the web, will be shut down along with the Code Search API on January 15, 2012.
• In a few weeks we’ll shut down Google Buzz and the Buzz API, and focus instead on Google+. While people obviously won't be able to create new posts after that, they will be able to view their existing content on their Google Profile, and download it using Google Takeout.
• Jaiku, a product we acquired in 2007 that let users send updates to friends, will shut down on January 15, 2012. We’ll be working to enable users to export their data from Jaiku.
• Several years ago, we gave people the ability to interact socially on iGoogle. With our new focus on Google+, we will remove iGoogle's social features on January 15, 2012. iGoogle itself, and non-social iGoogle applications, will stay as they are.
• The University Research Program for Google Search, which provides API access to our search results for a small number of approved academic researchers, will close on January 15, 2012.

In addition, later today the Google Labs site will shut down, and as previously announced, Boutiques.com and the former Like.com websites will be replaced by Google Product Search.

Changing the world takes focus on the future, and honesty about the past. We learned a lot from products like Buzz, and are putting that learning to work every day in our vision for products like Google+. Our users expect great things from us; today’s announcements let us focus even more on giving them something truly awesome.

Posted by Bradley Horowitz, Vice President, Product

WRC FIA World Rally Championship 2011

 

Download :  FILESERVE  |  WUPLOAD 

Xotic v1.0r10 multi5 cracked

 

Description: Xotic is more than just killing enemies. Players can compare their shooter skills with their friends’ on the leaderboards as they rack up chain combos by shooting targets like the life-choking Scab plants around each level, picking up Orb Essence, and, yes, blasting enemies. Balancing all of these elements while attaining the best time in each level is the key to becoming the top scorer. In their quest to become number one, players will also earn experience points that they can use to upgrade their skills and weapons and can pick up power-ups around each level.

Changes :

• Fixed results screen crashes caused by expiring Hard Holograms
• Mouse sensitivity can now be adjusted higher
• Mouse sensitivity can now be adjusted in 1% increments
• Deaderboards now display “near me” correctly
• Fixed minor font issue
• Disabled windows screensaver during game
• Mouse buttons can now be mapped to movement controls
• Refraction rendering is fixed on NVIDIA cards

Part1     Part2

Ground Effect Pro XHD v1.2.0 Full ANDROiD

Description: Stunning visuals and a pumping sound track make this ground-breaking game the way perfect way to show off what your phone can do! Nominated last year for a Best App Ever Award on iPhone and was featured multiple times on the App Store under both New and Noteworthy and What’s Hot, this is fast-paced, arcade style ekranoplan racing action at it’s very best. Boasting incredible 3D graphic detail and procedural landscapes never before seen in any game of its type, the game will appeal to lovers of fast-paced, competitive action genres as well as those who prefer something more sedate and relaxing.

Features:

• 14 challenging levels
• 10 different Ground Effect craft
• Stunning terrains (both land and sea)
• Free roaming – explore at will
• Impressive draw distance
• Sensitive and intuitive flight controls
• Throttle speed controller
• High score recording
• Replay & ghost-race modes
• Boost control
• Day and night scenarios
• Driver/1st person camera view
• Stereo 3D option
• Free-play practice levels
• Super smooth animation up to 60FPS
• App2sd supported

Download

VA_-_Drumma_Boy_2011_Labor_Day_Weekend_Playlist-2011

 Part1     Part2

1. 00-va-drumma_boy_2011_labor_day_weekend_playlist.m3u
2. 00-va-drumma_boy_2011_labor_day_weekend_playlist.nfo
3. 00-va-drumma_boy_2011_labor_day_weekend_playlist.sfv
4. 01-young_jeezy_ft_fabolous_and_yo_gotti_-_flexin.mp3
5. 02-gorilla_zoe_-_king_kong.mp3
6. 03-lloyd_ft_trey_songz_and_young_jeezy_-_be_the_one.mp3
7. 04-drumma_boy_ft_gucci_mane_tity_boi_and_young_buck_-_im_on_worldstar.mp3
8. 05-gucci_mane_ft_future_-_stevie_wonder.mp3
9. 06-gucci_mane_and_waka_flocka_-_ferrari_boyz.mp3
10. 07-whitney_houston_-_salute.mp3
11. 08-drumma_boy_ft_rocko_and_tity_boi_-_levi_jeans.mp3
12. 09-pbz_ft_young_dolph_-_hurtin_em.mp3
13. 10-pastor_troy_-_police_cant_break_it_up.mp3
14. 11-sbtrkt_ft_shabazz_palaces_and_little_dragon_-_wildfire.mp3
15. 12-dj_drama_ft_trey_songz_tity_boi_and_big_sean_-_oh_my_(remix).mp3
16. 13-gucci_mane_ft_waka_flocka_and_yo_gotti_-_stove_music.mp3
17. 14-jim_jones_ft_nicole_wray_-_itza.mp3
18. 15-jagged_edge_-_never_meant_to_lead_you_on.mp3
19. 16-gucci_mane_ft_slim_dunkin_and_rocko_-_fresh_as_fuck.mp3
20. 17-gorilla_zoe_-_party_over_here.mp3
21. 18-young_bleu_-_go_head.mp3
22. 19-musiq_soulchild_-_waiting_still.mp3

 

Trespass 2011 WS VODRiP XviD

 

Plot: In a private, wealthy community, priority is placed on security and no exception is made for the Miller family’s estate. Behind their pristine walls and manicured gardens, Kyle (Nicolas Cage), a fast-talking businessman, has entrusted the mansion’s renovation to his stunning wife, Sarah (Nicole Kidman). But between making those big decisions and keeping tabs on their defiant teenage daughter (Liana Liberato), Sarah often finds herself distracted by a young, handsome worker (Cam Gigandet) at their home. Nothing is what it seems, and it will take a group of cold-blooded criminals led by Elias (Ben Mendelsohn), who have been planning a vicious home invasion for months, to bring the Miller family together. Kyle, Sarah and Avery will take the ultimate risk to make it out with their lives – and their family – intact.


Download: FILESONIC – FILESERVE – Wupload

Pro Evolution Soccer 2012

Well known scene group RELOADED released the game Pro Evolution Soccer 2012 for PC. Personally I’m more of a FIFA 12 fan, but this game is great as well. Reviews are not as positive as FIFA 12, but still decent enough to give it a try. Included the crack only as well, enjoy!

Description: Pro Evolution Soccer makes its return this fall, Pro Evolution Soccer 2012! This year, Konami is determined to give global football fans a truly realistic, immersive and a delightfully playable take on the beautiful game. Creative Producer Shingo “Seabass” Takatsuka has been sourcing the desires of fans across the globe and working non-stop on marrying the digital game to the real life game so fans can get as close to the real thing. All elements have been examined – defense, offense, AI, penalties, officiating and of course, graphics! The result is a game truly represents the key attributes of the game and it’s players. Pro Evolution Soccer… “Can you play?”

Features:

• Teammate AI has become more true to life on defense and offense – Your team plays more cohesively
• New Off-the-ball-controls – Take even more control in dead-ball situations to manage your team strategy
• Zonal marking and positional defending are massively enhanced – Players are forced to work harder to split defenders
• Collision detection is overhauled – The physicality of top-level soccer is captured
• Graphics are updated again -Movements, facial representations and pitches have built upon last year’s massive improvements

Publisher: Konami
Developer: Winning Eleven Productions
Genre: Sports

Part1     Part2

Crack : Here

US TOP40 Single Charts 15 10 2011

 Part1     Part2     Part3

01-adele_-_someone_like_you.mp302-maroon_5_feat._christina_aguilera_-_moves_like_jagger.mp303-foster_the_people_-_pumped_up_kicks.mp304-lmfao_-_sexy_and_i_know_it.mp305-gym_class_heroes_feat._adam_levine_-_stereo_hearts.mp306-lmfao_feat._lauren_bennett_and_goonrock_-_party_rock_anthem.mp307-rihanna_feat._calvin_harris_-_we_found_love.mp308-david_guetta_feat._usher_-_without_you.mp309-cobra_starship_feat._sabi_-_you_make_me_feel.mp310-lady_gaga_-_you_and_i.mp311-dev_-_in_the_dark.mp312-bad_meets_evil_feat._bruno_mars_-_lighters.mp313-pitbull_feat._ne-yo_afrojack_and_nayer_-_give_me_everything.mp314-nicki_minaj_-_super_bass.mp315-rihanna_-_cheers_(drink_to_that).mp316-lil_wayne_-_how_to_love.mp317-drake_-_headlines.mp318-jason_derulo_-_it_girl.mp319-b.o.b_feat._lil_wayne_-_strange_clouds.mp320-onerepublic_-_good_life.mp321-adele_-_rolling_in_the_deep.mp322-lil_wayne_feat._drake_-_she_will.mp323-rodney_atkins_-_take_a_back_road.mp324-blake_shelton_-_god_gave_me_you.mp325-katy_perry_-_last_friday_night.mp326-alexandra_stan_-_mr._saxobeat.mp327-kelly_clarkson_-_mr._know_it_all.mp328-hot_chelle_rae_-_tonight_tonight.mp329-britney_spears_-_i_wanna_go.mp330-t-pain_feat._wiz_khalifa_and_lily_allen_-_5_oclock.mp331-lady_antebellum_-_just_a_kiss.mp332-kanye_west_and_jay_z_-_niggas_in_paris.mp333-the_band_perry_-_if_i_die_young.mp334-the_script_-_nothing.mp335-big_sean_feat._kanye_west_and_roscoe_dash_-_marvin_and_chardonnay.mp336-eli_young_band_-_crazy_girl.mp337-dj_khaled_feat._drake_rick_ross_and_lil_wayne_-_im_on_one.mp338-new_boyz_feat._chris_brown_-_better_with_the_lights_off.mp339-nicki_minaj_feat._rihanna_-_fly.mp340-lady_gaga_-_the_edge_of_glory.mp3

iMPACT Wrestling 2011.10.13 HDTV XviD

The final countdown to “Bound For Glory” in Philadelphia.

Download

The Mentalist S04E04 HDTV XviD

Jane notices a suspicious-looking man carrying a gun at a political rally and sets out to prove he’s a psychopath on the brink of committing murder. Meanwhile, Lisbon investigates the death of a photographer at the same rally.

Download

Man Woman Wild S02E07 High Desert Thirst HDTV XviD

When their donkey runs off with all of their supplies, Mykel and Ruth are stranded in California’s mountainous high desert. Left with nothing more than a canteen of whiskey, the two must race against the clock to find water in this harsh environment.

Download

Sony hacked again - 93,000 accounts compromised with brute-force attack

Sony has warned users against a massive bruteforce attack against PlayStation and Sony network accounts. The attack – which used password and user ID combinations from an unidentified third-party source – succeeded in compromising 60,000 PlayStation Network and 33,000 Sony Online Entertainment network accounts. These accounts have been locked and passwords reset.

The attack took place between October 7 and 10 and succeeded in matching valid sign-in IDs. According to a blog post by Philip Reitinger, Sony's Chief Information Security Officer, credit card details were not compromised.
Both the motive for the latest attack against Sony network users and the identity of the perpetrator(s) remains unclear. Sony shut down its PlayStation Network in April in the aftermath of a far more damaging hack attack. The service wasn't restored until a month later. Personal information on 77 million account-holders was exposed as a result of the April PlayStation hack. Details including names, addresses, passwords and purchase histories was exposed by the megahack.

Phoenix Exploit’s Kit 2.8 mini version

After the Leak of Phoenix exploit kit 2.5 , this tour is currently in the wild version 2.8 , despite having a low activity since the last half of this year, remains one of the many Exploit Pack with greater preference for cyber-criminals.

However, PEK has a similar licensing model, where the last version was released with an "alternative" to buy. This is Phoenix Exploit's Kit 2.8 mini. Let us look briefly this alternative to crime which we could access through our Offensive Security Service CrimewareAttack.

The licensing model consists in the version Simple domain closed at a cost of USD 2.200, another version Multithreaded domain also closed to USD 2.700 and an extra-encryption service USD 40 (ReFUDing), already present from several versions back as part of the "added value".

Basically this new version does not change its characteristics, at least in regards to its graphical interface and functionality in relation to previous versions. Each section shows the same flow crimeware and type of statistical information, minimalist yet concise, this being, though trivial, one of the main reasons for the adoption of Phoenix by cyber-criminals. Simply find the information they need to increase the level of success and attack strategies, and merge the functionality of this Exploit Pack with some Malware Kit as SpyEye or ZeuS.

What is new about the exploits? 
Basically not much. Everything happens for optimizing the code for exploits a success rate effective in the process of exploitation, adding the exploit for Java Runtime Environment to Trusted.

Also removed were the following exploits pre-compiled in version 2.7:

• Windows Help and Support Center Protocol Handler Vulnerability – CVE-2010-1885 
• Integer overflow in the AVM2 abcFile parser in Adobe Flash Player – CVE-2009-1869 
• Integer overflow in Adobe Flash Player 9 – CVE-2007-0071 
• IEPeers Remote Code Execution – CVE-2009-0806  
• Internet Explorer Recursive CSS Import Vulnerability – CVE-2010-3971 

Although it’s basically the same exploits (similar in all cases, including those incorporating other Exploits Pack in the wild), the author's optimized for each version. In this case, includes the following exploits:

• Microsoft Data Access Components (MDAC) - CVE-2006-0003  
• Adobe Reader Javascript Printf Buffer Overflow - CVE-2008-2992 
• Adobe Reader LibTiff - CVE-2010-0188 
• Adobe Reader Collab GetIcon - CVE-2009-0927 
• Java SMB - CVE-2010-0746 
• Java Runtime Environment Trusted  - CVE-2010-0840 
• Java Skyline Plug-in component in Oracle Java SE and Java for Business 6  - CVE-2010-3552 
• Java Deployment Toolkit Component - CVE-2010-0886 

Despite the optimization of the components for each version exploits, is striking and interesting that chain optimization and updating MDAC exploit remains the most domination, not only in this Exploit Pack it in any of the existing. What is the reason? Just a lack of maturity on the users (application, customers around the basic procedures update) that transforms him into a potential target and highly drinkable through this old, but effective vulnerability.

DJ Drama – Third Power (iTunes Deluxe Edition)-2011

Description: DJ Drama s is set to release his 3rd album Gangsta Grillz 3. Oh My is the first single from the forthcoming album and features Fabolous, Whiz Khalifa & Roscoe Dash. The record is heating up at radio and is gearing toward being a summer anthem. DJ Drama is best known for the successful Gangsta Grillz series. With over twenty editions in the books, the series has become a coveted opportunity for any artist seeking to strengthen their fan base in the streets.

Track List:
1 Oh My (feat. Fabolous, Roscoe Dash & Wiz Khalifa)
2 Rough (feat. Young Jeezy & Freddie Gibbs)
3 Lay Low (feat. Young Chris, Meek Mill & Freeway)
4 Aint No Way Around It (feat. Future)
5 Undercover (feat. Chris Brown & J Cole)
6 Everything That Glitters (feat. Pusha T & French Montana)
7 Me & My Money (feat. Gucci Mane)
8 Never See You Again (feat. Talia Coles & Wale)
9 Self Made (feat. Red Cafe & Yo Gotti)
10 Take My City (feat. B.O.B. & Crooked I)
11 Lock Down (feat. Ya Boy & Akon)
12 Oh My (Remix) [feat. Trey Songz, 2 Chainz, Big Sean]
13 Never See You Again (Instrumental Version)
14 Ain’t No Way Around It (Instrumental Version)
+ Digital Booklet – Third Power

Download

VA-Hit_Parade_Dance_Vol._22-(MAG)-2011-

Part1     Part2

Tracklist : 

0.01: VA - Hit Parade Dance Vol. 22 (73:39)

National Geographic Worlds Toughest Fixes Moving The Monster Barge 720p HDTV

The Mighty Mississippi is America’s second longest river and, arguably, the most important highway in the US. Any blockages can cause big trouble, so Riley’s going to New Orleans to help clear out a massive barge that’s become stuck onshore. He works with a team of salvage cowboys to get the barge out of the way, doing whatever it takes, including risk being crushed by three hundred tons of shifting metal. Riley also checks in on some other crews helping to keep the Mississippi clear – a dredge boat and a mat-laying unit. But this barge will be his biggest challenge – there’s plenty of heavy lifting and some hair-raising close calls that put Riley right in the path of danger.

Download

UK TOP40 Single Charts 09.10.2011

Download

Tracklist:
01 Rihanna Feat. Calvin Harris – We Found Love 03:36
02 Maroon 5 Feat. Christina Aguilera – Moves Like Jagger 03:21
03 Sak Noel – Loca People 05:30
04 One Direction – What Makes You Beautiful 03:20
05 Goo Goo Dolls – Iris 04:53
06 Dappy – No Regrets 04:00
07 Lmfao – Sexy and I Know It 03:20
08 James Morrison – I Wont Let You Go 03:49
09 Jason Derulo – It Girl 03:14
10 Bad Meets Evil Feat. Bruno Mars – Lighters 05:04
11 Olly Murs Feat. Rizzle Kicks – Heart Skips A Beat 03:24
12 Christina Perri – Christina_Perri_-_Jar_Of_Hearts 04:08
13 Ed Sheeran – The A Team 04:22
14 Pixie Lott – All About Tonight 03:07
15 David Guetta – Without You 03:28
16 Nicki Minaj Feat. Rihanna – Fly 03:33
17 Delilah – Go 03:33
18 Calvin Harris – Feel So Close 03:28
19 Bruno Mars – Marry You 03:48
20 Charlene Soraia – Wherever You Will Go 03:17
21 Rihanna – Cheers 05:04
22 The Saturdays – All Fired Up 03:14
23 Will Young – Jealousy 03:19
24 Lady Gaga – Yoⁿ and I 05:07
25 Marina and The Diamonds – Radioactive 06:01
26 Adele – Set Fire To The Rain 04:02
27 Florence and The Machine – Shake It Out 05:35
28 Emeli Sande – Heaven 04:12
29 Example – Stay Awake 03:27
30 Rizzle Kicks – Rizzle_Kicks_-_Down_With_The_Trompets 03:20
31 Adele – Someone Like You 04:48
32 Ed Sheeran – You Need Me I Dont Need You 03:40
33 Lady Gaga – The Edge Of Glory 04:20
34 Sean Kingston – Party All Night (Sleep All Day) 03:43
35 Wretch 32 Feat. Josh Kumra – Dont Go 04:00
36 Nicole Scherzinger – Wet 03:37
37 The Wanted – Glad You Came 03:02
38 Beyonce – Best Thing I Never Had 04:14
39 Jessie J – Whos Laughing Now 03:55
40 Leona Lewis & Avicii – Collide 04:02

Microsoft FUSE Labs Sub-domain defaced by Hmei7

Hacker named "Hmei7" defaced the official sud-domain of Microsoft FUSE Labs (http://fuse.microsoft.com/) as shown above. He wrote a taunt on the home page with signature "are you microsoft?? , hackedby Hmei7". Mirror of hack at Zone-H is here.

Android malware - Works on remote commands form encrypted blog

Researchers from Trend Micro have spotted a piece of malicious software for Android. This is the first known Android malware that reads blog posts and interprets these as commands. It can also download and install additional applications, therefore further compromising the affected device.

Trend Micro calls the malware "ANDROIDOS_ANSERVER.A." If the application is installed, it asks for a variety of permissions. If those are granted, it can then make calls, read log files, write and receive SMSes and access the Internet and network settings, among other functions. This backdoor may be unknowingly downloaded by a user while visiting malicious websites. It may be manually installed by a user.

"This is a blog site with encrypted content, which based on our research, is the first time Android malware implemented this kind of technique to communicate," wrote Karl Dominguez, a Trend Micro threat response engineer.

We recommend that users should be cautious when downloading Android applications from third party application stores due to the number of rogue applications that have been found.

Optima DDOS 10a Botnet leaked on Underground Forums

On underground forums "Optima DDOS 10a Botnet" full version posted for all to download and use. Complete new version of the acclaimed DDoS bot Optima Darkness. In this new version 10a according to the author was raised in secrecy bot system and optimized grabber passwords. It cost about $ 600 worth.
Features a bot:

• DDoS attacks of three types - http flood, icmp-flood, syn-flood.
• Theft of stored passwords from some applications installed on the victim's system, details below.
• Opening on the infected system proxy Socks5.
• The possibility of cheating various counters on the websites (http-access the sites).
• Hidden download and run the specified file to the affected systems.
• Installed in the system as a service
• Weight bot - 95.5 kb, written in Delphi.

At the moment the following antivirus detected:

[Source]

VA-NRJ_200_Percent_Hits_2011_Vol.2-2CD-2011

Part1    Part2     Part3   

CD1

01 Elle Me Dit - Mika
02 Last Friday Night (T.G.I.F.) - Katy Perry
03 Where Them Girls At - David Guetta
04 French Cancan - Inna MODJA
05 Funk You - Dj Abdel, Mister You, Francisco
06 I Wanna Go - Britney Spears
07 If I Ever Feel Better - Julian Perretta
08 J’Ai Fait Tout Ca Pour Vous - Melissa Nkonda, Vv Brown
09 Trust You Again (Radio Edit) - Muttonheads
10 1 Million - Alexandra Stan
11 Opera Sublima (Edit Radio - 2 French Guys Remix) - Matt Kukes
12 Like I Love You (Video Edit) - R.I.O.
13 Shimmy Shake (Radio Edit) - Laurent Pepper
14 Danza Kuduro (Version MTO) - Lucenzo
15 (It Is) Blasphemy? - Junior Caldera
16 24 000 Baci - Aylin Prandi
17 Distress (Sending Out An SOS) - BIG ALI
18 Welcome To St. Tropez (DJ Antoine vs Mad Mark Radio Edit) - Dj Antoine, Timati, Kalenna
19 Il Nous Faut (VF) - Elisa Tovati, Tom Dice

CD 2
01 The Edge Of Glory - Lady GaGa
02 Dis-Moi Oui - Colonel Reyel
03 Man Down - Rihanna
04 Every Teardrop Is A Waterfall - Coldplay
05 Party Rock Anthem - LMFAO
06 Un Momento (Play & Win Radio Version) - Inna
07 Louder - DJ Fresh
08 Prince Charmant - Keen' V
09 Salsa Latine Tropicale - Isis Figaro
10 I'm Alright - Jean-Roch
11 Autour De Toi - Slaï
12 The Way We Are - Remady
13 Là Où Je Vais - Judith
14 Top Of The World - The Cataracs
15 Save The World - Swedish House Mafia
16 Tout Tout Tout - Gary Fico
17 La Danse Des Magiciens - Magic System
18 Loca People - Sak Noel 03:37
19 Don’t Stop The Party - The Black Eyed Peas

VA--Pacha_Ibiza_Summertime_Feelings-DVD-2011

 Part1     Part2

01-va--ibiza_summertime_feelings-oma.mp302-dennis_ferrer--hey_hey-oma.mp303-goldfish--live_set-oma.mp304-elvis_presley_vs_spanko--blue_moon_of_kentucky-oma.mp305-elvis_presley_vs_spankox--lets_play_house-oma.mp306-mephisto--the_beat_of_the_bee-oma.mp307-umek--carbon_occasions_(ft._andja)-oma.mp308-richard_grey--warped_bass-oma.mp309-goldfish--this_is_how_it_goes-oma.mp310-mark_brown--the_journey_continues_(feat._sarah_cracknell)-oma.mp311-sugiurumn--travelling-oma.mp312-shakira_vs_pacha_all_star_remix_team--las_de_la_intuicion-oma.mp313-goldfish--sountracks_and_comebacks-oma.mp314-d.o.n.s._and_dbn--the_nighttrain_(feat._kadoc)-oma.mp315-sander_van_doorn_vs_robbie_williams--close_my_eyes-oma.mp316-deepside_deejays--beautiful_days-oma.mp317-dks--thats_jazz-oma.mp318-goldfish--cruising_through-oma.mp3

Top DDoS attacks of 2011

There has been an increase in newer, intelligent application-layer DDoS attacks that are extremely difficult to identify “in the cloud,” and often go undetected until it is too late, according to Corero Network Security.

We're also witnessing an uptick in attacks against corporations by hacktivists DDoS-ing sites for political and ideological motives, rather than financial gain. Attacks against Mastercard, Visa, Sony, PayPal and the CIA top the list.



“The cat-and-mouse game between IT administrators, criminals and hacktivists has intensified in 2011 as the number of application-layer DDoS attacks has exploded. Coupled with an increase in political and ideological hacktivism, companies have to be extremely diligent in identifying and combating attempts to disable their websites, steal proprietary information and to deface their web applications,” said Mike Paquette, chief strategy officer, Corero Network Security.

1. Anonymous DDoS attacks on WikiLeaks “censors” Visa, MasterCard and PayPal
The most significant DDoS attack so far this year, the WikiLeaks-related DDoS attacks on Visa, MasterCard and PayPal were both Anonymous’ “coming out” party, and the first widespread example of what has been dubbed “cyber rioting” on the Internet, with virtual passersby joining in the attack voluntarily.

2. Sony PlayStation Network DDoS
A shocking wake-up call for many gamers, customers and investors, the Sony Playstation Network DDoS attack began a series of cyber attacks and data breaches that damaged Sony financially and hurt its reputation.

3. CIA and SOCA hit by LulzSec DDoS attacks
The appearance of LulzSec on the cyber attack scene, highlighted by bold DDoS attacks on the CIA and the U.K. Serious Organised Crime Agency (SOCA), made us wonder if anyone was safe on the Internet.

4. WordPress DDoS
A massive DDoS attack disrupted one of the world’s largest blog hosts–some 18 million websites. The huge attack hit the company’s data centers with tens of millions of packets per second.

5. Hong Kong stock exchange
This DDoS attack had a major impact on the financial world, disrupting stock market trading in Hong Kong. This was a highly leveraged DDoS attack, potentially affecting hundreds of companies and individuals through a single target.

Corero’s recommendations for mitigating the effects of DDoS attacks:

1. Create a DDoS response plan

As with all incident response plans, advance preparation is key to rapid and effective action, avoiding an “all-hands-on-deck” scramble in the face of a DDoS attack. A DDoS response plan lists and describes the steps organizations should take if its IT infrastructure is subjected to a DDoS attack.

Increasingly, Corero is seeing that DDoS attacks against high-profile targets are intelligent, determined and persistent. This new breed of highly capable attackers will switch to different attack sources and alternative attack methods as each new attempt is countered or fails. It is therefore essential the DDoS response plan defines when and how additional mitigation resources are engaged and surveillance tightened.

2. On-premises DDoS defenses are imperative

Clean pipe Internet connections provided by ISPs offer a false sense of security. On-premises DDoS defense solutions installed immediately in front of application and database servers are required to provide a granular response to flooding type attacks, as well as to detect and deflect the increasingly frequent application-layer DDoS attacks. For optimal defense, on-premises DDoS protection solutions should be deployed in concert with automated monitoring services to rapidly identify and react to evasive, sustained attacks.

3. Protect Your DNS servers

DNS servers are often targeted by DDoS attacks. If the attacker can disrupt DNS operations, all of the victims’ services may disappear from the Internet, causing the desired Denial of Service effect.

4. Know your real customers

A brute-force or flooding type of DDoS attack is relatively easy to identify, though it requires high performance and sophisticated real-time analysis to recognize and block attack traffic while simultaneously allowing legitimate traffic to pass.

Detection of the more insidious application layer attacks requires a thorough understanding of the typical behaviors and actions of bona fide customers or employees accessing the applications being protected. In much the same way that credit card fraud detection may be automated, on-premises DDoS defense systems establish legitimate usage profiles in order to identify suspicious traffic and respond accordingly.

5. Maintain continuous vigilance

DDoS attacks are becoming increasingly smart and stealth in their methods. Waiting for an application to become unresponsive before taking action is already too late.

For optimal defense, a DDoS early warning system should be part of a company’s solution. Continuous and automated monitoring is required in order to recognize an attack, sound the alarm and initiate the response plan.

MagicTree: Data management for penetration testers

Have you ever spent ages trying to find the results of a particular portscan you were sure you did? Or grepping through a bunch of files looking for data for a particular host or service? Or copy-pasting bits of output from a bunch of typescripts into a report?


MagicTree does such mind-numbing stuff for you, while you spend your time hacking.

MagicTree is a penetration testing productivity tool. It is designed to allow easy and straightforward data consolidation, querying, external command execution and report generation. "Tree" is because all the data is stored in a tree structure, and "Magic" is because it is designed to magically do the most cumbersome and boring part of penetration testing - data management and reporting.

Version 1.0 includes a lot of bug fixes and a number of new features, such as:

• Support for Acunetix data import
• Support for W3AF data import
• Support for OpenVAS 4 XML format
• Importing data from flat text files
• Simplified manual creation of ports
• Copy/paste and drag and drop support for tree nodes, table view data, queries and tasks
• mt:sort() custom XPath function for sorting data, such as findings, in TableView and reports
• More sophisticated auto-creation of tree nodes. We now support netblocks in various formats (192.168.1.1/24, 192.168.1.0-192.168.1.255, 192.168.1.0/255.255.255.0), DNS names, IP addresses and URLs.
• Search in output files panel
• Creating cross-references by drag and drop
• Better support for KDE and XFCE desktop environments on Linux. View in Browser and opening reports now works on both.

REMnux: A Linux Distribution for Reverse-Engineering Malware

REMnux is a lightweight Linux distribution for assisting malware analysts in reverse-engineering malicious software. The distribution is based on Ubuntu and is maintained by Lenny Zeltser.

REMnux is designed for running services that are useful to emulate within an isolated laboratory environment when performing behavioral malware analysis. As part of this process, the analyst typically infects another laboratory system with the malware sample and directs potentially-malicious connections to the REMnux system that's listening on the appropriate ports.
REMnux is also useful for analyzing web-based malware, such as malicious JavaScript, Java programs, and Flash files. It also has tools for analyzing malicious documents, such as Microsoft Office and Adobe PDF files, and utilities for reversing malware through memory forensics. In these cases, malware may be loaded onto REMnux and analyzed directly on the REMnux system without requiring other systems to be present in the lab.
Downloading REMnux

• VMware virtual appliance archive
• ISO image of a Live CD

GPU cracks 6 character password in 4 seconds

                         
An nVidia GeForce GT220 graphics card, which costs about £30, is capable of cracking strong passwords in a matter of hours. Security experts were able to crack a  6 character password in 4 seconds, a 7 character password in less than 5 minutes, and 8 character password in four hours.
"People have worked out that the processing power of graphics cards, due to the architecture of the chips, is more powerful than a normal processor for doing certain tasks," said Neil Lathwood, IT director at UKFast.

VA-Armada_Amsterdam_Dance_Event_Tunes_2011-(ARDI2397)-WEB-2011

Part1     Part2     Part3     Part4

01. Triple A – Winter Stayed (Armin Van Buuren On The Beach Mix) (09:05)
02. Andy Moor ft Sue McLaren – Fight The Fire (Norin & Rad Remix) (07:37)
03. Paul Oakenfold – Full Moon Party (Original) (07:53)
04. Roger Shah & Sian Kosheen – Hide U (Pumpin’ Island Mix) (06:02)
05. Matisse & Sadko – Svenska (Original) (06:22)
06. John Dahlback & Henrik B – Senses (Original) (07:47)
07. Orjan Nilsen – Between The Rays (Original) (06:47)
08. Eddie Middle-Line – Madrugada (Original) (06:57)
09. Dash Berlin ft Jonathan Mendelsohn – Better Half Of Me (Club Mix) (08:57)
10. DubVision – The Arena (Original) (06:54)
11. Tom Fall & Jwaydan – Untouchable (Original) (06:57)
12. Shogun – Skyfire (Original) (08:27)
13. Da Hool – No Love Anymore (Hoolnagee Mix) (05:35)
14. Space RockerZ & Tania Zygar – Puzzle Piece (Original) (08:00)
15. Ralphie B – Bullfrog (Original) (09:00)
16. Max Graham – FYC (Original) (05:52)
17. Protoculture ft Shannon Hurley – Sun Gone Down (07:58)
18. Mike Shiver vs Matias Lehtola – Slacker (Original) (06:41)
19. Josh Gabriel Presents Winter Kills – Hot As Hades (Original) (08:21)
20. Alex Sayz ft Nadia Ali – Free To Go (Alex Lamb Remix) (06:37)

35 and Ticking 2011 BDRip XviD

 

Plot: Centers around the lives of Victoria, Zenobia , Clevon, and Phil — all friends approaching the age of 35 and struggling to build the families they’ve always dreamed of. While Zenobia (Parker, “Soul Food,” “Brown Sugar”) is still looking for a man, Victoria (Jones, “Castle,” “One on One”) is married to a man who doesn’t want children. Clevon (comic Hart, “Not Easily Broken,” “40 Year-Old Virgin”), meanwhile, is too geeky to get a woman, and Phil (Keith Robinson, “Dreamgirls”) is already married with children, but his wife is not very interested in being a mother. All four of them try to rectify their romantic lives and futures while their biological clocks tick away.

Part1     Part2     Part3

Facebook content restrictions bypass Vulnerability

Blackhat Academy claims to have found a way to bypass content restrictions on links, as posted on their site and posts put on a user's public wall. Even Security Analysts claim that Facebook was
notified of these vulnerabilities on July 31st, 2011. To date (October 4, 2011), Facebook has yet to do anything about this.

Facebook has only recently purchased Websense to attempt to push this vulnerability under the rug, however the exploit still works.To access Facebook's FQL API, Facebook was even so kind as to give a reference of tables and columns in the documentation for FQL. FQL does not allow the use of JOINS, however it is not needed as everything is thoroughly documented. Attackers can misuse this during the creation of a malicious Facebook application or directly on the FQL development api page for information gathering.
#!/usr/bin/perl
use warnings;
use XML::Simple;
use LW2;
use Getopt::Std;
my %opts;
getopts('q:',\%opts);
my $query = $opts{q} if defined $opts{q};
$query = "SELECT pic_big FROM user WHERE uid=6666666" unless defined $opts{q};
my $ref = fqlQuery($query);
foreach my $parent (sort keys %{$ref}) {
if (%{$ref->{$parent}}) {
print "$parent: \n";
foreach my $key (sort keys %{$ref->{$parent}}) {
if (%{$ref->{$parent}->{$key}}) {
print "\t$key : \n";
foreach my $mojo (sort keys %{$ref->{$parent}->{$key}}) {
print "\t\t$mojo : ";
print $ref->{$parent}->{$key}->{$mojo};
print "\n";
}
} else { print "\t$key : ";
print $ref->{$parent}->{$key};
print "\n";
}
}
} else {
print "$parent : " . $ref->{$parent} . "\n";
}
}
sub fqlQuery {
my $q = shift;
$q =~ s/ /%20/g;
my $link = "http://api.facebook.com/method/fql.query?query=$q";
my $text = download($link,"api.facebook.com");
my $ref = XMLin($text);
return($ref);
}
sub download
{
my $uri = shift;
my $try = 5;
my $host = shift;
my %request;
my %response;
LW2::http_init_request(\%request);
$request{'whisker'}->{'method'} = "GET";
$request{'whisker'}->{'host'} = $host;
$request{'whisker'}->{'uri'} = $uri;
$request{'whisker'}->{'encode_anti_ids'} = 9;
$request{'whisker'}->{'user-agent'} = "";
LW2::http_fixup_request(\%request);
if(LW2::http_do_request(\%request, \%response)) {
if($try < 5) { print "Failed to fetch $uri on try $try. Retrying...\n"; return undef if(!download($uri, $try++)); } print "Failed to fetch $uri.\n"; return undef; } else { return ($response{'whisker'}->{'data'}, $response{'whisker'}->{'data'});
}
}
While most major sites that allow link submission are vulnerable to this method, sites including Websense, Google+, and Facebook make the requests easily identifiable. These sites send an initial request to the link in order to store a mirror thumbnail of the image, or a snapshot of the website being linked. In doing so, many use a custom user agent, or have IP addresses that resolve to a consistent domain name. Facebook IP addresses resolve to tfbnw.net, also set a custom user agent of "facebookexternalhit".Google+ (also notified Jul. 31st and guilty of reasonable care) again follows suit and utilizes "Feedfetcher-Google" as their user agent. Knowing this, we can easily filter out requests coming from these websites, and offer up a legitimate image to be displayed on their site, while redirecting or displaying a completely different page to anyone that follows the links. Facebook's recent partnership with Websense is laughable, due to Websense's "ACE" security scanner that is just as easily identified, by using gethostbyaddr in order to resolve the IP back to websense.com. Utilizing this technique would allow an overwhelming number of malware sites to remain undetected to their automatic site analysis. Other places like digg.com either spoof a user agent to look like normal traffic, or forward the client's user agent, which makes it more difficult to catch every one of their requests. Fortunately, digg.com only requests the link once, prior to submitting the link to the world. This allows attackers to serve up a legitimate image until that initial request clears our server, and then replace it with a less than honest file. We have affectionately named this vulnerability class Cross-Site Content Forgery.Proof of Concept can be seen here.
Submitted By : Blackhat Academy

VA-100 Ibiza Anthems 3CD 2011

Part1       Part2      Part3     Part4      Part5

1/60. Soul Central Feat. Kathy Brown - Strings of Life (Stronger on My Own) (04:02)
2/60. Bob Sinclar Feat. Gary Nesta Pine - Love Generation (02:56)
3/60. Booty Luv - Some Kinda Rush (03:29)
4/60. Freemasons - Nothing But A Heartache (04:17)
5/60. Armand Van Helden Feat. Tara Mcdonald - My My My (04:24)
6/60. Todd Terry Project - Weekend (03:31)
7/60. Stonebridge Feat. Therese - Put 'em High (05:20)
8/60. Studio B - I See Girls (Crazy) [tom Neville Radio Edit] (03:00)
9/60. Blaze Feat. Barbara Tucker - Most Precious Love (04:15)
10/60. ATFC Feat. Lisa Millett - Bad Habit (04:37)
11/60. Utah Saints - Something Good '08 (02:36)
12/60. Disco Freaks Feat. Rob Li - Take Me 2 the Sun [freemasons Remix] (04:37)
13/60. Solu Music Feat. Kimblee - Fade (04:41)
14/60. Mighty Dub Katz - Magic Carpet Ride (05:19)
15/60. Fury Feat. Lucy Clarke - Taking Me Over (04:04)
16/60. G Club Presents Banda Sonora - Guitarra G (03:13)
17/60. Outsiders Feat. Amanda Wilson - Keep this Fire Burning [freemasons Edit] (03:25)
18/60. Dirty Old Ann - Turn Me on (04:21)
19/60. The Japanese Popstars - BCTT (03:58)
20/60. Gusgus - Moss (03:01)
21/60. Deepest Blue - Deepest Blue (04:03)
22/60. Mr V. Feat Miss Patty - Da Bump (04:51)
23/60. Bart B More Vs Oliver Twizt - Finally (04:50)
24/60. Armand Van Helden Feat. Fat Joe & BL - Touch Your Toes (04:16)
25/60. The Japanese Popstars - Facemelter (03:58)
26/60. D. Ramirez Feat. TC - With Me or Against Me- (04:51)
27/60. Midfield General Feat. Vila - Disco Sirens (04:18)
28/60. Axwell - Feel the Vibe (Til the Morning Comes) (03:32)
29/60. Artificial Funk - Together [roger Sanchez Mix] (04:33)
30/60. Raven Maize - The Real Life (04:02)
31/60. D.O.N.S Feat. Technotronic - Pump Up the Jam (02:40)
32/60. Spoon, Harris & Obernik - Baditude (04:07)
33/60. Mike Greig - Moonbin [michael Paterson & Warner Powers Remix] (03:22)
34/60. Junior Jack - E Samba (03:50)
35/60. Sirenna - Losers [coin Operated Boy Remix] (03:43)
36/60. Luke Walker - Find Your Way (03:20)
37/60. Kurve Feat. Little La - Say Oh [kinky Mix] (04:10)
38/60. Benjamin Leung, Carl Anian & Sam Fitch Feat. Sarah Jane - You and Me [ste Hayley Remix] (04:08)
39/60. Ron Carroll - Walking Down the Street (03:46)
40/60. Rudenko - Everybody (02:46)
41/60. Bob Sinclar - I Feel for You (04:05)
42/60. Lil Devious - Come Home (03:45)
43/60. Paul Johnson - Get Get Down (02:59)
44/60. Jungle Brothers - I'll House You (04:06)
45/60. Marshall Jefferson - Move Your Body (the House Music Anthem) (03:54)
46/60. X-Press 2 - Muzik Xpress (04:25)
47/60. Mobin Master Feat. Robin S - Show Me Love (03:10)
48/60. Mark Knight & Funkagenda - Man with the Red Face (04:40)
49/60. Hoxton Whores - Friday Saturday Love (04:21)
50/60. WOSP - Getting into You (03:36)
51/60. Wez Clarke - Someday (03:14)
52/60. Sandy Rivera - Changes (04:20)
53/60. X-Press 2 - Now I'm on it (03:42)
54/60. Mr Fingers - Can You Feel it (04:05)
55/60. The Nightwriters - Let the Music Use You (04:22)
56/60. Paris Avenue Feat. Robin One - I Want You (02:47)
57/60. Punx - The Rock (02:45)
58/60. Jon Fitz Vs Da Guy Feat. Catherine Cassidy - Ready to Drop (04:01)
59/60. Andy King - Summer of 77 (05:00)
60/60. Rialto Burns - Fortheasking [tom Maddicott's Freakshow Remix] (05:41)