The Hacker News Logo
Subscribe to Newsletter
CrowdSec

The Hacker News - Cybersecurity News and Analysis: ip address

Critical 'Port Fail' Vulnerability Reveals Real IP Addresses of VPN Users

Critical 'Port Fail' Vulnerability Reveals Real IP Addresses of VPN Users

November 27, 2015Mohit Kumar
A newly discovered flaw affecting all VPN protocols and operating systems has the capability to reveal the real IP-addresses of users' computers, including BitTorrent users, with relative ease. The vulnerability, dubbed Port Fail by VPN provider Perfect Privacy (PP) who discovered the issue, is a simple port forwarding trick and affects those services that: Allow port forwarding Have no protection against this specific attack Port Forwarding trick means if an attacker uses the same VPN ( Virtual Private Network ) as the victim, then the real IP-address of the victim can be exposed by forwarding Internet traffic to a specific port. "The crucial issue here is that a VPN user connecting to his own VPN server will use his default route with his real IP address, as this is required for the VPN connection to work," Perfect Privacy wrote in a blog post on Thursday. Also Read:  This Secure Operating System Can Protect You Even if You Get Hacked . Port Fail
North America Runs Out of IPv4 Addresses

North America Runs Out of IPv4 Addresses

July 03, 2015Mohit Kumar
The Internet is running out of IPv4 (Internet Protocol version 4) addresses — a computer's unique address on the Internet. It's just become harder to get IPv4 addresses. IPv4 Exhaustion Gets Real. Is this the end of IPv4 addresses? Finally, North America ran out of iPv4 addresses and officially exhausted its supply of IPv4 addresses, joining Asia, Europe, and Latin America. The American Registry for Internet Numbers (ARIN), which is responsible for handing out Internet addresses, has warned that it is unable to fulfil a request for the allocation of large blocks of IPv4 addresses due to IPv4 Exhaustion of available address pool. On Wednesday, ARIN activated an " IPv4 Unmet Requests Policy " for the first time and placed a waitlist for companies that request blocks of IP addresses for their services. According to the ARIN, ISPs are left with only three choices: They can either accept a smaller block (limited to 512 and 256 addresses) They can jo
Malicious Russian Tor Exit Relays Intercepting encrypted Traffic of Facebook Users

Malicious Russian Tor Exit Relays Intercepting encrypted Traffic of Facebook Users

January 23, 2014Mohit Kumar
Tor is one of the best and freely available privacy software that lets people communicate anonymously online through a series of nodes that is designed to provide anonymity for users and bypass Internet censorship. When you use the Tor software, your IP address remains hidden and it appears that your connection is coming from the IP address of a Tor exit relay or nodes , which can be anywhere in the world. An exit relay is the final relay that Tor traffic passes through before it reaches its destination. According to a recent report ' Spoiled Onions: Exposing Malicious Tor Exit Relays ', published by security researchers Phillip Winter and Stefan Lindskog revealed that almost 20 exit relays in the Tor anonymity network that attempted to spy on users' encrypted traffic using man-in-the-middle techniques. Both Researchers spent more than four months studying on the Tor exit nodes using their own scanning software called " exitmap " and detected su
Github accounts compromised in massive Brute-Force attack using 40,000 IP addresses

Github accounts compromised in massive Brute-Force attack using 40,000 IP addresses

November 21, 2013Wang Wei
Popular source code repository service GitHub has recently been hit by a massive Password Brute-Force attack that successfully compromised some accounts,  GitHub has urged users to set up two-factor authentication for their accounts and has already reset passwords for compromised accounts. " We sent an email to users with compromised accounts letting them know what to do ," " Their passwords have been reset and personal access tokens, OAuth authorizations, and SSH keys have all been revoked. "  However, GitHub uses the  bcrypt  algorithm to hash the passwords , which is extremely resilient against brute force attacks because it takes an inordinate amount of time to encrypt each password. In a blog post , GitHub engineer Shawn Davenport said that a brute force attack from around 40,000 IP addresses revealed some commonly used passwords . These addresses were used to slowly brute force weak passwords. In addition to normal strength requirements like length or cha
Your TV now watching you too! LG Smart TV caught collecting owners' Habits and USB file names

Your TV now watching you too! LG Smart TV caught collecting owners' Habits and USB file names

November 20, 2013Wang Wei
Now your TV is also watching you, and is smart enough to spy on you. A UK blogger, developer and Linux enthusiast, known only as  DoctorBeet  has discovered that LG's smart TVs are sending personal information back to the company's servers about what channels you watch and viewing habits. Actually, LG conducts the data collection for its Smart Ad function, which advertisers can use to see when it is best to target their products at the most suitable audience. LG Smart Ad analyses users favorite programs, online behavior, search keywords and other information to offer relevant ads to target audiences. For example, LG Smart Ad can feature sharp suits to men, or alluring cosmetics and fragrances for women. After inspecting the outgoing traffic from his smart TV, DoctorBeet noticed that a unique device ID, along with the TV channel name was being transmitted each time he changed channels. His investigation also indicated that the TVs uploaded information about th
NSA using Browser Cookies to track Tor Users

NSA using Browser Cookies to track Tor Users

October 05, 2013Mohit Kumar
Yesterday a new classified NSA document was leaked by Edward Snowden - titled ' Tor Stinks ' in which ideas were being kicked around for identifying Tor users or degrading the user experience to dissuade people from using the Tor browser. The NSA had a very hard time while tracking down all Tor  users and monitoring their traffic, especially since Tor servers are all over the world, but they make tracking easier by adopting  the following techniques: By running their own hostile Tor nodes Using zero-day vulnerability of Firefox browser By tracking user' browser Cookies Tor access node tracking is not new and the Document says that both the NSA and GCHQ run Tor nodes themselves. In order to trace traffic back to a particular Tor user the NSA needs to know the ' entry, relay and exit ' nodes in the anonymizer cloud between the user and the destination website. So for tracking purpose they used self-hosted nodes, that is able to trace a very small number of To
FBI Used Firefox Exploit to Shutdown Illegal Site Running on Tor Network

FBI Used Firefox Exploit to Shutdown Illegal Site Running on Tor Network

August 05, 2013Mohit Kumar
TOR is the dark side of the Internet, the so-called dark web, which provides a safe haven to privacy advocates but is also where drugs, assassins for hire and other weird and illegal activities can allegedly be traded. A claimed zero-day vulnerability in Firefox 17 was used by the FBI to identify some users of the privacy-protecting Tor anonymity network. The FBI did not compromise the TOR network itself and The complex multi-layers of encryption still stand. Instead the FBI compromised the TOR browser only using a zero-day JavaScript exploit and used this to implant a cookie which fingerprinted users through a specific external server. Eric Eoin Marques , 28 year-old man in Ireland believed to be behind Freedom Hosting , the biggest service provider for sites on the encrypted Tor network , is awaiting extradition on p*rno charges. It is understood the FBI had spent a year trying to locate Mr Marques. Marques was arrested on a Maryland warrant that includes charges
FBI sponsored Ragebooter DDoS attack service

FBI sponsored Ragebooter DDoS attack service

May 21, 2013Mohit Kumar
A website that can be described as " DDoS for hire " is perfectly legitimate, according to the owner. Malicious sites that offer attack services are not strangers on the Internet, but web sites sponsored by law enforcement is another story altogether. Ragebooter, is one of many sites that accepts payment through PayPal in order to flood sites with junk traffic, overloading servers and denying others access. The service uses a technique called DNS reflection to flood a website and amplify the amount of traffic directed at an address. Unlike other existing sites that offer similar services, the Ragebooter have particularly interesting back door leading directly to the FBI. It seems that the Federal Investigation Bureau uses the site to monitor the activity of users on the network, and that added to the site IP Logger that keeps the IP addresses of all users coming to the site. Investigation shows the site operator is a guy named Justin Folland located in M
Mandiant revealed Chinese APT1 Cyber Espionage campaign

Mandiant revealed Chinese APT1 Cyber Espionage campaign

February 19, 2013Anonymous
Few weeks after the discovery of the sophisticated cyber espionage campaign against principal US media The Mandiant® Intelligence Center ™ released an shocking report that reveals an enterprise-scale computer espionage campaign dubbed APT1. The term APT1 is referred to one of the numerous cyber espionage campaign that stolen the major quantity of information all over the world. The evidences collected by the security experts link APT1 to China's 2nd Bureau of the People's Liberation Army (PLA) General Staff Department's (GSD) 3rd Department (Military Cover Designator 61398) but what is really impressive is that the operation have been started in the distant 2006 targeting 141 victims across multiple industries. During the attacks the attackers have took over APT1 malware families and has revealed by the report APT1′s modus operandi (tools, tactics, procedures) including a compilation of videos showing actual APT1 activity. The Mandiant has also identified more than
Google, Paypal, Facebook Internal IP disclosure vulnerability

Google, Paypal, Facebook Internal IP disclosure vulnerability

December 31, 2012Anonymous
Do you have any idea about an Internal IP Address or a Private IP Address that too assigned for Multinational Companies? Yeah, today we are gonna discuss about Internal IP or Private IP address Disclosure. Disclosure of an Internal IP like 192.168.*.* or 172.16.*.* , can really Impact ? Most security researchers call it as "bull shit" vulnerability. But when it comes to impact calculation even if the server is behind a firewall or NAT, an attacker can see internal IP of the remote host and this may be used to further attacks. Internet Giants like Facebook, Google, PayPal and Serious National Security organizations like FBI, Pentagon and NASA are taking initiatives for their Security Issues. At same, we at ' The Hacker News ' stand together for organizations that talk about national security in a serious way. I guess,its the time to understand about the flaws and its impacts where I would like to share my findings about our Internet Giants and Organiza
Hackers abusing online Nmap Port Scanning service

Hackers abusing online Nmap Port Scanning service

December 28, 2012Mohit Kumar
Most of you knows the power of Nmap, When used properly, Nmap helps protect your network from invaders. One of the best tool for hackers, penetration testers and Security  researchers. Officially Nmap a desktop tool, can be used as web version but should be under some limitations. When someone does Nmap scan against a target to find out the open ports, enumerating system details and installed services versions, most obvious if  used improperly, Nmap can get you sued, fired, expelled, jailed, or banned by your ISP for scanning a target under hacking attempt. Hacker can be tracked back via the IP address from where one perform the scanning, but what if a web version of Nmap available on a website, where one just need to enter the target IP/website address and that website will do a free scan against your target ? Seems easy and one can use Proxy to access that website and which will do a simple and fast scan for you ! Yes, a service called " ScanPlanner " (htt
Malware behind Microsoft Excel-based Sudoku generator

Malware behind Microsoft Excel-based Sudoku generator

December 20, 2012Mohit Kumar
Sudoku is one such game that I believe will benefit your brain, but now not for your system. Peter Szabo from SophosLabs have identified a piece of malware that resides behind a Microsoft Excel-based Sudoku generator. The Malware developed in Visual Basic requires macros, a scripting language that allows users to create equations based on values in different columns and rows. Microsoft disable macros by default , because in past macros were the weapon of choice for cyber criminals . But in order for the generator to work, the user must activate macros. Unfortunately, while the user is enjoying the Sudoku, the macro is installing malware in the targeted machine. Keyboard and mouse macros allow sequences of keystrokes and mouse actions to be transformed into shorter commands and also it can easily gathers system information by using the ipconfig, systeminfo like commands. Once the bug has collected a machine's IP address, running processes, installed applications
Bulgarian torrent tracker forum hacked and accused of collecting user IP

Bulgarian torrent tracker forum hacked and accused of collecting user IP

November 19, 2012Mohit Kumar
A Russian hacker going by name - " kOS " hack into the Bulgarian torrent tracker " Arenabg " website ( https://forum.arenabg.com/ ) and leak the complete database of their forum and accused of collecting IP of users like PirateBay. Hacker said, " Why I hack this tracker? Because they store IP information and NO tracker must do, not on any of their service - blog, forum, custom CMS or else. If ARENABG not fix mistake, I dump main tracker information with all IP/username/pass! " Leaked Database include data of 22675 Users with their name, email, encrypted password and IP address and other forum based information. This Torrent site provide links and tracers for downloading movies, music, games, serials, programs, pictures, mobile applications. Hacker upload the complete SQL database on File sharing site .
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.