SQL Injection Filter Evasion Part 1

In this tutorial I will explain you some of the basics of SQL Injection filter Evasion, This is the first part of the two of the articles I will post on SQL Injection filter evasion and bypassing,  In this post I am not gonna teach you Basics of SQL injection, I will assume that you already know them, because cmon every one talks about it, you will find tons and tons of posts on forums related to basics of SQL Injection, In this post I will talk about common methods of used by hackers and pentesters for evading IDS, IPS, WAF's such as Modsecurity, dotdefender etc.

Japan Under A Cyber Attack




It has been reported that corporate and National Security of Japan has been compromised by several cyber attacks and has left sensitive information exposed for about a month. It has been reported that a server located in China was used to hack into Japanese Lower House which resulted in information like email addresses and documents belonging to the chamber's 480 legislators being leaked. It is not clear yet whether passwords and user IDs were stolen too.

Latest Security Flaw in Skype Enables IP address & Location Tracking


Surprise surprise! There's a new flaw in the 'system' that tracks down the user's location through their IP address.

It has been reported that any skilled hacker can now find out the location of a user logged into their account. This gives us another reason to be 'extra careful' when using programs and softwares that help us communicate with our loved ones and a few not-so-loved!

The company, however, is trying to recover from the shock and claiming that the ability to derive IP addresses was common with all web based communication clients. They probably don't know how terrifying this can be for some people. A massive security and privacy breech, i mean, c'mon!!

Adrian Asher, Skype's chief information security officer, said:

Just as with typical Internet communications software, Skype users who are connected may be able to determine each other's IP addresses. Through research and development, we will continue to make advances in this area and improvements to our software.
The blind spot can be abused by many a proficient hacker and that too, on a massive scale. This was observed by the company when they demonstrated to millions of users how their location can be tracked.

We feel comfortable saying that we have gotten pretty used to third party apps and programmes misusing their privileges. But the information we provide is worth being taken notice of. We request our readers to think twice before doing anything that we ask you NOT TO DO.

'Play Mario Kart On Facebook' Scam

A new scam has hit Facebook and it now involves a very lovable gaming character, Mario. Yes, the same Mario that lingers in the background of our precious childhood memories.



Play Mario Kart on Facebook!
[LINK]
Play Mario Kart on Facebook with your Friends! Join the multiplayer mayhem NOW! Click here to play

Is Infolinks A Fraud? - Decide It For Yourself

Well, This post is a bit off the topic, but I really wanted to share my experience with so called intext advertising company called infolinks. Infolinks claims to be one of the best intext advertising companies and also promises to share the highest revenue possible then it's competitors, The following impressed me and I quickly signed up for a publisher account back 1.5 years back.
During first few months I enjoyed good amount of revenue and CPM with infolinks, but after few months the CPM showed a significant amount of drop, I wrote an email to infolinks related to this issue, Here is what they replied:

Microsoft YouTube Channel Hacked


Well here is a very shocking news for you all, Industry giant's microsoft channel were hacked this sunday morning according to mashable. All the official videos were removed from the youtube account, The channel had more than 24k subscribers. The channel description was changed to "The channel’s description reads, “I DID NOTHING WRONG I SIMPLY SIGNED INTO MY ACCOUNT THAT I MADE IN 2006 :/.”

I really cannot make any guess on how it was hacked, Whether the hacker keylogged the victim, Or did a phishing attack, or used any zero days.

Certifications

Certifications are really important if you want to prove your skills, Certification say that "I am a standard", If you meet the standard" You can get me, Apart from the proof of your skills. This section will talk about two type of certifications namely Ethical Hacking Certifications and Forensics.

<-------------Section Coming Soon------------------>

Hacking Facebook Accounts Through Facebook Applications [Report]


Facebook is one of the most popular social networking sites as a result of which it is the number 1 target of hackers, Facebook has implemented lots of security on the server side as a reason of which hackers attack clients instead of attacking the server, In simpler words, hackers don't attack Facebook itself but instead attack Facebook users, this is where attacks such as phishing, keylogging comes in to play.

Mass ASP.Net SQL Injection Infects Thousands Of Websites

Hackers have successfully infected about 180,000 websites based on Microsoft's ASP.Net platform with malware from jjghui.com/urchin.js. (SQL injection) which is similar to Lizamoon mass infection that spread terror among the masses a few months ago.

The attack, that started on the 9th of October, has been successful in affecting almost 1.5k sites, which have now been blacklisted, and about 80k+ pages on Google index have a JavaScript malware pointing to it, according to Google.

How To Spy A Mobile Phone? - CellPhone Spying Software


Have you ever wanted to spy on your spouse, kids, friends or employees? Or just play ''Secret Service'' 'cause you know, restraining order can only get you so close?! You certainly are in for a treat. Now, you can play make-belief all you want with a software that works just as well.

Facebook Hacking Course - Learn How Hackers Hack Facebook

After the sucess of my book "A Beginners Guide To Ethical Hacking" I am presenting you my next Product "Facebook Hacking Course", Facebook hacking Course is basically contains series of videos which will tell you exactly how hackers hack facebook accounts, What methods they use and how you can avoid falling for these kinds of attacks, You will watch my computer screen as I show you exactly how it's done, Each video contains a pre made lab so you can practice what you learned

Facebook Scammers Exploit Steve Jobs' Death



Ok people, it's time to start exploring your commonsense. People who think Apple is actually giving away FREE iPads, MacBook Pros and iPhones in the memory of Steve Jobs', please raise your hands. Congratulations, you've just been discovered as the schmuck of the century (no offense).

Massive Break In, Over 93,000 Sony User Accounts Broken In To



Sony has been dealing with many issues lately. First, PlayStation was jailbroken by GeoHotz and now, over 93,000 Sony user accounts have been broken in to in the last couple of days. Needless to say, this 'break in' has affected
Sony Entertainment Network, PlayStation Network (PSN) and Sony Online Entertainment service users.

Your PC Might Be Vulnerable To Security Threats



"The next time a website says to download new software to view a movie or fix a problem, think twice. There's a pretty good chance that the program is malicious," says Microsoft.

Obama Establishes New Security Rules For The White House

It wasn't a long time ago when Julian Assange managed to get a hold of several confidential and supposedly secure files from the Pentagon itself. Of course, he did it with the help of his accomplice, a low-ranking Army Intelligence Officer, Bradley Manning, who downloaded thousands of "untouchable" files from impenetrable networks and handed them over to the whistleblower site on a silver platter. Hence, raising questions and giving people something to talk about (God knows, how much we love a good rumor), through WikiLeaks.

Free Hotfile, Fileserve, Megaupload Premium Link Generator


All of us have, at one point or another, used major file hosting websites like Megaupload, Hotfile and Rapidshare. The sweetest part and the reason why we wait for hours on end to download our required files from these links is 'cause we don't have to cough up a dime while doing so. Buying them is a far worse idea as breaking rules is and always will be our kinda deal!

Cracking The WEP Key With Backtrack 5

As announced before we would be writing related to wifi attacks and security, This post is the second part of our series on wifi attacks and Security, In the first part we discussed about various terminologies related to wifi attacks and security and discussed couple of attacks. This post will also show you how one can easily crack WEP keys in no time.
 
Rafay Baloch is an Independent security researcher, Internet marketer, Entrepreneur and a SEO consultant, He is the founder of RHA blog and multiple other blogs. Rafay got famous after finding a Remote Code Execution bug inside PayPal for which PayPal awarded him a sum of 10,000$ Read More..

Join In!

RHA © 2013. All Rights Reserved.