UAE HACKERS.COM

Unicode on IIS Vulnerability...Again!

2009-05-19T21:50:00.005+04:00

Yup, you read it right.... Microsoft has a new vulnerability in IIS 6.0 which is more specifically: WebDav Unicode Remote Auth Bypass.

This means that an attacker can send malformed requests to the web server via the URL of a browser and be able to bypass passwords to download and list files on the webserver's protected folders.

Simple and easy way to hack IIS! Here are the details and links:

http://www.cgisecurity.com/2009/05/iis60-webdav-unicode-remote-auth-bypass.html

http://blog.zoller.lu/2009/05/iis-6-webdac-auth-bypass-and-data.html

http://www.theregister.co.uk/2009/05/18/iis6_file_pilfering_bug/

Happy Hacking :)

HACKER PAGES.COM

2009-05-14T08:59:00.005+04:00

We have secured the following domain name for UAE Hackers:

- HACKERPAGES.COM

If you are from UAE and you are interested in buying the domain name above, please let us know :) This domain will only be sold to people who will provide it with a good home!

Researchers hijack botnet, score 56,000 passwords in an hour

2009-05-06T19:01:00.001+04:00

Researchers at the University of California Santa Barbara have published a paper (PDF) detailing their findings after hijacking a botnet for ten days earlier this year. Among other things, the researchers were able to collect 70GB of data that the bots stole from users, including 56,000 passwords gathered within a single hour.

Read more here:
http://arstechnica.com/security/news/2009/05/researchers-hijack-botnet-score-56000-passwords-in-an-hour.ars

Open Source Hardware Hackers Start P2P Bank | Gadget Lab

2009-03-19T21:28:00.001+04:00

A Bank for open source hardware hackers... sounds good to me :) It is a do-it-yourself solution for people who want to design and build their own electronics like in the picture above.

For more info, visit:
Gadget Lab from Wired.com

MySecured.com is Blocked by Etisalat Proxy

2009-02-03T02:40:00.002+04:00

I just found out about this today by checking my logs and noticing that no one visited me from UAE! Strange but true...

Try it for yourself:
http://www.mysecured.com

Mod Ed iPhone.com - UAE Hackers' guide to everything iPhone

2008-12-28T23:33:00.003+04:00

modediphone.com is our new website :) Looks like UAEHackers.com but is dedicated to the iPhone and modding it! Arabic guides will be added soon inshallah :) For now, give the site a visit and give us some feedback! It has all your iPhone news, links and rss feeds in one convenient place.

iphone at uaehackers dawt com!

http://www.modediphone.com/

Dubai Hacker , Dubai Sec.com and UAE Hacker.com are now our Domains :)

2008-12-26T22:19:00.003+04:00

We have successfully acquired the following domains names:

- UAE Hackers .com
- UAE Hacker .com
- Dubai Hackers .com
- Dubai Hacker .com
- Dubai Con .com
- Dubai Sec .com
- UAE IT .com
- UAE WWW .com
- UAE GSM .com

We even have UAE RAK .com representing all the hackers from RAK (Ras Al Khaimah!)

Some of these domains already point to uaehackers.com while others are in the process of being ported :) DubaiHacker.com is an exception as it is a stand alone site that has nothing to do with security but rather the hacking involved is Life Hacking ;)

Thanks for all the loyal readers for supporting us so far and providing us with tips on stories and upcoming events in the UAE and the Middle East region :) Also, for supporting us by clicking our sponsors' ads.

If you are interested in buying any of the domains above, please let us know :) These domains are only sold to people who will provide them with a good home though :P

The Real iPhone Killer!

2008-12-24T12:58:00.000+04:00

Top 9 IT security threats for 2009

2008-12-13T23:07:00.000+04:00

Threat #1 Malicious Insiders (Rising Threat)

Threat #2 Malware (Steady Threat)

Threat #3 Exploited Vulnerabilities (Weakening Threat)

Threat #4 Social Engineering (Rising Threat)

Threat #5 Careless Employees (Rising Threat)

Threat #6 Reduced Budgets (Rising Threat)

Threat #7 Remote Workers & Road Warriors (Steady Threat)

Threat #8 Unstable 3rd Party Providers (Rising Threat)

Threat #9 Downloaded Software Including Open Source and P2P files (Steady Threat)

More details here:
Top 9 IT security threats for 2009

Google's Browser Security Handbook

2008-12-13T22:55:00.000+04:00

A comprehensive, 60-page document meant to provide web application developers and information security researchers with a one-stop reference to several hundred key security properties and sometimes counterintuitive quirks in contemporary web browsers:
To start reading the hand book, head to:
Browser Security Handbook landing page

Pirates of the Amazon - A taste of things to come?

2008-12-11T12:29:00.001+04:00

There is a new FireFox add-on that adds a "Download 4 Free" button to the Amazon.com website. This a new method for making content available to end users and continues the trend of making content available to consumers through ad supported websites and services rather than the consumers paying for the content.

These sites like Pirate Bay are ad supported. Similar ways of making content available through alternative channels to consumers include attacks on iTunes with dTunes and on the App Store with AppShare.

For more on this visit:
http://ipodtouched.net/index.php?p=1563

Another trend is media streaming of content on ad supported sites. Hulu.com and NinjaVideo.com are just two examples of sites that do exactly that. More sites can be found on ovguide.com.

We at uaehackers.com do not endorse any of these sites but rather we shed a light on their existence so our readers are not kept in the dark about such emerging trends :)

What is the Best Anti-Virus (AV)?

2008-12-07T17:59:00.002+04:00

We get asked this question all the time! If anyone knows that you are a nerd or that you have anything to do with IT or security, this is the question they are going to ask you first.

So how do you answer such a question? The short answer is simply: It depends!

The long answer is: It depends on what system you are running and a whole other factors such as the user's nerdiness level and many other factors.

If the person asking the question is a nerd, then the answer is easy: Check out the latest academic or industry papers on the subject:

Here is an industry paper on the subject:
http://arstechnica.com/journals/microsoft.ars/2008/12/04/av-comparatives-november-2008-report-only-nod32-worthy

Here is an academic paper on the subject:
http://scissec.scis.ecu.edu.au/conferences/viewabstract.php?id=70&cf=2

One thing to keep in mind is that you have to check AV software evaluations frequently. This is because what happens to be the best software today might not be the best in year or so. So you have to keep yourself up-to-date all the time.

(ISC)² SecureDubai Event - 4 December 2008

2008-11-12T22:22:00.000+04:00

Date: 4 December 2008
Venue: Etisalat Academy, P.O.Box 99100, Dubai, United Arab Emirates
Time: 9:00am - 6:00 pm

Please join (ISC)² at their first ever, Secure Dubai event. You can earn 8 CPEs at this event if you are an (ISC)² Member in good standing. The focus of this 1-Day programme will be Emerging Threats.

This 1-Day conference will shed light on the most recent SCADA security incidents, available standards and SCADA security best practices. Attendees will be given insight into the risks and vulnerabilities of IP-enabled ATM's as well as their supportive
infrastructure with a focus on security best practices, configuration and operation of ATM architecture. Sessions will engage in emerging threats in the UAE, their impact on businesses and the users, Web 2.0 security, Botnets and their effect on our Web activity and the best ways of protecting ourselves against this phenomenon.

Don't miss "Hacking the Human" and keynote session by Lance Spitzner, President and CEO, HONEYTECH.

Hear from top IT security industry experts such as Omar Sherin, Analyst, Critical Infrastructure Protection, Q-Cert, Tareque Choudhury, Head of BCSG Practice, MEA, BT Global Services, Dimitris Petropoulos, Managing Director, ENCODE. The conference is
chaired by the (ISC)2 EMEA Managing Director, John Colley.

Seating Is Limited!

Register now to reserve your seat or visit the (ISC)² Website for more detailed information about the conference:

SecureDubai Event Details

NOTE: This conference is complimentary for all (ISC)² members. A 10% discount is also offered for ISSA/ISACA/ALIG members and an additional 10% discount is offered to RSA Attendees.

The 50 Skills Every Geek Should Have - Gizmodo Australia

2008-11-09T21:47:00.001+04:00

1. Install a hard drive in a laptop
2. Perform a clean OS install on a machine with two OSes
3. Swap out the battery on your iPod/iPhone
4. Jailbreak an iPhone
5. Wire your house for Ethernet and Coax cable
6. Use BitTorrent and RSS to automatically download new shows from trackers
7. Use an A/V receiver to its fullest capability (every port is taken)
8. Calibrate an HDTV without the manual
9. Use a DSLR in full manual mode
10. Hack the encryption and mooch your neighbour's Wi-Fi
11. Solder cleanly enough to get around a circuit board
12. Use your 3G phone as a Wi-Fi access point
13. Shove the guts of a modern game console into a retro game console
14. Design a webpage in HTML by hand that features a picture of your cat
15. Use Photoshop to imperceptibly doctor a photo
16. Abstain from buying extended warranties
17. Know where to buy cheap cables and accessories
18. Fix your parents' computer over the phone without looking at a computer
19. Enter the Konami code
20. Comment on Gizmodo from your phone
21. Type quickly using T9 texting
22. Program a universal remote
23. Contribute code to the Linux kernel
24. Hide porn from your significant other
25. Avoid DRM on everything
26. Know how to back up your data to networked storage—and actually do it
27. Watch TV shows on the internet for free
28. Edit together digital video ripped from YouTube
29. Play any SNES game on your computer through an emulator
30. Reset expired trial software by messing with the registry
31. Hackintosh your PC
32. Download pre-release movies from Usenet
33. Hack the Wii to play homebrew games
34. Get around web content filters on public computers
35. Get into a Windows computer if you forgot your password
36. Securely erase your data so it can't be recovered
37. Share a printer between a Mac and a PC on a network
38. Build a fighting robot
39. Write your own Firefox plugins
40. Navigate and reorganise the files on your computer in DOS
41. Get something on the front page of Digg
42. Get through to executive customer service
43. Rip a CD to V0 quality MP3s
44. Rip a DVD to DivX
45. Build your own computer from parts
46. Swap out the hard drive in your DVR for a bigger one
47. Get an NES cartridge working again by blowing in it
48. Calibrate a 7.1 surround-sound system
49. Play downloaded games on a Nintendo DS
50. Talk about things that aren't tech related

For the source and more information, visit:

Gizmodo Australia

Gulfnews: UAE set to change domain name norm

2008-10-26T20:59:00.001+04:00

Gulfnews: UAE set to change domain name norm:

"'In [the] third quarter of 2009, we will start implementing the Arabic domain names,' Mohammad Al Zarouni, chief technology officer at the .ae Domain Administration of the Telecommunications Regulatory Authority (TRA) told Gulf News.
He added that the UAE 'will very likely be the first country' worldwide where a complete non-English domain name would be available.
Internet Corporation for Assigned Names and Numbers (ICANN), a worldwide organisation responsible for internet management worldwide, is finalising the process of assigning languages to countries, according to Al Zarouni.'In [the] third quarter of 2009, we will start implementing the Arabic domain names,' Mohammad Al Zarouni, chief technology officer at the .ae Domain Administration of the Telecommunications Regulatory Authority (TRA) told Gulf News.
He added that the UAE 'will very likely be the first country' worldwide where a complete non-English domain name would be available.
Internet Corporation for Assigned Names and Numbers (ICANN), a worldwide organisation responsible for internet management worldwide, is finalising the process of assigning languages to countries, according to Al Zarouni."

The American University in Dubai organizes the 11th ISSAF Conference | AUD

2008-10-26T20:55:00.000+04:00

The 11th Information Systems Security Assessment Framework (ISSAF) conference was held on Thursday, the 23rd of October, at The American University in Dubai (AUD) in the presence of the University's faculty and student bodies, along with prominent dignitaries and local and international company representatives from within the Information Technology sector.

For more information, please visit:
The American University in Dubai organizes the 11th ISSAF Conference | AUD

Or visit AUD at:
http://www.aud.edu/

VISIT GITEX TECHNOLOGY WEEK!

2008-10-20T11:59:00.000+04:00

Visit the official website below:
GITEX TECHNOLOGY WEEK

Can't make it? Then follow GITEX on Gulf News:
http://www.gulfnews.com/indepth/gitex2008/index.html

The Launch of aeCERT Operations

2008-10-20T11:54:00.000+04:00

aeCERT, shortly after gaining the official accreditation by the UAE Cabinet as the national Computer Emergency Response Team (CERT) under Direct number (89/5), has launched its operations on Monday 14th of July 2008. The launch was announced during a news conference that took place in Abu-Dhabi at the Emirates Palace Hotel.
Read more on this at the aeCERT Website:
http://www.aecert.ae/aecertoperations.html

You can visit the aeCERT stand in Gitex from October 19 - 23, 2008.

Get an iTunes Account Without a Credit Card

2008-10-14T23:33:00.000+04:00

Get an iTunes account username and password even if you are outside the Unied States, Canada, Australia and other iTunes countries! An iTunes account without a gift card or a credit card. Just follow the Step-by-step guide for getting an iTunes account for downloading Apple iPhone apps for free without needing a credit card. Nothing illegal here :)

Tech Wired Australia - An Australian Technology Blog and Podcast

This was yet again a reader request :) Thank you again :)

LayerOne 2008 - David Hulton - Intercepting GSM Mobile Phones and Cracking GSM encryption A5/1

2008-10-14T23:03:00.002+04:00

This talk is about GSM sniffing and GSM security. The presenter will explain the security, technology and protocols of a GSM network. He will also present a solution to build a GSM scanner for 900 USD. The second part of the talk reveals a practical solution to crack the GSM encryption A5/1. It is a long one! So take a break, make a trip to the fridge and come back to this :)

More on david and his company including information about the commercial product:
http://www.forbes.com/2008/02/21/cellular-spying-decryption-tech-security-cx_ag_0221cellular.html

Again, this was another request from one of our subscribers :) We do answer requests even if it takes a a while to do so! So, send us your suggestions, links, complaints, requests, questions, concerns, additions, corrections or any other input to:

contribute- at-uaehackers=.=com

FUN FACT:

David on his way this week to speak at the HITB Dubai conference about mobile phone security was stopped by British authorities at Heathrow Airport and questioned before being relieved of his Nokia phone, SIM card and USRP! Read more about it below:
http://blog.wired.com/27bstroke6/2008/04/gsm-researcher.html
More details here:
http://blog.thc.org/index.php?/archives/1-GSM-Researcher-stopped-at-Heathrow-Airport-by-UK-government-officials.html

How to hack through 23 (Telnet)

2008-10-14T22:26:00.003+04:00

This was a special request submitted to us via the email... So, enjoy

How to hack through telnet!! - Upload a Document to Scribd

Mobile phones can never be totally wiped clean of data

2008-10-13T19:15:00.000+04:00

An interesting news article about the work of BT (formerly British Telecom), Glamorgan University, Australia’s Edith Cowan University and Sim Lifecycle Services where researchers recovered data from handsets from mobile phone recycling companies:

Mobile phones can never be totally wiped clean of data

To get more information on the research at Edith Cowan University and its upcoming conferences please visit:

http://www.secau.org/

and

http://conferences.scis.ecu.edu.au/

December 2008 Security Conferences World Wide

2008-10-13T14:23:00.000+04:00

Here is a list on the security related conferences coming up this December (2008):
virtuallyinformed.com

العربية.نت" تحت قصف الهاكرز - Alarabiya.net Under Attack from Hackers

2008-10-10T22:02:00.001+04:00

تعرض موقع العربية.نت مساء الخميس 9-10-2008 لهجوم من قبل مجموعة من المخترقين (الهاكرز) منعوا الوصول إلى صفحته الرئيسية ووضعوا بدلا منها تحذيرا اعتبر أن عملية الاختراق تأتي في إطار هجوم شيعي على ما اعتبرته مواقع سنية ردا على عملية اختراق مواقع شيعية، وأعلنت إدارة الموقع التحول إلى الموقع الرديف بشكل مؤقت وهو www.alarabiya.tv.

وقال نص التحذير الذي تركه الهاكرز على الصفحة باللغتين العربية والإنجليزية "تحذير هام.. إن استمرت الاختراقات على المواقع الشيعية من بعد هذا فلن يسلم أي موقع من مواقعكم وشبكاتكم" كما حمل صورة لعلم إسرائيلي محترق، وأسفل التحذير أورد المخترقون قائمة بأكثر من 100 مواقع إسلامي سنية قالوا إنها تم اختراقها من بينها موقع الشيخ الراحل عبد العزيز بن باز رئيس هيئة كبار العلماء بالمملكة العربية السعودية، ووضعوا على رأس هذه القائمة موقع العربية.نت.

وبعد نحو ساعات من عملية الاختراق قام الهاكرز بتغيير الصفحة التي تحمل تحذيرا بصفحة أخرى تحمل صورة لفهد مرقط وفي أسفلها أسماء مستعارة لمخترقين دون أن تحمل أية رسالة تحذيرية ودون أن تحمل طابعا دينيا.

الصورة الثانية كما ظهرت بعد ساعات من اختراق الموقع

It appears that the website itself was not hacked but rather the attack targeted the name servers and diverted the domain name to the hacker's own servers. It is also worth mentioning that the page was defaced twice within a few hours as shown in the images above. For more information go to:

http://www.alarabiya.tv/articles/2008/10/10/57975.html

Attacking AJAX: Black Hat Presentation

2008-10-08T15:34:00.003+04:00

It is an old one but the idea still applies :P

http://www.isecpartners.com/files/iSEC-Attacking_AJAX_Applications.BH2006.pdf

For More on Ajax Hacking, go to:
http://xssworm.blogvis.com/category/ajax-hacking/