Mark Zuckerberg FB fan page hacked On 26/1/2011 (Shocked News)

 Yesterday

There are some clues left by the person who hacked Mark Zuckerberg's Facebook fan page on Wikipedia – but what do they add up to ? 

Who Will Trace the Guy ?

Facebook CEO Mark Zuckerberg Facebook chief Mark Zuckerberg's fan page was hacked.

Let's follow up some of the trail left in the Mark Zuckerberg Facebook fan page hacking incident.

The only – and best clue – is the link left by the hacker in the status update posted on Zuckerberg's wall, which reads "Let the hacking begin: if facebook needs money, instead of going to the banks, why doesn't Facebook let its user invest in Facebook in a social way? Why not transform Facebook into a 'social business' the way Nobel Price [sic] winner Muhammad Yunus described it? http://bit.ly/f26rT3 What do you think? #hackercup2011"

That contains a bit.ly link. Well, you can find out what the original URL is by adding a plus on the end, so: http://bit.ly/fs6rT3+ From which we can see that about 17,000 people clicked the link. Not bad (though we have to say that Julian Assange gets more clicks when he appears on the Guardian ... but we digress).

The original, shortened link was actually: http://en.wikipedia.org/wiki/Social_business?h=d044aeb71f4e466a552708fc6e3863ef&thanksforthecup=https://www.facebook.com/photo.php%3Fpid%3D393752%26id%3D133954286636768%26fbid%3D170535036312026

Let's begin with the second part of the long link – the part that starts "thanksforthecup": it's URL-encoded (so "%3D" actually stands for the character "=", "%26" for "&") and leads to a Facebook photo page for the Hacker Cup, a competition run by Facebook itself. So the hacker is saying he thinks he should get the cup. OK, we get it.

Now, back to the first part. If you just click the link, you'll be taken to Wikipedia's page about social business. But not the latest version – to a specific version in its edit history. That is, to http://en.wikipedia.org/wiki/Social_business?h=d044aeb71f4e466a552708fc6e3863ef – which is not the same, now, as http://en.wikipedia.org/wiki/Social_business. If you open them in two tabs, or just open the first in a tab and click on the "Article" link in the top left, you'll see it. Go back and forth a couple of times and you might spot the difference. Yes? No? Have a look at this difference page, then. (And look at how it was before that edit.)

Yup, the difference is the addition in the first sentence. Usually, that reads:

"A '''social business''' is a non-loss, non-dividend company designed to address a social objective"

. But in the edited (older) version that you get sent to, the phrase

" much like [http://www.romanstwelve.net www.romanstwelve.net]"

has been added. (The square brackets turn the text into a link going out to romanstwelve.net). And what does that site do? It offers "total web consulting" and is based in Pickerington, Ohio.

Crucially, as the picture shows, that edit was only on Wikipedia for two minutes on Tuesday 25 – between 19.17EST and 19.19EST – indicating that the hacker must have created the edit with the link and then deleted it straight afterwards, but kept the link to the version he had edited. Then he encoded the link for the photo and attached it to the Wikipedia link, and stuffed the whole lot into bit.ly. Then, having got the shortened link, he went and updated the status on the fan page. The timing of the change, and its reversion, indicates that this was the same person. You don't accidentally link to an old version of a page; you'd link to the generic version.

In other words, we might be able to find the hacker if we can find out who changed the Wikipedia page. Unfortunately, it wasn't done by a registered user. But because of Wikipedia's clever tracking system, you can see the IP of non-registered users: there it is at the top of the edit page in the screenshot: 131.74.110.168. You can also see what articles machines at that IP address have edited – a very mixed bag–- and also how edits from that IP have been increasingly smacked down by Wikipedia editors (latest on that page coming from October 2009: "Please stop your disruptive editing. If you continue to vandalise Wikipedia, as you did at Lyoto Machida, you will be blocked from editing."

So who's behind 131.74.110.168? A quick whois query tells you that it... the US department of defence in Williamsburg.

In other words: this might be someone in the military. Most likely those edits don't come from one person – they come from all sorts of people in the Williamsburg location. Or, just as possible, it was someone who had hacked into the computers there from outside (not as difficult as you'd hope it would be) and is using them as a proxy to make the Wikipedia edit, and, quite possibly, hack Zuckerberg's page. (We've asked Facebook whether Zuckerberg's page was accessed from that IP, but haven't had an answer yet.)

That's about all the clues we have: a US DOD IP, a transient Wikipedia page, and a link to a web consulting business. We asked Jeremy Reger, of Romanstwelve, if he was involved with or knew who was behind the hacking. His answer is an emphatic no: "Hackers don't link to pages who then link to pages. I do not have any idea who did the hack." He added: "I'm sure Facebook would confirm that the IP [address] in the wiki history in not the same IP that "hacked" the fan page."

Read More

"HIJACKING SERVERS" How to transfer Zones From ur System

Hey Niggas ,Welcom3  to our school, Today in this Section am gonnna Teach u all, How to Copy the File from DNS  Or  Zones  Data From ur Computer, And Niggas  Before I start this Topic Lemme Tell u , This Works Only if the Server  Is  MisConfigured(By Disabling Automaticaly Notify)..Coz  Windows 2000 as a Defaut  Set as Disable..!! So y don u try out.>!! Evn Still the Syatem may use Windows 2000 Server..If u ask me..Most Corp Are prefer to Use 2000 Over Windows 2008..

ZONE TRANSFER:  

                       Zone Transfer is a mechanism, Tat is used By the web server to update each other  ServERS,by transferring the contents to their  Database   (Whereever in tha Planet).

There are two types of servers Primary and Secondary Servers, Primary Server is The Main(Authoritive Server) , Secondary Server is tha (Non –Authoritive Servers)

Name Server is nothing but ,  See If there is Google, They might have 10 or 15 locations, To Identify the location of each server,Name Server was Formed..Purinjitha no…!!

If a google in US ,Illonis(I love this place Persnaolly ,Coz  Actor Surya Missed Her LoverHere only)m8 have name server like this    :

US:    ert1s.google.com

India:   machi:google.com

Uk:  per4t.google.com

Got it..Primary is the Main Server, all tha secondary are Cache Server also called as Back Up Servers. 

Entering  “nslookup”  in the cmd will give the following results:

DNS Movves tha Information from one site to another called Zoned Transfers Port num 53: Ok

And More Port Numbers For ur eye, You need to Memorize this For God Sake if u wannna be a good Security professional..

Briefings of tha 2^nd Command prompt image:

There are tha 4 steps involved in Zone transfer Process:

Ha ha ha…Very Firstly

1.    The Secondary Server, Sends SOA(Start of authority) record to the Primary Server

2.    Primary Server Checks, whether the Secondary Server SOA Is authorized(SOA Has Unique Nembers,Differs from Server to server in Diff locations)

3.    If an update is need for the Secondary server, It will send (AXFR) All Zone Transfer , To Tha Primary Server

4.    In Follow up response to the Secon, Primary will send the Updated Files to the Req Zones

DNS Records and types:

A   --> Host  (Maps an Domain Name to IP)

PTR- -> Pointer (Maps an IP To domain name)

NS- -> Name server(Which I said Earlier)

SOA - -> Start of authority(I Hope u Kno)

SRV- ->Service Locator(Used to Map tha Network)

MXà Mail((Usd to Identify the SMTP Services)

SOA record  Has TTL(Time to live) For the Session (Zone transfers).

Yeap..Open Up tha Command Prompt:

#nslookup  - Enter it on cmd n wait.

##Server <IP Address>  - Enter it(I Hop u kno to obtain The Server IP,If kno Drop Comments,ADD ONS avail fr Firefox)

###set type = any (Tells Ns lookup To Query fr all record,If u want something particular,Refer abov Commands WE Discussed)

#### ls –d <domain name> = www.defendhacker.blogspot.com (Trust me u cant play Around wit Blogs) Asssuming u are targetin to transfer tha zone.

Either u will get eerrors Or ll See Zone transfers.

Here We perform Now

C:\user\h4ckfeak> nslookup

Default server: hi43/defendhackers.blogspot.com

Address: 193.445.345.344

Server 123.343.545.54(You are typing in after obtain tha server Addr)

Set type=any

ls –d defendhackers.blogspot.com

defendhackers.blogspot.com         SOA  host.defendhackes.com(12 23 123    0000)                 

defendhackers.blogspot.com        NS       auth.34.bc.net

defendhackers.blogspot.com        NS       auth.34.bc.net

defendhackers.blogspot.com         A        12.43.55.56

defendhackers.blogspot.com        MX       chennaismtp1.defnd..rs.com

defendhackers.blogspot.com        MX       chennaismtp2.defnd..rs.com

defendhackers.blogspot.com        MX        chennaismtp1.defnd..rs.com

defendhackers.blogspot.com        A            123.334.545.66

defendhackers.blogspot.com        A            123.334.545.67

defendhackers.blogspot.com        A            123.334.545.68

defendhackers.blogspot.com        A            123.334.545.69

This Would Help u understand Better

There is a tool name called DIG Which Can provide These type Of Information to the Hackers, To Hack into the Servers This is the Intial Stage, Launchin tha Attack

##### Always one have to Ensure that the DNS Has Secured Properly. Periodic Check is Good Like Checkin ur fuel in Car, And Ensure its Security..But the Fuckin Thing is..The Secodary Servers Always Zone Transfers..And its  about security of each compny Maintain

For Full Understandin Do Watch This Video,.Would Help u a lot..

I hope u ll understood..Talk to me  @ Comments Section..! Will  Back with another Stuff

Lat3r

Read More