Follow us on Twitter!
The important thing is not to stop questioning. - Albert Einstein
Sunday, September 25, 2016
Navigation
Home
 Find:
 Information:
Learn
Communicate
Submit
Shop
Challenges
 Exploit:
 Programming:
 Think:
 Track:
 Patch:
 Other:
 Need Help?
Other
Members Online
Total Online: 47
Guests Online: 43
Members Online: 4

Registered Members: 95706
Newest Member: ellepasnom
Latest Articles
Welcome to HellBound Hackers

Welcome to HellBound Hackers. The hands-on approach to computer security.
Learn how hackers break in, and how to keep them out.
Please register to benefit from extra features and our simulated security challenges.




Latest Features:

Latest Challenges:

Stegano 27 by Euforia33.
Stegano 26 by Euforia33.
Stegano 25 by Euforia33.
Application 17 by 4rm4g3dd0n.

Information:



: : Website News : :

A few HBH Updates

We have pushed some fixes out to some of the broken challenges.

Real7 is now back online!

Please check the status page before asking if a challenge is down.

We will have some big news about HBH coming soon, If you want to help out with beta testing this big news please let rex_mundi know so we can add you to the list.

Any EM members are already on the list :)


If you have questions about this big news feel free to post them in the following thread.

~ Mordak

Forward Secrecy & Strict Transport Security

Today we implemented Forward Secrecy in order to improve the security and privacy of HBH. Forward Secrecy "should" make it "impossible" to eavesdrop on data being transmitted from your browser to HBH's servers. We also have Strict Transport Security enabled.

You can check the report on our SSL here. The SSL report is provided by Qualys SSL Labs

Also we have updated PHP so a few page may be offline, if you find any please report them here.

We have also updated the Development page so you can all see what we are working on and things we would like to do. Feel free to post your thoughts on the current projects.

Also we have updated the Change Log to reflect these changes.

Points for Creating Challenges & Points for Hall of Fame entries have been returned to the accounts that lost them.

Ranking System Changes

Since the points reset, We have had a lot of complaints about administrators being in the top ten on the rankings page. The current Admin staff have been here for a while and had already completed the challenges BUT to keep everyone happy, Administrators will no longer be included in the points rankings and will be unranked in their profiles.

On another note Real 15 IS up and running fine.

UPDATE: Real 9 an 10 are also now back up.

korg

Changes to HBH

All Members Read This!

There has been a few changes to HBH over the past few weeks. Here are a list of changes and some reason why:

We have removed the old database tables and reset the points. This is due to old and corrupted accounts and no way for other members to get on the score board, Points cannot and will not be reinstated. We have also removed user accounts that haven\'t logged in in over a year.

We have two new staff members Euforia33 & rex_mundi they have been a great help to HBH over the years!

We also have improved the forum and replaced some old code which should make things faster.

Thanks

HBH Staff

PHP Upgrade and New Challenges

Due to the recent upgrade in the PHP on the server, Some pages may not display properly and a few challenges will be offline. Basic 26, Real 7, 9 Will be Offline till I get them recoded.

Realistic 17 is back up and running.

On the other hand, The Application page is completely redone to make it easier to submit your answers.

I\'m going to upload a few new challenges to keep everyone occupied while I work on the site.

Any bugs you see please submit them, Any Vulnerabilities Pm me them directly.

UPDATE: Application 17 by 4rm4g3dd0n released today.

UPDATED UPDATE: Stegano 25, 26 and 27 by Euforia33 released also!

UPDATED UPDATE UPDATE: Mordak has bought HBH a proper SSL Cert.

UPDATED UPDATED UPDATE UPDATE: HBH Change log is now active.

korg

: : Computer News : :

Worlds largest internet exchange sues Germany over mass surveillance.

DE-CIX questions legality of government tapping its system.

The worlds largest internet exchange point is suing the German government for tapping its communications systems.

DE-CIX runs a number of critical exchange points – most of them in Germany, but with others in France, Spain and the United States – and has sued the German interior ministry over orders from the German security services to allow them to tap its exchange centers.

The goal of the lawsuit, filed in federal court in Leipzig, is to reach a "judicial clarification" over whether the German governments actions are legal, the company said (in German), and "in particular, legal certainty for our customers and our company."

Opera launches desktop version of its free unlimited VPN

Now available on the stable release version, users will have five locations globally to choose when using the VPN which features 256-bit AES encrypted connections.

If privacy when surfing the World Wide Web is something you value, then using a virtual private network (VPN) to obscure your surfing patterns is a must.

While most VPNs either require a subscription fee or installing additional software on your PC, Operas latest update to its stable desktop browser version adds VPN functionality for free and turning it on is as simple as clicking a button.

Powered by Opera subsidiary SurfEasy, the VPN uses a 256-bit AES encrypted connection and does not log your browsing history. Users can choose from five server locations: Canada, Germany, the Netherlands, Singapore and the United States, or let the browser select the most optimal server.

The free VPN for its desktop browser follows the companys previous announcement back in April where this feature was made available on the developer version of its browser. The company also introduced a mobile VPN service for both iOS and Android.

Other new features in the updated browser include Chromecast support, automatic battery saving for unplugged laptops and support for RSS feeds with the newsreader feature.

Opera says the VPN should be fast enough for watching video in HD (thats 1,280x720 pixels) but will also depend on the users location to the VPN server. Opera says this depends on the network situation as well, as most video sites have adaptive streaming protocol built-in.

The updated Opera browser can be downloaded here: http://www.opera.com/computer/

Cisco customers targeted using leaked NSA hacking tools

Networking giant says there is no workaround for the issue

Hackers have targeted some Cisco customers using a new vulnerability found thanks to leaked NSA cyber tools.

The tools were released in August by a hacker group dubbed ShadowBrokers and are confirmed to belong to the Equation Group which has strong ties with the NSA. It is the second such vulnerability to be found by Cisco as a result of the data dump made by the hackers; Cisco has already fixed a flaw in the SNMP implementation in its ASA firewalls.

Cisco has warned its customers that all versions of its IOS, IOS XE and IOS XR software are vulnerable to one of the many exploits released on August 15. The networking firm has not revealed which of its customers may have already been breached but the issue impacts firewalls, routers and switches made by the firm, enabling hackers to get hold of critical and confidential information from its customers.

The vulnerability is due to insufficient condition checks in the part of the code that handles IKEv1 security negotiation requests. An attacker could exploit this vulnerability by sending a crafted IKEv1 packet to an affected device configured to accept IKEv1 security negotiation requests, the firm said in a security advisory blog.

But despite stating that its incident response team was aware of exploitation of the vulnerabilities of those customers running affected platforms, Cisco has not yet developed a patch for the flaw and has said no workarounds are available. Instead, it has released IPS signatures and Snort rules to mitigate the risks for its customers.

The exploit is called BENIGNCERTAIN and is made up of three binaries, each of which can be exploited to obtain RSA private key data and VPN configuration details if used against Cisco PIX firewalls.

Cisco isn’t the only networking company to have exploits revealed. The ShadowBrokers data dump included exploits for Juniper and Fortinet, amongst others.

French Caldwell, former Gartner fellow and chief evangelist at GRC apps company MetricStream, warned other spy agencies – particularly the other Five Eyes members that they too are vulnerable to a similar hack.

If the NSA was hacked, the chances that they too have been targeted are certainly more than 50-50, he said.