Blackhat hacker penguinman2100 demonstrates how to hack google to upload any hacker files or pictures to any website using PHP Photo exploits.

The blackhat hacker penguinman2100 hacks into websites using this tutorial as you can see in our video.

He has illegally hacked into sites such as http://textideas.com and http://www.sq-bleiburg.at as he has proven with the access in this video.

Penguinman2100 writes on his cracker blog:

**NEWS: I have recently become intrested in “Google Hacking” now I know that sounds pretty bad but it isnt really. “Google Hacking” is basically accessing things on Google in which the average person cant do and in which some illegal activity can occur.

The blackhat hacker Penguinman2100 is also known as Zachary D., he is male and 19 years old, and he currently lives in Calgary, Alberta (Canada), where laws against blackhat hacking in google do not exist.

His hack partner SteveTheMaster (Steve Nahilian) also a blackhat and is a much dangerous hacker with advanced skills.

Zach~
Hello! we are hacking partners. my name is zach. im not as good as of a hacker as steve, but i’ll do my part.

Steve~
sup, i am Stevethemaster (click here to chat on AIM) from Steve Company, i am the king of goldfinger & Qcode64 hacking. i do every type of hacking known to hackers on da web, l00k 0ut 4 my vids. Zach is my hacking partner, he has a great mind on image hacks. we are from spiralmountain.co.uk

Thank you to Zachary D. and Steve the Master Hacker for producing these excellent hacking video tutorials to teach blackhats how to hack illegally into websites such as textideas.com. Please we are waiting for episode 2 of How to Hack Google! Keep up the good works and submit great hacking tutorials for our readers!

Inside the “Ron Paul” Spam Botnet
URL: http://www.secureworks.com/research/threats/ronpaul
Date: December 4, 2007
Author: Joe Stewart

On the weekend of October 27, 2007, the Internet was suddenly bombarded with a rash of spam emails promoting U.S. presidential candidate Ron Paul. The spam run continued until Tuesday, October 30,when it stopped as suddenly as it began. At the same time, politicalblogs began to light up, accusing the campaign (or at least its ardent supporters) of running a criminal botnet for political purposes. We decided to cut through the spin and take a closer look at this botnet to determine its origins and shine some light on who might be responsible.

Tracking the Spam
Tracking specific spam back to a particular piece of botnet malware is somewhat challenging, but given the right cooperation between researchers who hold different pieces of the puzzle, …
[continues at http://www.secureworks.com/research/threats/ronpaul ..]

Also see: Ron Paul Supporters Using Criminal Botnets to Spread Message of Hate

From: Goebbels Amadeus
Date: Sun, 2 Dec 2007 06:12:54 +0100 (CET)

Despite the misleading subject of my e-mail, I want to
bring to attention an important topic which hasn’t been
discussed enough among the security industry: the exploit
and vulnerability research market.
Since this might be a vastly secretive community, I will
introduce some of the members of this dramatically disturbing tale:
Since a few years ago, few companies emerged, who offer
rewards for exploit information and vulnerability research.
In the beginning, only iDefense (US-based) openly disclosed
its activities.
In the last 3-7 years we have seen ZDI (TippingPoint, now
3Com and soon its Chinese major shareholder..), WSLabi (the
failed attempt on creating an auction market model for these
sales) and Netragard (the old DMCA publicity stunt SNOsoft).
Now I’ll start telling a tale of distrust, lies, middle men
and other creatures of the infraworld…
Once upon a time, there was an increasingly powerful work
force capable of crafting weapons which existed only in a
digital world. This force didn’t have a name. They didn’t
pursue certifications. They were anonymous. But some realized
they also had the power of influencing people, controlling the
flow of information from anywhere at any time. Humanity has
seen for ages how the power of controlling information can
take down whole nations. Nowadays, in an open and free market,
the corporate world is nothing but a battlefield.
There’s no crimson tie. No blood escaping the bodies of its
soldiers. The soldiers are John Does, fighting for a decent
paycheck at any cost, selling out their spirits and time for
the corporate machine. Selling out their comrades and dignity.
Losing the values, principles and matter that make them human.
Unknowingly, they are becoming mere tools of few individuals
who have a neverending desire for fame and wealth.
Have you ever considered your future in their hands? You’ve
been working for 50 years, your liver and kidneys start failing,
creating visible symptoms, stains in your skin. You can’t handle
life in the same way anymore. For what? What have you done in
those 50 years but serving another man to become more wealthy
and over powered. The approaching day of your death and its
mere vision strikes you like a burning iron blade.
In this New Age battlefield, you can make a difference. A
talented youth started emerging and dedicated passionately to
fulfill its curiosity. Day after day, spending countless hours
in front of a machine. Understanding it’s inner design and
details, breaking it apart and reassembling it the way it wasn’t
meant to be assembled.
Some others dedicated painful discipline to physical work and
trained themselves for achieving perfection in both intellectual
and physical matters. Others fell in the way and never made it
to the final round.
After realizing they could not let the corporate world exhaust
them, they tried another way. The emerging market of digital
ammunition seemed to be a potential solution for their problems.
But, unbeknown to them, they were wrong. They didn’t think at
first glance of the impossibly huge amounts of lies and fallacies
they were about experience. Because in a world where you can
claim something while denying your obligation to prove it, the
only power that is left is that of common sense and intuition.
The ability to sense the deceitful and know the truthful.
Once day, our John Doe decided to approach an independent digital
weapons dealer, looking for better offers than those coming from
more established business men. He knew that more then business men,
they were only middle men. After numerous experiences with these
little twerps, he realized they were also abusing their condition.
John was also especially disappointed with the fact that in the
world of digital ammunitions, there’s no real way of providing the
goods without turning them instantly useless and vulnerable to abuse.
John knew that these middle men were taking cuts far higher than
their alleged 10 to 15 percent of the sale. How could John prove it
otherwise? There was no way of ensuring that their contacts were
getting the very exact figure John demanded.
Despite this fact, John also realized that in this market of smoke,
the seller is not supposed to set the price of the goods. These
middle men, in their great mistake of thinking that wisdom and
knowledge are the very same thing, wanted John to believe that
they were the ones who set the price of the goods.
John’s disappointment was growing to incredibly high stakes: “As a
child, whenever I tried to tell the candy shop clerk that the
chocolate bars cost as much as the peanut butter ones, he simply
tried to smack my head down. I wasn’t supposed to even swap the
labels in a failed attempt to fool this man, who had been making
candy bars for more time than I was actually able to barely say
my name.”
John had been crafting digital weapons for so many time, with
such a high talent and effectiveness, that he was much less
dispensable than this middle men. His personal background, of an
extremely tough childhood full of misery and hostility, also
gave him the necessary wisdom and experience in this world for
quickly spotting the weaknesses of these ego-crazed men. Their
weakness lies in the fact that without John and his comrades,
they have no business. They lack far more than just knowledge.
They lack wisdom, passion and truly devoted dedication to whatever
they do. Sooner or later they will make the same mistake of other
weapon dealers: getting killed with their own goods.
Hypocrisy among these poorly educated middle-men was so high,
that they resorted to low tricks and ridiculous attempts to gain
the trust of people like John. They went as far as insulting the
intelligence of those who provided them with the goods they are
unable to produce themselves. No matter how hard the tried, it
never brought anything back but silence. The silence that can be
clearly understood as a fully precise signal of genuine despise.
The fundamental error behind their approach is that trust can’t
be gained for cheering, boosting the ego, claiming great benefits
and wealth. Trust is something sculpted in hard rock, taking years
to become an admirable master piece. It doesn’t come attached to
an email.
At the end, John and his comrades found out that wasting their
time with these miserable beings was far less than fruitful. It
was exhausting them as much as the corporate world did. They
realized that any day above ground is a good day. Let the snakes
change their skin and show their true colors. In the desert,
being unable to match with environment has deadly consequences.
It might take years, or decades, but time will set them all where
they belong. Life does not forgive and everything has come to an
end… because they lack of patience, the end will approach their
nefarious activities sooner than they ever thought and John and
his comrades will be free again.
And this tale has to come to an end itself… the end of a
story about middle-men and their madness.
Time’s striking force.
- Paul Amadeus Goebbels

very interesting, mr goebbels.

The search.live.com search engine index appears to be vulnerable to a form of XSS Meta Manipulation and fraudulent content cross-domain injection attacks.

Links to XSS injected domains are being indexed and followed by the Live spiders, as can be seen in the following example when searching for “XSS Hacking” information:

http://search.live.com/results.aspx?q=hacking+xss&go=Search

Any user following the link from live.com to the Ethical Hacking expert knowledge site ethicalhacker.net will currently see this output:

It is unknown at this time if dynamic search engine rankings or other abstract Web 2.0 technologies that rely on indexed search engine results are affected by this vulnerability. It is very possible that the search.live.com spider could be tricked into following and indexing vulnerabilities far more serious than common cross-site javascript alert() injections, but XSSWorm has not yet tested this exploit vector on Live.

Thanks to XSSWorm readers, Ethicalhacker.net has now been informed of the serious XSS injection bug in their installation of Wordpress. It is obvious from the image above that the vulnerability is being exploited in the wild by Blackhat SEO optimizers, malicious crackers and possibly for cross-net spear pharming and targeted phly-phishing attacks. Microsoft has not yet responded to this bug advisory as the vulnerability still appears to be exploitable at time of writing. We will post updates here at xssworm.com as new spider injection holes are discovered.

Expert hackers from the elite security and hacking specialist TELUS claim that their research demonstrates that Buffer Overflows are still the top threat to the safety of the Internet in these days of distributed social data networks and rich Web 2.0 application platforms.

Web application vulnerabilities such as cross-site scripting (XSS) and SQL injection may be widespread, but old-fashioned buffer overflow bugs are the most common flaws reported, according to new vulnerability research from Telus. The hacking experts also report that the level of severity of bugs in Microsoft products is declining significantly.

Telus, which provides vulnerability research analysis to most of the 20 top security vendors — including IBM ISS and McAfee — bases its data on vulnerabilities reported in enterprise-class products.

Microsoft went from around 175 high-severity vulnerabilities reported last year to 129 this year, and from 20 critical bugs to eight this year so far, according to Telus’s data. And overall, the top 50 software and network equipment vendors have had fewer severe bugs this year than last, says Richard Reiner, chief security and technology officer for Telus, who based its data only on vulnerabilities reported in enterprise-class products.

“The severity of Microsoft’s product [vulnerabilities] are dropping dramatically,” Reiner says.

Web app bugs are less severe than other types of vulnerabilities, the research firm said. Buffer overflows, which accounted for 1,470 of the reported bugs (in enterprise-class software, according to Telus data) from January ‘04 until now, are also typically the most severe. “This was surprising, because buffer overflows are among the easiest vulnerabilities to avoid or correct,” Reiner says. “When they exist, they tend to be the most critical… I’m not surprised by that part, but by how prevalent they are.”

Telus has been widely respected for their long-time hacking expertise ever since acquiring Canadian security specialists Assurent and Richard Reiner for an undisclosed sum in April 2006.

“Customers will be the beneficiaries of our combined suite of internationally recognized security solutions that have a long and successful track record of enabling business resiliency” claimed Richard Reiner at the time of the acquisition.

Common Web vulnerabilities such as cross-site scripting (XSS) and SQL injection aren’t typically critical threats, Reiner says. Only one bug in the off-the-shelf Web products studied by Telus had a critical SQL bug, and none of them had a critical XSS flaw, he says.

The good news, then, is that off-the-shelf Web platforms are relatively secure. The bad news is that the customized or home-grown Web apps Telus studied were riddled with critical bugs.

“The number of vulnerabilities in widely used Web application platforms has been relatively small,” he says. “But the situation is quite different in custom and one-off applications businesses build.”

Telus’s data differs from that of Mitre Corp.’s latest Common Vulnerabilities and Exposures Report, which was released in May. The broader CVE report named XSS as the most prevalent vulnerability reported in 2006. It is currently unknown at this time how Telus and the Mitre Corp., while working with the same public vulnerability information, arrived at such opposite conclusions. Some readers have suggested that Telus’ only motivation for releasing this questionable “research” is to generate PR and increase sales - possibly through fear and misinformation - while others claim that respected security vendors such as Telus would rarely (if ever) resort to such unethical tactics in pursuit of profits.

The number of critical and high-risk vulnerabilities is increasing, but that may be because these bugs are now being discovered on smaller vendors’ products, Telus says. Server vulnerabilities still outnumber client flaws, but client bugs have increased from 31 percent of the vulnerabilities last year to 39 percent this year.

Read the original article over at DarkReading.com - a security portal for “IT professionals with security specialties and CISSP or CISA certifications; CIOs; CTOs; CSOs, CISOs, and CCOs.”

Blackhat demonstration video for Google hackers:

How to find hidden secret documents with Google