Evernote hacked, reset your password Now !

Cloud note-taking service Evernote has been hacked and now you have to reset your password imminently. According to a post on the official Evernote blog, an unidentified attacker compromise the servers and extracted usernames, email addresses, and passwords.

"Evernote’s Operations & Security team has discovered and blocked suspicious activity on the Evernote network that appears to have been a coordinated attempt to access secure areas of the Evernote Service."

But those passwords were encrypted, so all users must change their password before they can log back into their account. "In our security investigation, we have found no evidence that any of the content you store in Evernote was accessed, changed or lost."

Evernote also said that they have no evidence that any payment information for Evernote Premium or Evernote Business customers was accessed.

There are also several important steps that you can take to ensure that your data on any site, including Evernote, is secure:

• Avoid using simple passwords based on dictionary words
• Never use the same password on multiple sites or services
• Never click on ‘reset password’ requests in emails instead go directly to the service

U.K. Internet service providers ordered to block three filesharing websites

The UK High Court has ordered BSkyB, BT, Virgin Media and three other UK broadband providers to block access to three music and movie file-sharing websites Kickass Torrents, H33T and Fenopy.

Judge Richard Arnold said  that these websites infringed 10 music companies copyrights on an industrial scale.

He granted an order to 10 record labels including EMI, Sony and Universal against six UK internet service providers requiring them to take measures to block or at least impede access by their customers to these three file-sharing websites.

"The orders are necessary and appropriate to protect the intellectual property rights of the claimants and other copyright owners." Judge said. The ISPs have been given 15 working days to block access to the sites. Each ISP will decide how to warn customers and subsequently attempt to curb alleged illegal file sharing activity.

Verizon decided to send a series of warnings to Internet users and after the fifth the alleged copyright infringer's Internet connection will be slowed significantly for up to three days.

Bypassing Google Two Factor Authentication

Duo Security found a loophole in Google's authentication system that allowed them to Google's two factor authentication and gain full control over a user's Gmail account by abusing the unique passwords used to connect individual applications to Google accounts.

Duo Security itself a two-factor authentication provider and the flaw is located in the auto-login mechanism implemented in Chrome in the latest versions of Android, that allowed them to use an ASP to gain access to a Google account's recovery and 2-step verification settings. 

Auto-login allowed users who linked their mobile devices or Chromebooks to their Google accounts to automatically access all Google-related pages over the Web without ever seeing another login page.

"Generally, once you turn on 2-step verification, Google asks you to create a separate Application-Specific Password for each application you use (hence “Application-Specific”) that doesn’t support logins using 2-step verification," Duo Security said in a blog post.

"Then you use that ASP in place of your actual password. In more-concrete terms, you create ASPs for most client applications that don’t use a web-based login: email clients using IMAP and SMTP (Apple Mail, Thunderbird, etc.); chat clients communicating over XMPP (Adium, Pidgin, etc.), and calendar applications that sync using CalDAV (iCal, etc.)."

ASPs are specialized tokens generated for each application that users enter in place of the password/token combination. Duo Security discovered that ASPs actually weren't application-specific, In fact, one code could be used to log in to almost any of the Google's Web properties because of Auto-login feature.

"So, given nothing but a username, an ASP, and a single request to https://android.clients.google.com/auth, we can log into any Google web property without any login prompt (or 2-step verification)"

The researchers have shared their findings with Google and they has fixed this security hole last week.

Release dEcrypt3r.V2

Hello every one. i’m xsan-lahci ,i will release my new Tools, yeah dEcrypt3r V.2 was Born

dEcrypt3r Version 2 is new update from dEcrypt3rV1
This is my Original Logo

Fitur Inside :

1. encrypt & decrypt message with cryptography Subtitution method
2. Encoding & decoding base64
3. Hash-identifier
4. Cracking Hash MD5 , MD4 , SHA1 , SHA-256 with findmyhash on dEcrypt3r V2

5. MD5 , MD4 , SHA1 , SHA-256 Generator
6. Make Qrcode with Qrencode on dEcrypt3r V2
7. Keyloger With xspy on dEcrypt3r V2
This script is under GPL v3 License (http://www.gnu.org/licenses/gpl-3.0.html).
Copyright (c) 2013 xsan-lahci aka Vaisal Dot Zip | Fuck For PLAGIARISM
DISCLAIMER: modifications, changes, or alterations to this sourcecode is acceptable, however, any public releases utilizing this code must be approved by writen this tool (xsan-lahci)
Report Bugs : xsanlahci[at]gmail.com | xsan[at]idblackhat.org
Thanks for your nice ideas and help to make this tool more useful:
Zee Eichel | Ikonspirasi | Zion3R (hash-id) | laXmarcaellugar (findmyhash) | Kentaro Fukuchi (qrencode) | JAM (xspy)

Special Thanks To: My God Allah.SWT | My Parents | My Teacher  My Sister And My Love Nabila And Many Thanks For my Friends @ University and Facebook