Hacker removed Mark Zuckerberg's Facebook Timeline Cover Photo

Something unusual happened today, Mark Zuckerberg's Facebook Timeline Cover Photo is removed, as shown in the above Screenshot.

Suddenly, after few hours, I got a mail from an Egyptian Hacker with nickname 'Dr.FarFar', claimed that he has hacked the Mark Zuckerberg's Facebook Profile and removed the Cover Photo using a private exploit.

The hacker has not provided any technical details about the vulnerability he used, but it seems that Zuckerberg has not noticed the removed Cover Photo on his profile.

It could be possible that Zuckerberg removed his Cover Photo himself, and someone is trying to take responsibility for the changes, but I still have a positive feeling that - May be a Minor, but its a Hack!

Previously in August 2013, Palestinian programmer discovered a security flaw in Facebook that allowed him to write a post on Facebook CEO Mark Zuckerberg's personal timeline without his permission.

Well, we are trying to get more information from the hacker about the flaw, as well as contacted Facebook for confirmation of the hack. I will update the story shortly after getting more updates.

Stay Tuned!

Update: Hacker explained, he used the Report abuse option on Zuckerberg's Cover image, and choose, 'I don't like this photo of me' and then "I used Fiddler2 Debugger Program to edit the request" he said.

Update: Within a few hours after 'CodeKill' exclusive report, Mark Zuckerberg has finally restored his Cover image on Facebook Profile, as shown and but the company has not issued any statement to us.

Author : Shivam Kotwalia, CodeKill

Forbes Hacked by Syrian Electronic Army; Website and Twitter accounts Compromised

Forbes is the latest victim in a long line of high-profile attacks by the Syrian Electronic Army (SEA), sending a reminder to the international community that cyber warfare is alive and well.

The pro-Assad group also took responsibility for hacking multiple Forbes websites and hijacked three Twitter accounts related to the website.

According to the screenshots published by the team, it appears the hackers gained the access to the Wordpress administration panel of Forbes website and edited several articles posted earlier on Forbes by authors Travis Bradberry, Matthew Herper, Andy Greenberg, John Dobosz, Steve Forbes and titled then as "Hacked by Syrian Electronic Army".

Hackers tweeted, "Syrian Electronic Army was here" from the compromised Twitter accounts, including accounts of Social media editor Alex Knapp @TheAlexKnapp and Personal finance report Samantha Sharf @Samsharf, and @ForbesTech account.

The Syrian Electronic Army attacked Forbes because, "Many articles against the SEA were posted on Forbes, also their hate for Syria is very clear and flagrant in their articles.".

The Syrian Electronic Army group is notorious for hacking Western media. They have targeted media sites, including the New York Times, the Washington Post, the Financial Times, the AP, The Guardian, and Twitter over the past year.

Author : Shivam Kotwalia, CodeKill

11 Most Notorious And Infamous Black Hat Hackers Ever

Did you know that Steve Jobs and Mark Zuckerberg were black hat hackers? Here we bring to you 11 most notorious black hat hackers ever! 

Hacking is undoubtedly one of the most adventurous, enticing and mysterious parts of the tech world and we thought it could be even more fun to know and learn about the top tier notorious black hat hackers and the legendary hacks that earned them such a title. So we bring to you the top 11 black hat hackers ever!

If you are wondering what black hat is, then a black hat hacker is a computing slang for a person who is engaged in illegal or malicious hacking. And similarly a white hat hacker is someone who intends to improve internet security.


11. Kevin Mitnick

Kevin David Mitnick (born on August 6, 1963) is an American computer security consultant, author, and hacker. In the late 20th century, he was convicted of various computer- and communications-related crimes. At the time of his arrest, he was the most-wanted computer criminal in the United States. Mitnick gained unauthorized access to his first computer network in 1979, at 16, when a friend gave him the phone number for the Ark, the computer system Digital Equipment Corporation (DEC) used for developing their RSTS/E operating system software. He broke into DEC’s computer network and copied their software, a crime he was charged with and convicted of in 1988.

According to the U.S. Department of Justice, Mitnick gained unauthorized access to dozens of computer networks while he was a fugitive. He used cloned cellular phones to hide his location and, among other things, copied valuable proprietary software from some of the country’s largest cellular telephone and computer companies. Mitnick also intercepted and stole computer passwords, altered computer networks, and broke into and read private e-mail.

10. Kevin Poulsen a.k.a. Dark Dante

The notorious 80s black hat hacker, Kevin Poulsen, gained recognition for his hacking of the telephone lines for LA radio station KIIS-FM, securing himself a place as the 102nd caller and winning a brand new Porsche 944, among other prizes. Law enforcement dubbed Poulsen the “Hannibal Lecter of computer crime.” Poulsen went underground as a fugitive when the FBI began its search for him, but in 1991, he was finally captured.

He pleaded guilty to seven counts of mail, wire and computer fraud, money laundering, obstruction of justice, and for obtaining information on covert businesses run by the FBI. Kevin Poulsen was sentenced to 51 months in prison (4 years and 3 months), which was the longest sentence ever given for hacking at the time. However, since serving time, Poulsen has worked as a journalist and is now a senior editor for Wired News. Poulsen’s most note-worthy article details his work on identifying 744 sex offenders with MySpace profiles.

9. Albert Gonzalez

Cyber-criminal Albert Gonzalez has been accused of masterminding the biggest ATM and credit card theft in history; from 2005 to 2007, he and his cybergroup had allegedly sold more than 170 million card and ATM numbers. Gonzalez’s team used SQL injection techniques to create malware backdoors on several corporate systems in order to launch packet-sniffing (specifically, ARP Spoofing) attacks, allowing him to steal computer data from internal corporate networks. When he was arrested, authorities seized $1.6 million in cash including $1.1 million found in plastic bags placed in a three-foot drum which had been buried in his parents’ backyard. In 2010, Gonzalez was sentenced to 20 years in federal prison.

8. Vladimir Levin

It’s almost like the opening of a James Bond movie: in 1994, while working from his laptop from his Russian apartment in St. Petersburg, Vladimir Levin transferred $10 million from the accounts of Citibank clients to his own accounts around the world.

However, Levin’s career as a hacker was only short lived, with a capture, imprisonment and recovery of all but $400,000 of the original $10 million. During Levin’s 1997 trial in the United States, he was said to have coordinated the first ever internet bank raid. The truth is Levin’s ability to transfer Citibank client funds to his own accounts was possible through stolen account numbers and PINs. Levin’s scam was a simple interception of clients’ calls while recording the punched in account numbers.

7. Robert Tappan Morris

On November 2, 1988, Robert Morris released a worm that took down one-tenth of the Internet, crippling 6,000 plus computer systems. It didn’t take long for the police to track him down. Morris made the fault of chatting about his worm for months before its release on the Internet. Morris claimed it was just a stunt, and added that he truly regretted causing $15 million worth of damage: the estimated amount of carnage his worm left behind.

Morris was one of the first to be tried and convicted under the Computer Fraud and Abuse Act but only had community service and a fine as his penalty. The defense for such a light sentence was that Morris’ worm didn’t destroy the actual contents of affected computers. Morris now works in the department of Electrical Engineering and Computer Science at Massachusetts Institute of Technology (MIT).

6. Michael Calce a.k.a. MafiaBoy

In February of 2000, Michael Calce launched a series of widely known denial-of-service attacks against large commercial websites, including Yahoo!, Amazon.com, Dell, eBay, and CNN. He hacked Yahoo! when it was still the web’s leading search engine and caused it to shutdown for about an hour. Like many hackers, Calce exploited websites primarily for pride and establishing dominance for himself and his cybergroup, TNT. In 2001, the Montreal Youth Court sentenced Calce to eight months of open custody, one year of probation, restricted use of the Internet, and a minimal fine.

5. David Smith

Smith’s fame can be credited to the infamous e-mail virus, Melissa that he gave birth to. Smith claims that the Melissa virus was never intended to cause harm, but its simple means of propagation (each infected computer sent out multiple infected emails) overloaded computer systems and servers around the world. Smith’s virus takes an unusual turn in that it was originally hidden in a file that contained passwords to 80 well-known pornography websites. The name Melissa was derived from a lap dancer Smith met while on a trip in Florida. Even though over 60,000 email viruses have been discovered, Smith is the only person to go to federal prison in the United States for sending one.

4. Adrian Lamo

Nicknamed “the homeless hacker,” Adrian Lamo used coffee shops, libraries and internet cafés as his locations for hacking. Apart from being the homeless hacker, Lamo is widely-known for breaking into a series of high-profile computer networks, which include The New York Times, Microsoft, Yahoo!, and MCI WorldCom. In 2002, he added his name to the The New York Times’ internal database of expert sources and utilized LexisNexis account to conduct research on high-profile subjects. The Times filed a complaint, and a warrant for Lamo’s arrest was issued, followed by a 15-month investigation by federal prosecutors in New York.

After several days in hiding, he finally surrendered to the US Marshals, and then to the FBI. Lamo was ordered to pay approximately $65,000 in damages and was sentenced to six months house arrest at his parents’ home, with an additional two years of probation. In June 2010, Lamo disclosed the name of Bradley Manning to U.S. Army authorities as the source of the July 12, 2007 Baghdad airstrike video leak to Wikileaks. Lamo is presently working as a threat analyst and donates his time and skills to a Sacramento-based nonprofit organization.

3. George Hotz

The name of the acclaimed jailbreak artist, George Hotz, will forever be associated with the April 2011 PlayStation breach. Being one of the first hackers ever to jailbreak the Sony PlayStation 3, Hotz found himself in the midst of a very relentless, public and messy court battle with Sony – perhaps worsened by Hotz’s public release of his jail breaking methods. In a stated retaliation to Sony’s gap of the unstated rules of jail breaking – never prosecute – the hacker group Anonymous attacked Sony in what would be the dubbed as the most costly security break of all time to date.

Hackers broke into the PlayStation Network and stole personal information of some 77 million users. However, Hotz denied any responsibility for the attack, and added “Running homebrew and exploring security on your devices is cool; hacking into someone else’s server and stealing databases of user info. is not cool.”

2. Jonathan James a.k.a. c0mrade

Jonathan James, 16-year-old black hat hacker, became the first juvenile imprisoned for cybercrime in the United States. James gained his notoriety by implementing a series of successful intrusions into various systems. At an amazingly young age of 15, James specialized in hacking high-profile government systems such as NASA and the Department of Defense. He was reported to have stolen software worth over $1.7 million. He also hacked into the Defense Threat Reduction Agency and intercepted over 3,000 highly secretive messages passing to and from the DTRA employees, while collecting many usernames and passwords.

On May 18, 2008, at the age of 25, James committed suicide using a gun. The words in his suicide note provide some insight into this obviously brilliant but troubled youth who thought he would be a scapegoat and blamed for cyber crimes he did not commit: “I have no faith in the ‘justice’ system. Perhaps my actions today, and this letter, will send a stronger message to the public. Either way, I have lost control over this situation, and this is my only way to regain control.”

1. Gary McKinnon

In 2002, an exceptionally odd message appeared on a US Army computer screen: “Your security system is crap,” it read. “I am Solo. I will continue to disrupt at the highest levels.” It was later identified as the work of Scottish systems administrator, Gary McKinnon.

McKinnon suffers from Asperger’s syndrome, which is the least severe form of autism. The symptoms of Asperger’s syndrome certainly match Gary’s actions: that is, highly intelligent with an exceptional understanding of complex systems. Though sufferers often have difficulty reading social cues and acknowledging the impact of their often-obsessive behavior, they tend to be geniuses in one particular subject. For Gary, it was computers.

Gary has been accused of executing the largest ever hack of United States government computer networks — including Army, Air Force, Navy and NASA systems. The court had recommended that McKinnon be apprehended to the United States to face charges of illegally accessing 97 computers, causing a total of $700,000 in damage. Even more interesting are McKinnon’s motives for the large scale hackings, which he claims were in search of information on UFOs. He believed the US government was hiding such information in its military computers.

Author : Shivam Kotwalia, CodeKill

YouTube Hacked or a Real INTERNAL ERROR with a wierd Message Description.!!!

Today, evening youtube occurred to have a Error Message displayed not only its home page but also it sub URL's .

You Tube's Home Page

Embedded YouTube Player on CodeKill Did the Same Response....

The Most Important thing is the Error Description that is been generated.

"A team of highly trained monkeys has been dispatched to deal with this situation."

This is not the first time that YouTube has got down with that funny message, last year in November and August witnessed the same error.
Their has been no official announcement of error by Google.
As soon as we get any update, we will update you.

What do you think is this a HACK or some REAL INTERNAL ERROR. ??
Drop Down your Suggestion at comment Box ..!!


Stay Tuned to CodeKill
Like us on facebook
Shivam Kotwalia, CodeKill

Top 10 Linux Distros For Hackers!

If you're security researcher, you have to use the proper OS for it. Here we bring the best Linux hacking distros... 

Hackers and security researchers need their tools at hand always. Many of them are based on the popular Ubuntu and Debian operating system and come with a number of hacking tools installed.

1. BackTrack 5r3: This is one of the most loved and best known Linux-based hacking distributions. Based on Canonical’s Ubuntu operating system, Backtrack’s logo says, “The quieter you become, the more you are able to hear.” With version 5, the GNOME desktop environment was added along with the usual KDE desktop environment.

2. Nodezero: This is another Ubuntu-based hacking, which is used for penetration testing. Every time you get a patch for bugs in the Ubuntu OS, Nodezero also gets updated.

3. BackBox Linux: This is yet another Ubuntu-based distro being used for hacking. According to the developers, the OS has been designed to create a penetration testing distro that is fast and easy to use. It also gets update with new ethical hacking tools regularly using repositories.

4. Blackbuntu: Ubuntu itself may not be a hacking distro, but there are plenty that are based on it. This distribution comes with categories such as Network Mapping, Information Gathering, Penetration, Vulnerability Identification, Privilege Escalation, Radio Network Analysis, VoIP analysis and more.

5. Samurai Web Testing Framework: This distro lays focus on attacking websites using the best free and open source tools for hacking and attacking. The developers have incorporated four steps into the distribution, including, reconnaissance, mapping, discovery and exploitation.

6. Knoppix STD: From Ubuntu to Debian, Knoppix STD is a Debian based hacking distribution that runs the GNOME, KDE, LXDE and Openbox desktop environments. It has been around for quite a long time now and was amongst the first live distros.

7. Pentoo: This is a live CD that is meant for security testing and is based on Gentoo. It comes with a number of customised tools and kernel from the company. These include a Backported WiFi stack, XFCE4 etc.

8. Weakerthan: This distribution uses the Flufbox desktop environment and is best suited for WiFi hacking because of its many Wireless tools. It is a Debian Squeeze-based distribution that comes with tools for WiFi attacks, Cisco exploitation, SQL Hacking, Web Hacking, Bluetooth and others.

9. Matriux Krypton: After Weakerth4n, this is perhaps the first distribution that is directly based on the Debian OS. It contains an arsenal of 300 security tools and makes for a good choice for ethical hacking, penetration testing, security testing, system and network administration, cyber forensics investigations etc.

10. DEFT: This OS is based on the Linux Kernel 3 along with the Digital Advanced Response Toolkit. It uses WINE in order to run Windows tools Linux and predominantly run with the LXDE desktop environment.

Like Us on facebook
Shivam Kotwalia, CodeKill

Facebook domain hacked by Syrian Electronic Army

On the 10th Anniversary of Social networking website Facebook, the hacker group 'Syrian Electronic Army' claimed that they managed to hack into the administrator account of the Facebook's Domain Registrar - MarkMonitor.

The hacking group changed the Facebook Domain's contact information to a Syrian email address on the company’s WHOIS domain information page, as shown.

"Happy Birthday Mark! http://Facebook.com owned by #SEA" the group tweeted.

Hackers also claimed that it had updated the nameserver information to hijack domain, but the process had to be abandoned because it was "taking too much time..." whereas, Facebook spokesperson did confirm that the website's domain record email contact information had been changed.

Why SEA Targeted Facebook? Syrian activists and Hackers claimed that Facebook has been deleting pages created by dissidents and removing content as it was violating the social network’s standards, according to Facebook, and that important information about the conflict is being lost as a result.

Journalists and activists involved in the Syrian revolution said that the deletion of Syrian opposition pages by Facebook removes important data and context about the revolution there, including some crucial information about chemical weapon attacks last year.

If SEA had succeeded in updating the nameserver record for Facebook, then the millions of users could have been directed to any other defaced or malicious website.

At the time of writing, the registrant contact details were restored and Facebook confirmed that no traffic to the website was hijacked, and that no users of the social network were affected.

10 Steps You Should Take To Prevent Hacking!

Read about all the security nightmares that people have had recently? Well, don't be one of them and read on! 

Hackers are everywhere, waiting to pounce on the one weakness that you show. So, in order to protect yourself, you have to be well shielded. A simple firewall is not enough, you need to follow these steps in order to keep yourself secure! 1. Keep your browsers and OS up to date: Hacking is a result of weaknesses and loopholes. Don’t provide any and you won’t get hacked easily. Almost every OS update that you get will come with some security patches, which is why getting regular updates is important. 2. Firewall protection: The firewall is in a way your first line of defence against hackers and viruses. So keep your firewall updated at all times. 3. Change passwords: Some people do this on a weekly basis, but monthly changes should be enough. Make sure you use alphanumeric passwords, because they’re harder to crack. 4. Get an antivirus: Ok, you already know this one. But still, don’t try to save when it comes to an antivirus. Get a good one and get a registered subscription. Don’t go for something that is free and cheap. 5. Anti-spyware: While adware and spyware aren’t quite as dangerous as viruses, they can still be frustrating. In addition, they could often be doorways for hackers. 6. Unknown emails: Many have fallen for this one. Never ever click on a link that you find in an unknown email. Just delete them. 7. Block unknown invitations: You know those many social media invitations that you get from unknown people? Don’t leave them pending, don’t accept them, just block them. If you’re in doubt about a mail or an invite, just block. You can always unblock later if you were wrong. 8. Wipe your phone: The ‘find my phone’ feature on modern smartphones should be turned on. It keeps your personal data safe even if it has been stolen by someone. 9. Beware of public networks: We often sit down at coffees shops and cafes and connect to their Wi-Fis. Well, public networks are most dangerous and hackers are often sitting at these places just to find their next targets. In any case, you don’t have to stop using them, just make sure that you don’t send or receive confidential data over them. 10. Macs can be attacked:Just because you bought the expensive Apple laptop doesn’t mean that you can’t be attacked. It is true that they don’t get attacked much, but that is primarily because of the lower market share that they have. Take our advice, don’t be overconfident about your Mac. Like Us on Facebook Shivam Kotwalia, CodeKill

Buffer Overflow Exploit Discovered In Android SDK

Android SDK also suffers lack of compile-time hardening.

The droidsec security group has discovered and patched a buffer overflow issue and a lack of compile-time hardening in the Android Debug Bridge, with the team deciding to publicly disclose the issues and patches after a lack of communication from Google. The buffer overflow exploit discovered in the Android software development kit effects all versions of the Android Debug Bridge on Linux x86_64.

According to droidsec the exploit has been confirmed on version 18.0.1 of the Android SDK platform tools on x86_64 Ubuntu Linux 12.04. Meanwhile, attempts of exploitation on a 32-bit Linux system and the adb binary found on the Nexus 4 were unsuccesful. Windows systems were kept out of the test.

The exploit starts with an attacker starting a malicious Android Debug Bridge (ADB) server. This ADB server then interfaces with Android devices on a multi-user system and waits for ADB clients to connect. Any command that communicates with the ADB Server will lead to 'successful' exploitation. Further, it has been found that the ADB binary failed to have a non-executable stack. Also the executable was not position independent.

"It should also be noted that host compilation also seems to intentionally opt out of the FORTIFY_SOURCE protections. It's not clear why this is the case since the comment near this line of code references an internal only bug number." " droidsec was quoted as saying.

Shivam Kotwalia, CodeKill

Yahoo Mail Hacked!

Yahoo is the second largest email service globally, after Google’s Gmail

Yahoo informed on Thursday that usernames and passwords of certain Yahoo email customers were stolen and utilised to collect personal information of people, who the affected Yahoo mail users have off late corresponded with. The company did not state the number of accounts that were compromised.


Yahoo is the second-largest email service globally, after Google’s Gmail, as per the research firm comScore. There are about 273 million Yahoo mail accounts world over, which includes 81 million in the United States. It’s the recent in a series of security breaches allowing hackers to get personal information with the use of software which analysts state is quite sophisticated. Around 70 million customers of Target stores got their personal information and credit and debit card numbers compromised late last year.

According to Avivah Litan, a security analyst at the technology research firm Gartner, “It’s an old trend, but it’s much more exaggerated now because the programs the bad guys use are much more sophisticated now.” Yahoo Inc has stated in a blog post on its breach that “The information sought in the attack seems to be names and email addresses from the affected accounts’ most recent sent emails.”

The access to email accounts can end in serious breaches that involve banking and shopping sites. As numerous people re-use passwords across many sites, and also as most sites utilise email to reset passwords, hackers can try logging in to such a site with the Yahoo email address and ask that a password reminder be sent by email.