Linux Hacks & Cracks - Page 69
We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
There's no safe place on the Web, reports former hacker Marc Maiffret, who shared some interesting insights recently with CNET.com regarding Internet security. Nearly a decade after he exposed the vulnerability used by the Code Red worm, Maiffret gave Microsoft's security model high marks.
Think this guy's a democrat? A former college student has been charged with using the school's computer network to control a botnet and launch distributed denial-of-service (DDoS) attacks against conservative websites belonging to Bill O'Reilly, Ann Coulter and Rudy Giuliani.
Computer scientists have carried out one of the first detailed security analyses of the security implications of increased use of computer systems in cars, finding systems surprisingly easy to hack or disrupt.
Now this is a pretty surprising figure, we all know Phishing has become a big issue in recent years especially for financial institutions, but it still amazes me two-thirds of all attacks can come from a single group!
Security experts have discovered a tool that can be used to initiate denial-of-service attacks using micro-blogging site Twitter. A tool that lets criminals infect other PCs and turn them into 'bots' controlled through Twitter has been spotted by security experts.
Twitter followers can now learn a new skill, hacking or at the very least, how to think like a hacker to be protect themselves.
Hackers have begun using compromised servers instead of client PCs to launch more powerful denial of service attacks. Hundreds of web servers are infected with a DoS application that transforms them into zombie drones, according to database security firm Imperva.
The development team behind the Drupal module Context have released version 6.x-2.0-rc4, which fixes a cross-site scripting (XSS) vulnerability when displaying block descriptions. If a user with 'administer blocks' permission clicks on a crafted link, JavaScript contained in the link is executed with the privileges of the Drupal page. Attackers can exploit this to gain access to a system.
A (nearly) new attack method is reportedly able to bypass anti-virus software for Windows in order to, for example, load infected drivers, despite protection mechanisms. The attack, developed by Matousec.com, makes use of the fact that many anti-virus programs hook into the kernel's System Service Descriptor Table (SSDT) in order to monitor program behaviour.
Security company Secunia is warning of a critical vulnerability in Apple's Safari browser. The current version (4.0.5) and possibly older versions are affected. If a user visits a website containing the exploit using the Windows version of Safari, the site can compromise the system and either crash the browser or execute malicious code. The problem is caused by an error in the way the browser deals with pop-ups.
According to various reports, in the past few days a number of websites created using WordPress have been hacked. While the attack initially appeared to be limited to web sites hosted by American ISP DreamHost, it has since become apparent that blogs hosted at GoDaddy, Bluehost and Media Temple have also been affected.
A lack of knowledge and awareness about how to use Linux mail servers could be contributing to the disproportionately large number of Linux machines being exploited to send spam, according to new Symantec Hosted Services research.
Over a month has elapsed since the years-long investigation and prosecution of TJX hacker Albert Gonzalez came to a dramatic end, with Gonzalez sentenced to 20 years in prison for the largest identity theft case in U.S. history.
One year after his Black Hat talk on Automated Teller Machine security vulnerabilities was yanked by his employer, security researcher Barnaby Jack plans to deliver the talk and disclose a new ATM rootkit at the computer security conference.
Dodgy salesmen in China are making money from long-known weaknesses in a Wi-Fi encryption standard, by selling network key-cracking kits for the average user.
The US public prosecutor has charged a 19-year old man with attempting to reprogram cash machines. The man planned to exploit configuration options on cash machines manufactured by Tranax, which allow note denomination settings to be altered after entering a specific key sequence from the keypad (Tranax 1700: Enter, Clear, Cancel, 1,2,3) and a (default) password.
Once upon a time, only computer geeks were smart enough to be cyber-criminals. Now, anyone with enough cash can become one. WebAttacker, CrimePack, IcePack and dozens of other do-it-yourself crime kits are available online for less than $1,000.
Criminals are increasingly attempting to conceal malware embedded in hacked websites from search engines such as Yahoo! and Google. Their aim is to prevent browsers which use technology such as Google's Safe Browsing API from sounding the alarm when a user visits a hacked website. Google's Safe Browsing API allows client applications to query Google's phishing and malware blacklist. Firefox and Google Chrome both make use of the API, which is based on Google searches of websites for suspicious code.
Social media is making hacktivism easier, especially as politically motivated online crowds come together to create distributed denial of service attacks, finds a new paper by security researcher Gunter Ollmann of Damballa.
There are matches made in heaven, and on the other side of the spectrum, there is David Wang's accomplishment: booting Google's Android operating system on Apple's iPhone Wang, the "planetbeing" member of the a group called the iPhone Dev Team devoted to hacking iPhones, on Wednesday posted a video demonstrating Android on an iPhone.