Linux Hacks & Cracks - Page 70
We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
Reports have surfaced that Internet Explorer users are not the only targets of the Zeus banking Trojan - Firefox users are now also under threat.
This is a seminal piece of writing from the underground, forgotten by many but adored by many more. It still resonates with me and has as much meaning as it did back in the day when I first read it in Phrack Issue 7.
Security experts at Trend Micro have identified a new Trojan spreading from Japan which threatens to post the internet history of infected users.
Turkish hackers have attacked several Armenian websites ahead of annual commemorative remembrances of the Armenian Genocide. On April 12th, more than 250 sites were impacted when cyber terrorists attacked a server hosting sites including https://www.armeniachat.com https://armeniasearch.com/ according to the owner of the sites (who wishes to remain anonymous), ANCA Communications Director Elizabeth Chouljian told PanARMENIAN.Net.
A group of Romanian activists has hacked two Telegraph subdomains in response to a Top Gear episode mocking the country and casting Romanians as gypsies. Two subdomains of The Daily Telegraph's website have been defaced by a group of Romanian hackers.
According to several reports by anti-virus vendors, criminals have attempted to exploit an unpatched hole in Adobe Reader disclosed about two weeks ago to infect Windows PCs. The relevant malware includes the particularly dangerous ZeuS bot. The specially crafted documents are apparently sent to users as email attachments.
After informing a researcher just a few days ago that
This is not the first time Apache.org has been hacked, it was comprised back in September 2009 using SSH keys. This time another targeted attack against the site was successful and allowed the attackers to capture the passwords of users logging into the bug-tracking service.
Combining a cross-site scripting (XSS) vulnerability with a TinyURL redirect, hackers successfully broke into the infrastructure for the open-source Apache Foundation in what is being described as a "direct, targeted attack."
Hundreds of WordPress blogs were hacked during the past few days by attackers who pilfered blogger credentials stored in plain text in the database. The researchers who discovered the attacks say a design flaw in the WordPress blogging platform was the underlying problem because by default it allows users to set up permissions that let anyone read their blog's wp-config.php file configuration files, and because WordPress stores the bloggers' credentials in plain text.
The massive hacking by a Chinese espionage network into the Indian Government
IT security firm Sophos has conducted a new research which reveals the automated tools used by Search Engine Optimisation (SEO) hackers and how companies can protect themselves. Sophos said the business of using blackhat SEO techniques to impregnate legitimate sites has become a huge money-spinner for cybercriminals.
Security researcher Jeremy Conway says he has discovered a way to spread malicious code across PDF documents on a victim's computer. The attack leverages a flaw in the way the PDF file format works, adding malicious data to legitimate PDF files that could then be used to attack anyone who opens them.
It's not clear why Linux fans would even want to run it on a PS3, "when a console is NOTHING but 'DRM... in a box'" says Slashdot blogger hairyfeet. "Even when [Sony] allowed Linux you didn't get access to the full machine -- no GPU access -- which left it an underpowered POWER based PC."
As the iPad rolls out across the United States on Saturday, one developer appears to have gone rogue already. Jonathan E. Vi, one of the few developers to actually get an iPad in advance of the launch, has rigged it to run Apple's old Newton personal data assistant from the '90s. Fire up the Newton emulator app, and the iPad's screen changes to that muted green color with dim gray text and the old Mac fonts.
A security researcher has demonstrated a mechanism that exploits PDF files without taking advantage of any particular vulnerabilities. Didier Stevens' proof of concept exploit relies on running an executable embedded in a PDF file - something that ought to be blocked - by launching a command that ultimately runs an executable.
Spamhaus has uncovered a fake spam filter company which was pirating and selling DNSBL data stolen from major anti-spam sysjavascript:submitbutton('save');tems including Spamhaus, CBL and SURBL, republishing the stolen data under the name "nszones.com".
iPhone hacker George Hotz, aka "GeoHot," was able to finally crack the PlayStation 3... three years after the system's release. He praised the hardware for its security, but now that Sony has responded by removing the Linux capabilities of the PlayStation 3 entirely, the hacker has decided to fight back, warning gamers not to update their systems until he finds a way to keep the Other OS option on the PlayStation 3.
The techniques used by unloveable rogues who automate search engine manipulation attacks themed around breaking news to sling scareware have been unpicked by new research from Sophos.
A smattering of security stories reveals the ongoing challenges to protecting systems and data. From the discovery of the first serious iPhone 3G exploit to the sighting of a new Captcha-conquering bot, the past week has proven interesting in the world of IT security, so much so that I've decide to take a look at several of stories that have cropped up, rather than doing my regular deep-dive into a specific topic.