Linux Hacks & Cracks - Page 73
We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
U.S. authorities are investigating the theft of an estimated tens of millions of dollars from Citibank by hackers partly using Russian software tailored for the attack, according to a news report. The security breach at the major U.S. bank was detected mid-year based on traffic from Internet addresses formerly used by the Russian Business Network gang, The Wall Street Journal said Tuesday, citing unnamed government sources.
Hackers redirected Twitter.com's traffic to a rogue website for more than an hour last week by accessing its DNS records using an account assigned to Twitter, according to the company that manages Twitter's DNS servers said today.
News, overnight of the latest in Twitter security mishaps, and in this case a quantifiable screw-up
A hacker was able to break into the database of RockYou and obtain 32 million clear-text passwords through an SQL vulnerability. Researchers at database security firm Imperva discovered the flaw in RockYou.com, which provides applications and services for social networking sites like Facebook and MySpace.
At the beginning of this decade, Microsoft represented a cybercriminal's dream target: universally-used software, brimming with bugs ready to be exploited to hijack users' PCs. But as the software giant has slowly cleaned up its security flaws, hackers are looking toward another vendor whose products are nearly as ubiquitous and whose bounty of vulnerabilities are just being discovered: Adobe.
Already closed in Opera, Firefox and Chrome, the format string vulnerability caused by a flawed implementation of the dtoa C function for converting floating point numbers into strings (double to ascii) is creating further ripples. Maksymilian Arciemowicz, who discovered the problem, has released several advisories stating that the Thunderbird 2.x email client, as well as the Sunbird 0.9 calendar application and the Flock and Camino browsers, are or were also affected.
A Romanian hacker has posted a proof-of-concept attack exploiting vulnerabilities on the Pentagon's public Website that were first exposed several months ago and remain unfixed. The hacker, who goes by Ne0h, demonstrated input validation errors in the site's Web application that allow an attacker to wage a cross-site scripting (XSS) attack.
Two NASA sites recently were hacked by an individual wanting to demonstrate that the sites are susceptible to SQL injection. The websites for NASA's Instrument Systems and Technology Division and Software Engineering Division were accessed by a researcher, who posted to his blog screen shots taken during the hack.
The world is not only losing the war against spam, the situation might be about to get a whole lot worse with the emergence of a new type of automatic botnet able to thrive without direct human control, Symantec's MessageLabs division has warned.
A new phishing campaign is designed to steal FTP credentials from website owners so the fraudsters can set up fake bank websites, a security firm warned Monday. The messages appear to come from web hosting providers, such as Yahoo, according to researchers at Trusteer.
Miscreants took advantage of weak security to hack into two NASA-run websites over the weekend. The websites of NASA's Instrument Systems and Technology unit and Software Engineering division were broken into and screenshots illustrating the hack posted online.
The lack of malware on Linux may be about to change after a developer admitted he has developed a 'package of malware for Unix/Linux' A developer who claims he is tired of the
Mogeneration, an Australian software company, has hired the author of the first iPhone worm, Ashley Towns, to develop applications for the iPhone App Store. At the beginning of November, 21 year old Towns circulated the "Ikee" worm via Australian operator Optus's UMTS network. The worm penetrates vulnerable jailbroken iPhones and spreads using open SSH connections.
Hackers have managed to find a way around one of the key antipiracy protections built into Windows 7. Ordinarily, the operating system requires users to activate their copy of Windows 7 within 30 days. However, a recently outlined method allows the normal notifications to be turned off.
Notorious spammer Alan Ralsky has been jailed for more than four years over his role in a masterminding a stock fraud spam campaign that made him an estimated $2.7m.
A Seattle computer security consultant says he's developed a new way to exploit a recently disclosed bug in the SSL protocol, used to secure communications on the Internet. The attack, while difficult to execute, could give attackers a very powerful phishing attack.
The prospect of restricting access to your database is tricky when it comes to privileged users, such as database administrators who need to keep the databases running, developers who need to tap into databases to get them to work, or super users who just need an inordinate amount of access to get their jobs done.
Researchers show how Adobe Flash can be exploited in browsers when victim visits sites that accept user-generated content. Researchers have discovered a new attack that exploits the way browsers operate with Adobe Flash -- and there's no simple patch for it.
The website of the Swedish Signals Intelligence agency (F