Linux Hacks & Cracks - Page 74
We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
A hacker in the Netherlands broke into some jailbroken iPhones and sent text messages to the owners asking them to pay to find out how to secure their phones, according to postings in a Dutch forum called Tweakers.net.
Symantec is warning about a new Trojan horse that encrypts files on compromised computers but offers no ransom note like other software designed to hold data hostage for a fee.
IT security and data protection firm Sophos is warning internet users who have visited the Gizmodo technology and gadget blog to scan their computers after it was revealed that the website was delivering adverts laced with malware last week.
Wal-Mart was the victim of a serious security breach in 2005 and 2006 in which hackers targeted the development team in charge of the chain
We're reported in the past on hacks of the President's campaign web site barackobama.com, still used for political campaigning: This one on January 26, 2009 served malware to users and this one from April 21, 2008 redirected users to the Hillary Clinton campaign site (note: Friends of Hillary is still taking contributions).
Malware writers today always try to conceal their identities, right? Wrong
A blogger helping to tune a friend's wi-fi network uncovered a gaping security hole in Wi-Fi cable modem routers installed in 64,000 Time Warner subscribers' homes, leaving them open to attack.
While there are an infinite number of social engineering exploits, typical ones include the following: Stealing passwords: In this common maneuver, the hacker uses information from a social networking profile to guess a victim's password reminder question. This technique was used to hack Twitterand break into Sarah Palin's e-mail.
Full-disk encryption is often heralded as a panacea to the huge problems of data breaches and laptop thefts, and with good reason. Making the data on a laptop or other device unreadable makes the machine far less attractive or valuable to a thief. However, researchers are showing that this solution has its share of weaknesses, too.
Figures from Sweden suggest six out of ten P2P users have stopped or significantly reduced their unlicensed file sharing, AFP reports.
Thousands of accounts on web-based e-mail system Hotmail have been compromised in a phishing attack, software giant Microsoft has confirmed.
SOME LAZY Linux administrators are living in a dreamworld where they believe their systems are secure just because they use Linux, according to an insecurity expert. Peter Hansteen claims that a third round of low-intensity, distributed bruteforce password attacks is now in progress because of sloppy admin practices on Linux systems. So far about a thousand servers have been compromised.
On the Noisebridge hacker mailing list, security specialist Jacob Appelbaum has published an SSL certificate and pertinent private key that together allow web servers to avoid triggering an alert in vulnerable browsers - irrespective of the domain for which the certificate is submitted. Phishers, for example, could use the certificate to disguise their servers as legitimate banking servers
Fully functional exploit code for the (still unpatched) Windows SMB v2 vulnerability has been released to the public domain via the freely available Metasploit point-and-click attack tool, raising the likelihood for remote in-the-wild code execution attacks.
Recently, a Russian security researcher discovered a 100-node Linux "cluster" that was running a botnet which was, in turn, connected to a group of desktop machines. Altogether these machines were serving up malware.
Malware developers are going open source in an effort to make their malicious software more useful to fraudsters. By giving criminal coders free access to malware that steals financial and personal details, the malicious software developers are hoping to expand the capabilities of old Trojans.
Eastern European hackers are offering to crack into any Facebook account for a fee of $100, payable online through Western Union, though circumstantial evidence suggests that the scheme might just as easily be geared towards ripping-off potential clients while delivering nothing.
A denial of service attack that took down Internet access in parts of China earlier this year has been attributed to an over-enthusiastic game provider trying to take down rivals. Police in Foshan, a city in Guangdong, have announced that they arrested four individuals for the attack, noting that they would go to trial sometime in the mysterious future.
A newly exposed cross-site scripting (XSS) vulnerability in Twitter lets an attacker wrest control of a victim's account merely by sending him or her a tweet. U.K. researcher James Slater reported the serious flaw earlier this week, and now says Twitter's fix in response to his disclosure doesn't actually fix the problem.
Hacker Ehud Tenenbaum has pleaded guilty in connection to charges of fraud that netted millions of dollars from banks in Indiana, Florida, Texas and California, according to the U.S. Attorney's office in New York.