Linux Hacks & Cracks - Page 75
We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
Everything has security problems, even Linux. An old and obscure problem with the gcc compiler was recently discovered to have left a security hole in essentially every version of Linux that anyone is likely to be running. Here's what you need to know about fixing it.
This week's disclosure that the huge data thefts at Heartland Payment Systems and other retailers resulted from SQL injection attacks could finally push retailers into paying serious attention to Web application security vulnerabilities, just as the breach at TJX focused attention on wireless issues.
The same guy responsible for the TJX breach, and now serving time, is now accused of stealing 130 million credit cards from 7-Eleven and two unnamed retail chains. The best part is that he once worked with federal authorities to identify co-conspirators in another online theft.The man who prosecutors said had masterminded some of the most brazen thefts of credit and debit card numbers in history was charged on Monday with an even larger set of digital break-ins, The New York Times
The constellation of hacks connected to the TJX hacker is growing. Albert
Tavis Ormandy and Julien Tinnes have discovered a severe security flaw in all 2.4 and 2.6 kernels since 2001 on all architectures. Since it leads to the kernel executing code at NULL, the vulnerability is as trivial as it can get to exploit: an attacker can just put code in the first page that will get executed with kernel privileges.
First reports of a vulnerability apparently discovered by Microsoft at the start of this year, appeared in mid June. The vulnerability could reportedly be used to carry out man-in-the-middle attacks on HTTPS connections. Mozilla classed the risk as high and released corresponding patches for its browser. It has now become clear that the vulnerability affects many other browsers.
A New Jersey hacker has been arrested after he broke into a site owner's account, transferred the domain name ownership to himself, and then sold it to an NBA player.
At the Black Hat security conference in Las Vegas, Mandiant security researchers Peter Silberman and Steve Davis are releasing a new forensic framework on Wednesday that will make it possible to detect whether or not a host was hit by Metapsloit's meterpreter. The new tool could change the game when it comes to Metasploit-based attacks that previously could not be identified on the target machine.
When was the last time you heard about a Linux security vulnerability that was not fixed for more than a year? This article talks about how Microsoft has ineffectively handled a significant vulnerability present in all versions of Windows, and only with Black Hat coming are they finally addressing it.On Tuesday, Microsoft will slap a permanent patch on a video streaming ActiveX control used by Internet Explorer (IE), addressing a vulnerability that it has known about, but not fixed, for more than a year. Two weeks ago, Microsoft issued a "kill bit" update that, rather than address the underlying problem, disabled the ActiveX control to stymie attacks that were already in progress. It's also slated a fix for Visual Studio, Microsoft's popular development platform.
The Twitter document leak fiasco started with a simple story that personal accounts of Twitter employees were hacked. Twitter CEO Evan Williams commented on that story, saying that Twitter itself was mostly unaffected. No personal accounts were compromised, and
A recently published attack exploiting newer versions of the Linux kernel is getting plenty of notice because it works even when security enhancements are running and the bug is virtually impossible to detect in source code reviews.
Attackers have used a configuration error in the Xoops content management system to access the main web server of the CentOS project. According to Ralph Angenendt, system administrator at CentOS, no data has been injected into the system or stolen from it. He also stated that the server had not been used to send spam. As a precaution though, all users of the CMS will need to get a new password for the CMS through the Xoops lost password system.
In the US a 19-year-old phreaker (or phone phreak) has been sentenced to more than eleven years in prison because he placed numerous emergency calls resulting in the dispatch of special police units or SWAT teams (Special Weapons and Tactics). The SWAT teams arrived at the locations from which the calls were placed only to find sleeping families. Such incidents are increasingly common in the US, giving rise to the term swatting.
A Pennsylvania man has been charged with allegedly launching distributed denial-of-service (DDoS) attacks against at least nine Web sites, including Rolling Stone magazine's site, which was attacked multiple times for nearly a year.
In a move to close the door on the largest reported retail data breach in history, TJX announced Tuesday that it has settled with 41 states who were probing the discount merchant's data security practices. TJX, which operates more than 2,500 outlets nationwide, agreed to pay $9.75 million to settle investigations by 41 state attorneys general, who were looking into the monster breach, announced in January 2007, that exposed as many as 94 million credit and debit card numbers.
It has just become apparent that, on June 16, attackers hacked into the web server of the SquirrelMail open source project. The operators have suspended all accounts and reset all crucial passwords. Access to the original server and to all the available plug-ins has also been disabled. The operators believe that none of the plug-ins has been compromised, but investigations are still in progress. Third party plug-ins can be used to add features to SquirrelMail.
In the third of a three-part Q&A series with hackers, Lamo, now 28, talks about his "hack value," his remorse for the trouble he caused network administrators, and how he hopes to make people smile. Q: How did you get started hacking? I was around computers as a very young child. I had a Commodore 64 when I was like 6 or so. And my first interest in seeing how things worked behind the scenes wasn't all about technology necessarily, and my interest in what you might call hacking isn't really primarily about technology...It's not sexy when I'm exploring less obvious aspects of the world that don't involve multibillion-dollar corporations. There's a certain amount of tunnel vision there.
Writing buggy applications is a cinch--for decades, the world's software developers have been proving that with just about every program they release. Truly interesting bugs, however, are a relatively rare breed. I'm talking about the kind that cause technology products and services to stop working for extended periods, or that prompt them to behave as if they were possessed or harbored grudges against the humans who use them. And even though the bugs themselves usually stem from mundane errors such as typos or faulty math, their symptoms are anything but boring.
There is no question who the most famous hacker is. One of the first computer hackers prosecuted, Kevin Mitnick was labeled a "computer terrorist" after leading the FBI on a three-year manhunt for breaking into computer networks and stealing software at Sun, Novell, and Motorola. In the first in a three-part Q&A series with hackers, CNET News talked to Mitnick, now 45, about what got him interested in computers in the first place, the differences between hacking today and three decades ago, and whether it's wise to hire a former black hat hacker to do security work.
Hacking contests never seem to go well. Back in 2002, ZDNet wrote about a $100K hacking contest ends in free-for-all. Don't people remember history?Hackers love a challenge. And more than that, they love cash. That's what Telesign found out this week. A provider of voice-based authentication software, the company challenged hackers to break into its StrongWebmail.com Web site late last week. The prize? US$10,000. On Thursday, a group of security researchers claimed to have won the contest, which challenged hackers to break into the Web mail account of StrongWebmail CEO Darren Berkovitz and report back details from his June 26 calendar entry.