Linux Hacks & Cracks - Page 76

We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.

U.S. Investigation into China-Backed Telecom Companies Hack: The Role & Risks of Encryption Backdoors

U.S. authorities are on high alert as they investigate an alleged Chinese state-sponsored hack targeting major U.S. telecommunications companies. This attack has reignited debate about encryption backdoors, an ongoing contention a...
Oct 16, 2024
  0

FASTCash Linux Malware: A New Cybercrime Menace Targeting Payment Switch Systems

As malware threats evolve to increasingly target Linux ...
Oct 16, 2024
  0
32.Lock Code Circular Esm H115

The Infiltration of Supply Chain Attacks in Open-Source Software Management

Open-source projects are renowned for their collaborati...
Oct 15, 2024
  0
30.Lock Globe Motherboard Esm H115

Discover Hacks/Cracks News

Thousands of Web sites stung by mass hacking attack

Thousands of Web sites stung by mass hacking attack

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Looks like a combination of easily avoidable attack vectors and uninformed users clicking on things they shouldn't.As many as 40,000 Web sites have been hacked to redirect unwitting victims to another Web site that tries to infect PCs with malicious software, according to security vendor Websense. The affected sites have been hacked to host JavaScript code that directs people to a fake Google Analytics Web site, which provides data for Web site owners on a site's usage, then to another bad site, said Carl Leonard, threat research manager for Websense.

Members Of Legendary 90s Hacker Group Relaunch Password-Cracking Tool

Members Of Legendary '90s Hacker Group Relaunch Password-Cracking Tool

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Another article discussing the legendary l0phtcrack password cracking and auditing tool. Works on crypt, NTLM Windows passwords, and many other types. Great stuff. It's official: The famous password-cracking tool L0phtCrack is back, and its creators plan to keep it that way. L0phtCrack 6 tool, released Wednesday, was developed in 1997 by Christien Rioux, Chris Wysopal, and Peiter "Mudge" Zatko from the former L0pht Heavy Industries -- the hacker think tank best known for testifying before Congress that it could shut down the Internet in 30 minutes. In January of this year, Rioux, Wysopal, and Zatko bought back L0phtCrack from Symantec, and later announced they would build a new version of the tool with support for 64-bit Windows platforms and other new features.

Googles Chrome was hackable at Pwn2Own contest

Google's Chrome was 'hackable' at Pwn2Own contest

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Although Google's Chrome was the only browser left standing after March's Pwn2Own hacking contest, it was vulnerable to the same bug that a German college student used to bring down Apple's Safari, Google acknowledged this week. Although Google patched the Chrome vulnerability May 7, it waited until last Wednesday to reveal that the bug was the same WebKit flaw that Apple patched the day before.

SSH server attacks resurface

SSH server attacks resurface

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Updated linkSecurity researchers are warning administrators to secure their servers in the wake of new Secure Shell (SSH) attacks. Researchers at security firm SANS warned that so-called 'brute force' attacks were occurring on a "daily" basis. The article isn't clear whether this includes OpenSSH. Does anyone have any further knowledge? I haven't seen any advisories for it.

Feds Indict Alleged Cisco, NASA Hacker

Feds Indict Alleged Cisco, NASA Hacker

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

I found this indictment particularly interesting because it reaches across to another country, so there must have been substantial coordination with foreign authorities.A federal grand jury has indicted a Swedish man for allegedly hacking into networks at Cisco Systems and NASA. According to news reports, Philip Gabriel Pettersson, a 21-year-old man known as "Stakkato," faces five counts of intrusion and trade secret theft. He's accused of stealing programming information.

Pirate Bay attorney outlines arguments for appeal

Pirate Bay attorney outlines arguments for appeal

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

The Pirate Bay battle with the courts has been going on for quite some time. This one looks pretty serious. The judge had a conflict of interest--that's one argument that will be used in appealing the Pirate Bay verdict, an attorney of one of the defendants told CNET News on Friday. Peter Sunde, Gottfrid Svartholm Warg, Fredrik Neij, and Carl Lundstr

Web 2.0 Environs Are Now Hackers Favorite Target

Web 2.0 Environs Are Now Hackers' Favorite Target

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Web 2.0 sites are now the premier target for hackers, amounting to 21 percent of all reported hacking incidents, according to a report issued yesterday. The study by the Secure Enterprise 2.0 Forum, an organization devoted to the secure use of social media at work, says that Web 2.0 sites are now attacked more frequently than sites operated by the media (18 percent) and retail businesses (13 percent).

Internet threats rise by two-thirds in April

Internet threats rise by two-thirds in April

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

The number of web-based threats soared by nearly two-thirds in April, according to new figures from managed security vendor Network Box. The firm said that the 63 per cent rise in internet threats was due in large part to phishing attacks, which represented one in four of the threats.

Wanted: Computer hackers ... to help government

Wanted: Computer hackers ... to help government

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Wanted: Computer hackers. Federal authorities aren't looking to prosecute them, but to pay them to secure the nation's networks. General Dynamics Information Technology put out an ad last month on behalf of the Homeland Security Department seeking someone who could "think like the bad guy." Applicants, it said, must understand hackers' tools and tactics and be able to analyze Internet traffic and identify vulnerabilities in the federal systems.

The First Botnet To Attack Linux Systems

The First Botnet To Attack Linux Systems

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Have you ever installed updates on your embedded devices such as wireless access points and gateway devices? Once in, it locks out other administrators with a series of iptables commands and then connects to the botnet over IRC. The botnet does not target Windows systems, at least not directly. The initial DroneBL blog on this botnet estimates its size at 100,000 units, which I consider to be impressively large.

Intel Exploit Code To Be Released Today?

Intel Exploit Code To Be Released Today?

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Could just be FUD but if it's not, get ready: This is the scariest, stealthiest, and most dangerous exploit I've seen come around since the legendary Blue Pill! No, I'm not just trying to sensationalize this or spread fear, uncertainty and doubt. This is serious and represents a massive new security threat for us all. Security Researchers Joanna Rutkowska and Loic Duflot are planning to release a research paper + exploit code for a new SMM (System Management Mode) exploit that installs via an Intel

PandaLabs 2009 Predictions: Malware Will Increase In 2009

PandaLabs' 2009 Predictions: Malware Will Increase In 2009

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Glendale, CA (PRWEB) December 21, 2008 -- PandaLabs, Panda Security's malware analysis and detection laboratory, today announced that a significant increase in the volume of malware (viruses, worms, Trojans, etc.) is expected in 2009. Panda Security's laboratory detected more malware strains in the eight months between January and August of 2008 than in the previous 17 years combined. What is your prediction on Malware in 2009? Will it increase? This article states some reasons on why PandaLabs thinks that Malware will increase in 2009.

Linux Role in Botnets Studied

Linux Role in Botnets Studied

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Researchers at a major security vendor are exploring the extent to which Linux systems - especially servers - are involved in the botnet plague. A six-year old Linux virus is still in circulation, and Sophos suspects the high uptime exhibited by servers (compared with the typical home or office Windows PC that spends much of the day switched off or asleep) makes them valuable to bot-herders as central control points. What do think is the role of Linux in Botnets. This article presents a study on the relationship between Linux and Botnets.

Plaintext Recovery Attack Against SSH

Plaintext Recovery Attack Against SSH

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

The OpenSSH team has been made aware of an attack against the SSH protocol version 2 by researchers at the University of London. Unfortunately, due to the report lacking any detailed technical description of the attack and CPNI's unwillingness to share necessary information, we are unable to properly assess its impact. Have you heard about the latest reported attack on the SSH protocol version 2? Do you think the SSH team made the right decision in not doing an emergency release? If you are interested in ways to prevent this attack, please read on...

Prominent Web Sites Have Serious Coding Flaw

Prominent Web Sites Have Serious Coding Flaw

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Cross-site request forgery flaw on several prominent Web sites allows an attacker to perform actions on behalf of a victim who is already logged into the site Two Princeton University academics have found a type of coding flaw on several prominent Web sites that could jeopardize personal data and in one alarming case, drain a bank account. The type of flaw, called cross-site request forgery (CSRF), allows an attacker to perform actions on a Web site on behalf of a victim who is already logged into the site. Have you hear about the news that two Princeton University academics have published security flaws in some high traffic sites? Why do you you think these sites are taking their time in fixing the problem?

Open source Release Takes Linux Rootkits Mainstream

Open source Release Takes Linux Rootkits Mainstream

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

The art of burying invisible malware deep inside a Linux machine is about to go mainstream, thanks to a new open-source rootkit released Thursday by Immunity Inc., a firm that supplies tools for penetration testers. When implemented, Immunity's DR, or Debug Register, makes backdoors and other types of malware extremely difficult to detect or eradicate. It's notable because it cloaks itself by burrowing deep inside a server's processor and availing itself of debugging mechanisms available in Intel's chip architecture. The rootkit, in other words, mimics a kernel debugger. Rootkits are a treat that every computer user should think about. This article discusses one type of Linux rootkit which tries to mimics a kernel debugger.

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved