Linux Hacks & Cracks - Page 78

We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.

U.S. Investigation into China-Backed Telecom Companies Hack: The Role & Risks of Encryption Backdoors

U.S. authorities are on high alert as they investigate an alleged Chinese state-sponsored hack targeting major U.S. telecommunications companies. This attack has reignited debate about encryption backdoors, an ongoing contention a...
Oct 16, 2024
  0

FASTCash Linux Malware: A New Cybercrime Menace Targeting Payment Switch Systems

As malware threats evolve to increasingly target Linux ...
Oct 16, 2024
  0
32.Lock Code Circular Esm H115

The Infiltration of Supply Chain Attacks in Open-Source Software Management

Open-source projects are renowned for their collaborati...
Oct 15, 2024
  0
30.Lock Globe Motherboard Esm H115

Discover Hacks/Cracks News

Ongoing IFrame Attack Proving Difficult to Kill

Ongoing IFrame Attack Proving Difficult to Kill

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

One of the factors that make an ongoing malware attack so difficult to stop is the speed with which the assault can evolve. Over the past 12 days, an IFrame injection attack that originally focused on ZDNet Asia has been spreading across the 'Net, changing targets and payloads on an almost daily basis. An iFrame (short for inline frame) is an element of HTML that's used to embed HTML from another source into a webpage. The timeline of the attack is provided below, thanks in no small part to security consultant Dancho Danchev, who has kept a play-by-play account of the IFrame attack on his blog. Read on for an interesting analysis of the injection method and how it is leveraging SEO engines. How do you feel this should be properly mitigated and countered?

Root under fire: vmsplice() exploit

Root under fire: vmsplice() exploit

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This recent kernel exploit has been spreading around the Internet quickly in recent days. So what is it, exactly? What is it really doing and how does it allow a cracker to exploit the root privileges in your system? Jonathan Corbet chimes in with one of the best overviews of the exploit, why it's a problem, how it got here, and what's being done to address it: "Unlike a number of other recent vulnerabilities which have required special situations (such as the presence of specific hardware) to exploit, these vulnerabilities are trivially exploited and the code to do so is circulating on the net.

Firefox Bug Opens Browser to Hackers

Firefox Bug Opens Browser to Hackers

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

A new bug in Firefox could be used by attackers to scout out a system prior to mounting a more thorough assault, according to Mozilla's head of security. The flaw, said Window Snyder, Mozilla's chief security officer, is in the browser's chrome protocol - 'chrome' is the Firefox term for its user interface - as she responded to reports of the vulnerability and the public posting of a proof-of-concept exploit. What do you think about this latests Firefox bug?

DNS Attack Could Signal Phishing 2.0

DNS Attack Could Signal Phishing 2.0

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Researchers at Google and the Georgia Institute of Technology are studying a virtually undetectable form of attack that quietly controls where victims go on the Internet. The study, set to be published in February, takes a close look at "open recursive" DNS servers, which are used to tell computers how to find each other on the Internet by translating domain names like google.com into numerical Internet Protocol addresses. Criminals are using these servers in combination with new attack techniques to develop a new generation of phishing attacks. What is so new about the possible attacks on DNS servers? We all know they are very vulnerable to attack because they are so visible and important to the Internet

Exclusive: I Was a Hacker for the MPAA

Exclusive: I Was a Hacker for the MPAA

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

In an exclusive interview with Wired News, gun-for-hire hacker Robert Anderson tells for the first time how the Motion Picture Association of America promised him money and power if he provided confidential information on TorrentSpy, a popular BitTorrent search site. Read on for an account of Hollywood-style hacker plots - big bad company hires young hacker to obtain vital information, hacker uses savvy to accomplish goal, +1 to the lore of hack0rz. In actuality, the "hack" was nothing more than a weak password, and the retrieval of the "vital information" was nothing more than some reconfigurations of email forwarding. I think the most interesting (and important) aspect of this act was the fact that the hacker-for-hire "knew the network very well", showing once again that these types of attacks are almost always 90% or more planned out rather than improvised. -1 to Hollywood "I can hack anything anytime" lore. How do you feel about the MPAA's tactics?

Beware of Hackers Targeting Storage Systems

Beware of Hackers Targeting Storage Systems

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Corporate storage systems and networks are an attractive target for hackers looking to steal sensitive data or launch computer attacks, Alan Lustiger, security architect at TD Ameritrade, told an audience at Computerworld's Storage Networking World user conference in Dallas Monday Looks like NAS systems are becoming the low-hanging fruit as far as hackable network storage. The article states that the systems are most attractive due to its reliance on well-known protocols, and that these protocols could easily be studied and picked apart. This just sounds to me like a poor use of security - certain protocols have been around longer than the cast of Cocoon (ok maybe not THAT long) and yet many open-source companies maintain and secure them daily. Read on and let us know how you would defend "well known clear protocols"!

How to Turn Your Browser Into a Weapon

How to Turn Your Browser Into a Weapon

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

I wrote about three of my favorite Firefox extensions that help me stay safe when I'm browsing the darker areas of the Web and incoming email. Today, let's look at three other extensions: Those that can turn Firefox into a feature-filled, Web-hacking weapon. These extensions aren't required to use Firefox for hacking Web applications, but they certainly make it a lot easier. Should web servers be alarmed about this attack? Maybe web administrators should start using these Firefox extensions to test out how secure their web pages really are.

VMware Bugs Shine Spotlight on Virtualization Security

VMware Bugs Shine Spotlight on Virtualization Security

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Flaws in your DHCP server that allow intruders access to your whole system are not exactly what people have in mind in secure systems. Such flaws have been discovered in VMWare and are definitely worth taking a look at. Read on to see the ups and downs of VMWare in open source security - what do you think has to be done before virtual servers will be taken into the mainstream for enterprise companies?

Storm Worm Spoils Labor Day For Some

Storm Worm Spoils Labor Day For Some

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Musicians are constantly reinventing themselves in an attempt to "keep up with the times" - noone wants to be that oldies band / artist. Malware and worms do the same, this time through emailing sensationalist headlines that are too juicy to not click on. Read on for a quick overview of how worms have no vacations as well as an interesting point about these new attacks trends - they keep up with our time to stay relevant. Even the message bodies are conformed to 2007!

Hacking Intranets Through Web Interfaces

Hacking Intranets Through Web Interfaces

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Robert Hansen provides us a very intriguing paper on web application security by focusing on the attacks on intranets through web browsers. This is not to say that all servers will be vulnerable to the attacks described in the paper, rather that the web servers act as a proxy to enable certain forms of probing and attacks. Read on for a more detailed account of an increasing trend of internet hacks.

Storm Botnet Is Behind Two New Attacks

Storm Botnet Is Behind Two New Attacks

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Even with the latest layers of security in spam and virus filtering, there is still the threat of social engineering attacks that lay waste to the best security systems possible. Enter the latest Botnet attacks, this time using YouTube and "confirmation spam" as bait for unsuspecting users to infect their systems. In the world of social networking and Web 2.0 where everything "just works", how do you reach users who still believe that Windows is the internets and explain to them what social engineering is?

Nvidia has Linux Security Hole

Nvidia has Linux Security Hole

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Careful with your graphics cards - if you run Gentoo Linux and use Nvidia drivers, you could be leaving yourself open due to bad file permissions on default driver settings. Be sure to get the latest updates to the driver - unless you enjoy having your clock frequencies tuned way up by malicious hackers.

Identity Attack Spreads; 1.6M Records Stolen From Monster.com

Identity Attack Spreads; 1.6M Records Stolen From Monster.com

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Everyone wants to make sure their financial institution is secure - the bank has security cameras, their websites use the strongest encryption algorithms, the works. What do you do when another store of your own personal wealth is compromised? What if this store of wealth is your very own identity along with your entire history of accomplishments? Read on to find out why security just isn't for "banks and money" and such - the very place people invest their hopes and dreams in gaining a better career is at risk.

New E-mail Attack Designed to Bypass Antivirus Products

New E-mail Attack Designed to Bypass Antivirus Products

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Avinti, a developer of proactive e-mail security solutions, has issued a security alert about a new e-mail attack that disguises malicious code behind a seemingly harmless e-greeting. Is this just another one of theses attacks which tries to trick users in downloading a virus? What I found interesting that the articles states that theses types of emails should not be considered Spam. What do you think? This also brings up the question should spam filter's try to block theses emails or is it the responsibly of anti-virus software?

Hackers Deface UN Site

'Hackers' Deface UN Site

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This just shouldn't be happening, no matter your side of the political fence. Last Sunday resulted in the UN website being publicly defaced with political messages from the hackers. I'm saying this shouldn't be happening because the attackers used an SQL injection attack against a reported "very common vulnerability". These types of attacks are "fairly easy to avoid and very surprising to find in such a high profile site". No matter what wing we fall under, security specialists should always fall under the role of doing your job, and making sure common holes like these are patched and secured.

VoIP Hacker Talks: Service Provider Nets Easy Pickings

VoIP Hacker Talks: Service Provider Nets Easy Pickings

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Robert Moore, a 23-year old hacker from Washington, summarizes his $1 million heist of VoIP minutes. His methods involved brute-force attacks against Cisco XM routers and Quintum Tenor voice gateways in order to gain access and route calls through them. Just to clarify (FTA) - the attacks could easily have been prevented if the default passwords were changed on the routers. Even so, read on to find out how he confused the intrusion detection systems, how he gained the address to attack, and how he knew which attacks to send to which ports.

Bug Bounty Program Answers Critics

Bug Bounty Program Answers Critics

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This article brings up two interesting questions - should vendors place bounties on zero-day exploits in order to get a jump ahead in developing the signatures for the attacks? What if these signatures could be reversed-engineered to create an even deadlier exploit? Read on for a look into the cat and mouse chase of security vendors attempting to gain the upper hand on shutting down zero-day attacks, only to have their defense used against them. How do you feel about bug bounties?

Hackers click locks open at conference in US

Hackers click locks open at conference in US

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

"If you can't physically protect your computer, you are screwed," said Zac Franken, a hacker who engineered a way to outwit door locks relying on key cards. A security research from DefCon recently reported on several major vulnerabilities in some key locks used by not only home and businesses, but by the White House and Pentagon as well. Franken brings up a very obvious but often overlooked point - people leave computers on at night thinking that the building they're in is secure, but this is not the case. Read on to find out what steps Franken has taken in his attempt to report his claims.

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved