| The Daily Show With Jon Stewart | Mon - Thurs 11p / 10c | |||
| Appholes | ||||
| ||||
Thursday, April 29, 2010
John Stewart on the Apple/Gizmodo Debacle....
Check this out... :)
Wednesday, April 28, 2010
Inside The Brains Of A Professional Bank Hacking Team
A great blog post about the social networking side of a professional bank hack. The guys at the SNOsoft research team are real professionals....
Hacking Your Bank
We were recently hired to perform an interesting Advanced Stealth Penetration test for a mid-sized bank. The goal of the penetration test was to penetrate into the bank’s IT Infrastructure and see how far we could get without detection. This is a bit different than most penetration tests as we weren’t tasked with identifying risks as much as we were with demonstrating vulnerability…
The first step of any penetration test is reconnaissance. Reconnaissance is the military term for the passive collection of intelligence about an enemy prior to attacking that enemy. It is technically impossible to effectively attack an enemy without first obtaining actionable intelligence about the enemy. Failure to collect good intelligence can result in significant casualties, unnecessary collateral damage and a completely failed attack. In penetration testing, damages are realized by downed systems and a loss of revenue.
More Here...
Hacking Your Bank
We were recently hired to perform an interesting Advanced Stealth Penetration test for a mid-sized bank. The goal of the penetration test was to penetrate into the bank’s IT Infrastructure and see how far we could get without detection. This is a bit different than most penetration tests as we weren’t tasked with identifying risks as much as we were with demonstrating vulnerability…
The first step of any penetration test is reconnaissance. Reconnaissance is the military term for the passive collection of intelligence about an enemy prior to attacking that enemy. It is technically impossible to effectively attack an enemy without first obtaining actionable intelligence about the enemy. Failure to collect good intelligence can result in significant casualties, unnecessary collateral damage and a completely failed attack. In penetration testing, damages are realized by downed systems and a loss of revenue.
More Here...
Facebook from the Hackers Perspective
This is old, a year plus old to be exact but is great stuff anyways....
Facebook from the hackers perspective.
For the past few years we've (Netragard) been using internet based Social Networking tools to hack into our customer's IT Infrastructures. This method of attack has been used by hackers since the conception of Social Networking Websites, but only recently has it caught the attention of the media. As a result of this new exposure we've decided to give people a rare glimpse into Facebook from a hackers perspective. Credit for designing this specific attack methodology goes to Kevin Finisterre and Josh Valentine both core members of our team.
Lets start off by talking about the internet and identity. The internet is a shapeless world where identities are not only dynamic but can't ever be verified with certainty. As a result, its easily possible to be one person one moment, then another person the next moment. This is particularly true when using internet based social networking sites like Facebook (and the rest).
More Here...
Facebook from the hackers perspective.
For the past few years we've (Netragard) been using internet based Social Networking tools to hack into our customer's IT Infrastructures. This method of attack has been used by hackers since the conception of Social Networking Websites, but only recently has it caught the attention of the media. As a result of this new exposure we've decided to give people a rare glimpse into Facebook from a hackers perspective. Credit for designing this specific attack methodology goes to Kevin Finisterre and Josh Valentine both core members of our team.
Lets start off by talking about the internet and identity. The internet is a shapeless world where identities are not only dynamic but can't ever be verified with certainty. As a result, its easily possible to be one person one moment, then another person the next moment. This is particularly true when using internet based social networking sites like Facebook (and the rest).
More Here...
Tuesday, April 27, 2010
Hyper Social Craziness Continues.....Why Social Sites Can Be A Very Bad Thing.
As if we needed another example of why this social-networking-sharing-everything-you-have craze is a bad thing, up pops this story from The Register about a little information sharing site called Blippy. The premise of Blippy is to find out what your friends are buying by registering and Blippy shows your "friends" what you bought on your credit card.....You can already see where this is heading right? So do you really want to give your credit card to someone else online? Do you really trust people that much?
Inevitably, because of a process that was still ingrained in Blippy's site from the beta-testing days, 4 user's CREDIT CARD numbers were publicly searchable via a simple Google search. This is the kind of thing that can get a CSO fired or in Blippy's case, get around to hiring one.
So what is it about us that makes us want to share every little detail about ourselves and our lives with everyone, even random strangers? What makes people so trusting to think that there isn't someone just waiting to take whatever they can from you? After all the stories about stolen identities and phishing scams you would think people would start to listen and take notice.....But that may be to much to ask for.
Full Story Here.....
Inevitably, because of a process that was still ingrained in Blippy's site from the beta-testing days, 4 user's CREDIT CARD numbers were publicly searchable via a simple Google search. This is the kind of thing that can get a CSO fired or in Blippy's case, get around to hiring one.
So what is it about us that makes us want to share every little detail about ourselves and our lives with everyone, even random strangers? What makes people so trusting to think that there isn't someone just waiting to take whatever they can from you? After all the stories about stolen identities and phishing scams you would think people would start to listen and take notice.....But that may be to much to ask for.
Full Story Here.....
Thursday, April 22, 2010
Facebook b0rks privacy AGAIN.....
Facebook has opted you in to their "Instant Personalization" program which allows select partners to personalize their features with YOUR public information. Your public information is categorized as anything you have made visible to "everyone", or if you haven't touched your privacy settings this amounts to pretty much anything you put on Facebook as well as your publicly available information. Such information includes your Name, Profile Picture, Gender, Current City, Networks, Friend List and Pages.
If you have adjusted your Facebook privacy settings then good for you, you are a step ahead of the game, If you haven't then you need to get into the Privacy Settings within Facebook and start making it harder for people you don't know to get your information. I know what you're saying, there really isn't anything on Facebook that someone can do bad things with, but information is power. The more information a bad guy has about you the easier it makes it for him to steal your identity, your money, you name it.....and good luck getting that mess cleaned up.
Thanks to Jack Mannino for pointing this out and Mubix for re-tweeting it...
If you have adjusted your Facebook privacy settings then good for you, you are a step ahead of the game, If you haven't then you need to get into the Privacy Settings within Facebook and start making it harder for people you don't know to get your information. I know what you're saying, there really isn't anything on Facebook that someone can do bad things with, but information is power. The more information a bad guy has about you the easier it makes it for him to steal your identity, your money, you name it.....and good luck getting that mess cleaned up.
Thanks to Jack Mannino for pointing this out and Mubix for re-tweeting it...
Thursday, April 15, 2010
10 Password Commandments « securityphile
10 Password Commandments from SecurityPhile
Password management is a two-way effort. The website you are signing up for should have secure, effective controls in place to protect your password. As a user, you need to protect your password as best as you can.
Here is how you do you part:
Tuesday, April 13, 2010
Apache gets Pwned and goes the route of Full Disclosure.....
There are some bigwigs in corporate-land that could learn alot from the Apache infrastructure team.
FX said it best "From XSS to root, an incident documentation by the Apache infrastructure team:"
More Here...
FX said it best "From XSS to root, an incident documentation by the Apache infrastructure team:"
More Here...
Subscribe to:
Posts (Atom)
Posts
