The guys over at SecurityXploded.com have released the GooglePasswordDecryptor. A free tool that recovers stored google account passwords by various applications, such as GTalk, Picasa, etc.
They have other great tools for recovering passwords too.
More Here...
Thursday, December 17, 2009
Predator drones HACKED!
Frankly I am quite surprised this didn't happen earlier. It has been known for some time that the Predator unmanned UAV drones do not use encrypted data links. By the way who was the genius that thought that would be OK? I mean really?
Check out the story here.
Check out the story here.
Tuesday, December 15, 2009
Facebook users unwittingly spread Koobface worm
Screenshot from PandaLabs
By PandaLabs
More Here...
Tuesday, December 8, 2009
Hacking service steals Wi-Fi passwords in just 20 minutes
For US$34 (£20), a new cloud-based hacking service can crack a WPA (Wi-Fi Protected Access) network password in just 20 minutes, its creator says. The WPA Cracker service bills itself as a useful tool for security auditors and penetration testers who want to know if they could break into certain types of WPA networks. It works because of a known vulnerability in Pre-shared Key (PSK) networks, usually used by home and small-business users.
More Here....
More Here....
Monday, December 7, 2009
Study: Facebook users willingly give out data
Facebook users are too willing to give out their personal information, security firm Sophos has found.
According to Sophos' Australian team, which conducted a study to see how likely Facebook users were to offer up personal information, 41 to 46 percent of the 100 people Sophos contacted "blindly accepted" friend requests from two fake Facebook users created by the security firm.
More Here....
According to Sophos' Australian team, which conducted a study to see how likely Facebook users were to offer up personal information, 41 to 46 percent of the 100 people Sophos contacted "blindly accepted" friend requests from two fake Facebook users created by the security firm.
More Here....
Wednesday, December 2, 2009
Metasploit Gets New Vulnerabilty Scanning Features
You knew this was coming....Metasploit gets Rapid7's NetXpose vulnerability scanning features in it's 3.3.1 release.
More Here....
More Here....
Tuesday, December 1, 2009
Northrop Grumman funds research group on Cybersecurity
Government security contractor Northrop Grumman has joined with three leading cybersecurity research universities to launch a research consortium focused on fixing the most vexing problems in information security.
Northrop Grumman will distribute "millions" of dollars over more than five years to Carnegie Mellon University in Pennsylvania, Purdue University in Indiana, and the Massachusetts Institute of Technology on projects to counter the most complex problems in cybersecurity, said Robert Brammer, chief technology officer of Northrop Grumman's information systems division.
More Here...
Northrop Grumman will distribute "millions" of dollars over more than five years to Carnegie Mellon University in Pennsylvania, Purdue University in Indiana, and the Massachusetts Institute of Technology on projects to counter the most complex problems in cybersecurity, said Robert Brammer, chief technology officer of Northrop Grumman's information systems division.
More Here...
Clientless SSL VPNs expose corporate users to attack
"Clientless SSL VPN products from multiple vendors operate in a way that breaks fundamental browser security mechanisms, according to a warning from the U.S. Computer Emergency Response Team (US-CERT). This security problem, discussed since at least 2006, could let an attacker use these devices to bypass authentication or conduct other web-based attacks. Clientless VPN products from Juniper Networks, Cisco Systems, SonicWall and SafeNet are confirmed vulnerable."
More Here...
More Here...
Monday, November 30, 2009
Mossad installs a trojan horse on a high ranking Syrian's laptop before bombing secret facility.
In September 2007, Israeli fighter jets destroyed a mysterious complex in the Syrian desert. The incident could have led to war, but it was hushed up by all sides. Was it a nuclear plant and who gave the orders for the strike? The mighty Euphrates river is the subject of the prophecies in the Bible's Book of Revelation, where it is written that the river will be the scene of the battle of Armageddon: "The sixth angel poured out his bowl on the great river Euphrates, and its water was dried up to prepare the way for the kings from the East."
More Here...
More Here...
Tuesday, November 24, 2009
Facebook worm spreads with a lurid lure
Some Facebook users have been infected with a worm after clicking on an image of a scantily clad woman, which then redirects the victims to a pornography site, according to security researchers.
The worm posts an image on a victim's Facebook Wall with a photo of a woman in a bikini and the message "click 'da button, baby." Wall posts are viewable by a Facebook user's friends.More here....
Monday, November 23, 2009
Choose a $%^&$#$*! Strong Password!
Your digital private life has a weak point that can unlock all your secrets: your password. Whether you use a single-sign-in solution like OpenID, or have separate passwords for every account, your accounts are only as secure as your passwords.
Based on what limited data is available, the vast majority of us choose very poor passwords. A MySpace phishing attack that netted some 34,000 actual user names and passwords, revealed that the No. 1 password was password1.
More Here...
Based on what limited data is available, the vast majority of us choose very poor passwords. A MySpace phishing attack that netted some 34,000 actual user names and passwords, revealed that the No. 1 password was password1.
More Here...
New iPhone worm steals online banking codes, builds botnet
Computerworld - Hackers have borrowed a tactic from the world's first iPhone worm to build a botnet that steals data, including online banking credentials, from jailbroken Apple smartphones.
A new worm, dubbed "Duh" by U.K.-based security firm Sophos, is related to the "ikee" worm released earlier this month only in its approach, not in its code, said Chester Wisniewski, a senior security advisory with Sophos.
More here...
Microsoft confirms IE6, IE7 zero-day bug
Computerworld - Microsoft today confirmed that exploit code published last week can compromise PCs running older versions of Internet Explorer (IE), but said its security team has not yet seen any in-the-wild attacks.
The attack code, which was posted Friday to the Bugtraq security mailing list, affects both Internet Explorer 6 (IE6) and the newer IE7, Microsoft acknowledged. "Microsoft can confirm that the publicly available exploit code affects IE6 and IE7, not IE8," a company spokesman said in an e-mail reply to questions today.
IE6 and IE7 account for more than 41% of all browsers used worldwide, according to the most recent data from metrics firm Net Applications. IE8, meanwhile, has an 18.1% market share.
More Here...
Wednesday, November 18, 2009
Metasploit Framework 3.3 Released!
"We are excited to announce the immediate availability of version 3.3 of the Metasploit Framework. This release includes 446 exploits, 216 auxiliary modules, and hundreds of payloads, including an in-memory VNC service and the Meterpreter. In addition, the Windows payloads now support NX, DEP, IPv6, and the Windows 7 platform. More than 180 bugs were fixed since last year’s release of version 3.2, making this one of the more well-tested releases yet.
Metasploit runs on all modern operating systems, including Linux, Windows, Mac OS X, and most flavors of BSD. Metasploit has been used on a wide range of hardware platforms, from massive Unix mainframes to the Apple® iPhone™. Installers are available for the Windows and Linux platforms, bundling all dependencies into a single package for ease of installation. The latest version of the Metasploit Framework, as well as images, video demonstrations, documentation and installation instructions for many platforms, can be found online at http://www.metasploit.com/framework/."
More Here....
Metasploit runs on all modern operating systems, including Linux, Windows, Mac OS X, and most flavors of BSD. Metasploit has been used on a wide range of hardware platforms, from massive Unix mainframes to the Apple® iPhone™. Installers are available for the Windows and Linux platforms, bundling all dependencies into a single package for ease of installation. The latest version of the Metasploit Framework, as well as images, video demonstrations, documentation and installation instructions for many platforms, can be found online at http://www.metasploit.com/framework/."
More Here....
Anatomy of a Cyber-Espionage Attack
"Several years ago, information security analysts at a large U.S. firm noticed a huge amount of corporate network traffic headed to external servers. The data was destined for computers located in the U.S. and in foreign countries.
Reacting quickly, the analysts stanched the traffic flows but not before large amounts of corporate data had been stolen by unknown attackers.
Other large companies were also targeted during the same period. The attackers were able to process huge volumes of data, but they did so very selectively. They did not "take what they could get". They selected only specific files, a characteristic of highly professional attacks.
In addition, the attackers did not bother to view the files to verify their contents before "exfiltrating" them. This suggests that prior reconaissance missions had been conducted in which directory listings had been scrutinized beforehand and used to build a list of targets."
More Here....
Reacting quickly, the analysts stanched the traffic flows but not before large amounts of corporate data had been stolen by unknown attackers.
Other large companies were also targeted during the same period. The attackers were able to process huge volumes of data, but they did so very selectively. They did not "take what they could get". They selected only specific files, a characteristic of highly professional attacks.
In addition, the attackers did not bother to view the files to verify their contents before "exfiltrating" them. This suggests that prior reconaissance missions had been conducted in which directory listings had been scrutinized beforehand and used to build a list of targets."
More Here....
Monday, November 16, 2009
Wireless Keylogger
"The WIRELESS KEYLOGGER is a tiny plug-in device that records every keystroke typed on any PC. It can then be accessed wirelessly to obtain the recorded data. The WIRELESS KEYLOGGER combines the stealth aspect of a hardware keylogger and the remote monitoring ability of a software keylogger into one great device."
"It cannot be detected by any kind of software!"
More Here...
"It cannot be detected by any kind of software!"
More Here...
Facebook's (In)security Tested Again
"In an unusual move to bring attention to weak security within Facebook Groups, an organization called Control Your Info has infiltrated the administration of roughly 300 of those Facebook Groups.
The breach was first reported by the blog Loose Wire.
Facebook, in a statement, was careful to assert the action taken by Control Your Info was not a hijacking of those Groups, because the Groups had no administrators to hijack.
According to Control Your Info, it simply found -- through a simple Google query -- which Facebook Groups had no administrator. It then logged into the Groups as their administrator."
Monday, November 2, 2009
Dutch Hacker Holds Jailbroken iPhones Hostage For €5 Ransom While Exposing Security Vulnerability
"Many of us have jailbroken our iPhones, but did everyone remember to change the default root password? Those guilty of that oversight are vulnerable to the simple intrusion method this guy used to hold iPhones hostage in the Netherlands.
Apparently all that it took to terrify many Dutch iPhone users was a "trivial" port scanning technique and "a modicum of networking know-how." After the hacker gained access to the jailbroken phones with unchanged root passwords and SSH enabled, he sent the pictured message which led to a demand for a €5 PayPal payment and words of caution"
More Here.....
Workers Trade Password Security For Starbucks
And with a giant WHAT? I bring you this nugget of ridiculousness....
"Internet security and infrastructure company VeriSign said that 85% of participants in a "lighthearted, unscientific" survey compromised their actual password, or revealed hints about their password, for a cup of coffee.
The National Security Agency may want to spend less on code-breaking technology and more on caffeine. Internet security and infrastructure company VeriSign Inc. Thursday said that 85% of survey participants compromised their actual password, or revealed hints about their password, for a cup of coffee.
Strictly speaking, the inducement was a $3 Starbucks gift card, enough to buy two cups of coffee or one latte."
"Internet security and infrastructure company VeriSign said that 85% of participants in a "lighthearted, unscientific" survey compromised their actual password, or revealed hints about their password, for a cup of coffee.
The National Security Agency may want to spend less on code-breaking technology and more on caffeine. Internet security and infrastructure company VeriSign Inc. Thursday said that 85% of survey participants compromised their actual password, or revealed hints about their password, for a cup of coffee.
Strictly speaking, the inducement was a $3 Starbucks gift card, enough to buy two cups of coffee or one latte."
Sunday, November 1, 2009
Facebook users hit by massive botnet attack - 'Bredolab' Trojan reaches at least 735,000 users
"A massive bot-based attack has been hitting Facebook users, with nearly three-quarters of a million users receiving fake password reset messages, according to security researchers.
The attack targets Facebook users with a spoofed message that claims recipients' Facebook passwords have been reset as a security measure. The messages, which come bearing subject lines such as 'Facebook Password Reset Confirmation', include a file attachment that supposedly contains the new password.
In fact, the attached .zip file includes a Trojan downloader, dubbed 'Bredlab' by some antivirus companies, 'Bredolab' by others. The downloader grabs a variety of malware from hacker servers, including fake security software, or 'scareware', and installs attack code and rogue antivirus applications on the compromised PCs."
More here.
Conficker worm has infected more than 7 million hosts.
"The Conficker worm has passed a dubious milestone. It has now infected more than 7 million computers, security experts estimate."
More Here.
Lost Laptops: More Expensive than you Think
"Portable computing has opened up the world, allowing executives and managers access to enterprise data without having to be on company premises. From a business perspective, this translates directly into stronger sales capabilities, better customer service, and a more productive workforce.
However, mobility has a downside: Lost or stolen laptops. The experience of losing a laptop can range from being a merely unpleasant inconvenience to precipitating a public relations disaster following the loss of intellectual property or customer data."
More Here.
Penetration Testing: Hacking for a Cause.
"Imagine you’re on your way to work. Your train is running late. While waiting on the platform, you whip out your smart phone to make a quick call to the office. Then, you pass some time by updating your Facebook status, logging on to your bank’s Web site to pay bills and checking the weather forecast for the weekend. You suddenly remember it’s your sister’s birthday tomorrow, so you go online to buy flowers to be delivered to her home. Just as you’re clicking “complete purchase,” you hear the rumbling of the train as it pulls into the station. And that’s all before your morning cup of joe.
Our world today is run by networks. We communicate with various technological devices, and these devices communicate with each other. As a result, unprecedented amounts of data — much of it sensitive — are floating about in a virtual world. Without appropriate gatekeepers, these networks could open up users to a world of trouble."
Subscribe to:
Posts (Atom)
Posts
