Google Password Decryptor v1.0 Released

The guys over at SecurityXploded.com have released the GooglePasswordDecryptor.  A free tool that recovers stored google account passwords by various applications, such as GTalk, Picasa, etc.

They have other great tools for recovering passwords too.

More Here...

Predator drones HACKED!

Frankly I am quite surprised this didn't happen earlier.  It has been known for some time that the Predator unmanned UAV drones do not use encrypted data links.  By the way who was the genius that thought that would be OK?  I mean really? 

Check out the story here.

Facebook users unwittingly spread Koobface worm

This lure to click on a Christmas video is being posted on Facebook wall pages. The Web link is infected

CAPTION

Screenshot from PandaLabs

Facebook users are being targeted by a nasty new version of the Koobface worm -- dubbed Koobface.GK -- that compels its victims to manually participate in creating a new Facebook account to help spread the worm.The attackers are posting malicious links on Facebook wall pages enticing folks to click on a cutesy Christmas video. Attempts to play the video turns over control of the PC to the attacker, says PandaLabs researcher Sean-Paul Correll. The victim next sees a Windows warning message requiring them to solve a CAPTCHA puzzle within three minutes.

If you see this screen, you must solve the puzzle to regain control of your PC.

CAPTION

By PandaLabs

A timer ticks down. If the puzzle goes unsolved after three minutes, the PC freezes up. Rebooting won't help. The CAPTCHA puzzle will reappear. The only way to end the loop is to solve the CAPTCHA. The victim can then use his or her machine as normal. But the attacker still has control.
More Here...

Hacking service steals Wi-Fi passwords in just 20 minutes

For US$34 (£20), a new cloud-based hacking service can crack a WPA (Wi-Fi Protected Access) network password in just 20 minutes, its creator says.  The WPA Cracker service bills itself as a useful tool for security auditors and penetration testers who want to know if they could break into certain types of WPA networks. It works because of a known vulnerability in Pre-shared Key (PSK) networks, usually used by home and small-business users.

More Here....

Study: Facebook users willingly give out data

Facebook users are too willing to give out their personal information, security firm Sophos has found.
According to Sophos' Australian team, which conducted a study to see how likely Facebook users were to offer up personal information, 41 to 46 percent of the 100 people Sophos contacted "blindly accepted" friend requests from two fake Facebook users created by the security firm.

More Here....

Metasploit Gets New Vulnerabilty Scanning Features

You knew this was coming....Metasploit gets Rapid7's NetXpose vulnerability scanning features in it's 3.3.1 release.

More Here....

Northrop Grumman funds research group on Cybersecurity

Government security contractor Northrop Grumman has joined with three leading cybersecurity research universities to launch a research consortium focused on fixing the most vexing problems in information security.
Northrop Grumman will distribute "millions" of dollars over more than five years to Carnegie Mellon University in Pennsylvania, Purdue University in Indiana, and the Massachusetts Institute of Technology on projects to counter the most complex problems in cybersecurity, said Robert Brammer, chief technology officer of Northrop Grumman's information systems division.

More Here...

Clientless SSL VPNs expose corporate users to attack

"Clientless SSL VPN products from multiple vendors operate in a way that breaks fundamental browser security mechanisms, according to a warning from the U.S. Computer Emergency Response Team (US-CERT). This security problem, discussed since at least 2006, could let an attacker use these devices to bypass authentication or conduct other web-based attacks. Clientless VPN products from Juniper Networks, Cisco Systems, SonicWall and SafeNet are confirmed vulnerable."

More Here...