Hackers

Simple Theft: No FBI Conspiracy in Apple UDID Hack

Surveillance Camera
First, hackers affiliated with Anonymous claimed they’d gained access to the laptop of an FBI agent, along with a database of more than 12 million Apple unique device identifiers. To prove it, they released a redacted list of some 1 million of them. Then, the FBI denied the claims, and Apple unambiguously said the UDIDs hadn’t come from them. So, obviously, somebody’s wasn’t being entirely honest. Had Apple and the FBI been cooperating in order to secretly monitor digital communications?… continue…

PHP Security Flaws Fought With “Sadness”

PHP-Thur-  NEWS PAGE
Sometimes it’s good to be sad, especially if you’re looking to plug security holes brought on by using HyperText Preprocessor (PHP) on your website. Just ask PHP developers, who’ve found the depth of complaints on the phpsadness.com website to be instructional in coming up with potential solutions. PHP, an open source scripting language that runs on Linux servers and some Windows 2008 R2 servers to build dynamic Web pages, is installed on more than 20 million websites sites and a… continue…

How Hackers Attack – Without Your Passwords

Lock
So you’re a geek with tech and gadgets integrated into a large part of your life. And chances are that, even if you consider yourself tech-centric, you don’t consciously think much about them until something goes terribly wrong, and everything in your digital life is wiped out. Your smartphone stops working. Turning to your computer for solutions, you realize that all of your data, which you never backed up, is completely wiped out. You head to Twitter to drop the… continue…

Ruby on Rails 3.2.7 Fixes Denial of Service Threat

Ruby on Rails new version 3.2.7 fixes CVE-2012-3424, a worrisome security vulnerability that opens up denial of service attacks to Web applications that use RoR’s digest authentication. Says H-Online: The issue affects systems using the Action Pack digest authentication, typified by the use of the “with_http_digest” controller helper methods such as authenticate_or_request_with_http_digest. There are, according to the advisory, no workarounds for the issue which also affects Rails 3.0 and 3.1. The developers recommend that users upgrade immediately. Details on the… continue…

How Bad Is Your Password?

Every cloud has a silver lining, and every password breach offers an opportunity to see how good (or bad) our passwords really are. Over the past several months, there have been a number of major password breaches: LinkedIn, eHarmony, Gamigo, and others. The silver lining to that particular cloud is that those password lists have allowed researchers to confirm once again that we’re collectively very bad at choosing strong passwords. Security consultant Mark Burnett analyzed the passwords from various breaches,… continue…

Power Pwn Monitors Network Security… and Secretly

power_pwn
The device in the picture might look like a surge protector, but it isn’t. It’s a $1,295 security device called the Power Pwn, which was put together by Vermont-based Pwnie Express, with a little financial assistance from the Defense Advanced Research Projects Agency. The Power Pwn contains hidden Bluetooth and Wi-Fi adapters, along with a range of hacking and remote access tools. It’s designed to allow network administrators to remotely test network security, without arousing any suspicions. Pwnie Express has… continue…

Simple Security Tricks You Need to Know

Renaming admin accounts to something that’s not obvious, changing ports of well-known exploited programs such as RDP to higher-numbered ones, and setting up a honeypot are all well-known tricks in the security world, but it’s nice to see them all  in a comprehensive list created by security expert Roger Grimes. While there isn’t anything really new in security, sometimes a refresher course on the basics can be helpful. If you haven’t thought about some of these ideas, it’s worth taking… continue…

Malware Forces Printers Into Massive Print Jobs

malware
Over the last few weeks, I’ve seen reports of companies having their print server paper trays emptied by huge print jobs that produce endless pages of gibberish. Symantec believes it’s identified the culprit as a piece of malware called Trojan.Milicenso – which was originally identified back in 2010. Trojan.Milicenso, which targets Windows-based systems, is typically spread through the usual means: email attachments, infected ads and fake codecs. From Symantec: We originally encountered Trojan.Milicenso in 2010 and our initial investigation had… continue…

Twitter Says Yesterday’s Outage Was Just a Plain Old Bug

When Twitter crashed for more than an hour yesterday, I thought my computer had been hit with a Trojan or something because I thought the days of the fail whale were behind us. Fortunately, Twitter maintains a “Twitter Status” page where it posts updates when something bad happens. On the first page: Users may be experiencing issues accessing Twitter. Our engineers are currently working to resolve the issue. Then the rumors started: Users were sure their favorite micro-blogging service had… continue…

Hacker Claims Security Breach of 79 Banks

A hacker named ReckzOr claims to have infiltrated 1,700 U.S. and foreign bank accounts and pilfered 50 GB of data relating to bank-issued Visa and Mastercard credit cards, says ZDNet. And, apparently, it was just for the sport of it. This so called Grey-hat noted in a post in Pastebin that: Today’s target is VISA & Mastercard, I will be only leaking a portion of the credit card information, as I cannot leak the entire data, it’s too large, and… continue…