Hackers

How Hackers Attack – Without Your Passwords

Lock
So you’re a geek with tech and gadgets integrated into a large part of your life. And chances are that, even if you consider yourself tech-centric, you don’t consciously think much about them until something goes terribly wrong, and everything in your digital life is wiped out. Your smartphone stops working. Turning to your computer for solutions, you realize that all of your data, which you never backed up, is completely wiped out. You head to Twitter to drop the… continue…

Ruby on Rails 3.2.7 Fixes Denial of Service Threat

Ruby on Rails new version 3.2.7 fixes CVE-2012-3424, a worrisome security vulnerability that opens up denial of service attacks to Web applications that use RoR’s digest authentication. Says H-Online: The issue affects systems using the Action Pack digest authentication, typified by the use of the “with_http_digest” controller helper methods such as authenticate_or_request_with_http_digest. There are, according to the advisory, no workarounds for the issue which also affects Rails 3.0 and 3.1. The developers recommend that users upgrade immediately. Details on the… continue…

How Bad Is Your Password?

Every cloud has a silver lining, and every password breach offers an opportunity to see how good (or bad) our passwords really are. Over the past several months, there have been a number of major password breaches: LinkedIn, eHarmony, Gamigo, and others. The silver lining to that particular cloud is that those password lists have allowed researchers to confirm once again that we’re collectively very bad at choosing strong passwords. Security consultant Mark Burnett analyzed the passwords from various breaches,… continue…

Power Pwn Monitors Network Security… and Secretly

power_pwn
The device in the picture might look like a surge protector, but it isn’t. It’s a $1,295 security device called the Power Pwn, which was put together by Vermont-based Pwnie Express, with a little financial assistance from the Defense Advanced Research Projects Agency. The Power Pwn contains hidden Bluetooth and Wi-Fi adapters, along with a range of hacking and remote access tools. It’s designed to allow network administrators to remotely test network security, without arousing any suspicions. Pwnie Express has… continue…

Simple Security Tricks You Need to Know

Renaming admin accounts to something that’s not obvious, changing ports of well-known exploited programs such as RDP to higher-numbered ones, and setting up a honeypot are all well-known tricks in the security world, but it’s nice to see them all  in a comprehensive list created by security expert Roger Grimes. While there isn’t anything really new in security, sometimes a refresher course on the basics can be helpful. If you haven’t thought about some of these ideas, it’s worth taking… continue…

Malware Forces Printers Into Massive Print Jobs

malware
Over the last few weeks, I’ve seen reports of companies having their print server paper trays emptied by huge print jobs that produce endless pages of gibberish. Symantec believes it’s identified the culprit as a piece of malware called Trojan.Milicenso – which was originally identified back in 2010. Trojan.Milicenso, which targets Windows-based systems, is typically spread through the usual means: email attachments, infected ads and fake codecs. From Symantec: We originally encountered Trojan.Milicenso in 2010 and our initial investigation had… continue…

Twitter Says Yesterday’s Outage Was Just a Plain Old Bug

When Twitter crashed for more than an hour yesterday, I thought my computer had been hit with a Trojan or something because I thought the days of the fail whale were behind us. Fortunately, Twitter maintains a “Twitter Status” page where it posts updates when something bad happens. On the first page: Users may be experiencing issues accessing Twitter. Our engineers are currently working to resolve the issue. Then the rumors started: Users were sure their favorite micro-blogging service had… continue…

Hacker Claims Security Breach of 79 Banks

A hacker named ReckzOr claims to have infiltrated 1,700 U.S. and foreign bank accounts and pilfered 50 GB of data relating to bank-issued Visa and Mastercard credit cards, says ZDNet. And, apparently, it was just for the sport of it. This so called Grey-hat noted in a post in Pastebin that: Today’s target is VISA & Mastercard, I will be only leaking a portion of the credit card information, as I cannot leak the entire data, it’s too large, and… continue…

Facebook Will Ask You to Confirm Your Account Via Mobile

Facebook’s decided to stand up and bulk up its security. TechCrunch reports that soon the social media giant’s desktop users will be required to confirm their accounts with a mobile phone number. In case of a hack attempt, a new password will be generated and sent to users via SMS. That way, Facebook avoids the usual email vulnerabilities. This measure it’s understandable. For Facebook, it’s been hard to handle spam and other bad things when they have to manage a… continue…

LulzSec Reborn Hacks 10,000 Twitter Accounts

hacker
LulzSec Reborn hackers have compromised 10,000 Twitter accounts in a bid to prove that Twitter apps can be weak. The hackers exposed sensitive information like user names, passwords, real names, locations, bios, avatars and even secret tokens used for authentication. All 10,000 Twitter accounts have something in common — they all used TweetGif, an application that allows users to share animated GIFs. Sadly, LulzSec Reborn published a link on pastebin a to a Tweetgif users table file, which can be… continue…