Hackers

Hacker Claims Security Breach of 79 Banks

A hacker named ReckzOr claims to have infiltrated 1,700 U.S. and foreign bank accounts and pilfered 50 GB of data relating to bank-issued Visa and Mastercard credit cards, says ZDNet. And, apparently, it was just for the sport of it. This so called Grey-hat noted in a post in Pastebin that: Today’s target is VISA & Mastercard, I will be only leaking a portion of the credit card information, as I cannot leak the entire data, it’s too large, and… continue…

Facebook Will Ask You to Confirm Your Account Via Mobile

Facebook’s decided to stand up and bulk up its security. TechCrunch reports that soon the social media giant’s desktop users will be required to confirm their accounts with a mobile phone number. In case of a hack attempt, a new password will be generated and sent to users via SMS. That way, Facebook avoids the usual email vulnerabilities. This measure it’s understandable. For Facebook, it’s been hard to handle spam and other bad things when they have to manage a… continue…

LulzSec Reborn Hacks 10,000 Twitter Accounts

hacker
LulzSec Reborn hackers have compromised 10,000 Twitter accounts in a bid to prove that Twitter apps can be weak. The hackers exposed sensitive information like user names, passwords, real names, locations, bios, avatars and even secret tokens used for authentication. All 10,000 Twitter accounts have something in common — they all used TweetGif, an application that allows users to share animated GIFs. Sadly, LulzSec Reborn published a link on pastebin a to a Tweetgif users table file, which can be… continue…

Report: LinkedIn Passwords Hacked

Got a LinkedIn account? Change your password ASAP. Hackers have reportedly broken into LinkedIn’s user accounts, stealing 6.5 million encrypted passwords and posting them to a Russian site, says TNW, citing a European security researcher. The hackers apparently posted the passwords to the site and called for help in cracking the encryption. Once in the account, the bad guys could potentially have access to a user’s personal data and possibly their credit card information, if it’s for LinkedIn services. LinkedIn,… continue…

Excellent ‘Zero Day’ Series in Washington Post

Usually, the daily newspapers don’t excel when it comes to security coverage, but this week the Washington Post has some great reporting and stories under the “Zero Day” moniker. Besides interviews with hackers, security professionals and others, there’s a lot of colorful behind-the-scene details that I haven’t seen very often, even in security or IT trade publications. The series delves into the inner workings of the four zero-day attacks in Stuxnet, quotes from extreme hacker Charlie Miller of St. Louis… continue…

Stuxnet-Like Virus Flamer Hits the Middle East

A highly complex Stuxnet-like, targeted attack is appearing across many Middle Eastern computers. It’s not only going after particular organizations, but it’s also targeting personal computers that use home Internet connections. The malware, which goes by the names Flamer or Skywiper, is very hard to track down, but has some pretty wide-ranging effects. Flamer has the ability to steal documents, take screenshots of users’ desktops, spread via USB flash drives, disable security vendor products, and under certain conditions spread to… continue…

Northrop Grumman Hiring For Offensive Cyber Ops

Our sister site ClearanceJobs shows a job posting for a few good hackers who’ll conduct some cyberwarfare for defense contractor Northrop Grumman. The openings are in suburban D.C ., Colorado Springs and Sacramento. Besides knowing something about Java, agile development techniques and having other technical chops, you’d also need a Secret clearance. Also listed is “knowledge of security research tools like Metasploit, WorldWind, [and] Google Earth.” Since when did Google Earth become a security tool? We must have missed that… continue…

Watch a Scammer Try to Fleece a Security Engineer [Video]

Warning: Dumb***
When the bad guys contacted Noah Magram to sell him some bogus anti-virus software, they were toying with the wrong dude. Magram is a principal software engineer for security firm Sourcefire. Oops. The scammers told Magram he needed to update his software to prevent his PC from getting infections. And since this call came out of the blue, he was not only skeptical but also smart. Magram fired up a Windows VM session and let the caller have at it. In… continue…

Catch A Thief, Be A Thief

hacker
GroupOn’s Aaron Bedra, a senior software engineer, wants to unleash developers’ inner hacker when they’re building secure Web sites. For Bedra, it takes roughly eight minutes to find a glaring security hole in another programmer’s code. As a result, he recently tackled the topic “Unleashing Your Inner Hacker” at Future Insights Live in Las Vegas. He noted the top ten reported attacks haven’t changed much over a three-year period ending in 2010, yet some of the attacks continue to get… continue…

Security: User-Generated Content Best Practices

MilitarySingles.com’s treasure trove of user passwords recently came under attack by hackers, who devised a new twist in exploiting a weakness in the upload filter for user-generated content. Security vendor Imperva dissected this interesting attack in their report and it’s a worthwhile read. Hackers were able to obtain more than 170,000 records from the site by uploading malware using a Remote File Inclusion exploit in March. While this isn’t anything new, the unusual aspect of this attack is how passwords… continue…