We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
The world's second-largest seller of website addresses knowingly helped groups that sell counterfeit pharmaceuticals to US residents in violation of federal laws, a research report alleges.
This works on the perl pipe bug. It'll take an arg that's the address of a website and it's cgi script with some args to the script then figure out if it can exploit it and how. It's worked on everything I've tried it on, though I have limited test boxes. It's pretty dirty but it works.
A 21-year-old hacker was banged up yesterday for frauds netting him a Porsche,
SSH brute force attempts seem to be on the rise again, at the SANS Internet Storm Center we have received a number of reports that a number of networks are seeing them. The source IP addresses vary with each new attempted username in the wordlist, which would indicate that the attempts are distributed through botnet(s).
I've got good news and bad news for those of the misguided perception that Linux is somehow impervious to attack or compromise. The bad news is that it turns out a vast collection of Linux systems may, in fact, be pwned. The good news, at least for IT administrators and organizations that rely on Linux as a server or desktop operating system, is that the Trojan is in a game download so it should have no bearing on Linux in a business setting.
The developers of the open source IRC server UnrealIRCd have had to report that the file servers of the project were compromised several months ago and the IRC servers code, Unreal3.2.8.1.tar.gz was replaced by a version with a backdoor. The backdoor allows anyone to execute commands on the server running UnrealIRCd, with the privileges of the user running the IRC daemon,
The harvesting of over 100,000 iPad 3G owners' e-mail addresses was not a hack or a classic data breach, but a brute force attack of a minor feature AT&T offered to Apple customers, experts said Wednesday.
No good deed goes unpunished, and that is especially true when it comes to whistleblowers who expose the murderous machinations of the US government: SPC Bradley Manning, a 22-year-old intelligence analyst stationed at Forward Operating Base Hammer in the vicinity of Baghdad, was arrested two weeks ago for having supposedly sent Wikileaks the
E-commerce company Digital River exposed data belonging to almost 200,000 individuals after hackers executed a
A vulnerability on Facebook forced hundreds of thousands of users to endorse a series of webpages over the holiday weekend, making the social networking site the latest venue for an attack known as clickjacking.
Oil giant BP suffered further embarrassment on Thursday after its official Twitter account was hacked. Pranksters purloined the @BP_America Twitter account to write "Terry is now in charge of operation Top Kill, work will recommence after we find a XXL wetsuit. #bpcares #oilspill"
Symantec says it has unearthed a server hosting the credentials of 44 million stolen gaming accounts - and one of the most surprising aspects of it is that the accounts were being validated by a Trojan distributed to compromised computers.
Botnets are available for hire for as little as $8.94 per hour, emphasising how little financial muscle or technical expertise is needed to carry out attacks, according to VeriSign iDefense.
Hackers have penetrated German underground forum carders.cc, copied login details, e-mail addresses and private e-mails from several thousand members and published them on RapidShare. According to a list seen by The H's associates at heise Security, the forum software had also logged the IP addresses of nearly one thousand members over a specific period. These have also been published.
Yesterday, Patrick (aka Noxwizard, phpBB support team member) pointed me at the new malware attack that surfaced this week (first mentioned on May 16th). The attack creates/modifies .htaccess files to redirect site visitors that come from major search engines and popular websites (e.g. Twitter, Facebook, Wikipedia, Flickr, Ebay, etc) to scareware sites that aggressively push fake anti-virus software.
There's no safe place on the Web, reports former hacker Marc Maiffret, who shared some interesting insights recently with CNET.com regarding Internet security. Nearly a decade after he exposed the vulnerability used by the Code Red worm, Maiffret gave Microsoft's security model high marks.
Think this guy's a democrat? A former college student has been charged with using the school's computer network to control a botnet and launch distributed denial-of-service (DDoS) attacks against conservative websites belonging to Bill O'Reilly, Ann Coulter and Rudy Giuliani.
Computer scientists have carried out one of the first detailed security analyses of the security implications of increased use of computer systems in cars, finding systems surprisingly easy to hack or disrupt.
Now this is a pretty surprising figure, we all know Phishing has become a big issue in recent years especially for financial institutions, but it still amazes me two-thirds of all attacks can come from a single group!
Security experts have discovered a tool that can be used to initiate denial-of-service attacks using micro-blogging site Twitter. A tool that lets criminals infect other PCs and turn them into 'bots' controlled through Twitter has been spotted by security experts.
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
