Alerts This Week
Warning Icon 1 792
Alerts This Week
Warning Icon 1 792

Linux Hacks & Cracks - Page 81

We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.

Authorities have dismantled SocksEscort, a service that sold access to a large proxy network built from compromised residential routers. Investigators say much of the infrastructure sat on infected SOHO networking devices, many running embedded Linux...

We’ve been telling ourselves that Snap apps are sandbox...

UNC2891 has been working its way through gaps in ATM se...

Discover Hacks/Cracks News

LS Hmepg 337x500 34 Esm H267

Trojan.Spammer.HotLan.A: Critical Threat to Email Security

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

"A automatically creates email accounts, which it suggested meant that hackers have found a means of bypassing the captcha systems, where new accounts aren't created until the creator correctly rekeys letters within an image." This hack is no little one, the Trojan make 500 new accounts every hour. Can the email providers do anything to prevent these types of Trojans? Bypassing the captcha system should definitely help spammers. Can this trojan bypass all captcha systems if so, what can be done to prevent this?

LS Hmepg 337x500 34 Esm H267

Understanding Storm Worm Tactics: Email Threats And User Awareness

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

"Spammers have switched their tactics with the latest "storm worm" run in hopes of getting more of the malicious messages delivered into company inboxes." This attack is one example of a social engineering attack. How effective are these attacks? I feel that these attacks are effective but I don't see why users of the internet don't be more careful. We all know the risks of opening unknown emails but users still do. Is this because of the lack on knowledge or just laziness?

LS Hmepg 337x500 34 Esm H267

Mpack Exploit Toolkit Focuses on Addressing Web Security Vulnerabilities

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Exploit frameworks have become more focused and specialized, sniper scoping specific vulnerabilities in popular applications such as Apple's Quicktime Movie viewer and even Mozilla's Firefox web browser. This is a constant reminder to me of how diligent one must be to run a secure environment - not only your primary OS, but ALL third party applications! Read on as the Washington Post fills us in on a tool called 'Mpack', a script kiddie's dream with Web interface and point / click / root abilities that have been spotted on over 10,000 web sites thus far.  

LS Hmepg 337x500 34 Esm H267

Understanding Online Criminals' Tactics to Evade Detection

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Forensic investigations start at the end. Think of it: You wouldn't start using science and technology to establish facts (that's the dictionary definition of forensics) unless you had some reason to establish facts in the first place. But by that time, the crime has already happened. So while requisite, forensics is ultimately unrewarding.

LS Hmepg 337x500 34 Esm H267

OpenOffice Badbunny-A Worm: Cross-Platform Threat and Analysis

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Sophos has announced the discovery of a new multiplatform worm that attempts to download and display an indecent JPEG image of a man wearing a bunny suit performing a sexual act in woodland. Badbunny-A is a macro worm for open source office suite OpenOffice/StarBasic, that drops scripts in several other languages. It first infects computer users when they open an OpenOffice Draw file called badbunny.odg.

LS Hmepg 337x500 34 Esm H267

New Gozi Trojan Hijacks Data During SSL Secure Transactions

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

A new variant of the Russian Gozi Trojan has been discovered that is capable of stealing data during secure socket layer (SSL) transactions. The Trojan is one of the most sophisticated yet found and has a variety of features designed to make it difficult to locate. When it detects an SSL transaction it activates and begins key-logging the infected computer to steal account details.

LS Hmepg 337x500 34 Esm H267

Top 15 Free SQL Injection Scanners For Securing Web Applications

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

While the adoption of web applications for conducting online business has enabled companies to connect seamlessly with their customers, it has also exposed a number of security concerns stemming from improper coding. Vulnerabilities in web applications allow hackers to gain direct and public access to sensitive information (e.g. personal data, login credentials).

Hackscracks Icon Esm H267

Exploring Hacker Mindsets and Effective Defense Strategies

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

You can't defend against the cyber enemy if you don't know his movements or how he thinks. Sanjay Bavisi, president of security certification, training, and education organization EC-Council, at Interop Las Vegas next week will demonstrate step-by-step how a typical black-hat hacker executes an attack from reconnaissance to covering his tracks in the "Seven Habits of Highly Malicious Hackers" presentation on Thursday.

LS Hmepg 337x500 34 Esm H267

Investigating Zunker: A Botnet Tool Controlling Tens Of Thousands Globally

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

An investigation by PandaLabs has uncovered an application called Zunker- created by cyber-crooks to control zombie computers in botnets. In the case discovered by PandaLabs, it was being used to manage a network of tens of thousands of computers across 54 countries. Botnets are networks of computers infected with bot-type malware (mainly worms or Trojans) that can operate autonomously and also receive commands through different channels (IRC, http...). These types of networks are used for financial gain by the creators.

LS Hmepg 337x500 34 Esm H267

British Military Satellite Security Alert: Cyber Attack by Hackers

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

A GROUP of computer hackers suspected of seizing control of a British military communications satellite using a home computer, triggering a "frenetic" security alert, has been traced to the south of England. A security source said that, up to a month ago, the hackers found a "cute way" into the control system for one of the Ministry of Defence's Skynet satellites and "changed the characteristics of channels used to convey military communications, satellite television and telephone calls".

LS Hmepg 337x500 34 Esm H267

Rising Shell Code Threats In Word, PDF, And PowerPoint Files

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Targeted attacks that utilize vulnerabilities in popular document file formats and execute via hard-to-find shell code are becoming an increasingly popular menace, according to researchers at IBM's Internet Security Systems division. Experts working with the ISS X-Force group said that they've seen a rapid increase in the volume and variety of shell-code execution attacks leveled at their customers over the last 12 months.

LS Hmepg 337x500 34 Esm H267

Emerging Conflict Over HD DVD and Blu-ray Copy Protection Mechanisms

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

The fight to salvage the copy protection system defending high-definition videos has heated up. This week, a grass roots movement comprised of video hackers, opponents of the Digital Millennium Copyright Act (DMCA) and consumer-rights advocates started spreading throughout the Internet a 128-bit code key critical to the decryption of HD DVD and Blu-ray discs. The key -- called a Processing Key -- was found in February through reverse engineering the data left in memory by a specific HD DVD player and can be used to play back or copy the video content protected by the encryption mechanism, known as the Advanced Access Content System (AACS), used by both HD DVD and Blu-ray discs.

LS Hmepg 337x500 34 Esm H267

Digg Users Challenge Censorship Tactics About HD-DVD Encryption Keys

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

An astonishing number of stories related to HD-DVD encryption keys have gone missing in action from digg.com, in many cases along with the account of the diggers who submitted them. Diggers are in open revolt against the moderators and are retaliating in clever and inventive ways. At one point, the entire front page comprised only stories that in one way or another were related to the hex number. Digg users quickly pointed to the HD DVD sponsorship of Diggnation, the Digg podcast show. Search digg for HD-DVD song lyrics, coffee mugs, shirts, and more for a small taste of the rebellion.

LS Hmepg 337x500 34 Esm H267

Intercepting SSL Traffic In Java Applications Using Stunnel

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

I was recently working on a Java-based application that communicated exclusively over SSL. This is a good thing for the application, but a bad thing for someone trying to test it. I naively thought that I could edit a couple of files and boom, be on my way. Alas, what follows is what I had to do to get in between and start understanding the application:

LS Hmepg 337x500 34 Esm H267

Exploring Rootkit Threats: Risks and Security Concerns for Enterprises

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Late at night, a system administrator performed a routine check of a crashed server, one of 48 systems comprising a major online infrastructure that generated about US$4 million per month in revenue. He was a bit surprised that the system had gone down, as it had been humming for months without any indication of being prone to crashing. The check uncovered three encrypted files. The administrator called on MANDIANT to analyse them.

Your message here