I’ve just discovered hackaday.com. For those of you interested in electronics, computers, engineering/etc….. you’ll probably find something interesting to read over there. Each day they will publish a hack from around the web, once a week though they present a video how to. Their most recent video how to at the time of this writing was a webserver the size of a business card.
Tag: hack
-
Big Go-Daddy hosting attack
In what feels like a continuation of recent bad news related to major hacks and data losses…..George Ou reports on a BIG hack of GoDaddy hosting customers. There was also a big hack-athon by Turkish hackers over the last week that will be recorded as the biggest mass-web-site-defacement on record… There seems to be a lot of GoDaddy customers hacked by the very same method….
-
Ernst & Young loses laptop, exposes almost 250k hotels.com customers – database mayhem roundup
The Register is reporting on Ernst & Young’s loss of a laptop which had information on around 243,000 hotels.com customers. Apparently Hotels.com was notified on May 3rd. Apparently the laptop made use of a password as the only security measure. From the article….
-
Network Security – Arp spoofing series
I think I’ve wrapped up the series on arp spoofing and it’s implications for network security. I know there’s nothing earth shattering here, most network security types are well aware of the problems (and perhaps aware of more sophisticated solutions?). For some though, this series is likely an eye opener as there are myths that switches cannot be sniffed, that ONLY wireless data packets can be sniffed, etc. etc.
-
WMF 0-day update
Last night while I was in the midst of infecting a virtual machine, Microsoft issued a release that there’s a “possible vulnerability”… fortunately, their technical document is a bit more straightforward… technet advisory here. Spyware Confidential also has a good roundup on the coverage so far. There’s a bit more disturbing stuff coming too…
-
Workaround for the critical WMF zero-day exploit
The Windows Meta File (WMF) zero-day (0-day) exploit is apparently, VERY nasty, no user intervention required (unless running firefox or opera). Just VISITING a malicous site (viewing a malicious email with image…) would be enough to get the system owned. It sounds as though a FULL reinstall is the best solution. Sunbelt has had some coverage…
-
GMail security problem fixed
Google’s not had a great week it would appear (Sony’s had worse… but that’s another story). The Analytics launch was somewhat rocky from most accounts and there is a GMail security bug that’s been announced and fixed. Details on the bug are here, and a writeup is also here.
Apparently a flaw in the authentication method that Google used could allow a user to log in under another account and read messages as well as pose as a legit user.
-
Google Hack honeypot
I’ve found The Google Hack honeypot thanks to an entry at sans.org in the handlers diary. I’ve looked at it and it’s an interesting idea. The honeypot installs on your website and is invisibly linked to from another page. This way it gets spidered as if it was a real site. Then, it logs hack attempts against itself by monitoring and logging search referrers and ip addresses of those trying to use it.
(more…) -
More phishing phighting
I mentioned that I had gone after another two phishing sites the other day. One was down within 24 hours. I was impressed with the responsiveness, but it’s possible I wasn’t the first to complain. Still it was good to see it gone. I’m still working on the second. It’s hosted at an xo.com ip address. Along the lines of the phishing battle, (more…)