"MacRumors, one of the many sites which cover Apple's annual Macworld product launches, has had its live coverage infiltrated, with someone adding the false news of Steve Jobs's death to the blow-by-blow reports."Here's the very amusing screenshot of the incident.http://cache.gawker.com/assets/images/gawker/2009/01/macrumorshacked.jpgRead more: http://valleywag.gawker.com/5124580/hackers-post-faked-report-of-steve-jobss-death
From Twitter's blog"The issue with these 33 accounts is different from the Phishing scam aimed at Twitter users this weekend. These accounts were compromised by an individual who hacked into some of the tools our support team uses to help people do things like edit the email address associated with their...
I've been collecting a list of security predictions for 2009 that people on this list may find 'interesting'.Here they areOpinion: Security predictions for 2009http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9124621&source=rss_news2009 Security Predictionshttp://www.sans.edu/resources/securitylab/2009_predictions.phpSecurity predictions for 2009http://www.itworld.com/security/59948/security-predictions-200910 Security Predictions For 2009http://www.crn.com/security/212201985The 2009 Security Prediction Prediction Listhttp://blogs.gartner.com/greg_young/2008/12/19/the-2009-security-prediction-prediction-list/2009 security predictions: Deja vu all over againhttp://www.infoworld.com/article/08/12/31/2009_security_predictions_Deja_vu_all_over_again_1.html2009 - my security predictionshttp://www.itpro.co.uk/blogs/danj/2008/12/10/2009-my-security-predictions/Tech: What will...
"At Drexel University and a handful of other colleges, students created computer scripts to sway the contest—an online vote to nominate a university to receive its own clothing line—in their campuses’ favor. Tim Plunkett, a junior at Drexel, created a script that could cast 1,500 votes per second, according to The...
"With the news that Google's Android shipped with an embarrassing security hole being followed by a simple two-step method to 'jailbreak' the OS, you'd think that the company had ironed out most of the remaining bugs – but you'd be wrong. According to ZDnet's Ed Burnette, the open-source Linux-based smartphone platform...
A new whitepaper 'Protecting a Web Application Against Attacks Through HTML Shared Files' discusses the risks of user uploaded HTML files. You'll notice this paper claims to have a 'patent pending' for the concept of splitting user uploaded files to another domain with a unique identifiers. "Many Web applications have a...
"Pentagon hacker Gary McKinnon has stormed into the Myspace charts with a music video about his empathy for a girl with the world on her shoulders. Called Only a fool, and owing something to soulful house boys Cabaret Voltaire, the song reached number five in the myspace video chart within 48...
If you know me you know I don't like Atlanta and have many reasons (which I won't go into here). I have another one to add to this list after reading a story about Kevin Mitnick being detained for having lots of computer equipment with him. "In his luggage, they found...
The full disclosure mailing list is usually 95% junk but every once in awhile an amusing/informative post gets through. Today an amusing post came through regarding a 'Worldwide SQL Protocol Advisory'. That's not to say this post isn't junk, but I found it amusing :) Here's a peek "II. Problem descriptionThe...
"Two weeks ago, when security researcher Dan Kaminsky announced a devastating flaw in the internet's address lookup system, he took the unusual step of admonishing his peers not to publicly speculate on the specifics. The concern, he said, was that online discussions about how the vulnerability worked could teach black hat...
"A California man has been indicted for an inventive scheme that allegedly siphoned $50,000 from online brokerage houses E-trade and Schwab.com in six months -- a few pennies at a time. Michael Largent, of Plumas Lake, California, allegedly exploited a loophole in a common procedure both companies follow when a customer...
"HACKERS have turned a bitchy blog about the world of women's magazines into a porn site. The blog by a mystery woman who calls herself “MagHag” has become a must-read for industry insiders, due to its salacious gossip about the editors of Madison, Vogue, Harper's Bazaar, Cosmopolitan and Shop Til You...
"Yes Cross Site Scripting (XSS) errors are all over the place. And YES they can affect very prominent web sites. The discussion forum area on Barackobama.com is allegedly the victim of a XSS exploit that redirected comments from Obama's site to....HillaryClinton.com. A hacker going by the alias of 'Mox' has claimed...
"Using a combination of fines and incentives the payment card brands have working hard to boost PCI-DSS compliance rates among merchants. Meanwhile, ASVs have been doing their part by offering their services at drastically reduced prices and curtailing the security checklist to make certification as easy as possible. Every merchant who...
Due to the increase in devastating vulnerabilities abusing AJAX and Google to hack the web more users are switching to 'safer' alternatives such as Gopher and Archie. Johnny Long was quoted as saying 'My next book on Archie hacking 'Jughead for idiots' will be out in late 2008 and I promise...
"Unknown miscreants had a good time two weekends ago when they posted hundreds of flashing animated images onto discussion boards hosted by the Landover, Md.-based Epilepsy Foundation. Flashing lights or bold moving patterns can trigger often violent seizures among 3 percent of the estimated 50 million epileptics worldwide. "I was on...
"A security lapse on Facebook has allowed its users to gain access to vast libraries of private photographs, including one of Paris Hilton drinking beer with her friends. A Canadian hacker exploited a recent upgrade to the networking site's privacy settings to view pictures that were intended to be private, including...
TrendMicro had its website sql injected and malware uploaded. A simple google search for 'fuckjp.js' shows trendmicro listed. "A Trend Micro spokesman confirmed that the company's site had been hacked Thursday, saying that the attack took place earlier in the week. "A portion of our site -- some pages were attacked,"...
The RIAA website was apparently vulnerable to a SQL Injection vulnerability and had it's website deleted. "It’s a weekend, and a holiday weekend to boot, so the site might stay this way for some time. Someone apparently used SQL injection to wipe, and we do mean wipe, the website of the...
I got the following christmas card from IOActive and thought that it was so amusing that I'd post it here (message excluded) Outside Inside
Security vendor F-Secure was defaced a few days ago by a turkish defacement crew. "So how did this happen? The server itself is quite well hardened, but the web forum software had an unannounced security patch silently released by the vendor nine days ago. The defacement gang learned of the vulnerability...
"Introducing himself as Ólafur Ragnar Grímsson, the actual president of Iceland, Atlason found President George W. Bush's allegedly secret telephone number and phoned, requesting a private meeting with him. "I just wanted to talk to him, have a chat, invite him to Iceland and see what he'd say," Vífill told ABC...
United States Patent 7266699 was issued to AppSecInc. From the patent "The invention provides a transparent encryption infrastructure which allows the user to point-and-click on columns and tables to encrypt data. The creation of triggers and views are also easily implemented, to encrypt and decrypt data, to manage the encryption keys...
From the nypost " A hacker faces up to three years in prison for making the Polish president's Web page turn up in searches for the slang word for "penis." Marek W., 23, has been charged with insulting President Lech Kaczynski. Marek created a program that caused the official home page...
This list was created based off of real security vendor interactions that I and a friend have experienced. 1.Customer: Have you had a security evaluation of your product? Vendor: Yes, Kevin Mitnick has performed a pen test against our product. (sorry kevin! :) 2. The vendor comes to your office and...
As a Diablo2 fan I just had to post this. " Blizzard's Warcraft.net and Battle.net websites have recently come under attack from an Algerian hacker who went by the name of "LeHackeur". This hacker added an extra file on the sites' main servers, which displayed an image of a skull, as...
"A patent infringement lawsuit recently filed by Cenzic against SPI Dynamics has Web application security companies and researchers on edge. If successful, the suit -- which centers around Cenzic's patent on a Web application vulnerability scanning technology -- could mean trouble for other scanner vendors, as well as researchers who develop...
UPDATE: Her myspace page was linked off of defconpics.org and shortly after has been removed from myspace. No word on how it was removed at this time. An NBC reporter (Michelle Madigan Associate Producer of NBC Dateline) was found to be trying to find hackers for hire and recording them with...
""While browsing around the Fox News website, I found that directory indexes are turned on. So, I started following the tree up, until I got to /admin. Eventually, I found my way into /admin/xml_parser/zdnet/, in which, there is a shell script. Seeing as it's a shell script, and I use Linux,...
Popular Science has voted 'Microsoft Security Grunt' as the 6th worst job in science to have. "Do you flinch when your inbox dings? The people manning secure@microsoft .com receive approximately 100,000 dings a year, each one a message that something in the Microsoft empire may have gone terribly wrong. Teams of...
I monitor google news for anything application security related and found the following announced today by Cenzic. "the U.S. Patent and Trademark Office (PTO) has issued the company U.S. Patent No. 7,185,232, focused on fault injection technology, which is commonly used by most security assessment scanners." - Cenzic Cenzic is not...
"2007 is a very special year for the global hacker community. Thanks to cooperation between the organizers of DefCon XV and the Chaos Communications Camp 2007, the two largest gatherings of hackers from around the world happen only a few days apart! This is where "Hackers on a Plane" comes in:...
"According to an alert posted on The Pirate Bay's blog, the stolen user credentials were encrypted but the site is still urging users to immediately change usernames and passwords to avoid the risk of identity theft. They have got a copy of the user database. That is, your username and passwords....
"Just last week BioFilm, the maker of the popular sexual lubricant Astroglide, confirmed that it had failed to properly secure the names and addresses of more than 250,000 individuals who requested free samples which resulted in those files showing up in a Google search for those individuals' names. Now THREAT LEVEL...
"The man responsible for unleashing what is believed to be the first self-propagating cross-site scripting worm has pleaded guilty in Los Angeles Superior Court to charges stemming from his most infamous hacking. Samy Kamkar, who was 19 when he unleashed the attack on MySpace.com in October 2005, was sentenced to three...
Apparently Stefan Esser (a key player in PHP's Security Response Team) has called it quits. Steffen is known for finding various vulnerabilities in PHP and working with the PHP Security team to identify and prevent issues in PHP itself. From his blog (Mirroring since his site appears to be getting slammed...
RSnake is having a hacker pumpkin carving contest. Check out the XSS'd tricked out carving :) Article Link: http://ha.ckers.org/blog/20061016/hacker-pumpkin-carving-contest/
5. The vendor's idea of a patch process involves you editing line X and replacing it with new code 4. The amount of total downloads is less than the application's age 3. It isn't running on the vendors homepage 2. The readme file states that you need to chmod a certain...
For various reasons I'm going to report this as neutral as possible. Apparently F5 and Acunetix both web security vendors were found to have XSS holes in their website according to RSnake's forum. To be honest with you yeah it is embarrassing but s!@# happens however that isn't why I'm posting...
"Kevin Mitnick, the notorious former hacker turned security consultant and tech celebrity, has been targeted by Pakistani crackers in a series of web face defacements attacks. Four websites associated with Mitnick's various ventures were sprayed with digital graffiti on Monday in an apparently personal attack. The sites defensivethinking.com, mitsec.com, kevinmitnick.com and...
CERT has issued a warning against a new web based threat entitled a "Cross HTTP Response Splitting Session Fixation Smuggling Scripting Vulnerability". According to the founder of DSHIELD Johannes Ullrich "If on April 1st you have specific non default settings in Internet Explorer, visit a serious of 4 specific websites in...
