-
SQL Injection Blamed for New Breach
The online breach, which led hackers to cardholder information for 110,000 credit cards, was facilitated via SQL injection -- one of the most frequent modes of attack hackers use to illegally acquire payment-card details.
domenica 26 dicembre 2010
Security Incidents of This Week (weekly)
domenica 19 dicembre 2010
Security Incidents of This Week (weekly)
-
Romanian police cuff 40+ over €millions telecom blag
tags: SecurityIncident Phones
-
European banks see new ATM skimming attacks - Computerworld
Banks in Europe are seeing innovative skimming attacks against ATMs, where fraudsters rig special devices to the cash machines to record payment card details.
tags: SecurityIncident Banking Bancomat
-
Ad networks owned by Google, Microsoft serve malware
tags: SecurityIncident Malware
-
World Record : 404907 websites hacked by Iskorpitx (Turkish Hacker) !
tags: SecurityIncident Defacement
-
Everything You Need to Know About Wikileaks - Technology Review
tags: SecurityIncident
-
Gawker rooted by anonymous hackers
tags: SecurityIncident Hacking
-
Gli hacker in guerra per difendere Assange
tags: SecurityIncident DoS
domenica 12 dicembre 2010
Security Incidents of This Week (weekly)
-
Wikileaks: hacker colpiscono Visa e MasterCard |
tags: SecurityIncident Banking DoS
-
Dutch police website attacked after arrest of suspected hacker
tags: SecurityIncident DoS
-
MasterCard, Visa, Paypal and 4chan – The furor of Wikileaks unleashed | Naked Security
tags: SecurityIncident DoS Banking
-
AP website hacked from Pak | Deccan Chronicle
tags: SecurityIncident Defacement
-
Over 200 Indian websites defaced, CBI registers case
More than 200 Indian websites, including that of the Central Bureau of Investigation -, were defaced Friday night by a group which identified itself as the 'Pakistani Cyber Army', officials said. The CBI has registered a case with its cyber crime unit.
The majority of the over 200 websites, as listed in Pakistani media reports, were of private organisations, colleges and companies.
The list of 270 websites included domains like plasticschair.com, allindiacapital.org.in, yogaclassesmumbai.com and glowofindia.co.in. Among them, CBI's website - was the only government site to be defaced, with a message from 'Pakistan Cyber Army' emblazoned under its banner.tags: SecurityIncident Defacement
-
Hackers deface India’s premier investigating agency’s website
tags: SecurityIncident Defacement
-
Millions cashless in bank glitch
ONE of Australia's biggest banks is scrambling to process payments to millions of customers, who potentially face days of uncertainty about when they will be able to access their money.
A corrupted file in the National Australia Bank's computers on Wednesday jammed its payment systemtags: SecurityIncident Banking
venerdì 10 dicembre 2010
Come usare un Google Account come OpenID (utile anche per Zotero)
http://openid-provider.appspot.com/someuser
Apparirà una schermata che dice "sono una demo application, non sono l'endpoint ufficiale di Google" (non c'è da preoccuparsi; è solo una applicazione che fa da bridge tra S e Google, in quanto Google offre---per quanto ne so---solo una interfaccia programmatica per OpenID). Questa applicazione invita ad autenticarsi su Google. Una volta che l'utente si è autenticato, è automaticamente rediretto su S.
Piccola complicazione: adesso S deve capire quale dei propri account locali deve essere collegato all'utente someuser@gmail.com. Per risolvere questo problema l'utente deve adesso autenticarsi anche su S, con username/password di S, ma deve fare questo procedimento solo una volta. Da questo momento in poi potrà autenticarsi su S usando solo ed esclusivamente le credenziali Google.
domenica 5 dicembre 2010
Security Incidents of This Week (weekly)
-
Hackers poison well of open-source FTP app
Hackers breached the main server hosting ProFTPD and remained undetected for three days, causing anyone who downloaded the popular open-source file transfer application during that time to be infected with a backdoor that grants unauthorized access to their systems.
-
Cuffed Oz bank Trojan perp aiming to bleach his hat
A South Australian hacker who admits using banking Trojan malware to infect more than 2,300 computers and steal personal information wants to go from poacher to gamekeeper once his legal problems are behind him.
tags: SecurityIncident Banking Malware
-
Ransomware Trojan is back and badder than ever
A new variant of the GpCode ransomware encrypts user files on infected Windows PCs using theAES 256 and RSA 1024 encryption algorithms. The malware only encrypts the start of media or Office files, but that's enough to make any data recovery process difficult if not impossible.
tags: SecurityIncident Vulnerable
-
Large US hosting provider hit in web attack
When innocent users browse these sites, the injected JavaScript adds an iframe element to the page in order to load further malicious content from a remote site.
tags: SecurityIncident Vulnerable
-
Windows Vista & Windows 7 Kernel Bug Can Bypass UAC
Once again a serious zero-day has hit Windows, this time an unpatched vulnerability in the Kernel.
tags: SecurityIncident Vulnerable
-
Sunbelt Blog: Navy Memorial site compromised
Unfortunately it seems that the official site of the US Navy Memorial was recently compromised, with the addition of a particularly wordy message for the admins hidden away in a subdirectory, rather than the more obvious target of the frontpage which was left untouched:
-
Hours before a major pro-life Catholic group was to hold a vigil against the reproductive health (RH) bill, a website of the Catholic Bishops' Conference of the Philippines (CBCP) was defaced Saturday morning.
tags: SecurityIncident Defacement