-
SQL Injection Blamed for New Breach
The online breach, which led hackers to cardholder information for 110,000 credit cards, was facilitated via SQL injection -- one of the most frequent modes of attack hackers use to illegally acquire payment-card details.
domenica 26 dicembre 2010
Security Incidents of This Week (weekly)
domenica 19 dicembre 2010
Security Incidents of This Week (weekly)
-
European banks see new ATM skimming attacks - Computerworld
Banks in Europe are seeing innovative skimming attacks against ATMs, where fraudsters rig special devices to the cash machines to record payment card details.
-
World Record : 404907 websites hacked by Iskorpitx (Turkish Hacker) !
-
Everything You Need to Know About Wikileaks - Technology Review
domenica 12 dicembre 2010
Security Incidents of This Week (weekly)
-
Dutch police website attacked after arrest of suspected hacker
-
MasterCard, Visa, Paypal and 4chan – The furor of Wikileaks unleashed | Naked Security
-
Over 200 Indian websites defaced, CBI registers case
More than 200 Indian websites, including that of the Central Bureau of Investigation -, were defaced Friday night by a group which identified itself as the 'Pakistani Cyber Army', officials said. The CBI has registered a case with its cyber crime unit.
The majority of the over 200 websites, as listed in Pakistani media reports, were of private organisations, colleges and companies.
The list of 270 websites included domains like plasticschair.com, allindiacapital.org.in, yogaclassesmumbai.com and glowofindia.co.in. Among them, CBI's website - was the only government site to be defaced, with a message from 'Pakistan Cyber Army' emblazoned under its banner. -
Hackers deface India’s premier investigating agency’s website
-
Millions cashless in bank glitch
ONE of Australia's biggest banks is scrambling to process payments to millions of customers, who potentially face days of uncertainty about when they will be able to access their money.
A corrupted file in the National Australia Bank's computers on Wednesday jammed its payment system
venerdì 10 dicembre 2010
Come usare un Google Account come OpenID (utile anche per Zotero)
Google è un OpenID provider. E' cioè in grado di autenticare utenti su richiesta di altri servizi. L'utente someuser@gmail.com può quindi autenticarsi su un servizio S fornendo le proprie credenziali a Google e non a S. Ovviamente S deve essere predisposto per delegare l'autenticazione a terzi con il protocollo OpenID. L'identificatore da fornire a S è questo:
http://openid-provider.appspot.com/someuser
Apparirà una schermata che dice "sono una demo application, non sono l'endpoint ufficiale di Google" (non c'è da preoccuparsi; è solo una applicazione che fa da bridge tra S e Google, in quanto Google offre---per quanto ne so---solo una interfaccia programmatica per OpenID). Questa applicazione invita ad autenticarsi su Google. Una volta che l'utente si è autenticato, è automaticamente rediretto su S.
Piccola complicazione: adesso S deve capire quale dei propri account locali deve essere collegato all'utente someuser@gmail.com. Per risolvere questo problema l'utente deve adesso autenticarsi anche su S, con username/password di S, ma deve fare questo procedimento solo una volta. Da questo momento in poi potrà autenticarsi su S usando solo ed esclusivamente le credenziali Google.
http://openid-provider.appspot.com/someuser
Apparirà una schermata che dice "sono una demo application, non sono l'endpoint ufficiale di Google" (non c'è da preoccuparsi; è solo una applicazione che fa da bridge tra S e Google, in quanto Google offre---per quanto ne so---solo una interfaccia programmatica per OpenID). Questa applicazione invita ad autenticarsi su Google. Una volta che l'utente si è autenticato, è automaticamente rediretto su S.
Piccola complicazione: adesso S deve capire quale dei propri account locali deve essere collegato all'utente someuser@gmail.com. Per risolvere questo problema l'utente deve adesso autenticarsi anche su S, con username/password di S, ma deve fare questo procedimento solo una volta. Da questo momento in poi potrà autenticarsi su S usando solo ed esclusivamente le credenziali Google.
domenica 5 dicembre 2010
Security Incidents of This Week (weekly)
-
Hackers poison well of open-source FTP app
Hackers breached the main server hosting ProFTPD and remained undetected for three days, causing anyone who downloaded the popular open-source file transfer application during that time to be infected with a backdoor that grants unauthorized access to their systems.
-
Cuffed Oz bank Trojan perp aiming to bleach his hat
A South Australian hacker who admits using banking Trojan malware to infect more than 2,300 computers and steal personal information wants to go from poacher to gamekeeper once his legal problems are behind him.
-
Ransomware Trojan is back and badder than ever
A new variant of the GpCode ransomware encrypts user files on infected Windows PCs using theAES 256 and RSA 1024 encryption algorithms. The malware only encrypts the start of media or Office files, but that's enough to make any data recovery process difficult if not impossible.
-
Large US hosting provider hit in web attack
When innocent users browse these sites, the injected JavaScript adds an iframe element to the page in order to load further malicious content from a remote site.
-
Windows Vista & Windows 7 Kernel Bug Can Bypass UAC
Once again a serious zero-day has hit Windows, this time an unpatched vulnerability in the Kernel.
-
Sunbelt Blog: Navy Memorial site compromised
Unfortunately it seems that the official site of the US Navy Memorial was recently compromised, with the addition of a particularly wordy message for the admins hidden away in a subdirectory, rather than the more obvious target of the frontpage which was left untouched:
-
Hours before a major pro-life Catholic group was to hold a vigil against the reproductive health (RH) bill, a website of the Catholic Bishops' Conference of the Philippines (CBCP) was defaced Saturday morning.
Iscriviti a:
Post (Atom)