-
Why you never use ATMs in the hotel defcon is hosted in, or near
Just got back from vegas and finally started catching up. Looks like a fake ATM was placed at defcon (no surprise). "As the conference was kicking off a few days ago, attendees noticed that at ATM placed in the Riviera Hotel, which plays host to the annual event, didn't quite look right, according to a…
-
Antisec hackers replace all imageshack images!
The hacking group/movement antisec has replaced every image on imageshack with a hacked image and has posted the following to the full disclosure mailing list. " __ .__ _____ _____/ |_|__| ______ ____ ____ \__ \ / \ __\ | ______ / ___// __ \_/ ___\ / __ \| | \ …
-
C0mrade’s Suicide Linked to TJX Probe
“I have no faith in the ‘justice’ system,” he wrote. ” Perhaps my actions today, and this letter, will send a stronger message to the public. Either way, I have lost control over this situation, and this is my only way to regain control.” The note was provided to Wired.com this week by James’ father,…
-
Hacker Extradited For Stock Market Manipulation Via Stolen Accounts
"The three were charged two years ago for a 2006 scheme in which they allegedly hacked into online brokerages or created new accounts using stolen identities, then bought and sold stocks in order to manipulate prices to their benefit. They hacked into more than 60 accounts in nine brokerage firms, including ETrade and TD Ameritrade,…
-
Security Guard Busted For Hacking Hospital’s HVAC, Patient Information Computers
"A former security guard for a Dallas hospital has been arrested by federal authorities for allegedly breaking into the facility's HVAC and confidential patient information computer systems. In a bizarre twist, he posted videos of his hacks on YouTube, and was trying to recruit other hackers to help him wage a massive DDoS attack on…
-
Blind Hacker Sentenced to 11 Years in Prison
"A legally blind Massachusetts phone hacker was sentenced Friday to over 11 years in federal prison, following his guilty plea on computer intrusion and witness intimidation charges earlier this year. Matthew Weigman, 19, was sentenced in Dallas by U.S. District Judge Barbara M.G. Lynn, according to the U.S. Attorney’s Office there. There is no parole…
-
Max Vision Pleads Guilty To Wire Fraud/Carding
"A San Francisco man pleaded guilty today in Pittsburgh this afternoon to federal charges of hacking into computer systems of financial institutions and other hackers to steal nearly 2 million credit card numbers, which were used to rack up more than $86 million in fraudulent charges. Max Ray Vision, formerly Max Ray Butler, pleaded guilty…
-
FTP login credentials at major corporations breached
"A trojan has reportedly been uncovered that is harvesting FTP login data of major corporations, including the Bank of America, BBC, Amazon, Cisco, Monster.com, Symantec and McAfee. According to a report in the Friday edition of The Register, Jacques Erasmus, CTO at Prevx, an internet security vendor headquartered in the U.K., discovered a site where…
-
Iran accuses CNN of training hackers to launch DDOS attacks
"Iran's foreign ministry spokesman accused the cable network CNN of "officially" training people to "hack government and foreign ministry" websites on Monday, citing a CNN.com article that explained how hackers were launching distributed denial-of-service (DDOS) attacks on Iranian government sites. "They officially trained the people to come and hack Iran's government websites," spokesman Hassan Qashqavi…
-
Stephen Watt/JimJones/Unix Terrorist to be Sentenced Monday
Original Photo (c) from sensepost, butchered by cgisecurity Watt (also known as Unix Terrorist and JimJones) pictured far right during a Defcon talk (video available). “Watt, a 7-foot-tall software engineer who was working for Morgan Stanley at the time the hacks occurred, pleaded guilty in December to creating a sniffing program dubbed “blabla” that Gonzalez…
-
Hacker cracks TinyURL rival, redirects millions of Twitter users
"A URL-shortening service that condenses long Web addresses for use on micro-blogging sites like Twitter was hacked over the weekend, sending millions of users to an unintended destination, a security researcher said today. After Cligs, a rival to the better known TinyURL and bit.ly shortening services, was attacked Sunday, more than 2.2 million Web addresses…
-
100,000 sites deleted in hack, software company boss commits suicide
"The boss of Indian software firm LxLabs was found dead in a suspected suicide on Monday. Reports of the death of K T Ligesh, 32, come in the wake of the exploitation of a critical vulnerability in HyperVM, a virtualization application made by LXLabs, to wipe out data on 100,000 sites hosted by the UK…
-
T-Mobile confirms hackers’ info is legit
"The information posted over the weekend by hackers who claimed to have hacked T-Mobile is legit, T-Mobile now says. But, it's not clear that the hackers have the full access to T-Mobile systems they claim. On Saturday, hackers posted what appear to be logfiles taken from T-Mobile's networks to the Full Disclosure mailing list, claiming…
-
When XSS can cost you $10,000
"Did you hear the one about the hacker-free e-mail service that was so confident about its enhanced security measure that it offered up $10,000 to anyone who could hack into it? It got hacked. Here’s the part that’s really crazy, though. There was initially some question as to whether or not the team of three…
-
Astalavista.com hacked
"For those who don't know of Astalavista, it was a popular website for "hackers" with relatively low-quality content. It started in 1994, and was one of the first search engines for computer security information. It hosted software exploits, and quickly degenerated into a forum for sharing software cracks, spyware, and virii. Yes man, the historical…
-
Report: Mass Injection Attack Affects 40,000 Websites
"Researchers at Websense have discovered a mass injection attack that is redirecting Web browsers to a malware-bearing site. According to a weekend report by researchers at Websense, thousands of legitimate Web sites have been discovered to be injected with malicious Javascript, obfuscated code that leads to an active exploit site. "The active exploit site uses…
-
Avsim Flight simulation site deleted by hacker, no backups….
"The site, which launched in 1996, covered all aspects of flight simulation, although its main focus was on Microsoft's Flight Simulator. The attack took down the site's two servers and the owners had not established an external backup system. The site's founder, Tom Allensworth, said that the site would be down for the foreseeable future…
-
Lessons Learned from Time’s Most Influencial Poll Abuse: Part 1
"In a text book case of web applications being abused due to insufficient anti-automation defenses, the Time Magazine's Internet poll of the most influential 100 people was bombarded with various methods to manipulate the results. The WASC Web Hacking Incident Database provides a great overview of the various tactics that Moot supporters used to influence…
-
Hackers steal UC Berkeley health records
"The University of California at Berkeley started warning students and alumni on Friday that online thieves infiltrated the school's restricted servers and stole medical records on more than 160,000 individuals. The database exposed by the breach held information on UC Berkeley's students, alumni and staff, including health insurance information and Social Security numbers, the university…
-
Swede charged in cisco hack involving theft of trade secrets
"A 21-year-old Swede has been charged with hacking into Cisco Systems Inc. (NASDAQ:CSCO)'s computers and stealing trade secrets, U.S. officials say. Philip Gabriel Pettersson, also known as "Stakkato," was named in a five-count indictment that includes one count of intrusion and two of trade secret misappropriation involving the San Jose, Calif., computer networking giant, the…
-
Hackers Break Into Virginia Health Professions Database, Demand Ransom
"Hackers last week broke into a Virginia state Web site used by pharmacists to track prescription drug abuse. They deleted records on more than 8 million patients and replaced the site's homepage with a ransom note demanding $10 million for the return of the records, according to a posting on Wikileaks.org, an online clearinghouse for…
-
McAfee site vulnerable to xss
"McAfee, widely recognized as one of the leading providers of online security software for both home and business, appears to be struggling to secure its own Web sites, which at the time of writing this post, allow anyone with enough tech savvy to covertly do whatever they want on, and with, the site. During tests…
-
Twitter hacked again….
Twitter has been hacked again and had it's administrative panel (which shouldn't be web accessible) breached. "This week, unauthorized access to Twitter was gained by an outside party. Our initial security reviews and investigations indicate that no account information was altered or removed in any way. However, we discovered that 10 individual accounts were viewed…
-
Amazon CSRF “hack” in detail?
UPDATE: According to an updated Wired news story this is a sham and no hacker was involved. RSnake recently posted an entry linking to the write up on how a Cross-Site Request Forgery flaw in amazon was used to get Gay and Lesbian books banned from amazon's site via their reputation system. From the person…
-
FBI CIPAV Spyware Snaring Extortionists and Hackers for Years
"A sophisticated FBI-produced spyware program has played a crucial behind-the-scenes role in federal investigations into extortion plots, terrorist threats and hacker attacks in cases stretching back at least seven years, newly declassified documents show. First reported by Wired.com, the software, called a "computer and internet protocol address verifier," or CIPAV, is designed to infiltrate a…