“Mendacious machines controlled by hackers that reroute Internet traffic from infected computers to fraudulent Web sites are increasingly being used to launch attacks, according to a paper published this week by researchers with the Georgia Institute of Technology and Google Inc.

The paper estimates roughly 68,000 servers on the Internet are returning malicious Domain Name System results, which means people with compromised computers are sometimes being directed to the wrong Web sites — and often have no idea.

The peer-reviewed paper, which offers one of the broadest measurements yet of the number of rogue DNS servers, was presented at the Internet Society’s Network and Distributed System Security Symposium in San Diego.

The fraud works like this: When a user with an affected computer tries to go to, for example, Google’s Web site, they are redirected to a spoof site loaded with malicious code or to a wall of ads whose profits flow back to the hackers.

The hackers who hijack DNS queries are looking to steal personal information, from e-mail login credentials to credit data, and take over infected machines.

The spoof sites run the gamut. Some are stunningly convincing, others amusingly bogus with spelling errors and typos.”

Source

Posted in Hacks, Info, Threats, Web Security No Comments »

Suspecting a spyware in your system? Here are some tips on how you could get rid of spyware in your computer:

1. Get, install and periodically run Ad-aware and Spybot Search & Destroy.
2. To prevent reinfection by Aureate/Radiate – search for advert.dll on your system. If it’s there and if you can, delete it (Ad-aware will do this for you). Then create an empty text file, name it advert.dll, make it read-only and save it in your Windows/System directory. Then configure Ad-aware (version 5 or later) to ignore advert.dll.

Posted in Hacks, Info, Network Security, Prevention, Threats, Tips, Web Security No Comments »

The world of cyber-crime has grown so much in these past few years due to the explosion of growth with respect to the number of internet users the world over. It has not only expanded on the side of normal people but on the side of cyber-criminals who now operate on their own networks, spanning the globe and ready to spread their products, malicious code that first scans the globe for weak points in the security net that we all put up to somewhat give us a sense of security from the ever-growing threat which is actually futile to some extent. Please tell me more! »

Posted in Hacks, Information, Network Security, Threats No Comments »

Image Source: blog.wired.com

Well, not by the terrorists. But by the computer terrorists. Those whose intentions are to seek and destroy other people’s and institutions’ properties and businesses. Now even the White House is being attacked. Just recently, it was also discovered that even presidential campaigns of Obama and McCain were hacked during summer. the White House email archives were compromised many times during the past months. After those attacks, they just put up new defense systems to counter those unnecessary attacks. A new unit tasked of keeping cyber security, the National Cyber Investigative Joint Task Force were able to trace the attacks from servers that are based in China. Ultimately they were able to hack unclassified documents from the White House.

Posted in Hacks No Comments »

Image source:www.youtubeic.com
Remember what your computer teachers or anyone good enough, told you not to tell your “secret words” (Meaning, not just your passwords) to anyone? Well, some hackers send malicious softwares or malwares to capture your keystrokes, copy your precious data, or even control your computer to hack another person. Okay, maybe you know about that too, and even the “hackers use websites for these purposes” thing. But! Did you know that Youtube is not that different from these sites? That’s right. Youtube has these links, and you might just open these things since these links looks trust worthy, and your “friend” sent this link. In short, Youtube is not different from Myspace now. Well, to save yourself from these hackers, just use the search engine in Youtube, or if the link is not in youtube, copy the link and paste it to yahoo or google, and their protection might show the true face of that page. But if you think that its such a hassle, then just don’t open it.

Posted in Hacks, Info, Information, Network Security, Prevention No Comments »

Top Ten Reasons why Websites Get Hacked

Experts say most Web applications can be hacked. Here are the top ten vulnerabilities that could put your Web site at risk.

1. Cross site scripting
2. Injection flaws
3. Malicious file execution
4. Insecure direct object reference
5. Cross site request forgery
6. Information leakage and improper error handling
7. Broken authentication and session management
8. Insecure cryptographic storage
9. Insecure communications
10. Failure to restrict URL access

SOURCE: OWASP (the Open Web Application Security Project)

Related Links For added reading : NetworkWorld.com

Posted in Hacks, Info, Threats, Web Security No Comments »

A spyware is computer software that is classified as privacy-invasive. This is installed covertly on a personal computer. Once installed, it can monitor the user’s behavior, collect personal information like surfing habits and sites that visited. It can interfere with user control of the computer such as installing additional software, redirecting Web browser activity, accessing websites blindly that will cause more harmful viruses, or diverting advertising revenue to a third party. It can change computer settings, resulting in slow connection speeds, different home pages, and loss of Internet or other programs.

Posted in Hacks, Info, Network Security, Threats, Web Security No Comments »

“The Scrapkut worm uses active code injection to spread between victims and their friends on Orkut. The malicious code appears on a victim’s scrapbook, containing a link to a supposed YouTube video.

People who click on the link are redirected to an external site hosting malware that’s disguised as a Flash upgrade. Users duped into installing the software get malicious Javascript code injected into their next active Orkut web session. This malicious scrapbook entry is then sent to all the victims’ friends, recommencing the infection cycle.

Source

Posted in Hacks, Info, Web Security No Comments »

A Brute Force attack is an automated process of trial and error used to guess a person’s username, password, credit-card number or cryptographic key.

Many systems will allow the use of weak passwords or cryptographic keys, and users will often choose easy to guess passwords, possibly found in a dictionary. Given this scenario, an attacker would cycle though the dictionary word by word, generating thousands or potentially millions of incorrect guesses searching for the valid password. When a guessed password allows access to the system, the brute force attack has been successful and the attacker is able access the account.

The same trial and error technique is also applicable to guessing encryption keys. When a web site uses a weak or small key size, its possible for an attacker to guess a correct key by testing all possible keys.

Essentially there are two types of brute force attacks, (normal) brute force and reverse brute force. A normal brute force attack uses a single username against many passwords. A reverse brute force attack uses many usernames against one password. In systems with millions of user accounts, the odds of multiple users having the same password dramatically increases. While brute force techniques are highly popular and often successful, they can take hours, weeks or years to complete.

Source

Posted in Hacks, Threats, Web Security No Comments »

Stolen hard drives, websites infected with malware and Social Security numbers as passwords–the most brilliant lunacy of a year full of security disclosures.

10. Monster.com — New Job Posting on Monster.com: CISO for Monster.com?
Victims: 1.3 million
Class Action Outrage Scale: 9 out of 10 lawyers

Hackers allegedly stole legitimate credentials from Monster’s job-seekers to plant malware on the site and execute a phishing scheme. Later we come to learn Monster waited five days to inform customers. When it did, the disclosure letter sounded like a legal CYA, referring to Monster as “The Company” and constantly reminding victims that this kind of things happens to companies all the time. The news hit right after Monster reported lower-than expected earnings and planned layoffs. Ouch!

9. Commerce Bank of Wichita, Kansas — Now That’s Just Showing Off
Victims: 20
Class Action Outrage Scale: 0 out of 10 lawyers

So Commerce discloses that a hacker gained access to a customer database, but that the bad guys only managed to ascertain 20 personal records. “The hacking was quickly detected and stopped, according to the bank,” noted one news story. Twenty records? Anyone else get the sense this is some marketing scheme? You know, set up a breach and stop it quickly to show how effective your security is? PR Genius!

8. Indianapolis Power and Light — Keeping the Lights on a Little Too Long Maybe
Victims: 3,000
Class Action Outrage Scale: 4 out of 10 lawyers

Names, addresses and Social Security numbers of 3,000 Indianapolis Power and Light customers were inadvertently posted online … for up to four years. Of course, a power outage would have solved the problem.

7. TSA — Doing DHS Proud!
Victims: 3,930
Class Action Outrage Scale: 7 out of 10 lawyers

Two laptops with names, addresses, birthdays, Social Security numbers and commercial driver’s license numbers of truckers who transport hazardous materials are missing and considered stolen from TSA. Don’t worry, though. How easy could it be to pose as commercial truck driver transporting hazardous materials with only that information?

6. Shaw’s Supermarket — ’What Should We Use for Passwords? Oh, I Know!’
Victims: 472 store employees
Class Action Outrage Scale: 2 out of 10 lawyers

First, an “individual entered a secure area of the … store and stole a desktop computer,” according to a disclosure letter from the Salem, N.H., store. Doesn’t the fact that a person entered and stole something make it, um, a not secure area of the store? But hey, it was just a training computer. Well … there is this: “The store associates log on to this system by using their Social Security numbers as passwords.” Probably because bank account numbers are too hard to remember.

via [CSOOnline]

Posted in Hacks, Info, Network Security, Threats, Web Security No Comments »