5. Swedish Urology Group — Urine Trouble!
Victims: “Hundreds”
Class Action Outrage Scale: 1 out of 10 lawyers

Doctors lost three hard drives containing patients’ personal information, and we mean personal!

4. The Nature Conservancy — Think of It as Recycled Data
Victims: 14,000
Class Action Outrage Scale: 9 out of 10 lawyers

Someone at the Conservancy was thinking locally but acting globally by apparently visiting a website of questionable provenance. The site was poisoned with malware. Soon, malicious hackers were clear-cutting names, home addresses, birthdates, Social Security numbers of employees and their dependents, and, yes, direct deposit bank account numbers. Let’s hope there’s been a climate change in the group’s security department.

3. TSA, Part II – Still Doing DHS Proud!
Victims: 100,000
Class Action Outrage Scale: 3 out of 10 lawyers

Thieves stole a computer hard drive with the names, Social Security numbers, dates of birth and bank account and routing information of current and former employees, including federal air marshals. Don’t worry, though. How easy could it be to pose as an air marshal with only that information?

2. Her Majesty’s Revenue and Customs — One Regrets the Error
Victims: 25 million
Class Action Outrage Scale: 10 out of 10 lawyers

Two CDs containing personal data on about 7 million families went missing in the mail, and the HMRC chancellor resigned. Frankly, we included it just so we could quote sentences like: “The chancellor seeks the advice of the Serious Organised Crime Agency,” and “Mr Cable said he sincerely hoped the discs would not fall into the hands of ‘the criminal fraternity,’” and “Police have visited London rubbish tips in their hunt for missing computer discs.” Makes the worst breach in Britain’s history sound kind of lovely.

1. TJX — ’Sorry About That. Here’s a Gift Card. Come Back Soon for our Sale!’
Victims: Millions of bargain shoppers worldwide
Class Action Outrage Scale: 8 out of 10 lawyers

No breach got more ink this year than TJX’s, which involved some, OK, tens of millions, OK, 50 million, all right all right around 100 million credit and debit card records. Priceless moments included TJX’s defense in press accounts that “our security was comparable to many other major retailers” and the portion of TJX’s proposed settlement with consumers in which the company would hold a three-day “Customer Appreciation Sale” and give some customers $30 store vouchers. (Sorry about the e. coli in the meat in our store; here’s a gift card to buy more meat in our store). After consumer advocates raised a stink, the vouchers were changed to $15 checks. Sad as the whole episode was for consumers, TJX’s stock has remained healthy. Don’t you just love a bargain?

via [CSOOnline]

Posted in Hacks, Info, Network Security, Threats, Web Security Comments Off

Denial of Service (DoS) is an attack designed to render a computer or network incapable of providing normal services. The most common DoS attacks will target the computer’s network bandwidth or connectivity. Bandwidth attacks flood the network with such a high volume of traffic, that all available network resources are consumed and legitimate user requests can not get through. Connectivity attacks flood a computer with such a high volume of connection requests, that all available operating system resources are consumed, and the computer can no longer process legitimate user requests. The high-profile attacks of the week of February 6th, 2000 were primarily bandwidth attacks, and all of the targets were high-profile internet web sites. A complete description of Denial of Service attacks is available from CERT on http://www.cert.org/tech_tips/denial_of_service.html.

Distributed Denial of Service attack
A Distributed Denial of Service (DDoS) attack uses many computers to launch a coordinated DoS attack against one or more targets. Using client/server technology, the perpetrator is able to multiply the effectiveness of the Denial of Service significantly by harnessing the resources of multiple unwitting accomplice computers which serve as attack platforms. Typically a DDoS master program is installed on one computer using a stolen account. The master program, at a designated time, then communicates to any number of “agent” programs, installed on computers anywhere on the internet. The agents, when they receive the command, initiate the attack. Using client/server technology, the master program can initiate hundreds or even thousands of agent programs within seconds.

Source

Posted in Hacks, Threats Comments Off

“Mendacious machines controlled by hackers that reroute Internet traffic from infected computers to fraudulent Web sites are increasingly being used to launch attacks, according to a paper published this week by researchers with the Georgia Institute of Technology and Google Inc.

The paper estimates roughly 68,000 servers on the Internet are returning malicious Domain Name System results, which means people with compromised computers are sometimes being directed to the wrong Web sites — and often have no idea.

The peer-reviewed paper, which offers one of the broadest measurements yet of the number of rogue DNS servers, was presented at the Internet Society’s Network and Distributed System Security Symposium in San Diego.

The fraud works like this: When a user with an affected computer tries to go to, for example, Google’s Web site, they are redirected to a spoof site loaded with malicious code or to a wall of ads whose profits flow back to the hackers.

The hackers who hijack DNS queries are looking to steal personal information, from e-mail login credentials to credit data, and take over infected machines.

The spoof sites run the gamut. Some are stunningly convincing, others amusingly bogus with spelling errors and typos.”

Source

Posted in Hacks, Info, Threats, Web Security Comments Off

Suspecting a spyware in your system? Here are some tips on how you could get rid of spyware in your computer:

1. Get, install and periodically run Ad-aware and Spybot Search & Destroy.
2. To prevent reinfection by Aureate/Radiate – search for advert.dll on your system. If it’s there and if you can, delete it (Ad-aware will do this for you). Then create an empty text file, name it advert.dll, make it read-only and save it in your Windows/System directory. Then configure Ad-aware (version 5 or later) to ignore advert.dll.

Posted in Hacks, Info, Network Security, Prevention, Threats, Tips, Web Security Comments Off

The world of cyber-crime has grown so much in these past few years due to the explosion of growth with respect to the number of internet users the world over. It has not only expanded on the side of normal people but on the side of cyber-criminals who now operate on their own networks, spanning the globe and ready to spread their products, malicious code that first scans the globe for weak points in the security net that we all put up to somewhat give us a sense of security from the ever-growing threat which is actually futile to some extent. Please tell me more! »

Posted in Hacks, Information, Network Security, Threats Comments Off

Image Source: blog.wired.com

Well, not by the terrorists. But by the computer terrorists. Those whose intentions are to seek and destroy other people’s and institutions’ properties and businesses. Now even the White House is being attacked. Just recently, it was also discovered that even presidential campaigns of Obama and McCain were hacked during summer. the White House email archives were compromised many times during the past months. After those attacks, they just put up new defense systems to counter those unnecessary attacks. A new unit tasked of keeping cyber security, the National Cyber Investigative Joint Task Force were able to trace the attacks from servers that are based in China. Ultimately they were able to hack unclassified documents from the White House.

Posted in Hacks Comments Off

Image source:www.youtubeic.com
Remember what your computer teachers or anyone good enough, told you not to tell your “secret words” (Meaning, not just your passwords) to anyone? Well, some hackers send malicious softwares or malwares to capture your keystrokes, copy your precious data, or even control your computer to hack another person. Okay, maybe you know about that too, and even the “hackers use websites for these purposes” thing. But! Did you know that Youtube is not that different from these sites? That’s right. Youtube has these links, and you might just open these things since these links looks trust worthy, and your “friend” sent this link. In short, Youtube is not different from Myspace now. Well, to save yourself from these hackers, just use the search engine in Youtube, or if the link is not in youtube, copy the link and paste it to yahoo or google, and their protection might show the true face of that page. But if you think that its such a hassle, then just don’t open it.

Posted in Hacks, Info, Information, Network Security, Prevention Comments Off

Top Ten Reasons why Websites Get Hacked

Experts say most Web applications can be hacked. Here are the top ten vulnerabilities that could put your Web site at risk.

1. Cross site scripting
2. Injection flaws
3. Malicious file execution
4. Insecure direct object reference
5. Cross site request forgery
6. Information leakage and improper error handling
7. Broken authentication and session management
8. Insecure cryptographic storage
9. Insecure communications
10. Failure to restrict URL access

SOURCE: OWASP (the Open Web Application Security Project)

Related Links For added reading : NetworkWorld.com

Posted in Hacks, Info, Threats, Web Security Comments Off

A spyware is computer software that is classified as privacy-invasive. This is installed covertly on a personal computer. Once installed, it can monitor the user’s behavior, collect personal information like surfing habits and sites that visited. It can interfere with user control of the computer such as installing additional software, redirecting Web browser activity, accessing websites blindly that will cause more harmful viruses, or diverting advertising revenue to a third party. It can change computer settings, resulting in slow connection speeds, different home pages, and loss of Internet or other programs.

Posted in Hacks, Info, Network Security, Threats, Web Security Comments Off

“The Scrapkut worm uses active code injection to spread between victims and their friends on Orkut. The malicious code appears on a victim’s scrapbook, containing a link to a supposed YouTube video.

People who click on the link are redirected to an external site hosting malware that’s disguised as a Flash upgrade. Users duped into installing the software get malicious Javascript code injected into their next active Orkut web session. This malicious scrapbook entry is then sent to all the victims’ friends, recommencing the infection cycle.

Source

Posted in Hacks, Info, Web Security Comments Off