Image source:www.youtubeic.com
Remember what your computer teachers or anyone good enough, told you not to tell your “secret words” (Meaning, not just your passwords) to anyone? Well, some hackers send malicious softwares or malwares to capture your keystrokes, copy your precious data, or even control your computer to hack another person. Okay, maybe you know about that too, and even the “hackers use websites for these purposes” thing. But! Did you know that Youtube is not that different from these sites? That’s right. Youtube has these links, and you might just open these things since these links looks trust worthy, and your “friend” sent this link. In short, Youtube is not different from Myspace now. Well, to save yourself from these hackers, just use the search engine in Youtube, or if the link is not in youtube, copy the link and paste it to yahoo or google, and their protection might show the true face of that page. But if you think that its such a hassle, then just don’t open it.

Posted in Hacks, Info, Information, Network Security, Prevention No Comments »

Top Ten Reasons why Websites Get Hacked

Experts say most Web applications can be hacked. Here are the top ten vulnerabilities that could put your Web site at risk.

1. Cross site scripting
2. Injection flaws
3. Malicious file execution
4. Insecure direct object reference
5. Cross site request forgery
6. Information leakage and improper error handling
7. Broken authentication and session management
8. Insecure cryptographic storage
9. Insecure communications
10. Failure to restrict URL access

SOURCE: OWASP (the Open Web Application Security Project)

Related Links For added reading : NetworkWorld.com

Posted in Hacks, Info, Threats, Web Security No Comments »

Suspecting a spyware in your system? Here are some tips on how you could get rid of spyware in your computer:

1. Get, install and periodically run Ad-aware and Spybot Search & Destroy.
2. To prevent reinfection by Aureate/Radiate - search for advert.dll on your system. If it’s there and if you can, delete it (Ad-aware will do this for you). Then create an empty text file, name it advert.dll, make it read-only and save it in your Windows/System directory. Then configure Ad-aware (version 5 or later) to ignore advert.dll.

Posted in Hacks, Info, Network Security, Prevention, Threats, Tips, Web Security No Comments »

A spyware is computer software that is classified as privacy-invasive. This is installed covertly on a personal computer. Once installed, it can monitor the user’s behavior, collect personal information like surfing habits and sites that visited. It can interfere with user control of the computer such as installing additional software, redirecting Web browser activity, accessing websites blindly that will cause more harmful viruses, or diverting advertising revenue to a third party. It can change computer settings, resulting in slow connection speeds, different home pages, and loss of Internet or other programs.

Posted in Hacks, Info, Network Security, Threats, Web Security No Comments »

“Mendacious machines controlled by hackers that reroute Internet traffic from infected computers to fraudulent Web sites are increasingly being used to launch attacks, according to a paper published this week by researchers with the Georgia Institute of Technology and Google Inc.

The paper estimates roughly 68,000 servers on the Internet are returning malicious Domain Name System results, which means people with compromised computers are sometimes being directed to the wrong Web sites — and often have no idea.

The peer-reviewed paper, which offers one of the broadest measurements yet of the number of rogue DNS servers, was presented at the Internet Society’s Network and Distributed System Security Symposium in San Diego.

The fraud works like this: When a user with an affected computer tries to go to, for example, Google’s Web site, they are redirected to a spoof site loaded with malicious code or to a wall of ads whose profits flow back to the hackers.

The hackers who hijack DNS queries are looking to steal personal information, from e-mail login credentials to credit data, and take over infected machines.

The spoof sites run the gamut. Some are stunningly convincing, others amusingly bogus with spelling errors and typos.”

Source

Posted in Hacks, Info, Threats, Web Security No Comments »

“The Scrapkut worm uses active code injection to spread between victims and their friends on Orkut. The malicious code appears on a victim’s scrapbook, containing a link to a supposed YouTube video.

People who click on the link are redirected to an external site hosting malware that’s disguised as a Flash upgrade. Users duped into installing the software get malicious Javascript code injected into their next active Orkut web session. This malicious scrapbook entry is then sent to all the victims’ friends, recommencing the infection cycle.

Source

Posted in Hacks, Info, Web Security No Comments »

A Brute Force attack is an automated process of trial and error used to guess a person’s username, password, credit-card number or cryptographic key.

Many systems will allow the use of weak passwords or cryptographic keys, and users will often choose easy to guess passwords, possibly found in a dictionary. Given this scenario, an attacker would cycle though the dictionary word by word, generating thousands or potentially millions of incorrect guesses searching for the valid password. When a guessed password allows access to the system, the brute force attack has been successful and the attacker is able access the account.

The same trial and error technique is also applicable to guessing encryption keys. When a web site uses a weak or small key size, its possible for an attacker to guess a correct key by testing all possible keys.

Essentially there are two types of brute force attacks, (normal) brute force and reverse brute force. A normal brute force attack uses a single username against many passwords. A reverse brute force attack uses many usernames against one password. In systems with millions of user accounts, the odds of multiple users having the same password dramatically increases. While brute force techniques are highly popular and often successful, they can take hours, weeks or years to complete.

Source

Posted in Hacks, Threats, Web Security No Comments »

5. Swedish Urology Group — Urine Trouble!
Victims: “Hundreds”
Class Action Outrage Scale: 1 out of 10 lawyers

Doctors lost three hard drives containing patients’ personal information, and we mean personal!

4. The Nature Conservancy — Think of It as Recycled Data
Victims: 14,000
Class Action Outrage Scale: 9 out of 10 lawyers

Someone at the Conservancy was thinking locally but acting globally by apparently visiting a website of questionable provenance. The site was poisoned with malware. Soon, malicious hackers were clear-cutting names, home addresses, birthdates, Social Security numbers of employees and their dependents, and, yes, direct deposit bank account numbers. Let’s hope there’s been a climate change in the group’s security department.

3. TSA, Part II – Still Doing DHS Proud!
Victims: 100,000
Class Action Outrage Scale: 3 out of 10 lawyers

Thieves stole a computer hard drive with the names, Social Security numbers, dates of birth and bank account and routing information of current and former employees, including federal air marshals. Don’t worry, though. How easy could it be to pose as an air marshal with only that information?

2. Her Majesty’s Revenue and Customs — One Regrets the Error
Victims: 25 million
Class Action Outrage Scale: 10 out of 10 lawyers

Two CDs containing personal data on about 7 million families went missing in the mail, and the HMRC chancellor resigned. Frankly, we included it just so we could quote sentences like: “The chancellor seeks the advice of the Serious Organised Crime Agency,” and “Mr Cable said he sincerely hoped the discs would not fall into the hands of ‘the criminal fraternity,’” and “Police have visited London rubbish tips in their hunt for missing computer discs.” Makes the worst breach in Britain’s history sound kind of lovely.

1. TJX — ’Sorry About That. Here’s a Gift Card. Come Back Soon for our Sale!’
Victims: Millions of bargain shoppers worldwide
Class Action Outrage Scale: 8 out of 10 lawyers

No breach got more ink this year than TJX’s, which involved some, OK, tens of millions, OK, 50 million, all right all right around 100 million credit and debit card records. Priceless moments included TJX’s defense in press accounts that “our security was comparable to many other major retailers” and the portion of TJX’s proposed settlement with consumers in which the company would hold a three-day “Customer Appreciation Sale” and give some customers $30 store vouchers. (Sorry about the e. coli in the meat in our store; here’s a gift card to buy more meat in our store). After consumer advocates raised a stink, the vouchers were changed to $15 checks. Sad as the whole episode was for consumers, TJX’s stock has remained healthy. Don’t you just love a bargain?

via [CSOOnline]

Posted in Hacks, Info, Network Security, Threats, Web Security No Comments »

Stolen hard drives, websites infected with malware and Social Security numbers as passwords–the most brilliant lunacy of a year full of security disclosures.

10. Monster.com — New Job Posting on Monster.com: CISO for Monster.com?
Victims: 1.3 million
Class Action Outrage Scale: 9 out of 10 lawyers

Hackers allegedly stole legitimate credentials from Monster’s job-seekers to plant malware on the site and execute a phishing scheme. Later we come to learn Monster waited five days to inform customers. When it did, the disclosure letter sounded like a legal CYA, referring to Monster as “The Company” and constantly reminding victims that this kind of things happens to companies all the time. The news hit right after Monster reported lower-than expected earnings and planned layoffs. Ouch!

9. Commerce Bank of Wichita, Kansas — Now That’s Just Showing Off
Victims: 20
Class Action Outrage Scale: 0 out of 10 lawyers

So Commerce discloses that a hacker gained access to a customer database, but that the bad guys only managed to ascertain 20 personal records. “The hacking was quickly detected and stopped, according to the bank,” noted one news story. Twenty records? Anyone else get the sense this is some marketing scheme? You know, set up a breach and stop it quickly to show how effective your security is? PR Genius!

8. Indianapolis Power and Light — Keeping the Lights on a Little Too Long Maybe
Victims: 3,000
Class Action Outrage Scale: 4 out of 10 lawyers

Names, addresses and Social Security numbers of 3,000 Indianapolis Power and Light customers were inadvertently posted online … for up to four years. Of course, a power outage would have solved the problem.

7. TSA — Doing DHS Proud!
Victims: 3,930
Class Action Outrage Scale: 7 out of 10 lawyers

Two laptops with names, addresses, birthdays, Social Security numbers and commercial driver’s license numbers of truckers who transport hazardous materials are missing and considered stolen from TSA. Don’t worry, though. How easy could it be to pose as commercial truck driver transporting hazardous materials with only that information?

6. Shaw’s Supermarket — ’What Should We Use for Passwords? Oh, I Know!’
Victims: 472 store employees
Class Action Outrage Scale: 2 out of 10 lawyers

First, an “individual entered a secure area of the … store and stole a desktop computer,” according to a disclosure letter from the Salem, N.H., store. Doesn’t the fact that a person entered and stole something make it, um, a not secure area of the store? But hey, it was just a training computer. Well … there is this: “The store associates log on to this system by using their Social Security numbers as passwords.” Probably because bank account numbers are too hard to remember.

via [CSOOnline]

Posted in Hacks, Info, Network Security, Threats, Web Security No Comments »

Denial of Service (DoS) is an attack designed to render a computer or network incapable of providing normal services. The most common DoS attacks will target the computer’s network bandwidth or connectivity. Bandwidth attacks flood the network with such a high volume of traffic, that all available network resources are consumed and legitimate user requests can not get through. Connectivity attacks flood a computer with such a high volume of connection requests, that all available operating system resources are consumed, and the computer can no longer process legitimate user requests. The high-profile attacks of the week of February 6th, 2000 were primarily bandwidth attacks, and all of the targets were high-profile internet web sites. A complete description of Denial of Service attacks is available from CERT on http://www.cert.org/tech_tips/denial_of_service.html.

Distributed Denial of Service attack
A Distributed Denial of Service (DDoS) attack uses many computers to launch a coordinated DoS attack against one or more targets. Using client/server technology, the perpetrator is able to multiply the effectiveness of the Denial of Service significantly by harnessing the resources of multiple unwitting accomplice computers which serve as attack platforms. Typically a DDoS master program is installed on one computer using a stolen account. The master program, at a designated time, then communicates to any number of “agent” programs, installed on computers anywhere on the internet. The agents, when they receive the command, initiate the attack. Using client/server technology, the master program can initiate hundreds or even thousands of agent programs within seconds.

Source

Posted in Hacks, Threats No Comments »