Next »« Previous

TheRegister.co.uk – Ensuring SPAM emails live on

Published at: 06:10 pm - Monday October 24 2011

 It seems the team at the popular tech news and review site TheRegister.co.uk didn’t quite have enough Coffee this Monday morning as they mistakenly sent an email out to 3,521 of it’s subscribers with the email address details of 46,524 of it’s readers. It seems a lot less people subscribe than actually read the articles.

The following article was published by ‘Team Register’ earlier today. Funny enough it didn’t stay in the main ”Top Story’ carousel for long and was then ditched to the ‘Security’ arena.

“By Team RegisterGet more from this author

Posted in Site News, 24th October 2011 10:07 GMT

Between 8:58 and 10:20 BST this morning we sent an email to 3,521 of you that contained the names and email addresses of 46,524 of our readers.

Obviously, this was an error. The two-stage send process that is the norm for all of our mailers was over-looked because someone was in a hurry.

We would like to offer our genuine and humble apologies for the error.

If you would like to vent at that someone, their email address is here: data@theregister.co.uk.

We are in the process of blowing the whistle on ourselves to the ICO over the matter.”

(more…)

Posted in: Human Factor by Zac No Comments , , , , , , , , , , , , , , ,

Anonymous Hackers Target Child Porn Websites

Published at: 01:10 pm - Sunday October 23 2011

The Anonymous campaign began Oct. 14, when members of the hacktivist group found a cache of child-pornography websites while browsing a secret website called the Hidden Wiki, a guidebook to hundreds of underground websites invisible to search engines and regular Internet users. The hackers singled out Lolita City, a file-sharing site used by pedophiles, and leaked the names of the site’s 1,589 active members to Pastebin on Tuesday (Oct. 18), the Examiner reported.

Member of Anonymous deciding to hack a website whose stance they don’t agree with is by no means shocking news. In the past year, Anonymous-affiliated hackers have gone after the New York Stock Exchange, the Westboro Baptist Church, the Recording Industry Association of America and government sites in Malaysia, Egypt, Tunisia and Zimbabwe.

However, in targeting child pornography sites, and in explaining its methods of attack, these Anonymous-affiliated hackers have revealed a deeply disturbing side of the Internet unknown to most people.

The so-called “darknet,” from which this “Operation Darknet” hacking campaign takes its name, is any part of the Internet that is hidden from view — not just hard to reach, but deliberately concealed. In this instance, a darknet appears to have grown out of the free TOR routing service, which offers anonymous, encrypted Web browsing to any user.

Posted in: Anonymous, Hacked by Zac No Comments , , , , , ,

Not enough hours in the day

Published at: 07:10 pm - Thursday October 20 2011

It’s been a while since I posted a good old blog article on here and that is mainly as I’m sure you can tell from the title because it’s a little hectic. But the blog is important to me and deserves my attention.

Time at the moment just seems to flying by. First September and now it’s nearly the end of October and it’ll be Christmas in no time.

I don’t remember time being like this and the complete and utter lack of hours in the day. 24 hours! is that all! I’m currently on a personal mission to see exactly how many hours sleep I actually need to survive as they are so precious to me with working mad hours each week, studying essentially two college courses and other personal projects I like to dip my finger into.

Whilst at the same time trying to produce high quality work and solid focused time for everything.

Juggling is interesting and I do enjoy new challenges…..but eventually I suspect something may get dropped.

Anyway…..over the coming days and weeks I plan to offer an insight into the articles which I am using to keep up to date and on track in the IT/InfoSec arena. Many of these will be posted on here as well as via the occasional tweet and re-tweet as I’m flying around. Feel free to give us a shout on Twitter if there’s anything I may miss.

 As a side note, the site ‘About Page’ has been updated and a few things moved from the home page to give better access to the articles. Head over and take a look.

 

 

Posted in: Human Factor by Zac No Comments , , , , , ,

Find ‘anyone’s’ car – not just yours

Published at: 02:09 am - Wednesday September 14 2011

Source: Troy Hunt

When news came through recently about the Bondi Westfield shopping centre’s new “Find my car” feature, the security and privacy implications almost jumped off the page:

“Wait – so you mean all I do is enter a number plate – any number plate – and I get back all this info about other cars parked in the centre? Whoa.”

If that statement sounds a bit liberal, read on and you’ll see just how much information Westfield is intentionally disclosing to the public.

(more…)

Posted in: Human Factor, Mobile, Privacy, Surveillance State by Zac No Comments , , , , , , , , , , , , , , , ,

Irish Catholic paper hacked: ‘Gotta love false hope’

Published at: 11:09 am - Monday September 12 2011

A security breach has left several sites including the Irish Catholic defaced.

Atheistic hackers defaced the paper’s site at http://www.irishcatholic.ie/site on sunday with a message mocking religion that also fired barbs at a site admin.

The message, headed, You.Got.Taken (screenshot below), states: “The Irish Catholic – Ireland’s biggest and best-selling Catholic newspaper since 1888 is currently hacked We should be back shortly. Thank you for your patience. And wish you to continue beliveing in your false religion.”

“Gotta love false hope,” it adds.

Unusually the defacement goes on to criticise the administrator of the site by name. “Get your act together. Several large sites on one server? Not a smart move Aidan Murphy. Watch your data.”

Posted in: Hacked by Zac No Comments , , , , ,

DefCon 2011 Presentations – Ready for download

Published at: 09:08 pm - Friday August 12 2011
#DefCon 19 : Presentations from the Defcon Conference for Download
 
Defcon 19 presentations available for download, Go check out the presentations from this year’s defcon conference here: http://good.net/dl/k4r3lj/DEFCON19/

For folks that don’t have time to click:
curl -silent http://good.net/dl/k4r3lj/DEFCON19/ | grep -i ‘pdf’ | cut -d ‘”‘ -f 8 | cut -d ‘<‘ -f 1 | grep -v ‘/’ > dc19pdf.txt; for i in $(cat dc19pdf.txt); do curl –location “http://THIS-DOWNLOAD-WOULD-BE-FASTER-WITH-A-PREMIUM-ACCOUNT-AT-good.net” -L “http://good.net/dl/k4r3lj/DEFCON19/$i” > $i; done

 

Posted in: Education & Training, Security by Zac No Comments , , , ,

Penetration Testing Toolkit coming to Android

Published at: 09:08 pm - Friday August 12 2011
#DefCon 19 : Android Network Toolkit for Penetration Testing and Hacking

 

Have an Android and wanna start pwning people, networks and machines like penetration testers do? Defcon 2011 is in full hacking swing, and Itzhak Avraham — “Zuk” for short — and his company Zimperium have unveiled the Android Network Toolkit for easy hacking on the go. Need to find vulnerabilities on devices using nearby networks? The app, dubbed “Anti” for short, allows you to simply push a button to do things like search a WiFi network for potential targets, or even take control of a PC trojan-style.

The firm says the tool’s purpose is for people to find aged exploits and patch them so that “hacking” their network and taking control of devices connected to it isn’t as easy as putting together a 10 piece puzzle. It will allow users to do more than just “find” these exploits, though – you can actually act on them as if you had every intent to cause malintent.Commands like “man-in-the-middle”, a snooping tool, and “attack” allow users to intercept data and control devices with the push of a button.

$10 can buy you a “corporate upgrade” of Anti, but otherwise the free app will bring mobile and advanced hacking to the masses. Zuk will offer Anti in the Android Market this week. If you have known and unpatched vulnerabilities in your network or your devices, then you are a potential target so fix it or be prepare to be exploited. Consider this a warning you should heed.

According to Forbes, it’s much like Firesheep, and Zuk refers to Anti as a “penetration tool for the masses.” Apparently, his end-goal is to simplify “advanced” hacking and put it within pocket’s reach, but he also hopes it’ll be used mostly for good. Anti should be available via the Android Market this week for free, alongside a $10 “corporate upgrade.” Consider yourself warned.

Posted in: Education & Training, Ethical Hacking/Pen-Testing, Mobile, Security, Vulnerabilities by Zac No Comments , , , , , , , ,

UK mobile data service survey launched

Published at: 08:07 pm - Monday July 18 2011

The BBC is launching aUKwide 3G data service survey to see exactly what the true coverage map looks like via a Android app.

Many service providers provide their own map of coverage forUKto there existing and potential customers. However this will be the firstUKwide completely independent survey carried out by the BBC.

The survey will be conducted by Independent Android users using the Google Android platform handsets and downloading an application from theAndroid Market Place.

To download the app search ‘UK 3G Survey’ for the app created by Epitiro Ltd or scan the QR code below using a ‘Barcode’ scanning app available on the Android Market Place.

QR code for Android app
Download via QR code
Posted in: Android, Mobile by Zac No Comments , , , , , , , , , , , , , , ,

Security precautions for mobile business applications

Published at: 02:07 pm - Friday July 08 2011

By ForHacSec.com columnist – Fergal Glynn at Veracode.com

Mobile applications have become one of the hottest trends, but this has come at a price. The sharp rise in popularity means businesses are rushing their apps to the market, while security has taken a back seat. Neither the developers, nor the app stores, test web applications before offering them to the public and this comes with a whole host of side effects. When you consider that an estimated 50% of all smartphone users connect their phones to a corporate network, this is disastrous.

At the source of the issue is the failure for developers and businesses to remember security is not a feature; it is a process. Think of a mobile device like a bag with holes in it and the information it contains are priceless diamonds. It’s overflowing and it’s your job to keep them protected and in the bag.

Phone security is divided into four separate sections called the Security Stack. The top layers rely on the lower ones for their security. Think of it like a tower made of blocks.

(more…)

Posted in: Mobile, Security by Zac No Comments , , , ,

Lulzsec reportedly disbands

Published at: 08:06 am - Sunday June 26 2011

A hacker group that has attacked several high-profile websites over the last two months has announced that it is disbanding.

Lulz Security made its announcement through its Twitter account, giving no reason for its decision.

A statement published on a file-sharing website said that its “planned 50-day cruise has expired”.

The group leapt to prominence by carrying out attacks on companies such as Sony and Nintendo.

Broadcasters Fox and PBS, the CIA, and the United States Senate have also been cyber-attacked by the group.

As a parting shot, the group released a selection of documents apparently including confidential material taken from the Arizona police department and US telecoms giant AT&T.

(more…)

Posted in: Ethical Hacking/Pen-Testing, Hacking, Lulzsec by Zac No Comments , , , , , , , , ,
Next »« Previous