ITsecurity
twitter facebook rss

A serious unfixed flaw in Facebook – maybe

Posted by Kevin on November 13, 2014

Vivek Bansal wrote to me. I have something fantastic to share with you all which can give your readers an interesting read ! This story is to bring your attention on a very serious security breach from Facebook and their casual attitude towards it. Some 11 months ago Bansal responsibly reported a Facebook flaw. Facebook […]

A typo to rival The Guardian’s best

Posted by Kevin on November 4, 2014

From: Google Drive once again exploited in a sophisticated phishing attack Analyzing the code of the page, the experts discovered the presence of the Chrome save tag, which indicates that phishers behind the campaign have saved the source of the legitimate Google Drive login page and added malicious cod Share This:

The curse of online permanency

Posted by Kevin on November 2, 2014

The curse of online permanency and small or lacking dates… It’s happened to all of us; but some of us was lucky to get away with it. Share This:

Israeli site hacked by AnonGhost

Posted by Kevin on October 27, 2014

Pro-Palestine hacking group AnonGhost has hacked the Israeli site LifTech-area.info. At the time of writing, the site is still showing AnonGhost’s calling card: According to WHOIS, LifTech.info is registered to GoDaddy and was created in 2012 in HaSharon, Israel. Share This:

HTB finds SQLi flaws – CyberVor uses them

Posted by Kevin on August 7, 2014

News that Russian cybercriminals had amassed a database of 1.2 billion unique access credentials broke on August 5 when Hold Security published a report titled You Have Been Hacked. The report explained the method used by the gang, dubbed by Hold as CyberVor (‘vor’ means ‘thief’ in Russian), to employ botnets to find SQL vulnerabilities: […]

ICO imposes fine on Think W3 Ltd

Posted by Kevin on July 29, 2014

If I had a bunch of active credit card numbers whose loss had not been disclosed, I might be able to sell them on the black market for up to $20 each (see Juniper Networks). For a quick sale, I might offer a 50% discount on this price. So if I had 430,599 such cards, […]

GCHQ on trial and DRIP emergency data retention bill

Posted by Kevin on July 16, 2014

Coincidence? Only if the tooth fairy is real. In the same week in which Privacy International and other civil liberties groups are trying to force the Investigatory Powers Tribunal (IPT) to declare GCHQ internet spying activities illegal, prime minister Cameron is trying to force through parliament emergency new powers (DRIP) to make such activities legal. […]

Chinese national Su Bin arrested for hacking Boeing

Posted by Kevin on July 13, 2014

News emerged on Friday that a Chinese national is being held in Canada on US charges that include being involved in hacking Boeing and stealing data on the C-17 military transport plane. The man is Su Bin. He is accused of working with two unnamed Chinese nationals who live in China. The accusation is that […]

CrowdStrike does a Mandiant and accuses the Chinese military

Posted by Kevin on June 14, 2014

Just three weeks after the FBI indicted five members of the Chinese military, and some 14 months after Mandiant’s initial ‘J’accuse China’ report, CrowdStrike has joined the party. While Mandiant tracked the APT1 hacking group to the Chinese military unit 61398 (“Unit 61398 is partially situated on Datong Road in Gaoqiaozhen, which is located in […]

TweetDeck’s all-a-flutter

Posted by Kevin on June 12, 2014

OK, so what’s this all about? The first thing to note is the speed of TweetDeck’s reaction. As soon as they realised the problem, they shut down, fixed it, and restarted in just about one hour. So we’re safe now, yes? No, we’re never safe. All we can do is make a judgment on whether […]