Hack

In the Pwn2Own hacking contest at the CanSecWest security conference in Vancouver, Canada, security researchers and hackers quickly hacked three of the major browsers to take control of the underline operating systems. — A German hacker who goes by the handle “Nils” used a previously unknown vulnerability in Mozilla’s Firefox to gain control of a 64-bit Windows 7 machine. — Peter Vreugdenhil an independent researcher from the Netherlands, used several vulnerabilities in Internet Explorer to take control of a machine running a patched 64-bit Windows 7 implementation. ...

There is a risk to computer security from governments. Regulatory changes, even if they are very positive measures, can impose huge demands on an enterprise (i.e. HIPPA, Sarbanes-Oxley, California’s law requiring notification of customers whose personal information is hacked on company sites.) The “government” risk can get no bigger than the clash of Google and the government of China over the censorship issue. The world suspects that the Chinese government or its proxies were behind a campaign of hacking against Google and other major U.S companies several months ago. Google reacted to the hacks by saying in January that it would stop censoring search results for web users in China. Monday it said it would move to Hong Kong. ...

Älypää, a popular Finnish game and quiz site, announced a database breach late last night. Over 127,000 account names and passwords were leaked. The site has currently suspended access and doesn’t maintain any personal details but Älypää users should determine whether or not they recycle their passwords elsewhere. If so, those accounts are at risk of being hacked. CERT-FI guidelines can be found here. Here’s a list of the top 20 domains on the list: ...

More than 60 websites have been found to be hotbeds for SEO poisoning. Each of these domains host hundreds of possible matches for search keys. Also, the topics in one domain overlap with that of the other domain, thus making it possible that they will both emerge in the search results. Topics range from the Winter Olympics Luge Crash to the death of Alexander McQueen and even to NASCAR Schedule. ...

Last month, Baidu, the leading search engine in China, filed suit against US-based Internet registrar Register.com, in a legal event that took place at the height of the debate over Google’s continued business dealings with China. Baidu accused the registrar of changing its DNS records, so that customers were redirected to a completely different site purporting to represent the “Iranian Cyber Army.” But that original suit was heavily redacted, so we didn’t know the specifics of the alleged defacement. This week, US District Court in New York released the unredacted version of Baidu’s complaint, and now, as the man once said, we know the rest of the story. ...

Very funny: The story starts with an guy insulting everyone on the IRC channel. Most people there believed it was rather funny, but it got even more funny. For information: The dangerous hacker is called bitchchecker and the one being hacked and original author of the comments, who is talking here, is known as Elch. 127.0.0.1 is always the IP-adress of the computer you’re currently using, any request there will return to your computer. ...

A few days ago, I blogged saying that Old websites don’t die they just get infected the other scenario is that they become part of a spammers SEO campaign. Working today, I went to check to see if the local police authority had cleaned up their old web page. So I wgetted the file and scanned it. It was no longer infected (hooray!) but the file was quite big. Opening the file in lynx (a simple web browser) I saw: ...

Earlier this week Sophos informed a UK Local Police Authority (Hertfordshire) that a website they owned was infected with Troj/IFrame-DY. It turns out that the Police Authority has a new site and the infected site is an old one that just leads the user to the new site: Unfortunately, the old site also contains a malicious script, appended after the closing /HTML tag. There are several ways of migrating users to a new website: ...

Clients of escorts and call girls are usually aware of the the risks presented from STIs. However, SophosLabs has been monitoring a different type of infection risk for clients of escorts in Indian cities. The Troj/JSRedir-AR infection has morphed slightly: If you look at the variable ‘o[e]‘ (two-thirds of the way down) you will see the beginnings of an obfuscated string ‘http://’. Previous versions of Troj/JSRedir-AK and Troj/JSRedir-AR have used non-alphanumeric characters to disguise the strings. ...

In recent weeks, various cybercrime attacks have disrupted the computer systems that allow nations to manage their national greenhouse-gas emissions quotas and their possession of carbon assets according to international agreements (the Kyoto Protocol and the European system). One quota is the right to emit the equivalent of one ton of carbon dioxide during a specified period. The initial attack targeted the Danish CO₂ quota register that was shut down on January 12. The Danish authorities took this decision after registry users received a fake email purporting to originate from the Danish Energy Agency and redirecting the recipients to a mirror site to steal their credentials. ...