| 

Firefox, IE8 and Safari hacked at CanSecWest

  • Post author: Omid Farhang
  • Post published: March 25, 2010
  • Reading Time: 2 min
  • Word Count: 312 words

In the Pwn2Own hacking contest at the CanSecWest security conference in Vancouver, Canada, security researchers and hackers quickly hacked three of the major browsers to take control of the underline operating systems. — A German hacker who goes by the handle “Nils” used a previously unknown vulnerability in Mozilla’s Firefox to gain control of a 64-bit Windows 7 machine. — Peter Vreugdenhil an independent researcher from the Netherlands, used several vulnerabilities in Internet Explorer to take control of a machine running a patched 64-bit Windows 7 implementation. ...

Continue Reading Firefox, IE8 and Safari hacked at CanSecWest

Google-in-China saga: another hack, move to HK

  • Post author: Omid Farhang
  • Post published: March 25, 2010
  • Reading Time: 5 min
  • Word Count: 914 words

There is a risk to computer security from governments. Regulatory changes, even if they are very positive measures, can impose huge demands on an enterprise (i.e. HIPPA, Sarbanes-Oxley, California’s law requiring notification of customers whose personal information is hacked on company sites.) The “government” risk can get no bigger than the clash of Google and the government of China over the censorship issue. The world suspects that the Chinese government or its proxies were behind a campaign of hacking against Google and other major U.S companies several months ago. Google reacted to the hacks by saying in January that it would stop censoring search results for web users in China. Monday it said it would move to Hong Kong. ...

Continue Reading Google-in-China saga: another hack, move to HK

Smart Aleck Passwords

  • Post author: Omid Farhang
  • Post published: March 23, 2010
  • Reading Time: 1 min
  • Word Count: 104 words

ÄlypÀÀ, a popular Finnish game and quiz site, announced a database breach late last night. Over 127,000 account names and passwords were leaked. The site has currently suspended access and doesn’t maintain any personal details but ÄlypÀÀ users should determine whether or not they recycle their passwords elsewhere. If so, those accounts are at risk of being hacked. CERT-FI guidelines can be found here. Here’s a list of the top 20 domains on the list: ...

Continue Reading Smart Aleck Passwords

60+ Compromised Sites with SEO Poisoning

  • Post author: Omid Farhang
  • Post published: March 2, 2010
  • Reading Time: 2 min
  • Word Count: 236 words

More than 60 websites have been found to be hotbeds for SEO poisoning. Each of these domains host hundreds of possible matches for search keys. Also, the topics in one domain overlap with that of the other domain, thus making it possible that they will both emerge in the search results. Topics range from the Winter Olympics Luge Crash to the death of Alexander McQueen and even to NASCAR Schedule. ...

Continue Reading 60+ Compromised Sites with SEO Poisoning

Baidu: Register.com replaced its DNS credentials for some guy in a chat room

  • Post author: Omid Farhang
  • Post published: March 2, 2010
  • Reading Time: 3 min
  • Word Count: 435 words

Last month, Baidu, the leading search engine in China, filed suit against US-based Internet registrar Register.com, in a legal event that took place at the height of the debate over Google’s continued business dealings with China. Baidu accused the registrar of changing its DNS records, so that customers were redirected to a completely different site purporting to represent the “Iranian Cyber Army.” But that original suit was heavily redacted, so we didn’t know the specifics of the alleged defacement. This week, US District Court in New York released the unredacted version of Baidu’s complaint, and now, as the man once said, we know the rest of the story. ...

Continue Reading Baidu: Register.com replaced its DNS credentials for some guy in a chat room

Hacker Fail

  • Post author: Omid Farhang
  • Post published: March 2, 2010
  • Reading Time: 1 min
  • Word Count: 78 words

Very funny: The story starts with an guy insulting everyone on the IRC channel. Most people there believed it was rather funny, but it got even more funny. For information: The dangerous hacker is called bitchchecker and the one being hacked and original author of the comments, who is talking here, is known as Elch. 127.0.0.1 is always the IP-adress of the computer you’re currently using, any request there will return to your computer. ...

Continue Reading Hacker Fail

Old websites are also used in spam SEOs

  • Post author: Omid Farhang
  • Post published: March 1, 2010
  • Reading Time: 1 min
  • Word Count: 127 words

A few days ago, I blogged saying that Old websites don’t die they just get infected the other scenario is that they become part of a spammers SEO campaign. Working today, I went to check to see if the local police authority had cleaned up their old web page. So I wgetted the file and scanned it. It was no longer infected (hooray!) but the file was quite big. Opening the file in lynx (a simple web browser) I saw: ...

Continue Reading Old websites are also used in spam SEOs

Troj/IFrame-DY: Old websites don’t die they just get infected

  • Post author: Omid Farhang
  • Post published: February 26, 2010
  • Reading Time: 1 min
  • Word Count: 138 words

Earlier this week Sophos informed a UK Local Police Authority (Hertfordshire) that a website they owned was infected with Troj/IFrame-DY. It turns out that the Police Authority has a new site and the infected site is an old one that just leads the user to the new site: Unfortunately, the old site also contains a malicious script, appended after the closing /HTML tag. There are several ways of migrating users to a new website: ...

Continue Reading Troj/IFrame-DY: Old websites don’t die they just get infected

Escort service infected with Troj/JSRedir-AR

  • Post author: Omid Farhang
  • Post published: February 12, 2010
  • Reading Time: 1 min
  • Word Count: 76 words

Clients of escorts and call girls are usually aware of the the risks presented from STIs. However, SophosLabs has been monitoring a different type of infection risk for clients of escorts in Indian cities. The Troj/JSRedir-AR infection has morphed slightly: If you look at the variable ‘o[e]‘ (two-thirds of the way down) you will see the beginnings of an obfuscated string ‘http://’. Previous versions of Troj/JSRedir-AK and Troj/JSRedir-AR have used non-alphanumeric characters to disguise the strings. ...

Continue Reading Escort service infected with Troj/JSRedir-AR

Hackers Disrupt European CO₂ Market

  • Post author: Omid Farhang
  • Post published: February 2, 2010
  • Reading Time: 2 min
  • Word Count: 256 words

In recent weeks, various cybercrime attacks have disrupted the computer systems that allow nations to manage their national greenhouse-gas emissions quotas and their possession of carbon assets according to international agreements (the Kyoto Protocol and the European system). One quota is the right to emit the equivalent of one ton of carbon dioxide during a specified period. The initial attack targeted the Danish CO₂ quota register that was shut down on January 12. The Danish authorities took this decision after registry users received a fake email purporting to originate from the Danish Energy Agency and redirecting the recipients to a mirror site to steal their credentials. ...

Continue Reading Hackers Disrupt European CO₂ Market