Hack

Information leakage is a real problem. It’s especially bad for high-security organizations, like military agencies. And it’s now harder than ever, thanks to services such as Flickr, Photobucket, Facebook, Twitter and Myspace. So, we worked together with Lewis Communications to submit a Freedom Of Information Act request to Ministry of Defence in UK, asking if they’ve had problems with this. After waiting some weeks, we got a reply back, detailing that UK military personnel and Ministry of Defence staff have leaked secret information 16 times on social networking websites and Internet forums. ...

From a site that is hacked and serving phishes: What’s mildly interesting is the types of phishes — “speciality phishes” that are not your typical banking/finance scam. These are phishes that are highly targeted, in this case at email systems of tiny Hamiltom College (not the first time I’ve seen this), the religious site cfaith.com, Saginaw Valley State University, and Villanova. cfaith: SVSU and Villanova ...

Twitter, one of the Internets most popular social networking sites, has been hacked and defaced by a group claiming to be an “Iranian Cyber Army” as of 10:15PM PST today. At this point no statement has been made by Twitter, so it’s unclear as to what vulnerability was used to exploit the site. Oftentimes hacktivism campaigns are fueled by ego-driven script kiddies who use publicly available exploits, but for now we’ll have to wait and see if Twitter decides to publicly announce the details surrounding the attack. The defacement has been removed and Twitter is back up and running as of 11:20 PM PST. ...

Basically, the rogue antispy was directing the victim to a genuine Microsoft address, but was modifying the html on the fly as it came back from the real Microsoft page. It made it read that Microsoft was recommending that the victim should buy the rogue. That’s a pretty good trick that will catch a lot of folks, and it reminded us of another one that we frequently see. It works like this… The victim attempts to reach Microsoft, or receives a link like http://go.microsoft.com/?linkid=9480113 and if you go there on a normal computer, you see a page like this (click to enlarge)… ...