| 

Loose Tweets Sink Fleets

  • Post author: Omid Farhang
  • Post published: January 27, 2010
  • Reading Time: 1 min
  • Word Count: 151 words

Information leakage is a real problem. It’s especially bad for high-security organizations, like military agencies. And it’s now harder than ever, thanks to services such as Flickr, Photobucket, Facebook, Twitter and Myspace. So, we worked together with Lewis Communications to submit a Freedom Of Information Act request to Ministry of Defence in UK, asking if they’ve had problems with this. After waiting some weeks, we got a reply back, detailing that UK military personnel and Ministry of Defence staff have leaked secret information 16 times on social networking websites and Internet forums. ...

Continue Reading Loose Tweets Sink Fleets

Seen in the wild: Specialty phishing

  • Post author: Omid Farhang
  • Post published: January 6, 2010
  • Reading Time: 1 min
  • Word Count: 65 words

From a site that is hacked and serving phishes: What’s mildly interesting is the types of phishes — “speciality phishes” that are not your typical banking/finance scam. These are phishes that are highly targeted, in this case at email systems of tiny Hamiltom College (not the first time I’ve seen this), the religious site cfaith.com, Saginaw Valley State University, and Villanova. cfaith: SVSU and Villanova ...

Continue Reading Seen in the wild: Specialty phishing

Twitter Defaced by Iranian Hacktivists

  • Post author: Omid Farhang
  • Post published: December 18, 2009
  • Reading Time: 1 min
  • Word Count: 207 words

Twitter, one of the Internets most popular social networking sites, has been hacked and defaced by a group claiming to be an “Iranian Cyber Army” as of 10:15PM PST today. At this point no statement has been made by Twitter, so it’s unclear as to what vulnerability was used to exploit the site. Oftentimes hacktivism campaigns are fueled by ego-driven script kiddies who use publicly available exploits, but for now we’ll have to wait and see if Twitter decides to publicly announce the details surrounding the attack. The defacement has been removed and Twitter is back up and running as of 11:20 PM PST. ...

Continue Reading Twitter Defaced by Iranian Hacktivists

Microsoft Hack

  • Post author: Omid Farhang
  • Post published: December 10, 2009
  • Reading Time: 2 min
  • Word Count: 245 words

Basically, the rogue antispy was directing the victim to a genuine Microsoft address, but was modifying the html on the fly as it came back from the real Microsoft page. It made it read that Microsoft was recommending that the victim should buy the rogue. That’s a pretty good trick that will catch a lot of folks, and it reminded us of another one that we frequently see. It works like this… The victim attempts to reach Microsoft, or receives a link like http://go.microsoft.com/?linkid=9480113 and if you go there on a normal computer, you see a page like this (click to enlarge)… ...

Continue Reading Microsoft Hack