EFIXPC.COM WORLDWIDE HOME HOME EFIXPC.COM Worldwide SOLUTIONS PRODUCTS & SERVICES SUPPORT About EFIXPC.COM

 

Cyber Security Threats in 2009

Persistent Cookies and DNS Rebinding Redux
iPhone SSL Warning and Safari Phishing
RFC 1918 Blues
Slowloris HTTP DoS
CSRF And Ignoring Basic/Digest Auth
Hash Information Disclosure Via Collisions - The Hard Way
Socket Capable Browser Plugins Result In Transparent Proxy Abuse
XMLHTTPReqest “Ping” Sweeping in Firefox 3.5+
Session Fixation Via DNS Rebinding
Quicky Firefox DoS
DNS Rebinding for Credential Brute Force
SMBEnum
DNS Rebinding for Scraping and Spamming
SMB Decloaking
De-cloaking in IE7.0 Via Windows Variables
itms Decloaking
Flash Origin Policy Issues
Cross-subdomain Cookie Attacks
HTTP Parameter Pollution (HPP)
How to use Google Analytics to DoS a client from some website.
Our Favorite XSS Filters and how to Attack them
Location based XSS attacks
PHPIDS bypass
I know what your friends did last summer
Detecting IE in 12 bytes
Detecting browsers javascript hacks
Inline UTF-7 E4X javascript hijacking
HTML5 XSS
Opera XSS vectors
New PHPIDS vector
Bypassing CSP for fun, no profit
Twitter misidentifying context
Ping pong obfuscation
HTML5 new XSS vectors
About CSS Attacks
Web pages Detecting Virtualized Browsers and other tricks
Results, Unicode Left/Right Pointing Double Angel Quotation Mark
Detecting Private Browsing Mode
Cross-domain search timing
Bonus Safari XXE (only affecting Safari 4 Beta)
Apple's Safari 4 also fixes cross-domain XML theft
Apple's Safari 4 fixes local file theft attack
A more plausible E4X attack

FULL List of of Cyber Security Threads in 2009, Read more from governmentsecurity.org

Cyber Security Threats in 2008

- 11/17/09 UK. Voters' details on stolen laptop. Personal data on more than 14,000 voters has gone missing from the offices of a council in Hertfordshire. Read more from BBC.

- 11/11/09 UK. More than 100 Ministry of Defence computers and dozens more memory sticks have gone missing so far this year, it has been disclosed. Some 91 departmental laptops were lost or stolen in the first 10 months of 2009, as well as 23 desktop computers, according to official figures. Another 47 USB flash memory devices have also disappeared. Read more from Telegraph.

- 11/09/09 Can hackers disable the U.S. power grid? The notion that such an attack could be launched electronically was unsettling for data center operators, as most mission-critical facilities have banks of large diesel generators on site to provide back-up power in the event of a grid outage. Read more from DCK

- 11/02/09 GERMANY. More then 563 thousands accounts has been hacked in Germany's on-line book store Libri.de. Read more from Spiegel (German).

- 10/27/09 Rogue anti-malware programs are proliferating at an unprecedented rate. In Q1and Q2 of 2009, the number of such programs grew 585 per cent. Read more from AP.

- 10/13/09 This is the latest in a series of major security holes in the Adobe software. The company said it is planning to release an update for Adobe Reader tomorrow. This update represents the second quarterly security update for Adobe Reader and Acrobat. Read more from cw.

- 10/06/09 Scam hits more e-mail accounts The scale of a phishing attack originally thought to be directed at Hotmail may be larger than previously thought. BBC News has seen a list of more than 20,000 more names and passwords that have been posted online. The list contains e-mail addresses and passwords from Hotmail, Yahoo, AOL, Gmail and other service providers. Read more from BBC.

- 10/05/09 Microsoft is investigating reports that thousands of Hotmail passwords have been hacked and posted online. A report on technology blog neowin.net claims details of over 10,000 accounts had been posted to a website. Read more from rte.

- 09/25/09 Offence is the best defence! As a 12-year-old, Ankit Fadia allegedly hacked the website of a magazine. That was when this ‘ethical hacker’ had just learnt to take baby steps in a cyberspace still at its nascent stages. After this ‘intelligent’ intrusion, and afraid of the probable fallout, Fadia went into damage control mode. Within a day, he sent an e-mail to the editor, suggesting preventive measures… and got himself a job. Read more from HT.

- 09/14/09 The Miami man dubbed the world's most prolific identity thief has admitted stealing 40 million credit and debit cards records from US retailers. Albert Gonzalez appeared on Friday in a Boston court and pleaded guilty to 20 charges. He admitted exploiting vulnerabilities in the security systems of TJX, OfficeMax, BJ's Wholesale Club and other retailers back in 2003. The records were sold and the money laundered through accounts in Latvia. Read more from TG.

- 08/31/09 CHARLOTTE, N.C. USA. Business Stuck With Big Bills After Phone Lines Hacked. In 35 years, Blume Supply has never had a theft like this -- thousands of minutes in international calls made from its main business line, and owner Steve Blume knew nothing about it.

- 08/27/09 USA. Researchers who hack the Mac OS. The exploits do not require local access to the systems; they only require that the user visit a web page to simulate a drive-by web exploit, as is common on the Internet today. It only took him 10 seconds or so to exploit a hole in Safari on a MacBook running Leopard. Read more from cnet.

- 08/24/09 USA. The hacking ring allegedly at the centre of thelargest-ever identity theft breach last week was also involved in cracking a network of Citibank-branded ATMs located in 7-Eleven stores and operated by a third company, a US law enforcement source claimed. Read more from FT.

-8/18/09 NEW YORK – U.S. authorities announced what they believed to be the largest hacking and identity theft case ever prosecuted on Monday in a scheme in which more than 130 million credit and debit card numbers were stolen. Read more from Reuters.

- 08/17/09 Botnet that uses Twitter as its command and control structure. What does it use is the status messages to send out new links to contact, then these contain new commands or executables to download and run. It’s an infostealer operation. Read more from arbornetworks.

- 06/27/09 USA, HACKENSACK, N.J. - Tech exec gets probation in NJ hacking case. A judge in New Jersey Friday sentenced a technology executive who hacked into friends' business e-mails and conference calls to three years probation. David Goldenberg had pleaded guilty to felony wiretapping under an agreement with prosecutors, resd more from news.

- 06/06/09 USA. Man made $112,000 in bank account hacking scheme. A Hampton, New Hampshire, man has pleaded guilty to fraud charges for his role in a scheme to empty brokerage accounts by installing malicious Trojan horse software on victims' computers. Read more from idg.no

- 05/20/09 USA. Sarah Jessica Parker says she's concerned for the safety and well-being of the surrogate through whom she and husband Matthew Broderick are expecting twin daughters. he surrogate's telephone and computer have been hacked into, and she has received threats, Parker says, read more from usmagazine.

- 05/14/09 USA. The Homeland Security Department’s platform for sharing sensitive but unclassified data with state and local authorities was hacked recently, a DHS official has confirmed. Read more from fcw.

- 05/08/09. USA. The possible breach of a state electronic prescription drug data-base could have an ironic effect: promotion of prescription drug fraud and abuse, the very thing the system was set up to deter, the intruder was a hacker claiming to have gained access to more than 35 million prescription records and demanding a $10 million ransom. Read more from hamptonroads.

- 05/06/09 USA. Botnet criminals have taken control of almost 12 million new IP addresses since January, according to a quarterly report (.pdf) from anti-virus firm, McAfee. The United States has the largest number of botnet-controlled machines, with 18 percent of them based here. Read more from Wired.

Philip Gabriel Pettersson, a 21-year-old Swedish man, has been blamed by the U.S. government of stealing programming information from the U.S. space agency and Cisco, with five counts of intrusion and trade secret theft charges pending. Readmore from dailytech.

-05/05/09 USA. The former director of information technology at an organ and tissue donation center in Texas has pleaded guilty to hacking into the center's computer network and deleting files. Danielle Duann was indicted in June 2008 and charged with violating federal law governing computer fraud and abuse. She was not charged under any components of the HIPAA privacy and security rules. Read more from healthdatamanagement.

-04/30/09 USA. What kind of information do you have on your business card? Company name? Check. Your name and title? Check. Business address? Check. Mobile work phone number? Wait a minute. CSO recently sat down with Trust Digital, a firm that specializes in mobile security, for a demonstration on how to hack a smartphone with no more information than a phone number. Read more from pcworld.

- 04/24/09 SAN FRANCISCO, USA. It will likely come as no surprise to anyone familiar with virtual worlds and online games that they can be hacked. But what might come as a shock is the sheer breadth of types of exploits that are possible. That was the broad message of a Thursday panel called, appropriately, "Exploiting Online Games" at the RSA 2009 security conference. Read more from cnet.

- 04/23/09. NY, USA. International hackers, many from China, are attacking NYPD computers.A network of mystery hackers, most based in China, have been making 70,000 attempts a day to break into the NYPD's computer system, the city's top cop revealed Wednesday. Read more from nydailynews.

- 04/21/09. WASHINGTON, US. Computer spies have broken into the Pentagon's $300 billion Joint Strike Fighter project - the Defense Department's costliest weapons program ever -- according to current and former government officials familiar with the attacks. The latest intrusions provide new evidence that a battle is heating up between the U.S. and potential adversaries over the data networks that tie the world together. Read more from Wall Street Journal

- 04/20/09 MANILA, Philippines. Senator Alan Peter Cayetano better be ready with the P100-million reward. Commission on Elections (Comelec) chairman Jose Melo admitted on Monday that hackers could break into the computer system of the country's proposed automated elections but this would require a “very, very expensive machine” and “a lot of time to such an extent that, before you can hack it, the elections are already over.” Read more from inquirer.

- 04/13/09 US. Twitter hit by worm attack for fourth time in three days. A "worm" spreading spam messages promoting another website was first introduced into Twitter in the early hours of Saturday. Within hours it had spread across the network, infecting scores of accounts and forcing administrators to delete 10,000 messages to stop it infiltrating further. Read more from telegraph.

- 04/10/09 US. China Denies Hacking U.S. Electricity Grid. China officially responded to claims by U.S. national security officials that spies from China have been in involved in a mission to disrupt the American electrical system, as reported by the WSJ, categorically, if predictably, denying the allegations. Read more from WSJ.

- 04/06/09 US. Former Hacker Back with Fresh Hacking Charge. Phoenixville, Pennsylvania resident Van T. Dinh faced legal accusation with two instances of hacking into computers on March 27, 2009 over charges that he invaded the security of an Internet currency exchange facility prior to apparently trying to move $110,000 to a financial account he controlled. Read more from spamfighter.

- 03/31/09 China. Beijing officials deny any involvement in the electronic spy ring dubbed "GhostNet," which has infiltrated more than 1,000 computers around the world and has been linked to computers in China. Read more from voanews.

- 03/26/09 USA. Felony arrest In Broward County, Florida, for hacking cable modems. In Lauderdale Lakes, police on Wednesday announced the arrest of a man who ran a Swap Shop whose sales pitch: buy his cable modem and you'll never have to pay for cable again. Among the charges against the vendor, 28-year-old Douglas Walker, Pompano Beach, included the sale of unauthorized equipment. Read more from cbs4

-03/17/09 - AUSTRALIA. Australia's state police have been upping the ante on criminals who use technology to protect their activities, but is it the right way to go? Read more from zdnet

-03/11/09 UK. Government Website Hacked - TwiceThe Spelthorne. Security researchers from antivirus vendor AVG have discovered that a section from the website of the Spelthorne Borough Council in the UK has been hacked and is serving exploits. According to their analysis, this is not the first time it happens. Read more from softpedia

-03/06/09 UK. Phoney lord jailed over bank hacking attempt. A self-styled British 'lord' has been jailed for eight years for his part in a plot to steal $229m (£158m) using malicious software. Hugh Rodley, who bought a lordship, was described as the front man for an organised gang that had planned to subvert a bank's computer systems to carry out Britain's biggest robbery. Read more from vnunet.

- 03/03/09 USA. Facebook hacked by Koobface Mk.2 virus. Computer experts have called for Facebook to review its security processes after the social networking website was hit by hackers five times in a week. Read more from Google or DTM

- 02/27/09 USA. Microsoft Warns of New Excel Hacking Flaw. Users of Microsoft Office Excel 2007, or those using any .XLS files would be asked through e-mail to open a spread sheet. Once that happens, two files — one valid, the other infected, will execute a hidden Trojan horse downloader. Read more from FOXnews

- 02/26/09 USA. Hackers Still Enjoy Vandalizing Web Sites. A study of 57 Web site hacks from last year showed that 24 percent were aimed at defacing a site rather than financial gain. While financial gain is certainly a big driver for Web hacking, ideological hacking cannot be ignored," the report said, which was sponsored by vendor Breach Security with support from the Web Application Security Consortium. Read more from PCworld

- 02/24/09 USA. Top Web Hacking and extremely clever hacking techniques of 2008.
View them all here. Read more from Blogspot.

- 02/19/09 Sweden. The Swedish website of the International Federation of the Phonographic Industry (IFPI) was hacked on Wednesday evening as internet intruders called on Håkan Roswall, chief prosecutor in the ongoing Pirate Bay tial, to "stop lying". Read more from thelocal.se

- 02/17/09 Bengaluru, India. The finger of blame for the hacking of computers at India's Ministry of External Affairs (MEA) is now being pointed towards China. Read more from itexaminer.

- 02/12/09 USA. Hackers breached the network of the Federal Aviation Administration earlier this week and gained access to sensitive records, according to an aviation trade publication. The FAA breach has prompted President Obama to order an immediate review of federal cyber security. The hackers reportedly gained access to the personnel files of 45,000 FAA workers, of which 48 files were opened and copied. The computer systems that superintend air traffic control were not breached. Read more from Fastcompany

- 02/06/09 USA. The latest breach came on Tuesday during the morning rush hour near Collinsville, Illinois, where hackers changed a sign along southbound Interstate 255 to read, "DAILY LANE CLOSURES DUE TO ZOMBIES." Signs in Austin, Texas, recently flashed: "NAZI ZOMBIES! RUN!!!" and "ZOMBIES IN AREA! RUN." Read more from telegraph

- 02/03/09 NEW YORK, US. Mia Jozwick, a student at Wagner College in New York City, was duped by a “phishing” e-mail made to look like a message from her bank. Read more from msn

- 01/30/09 URBANA, US. The Justice Department says it foiled a plot by a fired Fannie Mae contract worker in Maryland to destroy all the data on the mortgage giant's 4,000 computer servers nationwide. The U.S. Attorney's Office says 35-year-old Rajendrasinh Makwana, of Glen Allen, Va., is scheduled for arraignment Friday in U.S. District Court in Baltimore on one count of computer intrusion. Read more from Breitbart

- 01/29/09 USA. Data scams have kicked into high gear as markets tumble. Cybercriminals have launched a massive new wave of Internet-based schemes to steal personal data and carry out financial scams in an effort to take advantage of the fear and confusion created by tumbling financial markets, security specialists say. Read more from USAtoday. Read our comments 63 and 71.

- 01/27/09 USA. Job site Monster has suffered its third major attack in three years, with passwords, email addresses, names and more stolen. In 2007 details of over a million Monster users were downloaded to Ukraine-based servers, while last year users were victims of a widespread phishing scam. Read more from Digitaltrends

- 01/26/09 SYDNEY, AUSTRALIA. An Australian has admitted causing AUS$1m in damage after hacking into the computer systems of the Northern Territory Government and deleting records of thousands of civil servants. Anthony McIntosh, 28, a computer engineer pleaded guilty to 12 computer hacking offences at a hearing before the Northern Territory in Darwin on Monday. Read more from Theregister

- 01/23/09 City of Burlington, US. Mayoral Candidate Has Website Hacked. An aide to Burlington mayoral candidate Andy Montroll says a random hacker, possibly from Turkey, is responsible for garble and obscenities found on the Democratic candidate's Web site for two days in a row. Read more from Fox44

- 01/22/09 OTTAWA, CANADA. Heartland Payment Systems is a company that processes payment transactions for 175,000 merchants with over 100 million transactions. On Tuesday, the company said that hackers had hacked into their system that processes these payments. Read more from Ecanadanow

- 01/21/09 SYDNEY, AUSTRALIA. Australian Facebook users who were targeted by identity fraudsters have expressed frustration that their accounts stayed active for days after they were compromised. Read more from ninemsn

- 01/19/09 BIRMINGHAM, UK. FIVE men, including a Lord of the Manor and a Birmingham man, are due to stand trial today accused of trying to steal £220 million by hacking into a Japanese bank’s computer system. Read more from Birminghammail.

- 01/14/09 TEL-AVIV, ISRAEL. Iranians Hack Israel. Site of Ehud Barak Israel’s former Prime Minister, and current Minister of Defense, deputy prime minister and leader of Israel’s Labor Party has been hacked by Ashiyaneh, an Iranian hacker group. Read more from Wordpress

- 01/13/09 HOLLYWOOD, US. Paris Hilton Web Site Hacked. She is again the victim of a malicious hack. This time, hackers aimed right for her Web site, Parishilton.com, infusing it with malicious code that lures visitors into unknowingly downloading malware onto their computers. Read more from CRN

- 01/12/09 ST. PETERSBURG, RUSSIA. The site of the Court of Arbitration of St. Petersburg and Leningrad region has been infected with malware Exploit.HTML.IFrame-6. Read more from Lenta (russian)

- 01/09/09 SAN FRANCISCO, US. Twitter hack explained by hacker. The hacker offered password resets to users of Digital Gangster who requested passwords for Barack Obama, Facebook, Fox News, Britney Spears and others. Read more from Heise

- 01/07/09 LONDON, UK. Oyster card hack details revealed. The research by Professor Bart Jacobs and colleagues at Radboud University in Holland reveals a weakness in the widely used Mifare Classic RFID chip. Read more from BBC

- 01/06/09 LONDON, UK. The UK's Home Office is supporting a proposal that would allow British police or MI5 agents to hack home, office and other private computers without a warrant to intercept e-mail traffic and monitor a user's other computer activities. Read more from Wired

-01/02/2009 TEL-AVIV, ISRAEL. Israeli domain registration server hacked. Gaza offensive prompts Islamic group Team Evil to 'hijack' Israeli domain names by hacking into registration server, rerouting users of Ynetnews, Bank Discount to hostile webpage. Read more from Ynetnews

Cyber Security Threats in 2008

 
 
  ©2008 EFIXPC.COM. Patent Pending. All trademarks used are properties of their respective owners. All rights reserved.   Contact Us