"Dmitri Galushkevich, 20, of Tallinn, was fined 17,500 Estonian Krooni ($1,641) on Wednesday after he was found guilty of launching an assault on the website of the Reform Party of Prime Minister Andrus Ansip and Estonian government systems. The fine is the equivalent of 350 days' salary, based on the minimum wage...
Swedish Bank Stops Attempt to Take Control of Computer and Transfer Millions
"The would be bank robbers had placed "advanced technical equipment" under the employee's desk that allowed them to take control of his computer remotely, prosecutor Thomas Balter Nordenman said in a statement. The employee discovered the device shortly after he realized his computer had started an operation to transfer "millions" from the...
SEO + Hacked Hosts Rig Google to Deliver Malware
"If last November you googled one of thousands of innocuous and common search terms, such as "Microsoft excel to access" or "how to teach your dogs to fetch," you were in line for an Internet attack that infects PCs with spam senders, password stealers, and other kinds of nasty malware. Beginning on...
Tool availability - browser DOM Checker
"I'd like to announce the availability of DOM Checker, an automated tool for validating browser security policy enforcement. The project is hosted at: http://code.google.com/p/dom-checker/ The tool features several fairly neat features, including exhaustive hierarchy crawling and side-channel blind write validation to reduce the number of false positives. DOM Checker had been used...
Ivan Ristic On Web AppFirewalls: Tide is turning for web application firewalls
Ivan Ristic has posted his thoughts on the web application firewall market. While Ivan works for a vendor he has been working on mod_security for years and is extremely knowledgeable on the subject. I also interviewed Ivan back in 2006. "There is a long-running tradition in the web application firewall space; every...
Same Site Scripting Paper Released
An email sent to bugtraq by Travis Ormandy outlines a new attack dubbed same site scripting. "It's a common and sensible practice to install records of the form "localhost. IN A 127.0.0.1" into nameserver configurations, bizarrely however, administrators often mistakenly drop the trailing dot, introducing an interesting variation of Cross-Site Scripting (XSS)...
RIAA SQL Injected, website deleted
The RIAA website was apparently vulnerable to a SQL Injection vulnerability and had it's website deleted. "It’s a weekend, and a holiday weekend to boot, so the site might stay this way for some time. Someone apparently used SQL injection to wipe, and we do mean wipe, the website of the Recording...
Mystery web infection grows, but cause remains elusive
"Five days ago, we wrote about the infection of several hundred websites that was unlike anything seasoned researchers had seen before. Mary Landesman, a cyber gumshoe who first brought it to public attention, asked for help from other security pros in figuring out how the unusual new technique worked. And help is...
Italian Bank XSS utilized by fraudsters
"An extremely convincing phishing attack is using a cross-site scripting vulnerability on an Italian Bank's own website to attempt to steal customers' bank account details. Fraudsters are currently sending phishing mails which use a specially-crafted URL to inject a modified login form onto the bank's login page. The vulnerable page is served...
Coined Buzzword of the week: Cross Site Printing
Aaron Weaver has published a whitepaper describing how you can utilize 'intranet hacking' tricks to send spam to printers. Pretty amusing. "Many network printers listen on port 9100 for a print job (RAW Printing or Direct IP printing). You can telnet directly to the printer port and enter text. Once you disconnect...
Worst Windows bug ever? Remote Command Execution in Windows TCP/IP stack leads to kernel level access
What we've been waiting for has finally been published. A remote command execution flaw in the windows tcp/ip stack yielding kernel level access in all versions of windows. From microsoft's advisory "This critical security update resolves two privately reported vulnerabilities in Transmission Control Protocol/Internet Protocol (TCP/IP) processing. An attacker who successfully exploited...
Calling all Web Hacks of 2007
Jeremiah Grossman, Rsnakez0r, and myself put together a top web hacks of 2006 last year and this year we're soliciting public participation to submit what you think made the list for 2007. From Jeremiah's blog "As RSnake, Robert Auger, and I released in 2006, we’ll be putting together a Top 10 Web...
Meet the hacker Fyodor, creator of Nmap
There is a short interview at techtarget with the creator of nmap 'fyodor'. Interview Link: http://searchsecurity.techtarget.com.au/topics/article.asp?DocID=1288741
XSS Vulnerabilities in Common Shockwave Flash Files
Rich Cannings has published an advisory on the Web Security Mailing List describing a flaw on common flash authoring tools allowing for XSS. From his advisory "THE PROBLEM Many web authoring tools that automatically generate SWFs insert identical and vulnerable ActionScript into all saved SWFs or necessary controller SWFs (think of tools...
Most Dorky Christmas Card Ever
I got the following christmas card from IOActive and thought that it was so amusing that I'd post it here (message excluded) Outside Inside
Malware honeypots wait for '08
"An innovative malware honeypot project backed by a leading consortium of IT security experts is preparing to re-launch its global sensor network after Jan. 1 in an effort to dupe more cyber-criminals into handing over information about their latest attack methods. Project link: The Web Application Security Consortium's Distributed Open Proxy Honeypot...
Six charged over Czech TV nuclear hoax stunt
"Six Czechs were charged Wednesday over an incident in June 2007 when a TV channel was hacked into, transforming scenes of a mountain beauty spot into a nuclear mushroom cloud, Czech TV reported. The six, all from the capital Prague, were charged with propagating false information and scaremongering after the stunt and...