Friday, June 26, 2009

"High Profile" FTP Sites PWN3D

"Security researchers have found a treasure chest of FTP passwords, some from high profile sites, on an open cybercrime server.

"Jacques Erasmus, CTO at security tools firm Prevx, stumbled across a site where a Trojan is uploading FTP login credentials captured from compromised machines. So far, Erasmus has found logins for,,, and, even security sites including and along the extensive list of more than 68,000."


Wednesday, June 24, 2009

Unemployed IT Worker Of The Month

"A 29-year-old software engineer who was laid off four months back hanged himself last night, apparently fed up with his joblessness.

"Police said Sachin B. Khandewar, who hailed from Sholapur in Maharashtra and had been working in a city firm, hanged himself from the ceiling fan at his aunt’s house in the Kacheguda area.

"He left behind a suicide note addressed to the police saying his `unsuccessful career` had forced him to take the dire step, the police said.

"`I am bored of this meaningless and useless life. My unsuccessful career is the cause of my death. Nobody is responsible for it,` the note said."


Saturday, June 13, 2009

Coffee Shack Hack

"One day last August, the Secret Service paid a visit to the new owners of Custom House Coffee off West Main Road.

"The news they brought was bad: Computer hackers, whereabouts unknown, had used sophisticated spy software to break into the store’s wireless network and steal the credit and debit card numbers of customers.

"In all, about 50 customers of Custom House Coffee had been victimized, as early as May 2008, according to Police Chief Lance Hebert. But it wasn’t until the victims got their bank or credit card statements and saw charges they didn’t recognize that they realized they had been robbed. As the police reports started to filter in, detectives began connecting the dots..."

More at

Friday, June 12, 2009

MS Hacks Firefox Behind Your Back

"The Microsoft .NET Framework 3.5 Service Pack 1 update, pushed through the Windows Update service to all recent editions of Windows in February 2009, installs the Microsoft .NET Framework Assistant firefox extension without asking your permission.

"This update adds to Firefox one of the most dangerous vulnerabilities present in all versions of Internet Explorer: the ability for websites to easily and quietly install software on your PC. Since this design flaw is one of the reasons you may've originally choosen to abandon IE in favor of a safer browser like Firefox, you may wish to remove this extension with all due haste..."

More at

Thursday, June 11, 2009

Jesus Hates Twits

'Hackers hijacked the Church News Twitter account last weekend and Twitter staffers took down the site early today because the infiltrators had gained total control over the feed.

"Charlie Craine, director of interactive media for the Deseret News, said he realized Sunday night that the Church News account had been compromised.

"`We tried to get it back,` he said, but he soon realized that the hacker had even been able to change the password and lock him out.

"`I don't know how they got the password,` Craine said. `I'm very skeptical (of Twitter) now.` He expressed concern for other Twitter accounts the Deseret News operates."

From Deseret News...

What Goes Around, Comes Around

"Every PC in China could be at risk of being taken over by malicious hackers because of flaws in compulsory government software.

"The potential faults were brought to light by Chinese computer experts who said the flaw could lead to a `large-scale disaster`.

"The Chinese government has mandated that all computers in the country must have the screening software installed.

"It is intended to filter out offensive material from the net."

More at BBC News...

Tuesday, June 9, 2009

Dead IT Executive Of The Month

"The boss of Indian software firm LxLabs was found dead in a suspected suicide on Monday.

"Reports of the death of K T Ligesh, 32, come in the wake of the exploitation of a critical vulnerability in HyperVM, a virtualization application made by LXLabs, to wipe out data on 100,000 sites hosted by the UK web hosting firm VAserv.

"The effect of his death on the development of updated software by LxLabs is unknown at time of writing.

"Ligesh was found hanged in his Bangalore house on Monday morning, after a late night drinking session. The Times of India reports that he was upset with the loss of a recent contract..."

More at The Register...

Virtual PWNAG3 Downs 100K Sites

"Nearly 100,000 websites have been shut down after hackers attacked a UK based internet service provider (ISP).

"The hackers got into Vaserv through a zero-day vulnerability in its virtualisation application, the widely used HyperVM, created by LXLabs.

"Reports across the web have stated the attack happened on Sunday night and according to Vaserv’s website, it is still working to fix the problems."

More at IT Pro...

Twit-Snooping Platform Announced

"Purewire, Inc., a SaaS-based secure web gateway vendor, announced the launch of TweetGrade. TweetGrade provides a quantitative assessment of a user’s reach and influence in the Twitter community, and it helps people understand a user’s online reputation, legitimacy and safety. TweetGrade evaluates Twitter users based on their interactions on Twitter. The analysis is centered on a variety of inputs such as frequency and content of tweets, number of followers, number of those following, and activity level. Users receive a simple letter grade that ranges from an 'A+' to an 'F' to verify their reputation on Twitter and are able to share their TweetGrade with the Twitter community with a simple push of a button."

Source: EContent Magazine...

Saturday, June 6, 2009

Firm Welshes On Hacker Challenge

"Ethical hackers are claiming a $10,000 prize for successfully breaking into the webmail account of the chief exec of StrongWrongWebmail after the firm issued a `hack us if you can` challenge.

"StrongWrongWebmail runs a callback verification system so that, in theory, even if someone obtains a user's login details they can't read email from the account without also having access to the phone associated with a particular account. Logins into StrongWrongWebmail from previously unused machines need this secondary form of confirmation.

"The US start-up was so confident of its claims that its Darren Berkovitz published his account name and password in laying down a $10K challenge to hackers to break into his account and find out his schedule for 26 June.

"StrongWrongWebmail confirmed that the data obtained was correct, but are holding off in paying out the prize because they are yet to be convinced the Ruff and co stuck to competition rules.

"The group of researchers maintain they played fair and used a cross-site scripting (XSS) vulnerability to access the target account after first registering an account of their own with the service..."

More at The Register...