The second annual Imperva Hacker Intelligence Initiative report, this one entitled [Monitoring Hacker Forums](http://www.imperva.com/docs/HII_Monitoring_Hacker_Forums_2012.pdf), is out and reveals that the threat surfaces being discussed by the hacker community are very different from those that businesses are spending money on defending against attack. ![dweb-hackers](/attachments/small/0/dweb-hackers.jpg "align-right") The Imperva research analysed the content of a number of online hacker communities, including many lesser known forums in order to get a more accurate snapshot of what those doing the hacking are actually discussing. By looking at a total of more than 400,000 different conversational threads, Imperva was able to determine that SQL injection and …

Member Avatar
Member Avatar
+0 forum 2

News has broken this weekend that the personal data, including bank account details, of some 2.4 million customers of the Carphone Warehouse may have been compromised following a breach that the mobile phone retail giant is calling "a sophisticated cyber-attack." The company also warns that encrypted credit card data of up to 90,000 customers may have been accessed during the breach. Scotland Yard and the Information Commissioner's Office have both been notified, along with a security outfit specialising in forensic examination of such attacks. However, the statement from Carphone Warehouse, released on Saturday, and revealing that the compromised personal details …

Member Avatar
Member Avatar
+1 forum 7

While keen to point out that Microsoft's TechNet portal security was "in no way compromised" by the tactic, researchers with security outfit FireEye [discovered](https://www.fireeye.com/blog/threat-research/2015/05/hiding_in_plain_sigh.html) that [a well established China-based hacking campaign called Deputy Dog](https://www.fireeye.com/blog/threat-research/2013/09/operation-deputydog-zero-day-cve-2013-3893-attack-against-japanese-targets.html) had managed to create profiles and posts on TechNet that contained embedded Command and Control codes for use with a BlackCoffee malware variant. This method of hiding in plain sight is nothing new, but it can make detection problematical as the data (especially within a technical forum such as TechNet) is simply 'lost' in a sea of similar code from genuine users of a well respected …

Member Avatar
+1 forum 0

In what has quite possibly been one of the longest periods between security problems being revealed and action being taken, the Virginia Board of Elections voted on Tuesday to remove the certification of more than 300 AVS WINVote touchscreen voting machines. The Virginia Information Technology Agency, and consultancy Pro V&V, uncovered multiple flaws in the voting technology which had also been used in other states including Mississippi and Pennsylvania. The scandal here is that there have been concerted efforts to remove these machines from the electoral system since 2008 when experts investigating irregularities first flagged their concerns. They have consistently …

Member Avatar
Member Avatar
+2 forum 3

Addressing last weeks Securi-Tay conference hosted by the Abertay Ethical Hacking Society in Scotland, Stephen Tomkinson from the NCC Group detailed how Blu-ray players can do more than play videos; they can open up a new attack surface for the hacker. Tomkinson demonstrated a new tool that had been released in order to enable the investigation of embedded network devices, and used the network exposed features on a common Blu-ray player as an example. He showed how an innocent looking Blu-ray disc can actually circumvent sandboxes and present the hacker with control of the underlying systems. Of course, that innocent …

Member Avatar
+2 forum 0

The hacker collective known as Anonymous first declared war on Islamic State (formerly known as ISIS) supporters back in the Summer of 2014 with [Operation NO2ISIS](http://www.forbes.com/sites/jasperhamill/2014/06/27/anonymous-hacktivists-prepare-for-strike-against-isis-supporters/) which promised to target the online infrastructure of those countries sponsoring Islamic State militants. This declaration followed the hacking of an Anonymous Twitter account, @TheAnonMessage, which was then used to post photos of a terrorist assault near Baghdad. At the time, an Anonymous spokesperson stated that "these savages who have no religion or morality are bent on burning everything in their path, killing and pillaging as they go. They must be stopped." Because Islamic …

Member Avatar
Member Avatar
+4 forum 9

It's the festive season but would you really expect Lady Gaga to give you a free iPad 2? That was the exact message being broadcast from Lady Gaga's Twitter account earlier, promising each and every one of her 17 million followers an iPad 2 and all they had to do was click the link for details. [ATTACH=RIGHT]23296[/ATTACH]Of course, there was no iPad. The Lady Gaga Twitter account had been hacked and if you clicked on that link it would take you to a number of different sites via redirects and then dump you at a survey designed to scam you …

Member Avatar
Member Avatar
+1 forum 6

Ever wondered why the bad guys continue throwing malware in your direction? The obvious answer is the correct one: because they make money from doing it. On Thanksgiving Day, as all others across the year it would seem, they can be thankful for the high profit to be raked in from using readily available malware purchased within the dark market. Kaspersky Lab researchers have been doing the math, and their figures suggest that when comparing the cost of the most common hacker tools with the cold cash stolen using them the profit is around 20 times greater than the outlay. …

Member Avatar
+2 forum 0

As well as being CEO of penetration testing specialists High-Tech Bridge, Ilia Kolochenko is also perhaps unsurprisingly a white hat hacker of some repute. Equally unsurprising is the fact that he has [warned](https://www.htbridge.com/blog/plugins_and_extensions_the_achilles_heel_of_popular_cmss.html) that security vulnerabilities in leading CMS platforms such as Drupal, Joomla and WordPress are effectively leaving the security door wide open for hackers to walk through. Kolochenko refers to the threat posed by old plugins, passwords and extensions as being the 'Achilles heel of popular CMS' and for good reason. High-Tech Bridge regularly tests popular CMSs via the ImmuniWeb online penetration testing service and equally regularly, sadly, …

Member Avatar
Member Avatar
+4 forum 1

Not exactly the most surprising news ever, that Anonymous is [planning an all out DDoS war on World Cup corporate sponsors](http://www.independent.co.uk/news/world/americas/world-cup-2014-hacktivist-group-anonymous-plan-cyberattack-on-world-cup-sponsors-9467786.html) during the football tournament. Personally, I wish them luck. Cannot stand football, in fact hate it with a passion and the world cup period is a nightmare every four years with no escape wherever you go and whatever you do. Media coverage is ridiculous in the UK, anyone would think that football is some kind of religion. I also have no love for the large corporates which sponsor such events, being an anarchist at heart. Your mileage may well …

Member Avatar
Member Avatar
+0 forum 1

**How do passwords work?** What a password isn't, or at least really shouldn't be, is some kind of secret word or phrase that is simply compared against a table of usernames in a login database. Such plaintext systems are about as secure as a chocolate padlock on a furnace door. Even a login system whereby those passwords are encrypted isn't much better, although many people assume they are safe as houses. Breaches across the years have proven how insecure any system which relies purely on reversible algorithm encryption really is. The user logs in and enters a password, this triggers …

Member Avatar
Member Avatar
+1 forum 11

As a gamer myself, I thought that last year was a pretty good one. After all, not only did I get to play both GTA V and Call of Duty: Ghosts (indeed, I'm still playing it and working my may through the prestige levels) but if I had enough spare cash and will I could have bought an Xbox One or PlayStation 4. As it happens, I did buy a Lenovo IdeaPad Y510P which can manage a pretty respectable average of 40fps in Crysis on the high quality settings at native resolution. However, according to research figures from Kaspersky Lab, …

Member Avatar
Member Avatar
+0 forum 2

US retail giant Target [has confirmed](http://pressroom.target.com/news/target-confirms-unauthorized-access-to-payment-card-data-in-u-s-stores) that hackers gained access to payment card data that could mean 40 million credit and debit card accounts are at risk. An official statement says that the retailer is "aware of unauthorized access to payment card data that may have impacted certain guests making credit and debit card purchases in its U.S. stores" and is now working with law enforcement and financial institutions having "identified and resolved the issue". The accounts in question were targeted, no excuse for the pun, between November 27th and December 15th in order to hit the increasingly busy seasonal …

Member Avatar
Member Avatar
+3 forum 2

According to a [report](http://www.fireeye.com/resources/pdfs/fireeye-operation-ke3chang.pdf) from researchers at US security outfit FireEye, a number of computers belonging to diplomats attending the G20 summit in Russia three months ago, including at least five European foreign ministries, were successfully targeted by Chinese hackers. FireEye researchers had monitored a server, one of 23, used by the Ke3chang group in August. This enabled them to observe the malware in action, although FireEye says no data was stolen as far as they were aware during this period of observation. Naturally the security firm contacted the relevant authorities as soon as it realised what was underway. The …

Member Avatar
+1 forum 0

Tumblr, the hugely popular blogging service which was bought by Yahoo! last month, has advised mobile users to change their passwords, and change them immediately. In a posting to the Tumblr staff blog, a spokesperson states "We have just released a very important security update for our iPhone and iPad apps addressing an issue that allowed passwords to be compromised in certain circumstances." The precise details of the vulnerability that enabled this password compromise appear to be rarer than rocking horse crap, however there's a pretty big clue in a footnote to that staff blog post which defines 'certain circumstances' …

Member Avatar
Member Avatar
+0 forum 6

While the News International [phone hacking scandal](http://www.guardian.co.uk/media/phone-hacking) that saw the demise of the News of the World newspaper cannot have escaped your attention in the US or UK, news from India concerning the latest 'tumble and clone' developments could leave the mobile phone calls of more than just celebrities at risk of hacking. If you thought it was bad enough that UK newspapers have apparently been hacking into the mobile telephone conversations of celebrities and others 'in the news' in order to gain a competitive advantage when breaking news stories, then wait until you hear the latest [reports](http://www.thehindubusinessline.com/todays-paper/article3010105.ece) to come …

Member Avatar
Member Avatar
+2 forum 4

Konami, the Japanese games developer responsible for such genre defining classics as Metal Gear Solid and Silent Hill, has confirmed that tens of thousands of customer accounts have been put at risk due to a breach of the Konami ID portal site. During a period between the 13th June and 7th July, hackers made numerous unauthorised logins. Indeed, during this period it has been suggested that as many as 4 million account hacking attempts were executed. Konami warns that a total of 35,252 customer accounts were hijacked with the attackers having access to personal data including dates of birth, telephone …

Member Avatar
+1 forum 0

is it posssible to hack into any network using only the knowledge of html and css???

Member Avatar
Member Avatar
-1 forum 10

The news that, following a number of pretty high-profile password compromise cases, Twitter is adopting a two-factor authentication for account access is to be welcomed. 2FA, as it is known, applies the better security concept of something you know combined with something you own into the access equation. The thing you know is your password, and the thing you own is your mobile phone. Here's how it works, once 2FA has been enabled and you try to log into Twitter from a 'new' device a code will be sent by SMS to the mobile phone which you have registered with …

Member Avatar
Member Avatar
+2 forum 5

A recent survey, conducted by IT risk management specialists nCircle, suggests that as many as 50% of IT security professionals think that the organisations they work for are a potential target for state-sponsored hackers. A number that Tim Keanini, nCircle Chief Research officer, thinks is rather on the low side in reality. "The number of organizations that are potential targets for state-sponsored cyber attacks is probably much higher than 50%, because if attackers can’t break into a targeted organization, they will go after partners and suppliers" Keanini insists, adding "Frankly, I’m surprised that the level of paranoia among information security …

Member Avatar
Member Avatar
+3 forum 3

It's never easy calculating the true cost of inadequate security to business, not least as there are so many variables and such reticence when it comes to full disclosure for fear of brand damage. However, the latest [Information Security Breaches Survey](http://www.pwc.co.uk/audit-assurance/publications/uk-information-security-breaches-survey-results-2012.jhtml) (ISBS) from PwC/Infosecurity Europe has had a good bash at it, at least as far as the UK is concerned, and the answer is breathtakingly big: billions of pounds. And that was just last year! ![dweb-secreport](/attachments/small/0/dweb-secreport.jpg "align-right") According to the survey which investigated a total of 447 UK-based businesses, the number of large enterprises being hacked into is at …

Member Avatar
Member Avatar
+1 forum 1

[ATTACH=RIGHT]16244[/ATTACH]Ron Bowes has been accused of hacking Facebook. But when he put the information for over a 100 million [URL="http://www.facebook.com"]Facebook[/URL] users into a 2.8 GB torrent stream on his website Skullsecurity.org, he didn't need to hack anything to get it - it was already publicly available on Facebook. All he did, he points out, was "compile public information into a nice format for statistical analysis." Bowes, who is a developer for the [URL="http://nmap.org/"]Nmap Security Scanner[/URL], had been testing the software's new feature Ncrack, and needed a wordlist generated from real life data. So he turned to Facebook. When he realized …

Member Avatar
Member Avatar
+0 forum 1

New research shows that hackers are becoming increasingly lazy in their search for online exploits, with 98% of Remote File Inclusion and 88% of SQL injection attacks now being fully automated. It comes as no surprise whatsoever to DaniWeb administrators and moderators that your average cybercriminal is looking for the easiest way to earn a dishonest buck. After all, we have recently completely re-coded the DaniWeb forum from the ground up partly in order to deal with the increasing number of spambot attacks that were being launched against us across much of last year. Spammers have long since used software …

Member Avatar
Member Avatar
+1 forum 1

My computer has been severely hacked. Well 2 laptops actually. And it looks like my router also. Problems noted here: 1. Email accounts routinely hacked even after changing passwords and using keypass in the securist way. Suspected keyloggin occuring somewhere in the stream. 2. Something causing my typing to be highlighted and changed into other words and characters, not randomly but as in remote access type of thing. Suspected rootkit worm virus (I'm only above novice in this stuff). 3. Internet modifications occuring where webpages are rendered with intelligent inaccuracies, suspected DNS redirection and spoofing. If not virus worm etc. …

Member Avatar
Member Avatar
+0 forum 3

I'm trying to find a solution to protect all the software developed in the company I work in. Till now we've been working with hardlocks, but we are trying to cut on expences and wanting to develop our own software protection system. I know that there some free tools, like for instance activelock, but we aren't interested in using third party tools either, since these tools are frequently open to attacks and we might have migration problems in the future. I've been googling and I can't find any good techniques for developing this type of solution. We've seen some ideas …

Member Avatar
Member Avatar
+0 forum 1

Earlier this year Jonathan Evans, the Director General of MI5 (the UK Security Service), warned that cyber attacks against UK plc were as much of a security challenge as terrorism as far as Britain was concerned. He claimed that UK businesses were being targeted at an 'astonishing' rate driven by "many thousands of people lying behind both state-sponsored cyber espionage and organised cyber crime". Now Foreign Secretary William Hague has [joined the fray](http://www.telegraph.co.uk/news/uknews/crime/9624655/Britain-is-target-of-up-to-1000-cyber-attacks-every-hour.html) to warn that "not an hour goes by when a system in the UK is not being attacked" and how hackers and foreign spies are 'bombarding' government …

Member Avatar
Member Avatar
+0 forum 2

Gary McKinnon, an unassuming 46 year old Londoner who suffers from Asperger's syndrome and depression, is an unlikely man to be making headlines the world over once again. Indeed, across the last decade McKinnon has almost seemed to be a permanent fixture in news media feeds online and off, a thorn in the side of successive British Governments and a man who divides opinion whenever his name is mentioned. Thinking of him as the man who, according to US lawyers, committed "the biggest military computer hack of all time" helps to put the reasons why into perspective. ![dweb-mckinnon](/attachments/small/0/dweb-mckinnon.jpg "align-right") Gary …

Member Avatar
Member Avatar
+0 forum 7

What is your Favourite Hack/Programming movie ?

Member Avatar
Member Avatar
+1 forum 57

The 'Murder Ball' competition is now underway at the London 2012 Summer Paralympics, also known as wheelchair rugby to some. However, you won't find Olympic athletes taking part in the warbiking event that has also been happening in London recently: warbiking is very much a sport for nerds. ![warbike](/attachments/small/0/warbike.jpg "align-right") The brainchild of security vendors Sophos, [Project Warbike](http://www.sophos.com/en-us/security-news-trends/security-trends/bottom-line/project-warbike.aspx) itself consisted of one man on a specially adapted bicycle complete with with dynamos and solar panels powering a computer that was scanning for wireless networks. Taking place across a couple of days, Sophos Director of Technology Strategy James Lyne cycled around …

Member Avatar
Member Avatar
+0 forum 1

If the news that the Yahoo! Contributor Network user-generated content site has been breached and more than 450,000 usernames and passwords compromised as a result wasn't bad enough, look behind yesterdays headlines and the situation is revealed to be much, much worse. If you were one of those folk who signed into the Yahoo! Contributor Network with your Gmail or Hotmail credentials, then those accounts are also obviously now compromised. ![dweb-yahoohack](/attachments/small/0/dweb-yahoohack.jpg "align-right") The D33Ds Co hacker collective has published a file containing all the login data from the breach, which appears to have been as simple as the most basic …

Member Avatar
Member Avatar
+0 forum 5

The End.