Feds charge professed White Hat hackers in breach of AT&T iPad customer data

Professed White Hat hackers face federal criminal charges for grabbing the e-mail addressesof 114,000 AT&T 3G customers who use iPads.

The breach they acknowledge committing and publicized last summer took advantage of weaknesses in AT&Ts resubscription page for iPads to harvest the e-mail addresses and ID numbers for the SIM cards in their iPads.

The breach yielded this information for some famous people, including TV journalist Diane Sawyer, former White House Chief of Staff Rahm Emanuel and New York Mayor Michael Bloomberg, as well as employees of NASA, the U.S. Department of Justice, DARPA, The New York Times, Google, Microsoft, Goldman Sachs and Citigroup.

MPack, NeoSploit and Zeus top most notorious Web attack toolkit list

About two-thirds of malicious Web activity can be traced back to botnets and exploit code built using popular attack toolkits sold in the underground economy, according to a new Symantec report.

The top three attack toolkits in terms of malicious Web activity are MPack (48%), NeoSploit (31%) and ZeuS (19%), the notorious software used in botnet form to steal financial data and execute fraudulent transactions, according to the  report, which covers June 2009 through July 2010.  

In analyzing the selling and software development tactics that could be deduced in this shadowy online world, Symantec notes the dog-eat-dog environment in the fight to oust rivals and gain criminally-minded customers willing to pay the price—from as low as $40 for some attack toolkits to as much as $8,000 and more for ZeuS—along with any specialized services for malware.

TOP 10 Security Threats for 2011

Imperva announced their predictions for the top ten security trends for 2011 which have been compiled to help IT security professionals defend their organization against the next onslaught of cyber security threats.

1. Nation-sponsored hacking: When APT meets industrialization
Nation-sponsored hacking specifically-targeted cyber attacks will incorporate concepts and techniques from the commercial hacker industry. These campaigns will contain a different malware payload than the traditional attacks conducted for monetary gain. However, these attacks will use similar techniques. These Advanced Persistent Threat (APT) attacks will borrow techniques, such as automation and viral distribution, making them all the more powerful and potentially more successful. An example of such an attack is Stuxnet, which was not searching for data to monetize, rather it was focused on gaining control of crucial infrastructure.

Both classes of attack (hacker industry and APT) are going to use some of the same techniques so some security controls are applicable to both. On the positive side, given you’re covered against the cyber mafia you should have some of the controls to be protected from certain APT attacks. As APT is persistent, if a certain attack does not succeed, another one will come into play. The traditional security controls do not deter these relentless, state-sponsored hacker organizations. For the enterprise as well as government, this means increasing monitoring of traffic and setting security controls across all organization layers.

Phishing - UMJETNOST "VARANJA" KRAJNJEG KORISNIKA

EC - COUNCIL

Phishing - UMJETNOST "VARANJA" KRAJNJEG KORISNIKA

Phishing - Hacker's way to sensitive information

Dalibor Vlaho

Phishing je tehnika napada kojom se hakeri služe kako bi prevarili krajnjeg korisnika. Potencijalno opasnom tehnikom moguće je "izvuči" sve osjetljive podatke od korisnika. Više u tekstu.

BLACKBox Hacker Competition

Od 01.03.2011. godine počinje natjecanje pod nazivom " BLACKBox ". Zadatak će biti pronalaženje propusta u softveru.
Radi se o PHP KODu koji u sebi sadržava jedan od propusta a na vama je da isti nađete i prijavite što, gdje i kako.
Sama skripta nije opširna te će biti lako čitljiva a natjecatelj će se vrlo lako orijentirati kroz sam KOD skripte.
Molimo da svoju prijavu i podatke pošaljete na: developer (at) security-consulting.com.hr

- Ime i Prezime
- DOB
- Tel-Mob
- E-mail
- Web URL ukoliko ga imate
- Skillovi - Vještine