SEARCH RESULTS
 
Showing 1-10 of 501 records
 
Expand article

The DDoS Attack Against CNN.com

The Article has images
2008-04-22 19:30:53 by HASH0x8b2d1ec in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...attack against CNN.com, whether successful or not in terms of the perspective of complete knock-out, which didn't happen, is a perfect and perhaps the most recent example of a full scale people's information warfare in action . Utilizing the bandwidth of the over 200 million nationalism minded Chinese Internet users, can greatly outpace any...
 
Tags: ddos, ddos-ing cnn, cnn, ddos people, warfare, information warfare attack, attack, ddos attack, chinese script kiddies
 
 
 
 
Expand article

Massive IFRAME SEO Poisoning Attack Continuing

The Article has images
2008-03-27 21:12:29 by HASH0x8b4fa7c in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...attack is slowly turning into a what looks like a large scale web application vulnerabilities audit of high profile sites. Following the timely news coverage , Symantec's rating for the attack as medium risk, StopBadware commenting on XP Antivirus 2008 , and US-CERT issuing a warning about the incident, after another week of monitoring the...
 
Tags: massive, single massive seo, profile sites, profile sites iframe, attack, seo, malware, malware attack, massive blackhat seo
 
 
 
 
Expand article

Thwarting a large-scale phishing attack

2007-06-11 11:35:00 by Niels Provos in Google Online Security Blog
 
...attack where criminals attempt to lure unsuspecting web surfers into logging into a fake website that looks like a real website, such as eBay, E-gold or an online bank. Following a successful attack, phishers can steal money out of the victims' accounts or take their identities. To protect our users against phishing, we publish a blacklist of...
 
Tags: myspace, myspace profiles, real myspace content, myspace account, attack, dummy myspace account, phishers move, phishers, lower-value sites
 
 
 
 
Expand article

The ICANN Responds to the DNS Hijacking, Its Blog Under Attack

The Article has images
2008-07-07 06:27:00 by Dancho Danchev in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...attack on ICANN's registrar's systems . A full, confidential, security report from that registrar has since been provided to ICANN with respect to this attack It would appear the attack was sophisticated, combining both social and technological techniques , but was also limited and focused. The redirect was noticed and corrected within 20...
 
Tags: blog, attack, icann, wordpress blog, icann blog, recent attack, dns redirect, redirect, software wordpress
 
 
 
 
Expand article

Massive RealPlayer Exploit Embedded Attack

The Article has images
2008-01-07 18:58:52 by HASH0x89c7e1c in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...attack is massive and ugly, what's most disturbing about it is the number of sites affected, which speaks for coordination at least in respect to having established the infrastructure for serving the exploit before the vulnerability became public One of our readers noted that there are a number of state government and educational sites...
 
Tags: exploit, realplayer exploit, uc8010 domain, domain, uc8010, exact exploit, attack uc8010, malware, malware exploitation kits
 
 
 
 
Expand article

Safari & IE Attack Code Released

2008-06-11 01:59:04 by Dave Lewis in Liquidmatrix Security Digest
 
...Attack code for the latest Safari problem was released on Sunday From Network World A hacker has posted attack code that exploits critical flaws in the Safari and Internet Explorer Web browsers The source code, along with a demo of the attack, was posted Sunday on a computer security blog. It can be used to run unauthorized software on a...
 
Tags: attack, attack code, safari, safari bug, safari users, exploits critical flaws, computer security blog, chief technical officer, shavlik technologies
 
 
 
 
Expand article

Minimizing the Attack Surface, Part 1

2008-06-24 19:09:34 by Chris Eng in Zero in a bit
 
...attack surface. You learned how to disable services using /etc/inetd.conf. Then you learned about rc.d and how to prevent unnecessary services from being launched at startup. Next, maybe you configured the Xserver to disallow remote connections or moved on to removing setuid permissions from files. As you worked, youd periodically re-scan the...
 
Tags: attack surface, custom web applications, web, services, prevent unnecessary services, unnecessary services, security, third-party libraries, fix security holes
 
 
 
 
Expand article

How a Classic Man-in-the-Middle Attack Saved Colombian Hostages

2008-07-10 01:00:00 by Bruce Schneier in Wired Security
 
...attack In a man-in-the-middle attack, the attacker inserts himself between two communicating parties. Both believe they're talking to each other, and the attacker can delete or modify the communications at will. The Wall Street Journal reported how this gambit played out in Colombia The plan had a chance of working because, for months, in an...
 
Tags: implement mitm attacks, implement, mitm attacks, mitm, attack, mitm attack, bank, bank demands authentication, bank assumes
 
 
 
 
Expand article

S&K Menswear two-phased attack

The Article has images
2008-01-03 10:40:36 by Evan Francen in The Breach Blog
...attacker requested the CVV2 codes to match the credit card numbers. It is unknown how many customers were duped by the second phase of the attack Reference URL New Hampshire Attorney General Breach Notification Report Credit New Hampshire State Attorney General Response From the official breach notification and letter to customers This...
 
Tags: information, personal information, information security practices, notification, information security, breach notification letter, sample customer letter, credit card, credit card data