When moving around the Internet always be careful with what you say and post online. You never know when it will come back to bite you.
That’s right you’ve heard it here first (ok, probably second or third, but at least in the top 10). A hacking group is using SQL Injection attacks to break into websites in-mass and download malicious content from 318x.com.
As of December 10, 2009 over 132,000 websites have been compromised and are serving up the malicious content. The attack loads up an Iframe onto the websites via the data returned from the database which eventually leads the user (without there knowledge) to download data from 318x.com which then installats a rootkit-enabled variant of the Buzus backdoor trojan. The full path of what happens can be found on the link above.
We’ve talked about the securing your website from SQL Injection attacks here, here and here, apparently there are tons of sites out there which haven’t been listening.
Denny
OK, so the title is a little more scary than needed, but it did the job, and got you to look at the article.
Customers at T-Mobile UK have been found to have been selling customer information to data brokers who work on behalf of other cellular phone companies in the UK. Read the rest of this entry »
About a week ago 60 Minutes covered a story about hackers breaking into the Brazilian power grid and causing power outages through out the country. The common believe is that this story wasn’t actually correct. However hackers appear to have liked the idea, and have done what was originally claimed in the story. Read the rest of this entry »
In a recent article on DarkReading researchers have found that up to 9% of a large companies computers may be part of a bot net. Read the rest of this entry »
Probably about the worst security plan you can ever use is security by obscurity. Read the rest of this entry »
One of the easiest things that you can do to keep people from guessing passwords is to slow them down. Obviously I don’t mean do tell the person to try to log in less frequently, that just wouldn’t make any sense. When someone is knocking on your computer’s door and trying a brute force password attack, make them slow down. Read the rest of this entry »
It appears that the phishers are going back to some good old social engenering to get your info.
I just received this text message “First Heritage Bank Alert: Your CARD has been DEACTIVATED. Please contact us at 877-649-1737 to REACTIVATE.”. Now I know this is a scam for a couple of reasons.
1. I don’t have an account with First Heritage Bank
2. A bank wouldn’t text me to have them call me.
3. They’d tell me to call without providing a number, instead telling me to use the number on my card.
4. They’d identify the account which has a problem.
If you see this don’t call them. I’d say report it to your local law enforcement but they probably don’t really care, and probably won’t do anything about it. Good luck if you decide to call your local law enforcement.
Denny
P.s. Sorry for any spelling issues. This was posted from my blackberry. I’ll spell check from home.
OK, so I need your help. I’ve gotten into the habit recently of dying my hair. So I need to decide what color to dye it for PASS. Since I’m not running for the board I haven’t been doing massive amounts of web casts, or a crazy amount of blogging recently, so I’m feeling a little left out of the whole community thing today (ok, not really but a good sob story is a great way to get people to vote on stuff). Read the rest of this entry »
Everyone in IT knows who you don’t leave your workstation unlocked when you leave your desk. It’s because your co-workers will send fart jokes to the boss from your machine as punishment. However there are actual security reasons for not leaving your machine unlocked. Read the rest of this entry »