Monthly Archives: December 2014
Google Kills CAPTCHA: Are We Human Or Are We Spammer?
Kenya Breaks Chinese-Run Cyber Crime Network
Security Firm Fingers Malware For Sony GOP Attack
The FBI’s most wanted cyber-criminal used his cat’s name as a password
Not for the first time here, we find ourselves talking about passwords. In January, the software company SplashData listed the most popular passwords of 2013, on the basis of millions of passwords found on the Internet. Among the most frequently used were simple combinations: ‘123456’ was in first place followed by ‘password’.
We’ll have to see what comes out in the next report, though we’ve already seen how even cyber-criminals can make such a simple mistake.
Jeremy Hammond was arrested in Chicago in 2012. In those days he was the most wanted cyber-criminal. He had managed to compromise the Web page of Stratfor, an intelligence and espionage firm whose customers include the U.S. Defense Dept.
The authorities managed to track him down with the help of Hector Xavier Monsegur, leader of the now defunct hacker group Lulz Security. This organization was the alleged perpetrator of the attack on the CIA’s website in 2011 and the theft of Sony Pictures user account details in the same year.
They finally caught him, though Hammond had time to shut down his Mac laptop before the police got into his house. To start it up again they needed his password.
Hammond is now serving time in Manchester Federal Prison. While behind bars, he’s explained that hacking Stratfor’s Web page was not difficult. The main error, he claims, was that those responsible for the site had not encrypted their customers’ credit card details.
His own error, however, was quite different. Hammond has acknowledged that the weak point of the computer that he had used for a number of ‘jobs’, and which no doubt let police IT experts get into the machine, was its password. “Chewy123” is simply the name of his cat (plus the obvious sequence of numbers).
We have often spoken here of the techniques you can use to avoid making the same error as Hammond. Make sure your password is complex, and never use a sequence of numbers or letters.
There are also tools available to check the strength of your passwords, and you should change them regularly and use a password manager.
However much you think your data won’t be of interest to anyone, cyber-criminals can exploit information in many ways, not just for direct financial gain. And it’s not just large organizations that are targeted by hackers. IT security experts have recently warned of the leaking of passwords from platforms such as Gmail and Dropbox.
It’s difficult to stay ahead of cyber-criminals, but it’s not too hard to ensure that your passwords don’t figure in the ranking of the worst combinations. We all have to start somewhere.
The post The FBI’s most wanted cyber-criminal used his cat’s name as a password appeared first on MediaCenter Panda Security.
Is Government Malware unstoppable?
What is Regin?
According to Virus Bulletin, we are looking at a multi-staged threat (like Stuxnet) that uses a modular approach (like Flame), a combination that makes it one of the most advanced threats ever detected. Researches show that Regin has been used in espionage campaigns for the last 6 years. This sophisticated backdoor Trojan affects Microsoft Windows NT, 2000, XP, Vista, and 7 and it is able to take control of input devices, capture credentials, monitor network traffic, and gather information on processes and memory utilization.
Protection against government malware
In this context, we would like to remind our users that Avira is a founding member of IT Security made in Germany and we pride on providing our customers a guarantee of Quality and Reliability.
We thus committed ourselves, among other things, to:
- Exclusively provide IT security solutions no other third party can access.
- Offer products that do not cause the transmission of crypto keys, parts of keys or access recognition.
- Eliminate vulnerabilities or avoidance methods for access control systems as fast as possible once detected.
Additionally, we would like to clarify our standpoint on malware developed by government. Whenever we discover a new piece of malware, we are adding detection for this for all of our customers, regardless of the source of the malware. It is the case for recently discovered Regin as well, since our Antivirus products already detect all known Reging samples.
We strongly believe that no malware is unstoppable, not even government malware. Users need to make sure that they are protecting all of their digital devices with the latest technology, keeping their operating system, 3rd party applications and of course their antivirus software up-to-date.
The post Is Government Malware unstoppable? appeared first on Avira Blog.
How to spot a Kickstarter scam
Crowd funding sites are full of great ideas, but can also be a hot bed of scams. Stay safe with these top 5 tips.
The post How to spot a Kickstarter scam appeared first on We Live Security.
Nmap Port Scanning: A Practical Approach Modified For Better
This is a whitepaper that goes into detail on the functionality and usage of nmap for portscanning.
How To Bypass SafeSEH And Stack Cookie Protection
Whitepaper called How to Bypass SafeSEH and Stack Cookie Protection. Written in Turkish.
Advertise With Pleasure! (AWP) 6.6 SQL Injection
Advertise With Pleasure! (AWP) versions 6.6 and below suffer from a remote SQL injection vulnerability.