Linux Security Series: Recent Hacks of Note (FBI, House.gov, Paypal, NSA, DHS, UNC, NYT, EBay, Yahoo and Apache)
Lisa Kachold
lisakachold at obnosis.com
Tue Oct 13 22:23:50 MST 2009
FBI Jobs site: http://www.zone-h.org/news/id/4715 and
http://www.zone-h.org/mirror/id/9586698
House.gov House of Reps:
http://voices.washingtonpost.com/securityfix/2009/08/hackers_target_housegov_sites.html?wprss=securityfix
Rogue Paypal certificate available in the wild:
http://news.softpedia.com/news/Rogue-PayPal-SSL-Certificate-Available-in-the-Wild-123486.shtml
Banking theft trojan:
http://news.cnet.com/8301-27080_3-10363836-245.html?tag=newsLeadStoriesArea.1
NSA Hacked: http://www.zone-h.org/mirror/id/9678402 Jan 15, 2009
Department of HomeLand Security:
http://www.theregister.co.uk/2008/04/25/mass_web_attack_grows/
Rogue Ads hit NYT:
http://news.cnet.com/8301-1009_3-10351460-83.html?part=rss&tag=feed&subj=News-Security
Distributed brute force attacks --> Yahoo:
http://tacticalwebappsec.blogspot.com/2009/09/distributed-brute-force-attacks-against.html
Ebay warns of developer password theft:
http://blogs.zdnet.com/security/?p=4038
Apache Hacked:
https://blogs.apache.org/infra/entry/apache_org_downtime_report and
http://www.h-online.com/security/SSH-Key-compromise-takes-Apache-org-offline-Update-2--/news/114115
UNC Hacked:
http://www.networkworld.com/news/2009/092609-unc-data-breach-exposes-163000.html
Phoenix Mars WebSite:
http://www.theregister.co.uk/2008/06/02/hackers_invade_phoenix_mars_website/
NeoSploit: BBC and US Postal Service:
http://www.theregister.co.uk/2008/10/03/neosploit_powered_mass_hack_attack/
HomeOffice Crime Reduction Site UK:
http://www.theregister.co.uk/2008/06/03/home_office_crime_reduction_hack/
Google show us the SQL Inject Infections:
http://www.google.com/search?hl=en&q=%22script+src%3Dhttp%3A%2F%2F*%2F%22%22ngg.js%22|%22js.js%22|%22b.js%22&btnG=Google+Search&aq=f
(Warning don't click the links!) And on .gov sites:
http://www.google.com/search?hl=en&q=site%3A.gov+++%22script+src%3Dhttp%3A%2F%2F*%2F%22%22ngg.js%22|%22js.js%22|%22b.js%22&btnG=Google+Search&aq=f
r00t=y0u.org gets pwnd:
http://www.theregister.co.uk/2009/08/13/undergrownd_forum_pwned/
Other fun "security" news:
Zombie flash cookies:
http://www.wired.com/epicenter/2009/08/you-deleted-your-cookies-think-again/
Linux Administrators hunt wild things for fun:
Setting a trap for SSH hackers:
http://paulmakowski.wordpress.com/2009/09/28/hacking-sshd-for-a-pass_file/
Trapping Romainian SSH brute force crackers:
http://paulmakowski.wordpress.com/2009/09/30/from-pass_file-to-script-kiddies/
Man caught installing a skimmer device to a back ATM:
http://www.threatpost.com/blogs/video-man-caught-installing-skimmer-atm-114
Assa Solo Lock:
http://www.schneier.com/blog/archives/2009/08/hacking_the_ass.html
Of course, this MIT prank was also of note: MIT
http://hacks.mit.edu/Hacks/by_year/2008/toilet/
Free Websecurity from gnucitizen:
http://code.google.com/p/websecurify/downloads/list
--
Skype: (623)239-3392
AT&T: (503)754-4452
www.obnosis.com
http://www.obnosis.com/motivatebytruth/will_work_4_bandwidth.jpg
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20091014/b789642a/attachment.htm
More information about the PLUG-discuss
mailing list