Articles about Hacking

It has been a little while since we heard anything from the Syrian Electronic Army, but now the group has made an appearance once again. SEA has hacked five big-name hosting companies -- Bluehost, Justhost, Hostgator, Hostmonster and FastDomain -- all part of the Endurance International Group.

SEA launched the attacks on the five hosts for "hosting terrorists websites" (sic) adding to the list of high-profile names it has already targeted -- a list that includes names such as Skype, Facebook, PayPal, Twitter and Microsoft. No sites were mentioned by name for having gained SEA's attention.

Continue reading →

GitHub is still in the throes of a massive DDoS attack which has blighted the site since Thursday. While the origins of and reasons for the attack is not yet fully known, the fact that two projects relating to Chinese anti-censorship have been targeted speaks volumes.

Now into its fifth day, the attack turned into something of a tug-of-war. Just as GitHub thought it had managed to wrestle back control of the site, a fresh wave was unleashed. The evolving attack is the largest in GitHub's history and engineers "remain on high alert".

Continue reading →

Following a four-day long security breach back in February, chat and collaboration tool Slack is finally getting two-factor authentication. Last month, the encrypted central user database was accessed by hackers although there is no indication that hashed passwords were decrypted.

Slack insists that no payment information was seen by hackers, and while the breach is far from good news, there is a silver lining: it has forced the company to look harder at security. Starting today, two-factor authentication is available which locks down accounts via the Android, iOS and Windows Phone apps.

Continue reading →

A security flaw has been discovered in a number of UK news websites, potentially placing 24.5 million users at risk. The problem was found in websites run by Johnston Press, a UK media group that is responsible for scores of regional news websites.

Just a few days ago we reported about the findings of security researcher Brute Logic. He discovered an XSS vulnerability on Amazon that risked exposing user data and could be used to compromise accounts. Now the same researcher has discovered another cross-site scripting security flaw that could be used to redirect visitors to malicious websites -- and it's worryingly simple to exploit.

Continue reading →

A serious XSS vulnerability left Amazon customers in "real danger" of having their accounts compromised. The man who made the discovery is Brute Logic, the current top security researcher at XSSposed.org and "light-gray computer hacker". We spoke to him about the security issue as well as talking about the responsibilities involved in exposing vulnerabilities.

The cross-site scripting vulnerability was discovered on March 21 and was left unpatched for two days. In this time, Brute Logic says there was a real risk that people "could have their Amazon account compromised or had their computer invaded by means of a browser exploit". He says it is the responsibility of sites to fix problems when they are highlighted by the hacking community.

Continue reading →

Seven hours is all it takes to crack the encryption that is in place on some supposedly secure websites. Security experts blame the US government's ban on the use of strong encryption back in the 1990s for a vulnerability that has just come to light. Named FREAK (Factoring attack on RSA-EXPORT Keys), the flaw exists on high-profile websites including, ironically, NSA.gov.

Restrictions that limited security to just 512-bit encryptions were lifted in the late 90s, but not before it was baked into software that is still in use today. The ban on the shipping of software with stronger encryption apparently backfired as it found its way back into the States. Security experts say the problem is serious, and the vulnerability is relatively easy to exploit.

Continue reading →

Evgeniy Mikhailovich Bogachev is a Russian hacker who could make you rich in a couple of different ways. He is the gentleman who is thought to be the architect behind the Zeus botnet as well as the infamous CryptoLocker scam that holds data hostage for a ransom. Those are two of the largest problems facing today's computer users and each still persists while Bogachev remains elusive.

He has twice been indicted in US courts, once in Nebraska and, more recently, in Pennsylvania. The array of charges is quite long, including conspiracy, money laundering, computer fraud, identity theft and more. These indictments mean little as long as he remains on the run.

Continue reading →

Owners of Netgear routers are warned that their wireless security keys and admin password could be accessed by hackers. A security vulnerability has been found in the SOAP service embedded in some Netgear network devices that could be abused with specially designed HTTP requests.

Routers can be tricked into executing commands even if they originate from an unauthenticated session, potentially exposing sensitive information to hackers. For anyone with remote management enabled on their router, there is the added worry that all of this could be carried out by someone without physical access, or who is not in close proximity, to the network. A number of Netgear routers are affected.

Continue reading →

It's another year and time for a new set of companies to be compromised. In 2014 we witnessed high-profile attacks on victims such as Home Depot and Target, but 2015 is shaping up to be no better, given the recent news regarding Anthem, a major health care provider in the US. The potential implications of this one are still mostly unknown.

However, reports are surfacing that perhaps millions of users have been compromised. Data such as names and social security numbers have been lost. The company isn't yet citing numbers, but does admit that all of its branches were affected. According to security researcher Brian Krebs that could mean a catastrophe.

Continue reading →

Well, it's been a week since we've heard about a security vulnerability in Adobe Flash -- that's like a lifetime in terms of this program. While the application is slowly receding, it's far from dead and that means users have reason for worry. Of course, using Flash at all is a general concern -- it's a highly targeted platform for attackers.

Now Adobe is issuing it's latest warning, this one for "drive-by attacks". The flaw is technically known as CVE-2015-0313, though that moniker does little good for the end-user. What people really need to know is that the problem has been found to be used on the web.

Continue reading →

There are many potential dangers to using the internet, and most people are familiar with the idea of identity theft, unauthorized access to online accounts and the like. But there's another hazard which has come to prominence recently: doxing. The idea is not new, having its roots back in the 90s, but there have been numerous high profile cases of celebrities who have fallen victim to "document dropping".

This involves releasing personal information about someone to the internet -- information that could be embarrassing, personally revealing, or something that the victim would just rather keep to themselves. Interestingly, doxing is not necessarily illegal, but that doesn't mean that the ramifications are not far-reaching.

Continue reading →

Despite many reports to the contrary, there is nothing to suggest that downtime experienced by Facebook, Instagram and Tinder was anything to do with Lizard Squad. Earlier today, the three services were inaccessible for a short while and Lizard Squad took to Twitter to announce the outages.

The tweet, which read "Facebook, Instagram, Tinder, AIM, Hipchat #offline #LizardSquad" was taken as an admission of guilt and reported as such by many, many websites. Even when Facebook announced that the downtime came as a result of a system change by Facebook, site after site continued to report that Lizard Squad was to blame.

Continue reading →

In the race to the bottom of security, Flash has remained a strong contender, competing with Java to win the competition. It's really nothing against Adobe, the company seems to try fairly hard to keep things safe. It's more that Flash is so popular that it becomes a primary target. Something Microsoft would know a thing or two about, given the success of Windows.

The company has issued its latest security bulletin. It isn't the best of news -- the report seems to encapsulate two vulnerabilities, and both are being exploited in the wild.

Continue reading →

The past few weeks have not been kind to hacking group Lizard Squad. They've managed to raise the ire of the last possible group of folks you'd wish to anger -- Anonymous. The organization is also experiencing arrests of its members, thanks to poor procedures put in place for identity protection. But the latest blow may come as poetic justice to many people.

The loosely-knit hacker communicative has been trying to sell its wares online -- namely DDoS for hire services. Unfortunately for it, and rather fortunately for the rest of us, the offering has been hacked. According to multiple reports LizardStresser.su was compromised.

Continue reading →

While the news of the recent Sony hack has died down, it certainly isn't forgotten. The simple fact remains that we still have no clear answer on who was responsible. The US government blamed North Korea and initiated sanctions on the nation, though no real evidence was put forth to support this alleged misdeed, leaving the move to reek of political motivation.

The simple fact that the hackers originally asked for money, as if it were a hostage situation, seems to point away from state-sponsored wrongdoing, but we simply don't know the real truth, and perhaps never will. All we really know is there's a lack of evidence for this case. We'd be safe in speculating a jury would be unlikely to convict the country.

Continue reading →