Tag: Hack
eBay is one of the most successful Internet-only ventures of all time, so it's not surprising that it has come under near-constant attack by fraudsters and hackers. In the latest attempt, a hacker logged on to the eBay Trust and Security forums and pretended to post as 1,200 separate users, making it appear as if he had actually logged in with each user's account. The posts contained the users' names, contact information, and credit card numbers.
That done, the hacker posted a video of his exploits on YouTube to celebrate his "achievement"...
» Read the rest of the post
Long story short: If you downloaded WordPress 2.1.1 within the past 3-4 days, your files may include a security exploit that was added by a cracker, and you should upgrade all of your files to 2.1.2 immediately!
It was determined that a cracker had gained user-level access to one of the servers that powers wordpress.org, and had used that access to modify the download file. We have locked down that server for further forensics, but at this time it appears that the 2.1.1 download was the only thing touched by the attack. They modified two...
» Read the rest of the post
The man responsible for unleashing what is believed to be the first self-propagating cross-site scripting worm has pleaded guilty in Los Angeles Superior Court to charges stemming from his most infamous hacking.
Samy Kamkar, who was 19 when he unleashed the attack on MySpace.com in October 2005, was sentenced to three years of probation and ordered to perform 90 days of community service, according to a MySpace statement released Wednesday.
Kamkar also must pay an undisclosed amount of restitution to MySpace, and he is banned from...
» Read the rest of the post
It begins with a Quicktime file being embedded in a Profile page. If the user "runs" the file (simply visiting the infected page is enough to trigger the attack in most cases), it uses the HREF function to activate some javascript. http://www.apple.com/qu...racks.html
When this happens, the profile page is "infected" and pastes a fake overlay of options onto the profile page - the most serious of which is (of course) the fake login button. If your page has been affected, you will see a strange, blue navigation bar on...
» Read the rest of the post
ATTENTION
If you are in the list, you have to cange your password immediately!!!!!
http://www.schoolfun.ne...ace/ms.txt
Apparently this was the fake entry point:
http://www.schoolfun.ne.../login.php
Several people noticed a wierd post on the Google blog that seemed to suggest Google was cancelling their click-to-call service.
The spelling mistakes kinda strips it of credibility. The post was at http://googleblog.blogs...lled.html, but it has been removed now.
Looks like Google blog got hacked. Well, if you go to the trouble of hacking the blog of the biggest search company if the world. You really should spell check your post first.
More on Google...
» Read the rest of the post
Hackers are posting cross-site scripting (XSS) flaws found in a number of prominent websites to a hacking site, according to a leading security researcher.
Jeremiah Grossman, WhiteHat Security CTO, told that links for Dell, MSN, HP, Apple, Myspace, YouTube, MSN, Cingular, etc. are posted as having XSS flaws.
Grossman said XSS flaws are now the No. 1 flaw on Mitre's Common Vulnerabilities and Exposures (CVE) site - a considerable growth from 12 months ago.
"XSS is now No.1. It literally took one year and probably less to reach No. 1,"...
» Read the rest of the post
MySpace MP3 Gopher is a Windows program requiring no installation, and for those not on a Windows box the author offers an online version that anyone can run. All you need to grab a MySpace song is its "friendID," which is in every URL as a parameter.
A researcher has exploited a security hole in Google Public Service Search to create an ingeniously deceptive phishing attack that looks like it's hosted on Google's domain.
http://www.google.com/u.../gplus
The fake service, Gmail Plus, which purports to be Gmail + Orkut, doesn't actually capture your user ID and password. Instead, it delivers a "You (could have) gotten served" message when you enter information into the sign-in form.
Eric Farraro discovered the exploit while adding a legitimate Google search box to a Web page at...
» Read the rest of the post
» View all photos
So last week, there was a black hat breach of Second Life's user database. The revelation has often led to confusion and rage, among Residents, many of them threatening to abandon SL for good. Then again, since the news, the peak number of Residents in-world has remained around 10,000, as before.
It's also led to something else, as it turns out. Something extraordinary.
Since the announcement of the breach, new user sign-ups have increased by more than 300 percent.
5 Votes
