Just blogged about infamous hacker Kevin Mitnick on Fireblog today and actually got him to make a statement for my article.
Check the article
And the original story
Moral of the story, not even hackers are safe from hackers :)
Tuesday, June 30, 2009
Kevin Mitnick's website hacked
Just blogged about infamous hacker Kevin Mitnick on Fireblog today and actually got him to make a statement for my article.
Check the article
And the original story
Moral of the story, not even hackers are safe from hackers :)
Wednesday, June 10, 2009
Exclusive interview with StrongWebMail's $10,000 hacker
If you haven't been living under a rock, you would of heard that webmail security company "StrongWebmail" issued a $10,000 hacking challenge to prove the security of their product. If any hacker could get into the CEO's email account and read the task list off his exchange calendar they would win $10,000. To make it even more exciting/rediculous he posted his username and password: CEO/Mustang85
The product works that any time an unauthorized person needs to access or change the password for an account it uses the phone system for two factor authentication with voice or txt message. Well Lance and co. wasn't challenged by any of that and relied on a simple XSS attack and some trickery to prove the prize was his.
Lance being an old friend of mine agreed to do an exclusive interview yesterday on FireBlog.com with all of the technical details and controversy.
The product works that any time an unauthorized person needs to access or change the password for an account it uses the phone system for two factor authentication with voice or txt message. Well Lance and co. wasn't challenged by any of that and relied on a simple XSS attack and some trickery to prove the prize was his.
Lance being an old friend of mine agreed to do an exclusive interview yesterday on FireBlog.com with all of the technical details and controversy.
Tuesday, June 9, 2009
LxLab's CEO commits suicide after software hack
Very sad to find out today that the CEO and developer of the software leading to the massive hosting provider hack I blogged about yesterday was found hanging in his home this morning.
http://www.theregister.co.uk/2009/06/09/lxlabs_funder_death/
Sad that someone was driven to suicide from such an event but showed the pride and personal dedication this man had in his software.
http://www.theregister.co.uk/2009/06/09/lxlabs_funder_death/
Sad that someone was driven to suicide from such an event but showed the pride and personal dedication this man had in his software.
Monday, June 8, 2009
VPS Hosting Vulnerability Leads to huge compromise
Article on the register today reports VPS hosting company LXLabs full customer base hacked due to vulnerability in their HyperVM VPS management application.
http://www.theregister.co.uk/2009/06/08/webhost_attack/
The main reason this was possible is HyperVM requires giving customers (the public) access to your Hypervisor OS (through the HyperVM web application).
FireHost recognizes these risks and made the decision in the beginning to not give any access to the hypervisor, in fact it runs on a completely out of band private network!
Any remote command to the hypervisor go through private VPN through an API which is limited to only basic features like stop, start, reload and rename VM. It's highly controlled and secure unlike HyperVM which ran directly ontop of the hypervisor.
Virtualization security is going to continue to be a hot topic and Firehost Inc. leads the way by providing true advanced security while sharing knowledge and best practices on our blog and security center.
http://www.theregister.co.uk/2009/06/08/webhost_attack/
The main reason this was possible is HyperVM requires giving customers (the public) access to your Hypervisor OS (through the HyperVM web application).
FireHost recognizes these risks and made the decision in the beginning to not give any access to the hypervisor, in fact it runs on a completely out of band private network!
Any remote command to the hypervisor go through private VPN through an API which is limited to only basic features like stop, start, reload and rename VM. It's highly controlled and secure unlike HyperVM which ran directly ontop of the hypervisor.
Virtualization security is going to continue to be a hot topic and Firehost Inc. leads the way by providing true advanced security while sharing knowledge and best practices on our blog and security center.
Thursday, June 4, 2009
Wireless Keyboard Sniffing
New Free Open Source utility for sniffing keystrokes on a wireless keyboard! If you have heard my talks on RFID before you will remember that regardless how weak the signal is the guy with the big antenna always wins!
The tool is called Keykeriki and is available here:
http://www.remote-exploit.org/Keykeriki.html
The tool is called Keykeriki and is available here:
http://www.remote-exploit.org/Keykeriki.html
Keyboard Sniffer Keykeriki from Max Moser on Vimeo.
Subscribe to:
Posts (Atom)