Tuesday, June 30, 2009

Kevin Mitnick's website hacked




Just blogged about infamous hacker Kevin Mitnick on Fireblog today and actually got him to make a statement for my article.

Check the article

And the original story

Moral of the story, not even hackers are safe from hackers :)

Wednesday, June 10, 2009

Exclusive interview with StrongWebMail's $10,000 hacker

If you haven't been living under a rock, you would of heard that webmail security company "StrongWebmail" issued a $10,000 hacking challenge to prove the security of their product. If any hacker could get into the CEO's email account and read the task list off his exchange calendar they would win $10,000. To make it even more exciting/rediculous he posted his username and password: CEO/Mustang85

The product works that any time an unauthorized person needs to access or change the password for an account it uses the phone system for two factor authentication with voice or txt message. Well Lance and co. wasn't challenged by any of that and relied on a simple XSS attack and some trickery to prove the prize was his.

Lance being an old friend of mine agreed to do an exclusive interview yesterday on FireBlog.com with all of the technical details and controversy.

Tuesday, June 9, 2009

LxLab's CEO commits suicide after software hack

Very sad to find out today that the CEO and developer of the software leading to the massive hosting provider hack I blogged about yesterday was found hanging in his home this morning.
http://www.theregister.co.uk/2009/06/09/lxlabs_funder_death/

Sad that someone was driven to suicide from such an event but showed the pride and personal dedication this man had in his software.

Monday, June 8, 2009

VPS Hosting Vulnerability Leads to huge compromise

Article on the register today reports VPS hosting company LXLabs full customer base hacked due to vulnerability in their HyperVM VPS management application.
http://www.theregister.co.uk/2009/06/08/webhost_attack/

The main reason this was possible is HyperVM requires giving customers (the public) access to your Hypervisor OS (through the HyperVM web application).

FireHost recognizes these risks and made the decision in the beginning to not give any access to the hypervisor, in fact it runs on a completely out of band private network!

Any remote command to the hypervisor go through private VPN through an API which is limited to only basic features like stop, start, reload and rename VM. It's highly controlled and secure unlike HyperVM which ran directly ontop of the hypervisor.

Virtualization security is going to continue to be a hot topic and Firehost Inc. leads the way by providing true advanced security while sharing knowledge and best practices on our blog and security center.

Thursday, June 4, 2009

Wireless Keyboard Sniffing

New Free Open Source utility for sniffing keystrokes on a wireless keyboard! If you have heard my talks on RFID before you will remember that regardless how weak the signal is the guy with the big antenna always wins!

The tool is called Keykeriki and is available here:

http://www.remote-exploit.org/Keykeriki.html


Keyboard Sniffer Keykeriki from Max Moser on Vimeo.