Recently in Hacking Category

There's a new zero day exploit for firefox and internet explorer which involves javascript. So if you are running firefox, then installing NoScript will give you added protection. If you are running IE - then ooooooops :-)

Having said that, it doesn't look that malicious - you would have to be tricked into entering data into one page, which can then be sent to the malicious site at the same time, so you are probably only at risk if you do random surfing or surf in dodgy web site areas in the first place - and if you are doing that then I really hope you are not running internet explorer (or as an admin!)

I had the misfortune to have to deal with a user who had received an email after their data was stolen from the University of Texas. The email mentioned that their username and email address had been divulged to unauthorised users.
Unfortunately the way the email was sent out to the user, it looked just like a phishing scam. The email contained references to http://www.mccombs.utexas.edu/datatheft/ but if you looked at where the link would take you, it actually went to a convio.com address.
As this is a typical phishing mechanism I did a bit of digging. A whois lookup on convio.com provided an IT contact and the fact that the domain had been registered for 6 years which therefore implied that their server might have been hacked.
I contacted the Convio and received a return phone call where I was told that a lot more data had been revealed (depending on what data was stored on the server) and that the email was genuine.
After that I received two phonecalls from a call center that was set up to answer queries about the data theft. The scary thing is that their records show I requested contact about the problem but they didn't update the records that someone had already contacted me. It would also make sense to ensure that the users who are manning the call center can actually pronounce the names of the companies involved in the whole farce!

I was also amazed to see that the University are not offering free credit monitoring or any other form of compensation to the affected users - instead they are just given (more redirected) links to a reduced fee.

All the above makes a mockery of the comments on the University website that can be found on google and the REALLY scary thing is that the server was hacked more than a month ago (April 11th), they announced it on the April 23rd and they didn't contact the user until May 25th (see Attrition for details.
Oh - and there are another 197,000 users also affected - still thats small change in the amount of 81,822,769 that have been affected since the Choicepoint breach in Feb 05

hmmm - I got an email this morning stating that they were going to change my skype password in the next 24 hours due to a upgrade of their software. Why they can't tell me that they have changed it now, instead of me waiting until I can't log into skype and then changing it myself I don't know. This also sounds suspiciously like one of the websites was hacked or compromised. I really can't see any other reason that they would need to change passwords for so many people. There is more information at SkypeJournal and it seems like a lot of people share my concerns AND have trouble trying to get the password changed.
The funny thing is that they try to convince you that this is not a hoax by saying that there is a copy of the email on the share.skype.com website...Now if I was a scammer with a website such as share.5kype.com it wouldn't be difficult to host a copy of a phishing email that I am sending out to all my target customers would it?

I actually saw this a couple of days ago but didn't get round to blogging it but it is now possible to spoof urls in non-ie browsers by using special encoding of characters. A lot of us know that &20 is actually a space, but there are a lot of numbers higher up in the thousands that also look like characters and this is partly to do with the problem. The problem is something called idn.
The link i posted above is reporting on the original website that discovered the problem
Update URL fixed and warning removed. (thanks for the comment Jeff)

According to reuters, security experts apparently got 4466 passwords when they started monitoring an isp's network (with permission). Now if you ask me, that either means they don't have a lot of customers or the experts weren't very good. If you have access to sniff the network on an isp I would have thought you would have got a lot more passwords. After all, pop3 usernames and passwords are sent in clear text and that is what most people would be using to retrieve their email. Just goes to show that you really shouldn't use the same password for everything that you need to access.

At a customer site, they had a fujitsu monitor that was really dark but when you went to change the contrast it came up with "OSD Locked". The official manual that I could find for google said to press buttons 3 and 4 and power it on but this didn't work. However holding down the select/menu button and pushing the power button and keep holding the select button down until the menu appears and hey presto, one unlocked osd! Repeat the process to lock it again.

I know a lot of you will have read this already, but the reason I couldn't get to spywareinfo.com the other day wasn't because of kazaa having a blocker in it, but because they are under a extreme DOS attack with all the servers that they try to use being attacked. Sounds pretty scary.

Finished reading the 2000+ pages of Underground on the pocketpc last weekend. It's been a really interesting read about hacking and has kept me entertained whilst waiting for tape restores/backups to run, dinners to be served in hotels etc whilst i've been out on the road. Interestingly one of the hackers lived in Salford at the same time I was there as a student and he got busted for hacking.

Remember when I mentioned a colleague had their website hacked? Speaking to him yesterday he said he was well annoyed because he'd recently recovered all of his data only to find his hosting company had obviously finally realised they were hacked (or some other lame excuse) and had restored the data....back to just after the hack...and had overwritten his new uploads!

There's a security hole in b2 which is easily fixed.