Rank My Hack

August 31, 2011

The world of hacking has always been one built on boasting and prestige – but now it’s official. A new leaderboard at rankmyhack.com is tracking live exploits, awarding points based on complexity and skill, and hoping to become the definitive ranking system for the computer underground.

Someone who cracked baidu.com is at the top of the list. Impressive stuff.

Apache Killer

August 25, 2011

A new Apache denial-of-service tool, named “Apache Killer”, has been posted on Full Disclosure and usage has been observed in the wild. Both the 1.3 and 2.0 codebases are affected – the Apache project says that a patch is upcoming. More details at the link.


PIN Harvesting

August 22, 2011

Sure, if you want to steal someone’s ATM PIN, you can shoulder-surf it, or use a pinhole camera, or even compromise the ATM itself. But why bother when a thermal camera is so much easier?


August 17, 2011

A new piece of Android software, which installs itself as “Google++”, is a true bundle of joy. Not only does it steal data from the phone, it is also capable of answering phone calls from a predetermined number (after setting the handset to silent and turning on the speakerphone) to allow the attacker to eavesdrop on the surrounding environment.

Much as I chafe at the restrictive nature of the Apple App Store, it really is a model that makes sense for an appliance like a phone. It’s nice to have the added flexibility of a platform like Android, but it also imports all of the security problems of a general computing device along with the capabilities.


August 15, 2011

The SIFT Workstation forensic toolkit is a freely available set of tools for forensic analysis of computers and networks. And it comes highly recommended.

Although the commercial tools maintain advantages over SIFT in some areas, the free SIFT tool exceeds the capabilities of the commercial tools in other areas. “Even if SIFT cost tens of thousands of dollars,” says, Alan Paller, director of research at SANS, “it would be a very competitive product.” At no cost, it should be part of the portfolio in every organization that has skilled forensics analysts.


August 3, 2011

Nearly four million pages have been infected with iframe exploits due to a hole in older versions of the osCommerce business software. If your own web site is using osCommerce, make sure that it is a patched, current version.