Is your website safe from hackers? Websecurify can tell you
Protecting a website from hackers is no easy task, as even big names like Sony and Sega will confirm. But making use of a vulnerability scanner like Websecurify may be able to help.
The idea is a simple one. Just point the program at your website, it'll scan it and then report on any security holes, so hopefully you can fix them before they're noticed by someone else.
LulzSec attacks Brazilian government sites
Brasil.gov.br and Presidencia.gov.br, two sites belonging to the government of Brazil, were the latest victims of anti-security hacker group LulzSec on Tuesday.
The now-familiar cry of "Tango Down!" came across Twitter from LulzSec and another account named LulzSecBrazil on Tuesday evening, signaling that the hacker group had successfully brought down another website. The group initiated a DDoS attack against the U.K.'s Serious Organized Crime Agency this week, and called for a rally to pillage government data stockpiles for secret information.
Scotland Yard arrests possible LulzSec leader, group denies
The "lulz" for LulzSec may be about to end as worldwide authorities begin a push to apprehend those responsible. The British Metropolitan Police Service -- better known as Scotland Yard -- said Tuesday that it had arrested a 19-year-old man believed to be one of the lead individuals within the hacking collective.
UK law enforcement was under increasing pressure to find those responsible after LulzSec said that it planned to release the entire database from Britain's 2011 census. That would have meant some 62 million people could have their personal data exposed, the biggest hack yet for the group.
LulzSec, Anonymous team up to steal and expose government secrets
Anonymous, the hacker collective famous for performing cyber attacks as public retribution, has reportedly teamed up with LulzSec, the hacker group that attacks mostly for entertainment, for a mission going by the title AntiSec (Anti-Security) which seeks to expose any government-classified information that can be stolen.
LulzSec, which has recently stolen headlines for a rash of denial of service attacks issued an AntiSec manifesto today, asking everyone to join the rebellion.
Sega the latest victim in video game hacking epidemic
Sega is the latest video game company to fall prey to hackers, as the Sega Pass network of gaming sites, forums, and customer offers has been taken down and the information connected to 1.3 million accounts stolen.
User names, birthdates, e-mail addresses and passwords were all exposed in the security compromise. Fortunately for users, it did not include any financial information.
Trojan stealing Bitcoin users' wallets, says Symantec
Bitcoins have become popular as an alternative to government-controlled currencies, but a new Trojan seems to be specifically targeting Bitcoin wallets in an attempt to steal funds, security firm Symantec warns. The news follows reports earlier this week of a Bitcoin user being hacked to the tune of 25,000 bitcoins, or about $500,000 USD.
Symantec says that the 'Infostealer.Coinbit' Trojan aims to find your wallet file and then mail it to the attacker. There is also similar code which looks for the file, but uses FTP to transfer it to the attacker's servers. With this file, the user can then use a 'brute-force attack' to break in and pilfer the user's coins.
LulzSec reveals the stupidest passwords on the planet
LulzSec is having quite the week of hacktivist actvity. After launching DDoS attacks against gaming sites' log-in pages, setting up a hotline for requesting hacks and hacking both the CIA and US Senate, the group released a long list of passwords and email addresses it had obtained. Is yours among them? Whew, mine isn't. You should check, too, if using public services like AOL, Gmail or Yahoo.
I'm amazed at the ridiculous passwords people use. A quick search of the 62,000 released by LulzSec finds hundreds of instances of "123456" and "password" as password. There are 28 "11111", more than twice as many "0000" and 20 variations of the "f" word. Then there are the repeaters, like "alex186" for five different email addresses.
WebGL is just too dangerous to support, says Microsoft
Microsoft Security Response Center (MSRC) Engineering has concluded that WebGL, the royalty free cross-platform API for browser-based 3D graphics, is "overly permissive," insecure, and potentially harmful to machines using it. Development of the technology was spearheaded by Mozilla, Google, Opera, AMD, and Nvidia, and was endorsed by the Khronos Group.
Based upon an MSRC Engineering review, and using two Context Information Security reports as supportive evidence, Microsoft on Thursday said it cannot endorse the use of WebGL in its current form.
Now anyone, not just cops with a warrant, can peek inside your Dropbox
Forensic computer security company ATC-NY on Thursday released a new, free tool called Dropbox Reader which helps investigators read "evidence files" associated with Dropbox cloud storage accounts.
Dropbox Reader is actually a series of six command line Python scripts which parse the configuration and cache files of a Dropbox account, including the user's registered e-mail address, dropbox identifier, software version info and list of recently changed files stored in config.db, the information about shared directories and files marked for sync stored in filecache.db.
LulzSec takes down CIA website
One day after opening a hotline to take requests for its next hacking target, black hat security group LulzSec appears to have taken down the website belonging to the Central Intelligence Agency (CIA.)
The image above is from the group's Twitter feed just about half an hour ago, CIA.gov remains unreachable (Error 7 (net::ERR_TIMED_OUT): The operation timed out.) from our location in Maryland (others claim to see no change to the site.)
Want a site attacked? Call the LulzSec request line
LulzSec has started crowdsourcing its nefarious online activities by opening a request line for future assaults.
Yesterday, the hotline number went out via LulzSec's Twitter account: "Call into 614-LULZSEC and pick a target and we'll obliterate it. Nobody wants to mess with The Lulz Cannon -- take aim for us, twitter. #FIRE." I called the number today. There's something there. I didn't leave a take-down request.
How stupid could Citi be?
In what is an embarrassing oversight for Citigroup, attackers that got away with information on over 200,000 credit card holders only needed to make a change in the string of the URL itself. This means that as long as you had the account number, you would be able to access all personal data associated with that particular account.
Citigroup should consider itself lucky that more customers did not have their accounts compromised. How the hackers got the credit card numbers themselves is not clear yet, but the vulnerability allowed them to jump among accounts automatically by just being logged in and running a script.
Breaking into iPhone? Try '1234' or '0000' first
Developer Daniel Amitay has some words of caution for those locking their iPhones down with a four-digit password: use something that isn't on his list of most commonly used passcodes. Amitay created the Big Brother Camera Security app for iOS, and anonymously collected passcode data from users.
The app can take pictures remotely of whomever's using your device with the front-facing camera, as well as its location. What Amitay collected was the passcode information for the app itself, which is nearly identical to the iOS lock screen. He figures the data collected on 204,508 user passcodes would be similar.
LulzSec hacks US Senate website, although no data taken
LulzSec continued to push its collective luck over the weekend, breaking into US Senate computers and publishing the directory structure on its website. The move is LulzSec's most brazen yet: breaking into government computers is a serious offense.
The group is responsible for hacks on FBI-related sites and Nintendo, and has also claimed responsibility for attacks on PBS' site where it posted an article claiming late rapper Tupac Shakur was still alive, as well as at least a half-dozen attacks on Sony.
Kaspersky Internet Security 2012: Better protection using fewer PC resources
If you like your security suites to be feature-rich then Kaspersky's offerings have always been worth a look, as most editions come packed with functionality that you won't find elsewhere. Kaspersky Internet Security 2012 (KIS 2012) is a little quieter than usual, though; its release notes show no big additions this time around, just interface tweaks and various engine optimisations. So what does this mean in real life? We took a closer look.
Tweaks and Tucks
© 1998-2026 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.