Tuesday, January 31, 2012
Sunday, January 22, 2012
So who heard about 0xOmar lately?
The
guy has been literally silent for over 4 days (ever since he tried, and
thankfully failed, attacking Israeli institutes via distributed and more
dedicated attacks).
So
what about 0xOpportunism? Just showed up really. Many people are riding on
0xOmar fame (whether he's underground or simply waiting). Since Omar posted
most of the details over pastebin.com, it appears people are
"abusing" it to publish ad-sponsered links claiming "more
success" by 0xOmar.
Here's
an example: http://pastebin.com/SuaWPAwV
So
what have we got here? An adf.ly link – making sure SOMEONE is making money out
of page entrance. However, I figured, most opportunists would simply refer you
to www.google.com (after they've tricked
pastebin.com users into thinking they're actually reading genuine Omar
materials).
But
no.
That’s
what we get (attached is a text file).
Anyone
notices something odd? I can't verify whether these cards are genuine – however,
two things are possible:
1) Someone simply made an English prediction program that simply
finds Israeli names, Israeli cities and Israeli streets – and builds a custom,
fake credit card information file.
2) (more plausible) – Someone extracted Hebrew information. GOOGLE
TRANSLATED IT, and published. Omar? Friends of his? Someone else?
Why
google translate? Because it seems, some people in the file live in an Israeli
town called "PRIME EYE". Isn't this a lousy translation for
"Rosh Ha'ayin"?
What
about "Group Transit" city? Kibbuts Maabarot? Could be.
Sunday, January 15, 2012
Thursday, January 12, 2012
New exploit for recently patched Windows Web Server leak

More information can be found here:
Exploit can be found here:
Tuesday, January 10, 2012
Tuesday, January 3, 2012
Following the breach & exposure of the credit information of more than 400 thousand Israelis
Technologically, there is no nothing new in these kind of breaches.
These types of attacks, techniques and tools, are identified and are
well known. The motivations of the various hackers, assault and theft, were and
are still there. Maybe just in another form, by adding a dimension of
cyber-terrorism or vandalism.
It is important to note that the relevant organizations are investing
effort and money to enable secure payments online, Including credit card
companies, as well as many online businesses. Commercial sites that do
not properly handle the security aspects hurt themselves but also other
industrial and consumer users.''
Word of advice to the private user:
1. Certainly one can trade online securely, including credit card
use. It is important to understand that appropriate solutions to the challenges
of security do exist and many companies do implement these solutions.
2. When you purchase online, it is important to be aware of information
security issue in the specific site, and bring that into account when selecting
your shopping place.
Sunday, January 1, 2012
Major design flaw found on most web platforms, leading to DoS
Two
guys from Germany conducted a presentation two days ago at the 28c3 conference
in Berlin about efficient Denial-of-Service attacks.
The
described attack utilizes a common mechanism design flaw that can lead to an
easy to conduct DoS, the vulnerability was found in most of web technologies
including .NET, PHP, and Java, amongst others.
On
the technical side they have harnessed a feature in the POST mechanism that
translates the data to a deterministic hash table and by engineering the
provided input to result in a hash collision condition, they can achieve a very
efficient Denial-of-Service.
They
released an advisory containing the details on the attack and some numbers to
glance over.
Ruby
was fast to respond
and Microsoft responded with a partial
fix yesterday. Others are expected to be releasing their appropriate
patches over the weekend.
Subscribe to:
Posts (Atom)