Malicious hackers have managed to infect about 57,000 web pages with a potent exploit cocktail that targets a variety of vulnerable applications to surreptitiously install malware on visitor machines.
The exploits install an assortment of nasty software, including Gologger, a keystroke logging trojan, and a backdoor that attempts to connect to a website hosted in China, according to Mary Landesman, a researcher at ScanSafe, a company that protects end users from malicious websites.
The attackers were able to plant a malicious iframe in the pages by exploiting SQL injection vulnerabilities. Once in place, the script silently pulls down javascript from…
Tech Support
Mass Infection Turns More Than 57000 Websites Into Exploit Launch Pads
Hack
Home injection molding
[Kenneth Maxon] is a wizard who only does things one way, beautifully. While out of the average hacker’s production capabilities, his injection molding machine is amazing to behold. The machine has all features a commercial model would. It heats and cools the mold, produces over a ton of pressure to inject plastic with, and ejects parts automatically to name a few.
Tech Support
Vulnerable DD-WRT Firmware Exposes Wireless Routers
A hacker has discovered a critical vulnerability in open-source firmware available for wireless routers made by Linksys and other manufacturers that allows attackers to remotely penetrate the device and take full control of it.
The remote root vulnerability affects the most recent version of DD-WRT, a piece of firmware many router users install to give their device capabilities not available by default. The bug allows unauthenticated users to remotely gain root access simply by luring someone on the local network to a malicious website.
The bug resides in DD-WRT’s hyper text transfer protocol daemon, which runs as root. Because the…
Tech Support
ImageShack Hacked By Anti-Sec Group
A hacking group has broken into one of the biggest image hosting websites on the net before uploading its manifesto.
“Anti-Sec” broke into ImageShack to post a protest over sites that publish full disclosure material on security vulnerabilities, though how the attack furthers this agenda is unclear. The group, which also attacked the websites of astalavista.com last month, pledged to cause further “mayhem and destruction” against supporters of full disclosure, which it argues benefits security firms and cybercrooks at the expense of the wider community.
Ironically, exploit code associated with Anti-Sec’s latest attack was posted on a full disclosure…
Hack
Crack WEP using BackTrack
Lifehacker wrote a guide for cracking a WiFi network’s WEP password using BackTrack. BackTrack is a Linux live CD used for security testing and comes with the tools needed to break WEP. Not just any wireless card will work for this; you need one that supports packet injection. The crack works by collecting legitimate packets then replaying them several times in order to generate data. They point out that this method can be hit-or-miss, especially if there are few other users on the network, as the crack requires authenticated packets. We covered cracking WEP before, but using BackTrack should…
Magic
My name is Sanyu…but!
I type my name in the google search engine and search, what a true astonishment:my name is in wikipedia-OMGhttp://en.wikipedia.org/wiki/San_Yusaying: General San Yu ; 3 March 1918 – 30 January 1996), also known as Bo Gyoke Kyi San Yu or U San Yu was the former Commander in Chief of the Tatmadaw and President of Socialist Republic of the Union of Burma, now known as simply as Union of Myanmar, from 9 November 1981 to 27 July 1988. He was born on 3 March 1918 to a Sino-Burmese family,[1] San Yu studied medicine in Rangoon when World War II broke out…
Computer
Hacking through sql injection
SQL Injection basically means to execute a query in the database which is connected to the website to get personal information out of it, which is not visible to a normal user. Database is most likely to be a part of the websites, which saves all the information like user names, passwords, posts, replies in it. So there is a possibility that you might put some commands or queries or requests whatever you want to call it into the database to get some hidden information out of it. It is noticed that in the past SQL Injection have been used…
