If you own an Alcatel DSL modem, you will be interrested to know that virtually anybody on the planet is probably able to reconfigure your modem, steal your passwords, sniff your data, install a custom firmware into it, or just break it for fun. Lack of proper authentification, and various back-doors have been pointed out amongst various design flaws.
The problem, according to PGP Security, is caused by a flaw in the technology that many FTP servers use to handle searches for files. This flaw can allow an attacker to take full control of the vulnerable system. Once an attacker has taken control, he can do anything on the system that the system administrator can do, including reading, replacing or deleting data, and altering the contents of websites. He can also replace downloadable files with malicious files containing viruses or other malevolent programs.
The home page of a Navy Web site was hijacked Thursday, apparently
by supporters or agents of the People’s Republic of China, which holds
the United States responsible for the recent collision of a surveillance
plane with a Chinese F-8 fighter.
The site, at www.peoarbs.navy.mil, was shut down immediately, and the
Navy is reviewing the incident.
A new resource directory created for one of the world's most secure and stable operating systems - OpenBSD. Links to guides, tutorials, HOW-TOs and other information sources. Learn how to build that perfect firewall/gateway or secure internet server + many other topics. http://openbsd.sphosting.com/.
Got this from CNET:
A new technique for disguising programs aimed at cracking corporate networks could raise the stakes in the heated battle between hackers and security experts.
During a seminar last week at the CanSecWest conference in Vancouver, British Columbia, a hacker named "K2" revealed a program he created that can camouflage the tiny programs that malicious hackers generally use to crack through system security.
Read the rest of the articles here.
Saw this over at SNN
Saw this over at SNN
Hacker claims theft of 46,000 ADDR.com client records
April 2 — A computer criminal claims to have stolen personal information on 46,000 customers from Web hosting company ADDR.com. The data includes account names and passwords that could be used to alter Web site content, as well as credit card information. Several victims of the heist report finding thousands of dollars in fraudulent charges on the credit cards in recent weeks. ADDR.com has so far not commented on the alleged heist.
Saw this over at SNN
Good article on The Honeypot Project, abstract:
