Security Hacks

1513 Articles

Simple, Low-tech Attack On Credit Unions

August 27, 2009 by 17 Comments

credit

The National Credit Union Administration is warning all Credit Unions about malicious hackers and a low tech attack by mailing branches CDs with malware on them.

Using a somewhat dated but still effective Social Engineering attack, a package designed to look as though it was mailed by the NCUA is sent to the branch. The package contains CDs with the attacker’s malware on it, and an accompanying letter (PDF) which informs the branches, ironically, about phishing scams. The letter directs the personnel to review the “training material” on the enclosed CD. Once branch employees proceed as directed, the malware is executed and gives the attackers access to the branch computer systems. Credit Unions seem to be targeted because they tend to be smaller local associations rather then larger banks with higher budgets for computer security.

When people think computer security, they usually envision high tech systems comprising of long passwords, expensive hardware, and updating software with the latest security patches. However, as famed social engineer and hacker Kevin Mitnick once said, “There is no patch for stupidity”.

[via threat post]

Twitter As A Botnet Command Center

August 26, 2009 by 7 Comments

twitter_botnet

The folks over at Arbor Networks were browsing Twitter and discovered something very strange: a Twitter account seemingly posting gibberish. At least, that’s how it appeared at first. Upon closer investigation, they discovered that the profile was posting base64 encoded links to PKZIP archives. When they extracted the contents and unpacked the contained DLL and EXE files, they discovered that the account was posing links to malware that would post user information back to certain URLs. The article was also updated to show that the scheme wasn’t limited to Twitter, but also affected users on Jaiku and Tumblr. It’s a bit scary to see that all malware isn’t as blatantly obvious as we usually would think it to be.

Passwords On Floppy Disk

August 25, 2009 by 24 Comments

floppy_password

[Wehrdo] has posted a guide with an extremely low-tech solution to password management. He literally put the passwords on a floppy disk in the form of paper glued to the magnetic film. For those that still have some floppy disks around, this is a zero cost hack. We wouldn’t recommend this for state secrets, but for those prolific forum registrations it’s a great idea.

A Linux Server That Tweets Power Changes

August 22, 2009 by 21 Comments

apcupsd_twitter

Twitter has been used for lots of experiments, both useful and just for fun. [FIRESTORM_v1] sent in his project that falls under the useful category. When he wanted a way to monitor his server’s power statistics, Twitter was a logical choice. Similar to the Tweet-a-Watt, he wrote a script that posts messages from APCUPSd to a Twitter account that he follows, and gets the updates on his phone. [FIRESTORM_v1] documents all of the scripts he used and the steps to get your server up and tweeting.

Tunneling IP Traffic Over ICMP

August 21, 2009 by 21 Comments

icmptx

We all hate it when we find an unencrypted WiFi network at our favorite coffee shop, restaurant, airport, or other venue, only to discover that there are traffic restrictions. Most limited networks allow HTTP and HTTPS traffic only, or so is the common misconception. In the majority of cases, ICMP traffic is also allowed, permitting the users to ping websites and IP addresses. You may be asking, “Ok, so why does that matter?” Well, all of your IP traffic can be piped through an ICMP tunnel, disguising all your surfing as simple ping packets. [Thomer] has a detailed guide on how to create and utilize such a tunnel using ICMPTX. So the next time you are at the local cafe and want to fire up VLC to watch TV shows from your home PC, give this guide a quick read.

Quick And Dirty Magnetic Card Reader

August 19, 2009 by 13 Comments

card

[nevdull] found himself in possession of a magnetic card reader. What else was he to do but show us all how to read from it using an AVR? He goes through the basics of how the card reader works, as well as how to detect the different card states such as entering, reading, leaving. There is source code to download to try for yourself, but unless you have the same reader, you’ll have to do some modifications. While this doesn’t get you all the way to reading the complete content off of the card, its a great start. Maybe you guys can help him finish up the last bits.

Streamfile Encrypted File Drop

August 17, 2009 by 16 Comments

streamfile

There are myriad file transfer services on the web. Streamfile tries to set itself apart by providing a unique secure service. Their file upload system is all JavaScript and doesn’t rely on Flash. It uses SSL to secure the file transport. As soon as you start uploading the file, you can hand the link off to your recipient and they can start downloading without waiting for the upload to complete. The free limit is 150MB, but their PRO service allows 2GB files.

[via Download Squad]