Archive | February, 2010

US School Remotely Spying On Kids With Webcams

Don't let your data go over to the Dark Side!


The big news that has been blowing up in the past week or so is about a relatively unknown school district in Pennsylvania, US that has been spying on its students using Macbook webcams.

It has actually turned into a class action lawsuit and there is a lot of debate surrounding the story, the school claims they were using the software and ‘spycam’ functionality simply to recover lost laptops rather than actually spying on their students remotely.

The lawsuit deals with the issue of unauthorised access to the webcams and the actions could also possibly violate wiretapping laws. The lawsuit itself can be found here [PDF].

A suburban Philadelphia school district accused of secretly switching on laptop computer webcams inside students’ homes says it never used webcam images to monitor or discipline students and believes one of its administrators has been “unfairly portrayed and unjustly attacked.”

The Lower Merion School District, in response to a suit filed by a student, has acknowledged that webcams were remotely activated 42 times in the past 14 months, but only to find missing, lost or stolen laptops — which the district noted would include “a loaner computer that, against regulations, might be taken off campus.”

“Despite some reports to the contrary, be assured that the security-tracking software has been completely disabled,” Superintendent Christopher W. McGinley said in a statement on the district’s Web site late Friday. Officials vowed a comprehensive review that McGinley said should result in stronger privacy policies.

Harriton High School student Blake Robbins and his parents, Michael and Holly Robbins, filed a federal civil rights lawsuit Tuesday against the district, its board of directors and McGinley. They accused the school of turning on the webcam in his computer while it was inside their Penn Valley home, which they allege violated wiretap laws and his right to privacy.

It’s turning into a massive case and is generating press all over the globe, someone powerful technology was used by a perhaps over-zealous network admin named Mike Perbix.

You can also check out this very well-written and researched post on the technologies and methods used here: The Spy at Harriton High

There are people on all sides of the fence in this case, I personally think it was an interesting and effective use of technology but definitely should not have been implemented without disclosure. If you want to officially spy on people for theft prevention or asset tracking you should forewarn them.

The suit, which seeks class-action status, alleges that Harriton vice principal Lindy Matsko on Nov. 11 cited a laptop photo in telling Blake that the school thought he was engaging in improper behavior. He and his family have told reporters that an official mistook a piece of candy for a pill and thought he was selling drugs.

Neither the family nor their attorney, Mark Haltzman, returned calls this week seeking comment. A listed number for Matsko could not be found.

“We believe that the administrator at Harriton has been unfairly portrayed and unjustly attacked in connection with her attempts to be supportive of a student and his family,” the statement on the Lower Merion School District site said. “The district never did and never would use such tactics as a basis for disciplinary action.”

A district spokesman declined further comment on the statement Saturday.

Lower Merion, an affluent district in Philadelphia’s suburbs, issues Apple laptops to all 2,300 students at its two high schools. Only two employees in the technology department, not administrators, were authorized to activate the cameras, which captured still images but not sound, officials said.

“While certain rules for laptop use were spelled out … there was no explicit notification that the laptop contained the security software,” McGinley said. “This notice should have been given, and we regret that was not done.”

There is a plethora of information about this online including testimonies from current students, previous students and parents of both.

Many students suspected they were being spied on and taped up the cameras, wisely so it seems. But for the average computer using teenager if the school network admin tells them the green light next to the camera blinking now and then is a glitch they are going to believe it.

That right there is lying and makes the whole thing horribly suspicious, surely you only have the right to spy on kids if you have their parents consent..and even then it’s still a bit shady.

Either way this is a morally, legally and technically interesting case and I’m sure it’ll be heating up even more before it blows over.

Source: Yahoo! News


Posted in: Hardware Hacking, Privacy

Tags: , , , , , , , , , , , , , , , ,

Posted in: Hardware Hacking, Privacy | Add a Comment
Recent in Hardware Hacking:
- Kid Gets Arrested For Building A Clock – World Goes NUTS
- The Jeep HACK – What You Need To Know
- Rowhammer – DDR3 Exploit – What You Need To Know

Related Posts:

Most Read in Hardware Hacking:
- Elevator/Lift Hacking !!!!! - 78,646 views
- Military Communications Hacking – Script Kiddy Style - 49,757 views
- Hackers Crack London Tube Oyster Card - 44,560 views

Get 50% off your second year with our 2-year deal!


keimpx – Open Source SMB Credential Scanner

Cybertroopers storming your ship?


keimpx is an open source tool, released under a modified version of Apache License 1.1. It can be used to quickly check for the usefulness of credentials across a network over SMB. Credentials can be:

  • Combination of user / plain-text password.
  • Combination of user / NTLM hash.
  • Combination of user / NTLM logon session token.

If any valid credentials has been discovered across the network after its attack phase, the user is asked to choose which host to connect to and which valid credentials to use, then he will be prompted with an interactive SMB shell where the user can:

  • Spawn an interactive command prompt.
  • Navigate through the remote SMB shares: list, upload, download files, create, remove files, etc.
  • Deploy and undeploy his own service, for instance, a backdoor listening on a TCP port for incoming connections.
  • List users details, domains and password policy.

You can download keimpx 0.2 here:

keimpx-0.2.zip

Or read more here.


Posted in: Hacking Tools, Network Hacking

Tags: , , , , , , , , , , , , ,

Posted in: Hacking Tools, Network Hacking | Add a Comment
Recent in Hacking Tools:
- INURLBR – Advanced Search Engine Tool
- DNSRecon – DNS Enumeration Script
- Phishing Frenzy – E-mail Phishing Framework

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,968,542 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,384,244 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 673,698 views

Get 50% off your second year with our 2-year deal!


US Investigators Pinpoint Author Of Google Attack Code

Cybertroopers storming your ship?


The big news over the past few months were the Aurora attacks and how they seemed to originate from China, last month Microsoft took the unusual step and released an Out-Of-Band patch for the IE6 0-Day vulnerability used in the attacks.

Within the last few days the origin of the code was traced to 2 Chinese schools which both claimed they had no knowledge of the exploit.

It was always thought the exploit originated from China due to parts of the code only being discovered on Chinese language sites, the latest news is that the actual origin of the code has been discovered by US investigators.

US investigators have pinpointed the author of a key piece of code used in the alleged cyber attacks on Google and at least 33 other companies last year, according to a new report.

Citing a researcher working for the US government, The Financial Times reports that a Chinese freelance security consultant in his 30s wrote the code that exploited a hole in Microsoft’s Internet Explorer browser. The report also says that Chinese authorities had “special access” to this consultant’s work and that he posted at least a portion of the code to a hacking forum.

The story follows another report from The New York Times that traced the attacks to a pair of Chinese schools – Shanghai Jiaotong University and Lanxiang Vocational School – claiming that the latter had ties to the Chinese military. A day later, representatives of both schools denied involvement to the Chinese state news agency, and the Lanxiang representative denied ties to the military.

It all sounds like a conspiracy from the TV show 24 with schools tied to the Chinese military and ‘special’ access to underground forums.

It’ll be interesting to watch which direction it heads after this and if it’s going to increase the tension between the US and China governments. The whole cyberwar has been going on for quite a while now with both sides trying to covertly steal information from each other.

So far the author of the code has not been named and his real identity or purpose is also a little vague.

According to The Financial Times report, the unnamed security consultant who wrote the exploit code is not a full-time government worker and did not launch the attacks himself. In fact, the FT says, he “would prefer not to be used in such offensive efforts.”

The reports says that when he posted the code to the hacking forum, he described it as something he was “working on.”

With a January blog post, Google announced that attacks originating from China had pilfered unspecified intellectual property from the company, and Microsoft later said the attack had exploited a hole in its Internet Explorer 6 browser. According to security researchers, at least 33 other companies were targeted by similar attacks.

If I understand correctly what is being implied above, the author of the code posted a PoC (proof of concept) type exploit to a hacking forum.

Someone took this PoC, turned it into a working exploit and attacked 33 US based companies. If the conspiracists are right this ‘someone’ would be the Chinese government and they used to the exploit to steal commercially valuable data from some big US players.

Any thoughts?

Source: The Register


Posted in: Exploits/Vulnerabilities, General Hacking

Tags: , , , , , , , , , ,

Posted in: Exploits/Vulnerabilities, General Hacking | Add a Comment
Recent in Exploits/Vulnerabilities:
- Apple Will Not Patch Windows QuickTime Vulnerabilities
- BADLOCK – Are ‘Branded’ Exploits Going Too Far?
- DROWN Attack on TLS – Everything You Need To Know

Related Posts:

Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 234,023 views
- AJAX: Is your application secure enough? - 119,978 views
- eEye Launches 0-Day Exploit Tracker - 85,449 views

Get 50% off your second year with our 2-year deal!


Recent in Hacking Tools:
- INURLBR – Advanced Search Engine Tool
- DNSRecon – DNS Enumeration Script
- Phishing Frenzy – E-mail Phishing Framework

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,968,542 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,384,244 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 673,698 views

Get 50% off your second year with our 2-year deal!


Google Buzz Patches XSS Flaw In Mobile Version

Don't let your data go over to the Dark Side!


You may or may not have noticed, but I was on hiatus for a few days. As you’re probably aware (and I’m sure many of you celebrate) it was Chinese New Year on February 14th so I was offline for a few days taking a well deserved break.

I’d like to wish all of you that celebrate it a Happy Chinese New Year.

Anyway the big news during this period, especially in the whole social networking scene has been Google Buzz. Is the next challenger to Twitter or Friendfeed or even Facebook? Personally I think not, but it sure has got people talking.

Google has fixed a cross-site scripting bug that allowed attackers to take control of Google Buzz accounts. The bug affects the mobile version of Buzz and was reported Feb. 16 by SecTheory CEO Robert Hansen. Google patched the vulnerability the same day. According to Hansen, news of the flaw was passed along to him by a hacker with the moniker of TrainReq.

“There [are] four things of note here,” Hansen blogged. “Firstly, it’s on Google’s domain, not some other domain like Google Gadgets or something. So, yes, it’s bad for phishing and for cookies. Secondly, it’s over SSL/TLS [Secure Sockets Layer/Transport Layer Security] (so no one should be able to see what’s going on, right?). Third, it could be used to hijack Google Buzz—as if anyone is using that product (or at least you shouldn’t be). And lastly, isn’t it ironic that Google is asking to know where I am on the very same page that’s being compromised?”

The news from the last few days included a cross site scripting flaw in the mobile version of Google Buzz.

It was fixed promptly because the guy that discovered it was kind enough to tell Google about it.

As always though if something was discovered so quickly and reported so quickly how many more flaws are there being used by the bad guys out there.

Hansen was referring to the location feature in Buzz that shows where Buzz users are when they post. This feature can be turned off by the user.

“We have no indication that the vulnerability was actively abused,” a Google spokesperson said. “We understand the importance of our users’ security, and we are committed to further improving the security of Google Buzz.”

In the week since Buzz was launched Feb. 9, Google has faced criticism over privacy issues associated with the service. On Feb. 16, the Electronic Privacy Information Center filed a complaint with the Federal Trade Commission that charged Google with failing to protect users’ privacy. In an interview with eWEEK, Google Vice President of Product Management Bradley Horowitz said the company did not expect the negative response that Google Buzz received on the privacy issue.

There was also a big outcry about privacy when Buzz was launched due the fact it automatically populates your following list with people you often converse with.

Imagine if you’d been hunting for a new job and talking to someone from a competitor and your boss saw it? Or a husband chatting with another woman and his wife saw who he was ‘following’? There are a lot of permutations, all of which are not good so use your imagination.

eWeek also did another article about the privacy concerns here – Buzz Privacy Backlash.

Source: eWeek


Posted in: Exploits/Vulnerabilities, Privacy, Web Hacking

Tags: , , , , , , , , , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Privacy, Web Hacking | Add a Comment
Recent in Exploits/Vulnerabilities:
- Apple Will Not Patch Windows QuickTime Vulnerabilities
- BADLOCK – Are ‘Branded’ Exploits Going Too Far?
- DROWN Attack on TLS – Everything You Need To Know

Related Posts:

Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 234,023 views
- AJAX: Is your application secure enough? - 119,978 views
- eEye Launches 0-Day Exploit Tracker - 85,449 views

Get 50% off your second year with our 2-year deal!


Darknet – A Finalist For The 2010 Social Security Bloggers Awards

Cybertroopers storming your ship?


2010 Social Security Bloggers Awards

Well this is a first for me and this blog, Darknet has been nominated for a blogging award and selected as a finalist! There’s some heavy-weights in our category too like SANS ISC and Evil Bytes from Dark Reading.

If you don’t know about SBN (Security Bloggers Network) it’s a VERY good collection of RSS feeds in the security arena, blogs rather than news sites hence the name.

It started out way back as a Feedburner group consolidating all the security related blog feeds on the Feedburner network into one feed. You can find the current RSS feed here:

Security Bloggers Network

With our contributions here:

Darknet – Security Bloggers Network

If you’re interested do check out the members (you’ve probably already subscribed to quite a few) and some of the stronger ones are amongst the nominations below.

Obviously being in the same category as SANS ISC I won’t be wasting any time writing an acceptance speech. It is an honor to be in the same list as blogs like Bruce Schneier’s and Tao Security even if it’s in a different category.

You can find a complete listing of the finalists here:

Best Technical Security Blog

SANS Internet Storm Center
Evil Bytes by John Sawyer
Praetorian Prefect
Darknet.org
Frequency X ISS blog

Best Non-Technical Security Blog

Security Uncorked
Schneier on Security
Krebs on Security
ThreatPost
TaoSecurity

Best Security Podcast

PaulDotCom
SANS ISC Stormcast
An Information Security Place
CSO Security Insights
Security Catalyst

Best Corporate Security Blog

Jeremiah Grossman (White Hat Security)
Sophos Graham Cluley Blog
Microsoft Security Response Center
Fortiguard Blog
Cisco Security Blog

Most Entertaining Security Blog

Rational Survivability by Chris Hoff
Security Incite by Mike Rothman
Uncommon Sense Security by Jack Daniel
SecBarbie by Erin Jacobs
Emergent Chaos by Adam Shostack and ensemble

Good luck to everyone and may the best blog win.

If you’re also a member of the SBN you can place your vote here:

2010 Social Security Bloggers Awards Voting

You can find the original post on the RSA Conference blog by Alan Shimel here:

Let the voting begin . . .


Posted in: Site News

Tags: , , , , , , , , , , , , , , , ,

Posted in: Site News | Add a Comment
Recent in Site News:
- A Look Back At 2015 – Tools & News Highlights
- A Look Back At 2014 – Tools & News Highlights
- Yes – We Now Have A Facebook Page – So Please Like It!

Related Posts:

Most Read in Site News:
- Welcome to Darknet – The REBIRTH - 36,563 views
- Get the ball rollin’ - 18,990 views
- Slashdot Effect vs Digg Effect Traffic Report - 12,247 views

Get 50% off your second year with our 2-year deal!


GreenSQL – Open Source Database Firewall Software

Don't let your data go over to the Dark Side!


GreenSQL is an Open Source database firewall used to protect databases from SQL injection attacks. GreenSQL works as a proxy for SQL commands and has built in support for MySQL & PostgreSQL . The logic is based on evaluation of SQL commands using a risk scoring matrix as well as blocking known db administrative commands (DROP, CREATE, etc). GreenSQL is distributed under the GPL license.

GreenSQL Architecture

GreenSQL works as a reverse proxy for MySQL connections. This means, that instead of connecting TO THE MySQL server, your applications will connect to THE GreenSQL server. GreenSQL will analyze SQL queries and then, if they’re safe, will forward them to the back-end MySQL server.

New Changes

In this version, GreenSQL provides native support for PostgreSQL (http://www.postgresql.org) databases for the very first time. In fact, GreenSQL is the only database firewall (Open or Closed Source) available for the protection of the many PostgreSQL databases currently in use.

GreenSQL 1.2 merges the GreenSQL-Console package into the GreenSQL-FW. The GreenSQL-Console will no longer be released as a separated package. During the installation process, you will be able to choose whether or not to install the console.

You can download GreenSQL v1.2 here:

greensql-fw-1.2.2.tar.gz

Or read more here.


Posted in: Countermeasures, Database Hacking, Security Software

Tags: , , , , , , , , , , , , , ,

Posted in: Countermeasures, Database Hacking, Security Software | Add a Comment
Recent in Countermeasures:
- PEiD – Detect PE Packers, Cryptors & Compilers
- NAXSI – Open-Source WAF For Nginx
- Defence In Depth For Web Applications

Related Posts:

Most Read in Countermeasures:
- AJAX: Is your application secure enough? - 119,978 views
- Password Hasher Firefox Extension - 117,683 views
- NDR or Backscatter Spam – How Non Delivery Reports Become a Nuisance - 57,695 views

Get 50% off your second year with our 2-year deal!


Chinese Police Shut Down ‘Black Hawk Safety Net’ Hacking School

Don't let your data go over to the Dark Side!


There’s been a LOT of news lately about attacks from China, Chinese hackers and sites from China propagating malware.

The latest news is that China police have managed to shut down a hacker training operating that was schooling the next generation of Chinese script kiddies.

It seems like China is grooming a huge cyberarmy both in the private section (mostly underground) and in the government sector for cyber-terrorism.

Police in central China have shut down a hacker training operation that openly recruited thousands of members online and provided them with cyberattack lessons and malicious software, state media said Monday. The crackdown comes amid growing concern that China is a center for Internet crime and industrial espionage. Search giant Google said last month its e-mail accounts were hacked from China in an assault that also hit at least 20 other companies.

Police in Hubei province arrested three people suspected of running the hacker site known as the Black Hawk Safety Net that disseminated Web site hacking techniques and Trojan software, the China Daily newspaper said. Trojans, which can allow outside access to a computer when implanted, are used by hackers to illegally control computers. The report did not say exactly when the arrests took place.

Black Hawk Safety Net recruited more than 12,000 paying subscribers and collected more than 7 million yuan ($1 million) in membership fees, while another 170,000 people had signed up for free membership, the paper said.

With over 12,000 paying members they must have been raking in quite a tidy sum in membership fees. Estimated at $1million USD if you take into consideration the economy that’s a lot of money if there’s only 3 guys running the site.

It seems like the group has been around for quite a while, it’s rare to see a fairly underground hacking scene become so commercial.

I’m surprised it took 3 years to get shut-down, but then China has had it’s fair share of more serious problems to deal with.

The case can be traced to a hacking attack in 2007 on an Internet cafe in Macheng city in Hubei that caused Web services for dozens to be disrupted for more than 60 hours, the paper said. A few of the suspects caught in April said they were members of the Black Hawk Safety Net.

Black Hawk’s Web site 3800hk.com could not be accessed, but a notice purportedly from Black Hawk circulating on online forums said that a backup site had been set up. The notice also sought to reassure members of its continued operations and said its reputation was being smeared by some Internet users.

“At this time, there are Internet users with evil intentions who have deliberately destroyed Black Hawk’s reputation, deceived our members and stole material,” the notice addressed to members said. “We must join forces and attack these Web sites.”

A customer service officer contacted by phone, who refused to give his name, said the backup site provides content for its paying members to download course material to allow them to continue their computer lessons — though not in hacking. The Hubei government refused to comment Monday while officials at the provincial public security bureau did not respond to repeated requests for comment.

The site involved seems to be down still but rumors on related forums are that a backup site is already up, I’m sure it’s being kept private though and I suspect only the paying members will be notified of the new URL.

After this bust they’d be foolish not to be a little more cautious.

It’ll be interesting to see if any more news pops up about this Black Hawk Safety Net organization and if so what they are up to.

At least this time we can be pretty sure it’s not a CIA sting operation.

Source: Yahoo! News


Posted in: General News

Tags: , , , , , , , , ,

Posted in: General News | Add a Comment
Recent in General News:
- Teen Accused Of Hacking School To Change Grades
- Google’s Chrome Apps – Are They Worth The Risk?
- Twitter Breach Leaks 250,000 User E-mails & Passwords

Related Posts:

Most Read in General News:
- Hacking Still Can’t Outdo Stupidity for Data Leaks - 125,364 views
- eEye Launches 0-Day Exploit Tracker - 85,449 views
- Seattle Computer Security Expert Turns Tables On The Police - 43,604 views

Get 50% off your second year with our 2-year deal!


SecuBat – Modular Web Vulnerability Scanner

Cybertroopers storming your ship?


As the popularity of the web increases and web applications become tools of everyday use, the role of web security has been gaining importance as well. The last years have shown a significant increase in the number of web-based attacks. For example, there has been extensive press coverage of recent security incidences involving the loss of sensitive credit card information belonging to millions of customers.

Typical web application security vulnerabilities result from generic input validation problems. Examples of such vulnerabilities are SQL injection and Cross-Site Scripting (XSS). Although the majority of web vulnerabilities are easy to understand and to avoid, many web developers are, unfortunately, not security-aware. As a result, there exist many web sites on the web that are vulnerable.

SecuBat is a generic and modular web vulnerability scanner that, similar to a port scanner, automatically analyzes web sites with the aim of finding exploitable SQL injection and XSS vulnerabilities.

Software Requirements

  • Windows 2000, XP, 2003 or higher
  • .NET Framework 2.0 or higher
  • MS SQL Server 2000, 2005, Express, MSDE or higher

Known Issues

  • If you schedule a crawling run, you have to restart SecuBat for manually selecting this crawling run for
    an attacking run afterwards if you not choose to do a combined run.
  • The XSS variants report a not existing vulnerability if the response page contains the injected string within the title tag.
  • The “Attack Report” window shows only attacks with an analysis value greater than 0 (indicating a vulnerability).

You can also find out more from the SecuBat paper published here:

secubat.pdf [PDF]

You can download SecuBat v0.5 here:

SecuBat v0.5.zip

Or read more here.


Posted in: Exploits/Vulnerabilities, Hacking Tools, Web Hacking

Tags: , , , , , , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Hacking Tools, Web Hacking | Add a Comment
Recent in Exploits/Vulnerabilities:
- Apple Will Not Patch Windows QuickTime Vulnerabilities
- BADLOCK – Are ‘Branded’ Exploits Going Too Far?
- DROWN Attack on TLS – Everything You Need To Know

Related Posts:

Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 234,023 views
- AJAX: Is your application secure enough? - 119,978 views
- eEye Launches 0-Day Exploit Tracker - 85,449 views

Get 50% off your second year with our 2-year deal!


Twitter Major Password Reset After Phishing Attack

Don't let your data go over to the Dark Side!


Twitter has come under attack fairly frequently in recent months, which is not surprising considering the explosive growth of the platform and the sheer number of users it has.

If you are a Twitter use you may have noticed many people had their password reset automatically yesterday, Twitter today announced the reason for this on their status site here:

Reason #4132 for Changing Your Password

It’s a fairly intricate scam where someone has spent a lot of time effort and exhibited patience in harvesting all of these accounts.

Officials at Twitter linked the resetting of passwords to a malicious Torrent sites and other schemes. According to Twitter, the company began its investigation after noticing a surge in followers for certain accounts during the past five days. Twitter revealed more details about the phishing attacks that caused the company to reset the passwords on some user accounts today.

According to Twitter Director of Trust and Safety Del Harvey, there was a sudden surge in followers for certain accounts during the last five days. For that reason, the company decided to push out a password reset to the accounts, he said. After launching an investigation, Twitter officials linked part of the problem to malicious torrent sites.

“It appears that for a number of years, a person has been creating torrent sites that require a login and password as well as creating forums set up for torrent site usage and then selling these purportedly well-crafted sites and forums to other people innocently looking to start a download site of their very own,” Harvey blogged. “However, these sites came with a little extra — security exploits and backdoors throughout the system. This person then waited for the forums and sites to get popular and then used those exploits to get access to the username, email address, and password of every person who had signed up.”

The main crux of the story is, if you’ve signed up for any 3rd party private torrent trackers or forums, you’d better go and change your e-mail address and password there. Especially if you were stupid enough to use the same password you use for other sites (such as Twitter).

The trend seems to be continuing with people using the same username, e-mail and password (or at least a variation of the same password) across multiple sites.

I’m pretty sure however, everyone reading this site doesn’t do that as we are fully aware of the danger involved.

“Additional exploits to gain admin root on forums that weren’t created by this person also appear to have been utilized; in some instances, the exploit involved redirecting attempts to access the forums to another site that would request log-in information,” he continued. “This information was then used to attempt to gain access to third party sites like Twitter.”

Harvey stated that Twitter has not identified all of the torrent forums involved, but urged anyone who has signed up for one built by a third party to change their password there.

“The takeaway from this is that people are continuing to use the same email address and password (or a variant) on multiple sites,” he blogged. “Through our discussions with affected users, we’ve discovered a high correlation between folks who have used third party forums and download sites and folks who were on our list of possibly affected accounts.”

Not all of the accounts affected were linked to Torrent sites, Harvey added. Earlier today, a Twitter spokesperson told eWEEK that some users had signed up for “get followers fast schemes.”

I see a LOT of people on Twitter falling for these “Get followers fast” or “Get 1000 followers NOW” schemes which require them to give their login credentials to 3rd party sites.

Of course after that the sites use their account to send spam DMs or tweets and often end up in the user account getting locked for spamming.

This of course follows the Twitter DM Phishing Scam and the time the SSL Renegotiation Bug was used on Twitter.

Darknet is on Twitter, if you wish to follow us you can do so here: http://www.twitter.com/THEdarknet

Source: eWeek


Posted in: Phishing, Privacy, Web Hacking

Tags: , , , , , , , , , , , ,

Posted in: Phishing, Privacy, Web Hacking | Add a Comment
Recent in Phishing:
- Gophish – Open-Source Phishing Framework
- sptoolkit Rebirth – Simple Phishing Toolkit
- ICANN Hacked Including Root DNS Systems

Related Posts:

Most Read in Phishing:
- Twitter DM Phishing Scam - 28,940 views
- yahoo password grabber - 19,116 views
- Digital Underground Offering Cheap Botnets For Hire - 15,398 views

Get 50% off your second year with our 2-year deal!