From the category archives:

Web

» News

Should I change my password

What is common in all these attacks? sosasta leak sony attack rootkit.com leak gawker leak few lulz attack few anonymous attack Most of these attack exposed user databases and in most of the cases the passwords too. Are you aware if your ID was compromised in any of these attacks or not? Checkout https://shouldichangemypassword.com/ created [...]

Read Ahead →

» News

Sosasta attacked in a “sasta” way

Sosasta (Indian subsidiary of GrounOn) got compromised in a very easy & sasta(cheap) way. A simple Google query exposed there database of 3,00,000 usernames and password. God knows when people will understand basic security of hashing the password. This si being covered in OWASP TOP 10 from many years (See https://www.owasp.org/index.php/Top_10_2010-Insecure_Cryptographic_Storage) Discovered by: Australian security [...]

Read Ahead →

» News

Insecure website of Air India leaks credit card & passports

Website of Centaur Hotel at IGI airport New Delhi (http://centaurhotels.com/) used to upload customer data like scanned copy of passport, pan card, credit card etc in an unlinked “hidden” directory on the website. The Centaur Hotels is a unit of the Hotel Corporation of India, which is a wholly owned subsidiary of India’s national carrier [...]

Read Ahead →

» News

After PSN, hackers attack codemasters

Attack after attacks and this time its UK game developer Codemasters whose customer database has been compromised. As posted on company’s forum: Codemasters said hackers gained unauthorized entry to Codemasters.com on Friday, June 3. “As soon as the intrusion was detected, we immediately took codemasters.com and associated web services offline in order to prevent any [...]

Read Ahead →

» News

Sony PSN hit by new exploit

Yesterday Nyleveia revealed a new vulnerability in Sony PSN password reset page. The hack involves PSN web-based password reset page, where it’s said anyone can change someone else’s password using their PSN account email and date of birth (details possibly collected by hackers in April breach). Eurogamer’s also claiming to have seen actual video footage [...]

Read Ahead →

» News

‘Enable Dislike Button’ scam on Facebook

Whenever I hated a status message or a shared link on Facebook, I said to myself – “I wish this thing had a dislike button to express my distress”.. This must have come to your mind also, specially after disliking some video on Youtube. Well this urge of disliking posts on FB is what hackers [...]

Read Ahead →

» News

Facebook Scam:WTF I can’t believe you’re in this vid

If you happen to get a new wall post from your friend saying “WTF <yourname> I can’t believe you’re in this vid” or “ROFL <yourname> i cant believe youre tagged in this video” Its a new scam spreading on Facebook. Don’t open or click on this link else it will be posted to all your [...]

Read Ahead →

» News

BackTrack 5 Released

Back Track Dev team has finally announced public availability of BackTrack 5, code named “revolution”. BackTrack 5 has been built from scratch, and boasts several major improvements over all previous releases and its based on Ubuntu Lucid LTS and uses Linux Kernel 2.6.38 patched with all relevant wireless injection patches. You can grab your copy [...]

Read Ahead →

» News

Sony PlayStation Network Breached

After a week’s shut down of PlayStation Network (PSN); Sony has publicly admitted that its 77 million users data has been compromised which includes names addresses date of birth email passwords or possibly users credit card details. If you are a PSN user check your account statement, monitor credit reports and if you still have [...]

Read Ahead →

» News

OWASP Top10 Tools and Tactics

Around a month back Infosec Resources compiled a post with nice set of tools and tactics to exploit OWASP top 10 vulnerabilities Following is a risk and tool matrix. RISK TOOL A1: Injection SQL Inject Me A2: Cross-Site Scripting (XSS) ZAP A3: Broken Authentication and Session Management HackBar A4: Insecure Direct Object References Burp A5: Cross-Site [...]