What is common in all these attacks? sosasta leak sony attack rootkit.com leak gawker leak few lulz attack few anonymous attack Most of these attack exposed user databases and in most of the cases the passwords too. Are you aware if your ID was compromised in any of these attacks or not?   Checkout https://shouldichangemypassword.com/ created [...]

Sosasta (Indian subsidiary of GrounOn) got compromised in a very easy & sasta(cheap) way. A simple Google query exposed there database of  3,00,000 usernames and password. God knows when people will understand basic security of hashing the password. This si being covered in OWASP TOP 10 from many years (See https://www.owasp.org/index.php/Top_10_2010-Insecure_Cryptographic_Storage)   Discovered by: Australian security [...]

Website of Centaur Hotel at IGI airport New Delhi (http://centaurhotels.com/) used to upload customer data like scanned copy of passport, pan card, credit card etc in an unlinked “hidden” directory on the website. The Centaur Hotels is a unit of the Hotel Corporation of India, which is a wholly owned subsidiary of India’s national carrier [...]

Attack after attacks and this time its UK game developer Codemasters whose customer database has  been compromised. As posted on company’s forum: Codemasters said  hackers gained unauthorized entry to Codemasters.com on Friday, June 3. “As soon as the intrusion was detected, we immediately took codemasters.com and associated web services offline in order to prevent any [...]

Yesterday Nyleveia revealed a new vulnerability in Sony PSN password reset page. The hack involves PSN web-based password reset page, where it’s said anyone can change someone else’s password using their PSN account email and date of birth (details possibly collected by hackers in April breach). Eurogamer’s also claiming to have seen actual video footage [...]

Whenever I hated a status message or a shared link on Facebook, I said to myself – “I wish this thing had a dislike button to express my distress”.. This must have come to your mind also, specially after disliking some video on Youtube. Well this urge of disliking posts on FB is what hackers [...]

If you happen to get a new wall post from your friend saying “WTF <yourname> I can’t believe you’re in this vid” or “ROFL <yourname> i cant believe youre tagged in this video” Its a new scam spreading on Facebook. Don’t open or click on this link else it will be posted to all your [...]

Back Track Dev team has finally announced public availability of  BackTrack 5, code named “revolution”. BackTrack 5 has been built from scratch, and boasts several major improvements over all previous releases and its based on Ubuntu Lucid LTS  and uses  Linux Kernel 2.6.38 patched with all relevant wireless injection patches. You can grab your copy [...]

After a week’s shut down of PlayStation Network (PSN); Sony has publicly admitted that its 77 million users data has been compromised which includes names addresses date of birth email passwords or possibly users credit card details. If you are a PSN user check your account statement, monitor credit reports and if you still have [...]

Around a month back Infosec Resources compiled a post with nice set of tools and tactics to exploit OWASP top 10 vulnerabilities Following is a risk and tool matrix. RISK TOOL A1: Injection SQL Inject Me A2: Cross-Site Scripting (XSS) ZAP A3: Broken Authentication and Session Management HackBar A4: Insecure Direct Object References Burp A5: Cross-Site [...]