Hacking Archive

Comodo SQL-Injected Again and Again

by Joe C
Summary:

A SQL injection exposed a lot of personal log in information and customer data for a reseller company called Comodo. The breach in security allowed the attackers to access employee log-in credentials. This Brazil-based partner reseller is the forth Comodo partner to be attacked this year. The resulting information gained by the hackers were posted to Pastebin, a text sharing site. To complete an SQL injection attack, SQL statements are inserted into entry fields such as comment or log in fields on a form. When the website tries to process this text, certain code can end the original intent of the entry and execute different functions, in this case, trying to return log in credentials to the attacker. The president (also CEO) of Comodo claimed that the systems were never compromised and hackers had no access to their databases. What they did get from the customer information were names, addresses, emails, and phone numbers. Some private files were also leaked which included user IDs and passwords. A Comodo reseller in Italy was also attacked back in March. Many organizations are currently trying to figure out solutions to certification. read more...

Video Games and Hacking??

by Taylor G
Summary:

So the article I read about talks about bridging the gap between video games and computer security.  They talk about how they can use video games to benefit the educational aspect of teaching.  For example in a security class a professor can’t upload a virus to the network and expect the students to be able to stop it without already compromising the security of the entire school and/or implying illegal actions.  Video games let the user react to a series of events and recognize the results within a certain time frame.  For example they created this game where the user, a fish, searches for food, but they must face sharks.  When the user slides over a worm it shows a website, and the user must determine if the website is safe or it is a phishing website.  This informs the user how to determine whether a website is valid or not.  There are also more advanced games for those who have a better knowledge of security and hacking.  One game has missions like being able to hack a bank, hank into a jail, crash the stock market, and you have to get out before you get caught.  The game has a plot that makes you feel like you have to get out because you have the world’s deadliest virus. read more...

Have you been PWNed!?

by Stephen O
If you were affected by Lulzsec’s attack on Sony or any of the other numerous targets you may have had your information compromised. This summer there seemed to be no shortage of news of hackers and their victims, and no one seemed safe not even the government or their affiliates were safe from hacking or denial of service attacks. While people suffered and business were thoroughly embarrassed there was opportunity to be had. Recently several sites like pwnedlist.com have sprung up and have offered people a chance to check their usernames and emails against databases of known lists that Lulzsec released of compromised accounts. “Among security experts, 2011 has already been anointed “Year of the Data Breach.” Millions of people have had their email addresses, user names, passwords and more clipped by crackers breaking into the data stores of companies like Sony, Epsilon, Google, Citigroup and Sega. What’s more many more less publicized breaches occur daily. So Pwnedlist couldn’t be coming online at a better time.” (Mello jr, 2011) read more...