Was time for the website defacers to hit the music industry! Yesterday, visitors of the BritneySpears.de website could read “XTech Inc Onwed the Music Industry… and the rest of it ” at the top of the home page. It appears to me though, that they just did it for fun and not for any serious reason.

Apparently it was hosted in the same webserver with other official german websites of Sony BMG entertainment.

The attackers exploited a web application vulnerability – probably php inclusion – in order to get access to the Solaris 9/10 webserver.

Continue Reading »

I was surprised when I did a simple search on Google for the keywords “carders online“. The first result that my search revealed, was a site belonging to a cyber criminal group called “Carders Online”. Their web hosting account was suspended, but their website is cached on Google, so I visited it in order to find out more information about it.

It seems to me that this group was very organised. They were providing how-to articles on carding, proxies and online payment processors. They were also selling laptops, mobile phones and cameras, which were bought with stolen/phished credit cards. They were even selling the software and equipment required to copy full details of stolen/phished credit cards into blank cards, in order to be able to cash-out from an ATM the money in the bank accounts.

Continue Reading »

Since I read the news about the recent defacement of the digital attacks archive Zone-H.org, many people have commented on how “professional” the Saudi Arabian defacers were. I strongly disagree… They were very “unprofessional” kids.

Just one confused kid who praises the devil – Devil Hacker – with his fellow pal Unix Web. Both from Jeddah in Saudi Arabia.

Students with too much time on their hands. They proved that they can use a basic backdoor, change the DNS and use the exploits that come together with some security advisories.

Continue Reading »

US government websites are under the spotlight of muslim cracking groups who protest against USA – this is what they claim as an attack reason. Since the 2nd of January, 17 US governmental websites were defaced, from which 9 were defaced by means of SQL injection.

What seems obvious to me – after viewing most of those defacements on the Zone-H digital attacks archive – is that their motives are not fully justified. Most of these crackers – better say “script kiddies” – are using publicly available exploits for known vulnerabilities, and by applying logic on how to use them, they succeed in the end at gaining access on webservers.

The fact that the attacked webservers belong to the US government, doesn’t necessarily mean that there is adequate security implemented.

Continue Reading »

Radio Frequency Identification or RFID chips come in many different sizes and shapes, such as cards and tags. They are already in use all around us and one of the most notable uses of RFID is that of pet chipping. These are usually tiny chips that can be embedded in almost everything and are able to identify living beings and a huge number of objects along with their properties, by transmitting the in chip stored information about them. [2]

A large number of retailers worldwide hope that RFID will replace the less-precise barcode. This is for a number of advantages, including the automation of stock tracking for cutting costs for them and for the manufacturers. [2] Despite the advantages for the retailers and the parties involved in the supply chain, the possible near future implementation of RFID chips as stock trackers raises specific privacy issues for the consumers.

This essay discusses these privacy issues with respect to the possible introduction of RFID chips as stock trackers. I will also provide a few notable examples of successes and failures in the RFID marketplace and possible solutions for mitigating privacy issues involved in stock tracking.

Continue Reading »