Archive for the ‘Computer Hacking Forensic Investigator’ Category


Hackers Steal Data From Simon Cowell’s X-Factor

May. 6 2011 – 7:02 am
Simon Cowell at the National Television Awards...Image via Wikipedia

UPDATE: A spokesperson for Fox says the network is COPPA compliant and blocked people under 13 years of age from registering for X Factor audition information on Fox.com. “This is a matter that we take very seriously,” the spokesperson says.

——-

Cyber criminals have been on stealing spree of late. Not long after the the theft of more than 100 million user account details from Sony, Fox has confirmed that hackers also breached fox.com and obtained a file of details on 73,000 people who requested information about the X-Factor auditions.

The Fox TV show. which is an Americanized version of a British talent program. begins filming today. The winner of the show gets a $5 million recording contract with Cowell’s Syco music label and Sony Music.

A spokesperson for Fox tells me that media reports about the hacking incident incorrectly stated that data for 250,000 people had been compromised and that the correct number was “about 73,000.” They added that the data, which was stolen last week, did not include financial information, social security numbers or user names and passwords.

“We took immediate action to stop the illegal intrusion and began working with federal authorities,” said Gaude Paez of Fox. “We’ve [sent] emails to impacted registrants to notify them of the unauthorised access and providing [sic] them information to help them guard against spam and phishing.”

Carole Therelaut of Naked Security points out that the data breach comes after the X-Factor changed its rules in the U.S. to allow children as young as 12 to enter its competition, unnervingly putting personal data on pre-teens in the hands of faceless hackers.

Cowell’s troubles come amid a wave of cyber security issues making the news this week. In entertainment, the French DJ David Guetta has reportedly employed an ex-Pentagon investigator to look into the theft by hackers of his new single. According to BBC Newsbeat, Guetta says parts of the song “Where Them Girls At” featuring Nicki Minaj were stolen by a hacker who added their own production and posted it online, claiming it was Guetta’s.

Yesterday it emerged that Last Pass, a service that syncs with browsers to let you control a variety of passwords with one master password, had asked its users to change their master passwords after discovering a potential breach to its database. In its latest blog post Last Pass said the issue affects roughly 0.5% of users.  Read PC World’s interview with the CEO of Last Pass here.

Sony is meanwhile offering American customers affected by a massive security breach, $1 million-insurance policies and a year of identity theft protection, according to Bloomberg. It comes after 101.6 million user accounts on Sony’s PlayStation Network and the Sony Online Entertainment network for gamers were compromised by hackers.

Advertisements

Stats › February 2010

click map for a larger version

Published: March 1, 2010

The statistics on this page are for February 1, 2010 through February 28, 2010.

Total Submissions: 17,855

The total number of suspected phishes submitted by the PhishTank community.

Valid Phishes: 9,946

The total number of submissions verified as valid by the PhishTank community.

Invalid Phishes: 526

The total number of submissions verified as invalid by the PhishTank community.

Note: Many phishing emails were offline at the time of submission to PhishTank. Offline phishes cannot be voted on, and therefore cannot be verified.

Total Votes: 69,430

The total number of “is a phish,” “is not a phish,” and “I don’t know” votes made by the PhishTank community.

Median Time To Verify: 08 hours, 08 minutes

The median time it took the PhishTank community to verify submissions as valid or invalid.

Most Active Users

Out of the more than 20,000 members of the PhishTank community, these members were the most active in February 2010.

Note: One member account (PhishReporter) represents an organization, not an individual.

Top 10 Submitters (submissions)
1 PhishReporter (8,209)
2 cleanmx (2,403)
3 propriome (1,381)
4 balomish (721)
5 joewein (459)
6 zender (417)
7 mxlab (360)
8 buaya (217)
9 phishir (188)
10 zender2 (135)
Top 10 Verifiers (votes)
1 stuartgrant (15,029)
2 buaya (12,070)
3 NotBuyingIt (8,069)
4 marcoadfox (7,613)
5 cybercrime (5,166)
6 Aminof (4,477)
7 tetak (4,250)
8 theGeezer (3,040)
9 Jdunnivan (717)
10 mgeide (717)

Phishing URLs

In February, 475 phishes (5% of valid phishes that month) used an IP address (i.e. http://12.34.56.78) and 9,471 (or 95%) used a domain name (i.e. http://example.com).

Top 10 Domains (valid phishes)
1 t35.com (559)
2 altervista.org (522)
3 slaenmex.com (501)
4 express-order.ru (421)
5 udaswy.cz (215)
6 webhosting-solutions.co.uk (134)
7 justfree.com (114)
8 pochta.ru (73)
9 nob2o.com (67)
10 radiosportfm.tg (62)
Top 10 IPs (valid phishes)
1 201.130.79.54 (505)
2 69.10.48.106 (458)
3 66.45.237.212 (438)
4 89.111.176.21 (421)
5 194.67.36.117 (149)
6 206.251.130.233 (135)
7 77.92.91.153 (134)
8 205.134.162.147 (115)
9 67.220.228.213 (113)
10 78.129.205.116 (92)

Networks That Host Phishes

The servers hosting verified phishes are under the responsibility of these networks. PhishTank knows this because it traces phishing Web sites to an IP address. These are the organizations responsible for those IP addresses.

Top 10 Networks Valid Phishes
1 NEW JERSEY INTERNATIONAL INTERNET EXCHANGE LLC 562
2 MetroRED Telecom Services 505
3 RAPIDSWITCH-AS RapidSwitch 457
4 CENTROHOST-AS JSC Centrohost 431
5 ThePlanet.com Internet Services, Inc. 315
6 iWeb Technologies Inc. 239
7 SoftLayer Technologies Inc. 203
8 OVH OVH 198
9 Limestone Networks, Inc. 176
10 SOVAM-AS Golden Telecom, Moscow, Russia 159

Popular Targets

These are the brands that were fraudulently represented in phishing emails. Targets are identified by the submitter at the time of submission, or determined by PhishTank’s software to the best of its ability. The majority of phishes are not categorized with a target.

Top 10 Identified Targets Valid Phishes
1 PayPal 8,488
2 Internal Revenue Service 772
3 Facebook 715
4 HSBC Group 458
5 Bank of America Corporation 134
6 Tibia 130
7 eBay, Inc. 124
8 World of Warcraft 111
9 HSBC 103
10 Amazon.com 86


Date D A V Description Plat. Author
2011-01-14 Exploit Code Downloads Waiting verification Real Networks RealPlayer SP ‘RecordClip’ Method Remote Code Execution 106 windows Sean de Regge
2011-01-12 Exploit Code Downloads Verified MS11-002: Microsoft Data Access Components Vulnerability 181 windows Peter Vreugdenhil
2011-01-10 Exploit Code Downloads Verified MS10-081: Windows Common Control Library (Comctl32) Heap Overflow 243 windows Nephi Johnson
2011-01-09 Exploit Code Downloads Verified KingView 6.5.3 SCADA HMI Heap Overflow PoC 389 windows Dillon Beresford
2011-01-08 Exploit Code Downloads Download Vulnerable Application Verified NetSupport Manager Agent Remote Buffer Overflow 354 multiple ikki
2011-01-01 Exploit Code Downloads Download Vulnerable Application Verified HP Photo Creative 2.x audio.Record.1 ActiveX Control Remote Stack Based Buffer Overflow 571 windows rgod
2010-12-30 Exploit Code Downloads Waiting verification CA ARCserve D2D r15 Web Service Servlet Code Execution 384 windows rgod
2010-12-30 Exploit Code Downloads Download Vulnerable Application Verified QuickPHP Web Server Arbitrary (src .php) File Download 420 windows Pr0T3cT10n
2010-12-30 Exploit Code Downloads Download Vulnerable Application Waiting verification Chilkat Software FTP2 ActiveX Component Remote Code Execution 298 windows rgod
2010-12-29 Exploit Code Downloads Download Vulnerable Application Verified QuickPHP Web Server 1.9.1 Directory Traversal 336 windows John Leitch
2010-12-29 Exploit Code Downloads Download Vulnerable Application Verified httpdASM 0.92 Directory Traversal 234 windows John Leitch
2010-12-29 Exploit Code Downloads Verified DD-WRT Information Disclosure Vulnerability 384 hardware Craig Heffner
2010-12-26 Exploit Code Downloads Download Vulnerable Application Verified Kolibri v2.0 Buffer Overflow RET + SEH exploit (HEAD) 1591 windows TheLeader
2010-12-22 Exploit Code Downloads Download Vulnerable Application Verified WMITools ActiveX Remote Command Execution Exploit 0day 1418 windows WooYun
2010-12-22 Exploit Code Downloads Verified Citrix Access Gateway Command Injection Vulnerability 1120 linux George D. Gal
2010-12-21 Exploit Code Downloads Waiting verification Ecava IntegraXor 3.6.4000.0 Directory Traversal 444 windows Luigi Auriemma
2010-12-15 Exploit Code Downloads Verified Internet Explorer 8 CSS Parser Exploit 4036 windows Nephi Johnson
2010-12-14 Exploit Code Downloads Verified Crystal Reports Viewer 12.0.0.549 Activex Exploit (PrintControl.dll) 0-day 888 windows Dr_IDE
2010-12-11 Exploit Code Downloads Verified Exim 4.63 Remote Root Exploit 2997 linux Kingcope
2010-12-10 Exploit Code Downloads Verified LiteSpeed Web Server 4.0.17 w/ PHP Remote Exploit for FreeBSD 1278 freebsd Kingcope
2010-12-09 Exploit Code Downloads Waiting verification VMware Tools update OS Command Injection 1587 multiple Nahuel Grisolia
2010-12-05 Exploit Code Downloads Download Vulnerable Application Verified Freefloat FTP Server Buffer Overflow Vulnerability 0day 1722 windows 0v3r
2010-12-03 Exploit Code Downloads Verified Image Viewer CP Gold 6 ActiveX TifMergeMultiFiles() Buffer Overflow 876 windows Dr_IDE
2010-12-03 Exploit Code Downloads Verified iFTPStorage for iPhone / iPod touch <= 1.3 – Directory Traversal 892 hardware XEL
2010-12-02 Exploit Code Downloads Download Vulnerable Application Verified ProFTPD 1.3.3c compromised source remote root Trojan 2727 linux anonymous

Conference Series Targeting Technical Information Security Professionals Making Spring Debut in Dallas, Texas

EC-Council launches the TakeDownCon series – a highly technical information security conference series that promises to be an excellent knowledge acquisition and skills exchange platform.

TakeDownCon will bring together information security researchers and technical experts, both the brightest and darkest, from the corporate and government sectors to academic as well the underground, and make it into one of the world’s premier infosec event where the latest security threats are presented and debated, and vulnerabilities are disclosed and scrutinized.

TakeDownCon will also feature a pre-event training platform offering EC-Council certification training including the world-renowned Certified Ethical Hacker (CEH) and Computer Hacking Forensic Investigator (CHFI) programs. In addition, there will also be highly advanced and technical courses offered by EC-Council’s Center of Advanced Security Training (CAST). These programs are designed by industry practitioners and will allow participants to go through both hands on and real life scenario based training covering domains such as web application security, penetration testing and social engineering.

Jay Bavisi, President of EC-Council said, “There is a huge gap, and we recognize the need for more information security training and education. TakeDownCon will be the ideal platform for knowledge acquisition. Dallas was chosen for its strategic geographical location, and the vast demand for information security training. TakeDownCon, being highly technical, will feature a brand new format, it will be very focused, content driven, and attendees will see no frills, thus making it accessible for the masses.”

This conference will also see the launch of “Nite Locks et all”. It is where physical security vulnerabilities and lock picking skills will be showcased, and a chance for attendees to try their hands on lock picking, under the tutelage of experts in this realm.

The Call for Paper is now open. If you are interested to reveal a zero day exploit, expose a new vulnerability or flag an unknown threat, this may well be the platform for you to showcase and demonstrate your technical expertise and proficiency, as well as demonstrate your thought leadership. Do visit http://www.takedowncon.com/cfp to submit your paper to be considered.

TakeDownCon will make its debut in Dallas, TX from May 14 – 19, 2011. More details can be found at http://www.takedowncon.com.
Share and Enjoy:

Print
Digg
StumbleUpon
del.icio.us
Facebook
Yahoo! Buzz
Twitter
Google Bookmarks

CEH, CHFI, EC-Council, Hacking Conference, LPT, TakeDownCon