Was time for the website defacers to hit the music industry! Yesterday, visitors of the BritneySpears.de website could read “XTech Inc Onwed the Music Industry… and the rest of it ” at the top of the home page. It appears to me though, that they just did it for fun and not for any serious reason.

Apparently it was hosted in the same webserver with other official german websites of Sony BMG entertainment.

The attackers exploited a web application vulnerability – probably php inclusion – in order to get access to the Solaris 9/10 webserver.

Continue Reading »

I was surprised when I did a simple search on Google for the keywords “carders online“. The first result that my search revealed, was a site belonging to a cyber criminal group called “Carders Online”. Their web hosting account was suspended, but their website is cached on Google, so I visited it in order to find out more information about it.

It seems to me that this group was very organised. They were providing how-to articles on carding, proxies and online payment processors. They were also selling laptops, mobile phones and cameras, which were bought with stolen/phished credit cards. They were even selling the software and equipment required to copy full details of stolen/phished credit cards into blank cards, in order to be able to cash-out from an ATM the money in the bank accounts.

Continue Reading »

US government websites are under the spotlight of muslim cracking groups who protest against USA – this is what they claim as an attack reason. Since the 2nd of January, 17 US governmental websites were defaced, from which 9 were defaced by means of SQL injection.

What seems obvious to me – after viewing most of those defacements on the Zone-H digital attacks archive – is that their motives are not fully justified. Most of these crackers – better say “script kiddies” – are using publicly available exploits for known vulnerabilities, and by applying logic on how to use them, they succeed in the end at gaining access on webservers.

The fact that the attacked webservers belong to the US government, doesn’t necessarily mean that there is adequate security implemented.

Continue Reading »

Since November 2006, in UK is an offense to launch DoS/DDoS attacks, which experts had previously called “a legal gray area.”

What follows is my brief personal view on this subject.

Such attacks should have been considered illegal for over 10 years now because they cause significant financial losses to businesses as they affect the availability of data and services – A very unethical thing to do…

Causing many problems for all the parties involved in the supply chain…

Continue Reading »

In my opinion, Microsoft all the past years, since the first version of Windows until the latest Vista release [1], focuses mostly on adding new features than maintaining a secure kernel.

Microsoft is also the operating system (OS) market dominator, meaning that is the main target for crimeware/malware writers – responsible for a very big percent of worldwide cyber-crimes.

Which OS do you prefer for more security? Linux,Windows or any other? Continue Reading »