Said to be the biggest of its type, a security breach which stole the identities of around 8 million customers has been brought to light by ‘s Sunday Herald newspaper . Some Indian hacker is said to be responsible for the breach.
Information Security | w0lf | September 15, 2008 | 
Comments (0)
Came across this funny cartoon … his mom must be proud of him. 
Uncategorized | w0lf | | Comments (0)
To set up phishing sites it hardly requires an exploit to hack into the web application (Jhoomla, phpBB etc..) and upload the copied target site onto it. And booom..phishing site is up…in less than a couple of minutes.
But for an nfomation Security officer of that targetted organization, it takes much more than that to bring the attack and after effects under control. For them its sounds like a pissing attack. They get really pissed off. These pissing affect remains even after the phishing site has been brought down. They need to check if the phisher has compromised any customer’s user credentials. This requires continuous monitoring and thorough forensics. In the end both the organization and the end customers suffer.
Most important and effective thing the organization should always do to bring down the damages incurred due to phishing is PROPER customer training. This is what every organization knows and this is what most of them don’t do completely or in an improper way.
Phishing | w0lf | | Comments (0)
well today I did a P.T. on Citrix server. And surprisingly it took me around just 30 sec to hack into server. Isn’t that cool. I managed to get hands on one userid password with lower privileges and then i just used hot keys CTRL+F3 which is similar to CTRL+SHIFT+ESC on your desktop to get access to task-manager. Well I got a shell then but with no admin access.
Well then used an local privilege escalation exploit to gain admin rights. Citrix thought to be one of the most secure architecture was hacked withing seconds.
