Researchers from the Swedish security company Outpost24 have discovered a major flaw in the design of TCP stacks which could put TCP-enabled devices at risk. According to their findings, which they kept secret for three years, performing DoS attacks through this vulnerability would require little bandwidth and the attacked devices would need rebooting in order for proper functionality to be restored.The researchers discovered this vulnerability back in 2005 and they claim it affects most, if not all, TCP stack implementations out there. With every TCP-enabled device being at risk, this affects everyone on the Internet, ranging from billions... [read more >>] Researchers Jeremiah Grossman, founder of WhiteHat Security, and Robert “RSnake” Hansen, founder of SecTheory, announced that they would fully disclose their research and PoC exploits at the Hack In The Box (HITB) conference in Kuala Lumpur, 27-30 October. The researchers previously canceled the presentation of critical clickjacking vulnerabilities that affect all current browsers at the request of Adobe. Clickjacking is a type of attack that allows hijacking the mouse clicks of users on a website and redirecting them to other items. This means, for example, that while a user sees, inside the browser, that he is clicking on a le... [read more >>] Only a few days after the UnitedLayer transit provider accepted to strike a peering deal with Intercage, under certain costly conditions, the ISP decided to pull the plug. This is the second time in one week that the infamous malware hosting company finds itself no longer reachable on the Internet.We have been tracking the whole Intercage – Atrivo story for some time now, but for our readers who haven't followed up all the articles, here is some background information. Intercage, also known as Atrivo in the past, used to offer hosting solutions to the well known cybercriminal group going by the name of the Russian Business Networ... [read more >>] After the infamous hosting company Intercage (Atrivo) was dropped by all of its ISPs due to increasing pressure from security groups and researchers that were accusing the company for housing extensive criminal activity, the UnitedLayer transit provider stepped up to the challenge of providing them with uplink.As we recently wrote, Intercage has been the subject of many security reports and media articles that were connecting the company with cybercriminal groups. Due to the increasing bad publicity being generated and the risk of getting their IP ranges added to various blacklists, the three ISPs, Global Crossing, WVFiber and Bandcon, that... [read more >>] Following a collaborated effort from security researchers, anti-spam groups and online media to disclose the connection between cyber criminal groups and Intercage Inc., all its ISPs were pressured by bad publicity or their own clients to sever ties with the California based company. Their last remaining ISP, Pacific Internet Exchange, stopped routing traffic to the company and depeered them, thus leaving their servers inaccessible from anywhere on the Internet.As we previously reported, Atrivo is a name that became famous for providing hosting and domain registration services directly or through its partners to the Russian Business Network... [read more >>] It looks like the rumor that David Kernell, a 20-year-old student at the University of Tennessee in Knoxville, is the person responsible for illegally accessing Sarah Palin's e-mail account is shaping up to be true. The FBI searched an apartment at The Commons in Knoxville, a student housing complex located in the vicinity of the university's campus. A local witness reports that the apartment raided by the FBI belongs to David Kernell.A few days ago, we reported that David Kernell was pointed out by the blogosphere as being the real name behind the user calling himself rubico, who posted a confession regarding the hack of Sarah Pa... [read more >>] The owner of the proxy service used by the person who hacked Sarah Palin's e-mail was contacted by the FBI regarding the server logs and is currently working to provide them. Meanwhile, the person whose e-mail was used to sign a confession circulating on the Internet was identified as David Kernell, son of democratic Tennessee state representative Mike Kernell.The alleged hacker of Sarah Palin's Yahoo e-mail account appears to have made two major mistakes. The first was to include the browser address bar in the screen shots he released. The address bar contained an almost complete URL from the Ctunnel proxy service that was used. ... [read more >>] A media storm started as the e-mail account of Alaska Governor and republican vice-presidential candidate Sarah Palin got hacked yesterday. Lots of sites reported that a group of hackers got access to the account and posted samples and screen shots of the content online. By other accounts, a single person was responsible and the group of hackers, knows as Anonymous, is really an online amusement discussion board.The whyEarlier this year, a public records request prompted Palin's office to refuse disclosing around 1,100 e-mail messages citing "exemptions for deliberative process, executive privilege, attorney/client privilege, privacy, ... [read more >>] The appeal which aimed at avoiding the extradition of the Briton responsible for what is considered to be the biggest military hack in history was rejected by the European Court of Human Rights, according to The Register. Before even judging the case, the high court decided to step aside from the litigation and did not accept the man's plea. Garry McKinnon was arrested in the UK, his home country, six years ago, but has never been charged. Meanwhile, US authorities, in an attempt to get him extradited, filed a lawsuit against him.McKinnon was given a negative sentence by the High Court back in 2006, but appealed the extradition decisio... [read more >>] According to the Korean police, an unidentified Chinese hacker managed to get hold of 9 million credit records that were sold on for a profit in Korea. The person responsible for stealing these records is known only as Chun, and it seems that he managed to flee to China before the Korean law enforcement agencies had a chance to take him into custody. Another 29-year-old suspect related to this incident has evaded the authorities by going to China. The police did manage to arrest 6 people believed to be accomplices of Chun, but they have been all processed and released.Out of the 9 million records the hacker got hold of, 4.8 million belong t... [read more >>] |