2011 has been the year where massive DDOS attacks tooks place and most of them were directed by a group of hacktivists called Anonymous and lulzsec. DDOS attacks have totally moved from layer 4 to layer 7 as in layer 4, A hacker would need thousands of computers to attack a single server, where as in Layer 7 DDOS a hacker can easily take down a server with a single computer provided that if it's vulnerable. For those of you who don't know a DOS attack is a method of exhausting a server's resources and compromising it's availability.
Hijacking Facebook Users With Clickjacking our guest author gave a detailed explanation about the idea behind clickhijacking attack. Therefore in this post we will not talk or explain the mechanism behind clickhijacking attack. The goal and moto of this post is to let you know how abusive this attack has been since past recent months.
Recently a serious vulnerability inside mysql has been found. According to the advisory the following versions are affected - 5.5.23, 5.3.6, 5.2.12, 5.1.62. This is not a the first time authentication vulnerability has been found inside mysql, However the developers fail to protect it.
So what was the fault?, How and why is mysql authentication affected. According to researchers the mysql authentication was checked for wrong password 255 times out of 256. Which means that one in 256 passwords might let you in.
link to catchup on our story (yeah, we cool like that).
Attention LinkedIn users, your privacy has been breached. Millions of internet users can now see your password posted online. We request you not to be under false pretences that you are safe from this epidemic. LinkedIn has already confirmed this news and has stated that passwords that are reset will now be stored in a salted format, which technically means that passwords are in an encrypted format AND adjoined with a random bunch of characters to make the password-cracking process a pain-in-the-neck for the hacker. An example of a salted password can seen in the image below.
PC monitoring software is like fire that can burn down the computer’s defense mechanism in a matter of minutes. However, each malware has its particular blazing potential, and its own target. “Flame”, a discovery of a Russian cyber security firm Kapersky Lab ,with a befittingly smoldering pseudonym, is touted as the most destructive cyber weapon ever known to mankind – or to any other species for that matter.
Oh and with a 20-megabyte size, Flame is 20 times bigger than Stuxnet or DuQu – the two that previously had the duopoly over the ‘most dangerous malware’ throne.