Root Love // Cyberpunk NIFO

Anonymous Hacking Spree Targets US Marine Accused of Iraq Massacre
By Joe Coscarelli Hacker group Anonymous started the morning by posting the audio from an FBI conference call online, and further promised a "day of m4yh3m" (that's mayhem, for the uninitiated) during what they're calling #FuckFBIFriday.
Read more on New York Magazine (blog)

Bomberman = Win. Follow me on Twitter for updates on upcoming videos and other personal stuff twitter.com Like us on Facebook for updates on upcoming videos and to be sure you don’t miss any videos www.facebook.com
Video Rating: 4 / 5

Wilmington, DE (PRWEB) June 28, 2011

In early June, eastern European news outlets reported that a law enforcement task force investigation resulted in the arrest of two men charged with stealing several hundred thousand dollars while running a massive network of compromised computers known as a botnet. Operation Hive, a joint operation between the FBI, Interpol, the Serbian Ministry of Internal Affairs and the Slovenian Police lead to the arrest of two suspects.

Unveillance, a data leak intelligence firm, has been studying this botnet for several months and reports that there are affected individuals and corporations in at least 172 countries, including the United States, Russia, Brazil, China, Great Britain, India and Iran. The malicious software (malware) at the heart of this investigation is the Butterfly Bot Kit, also known as Palevo, Pilleuz or Rimecud. This is the same software that was used to infect the millions of computers in the Mariposa botnet. Based on intelligence gathered from its network of global sensors, Unveillance estimates that this botnet is larger than Mariposa.

Although a few of the domains used to control the botnet have been suspended, Unveillance has discovered that several domains remain live and are actively harvesting information stolen from victims with infected computers. At this time it is unknown if law enforcement agencies are aware of the remaining active domains and it is possible that there are other individuals controlling these domains who have not yet been arrested in conjunction with this investigation.

Unveillance researchers Matt Thompson and Meaghan Molloy have reunited with their former Mariposa Working Group partner, Panda Security, to collect and analyze several thousand unique variants of malicious software associated with this botnet. Butterfly Bot is polymorphic malware that spreads via removable drives such as USB keys, making it very difficult to contain and remove from a network. Companies and individuals infected with Butterfly Bot often finds themselves in a perpetual cycle of reinfection. It is the ease with which this type of malware can spread that enables botnets to grow to such an immense size.

Unveillance reports that using Butterfly Bot to infect computers, the suspects allegedly stole personal information as well as bank account credentials from individuals and corporations worldwide. The FBIs inclusion means it is likely that American accounts are also affected.

According to Unveillance, one of the alleged masterminds made little attempt to cover his tracks and used the same email address to register several domains used to control this botnet. In some instances the suspect also used his real name and an address in Banja Luka, other related domains were registered under different names and addresses. Eastern European news outlets refer to one of the suspects as a computer genius and allege that he has previously been arrested for cybercrime. One of the suspects had apparently been enjoying his newfound wealth, having recently purchased a luxury apartment and several cars worth around 75K USD each. The second suspect appears to have lived a quieter life in a rented apartment with his wife. Reports indicate that during the arrests police seized computer equipment and illegal firearms.

In the wake of the recent LulzSec antics, it is surprising that this story has not yet attracted the attention of any English language newspapers, says Karim Hijazi, CEO of Unveillance. When justifying their actions, the members of LulzSec were quick to point out that there are many more criminals at work in the world, most of whom dont send out tweets every time they violate personal and corporate networks.

About Unveillance

Unveillance has developed the first Software-as-as-Service (SaaS) Data Leak Intelligence Platform. Leveraging completely passive monitoring, without the use of any on premises hardware, software or agent install, our platform is able to assess whether an organization, country and/or governments network is actively compromised by advanced persistent threats (APT) and thus participating in a botnet infrastructure at a 100% zero false positive rate. The intelligence platform is able to provide metrics on severity, frequency and scope of infection as well as display successful remediation efforts via a unique rating system called the DLI (Data Leak Intelligence) Score. http://www.unveillance.com


Related Links:

http://hr.seebiz.eu/na-meti-banjaluckih-hakera-bile-slovenske-banke/ar-4747/

http://www.info-market.ba/bs/crna-hronika/13239-aljoa-borkovi-i-darko-malini-osumnjieni-za-hakerske-pljake

http://www.kurir-info.rs/crna-hronika/banjalucki-hakeri-opustosili-strane-racune-93703.php

http://www.nezavisne.com/novosti/bih/FBI-zainteresovan-za-hakera-iz-Banjaluke-91913.html

###

For Facebook 'Hacker Way' is way of life
By Barbara Ortutay, AP A street sign for "Hacker Way" stands at the Facebook headquarters in Menlo Park, Calif. A street sign for "Hacker Way" stands at the Facebook headquarters in Menlo Park, Calif. For most people, that word means something …
Read more on USA TODAY

Video Rating: 0 / 5

Palo Alto, CA (PRWEB) November 16, 2011

A cloud-based environment offers a convenient and cost-effective platform for extending services to employees, customers and partners. However, it also increases the risk of data security breaches and denial-of-service (DoS) attacksunless appropriate authentication and authorization policies and processes are implemented within the platform-as-a-service (PaaS).

WSO2 will provide IT professionals with best practices for addressing these challenges in a webinar entitled, Securing Your Cloud Application Using StratosLive. The one-hour technical webinar is being held twice on Wednesday, November 23: 9:00 a.m. 10:00 a.m. PST for the Americas and 10:00 a.m. 11:00 a.m. GMT for Europe and Asia-Pacific. For more information, visit wso2.org/library/webinars/2011/10/securing-your-cloud-application-using-stratoslive.

Securing Cloud Applications Using StratosLive

The webinar will explore how IT architects and developers can leverage the security capabilities offered by an underlying PaaS, and examine how they are compatible with other available services, such as user management and throttling. Using the WSO2 StratosLive PaaS as an example, the session also will examine available security technologies and how they can be used to effectively secure applications in the cloud. Additionally, the session will briefly cover alternative approaches to managing cloud application security, along with the associated risks.

The session will be presented by two SOA technology experts, who are committers with the Apache Software Foundation. Prabath Siriwardena is WSO2 architect and senior manager of the WSO2 Carbon platform and security; he also is a Project Management Committee member of Apache Axis2. Thilina Mahesh Buddhika is WSO2 associate technical lead and product manager of the WSO2 Identity Server; through his work on two Google Summer of Code projects, he contributed to the Apache Geronimo application server and Apache Rampart.

About WSO2

WSO2 is the lean enterprise middleware company. It delivers the only complete open source enterprise SOA middleware stack purpose-built as an integrated platform to support todays heterogeneous enterprise environmentsinternally and in the cloud. WSO2s service and support team is led by technical experts who have proven success in deploying enterprise SOAs and contribute to the technology standards that enable them. For more information, visit wso2.com and the WSO2 OxygenTank developer portal at wso2.org, or check out WSO2 on the WSO2 Blog, Twitter, LinkedIn, Facebook, and FriendFeed.

Trademarks and registered trademarks are the properties of their respective owners.

###

Miami, FL (PRWEB) July 25, 2011

Hacker Halted, EC-Councils premier information security event, announces its most rigorous, hands-on penetration testing training to date with Advanced Penetration Testing: Pen Testing High Security Environments, at this years conference in Miami, October 21-27.

The Advanced Penetration Testing course is an intense three-day technical training course, led by the EC-Councils CAST instructors, that provides a thorough understanding of how to pen-test highly secured environments like government agencies and financial institutions. It is an advanced course designed for experienced professionals, and 80 percent of the class involves hands-on hacking labs.

This is a real world attack training course designed for experienced information security professionals who want to be better trained for pen-testing heavily protected networks, said Leonard Chin, conference director for Hacker Halted USA. There is a steep learning curve with this course, due to its hands-on nature, but those who complete the course will benefit enormously in their professional careers as they will learn the most advanced tactics in attack and defense for the worlds most secure networks and applications.

Students of the Advanced Penetration Testing training course will learn how to attack operating systems like Windows 7, Windows Vista, Windows Server 2008 and the latest Linux Servers all fully patched and hardened, and running on servers with Intrusion Detection Systems and Intrusion Prevention Systems (IDS/IPS) in place. They will get their hands dirty with everything from bypassing IDS and IPS, to using the weapons of choice for the infamous LulzSec hacker collective: cross-site scripting (XSS), SQL injection, and Remote File Inclusion (RFI).

The course starts with attacking heavily protected environments from the outside, and dealing with load balancing, deep packet inspection and network-based IDS/IPS. Next, students will attack web applications and deal with common application security measures in PHP/ASP.NET and Web application firewalls. Students then learn how to attack from the LAN, and deal with NAC solutions, locked down workstations/GPOs and host-based IDS/IPS. At the end of the course, students will learn how to gain control of the active directory.

Those who complete the course will gain invaluable experience in pen-testing a high security network environment, such as those within a government agency or financial institution. Specifically, they will learn how to move around the network without being detected by IDS/IPS, how to circumvent common security implementations such as Locked, and how to down desktops, GPOs, IDS/IPS/WAF, etc.

The three-day Advanced Penetration Testing training course is comprised of eight training modules that include:

Module 1: Advanced Scanning

Module 2: Attacking From the Web

Module 3: Client-Side Pentesting

Module 4: Attacking From the LAN

Module 5: Breaking out of Restricted Environments

Module 6: Bypassing Network-Based IDS/IPS

Module 7: Privilege Escalation

Module 8: Post-Exploitation

Hacker Halted Academy offers over 15 IT security courses, and will take place from October 21-24 at the Intercontinental Miami, followed by the Hacker Halted conference, which takes place October 25-27.

In addition to the Advanced Penetration Testing training course, Hacker Halted Academy will also feature other advanced and technical security training such as advanced network defense, advanced application security, digital mobile forensics, and cryptography. There is also a suite of EC-Council certification training, including the DoD-accepted Certified Ethical Hacker (CEH) among others available. Strategic partners, including ISC(2), Training Camp and Global Knowledge, will also be offering other industry standard courses, such as the CISSP, CSSLP, and Security+.

For more information, please visit http://www.hackerhalted.com/2011

ABOUT HACKER HALTED

Hacker Halted is EC-Councils premier global information security conference series, dedicated to raising international awareness towards increased education and ethics in information security. Hacker Halted is a vendor neutral platform that provides CXOs and senior IT security professionals with the opportunity to assess best practices in acquiring, implementing, managing, and measuring information security. Hacker Halted provides EC-Council certification training, including the renowned Certified Ethical Hacker (CEH) program (a recently accepted certification of DoD Directive 8570.01M Change 2). Since 2004, Hacker Halted has been held in Miami, Myrtle Beach, Kuala Lumpur, Singapore, Dubai, Mexico City, Cairo, Taipei, Guangzhou, and Tokyo. More information about Hacker Halted is available at http://www.hackerhalted.com/2011.

ABOUT EC-COUNCIL

The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in cybersecurity and e-commerce. It is the owner and developer of 20 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and Certified Security Analyst /Licensed Penetration Tester (ECSA/LPT). EC-Council has trained over 90,000 security professionals and certified more than 40,000 members. Its certification programs are offered by over 450 training centers across 84 countries. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. Department of Defense via DoD 8570.01-M, the Montgomery GI Bill, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates EC-Council University and the global series of Hacker Halted information security conferences. The global organization is headquartered in Albuquerque, New Mexico. More information about EC-Council is available at http://www.eccouncil.org.

###

I created this video with the YouTube Video Editor (www.youtube.com

Los Angeles, CA (PRWEB) November 19, 2011

The recent Federal reforms to the banking industry fail to adequately protect Americans with debit cards, according to a report released today by CreditCardAssist.com, a leading credit card intelligence and resources firm. Citing the prevalence of mass debit card theft from corporations like CitiBank and Sony, the report outlines a systematic failure in debit cards, especially the ones issued by MasterCard and Visa.

The entire debit card system is flawed, said CreditCardAssist.com founder Bill Hazelton. “A consumer can lose everything in the blink of an eye and theres no guarantee theyll ever get it back.” Studies have shown that a lapse in authentication security has made the information on debit cards easier to steal than any other piece of plastic in circulation. Because check cards and unsecured debit cards dont use PIN numbers to validate transactions, they give thieves instant access to a consumers personal checking or savings account. As a result, victims could be left penniless for more than two weeks while their bank investigates the case.

“When someone steals your credit card, you can just refuse to pay your balance that month, Hazelton explained. But when your debit card is compromised, youre losing the money you need to pay your mortgage, your medical bills and other necessary expenses — this makes debit card fraud much more devastating than credit card fraud.”

Debit card fraud is especially troubling when considering how easy it is for hackers to steal thousands of consumer debit card numbers at once from merchant and bank databases. This summer, financial giant Citibank had approximately 21 million card numbers stolen from its database when hackers realized they could simply alter their browsers URL to expose different accounts — and the personal information held within them. Just days later, Sony Online Entertainment exposed over 100 million user account details in a similar mass hack.

If they dont report the false charges within two days, victims of debit card fraud are currently liable for up to $ 500 and if they take longer than two months, they receive no liability protection whatsoever. By contrast, victims of credit card fraud are only liable for $ 50, no matter the time period. This regulatory disparity is absolutely putting consumers at risk, Hazelton says, consumers need to wake up and demand equal protections for debit cards — or the problem wont go away.

Hazelton is well acquainted with advocating credit and debit card safety. He founded CreditCardAssist.com in order to advise consumers and small business owners on the perils and pitfalls of the credit card industry. Since its establishment in 2004 the company has grown into one of the leading credit card information resources on the Internet, and has been cited by publications like New York Post, the San Francisco Chronicle and Entrepreneur Magazine.

To learn more about Credit Card Assist or to schedule an interview, please email andrew(at)contentfac(dot)com. More information and the entire report can be viewed at http://www.creditcardassist.com.

###

Anonymous Hacked FBI Conference Call
FBI confirms legitimacy of 16-minute call, posted by hacktivists, that discussed sentencing and future arrests of LulzSec and Anonymous participants. By Mathew J. Schwartz InformationWeek Anonymous released audio transcripts Friday from an "Anon-Lulz …
Read more on InformationWeek