Kernel.org hacked ! // From: J.H. <[email protected]> Subject: [kernel.org users] [KORG] Master back-end break-in
http://pastebin.com/BKcmMd47
Hacking
Kernel.org hacked ! // From: J.H. <[email protected]> Subject: [kernel.org users] [KORG] Master back-end break-in
http://pastebin.com/BKcmMd47 Kernel.org machines were hacked into, possibly via stolen credentials. Investigation is underway. Thanks to GIT crypt-signing each commit, there is no danger to linux kernel code.
respawn_redux [presistent cookies based on If-Modified or Etag headers]
http://ashkansoltani.org/docs/respawn_redux.html
respawn_redux [presistent cookies based on If-Modified or Etag headers]
http://ashkansoltani.org/docs/respawn_redux.html An article that describes a method to create a permanent cookie based on If-Modified and Etag HTTP headers. Currently this is used in “the wild” by several banner and add networks. The method is possible because of the simplified implementation of If-Modified implementation in all modern browsers (browsers do not validate values of if-Modified as DATE)
Help: I Got Hacked. Now What Do I Do? [by Jesper M. Johansson, Security Program Manager Microsoft Corporation]
http://technet.microsoft.com/en-us/library/cc512587.aspx
Help: I Got Hacked. Now What Do I Do? [by Jesper M. Johansson, Security Program Manager Microsoft Corporation]
http://technet.microsoft.com/en-us/library/cc512587.aspx
LastPass : The last password you'll have to remember: LastPass Security Notification
http://blog.lastpass.com/2011/05/lastpass-security-notification.html Online password keeping service LastPass.com reports that it is possible that they were 0wned. (how nice!) In the same time, PastPass seems to be doing the right things: they had a monitoring in place, so they have detected an anomaly in traffic. As soon as the anomaly was detected, they have notified their users and proceeded with further measures.
Security Incident — Blog — WordPress.com [ wordpress.com got 0wned]
http://en.blog.wordpress.com/2011/04/13/security/ this is just great … at least they notified their users in a timely manner. Change your passwd if you have wordpress.com account.
A message from Comodo Hacker - Pastebin.com
http://pastebin.com/74KXCaEZ [also see LWN’s write-up https://lwn.net/Articles/435214/ .] Curios message [allegedly] from a person who hacked into Comodo CA. Makes you wonder … Basically the whole SSL trust is just a piece of crap and cannot be trusted at all – major CA have thousands of reseller accounts protected only by username/password combination and ANY such account could be used to sign ANY certificate, i.e. amazom.com, yourbank.com, etc.
Anonymous speaks: the inside story of the HBGary hack
http://arstechnica.com/tech-policy/news/2011/02/anonymous-speaks-the-inside-story-of-the-hbgary-hack.ars/ awesome story about how security firm HBGary was hacked, or what happens if you do not follow simple security best practices.