Help: I Got Hacked. Now What Do I Do? [by Jesper M. Johansson, Security Program Manager Microsoft Corporation]
http://technet.microsoft.com/en-us/library/cc512587.aspx
Infosec
Help: I Got Hacked. Now What Do I Do? [by Jesper M. Johansson, Security Program Manager Microsoft Corporation]
http://technet.microsoft.com/en-us/library/cc512587.aspx
LastPass : The last password you'll have to remember: LastPass Security Notification
http://blog.lastpass.com/2011/05/lastpass-security-notification.html Online password keeping service LastPass.com reports that it is possible that they were 0wned. (how nice!) In the same time, PastPass seems to be doing the right things: they had a monitoring in place, so they have detected an anomaly in traffic. As soon as the anomaly was detected, they have notified their users and proceeded with further measures.
Security Incident — Blog — WordPress.com [ wordpress.com got 0wned]
http://en.blog.wordpress.com/2011/04/13/security/ this is just great … at least they notified their users in a timely manner. Change your passwd if you have wordpress.com account.
A message from Comodo Hacker - Pastebin.com
http://pastebin.com/74KXCaEZ [also see LWN’s write-up https://lwn.net/Articles/435214/ .] Curios message [allegedly] from a person who hacked into Comodo CA. Makes you wonder … Basically the whole SSL trust is just a piece of crap and cannot be trusted at all – major CA have thousands of reseller accounts protected only by username/password combination and ANY such account could be used to sign ANY certificate, i.e. amazom.com, yourbank.com, etc.
How not to post a security article | John Graham-Cumming
http://blog.jgc.org/2011/03/how-not-to-post-security-article.html an excellent follow up on a hoax story about Samsung installing keyloggers on its laptops.
Anonymous speaks: the inside story of the HBGary hack
http://arstechnica.com/tech-policy/news/2011/02/anonymous-speaks-the-inside-story-of-the-hbgary-hack.ars/ awesome story about how security firm HBGary was hacked, or what happens if you do not follow simple security best practices.
Black ops: how HBGary wrote backdoors for the government
http://arstechnica.com/tech-policy/news/2011/02/black-ops-how-hbgary-wrote-backdoors-and-rootkits-for-the-government.ars/ articles describes operations of computer security firm HBGary, based on email archive of HBGary, that hacker group “Anonymous” has recently made available
Updated W32.Stuxnet Dossier is Available | Symantec Connect
http://www.symantec.com/connect/fr/blogs/updated-w32stuxnet-dossier-available Stuxnet was a targeted attack on five different organizations – see the update posted by Symantec’s researchers. They have analyzed data from anti-virus software and made a graph based on IP and stuxnet version – this shows 5 different targets.
FPUpdater Tool README
http://www.oracle.com/technetwork/java/javase/fpupdater-tool-readme-305936.html curl -v -H “Accept-Language: en-us;q=2.2250738585072012e-308” http:///someurl if your tomcat/Jboss/whatver runs on unlatched JVM – the thread will go into infinite loop also see http://blogs.oracle.com/security/2011/02/security_alert_for_cve-2010-44.html