Malaysian Kaspersky website and shop hacked. Users at risk?
20/07/2008 Written by Roberto Preatoni
The official Malaysian Kaspersky Antivirus’s website has been hacked yesterday by a Turkish cracker going by the handle of “m0sted”.
Along with it, the same cracker hacked also the official Kaspersky S.E.S. online shop and its several other subdomains.
The attacker reported “patriotism” as the reason behind the attack and “SQL Injection” as the technical way the intrusion was performed.
Both websites has been home page defaced as well as several other secondary pages. The incident, though appearing a simple website defacement, might carry along big risks for end-users because from both the websites, evaluation copies of the Kaspersky Antivirus are distributed to the public. In theory, the attacker could have uploaded trojanized versions of the antivirus, infecting in this way the unaware users attempting a download from a trusted Kaspersky’s file repository (remember the trojan in the Debian file repository?).
Blogless blogs, Olympic blogs the Chinese way
15/07/2008 Written by SyS64738 (Roberto Preatoni)
For all you folks, fan of the civil liberties as well as the Olympic games, here’s the integral text of the International Olympic Committee Blogging Guidelines for the accredited persons. It’s the perfect companion of the recent decision from the Olympic Chinese Committee to ban the flags from the stadiums.
As you will read, blogs are admitted but:
– should not contain information not related to strictly personal experience – should not contain sound or moving images from the Olympic Games – should not contain still images containing any sporting action of theGames or the Opening, Closing or Medal Ceremonies of the Games. – should not contain the Olympic symbol – should not contain commercial references (Blogspot, bye bye!) – should not contain the word “Olympic” within the blog URL
But you are lucky, still you can use your plain white Olympic blog homepage to test the brightness of your screen.
… enjoy and please comment the official text
250 thousands emails at risk? It is a feature!
10/07/2008 Written by minor
“It is not a bug, it is a feature. You invented the wheel.”
If you get this kind of answer from a website operator in relation to a security bug found in his application, then you have only two choices: either you’re paranoid or the operator doesn’t care much about security. What are talking about? About leakage of 250.000 email addresses.
One of the most visited websites in Slovakia, the community website Azet.sk known thanks to his freemail and chat services has several sections, among which is also a dating section . The website is visited by surfers of various age that would like to find a partner for anything: chating, meeting, sex etc. You just put an announce and everybody can respond you through a web form. But few days ago, on one of the most visited security blogs in Slovakia blog.synopsi.com appeared the detailed description of how to get email addresses from the Azet dating service with a PoC script.
The weakest link of the chain
09/07/2008 Written by Roberto Preatoni
Warning: this article is not for the fainted of heart!
A chain is only as strong as its weakest link”, this sentence applies to any process that will fail if some step in it goes wrong. The guys at Technical Park and ABB, the industrial colossus that built the new Flying Fury amusement park attraction, should have taken it into consideration.
Here’s the story…
Darpa's "trust in IC": a smart article and our comments
07/07/2008 Written by SyS64738 (Roberto Preatoni)
Without any doubt, the best article published about the Darpa’s Turst in IC program has appeared on IEEE Spectrum’s website. We welcome you to read that article, then to come back here as we posted our comments (oh boy, we have so much to say…)