Interesting developments in the Hannaford Supermarket breach that was reported a few weeks ago. Seems that malware infected 300 some servers that were located at each of the stores. This malware was apparently collecting and sending customer credit card data to overseas locations. I like the following part the best: “Andrew Conry of InformationWeek adds […]
Suspected Malware Infected Hannaford Servers Read More »
Last night I did a talk on “Automated Penetration Testing with the Metasploit Framework” to a local information security group in Cleveland, Ohio. This was the last talk in a two part series on automated penetration testing tools. Last month I spoke about CORE IMPACT by Core Security Technologies which is a commercial penetration testing
Automated Penetration Testing with the Metasploit Framework Read More »
Here is a pretty cool project that I stumbled upon over at Security Catalyst. The concept is to have a “Honey Pot for mobile storage devices” but each mobile storage device (USB key, iPod, etc…) in reality becomes it’s own “Honey Stick” where the researcher can safely track how many people are plugging these devices
The Honey Stick Project: Tracking Mobile Storage Devices Read More »
Another day…another credit card breach! This time 4.2 million credit cards were exposed. I personally smell a bit of TJX in this one… “The stolen data was limited to credit and debit card numbers and expiration dates, and was illegally accessed from our computer systems during transmission of card authorization,” said Hannaford CEO Ron Hodge,
Hannaford Brothers Credit Card Breach Read More »
Larry and Paul from the PaulDotCom Security Weekly Podcast have a very good two part series interviewing pdp and Adrian from GNUCITIZEN. Lots of good information about embedded device hacking and all the cool things GNUCITIZEN is working on. Check out the mp3’s of the Podcast below….better yet…subscribe to the PaulDotCom Security Weekly Podcast! These
GNUCITIZEN on PaulDotCom Read More »
The SANS ISC posted an article titled “Pontsec Disk Encryption Cracked”. Really? Cracked? I was thinking that there was some new cool uber l337 hax0r tool that breaks disk encryption from boot…and no, this isn’t the cold boot attack that has gotten all the attention lately. This is the firewire attack (winlockpwn tool) on Windows
Pointsec Disk Encryption Cracked? Not so fast… Read More »
Interesting article on CNN today about a covert group of Chinese “hackers” who apparently have broken into the Pentagon and other high profile sites. Actually, they “know” someone who broke into the Pentagon, they didn’t actually do it themselves. This isn’t breaking news by any means. There are hackers all over the world trying to
Chinese Hackers or Script Kiddies? Read More »
GNUCITIZEN has released a tool similar to the fat client Goolag Scanner that the cDc released a few weeks ago called GHDB. What makes the GHDB different is that it is browser based and uses JavaScript techniques to scrape information from Johnny Long’s Google Hacking Database without the need for hosted server side scripts. Add
Online Google Hacking, Ethical Penetration Testing Tool Read More »
Well, that didn’t take long…a tool to dump the memory and pull the encryption keys off of encrypted hard drives has been released. Like I said in a previous post, it was only a matter of time and the risk/threat vector of this vulnerability starts to change with the release of a tool. On a
Cold Boot Attack Tool Released Read More »
I recently saw a good webcast presented by Core Security Technologies on “Penetration Testing Ninjitsu”. This was presented by Ed Skoudis who is a very good SANS instructor and is also the author of the book “Counter Hack Reloaded” (I highly recommend all penetration testers read this book). Some of you may have taken his
Penetration Testing Ninjitsu with Ed Skoudis Read More »
