Powered by Blogger.
Home » Posts filed under hacking
Showing posts with label hacking. Show all posts
Showing posts with label hacking. Show all posts

Hacker Claims to Have Full Control of Pornhub, Offers Access For $1,000

0 comments


A 19-year-old hacker claims to have hacked into Pornhub’s server and is trying to sell the access for $1,000.
The hacker, who goes by the name Revolver, posted two pictures on his Twitter to prove he had access to Pornhub’s server. The alleged breach comes less than a week after Pornhub launched a bug bounty program to encourage friendly hackers to report flaws and vulnerabilities into the site and help get them fixed.
But Revolver didn’t seem interested in taking that road.
“I don't report vulnerabilities anymore,” Revolver tweeted. “Go underground or go away #FuckBugBounty.”
Revolver told me in an online chat that he hates bug bounty programs because in the past he ”reported a lot of bugs but got no reply from companies,” and he doesn't like to give companies his real name.
The hacker told CSO Online, which first reported the story, that he was able to upload a shell, essentially a control panel he could use to issue any commands on a Pornhub’s server. If true, in other words, Revolver had full control over the server. Revolver said he took advantage of a vulnerability in Pornhub’s “user profile script that handles image uploads.”
Pornhub did not respond to a request for comment, but said on Twitter that it was investigating and that “it doesn't seem like access was gained to a production server.”

“I don't report vulnerabilities anymore. Go underground or go away #FuckBugBounty.”

On Sunday, the hacker told Motherboard that he had already sold the access to three people. He also said Pornhub reached out to him via Twitter but he has still to hear back from them.
”I will tell them they can go fuck off," he said, adding that, however, ”if they gave me a premium account I'm ready to help them fix that.”
Revolver has been quite busy in the last few weeks. In April, he reported a bug in the website to the Freedom of The Press Foundation, which earned him a public thank you from Edward Snowden. He also claimed to have found a bug into the website of the embattled Panamanian law firm Mossack Fonseca, which has been at the center of the Panama Papers scandal. And in a similar incident to this Pornhub one, he also offered access to the LA Times website,
In March, Revolver created a site that displayed screenshots and IP address of random people’s hackable computers, which he called VNC Roulette.

Sony Pictures' security chief once thought data breaches weren't a big deal

0 comments
Ap346373206136

Sony stands to lose a lot from the massive hack that continues to leak tons of documents and data — passwords, full-length films and the social security numbers of 47,000 people, including celebrities — to the public, experts say.
The company has remained mostly mum about the hack, but as Fusion points out, some of the Sony Pictures' history could possibly shed some light on the fact that data security wasn't always a major concern up top.
In 2007, Sony's executive director of information security said in an interview with CIO that he wasn't willing to put up a lot of money to defend the company's sensitive information. He also talked about how he convinced a security auditor, a year before in 2006, that the company's use of very weak passwords wasn't such a big deal.
"It’s a valid business decision to accept the risk” said Jason Spaltro, who is now Sony Pictures' senior vice president of information security, in the interview. “I will not invest $10 million to avoid a possible $1 million loss."
The loss of what Sony has endured following the mysterious "Guardians of the Peace" hack is probably much, much more substantial than $1 million, however.
"I have no idea how to value the dollar cost of losing control of employee Social Security Numbers, highly confidential company documents, and of course the reputation damage from being victimized like this," Tod Beardsley, engineering manager at security firm Rapid7, toldMashable in an email. 
Beardsley said he didn't want to victim-blame Sony, and that the security landscape has changed a lot since 2007. But Adrian Sanabria, a security expert with 451 Research, said companies typically have to endure a breach before they begin taking information security seriously. Even though some companies get put out of business by hacks, "there will still be that head of InfoSec bragging that he convinced auditors that terrible passwords are okay.""If it were possible to spend 10 million 2007 dollars to prevent this incident, that would have been a serious bargain.”

Sanabria told Mashable it will be the lawsuits that will be the big deal. Top-billed film stars, movie theaters, retail chains and streaming services all stand to lose out on something if people download Annie and Fury, he said.
"So many files have been leaked that this is really just the tip of the tip of the iceberg," he said.
Sony's Spaltro has a salary that tops $300,000 this year, Fusion notes. It will break $400,000 if he gets his bonus.

Credit Cards Stolen from Target Are Flooding the Black Market

0 comments
Target1

 Credit-card data stolen during a massive data breach at Target last month is hitting the black market, according to multiple reports.
Cybersecurity firm Easy Solutions "noticed a 10- to 20-fold increase in the number of high-value stolen cards on black market websites, from nearly every bank and credit union," The New York Times reported. Easy Solutions did not immediately respond to Mashable's request for comment.
Security blogger Brian Krebs, who broke the original story about the Target hack, also reported on Friday that thieves have been selling batches of 1 million cards at "$20 to more than $100 per card."
Krebs reported that a fraud analyst at a major bank told him that "his team had independently confirmed that Target had been breached after buying a huge chunk of the bank’s card accounts from a well-known 'card shop' — an online store advertised in cybercrime forums as a place where thieves can reliably buy stolen credit and debit cards."
Once in possession of the credit cards, thieves can clone the cards and use them in stores. If they get access to a customer's PIN, they could also withdraw money from their account. Target CEO Gregg Steinhafel said in a message to customers that "There is no indication that PIN numbers have been compromised on affected bank issued PIN debit cards or Target debit cards."
Target did not immediately respond to a request for comment on the latest reports.
The company said it would notify all 40 million of its affected customers this weekend. These customers made purchases at Target stores between Nov. 27 and Dec. 15.

Man Who Joined Anonymous Attack for '1 Minute' Fined $183,000

0 comments

Man Who Joined Anonymous Attack for '1 Minute' Fined $183,000Anon

A 38-year-old man was sentenced to two years probation and a hefty fine for participating in a distributed denial-of-service attack organized by hacker collective Anonymous against the webpage of Koch Industries in 2011.
The surprising part? He only joined the attack for one minute.
Eric J. Rosol, a Wisconsin resident, was charged with being part of Anonymous’ attack on the Kansas-based company, Kochind.com, on Feb. 28, 2011, using a popular DDoS tool, which was found on his computer.
Rosol, however, says he was part of the attack for one minute. He pleaded guilty to one misdemeanor count of accessing a protected computer, and was sentenced to two years of federal probation and ordered to pay $183,000, the Department of Justice said in a statement acquired by IT World. The monetary amount is equal to what Koch paid for a consulting group to come in post-attack and fix their website. The attack itself only took Koch’s website down for about 15 minutes.
Similar crimes have also carried heavy punishments. Jeremy Hammond, 28, a member of Anonymous, was sentenced last month to 10 years in prison for hacking intelligence contractor Strategic Forecasting, also known as Stratfor.
Activists have claimed that such hacking sentences are disproportionate to the crimes and called for reform of the Computer Fraud and Abuse Act, which was passed in the 1980s and is still used to prosecute online crime today.

How the FBI Used Hacker Tricks to Track Down a Would-Be Bomber

0 comments

How the FBI Used Hacker Tricks to Track Down a Would-Be BomberFbi-malware

Malicious hackers commonly use phishing emails to lure would-be victims into clicking a seemingly harmless link that will actually install malware on their computers, allowing the perpetrators to siphon data, or even spy on their victims.
But the FBI is increasingly using the same techniques in its investigations; that's how it tried to track down a suspect who was making a series of bomb threats last year, according to The Washington Post, which confirms that the feds are relying on hacker's tricks to fight crime.

The FBI's elite hacker team created a customized piece of malicious software, or malware, that would install on a suspect's computer when he signs into his Yahoo email account. A judge in Colorado authorized the bureau to use the malware, according to court documents obtained by The Post.
The malware was designed specifically to siphon certain information from the suspect's computer to the FBI, including location data and websites visited. What's more, it allows the FBI to spy on a suspect through his webcam even without its indicator light turning on.
This is not the first time that the FBI has reportedly used malware, spyware and other hacking tricks to track down suspected criminals.
In August, it was revealed that the FBI uses sophisticated hacking tools. Chris Soghoian, principal technologist at the American Civil Liberties Union, discovered this after researching LinkedIn, where FBI contractors openly advertised their hacking services for the bureau.
The FBI's use of these techniques has critics concerned they could be too intrusive and perhaps illegal.
"There hasn't been a debate in Congress about the FBI getting into the hacking business; there hasn't been any legislation giving this power; this just sort of happened out of nowhere," Soghoian said at the Def Con hacking conference this summer.
This shaky legal ground was evident in a similar case earlier this year in which a Texas judge refused to sign off on an FBI warrant request to install malware that would covertly extract files from a suspect's laptop, and take pictures using its camera, according to The Wall Street Journal.
"It's time for a real discussion about what the rules should be," Kevin Bankston, a privacy and free speech lawyer and the policy director of the New America Foundation's Open Technology Institute, said on Twitter.
In the case of the would-be bomber, identified only as "Mo," the malware didn't work as intended, but revealed that Mo actually loves in Tehran, where he is safe from arrest by the FBI — although not from its hacking tools.

Copyright © MashBlur. All rights reserved.

Mashblur created by Mashblur From Mashblur