Informationweek Influencer
dragosr (@dragosr)
- Twitter Bio:
- Stop, Think, Pwn!
- Location:
- Vortex of Cool
- Website:
- http://cansecwest.com
dragosr's Selections From the Web
Millions of Internet users in Brazil have fallen victim to a sustained attack that exploited vulnerabilities in DSL modems, forcing people visiting sites such as Google or Facebook to reach imposter sites that installed malicious software and stole online banking credentials, a security researcher said.The attack, described late last week during a presentation at the Virus Bulletin conference in Dallas, infected more than 4.5 million DSL modems, said Kaspersky Lab Expert Fabio Assolini, citing statistics provided by Brazil's Computer Emergency Response Team. The CSRF (cross-site request forgery) vulnerability allowed attackers to use a simple
Mathematician Zach Harris, 35, of Jupiter, Fl., poses for a portrait on Tuesday. Photo: Brynn Anderson/WiredIt was a strange e-mail, coming from a job recruiter at Google, asking Zachary Harris if he was interested in a position as a site-reliability engineer.“You obviously have a passion for Linux and programming,” the e-mail from the Google recruiter read. “I wanted to see if you are open to confidentially exploring opportunities with Google?”Harris was intrigued, but skeptical. The e-mail had come to him last December completely out of the blue, and as a mathematician, he didn’t seem the likeliest candidate for the job Google was pitching.
This is the story about how I cracked 122 million unique passwords using John the Ripper and oclHashcat-plus.
It was several months ago, when I saw a tweet from KoreLogic about a torrent file containing various password hash lists for a total of 146 million passwords. This very big amount of password hashes at first discouraged me, as I only ownÂ
Today seemed like a fun day to write about a really cool vector for cross-site scripting I found. In my testing, this attack is pretty specific and, in some ways, useless, but I strongly suspect that, with resources I don't have access to, this can trigger stored cross-site scripting in some pretty nasty places. But I'll get to that!
Interestingly enough, between the time that I wrote this blog/tool and published it, nCircle researchers have said almost the same thing (
Upcoming Events
Live Events
- I Can See Clearly Now - E2 Conference Boston
- Discover the opportunities and challenges associated with mobile retail - Mobile Commerce World - Mobile Commerce World
- Explore best practices for marketers in the new mobile world - Mobile Commerce World - Mobile Commerce World
- The E2 Social Business Leaders - E2 Conference Boston - E2 Conference Boston
- How to Choose a SaaS Vendor - E2 Conference Boston
This Week's Issue
Free Print Subscription
SubscribeSpecial Issue
Current Government Issue
- The Government CIO 25: These influential and accomplished government IT leaders are finding ways to be cost efficient and still innovate.
- Rethink Video Surveillance: It's not just about networked cameras anymore. New technology provides analytics, automation, facial recognition, real-time alerts and situational-awareness capabilities.
- Read the Current Issue
Related Whitepapers
- HP Newsletter with Gartner Research: Maximizing Your Infrastructure through Virtualization
- Understanding Holistic Database Security 8 Steps to Successfully Securing Enterprise Data Sources
- Information Protection: The Impact Of Big Data
- A How-To Guide on Using Cloud Services for Security-Rich Data Backup
- IBM index reveals key indicators of business continuity exposure and maturity
Related Reports
