Showing posts sorted by relevance for query Paypal. Sort by date Show all posts
Showing posts sorted by relevance for query Paypal. Sort by date Show all posts

PayPal Announced Paid “Bug Bounty” Program for Security Researchers

Posted by Avik Sarkar On 6/24/2012 09:07:00 pm

PayPal Announced  Paid “Bug Bounty” Program for Security Researchers

Giant in payment services provider PayPal recently announced the launch of a new paid bug bounty program where PayPal will reward security researchers who will discover vulnerabilities in its website with handsome amount of money. In the official blog PayPal's Chief Information Security Officer Michael Barrett said- "The security of our customers’ data is our number one priority" Its very obvious and clear that while enhancing more security PayPal took this step because we all know that PayPal is listed among those sites where cyber-criminals always kept their eyes. 
If you are a security researcher, and you've discovered a site or product vulnerability, please forward your details to sitesecurity@paypal.com. We also like to give you reminder that before PayPal- Facebook, Google & many other has already started this paid bug bounty program.

-:PayPal Bug Bounty Program In Details:-
  • PayPal security team will determine the bounty amount and all decisions are final. 
  • Bounty is awarded to the first person that discovers the previously unknown bug.
  • The bug bounty program is subject to change or to cancellation at any point without notice.
  • Payment is paid out through a verified PayPal account, once the bug is fixed.
  • For all submissions, do not send personal information in your report and please use PayPal's PGP key to encrypt your email.
  • Individuals from sanctioned countries are not allowed to participate in this program.
  • eBay Inc. employees, contractors and their immediate relatives are not allowed to participate in the program.
Vulnerabilities That Are in Scope:
  • XSS
  • CSRF/XSRF
  • SQLi
  • Authentication bypass
Note: While "Logout CSRF" is a well-acknowledged issue, there are other techniques  like "cookie forcing" and "cookie bombardment" that can make it futile to defend against this attack. Also, PayPal's web sessions are relatively short lived and hence the Bug Bounty panel will not consider reports of the ability to log out users from PayPal as qualifying for the reward.
In Your Bug Submission Email, Please Include The Following:
  • Your email address
  • Your PayPal account (in order to receive the bounty)
  • Vulnerability type (i.e., XSS, CSRF, SQLi, etc.)
  • Vulnerability Scope: Domain(s), URL(s) and Parameter(s) impacted
  • Steps to reproduce bug
Guidelines for Responsible Disclosure
  • Share the security issue with us before making it public on message boards, mailing lists, and other forums.
  • Allow us reasonable time to respond to the issue before disclosing it publicly.
  • Provide full details of the security issue.
Terms for Participation :- As between eBay Inc. and the Submitter, as a condition of participation in the PayPal Bug Bounty program, the Submitter grants eBay Inc., its affiliates and customers a perpetual, irrevocable, worldwide, royalty-free and non-exclusive license to use, reproduce, adapt, modify, publish, distribute, publicly perform, create derivative work from, make, use, sell, offer for sale and import the Submission for any purpose. Submitter represents and warrants that the Submission is original to the Submitter and Submitter owns all rights, title and interest in and to the Submission. Submitter waives all other claims of any nature, including express contract, implied-in-fact contract, or quasi-contract, arising out of any disclosure of the Submission to eBay. In no event shall eBay be precluded from discussing, reviewing, developing for itself, having developed, or developing for third parties, materials which are competitive with those set forth in the Submission irrespective of their similarity to the information in the Proposal, so long as eBay complies with the terms of participation stated herein. 

For additional information click Here





SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Cyber Criminals Targeting Paypal Via Spamming

Posted by Avik Sarkar On 11/27/2011 02:18:00 pm


Paypal again under cyber attack. This time spammers hit paypal very hard. The issue over here is that Paypal is saying or you can say the spam mail containing that Your email address has been changed. Attached to the email is an HTML form (Personal Profile Form - PayPal-.htm), that requests you enter your personal information. Of course, the email is not really from PayPal (who would never send you an HTML form via email anyway), and any information you enter will soon be in the hands of phishing cybercriminals.

Typical Spam Looks Like:-

Subject: You have changed your PayPal email address
Attachment: Personal Profile Form - PayPal-.htm
Message body:

Dear PayPal Customer,

You have added [EMAIL ADDRESS] as a new email address for your Paypal account.
If you did not authorize this change, check with family members and others who may have access to your account first. If you still feel that an unauthorized person has changed your email, submit the form attached to your email in order to keep your original email and restore your Paypal account.
NOTE: The form needs to be opened in a modern browser which has javascript enabled (ex: Internet Explorer 7, Firefox 3, Safari 3, Opera 9)
Please understand that this is a security measure intended to help protect you and your account. We apologize for any inconvenience.
If you choose to ignore our request, you leave us no choice but to temporary suspend your account.
Sincerely, PayPal Account Review Department.

Immediately after this phenomena Paypal takes stpes. They are asking you to forward the mail to the security Team.   To know the official advice of Paypal click Here. To prevent this Paypal released security measures. More info Have a look 


  

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

PayPal Sent 1,000 IP Addresses List of Anonymous to FBI

Posted by Avik Sarkar On 8/03/2011 04:48:00 am


In cooperation with the FBI, PayPal sent them a list of about 1,000 IP addresses that carried malicious code during Anonymous' attacks on it last year, which helped agents target specific people in recent raids that led to 16 arrests.
An affidavit filed by Special Agent Chris Thompson reveals that PayPal worked closely with the feds to nail down those responsible for the attacks on it, from the time the attacks started to about a week later, when PayPal found warnings about the FBI sweeps circulating amongst participants in the attacks.  
As early as December, FBI agents had been in contact with Dave Weisman, PayPal's senior manager of its Electronic Crimes and Threat Intelligence Unit. They shared a conference call two days after PayPal was hit with a distributed denial of service (DDos) attack in retaliation for suspending donations  to WikiLeaks through its PayPal account. PayPal reported several attacks to the FBI that occurred between Dec. 6 and 10.
On Dec.15, PayPal provided agents with a thumb drive that contained "logs and report detailing information regarding approximately 1,000 IP addresses that sent malicious network packets to PayPal during the DDoS attacks."
The 1,000 IP addresses were derived from logs created by a PayPal-owned Radware device that records the attackers' IP addresses and the malicious signature it's programmed to recognize. According to the affidavit, a senior security engineer at eBay identified the specific set of strings being used in the attacks, and found only half a dozen variations, leading investigators to be able to pinpoint the patterns of the infiltration.
The IP addresses captured by PayPal were able to be linked to specific premises through subpoenas served upon AT&T and other Internet Service Providers. One of the 1,000 IP addresses given to the FBI by PayPal sent more than 3,600 "malicious network packets" to PayPal between Dec. 8 and 9. A federal grand jury subpoena was served on AT&T on Jan. 6, which AT&T complied with a response on Jan. 18, which led to Valori S. Reid and Peter B. Reid, and their 19-year-old son Ethan, in Arlington, Texas. 
The Reids weren't arrested, but their home was the site of one of 35 search warrants executed by the FBI in relation to the Anonymous investigation. 

Here is a screen shots or warning for every suspects who might have been involved in that operation:-  


-News Source (NBC)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

'PayPal 14' Culprits Enter Guilty Pleading Over Pro-WikiLeaks DDoS Attack Versus PayPal

Posted by Avik Sarkar On 12/08/2013 01:14:00 am

Accused 'PayPal 14' Culprits of Anonymous Enter Guilty Pleading Over Pro-WikiLeaks DDoS Attack Versus PayPal

I am quite sure that all of your regular readers still remember the devastating cyber attack from Anonymous against PayPal, the attack was conducted under the banner of Operation PayPal (#OpPayPal). The infamous hacker community stated a reason for this mass protest as the online payment company suspending the account of WikiLeaks. #OpPayPal is considered as one of the most demolishing cyber attack ever taken in cyber space. PayPal with law enforcement agencies immediately taken steps and start investigation, in the primary step PayPal sent 1000 IP address of Anonymous hacker who was linked on that attack to FBI. As expected the hackers who were behind that attack was serially busted by the police. And finally the accused anonymous hacker appeared in federal court in California on Thursday and will be formally sentenced in one year. Eleven of the so-called “PayPal 14” members each pleaded guilty in court to one felony count of conspiracy and one misdemeanor count of damaging a computer as a result of their involvement in a distributed denial-of-service (DDoS) attack waged by Anonymous in late 2010 shortly after PayPal stopped processing donations to the anti-secrecy group WikiLeaks. Prosecutors say the defendants used a free computer program called the Low Ion Orbit Cannon, aka LOIC, to collectively flood PayPal’s servers with tremendous amounts of illegitimate internet traffic for one week that winter, at moments knocking the website offline as a result and causing what PayPal estimated to be roughly £3.5 million in damages
Pending good behavior, those 11 alleged Anons will be back in court early next December for sentencing, atpleading guilty to the misdemeanor counts only, likely removing themselves from any lingering felony convictions but earning an eventual 90 day jail stint when they are finally sentenced. A fourth defendant, Dennis Owen Collins, did not attend the hearing due to complications involving a similar case currently being considered by a federal judge in Alexandria Virginia in which he and one dozen others are accused of conspiring to cripple other websites as an act of protest during roughly the same time.
which point the felony charges are expected to be adjourned. Two of the remaining defendants cut deals that found them. In his press reaction defense attorney Stanley Cohen said the terms of the settlement were reached following over a year of negotiations, “based upon strength, not weakness; based upon principle, not acquiescence.” In the courtroom all the accused hacker stood up and said, ‘We did what you said we did . . .We believe it was an appropriate act from us and we’re willing to pay the price.’ 
On the other hand Cohen, who represented PayPal 14 defendant Mercedes Haefer in court, said one of the hacktivists told him after Thursdays hearing concluded that "This misdemeanor is a badge of honor and courage." When media questioned Michael Whelan, a lawyer for one of the defendants, he declined to comment on the plea. 


-Source (RT)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

DDoS Attack From Anonymous Cost PayPal £3.5 Million of Damage

Posted by Avik Sarkar On 11/23/2012 08:07:00 pm

DDoS Attack From Anonymous Cost PayPal £3.5 Million of Damage 

The distributed denial of service attack (DDoS) from hacktivist Anonymous has cost PayPal more than €4.3 million. The attack which was named Operation Payback were initially aimed at companies that opposed internet piracy, but switched to companies like Mastercard, Visa and PayPal after they refused to process payments to WikiLeaks. After that attack PayPal -the global leader in online money transfer and payments has paid around £3.5 million defend and arm itself against such kind distributed denial-of-service (DDoS) attacks. In a report BBC said that more than one hundred skilled employees from eBay, PayPal's parent company, spent almost three weeks working on DDoS-attack-related issues and that PayPal had bought software and hardware to defend itself against further attacks. In all, the total cost of this work came to £3.5 million. This details have been revealed in a court case at Southwark Crown Court where a defendant, Christopher Weatherhead (studying at Northampton University when who allegedly took part in the campaign), is facing charges of conspiring to impair the operation of computers. He has pleaded not guilty to conspiring to impair the operation of computers between 1 August 2010 and 22 January 2011.
Sandip Patel, prosecuting, said the group caused PayPal "enormous economic harm". Mr Patel said they used distributed denial of service, or DDoS, which flooded the targets computers with enormous amounts of online requests. Target websites would crash and users would be directed to a page displaying the message: "You've tried to bite the Anonymous hand. You angered the hive and now you are being stung."
Mr Patel said: "This case, simply put, is about hackers who used the internet to attack and disable computer systems - colloquially described as cyber-attackers or vandals." He said Mr Weatherhead, who used the online name Nerdo, posted plans on an Internet Relay Chat (IRC) channel encouraging an attack on PayPal. 
He said PayPal was the victim of a series of attacks "which caused considerable damage to its reputation and loss of trade". 






SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Farhan Ghumra found Critical Vulnerability in Payment Portal of PayPal

Posted by Avik Sarkar On 7/08/2011 06:03:00 pm

Farhan Ghumra, A Computer Engineering Student from Rajkot, India  found Critical Vulnerability in Payment Portal PayPal. Websites having PayPal portal for payment can easily be bypassed by Java Script. The JavaScript will bypass the payment page and redirect the user to download page for products like software, e-Books and so on. He also reported the Paypal Authority about this flaws.

According to Farhan:-

"...JavaScript is so simple. It just redirect the user by fetching the download page from website’s source code.


javascript:top.location=document.getElementsByName(‘return’)[0].value;javascript:void(0);


Moreover the JavaScript is floating around various blogs and forums. Apart from them a lot of video tutorial are uploaded on YouTube. The infected websites can easily be searched by this Google dork


“this order button requires a javascript enabled browser”


Google list a whopping 1,390,000 results. So this number of sites are at risk easy to be exploit. The internet is flooding with this vulnerability & it’s exploit, but the biggest question is that the PayPal, which is considered the most secure payment service doesn't get attention till now about this theft..."

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Anonymous & Lulzsec Declared #OpPayPal (Antisec)

Posted by Avik Sarkar On 7/28/2011 12:27:00 am

Anonymous and LulzSec's PayPal boycott campaign gathers momentum. Following the arrests of members in connection with an attack on PayPal's Web site, hacktivist groups Anonymous and LulzSec have launched an online campaign calling for people to close their accounts with the e-payments firm.
Earlier this month the FBI arrested 14 people accused of involvement in last year's cyber-attack on PayPal's Web site by Anonymous in retaliation for the company's closure of a donation account for Wikileaks.
Anonymous has teamed with LulzSec under the #AntiSec banner to issue a joint statement, declaring themselves "outraged at the FBI's willingness to arrest and threaten those who are involved in ethical, modern cyber operations".
In a change of tack, the partners are now calling for a legal form of protest, saying "we encourage anyone using PayPal to immediately close their accounts and consider an alternative" and asking people to tweet pictures of their actions.
The call to arms appears to have gathered some momentum, with the #OpPayPal hashtag the number three trending topic worldwide by 12.00 GMT, prompting @AnonymousIRC to tweet
 
"We hoped for a little impact, but honestly did not expect this. Waiting for NASDAQ to open. Our tip: SELL EBAY! WikiWiki! #AntiSec #OpPayPal"
 





In a tweet posted late afternoon, Wikileaks says it intends to file suit against eBay and Paypal in the US and Europe in line with its ongoing legal and anti-trust actions against Visa and MasterCard.
Separately, Anonymous' Austrian branch has accessed the bank data of 96,000 people in an attack on the GIS television licence agency's Web site, according to AFP.
To See the official press release of Anon & Lulzsec click here
To join the Official IRC of #opPayPal Click Here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Single Sig-on (SSO) Service Is Vulnerable (Google, Paypal, Facebook, Twitter Users At Risk)

Posted by Avik Sarkar On 3/22/2012 05:40:00 pm

Single Sig-on (SSO) Service Is Vulnerable (Google, Paypal, Facebook, Twitter Users At Risk)
Serious security flaws has been found in Web-based single sign-on (SSO) services run by Google, Paypal, Facebook, Twitter, and many others. It has been suspected that executing the vulnerability an attacker can get access to users' accounts. Researchers at Microsoft and Indiana University recently recently discovered this loop hole. The security researchers have made an exclusive report which clearly indicates poor integration by website developers of the application programming interfaces and a lack of end-to-end security checks as the reasons for the flaws.  According to the report :- “In this study, we discovered eight serious logic flaws in high-profile ID providers and relying party websites, such as OpenID (including Google ID and PayPal Access), Facebook, JanRain, Freelancer, FarmVille, Sears.com, etc. Every flaw allows an attacker to sign in as the victim user. We reported our findings to affected companies, and received their acknowledgements in various ways”. 
Although the flaws have been fixed by the affected companies, “this study shows that the overall security quality of SSO deployments seems worrisome”, they noted. 




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Suspected LulzSec and Anonymous Members Got Busted

Posted by Avik Sarkar On 9/03/2011 03:52:00 pm

Four men have been arrested in separate parts of the UK by police investigating the hacker groups Anonymous and LulzSec. The suspects - from Doncaster, Warminster, Northampton and London - are being questioned by Scotland Yard's e-Crime unit. Their arrests are part of a wider operation involving UK law enforcement and the FBI. At the same time, 14 suspected members of Anonymous appeared in a US court.
Authorities around the world have been rounding up suspects following a wave of attacks by both groups on major corporations and government institutions.
Amazon, PayPal, the CIA, US Senate and the UK's Serious Organised Crime Agency have all suffered either intrusions or denial of service attacks, designed to take their websites offline.


Mass arrests:-

In the latest round of British arrests, police detained 20-year-old Christopher Weatherhead from Northampton and 26-year-old Ashley Rhodes from Kennington, near London. The pair are due to appear at Westminster Magistrates Court on 7 September. Detectives also arrested a 24-year-old man from Doncaster, and a 20-year-old from Wiltshire for conspiring to commit offences under the Computer Misuse Act 1990. In the United States, a mass court appearance saw 14 suspected Anonymous members appear before a judge in San Jose, California. All of them denied being involved in a denial of service attack on PayPal's website in December 2010. Anonymous had publicly declared its intent to target both PayPal and Amazon for, what the group perceived as, their complicity in isolating whistle blowing website Wikileaks. Following the leaking of confidential US State Department memos, PayPal stopped processing donations to Wikileaks, while Amazon kicked the site off its web hosting service.

-News Source (BBC)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

British Court Convicts Anonymous Hacker "Nerdo" For DDoS Attack Over WikiLeaks Funding

Posted by Avik Sarkar On 12/11/2012 05:53:00 pm

British Court Convicts Anonymous Hacker "Nerdo" For DDoS Attack Over WikiLeaks Funding

Another alleged Anonymous hacker faced cour rule. A British court has convicted a 22-year-old for allegedly being a ‘key figure’ behind Anonymous DDoS attack on PayPal in revenge for its freezing WikiLeaks payments. A 22-year-old British student Christopher Weatherhead, self described "hacktivist", going by the name of "Nerdo" was convicted by the jury on a count of conspiracy to impair computer operations. The conviction came after guilty pleas of three of Weatherhead's co-conspirators.
"Christopher Weatherhead is a cyber criminal who waged a sophisticated and orchestrated campaign of online attacks on the computer systems of several major companies," prosecutor for the CPS Organized Crime Division Russell Tyner said in a statement. "These were lawful companies with ordinary customers and hard working employees. This was not a victimless crime."
This court rule came as a part of its ongoing pursuit to strike back at hackers, U.K. courts have convicted a member of Anonymous for conspiracy.
That very cyber attack, for which Christopher Weatherhead has been charged was dubbed "Operation Payback" where Weatherhead and several other Anonymous members targeted those companies that opposed internet piracy, but switched to companies like Mastercard, Visa and PayPal after they refused to process payments to WikiLeaks. Recently in our report, we described that Operation Payback cost a massive damage, for PayPal it cost more than €4.3 million. According to CPS, those campaigns carried by the hacker cost the companies more than $5.6 million in additional staffing, software, and loss of sales. 
The student denied the accusation claiming he was merely an Anonymous chatroom operator and never took part in the attacks. The judge allegedly demanded that Weatherhead provide “as much information as possible” and threatened him with a jail term. The court ruling in Mr. Weatherhead's case will be announced later. 



-Source (Cnet)








 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Edward Pearson Sent To Jail For Stealing 8Million Customers Banking & PayPal Details

Posted by Avik Sarkar On 4/04/2012 02:28:00 pm

Edward Pearson (23 Years Aged Hacker) Sent To Jail For Stealing 8Million Customers Banking & PayPal Details

A 23 years aged hacker from UK named Edward Pearson has been sent to prison to pilfer eight million personal identities (ID fraud). Between January 1 2010 and August 30 2011, he used of malicious computer programs to get his hands on - wait for it - eight MILLION personal identities. According to report he used highly sophisticated cyber-weapons such as Zeus and SpyEye, to hunt down personal details on the Internet. 
One of his programs scanned through 200,000 accounts registered to online payment service PayPal - identifying names, passwords and current balances. Luckily, Pearson got caught after only making a £2,400 ($3,800 USD). The authorities estimate he could have walked away with as much as £800,000 ($1.3M USD).  Authorities were alerted to the problem when his 21-year-old girlfriend, Cassandra Mennim, used stolen credit cards to book rooms at the upmarket Cedar Court Grand and Lady Anne Middleton Hotels. Investigators looking into the case eventually identified him as G-Zero on hacking forms. Pearson has been jailed for 26 months, whilst girlfriend Cassandra Mennim admitted two counts of obtaining services dishonestly and was given 12 months’ supervision.


-Source (NS & DailyMail)


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Google Pakistan Hacked & Defaced By Turkish Hacker

Posted by Avik Sarkar On 11/24/2012 07:05:00 pm

Google Pakistan Along With Microsoft  HP, HSBC, Apple, PayPal, Blogspot Hacked & Defaced By Turkish Hacker

Today was most probably the worst day in the history of Pakistan cyber space. Ten big domains of Pakistan has been stroked very badly. Many of you are guessing that it was Indian hackers who cost this damage. But in reality the attack was not generated from India, Bangladesh or such any other native countries,  but it was a Turkish hacker who have reportedly taken down the home and search page of Google Pakistan while leaving an image of two penguins walking across a bridge for million of users. I think now you got that, yes it was Google Pakistan which has been hacked and defaced by a Turkey hacker code named "KriptekS". In the deface page the hacker left several messages in Turkish language, the translation of the text, written on the website, is: "eboz. My homies in a friend always there for me. Have not shot by me with every breath." Also the hacker left a message saying "Pakistan Downed" which is indicating that the home page of Google Pakistan is indeed take down. According to deface mirror on Zone-H, the attack took place around 02:17 in the afternoon, but still, when I am writing this article, the home page of Google Pakistan is still offline. 
May be you are thinking that the story is over, but no; as I told earlier it was the worst day for Pakistani cyber fence, trust me indeed it was. As along with Google, KriptekS, the Turkish hacker also targeted Pakistani domain of Blogger, HSBC, Coca-Cola, Fanta, Paypal, Microsoft, HP & Apple. Also it has been reported that Pakistani domain of Sony, Yahoo & Windows has also been allegedly hacked. And all those hacked domains are still offline. 

List of Hacked Sites:-

http://www.google.com.pk
http://www.google.pk
http://www.hp.com.pk
http://www.apple.pk
http://www.hsbc.pk
http://www.blogspot.pk
http://www.coca-cola.pk
http://www.fanta.pk
http://www.paypal.pk
http://www.microsoft.pk
www.visa.com.pk
www.ebay.pk
www.msn.org.pk
www.sony.pk
www.windows.com.pk
www.yahoo.pk


Deface Mirrors:-

http://zone-h.com/mirror/id/18639529
http://zone-h.com/mirror/id/18639530
http://zone-h.com/mirror/id/18639528
http://zone-h.com/mirror/id/18639527
http://zone-h.com/mirror/id/18638930
http://zone-h.com/mirror/id/18638890
http://zone-h.com/mirror/id/18638879
http://zone-h.com/mirror/id/18638866
http://zone-h.com/mirror/id/18638824
http://zone-h.com/mirror/id/18638825
http://zone-h.com/mirror/id/18638826
http://zone-h.com/mirror/id/18638827
http://zone-h.com/mirror/id/18638828
http://zone-h.com/mirror/id/18638820
http://zone-h.com/mirror/id/18638822
http://zone-h.com/mirror/id/18638823


While talking about this dangerous cyber attack, we would like to remind you that few days ago couple of Pakistani hackers defaced several big Israeli domains including MSN, Bing, Live, Skype, Microsoft Store, BBC, CNN, Coca-Colla, XBOX, Windows, Intel, Philips, Israeli Parliament, Citi Bank and so on. Whether it is not clear that this attack on Pakistan has nay relation with that attack on Israel. But what we can say is that "KriptekS" exactly followed the same path, which Pak hackers shown the world few days ago. 




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Top 5 DDoS Attacks of 2011, Exclusive Report By Corero Network Security

Posted by Avik Sarkar On 10/09/2011 04:42:00 pm

Corero Network Security (cns:LN), the leader in on-premises Distributed Denial of Service (DDoS) Defense Systems for enterprises, data centers and hosting providers, named its list of 2011's Top 5 DDoS attacks. Corero's findings show an increase in newer, intelligent application-layer DDoS attacks that are extremely difficult to identify "in the cloud," and often go undetected until it is too late. Corero also found an uptick in attacks against corporations by "hactivists" DDoS-ing sites for political and ideological motives, rather than financial gain. Attacks against Mastercard, Visa, Sony, PayPal and the CIA top Corero's list.
"The cat-and-mouse game between IT administrators, criminals and hactivists has intensified in 2011 as the number of application-layer DDoS attacks has exploded. Coupled with an increase in political and ideological hactivism, companies have to be extremely diligent in identifying and combating attempts to disable their websites, steal proprietary information and to deface their web applications, " said Mike Paquette, chief strategy officer, Corero Network Security.

Corero's 2011 Top 5 DDoS Attacks:-

1. Anonymous DDoS Attacks on WikiLeaks "Censors" Visa, MasterCard and PayPal. The most significant DDoS attack so far this year, the WikiLeaks-related DDoS attacks on Visa, MasterCard and PayPal were both Anonymous' "coming out" party, and the first widespread example of what has been dubbed "cyber rioting" on the Internet, with virtual passersby joining in the attack voluntarily.

2. Sony PlayStation Network DDoS. A shocking wake-up call for many gamers, customers and investors, the Sony Playstation Network DDoS attack began a series of cyber attacks and data breaches that damaged Sony financially and hurt its reputation.

3. CIA and SOCA Hit by LulzSec DDoS Attacks. The appearance of LulzSec on the cyber attack scene, highlighted by bold DDoS attacks on the CIA and the U.K. Serious Organised Crime Agency (SOCA), made us wonder if anyone was safe on the Internet.

4. WordPress DDoS. A massive DDoS attack disrupted one of the world's largest blog hosts--some 18 million websites. The huge attack hit the company's data centers with tens of millions of packets per second.

5. Hong Kong Stock Exchange. This DDoS attack had a major impact on the financial world, disrupting stock market trading in Hong Kong. This was a highly leveraged DDoS attack, potentially affecting hundreds of companies and individuals through a single target.

For all the pain and suffering DDoS attacks have caused, there are a number of best practices that companies can implement to reduce their risk. The most effective defense against DDoS attacks requires expert preparation of defensive resources, ongoing vigilance and a rapid, organized response.

-News Source (Corero Network Security)


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Anon & Lulzsec Respond Against The FBI

Posted by Avik Sarkar On 7/23/2011 02:30:00 pm



Hacker groups Anonymous and LulzSec have issued a joint statement in response to recent FBI arrests of suspected Anonymous members thought to have carried out a cyberattack against PayPal in 2010.
In their release, the hackers addressed a statement made to NPR by Steven Chabinsky, deputy assistant FBI director. "We want to send a message that chaos on the Internet is unacceptable," Chabinsky told NPR. "[Even if] hackers can be believed to have social causes, it's entirely unacceptable to break into websites and commit unlawful acts."
The hacker collectives responded with a list of what they define as "unacceptable" practices:

* Governments lying to their citizens and inducing fear and terror to keep them in control by dismantling their freedom piece by piece.
* Corporations aiding and conspiring with said governments while taking advantage at the same time by collecting billions of funds for federal contracts we all know they can't fulfil.
* Lobby conglomerates who only follow their agenda to push the profits higher, while at the same time being deeply involved in governments around the world with the only goal to infiltrate and corrupt them enough so the status quo will never change.
With regards to the arrests of alleged members of Anonymous by the FBI, the hackers wrote, "Your threats to arrest us are meaningless to us as you cannot arrest an idea.  There is nothing - absolutely nothing - you can possibly to do make us stop."
According to the AP, the FBI on Tuesday arrested 14 people across the United States and confiscated computers in connection with the PayPal attack. Another two were arrested for unrelated activities. In addition, Britain's Scotland Yard took into custody one person, and the Dutch National Police Agency arrested four.

Click Here to see the Statement Of ANON & LULZSEC

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Wikileaks Will Take Legal Action Against PayPal, MasterCard & Visa

Posted by Avik Sarkar On 7/06/2011 01:24:00 am


There hasn't been much talk lately over the fact that PayPal, MasterCard and Visa all cut off Wikileaks late last year, after the US government freaked out about the release of some State Department Cables. None of the firms has done a very good job explaining why this makes sense (or why they continue to allow other groups, such as the KKK to receive funding, while singling out Wikileaks). I'm sure those three firms, which took quite a public bashing when the news originally dropped, would prefer that there not be any more talk about it. However, Wikileaks and the payment firm they used, DataCell, are apparently planning to file a legal complaintthis week against all three firms in Europe. A draft of the complaint, which was obtained by Andy Greenberg at Forbes (linked above and embedded below), claims that the three firms violated Articles 101 and 102 of the EU Treaty, effectively a form of antitrust law. While I tend to think many antitrust claims are merely attacks on successful companies, this seems like a case where they could make sense. Here you have basically the only three ways for most people to transfer money easily, all agreeing to block a single (small) client from receiving money, despite no legal ruling against the operation (hell, charges haven't even been filed). It certainly would make for an interesting case.

-News Source (techdirt)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Microsoft gave comment about LulzSec

Posted by Avik Sarkar On 6/18/2011 09:37:00 pm



Microsoft has commented on LulzSec's posting of emails and addresses, some of which may be associated with Xbox Live accounts. Microsoft has sent us this comment on the data, which is an info dump and not a hack.
"This group appears to have posted a list of thousands of potential email addresses and passwords, and encouraged users to try them across various online sites like Xbox LIVE in the event one of the users happens to use the same password and email address combination.  At this time we do not have any evidence Xbox LIVE has been compromised. However we take the security of our service seriously and work on an ongoing basis to improve it against evolving threats."
The group dumped a list of 62,000 emails and passwords on a file sharing site (the list has been taken down multiple times) for accounts of sites and services like Xbox Live, PayPal, WOW, and much more (confirmed on LulzSec's Twitter, even). We've also had one poor reader tell us the credit card attached to his Xbox Live account has already been hit for $100 and the account's password changed.Just to clarify: LulzSec hasn't hacked Xbox Live, they've simply released people's emails and passwords that may pertain to an Xbox Live or PayPal or WOW, etc. account.  Hacker group LulzSec has released emails and passwords for some people's Xbox Live account info, among other sites and services. LulzSec has also been involved in attacks on Nintendo, Minecraft, EVE Online, and (of course) Sony, among others. And for those of you keeping score out there, hactivists Anonymous deal more in denial of service attacks, while exposing user info is one of LulzSec's deals. Whatever the method or rationale, though, it's annoying. 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Vasilis Pappas Won 'Blue Hat' Security Contest & Grand Prize of $200,000 From Microsoft

Posted by Avik Sarkar On 7/30/2012 01:52:00 am

Vasilis Pappas Won 'Blue Hat' Security Contest & Grand Prize of $200,000 From Microsoft

Earlier in last year software giant Microsoft started Blue Hat security contest. BlueHat Prize was globally  announced by the company at the 2011 Black Hat security conference in Las Vegas, offers a grand prize of $200,000, a runner-up purse of $50,000, and a third-place award of a one-year subscription to MSDN Universal--a developer's platform for Microsoft products--worth $10,000--to security researchers who design the most effective ways to prevent the use of memory safety vulnerabilities. 
This year Microsoft awarded a bunch of hackers and gave away an amount of  $260,000. 'Hackers' in the good sense here, the clever programmers who won its Blue Hat security contest, including a grand prize of $200,000

The big prize was awarded to a PhD student at Columbia University, Vasilis Pappas, who was handed the check in an American Idol-style contest finale complete with loud music and confetti. The winners were announced during a party at the Black Hat hackers conference 2012 that just happened this week in Las Vegas. Two other guys took home significant prizes, too. Ivan Fratric, a researcher at the University of Zagreb in Croatia, got $50,000 and Jared DeMott, a Security Researcher for Harris Corp. won $10,000.
They all submitted ideas to help solve a really hard security problem called Return-Oriented Programming. ROP is a hacker technique that is often used to disable or circumvent a program's computer security controls. Twenty people submitted ideas in the contest. Without getting into too much technical detail, Pappas came up with something called kBouncer which blocks anything that looks like an ROP attack from running. It's become popular these days to pay security researchers bounties. But what's cool about the Blue Hat contest is that it paid the researcher for actually coming up with a fix to a problem. Not only Microsoft, other compaines- GoogleFacebook, Paypal & many more already have their "Bug Bounty" program, where they reward researchers for simply identifying flaws in thier system. But by contrast Microsoft and Adobe don't pay bounties. Here Microsoft promised that this first Blue Hat prize won't be its last, So this may be a sign of a smart new approach to engaging with security researchers for the software giant. 


-Source (Microsoft & Business Insider)







SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Related Posts Plugin for WordPress, Blogger...

Site search