Hacking Computers exploits security

The Exploit Database (EDB) – an ultimate archive of exploits and vulnerable software. A great resource for penetration testers, vulnerability researchers, and security addicts alike. Our aim is to collect exploits from submittals and mailing lists and concentrate them in one, easy to navigate database.

Exploit Database

 Obamacare Hacking insecurity Obama

Keith Koffler

In what sense is a broken website “fixed” when it’s completely insecure?

Security consultant David Kennedy, who has testified before Congress about the flaws in Healthcare.gov that have made people’s information unsafe, revealed Monday he was able to gain access to the personal records of 70,000 Obamacare enrollees in four minutes.

“It looks like it’s continuing to get worse,” Kennedy said of the website’s security fiasco.

What’s more, it appears he used methods that are available to anyone:

    We didn’t actually hack the website. This is basically from what we could find open on the Internet . . . If hackers actually target their efforts on Healthcare.gov, it’s disastrous what type of information they could actually find on the website.

Kennedy added that the very fact that the website is still so bad it crashed Monday suggests security issues must also be a problem.

White House Dossier

 Hacking security IT

If you are interested in learning something about IT Security, Hacking or Vulnerability Exploitation this is the right place to start.

On this page you can find more than 250 sorted papers, 20 conferences and the links to more than 100 books on this topic.

OrkSpace

 Hacking Raptor jihadophobe

Grandpa, patriot who goes by 'The Raptor,' claims credit for taking down Al Qaeda websites

Jana Winter

An American hacker, who calls himself “The Raptor” and claims to be a grandfather waging his own war on terror, is taking credit for a series of takedowns of online forums used by Al Qaeda sympathizers, FoxNews.com has learned.

Calling himself a patriot acting on behalf of U.S. troops serving overseas, The Raptor claims to be behind last month’s attack on Al Qaeda’s main online forum, Shamukh Islamic Network, and a handful of other sites and forums, including Ansar al-Mujahideen, where jihadists gather online to issue threats and exhort one another to acts of terror. The sites went down on March 22, and most remained dark for nearly two weeks. As the websites stayed offline, The Raptor taunted his targets on Twitter, daring them to “bring it.”

“Bow. Wave. Exit Stage Right. Curtains. Applause,” he tweeted after Shamukh, the main site used to blast out Al Qaeda content, was taken out of commission, only to return days later with a message blaming the outage on “Enemies of Allah.”

In the online world, where posters and hackers alike take on false personas and play a virtual game of cat and mouse, it is difficult to know if The Raptor is who he says he is, someone simply claiming credit, or if the hack attacks are part of some larger, government-related operation.

“Who is taking it down is an interesting question, but does it matter?” asked Jeff Bardin, cyberterror expert and former Air Force Arabic linguist who is now a principal at the private intelligence firm Treadstone 71.

If experts can’t be sure who is taking the jihadist sites down, it is unlikely the extremists who run them and post on them can, either. But it is all but certain they’ve been stung by the taunts of someone calling himself The Raptor, or as his Twitter handle is spelled, “the3raptor.”

 Stratfor Hacking defacement data breach

via ZeroHedge

 Hacking defacements 2010

 Almost 1,5 million websites defaced, what's happening?

Marcelo Almeida (Vympel), Boris Mutina (Minor)

Last year the Zone-​H archived a sad record num­ber, we archived 1.419.203 web­sites deface­ments.

Why and how this is hap­pen­ing?

If you are look­ing at on the stats, the things remain the same: file inclu­sion, sql injec­tion, web­dav attacks and shares mis­con­fig­u­ra­tion are still at the top ranks of the attack meth­ods used by the defac­ers to gain first access into the server. As an impor­tant fac­tor influ­enc­ing the stats we con­sider the fact that last year brought a very high num­ber of the local linux ker­nel exploits.

Since many years ago, Linux became the most used OS for web­servers and of course the pre­ferred tar­get for the defac­ers. Last year we archived 1.126.987 attacks against web­sites run­ning on the Linux sys­tems. The most used exploit by the defac­ers is the CVE-​2010 – 3301,that was fixed in 2007 and was mys­te­ri­ously rein­tro­duced in 2008, in a large pile of ker­nel ver­sions x86_​64.