Students crack Microsoft CardSpace

Friday, May 30th, 2008

Students at the Ruhr University of Bochum, Germany, say they have found a way to steal security tokens in Microsoft's new CardSpace authentication framework. Attackers can apparently get access to protected, encrypted user data – such as passwords, credit card numbers, and delivery addresses – when they are transmitted. ...

Comcast Hijackers Say They Warned the Company First

Friday, May 30th, 2008

The computer attackers who took down Comcast's homepage and webmail service for over five hours Thursday say they didn't know what they were getting themselves into. In an hour-long telephone conference call with Threat Level, the hackers known as "Defiant" and "EBK" expressed astonishment over the attention their DNS hijacking has ...

New SQL Injection Attacks Exploit Adobe Flash Flaw

Wednesday, May 28th, 2008

Mass SQL injection attack, take four: Yet another wave of SQL injection attacks is exploiting an Adobe Flash vulnerability that appears to be coming from the same series of attacks originating from China. The intent, as in previous attacks, has been to steal online gamers’ password credentials. But given the persistence ...

New Adobe Flaw Being Used in Attacks

Tuesday, May 27th, 2008

An unpatched bug in Adobe Systems' Flash Player software is being exploited by online criminals, Symantec reported Monday. Few details on the bug are available, but the flaw lies in the latest version of the Adobe Flash Player browser plugin, which is widely used by Internet surfers to view animated Web ...

Local Physical Attack Against VISTA To Obtain SYSTEM

Monday, May 26th, 2008

Pretty cool video doing a local physical attack against a Vista Box. http://www.offensive-security.com/movies/vistahack/vistahack.html McGrew Security Blog pointed me to it: "he demonstrates a quick and easy way of obtaining SYSTEM privileges on a Vista system, given physical access to the machine. In the video, he uses BackTrack to replace Utilman.exe with a copy ...