vscribe's blog
"Congressional Web Site Defacement's Follow the State of the Union"
Fri, 01/29/2010 - 7:18am • Tom C.
"Congressional Web Site Defacements Follow the State of the Union"
- Praetorian Prefect
An interesting problem, that we as the US have, is our denial of Cyberwar - while this post isn't exactly about that, it's close. Last night during or after the President's State of the Union Address, several congressional websites were hacked by Red Eye Crew - Why is this of interest? According to Praetorian Prefect, they were all running Joomla!
One of the defaced sites. Source: Praetorian Prefect
A partial list of defaced sites (49 in total again, all Joomla) are:
Twitter Hacked - could it happen to you?
Fri, 12/18/2009 - 7:47am • Tom C.
On 12/17/2008 around 7:00 PM EST (according to some reports) , Twitter.com was hacked by a group claiming to be the Iranian Cyber Army. The actual attack was a DNS Hijacking (or DNS Poisoning) that resulted in Twitter Users being directed to a page of their choosing.
This old school defacement actually was conducted by 'hijacking' the sites DNS - how they accomplished this is still unknown, the fact is they did. What exactly is a DNS Poisoning or Hijacking?
Hacker exposes XSS flaw on Pentagon website
Sun, 12/13/2009 - 10:40am • Tom C.
In a recent Darkreading.com (http://tinyurl.com/yls9s92) article, a hacker by the name Ne0h has exposed a flaw in the Pentagon's public website. Ne0h demonstrated this attack on his blog posting - http://tinyurl.com/ye5847b.
Why this is important is simply as a reminder that even sites with multibillion dollar budgets can have problems. In the case of the pentagon this XSS while somewhat just a demonstration, is important because a flaw was discovered, and surely will lead many more people to try to attack.
Malware attacks "easily the most prevalent" in 2009
Fri, 12/04/2009 - 9:40am • Tom C.
Good day and welcome to my blog courtesy of WebEnabled. I'm Tom Canavan, author of the book Joomla! Web Security and web security specialist.
In a recent survey by the Computer Security Institute (http://tinyurl.com/yju2qe6) they found that 43% of the attacks were malware based. Code clearly bent on the destruction of your site.
Additionally both organized crime and terrorists have jumped on the CyberCrime bandwagon (http://tinyurl.com/ydm7wd4).



