HackTrack http://www.hacktrack.org Security Portal Wed, 07 Jan 2009 03:17:07 +0000 http://wordpress.org/?v=2.6.2 en Trends in Counterfeit Currency http://www.hacktrack.org/2009/01/07/trends-in-counterfeit-currency/ http://www.hacktrack.org/2009/01/07/trends-in-counterfeit-currency/#comments Wed, 07 Jan 2009 03:17:07 +0000 usb tag:astalavista.com://d03625f916e1dacd1f4359da5b8eed61
More counterfeiters are using today's ink-jet printers, computers and copiers to make money that's just good enough to pass, he said, even though their product is awful.

In the past, he said, the best American counterfeiters were skilled printers who used heavy offset presses to turn out decent 20s, 50s and 100s. Now that kind of work is rare and almost all comes from abroad.

Green pointed to a picture hanging in his downtown conference room. It's a photo from a 1980s Lenexa case that involved heavy printing presses and about 2 million fake dollars.

"That's what we used to see," he boomed. "That's the kind of case we used to make."

Agents discovered then that someone had purchased such equipment and a special kind of paper and it all went to the Lenexa shop. Then the agents secretly went in there with a court order and planted a tiny video camera on a Playboy calendar.

Article Source(Continued)

]]> http://www.hacktrack.org/2009/01/07/trends-in-counterfeit-currency/feed/ New Phishing Kits Hit the Market: Trojan HTML Injections Now for Sale http://www.hacktrack.org/2009/01/07/new-phishing-kits-hit-the-market-trojan-html-injections-now-for-sale/ http://www.hacktrack.org/2009/01/07/new-phishing-kits-hit-the-market-trojan-html-injections-now-for-sale/#comments Wed, 07 Jan 2009 03:16:39 +0000 usb tag:astalavista.com://5850c504e9c16c4a5d3507e779e57955
Some fraudsters have developed websites to sell ready-made products to other fraudsters, such as phishing kits. Recently, the RSA FraudAction Research Lab traced a new type of service on a particular website to sell HTML injections, which can be combined with Trojan attacks. We will refer to this website as a Web Injection Shop.

HTML injections are not a new approach to stealing credentials and other personal information. However, the production-scale central repository for HTML injections in the Web Injection Shop is a new discovery, and is easily accessible by fraudsters. The Web Injection Shop that was traced is very similar to other websites that sell phishing kits and offers a long list of HTML injection codes designed to steal information from customers of dozens of financial institutions worldwide. Similar to phishing kits, each HTML injection is specifically tailored to match each bank’s specific website design.

The Web Injection Shop offers HTML snippets, as well as entire web pages, designed to fool online banking users into divulging their credentials and other personal information. Prices vary by target and HTML injection type – ranging between USD$10-30 – and fraudsters can browse through screenshots of various HTML injections that are for sale.

Article Source(Continued)

]]> http://www.hacktrack.org/2009/01/07/new-phishing-kits-hit-the-market-trojan-html-injections-now-for-sale/feed/ Flashy Botnet is Flashy http://www.hacktrack.org/2009/01/07/flashy-botnet-is-flashy/ http://www.hacktrack.org/2009/01/07/flashy-botnet-is-flashy/#comments Wed, 07 Jan 2009 03:16:11 +0000 usb tag:astalavista.com://427b5cf3441ede1d77de997d61623684
So, this is the result:

Article Source(Continued)

]]> http://www.hacktrack.org/2009/01/07/flashy-botnet-is-flashy/feed/ HTTP Verb Brute Forcing http://www.hacktrack.org/2009/01/07/http-verb-brute-forcing/ http://www.hacktrack.org/2009/01/07/http-verb-brute-forcing/#comments Wed, 07 Jan 2009 03:15:50 +0000 usb tag:astalavista.com://b0b440bc4daaabd1571bbed8b608676d
By actually testing each verb by hand, it’s pretty easy to skip using options, if that’s not available to you. Or, if you are on the defensive side, if you are turning off one verb, turn off everything that you don’t use, so you don’t have to worry about it. Iterating verbs can be super useful for finding open/unprotected Webdav servers, finding open directories that allow PUT, or open proxies. In general automated worms just try to perform the exploit rather than iterate options anyway, so in general it’s probably a good idea to shut down all HTTP verbs and open them up as you need them, rather than close them down one at a time as you figure out why they could be used for nefarious purposes.

Article Source(Continued)

]]> http://www.hacktrack.org/2009/01/07/http-verb-brute-forcing/feed/ Firefox add-on SSL Certificate Patrol http://www.hacktrack.org/2009/01/07/firefox-add-on-ssl-certificate-patrol/ http://www.hacktrack.org/2009/01/07/firefox-add-on-ssl-certificate-patrol/#comments Wed, 07 Jan 2009 03:15:23 +0000 usb tag:astalavista.com://e1adecb721102a07d233032d5518c873


Your web browser trusts a lot of certification authorities and chained sub-authorities, and it does so blindly. "Subordinate certification authorities" are a little known device: The root CAs in your browser can delegate permission to issue certificates to an unlimited amount of subordinate CAs (SCA) just by signing their certificate, not by borrowing their precious private key to them. Even Wikipedia doesn't mention this, nor do any public transparent listings exist of all the sub-CAs that your browser trusts every day. It might be virtually impossible to tell how many CAs you are trusting de-facto.

Revealing this and other inner workings of X.509 to end users is deemed as being too difficult for them to handle. You however are an advanced user, who wants to keep track on when certificates are updated and make sure none of the many authorities you involuntarily need to trust to have a working web browsing experience, abuses your trust allowing someone to read into your HTTPS communications by means of a subtle man in the middle attack. Still, this is a very paranoid thing to expect to happen, so only use this if you think you are sufficiently paranoid.

Download:

http://uploaded.to/?id=0t3evv
http://w19.easy-share.com/1903158199.html
http://www.megaupload.com/?d=QYPSANRN
http://www7.zippyshare.com/v/53116482/file.html
http://www.zshare.net/download/5378549931c81560/
http://www.filefactory.com/file/a010h30/n/certificate_patrol-0_4_0_5-fx_zip
http://rapidshare.com/files/180577963/certificate_patrol-0.4.0.5-fx.zip.html

---------------------------------------------------------------
MD5: 0ab3e352ec07ca73caf39a9a9f6f939b
---------------------------------------------------------------

Article Source(Continued)

------------------------------------------------------------------------------------------- -------------------------------------------------------------------------------------------




]]> http://www.hacktrack.org/2009/01/07/firefox-add-on-ssl-certificate-patrol/feed/ A rare peek at Homeland Security’s files on travelers http://www.hacktrack.org/2009/01/07/a-rare-peek-at-homeland-securitys-files-on-travelers/ http://www.hacktrack.org/2009/01/07/a-rare-peek-at-homeland-securitys-files-on-travelers/#comments Wed, 07 Jan 2009 01:15:34 +0000 Hack In The Box tag:www.hackinthebox.org://27070fdb9e0c4b2c3404ab3619d21ca6 http://www.hacktrack.org/2009/01/07/a-rare-peek-at-homeland-securitys-files-on-travelers/feed/ Fake celeb LinkedIn profiles lead to malware http://www.hacktrack.org/2009/01/07/fake-celeb-linkedin-profiles-lead-to-malware/ http://www.hacktrack.org/2009/01/07/fake-celeb-linkedin-profiles-lead-to-malware/#comments Wed, 07 Jan 2009 01:06:28 +0000 Hack In The Box tag:www.hackinthebox.org://37bba20d12157f26a78ea9a98ca789fc http://www.hacktrack.org/2009/01/07/fake-celeb-linkedin-profiles-lead-to-malware/feed/ Skype 2.8 Beta for Mac Released http://www.hacktrack.org/2009/01/07/skype-28-beta-for-mac-released/ http://www.hacktrack.org/2009/01/07/skype-28-beta-for-mac-released/#comments Wed, 07 Jan 2009 01:05:45 +0000 Hack In The Box tag:www.hackinthebox.org://f36f0cd69567d2b908b7f78feced5f7b http://www.hacktrack.org/2009/01/07/skype-28-beta-for-mac-released/feed/ The Five Most Dangerous Security Myths http://www.hacktrack.org/2009/01/07/the-five-most-dangerous-security-myths/ http://www.hacktrack.org/2009/01/07/the-five-most-dangerous-security-myths/#comments Wed, 07 Jan 2009 01:05:01 +0000 Hack In The Box tag:www.hackinthebox.org://ea28cefa12bc88ca1691100452be8a73 http://www.hacktrack.org/2009/01/07/the-five-most-dangerous-security-myths/feed/ Apple to sell iTunes songs DRM free http://www.hacktrack.org/2009/01/07/apple-to-sell-itunes-songs-drm-free/ http://www.hacktrack.org/2009/01/07/apple-to-sell-itunes-songs-drm-free/#comments Wed, 07 Jan 2009 01:04:29 +0000 Hack In The Box tag:www.hackinthebox.org://8d53180624f8bc2fc64bf43c7eba5a29 http://www.hacktrack.org/2009/01/07/apple-to-sell-itunes-songs-drm-free/feed/