Sunday, May 29, 2011
GMA Website and Twitter ~ Pawned
And so I tried to look in their website and suddenly I was redirected to google. Hmm.. what could have caused this? Then when I tried to visit a certain page in http://www.gmanews.tv/entertainment, and again a pop-up message just came out that says hacked by d4rkbit. The same guy who posted nasty stuffs in the twitter.
I wonder what his motives are. Does he want to gain access to its ssh or just for pure fun? Could this cause another competition with its rival TV network? Again I witnessed another defaced site accidentally. My opinion is that maybe the defacer just want to tell the admin of the website that their site is vulnerable.
About the Contributor:
Shipcode is an InfoSec enthusiast from Cebu. During his high school days he was just an ordinary script kiddie. He loves to search for web exploits and other issues concerning network / wireless security.
ROOTCON is managed by like minded InfoSec professionals across the Philippines.
All rights reserved. Designated trademarks, brands and articles are the property of their respective owners.
Thursday, May 26, 2011
Third attack on Sony, Greece music site hacked — Sophos security
This is the third attack after the Sony Thailand website was hacked last Friday, May 20, less than a month after the Sony PlayStation Network was hacked.
“In what seems to be a never-ending nightmare it appears that the website of Sony BMG in Greece has been hacked and information dumped. An anonymous poster has uploaded a user database to pastebin.com, including the usernames, real names and email addresses of users registered on SonyMusic.gr," Sophos senior security adviser Chester Wisniewski said in a blog post Monday (Manila time).
He said the data appeared to be incomplete as it claims to include passwords, telephone numbers and other data that are either missing or bogus.
Also, he said the attacker may have used an automated SQL injection tool to find the flaw in the site.
Wisniewski recommended that users of SonyMusic.gr reset their passwords, and expect that any information they entered when creating their account may be in the hands of someone with malicious intent.
“Keep a close eye out for phishing attacks," he added.
What was needed was not a particularly skillful attack but “simply the diligence to comb through Sony website after website until a security flaw is found," according to Sophos.
On the other hand, Wisniewski noted it is nearly impossible to run a totally secure web presence, especially for a firm the size of Sony.
“As long as it is popular within the hacker community to expose Sony’s flaws, we are likely to continue seeing successful attacks against them," he said.
“While it's cruel to kick someone while they’re down, when this is over, Sony may end up being one of the most secure web assets on the net," he added.
Wisniewski said the lesson from the attack is the company to perform thorough penetration tests of its website which, he said, is far less costly than to suffer the loss of trust, fines, disclosure costs and loss of reputation these incidents have resulted in. — MRT/VS, GMA News
Source: GMA News
About the Contributor:
A self-confessed blogger minus the coffee. He maximizes his skills in consultancy, project management, professional networking and very active in conceptualizing things. To date he already conducted several IT / Information Security events as his passion since 2007. Currently he's working as a Technical Support Specialist in a local company.
All rights reserved. Designated trademarks, brands and articles are the property of their respective owners.
Monday, May 23, 2011
Hackers: Coming Soon to a Website near You
(Hackers and Phreaks Computer Outlaws - Photographed by Catherine Karnow)Okay, picture this out.
I was at the rooftop, right outside my room tinkering in front of my laptop when all of a sudden, something popped up at the back of my head – “to archive hacked sites and post it here”.
So here comes my Google friend and I searched around the web for interesting news.
Lo and Behold! There’s a growing trend involving Philippine government sites being hacked and prone to cyber vandalism.
Join me as I archive this news from around the world.
Where should I start? If you have leads email me at ec[at]rootcon[dot]org.
[Updated May 22, 2011 @ 1:04AM]
Right after I published this blog "Hackers: Coming Soon to a Website near You", I received an email informing me to check and search on .ph (Philippines) domains aside from .gov.ph and whoa!
It's not only Philippine government sites being hacked here but also corporate and other personal blog sites.
Statistics shows that there will be more attacks to come. You should be ready to defend yourself. I’m not saying that you should just sit there and think.
So what's the point here? Well it's pretty obvious. This is a scary stuff. Now, it will happen to anybody.
Please comment on this topic at our ROOTCON forum. We all learn from each other when your views and opinions are shared.
Stay tuned.
[Updated May 22, 2011 @ 2:52AM]
Soon we will archive defaced websites and it is appropriate that ROOTCON should have a Disclaimer Notice.
To read the complete Disclaimer, click here.
About the Contributor:
A self-confessed blogger minus the coffee. He maximizes his skills in consultancy, project management, professional networking and very active in conceptualizing things. To date he already conducted several IT / Information Security events as his passion since 2007. Currently he's working as a Technical Support Specialist in a local company.
ROOTCON is managed by like minded InfoSec professionals across the Philippines.
All rights reserved. Designated trademarks, brands and articles are the property of their respective owners.
