News and Opinion

Patrick Gray's picture

CONFIRMED: Unu back with a bang: Symantec pwned

Some love him, some hate him: Brazen blogger is back.
November 24, 2009 -- 

"Unu's blog" is back online and has claimed the high-profile scalp of a Symantec website.

The anonymous blogger, who goes by the pseudonym Unu, successfully extracted customer data including license keys, usernames and passwords from a Symantec website that "facilitates customer support for users of Symantec’s Norton-branded products in Japan and South Korea," the company acknowledged in a statement.

He or she published their findings overnight on the resurrected blog.

Patrick Gray's picture

Unu's blog disappears

What's happened to everyone's favourite Web app blog?
November 9, 2009 -- 

"Unu's blog", a website chronicling one hacker's brazen compromises of high-profile web applications, has been yanked offline.

Visitors to the blog are now shown text suggesting Unu has shut up shop voluntarily. "This user has elected to delete their account and the content is no longer available," is the only explanation offered.

Patrick Gray's picture

H D Moore sells Metasploit: Open source project in commercial hands

Rapid7 acquires Metasploit project promising development resources
October 21, 2009 -- 

The Metasploit project has been acquired by Rapid7, a US-based vulnerability management company.

Metasploit creator H D Moore confirmed the sale in a podcast interview with Risky.Biz overnight (Click to hear the podcast). "This is more of a buy in than a sell out," he told Risky.Biz "It's about taking Metasploit to the next level with a real company with real funding."

Patrick Gray's picture

EXCLUSVE: Bottle Domains to appeal court ruling

It's not over... Bottle will fight Supreme Court ruling...
September 30, 2009 -- 

Domain name registrar Bottle Domains will appeal a court ruling that would have seen it stripped of accreditation as a registrar, Australia's domain name regulator says.

Patrick Gray's picture

No patch for Windows 2000 vuln

RIP Windows 2000?
September 9, 2009 -- 

Microsoft has refused to patch a denial of service vulnerability in Windows 2000, claiming working up a fix is "infeasible".

While the bug allows remote code execution several versions of Windows, including Vista and Server 2008, its impact on Windows 2000 is limited to causing a denial of service.

Let's hope it's not one of those Denial of Service bugs that turns out to be quite serious later.

Patrick Gray's picture

VulnDisco bug list made public

List of 0day in Vulndisco's exploit pack gets an airing...
September 3, 2009 -- 

InteVyDis has released a list of exploits included in its VulnDisco exploit pack for CANVAS.

It makes for pretty interesting reading. There are 211 exploits on the list, with 117 of them described as confirmed 0day.

You can find the list here.

As far as Risky.Biz is aware, these guys do not contact vendors and give them details on 0day they acquire. While to most that would seem the right thing to do, it's directly opposed to InteVyDis' commercial interests.

Patrick Gray's picture

EXCLUSIVE: McAfee Leaks 1,400 Security Pro Details

Faces are as red as the company logo at McAfee HQ today...
July 29, 2009 -- 

Security software maker McAfee has accidentally e-mailed the full contact details of 1,400 IT security professionals to an unknown number of recipients.

The marketing spreadsheet contained the full names, titles, organisation names, phone numbers and e-mail addresses of all who had registered for or attended the company's recent Strategic Security Summit on July 17 in Sydney.

Patrick Gray's picture

Domain.com.au Acts On Fraud Then Tells Fibs

Domain.com.au lies and says it first heard of rental scam two weeks ago...
July 23, 2009 -- 

After two months of its customers being ripped off blind by African criminals, real estate website Domain.com.au has discovered that merely publishing a new Website security policy isn't enough to magically solve the complex problem of rampant online fraud.

Patrick Gray's picture

Nmap Reloaded: "Biggest Release Since 1997"

New Ncat utility could replace netcat...
July 16, 2009 -- 

A new version of nmap has just been released by its creator, Gordon "Fyodor" Lyon, who describes it as the software's "most important release since 1997".

The new package, nmap 5.0, includes Ncat, billed as a "a much more advanced and modern reimplementation of the beloved Netcat". Also included is Ndiff, which is designed to portscan networks and alert administrators to changes.

Kimberly Zenz's picture

Belorussian ATM Attacks Could Be Replicated In English Speaking Nations

The emergence of sophisticated ATM malware in Belarus could spell trouble for English speaking countries...
July 13, 2009 -- 

If you were an Eastern European ATM, you would be feeling nervous at the moment, and rightfully so.

First, Diebold warned Russian banks about malicious code installed their machines last January. Then in May, Trustwave reported on malware found on 20 ATMs in Russia and Ukraine, the earliest of which was first infected almost exactly two years ago, and which has been improved at least 16 times since then.

Now Belorussian ATMs face another wave of malicious code, infecting what appears to be a high number of ATMs in urban areas.

Syndicate content