... From Computerworld
February 06, 2007 -- Left online for 24 days to see how hackers would attack them, four Linux computers with weak passwords were hit by some 270,000 intrusion attempts -- about one attempt every 39 seconds, according to a study conducted by a researcher at the University of Maryland.
Among the key findings: Weak passwords really do make hackers' jobs much easier. The study also found that improved selection of usernames and associated passwords can make a big difference in whether attackers get into someone's computer.
What surprises me is that these were Linux computers.
Subscribe to:
Post Comments (Atom)
2 comments:
No End In Sight...
Hackers Stole Info on 45MM Credit, Debit Cards
Computer hackers managed to steal information from at least 45.7 million credit and debit cards from TJX Cos. Inc., the company said.
According to a filing with the Securities and Exchange Commission by TJX Cos. - the parent company of T.J. Maxx, Marshalls, HomeGoods and A.J. Wright - the information was stolen over an 18-month period beginning in Dec. 2002, writes Direct Magazine (via MediaBuyerPlanner).
Driver's license numbers and other personal data from customers who returned merchandise without a receipt were also stolen, from 455 million people.
They're even getting more sophisticated and selling their techniques for a fee.
I was just reading about how you can download trojan horse, malware and spyware software to put on your web site. When visitors drop by, they inadvertently pick up this crap and it sits on their machine. The original developer can then access your machine and for this they pay you (the webmaster) a monthly fee! See excerpt from article below.
"While investigating a Trojan horse named Gozi recently, Jackson discovered that it was designed to steal data from encrypted Secure Sockets Layer streams and send it to a server in St. Petersburg, Russia. The Trojan horse took advantage of a vulnerability in the iFrame tags of Microsoft's Internet Explorer and had apparently been planted on several hosted Web sites, community forums, social networking sites and sites belonging to small businesses.
The server to which the stolen information was sent to held more than 10,000 records containing confidential information belonging to about 5,200 home users. It was maintained by a group called 76Service and contained server-side code for stealing data from systems -- as well as code for an administrator interface and a customer interface for data mining, Jackson said.
The front end allowed subscribers to log in to individual accounts, view indexed data and get results from queries based on certain fields such as IP addresses and URLs. Each customer-generated query had a price associated with it, Jackson said. The currency unit used on the site was WMZ, a WebMoney unit roughly equivalent to the U.S. dollar, Jackson said. A customer query returning three passwords for a small retailer might cost 100 WMZ, while a query for 10 passwords for an international bank might fetch 2,500 WMZ or more. Customers could also choose how they wanted their search results delivered -- as compressed files in e-mails or via FTP.
The actual Gozi code itself appears to have been purchased by 76Service from a Russian hacking group called the HangUp Team. Such code typically costs about $1,000 to $2,000, depending on its sophistication, Jackson said. In addition to the original Trojan horse, the server also hosted two ready-to-deploy variants in a separate staging area. The malicious code included a downloader and a stored password stealer and appeared to be have been made to order for 76Service."
Post a Comment