Hydra Tool Can Crack Your Online Passwords

Here is a website link that discusses Hydra trying to crack online passwords at websites: http://insidetrust.blogspot.com/2011/08/using-hydra-to-dictionary-attack-web.html The tool can attack (and iterate)  through a set amount of dictionary passwords to ssh and ftp server accounts very easily (without any extra configuration) If there are website forms that have usernames and passwords (like WordPress or Joomla … Read more

FBI: Watch for Fake Government Sites

ISIL is defacing web Sites using WordPress vulnerabilities http://www.ic3.gov/media/2015/150407-1.aspx  ic3=Internet Crime Complaint Center recommendation is to update your WordPress website as much as possible when necessary: check the following sites: http://www.securityfocus.com/bid, http://cve.mitre.org/index.html, https://www.us-cert.gov/ for vulnerabilities and update your site as needed.   In practicality it means updating your WordPress site as the plugins are updated … Read more

How Dangerous is SQL Injection?

A good tutorial of basic SQL injection (without a tool): http://www.kalitutorials.net/2014/03/sql-injection-how-it-works.html Notice the bottom entryuser-id field: ‘ OR 1= 1; /* and in password field: */– As it states in the image (from the kalitutorials website) the second statement gives you access to data of all accounts.   Why is this? because a 1=1 statement … Read more

Training the Next Cybersecurity Professionals

http://www.darkreading.com/operations/educating-the-cyberwarriors-of-the-future/a/d-id/1319590   Jeff Shilling opines that we need more experienced people in the Cybersecurity field. As usual the issue is senior-level execs do not fully understand all the ramification differences with 1.  a person with 5+ years experience in IT plus Cyber Security Knowledge   (no university degree)some certifications or 2. a person with 2 … Read more

Fake Apps Fooling Thousands

It is worthwhile to discuss Fake apps: http://www.hotforsecurity.com/blog/dont-be-fooled-bitdefender-anti-prank-tool-does-not-exist-11664.html There are “fake” apps which claim to be anti-virus or other legitimate apps (like games) but in reality are stealing your information on your phones and computers. Example: Guardian story Here is a Criminal developer boasting(on a discussion board) about creating the fake Flappybird app which steals … Read more