|
 |
dissabte, 20 / gener / 2007 |
|
|
[ComputerWorld Security] The Surprising Security Threat: Your Printers. Malgrat que el Blaster ja va demostrar que les impressores podien audar en la transmissió de determinats cucs, encara avui en dia pràcticament no se'ls hi dóna cap mena d'importància alhora de considerar la seguretat d'una xarxa.
In essence, networked printers need to be treated like servers or workstations for security purposes — not like dumb peripherals.
At the Black Hat conference in Las Vegas in August, O’Connor delivered a blow-by-blow presentation on how to bypass authentication, inject commands at the root level and create shell code to take over printers in Xerox Corp.’s WorkCentre line of printers, which run on Linux operating systems. He described the kinds of mischief you could do with a compromised printer, including password-catching, password-snarfing (changing passwords), hijacking functions, grabbing print jobs and playing with a billing program.
O’Connor, who says he has proved in his research lab that these hacks are possible, showed a video of himself exploiting these vulnerabilities in his lab during his Black Hat presentation.
|
  | 21:31 (# Enllaç permanent) | Comentaris: | Trackback:
|
|
[News.com] Swedish bank hit by 'biggest ever' online heist. El banc suec Nordea confirma que ha perdut poc més d'un milió de dòlars com conseqüència d'un frau a la seva banca online.
Nordea believes that 250 customers have been affected by the fraud, after falling victim to phishing e-mails containing the Trojan. According to McAfee, Swedish police believe Russian-organized criminals are behind the attacks. Currently, 121 people are suspected of being involved.
The attack started by a tailor-made Trojan sent in the name of the bank to some of its clients, according to McAfee. The sender encouraged clients to download a "spam fighting" application. Users who downloaded the attached file, called raking.zip or raking.exe, were infected by the Trojan, which some security companies call haxdoor.ki.
Haxdoor typically installs keyloggers to record keystrokes, and hides itself using a rootkit. The payload of the .ki variant of the Trojan was activated when users attempted to log in to the Nordea online banking site. According to the bank, users were redirected to a false home page, where they entered important log-in information, including log-in numbers.
|
| 20:52 (# Enllaç permanent) | Comentaris: | Trackback:
|
|
© Copyright 1996-2007 Xavier Caballe.  . Si no s'indica expressament el contrari, el material publicat en aquest weblog es distribueix d'acord amb la llicència Creative Commons. El contingut és responsabilitat única i exclusivament del seu autor i no té cap relació amb les seves activitats professionals.
|
 |
 |
 |
 |
Contingut actualitzat
Categories
Darrers comentaris
Arxiu
Contingut antic
(ja no s'actualitza)
Versions anteriors
d'aquesta pàgina
|
 |
 |
 |
 |
|
