LAN-blog

LAN-blog

The leaked AMI-Bios code

HakkeriPosted by Harleyman Sun, April 14, 2013 00:43:39

Efter jeg på threadpost havde læst om at souce koden til AMI-bios'en har ligget online på et ftp site i .tw tænker man... Det må jeg bare se...

info: https://threatpost.com/en_us/blogs/ami-firmware-source-code-private-key-leaked-040513

På et forum for virus udviklere fandt jeg et link til koden "leaked_biosCODE.rar" : MEGA

Here is the AMI-soucecode : leaked_biosCODE.rar - mirror -Enjoy!

  • Comments(0)//blog.deadmeat.dk/#post255

SQL-haxor Prosa og QXL?

HakkeriPosted by Harleyman Sat, April 13, 2013 21:24:28

Ved at bruge siden : http://punkspider.hyperiongray.com/ fandt jeg et par "sjove" .dk domaines...bemærk : SQL-hullerne er IKKE testede...

Et kig på Prosa.dk og der var et par sikkerhedshuller...

Scanned: Tue Apr 02 14:41:01 GMT 2013 - BSQLI:2 | SQLI:1 | XSS:0| Overall Risk:4

Et kig på QXL.dk og der var et par sikkerhedshuller...

Scanned: Tue Feb 19 23:17:31 GMT 2013 - BSQLI:1 | SQLI:0 | XSS:2| Overall Risk:3

  • Comments(1)//blog.deadmeat.dk/#post254

Min citibank konto?

HakkeriPosted by Harleyman Sat, December 15, 2012 12:16:47

Det ser ud til jeg har overtræk på min citibank konto...Men jeg har jo slet ikke en citibank konto! Ser man på kilde koden kan man se at ingen af de links der er i mailen peger på citibank.

Jeg giver dette forsøg 2 uf af 10 med solbriller... Phishing-meter : smileysmiley

De skal have point fordi designet er det rigtige citibank... med logo og det hele..

Dog er det lidt tyndt mailen henter logo'er fra citibank selv og bfi0.com

Reply er godt skjult og peger rigtig på citybank@australux.com.au (med en "name" i html koden). Det trækker ned at URL-Links peger på en tandlæge i tyskland (i html koden) og links ikke virker efter 24 timer... Come on!

Fik denne mail fra citibank:

Dear CitiVisitor,

Your message to our Internet Security Specialist team has been received
and will be thoroughly investigated. Thank you for being alert to
possible Internet fraud. We work with law enforcement to shut down
fraudulent operators who threaten our customers. You can help protect
yourself by reviewing our email safety information at http://citi.com/domain/spoof/learn.htm.

This email box is solely for the purpose of reporting suspicious email
messages claiming to be from Citi. You will not receive a personal
response. If you have responded to an email you suspect is fraudulent,
or if you have specific questions about any online security issues,
please contact one of our Internet Security Specialists at
1-888-285-9696.

  • Comments(0)//blog.deadmeat.dk/#post248

Tyskland kalder efter jul..

HakkeriPosted by Harleyman Fri, December 14, 2012 10:08:45

Så blev det endelig december og det er inde-computer-vejr.

I år er det 10 år siden TheParty lukkede... 10 år med så mange minder om noget der var så fedt! Desværre vil de fleste TheParty-org. helst bare holde fast i minderne og nekrologen(theparty.dk)...hvilke igen betyder at Danmark ikke har et Nørd-møde sted mellem jul og nytår smiley Måske i 2013/2014 eller aldrig?(video fra TheParty kan findes på: http://www.youtube.com/harleymandk )

Men Jul og sne betyder også forskellige spændende partys i Tyskland.

Ligenu står valget mellem hakkeri vs. demoscene vs. sofa'en.(remote 29c3+vpn?)

29c3 i Hamburg (eller et remote partys)

Med DSB(ca. 800kr t/r):

http://www.dsb.dk/find-og-kob/rejser-udlandet/rejser-til-udlandet/kob-togrejser-i-europa/kob-togrejse-til-hamborg/

Eller TUM : http://2012.tum-party.net/

the Ultimate Meeting 2012
Hegelsberghalle
Sterngasse 75
64347 Griesheim

Eller Maximum Overdose X : http://weltordnung.com/mo/

Dorfkrug
Anschuetzstrasse 11
23562 Luebeck

Lige en meddelelse til Demoscene:

Today(d.14 dec), Bùi Tường Phong, who heavily influenced modern computer graphics by developing several algorhithms, the most well known beeing Phong Shading, would have become 70 years old. He envisioned methods and tricks to make digital generated images look more realistic then they actually were. He died from Leukemia in 1975, shortly after becoming professor at Stanford University. So let's remember a great man, who -- in my eyes -- was a bright example for what one might nowadays call the "demoscene spirit".

  • Comments(0)//blog.deadmeat.dk/#post247

Halv Dårligt phishing forsøg..

HakkeriPosted by Harleyman Tue, September 18, 2012 10:42:50
Flere på DTU modtager for tiden mails med nogle halv dårlige forsøg på Phishing.
Kigger man på mailen kan man se linket er en google doc konto.
Alle med bare 4 hjerneceller ved man nok ikke burde skrive sin adgangskode ind i
et ark på en tilfældig konto på google.

Det ser ud til de fleste mails kommer fra @admin.net og konto'er fra dem der falder i.



Update:
Har modtaget en version hvor der bruges et andet link,som føre til en sikkerhedsfejl i IE.

Mere info:
http://www.version2.dk/artikel/pas-paa-hackere-misbruger-gabende-sikkerhedshul-i-internet-explorer-47781


  • Comments(0)//blog.deadmeat.dk/#post235

Uindbudte gæster hos GoDaddy?

HakkeriPosted by Harleyman Tue, September 11, 2012 14:38:29

GoDaddy skulle være online igen.... "Now it looks like the sites are coming back up, but GoDaddy has yet to confirm whether the outage was due to a distributed denial of service attack " http://techcrunch.com/2012/09/10/godaddy-looks-like-its-back-up-company-yet-to-confirm-why-it-went-down/

Fik denne mail :

Today, GoDaddy (our domain registrar) suffered from a service outage which resulted in millions of sites going down. Unfortunately, www.coursera.org was one of those.

GoDaddy's servers are still recovering, but we've since switched to using Amazon's domain name services instead. Our site was down for a few hours in the transition period but everything should be back to normal now, though you might encounter a few residual issues as our domain name changes propagate through the internet.

You can read more about the GoDaddy...We apologize for the inconvenience. Thank you for bearing with us as we were working to restore access!

Techcrunch:

http://techcrunch.com/2012/09/10/godaddy-outage-takes-down-millions-of-sites/

"A member of Anonymous known as AnonymousOwn3r is claiming responsibility, and makes it clear this is not an Anonymous collective action. I’ve been adding more information below as details emerge. A tipster tells us that the technical reason for the failure is being caused by the inaccessibility of GoDaddy’s DNS servers — specifically CNS1.SECURESERVER.NET, CNS2.SECURESERVER.NET, and CNS3.SECURESERVER.NET are failing to resolve."

Fra V2:

Stort nedbrud rammer kunder hos amerikanske Godaddy.com, der hoster omkring fem millioner hjemmesider.

Kilde : http://www.version2.dk/artikel/nedbrud-hos-hostingfirma-rammer-5-millioner-hjemmesider-47640

  • Comments(0)//blog.deadmeat.dk/#post234

OHM2013 any1?

HakkeriPosted by Harleyman Mon, September 10, 2012 11:21:03

Jeg har sendt et par invite til OHM2013-gruppen på facebook til dem jeg har som venner og kunne tænkes at de gider nørde i telt i holland..Gruppen er mest for at finde ud af hvem skal kører med os og hvad skal vi have med...

Regner lidt med samme setup som CCC2011 turen... Stor bil(2 biler?) + Stor(e) telt(e)...

p.t. ved jeg kun hvad der står her : https://ohm2013.org/site/

July 31st – August 4th 201 - Geestmerambacht - The Netherlands

Deres Twitter profil : http://twitter.com/ohm2013

kort over kørerturen (Googlemaps) - den siger 785 km...

Blog / Billeder fra vores Tysklandstur i 2011 : http://blog.deadmeat.dk/#category11

Skal vi have en plads på deres wiki?? https://ohm2013.org/wiki/Category:Village

  • Comments(1)//blog.deadmeat.dk/#post233

Lidt Hax0r videoer..

HakkeriPosted by Harleyman Mon, July 23, 2012 16:11:06

Næste weekend er det Defcon(July 26 – 29th, 2012)... Håber stadig på jeg kan komme med næste år...any1?? Sidste weekend var det Hope9..Video'erne kan hentes her : http://hattorrents.com/

Ellers er det næste jeg ser frem til : TrSac 2012 19-21 oct.

Det er p.t. stadig uvist med Holland næste år...Der arbejdes på sagen

  • Comments(0)//blog.deadmeat.dk/#post227

uindbudte gæster hos Maplesoft

HakkeriPosted by Harleyman Thu, July 19, 2012 14:11:00

Det ser ud til der har været uindbudte gæster hos selve MapleSoft via et CrossScript.

Fra deres site:

The perpetrators appear to be using email addresses they have taken from the database to spread viruses or malware. The perpetrators are posing as Maplesoft in an attempt to have individuals they email click on a link or download a malicious piece of software. Recipients should not respond to these emails and they should not open any attachments or click on any download links. These emails should be deleted immediately. Maplesoft discovered the security breach after some of Maplesoft’s customers received what appeared to be a spam email. Notification of the spam email was then immediately posted on the Maplesoft website. Upon investigation by Maplesoft’s IT staff, the security breach was discovered and Maplesoft took immediate corrective actions to stop the breach and prevent further unauthorized access to Maplesoft’s databases. All of the individuals affected by the security breach have been alerted by Maplesoft directly. “Maplesoft takes the security of our customers’ and contacts’ personal information very seriously. We are in the process of notifying all individuals whose information may have been compromised,” said Jim Cooper, CEO of Maplesoft. “We have locked down our systems to prevent further unauthorized access and we are reviewing our security practices and procedures to help ensure this does not happen again.”
“We deeply regret any inconvenience or concerns that this situation may cause our contacts and customers,” added Cooper.

UPDATE July 18th at 08:00 EST

A second version of the message has been reported. Recipients of this message are provided a link which directs users to a location with the domain maple-soft.com. Please be advised that this domain is not controlled by Maplesoft and the link should not be clicked under any circumstances. As originally posted, please contact Maplesoft Customer Service if you have any questions or concerns.

POSTED July 17th at 14:40 EST

Some Maplesoft users have been receiving emails that indicate a new patch for Maple software is available. Recipients of this message receive an attachment called Maple_Patch.zip which they are asked to extract using the password MapleSecuirityUpdate1707. Please be advised that this patch did not originate from Maplesoft and should not be opened under any circumstances.

Mailen der er sendt til kunderne:

Maplesoft Affected by Security Breach

Maplesoft is investigating a security breach of its administrative database
that took place on July 17th, 2012. As a result of the breach, the perpetrators
gained access to some email subscription data, including email addresses, first
and last names, and company and institution names. Any financial information
held by Maplesoft remains secure, and has not been affected by this security
breach.

The perpetrators appear to be using email addresses they have taken from the
database to spread viruses or malware. The perpetrators are posing as Maplesoft
in an attempt to have individuals they email click on a link or download a
malicious piece of software. Recipients should not respond to these emails
and they should not open any attachments or click on any download links. These
emails should be deleted immediately. Maplesoft discovered the security breach
after some of Maplesoft’s customers received what appeared to be a spam email.
Notification of the spam email was then immediately posted on the Maplesoft
website. Upon investigation by Maplesoft’s IT staff, the security breach was
discovered and Maplesoft took immediate corrective actions to stop the breach
and prevent further unauthorized access to Maplesoft’s databases. All of
the individuals affected by the security breach are being alerted by Maplesoft
directly.

“Maplesoft takes the security of our customers’ and contacts’ personal information
very seriously. We are in the process of notifying all individuals whose information
may have been compromised,” said Jim Cooper, CEO of Maplesoft. “We have locked
down our systems to prevent further unauthorized access and we are reviewing
our security practices and procedures to help ensure this does not happen again.”

“We deeply regret any inconvenience or concerns that this situation may cause
our contacts and customers,” added Cooper.

Maplesoft has setup a webpage, http://www.maplesoft.com/security/, where concerned
individuals can review the most up-to-date information related to the breach.
Customers and contacts with questions or concerns can contact Maplesoft Customer
Service directly at 519-747-2373. Full Maplesoft contact details, including
international contact numbers, are available here: www.maplesoft.com/contact.

Regards,
Maplesoft Customer Service

  • Comments(0)//blog.deadmeat.dk/#post226
« PreviousNext »