Slashdot is powered by your submissions, so send in your scoop

 


Forgot your password?
Close
typodupeerror
×
Security

Submission + - Doorways on Non-default Ports of Hacked Servers (unmaskparasites.com) 1

Submitted by UnmaskParasites
UnmaskParasites writes: To drive traffic to their online stores, software pirates hack reputable legitimate websites injecting hidden spammy links and creating doorway pages. Google's search results are seriously poisoned by such doorways. Negligence of webmasters of compromised sites makes this scheme viable — doorways remain unnoticed for years. Not so long ago, hackers began to re-configure Apache on compromised servers to make them serve doorway pages off of non-default ports, still taking advantage of using established domain names.

Submission + - Microsoft attempts to censure bing vulnerability

Submitted by Anonymous Coward
An anonymous reader writes: Microsoft's bing search engine has a vulnerability with its cash-back promotion, which impacts both merchants and customers. In traditional Microsoft style, Microsoft responded to the author of the breaking bing cashback with a cease & desist letter, rather than fixing the security problems. It is possible for a malicous user to create fake bing cash-back requests, resulting in not only fake cash-back costs for the merchant, but also blocking legitimate customers from receiving there cash-back from bing. The original post is currently available in bing's cahce (although perhaps not for long). But no worries, the author makes it clear that the exploit should be painfully obvious to anyone that reads the bing cashback sdk.
Science

Submission + - An Electron Microscope for Your Home? (wired.com)

Submitted by CuteSteveJobs
CuteSteveJobs writes: Could Microscopy be in for a new golden age? Wired previews the desktop-sized Hitachi TM-100 Electron Microscope. Light microscopes can magnify up to 400X (1,000X albeit at lower quality) — just enough to see bacteria as shapes — but this one offers 20X to 10,000X giving some amazing pictures. Unlike traditional electron microscopes, this one plugs into a domestic power socket and specimens don't need any special preparation; It's point-and-shoot much like your typical digital camera. So easy, a grade-schooler could use it and earlier this year that's what happened: The kids at Iwanuma Elementary School in Miyagi, Japan got their own electron microscope. At $60,000 you'll have to give up on the BMW, but the hope is with economy of scale (so far 1,000 have sold) and miniaturization the price will continue to drop. The only bad news? It runs XP.

Comment They steal passwords from config files (Score 1) 359

by UnmaskParasites (#28678863) Attached to: R.I.P. FTP

Hi,

I'm Denis Sinegubko. The one quoted in this article.

I want to clarify one thing about how malware steals passwords from webmasters' computers.

TCP traffic sniffing was only one of possible vectors.

However, now I have more proofs that malicious programs just read configuration files and registry settings.

Just check how this trojan steals FTP, email and IM credentials:
http://www.viruslist.com/en/viruses/encyclopedia?virusid=147349

I checked programs, installed on my computer and indeed many of them store passwords in _plain text_, not encrypted. And those that encrypt
passwords use very weak algorithms.

FileZilla stores FTP credentials (including passwords) in .xml files in plain text. And this is "by design"! Check this thread:
http://forum.filezilla-project.org/viewtopic.php?f=2&t=12280

So why would malware bother with sniffing traffic or key logging (this activity can be detected by antivirus), when it can simply read everything it needs from files and Windows registry?

Slashdot Top Deals

Their idea of an offer you can't refuse is an offer... and you'd better not refuse.

Close