Matt

Nu stiu cum sa va spun dar stiam ca voi castiga premiul. Duceti-va pe random.org si puneti limita intre 1 si 10. Vedeti care iese cel mai des.

Astia cu conturi de iulie 2013 ar trebui sa ia direct MUIE si sa nu ii primesti.

Chiar:)) cautam sa imi dea si mie cineva un CS:GO , sa vedem daca am noroc. Numarul este 10

Cred ca ma gasesc si eu prin parolele si username-urile alea.

Google Glass is still vulnerable to attacks via connected WiFi networks allowing hackers to capture user data sent from the device, security firm Symantec has said, despite Google having quietly patched the eyewear last month. As we reported the other day, mobile security firm Lookout worked with Google to find and repair the vulnerability in May before it was quickly fixed by Google on 4 June, with the update pushed out to all devices. However, Symantec has said that malicious use of QR codes is nothing new and that there are far easier ways to get a mobile device connected to a rogue WiFi access point. Discovered by Lookout Mobile Security principal security researcher Marc Rogers, the vulnerability that Google patched last month exploited QR codes configured to tell Glass to connect to WiFi Networks or Bluetooth devices. Symantec director of security strategy Sian John said that while Google has managed to patch the QR vulnerability in its Glass eyewear, the technology is still exploitable. "The vulnerability allowed Google Glasses to be configured, via QR codes, to connect to a wireless network of choice. Once connected, the wearer's activities could be viewed remotely via the internet and the glasses could even be configured to redirect to a webpage running malicious code. This would happen automatically in the background making the hack hard to detect until it was too late," she said. "Google has now fixed this vulnerability, but there is still an issue around open network traffic, namely hackers impersonating connections that you believe to be secure, such as your home or company network." John added that the issue with wearable technology is that it makes everything you are doing more personal. "Whether using something like Google Glass for personal or business use, the potential for unauthorised access to what you are viewing and doing on the device is clearly a concern," she said. Symantec believes that as open WiFi access becomes more prevalent it's likely that we'll see more potential threats, but by taking sensible precautions about how we access the internet on wearable devices, "we can reduce the risk considerably". Symantec advises that current and future uses of Glass can avoid the vulnerability by encrypting all wireless traffic when travelling out and about or connecting to a VPN so that people can't look at everything that you are doing. Google has yet to respond to a request for comment. Sursa TheInquirer.net

UK cops and spook agencies wrongly fingered five people as criminals after seizing data about their communications, according to a new report. The Interception of Communications Commissioner's latest dossier [PDF] gave examples of intelligence data used to seize drugs and firearms, stop illegal waste dumping and in one instance catch a con artist - but it also revealed that cock-ups had been made. In most cases, the officers or agents involved realised their mistake and took no action on the data. However, five people were either wrongly detained or accused of crimes following requests for data about their internet activity (curiously referred to as "Internet Protocol or node name resolutions" in the report). In another error, police were sent to an address where they wrongly believed a child had threatened to harm him or herself. According to the report, last year cops and spooks sent 570,135 demands for information about folks' texts, emails and other communications to telcos and ISPs. That collected data revealed who got the messages and calls, and where and when - the so-called metadata - rather than the content of said messages. But that information alone can be useful enough for savvy investigators trying to work out what was being discussed. That number of requests also includes multiple demands made during the same investigation, so the number of people targeted "would be much smaller", the report pointed out. A total of 3,372 lawful intercept warrants were issued, up 16 per cent on 2011, to actually listen in on the calls or read the messages. The power to snoop on citizens' private communications is granted by the Regulation of Investigatory Powers Act (RIPA). Former commissioner Sir Paul Kennedy, who served until the end of 2012, said that 55 breaches of the RIPA law were reported to his office, including seven errors where law enforcement agencies didn't have the authority to seize texts, voicemails and emails. However, he added that none of the mistakes were "malicious or deliberate". "Each error involved some kind of human error or system related technical problem. In a large number of the 55 error cases, no intercept product was actually obtained and therefore there was no unjustified or unnecessary intrusion," he said. "In the smaller number of cases where intercept product was wrongly obtained, I have been assured that any such product has been destroyed." Nearly a thousand errors were made in communications metadata requests, with around 80 per cent being mistakes made by the authorities and another 20 per cent made by the communications service providers. However, the snooping-on-the-snoopers commissioner said that comms data slurping was still a great way to catch would-be criminals and terrorists. "Interception and communications data remain powerful techniques in the investigation of many kinds of crime and threats to national security," Sir Paul, who was succeeded at the start of this year by Sir Anthony May, wrote in his report. "Many of the largest drug-trafficking, excise evasion, people-trafficking, counter-terrorism and wider national security, and serious crime investigative successes of the recent past have in some way involved the use of interception and/or communications data." Most of the data requests were made by law agencies and spook centres, but 160 local councils across the UK made more than 2,500 of the requests for data to ID criminals for crimes such as dodging their taxes or selling fake goods. The commission said that a number of measures had been put in place to stop mistakes happening again, including the sage advice to double check all details. "I am satisfied with the measures put in place by these public authorities and communication service providers and hopefully this will prevent recurrence," the knight of the realm declared. Sursa TheRegister.co.uk

Apple has quietly released an update to fix the problems which have affected wireless connections on the latest Macbook Air range. Users had been reporting "crippling" problems with their wireless connection. Theoretically, the inclusion of the new 802.11ac wireless networking standard in the new range of Macbook Airs should have tripled the speeds available to fanbois when compared to the older 802.11n protocol used in the older ranges. But the integrated adapter on the new Macbook Air range ended up performing much more slowly when it came to actually moving files over a wireless connection. Apple store workers have been told to "capture" any laptops which have the problem. The new update should make people feel a lot better about the wireless connection on their Macbook Air. Announcing the update, the fruity firm wrote: "This update fixes an issue that in rare instances may cause an intermittent loss in wireless connectivity, an issue with Adobe Photoshop which may cause occasional screen flickering, and an issue which may cause audio volume to fluctuate during video playback." This flickering issue occurs for some Photoshoppers when using large brush tools. The problem was not thought to be an inherent flaw in the Macbook Air's hardware, but rather a GPU or driver issue, meaning the latest update should fix it. Sursa TheRegister.co.uk

Sick of the number of reported phone thefts in their jurisdictions, lawmakers have decided to hold a contest to discover how easy it is to crack stolen smartphones for resale. New York attorney general Eric Schneiderman and San Francisco district attorney George Gascón have hired Northern California Regional Intelligence Center staff to try to crack the activation lock on an iPhone 5 and a Samsung Galaxy S 4 that was running $29.95 per year Lojack software. "Finding technical solutions that will remove the economic value of stolen smartphones is critical to ending the national epidemic of violent street crimes commonly known as 'Apple Picking'," said the pair. "While we are appreciative of the efforts made by Apple and Samsung to improve security of the devices they sell, we are not going to take them at their word," they said. "Today we will assess the solutions they are proposing and see if they stand up to the tactics commonly employed by thieves." The testing will involve breaking into the handset and disabling any features that would allow the owner to track the phone. Once these have been broken, the device can usually be wiped, reset, and sold on. Thieves are getting increasingly savvy about getting around these smartphone tracking features, and police report that taking electronic tracking into account is all part of the criminal business these days. Certainly smartphone theft is increasingly common, with the FCC reporting that one in three robberies in major cities now involve the theft of such devices. We're carrying something with the price of a laptop computer in our pockets, and thieves follow the money. Last month the two lawmakers launched the Secure our Smartphones Initiative (SOS – predictably) to push mobile phone makers into installing a "kill switch" into their code that would allow the device to be rendered useless in the event of a loss or theft. "Together, we are working to ensure that the industry imbeds persistent technology that is effective, ubiquitous and free to consumers in every smartphone introduced to the market by next year," they said. Nevertheless, El Reg has to take issue with the math behind some of the lawmaker's claims. According to their statement "roughly 113 smartphones" are stolen or stolen every minute in the US. That's 162,720 per day, or 59.3 million per year. Smartphone usage rates are high in the US, but not that high. Taking out those too young, poor, or uninterested in owning such a device, then that "roughly" sounds somewhat overstated. Sursa TheRegister.co.uk

SQL Injection - stii jumatate . Adica ? Stii jumatate de SQL injection ? cum intelegi tu cantitatea de "jumatate" din SQL ? Atunci care ar fi intregul ?

S-a mai incercat chestia asta pe echipe dar s-a stins foarte repede. Cel mai bine este cum l-am prezentat ; un om un program = > cel mai bun sa "castiga" . Facilitatile de care beneficiaza grupul "Trusted" le va stabili Nytro. Iti dai seama ca doar nu vei da cont de moderator celor din "Trusted" . Ceva mic dar semnificativ. Fara taxa de inscriere, fara nimic. S-ar putea face foarte rapid. S-ar putea face o perioada de test. Sa zicem ca de maine posteaza Nytro ca s-a dat drumul la concurs. Cine posteaza cel mai frumos program creat si scris sa isi prezinte programul + link catre sursa dar parolat pentru administrator. Userii isi posteaza programele in aceeasi categorie post sub post. La sfarsitul saptamanii sa fie ales de catre administratori "the best". Luni incepe competitia , vineri se termina. Sambata si duminica Nytro are timp sa aleaga. Duminica seara se anunta castigatorul. Ura ai castigat un extraterestru.

Un report de fiecare rezolva mai multe decat 10 posturi inutile.

Pentru ca unii moderatori dorm si lasa toti cacatii sa isi faca de cap. Aici nu ma refer la ENCODED , Nytro ,M2G . Se stiu ei foarte bine aia care stau pe invisible pe forum.

Dupa ce am citit acest post : https://rstforums.com/forum/72516-hunger-games.rst mi-au trecut prin cap vreo 2-3 idei. Daca ar exista si pe RST o astfel de competitie ? Mai exact "Hunger Programming" Detalii : "In fiecare saptamana sau o data la doua saptamani sa fie o mica competitie de programare.Un anumit numar de useri sa se scrie sa zicem maxim 5-10 iar acei 5-10 oameni sa trimita la sfarsit de saptamana programul pe care ei l-au codat / scris / creat special pentru RST. Cel care va avea cel mai bun program creat va intra in grupul "Trusted" care se zvoneste ca s-ar face in curand. Daca totul prinde contur si merge treaba in fiecare saptamana si este ceva competitiv sa se treaca la nivelul 2.Sa se faca competitie intre echipe de cate 2 persoane , 3 persoane sau 5 persoane. Bineinteles ca proiectele in echipa ar trebui sa fie ceva mai complexe. Cine stie dupa cum am spus mai sus daca treaba merge bine si se strang oameni in fiecare sapt sau la doua saptamani sa se organizeze in fiecare an undeva in Bucuresti sau alt oras si o conferinta sau un mic "lan" tot asa organizat pe echipe sau chiar un HackMarathon dar organizat de Romanian Security Team. Stiu ca poate pare Science-Fiction dar nu cred ca este o idee rea. Cu rabdare si pasi marunti se pot face multe. Rog pe cei care nu sunt de acord cu asta sa fie destul de directi si sa zica " nu sunt de acord pentru ca lalalal " nu vreau raspunsuri de genul " nu sunt de acord ca tu esti un ratat " . Fiti on-topic chiar daca vi se pare ca delirez.

You are one of them.

Ma doare in pula de tine.

Inceteaza cu rahaturile astea sau zbori. // Really ?

Michael Hayden, a former head of the CIA and the NSA, has openly accused Chinese networking giant Huawei of spying for China in a move likely to further inflame tensions between the US and China over state-sponsored hacking. Retired four star general Hayden told the Australian Financial Review that "at a minimum, Huawei would have shared with the Chinese state intimate and extensive knowledge of the foreign telecommunications systems it is involved with. I think that goes without saying." Asked "Does Huawei represent an unambiguous national security threat to the US and Australia?" General Hayden replied "Yes, I believe it does." Hayden goes out of his way to point out these opinions are his own, rather than those of the Obama administration. But his own experiences of the company get a decent airing. “Two or three years ago Huawei was trying to establish a pretty significant footprint here [in America]. And they were trying to get people like me to endorse their presence in the US,” he told the Aussie paper. “I reviewed Huawei’s briefing paper. But God did not make enough slides on Huawei to convince me that having them involved in our critical communications infrastructure was going to be OK. This was my considered view, based on a four-decade career as an intelligence officer.” Hayden, who headed up the NSA from ’99 to ’05 and was in charge at Langley from 2006 to ’09, isn’t exactly deviating from the US line on Huawei although he is the first high profile official, or former official, to publically accuse the Shenzhen firm of spying. A US House of Representatives committee famously branded the handset and telecoms kit maker, along with its near neighbour ZTE, a national security risk in a high profile report in October 2012. Aussie politicians responded by banning Huawei from bidding on the National Broadband Network (NBN) project. The UK, on the other hand, has welcomed the firm with open arms, prime minister David Cameron even hosting founder Ren Zhengfei at Downing Street after he announced a £1.2bn investment in the country. However, a parliamentary security and intelligence committee has since raised national security concerns with Huawei. The firm sent El Reg the following response to Hayden’s accusations : Hayden’s remarks will likely inflame an already tense relationship between the US and China. Huawei, meanwhile, has continued its Australian charm offensive by extending its sponsorship of the National Rugby League team in the national capital, the Canberra Raiders, and pledging to help it play a game in Shenzen. “As China’s most successful global company, Huawei would love to see Shenzhen Stadium filled with our 65,000 China-based staff – with all of them backing the Raiders!,” said Corporate Affairs Director Jeremy Mitchell. Read whatever you like into the monopoly on seats for home fans. ® Sursa TheRegister.co.uk

A vulnerability in the way blogging platform WordPress manages uploaded media files could put users at risk of data leaks, say researchers. A report from security firm White Hat claims that the blogging service may not properly protect media files from prying eyes the same way it guards blog text. According to White Hat Security technical evangelist Robert Hansen, the flaw leaves users vulnerable because of the way Wordpress assigns URLs. The system, says Hansen, is easy enough to guess that an attacker could potentially root out media files and attachments meant for posts which have yet to go live or be approved. “The problem is that because the timing between the media and the blog post isn’t identical you can end up in a race condition with the content,” Hansen explained. “For instance, let’s say you run a publicly traded company and you are about to release your earnings report on your blog. You may upload a PDF of the earnings report a day or multiple days in advance to make sure everything is perfect and ready to go when you announce.” The company said that overall, the severity of the vulnerability is low. Aside from data leakage, there is no indication that the flaw could be leveraged for more severe attacks, such as account theft or code injection. Because the Wordpress platform is used to power millions of blogs, it has become a prime target for attackers looking to compromise sites and exploit web pages for use as embedded attack platforms or other malicious activity. Earlier this year, researchers uncovered a large-scale cybercrime operation which had managed to compromise thousands of WordPress accounts through dictionary-combing 'brute force' attacks that automate the process of guessing passwords. Sursa V3.co.uk

Oracle has released a set of security updates for multiple products and platforms. The company said that the July update includes some 89 fixes for various products throughout its enterprise software lines. Among the fixes will be six updates for security flaws in the Oracle Database Server platform. The update will address flaws including an update to a flaw in the Oracle Net component which could be remotely exploited without authentication. The company also released updates for more than 20 flaws in its Fusion Middleware platform, including some 16 vulnerabilities which would allow for remote exploitation without the need for prior authentication. Other updates included 16 fixes for vulnerabilities in the oracle Sun product line, including the Solaris, SPARC Enterprise M Server and Solaris Cluster lines. Other platforms receiving security updates were Hyperion, Enterprise Manager and the oracle Applications E-Business Suite. The company also issued updates for MySQL Server and the Oracle Linux distribution. The Linux update includes patches to address a pair of remotely exploitable flaws in the Secure Global Desktop component. The company is advising administrators and users to test and install the patches as soon as possible. Oracle noted that a number of the updates will be cumulative fixes and will address previous critical security flaws which may have been left unpatched. Sursa V3.co.uk

Sa le trag muie, pe de o parte se condamna intre ei ca se spioneaza unul pe altul, pe de o parte lucreaza impreuna.

Vezi ca ai 404 .

Nouasprezece asociatii americane au depus marti plangere impotriva Agentiei nationale de securitate NSA, apreciind ca un program de colectare de metadate telefonice al acesteia, dezvaluit de catre Edward Snowden, aduce atingere dreptului lor constitutional la libera exprimare. Actiunea in justitie a fost initiata de catre Electronic Frontier Foundation (EFF), unul dintre ONG-urile cele mai implicate in apararea drepturilor pe Internet, in numele unor grupuri foarte diverse, ca Biserica Baptista din Los Angeles, o asociatie de aparare a proprietarilor de arme de foc, Greenpeace sau Human Rights Watch (HRW), relateaza AFP. Reclamantii apreciaza ca o colectare sistematica de metadate ale tuturor apelurilor efectuate in Statele Unite (numarul apelat, durata apelului) permite statului federal sa supravegheze activitatea grupurilor lor si sa identifice cine sunt membrii acestora. "Frica unora de a fi expusi dupa ce au luat parte la dezbateri politice asupra unor probleme atat de fierbinti poate descuraja oamenii sa mai participe. De aceea, Curtea Suprema a stabilit in 1958 ca listele membrilor unor grupuri dispun de protectie puternica, in virtutea Primului Amandament" al Constitutiei, care garanteaza libertatea de exprimare, a declarat Cindy Cohn, o avocata EFF. In urma dezvaluirilor lui Snowden, la inceputul lui iunie, oficiali in domeniul informatiilor americane au declarat in mai multe randuri ca aceste metadate sunt exploatate doar in cazul unor suspiciuni de activitati "teroriste" si ca un mandat individual este necesar pentru ascultarea conversatiilor si angajarea unei anchete. Plangerea se adauga altora, depuse de catre EFF si asociatia de apararea libertatilor civile ACLU. Ea a fost depusa in contextul in care se accentueaza presiunea asupra administratiei Obama in vederea ameliorarii transparentei programelor de supraveghere dezvaluite de Snowden. Companiile online cer sa fie facut public modul in care au fost implicate in programul de colectare de date Tribunalul secret american insarcinat cu supervizarea programelor a exercitat luni presiuni asupra Guvernului, pentru ca acesta sa spuna, pana la 29 iulie, ce documente privind Yahoo! pot fi declasificate, companie care livreaza, prin intermediul programului PRISM, date ale utilizatorilor sai. Yahoo! - la fel ca si alte site-uri - a cerut pe 14 iunie ca deciziile justitiei care il obliga sa participe la PRISM sa fie facute publice, cu scopul de a dovedi marelui public ca accesul NSA la serverele sale era limitat. Departamentul Justitiei este necesar sa acorde "prioritate" acestui dosar, a solicitat Foreign Intelligence Surveillance Court. Yahoo!, Google, Microsoft, Apple si alti giganti in domeniul Internetului au fost acuzati de Snowden ca participa la un portal NSA care permite unor analisti un acces la e-mailuri, conversatii de tip chat si conversatii de tip video ale utilizatrilor. Insa firmele neaga ca ofera un acces direct la serverele lor. Programul este de obicei validat de aceasta Curte, alcatuita din 11 judecatori, ale caror decizii sunt secrete. "Suntem foarte multumiti de decizia Foreign Intelligence Surveillance Court de a cere Guvernului sa revada declasificarea Memorandumului Tribunalului din 25 aprilie 2008 si unor documente juridice" aferente, a anuntat Yahoo! intr-un comunicat. Sursa Business24.Ro

Romanii sunt pe locul al doilea in topul tarilor europene care petrec cel mai mult timp online, cu o medie de 18,6 ore petrecute saptamanal pe Internet, conform celui mai recent studiu Mediascope. Pe primul loc se claseaza ucrainienii, cu 20 de ore petrecute online pe saptamana. Romanii sunt urmati in top de turci, cu o medie de 18,3 petrecute pe Internet saptamanal. La nivelul activitatilor desfasurate online, romanii sunt si printre cei care folosesc cel mai mult mesageria instant. Ei folosesc servicii de mesagerie instant cu 60% mai mult pentru a comunica online decat media europeana a utilizatorilor de Internet. E-mailul este folosit de aproximativ intreaga populatie de origine ceha cu acces la Internet, iar retelele sociale profesionale sunt utilizate de mai mult de 90% dintre portughezi. In ceea ce priveste clasamentul celor mai activi europeni in mediul online, danezii fac recenzii si dau feedback dupa utilizarea anumitor produse si servicii de doua ori mai mult decat media inregistrata la nivelul intregii Europe. Grecii sunt cei care folosesc cel mai mult blogurile - ei scriu pe blog de doua ori mai mult decat media europeana. Bulgarii fac cele mai multe apeluri telefonice online, utilizand servicii cum ar fi Skype-ul, cu 89% mai mult decat utilizatorul mediu european. Conform studiului, generatia de 55+ ani este din ce in ce mai activa pe Internet. 36% dintre europenii cu varste de peste 55 de ani navigheaza pe Internet si petrec aproximativ 10,4 ore pe saptamana online. 84% dintre acestia fac cumparaturi online zilnic, iar 79% folosesc e-mailul in fiecare zi. Cei mai multi dintre utilizatorii europeni de 55+ ani conectati la Internet viziteaza preponderent site-uri de stiri (77%) si se uita la televizor online (34%). Peste jumatate din europenii cu acces la Internet folosesc o tableta In ceea ce priveste navigarea pe Internet de pe mobil, aceasta a crescut cu 42% fata de 2010 la nivel european. In prezent, 68% dintre europeni detin un mobil cu acces la Internet, dintre care 44% folosesc un smartphone. In Marea Britanie, 6 din 10 englezi sunt posesori de smartphone. Varsta a 60% dintre detinatorii europeni de smartphone este de sub 35 de ani. Totodata, 50,9% dintre europenii cu acces la Internet folosesc o tableta pentru a sta online si petrec, in medie, 9,3 ore pe saptamana conectati la Internet de pe tableta. Europenii care petrec cel mai mult timp online de pe tableta sunt norvegienii (26%), urmati indeaproape de britanici (25%). Timpul petrecut online de catre europenii cu acces la Internet a crescut cu 15% din 2010, situandu-se in prezent la o valoare de 14,8 ore pe saptamana. Insa, timpul petrecut pe Internet este in continuare devansat de cel petrecut in fata televizorului - 16,8 ore saptamanal. La nivel european, exista 426,9 milioane de utilizatori de Internet, ceea ce reprezinta 65% din totalul populatiei europene. Numarul acestora a crescut cu 19% fata de anul 2010. Sursa Business24.ro

Scam prompts FBI task force warning Miscreants have brewed up a FBI-themed ransomware scam aimed at Apple users that relies on malicious JavaScript code rather than a conventional trojan. The scam prompted a warning from the FBI-backed Internet Crime Complaint Centre on Thursday, and a denial that it was anything to do with the Feds. The ploy represents a further diversification for extortion-based malware, which has become a mainstay of the cybercrime economy over recent months and years. Jerome Segura, a senior security researcher at Malwarebytes, came across the scam via a Bing Images search for Taylor Swift. This search led to a compromised site hosting an image mimicking police warnings. The scam uses clever persistent JavaScript in its attempt to trick people into paying a supposed fine of $300 to "unlock their computers". Prospective marks are falsely told this is a "release fee" to avoid further legal consequences after they were supposedly caught "viewing or distributing prohibited pornographic content". "Repeated attempts to close the page will only lead to frustration as even the 'Leave Page' browser trick does not work," Segura explains in a blog post. "If you 'force quit' the application, the same ransomware page will come back the next time [you] restart Safari because of the 'restore from crash' feature which loads backs the last URL visited before the browser was quit unexpectedly." Users trapped in this vicious circle can escape by resetting Safari, he adds. A little web savvy means there's no need to give in to the extortionate - and bogus - threats of the scammers. However the sophistication of social engineering scam at play means that a few people, enough to make the scam worthwhile, are likely to be tricked into handing over money to fraudsters. Although the scam most obviously takes advantage of the ‘restore from crash’ feature of Safari browsers on Mac machines it might just as easily be slung against Windows users. The scam uses black hat search engine poising tactics to targets users searching for popular search terms, which is how Segura came across it in the first place. Finnish software security firm adds that although Segura was directed to an FBI themed webpage any European surfer would be directed to a Europol-themed fake warning page. After the ransomware scam was exposed earlier this week the still-compromised webpages have been re-purposed to push traffic towards a hookup site. Although this particular campaign has been nipped in the bud the future appearance of similar scams along the same lines are all too likely. "This scam is unfortunately all too efficient and is not going away anytime soon," Segura warns. It has posted a video tutorial on YouTube about how to remove the FBI ransomware on Mac OS X machines. Earlier this week we reported how cybercrooks had grafted ransomware to a survey scam fraud. Victims PCs are locked up before slaves are pushed towards completing a survey in order to receive an unlock code. The ransomware strain blocks Task Manager, CMD, Regedit and the Start Menu. the whole ruse is designed to enrich crooks, who earths their money from dodgy advertising affiliate networks that take a relaxed line to marketing tactics that are illegal in many countries, including the US and UK. It's since emerged that scams of this type first appeared in December 2012 if not earlier. Chris Boyd, a senior threat researcher at ThreatTrack Security, has posted an informative blog post charting the development of ransomware/survey scam hybrids since then here. Boyd's post focuses on Shadowlock, one of the most sophisticated strains of ransomware/survey hybrid seen to date. News from earlier this week focused on an underground advert offering services relating to building survey launching PC hijacking ransomware. ® Sursa TheRegister.co.uk

Cyber criminals have targeted the NASDAQ Community forum with a password-stealing attack, looking to gather sensitive information that could be used to mount a larger, more costly campaign. NASDAQ sent out an email warning users that their account information may have been compromised, but confirming no trading or stock exchange information or systems had been affected by the breach. NASDAQ is yet to confirm how many of the community users have been affected and at the time of publishing had not responded to V3's request for comment. NASDAQ has since taken the community website offline to upgrade its systems to plug the breach. NASDAQ has been a common target of criminals and was hit by a more serious cyber attack in 2011. While the information stolen is not necessarily dangerous, it could be used by criminals to mount subsequent, more advanced attacks. In general the information is used by criminals to create more tailored phishing messages, or make more intelligent password guesses when attempting to infiltrate victims' main work accounts. However, F-Secure analyst Sean Sullivan told V3 the information stolen from NASDAQ could theoretically be used to mount an even more dangerous attack. "How bad is this? That really depends on how forthcoming the NASDAQ community admins have been," he said. "Imagine this: Suppose the NASDAQ community forum wasn't just compromised for its users' passwords – but also to use it as a watering hole. You thought the Twitter, Facebook, Apple, Microsoft watering hole attack compromises via the iPhone Dev SDK forum was bad? Well, I think that would be nothing compared to the kind of damage that could be done via NASDAQ." A watering hole attack is a tactic commonly used by hackers to target specific groups. It sees them infiltrate a commonly visited website by people within the target industry and lace it with malware, letting them infect a large number of people, without having to mount multiple attacks. The potential value of password and account information has made it an increasingly valuable commodity for cyber criminals, with many selling it on cyber black markets. Most recently Webroot researcher Dancho Danchev reported uncovering a Russian cyber gang selling thousands of users' Skype and Twitter password details on a newly created blackmarket. Sursa V3.co.uk