blog trackingRealtime Web Statistics password Archives - Gregory D. Evans | Worlds No. 1 Security Consultant

Posts Tagged ‘password’

Password bug exposed shoppers’ credit cards in eBay ProStores

http://www.ecommercebytes.com/cab/abn/y11/m06/i06/images/ebay_prostores.jpg 

Security research at Infosec claims he had found a serious bug in eBay ProStores that enabled him to see the cradit card details of the customers in plain text. Mark Litchfield, an infosec pro at Securatary, told he discovered a flaw in eBay-owned ProStores that not only opened the door to store account hijackers, but also leaked “full access to all their customers PII [Personally identifiable information] as well as their full credit information in clear text.”

 ProStores hosts online shops for eBay sellers to use to flog their stuff, and provides a wizard for creating the traders’ websites.

 Mark Litchfield said it was a very serious bug. I had reported it to eBay in Feb but it took them almost two months to fix it on March 20. He said that in order to gain control of a victim’s eBay ProStores site, the attacker must create her own ProStores account – there’s a handy 30-day free trial available – and then use that as a springboard to infiltrate the victim’s web bazaar.

 ”In short, it was possible to change the password of another administrator, then you could log in as that user with full administrative access to the store,” Litchfied claimed. ” With this attack I guess I was more shocked than anything to find the credit card information being displayed back in clear text. If people are buying things online, why would the full card information need to returned in clear text to the administrator?”

View full post on Who Got Hacked – Latest Hacking News and Security Updates

Yahoo using ‘admin’ as username and password, leads to RCE

Behrouz Sadeghipour, a bug bounty hunter, has found a critical vulnerability in one of the subdomain of Yahoo(hk.yahoo.net) that allowed him to access admin panel. It is funny to know that the hk.yahoo.net is using ‘admin’ as username and password for its panel. After gaining access to the admin panel, he managed to upload his backdoor shell to the server.  Using the shell, he was able to delete or create any file or run any commands on the server. He was also able to control few other subdomains of Yahoo.  After getting notification from the researcher, Yahoo has patched the …continue reading

For more information go to http://www.NationalCyberSecurity.com, http://www. GregoryDEvans.com, http://www.LocatePC.net or http://AmIHackerProof.com

The post Yahoo using ‘admin’ as username and password, leads to RCE appeared first on National Cyber Security.

View full post on National Cyber Security

Hackers delight: Worst password of the year goes to ‘123456’

The good news, for computer security experts: People are no longer using “password” as their top password for online files and site entry. The bad news: The new top password is equally unimaginative — “123456.” That’s according to an annual survey from SpashData, a mobile software developing company that collected and compiled lists of those commonly used passwords
[continue reading...]

For more information go to http://www.NationalCyberSecurity.com, http://www. GregoryDEvans.com, http://www.LocatePC.net or http://AmIHackerProof.com

View full post on National Cyber Security

Beleth SSH Password Auditing Tool

Beleth is a fast multi-threaded SSH password auditing tool. It out performs Ncrack and THC-Hydra in speed. View full post on Cracker Files ≈ Packet Storm Read More….

View full post on The Cyber Wars

MorXBrute Password Cracker 1.01

MorXBrute is a customizable HTTP dictionary-based password cracking tool written in Perl. MorXBrute comes with a few payloads for some of the more popular software used and additionally lets you add your own payloads. MorXBrute supports both GET and POST brute forcing. View full post on Cracker Files ≈ Packet Storm Read More….

View full post on The Cyber Wars

Be Sure You’re Secure: Password Hygiene

  Nearly 73 percent of all Americans have fallen victim to some type of Internet crime in their lifetime, 9 million people were victims of identity theft last year and more than 600,000 Facebook accounts are hacked daily. Are you hiding under your bed right now like I am? Chances are most of us will get hacked
[continue reading...]

For more information go to http://www.NationalCyberSecurity.com, http://www. GregoryDEvans.com, http://www.LocatePC.net or http://AmIHackerProof.com

View full post on National Cyber Security

How to recover/hack gmail password [ Mediafire ] – 2013 Free


This is gmail hack or gmail recovery program who really work without surveys. …………………………………………………………………. Li…

________________________

http://gregorydevans.com – http://gregorydevans.wordpress.com – http://hackerforhire.com – http://hackerforhireusa.com

PRODUCT ALERT: Windows Breaker STICK – Microsoft Windows Password Breake Tool

Windows Breaker is a Windows account password bypassing tool. Whether you’ve lost your Windows password or someone has locked you out of your computer, Windows Breaker can recover you Windows account. Unlike password recovery, Windows Breaker simply gives you access to any Windows account allowing you to gain access to your files, change the account [...]

View full post on Hip Hop Security

Biggest password cracking wordlist with millions of words

One of the biggest and very comprehensive collection of 1,493,677,782 word for Password cracking list released for download. The wordlists are intended primarily for use with password crackers such as hashcat, John the Ripper and with password recovery utilities. Defuse Security have released the wordlist of 4.2 GiB (compressed) or 15 GiB (uncompressed) used by their [...]

For more information go to http://www.NationalCyberSecurity.com, http://www. GregoryDEvans.com, http://www.LocatePC.net or http://AmIHackerProof.com

View full post on National Cyber Security

Evernote hacked, reset your password Now !

Cloud note-taking service Evernote has been hacked and now you have to reset your password imminently. According to a post on the official Evernote blog, an unidentified attacker compromise the servers and extracted usernames, email addresses, and passwords. <!– adsense –> “Evernote’s Operations & Security team has discovered and blocked suspicious activity on the Evernote network View full post on [...]

For more information go to http://www.NationalCyberSecurity.com, http://www. GregoryDEvans.com, http://www.LocatePC.net or http://AmIHackerProof.com

View full post on National Cyber Security

Page 1 of 1212345»10...Last »

Get The New Book By Gregory Evans

Everyone Is Talking About!

Are You Hacker Proof?
$15.95

Find Out More, Click Here!