Hacking Tips Tricks Archives

Social Engineering Skype Support to Hack any Account Instantly

10-April-201312-April-2013Prasanna Sherekar

You can install the industry’s strongest and most expensive firewall. You can educate employees about basic security procedures and the importance of choosing strong passwords. You can even lock-down the server room, but how do you protect a company from the threat of social engineering attacks? For any of you that are involved in security […]

Facebook Attach EXE Vulnerability

27-October-201129-October-2011Prasanna Sherekar

Summary: When using the Facebook ‘Messages’ tab, there is a feature to attach a file. Using this feature normally, the site won’t allow a user to attach an executable file. A bug was discovered to subvert this security mechanisms. Note, you do NOT have to be friends with the user to send them a message […]

SpyEye Banking Trojan – Now with SMS Hijacking Capability

6-October-20119-October-2011Prasanna Sherekar

The Trusteer research team recently uncovered a stealth new attack carried out by the SpyEye Trojan that circumvents mobile SMS (short message service) security measures implemented by many banks. Using code captured while protecting a Rapport user, researchers discovered a two-step web-based attack that allows fraudsters to change the mobile phone number in a victim’s […]

Doppelganger Domain Attack

25-September-20111-October-2011Prasanna Sherekar

Domain typo-squatting is commonly used to spread malware to users whom accidentally misspell a legitimate domain in their web browser. A new type of domain typo-squatting takes advantage of an omission instead of a misspelling. A Doppelganger Domain is a domain spelled identical to a legitimate fully qualified domain name (FQDN) but missing the dot […]

Using Google Servers as a DDoS Tool

29-August-201130-August-2011Prasanna Sherekar

Google’s servers can be used by cyber attackers to launch DDoS attacks, claims Simone “R00T_ATI” Quatrini, a penetration tester for Italian security consulting firm AIR Sicurezza. Quatrini discovered that two vulnerable pages – /_/sharebox/linkpreview/ and gadgets/proxy? – can be used to request any file type, which Google+ will download and show – even if the […]

Better ATM Skimming Through Thermal Imaging

19-August-201125-August-2011Prasanna Sherekar

Security researchers have found that thermal cameras can be combined with computer algorithms to automate the process of stealing payment card data processed by automatic teller machines. At the Usenix Security Symposium in San Francisco last week, the researchers said the technique has advantages over more common ATM skimming methods that use traditional cameras to […]