Get Started for FREE
Sign up with Facebook Sign up with X
I don't have a Facebook or a X account
 Your new post is loading...
Your new post is loading...
Scoop.it!
The botnet, dubbed “Advanced Power” by its operators, appears to have been quietly working since at least May 2013. It’s not clear yet how the initial infection is being spread, but the malware enslaves PCs in a botnet that conducts SQL injection attacks on virtually any Web sites visited by the victim. 
No comment yet.
Sign up to comment
|
Scoop.it!
If you thought that capturing a user's social media session was only done by skilled hackers, now the Firesheep addon can allow even the truly clueless to become an Internet griefer.
Even if you were drunk and surfing at a Wi-Fi hotspot, you probably wouldn't stand up and shout your username and password for anyone who might want it. But an attacker does not need to find out your username and password. If you thought that capturing a user's social media session was only done by skilled hackers, now the Firesheep addon can allow even the truly clueless to become an Internet griefer.
If you were at a Wi-Fi hotspot, you probably would have no options and no encryption at all. Although many websites give lip service about how important their users' privacy and security is to them, very few have their entire site encrypted with HTTPS. Most sites encrypt the username and password during the login process, but most of those sites stop encrypting and protecting the user right there. As soon as a user moves on to a regular HTTP page on the site, an attacker can sniff and capture the user's cookie information.
Many of us are busy multitasking, so we log into Twitter or Facebook, or even Flickr, and then move on to surf other sites without first logging out of those accounts. If any of those future sites have a Twitter or Facebook widget, or even a Flickr image embedded, if you didn't log out of those sites before continuing to surf, then HTTP session jacking, also called "sidejacking," can happen and leak the user's cookie. Security researchers explained that if a person can steal the cookie, then they can steal your session and allow them to do anything the user could do on the site.
Gust MEES: a MUST READ for Mac, Linux and Windows users!!!
Read more:
|
The botnet, dubbed “Advanced Power” by its operators, appears to have been quietly working since at least May 2013. It’s not clear yet how the initial infection is being spread, but the malware enslaves PCs in a botnet that conducts SQL injection attacks on virtually any Web sites visited by the victim.