Saturday, April 4, 2015
Watch Hacking in real time, a Cyber-warfare between US and China
In the computer security context, a hacker is someone who seeks and exploits weaknesses in a computer system or computer network. Hackers may be motivated by a multitude of reasons, such as profit, protest, challenge or enjoyment.
The nature of cyberwarfare in China is difficult to assess. Government officials in India and the United States have traced various attacks on corporate and infrastructure computer systems in their countries to computers in the China. However, "It is nearly impossible to know whether or not an attack is government-sponsored because of the difficulty in tracking true identities in cyberspace". China has denied accusations of cyberwarfare, and has accused the United States of engaging in cyberwarfare against it, which the US government denies.A number of private computer security firms have stated that they have growing evidence of cyber-espionage efforts originating from China, including the "Comment Group".[11] In May 2014 a Federal Grand Jury in the United States indicted five PLA Unit 61398 officers on charges of theft of confidential business information from U.S. commercial firms and planting malware on their computers.
See the battle http://map.ipviking.com/?_ga=1.106938115.1477390587.1388686673#
Thursday, April 2, 2015
How hackers Could Delete any YouTube video with just One Click
A security researcher has discovered a simple but critical vulnerability in Google-owned YouTube that could be exploited by anyone to knock down the whole business of the popular video sharing website.
Kamil Hismatullin, a Russian security bod, found a simple logical vulnerability that allowed him to delete any video from YouTube in one shot.
( https://www.youtube.com/watch?t=24&v=NarxB7NG6e0)
While looking for Cross-Site Scripting (XSS) or Cross-Site Request Forgery (CSRF) flaws in YouTube Creator STudio, Hismatullin came across a simple logical bug that could wipe any video by just sending an identity number of any video in a post request against any session token.
The bug was simple but critical as it could be exploited by an attecker to fool YouTube easily into deleting any video on its system.
"I've fought the urge to (delete) Bieber's channel," Hismatullin wrote in his blog post "Luckily no Bieber videos were harmed "
Citing the consequences of the issue, Hismatullin said "this vulnerability could create havoc in a matter of minutes in (Attackers') hands who could extort people or (just) disrupt YouTube by deleting massive amounts of videos in a very short period of time. "
The researcher reported the bug to Google, and the search engine giant fixed the issue within several hours.
Hismatullin won $5,000 cash reward from Google for finding and reporting the critical issue and an extra $1337 under the company's pre-emptive vulnerability payment scheme.
Over a month ago, a similar bug was reported in Facebook's own system taht could have exploited by attackers to delete any photo form anyone's Facebook account. However, the social networking giant fixed the ralatively simple issue.
Kamil Hismatullin, a Russian security bod, found a simple logical vulnerability that allowed him to delete any video from YouTube in one shot.
( https://www.youtube.com/watch?t=24&v=NarxB7NG6e0)
While looking for Cross-Site Scripting (XSS) or Cross-Site Request Forgery (CSRF) flaws in YouTube Creator STudio, Hismatullin came across a simple logical bug that could wipe any video by just sending an identity number of any video in a post request against any session token.
The bug was simple but critical as it could be exploited by an attecker to fool YouTube easily into deleting any video on its system.
"I've fought the urge to (delete) Bieber's channel," Hismatullin wrote in his blog post "Luckily no Bieber videos were harmed "
Citing the consequences of the issue, Hismatullin said "this vulnerability could create havoc in a matter of minutes in (Attackers') hands who could extort people or (just) disrupt YouTube by deleting massive amounts of videos in a very short period of time. "
The researcher reported the bug to Google, and the search engine giant fixed the issue within several hours.
Hismatullin won $5,000 cash reward from Google for finding and reporting the critical issue and an extra $1337 under the company's pre-emptive vulnerability payment scheme.
Over a month ago, a similar bug was reported in Facebook's own system taht could have exploited by attackers to delete any photo form anyone's Facebook account. However, the social networking giant fixed the ralatively simple issue.
Subscribe to:
Posts (Atom)