HackDig : Dig high-quality web security articles for hacker

Is Your Mobile Carrier Your Weakest Link?

More online services than ever now offer two-step authentication — requiring customers to complete a login using their phone or other mobile device after supplying a username and password. But with so many services relying on your mobile for that second factor, there has never been more riding on the security of your mobile account. Below are some tips
Publish At:2017-09-01 00:45 | Read:1576 | Comments:0 | Tags:Other AT&T Authy Bictoin theft CloudFlare Google Authenticat

Carder forum claims 150 million logins for sale from CloudBleed case

The carder forum CVV2Finder claims to have more than 150 million logins from several popular services, including Netflix and Uber. The carder forum CVV2Finder claims to have more than 150 million logins, from several popular services, including Netflix and Uber. The operators in the forum are offering the precious commodity to the VIP members. According to t
Publish At:2017-02-25 23:25 | Read:1890 | Comments:0 | Tags:Breaking News Cyber Crime Data Breach Deep Web carder forum

The Internet’s Freshest Wounds: My Thoughts On Ticketbleed, Cloudbleed and HTTPS

UPDATE 2/24/17, 4:30 PM PST: Researcher Hanno Böck (@hanno) has confirmed that leaked CloudFlare data was not entirely purged from multiple search engine caches ahead of the public disclosure.In April 2014, the security community was shocked with the revelation that a poorly implemented TLS extension in OpenSSL could allow attackers to easily disclose privat
Publish At:2017-02-25 03:05 | Read:3052 | Comments:0 | Tags:IT Security and Data Protection Cloudbleed Cloudflare Google

Am I Affected by Cloudbleed?

Yesterday, Cloudflare posted an incident report on their blog about an issue discovered in their HTML parser. A very nice report which is worth a read! As usual, in our cyber world, this vulnerability quickly received a nice name and logo: “Cloudbleed“. I’ll not explain in details the vulnerability here, there are already multiple reviews o
Publish At:2017-02-24 18:30 | Read:1445 | Comments:0 | Tags:Security Cloud Cloudbleed Cloudflare Proxy Splunk

Cloudbleed flaw exposes sensitive data from millions sites behind CloudFlare

Cloudflare was leaking a wide range of sensitive information, including authentication cookies and login credentials, the flaw was dubbed Cloudbleed. The notorious Google security researcher, Tavis Ormandy, recently made and astonishing discovery, Cloudflare was leaking a wide range of sensitive information, including authentication cookies and login credent
Publish At:2017-02-24 10:20 | Read:1769 | Comments:0 | Tags:Breaking News Data Breach Digital ID Hacking Cloudbleed Clou

CloudFlare Patched Parser Bug that Leaked Private Information

CloudFlare has patched an issue in its HTML parser chain that caused a buffer overflow and returned memory containing private information.According to CloudFlare CTO John Graham-Cumming, the Internet performance and security company first learned of the bug on 17 February. Tavis Ormandy, a Google Project Zero researcher who’s previously found holes in
Publish At:2017-02-24 08:30 | Read:1807 | Comments:0 | Tags:Latest Security News Cloudflare Data Leak vulnerability Clou

Are the Days of “Booter” Services Numbered?

It may soon become easier for Internet service providers to anticipate and block certain types of online assaults launched by Web-based attack-for-hire services known as “booter” or “stresser” services, new research released today suggests. The findings come from researchers in Germany who’ve been studying patterns that emerge w
Publish At:2016-10-27 20:50 | Read:3216 | Comments:0 | Tags:Other AmpPot booter bulletproof hosting Christian Rossow Clo

Spreading the DDoS Disease and Selling the Cure

Earlier this month a hacker released the source code for Mirai, a malware strain that was used to launch a historically large 620 Gbps denial-of-service attack against this site in September. That attack came in apparent retribution for a story here which directly preceded the arrest of two Israeli men for allegedly running an online attack for hire service
Publish At:2016-10-19 21:55 | Read:2421 | Comments:0 | Tags:Other archive.org CJ Sculti CloudFlare Companies House UK da

Alleged vDOS Proprietors Arrested in Israel

Two young Israeli men alleged to be the co-owners of a popular online attack-for-hire service were reportedly arrested in Israel on Thursday. The pair were arrested around the same time that KrebsOnSecurity published a story naming them as the masterminds behind a service that can be hired to knock Web sites and Internet users offline with powerful blasts of
Publish At:2016-09-11 01:15 | Read:2752 | Comments:0 | Tags:Other 82.118.233.144 Akamai applej4ck backconnect security B

Inside ‘The Attack That Almost Broke the Internet’

In March 2013, a coalition of spammers and spam-friendly hosting firms pooled their resources to launch what would become the largest distributed denial-of-service (DDoS) attack the Internet had ever witnessed. The assault briefly knocked offline the world’s largest anti-spam organization, and caused a great deal of collateral damage to innocent bystan
Publish At:2016-08-26 19:55 | Read:5573 | Comments:0 | Tags:Other Aleksey Frolov Alex Optik Amazon Andrei Stanchevici An

CloudFlare considers 94 percent of the Tor traffic as “per se malicious”

Experts at CloudFlare revealed that 94 percent of the Tor traffic they see is “per se malicious,” but Tor Project opposes it. The experts from the Content delivery network (CDN) CloudFlare revealed that 94 percent of the Tor traffic they ordinary see is “malicious.” It is not a mystery that Tor is becoming a favored tool of cyber criminals so many websites a
Publish At:2016-04-03 10:05 | Read:2494 | Comments:0 | Tags:Breaking News Cyber Crime Deep Web Security anonymity CAPTCH

Google Announces SHA-1 Deprecation Timeline

Google has announced its timeline for deprecating SHA-1 certificates, despite concerns expressed recently that sunsetting the broken encryption hashing algorithm will disconnect millions from the Internet.SHA-1’s demise has been accelerated in recent months since researchers published a paper explaining that practical collision attacks could be months,
Publish At:2015-12-22 19:46 | Read:1996 | Comments:0 | Tags:Cryptography Google google Facebook Encryption cryptography

Mobile Ad Network exploited to run a major DDoS Attack

Security experts at CloudFlare observed a major DDoS attack against one of their customers that appeared to leverage a mobile ad network. CloudFlare firms revealed that one of its customers was recently hit by a distributed denial-of-service (DDoS) attack that appeared to leverage a mobile ad network and malicious JavaScript.
Publish At:2015-09-29 09:10 | Read:2387 | Comments:0 | Tags:Breaking News Cyber Crime Hacking ad network CloudFlare Cybe

JavaScript DDoS Attack Peaks at 275,000 Requests-Per-Second

Two years ago at the Black Hat conference, WhiteHat Security researchers Jeremiah Grossman and Matt Johansen explained how hackers could in theory leverage an online ad network to distribute malicious JavaScript efficiently and quickly.Depending on how much money the attacker wanted to spend, they could do just about anything from drive-by download attacks,
Publish At:2015-09-28 14:50 | Read:2388 | Comments:0 | Tags:Hacks Mobile Security Web Security CloudFlare DDoS attack Gr

Stress-Testing the Booter Services, Financially

The past few years have witnessed a rapid proliferation of cheap, Web-based services that troublemakers can hire to knock virtually any person or site offline for hours on end. Such services succeed partly because they’ve enabled users to pay for attacks with PayPal. But a collaborative effort by PayPal and security researchers has made it far more dif
Publish At:2015-08-17 10:35 | Read:2946 | Comments:0 | Tags:A Little Sunshine Web Fraud 2.0 booter services CloudFlare C

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud