2008 June

Recently I’ve been noticing a number of Joomla components with SQL injection issues. These components are not part of the based platform of Joomla, but they can put your system at risk if you don’t know about the issues. Joomla developers need to build theirs own data management protocol for their software so that component developers aren’t running pure SQL statements. This could greatly cut down on the SQL injection issue Joomla is facing.

SQL Injection allows a hacker to run SQL statements by modifying POST or GET query’s, allowing the changing or removal of data from databases. (continue reading…)

To make this story as short as possible, I’m going to sum it up. John Patten from creative-pages.com, was accused of “hacking” Venice Counsilman’s (John Simmonds), email account. Simmonds tried to sue John Patten. John Patten calls John Simmonds on it in court, and Simmonds gets pwned in the face hardcore. Venice Florida’s City Manager resigned shortly after. Simmonds doesn’t want his computer to be analzed, but instead he gets pwned in the face, over and over again. (continue reading…)

Two organizations, ICANN and IANA, are the critical backbone that makes the Internet work. They control the domain names (e.g. UNiHacker.com, microsoft.com etc) and they also control who is allowed to sell domains. They regulate the Internet domain names for everyone.

A group that calls themselves “NetDevilz” hacked their servers and redirected traffic to another website. A balzy message was also left by the hackers that said, “You think that you control the domains but you don’t! Everybody knows wrong. We control the domains including ICANN! Don’t you believe us?” (continue reading…)

Marymount College’s network was breached by hackers, who tampered with semester one reports. The Eduction Department was also breached but they don’t think they are linked. There are now concerns that personal information about the students has been leaked.

In a statement emailed to The Advertiser yesterday, Marymount College principal Mary Camilleri said: “We can confirm that there was a breach of security of the computer network at Marymount College.”

“This was detected by staff who have now rectified the problem and are continuing to investigate the matter,” Ms Camilleri said.

A popular hip-hop site, SOHH.com, was hacked and riddled with racist pictures and text. It appears that the hackers used the same CSS layout and overwrote some of the main images. Some HTML/CSS was changed, but for the most part it was close to the same. The hacked Hip Hop site contained pictures of swastikas and chained slaves on the front pages. Something tells me that this was an inside job just for the fact that most hackers redirect websites, but this one had a purpose, someone was “getting even”. (continue reading…)

The WRT54G LinkSys wireless routers suffer from security bypass vulnerabilities. When left unencrypted a user could change settings on your router making it useless, or changing the way it works. Some settings that can be changed via remote URL’s are: retore factory defaults, reset admin password, enable mixed wireless mode, disable all wireless encryption, disable mac filtering, and a whole bunch of others.

On a side note, the administrative username and password is stored in clear text in config.bin on the device. It seems LinkSys would want to at least encrypt this file. Almost any value can be changed using the methods below.

There is no evidence that this can be done on an encrypted wireless router. You’d have to have an already established connection to be able to enter the following URL’s into in order to change settings. No connection, no ip address, no worries. Those that leave their routers wide open and on the default setting will be the unguarded victims of a cracker.
(continue reading…)