In association with heise online

14 December 2012, 16:59

Lost+Found: Metasploit phishing, hacker bounties and Android malware

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Lost+Found logo Too short for news, too good to lose; Lost+Found is a roundup of useful and interesting security news. In this edition: Metasploit goes phishing, Windows 8 password resets, defacing (or not) by git pull, C# rewards, Commander X spotting, and Android malware.

  • With version 4.5 of the Metasploit commercial edition you can now search for human weaknesses. The web assault kit can start a phishing campaign and tell on those who fall for it. Metasploit's armoury has now grown to 1000 exploits.

  • Got a Windows 8 password and ten minutes to spare? Then you've got plenty of time to reset that password.

  • Script kiddies know many tricks to deface web sites, but the most unusual way to do it is to post a pull request on GitHub.

  • The Japanese police are offering a 3 million yen (£22,250) reward for details of the individual – who knows C# and how not to leave a trail on the net – who broke into four individuals' PCs and made it appear as if they were planning mass killings at local schools leading to them being wrongly arrested.

  • Maybe Aaron Barr of HBGary wasn't that far off in his attempt to identify key figures in Anonymous. According to Ars Technica, he correctly identified Commander X from a simple lookup of the "People's Liberation Front" web site – but then he discarded it.

  • The whole point of Google's Anti-Malware Bouncer is to filter out pests from the App catalogue of Google's Play store. But Kaspersky has found it is still hosting malware that forwards mTANs to criminals.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit