Maine Construction Company And Bank Settle Dispute Over $345,000 Online Banking Heist

A Maine construction company that sued its bank after losing $345,000 in an online banking heist has settled its dispute after a protracted legal battle that raised questions about the bank’s responsibility in protecting customer accounts against cyber fraud.

The settlement between Patco Construction and People’s United Bank (formerly Ocean Bank) comes about four months after the U.S. Court of Appeals for the First Circuit faulted the bank’s security measures at the time of the theft and advised the two sides to work out a compromise.

Click for complete article >>


Original news article at http://www.teamshatter.com on November 27, 2012 at 09:04PM

Mystery worm scrambles Iranian databases

http://msnbcmedia3.msn.com/j/streams/2012/November/121127/1C4934891-fromkaspersky.streams_desktop_medium.jpg

A new worm that appears to be targeted at Iran seeks to sabotage corporate databases by searching for specific phrases and values and replacing them with random ones.

This latest bug, dubbed the “Narilam” worm, goes after Microsoft SQL databases, according to Symantec, which first uncovered the malicious code.


Original news article at http://news.hitb.org/ on November 27, 2012 at 06:31AM

Samsung printers contain hidden, hard-coded management account

http://www.flickr.com/photos/samsungtomorrow/7641624576/

Samsung printers released before October 31, 2012, have been found to contain a hard-coded account that could allow an attacker to remotely take control of the device.

As described in a vulnerability note released by the US Computer Emergency Response Team (CERT), affected printers have a Simple Network Management Protocol (SNMP) account programmed into their firmware. This account continues to permit access to the device even if SNMP functions are disabled in the printer’s management utility. Some Dell printers manufactured by Samsung are also affected.


Original news article at http://news.hitb.org/ on November 27, 2012 at 06:28AM

Sysadmin creates tool to scour web for hacked data

http://cdn.i.haymarket.net.au/Utils/ImageResizer.ashx?n=http%3a%2f%2fi.haymarket.net.au%2fNews%2f20121122082338_OSINT+OPSEC+tool.JPG&w=220&c=1

A Wellington system administrator has developed a tool to identify corporate secrets, hacked data and even stolen credit cards as they emerge on social networks and online clipboards.

Users could set the OSINT OPSEC (Open Source Intelligence / Operational Security) Tool to monitor for keywords, allowing, for example, an organisation to be alerted if a hacking group dumped its sensitive data to clipboard site Pastebin.


Original news article at http://news.hitb.org/ on November 27, 2012 at 04:57AM

Hacker breach President of Sri Lanka website

<!– adsense –>Official website of President of Sri Lanka (president.gov.lk)  breached by hacker going by name “Broken-Security”, using Blind Sql Injection vulnerability.
Vulnerability also posted by hacker on a pastebin note with database dump including table and column names.
Dump include the Username and Encrypted password of admin also as shown in screenshot. Hacker didn’t mention any reason


Original news article at http://thehackernews.com/ on November 22, 2012 at 10:24PM

Hacker Grabs 150k Adobe User Accounts Via SQL Injection

CowboyRobot writes “Adobe today confirmed that one of its databases has been breached by a hacker and that it had temporarily taken offline the affected Connectusers.com website. The hacker, who also goes by Adam Hima, told Dark Reading that the server he attacked was the Connectusers.com Web server, and that he exploited a SQL injection flaw to execute the attack. ‘It was an SQL Injection vulnerability, somehow I was able to dump the database in less requests than normal people do,’ he says. Users passwords for the Adobe Connectusers site were stored and hashed with MD5, he says, which made them ‘easy to crack’ with freely available tools. And Adobe wasn’t using WAFs on the servers, he notes. Tal Beery, a security researcher at Imperva, analyzed the data dump in the Connectusers Pastebin post and found that the list appears to be valid and that the hacked database was relatively old.”

Share on Google+

Read more of this story at Slashdot.


Original news article at http://slashdot.org/ on November 15, 2012 at 06:03AM

Gmail advanced search parameters

Google’s email service Gmail, or Google Mail, supports a variety of advanced search parameters which have not been documented that well until now. Recently it became known for instance that emails can be filtered by size using the size: parameter in the search form on the Gmail website.

Google today announced that all Gmail advanced search parameters are now available on a Searching Gmail support page. This includes the size parameter, but also additional parameters such as “older than” to find emails that are older than the specified age or “larger” which does the same as the size parameter.

Here is a short list of the most important advanced search parameters that you can use to search your emails on the Gmail website:

  • from: – find emails from a specific sender
  • to: – find emails sent to a specific recipient
  • subject: – search for words in subject lines
  • label: – search for messages by label
  • has:attachment – display only messages with attachments
  • filename: – search for attachments by name or filetype
  • in:anywhere – search anywhere included spam and trash folders which are by default excluded from the search results.
  • is:starred, is:unread, is:read – search for messages that are starred, unread or read
  • cc:, bcc: – search for recipients listed in cc or bcc fields
  • after:, before:, older:, newer: – search for messages in a specific period of time using the format yyyy/mm/dd
  • is:chat – search for chat messages
  • size: search for messages larger than a specified size
  • larger:, smaller: – like size, but may use size abbreviations, e.g. 1MB for 1 million bytes.
  • rfc822msgid: – find messages by message header id

gmail sort by size

The search parameters are most effective when used in combination with search terms. You can for instance search for emails that are larger than a specified size sent by a particular contact of yours, or only last year’s emails that you received from a company. Parameters can also be combined, for instance to find all images larger than 10 Megabyte that have been sent before 2009: size:10m older_than:3y.

The support page lists additional search parameters and examples for each parameter which demonstrate how a particular parameter can be used in searches on the Gmail site.


Original news article at http://www.ghacks.net on November 15, 2012 at 04:25AM

Filter Gmail email messages by size

If you need to find large attachments on Gmail quickly, you have a few options at your disposal. You can for instance use the Find Big Email service which automatically goes through all of your emails to sort them by size into groups. The program labels the emails accordingly so that you can quickly display all emails with attachments that are over a certain size.

While that is certainly handy, it means that you have to authorize the service for the operation, something that not all Gmail users may want to do considering that emails often contain important data that no one else should have access to.

Back then I explained how you can use a third party email program like Thunderbird to sort emails by size automatically, which is really helpful in this regard. While you need to install and configure the program first, you can display the sizes manually and without third party help.

There is however another option that you can use on Gmail’s website directly. The undocumented parameter size: enables you to display emails that are larger than the specified size. Use that together with a keyword, e.g. work, the name of a contact or an email address, and you have a filtering system that is easy to use and at the same time very efficient.

gmail sort by size

The size needs to be entered in bytes, a few examples are size:1000000 for files larger than 1 Megabyte, size:100000 for files larger than 100 Kilobyte or size:10000000 for attachments larger than 10 Megabyte. It is technically not fully correct, as one Megabyte is 1048576 Bytes, but that would make things more complicated as they should be. Just add keywords, email addresses or names to the search phrase to find the emails that you are looking for.

The size parameter can be really useful for a number of operations, for instance to delete large emails to free up space, or to locate a specific email that you know had a large attachment attached to it. (via TechSmog)


Original news article at http://www.ghacks.net on November 09, 2012 at 05:04PM