Samsung printers contain hidden, hard-coded management account

https://www.flickr.com/photos/samsungtomorrow/7641624576/

Samsung printers released before October 31, 2012, have been found to contain a hard-coded account that could allow an attacker to remotely take control of the device.

As described in a vulnerability note released by the US Computer Emergency Response Team (CERT), affected printers have a Simple Network Management Protocol (SNMP) account programmed into their firmware. This account continues to permit access to the device even if SNMP functions are disabled in the printer’s management utility. Some Dell printers manufactured by Samsung are also affected.


Original news article at https://news.hitb.org/ on November 27, 2012 at 06:28AM

Sysadmin creates tool to scour web for hacked data

https://cdn.i.haymarket.net.au/Utils/ImageResizer.ashx?n=https%3a%2f%2fi.haymarket.net.au%2fNews%2f20121122082338_OSINT+OPSEC+tool.JPG&w=220&c=1

A Wellington system administrator has developed a tool to identify corporate secrets, hacked data and even stolen credit cards as they emerge on social networks and online clipboards.

Users could set the OSINT OPSEC (Open Source Intelligence / Operational Security) Tool to monitor for keywords, allowing, for example, an organisation to be alerted if a hacking group dumped its sensitive data to clipboard site Pastebin.


Original news article at https://news.hitb.org/ on November 27, 2012 at 04:57AM

Hacker breach President of Sri Lanka website

<!– adsense –>Official website of President of Sri Lanka (president.gov.lk)  breached by hacker going by name “Broken-Security”, using Blind Sql Injection vulnerability.
Vulnerability also posted by hacker on a pastebin note with database dump including table and column names.
Dump include the Username and Encrypted password of admin also as shown in screenshot. Hacker didn’t mention any reason


Original news article at https://thehackernews.com/ on November 22, 2012 at 10:24PM

Hacker Grabs 150k Adobe User Accounts Via SQL Injection

CowboyRobot writes “Adobe today confirmed that one of its databases has been breached by a hacker and that it had temporarily taken offline the affected Connectusers.com website. The hacker, who also goes by Adam Hima, told Dark Reading that the server he attacked was the Connectusers.com Web server, and that he exploited a SQL injection flaw to execute the attack. ‘It was an SQL Injection vulnerability, somehow I was able to dump the database in less requests than normal people do,’ he says. Users passwords for the Adobe Connectusers site were stored and hashed with MD5, he says, which made them ‘easy to crack’ with freely available tools. And Adobe wasn’t using WAFs on the servers, he notes. Tal Beery, a security researcher at Imperva, analyzed the data dump in the Connectusers Pastebin post and found that the list appears to be valid and that the hacked database was relatively old.”

Share on Google+

Read more of this story at Slashdot.


Original news article at https://slashdot.org/ on November 15, 2012 at 06:03AM

Gmail advanced search parameters

Google’s email service Gmail, or Google Mail, supports a variety of advanced search parameters which have not been documented that well until now. Recently it became known for instance that emails can be filtered by size using the size: parameter in the search form on the Gmail website.

Google today announced that all Gmail advanced search parameters are now available on a Searching Gmail support page. This includes the size parameter, but also additional parameters such as “older than” to find emails that are older than the specified age or “larger” which does the same as the size parameter.

Here is a short list of the most important advanced search parameters that you can use to search your emails on the Gmail website:

  • from: – find emails from a specific sender
  • to: – find emails sent to a specific recipient
  • subject: – search for words in subject lines
  • label: – search for messages by label
  • has:attachment – display only messages with attachments
  • filename: – search for attachments by name or filetype
  • in:anywhere – search anywhere included spam and trash folders which are by default excluded from the search results.
  • is:starred, is:unread, is:read – search for messages that are starred, unread or read
  • cc:, bcc: – search for recipients listed in cc or bcc fields
  • after:, before:, older:, newer: – search for messages in a specific period of time using the format yyyy/mm/dd
  • is:chat – search for chat messages
  • size: search for messages larger than a specified size
  • larger:, smaller: – like size, but may use size abbreviations, e.g. 1MB for 1 million bytes.
  • rfc822msgid: – find messages by message header id

gmail sort by size

The search parameters are most effective when used in combination with search terms. You can for instance search for emails that are larger than a specified size sent by a particular contact of yours, or only last year’s emails that you received from a company. Parameters can also be combined, for instance to find all images larger than 10 Megabyte that have been sent before 2009: size:10m older_than:3y.

The support page lists additional search parameters and examples for each parameter which demonstrate how a particular parameter can be used in searches on the Gmail site.


Original news article at https://www.ghacks.net on November 15, 2012 at 04:25AM

Filter Gmail email messages by size

If you need to find large attachments on Gmail quickly, you have a few options at your disposal. You can for instance use the Find Big Email service which automatically goes through all of your emails to sort them by size into groups. The program labels the emails accordingly so that you can quickly display all emails with attachments that are over a certain size.

While that is certainly handy, it means that you have to authorize the service for the operation, something that not all Gmail users may want to do considering that emails often contain important data that no one else should have access to.

Back then I explained how you can use a third party email program like Thunderbird to sort emails by size automatically, which is really helpful in this regard. While you need to install and configure the program first, you can display the sizes manually and without third party help.

There is however another option that you can use on Gmail’s website directly. The undocumented parameter size: enables you to display emails that are larger than the specified size. Use that together with a keyword, e.g. work, the name of a contact or an email address, and you have a filtering system that is easy to use and at the same time very efficient.

gmail sort by size

The size needs to be entered in bytes, a few examples are size:1000000 for files larger than 1 Megabyte, size:100000 for files larger than 100 Kilobyte or size:10000000 for attachments larger than 10 Megabyte. It is technically not fully correct, as one Megabyte is 1048576 Bytes, but that would make things more complicated as they should be. Just add keywords, email addresses or names to the search phrase to find the emails that you are looking for.

The size parameter can be really useful for a number of operations, for instance to delete large emails to free up space, or to locate a specific email that you know had a large attachment attached to it. (via TechSmog)


Original news article at https://www.ghacks.net on November 09, 2012 at 05:04PM

Singaporeans get hard token baked into credit card

https://regmedia.co.uk/2012/11/07/displaycard.jpg

Two-factor authentication just got a whole lot more convenient for residents of Singapore, after Standard Chartered Bank’s local outfit teamed with MasterCard to offer account-holders a credit card that is also a one-time-password-generating hard token.

MasterCard calls the device a ‘Display Card’ and says it includes “an embedded LCD display and touch-sensitive buttons”.


Original news article at https://news.hitb.org/ on November 08, 2012 at 07:53AM

Coca-Cola Co. Computer Systems Hacked, But Organization Never Publicly Disclosed Loss Of Sensitive Information

FBI officials quietly approached executives at Coca-Cola Co. (KO) on March 15, 2009, with some startling news.

Hackers had broken into the company’s computer systems and were pilfering sensitive files about its attempted $2.4 billion acquisition of China Huiyuan Juice Group (1886), according to three people familiar with the situation and an internal company document detailing the cyber intrusion. The Huiyuan deal, which collapsed three days later, would have been the largest foreign takeover of a Chinese company at the time.

Click for complete article >>


Original news article at https://www.teamshatter.com on November 06, 2012 at 01:53AM