Bank robbers have found a very interesting technique.
From The Local article Police thwart remote-control bank heist:
Surprised last August to suddenly see his computer cursor moving on its own, the employee at the Knivsta branch of Swedbank, north of Stockholm, “discovered a cable connected to his computer linked to a remote control device fastened under his desk,” local police spokesman Christer Nordström told AFP.
The employee quickly pulled the plug, interrupting a transfer of several hundred million kronor, Nordström said.
And how they managed to install this remote-control device? According to the news sources during a break-in before the incident – no money had been stolen from the bank during a break-in.
A comment posted to Technocrat.net is pointing to another interesting case (from CIO Update article) confirmed as keylogger case:
The story is still developing but this is what we know: Thieves masquerading as cleaning staff with the help of a security guard installed hardware keystroke loggers on computers within the London branch of Sumitomo Mitsui, a huge Japanese bank.
These computers evidently belonged to help desk personnel.
Swedbank is the leading bank in Sweden, Estonia, Latvia and Lithuania with more than 21,700 employees serving 9 million private and 480,000 corporate customers.
The key which is used to sign iPhone application has apparently leaked, posting the key itself appears to be illegal, therefore we won’t do it, but others have, so just Google search it.
Top Ten Web Hacks of 2007 list has been released by Jeremiah Grossman.
Link to Jeremiah’s post: Top Ten Web Hacks of 2007 (Official)
Various XSS issues, possibilities of firefoxurl vulnerabilities, dangers of opening PDF’s, etc. etc.
I have a webserver where i’ve found several different php shell scripts and I’d like to know how they got there. Are there known vulnerabilities that allow uploading of php files to a server?
I have several sites running on this server with several php script packages including…
Any ideas or pointers will be appreciated!
There are several vulnerabilities in both off the shelf products as well as custom PHP scripts that would allow “uploading”, in essence they don’t need to upload, they just need to get your PHP scripts to execute an arbitrary (outside) PHP script.
PHPbb has several:
Listed as Code Execution, Arbitrary File Upload, etc.
While zencart has just one problem:
But that could be misleading, and just mean that the software is very uncommon.