Caught

now browsing by tag

 
 

FDs need to change their approach or be caught out

Source: National Cyber Security – Produced By Gregory Evans

Cyber security is repeatedly in the news, with headlines shouting about security breaches and stolen data, as PR teams scrabble to fix the reputational damage to companies. With all this noise on cyber security, it would seem safe to assume that there is also a wealth of informed and collected…

The post FDs need to change their approach or be caught out appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Florida teens’ deaths in stolen SUV caught on camera

To Purchase This Product/Services, Go To The Store Link Above Or Go To http://www.become007.com/store/ PINELLAS COUNTY, FL (WFLA) – At more than 100 miles per hour, security camera video shows the exact moment a stolen SUV careened out of control, killing three teens. The Pinellas County Sheriff said this crash…

The post Florida teens’ deaths in stolen SUV caught on camera appeared first on Become007.com.

View full post on Become007.com

Couple convicted of child abuse caught in Franklin County

To Purchase This Product/Services, Go To The Store Link Above Or Go To http://www.become007.com/store/ A couple convicted in Athens County Common Pleas Court last week of felony child abuse of their infant daughter are now awaiting extradition from Franklin County after being arrested there Monday, …

The post Couple convicted of child abuse caught in Franklin County appeared first on Become007.com.

View full post on Become007.com

Man charged with child abuse after spanking is caught on camera

A man was charged with child abuse after investigators said he hit a 7-year-old boy 62 times within five minutes in Acres Homes.

The incident was reported at 5 p.m. Thursday at an illegal dumping site near the man’s apartment in northwest Houston.

“He saw a vehicle pull up at one of our illegal dumping sites and saw a man get out of a car and take a young child out of the car and proceed to just beat him senselessly,” said Constable Alan Rosen with Harris County Precinct 1 Constable’s Office.

Investigators said Kordarell Williams, 27, pulled over at James Franklin Street and Esther on Thursday evening and used his hands and a belt to hit a 7-year-old boy all over his body.

Read More

The post Man charged with child abuse after spanking is caught on camera appeared first on Parent Security Online.

View full post on Parent Security Online

Sick paedo, 66, who targeted young girl for years caught after ‘accidentally’ uploading child abuse images to Facebook

AN EVIL paedophile’s years of abuse and horrific sex tourism was uncovered after he “accidentally” uploaded child abuse images to FACEBOOK.

David Grant, 66, was picked up by cops last August and told officers he found underage girls “attractive and pretty” – but was released on bail and able to continue his vile crimes.

The painter and decorator, from Westcliff, in Essex, was meant to be banned from having contact with children after he was arrested and bailed for possession of child abuse images.

But Grant ignored this and carried on assaulting his victim until he was arrested again three months later in what once police officer described as “one of the most harrowing cases” they’ve seen.

Read More

The post Sick paedo, 66, who targeted young girl for years caught after ‘accidentally’ uploading child abuse images to Facebook appeared first on Parent Security Online.

View full post on Parent Security Online

Cheating Man Caught After Uber Sends Notifications To Wife’s iPhone

A cheating businessman from Côte d’Azur in the south of France is blaming Uber for the break-up of his marriage. According to him, it is not his fault for having sex with another woman. He is suing Uber for US$48 million after notifications from the app alerted his wife to the trips he was making to his lover’s home. He only used his wife’s iPhone once to request for a ride, but the glitch in the app caused the notifications to continue streaming to his wife’s phone. Read More….

The post Cheating Man Caught After Uber Sends Notifications To Wife’s iPhone appeared first on Dating Scams 101.

View full post on Dating Scams 101

Guy Reveals Bumble BFF Hack His Wife Is Using To Cheat Without Getting Caught

When dating apps first started to become popular, I was in a longterm relationship. I’ll admit, I was a bit curious as to what was out there. But the overwhelming guilt I felt for just being curious was enough to prevent me from downloading it. There was even a time where an ex dumped me, but we were in the tricky situation where we were still hooking up, I drunkenly downloaded Tinder — and then deleted it after two left swipes because of the soul-crushing guilt. Read More….

The post Guy Reveals Bumble BFF Hack His Wife Is Using To Cheat Without Getting Caught appeared first on Dating Scams 101.

View full post on Dating Scams 101

Cheyenne Police Seek Vehicle Burglary, Credit Card Fraud Suspects Caught on Camera Read More: Cheyenne Police Seek Vehicle Burglary, Credit Card Fraud Suspects Caught on Camera

walmart-couple-still

Source: National Cyber Security – Produced By Gregory Evans

Cheyenne Police Seek Vehicle Burglary, Credit Card Fraud Suspects Caught on Camera  Read More: Cheyenne Police Seek Vehicle Burglary, Credit Card Fraud Suspects Caught on Camera

The Cheyenne Police Department is seeking the public’s help in identifying a man and woman who are suspects in a vehicle burglary and credit card fraud case that occurred between August 20-22.
The two were caught on surveillance video walking

The post Cheyenne Police Seek Vehicle Burglary, Credit Card Fraud Suspects Caught on Camera Read More: Cheyenne Police Seek Vehicle Burglary, Credit Card Fraud Suspects Caught on Camera appeared first on National Cyber Security.

View full post on National Cyber Security

He Worked for Bronx Tenants, Until His Past Caught Up

06crimescene-web1-master768

Source: National Cyber Security – Produced By Gregory Evans

The building superintendent’s name was Vincent Bostick, and he was good with his hands, reliable and quick on snowy days to get outside with a shovel. But he did have one quirk. “He put all these cameras up,” Michael Garcia, a tenant in the building, on Jerome Avenue in the Bronx, said as he pointed […]

The post He Worked for Bronx Tenants, Until His Past Caught Up appeared first on National Cyber Security.

View full post on National Cyber Security

The Facebook hacker who caught a Facebook hacker

fb2

Here’s a fascinating story about a hacker who caught a hacker.

(We’re using the word hacker in a legally non-committal sense here: someone with technical skills who finds ways to do things with a computer system that weren’t supposed to happen.)

We don’t know who the first hacker is, but the second, who caught out the first, goes by Orange Tsai, and works as a penetration tester at Devcore, a boutique security consultancy in Taipei.

Facebook was the victim of both hacks, but is surprisingly relaxed about it.
Facebook considers both hackers to be researchers who participate in the company’s bounty program; indeed, Orange was awarded $10,000 for the discovery described here.

We recommend that you read Orange’s own report, because it gives a very clear account of how a penetration tester (and, for that matter, a cybercrook) goes about researching, exploring and exploiting security holes in a network.

What happened?

The quick version is that Orange went looking for unusually-named Facebook servers, and soon found one called vpn.tfbnw.net.

VPN is short for Virtual Private Network, which is, in this context, a secure gateway into TFBNW, short for The FaceBook NetWork.

That server sounds like a great place to start hacking, but Orange quickly found that it was a recent product with recent patches, and therefore decided not to waste too much time on it.

Instead, Orange decided simply to treat vpn.tfbnw.net as a good starting point on the network to look around for other servers of interest.

This led quickly to files.fb.com, which turned out to be a secure file-sharing product from a company called Accellion; the closest SoHo equivalent is probably a NAS device, short for “network attached storage.”

A server that’s used for in-house collaboration sounds like something you’d want to penetrate specifically to riffle through the content that the server has to offer.

But penetration testing (and, by implication, an attack by cybercriminals) doesn’t always follow the obvious path, as it didn’t in our 2015 story on the risks of an internet-of-things connected kettle.

In that story, the security researchers weren’t interested in hacking the kettle because it was a kettle.

They were interested because it contained a copy of the key to the network, and could be tricked into revealing that key.

Orange figured that files.fb.com might have more to offer than just a stash of files, and that turned out to be a good guess: a number of bugs in server allowed remote code execution (RCE) to deliver what’s called a web shell.

Simply put, that means a legitimate-looking web request, albeit with an unusual URL and request body, could be used to run a system command on the server itself – and the server, of course, is on the inside of the network.

At this point, Orange had enough to claim a solid bounty from Facebook: the ability to run system commands inside the network, without logging in or giving any sort of password, from outside the network.

Strictly speaking, Orange ought to have reported the bug here, and stopped.

What happened next?

But Orange couldn’t resist looking around, and amongst the sort of filenames you’d expect on a collaboration server, soon spotted files that looked like something left behind by an earlier hacker:
The abovementioned log file turned out to contain left-over data from the previous hacker’s stash, allegedly including plaintext Facebook login credentials.

Orange surmised that these credentials included network login passwords for Facebook employees, though quite how far an attacker could get with those passwords isn’t clear.

For all we know, those passwords might apply only to a segregated corner of the Facebook empire, or might lead unerringly to a two-factor authentication challenge.

Other log files that Orange trawled through showed further evidence of what the earlier hacker had been up to, including: poking around on the network; probing the mail server and the directory server; and trying unsuccesfully to steal encryption keys.

Facebook’s response

As we mentioned at the outset, Facebook paid Orange a $10,000 bug bounty, and described the earlier mystery hacker as a participant in the company’s bug program.

Facebook isn’t saying how it connected the earlier hacks with a specific researcher.

By the way, if you’re interested in penetration testing, especially if you are participating under the general rules of a bug bounty program rather than under a specially-agreed contract, we recommend that you don’t go as far as either hacker in this case.

Orange stretched the rules a bit; the earlier mystery hacker stretched them a lot.

In particular, collecting login credentials without an explicit signed agreement is usually considered off-limits, not least because once you take them, you run the risk of losing control over them yourself, as happened in this case.

That takes you from helping to fix a security problem to creating a new one.

That’s exactly the same sort of dilemma you face when doing anti-malware research: how to run real malware in a way that is realistic enough to help you to understand it without actually inflicting it on other innocent users.

You don’t make security stronger by weakening it!
Source:https://nakedsecurity.sophos.com/2016/04/22/the-facebook-hacker-who-caught-a-facebook-hacker/

Related Post

The post The Facebook hacker who caught a Facebook hacker appeared first on AmIHackerProof.com.

View full post on AmIHackerProof.com | Can You Be Hacked?