Security experts are investigating an Egyptian hacker who goes by the name “Virus_Hima”, who released screenshots of potential flaws in Yahoo’s website. This has been done before by the hacker, whose intentions may or may not be good.
One of the flaws identified by this hacker included the ability to access a full backup of one of Yahoo’s domains. The other problems included a cross-site scripting (XSS) and SQL injection vulnerability, according to a PasteBin.com post “Yahoo data leak by Virus_Hima“.
Some of his previous work included Adobe, where he released a batch of more than 200 email addresses obtained from a database belonging to them. Adobe shut down Connectusers.com as a result, which is the Connect Web conferencing service.
Without his “good intentions”, it appears that he also has shut down the claim that he sold a $700 XSS vulnerability in the black market. He claims to be a former blackhat, and that his intentions are good as a vulnerability researcher. However, he was spotted in his PasteBin.com post to be taking shots at security reporter Brian Krebs, calling his site “Krebsonshitz” when it clearly is “Krebs on Security”. Krebs reported about the hacker back when the XSS vulnerability was being sold.
As of recent problems lighting up with PKNIC vulnerability (PKNIC is the Pakistani (.PK) domain name registry), allowed hackers from Turkey to hack into the Pakistani versions of Google, Yahoo, and MSN, plus nearly 300 other webpages. The Turkish hackers also defaced the Pakistani Google homepage. Now, if that isn’t bad enough, an Algerian hacker decides to deface Google and Yahoo in the Romanian versions.
For the Pakistani .PK domain registry, a vulnerability in SQL could allow for injection to exploit it. Therefore, that’s exactly what happened when Turkish hackers hacked into somewhere near 300 .PK domains and defaced at least Google’s .PK site, and maybe a few others. Apparently, during this even, some users were redirected to a webpage showing two penguins and the slogan “Pakistan Downed”.
For the defacement of the Romanian versions of Google and Yahoo (.RO), an Algerian hacker changed the DNS records of those search pages for the sites to a recently hacked server in the Netherlands. It is likely changed DNS records, or some have stated a DNS poisoning attack is also possible.
It is contested on whether the same hacker(s) did both jobs, or if this was two different parties that coincidentally did the same type of work at the same time.
Due to the (once again) uprising of conflict in the Middle East, newer digital attacks are likely, also. It is no surprise to see these issues light up again.
If the attackers had other malicious intents, these hacks could have been worse!
It is now known that emails that apparently come from “firstname.lastname@example.org” are fraudulent, especially if they involve subjects such as Microsoft Windows Update. Lately, there has been a rise in the email spam targeting vulnerable users of very popular companies, we reported about Chase bank.
The attack from the “email@example.com” is an attempt to try to steal Yahoo!, Gmail, AOL, or Outlook.com (Windows Live formerly) passwords.
The body text:
Dear Windows User,
It has come to our attention that your Microsoft windows Installation records are out of date. Every Windows installation has to be tied to an email account for daily update.
This requires you to verify the Email Account. Failure to verify your records will result in account suspension. Click on the Verify button below and enter your login information on the following page to confirm your records.
Microsoft Windows Team.
To see an actual image, see the one from Naked Security.
More on this, see the post from Naked Security.