Posts

Showing posts from July, 2013

Vulnerability Assessment and Penetration Testing: Imitating a cracker

Hello Everyone, My topic was prompted after I got to listen to some presentations by IT Security companies on carrying out a penetration testing on a company's network. It was quite a colorful and rich presentation about how they were going to scan the network from inside and outside, but the problem was that this has been the trend for some years now. Real world hackers are ever-dynamic evolving, upgrading, and getting more sophisticated by the day, most security consultant firms do not change in their methodologies. Majority of attacks are now client-side based and exploits the weakest link in the network - the user. Social engineering attacks are now more sophisticated than ever, employing clever techniques to bypass endpoint security. Dozens of social engineering tools are out in the wild and can easily be used against targets. Real-world attacks are well-funded, motivated and have a specific aim. Simulating these attacks, which is the job of the pentester, will involve a h...

TRUECALLER database HACKED!!!

Image
Truecaller, an app built by a Swedish company and also has the largest database of collaborative phone directory has been compromised by Syrian Electronic Army hackers. The app was running an outdated Wordpress version, and this has been compromised by hackers with millions of phone records stolen. They claimed to have downloaded more than 7 databases from Truecaller server of 450 GB in size. The Trucaller website is under maintenance, saying "We are doing some upgrades. Thank you for your patience" They also leaked the database admin usernames and passwords. Even if you are not a user of truecaller, you are still not exempted as one of your friends might be using it and has your number stored on his/her phone. Lesson : Limit the amount of information you put on the web. It is not safe and will never be.