Wachovia Banking Wizard - XSS - PoC

Full Disclosure

United Breaks Guitars

Song 1



Song 2

XSS AF

For the past five months, a website for investment services giant Ameriprise Financial contained bugs that allowed even low-level criminals to inject malicious content into official company webpages and steal user's cookies, according to Russ McRee of HolisticInfoSec.org who first identified the bugs.

Register story here.

Amex cardholders' data stolen by employee

American Express Co. spokeswoman Susan Korchak said a "relatively small portion" of card members was involved, but declined to be more specific.

The small portion included me! I got the letter early this week. No new card, just told to keep an eye on things...

The former employee has been arrested and the company is investigating how the data was obtained, she said.

AP story here.

Hack? What Hack?

Ex-worker accused of hacking into Mt. Airy computers using co-workers’ IDs to access computer from his residence.

A lot of things are wrong here, but not much hacking...

Leo Harry Hornbaker III, 37, of Bodle Road, a former employee at the Monroe County casino, is accused of using other employees’ user names and passwords to access the casino’s computer from his residence, according to arrest records filed by the state police Bureau of Criminal Investigations Unit.

Story here.

Top 10 most notable Black Hat/Defcon stories

Nice list... I would put Cloud Computing high on the list as folks seem to be jumping before they look.

Malicious Insiders with Ties to the Internet Underground Community

From March, this report (.pdf) is the second in the quarterly series, Spotlight On, published by the Insider Threat Center at CERT and funded by CyLab.

Credit Hackers - from DefCon w/Love

Christopher Soghoian is a fellow at Harvard’s Berkman Center. His paper highlights several approaches perfected by credit hackers.