00:00
00:00
Wurfel-Waffles
Just a super geeky guy who composes music in spare times.

Age 41, Male

Software Developer

TUM

Canada

Joined on 2/9/12

Level:
2
Exp Points:
20 / 50
Exp Rank:
> 100,000
Vote Power:
1.98 votes
Audio Scouts
2
Rank:
Civilian
Global Rank:
> 100,000
Blams:
0
Saves:
1
B/P Bonus:
0%
Whistle:
Normal
Medals:
22
Supporter:
11m 29d

J1: Warn, Hack and Trolled... Hard.

Posted by Wurfel-Waffles - April 17th, 2012


Journal 1: Bankers can't keep their client be secure?

http://packetstormsecurity.org/news/view/20867/3 -Million-Bank-Accounts-Hacked-In-Iran.html

Today we got a hacker hero. Khosrow Zarefarid. He warned Iranian banks about the sec holes, he got ignored. Guess what? Dude released 3 000 000 accounts public just to make attention noises! Trolled over!

http://ircard.blogspot.ca/

Despise shit medias are bitching about his actions, I feel proud of him. Whitehats are a bunch of pussies. You need to ask for permission and make contract to test on limited sectors ONLY! You can only find limited amount of vulnerabilities, of course. Excluding you either get shit responses or no response at all! Such as what I'm doing currently as security adviser and researcher (IBM Security lab). With grey fedora dudes like this guy the world is gonna be more beautiful and safer from thieves.

Should this be apply to every company we do pen tests on, including NG?

More breaking news:

http://www.zdnet.com/blog/security/up-to-15-mill ion-visa-mastercard-credit-card-numbers-stolen/1 1249

http://www.zdnet.com/blog/security/visa-masterca rd-warn-of-massive-security-breach/11152

http://packetstormsecurity.org/news/view/20865/S abpab-Trojan-Returns-Targeting-Users-Via-Corrupt -Word-Files.html

http://www.theregister.co.uk/2012/04/11/apple_sn ubs_mac_botnet_fighter/


Comments

30 years. I've seen this going on for that long....
It's a shame that people who work for large companies, can't be adult enough to say to the grey hats, "Were sorry we were dicks about our security... here, a have year's supply of widgets :3"
Pride goeth before a fall.
Yeah, I got server win2k at least... gonna put that on a sorry Intel PIII system. Should I even bother to patch (a few gigs of many patches :P)?

Too many laws and rules that stop the right and best penentrating test happens. We really want to do our jobs in the best way. None of us actually give a shit about money. It's our responsibility for the clients.

One thing I love greyhat is they are straight forward by not applying or binding to any rule. They have no contract and they have nothing to worry about. It's just their passions of wreaking havoc! In a good way of course.

Lol, if your server is never actually a valuable target to other then why both doing it at all, right? Just keep it rusty and nobody will ever touch it. People nowadays aim for high targets only.