The Associated Press is now reporting that financial data for at least 4,700 campaign donors was posted on the internet and contact information for 51,000 others was also disseminated. A statement from Coleman’s office indicates that there may have been a breach of the Coleman for Senate web site and that federal investigators, when contacted…
Category: Hack
BT rebuts vulnerability claims
(This is a follow-up to a story reported here). Today, John Leyden of The Register reports that BT.com claims that the flaws HackersBlog reported only involved test systems and that no customer data were at risk. Whether BT’s statement was issued before or after HackersBlog published more about the alleged vulnerability and databases they were…
Pentel online store hacked; customer credit card data accessed
Pentel customers who ordered online at www.pentelstore.com were recently notified that hackers accessed their personal information and credit card information. By letter dated March 3 to the New Hampshire Attorney General, the pen manufacturer reported (pdf) that on January 20, its web maintainer and server host notified them that between December 11, 2008, and January…
HackersBlog exposes BT.com vulnerability (updated)
“Unu” of HackersBlog reports that they have been able to access at least one of UK telecom BT’s databases through SQL injection: A faulty parameter, improperly sanitized opens the vault to the pretious databases. One can gain access to such ordinary things as personal data, login data, and the like. In the first syntax I…
USAID.gov compromised, malware and exploits served
Dancho Danchev of ZDnet reportsthat the Azerbaijan section at the United States Agency for International Development (azerbaijan.usaid.gov) has been compromised and is embedded with malware and exploits serving scripts since approximately March 1. He also provides a dissection of the attack. There’s a YouTube video from AVG as well, although it’s either somewhat blurry or…
Telegraph.co.uk hacked, SQL injection (updated)
The HackersBlog crew, who had previously exposed vulnerabilities in a number of security vendor sites and a social networking site, now reports that they were able to exploit an SQL injection vulnerability to access The Telegraph‘s databases, including one that has 700,000 email addresses and passwords of those receiving the paper’s newsletter. Given how many…