IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [intrusion]

Intrusion the act of wrongfully entering upon, seizing, or taking possession of property owned and/or operated by others.

Intrusion the act of wrongfully entering upon, seizing, or taking possession of property like computer systems, mobile devices, etc. which are owned and/or operated by others.

144 questions
173
votes
4 answers

GitLab account hacked and repo wiped

I was working on a project, a private repo, and suddenly all the commits disappeared and were replaced with a single text file saying To recover your lost code and avoid leaking it: Send us 0.1 Bitcoin (BTC) to our Bitcoin address…
Stefan Gabos
  • 1,113
  • 2
  • 6
  • 9
25
votes
2 answers

How does WiFi password cracking work?

Let's say I have a wireless network that is password protected. What procedures can an intruder take to gain access to my wireless network, or at least be able to decipher the packets I am sending into something understandable? How long would such a…
Quillion
  • 1,134
  • 5
  • 16
  • 25
21
votes
7 answers

Defence Against Keyboard Keylogger

I am wondering whether there is a way to defend against USB Keyboard Keylogger (obviously other than physically checking the keyboard every time after leaving my computer unattended). These days, people can buy cheep hw keyloggers, such as the…
Martin Vegter
  • 1,826
  • 4
  • 27
  • 39
19
votes
1 answer

Github account hacked and repo wiped - Github Response

One of my repo's was wiped today and just a message left in its place with a bitcoin ransom. I've no idea how they accessed my account, can't really see anything on github security page. The domain of the email they want me to contact was only…
Raymie
  • 191
  • 1
  • 6
16
votes
4 answers

what to do after suspected intrusion on hobby webserver

I maintain a server to host my files and a number of websites for hobbies and friends. I just noticed that the site summary being returned in google for one of my domains were all porn related (search "fringe.org", 1st result). Checking the source,…
Sam Swift
  • 263
  • 1
  • 6
15
votes
7 answers

UNIX Servers: Possible intrusions or attacks that do not use any of the open listen sockets

What type of attacks are there that do not use open TCP or open UDP ports? Is it safe to assume that no open ports means no remote access? (Excluding the possibility that there is a badware already on the machine that makes outgoing connections to…
700 Software
  • 13,807
  • 3
  • 52
  • 82
14
votes
3 answers

Drupal server compromised - I want to investigate the attack technique / compromise

I've got a drupal site running on an up to date CentOS 7 LAMP AWS EC2 instance (freshly installed a couple of months ago) and I've just found out that somehow, probably through a poorly coded 3rd party module downloaded from drupal site and…
NotGaeL
  • 242
  • 1
  • 9
13
votes
2 answers

HIDS - Choosing between regular OSSEC or Wazuh fork

I intend to set up OSSEC and noticed there seem to be two main flavours: plain OSSEC and Wazuh fork. From what I've been able to gather (from Wazuh's website and documentation), the main advantages of Wazuh are: its ability to integrate with…
simoesf
  • 133
  • 1
  • 1
  • 6
11
votes
3 answers

What free tools or techniques exist to discover anomalies in network flows?

I have been using FlowMatrix. What do others do on the cheap?
Tate Hansen
  • 13,714
  • 3
  • 40
  • 83
10
votes
5 answers

How would you detect whether customer data has been leaked?

I'm a very security conscious (bordering paranoia) freelance web developer and I place a lot of emphasis on security with my clients, alas I've found this doesn't seem to be the case for the average web developer. Something that's been bothering me…
Matt Deacalion
  • 203
  • 1
  • 7
10
votes
1 answer

Cracking PCI terminal using a trojan based on the card

I have come across an article which states the following: According to MWR InfoSecurity, cybercriminals can use fake cards containing a software code to gain access not only to a customer's PIN and primary account numbers shown on the front of…
Kyle Rosendo
  • 3,965
  • 4
  • 18
  • 17
8
votes
3 answers

Firewall says that a program that I'm developing is trying to connect to the Internet

I'm seriously confused about this, since the program is entirely developed by myself and has no means/functionality to connect to any network/the internet whatsoever. I'm a software engineer but not knowledgeable about computer security, so while I…
Jennifer Owens
  • 183
  • 5
8
votes
5 answers

What would you define as an "advanced" hacker attempt?

This subject might just barely be a programming topic. Though, in my point of view, it is of great concern to programmers because of our responsibility to develop secure code. Recently, there has been a lot of talk about web exploits in my country. …
Independent
  • 425
  • 4
  • 12
8
votes
3 answers

Can you tell if an attack is successful by looking at IPS logs?

In my organization, we have an IPS behind a firewall. Each time a security event is triggered, I am left to wonder if the attack is really successful. For events that are set to drop in inline, we can be assured that the attack is most unlikely to…
Fred1234
  • 383
  • 1
  • 3
  • 10
7
votes
2 answers

How exactly was Sony Pictures hacked November 2014?

There is lots of media coverage like this one but I have not yet been able to find details on how the hackers got into the network, the servers and the users' systems. So what vulnerabilities / zero-days did they use ? How did they apparently manage…
Arc
  • 652
  • 5
  • 11
1
2 3
9 10