Test your application hacking skills! You will be presented with vulnerable pieces of code and you must find which vulnerability exists in that code as quickly as possible. You can also submit questions.
The website, Healthcare.gov leaks data via referer (mispelled accidentally, but stuck) headers.
When you visit a website in general, the referer codes tells the new loading site, where you came from. Since healthcare.gov stores information in the referer headers, It’s easy to glean personal information.
With healthcare.gov, information is automatically sent to 14 other websites, some of which are advertising companies who specialize in user profiling.
Here is an example URL.
https://www.healthcare.gov/see-plans/85308/results/?age=45&smoker=0&parent=&pregnant=0&mec=&zip=85308&state=AZ&income=32500&
It’s not that big of a deal, except that they violate their own rules of privacy, the information won’t be protected because it’s not ‘sensitive’, but eventually it can all be correlated and put together to profile you… Cyberprofiling…
Maybe it is a big deal…
You ready to bring unauthorized hardware on my ‘secure’ network?
Mouse-box, the computer in a mouse, is still in prototype. All we know right now is that it is running ChromeOS or Linux. Maybe a variant of Kali will work too. It is possible to install Kali Linux onto a Chromebook.
Check the video below. I like how one of the benefits is sneaking it into work so you can get on Facebook. That screams Risk and is a slap to the face of Compliance, right?
According to German Independent IT Security company AV-TEST, there are 12,000,000 variants of malware a month. That’s about 4.5 every second! Malware, a combination of the words Malicious and Software, can be downloaded or sent to users to click on through email.
There is a lot of security software available and most well known computer makers sell computers with trial versions. It is a must nowadays.
There are options in all the above to have the software auto-update itself. Set it up, and forget about it. Make sure you run a scheduled full scan during times when you won’t be using your computer.
To keep safe, be weary of attachments and strange websites. Avoid Click Baiting,
Click baiting is a method most commonly found on Social Network sites, where the title is something like below, but the video is actually a picture with the play button photo-shopped onto it. They often lead to websites where malware auto-downloads.
Use the Four Random English Word Generator!
An analysis of the most leaked passwords that were posted online throughout 2014, out of the 3.3 million passwords leaked online, the most common, Top 15 were:
Here’s SplashData’s full list. If your password is on here, you should probably consider changing it to something complex, using upper case and lower case, incorporating the use of numbers and symbols, and even setting up two factor or two step.
2,000,000 vehicles already have the Progressive Snapshot plugged into them via the OnBoardDiagnostic(OBD)-II Port. Digital Bond Labs described at a security conference last week how the Snapshot could be used to hack into some vehicles’ onboard networks. Testing was limited to see if it could be done, not extensive to what all could be done.
It was discovered that the Snapshot does not authenticate to the cellular network, nor encrypt its traffic; it uses unencrypted FTP, the device’s firmware isn’t signed or validated, and there’s no secure boot function. The device runs on CANbus, the same standard that processes the inner workings of the vehicle’s airbags, brakes, cruise control, transmission, etc.
If someone wanted to spoof a cell tower, they could be able to conduct a man-in-the-middle attack. If the correct Progressive servers ever got hacked, hackers could own any affected cars, leaving 2,000,000 zombie cars on the roads today! A zombie is a computer connected to the Internet that has been compromised by a hacker, computer virus or Trojan horse and can be used to perform malicious tasks of one sort or another under remote direction.
Progressive issued a statement saying that the researcher should have notified Progressive. The researcher who found this, named Corey Thuen, tried to notify the Snapshot manufacturer, but got no response.
Want to learn how to hack cars?
Around the number of 770,000 records of personal information consisting of travel insurance clients, names, phone numbers, email addresses, travel dates and prices for policies was stolen around December 18th. Aussie Travel Cover notified 3rd party agents, but did not let their customers or policy holders know.
Investigation led to a hacker named Abdilo, who has mastered SQL Injection, who claims that he did it because he was bored. Information was dumped onto Pastebin. In chat, Abdilo states “It is irresponsible, I do not justify what I do, if you are vuln [vulnerable to hacking] 99 per cent of the time, I am going to steal everything and release it and/or sell it.”
Several customers found out (not by notification from Aussie Travel Cover) and were very disappointed with not being notified that their data was stolen. My research of the Australian Privacy Principals has so far, not shown that Australian companies are required to notify customers of breaches for Personal Information.
SQL injection is by far one of the most effective, easiest, and far-reaching attacks. SQL injection attacks are reported on a daily basis as more and more websites rely on data-driven designs to create dynamic content for readers. SQL injection is a code injection technique that exploits a security vulnerability within the database layer of an application. This vulnerability can be found when user input is incorrectly filtered for string literal escape characters embedded in SQL statements.
SQL Injection is number 1 in the OWASP (Open Web Application Security Project) Top 10 riskiest and most exploited vulnerabilities.
Although SQL injection is most commonly used to attack websites, it can also be used to attack any SQL database.
The first step to performing a SQL injection attack is to find a vulnerable website. One of the easiest ways to find vulnerable sites is known as Google Dorking. In this context, a dork is a specific search query that finds websites meeting the parameters of the advanced query you input.
![CarmeloWalsh[.]com](https://www.carmelowalsh.com/wp-content/uploads/2025/03/cropped-20250226_105950000_iOS.jpg)