wrm

Audit for OWASP Risks

Almost everyday there is a report of a new high-profile web site being hacked. The target usually is sensitive corporate information that can be misused to affect a company’s reputation and finances. Safely and accurately audit your web resources for potential security risks.

Submit a Ticket

w0rm said the w0rm.ws team came from an old school hacking background and have a love for freedom of information. They bring together experts to develop solutions for serious security problems, they added, whilst admitting that breaching a site’s defences was illegal in most countries on the planet There are currently around 100 zero-days available for purchase on w0rm.ws. The one in Symfony is going for as much as $30,000, whilst screenshots show others affecting some of the world’s biggest websites going for between $500 and $15,000

w0rm.ws team has been motivated by the sale of databases owned by large brands with high user counts. The stolen information would then be sold via the hacker's online marketplace to spammers, malware distributors and other hackers.

It definitely can feel like a slap in the face to an organization to be hacked, but in reality, most of the time in circumstances like this it's actually a good thing," Hansen said. "W0rm was careful not to give the full path to the actual exploit, and informed the general public that the compromise occurred

W0rm claims that its goals are altruistic, and that it hacked CNET servers to improve the overall security of the Web. By targeting high-profile sites, the group says it can raise awareness about security flaws. W0rm claims to have successfully hacked the BBC in late 2013, as well as earlier hacks of Adobe Systems and Bank of America websites. CNET's popularity is what motivated the group to target the site. "[W]e are driven to make the Internet a better and safer [place] rather than a desire to protect copyright

Seth Rosenblatt. CNet

Хакер w0rm прославился в июле 2014 года, взломав сайты нескольких крупных англоязычных СМИ. 12 июля он получил доступ к сайту издания CNET, объяснив это желанием привлечь внимание к уязвимости в системе управления сайтом и продать готовое решение для предотвращения таких атак, или в случае неудачи продать украденные данные. Позднее так же w0rm поступил с сайтами The Wall Street Journal и Vice. Представитель w0rm пояснял TJ, что хакер таким образом рекламирует себя и привлекает на работу специалистов в области компьютерной безопасности, которые готовы заниматься «белым» аудитом на заказ вместо взломов «по-чёрному»

Никита Лихачёв. TJ

Twitter Blog GitHub