Tag Archive for: Website

He created a ‘RentaHitman’ website for class project as a joke. But then police got involved after the site got a slew of inquiries from people wanting to actually pay for a hitman

/in


Hands type on laptop

A stock image shows hands typing on a laptop.Getty Images

  • A California man, Bob Innes, said he accidentally created a hitman-for-hire website, per People Magazine.

  • Innes and his friends made the site to start a computer security business in 2005.

  • He later learned that people were reaching out inquiring about making a hit.

A California man said that at least 30 people have been arrested after inquiring about hiring a hitman on his parody website, according to PEOPLE. 

Bob Innes, along with his friends, created the website while participating in an IT program at a California business school in 2005, the outlet reported. They made the site with the intention of starting a computer security company — and chose the quippy domain “RentAHitman.com.”

“Rent as in hire us,” Innes told PEOPLE. “Hit as in network traffic, and men, because there were four of us. We thought it was funny.”

Although the website was live, the group did not officially start the company, according to the report. Three years later, Innes decided to log back in and discovered a slew of inquiries.

According to the report, some people were asking for the price, while others were seeking employment.

“There was even a female out of the UK who wanted to learn the business so that she could be a hitwoman,” the 54-year-old told the publication.

That’s when Innes realized that he had unintentionally set up a website for those seeking to hire a hitman, PEOPLE reported. Innes told the magazine that he decided up the humor by adding phony testimonials and awards.

When a potential customer reaches out for their “services,” he waits a day to reach back out to them. After they show interest in hiring a hitman, he connects them with an “operative,” which happens to be one of the thousands of police departments across the country, per the report.

The website has resulted in more than two dozen arrests and a number of convictions, including a woman who reached out in 2010 about murdering her family members, according to the outlet.

Read the original article on Insider

Source…

Houston unknowingly hosted mail-order bride, casino posts on city website

/in


The page on Wednesday morning featured a spate of blog entries on a variety of confounding topics that were decidedly unrelated to City Hall. They were taken down by the afternoon, after the Houston Chronicle inquired about them.

The source of the blog entries, many of which were nonsensical, was unknown Wednesday. Mary Benton, the city’s communications director, said she alerted the information technology department to the posts. The listed author on the articles, a housing department employee named Ashley Lawson, did not actually write and post them, Benton said.

CITY HALL NEWS: Mayoral aide took bribe to help bar pass inspection, fast-track permit, records show

The entries appeared on the city’s news site, cityofhouston.news, a WordPress blog that does not share a domain with the city’s primary website, houstontx.gov.

Christopher Mitchell, the city’s chief information security officer, said no city information was compromised. 

“We were recently made aware of improper posts appearing on a blog site utilized by the city to allow individual departments to post departmental content,” Mitchell said in a statement. “The blog site is hosted on a third-party platform and is not connected to any City of Houston enterprise systems. At no point did the city experience a compromise of city systems, data, or information. The origin of the posts was from an active account that was no longer in use, and the city is taking all necessary precautions to correct the issue and prevent a recurrence.”

The posts, often in broken or garbled English, had appeared at least 29 times since Sept. 13, displayed as “uncategorized” entries among more routine posts about police and fire investigations and where to get a flu shot.

RELATED NEWS: Once again, Houston is cutting its tax rate — but that doesn’t mean your bill will go down

Source…

Rochester Public Schools fixes internet glitch that blocked school board candidates’ website – Post Bulletin

/in


ROCHESTER — Rochester Public Schools has reported that an issue with its internet security has been fixed, no longer blocking the joint website of four school board candidates.

The candidates

raised the issue

during a recent debate at the Rochester Public Library, accusing the school district of cancel culture and voter suppression. The candidates include John Whelan, Elena Niehoff, Kim Rishavy and Rae Parker.

RPS subsequently responded with a statement, clarifying that the candidates’ website was unable to be accessed since it was “incorrectly flagged on some RPS devices” as a “parked domain” by the district’s security vendor, Netskope. The terms refers to websites that are “in development or waiting for a new owner,” according the Google Ads Center.

As of Sunday, RPS said Netskope had reclassified the website as “education.”

Source…

Hackers may be hiding in plain sight on your favorite website

/in


Security researchers have detailed how domain shadowing is becoming increasingly popular for cybercriminals.

As reported by Bleeping Computer, analysts from Palo Alto Networks (Unit 42) revealed how they came across over 12,000 such incidents over just a three-month period (April to June, 2022).

A depiction of a hacked computer sitting in an office full of PCs.
Getty Images

An offshoot of DNS hijacking, domain shadowing provides the ability to create malicious subdomains by infiltrating legitimate domains. As such, shadowed domains won’t have any impact on the parent domain, which naturally makes them difficult to detect.

Cybercriminals can subsequently use these subdomains to their advantage for various purposes, including phishing, malware distribution, and command and control (C2) operations.

“We conclude from these results that domain shadowing is an active threat to the enterprise, and it is hard to detect without leveraging automated machine learning algorithms that can analyze large amounts of DNS logs,” Unit 42 stated.

Once access has been obtained by threat actors, they could opt to breach the main domain itself and its owners, as well as target users from that website. However, they’ve had success by luring in individuals via the subdomains instead, in addition to the fact that the attackers remain undetected for much longer by relying on this method.

Due to the subtle nature of domain shadowing, Unit 42 mentioned how detecting actual incidents and compromised domains is difficult.

In fact, the VirusTotal platform identified just 200 malicious domains out of the 12,197 domains mentioned in the report. The majority of these cases are connected to an individual phishing campaign that uses a network of 649 shadowed domains via 16 compromised websites.

A system hacked warning alert being displayed on a computer screen.
Getty Images

The phishing campaign revealed how the aforementioned subdomains displayed fake login pages or redirected users to phishing pages, which can essentially circumvent email security filters.

When the subdomain is visited by a user, credentials are requested for a Microsoft account. Even though the URL itself isn’t from an official source, internet security tools aren’t capable of differentiating between a legitimate and fake login page as no warnings are presented.

One of…

Source…