Hacker News new | past | comments | ask | show | jobs | submit login
Wipro Intruders Targeted Other Major IT Firms (krebsonsecurity.com)
75 points by valiant-comma on April 18, 2019 | hide | past | favorite | 7 comments



"According to the lawsuit by Maritz Holdings, investigators also determined that the "attackers were accessing the Maritz system using accounts registered to Cognizant. For example, in April 2017, someone using a Cognizant account utilized the "fiddler" hacking program to circumvent cyber protections that Maritz had installed several weeks earlier.""

Someone misplaced the parentheses. They should be around the word "hacking", not Fiddler. According to Wikipedia, it is a debugging proxy written by a former program manager for the Internet Explorer group at Microsoft.


More than a decade back, Fiddler was the tool for debugging any network issues in software on windows machines. Definitely not a Hacking program.


While it’s not originally made to be a malicious tool or intended for malicious use, it’s definitely still a tool a malicious “hacker” in the commonly used sense of the word could use.

It’s still a damn handy HTTP proxy for MITM to decrypt SSL traffic, for example. This allows one to closely inspect how a site’s authentication mechanism is implemented, among other things. I still use it today occasionally to try and understand how a given API or site feature is working/implemented based on the raw HTTP requests. You can also use it to try and replay HTTP requests with modified payloads too, as another example. There’s loads of hacking related activities Fiddler can be handy for!

Fiddler’s entire purpose is arguably to intercept, modify and replay HTTP/HTTPS traffic. Many debugging tools like this can also be used nefariously. If I needed to try and poke for vulnerabilities, a debugging proxy like Fiddler is absolutely something I would put in my toolkit. There’s no shortage of tutorials on google for using Fiddler to try and hack websites either.


If you're trying to mitm, you want a hidden agent that isn't easily recongizable and takes up little space.


I am still using it occasionally. It's for capturing network messages like REST services. It can also capture local SSL traffic by injecting certificates.


> What’s remarkable is how many antivirus companies still aren’t flagging as malicious many of the Internet addresses and domains listed in the IoCs, as evidenced by a search at virustotal.com.

I didn't quite understand this part. Do antivirus companies generally flag IP addresses as malicious? Also not sure what the connection of that is with virus total.


If I try to open a known phishing URL, most business firewalls will block the connection. It's not so much a reference to endpoint antivirus, but a part of the all encompassing "AV" solution. You can look up what Mcafee will do with a URL for example here: https://www.trustedsource.org/

Of course the catch is being a "known" phishing site. Google Safebrowse usually blocks URLs in Chrome by the time our firewalls get a block in place.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: