February 2012
33 posts
The Fall of Stratfor →
There’s a research company called Stratfor. It markets itself as a private intelligence company and sells its research to corporate and financial clients worldwide. The firm hires lots of very junior analysts (it’s not able to recruit people with gov’t experience at the pay levels and status they offer) and trains them internally.
Full Article
AntiSec, Stratfor, Wikileaks, and Much Ado About... →
The Compromise
Back in December Stratfor, a private “Intelligence” group was hacked by AntiSec. The hack to date, has yet to be really discussed as to the means to it’s accomplishment, but, I suspect that as usual, it was an SQLi attack if not some other low hanging fruit attack that allowed access into the Stratfor systems. Once inside, the kids had access to everything (allegedly) that...
Kim Dotcom Remains Free on Bail As U.S. Appeal... →
Kim Dotcom remains free on bail after United States authorities lost an appeal of an earlier decision by a New Zealand court to grant him bail. Justice Brewer dismissed the appeal, which was put forward by New Zealand Crown lawyers on behalf of the U.S. government, in the Auckland High Court late Wednesday afternoon, local time.
Full Article
Anonymous Leaves Clues In Failed Vatican Attack →
How do hacktivists launch attacks? A new report details an online assault launched in August by the hacktivist collective Anonymous that lasted for 25 days, and which was designed to disrupt a specific event.
The research, released Sunday by data security vendor Imperva on the eve of this week’s RSA conference in San Francisco, offers a rare glimpse into the specific strategies, tools,...
Why the Progress Bar Is Lying to You →
Our computers are trying to pacify us. When you transfer a file, a progress bar appears to calmly tell you how much time is left. But here’s why that soothing assurance of progress is more like a wild guess.
Full Article
RSA keys not as random as they should be →
A team of cryptographic experts has analysed more than 10 million public keys and discovered serious problems in some of the X509 certificates it collected. This is because some keys were far less random than they should have been – more than 12,000 were easily crackable.
Of the 6,185,372 X.509 certificates analysed, the researchers found 266,729 public keys in which moduli were reused. The...
No, #Anonymous can't DDoS the root DNS servers →
#Anonymous hackers have announced “Operation Global Blackout”, promising to cause an Internet-wide blackout by disabling the core DNS servers. DNS is the phonebook of the Internet that translates machine names (like “www.facebook.com”) to network addresses (like “66.220.158.25”). If hackers can disable the global DNS name system, then typing in your favorite...
Dr. Cyberlove… Or, how I learned to stop worrying... →
The Cyberwars and Your Government
Today I opened an email/link that started me on a long strange trip into the wonderful world of cyberdouchery once again. I suppose that since I work in this business I should not be surprised to be brought to the heights of Tourettes ticking and swearing by what I read, but, yet again my brain just dumps like a BSOD and the stupidity laid before me. The quote...
Moxie Marlinspike's CloudCracker Aims For... →
A little over two years ago, well-known hacker and security researcher Moxie Marlinspike launched an online service that, for a fee of $17, could crack most wifi networks’ password in less than hour. Apparently that wasn’t fast enough.
On Tuesday, Marlinspike launched CloudCracker, an upgrade to the Web-based penetration testing service he formerly called WPACracker, with a major upgrade to the...
Chinese hackers had free rein at Nortel →
According to a report, hackers, allegedly from China, had access to telecoms equipment manufacturer Nortel’s IT systems over a period of several years – access that they took full advantage of. Citing an internal investigation, the Wall Street Journal reported on Tuesday that, using seven passwords stolen from senior managers, intruders had access to almost all confidential information...
Wikileaks to go mobile (Not an app) →
The infamous site Wikileaks is looking to move its operations to a boat in international waters! Holy shades of Snow Crash! The boat idea is being widely reported by several credible news organizations and repeated amongst social media network members today. The earliest incarnation of the story I can find puts Fox News as patient zero for this information spread.
I want to go on record with my...
Six Heartbreaking Truths about Online Dating... →
Millions of people are using online dating sites to search for love or connection, but users should beware: many online dating sites are taking short cuts in safeguarding the privacy and security of users. Whether it’s due to counter-intuitive privacy settings or serious security flaws, users of online dating profiles risk their privacy and security every day. Here are six sobering facts about...
Hackers outwit online banking identity security... →
Criminal hackers have found a way round the latest generation of online banking security devices given out by banks, the BBC has learned. After logging in to the bank’s real site, account holders are being tricked by the offer of training in a new “upgraded security system”. Money is then moved out of the account but this is hidden from the user.
Full Article
Mozilla considers removing Trustwave CA →
Scandalised by the snooping certificate issued by Trustwave, a heise Security reader, Sebastian Wiesinger, has submitted a report to Mozilla’s bug database in which he requests that Trustwave’s root certificates be removed from all Mozilla products. Mozilla’s Kathleen Wilson, who handles the issue, has accepted the submission and requested a statement from Trustwave....
NSA Is Waiting For A Major Incident To Create New... →
So, it appears that the NSA is waiting for a major incident to create new cyber law. They have made it clear that they would enjoy nothing better than to have open access to private networks. This article from Jan 23, 2012 has some unsettling overtones in it.
Full Article
What the RIAA Won’t Tell You: Users Matter →
We really have to wonder when the message is going to sink in. On January 18, millions of Internet users spoke out together in one of the most profound and effective uses of technology to organize political opposition in U.S. history, sending a clear message to Congress that voters will not tolerate crippling of the Internet. But big content remains tone deaf to this chorus of Internet users.
...
Hackers Release Symantec Source Code After Failed... →
Hackers with the Anonymous collective have released source code for Symantec’s pcAnywhere product after failing to secure $50,000 from the company in an extortion attempt.
A hacker going by the online name YamaTough published 1.27 GB of the source code on Pirate Bay Monday night after negotiations to extort money from someone he believed was a Symantec employee fell through. In reality,...
Defendant Ordered to Decrypt Laptop May Have... →
A Colorado woman ordered to decrypt her laptop so prosecutors may use the files against her in a criminal case might have forgotten the password, the defendant’s attorney said Monday.
The authorities seized the Toshiba laptop from defendant Ramona Fricosu in 2010 with a court warrant while investigating alleged mortgage fraud. Ruling that the woman’s Fifth Amendment rights against compelled...
The Password Analysis Red Herring →
Alrighty, this will be a fairly light post (in terms of my own applied analysis)… and, apologies as it’s a wee bit behind the curve on various news pieces in the past couple months (I’d intended to write this in early January - oops!;). Please note that this post applies only to user passwords, and it does not apply to system and database password maintained within various...
Game Theory, Anonymous Causality, and 2012 →
Anonymous Factions and Influences
Anonymous being what it is, has always been susceptible to influence and infiltration from the outside as well as the inside. The nature of the movement is such that it resembles the cell structure of terrorist action groups like Al Qaeda have adopted over the years.
Full Article
Anonymous Leaks FBI, Scotland Yard Phone Call... →
Hacktivists with the online collective Anonymous have released a recording of a sensitive phone call between officials with the FBI, Scotland Yard and other foreign police agencies related to ongoing investigations into hacking.
The conference call, which occurred Jan. 17, focused on the continued investigative efforts against hacktivists associated with Anonymous, LulzSec, Antisec and other...
Bradley Manning to Face All Charges in... →
WikiLeaks suspect Bradley Manning is headed for a general court-martial, according to the commander of the U.S. Army Military District of Washington in an announcement released late Friday.
Maj. Gen. Michael Linnington, the general convening authority for the district, made the determination that Manning will face all 22 charges leveled against him, include aiding the enemy, wrongfully causing...
Google discusses Android security measures →
For the last year, discussions about the risk mobile devices, and the applications they run, have filled the headlines and annual reports of countless security vendors. On Thursday, Google opened up some on the measures they’ve taken to protect the people who’ve come to rely on the Android Market for their application needs.
The Android platform is the fastest growing mobile device platform in...
You may be a Terrorist... →
Do You Like Online Privacy? You May Be a Terrorist
It’s been one of those days when I went from ZERO —> STABBY really really quickly. What brought me to this point today was a tweet linked to an article at PublicIntelligence where they talk about a flyer put out jointly by the FBI and the Department of Justice (Bureau of Justice Assistance) on what to look for in an “online” terrorist or an...
Dear Verisign: Trust requires Transparency →
Reasonable people can differ on what constitutes a thorough analysis. Reasonable people can differ on response activity. We can probably all learn a lot from what happened. Reasonable people can’t argue that Verisign has paid some PR cost, and that they’ll continue to pay it until those who are supposed to trust them are satisfied. That satisfaction requires more than the statements made above....
The need for truthful and honest product... →
The exponential rise in cyber- attacks and the seemingly lock-step proliferation of security products to safeguard against said attacks seem to have created an unintelligible quagmire for consumers of IT security products. Simply put, consumers have to wade through marketing propaganda and techno-speak in their quest for some form of reasonable assurance of a safe, private internet experience.
...
EFF ready to sue if "innocent customers" can't get... →
The Electronic Frontier Foundation (EFF) today officially asked all parties involved in the Megaupload criminal case to refrain from deleting any data stored on servers once leased by the file-hosting service—and it suggested it was willing to sue over the matter.
Full Article
VeriSign Hit by Hackers in 2010 →
Internet giant VeriSign was hacked repeatedly in 2010 resulting in the theft of undisclosed information and raising questions about the integrity of security certificates issued by the company as well as its domain name service.
The breaches were disclosed in vague language in a Securities and Exchange Commission filing last October in accordance with new SEC guidelines requiring companies to...
Privacy supporters are potential terrorists... →
The Bureau of Justice Assistance and the FBI, as part of the Communities Against Terrorism program (think “See Something / Say Something”), have released a flyer outlining several potential indicators of terrorist activities within Internet Cafés. Included among the potential warning signs, are anonymization software usage, steganography, and reading too many news sources on terrorist related...
Key Internet operator VeriSign hit by hackers →
VeriSign Inc, the company in charge of delivering people safely to more than half the world’s websites, has been hacked repeatedly by outsiders who stole undisclosed information from the leading Internet infrastructure company.
The previously unreported breaches occurred in 2010 at the Reston, Virginia-based company, which is ultimately responsible for the integrity of Web addresses...
Babeland Locations Offer Free Bicycle Delivery On... →
Imagine the tragedy if, during a hot party with one or more of your bestest battery-powered and/or silicone friends, one of them suffers from vibrator breakdown or nipple clamp metal-fatigue. And if a toe-curling orgasm causes you to accidentally propel that dildo out the window before you’re finished with it? Never fear…if you’re in Brooklyn, at least!
Full Article
Hacker extracts RFID credit card details →
The widespread use, especially in US credit cards, of RFID chips which can be read through clothing or wallets for contactless payments can lead to cards being read without the owners knowledge or permission. At the Shmoocon security conference held in Washington D.C., US business magazine Forbes reports that Kristin Paget impressively demonstrated the ability to read data on RFID chipped credit...
Who’s Behind the World’s Largest Spam Botnet? →
A Wikileaks-style war of attrition between two competing rogue Internet pharmacy gangs has exposed some of the biggest spammers on the planet. The latest casualties? Several individuals likely responsible for running Grum, currently the world’s most active spam botnet.
Grum is the top spam botnet, according to M86Security In the summer of 2010, hackers stole and leaked the database for SpamIt...