IT World Canada has an interesting article on an issue a lot of my customers have been asking about lately:
Corporate IT administrators may have more to worry about than just the wave of smart watches, Google glasses and other wearable computing devices that could flood the enterprise soon. A recent survey of indicates that more than half of Generation Y workers are prepared to contravene corporate bring your own device and cloud computing policies if it cramps their personal and professional computing and social networking activity.
Showing posts with label hacking. Show all posts
Showing posts with label hacking. Show all posts
Monday, November 11, 2013
Thursday, December 13, 2012
Skynet Botnet Controlled Over Tor
A botnet has been discovered that uses a hidden Tor IRC service for command and control. Although Tor tends to be on the slow side, the extra layers of anonymity make it significantly difficult and maybe even impossible to locate either the C&C servers, or the people running them.
All kinds of direct hack attacks probably occur over the Tor network. This use however, is interesting in that there currently is no known method for shutting them down. I expect that once a compromised server is found, researchers will begin looking for vulnerabilities on the hidden Tor services in the hopes of finding a vulnerability that exposes the actual IP information.
The article discusses how the bots are being used to mine bitcoins.
Either way, this is interesting, and probably will soon be the de facto way to run botnets.
All kinds of direct hack attacks probably occur over the Tor network. This use however, is interesting in that there currently is no known method for shutting them down. I expect that once a compromised server is found, researchers will begin looking for vulnerabilities on the hidden Tor services in the hopes of finding a vulnerability that exposes the actual IP information.
The article discusses how the bots are being used to mine bitcoins.
Either way, this is interesting, and probably will soon be the de facto way to run botnets.
Wednesday, December 12, 2012
Ransom hackers encrypt medical centre's entire database
An Australian medical centre is reported to be considering paying a ransom demand of $4,000 AUD (US$4215) after blackmailers broke into the organisation’s servers and encrypted its entire patient database.
If crime doesn't pay, why is this clinic considering making it profitable? Paying ransom only perpetuates the problem. Instead they should be spending the money on securing their systems. The clinic should be asking themselves:
They already lost once. If they don't bite the bullet and move on, they risk losing again and again. They would also be giving the attackers valuable incentives for attacking more sites.
If crime doesn't pay, why is this clinic considering making it profitable? Paying ransom only perpetuates the problem. Instead they should be spending the money on securing their systems. The clinic should be asking themselves:
- Why should I make this crime profitable for the attacker?
- How do I know they will provide the password and instructions for decrypting the data?
- How do I know that if I decrypt the database, the data hasn't been tampered with?
- If I pay the ransom, what is to stop them from increasing the demand lest they publish the data online?
- What is a better plan for securing the systems and moving on?
They already lost once. If they don't bite the bullet and move on, they risk losing again and again. They would also be giving the attackers valuable incentives for attacking more sites.
Thursday, November 22, 2012
Will Mossad Hunt Down Anonymous?
... if Israel does respond, they may find that it’s much easier to hunt Hamas missile launchers than a loosely organized group of hackers. But where the U.S. treats hacking as a law enforcement issue, if Anonymous crosses a red line (there are lots of those in the Middle East), then Israel may treat this as a national security issue. And the rules and the methods of that game are a lot tougher.
Monday, May 14, 2012
Microsoft Causes OSX Vulnerability, Then Gloats
Microsoft discovered a vulnerability in Word that could allow an attacker to execute code on any system using Microsoft Word to read a specially malformed document, then spins it to say it is proof that Macs are just as vulnerable as Windows to document-based attacks.
Tuesday, March 20, 2012
The Pwn Plug is a little white box that can hack your network
Built by a startup company called Pwnie Express, the Pwn Plug is pretty much the last thing you ever want to find on your network—unless you've hired somebody to put it there. It's a tiny computer that comes preloaded with an arsenal of hacking tools. It can be quickly plugged into any computer network and then used to access it remotely from afar. And it comes with "stealthy decal stickers"—including a little green flowerbud with the word "fresh" underneath it, that makes the device look like an air freshener—so that people won't get suspicious.
Friday, March 16, 2012
Anyone can say they are part of Anonymous... unless it makes them look bad
Anonymous likes to say that anyone can be a member just by saying they are. But apparently anyone creating malware while claiming to be part of Anonymous are officially *not* part of Anonymous. Unless of course it is malware written by other members of Anonymous. This is bizarre circular thinking for folks who have been known to be far more clever in the past. What gives?
Tuesday, February 28, 2012
Anonymous, joining Wikileaks, hacks into the big time
Anonymous, a hacker collective that stays true to its name, appears to be entering the big time.
After hacking the emails of Stratfor, the global intelligence firm, and on Monday cooperating with Wikileaks — already world famous for exposing classified US military documents and diplomatic cables — to publish those emails, Anonymous has gained a new level of notoriety among the public, and attention from authorities.
On Monday morning, twitter account @AnonymousIRC published a series of tweets revealing the hacker group as the source of the Stratfor emails and linking it to Wikileaks. Anonymous first accessed Stratfor's emails in December.
"We promised you those mails and now they'll finally be delivered. Five million (that's 5,000,000) emails at your pleasure," the tweet read.
Anonymous has long defended Wikileaks, most notably in its attacks against Visa, Mastercard and Paypal after those companies blocked customers from using their services to donate money to the secret-sharing site last year. But this appears to be the first time the two organizations have cooperated so directly.
Analysts say that Anonymous' collaboration with Wikileaks, along with recent hacks against the FBI and its release of a video Monday declaring "war" on the US government, has elevated the hacker group in the eyes of US security agencies from its previous status as a petty annoyance to a real threat.
After hacking the emails of Stratfor, the global intelligence firm, and on Monday cooperating with Wikileaks — already world famous for exposing classified US military documents and diplomatic cables — to publish those emails, Anonymous has gained a new level of notoriety among the public, and attention from authorities.
On Monday morning, twitter account @AnonymousIRC published a series of tweets revealing the hacker group as the source of the Stratfor emails and linking it to Wikileaks. Anonymous first accessed Stratfor's emails in December.
"We promised you those mails and now they'll finally be delivered. Five million (that's 5,000,000) emails at your pleasure," the tweet read.
Anonymous has long defended Wikileaks, most notably in its attacks against Visa, Mastercard and Paypal after those companies blocked customers from using their services to donate money to the secret-sharing site last year. But this appears to be the first time the two organizations have cooperated so directly.
Analysts say that Anonymous' collaboration with Wikileaks, along with recent hacks against the FBI and its release of a video Monday declaring "war" on the US government, has elevated the hacker group in the eyes of US security agencies from its previous status as a petty annoyance to a real threat.
Monday, November 21, 2011
Illinois Water Utility Pump Destroyed After Hack
A cyber attack on a Springfield, Ill. public water utility resulted in the destruction of one of its pumps, according to a security expert.
While I would do away with alarmist statements like "This required almost no skill and could be reproduced by a two year old with a basic knowledge of Simatic", and find it hard to give any amount of credibility to people that make such stupid pronouncements, the situation described in this article points out once again how SCADA systems are still not being treated at the level of sensitivity they should be.
While I would do away with alarmist statements like "This required almost no skill and could be reproduced by a two year old with a basic knowledge of Simatic", and find it hard to give any amount of credibility to people that make such stupid pronouncements, the situation described in this article points out once again how SCADA systems are still not being treated at the level of sensitivity they should be.
Tuesday, November 8, 2011
What is Phlashing
Phlashing is a permanent denial of service (DoS) attack that exploits a vulnerability in network-based firmware updates. Such an attack is currently theoretical but if carried out could render the target device inoperable.
Rich Smith, head of HP's Systems Security Lab, discovered the vulnerability and demonstrated the attack at the EUSecWest security conference in June 2008. In a real-world execution, an attacker could use remote update paths in network hardware, which are often left unprotected, to deliver corrupted and flash this to the device. As a result, the device would become unusable.
Rich Smith, head of HP's Systems Security Lab, discovered the vulnerability and demonstrated the attack at the EUSecWest security conference in June 2008. In a real-world execution, an attacker could use remote update paths in network hardware, which are often left unprotected, to deliver corrupted and flash this to the device. As a result, the device would become unusable.
Thursday, August 25, 2011
Ten years later, still the same malware?
At Blackhat2011 during an interview about ESET'S recent Global Threat Report, a reporter asked me why we still see very old strains of common, long-detected malware. After all, haven't we detected these threats in the wild for years by now?
Saturday, August 20, 2011
AES crypto broken by 'groundbreaking' attack
Cryptographers have discovered a way to break the Advanced Encryption Standard used to protect everything from top-secret government documents to online banking transactions.
Biclique Analysis allows 2 bits to be knocked off the key, speeding up brute force attacks by up to 5 times.
It still takes a little longer than you'll be around (trillions of years) to crack a 256 key this way. But they're well on the way.
Thursday, August 18, 2011
Anonymous is not unanimous
From a Pastebin post titled: Anonymous is not Unanimous.
Anonymous has a perception problem. Most people think we're a group of shadowy hackers. This is a fundamental flaw. Anonymous is *groups* of shadowy hackers, and herein lies the problem. Anonymous has done a lot of good in just the past 9 months. It has helped with other groups in providing aid to people on the ground in countries where "democracy" is a bad word.
The mainstream media needs to understand that Anonymous isn't unanimous. I've yet to see wide scale reporting make this distinction. A destructive minority is getting a majority of the press, while those of us who toil in the shadow doing good work for people at home and abroad go unthanked.
BART protestors didn't spring up out of thin air this week. Protests against BART have been ongoing for years. Where's the media coverage? If the media paid more attention to peaceful protests and general social unrest, I think hackers would be far less inclined to do things such as leaking data just to get the attention of the press.
Finally, hacking isn't just about breaking into web servers and leaking data to the public. Far from it. Hacking is just as much about breaking out of things as it is about breaking into things. Hacking is lifestyle, and a mindset. It is about learning more about the technologies we use and social norms we are subject to.
Don't let the actions of a few skew your perception of hackers as a whole.
@AnonyOps
Anonymous has a perception problem. Most people think we're a group of shadowy hackers. This is a fundamental flaw. Anonymous is *groups* of shadowy hackers, and herein lies the problem. Anonymous has done a lot of good in just the past 9 months. It has helped with other groups in providing aid to people on the ground in countries where "democracy" is a bad word.
The mainstream media needs to understand that Anonymous isn't unanimous. I've yet to see wide scale reporting make this distinction. A destructive minority is getting a majority of the press, while those of us who toil in the shadow doing good work for people at home and abroad go unthanked.
BART protestors didn't spring up out of thin air this week. Protests against BART have been ongoing for years. Where's the media coverage? If the media paid more attention to peaceful protests and general social unrest, I think hackers would be far less inclined to do things such as leaking data just to get the attention of the press.
Finally, hacking isn't just about breaking into web servers and leaking data to the public. Far from it. Hacking is just as much about breaking out of things as it is about breaking into things. Hacking is lifestyle, and a mindset. It is about learning more about the technologies we use and social norms we are subject to.
Don't let the actions of a few skew your perception of hackers as a whole.
@AnonyOps
Sunday, August 7, 2011
Check out The INTRUDER Daily
The INTRUDER Daily is a newspaper style aggregation of information security news. Check it out!
Wednesday, June 29, 2011
The Navy Bought Fake Trojanized Chinese Microchips
The Navy Bought Fake Trojanized Chinese Microchips. They weren't only low-quality fakes, they had been made with a "back-door" and could have been remotely shut down at any time. If left undiscovered the result could have rendered useless U.S. missiles and killed the signal from aircraft that tells everyone whether it's friend or foe.
The problem remains with these "trojan-horse" circuits that can be built into the chip and are almost impossible to detect -- especially without the original plans to compare them to.
The Intelligence Advanced Research Projects Agency (IARPA) is now looking for ways to check the chips to make sure they haven't been hacked in the production process.
The problem remains with these "trojan-horse" circuits that can be built into the chip and are almost impossible to detect -- especially without the original plans to compare them to.
The Intelligence Advanced Research Projects Agency (IARPA) is now looking for ways to check the chips to make sure they haven't been hacked in the production process.
Is One of the LulzSec Members a Staffer at Facebook?
According to this pastbin page, one of the LulzSec members is a Facebook staffer.
From the article:
57. Name: Sean Lynch
58. Occupation: Software Engineer at Facebook
The text that follows describes a chat session that ends up exposing the probable identity of group member Joepie91. Oops.
A few other members are identified as well. I keep mentioning to colleagues how hacking has become a sport. I think articles like these, both for and against LulzSec and Anonymous, prove it quite well.
From the article:
57. Name: Sean Lynch
58. Occupation: Software Engineer at Facebook
The text that follows describes a chat session that ends up exposing the probable identity of group member Joepie91. Oops.
A few other members are identified as well. I keep mentioning to colleagues how hacking has become a sport. I think articles like these, both for and against LulzSec and Anonymous, prove it quite well.
Tuesday, June 21, 2011
Amazon's cloud is full of holes
Thomas Schneider, a postdoctoral researcher in the System Security Lab of Technische Universität Darmstadt, said on Monday that Amazon's Web Services is so easy to use that a lot of people create virtual machines without following the security guidelines.
In what they termed was the most critical discovery, the researchers found that the private keys used to authenticate with services such as the Elastic Compute Cloud (EC2) or the Simple Storage Service (S3) were publicly published in Amazon Machine Images (AMIs), which are pre-configured operating systems and application software used to create virtual machines.
But the consequences could be expensive: With those keys, an interloper could start up services on EC2 or S3 using the customer's keys and create "virtual infrastructure worth several thousands of dollars per day at the expense of the key holder," according to the researchers.
In what they termed was the most critical discovery, the researchers found that the private keys used to authenticate with services such as the Elastic Compute Cloud (EC2) or the Simple Storage Service (S3) were publicly published in Amazon Machine Images (AMIs), which are pre-configured operating systems and application software used to create virtual machines.
But the consequences could be expensive: With those keys, an interloper could start up services on EC2 or S3 using the customer's keys and create "virtual infrastructure worth several thousands of dollars per day at the expense of the key holder," according to the researchers.
'LulzSec suspect' arrested by New Scotland Yard
New Scotland Yard has confirmed that it has arrested a 19-year old suspected hacker in Essex, UK, in connection with a series of hacks and denial-of-service attacks against a number of organisations.
It is being widely speculated that the arrest is in connection with the high-profile attacks by the LulzSec hacking group, which has claimed amongst its victims Sony, the CIA, the FBI, and the Serious Organised Crime Agency (SOCA).
It is being widely speculated that the arrest is in connection with the high-profile attacks by the LulzSec hacking group, which has claimed amongst its victims Sony, the CIA, the FBI, and the Serious Organised Crime Agency (SOCA).
Monday, June 20, 2011
Japan Criminalizes Creation, Acquisition or Storage of Computer Viruses
A new law in Japan makes creation or distribution of a computer virus without reasonable cause punishable by up to three years in prison, and acquisition or storage of a virus punishable by up to two years.
I am not sure how stringent their definition of "reasonable cause" is in this case, but it sounds like a good start.
I am not sure how stringent their definition of "reasonable cause" is in this case, but it sounds like a good start.
Saturday, June 18, 2011
PC World Confuses LulzSec with Batman
Why on earth is PC World thanking LulzSec? This article is far too similar to subplots in the Batman or Spiderman movies. Talk about mixed messages... PC World has lost any credibility they may have once had.
Read this article for a more appropriate response to LulzSec's behavior.
Read this article for a more appropriate response to LulzSec's behavior.
Subscribe to:
Posts (Atom)