Home Data Breaches March 23, 2011, 4:54PM HBGary CEO Speaks Out On Anonymous Hack
* Share/Save Share
* 9 Comments
Twitter Facebook LinkedIn Readdit by Brian Donohue
Greg Hoglund, CEO of HBGary, admits that lackluster security at his company played a central role in the breach that led to the release of some 50,000 company emails, but also disputes common understanding and reported details of the hack and the group behind it, going so far as to say there was actually no hack at all." Link to Original Source top
andrea.sartori (1603543) writes "According to The H, Lastpass, a central storage facility for passwords (lastpass.com), simply blocks the IP addresses of users who test the site's security measures in a move which may cause collateral damage, such as blocking entire networks if multiple persons use the same NAT firewall or a joint proxy to access the internet, and one of them does something "suspicious", like testing their website for XSS or SQL injection problems.
This could be exploited as a rather curious attack system, if somebody embed code in web pages which will call Lastpass URLs with strings that are typical for XSS code; simply viewing a seemingly harmless page could, without any further input by the user, make a browser load these strings and trigger an alarm at Lastpass.
Lastpass replies that risk is small because blocks are triggered manually rather than automatically, and that extensions and apps remain unaffected, which means that users continue to have access to their stored passwords." Link to Original Source top
andrea.sartori (1603543) writes "ZDNet reports that "Hackers have compromised a private e-mail list used by Linux and BSD distributors to share information on embargoed security vulnerabilities and used a backdoor to sniff e-mail traffic, according to the moderator of the list. In a note to Vendor-Sec's members, moderator Marcus Meissner said he noticed the break-in on January 20 but warned that it might have existed for much longer.
Immediately after Meissner's warning e-mail, the attacker re-entered the compromised machine and destroyed the installation."
Meissner has since killed the list: So everyone please consider vendor-sec@....de is dead and gone at this point, successors (or not) will hopefully result out of this discussion.
The H Security notes (link to the H's article) that this isn't the first compromise of the Vendor-Sec list. In 2005, black hat hackers reportedly hijacked a kernel exploit for root access from the list." Link to Original Source top
andrea.sartori (1603543) writes "Chris Adamson posted a very interesting article on pragprog.com, defining C a "punk rock language". The musical analogy is developed and used to compare different types of programming languages. Pickup line: 'One of the defining traits of punk is the do-it-yourself (DIY) ethic, a rejection of the need to buy products or use existing systems, and instead to attend to your own needs. This attitude clearly suits C programming as well.' And: 'Any idiot with a Slashdot handle can talk crap about anything. It’s when you piss off the smart developers that you know you’re working with something interesting.'" Link to Original Source top
So from Apple's perspective, changing the iPhone Developer Program License Agreement to prohibit the use of things like Flash CS5 and MonoTouch to create iPhone apps makes complete sense. I'm not saying you have to like this. I'm not arguing that it's anything other than ruthless competitiveness. I'm not arguing (up to this point) that it benefits anyone other than Apple itself. I'm just arguing that it makes sense from Apple's perspective — and it was Apple's decision to make.
andrea.sartori (1603543) writes "According to net-security.org, "Ransomware is the dominating threat with nine of the detections in the malware top ten list resulting in either scareware or ransomware infesting the victim's PC. Fortinet observed the primary drivers behind these threats to be two of the most notorious botnet "loaders" — Bredolab and Pushdo. Another important finding is the aggressive entrance of a new zero-day threat in FortiGuard's top ten attack list, MS.IE.Userdata.Behavior.Code.Execution, which accounted for 25 percent of the detected activity last month." Link to original source"
andrea.sartori writes | about 5 years ago
The Conficker worm may be an old story, but maybe it's still worth a look. According to the New York Times (http://www.nytimes.com/2009/08/27/technology/27compute.html?_r=1&hp), Conficker is still defying the efforts to eradicate it. John Markoff's article contains a few links, and I just followed them.
The interesting thing here is Redmond, where the infected systems' OS comes from.
"Is my computer infected with the Conficker worm?
Probably not. Microsoft released a security update in October 2008 (MS08-067) to protect against Conficker."
"To date, security researchers have discovered the following variants of the worm in the wild.
* Win32/Conficker.A was reported to Microsoft on November 21, 2008."
Curiously, the NYT states that the first infections were dated November 20.
So they release an anti-Conficker security update before ever knowing of its existence. No, wait: one month before the very first appearance of the worm in the wild.
Have they invented time travel and didn't tell us? (And, will it be included in Windows 7 as a feature? That's one thing I would pay for.)
By the way, the NYT article says as many as 5 million computers are infected now, in more than 200 countries. MS's concept of "probably not" seems a bit vague to me.