Archive for the ‘hacking’ Category
Wednesday, February 6th, 2013
In the latest in a string of high-profile hacking disclosures, the Federal Reserve confirmed on Wednesday that one of its websites was broken into by cyber hackers in a breach that reportedly leaked the contact information of thousands of bankers.
While the central bank said the incident didn’t “affect critical operations” of the Federal Reserve System, the disclosure is sure to fuel concerns about the cyber security of government websites and critical financial infrastructure.
The Fed hack appears to be tied to an Anonymous group that published on Twitter the credentials of more than 4,000 commercial bankers early Monday morning. The group, Operation Last Resort, said it received the documents “via the FED.”
“The Federal Reserve System is aware that information was obtained by exploiting a temporary vulnerability in a website vendor product. The exposure was fixed shortly after discovery and is no longer an issue,” a Fed spokesman told FOX Business. (more…)
Wednesday, July 25th, 2012
Between jewelry, passports, laptops, and even tablets, a lot of us carry some very expensive things when we travel. And we expect the hotel we’re staying at to do all they reasonably can to keep us and our belongings safe. But according to a Forbes report, hotel doors with keycard entry offer virtually no security at all — they can be easily hacked with as little as $50 worth of equipment.
According to 24-year old security expert Cody Brocious, if your hotel room door’s keycard lock has a DC power port, it can be broken in to with inexpensive software and other hacking tools. And to prove it, Brocious has created a device capable of breaking into as many as 5,000,000 hotel rooms worldwide. The device works by spoofing the all-access cards used by hotel staff. According to Brocious, while every locked hotel room door requires its own access code to open, that access code is programmed into the door itself. The hacking tool can read the code, and then use it moments later to unlock the door.
Brocious will talk more about his hacking tool (and, more broadly, hotel room security) at the Black Hat USA security conference on July 24
Read original story here: yahoo.com
Friday, June 8th, 2012
Social network LinkedIn confirmed a security breach Wednesday that resulted in the loss of encrypted passwords and could allow criminals to break into subscribers’ accounts.
Norway-based tech blog Dagens IT reported earlier in the day that hacked passwords were first posted to a Russian hackers forum. Two security firms, Sophos and Rapid7, said they were able to confirm the breach by searching for the known passwords of colleagues within the massive file they say has been spreading through other hacker forums.
Vicente Silveira a director at Linkedin confirmed in a blog post on the site “that some of the passwords that were compromised correspond to LinkedIn accounts.” The company said effected members would have their passwords deactivated and would receive instructions by email on how to reset.
Silveira added that LinkedIn has “just recently” put in place security measures that would prevent hackers from easily guessing passwords.
LinkedIn didn’t specify how many passwords were compromised. Dagens IT reported 6.5 million passwords, which would represent about 4% of LinkedIn’s 150 million users.
Other hackers have managed to de-encrypt and post passwords online, said Graham Cluley, a security consultant at Sophos. Mr. Cluley said there is so far no evidence that the passwords have been linked to user email addresses.
Read Original Story Here: blog
Thursday, February 16th, 2012
It seems that at least once a month we are reading a story about another large company being the victim of hacking. Reports on computer hacking into customer databases of large companies is becoming common news.
The latest victim is Microsoft’s online retail store serving India. Yes, computer giant Microsoft can’t even protect the personal data of its customers. That is scary!
I resisted online shopping for many years for this very reason. Occasionally, I am forced to make purchases online, but I am never comfortable doing so. It is obvious that large corporations are not doing enough to protect the personal information of their customers.
Todd Thiemann, product specialist at encryption company Vormetric, says, “As we saw with Sony, Stratfor, Zappos and others, hackers value this information and are selling it on a thriving black market to others focused on identity theft.” “Companies need to rethink how to value and protect customer data.”
On Feb 13, Microsoft took it’s Store India off line after word got out that the site’s customer database had been hacked. A group referring to itself as “Evil Shadow Team” took credit in a blogpost written in Mandarin.
Evil Shadow’s self-proclaimed leader, who refers to himself as 7zl, told Reuters the data had been found unencrypted on the website. On the blog post, 7zl declared himself to be a “patriotic hacker.”
In a statement to Reuters by a Microsoft spokeswoman, she said, the company is “investigating a limited compromise” of the company’s online store in India. “The store customers have already been sent guidance on the issue and suggested immediate actions.” “We are diligently working to remedy the issue and keep our customers protected.”
In addition, the hackers have released user name and password combinations that were saved in plain text by Microsoft. “Storing this data in clear text is playing with fire,” says Thiemann.
I have to ask the obvious question – why wouldn’t this computer giant have (and use) the resources and knowledge to encrypt sensitive data and not store data in clear text? (more…)
Wednesday, January 18th, 2012
It is becoming increasingly challenging for companies to stay one step ahead of cyber-criminals. A book on “Vulnerability Management for Dummies” isn’t likely to be very helpful. Given the level of sophistication of the constant attacks plaguing large companies and individuals, you would need a Master’s degree in computer programming at minimum.
Cyber-criminals have now devised a malware designed to infiltrate portable documents, commonly known as PDF. Generally, malware is intended to be intercepted by antivirus software.
Defense analysts cited in online commentaries said the PDF attacks were aimed at corporate and government institutions and were part of sophisticated schemes aimed at stealing information from systems otherwise thought to be secure and protected by firewalls.
Several corporate sources confirmed defense organizations were targeted in the attacks. The attackers appear to be nicely funded and the attacks could come from an unknown country or corporate entity – making it more difficult to track the offenders.
News of the latest cyber-threat coming through PDF files followed warnings from computer software company Symantec and comments from defense manufacturer Lockheed Martin, along with software provider Adobe who acknowledged the risks.
Symantec said cyber-criminals are trying to take advantage of the alleged weakness in Adobe’s PDF reading and editing software with the family malware called Sykipot. (more…)
Thursday, January 12th, 2012
People who have been the victim of identify theft know it can take months or even years to clean up the mess. It is one of the most stressful experiences a person can have. The story I am about to share is very real. A close friend of mine was a victim of such a crime and the fact that resetting that person’s email password was all the thief needed to do to get the ball rolling is scary. This individual didn’t use simple passwords, yet the thief was still successful. Still, you should make your passwords and security questions unique and don’t use the same information for multiple accounts. Make the answers to your questions incorrect – just random information that isn’t even true. You may have to write down this information since all of us have so many accounts – making it impossible to remember everything. But, this minor inconvenience sure beats the major nightmare you will live if your identity is even stolen.
Herbert Thompson is an academic software developer who loves being a geek. He has stolen the identities of several casual acquaintances. In one case he gained access to a bank account in seven very simple steps. He didn’t use any programming tricks – only a little sleuth work.
As part of an experiment and with the permission of some people he barely knew, Thompson stole their identities to demonstrate to the public just how easy it is to gain access to personal data and banking information. His experiment only required some basic surfing for freely available personal data. The following steps show is how vulnerable we all are to security breach. (more…)
Wednesday, January 11th, 2012
Much has been written about the security concerns of the President of the United States using a Blackberry. President Obama’s use of the device came under fire primarily because he is more willing to embrace technology than previous Presidents and admits to being addicted to the device.
I am no expert on how hackers do their thing, but I find it disturbing when the media/journalists either print or talk of the ways in which national security can be breached. Why would we want to give the crazies of the world any tips on how to breach our national security? Exposing techniques for hacking or eavesdropping on the President of the United States is quite irresponsible – whether you know what you are talking about or not. Even if the concerns are justified, don’t publicize it! Just like I would ask you not to give written instructions on how to make a bomb.
Two such articles attempt to expose the vulnerabilities of the President’s use of a Blackberry (links provided at the end of this story). My head was spinning after reading about the various technologies, the proposed vulnerabilities written by non-security experts, and the comments written by readers explaining why/how it would be virtually impossible to hack into the President’s Blackberry.
Both stories seem more focused on concerns that carrying around a Blackberry places the President at risk because his location could be determined either via GPS tracking of his device or by hackers being able to hone in on which device belongs to the President by discovering the serial number (IMEI) of his device. (more…)
Tuesday, January 10th, 2012
Facebook has been victimized by security issues. Up to 45,000 Facebook users have been hit by a computer worm which has stolen passwords and login details.
The worm was discovered by an Israeli security firm, Seculert. Evidence of the attacks was reportedly discovered in Seculert’s logs.
The worm, known as Ramnit, was first detected in April 2010, and is described as malware that infects Windows executable and HTML files, stealing information like stored credentials and browser cookies.
When the worm first appeared, it targeted financial institutions. Now, it is targeting Facebook and its 800 million users, especially in Europe. Approximately 69 percent of the 45,000 compromised login details were from Facebook users in Britain, followed by 27 percent in France and 4 percent elsewhere.
PC Magazine reported that a July 2011 report from security firm Symantec said Ramnit was responsible for 17.3 percent of all new malicious software infections.
More than 800,000 machines have been infected with Ramnit since September 2011, though not all have been hit by the Facebook attack.
Seculert said: “We suspect that the attackers behind Ramnit are using the stolen credentials to login to victim’s Facebook accounts and to transmit malicious links to their friends, thereby intensifying the malware’s spread even further.”
The firm went on to say, “Cybercriminals are taking advantage of the fact that users tend to use the same password in various web-based services to gain remote access to corporate networks.” (more…)