hacked

Sony suffers another security scare – 93,000 user accounts broken into

Posted on Updated on


Hackers successfully broke into 93,000 accounts at Sony over the last few days, once again impacting users of the Sony Entertainment Network, PlayStation Network (PSN) and Sony Online Entertainment services.

According to a blog post by Philip Reitinger, Sony’s Chief Information Security Officer, credit card details were not compromised.

Sony blog entry about security breach

As a precautionary step, Sony has frozen the compromised accounts and will email impacted users asking them to confirm their identity and reset their passwords.

Some compromised accounts “showed additional activity prior to being locked,” but the only hint from Sony as to what that activity might entail is that the company says it will “work with any users whom we confirm have had unauthorized purchases made to restore amounts in the PSN/SEN or SOE wallet.”

PlayStation NetworkWhat’s interesting is that it appears that the hackers gained access to the Sony accounts by working through a large database of stolen usernames and passwords – believed to have been sourced from somewhere else. That suggests that the accounts which were broken into were using a non-unique password.

In other words, you were using the same password on the Sony PlayStation Network as you were on website X.

It’s never a good idea to use the same password in multiple places.

Sony’s security team were alerted to the intrusion when they noticed a high number of failed login attempts – so well done to those users who weren’tusing the same password.

At the end of its blog post, Sony’s Reitinger offers some sensible advice to users:

We encourage you to choose unique, hard-to-guess passwords and always look for unusual activity in your account.

The only silver lining for Sony is that this security breach appears to be much smaller in scale than the attacks which hit it earlier this year, where millions had their personal information stolen and the Sony PlayStation Network wasforced offline.

Sony’s reputation was badly harmed earlier this year by the series of hacking attacks. This latest incident certainly isn’t going to do them any favours – as customers will (rightly or wrongly) continue to associate the Sony brand with security breaches.

I’m sure Sony will be hoping that this is the last time a security incident will put their company in the news headlines for all the wrong reasons.

Anonymous leaks 90,000+ military email addresses stolen from Booz Allen Hamilton

Posted on


The latest attack in the infamous “#antisec” movement targeted Booz Allen Hamilton, a consulting firm who works with the US government. Anonymous claims to have infiltrated an unprotected server and were able to steal a significant amount of data.

#antisec banner

They claim to have released email addresses belonging to more than 90,000 US military personnel. While many folks downplay the significance of the attack and say “It’s only email addresses”, these particular email addresses may have more value than it would appear.

If we look back at the high-profile Gmail accounts that were hacked earlier this year, there clearly is demand for information about individuals related to the US defense that can be used to compromise their accounts and computers.

As Mila at Contagio blog wrote about the Gmail attack, the purpose isn’t so much to gain access to the email account itself, but rather to use email as the vehicle through which they can infect the host computer with malware.

The bigger problem for Booz Allen Hamilton is that they stored passwords with these email addresses using only a SHA hash. The passwords are not salted, which will likely lead to the majority of the passwords being exposed.

Anon

In addition to the emails, Anonymous claims to have erased 4 gigabytes worth of source code and to have discovered information which could help them attack US government and other contractors systems.

While this should certainly be embarrassing to Booz Allen Hamilton, the real impact is on the US military. These 90,000+ individuals will need to reset their passwords, and ensure any systems that they shared these passwords with are changed.

While this isn’t likely to do any good, could I please have the attention of those individuals responsible for collecting user names, passwords and personal information from people? Listening?

Could we please see these hacking attacks as a shot across the bow? Now is the time to secure your data… Encryption is NOT optional. For some helpful advice you may wish to check out our Data Security Toolkit.

David Beckham’s website defaced by hackers

Posted on


The website of British football superstar David Beckham has been hacked, with an image of a hapless dog attempting to eat a bowl of food painted on a street sign.

Defaced David Beckham website

A message on the picture reads

"ScooterDAshooter = FAIL"

To be fair, Beckham probably has other things to distract him than his website’s security right now. Yesterday, his celebrity wife Victoria Beckham gave birth to a daughter, who they have decided to name – in the style of a science fiction android – Harper Seven.

That does mean, of course, that more people than usual might be visiting Beckham’s website in the hope of reading more information about their happy event.

David Beckham hacked website code

Fortunately it appears that this particular hack is more about defacement than being malicious – if those who broke in had chosen to, they could probably have inserted malicious code into David Beckham’s website to install malware onto visiting computers.

And, in all seriousness, I doubt that David Beckham is a dab hand with an HTML editor and cascading style sheets, and he probably hires other people to maintain his website and be responsible for its security.

This isn’t the first time, of course, that a footballer’s website has been hacked. For instance, Diego Maradona was dubbed a “cry-baby” after his website was hacked by a Peruvian football fan in 2009.

And earlier this year, a hacker defaced Ronaldinho’s website with pictures that compared him to Star Wars hate figure Jar Jar Binks and Osama bin Laden.

If you run a website make sure you are doing everything to keep it as secure as possible. If you haven’t already done so, read this informative paper by SophosLabs, “Securing websites”, which covers some of the issues.

LulzSec hacks Arizona police over immigration issues

Posted on


Creative Commons photo courtesy of beej55

The latest in a string of attacks by a hacker group known as Lulz Security (LulzSec) targeted the Arizona police today. The hackers exposed user names and personal information of law enforcement officers as well as sensitive documents housed on their servers.

While rumors surfaced about a supposed kingpin of LulzSec being arrested by New Scotland Yard this week, their intimidation tactics continue, and we have no idea who the next target will be.

As usual many of the dumped passwords were easy to guess or crack, showing that too many people believe it can’t happen to them. It is increasingly apparent that using software and encryption to create and protect unique passwords for every website is necessary.

That LulzSec exposed these passwords suggests they were either unencrypted, or used an insecure hashing algorithm. This is bad in and of itself, but far worse if the victims used the same passwords elsewhere.

While many of us are frustrated with the current state of corporate security and would like to affect change in a meaningful way, we control our own destiny. Most of us reside within nations that have democratic governments and can participate in shaping our futures through legal means.

In my view, the hacker ethic is to empower people with understanding and to use our collective intelligence to advance our ideas. Destroying privacy by exposing the information of innocent victims doesn’t advance anything.

HACKED : Sonu Nigam’s email hacked !

Posted on Updated on


Singer Sonu Nigam pressed the panic button when all his friends started receiving random emails, supposedly from him at a time when he was shooting for a TV show.

Nigam didn’t want to specify the content of the abusive mails but dismissed them saying that they were ‘unwanted’.

The mails were sent to everybody on my address list. I want to apologise to everybody on my contact list — the mails were sent to my colleagues, my seniors and even to people I had not interacted for seven or eight years,” says Nigam.

The actor has regained control over his email ID and is considering informing the cyber crime cell of the Mumbai police.

I have re-set my password and tackled all the security questions. But I still don’t know how many more people have received these mails supposedly from me. I want to clarify that I can never send such mails to them,” he added.

SRC : dnaindia.com

Contact me at : contactme.bijay@gmail.com

http://computeraddicted.wordpress.com

http://shenanigans-nepal.blogspot.com/

http://losthacker-deadbj.blogspot.com/

Public Broadcasting Service (PBS) Hacked by Lulzsec, Users data & Database Leaked !

Posted on Updated on


Lulzsec Hack Public Broadcasting Service (PBS) websitehttp://www.pbs.org/lulz/ and Add their deface page as shown above, with a message on page “Hey Anonymous, we heard you were having trouble!”  The Title of the page is “FREE BRADLEY MANNING. FUCK FRONTLINE!” .

They hack the site admin panel and published a report that claims legendary rappers Tupac and Biggie Smalls are alive in New Zealand.

Not only the site, Even they also Leak whole database of Public Broadcasting Service (PBS) via Their Twitter account. The hack is using SQL injection Technique. The tool used for extarcting database is Havij – Automated sql injection tool.

1.) PBS SQL database leaked
2.) PBS Frontline logins
3.) PBS all press passwords
4) PBS all stations and passwords
5.) PBS MySQL root passwords
6.) PBS Network map disclosure
7.) PBS staffers/admins

They also give the indication that their Next Target will be SONY again. They are planning to give another HIT to sony.

Contact me at : contactme.bijay@gmail.com

http://computeraddicted.wordpress.com

http://shenanigans-nepal.blogspot.com/

http://losthacker-deadbj.blogspot.com/

US military contractors hacked – possible link with RSA SecurID breach

Posted on


F-22 Raptor jet fighter

Hackers have broken into the network of Lockheed Martin and several other US military contractors, according to media reports.

Lockheed Martin, has described the attack as “significant and tenacious”.

Blogger Robert Cringely claimed that Lockheed Martin first detected the security breach last weekend (a fact later confirmed by the weapons maker in a press statement). In response to the attack the firm is said to have promptly blocked all remote VPN access to their internal network, and informed over 100,000 users that they would have to change their passwords.

In addition, it’s claimed that all Lockheed personnel with RSA SecurID tokens will be given new tokens.

From the sound of things, Lockheed Martin took swift and sensible action. It was wise of them to take the step of shutting down access to its internal networks as a precaution, once it believed that unauthorised users may have breached its systems.

SecurID tokenThe mention of RSA SecurID tokens, though, is interesting. They’re the devices used by many companies and organisations to provide two factor authentication to allow provide workers with a more secure way of proving they are who they say they are than just providing a username and password.

You may have used something similar when accessing your online bank account – for instance, a keyfob that displays a sequence of numbers that changes every 30 seconds or so.

The reason why this raises eyebrows is that back in March, RSA admitted that it had been hacked, and some of the information stolen was specifically related to RSA’s SecurID two-factor authentication products.

However, RSA has never made public details of precisely what kind of data was stolen – leading to speculation that the security of the widely-used SecurID tokens might have been compromised.

Is it possible that whatever information was stolen from RSA helped the hackers break into Lockheed Martin? If that’s the case, that’s worrying news for businesses around the world.

An unnamed source with direct knowledge of the attacks is said to have confirmed to Reuters that other military contractors have also been compromised.

It’s important to realise that all of these companies are victims of a criminal act – the authorities will no doubt be keen to uncover who is behind these attacks, and where they might have originated from. Only time will tell if those questions are ever answered satisfactorily.

Update: Lockheed Martin has now confirmed the attack, claiming that its “systems remain secure; no customer, program or employee personal data has been compromised.”

Press statement from Lockheed Martin

Here’s the meat of the statement by Lockheed Martin about the hack:

On Saturday, May 21, Lockheed Martin (NYSE: LMT) detected a significant and tenacious attack on its information systems network. The company's information security team detected the attack almost immediately, and took aggressive actions to protect all systems and data. As a result of the swift and deliberate actions taken to protect the network and increase IT security, our systems remain secure; no customer, program or employee personal data has been compromised.

Throughout the ongoing investigation, Lockheed Martin has continued to keep the appropriate U.S. government agencies informed of our actions. The team continues to work around the clock to restore employee access to the network, while maintaining the highest level of security.

To counter the constant threats we face from adversaries around the world, we regularly take actions to increase the security of our systems and to protect our employee, customer and program data. Our policies, procedures and vigilance mitigate the cyber threats to our business, and we remain confident in the integrity of our robust, multi-layered information systems security. 

Contact me at : contactme.bijay@gmail.com

http://computeraddicted.wordpress.com

http://shenanigans-nepal.blogspot.com/

http://losthacker-deadbj.blogspot.com/