WASHINGTON (AP) — For computer users, a few mouse clicks could mean the difference between staying online and losing Internet connections this summer.
Unknown to most of them, their problem began when international hackers ran an online advertising scam to take control of infected computers around the world. In a highly unusual response, the FBI set up a safety net months ago using government computers to prevent Internet disruptions for those infected users. But that system is to be shut down.
The FBI is encouraging users to visit a website run by its security partner, http://www.dcwg.org , that will inform them whether they’re infected and explain how to fix the problem. After July 9, infected users won’t be able to connect to the Internet.
Most victims don’t even know their computers have been infected, although the malicious software probably has slowed their web surfing and disabled their antivirus software, making their machines more vulnerable to other problems.
Last November, the FBI and other authorities were preparing to take down a hacker ring that had been running an Internet ad scam on a massive network of infected computers.MORE
The Steam video game service, used by 35 million people, has been compromised by hackers.
Its owner and operator, Valve, uncovered an intrusion into a user database while investigating a security breach of its discussion forums.
The attackers used login details from the forum hack to access a database that held ID and credit card data.
Valve said that, so far, it had no evidence that credit cards were being misused or Steam accounts abused. Read the rest of this entry »
if you believe this video — and that’s a big if — the era of thought-controlled phones has begun. A pair of hobbyist hackers claim to have taken Siri, the iPhone 4S feature that obeys voice commands, and turned it into an app that obeys brainwave patterns.
“It works! It really works! It’s so freaking amazing,” Josh Evans and Ollie Hayward announced Tuesday on the blog they created to chronicle what they call “Project Black Mirror.”
In the accompanying YouTube video, Evans wears EEG pads on his forehead and squints in concentration. A circuit board attached to an iPhone on the table beeps shortly later, and a mechanical voice says “calling Graham,” the third member of the project, whose phone then rings.
The hackers explain that they used the EEG pads to record the “signature brain patterns” of 25 Siri-based commands. By pairing the signatures with the commands, they effectively create a brain pattern-to-voice dictionary.MORE
Sesame Street’s YouTube channel was hacked today, leaving its normally family-friendly content replaced with pornographic content, according to a report on the tech blog The Next Web.
YouTube had the content removed in 22 minutes, according to the report, and as of this writing, the show’s channel has been replaced by a message saying it is unavailable.
YouTube representatives declined to comment on Sesame Street’s incident but said the removal of the content was in keeping with user guidelines.
“YouTube’s Community Guidelines prohibit graphic content,” a YouTube spokesperson said. “As always, we remove inappropriate material as soon as we are made aware of it.”
Hackers also altered the Sesame Street YouTube channel’s profile page to add the name MrEdxwx as the user, according to a screenshot posted by Naked Security. The profile also included the following message:MORE
A hacking group known as TeaMp0isoN have published private information belonging to former Prime Minister Tony Blair.
TeaMp0isoN have been in the news recently for allegedly hacking into a web site they claimed belonged to a member of LulzSec.
This time they targeted a webmail server used by Tony Blair in December of 2010. It is unclear why they waited for so long to disclose the breach and there is no evidence as of yet to confirm their story.
The information disclosed includes “Tony Blair Office Members Information, Tony Blair Address & Phone Book (Includes family, friends, MPs & lords) and Katie Kay Curriculum vitae (Tony Blairs special adviser).”
Information on Mr. Blair’s friends and colleagues includes names, home addresses, home, work and cell phone numbers and email addresses. Additionally Mr. Blair’s National Insurance Number (NIN) and Ms. Kay’s CV (resume) are also included in the dump.
We don’t know what specific flaws were exploited in this attack, but seeing that it is a webmail server the most likely method was SQL injection. It is extremely important to keep web servers patched and up to date, especially if they are running Linux using commonly exploited CMSs, webmail solutions and blogging software.
This attack like many we have reported on this year appears to be politically motivated. The TeaMp0isoN attackers called Mr. Blair a war criminal in a Twitter post and much of the language used is derogatory.
It’s not such a happy time over at Sony these days thanks to the bull’s-eye on its back.
But why is Sony — a major player in the worlds of gaming, movies and music — suddenly in the crosshairs of hackers?
Sony’s reputation for aggressively trying to protect its intellectual property rights may provide some clues.
Purdue University security expert Gene Spafford, who testified before Congress about Sony’s security problems, said there are plenty of examples. He cited Sony banning users who modded their PlayStations, the infamous case of installing “rootkits” on PCs of users as copy control for CD, and lawsuits it has filed against the likes of George Hotz andJammie Thomas.
Hotz, a hacker known for unlocking the iPhone, riled up Sony when he started a blog to document his progress hacking the PlayStation 3, which was regarded as being a locked and secure system. Thomas got caught up in a music piracy case, accused by the recording industry of sharing songs on the file-sharing site Kazaa.
“The image that has emerged from all this is that Sony is a rapacious corporation with no heart,” Spafford said. “Thus, it is not surprising that they might be a target for hackers.”
Fast-forward and you have the malicious attack on the PlayStation Network that compromised millions of user accounts and identities. And once word got out that Sony was not doing as good a job on the security side as it should be, the sharks could smell blood in the water.
Here’s a quick timeline of the attacks:
*June 2 — Lulzsec attacks Sonypictures.com, gains access to user information.
*May 24 — Sony confirms hackers stole 2,000 records from Sony’s Canadian site.
*May 23 — Sony BMG server in Greece hacked, user account info stolen.
*May 19-20 — $1200 worth of virtual tokens stolen from So-Net, a Sony subsidiary; phishing site found on Thai Sony server.
*May 2 — Sony acknowledges over 12,000 credit card numbers were stolen during initial PSN attacks.
*April 17 — PlayStation Network hacked, hackers gain access to personal info of over 77 million users.
Computer security expert and former hacker Gregory Evans said Sony would be well-served to hire ex-hackers instead of IT managers to help secure its networks.
“Anyone can configure a firewall, but (it) does not mean you are a security expert,” he said.
Contact me at : email@example.com
The same hackers who recently attacked PBS.org have turned their attention back to Sony by releasing the latest dump of information stolen from Sony’s websites.
While the information disclosed includes approximately 150,000 records, the hackers claim the databases exposed contain over 4.5 million records, at least a million of which include user information.
The data stolen includes:
- A link to a vulnerable sonypictures.com webpage.
- 12,500 users related to Auto Trader (Contest entrants?) including birth dates, addresses, email addresses, full names, plain text passwords, user IDs and phone numbers.
- 21,000 IDs associated with a DB table labeled “BEAUTY_USERS” including email addresses and plain text passwords.
- ~20,000 Sony Music coupons (out of 3.5 million in the DB).
- Just under 18,000 emails and plain text passwords from a Seinfeld “Del Boca” sweepstakes.
- Over 65,000 Sony Music codes.
- Several other tables including those from Sony BMG in The Netherlands and Belgium.
The attackers, LulzSec, stated in their file titled “PRETENTIOUS PRESS STATEMENT.txt”:
“SonyPictures.com was owned by a very simple SQL injection, one of the most primitive and common vulnerabilities, as we should all know by now. From a single injection, we accessed EVERYTHING. Why do you put such faith in a company that allows itself to become open to these simple attacks?”
This sounds like a broken record… Passwords and sensitive user details stored in plain text… Attackers using “a very simple SQL injection” to compromise a major media conglomerate.
Worst of all the hackers are exposing over a million people to having their accounts compromised and identities stolen simply to make a political point.
The take away for the average internet users is clear. Don’t trust that your password is being securely stored and be sure to use a unique password for every website to limit your exposure if hacks like these occur.
I took a brief look at some of the information disclosed and many passwords used were things like “faithful”, “hockey”, “123456″, “freddie”, “123qaz” and “michael”.
Companies collecting information from their customers have a duty to protect that information as well.
In addition to employing proper encryption to protect against theft or loss, companies should work with reputable penetration testers to validate their security plans.
Interested in some practical help with data security? Download our Data Security Toolkit.
Interested in encrypting your own personal files? Try out Sophos Free Encryption.
Contact me at : firstname.lastname@example.org
No security system is absolutely foolproof, and changing conditions in the future can make a currently secure environment less secure.
These gaps in what we know are not for lack of trying by experts, but rather an unfortunate testament to the skill of those who perpetrated the attacks. Some aspects of the intrusion may never be known.
Sony has still not found the identities of the hackers except to subtly accuse the hacking group “Anonymous.”
Dating Website FindFriendz hacked by an indian hacker, lionaneesh and 45,000 users data got compromised.
Contact me at : email@example.com