A 23-year-old man, suspected of being a member of the LulzSec hacking gang, has pleaded not guilty to an attack on the Sony Pictures website.
Cody Kretsinger, from Phoenix, Arizona, pleaded not guilty to conspiracy and unauthorized impairment of a protected computer during a hearing at Los Angeles District Court.
Kretsinger is alleged to be the LulzSec member known as “Recursion”, and is accused of being involved in an SQL injection attack that stole information from Sony Pictures in June, exposing users email addresses and passwords.
Approximately 150,000 confidential records were subsequently published online by LulzSec who mocked Sony’s weak security:
"SonyPictures.com was owned by a very simple SQL injection, one of the most primitive and common vulnerabilities, as we should all know by now. From a single injection, we accessed EVERYTHING. Why do you put such faith in a company that allows itself to become open to these simple attacks?"
Prosecutors claim that Kretsinger used the HideMyAss.com proxy server website to disguise his IP address as he allegedly probed Sony Pictures’ computer systems in May 2011, hunting for vulnerabilities.
HideMyAss.com’s terms and conditions stipulate that their service is not to be used for illegal activity, however, and they co-operated with the authorities when a court order was received requesting information.
Kretsinger’s trial is scheduled to begin on December 13th. If convicted he faces up to 15 years in prison.SRC
Remember Zach Braff (Did his parents really choose this name for him?), star of hospital comedy series Scrubs where he played the hapless and endearing character Dr John Dorian?
Well, yesterday Braff announced on Facebook that his website was hacked to display a bogus letter to loyal fans admitting that he was gay.
According to several media reports, Braff’s publicist says that the website was old and hadn’t not been updated since 2006.
The hackers allegedly added the following statement to the site:
"To all my loyal fans, I have been hiding this secret inside me for too long...I am excited and proud to announce that I am an open member of the homosexual community. This is not news to those closest to me, and I honor that they have kept it a secret for such a long time."
The news must have come as a surprise to Taylor Bagley, the actor’s girlfriend.
Soon, everything was clearer, as the 36-year-old Scrubs actor released a statement on his Facebook page in an attempt to stamp out the rumours about his sexuality:
"My old website got hacked. Someone issued a "coming out" statement on my behalf. I'm still straight and in love with my girlfriend. But not too straight; I still love musicals, brunch and Doogie Howser."
I doubt many of us care whether Braff is gay or not. I certainly don’t. But this story underlines the importance of not forgetting about websites we may have created in the past.
If you have a website that you no longer care about, get rid of it. At the very least, you should keep its security up to date. Old sites are much easier targets for hackers than those with up-to-date defences.
To learn some great tips and tricks on how to better protect your website, check out SophosLabs’ free technical paper, Securing Websites.
Image source for picture of Zach Braff and Taylor Bagley: http://www.globalnews.ca
Toshiba announced this weekend that a web server run by its US sales subsidiary had been hacked, and the email addresses, telephone numbers and passwords of hundreds of customers had been compromised.
The Japanese electronics firm said that the server was run by Toshiba America Information Systems Inc., and held personal data relating to 7,520 customers. Fortunately, according to the firm, the personal information exposed did not include any credit card data.
Nevertheless, you don’t want your email address and password falling into hands of malicious hackers.
Not only could cybercriminals “try out” your passwords to see if they unlock any of your other online accounts (too many people use the same password on multiple websites), but they could also target you with attacks pretending to come from Toshiba.
After all, you have a business relationship with Toshiba – so you would be less suspicious of opening an email or clicking on a link which appeared to have been sent by them. Especially if some clever social engineering made the email appear particularly enticing.
A Toshiba spokesperson told the Wall Street Journal, that the Toshiba subsidiary’s IT staff first noticed a problem with the web server on July 11th, and confirmed on July 13th that it had been hacked.
"We will continue the investigation and intend to thoroughly protect customers' information and manage (related computer) systems to prevent a recurrence."
All customers potentially affected by the hack are said to have been informed of the problem by the firm.
If you run a website it’s essential to ensure it is as secure as possible from hacker attacks.
A gang of hackers known as SwagSec announced at the tail end of last week that they had hacked into Lady Gaga’s UK website and made off with a database of names and email addresses of fans. To prove their point, they published the stolen data online.
The press reported that a source close to Lady Gaga said that she was:
"upset and hopes police get to the bottom of how this was allowed to happen"
If she was upset, she made no mention of the hack on her Twitter page, and posted no apology to her UK fans for the poor website security. She wasn’t, however, too upset to tweet about Emmy award nominations or to drop a line to Cher about doing a duet remix.
Although it’s right that the authorities should be informed regarding SwagSec’s illegal activities, there should surely be some recognition at Gaga HQ that perhaps the website was doing a lousy job at securing its fans’ information?
Lady Gaga’s record label, Universal, said it had confirmed that the hack had occurred and said that police had been informed:
"The hackers took a content database dump from http://www.ladygaga.co.uk and a section of email, first name and last name records were accessed. There were no passwords or financial information taken. We take this very seriously and have put in place additional measures to protect personally identifiable information. All those affected have been advised."
The risk to users who had their details compromised, of course, is that they could have been the subject of targeted attacks. Imagine how many of them might have opened an attachment or clicked on a link if they received an email claiming to be about free tickets for a Lady Gaga concert, or a sneak preview of her new video.
But although Universal says that it has contacted everyone who was affected – can they be confident that they know the extent of SwagSec’s hack? After all, the hack is claimed to have occurred weeks ago, but was only made public by SwagSec at the end of last week.
Wouldn’t it be more open and transparent to have a message to fans of the Lady Gaga UK website, telling them all what occurred. I went looking and couldn’t find anything to warn the wider array of Lady Gaga fans.
You may remember that the SwagSec hacking group defaced Amy Winehouse’s website earlier this month as well.
One wonders what eccentric female troubadour they will target next..
WordPress just announced that the source code of three plugins for its popular blog-hosting software was maliciously modified.
Plugins consist of add-in modules which you install on your WordPress server in order to implement additional functionality, instead of writing all the needed code yourself.
Where you might use a DLL with a Windows program – for example, to add a feature such as SSL support or an edit control into an existing application – you’d use a plugin with WordPress.
According to WordPress, the modified plugins were Trojanised to include backdoors.
Web-based backdoors can be extremely dangerous. If you’re a WordPress user, you’ll know that the WordPress platform includes a complete and powerful administration interface, password-protected, via a URL such as “site.example/wp-admin”. A WordPress backdoor might offer something with similar functionality, but using a different, unexpected, URL, and using a password known to the hacker, instead of to you.
As far as I can see, this attack doesn’t affect you or your users unless:
* You run your own installation of the WordPress platform.
* You use one of these plugins: AddThis,WPtouch, or W3 Total Cache.
* You updated your installed copy of one of those plugins in the past 48 hours from wordpress.org.
(WordPress says “in the past day”, but its post is dated simply 21 June 2011. So I’ve boosted that “day” to 48 hours to cover all reasonable interpretations of the WordPress statement. If you changed one of the abovementioned plugins inside a 48-hour window, why not check with WordPress exactly when the danger period was?)
The unwanted source changes have been reversed out, so the very latest versions of the affected plugins are now safe. If you installed a defective one, update it right away and you’ll be safe again.
All wordpress.org passwords for the Support forums, WordPress Trac, and the repository have been force-reset. (This means you have to reset your password, just as you would if you forgot it.)
WordPress also temporarily blocked all access to the plugin repositoryand verified that no other plugins has been Trojanised.
A good response following criminal behaviour.
So, if you’re a WordPress user, don’t freak out when you’re asked to reset your password on your next login. And please take WordPress’s advice:
As a user, make sure to never use the same password for two different services, and we encourage you not to reset your password to be the same as your old one.
(Note. Naked Security runs on the WordPress platform, but we don’t use wordpress.org. We’re hosted by WordPress.com VIP on wordpress.com. We checked with WordPress, and they’ve confirmed that no plugins in the WordPress.com VIP infrastructure were affected. No danger, Will Robinson.)