Day: June 4, 2011
Those using IE7, Safari 3, Firefox 3.5 and their predecessors to view Gmail, Google Calendar, Talk, Docs and Sites will then lose some functions.
Eventually, it warned, these web services will stop working for those sticking with older browsers.
The move is part of a trend to stop the use of ageing browsers which can be insecure and not sophisticated enough to handle the latest web technologies.
Statistics on browser versions gathered by StatCounter suggest about 17% need to change in the light of Google’s decision.
Google made its announcement in a blogpost saying its engineers were keen to make use of the latest capabilities in browsers, and that required support for HTML5 technology.
As a result, from 1 August, Google will only support what it calls “modern browsers”. By this it means the latest versions and major prior releases of Chrome, Firefox, Internet Explorer and Safari.
As new versions of these are released, Google will get its web services working with that and then drop support for the third-oldest version.
Support in this sense means that Google will only do compatibility testing with more up-to-date browsers. It will not carry out tests with older programmes and can make no guarantees that web services will work with them.
Concluding the blogpost, Venkat Panchapakesan, vice president of engineering at Google, wrote: “These new browsers are more than just a modern convenience, they are a necessity for what the future holds.”
In mid-May, Mozilla, which oversees development of Firefox, kicked off a plan to get the 12 million or so people using version 3.5 of its browser to update.
It said it was “frustrated” with efforts to get people to upgrade and had taken a series of steps to force change.
It used pop-up screens, adverts, re-directs and updates to steer people towards more recent versions of Firefox.
Figures gathered by Mozilla suggest the campaign has had some success as the number of users on Firefox 3.5 has now dropped to about one million.
Microsoft’s campaign to stop people using Internet Explorer 6 is one of the longest running upgrade efforts.
The software giant has used its automatic update system to get newer versions of its browser out to many users.
However, many companies prefer not to use this system and that has meant IE6 clinging on in some firms and nations.
Globally about 11% of browsers are IE6, suggest figures compiled by Microsoft, and there is a wide variation around the world.
About 34% of Chinese net users are on IE6, as are 22.3% of South Koreans and 11.6% of Vietnamese people.
Contact me at : email@example.com
Karim Hijazi knew his nightmare was just beginning when he saw that a mysterious e-mail had arrived in his inbox at 3 a.m. on May 26 that included his e-mail password and the subject line “Let us talk.”
That would mark the beginning of a weeklong saga of e-mail exchanges and Internet Relay Chat (IRC) discussions in which Hijazi says a group of hackers told him they wouldn’t publicly divulge information they had gotten from snooping on his accounts if he revealed sensitive security information acquired by the botnet-tracking firm,Unveillance, that he launched last year. The hackers, who call themselves LulzSec, wanted to know the whereabouts of compromised computers on the Internet that when remotely controlled are used en masse to attack Web sites, he told CNET in an exclusive phone interview late last night.
When he refused, LulzSec went public with his data, Hijazi says, posting his personal contact information, e-mails, and chat logs for download online yesterday as part of a campaign to embarrass the FBI and its InfraGard partner. The group had hacked the Web site of InfraGard Atlanta and grabbed usernames and passwords for about 180 members, including Hijazi. Because Hijazi had used the same password on the InfraGard site that he used on his personal Gmail account and his corporate Google Apps account, the hackers were easily able to spy on his personal and business activities.
Hijazi contacted the FBI right after that first LulzSec e-mail and said he plans to prosecute if he can.
“They had me under the gun for a little over a week with threats and extortion,” said Hijazi, chief executive of Unveillance. “The very nature of having to contend with someone who is holding something ransom is not pleasant.”
“I don’t believe it will impact our organization; it just sucks for my family and me,” he said when asked whether his business would suffer as a result of the incident.
Contact me at : firstname.lastname@example.org
By my count this is unlucky hack number 13 for Sony. A Lebanese hacker known as Idahc dumped another user database at Sony Europe containing approximately 120 usernames, passwords (plain text), mobile phone numbers, work emails and website addresses.
The attacker claims that he used standard SQL injection techniques to acquire the database. I think it is fair to say it appears that Sony has not learned anything from the previous 12 attacks.
SQL injection flaw? Check. Plain text passwords? Check. People’s personally identifiable information totally unprotected? Check.
Idahc is the same attacker who targeted the Canadian Sony Ericsson site in May, 2011. In his note on pastebin he states: “I was Bored and I play the game of the year : ‘hacker vs Sony’.” He posted the link to pastebin with the simple note “Sony Hacked: pastebin.com/OMITTED lol.”
If you are a database administrator (especially a Sony one) and want to avoid your sensitive data from ending up in the headlines I recommend you actually test your web applications for SQL vulnerabilities.
Contact me at : email@example.com
In a self-titled hack attack called “F**k FBI Friday” the hacking group known as LulzSec has published details on users and associates of the non-profit organization known asInfragard.
Infragard describes itself as a non-profit focused on being an interface between the private sector and individuals with the FBI. LulzSec published 180 usernames, hashed passwords, plain text passwords, real names and email addresses.
Where did the plain text passwords come from? Considering LulzSec was able to decrypt them it would imply that the hashes were not salted, or that the salt used was stored in an insecure manner.
One interesting point to note is that not all of the users passwords were cracked… Why? Because these users likely used passwords of reasonable complexity and length. This makes brute forcing far more difficult and LulzSec couldn’t be bothered to crack them.
In addition to stealing data from Infragard, LulzSec also defaced their website with a joke YouTube video and the text “LET IT FLOW YOU STUPID FBI BATTLESHIPS” in a window titled “NATO – National Agency of Tiny Origamis LOL”.
defaced website below…pics.proof.
Aside from defacing their site and stealing their user database, they tested out the users and passwords against other services and discovered many of the members were reusing passwords on other sites – an violation of FBI/Infragard guidelines.
LulzSec singled out one of these users, Karim Hijazi, who used his Infragard password for both his personal and corporate Gmail accounts according to the hackers.
They’ve published a BitTorrent with what they claim are nearly 1000 of Hijazi’s corporate emails and a IRC chat transcript that proclaims to be a conversation they had with him.
They also disclosed a list of personal information including his home address, mobile phone and other details.
It’s hard to say when these attacks will end, but a great start would be to carefully analyze your security practices and ensure that your data isproperly encrypted and to regularly scan your servers for vulnerabilities.
As for LulzSec? It appears they have declared war on one of the premier police forces in the world… Their fate remains a mystery.
Contact me at : firstname.lastname@example.org
Quick Pitch: Sonar tells you who is in the room and how you’re connected.
Genius Idea: Leveraging social networks for real-world connections.
Some of us are naturally gifted networkers. We walk into a room of 50 strangers and giddily begin introducing ourselves to 50 new friends.
For those of us who are less outgoing, however, it helps to start with some sort of connection. However many degrees we are separated by, Sonar wants to map them out.
The iPhone app [iTunes link], which launched in May, shows you who is in the room by using data from social networks. After connecting accounts, you can see who else is checked in on Foursquare or Facebook Places, as well as which one of them shares your Twitter or Facebook friends. You can send a message to any of them with a click in order to make a connection in real life.
“Talking to someone on the street is harder than talking to someone in a bar,” says founder and CEO Brett Martin. “Talking to someone in a bar is harder than talking to someone at a house party. What we’re trying to do with Sonar is show people when the person on the street is the same person at the house party.”
Sonar works because “people have spent the last 25 years uploading their identities to the internet,” Martin says. It uses the profiles people have created elsewhere instead of being dependent on a critical mass of users. The app works whether or not other people in the room are using it. However, those people do need to check in with either Foursquare or Facebook Places. And that limits Sonar’s scope. One recent study found that only up to 17% of the mobile population uses checkin services.
Martin hopes to reduce this problem by adding implicit checkins — such as when people respond to anEventbrite invite. He also hopes to broaden the checkin pool to include geotagged tweets, Instagram photos and foodspotting images.
As for monetization, Martin says that the startup’s current plan is to borrow a model often used on dating sites: promoted visibility. If a company is hosting a conference and wants its executives to be on the top of everyone’s “most relevant” lists, they could pay Sonar to make it happen. It’s a similar concept to Twitter’s promoted tweets, but Martin says that a sponsor would only be able to promote people — never its brand itself.
Personally, I’ve always wanted a Shazam for people, and this is the closest thing I’ve found. While the app doesn’t work that well in checkin-shunning crowds, at the right conference or even the right party, it’s likewaterwings for networking.
A new burst of hacks has left companies and government organizations picking up the pieces.
Earlier today, The Hacker News reported it had received a message from hacking group Pakistan Cyber Army, claiming the PCA had hacked an Acer Europe server and stole sensitive information. The publication posted a screenshot of the data reportedly collected, which included the personal information of 40,000 customers, including their names, addresses, phone numbers, e-mail addresses, and the names of products they had purchased.
According to The Hacker News, the PCA plans to release more data within the next 24 hours, and will follow that up with a press release discussing its reasons for hacking Acer’s Europe division.
Acer did not immediately respond to a request for comment.
Not to be outdone, Anonymous, which made headlines last year by hacking financial institutions and other sites in defense of WikiLeaks founder Julian Assange, recently made public more than 10,000 e-mails it stole from Iran’s Ministry of Foreign Affairs. According to the International Business Times, which cited a source who viewed the documents, most of the files are passports and visas, and relate to an “oil meeting.”
But Anonymous hasn’t stopped there. The organization has also launched a new operation it’s calling Op NATO Black Fax/E-mail Bomb. Users can surf to the OpNATO page and send a free prewritten fax to the North Atlantic Treaty Organization in defense of Anonymous. The organization has posted a list of fax numbers to the page, and has asked supporters to send “as many [faxes] as you can” to those numbers.
“It has come to our attention that you have classified Anonymous a ‘potential threat to the security of [your] member states,’ and that you seek retaliation against us,” reads the letter to NATO, which is made up of the U.S., Canada, and the U.K., among other countries. Anonymous goes on to ask the member nations to “retaliate against us in any manner you choose.” However, even if some of its members are jailed, the letter reads, the nations will find “that Anonymous continues to live on.”
Anonymous’ letter ends with a threat.
“Think carefully before you continue from here,” the letter reads. “You still have the power to stand up for good. Do NOT come between us and our freedom. You have been warned.”
Other hacking groups have been busy, as well. Earlier today, a hacker known only as “pr0f” posted the e-mails and passwords of more than a hundred United Arab Emirates government employees. However, the hacker said the list was “historic” and that the e-mail passwords were not current.
Even British intelligence officials have gotten into the mix. According to a Daily Telegraph report yesterday, MI6 hacked into an al-Qaeda online magazine recently and replaced bomb-making techniques with recipes on making “The Best Cupcakes in America.”
The latest string of hacks started in earnest in April when hackers launched a sophisticated attack against Sony’s PlayStation Network and Qriocity services. The hackers also breached Sony Online Entertainment. After discovering the breach, Sony was forced to take the services down. The company reported that the personal information of more than 100 million users had been exposed. Sony reassured users at the time that credit card data was encrypted. It has also said no identity theft has been reported because of the breach.
So far, Sony hasn’t been able to pinpoint who overcame its defenses, but the company did find a file named “Anonymous” on its servers. That file contained part of the hacking organization’s slogan: “We are legion.” Anonymous has said it was not responsible for the Sony hacks. It did acknowledge, however, that some of its members might have acted independently to attack Sony.
Though Sony might have hoped it was out of the woods following the PlayStation Network breach, the company still faces attacks from hackers. Just yesterday, a hacking organization called LulzSec posted links on its Twitter account to data it had stolen from Sony’s internal networks, as well as from the networks of Sony Pictures, Sony Music Belgium, and Sony Music Netherlands.
“We recently broke into SonyPictures.com and compromised over 1 million users’ personal information, including passwords, e-mail addresses, home addresses, dates of birth, and all Sony opt-in data associated with their accounts,” LulzSec wrote on Pastebin, the site where it posted some data. “Among other things, we also compromised all admin details of Sony Pictures (including passwords) along with 75,000 ‘music codes’ and 3.5 million ‘music coupons.’ ”
The group claimed the data was not encrypted and had been left for the taking. Sony confirmed the attack this evening, saying it had contacted the FBI in an effort to track down the individuals who posted the data.
LulzSec’s attack on Sony was the second major hack the organization engaged in over the past week. This past weekend, the group showed off its hacking ability by engaging in what it called a “fun battle” with the Public Broadcasting Service. LulzSec posted a fake news story on the PBS site, saying that musical artist Tupac was still alive, and reportedly published log-in data for the PBS workforce. The hack was a response to an airing of a PBS “Frontline” episode called “WikiSecrets” that presented WikiLeaks in a somewhat unfavorable light.
The LulzSec hack followed a statement earlier this week from Google claiming it had “detected and disrupted” a phishing attack that attempted to give the hackers access to hundreds of Gmail accounts belonging to senior U.S. government officials. Google said it believed the attacks originated from Jinan, China, but stopped short of blaming the Chinese government.
The U.S. government has denied that state-run e-mail accounts were hacked, but it has launched an investigation into the possibility of officials’ Gmail accounts being targeted.
“Speaking on behalf of the U.S. government, we’re looking into these reports and seeking to gather the facts,” Caitlin Hayden, deputy spokesperson for the National Security Council, said in a statement to CNET yesterday. “We have no reason to believe that any official U.S. government e-mail accounts were accessed.”
Contact me at : email@example.com