CAT | hacking
Last week the Twitter account of the Associated Press was hacked, and a message posted saying that bombs had gone off in the white house, and the president was injured. Obviously this was false. The Syrian Electronic army a pro regime hacker group has claimed responsibility, which does not prove that they did it. […]
Since relatively few of you had a chance to hear my talk at RSA, here is a re-recording I did of the presentation I uploaded to YouTube. It runs just under 30 minutes. The talk is the flip side of my usual presentations. I typically talk about how to be stealthy on the Internet. This […]
The BBC has an article that powerfully reinforces what I have been saying for years about spear phishing. It is worth a read if just for the specific examples. The short version is, if an attacker is going for you specifically, they can do enough research to craft an email and attachment that you are […]
The latest Java exploit has given another view into the workings of the cybercrime economy. Although I should not be, I am always startled at just how open and robustly capitalistic the whole enterprise has become. The business is conducted more or less in the open. Krebs on Security has a nice piece on an […]
EU officials ‘hacked’ at Azerbaijan Internet Governance Forum | ZDNet It appears that the laptops of two EU officials at the Internet Governance Forum in Azerbaijan got hacked while they were in the hotel. Suspicion is immediately falling on the Azerbaijan government. No one is mentioning breaking and entering, so I would assume they were […]
NBC News is reporting that the iOS UDIDs leaked last week were actually stolen from Blue Toad publishing company. Comparing the leaked data with Blue Toad’s data showed 98% correlation which makes them almost certainly the source. They checked the leaked data against their own after receiving a tip from an outside researcher who had […]
Forbs is reporting that Anonymous and Antisec have dropped a file with a million Unique Device ID (UDID) numbers for Apple iOS devices. They claim to have acquired an additional 11 million records which they may release later. In addition to the identifiers, the file is said to also contain usernames, device names, cell numbers, […]
HideMyAss.com keeps logs and exposes their users. Why that is a bad policy, and how to judge a good privacy provider.
Schneier on Security: Domain-in-the-Middle Attacks Bruce Schneier on the real world effectiveness of a very simple domain name based man in the middle attack. Here is a Wired article on the same issue showing how it was used to steal 20 GB of email from a Fortune 500 company.
Vendor of Stolen Bank Cards Hacked — Krebs on Security Brian Krebs has an interesting blog post on how all of the credit card information was stolen by a hacker from a website that sells stolen credit cards. This is in the “don’t know whether to laugh or cry” department.