Yesterday registrar and web hoster GoDaddy went down for several hours, taking millions of websites along, too. Within an hour, Twitter accounts associated with hacktivist group Anonymous took credit. Today, GoDaddy blames "corrupted router data tables". Meanwhile AnonymousOwn3r claims denial of service attack and hack -- and within the hour publicly posted what supposedly is GoDaddy "source code and database".

Somebody's lying here. But whom?

Continue reading →

The list of more than a million unique device identifiers (UDIDs) which hacktivist collective #Antisec said it had stolen from the Federal Bureau of Investigation may have originated from publishing company BlueToad Inc., researcher David Schuetz found over the weekend. Following the FBI's initial denial of #Antisec's claims and Schuetz's research, BlueToad on Monday announced it believed its systems were the ones compromised. It is still unclear who compromised Blue Toad's system, and where #Antisec actually obtained the list.

"I’m still not completely clear on all the technical details," Schuetz wrote in his research blog. "Was BlueToad really the source of the breach? How did the data get to the FBI (if it really did at all)? Or is it possible this is just a secondary breach, not even related to the UDID leak, and it was just a coincidence that I noticed? Finally, why haven’t I noticed any of their applications in the (very few) lists of apps I’ve received?"

Continue reading →

#Antisec, The loosely-organized black hat security collective formerly known as Lulzsec has released a file containing a million and one (1,000,001) Apple Unique Device Identifications (UDIDs), and their related APNs (Apple Push Notification Service) tokens, as well as a certain amount of personal user information. The group claims the information was not taken from Apple directly, but rather though a vulnerability exploit on FBI Agent Christopher K. Stangl last March.

The group claims there were actually more than twelve million UDIDs on Stangl's Dell Vostro notebook, as well as an incomplete list of zip codes, mobile phone numbers, home addresses, and whatever personal detail fields could be obtained. Antisec said there were no other files in the same folder that mention the list or its purpose.

Continue reading →

This week, the loosely connected online activist and hacking community Anonymous began a new "operation": attacking the Ukrainian government.

In retaliation to Ukraine's take down of popular BitTorrent tracking site Demonoid, Anonymous is seeking "revenge against all criminals responsible" in the country's government.

Continue reading →

Black Hat keynote speaker Shawn Henry, the former executive assistant director of the FBI’s Criminal, Cyber, Response and Service Branch, started off the day after opening remarks from Jeff Moss, founder of Blackhat. Moss wondered if now was the time for the cyber-security sector to take a more aggressive/offensive approach. Moss mentioned working for a former employer years back, a firewall manufacturer that had a product that would launch specially crafted code in response to an attacker, sort of an early offensive DoS attack. This was an early attempt by security professionals to cause pain by going on the offensive.

But since DoS attacks aren’t exactly a legal offensive tactic nowadays, what to do? He recommends civil action, a la recent Facebook actions where attackers were sued in civil court. But what happens when attackers are overseas? Mr. Moss is hopeful that responding in a civil manner would “encourage” other countries to implement legal protections to stop current and future attack attempts abroad.

Continue reading →

In what the loosely-tied hacker group Anonymous calls #OpSaveTheArctic, over 1,000 email credentials and Hash checks of email passwords from five major international oil giants were released. The companies targeted included Exxon Mobil Corporation, Shell Petrochemical Corp., and BP Global; as well as the Russian based Gazprom Corporation and Rosneft Petroleum Corp.

The data dumped on anonymous text post website Pastebin includes 317 emails and their unsalted MD5 hashed passwords from a hack on Exxon mobil from June. Added July 13th: a further 724 emails and hashed passwords from BP, Gazprom, and Rosneft, and 26 emails with clear-text passwords from Shell Petroleum. Also listed: all of the internal mail system information, detailing routers, operating system type, database details and server hardware vendor. Further detailing of the type of data gained is available at the DC/Nova/Maryland network security blog site NovaInfoSeco.com.

Continue reading →

The battle for your network revolves increasingly around Information Superiority. When your network is breached, the attackers leverage Information Superiority -- they know something you don’t about your environment and they’re using that to gain access to your network and digital assets.

Unfortunately the typical organization doesn’t know enough about its environment to effectively defend it. Perhaps nowhere is this lack of Information Superiority more apparent than in the mobile enterprise. A study conducted by IDC finds that 40 percent of IT decision makers say that workers access corporate information from employee-owned devices, but in stark contrast more than 80-percent of employees indicate they access corporate networks this way. To protect our corporate assets we need to close this gap.

Continue reading →

Small businesses have their hands full these days in light of a down economy, tightening budgets and the steepening pace of business, but with nation-state hacks front and center in the threatscape, should you worry about those, too, or are you (and your customers) safe?

Nation-state hacks bring to mind images of large defense contractors, big government offices, and/or high profile financial institutions. After all, if a bad actor overseas stole the cutting edge design of a new nuclear reactor, it would be quite a haul for that government and its cronies -- and worth their time, money and effort to go after. But you’re a small business, too small to garner that kind of attention, right?

Continue reading →

A couple of days ago Microsoft researcher Terry Zink claimed he’d uncovered evidence of Android phones being used as part of a botnet to send spam from Yahoo Mail servers. In his blog post on July 3rd he reported that the spam, which included "androidMobile" in the message header, and "Sent from Yahoo! Mail on Android" at the bottom of the emails, was being sent from devices located in Chile, Indonesia, Lebanon, Oman, Philippines, Russia, Saudi Arabia, Thailand, Ukraine and Venezuela. He then went on to speculate that users of the infected phones might have installed Trojanized pirated versions of legitimate apps, and become infected that way.

Security experts Sophos, agreed with his findings after running investigations of its own on the spam messages, but didn’t actually find or test any of the supposed malware itself. Google has since denied that any Android devices have been compromised in this way, stating there was no evidence to prove Zink’s claim, and that the junk messages had just been formatted to look as if they originated on Android handsets.

Continue reading →

Apple is one of the single software companies that hasn't really faced the problem of viruses, for years claiming their operating system is the most secure among all. Seemingly every Mac user claims that his or her computer is the safest and greatest -- they’re invincible!

But those claims collapse as Apple products grow in popularity. Back in April 2012, Flashback infected 670,000 Macs worldwide. The Mac maker responded so well it needed to do the job twice, as the first security patch wasn’t so good. In light of all this one has to wonder whether Apple needs to call it quits and just admit defeat.

Continue reading →

This morning when I logged into LinkedIn I was greeted with several front page references to the reported hacking of the site, and instructions for changing my password, which I did immediately. This is a good time to change all of your social media passwords, making sure you create a fresh password that is hard to guess and unique to each site. It is not unusual for malicious parties who grab a bunch of passwords from one site to try those same passwords on other sites.

Over 6.5 million account passwords showed up on a Russian forum in SHA-1 (hashed) format to prove that the hackers had indeed succeeded in penetrating LinkedIn. There is a good chance that if the hacker(s) achieved access to LinkedIn passwords then they also know the corresponding LinkedIn usernames, i.e. the matching email address of the account owner.

Continue reading →

Today's LinkedIn hack, exposing more than 6 million encrypted passwords, is more serious than it might appear and reveals one of the biggest security shortcomings social networks pose: Linked or shared data. Literally linked-in accounts expose information from others -- then there is the sheer amount of personal data hackers can siphon.

LinkedIn hasn't confirmed the hack, but is investigating. Meanwhile the stolen data already is available on the Internet. Cyber-security expert Robert David Graham says he has confirmed "this hack is real". The stolen data was published as password hashes. He created a SHA-1 hash of his password and found it in the dumped data. "The password I use for LinkedIn is in that list", he explains. "I use that password nowhere else. Furthermore, it's long/complex enough that I'm confident nobody else uses the same password.

Continue reading →

With the recent talk of state-sanctioned malware like Stuxnet and Flame, Google on Tuesday announced it has taken measures to alert its users when it believes they are the target of state-sponsored cyber attacks.

Google Vice President of Security Engineering Eric Grosse said on Tuesday that targeted users will receive an alert like the one pictured above. This alert warns when Google's internal analytics have sniffed out patterns that look like their email is the target of phishing or malware.

Continue reading →

A hacker going by the handle ".c0mrade" claims to have hacked the U.S. Navy's site navy.mil, and has published a partial list of the information he obtained in a pastebin dump.

According to security analysis group IdentityFinder, the breach includes the "Data Profiles" of 29 accounts on navy.mil servers, as well as a description of navy.mil subdomains and servers.

Continue reading →

Security researchers are warning of what they call one of the most sophisticated worms to date, and believe that this time, the worm may be the work of a nation-state rather than hackers. Called "Flame", the Trojan has hit Middle Eastern countries particularly hard, most notably Iran.

According to Kaspersky, Flame is capable of stealing "computer display contents, information about targeted systems, stored files, contact data and even audio conversations". The worm appears to be targeted to specific computers, likely indicating its creators are searching for specific information.

Continue reading →