2013-11-30

Anti-Fraud Service for Fraudsters

How do the bad guys ensure they don't get defrauded?!

GitHub gets a brute force attack

While we aggressively rate-limit login attempts and passwords are stored properly, this incident has involved the use of nearly 40K unique IP addresses. 
The official post

2013-11-12

Bitcoin Banks hacked

The site claimed to be "one of the most secure web wallets on the market" and charged customers a small fee to store their coins.
$ 1.3M stolen  

Update 14-Nov-2013:
Bitcash.cz now hacked and 4000 coins stolen!

Update 30-Nov-2013:
A Danish exchange now goes down and lose 1295 coins!
At the same time the cost of 1 coin crosses $1200!

Update 01-Dec-2013:
Virtual Currency Explained (Like You're an Idiot)
Another very good explanation. How the protocol works.

Update 08-Dec-2013:
Another site [Sheep Marketplace] gets hacked of bitcoins. Or is this a case of the website owner stealing them?

Update 14-Feb-2014:
SilkRoad 2 hacked and robbed of $2.7M. How did the Feds find the identity of their servers - via reCaptcha!

Update 19-Feb-2014:
What's going on at Mt. Gox

Update 25-Feb-2014:
Mt Gox shuts down! Bitcoin-stealing malware hidden in Mt. Gox
History of Bitcoin

Update 08-Mar-2014:
Bitcoin creator found? Turned out to be false

Update 22-Mar-2014:
Mt Gox 'finds' $100m worth of coins?

Update 26-Apr-2014:
Physical debit cards for bitcoin

Update 01-May-2014:
MIT Students Look To Jumpstart Bitcoin Economy

Update 15-Sep-15:
Seems like Mt Gox case, isn't about hacking/malware, but about embezzlement. Former founder and CEO has been arrested in Japan.

Update 08-Dec-15:
Internet now believes that a Craig Steven Wright, from Australia, is the mastermind behind BitCoin (the Nakamoto). His house got raided, and he is under arrest now.

Update 03-May-16:
Craig comes out and admits he is Nakamoto. We also have skeptics who (very convincingly) believe this is just a lie.

Update 07-May-16:
Woh, Craig backtracks, and takes down his blog which he kept over the years. All there is now a goodbye message.

Update Feb-2017:
Zerocoin loses $585 K because of a bug in their code.



2013-11-11

Culprit of corporate wide infections

Who is the biggest culprit when it comes to corporate wide infections? It's the senior management!!
ThreatTrack found that bosses, or senior leadership, end up with malware on their PC or mobile device by:
56% clicked on a malicious link in a phishing email.
47% attached an infected device to a corporate PC.
45% let a familiy member uses a company computer.
40% surfed to a malware-infected porn site.
33% installed a malicious app.

FoxOne

A passive Server Reconnaissance Scanner

Anonymous attacks Singapore

Anonymous defaces PM's website, and attacks others. Youtube video here
This is apparently being done to protest against the new law, which aims to control and police online news

12-Nov-13:
This was fast! Some arrests have been made now

2013-11-10

Spike in traffic with TCP source port zero

Someone's going after TCP port 0. Some new kind of reconnaissance is in progress - heads-up!

PCI DSS gets updated

Finally an updated version for the so-called de-facto standard for the credit card industry.
The new version will go into effect on Jan. 1, but organizations will have until Dec. 31, 2014, to make the transition from PCI DSS 2.0. In addition, some of the new security requirements will have the status of best practices until June 30, 2015.