2014-11-26

Sony Pictures Hacked

Update 03-Mar-2016:  
Some report about Operation Blockbuster & Lazarus Group ?

Update 02-Nov-15:
Sony pays $8M to staff, to settle lawsuits

Update 28-May-15:
How cyber-insurance saved the day for Sony, and why this is very important for all of us

Update 19-Apr-15
Wikileaks rolls out a easy to search dump of all the data!

Update 04-Feb-15:
Cost of the restoration/investigation = $35M

Update 26-Jan-15:
Please check my blog here, for a full sum-up

Update 24-Dec-14:
N. Korea got knocked off the internet by a DDoS. Some say US is behind this, in retaliation of Sony hack. But I am sure there is no basis of that theory. North Korea blames Obama!

Update 23-Dec-14:
Seems like there are numerous security gurus (skeptics or realists?!) who believe there is no real evidence to link N Korea with the Sony hack.

Update 20-Dec-14:
Some learnings for all corporates.

Update 17-Dec-14:
Troubles have started pouring in. Employees are filing a class-action law suit against Sony. And we have movie theaters cancelling the shows for the infamous 'interview' movie.

Update 13-Dec-14:
This is getting out of hand. Sony's digital certs have also been compromised, and are being used to sign malware, as legitimate 'sony software'

Update 03-Dec-14:
Employee salary data, healthcare data, and lots more was also leaked!

Update 01-Dec-14
This is really bad: the hackers leaked 5 unreleased movies to torrents. Which effectively means it is now impossible for Sony to contain the leak, since the movies will keep getting circulated over and over again via the P2P network. This will for sure mean some monetary loss for the movies.
Also in the news, is that Sony has hired FireEye's Mandiant to help with the breach.


Update 26-Nov-14
The troubles of Sony, do not seem to go away. This time the Sony Pictures website has been compromised, and "secret and top secret" data was stolen!

2014-11-24

List of insecure IP Cams

Update 24-Nov-2014:
Uhhh... the website's guy got a legal warning to take down the website. Now he has a message on the website saying, "Programmer is looking for a good remote job. Skills: Linux, FreeBSD, C/C++, Python, MySQL "
Pity... but funny!!


Update 08-Nov-2014:
A website that indexes all (and a lot!) the cameras running with the default password
This site has been designed in order to show the importance of the security settings. To remove your public camera from this site and make it private the only thing you need to do is to change your camera password.

2014-11-19

Let's Encrypt - Free SSL certs

Let's Encrypt:  Free SSL certs, sponsered by Mozilla, CISCO, EFF, et. Now if they do it well, there will be a pile of people knocking on their doors.

When Let’s Encrypt launches in Summer 2015, enabling HTTPS for your site will be as easy as installing a small piece of certificate management software on the server:
$ sudo apt-get install lets-encrypt
$ lets-encrypt example.com
That’s all there is to it! https://example.com is immediately live.

Update 19-Sep-15: The program is now live, get your certs now!

Update 09-Jan-16:  Not surprisingly the bad guys also take advantage of the free service. However, I disagree that this is a bad service. Such attacks were possible even before this free service came about. This just means the bad guys have another avenue for their existing attacks.

Out of band security patch from MS

A zero-day bug being patched, for all Windows servers connected to domains - so organizations need to rush here

Whatsapp's Encryption

Update 19-Nov-14:
Whatsapp introduces end-to-end encryption for Android users. For iOS it is coming soon. This is one feat that is worthy of a standing ovation.

Update 08-Oct-2013:
A good article to explain how the popular IM, whatsapp encrypts the data, and why the algo is flawed. And how the client was disassembled.

2014-11-17

Pwn2Own Contest 2014

Update 17-Nov-2014:
November's contest, held in Tokyo:  The only phone left un-hacked was (surprisingly) Windows?! I wonder if that is because of not too many people reviewing it, or if it actually has become secured

Update 18-Mar-2014:
Vupen wins $300K

Update 31-Jan-2014:
After Google announced it's hacking contest (with $2.7M at stake!), HP's ZDI announces Pwn2Own

2014-11-14

Crypto Currencies

Update 14-Feb-16:
Nasdaq is looking to use block-chain technology in main stream!

Update 03-Jun-15:
Vulnerability in BlockChain's Android app. Causes multiple users to generate the same random number, which lead to a loss of the coins for a few users.

Update 01-Jun-15:
Ross Ulbricht, the mastermind behind Silk Road, gets life in prison without parole

Update 07-Apr-15:
Bitcoin Foundation is at the verge of bankruptcy. Fires almost everyone, except the volunteers. However, that been said, I wonder what is this foundation planning on doing to being with.

Update 05-Apr-15:
Dark Coins - how to be truly anonymous!

Update 04-Apr-15:
Two fed-agents charged with stealing BTC during the SilkRoad investigation

Update 24-Jan-15:
Winklevoss twins plan regulated Bitcoin exchange

Update 10-Jan-15:
Bitstamp has been compromised now (which is another exchange), and warns customers to not deposit the digital currency. $ 5M loss!

Update 08-Nov-14:
SilkRoad2 busted, the founder arrested. Biggest ever raid on Tor hits 410 website, and over 17 people arrested.

Update 10-Nov-13:
Silk road [2] is back online, using tor

Update 04-Oct-13:
hacker breaks into a forum of bitcoin, steals the DB and puts it up on sale for 25 BTC! Hackers have no respect, even for their own community.

Update 03-Oct-13:
The ebay of illegal drugs and weapons (Silk Road) was busted by FBI, which not surprisingly was using bitcoins to do it's dirty business. The bust had a negative impact on the value of the currency!
The feds decide to auction the confiscated bitcoins.

Update 14-Aug-13:
Now there is a court order to multiple digital currency operators

Update 26-May-13:
Liberty Reserve taken down, now attention shifts to Perfect Money. BitCoin still remains the leader of course. It's not a secret that that these services are used for illegal activities.

Update 08-Aug-2016:
Hong Kong based Bitfinex loses $72M in bitcoin. This caused the exchange rate of the currency to take a nose-dive. The worse part is that the exchange has decided to spread the loss across all users. Hence everyone loses 36% of their bitcoins, immaterial of weather they were impacted by the heist or not.

Update 21-Aug-2016:
Nation state (China) attacking the core bitcoin ! Will the network be able to cope with this?

Update 18-Jul-2017:
A ICO hacked, CoinDash

Update 29-Jul-2017:
BTC-e founder (?) arrested. This was the exchange where most of the cyber-criminals used to cash out their dirty coins.