2012-06-30

SSL Certificates Stolen From DigiNotar

Approximately 531 certificates were stolen, possibly by the Iranian Government.

Technet has a very good article around why such an attack is brutal and how to protect against it

Microsoft feels this could even lead to attackers pushing malware via Windows automatic update



Impact of this hack:

Update 07-Sep-11:
        Not surprisingly, the same hacker which attacked Comodo, has taken the responsibility of this hack
        To make matters worse, he claims to have compromised four other Certificate Authorities (CA)..!!

Update 09-Sep-11:
        Fox-IT has published a very good report on the incident

        ComodoHacker claims he can now exploit Windows Update as well

Update 12-Sep-11:

Update 27-Sep-11:
        DigiNotar has filled for bankruptcy, plus the Dutch government has revoked their root cert

Update 28-Jun-12:
        Dutch govt tells us how difficult & time consuming it is to replace all digital certs in an organization.

Update 01-Nov-12:
Fox IT now details the attack


2012-06-28

99% of attacks could be stopped by patching

Microsoft’s chief UK security advisor Stuart Aston has pointed out that less than 1% of attacks are based on zero-day exploits
Full Story

2012-06-24

CloudFlare Hacked - Google's 2FA is Flawed

This just goes on to show how sophisticated attacks are becoming.
While an authentication flaw, social engineering, and questionable account recovery methods all played a part in the attack, CloudFlare admits, in Prince’s own words, that they “did some dumb things” 
Full Story

Update: 06-Jun-2012:
Google now starts informing users in case they think they have been victims of state sponsored attack. No details are however being disclosed.

Update: 15-Jun-2012:
Details around what 0-day vulnerability is being used

Update: 20-Jun-2012:
European aeronautical supplier's website infected, with this same exploit.

Economists demonstrate exactly why bank robbery is a bad idea


The typical return on a bank holdup is, "frankly, rubbish."
Full Story

2012-06-20

Citibank revamps credit card and ATM security measures

All new cards will be sent out deactivated from 1 July 2012, and on-demand deactivation and reactivation option for its credit cards will now be allowed.
Full Story

2012-06-15

Create SSH Tunnels

How to create simple ssh tunnels - for secure browsing especially when you are at a airport or coffee shop (any untrusted network).
Video Tutorial
Where to get free shell accounts

To setup simple PHP based proxies, try proxy labnol

Hackers more aggressive in attacking customer accounts

A survey of large financial institutions shows they faced more attacks by hackers to take over customer banking accounts last year than in the two previous years, and about a third of these attacks succeeded.
Full Story

2012-06-14

PandaLabs - Another Security Firms Goes Down

06-Mar-2012
In a major break for law enforcement, several members of the LulzSec and Anonymous hacking groups were arrested this morning based on information provided by "Sabu," the shadowy LulzSec leader who was secretly arrested last year.

07-Mar-2012:  
Hackers claiming to belong to the Anonymous hacking collective early Wednesday defaced Panda Security's PandaLabs website in apparent response to the arrests of five hackers Tuesday in the U.K. and the U.S.

The extent of the hack seems pretty bad. The hackers were completely able to hack the pandalabs.pandasecurity.com sub-domain of the company, and were able to paste the password hashes of all the employees with access to the Unix server hosting it. The website has been moved offline, but the Google cache is still available. 

08-Mar-2012:
One of the arrested hackers is Jeremy Hammond. Here is his story.

14-Jun-2012:
This is getting serious. To retaliate, Anonymous has hacked 3 TB worth of data of FBI. They have posted the file names and hashes.

20-Jul-2017:
The story of sabu

Story of a member of Anonymous

There are two sides to the online activist phenomenon, one like Joker and the other like Batman. Parmy Olson speaks to a member about the future of the hacker collective and about which side should win.
Interesting

Hackers claim to steal 110,000 SSNs from Tenn. school system

Nothing new I guess

2012-06-13

Microsoft's DNT

After Microsoft announced Do Not Track would be turned on by default in Internet Explorer 10, the latest W3C DNT draft proposal suggests Do Not Track should not be on by default
This would probably be the first time ever Microsoft's security control has been deemed as "too secure".

A little more info around how online tracking works.

Update 09-Aug-2012:
MS goes ahead and enables the setting as default.

Update: 27-Sep-2012:
A good write-up on why this would adversely impact the internet.

2012-06-12

India to greenlight state-sponsored cyber attacks

The Indian government is stepping up its cyber security capabilities with plans to protect critical national infrastructure from a Stuxnet-like attack and to authorise two agencies to carry out state-sponsored attacks if necessary.
Full Story

2012-06-10

LinkedIn Hacked!

Professional social networking service LinkedIn today said it is investigating reports that hackers broke into its systems and accessed the usernames and hashed passwords of the social network's 6.5 million members.
Seems like the password hashes were leaked. However, considering some of the hashes have already been decrypted. Reason - the hashes were not salted, plus were using an outdated algo SHA1.

Update: 09-Jun-2012:
It is truly very sad Linked In is trying to be so evasive about this whole incident. Would have expected a little more responsibility from them. Their Post1 & Post2

Update 10-Jun-2012:
A good FAQ for the readers.
For now the dump is available here, but it may go offline soon. I have copied the dump of password hashes here as well. Drop me a email or comment below and I'll send over the password to you.

Update 19-Jun-2012:
LinkedIn hit by a class action law suit.

Update 20-May-2016;
Almost 4 yrs later, the hacker decides to sell the dump. However, seems like he has 117M user records (not 6.5M). Unbelievable - the company lied !

2012-06-09

Has Vupen been hacked?

Vupen is one of the biggest names when it comes to research and sale of 0-day exploits. They did pretty well in the pwn-2-own contest as well. Now a company like that, wouldn't want to publicly admit that they got hacked, would they?
Full Story

2012-06-07

Presidential Candidate Email Hacked

A hacker yesterday claimed to have broken into a personal email account linked to GOP presidential candidate Mitt Romney by answering "secret" password-reset questions.
Full Story

2012-06-01

Flame Malware

Here is some info around this malware, which is supposedly funded by a Government agency.

Update 04-Jun-2012:
If this article is true, it shows how serious USA government (and maybe others) are becoming in using cyber-world for warfare.

Update 05-Jun-2012:
This is truly worrisome, "Flame is using valid but fake Microsoft certificates to sign the code through a bug in their CA system via Terminal Services". Microsoft has released an emergency patch to revoke the three certs in question.


Update on 07-Jun-2012:
Considering MS's update feature was mis(used) to spread the malware. It shows how serious the breach is.

Update on 11-Jun-2012:
“They said that it was Israeli intelligence that began, a few years earlier, a cyberspace campaign to damage and slow down Iran’s nuclear intentions.” It was only later that they managed to convince the US to join. The US is saying ‘we did it, and you helped;’ while Israel is saying, ‘no, we did it, and you helped.’
Well, doesn't really matter. Point to note is that WW3 may not have weapons at all.
BTW, there is now evidence to show that there is a direct link between Flame, Stuxnet malware.

Update on 12-Jun-2012:
The rouge cert from MS was obtained via a previously explained vulnerability in SSL. Details are here and here.