2015-12-28

China forces service providers to provide decryption keys

ISPs and telecommunication companies must provide technical assistance to the government, including decrypting communications,

I am not sure why there is so much hoo-hah here. China has had similar laws for the Banking and Financial sector for a long while now. That's just how the country works.

Raspberry Pi Offered Money to pre-install malware

I wouldn't have been surprised if one of the governments had tried to do that, but seems like it's someone else!

2015-12-21

Firewalls backdoor-ed!

Juniper released a statement saying:
... attackers could exploit the “unauthorized code” in order “to gain administrative access to NetScreen devices and to decrypt VPN connections, and then wipe the logs to remove any trace of a compromise
Let's take a minute and understand the gravity of the matter.

  • Clearly a state sponsored group of hackers, managed to sneak their code to Juniper 
  • This bypassed all internal checks from Juniper, and got released on all their Netscreen devices.
  • This went unnoticed for 3-ish years
  • Meaning, anyone using their hardware could have been eavesdropped upon, in the last 3 years. And best part - they could have done this without getting detected, and without leaving any logs behind!

Update 22-Dec-2015:
More details released, the hard-coded password is:     <<< %s(un='%s') = %u

Update 22-Jan-2016:
Backdoors found on Fortinet firewalls as well!

2015-12-15

Security Firm Hacked - MacKeeper

It's a pity when 'security' companies are make huge mistakes when it comes to securing themselves.
The data breach was discovered by Chris Vickery, a white hat hacker who was able to download 13 Million customer records by simply entering a selection of IP addresses, with no username or password required to access the data.
Story here.

2015-12-10

Govt Surveillance vs Encryption

There is a battle, a collision, of balance going on, seems like governments are having a hard time in figuring out if they should ban encryption: which goes against all ethics and right to privacy of individuals. BUT on the other hand helps setup surveillance programs to counter terrorism.

  • Kazakhstan mandates Internet backdoor
  • FBI Director James Comey, called for tech companies currently offering end-to-end encryption to reconsider their business model

2015-12-06

BlackBerry to exit Pakistan

BlackBerry has decided not to operate in Pakistan after Dec. 30, rather than let the local government intercept communications on its enterprise services.
It just plain stupid for a country to pressurize any IT company to a level, that they decide to leave and take their operations with them.  Reminds me of Google and their China's exit.

Net result:

  • The country still doesn't have the backdoors they wanted
  • Some people will lose their jobs when the company closes their doors
  • It's a long lasting deterrent for any new IT companies exploring to come in

Update 09-Jan-16:
Thankfully better sense prevails, and the govt backs off.

biggest data breaches of 2015

A good look-back at the year. Plus a sum-up of what happened, and how long it took to discover the incident.
Story here

2015-12-04

Sharjah bank held to ransom by hacker

It’s not clear how the hacker broke into the bank’s computers. In a direct message to this journalist via Twitter, Hacker Buba claimed he is seeking $3 million and has access to the bank database and back up files from all its servers.
Story here