TweakTown NewsRefine News by Category:
Twitter continues to be in the news and not for good things. Twitter accounts continue to be compromised left and right, though not because of a bug in Twitter's system. Often times these accounts are compromised because the owner used a weak password, fell victim of a phishing scam, or simply told someone else.
But that doesn't mean Twitter is off the hook. The micro-blogging site needs to hurry up and release its two-factor authentication in order to help prevent against these visible hackings. The latest accounts to be compromised are ones of the Guardian, a daily publication in the UK:
"We are aware that a number of Guardian Twitter accounts have been compromised and we are working actively to resolve this," a Guardian spokesperson said.
The Syrian Electronic Army has claimed responsibility for these hacks, much like they claimed responsibility for the recent hackings of NPR, CBS, and Associated Press handles. It's not clear how exactly the Guardian handles were compromised, though it's likely they used a similar e-mail phishing tactic.
Over the weekend Spanish authorities arrested a Dutch man who they say is responsible for the largest DDOS attack in the history of the internet. The man was said to be in his Barcelona home at the time of the arrest, and police seized several mobile phones and computers belonging to the suspect.
The man who has only been identified as "S.K." in official reports has been unofficially identified as 35-year-old Sven Olaf Kamphuis, by sources reporting to the NY Times. Kamphuis, or "The Prince of Spam", is a self-proclaimed minister of telecommunications and foreign affairs for the Republic of CyberBunker.
He is the spokesperson for a group that had previously protested tactics used by a European anti-spam group. He operates an ISP known as CB3ROB as well as web hosting company named CyberBunker. He faces charges after being linked to a DDOS attack last month that was like no other ever witnessed.
It targeted the anti-spam group Spamhaus, which maintains one of the largest spam block lists in the world.
LivingSocial, the company that helps users get better deals, announced that they have been hacked. The company notes that the hackers did not gain access to any credit card information. As a precaution, LivingSocial is sending out an e-mail to 50 million of its users informing them of the hack.
LivingSocial hasn't detailed how the hack occurred, but they have said that names, birthdays, e-mail addresses, and encrypted passwords were compromised. Given enough time and the correct tools, those encrypted passwords can be decrypted. Combine the password with the e-mail and the hackers could gain access to other sites.
If you use the same e-mail/password combination on any other sites, you're encouraged to change your passwords right away.
Cyberthreats are the new way of slowly removing citizens' privacy, and now the Department of Homeland Security (DHS) is preparing to deploy a very powerful new version of their EINSTEIN intrusion-detection system that is built to detect attacks and malware, especially when it comes to e-mail.
But because this new version of EINSTEIN is able to read electronic content, it is raising privacy concerns. DHS has recognized this, and have just issued a "privacy impact assessment" on what they're calling EINSTEIN 3 Accelerated, the intrusion detection and prevention system that is expected to be made available as a managed security service from ISPs to monitor the ".gov" traffic to and from civilian agencies and Executive Branch departments.
The DHS has said that EINSTEIN 3 might be able to collect "personally identifiable information" (PII) in some instances where this network security system will not just monitor but also prevent threats by clocking traffic in order to detect a cyberthreat or potential cyberthreat.
This afternoon some alarming news emanated from the Associated Press' Twitter account that stated the White House had been bombed and President Obama had been injured.
With recent events, this news spread across the web via social media within minutes. Fortunately, the report was 100% false - the President and the White House are safe and sound.
AP reporter Matt Moore took to his Twitter account to debunk the false report and confirm that the trusted news organization's Twitter account had indeed been hacked. The official source of the hack is unknown, but the hacker group Syrian Electronic Army appears to be claiming responsibility.
This morning TechSpot broke news that during 2011 and 2012 over 2700 servers hosted with HostGator were compromised when an employee installed backdoors on the machines. Prosecutors say that 29 year old Eric Gunnar Gisse of Texas was responsible for the inside hacking.
Gisse was employed by the company between September of 2011 and February 2012 as a medium level systems administrator. HostGator says that Gisse went to great lengths to hide the backdoor as a common Unix admin tool, which he renamed "pcre", which is a common system file.
No evidence was presented as to whether or not Gisse ever used the backdoor to access any of the servers remotely, but as the meme goes, "One simply does not install a backdoor onto 2700 servers without the intent to use them."
Gisse is scheduled to be arraigned next month. It's unclear if he has entered a plea as of this writing. He is being held on $20,000 bond at the Harris County Jail in Houston, TX.
Microsoft is pushing out a major upgrade to Microsoft account security by offering the option of two-step verification. As of late, many different online services have started to offer two-step or two-factor authentication to help keep online accounts more secure.
Two-step verification usually takes a bit longer to allow access to an account, but it makes it much more difficult for a hacker to brute-force your password. To login after two-step verification is enabled, you'll be required to enter your password and a code that was sent to either an e-mail or cell phone on file.
You'll be able to enable two-step verification at Microsoft's website, though the option might not be immediately available. For more information about Microsoft's two-step implementation, check out their blog post.
Gottfrid Svartholm, one of the co-founders of everyone's favorite torrent website The Pirate Bay, has been indicted on charges of hacking along with three others. Svartholm is said to be the mastermind behind a series of cyber intrusions into Nordea Bank and the Swedish federal tax agency.
In a statement, prosecutor Henrik Olin had the following to say:
"A large amount of data from companies and agencies was taken during the hack, including a large amount of personal data, such as personal identity numbers of people with protected identities."
These charges come completely independent of a recent sentence of one year in prison that was passed down to Svartholm after a series of shady happenings where Cambodian authorities managed to deport him back to Sweden. These new charges carry a much longer sentence than just one year.
Android looks like its the OS of choice for malware developers, with mobile security vendor NQ finding that Android devices infected with malware grew exponentially last year alone.
NQ found that Android devices with malware infections grew from 10.8 million in 2011 to 32.8 million, meaning a triple of infections year-over-year. They also found that nearly 95% of malware detected in 2012 was designed specifically for Google's mobile OS, which means that Android is the main target for cybercriminals.
Most Android malware infections happen in China, India and Russia - so while this might seem like some frightening numbers at first, InfoWorld's Brian Katz does make us feel all a little better. Katz also writes that most mobile malware can be avoided if Android users "download apps only from known sources", such as the Google Play Store. My advice? Don't click ads, don't open suspicious links, don't join random or weird Facebook groups that want all of your info.
North Korea are the subject of yet another attack by Anonymous, this time taking down a North Korean news and information site. Uriminzokkiri.com has been taken down, with a timeout error appearing when someone tries to access the site.
Anonymous didn't stop there, as they also attacked minjok.com, jajusasang.com and paekdu-hanna.com. These sites were hacked to display images mocking North Korean supreme leader, Kim Jong-un. This also isn't the first time Anonymous have hacked North Korea, as earlier this month the hacking collective gained access to the North Korean Twitter feed.
With access to NK's Twitter feed, they posted tweets to images poking fun at Kim Jong-un, condemning him for "threatening world peace with ICBMs and nuclear weapons" and "wasting money while his people starve".