TweakTown NewsRefine News by Category:
The group that everyone has secretly been cheering for has a new branch in China. An Anonymous China Twitter account was created late last month and endorsed by the official Anonymous account. Shortly after all of this, they went to work. Now hundreds of Chinese government, corporation, and other websites have been hacked.
A Pastebin post explains why they are doing this:
Hello, we are Anonymous.
All these years the Chinese Government has subjected their people to unfair laws and unhealthy processes.
People, each of you suffers from tyranny of that regime.
Fight for justice, fight for freedom, fight for democracy!
In the defaces and leaks in this day, we demonstrate our revolt to the Chinese system. It has to stop! We aren't asking you for nothing, just saying to protest, to revolt yourself, to be the free person you always want to be! So, we are writing this message to tell you that you should protest, you should revolt yourself protesting and who has the skills for hacking and programming and design and other "computer things" come to our IRC: http://2.webchat.anonops.com/ channel: #GlobalRevolution .
We are Anonymous.
We are Legion.
We do not forgive.
We do not forget.
A new project that has been launched on Kickstarter wants to give privacy back to the users of social networks and the internet in general. Pretty much where ever you go on the internet right now, anything you post is tracked, and often sold, to the highest bidder. This is one form of monetization of the internet.
Sean McGregor, a computer scientist at Oregon State University, is Priv.ly's creator and lead developer. Priv.ly is an open-source project and allows a user to encrypt any message they post in basically any text box on the web. How it works is that the message is sent to Priv.ly to be encrypted. Eventually, it will simply be a peer-to-peer connection.
This creates a link to the message that can only be viewed by the people that the message is intended for when encrypted. Then, instead of posting the actual message to where ever your'e posting, you post a link to the Priv.ly message instead. The only visible data is the link to Priv.ly. So, maybe I should start encrypting these news posts!
Anonymous at it again, this time threaten Operation: BLACKOUT, where they'll take the Internet down on March 31
Collective hacking group Anonymous are at it again, this time threatening more than just SOPA, PIPA or Facebook. This time they're threatening to take down the entire Internet. This is said to be as a protest to SOPA, Wall Street, the world's irresponsible leaders, and the beloved bankers who are starving the world for their own selfish needs out of sheer sadistic fun.
While I agree with most of those points, why threaten if you can't go through with it? I shouldn't laugh, but I'd cry if the Internet went down on March 31st. So, Anonymous are now saying they "will shut the Internet down" on March 31st. They go into detail, where "in order to shut the Internet down, one thing is to be done. Down the 13 root DNS servers of the Internet, those servers are as follows:"
Anonymous state that by cutting the above DNS servers from the Internet, nobody will be able to perform a domain name look-up, which would effectively disable the HTTP Internet, which is the most widely used function of the Web itself. If someone was to enter in "http://www.google.com", or ANY other URL, it will result in an error page, thinking that their service, or the Internet is down, which it kinda is.
A report was released last fall that claimed using a single repeating digit was a stronger pin code for your iPhone than using unique digits. All bets are off, however, when you are dealing with Micro Systemation, a Swedish security firm that helps police and military around the world crack digital security systems.
Just last week, the company released a video showing just how simple it is to crack an iPhone or Android device that is password protected. The video, which you can see below, documents a process where the company spokesperson uses an application called XRY and accesses the contents of the mobile phone in less than two minutes.
Immediately, all user information becomes available. This information includes GPS location, call history, contacts, and messages. The software doesn't use a flaw put there by the manufacturer. Instead it uses a brute-force method to try all of the combinations to guess the correct password. It's more akin to jailbreaking than hacking.
"Every week a new phone comes out with a different operating system and we have to reverse engineer them," Micro Systemation marketing director Mike Dickinson told Forbes. "We're constantly chasing the market." The easiest way to make your phone more secure and less susceptible to this is to use a longer password. The longer the password, the longer it takes to guess.
Instead of just sitting around waiting for the police to take action against online crime, Microsoft filed a civil suit in order to gain a warrant to sweep two office buildings in Pennsylvania and Illinois. The sweeps occurred Friday and resulted in a bunch of evidence, deactivated servers, and Microsoft seizing control of hundreds of Web addresses.
Why would Microsoft waste their money filing these civil suits and attacking cyber crime? Well, as it stands, Microsoft has a vested interest in taking down these cyber criminals. Many computers are powered by Windows, and since it has such a large market share, it is a main target for hackers. If Microsoft can make Windows more secure, they can combat Apple's main claim that OSX is more secure and stop losing market share.
Additionally, they can provide a better end-user experience, which Microsoft's customers would appreciate. "Taking the disruption into the courthouse was a brilliant idea and is helping the rest of the industry to reconsider what actions are possible, and that action is needed and can succeed," said Richard Perlotto, director at the Shadowserver Foundation.
"We equate this to a neighborhood watch," Mr. Boscovich of Microsoft said. The cops are able to levy much greater punishments, but at least this slows the botnets down and maybe scares people off from attempting it. Friday's target was Microsoft's most complex target yet, known as the Zeus botnets.
This is a cautionary story for all of those iOS 5 users out there, including the new iPad 3 users. Germany security firm MajorSecurity discovered a bug earlier this month that can be used to trick you into visiting potentially malicious Web sites. The bug was first discovered in iOS 5 and was replicated in iOS 5.1. Apple was informed of the bug by MajorSecurity on March 3, but has not yet issued a patch.
We live in a modern age where technology seems to be taking over everything we do, from e-mails taking over for letters, to Turbo Tax taking over handwritten taxes. But, where do we draw the line? Can all of this technology be bad? Well, in one man's case, it is. A bug in the Norwegian's tax web portal has allowed anyone who went there to see his, his wife's, and his employer's information.
Users hoping to get an early start on their taxes went to the site, which resulted in a crash. When the servers were brought back up, everybody was inexplicably logged in as Kennith, the man in question. It seems that his login details were stored in the server's cache when the system went down, and after it was brought back up, logged everyone in as him.
The bug lasted only 15 minutes because they brought the servers back down, however, during that time period, anyone was able to log on and see his very private tax information. This isn't the first time the service has had issues. In response to the recent issues, the managing company has admitted that there were bugs when the system first launched and that they lacked the expertise to properly manage it.
No, I'm not trying to use scare tactics. No, I don't want you to rip out your link to the internet. I just want you to beware: Microsoft may have had a hand in leaking executable code that was used in a proof-of-concept (PoC). The data packet that was used was the same that Luigi Auriemma, an Italian security researcher, discovered and reported way back in May of 2011. Last Tuesday, Microsoft updated all flavors of Windows to patch the critical RDP vulnerability. Both Microsoft, and I, strongly recommend that you update and patch all of your machines running Windows.
Auriemma has stated:
In short it seems written by Microsoft for [its] internal tests and was leaked probably during its distribution to their 'partners' for the creation of antivirus signatures and so on. The other possible scenario is [that] a Microsoft employee was [the] direct or indirect source of the leak. [A] hacker intrusion looks the less probable scenario at the moment.
Sony are having a bad time with this hacking news, it just feels like a bad smell that won't go away for them. The latest news is Michael Jackson's entire music catalog was stolen during the hack, which reportedly accounts for some 50,000 individual tracks and a wide variety of unreleased material.
This was known in May of last year, in the aftermath of the hack which left the PlayStation Network and Qriocity (which is now known as Sony Entertainment Network Music Unlimited) users without a server for nearly an entire month. There were two men based in the UK who were arrested with the theft, and have appeared in court where they denied the charges.
The two men were released on bail and are now due to stand trial in January 2013. Sony had originally paid $250 million to the Jackson estate back in 2010 for the rights to literally everything that Michael had recorded, and whilst Sony haven't told us how widespread the theft is, multiple 'sources' have reported that the entire collection was taken.
Here's where I see a problem: what the hell were Sony thinking keeping $250 million worth of music on their online servers, just waiting to be hacked? One would think they'd have them offline, until they were ready to be released as tracks. Unless they want this issue to hit the hearts of fans worldwide, "oh noes, someone hacked the deceased, and much-loved Michael Jackson's unreleased songs".
12345. Such an amazingly hard password, something that no one else on Earth has probably ever used. Well, except for Syrian President Bashar al-Assad. Anonymous broke into the mail server of the Syrian Ministry of Presidential Affairs, where they gained access to 78 inboxes of Assad's staff, according to a report from Israeli daily Haaretz.
The password '12345' was associated with several of the e-mail accounts. Victims of Anonymous' latest attack were Mansour Fadlallah Azzam, who is the Minister of Presidential Affairs, as well as Bouthaina Shaaban, who is Assad's media adviser.
Haaretz obtained, and published one e-mail that included documents intended to prepare al-Assad for his December 2011 interview with Barbara Walters. In the interview, he said that the Syrian government was not killing its own people:
We don't kill our people. No government in the world kills its people, unless it's led by a crazy person.