TweakTown NewsRefine News by Category:
This is something I just don't understand, these hackers are targeting Sony - for whatever reason I don't care, that is not my business and I'm not employed by Sony. But, another hack has just happened and it appears Sony BMG Greece was hacked on Sunday using an SQL injection attack and lost more than 8000 customer records. LulzSecurity, known for hacking fox.com's login database are responsible and it seems that Sony just aren't really caring about the amount of attacks happening to them.
Now the question is, what are Sony doing? The message is clear, customers can't trust Sony anymore. Sophos Security researcher Chester Wisniewski wrote about the Greece intrusion, saying:
Sophos Security researcher Chester Wisniewski , who yesterday took a gentler tone when covering the Greece intrusion, this time firmly admonished Sony, writing:
While there is an enormous target on Sony's back as a result of these very public attacks it is unclear why this is happening. Is Sony taking security seriously or are there simply so many flaws from the past that exist in their public facing sites that it will take them a long time to patch them all?
I hope this is the last time I have to report on a flaw at Sony. Sony has announced they are working with several professional organizations to get their security house in order and for their sake I hope this happens sooner rather than later.
On the heels of a massive PR shitstorm, Facebook announced this morning that they have partnered with the Web of Trust to ensure that your profile stays shiny and clean.
Though Facebook already has a system that automatically checks for malware and spam-ridden links, the partnership with Web of Trust with add to their databases with the identities of many more bad links and massively increase the extent of their security coverage. Clement Genzmer, one of the Facebook security engineers, posted this morning that Facebook has updated a slew of security features, including added protection from link and "like" button "clickjacking", notifications for malicious code pasted in address bars, and more sensitive login approvals from third-party sites, including security codes to confirm your cell phone number when prompted. Facebook is also working with browsers like IE 9 to fix bugs and loopholes that allow spammers to take advantage of Facebook users.
Not entirely surprised that this news, and the downloadable profile option break today.
Anonymous has stepped up to the plate and has targeted Sony's PlayStation Store today by using a distributed denial of service (DDoS) attack which temporarily took down playstation.com - Anonymous strikes again.
Sony is being attacked by Anonymous because of the lawsuits Sony have against PS3 jailbreakers George Hotz (GeoHot) and Graf_Chokolo. This time Anonymous aren't just attacking online, they're also asking gamers to support them by gathering at their local Sony stores to complain in person.
The case of George "geohot" Hotz has taken a turn that could not have been predicted with him fleeing to South America to escape the clutches of Sony. Big changes for the case! Sony didn't stop there, according to their court document they've been quoted as saying:
Hotz had deliberately removed integral components of his impounded hard drives prior to delivering them to a third party neutral and Hotz is now in South America, an excuse for why he will not immediately provide the components of his hard drives as requested by the neutral. Hotz's attempts to dodge this Court's authority raise very serious questions.
Chinese hackers have recently launched a massive cyberattack on Canadian government websites and employees, gaining access to a cache of highly classified federal information. The attack was detected last month and was claimed by the government to only be an attempt to access their computers - however the CBC is stating this as innaccurate.
Canada's two major economic departments, the Finance Department and Treasury Board were the victims of the successful attack. Hackers were able to gain control of the computers of senior government executives in the two departments. However, the hackers were unable to obtain passwords to unlock entire government systems.
Too bad Olivia Dunham from Fringe couldn't even save the FBI this time. HBGary Federal is a security company that has been helping the FBI sniff out Anonymous. But, in the process it has been targeted for helping the FBI. Anonymous hacked into HBGary's network and posted archives of around 50, 000 e-mails between company executives.
Anonymous also hacked HBGary's website, publishing an explanation for why the website was a victim. Anonymous has had members of its crew being moved in on by the US and UK authorities. Over the weekend The Financial Times ran a story quoting Aaron Barr, HBGary's head of security services, saying that he had uncovered the identities of Anonymous' leaders. Barr has said he plans to release his findings next week at a security conference in San Fransisco.
Anon is at it again - this type targetting Egyptian and Yemen government websites. Supposedly 500 Anonymous users took down websites for the Egyptian Ministry of Information and the ruling National Democratic Party in Egypt.
As for Yemen, websites targeted included the Yemeni Ministry of Information, the tax office, and the website for Yemen's long-serving president, Ali Abdullah Saleh. Anon used their infamous Low Orbit Ion Cannon to take the websites down, the same trick used last year to take MasterCard, Visa and PayPal down.
Nothing is going to stop these hackers, but Sony doesn't care. They are pumping out firmware like it's nothing and are now up to 3.56. This "security patch" is an attempt to keep hackers from executing unsigned code that allows homebrew programs to run, as well as pirated games and online games to be backed.
But, the new firmware was unpacked within hours but may be a little while away before the firmware is completely cracked. Those who are running hacked firmware are obviously being told not to update. Sony are continuing to keep people out of their system but the hackers are persistant. No one really wins from this and console sales from hacked systems can show that companies can still make money.
When you make the laws and rules that govern data security and safety online, you expect that the rule makers will follow them. That isn't always the case though. Hackers are always trying to find their way though the security around websites in the private and government sectors for all sorts of nefarious uses. Apparently, one hacker has succeeded in getting around the security on some government websites and is selling the access to the highest bidder.
According to Imperva it found an auction online from a hacker that claims to be selling access to the US Army CECOM website for under $500. The same hacker also offers access to other civilian, government and military websites for prices running from $33 to $499. The use for the access is apparently to steal user data stored on the servers.
A thousand records will cost the buyer $20 each for some sites. The data can then be used to break into other accounts. Indications are that information on 300,000 people has been stolen from the sites. The exact method used to hack the sites is unknown, but Imperva suspects the hacker used SQL injection.
If you have followed the saga of WikiLeaks at all you are probably familiar with the hacker group going by the name Anonymous that tried to lend support to the WikiLeaks cause by launching DDoS attacks against the websites of major companies that stopped supporting the site and cut off services. Anonymous launched DDoS attacks against Visa.com, PayPal.com, and Mastercard.com.
The attacks were able to force a few of the websites offline, but no user data was lost or accessed by the hackers. The FBI and authorizes around the world are looking for the people behind the attacks and have raided some ISPs here in the US in the search for clues.
The FBI raided Tailor Made Services in Dallas and seized a pair of HDDs to search for evidence. The raid happened after German police found a link to the company in an investigation in Germany. The FBI also raided Hurricane Electric in California for HDDs as well. Authorities are seeking details on the IRC servers used to coordinate the attacks.