Hacking, Security & Privacy - Page 55

A few days ago I reported about the Steam forums being down for "maintenance", but today Valve have confirmed that a recent Steam hack is the result of this. The recent Steam hack may have compromised users' credit card details and other personal information according to a message sent to Steam users from Valve God, Gabe Newell.

Valve is certain hackers gained access to a database that contained encrypted information, but don't know if they took it or will be able to crack its encryption. The database that was hacked contained information such as user names, hashed and salted passwords, game purchases, e-mail addresses, billing addresses and encrypted credit card information.

Gabe says that Valve don't have evidence that the encrypted credit card numbers or personal info were taken by the intruders, and the company is "still investigating." He adds that there is also no evidence of credit card misuse, but implores Steam users to "watch your credit card activity and statements closely."

The Office of the National Counterintelligence Executive have released a critical report labeling China as the "most active an persistent" country in the world when it comes to cyber-espionage. Oh snapz is what our VGA editor would say, and I would agree with that statement. Russia also slipped into the list, together with China are "the most aggressive collectors" of U.S. trade secrets, overall.

The purpose of the report is to highlight the increasing importance cyber-espionage plays in the undermining of both private and government interests. Robert Bryant, the U.S. Counterintelligence Executive, claims cyber-espionage is a "national, long-term strategic threat to the United States" and that "failure is not an option" when it comes to dealing with those matters. In the report, there is a special focus on the undesirable consequences stolen trade secrets may impart upon the U.S. and partner economies.

The Chinese government has been accused multiple times for noteworthy acts of both high-tech and low-tech espionage. This includes infamously penetrating Google's servers, corroborating with a Ford engineer working as a spy (the engineer is a spy! TF2 joke), gaining unauthorized server access at a long list of companies that include Yahoo, Northrop Grumman, Adobe, Symantec, ciphering information from British Unive

Most people not familiar with IT (and even some who are!) think that Apple's, and more specifically, Mac OS X are impenetrable, Terminator-like machines. But, they are not. Not only can spyware and malware attach to your browser, and not through an executable, but now there's news of a newly discovered malware threat that targets Mac OS X systems.

It comes in the pirated copies of image editing software "Graphic Converter". The malware is known by DevilRobber or Miner-D, and attempts to steal personal information and uses your machine's GPU to generate Bitcoins. If you didn't know what Bitcoins were, they are a digital currency that can be exchanged by online by users without the need for an intermediary bank or payment service.

Intego, a security vendor, says that the malware was a combination of a Trojan horse, as it is hidden inside other applications; a backdoor, as it opens ports and can accept commands from command and control servers; a stealer, as it steals data and Bitcoin virtual money; and spyware, as it sends personal data to remote servers.

Have a baby at home and use traditional baby monitors? I feel your pain. They are slow, drop out, have limited options and are usually clunky. This is where Evoz have stepped in with the next-generation of baby monitoring. Evoz use a system that works over iOS and will ship on October 4. No separate receiver is required, all you need is an iOS-based device like an iPhone, iPad or iPod Touch and they can function as both the receiver and monitor.

Alternatively, you could purchase the Evoz hardware monitor and use your iOS device as the receiver. The app alerts you to cries, monitors bubs sleeping behavior to derive patterns and even connects you to a network of experts to help you with your concerns. It works from Wi-Fi and cellular connections because it is based on the iOS operating system, thus it will work anywhere you have Internet access.

In addition to this, the system tracks your child's sleeping and crying patterns, matches the information to the data anonymously collected from others of the same age and shows you where your child fits in. How awesome is that? Evoz has gone as far as partnering with sleep consultants and will be adding additional "baby experts" and behavior specialists to its network, allowing parents to rech out with questions. At first, this will be available over email only, but later down the track over the phone will be added.

A member of both "Anonymous Operations" and "Lulz Security", 'Topiary' has been arrested on Wednesday, news coming from the Metropolitan Police Service. 'Topiary' served as the publicist of both hacker groups and often posted press releases and statements via Twitter. He had an apartment in Shetland Islands, Scotland and the apartment is currently being searched. A second 17-year old person in Lincolnshire, England is also being interviewed by has not yet been arrested.

The FBI began raiding apartments and arresting a number of people believed to be involved with Anonymous and LulzSec starting on July 19th. The hacker groups have said in response to the arrests that there is "nothing - absolutely nothing - you can possibly do to make us stop." During that time, Topiary is said to have tweeted "Arresting people won't stop us, FBI. We will only cease fire when you all wear shoes on your head. That's the only way this is ending," which is from the official LulzSec Twitter account.

Google just don't stop, they've just announced that they're using their own data to detect viruses and will (as of today) be using Google Search results pages to warn users if their computers are infected with a specific form of malware. If a user has the virus, which is reportedly rerouting traffic to Google and other sites through a proxy will see the warning shown below.

A Google blog post titled "Using data to protect people from malware" says:

Anonymous is inviting all, Anonymous and non-anons to join OpESR in demanding Federal Reserve accountability. Instead of just hacking random companies and websites like other Lulz-orientated hacking groups, Anonymous are grabbing the Fed by the balls and asking "why?". Obviously this might not end up in any serious court, or even reach the mainstream media, but we're finally seeing a group large enough to make a difference, try.

Trying is better than nothing and we'll see how this one goes. For those who don't want to watch the video and would like the TL;DR, look below or click into the news story for a full read.

Hello American People,

LulzSec and Anonymous have joined forces in an open declaration of war against the "freedom-snatching moderators of 2011." The attack is called Operation Anti-Security (#AntiSec), LulzSec called for like-minded individuals to open fire against any government or agency that crosses their path. The group have encouraged users to vandalize the opposition by plastering the word "AntiSec" on any government website or through physical graffiti.

I don't believe I'm writing about this again, but it appears Sony has been hacked, again. Just after they were getting full restoration of their PSN network up, LulzSec has hit Sony again with an SQL injection tactic which gave them access to Sony Pictures account database. This hack let LulzSec obtain 1 million user accounts (inclusive of passwords, email and home addresses as well as DOB), all admin account details and passwords, 75,000 music codes and 3.5 million music coupons.

This is something I just don't understand, these hackers are targeting Sony - for whatever reason I don't care, that is not my business and I'm not employed by Sony. But, another hack has just happened and it appears Sony BMG Greece was hacked on Sunday using an SQL injection attack and lost more than 8000 customer records. LulzSecurity, known for hacking fox.com's login database are responsible and it seems that Sony just aren't really caring about the amount of attacks happening to them.

Anonymous has stepped up to the plate and has targeted Sony's PlayStation Store today by using a distributed denial of service (DDoS) attack which temporarily took down playstation.com - Anonymous strikes again.

Chinese hackers have recently launched a massive cyberattack on Canadian government websites and employees, gaining access to a cache of highly classified federal information. The attack was detected last month and was claimed by the government to only be an attempt to access their computers - however the CBC is stating this as innaccurate.

Anon is at it again - this type targetting Egyptian and Yemen government websites. Supposedly 500 Anonymous users took down websites for the Egyptian Ministry of Information and the ruling National Democratic Party in Egypt.

When you make the laws and rules that govern data security and safety online, you expect that the rule makers will follow them. That isn't always the case though. Hackers are always trying to find their way though the security around websites in the private and government sectors for all sorts of nefarious uses. Apparently, one hacker has succeeded in getting around the security on some government websites and is selling the access to the highest bidder.

Firesheep is something that has been popping up around the place for a few days - I thought I'd share it here for the uninformed, or at least, if you didn't know - pass the news on to someone you know who uses unsecure Wi-Fi.

If you haven't seen already, Twitter.com is under attack exploiting a flaw in its system with a simple code called "onmouseover" that is used to execute code or a command when your mouse cursor is moved over the bad area.

My @camwilmot account has personally been affected just now and as far as I can see, it only affects the front page of Twitter.com and not other pages such as your profile page.

Wow this one sort of sent a chill down my spine until I remembered that my home network is protected by WPA-2 enterprise with a RADIUS server, 4096-bit certificates, (machine and user) and a bunch of tin foil hats and black radar repelling spray paint.

If you are wondering what I am so paranoid about well there is this group of scientists in Japan that have figured out how to break the WPA protocol as long as you are using the Temporal Key Integrity Protocol TKIP. If you are using the Advanced Encryption Standard (AES) you are safe for now.

The problem lies in the fact that not all wireless devices support AES. Yes most new ones do but you still see a smattering of TKIP only or devices that default to auto for the encryption standard.

Now while breaking this key is significant, it is not a first. WPA with TKIP has been broken before. To crack it took roughly 15 minutes. This time, well it took about 60 seconds.

Toshihiro Ohigashi of Hiroshima University and Masakatu Morii of Kobe University, the tow people responsible for this new fast hack plan on releasing the details at a technical conference on September 25th.

Now, I will say that while this is scary, it is the "scientists" that never reveal their methods that actually scare me more.

Wow, I know this little bit of news is sure to annoy a few people out there. As Mozilla complains that a browser election when Windows 7 is installed is just not enough it is having a hard time competing with IE 8 in terms of security.

According to a recent Study performed by NSS Labs Internet Explorer is more secure than FireFox 3, Chrome, Safari 4, and even Opera.

The test was to see if each browser was capable of withstanding common Web-Based attacks.

The numbers were pretty telling. IE 8 was able to block about 81% while FireFox only caught 54%. Chrome V2 only caught 7%, Safari 4 Caught 21% and Opera only managed to stop 1% of the attacks. The success of IE 8 is mostly attributed to the built in SmartScreen technology that screens websites for common attack vectors. Granted you can get something similar for FireFox but even so it still did not outperform the built in one in IE 8.

This test, while not the end all of security tests is still not good news for Mozilla and Opera, they are telling the EU commission that they are not able to get market share because MS is locking them out. But with security like this it is possible that people will chose MS' IE over them for the security.

Ok this is a good one, it also shows that Apple is really desperate to control the iPhone. According to a report over at Wired; Apple is trying to get the DCMA to believe that Jailbreaking can lead to terrorist attacks on the national cell tower network.

The logic goes something like this;
An Evil Doer jailbreaks the iPhone, uses Ultrasn0w to alter the phones baseband, then using the alterations forces a DDoS attack on a cell tower crashing the service.

Chaos ensues, dogs start dating cats, and the world collapses.

In short a whole lot of FUD by Apple to try and turn jailbreaking into a criminal offense. This argument completely ignores open source phone OSes like Android, Unlocked phones sold by companies and even Apple's own Unlocking process.

It is also funny that Apple says that they have "technological protection measures" built into the iPhone. I guess this is like the shoddy encryption they are trying to push on users.

I hate to break this to Apple, a hacker or terrorist is not going to worry about the legality of jailbreaking before attempting to crash the national cell service.

So I guess everyone that owns an iPhone is a potential national security threat just waiting to happen...but that is not the worst, apparently jailbreaking is good for drug dealers too.

Where is my tin foil hat?