// November 6th, 2015 // No Comments » // Hacking and Security
After conclusion of a four-year probe, contractors who worked on U.S. military code are being fined a combined $12.75 million. As it turns out, some contractors outsourced coding tasks to Russian. No words can convey the level of stupidity here (hey, let’s get Al-Qaeda to build US airplanes!).
// July 14th, 2015 // No Comments » // Hacking and Security
I love the Russians. I know, strange to hear that from an American in modern day with a new “cold war” (seemingly) beginning to gain steam. Let’s say, I respect them. Their hackers in particular. Their response to a cyberattack is to launch a full-on offensive attack against the attacker, quite a different response from […]
// July 13th, 2015 // No Comments » // Hacking and Security
On the heels of the Hacking Team dump, this week’s US-CERT advisory, a cyber-security bulletin which provides a summary of new security vulnerabilities, was about twice its usual size with all the Adobe Level 10 alerts included in the report. Remind me – why are these products still around?
// July 10th, 2015 // No Comments » // Hacking and Security
Both Kaspersky and Symantec released reports this week pointing out the increase in attacks by Wild Neutron (aka Jripbot, Morpho, or Butterfly). WN had gone mostly dormant (or undetected?) since 2013 after hitting Apple, Facebook, Twitter, and Microsoft using zero-day Java exploits (seeded in the hacked forums of various websites) and the OSX/Pintsized Mac OS […]
// July 7th, 2015 // 15 Comments » // Hacking and Security
Before discoursing the lengthy analysis of the Dark Web honeypot (the pedophile honeypot in particular), let’s answer the question that is surely on everyone’s mind – did the honeypot allow me to reveal the true identity of the person visiting the site?
// January 23rd, 2015 // No Comments » // Hacking and Security
Imagine a cybercrime has occurred. 200 gigabytes of data have been stolen and posted on a remote site. The remote site is public, easily accessible to all. An experienced journalist (Barrett Brown) reports the location of the stolen data.
// January 3rd, 2015 // No Comments » // Hacking and Security
Below is North Korea’s National Defense Commission’s official statement regarding the December 2014 Sony cyberattack – grammar and spelling errors left intact. The statement was published on December 22, 2014 by the country’s official news agency, KCNA. I’ve highlighted all the interesting (and humorous) parts.
// December 19th, 2014 // No Comments » // Hacking and Security
US-CERT released alert TA14-353A today detailing a “SMB Worm Tool” recently used by cyber threat actors against a “major entertainment company”. Given the timing of the US formal accusations against North Korea, this certainly hints that the malware toolset being referenced is the one used by the Guardians of Peace (GOP) in the recent Sony […]
// December 19th, 2014 // No Comments » // Hacking and Security
In an odd but not totally unexpected twist to the story, a hacking group claiming to represent Anonymous has threatened Sony with the same type of bitch slap they got from [cough] North Korea’s GOP if the movie The Interview is not released as planned. This was followed by other messages from a poster claiming […]
// December 19th, 2014 // No Comments » // Hacking and Security
The following just went across the wire, released by the FBI, in which they “concluded that the North Korean government is responsible” for the attack and leak of Sony Pictures Entertainment data. The FBI based their conclusion on similarities in attack code and “infrastructure” previously tied to North Korea and threw down the gauntlet stating, […]
// December 16th, 2014 // No Comments » // Hacking and Security
A Pastebin dump attributed to Guardians of Peace (GOP) was released a few hours ago followed by the purported screenplay for the upcoming movie The Interview. In the dump, the GOP continued to harp on their Christmas Day threat while including an invite to the public for special “requests”. The dump included another little surprise […]
// December 12th, 2014 // No Comments » // Hacking and Security
That China filters their Internet traffic is no secret – their societal system (many believe) requires that information be filtered. What is more interesting, are the *words* that are filtered. Several research groups have studied China’s walled-off Internet infrastructure (via search engine results, reverse engineered software and hardware products, leaked router or firewall settings, etc.) […]
// December 11th, 2014 // No Comments » // Hacking and Security
fter the data breach and loss of pre-release films and confidential data in late November, Sony takes an offensive stance – and I like what I’m seeing. According to reports, Sony is using a deluge of Amazon cloud servers in Tokyo and Singapore to conduct DoS attacks against torrent seeds and websites hosting their stolen […]
// November 6th, 2014 // No Comments » // Hacking and Security
A year after the infamous Deep Web site, Silk Road, was shuttered by federal law enforcement, Silk Road 2.0 (a nearly identical dark web site which opened a month after Silk Road shut down) has suffered the same fate. Officials announced yesterday that they have arrested Blake Benthall (aka Defcon) in connection with the ownership […]
// October 29th, 2014 // No Comments » // Hacking and Security
MCX’s CurrentC payment system, the alternative to Apple Pay backed by Walmart, Best Buy, CVS, Rite Aid, Gap, and others, was hacked today. Reports indicate the data breach involves the theft of email addresses of early beta participants and others who expressed interest in testing the new mobile payment system. No word yet on how […]
// October 4th, 2014 // No Comments » // Hacking and Security
Although I’m disappointed that JPMorgan Chase delayed the disclosure of the breach that touched more than 83 million U.S. households (they knew about it at least four months ago), I’m even more upset at what they disclosed – that key customer financial data was not stolen. JPMorgan may tout the expertise of their security team […]
