Displaying items by tag: Hacking

Remember the article that we posted a couple of weeks ago stating that one thing that Anonymous has done is highlight security concerns that corporations would rather keep hidden? Well it turns out that the recent hack on the China Electronics Import & Export Corp (CEIEC) through an outsourced email provider sina.com was all about highlighting security. We had said more than once that the outsourcing of information into the cloud creates a security hole that is miles wide. Still we see this happening more and more as it becomes “cost effective” to allow someone else to deal with security.

Today’s copyright, patent and intellectual property laws are something to read. If you have an extra couple of days that you do not mind losing you should read through some of them. They are astonishing in their complexity and how they take are working not to help foster invention, but to make sure that competition is limited. In fact, many Americans might be interested to know that our own National Anthem would be considered in violation of Copyright.

There is a lot of talk in the news about a very old piece of malware. This malicious code was called DNSChanger and was part of a criminal enterprise that intended to route people’s traffic through their own servers instead of the intended servers. This opened the victims up to countless other potential infections. The Malware was discovered back in 2004 and had a small amount of fame for its time. The impact of this particular infection was rated into the millions of Windows based PCs. Although the malware was identified and six people were arrested for it, the authorities did not know what to do about the infected systems (which is VERY odd).

If there is one thing that you can say Anonymous has done that has a measurable positive effect it is exposing the level of Corporate and Government Ignorance. Ignorance is not an admissible excuse any longer in this day and age and is often used in court when someone says they did not know they were breaking the law. Since this is generally accepted why is anyone willing to give companies that show massive amounts of ignorance (which is just really lack of forethought or cost cutting) when it is discovered that their systems are not secure? We are shocked that this is at all acceptable considering the data breaches going back as far as 2009. Still we continually hear about this product or that network is suddenly discovered to be insecure. Exactly how is that possible?

The online movement known as Anonymous had a fairly busy weekend and even managed to push their “fun” into Monday. According to several of the Anonymous twitter accounts they are now rather upset at PasteBin. It seems that the owner of PasteBin is unhappy about the uses that Anonymous has put his “code sharing” site to. He laments that it was never intended for the sharing of sensitive information and has even stated he is going to hire additional workers to help remove these types of posts. This had an interesting effect on the collective where tweets saying things like “Srsly Pastebin, f*** you - @Pastebin to hire staff to tackle hackers' 'sensitive' posts” .

A new Anonymous splinter group has hit the scene with a name that is sure to bring back bad memories for the authorities. The name as many of you might have heard is LulzSec Reborn. If the name is any indication it means that either some of the old members of LulzSec are back or people that were sympathetic to the LulzSec cause have reincarnated the name for their own purposes. The question is; regardless of who is behind this new group, what are the purposes.

You know, back a very long time ago (sometime in 2007 or so) I wrote an article on how dangerous the idea of cloud computing was (and is). The article centered around the fact that in almost 99 cases out of 100 the company that is responsible for the security of your information and services are going to spend as little as possible on maintaining them and securing them. They are banking on the hope that no one tries that simple exploit or can even find the servers in question. Or for that matter they put their trust in other companies to manage their security for them. These companies then do the same thing all over again all to make sure they keep the best profit ratio possible.

Google’s previously unassailable Chrome web browser has now been hacked three times in only two days. The first two we have already told you about in a previous article. Vupen a French research company found a 0-day exploit that allowed them to jump out of Google’s Sand Box and then another that allowed them to execute arbitrary code on the OS that Chrome was installed on (in this case Windows). Vupen did this as part of the Pwn2Own competition held every year.

There is an article going around the internet (again coming from CNet) that has an alleged former Anonymous member making the claim that she identified who Sabu really was back in February. What makes this claim even more interesting is that the person, Jennifer Emick, also claims that she made the information public through Backtrace Security in March, but was told to take the information down by the FBI. Backtrace further claims that they were in communication with the “Feds” but were not privy to the information that Sabu had turned on the Collective and was giving up names.

The Pwn2Own completion is in full swing and this year we find that Google’s Chrome web browser is the first to fall. Google has claimed in the past that Chrome is the most secure browser (in addition to claiming it is faster). Meanwhile many IT and security experts had questioned this and are concerned about things that Chrome does when installed on an operating system. Still this is the first time the browser has fallen during the infamous competition.