Displaying items by tag: Hacking

Microsoft is making a “super-secret” announcement on Monday and it has already invited select members of the press… Wait a minute does this sound familiar to anyone else? Sorry we had a momentary flash back to some of Apple’s announcements. In fact it this this similarity that makes many people believe that the show on Monday June 18^th will be the official show for Windows RT (and a Microsoft made tablet).

Things can change just like that in the work of the online hacktivist. As the group SpexSec popped onto the scene and then… just like that they vanished saying they were leaving the hacking world to become a “whitehat”. Now many are left to wonder what in the world all of this is about. It is true that many groups start and then fade away, why the sudden launch onto the scene with three fairly sizable dumps and then after being pestered by someone called @HEX00010 two of the three members announce their retirement.

There has been another hack of government systems from the sound of things on Your Anon News one of the Anonymous Twitter feeds. According to the post and the pastebin link the dump is a listing of “Passports, Visa’s, etc.” and is the second from the new group SpexSec. The first attack was in retaliation for ignoring security warnings and targeted a single FBI agent, Scott Augenbaum who is the Head of the FBI’s Cybercrime task force according to some information that is available at the time of this writing.

A rather major, but basic flaw in the way that MySQL and MariaDB handle passwords has opened up both of these to brute force attacks and can allow the attacker to gain access in seconds. This flaw which exploits an issue in the way the passwords are checked using the memcmp function can be used as long as the attacker knows at least one user name. Considering that “root” is almost always in existence the password security on many MySQL and MariaDB databases is practically nonexistent.

After the breaches and issues with passwords we saw last week we were not surprised to see the creator of a popular password hashing application md5crypt() come out and recommend against using this software. Now if you have followed security then you are probably already aware that the MD5 encryption scheme was broken quite a while ago (2004-2005) and is no longer recommended as an encryption algorithm. So why in 2012 are we only getting a recommendation to stop using md5crypt() now?

LinkedIn has confirmed that some of the roughly 6.45 Million (yes Million) user passwords that were stolen by a Russian hacker and posted in a forum (where he asked for help in decrypting them) do correspond to LinkedIn accounts. The breach has come on the heels of recent issues with their mobile app. This caused quite a stir and has caused a few people to stop using the mobile app completely.

Just when you thought it was safe to go back in the web waters… It seems that some enterprising hacking group (as of right now not associated with Anonymous) has decided to break into LinkedIn and grab some passwords. According to reports the data is still in encrypted format, but the group that grabbed them is looking for help decrypting them.

As someone that has followed the online “hacking” community since its infancy (war dialing anyone) I can say with a fair amount of confidence that the guys what kicked it all off (Like Steve Wozniak) would be proud of where some of the movement has gone. In the early 80’s War Dialing was something of a fun sport, you dialed a range of numbers until a computer answered and then you tried to talk to it. A lot of the activity was aimed at “corrupt businesses and government agencies” right alongside the people looking to just do it because it was something new and exciting.

In every occasion if you dig deep enough you will find the reasons for someone’s actions, even if they seem completely random. For a while now we have watched as congress has pushed one stupid internet control law after another. For many (us included) we have felt that this was at the request of the MPAA, RIAA and other copyright holders. After all the measures and consequences in the laws were geared toward them and helping them to “prevent piracy”.

So two days ago, we reported on a potential issue with some FPGA (Field Programmable Gate Array) ASICs from Microsemi/Actel; namely the ProASIC3. The issue was discovered by a group of researchers that were looking into a potential security risk with these programmable components. What they claimed to have found was a hidden backdoor that had its own key set which could allow for access into the chip for readback, re-programming and potentially wiping the instructions from the chip itself. You can read the original article here if you have not already