Wednesday, February 20, 2013

More Hacking News

I don't know why I have recently started finding all these attacks so fascinating.  I mean I have always been interested in this stuff going back to reading "Hardwired", "Neuromancer" and and "Count Zero" for the first time (although strangely the movie "Hackers" turned me off on computers for quite a while).  I think it's because we are slowly watching a system implode on itself and the people who use the system are encouraging it's destruction.  It's like watching the Soviet Union fall again you never know what the next day is going to bring.

All Things D identifies the site which hosted the exploit behind the recent Facebook, Twitter and Apple attacks.
In the spate of large companies hacked in recent weeks, it seems that many of them have one thing in common. Many have visited one compromised website specifically devoted to sharing information related to mobile development — and it’s not just tech companies visiting the site.
After Facebook employees visited the mobile development site in recent weeks, malicious code injected into the HTML of the site used an exploit in Oracle’s Java plug-in to infect employee laptops, as the company divulged last Friday.
Uninstall Java in your browsers (at the least) people its rapidly becoming the tool of the debble.

Ars Technica explains how the attack on HB Gary helped identify the two Chinese hackers that security firm Mandiant identified in the report it released yesterday.

...hackers used Hoglund's e-mail account to convince another administrator to reset the root password on the site's server to "changeme123." Once done, they entered the server and—among other things—dumped the entire list of user account and password hashes for, which had been hashed with the MD5 algorithm and proved susceptible to third-party password cracking tools. The cracked list was then publicly released.
This list was a boon to Mandiant because UglyGorilla was on it; he had signed up as "uglygorilla" and had used the password during registration. The password matched one that had been used by someone to register for a People's Liberation Army event back in 2004 and to register, a domain long associated with the APT1 hacks.
Slashdot links to an article about the ongoing efforts to to protect SCADA networks.

Violet Blue continues to provide updates on the various OpLastResort operations.  Her twitter stream is hit and miss, I am completely uninterested in all the SF-centric stuff (and the Open Source Sex stuff, not that I am against sex just not interested in sex columns) YMMV.

Post a Comment

So whats going on here

Not much.  Started indexing my ICS456 books (Fundamentals of Critical Infrastructure Protection).  I am still on track to be one of the fi...