All Things D identifies the site which hosted the exploit behind the recent Facebook, Twitter and Apple attacks.
In the spate of large companies hacked in recent weeks, it seems that many of them have one thing in common. Many have visited one compromised website specifically devoted to sharing information related to mobile development — and it’s not just tech companies visiting the site.Uninstall Java in your browsers (at the least) people its rapidly becoming the tool of the debble.
After Facebook employees visited the mobile development site in recent weeks, malicious code injected into the HTML of the site used an exploit in Oracle’s Java plug-in to infect employee laptops, as the company divulged last Friday.
Ars Technica explains how the attack on HB Gary helped identify the two Chinese hackers that security firm Mandiant identified in the report it released yesterday.
...hackers used Hoglund's e-mail account to convince another rootkit.com administrator to reset the root password on the site's server to "changeme123." Once done, they entered the server and—among other things—dumped the entire list of user account and password hashes for rootkit.com, which had been hashed with the MD5 algorithm and proved susceptible to third-party password cracking tools. The cracked list was then publicly released.
This list was a boon to Mandiant because UglyGorilla was on it; he had signed up as "uglygorilla" and had used the password firstname.lastname@example.org during registration. The password matched one that had been used by someone to register for a People's Liberation Army event back in 2004 and to register hugesoft.org, a domain long associated with the APT1 hacks.Slashdot links to an article about the ongoing efforts to to protect SCADA networks.
Violet Blue continues to provide updates on the various OpLastResort operations. Her twitter stream is hit and miss, I am completely uninterested in all the SF-centric stuff (and the Open Source Sex stuff, not that I am against sex just not interested in sex columns) YMMV.