ITsecurity
twitter facebook rss

The PF Chang’s breach and the lessons we should learn

Posted by Kevin on June 12, 2014

Brian Krebs reported Tuesday that fresh credit card details are being offered for sale on the internet. When he approached several banks over the details he found a common denominator: “all had been used at P.F. Chang’s locations between the beginning of March 2014 and May 19, 2014.” Contacted about the banks’ claims, the Scottsdale, […]

Watch Dogs-inspired hacking previews the internet of things

Posted by Kevin on June 11, 2014

The internet of things will be a kiddies’ playground, courtesy of Shodan. Shodan is a search engine that finds computer and server software connected to the internet rather than website content. But if those computers with that software have a known vulnerability, then any old kiddie with an exploit can get in. By way of […]

Two iPhone hackers probably behind the Oleg Pliss attacks arrested in Russia

Posted by Kevin on June 11, 2014

A Monday announcement by the Russian Interior Ministry claims that two men have been arrested following reports that iPhones have been blocked remotely and that ‘attackers’ have demanded money in order to release them. Although the Ministry announcement made no mention of non-Russian attacks, it seems almost certain that these are the same hackers behind […]

Attacking smart TVs

Posted by Kevin on June 9, 2014

It might not be so smart to have a smart TV. Researchers at Columbia University have described a methodology by which attackers can take over, manipulate and infect other connected devices both remotely and undetectably. This capability can be leveraged to perform “traditional” attack activities: perform clickfraud, insert comment or voting spam, conduct reconnaissance (within […]

More on the Avast breach and the hash used

Posted by Kevin on May 29, 2014

My understanding is that the hash formula used by Avast to store its forum users’ passwords was $hash = sha1(strtolower($username) . $password); This is the formula built into the SMF open source forum software used by Avast. It is both good and bad. It confirms that the hash was salted (with the user’s username); but […]

Avast forum hack demonstrates we need password storage disclosure

Posted by Kevin on May 29, 2014

A blog post early this morning by Avast Software CEO Vince Steckler announced The AVAST forum is currently offline and will remain so for a brief period. It was hacked over this past weekend and user nicknames, user names, email addresses and hashed (one-way encrypted) passwords were compromised. AVAST forum offline due to attack Avast’s […]

Antipodean iOS ransomware

Posted by David Harley on May 28, 2014

Wherever you live, now is the time to take advantage of Apple’s 2FA for Apple ID credentials.

Hector (Sabu) Monsegur to be sentenced while Hammond sits in prison

Posted by Kevin on May 26, 2014

A common cry in Anonymous circles is ‘Free Jeremy Hammond; Fuck Sabu’. Jeremy Hammond is currently serving a ten-year prison sentence for his involvement in the Stratfor hack. Sabu (real name Hector Xavier Monsegur) will be sentenced tomorrow for his role in Lulzsec and many other hacks. He is expected, on FBI request, to walk […]

The eBay hack, the loss of 140 million records, and the PR fiasco

Posted by Kevin on May 24, 2014

There are two functions to PR: the first is to shout the good news from the hilltops, while the second is to bury the bad. When bad news hits, PR says very little. Bad news has hit eBay. It admitted Wednesday that it had been hacked – but it actually gives very little information. This […]

DoJ wants to make it easier for the FBI to legally hack innocent Americans

Posted by Kevin on May 11, 2014

The precarious balance between law enforcement and personal privacy is highlighted by a new proposal from the Department of Justice — it wants greater leeway in its ability to place malware on multiple computers. It can do this already, but not easily — it requires a judicial warrant that is only valid in the judge’s […]