Category Archives: breach

Sony hackers could have slipped past 90% of defenses, FBI director says

The malware that thoroughly penetrated Sony Pictures Entertainment was so sophisticated it likely would have worked against nine out of 10 security defenses available to companies, a top FBI official told members of Congress.

The comments, made under oath Wednesday by Joseph Demarest, assistant director of the FBI's cyber division, are the latest to largely let Sony officials off the hook. Last month's rooting of servers operated by Sony's movie division is believed to have exposed more than 100 gigabytes of data, including not only unreleased movies but, more importantly, personal details on tens of thousands of employees. Speaking before the Senate Banking, Housing, and Urban Affairs Committee, Demarest's apologist comments closely resembled those reported earlier this week from the CEO of Mandiant, the security firm investigating the breach on behalf of Sony.

"The level of sophistication is extremely high and we can tell...that [the hackers] are organized and certainly persistent," Demarest said, according to IDG News. "In speaking with Sony and separately, the Mandiant security provider, the malware that was used would have slipped or probably gotten past 90% of Net defenses that are out there today in private industry and [likely] challenged even state government."

Read 1 remaining paragraphs | Comments

Hacked payment card service transmitted some data in plaintext

Charge Anywhere, a company that routes payment transactions between merchants and payment card processors, said that malicious software planted on its network may have accessed unencrypted sensitive cardholder data for almost five years.

In a statement, the company warned that some of the card data it sends or receives appears in plaintext, allowing attackers to copy it and use it in fraudulent transactions. Details including names, account numbers, expiration dates, and verification codes are known to be exposed for transactions that occurred this year from August 17 through September 24, although it's possible transactions dating back to November 5, 2009 may also have been accessed, the statement said. The disclosure came after company officials hired an unidentified security firm to investigate the breach.

"The investigation revealed that an unauthorized person initially gained access to the network and installed sophisticated malware that was then used to create the ability to capture segments of outbound network traffic," the release stated. "Much of the outbound traffic was encrypted. However, the format and method of connection for certain outbound messages enabled the unauthorized person to capture and ultimately then gain access to plain text payment card transaction authorization requests."

Read 2 remaining paragraphs | Comments

1.2 billion stolen login details put a spotlight on the broken password system

Russian cybercrime group stole user names and passwords from 420,000 sites. Perhaps it’s time to move on from the password.

Spotify, security firm Avast report hacks that spill user data

The list of companies suffering security breaches that spill users' password data or other personal information grew by at least two this week with disclosures from security firm Avast and music subscription service Spotify.

Prague-based Avast said its user support forum was hacked over the weekend. Attackers got access to cryptographically hashed passwords, usernames, and e-mail addresses for about 400,000 people who had accounts on the service, which was hosted on a third-party software platform. Credit card data, license numbers, and other personal information belonging to Avast customers at large were unaffected. The forum will remain offline for the time being, while the service is rebuilt and moved to a different platform.

"We realize that it is serious to have these usernames stolen and regret the concern and inconvenience it causes you," Avast CEO Vince Steckler wrote in an advisory posted Monday. "However, this is an isolated third-party system and your sensitive data remains secure."

Read 3 remaining paragraphs | Comments

After the breach: eBay’s flawed password reset leaves much to be desired

eBay has finally stopped burying its own advisory to change passwords following a major hack on its corporate network by adding an important password update to the top of its home page. Now, engineers should turn their attention to flaws on the site's password reset page that may prevent users from choosing passcodes that are truly hard to crack.

When strong is weak

Chief among the imperfections is eBay's meter that labels chosen passwords as "weak," "medium," or "strong" depending on their resistance to common cracking techniques. It showed "Stlk/v/FqSx"lireFTzidyS/m" (minus the beginning and ending quotation marks) as being weak, even though the password has 25 characters that include a mix of upper- and lower-case letters and symbols, plus it isn't included any obvious dictionary or word list. (Thanks to @digininja for the example.) That means the only likely way to crack it is to employ a brute force technique in which an attacker tries every possible combination. The involved "keyspace"—that is, the number of possible combinations of a 25-character string with upper- and lower-case letters with special characters—is 8525, which is calculated by adding the number of possible letters (52) and the number of possible symbols (33) and raising the sum to the power of the password length (25).

It would take huge amounts of time and computation power to crack the password, and yet for some unexplained reason, eBay is telling users it's weak. The site's password meter similarly grades as weak the inversion, "m/SydizTFeril"xSqF/v/kltS", as well as smaller subsets. It also gave a "weak" mark to the password choices of "bEDl(<y|" and ">advice to eBay customers—as medium strength.

Read 3 remaining paragraphs | Comments

Opera Breach – When Cybercriminals take on Targeted Attacks

On June 26 2013, browser manufacturer Opera announced that they had been breached as a result of a targeted attack against their infrastructure. However, this was no ordinary targeted attack. The attackers in this case weren't looking to steal intellectual property. They wanted to use Opera's auto-update mechanism in order to propagate a piece of malware normally associated with financial Trojans.

When attackers breached the Opera network sometime around June 19 2013, they first stole an expired Opera code signing certificate to sign a piece of malware. Signing the malware allowed them to distribute it via Opera's auto-update mechanism. Users would receive the malware as part of a browser update. The malware in question is Downloader.Ponik, a downloader Trojan typically used to propagate cybercrime-related malware, such as financial Trojans and infostealers.

Opera, in their statement, estimates that a few thousand users may have automatically received the malware sometime between 01:00 and 01:36. Opera spotted the breach and were able to halt any further propagation of the malware. As the attackers only had a small window in which to operate they had limited success. Had they had more prolonged access to the Opera network they would have been much more successful. Or would they?

Had the attackers had access to the Opera servers for a longer period they would have been able to propagate their malware to a much larger number of users. However, such an attack would be very noisy, drawing the attention of security companies who would quickly provide protection and lead a concerted effort to take down command-and-control (C&C) servers. All of this would render the malware effectively useless. This is reminiscent of Conficker, a threat which spread to millions of computers and was due to trigger a payload on April 1, 2009. However, by that time, security organizations and hosting providers had worked together to take control of the C&C servers. The threat was being so closely monitored that the attackers were unable to leverage it.

When attackers try aggressive propagation methods they become victims of their own success. For now this attack has been neutralized. Opera recommends that users update their browsers as proactive measure against further attacks. Symantec provides protection for this as Downloader.Ponik. We also recommend that users who think they may have been affected reset their passwords.

Copyright © 2014. Powered by WordPress & Romangie Theme.