Anonymous NATO

July 21, 2011

Anonymous is at it again, this time exfiltrating a gigabyte of protected data from NATO.

“Yes, #NATO was breached. And we have lots of restricted material,” the group tweeted on its AnonymousIRC Twitter feed, one of several it and another hacker group, AntiSec, use to release information and news about their activities.


German Incursion

July 20, 2011

According to a recent report, German federal law enforcement computer networks were compromised for nearly a year before the intrusion was noticed. The attackers, who call themselves the “No Name Crew”, used that time to gather tremendous amounts of privileged information on government and law enforcement operations.

Many companies are still using the “hard shell, chewy center” model of computer security – lock down the perimeter so that nobody can get through. As the French discovered with the Maginot Line, that’s not a valid means of defense. Any network of noticeable size has compromised machines on it; that’s just a fact of life these days. Do you have the internal controls in place to find and limit the access of these machines?


Fifth Amendment

July 18, 2011

The EFF has filed a friend of the court brief in a Colorado federal courtroom, asserting that compelling a defendant to reveal the password to her computer’s encrypted hard drive is a violation of the Fifth Amendment. This will be an interesting legal precedent; I don’t think that the British tactic of holding someone in contempt until their password is revealed has been used here in the USA.


RSA Comes Clean

June 7, 2011

After a couple months of denial, RSA has finally come clean. SecureID is fatally compromised and will need replacement.

If you’re using SecureID tokens, they are no longer valid proof of “something you have” and cannot be relied upon as an authentication source. Switch to something else or shut down the service they are securing as soon as possible.


Military Hacking

June 1, 2011

From this article at the Wall Street Journal:

The Pentagon has concluded that computer sabotage coming from another country can constitute an act of war, a finding that for the first time opens the door for the U.S. to respond using traditional military force… Pentagon officials believe the most-sophisticated computer attacks require the resources of a government. For instance, the weapons used in a major technological assault, such as taking down a power grid, would likely have been developed with state support, Pentagon officials say.

As Lauren Weinstein pointed out on the IP list, you couldn’t possibly come up with a better challenge to incite black hats. “You think only a foreign government can take out a power grid? Well, watch _this_!”


Lockheed

May 31, 2011

Lockheed Martin, the country’s largest defense contractor, has suffered a serious network attack. Their VPN architecture was exploited, likely using code from the RSA SecureID intrusion earlier this year.

This is probably the first of many. After all, people have looked at the multifactor authentication afforded by SecureID as the gold standard for years; if that’s cracked, we’re all in a lot of trouble.


De-Evolution

May 27, 2011

IT World is running a fun article on features that we’ve lost from our computers over the years. While the common perception is that technology is always getting better, it does occasionally happen that a really useful concept or feature vanishes, never to reappear.

(My favorite, which isn’t in the article, was the old SCO Unix capability to turn all of the text in a terminal window red if you were logged in as root. It was so simple, but such a great visual clue.)


iOS Encryption Cracked

May 26, 2011

Elcomsoft, the well-known Russian security company, has released a new tool that allows users to brute-force the encryption keys used by iOS 4 devices. Apparently the usual time to crack an iPhone or iPad is about forty minutes.


MacDefender Update

May 25, 2011

Apple is planning to release an update in the near future specifically to deal with the MacDefender malware that’s been making the rounds for the last couple of weeks. There’s blood in the water now, though – I wouldn’t be surprised to see significant amounts of new malware on OS X in the near future, now that it’s a proven target.


Google AuthToken Vulnerability

May 18, 2011

Remember Firesheep? The software plugin for Firefox that allowed users to take advantage of authentication tokens being transmitted in cleartext across a shared medium, like a wireless network?

Apparently Google doesn’t.

Researchers at ULM have discovered a remarkably similar flaw in the communication between Android smartphones and Google web services – if you’re updating your calendar or contacts from a public wifi hotspot, eavesdropping and impersonating attacks are trivial. (This includes the automatic synchronization that is on by default on most handsets) Apparently a patch is available; and if the history of Android is any indication, it might even be available to end users in a few months. Maybe.