Bad kitty! “Rookie mistake” in Cryptocat chat app makes cracking a snap Developers of the Cryptocat application for encrypting communications of activists and journalists have apologized for a critical programming flaw that made it trivial for third parties to decipher group chats. The precise amount of time the vulnerability was active is in dispute, with Cryptocat developers putting it at seven months and a security researcher saying it was closer to 19 months. Both sides agree that the effect of the bug was that the keys used to encrypt and decrypt conversations among groups of users were easy for outsiders to calculate. As a result, activists, journalists, or others who relied on Cryptocat to protect their group chats from government or industry snoops got little more protection than is typically available in standard chat programs.
A recent academic paper (PDF) shows “that Tor faces even greater risks from traffic correlation than previous studies suggested.” In other words, one of the world’s best tools for keeping online speech anonymous is at risk in a previously known—but now even clearer—fashion. In the wake of a recent uptick of Tor usage (whether from a botnet or from people inspired by former National Security Agency [NSA] contractor Edward Snowden), a reminder of these risks is certainly germane to today’s Internet. The new research has shown that a potential adversary with control of Internet Exchange Points (IXPs) or autonomous systems (ASes) that have large-scale network control (like an ISP), could expose and identify a Tor user, given enough time. Snoops can identify Tor users given enough time, experts say
Android botnets on the rise - case study Mobile botnets are malicious infrastructures that are increasing with impressive trend especially the Android botnets, considering the capillary diffusion for the Google mobile OS. Android devices are in the hands of more than half mobile users and unfortunately bad habits and lack of awareness of cyber threats are creating the favorable conditions for the diffusion of malicious applications that could infect helpless mobile. Every day I meet dozens of persons that have made a jailbreak on their device, that have installed insecure application downloaded from third-party application stores in most of the cases for trivial reasons. For youngsters security is an unknown word, exactly such as malware despite they know that they desktop PC could be infected. But mobile devices are also in workspace, the promiscuous usage is very common that’s why concepts such as BYOD are becoming very familiar at least between company management.
▶ DEFCON 14: The Making of atlas: Kiddie to Hacker in 5 Sleepless Nights
▶ Defcon 18 - You spent all that money and you still got owned - Joseph McCray - Part .mov
Hard drive-wiping malware that hit South Korea tied to military espionage The hackers responsible for a malware attack in March that simultaneously wiped data from tens of thousands of South Korean computers belong to the same espionage group that has targeted South Korean and US military secrets for four years, researchers said. The conclusion, reported in a recently published research paper from security firm McAfee, is surprising. Most groups behind network-based espionage campaigns take pains to remain hidden to ensure their advanced persistent threat (APT) is able to siphon as much sensitive data as possible. The "Dark Seoul" attack, by contrast, has attracted huge amounts of attention because of its coordinated detonation. It struck government and media networks in South Korea precisely at 2pm local time on March 20, affecting both Internet and mobile banking applications, while taking automatic teller machines offline.
The Korean Herald and other news outlets are reporting that 35 million users of Nate - South Korea's third largest search engine - and Cyworld - the country's largest social networking site - have had some of their personal information stolen by hackers allegedly traced to China. Some 25 million South Koreans belong to Cyworld - nearly half the country's population. Hackers Get Personal Information on 35 Million South Korean Users of Nate and Cyworld
▶ DEF CON: The Documentary - 720p
Information Security Company | Counter Intelligence | OSINT Software
▶ Defcon 2010 - Crawling BitTorrent DHTs for Fun - Scott Wolchok - Part.mov
▶ Defcon 18 - Power of the Chinese Security - Anthony Lai Jake Appelbaum Jon Oberheide - Part.mov
Defects leave critical military, industrial infrastructure open to hacks Security researchers have blown the whistle on serious vulnerabilities in an Internet-connected system used by the US military, hospitals, and private industry to control boilers, air-conditioners, security alarms, and other critical industrial equipment.
Wall Street targeted: 50,000 IT accounts hacked and leaked by ‘MidasBank’ A related faction of Anonymous, TeamGhostShell, has been targeting China with a vengeance in operation, #ProjectDragonFly — and now meet MidasBank, which focuses on the financial aspect; this time Wall Street. Approximately 50.000 accounts have been compromised.
Daedalus, une vue en 3D des cyber-attaques Il n’y a rien de beau dans une cyber-attaque, c’est un fait.
It has been relatively quiet on the IT hacking front for the past month since LinkedIn and eHarmony were hacked and some 8 million user passwords taken. But things hotted up this past week, with several major hacks targeted at the social media site Formspring, search company Yahoo, and just announced today, hardware maker Nvidia. This Week in Cybercrime: Data Breaches at Yahoo, Formspring and Nvidia
RSF hacke la censure Samedi, un hackaton était organisé à la Cantine à Paris pour tester la sécurité de la future plate-forme de diffusion de contenus censurés de Reporters sans frontières, WeFightCensorship. Une expérience qui illustre une fois de plus les liens fructueux que les ONG ont commencé à tisser avec les hackers.
Depuis le mois de septembre dernier, OWNI, en partenariat avec WikiLeaks et cinq autres médias, a mis à jour les activités et les technologies des sociétés – souvent proches des services de renseignement et des institutions militaires – à l’origine de ce nouveau marché de l’interception massive.
On parle souvent du piratage d ‘e-mails ou autres coordonnées bancaires. Reuters doublement piraté !
What they found was the widespread use of sophisticated, off-the-shelf computer espionage software by governments with questionable records on human rights. While the software is supposedly sold for use only in criminal investigations, the two came across evidence that it was being used to target political dissidents. FinSpy Software Is Tracking Political Dissidents
Les hackers ont enfin fait cracker le Sénat Enfin ! Le dernier rapport du Sénat sur la cyberdéfense montre un changement net de regard sur la communauté des hackers.
Le Battle.net de Blizzard s'est fait hacker ! Blizzard invite ses utilisateurs à changer le mot de passe de leur compte Battle .net après que des hackers se soient introduits dans son système. Le service Battle.net de Blizzard vient tout juste d’être victime d’une méchante intrusion.
How “The Angel” helped 15,000 people steal broadband
NASA 2011: hacked 13 times, highlights security failures?
AntiSec Hackers Steal 40 GB of Data from Lake County Sheriff's Office
ISC Diary | Microsoft Emergency Bulletin: Unauthorized Certificate used in "Flame"
The Pirate Bay Dancing for Firefox Bypasses National IP and DNS Blocks
“cybercriminality” on SlideShare
Cybercriminalité : Paris, quatrième ville la plus exposée - Informatique - Bureautique
You will be billed $90,000 for this call: Mikko Hypponen (F-Secure) on Dialers, telephone fraud, mobile malware
Les pirates, ces grands dépressifs ?
7 Habits of Highly Effective Hackers: Using twitter to build password cracking wordlist
Le Pentagone se défend contre les cyberattaques - Aéronautique - Défense - Construction navale
Hackers politely deface security firm website, suggest fixes
US Military System Design Badly Compromised in March Cyber Attack?
$250,000 for Information on Rustock Botnet Creators
Washington Post's Jobs Section Hacked; 1.27 Million User IDs and E-mail Addresses Taken
Fin de Facebook le 5 novembre par Anonymous
L’attaque de l’année !
Le créateur du mod Cyanogen rejoint Samsung
MI6 hackers replace al Qaeda bomb recipes with pirated cake recipes
La publicité Wikileaks qui déchire