Bad kitty! “Rookie mistake” in Cryptocat chat app makes cracking a snap Developers of the Cryptocat application for encrypting communications of activists and journalists have apologized for a critical programming flaw that made it trivial for third parties to decipher group chats. The precise amount of time the vulnerability was active is in dispute, with Cryptocat developers putting it at seven months and a security researcher saying it was closer to 19 months. Both sides agree that the effect of the bug was that the keys used to encrypt and decrypt conversations among groups of users were easy for outsiders to calculate. As a result, activists, journalists, or others who relied on Cryptocat to protect their group chats from government or industry snoops got little more protection than is typically available in standard chat programs.
A recent academic paper (PDF) shows “that Tor faces even greater risks from traffic correlation than previous studies suggested.” In other words, one of the world’s best tools for keeping online speech anonymous is at risk in a previously known—but now even clearer—fashion. In the wake of a recent uptick of Tor usage (whether from a botnet or from people inspired by former National Security Agency [NSA] contractor Edward Snowden), a reminder of these risks is certainly germane to today’s Internet. The new research has shown that a potential adversary with control of Internet Exchange Points (IXPs) or autonomous systems (ASes) that have large-scale network control (like an ISP), could expose and identify a Tor user, given enough time. Snoops can identify Tor users given enough time, experts say
Android botnets on the rise - case study Mobile botnets are malicious infrastructures that are increasing with impressive trend especially the Android botnets, considering the capillary diffusion for the Google mobile OS. Android devices are in the hands of more than half mobile users and unfortunately bad habits and lack of awareness of cyber threats are creating the favorable conditions for the diffusion of malicious applications that could infect helpless mobile. Every day I meet dozens of persons that have made a jailbreak on their device, that have installed insecure application downloaded from third-party application stores in most of the cases for trivial reasons. For youngsters security is an unknown word, exactly such as malware despite they know that they desktop PC could be infected. But mobile devices are also in workspace, the promiscuous usage is very common that’s why concepts such as BYOD are becoming very familiar at least between company management.
▶ DEFCON 14: The Making of atlas: Kiddie to Hacker in 5 Sleepless Nights
▶ Defcon 18 - You spent all that money and you still got owned - Joseph McCray - Part .mov
Hard drive-wiping malware that hit South Korea tied to military espionage The hackers responsible for a malware attack in March that simultaneously wiped data from tens of thousands of South Korean computers belong to the same espionage group that has targeted South Korean and US military secrets for four years, researchers said. The conclusion, reported in a recently published research paper from security firm McAfee, is surprising. Most groups behind network-based espionage campaigns take pains to remain hidden to ensure their advanced persistent threat (APT) is able to siphon as much sensitive data as possible. The "Dark Seoul" attack, by contrast, has attracted huge amounts of attention because of its coordinated detonation. It struck government and media networks in South Korea precisely at 2pm local time on March 20, affecting both Internet and mobile banking applications, while taking automatic teller machines offline.
The Korean Herald and other news outlets are reporting that 35 million users of Nate - South Korea's third largest search engine - and Cyworld - the country's largest social networking site - have had some of their personal information stolen by hackers allegedly traced to China. Some 25 million South Koreans belong to Cyworld - nearly half the country's population. The hacking attack was announced yesterday by SK Communications Co., which operates Nate and Cyworld, and is "a unit of the SK Group whose affiliates include top mobile operator SK Telecom," the Herald report. The Korean Herald story quotes a statement from SK Communications that reads in part: "The company has confirmed that a leak of customers' information has taken place due to hacking on July 26, The specific scale of the hacking is still being investigated, but it is estimated that some of the personal information of 35 million Nate and Cyworld members have been leaked." Hackers Get Personal Information on 35 Million South Korean Users of Nate and Cyworld
▶ DEF CON: The Documentary - 720p
Information Security Company | Counter Intelligence | OSINT Software
▶ Defcon 2010 - Crawling BitTorrent DHTs for Fun - Scott Wolchok - Part.mov This video is currently unavailable. Sorry, this video is not available on this device. by $author Share this playlist Cancel
Dieses Video ist derzeit nicht verfügbar. Das Video ist auf diesem Gerät nicht verfügbar. von $author Diese Playlist teilen Abbrechen Wiedergabe ▶ Defcon 18 - Power of the Chinese Security - Anthony Lai Jake Appelbaum Jon Oberheide - Part.mov
Amazing mind reader reveals his 'gift'
Defects leave critical military, industrial infrastructure open to hacks Security researchers have blown the whistle on serious vulnerabilities in an Internet-connected system used by the US military, hospitals, and private industry to control boilers, air-conditioners, security alarms, and other critical industrial equipment. The defects in the Niagara Framework, which links more than 11 million devices in 52 countries, could allow malicious hackers to seize control of critical infrastructure, an article published by The Washington Post warned. The vulnerabilities were unearthed by Billy Rios and Terry McCorkle, two researchers who have spent the past 18 months exposing security holes in a variety of ICS, or industrial control systems. "The ICS software community is light years behind modern software security," Rios wrote in a blog post recounting his odyssey in getting Niagara officials to publicly acknowledge the vulnerabilities after he and McCorkle reported them.
Wall Street targeted: 50,000 IT accounts hacked and leaked by ‘MidasBank’ A related faction of Anonymous, TeamGhostShell, has been targeting China with a vengeance in operation, #ProjectDragonFly — and now meet MidasBank, which focuses on the financial aspect; this time Wall Street. Approximately 50.000 accounts have been compromised. “I’ve been hacked!” Masakaki states, “The list contains both current, past, and rejected IT from Wall Street. The information is as detailed as ever with many other surprises in it.” GhostShell has been leaking left and right all kinds of targets, well we’re here to bring some sort of order to it, which is why this district will function solely to provide leaks from an economical point of view, institutional and educational, but primary, it will focus on the financial aspect of things.With that being said, what better target to pick as a first release, than the place that puts all markets to shame in the world.
Daedalus, une vue en 3D des cyber-attaques Il n’y a rien de beau dans une cyber-attaque, c’est un fait. Faire tomber un site internet, mettre à mal tout le réseau d’une entreprise, ce n’est pas beau, ce n’est pas bien… Mais un institut a trouvé le moyen de rendre ceci d’une bien belle manière. Pour ce faire, le NICT, l’Institut National des Technologies de l’Information et des Communications du Japon, a décidé de surveiller pas moins de 190 000 adresses IP japonaises et de toutes les regrouper sous formes de lignes dans une vue unifiée en 3D. Les réseaux, sous-réseaux, les pings y apparaissent.
It has been relatively quiet on the IT hacking front for the past month since LinkedIn and eHarmony were hacked and some 8 million user passwords taken. But things hotted up this past week, with several major hacks targeted at the social media site Formspring, search company Yahoo, and just announced today, hardware maker Nvidia. On Monday, hackers posted password information on 420,000 Formspring accounts online, which caused it to reset the passwords for all 28 million users on Wednesday as a precaution. A story at the San Francisco Chronicle quotes the following from Formspring founder Ade Olonoh’s blog that, ”We found that someone had broken into one of our development servers and was able to use that access to extract account information from a production database." The Formspring passwords taken were encrypted, and the company “salts” its password files, making it more difficult for them to be decrypted than in the LinkedIn and eHarmony cases. This Week in Cybercrime: Data Breaches at Yahoo, Formspring and Nvidia
RSF hacke la censure Samedi, un hackaton était organisé à la Cantine à Paris pour tester la sécurité de la future plate-forme de diffusion de contenus censurés de Reporters sans frontières, WeFightCensorship. Une expérience qui illustre une fois de plus les liens fructueux que les ONG ont commencé à tisser avec les hackers. Pentesting (test d'intrusion) de l'application WeFightCensorship de RSF à La Cantine, le 21 juillet 2012 - cc Ophelia Noor Ils lui ont fait mal, ils lui ont fait mal, les hackers à la future plate-forme WeFightCensorship de Reporters sans frontières (RSF). Ce samedi, ils étaient conviés par l’ONG à un hackaton organisé à la Cantine à Paris pour tester la sécurité de l’outil. Vu l’enjeu, WeFightCensorship a intérêt à viser un système sûr au maximum.
Depuis le mois de septembre dernier, OWNI, en partenariat avec WikiLeaks et cinq autres médias, a mis à jour les activités et les technologies des sociétés – souvent proches des services de renseignement et des institutions militaires – à l’origine de ce nouveau marché de l’interception massive. Pour une part très significative, ces industriels discrets sont implantés dans des démocraties occidentales. Ils fournissent en matériels d’écoutes et d’interception de masse leur propre gouvernement mais aussi de nombreuses dictatures. Ces matériels appartiennent à cinq grandes catégories : La carte d’un monde d’espions
Reuters doublement piraté !
FinSpy Software Is Tracking Political Dissidents
Les hackers ont enfin fait cracker le Sénat
Le Battle.net de Blizzard s'est fait hacker !
How “The Angel” helped 15,000 people steal broadband
NASA 2011: hacked 13 times, highlights security failures?
ISC Diary | Microsoft Emergency Bulletin: Unauthorized Certificate used in "Flame"
The Pirate Bay Dancing for Firefox Bypasses National IP and DNS Blocks
“cybercriminality” on SlideShare
Cybercriminalité : Paris, quatrième ville la plus exposée - Informatique - Bureautique
You will be billed $90,000 for this call: Mikko Hypponen (F-Secure) on Dialers, telephone fraud, mobile malware
Les pirates, ces grands dépressifs ?
7 Habits of Highly Effective Hackers: Using twitter to build password cracking wordlist
Le Pentagone se défend contre les cyberattaques - Aéronautique - Défense - Construction navale
Hackers politely deface security firm website, suggest fixes
Anonymous & Lulz Security Statement
US Military System Design Badly Compromised in March Cyber Attack?
$250,000 for Information on Rustock Botnet Creators
Washington Post's Jobs Section Hacked; 1.27 Million User IDs and E-mail Addresses Taken
Fin de Facebook le 5 novembre par Anonymous
What Does it Cost to Change the World? on Vimeo
L’attaque de l’année !
Google Will Eat Itself
Le créateur du mod Cyanogen rejoint Samsung
MI6 hackers replace al Qaeda bomb recipes with pirated cake recipes
La publicité Wikileaks qui déchire