Apple finally purges Mac OS of disgraced DigiNotar certs High performance access to file storage Apple has finally purged the imprimatur of disgraced web authentication authority DigiNotar from its Mac operating system. In an update released Friday, Apple removed multiple DigiNotar root certificates from the Lion and Snow Leopard versions of Mac OS X. The move came nine days after the discovery that the Netherlands-based authority issued a counterfeit SSL certificate for Google.com that was used to spy on people in Iran. Within hours of the discovery, Google and Mozilla issued updates that caused their browsers and email programs to reject most SSL certificates issued by DigiNotar. Apple's delayed response comes in sharp contrast. Users of Google's Android OS for smartphones also remain wide open. The threats Apple and Google have failed to protect their users against are by no means theoretical.
The Mysterious Death of John Wheeler and Ties to Mitre There are shocking news reports today that the body of John Wheeler was discovered at the Cherry Island Landfill in Delaware last Friday. John Wheeler was the Special Assistant to the Secretary of the Air Force in Washington, D.C. from 2005 through 2008, and toward the end of his military career, served as the Special Assistant to the Acting Secretary of the Air Force for Installations, Logistics and Environment. In other words, this was a man not only “in the know” but with a great deal of power, a strong insider position and most certainly a great deal of insider knowledge throughout the military-industrial complex. Throughout his career, he not only had served three Republican administrations, but he was also a decorated Army staff officer, having served in Vietnam. He led efforts in Washington that resulted in the construction of the Vietnam Veterans Memorial wall – which many believe never would have become a reality had it not been for Wheeler’s tireless efforts.
Body of murdered cyberwar expert found in landfill High performance access to file storage The body of a decorated US Army officer was found dumped in a Delaware landfill on New Years Eve day, a few days after he expressed concern that the nation wasn't adequately prepared for cyber warfare, according to news reports following the bizarre whodunit. Events surrounding the murder of John P. The day after Christmas – five days before his body was found as it was being dumped from a trash truck into the Cherry Island Landfill in Wilmington – Wheeler sent longtime friend Richard Radez an email expressing concern that the US wasn't sufficiently prepared for “cyber warfare,” according to The Associated Press. “This was something that had preoccupied him over the last couple of years,” Radez told the news organization. Among them are revelations that Wheeler was seen on December 29 and 30 in a “confused and disoriented” state in downtown Wilmington.
NBC’s Twitter handle hacked, spreads false Ground Zero attack information The FBI is looking into a hack on news corporation NBC‘s Twitter account, which was attacked by hacker group The Script Kiddies. The hackers tweeted false information about hijacked planes crashing into Ground Zero, the place where the World Trade Center once stood. The hack came only one day before the 10th anniversary of the 9/11 attacks on New York. NBC’s news twitter handle (@NBCNews) was reported to say the following in time order: “Breaking News! Then nearly ten minutes after the first tweet, the hackers announced their success on @NBCNews by saying, “NBCNEWS news hacked by The Script Kiddies. The group also updated NBC’s twitter bio stating the same. The Script Kiddies twitter handle @s_kidding no longer exists. Brian Williams of NBC Nightly News read a statement from the company on the show last night announcing the false information. Twitter shut down the @NBCNews Twitter handle for some time. This is not the first we’ve heard from The Script Kiddies.
McAfee Reveals Massive Cyber Espionage Attack On August 3rd, Reuters reported that McAfee was set to reveal that the company has uncovered an extensive, far-reaching case of espionage. When the report came, foreign states were implicated in general, but China was not specifically blamed. Vice President of threat research for McAfee, Dmitri Alperovitch, told Reuters that “Operation Shady RAT” – the term used for a massive loss of information due to recent hacking efforts – poses a significant threat to the United States. “What is happening to all this data — by now reaching petabytes as a whole — is still largely an open question. According to The Washington Post, many analysts are blaming China for hacking up to 72 networks across the world, including 49 intrusions in the U.S. alone. Threat Type is Not New Oddly enough, what most media outlets leave out is the rest of the story - the fact that most of the security experts do not see this as a significant "new" threat - only an change in where the particular threat is coming from.
Google Urges Iranian Users To Re-Secure Gmail Accounts After Attacks Google is advising users in Iran to take specific steps in order to re-secure their Gmail accounts after last week’s reveal of the man-in-the-middle attacks that targeted Iranian users. The attackers used fraudulent SSL certificates issued by a compromised root certificate authority in the Netherlands, DigiNotar. These fake certificates allowed hackers to impersonate Google.com and others. Google was only one of the domains affected in the breach. Although Google, Mozilla and others moved quickly to remove DigiNotar as a trusted authority in their Web browsers, it was too late to protect users from the damage that had already been done. Google tries to downplay the problem a bit in its blog post by stating that “users of the Chrome browser were protected from this threat,” but that’s not entirely accurate. And the threat may still be present for those who have not taken action. Change your password. This is why Google is able to make such a claim, apparently.