OK. It’s been just over a week since information leaking Web site Wikileaks released the first installment of leaked U.S. diplomatic cables, with each day bringing new documents from the purported hoard of some 250,000 pages, and new developments from a range of very pissed off Western governments.
Browsing Tag: data breach
The main server used to distribute the open-source ProFTPD software was compromised over the weekend through the use of a bug in the FTP software itself, and a backdoored version of the software was uploaded and distributed for several days as a result.
The Web site of Wikileaks was moving quickly to stay out of the way of large scale denial of service attacks on Sunday and Monday, following the release of a trove of sensitive U.S. diplomatic cables. The controversial site, which has spent months trying to find a home secure from government seizure, now appears to be hosted on servers that are part of U.S. firm Amazon.com’s giant hosted Web Services infrastructure based in Seattle, Washington.
By Dave Merkel
I’m a dirty vendor. That
may not be the best way to start a serious dialogue about security product
effectiveness, but I hate to read a post on security theory by some insincere
tie-wearing wonk only to discover afterwards that he or she is Lord High Poobah
of Marketing at “Scaring You For Profit, Inc.”
So I’ll just tell you who and what I am up front. I may have to wear the
tie, but I don’t have to be that guy.
Continue at your own risk.
A ten year veteran of the U.S. automaker Ford Motor Company pleaded guilty in federal court on November 17 to charges that he stole company secrets, including design documents, worth more than $50 million and sharing them with his new employer: the Chinese division of a U.S. rival of Ford’s.
As part of its continuing focus on collecting information on data breaches and thefts, Verizon Business has released VERIS Community application, a new application that enables security professionals to enter anonymous information about an incident and receive a detailed report in return.
A raft of class action lawsuits filed in Federal court charge the globe’s biggest social networking
firms with violating federal communications privacy laws, allowing advertisers to profit from personal information harvested from users.
[img_assist|nid=7216|title=|desc=|link=none|align=right|width=100|height=100]Federal agents on Monday raided the Melrose, Massachusetts home of a missile systems expert who formerly worked at U.S. defense
contractor Raytheon. Several boxes of items were taken by FBI and Immigration
and Customs Enforcement agents from the home, which is owned by Richard M. Lloyd.
Less than a week after the Cryptome.org archive was hacked and defaced, the site has posted the names, addresses and phone numbers of two individuals it accuses of being involved in the attack.
HED: New Passwords Not Enough to Secure Hacked E-mail AccountDEK: Google’s Advice to Owners of Compromised Accounts Woefully Inadequate, Says Web Security ExpertBY CALEB SIMA, CEO, Armorize TechnologiesThreatpost reported recently on a wave of warnings about Gmail account compromises linked to IP addresses in China. IN at least one case, the account in question belonged to a prominent UK online privacy activist that has been critical of censorship of the Internet by China’s ruling Communist Party. While declining to comment on the specific attacks, a Google spokesman noted the company’s seven month old policy of notifying users when their accounts have been accessed from suspicious IP addresses and the company’s advice to users to change their passwords after a compromise. But merely changing the password on a compromised account doesn’t even begin to repair the damage, says Caleb Sima, a Web application security expert and CEO of Armorize. In this column, Sima explains why and provides guiance on what users should do to secure their account after a compromise. I recently read an article warning of attacks against Gmail accounts being conducted by the Chinese government. [http://threatpost.com/en_us/blogs/google-warning-gmail-users-china-spying-attempts-092310]. The article provided one solution to fix a hacked Gmail account. Change your password. Changing your password is good advice, but its extremely insufficient. Any decent attacker will have at least one backdoor to regain control of your account so quickly that it will make your head spin. People are baffled when their Gmail account is re-compromised and often have no idea how it keeps happening. I’ve laid out some of the more obvious items that need to be checked to ensure that your Gmail/Google account is locked down. >Disable any malicious forwarding and filters The best method for an attacker to get back into your account is to keep reading your emails even after you’ve changed your password. So the basics of any Gmail backdoor will be to setup some email forwarding rules that send him or her a copy of your messages as they arrive – including password reset messages. Make sure you disable these following any compromise. Under Settings->Forwarding and POP/imap ensure that disable forwarding is selected and that your incoming email is not being forwarded to the attacker. Next, check your filters list in Gmail and make sure there are not any rules setup that forward email to the attacker.>Check the Password Recovery SettingsThe next best method of a backdoor is for the attacker to have the ability to recover or reset your password. This is not the sneakiest of routes but it accomplishes the job well. Ensure an additional recovery email address was not added to your account.This will allow an attacker to get the password reset link straight to his email.Go to settings->Accounts and Import->Google account settings->Change password recovery options->Email. Make sure the SMS number has not been changed in Google account settings. Also, make sure your security question has not been changed to a question known by the attacker. Sneaky attackers will leave your question the same but change the answer to one they know. Go ahead and change your question and answer. >Watch out for rogue applications. Gmail isn’t just an email program, its part of an entire Web based application ecosystem. Check your authorized applications to see if the attacker added their own malicious application to be allowed on your account. This is my personal favorite. Everyone today adds social applications and gives permission to their Facebook/Google accounts through third party applications. Most people don’t even look at what permissions the third party applications have. In Gmail applications can pretty much do everything an attacker would want to do. Even better, from the attacker’s stand point, is tha no one even knows where how to revoke or check permissions on these applications once they’ve been approved, they’re forgotten. There are open source applications will grant full IMAP/SMTP access using OAUTH. (The Python scripts from the open source google-mail-xoauth-tools project are an example). [http://code.google.com/p/google-mail-xoauth-tools/wiki/XoauthDotPyRunThrough]. Once the Gmail account is hijacked, an attacker can run this script and grant access to the application for full privileges. Even if you change your password multiple times, a rogue application can continue reading your email and accessing your personal data.>Think beyond e-mail Not only backdoors allowing full access to read email should be considered. Attackers have several options to obtain your data in the world of open social collaboration that is easier then ever. If you have Google voice, go into voice settings and make sure voicemail and text messages are not being sent to additional email addresses. If you have important Google documents in Google Docs, ensure the attacker has not enabled sharing. Google calendar is a very nice backdoor. I’m sure you don’t want someone unexpectedly dropping in and listening on your next board meeting. If so, there are a couple areas you need to check.In the Calendar Settings, click on your calendars to display the detailed view and make sure you click “reset private URLs” in the private address section. This will change the private address that can be used to retrieve your calendar feed. As an attacker I can easily just copy this URL and monitor your calendar. Next, click ‘Share this calendar’ tab and make sure that no email addresses are added that you don’t recognize.Google says owners of compromised Gmail accounts should change their
password. But Web security expert Caleb Sima says that advice is
woefully inadequate. Read his thoughts on how to secure your e-mail
account after a compromise, prevent snooping and keep your account from
getting hijacked all over again.