SECURITY TO THE CORE

Security Articles

Sony network attacked again, hackers claim !!

A hacker group has claimed it has attacked the Sony network and stolen more than one million passwords, email addresses and other information.

CaptureLulz Security said it broke into servers that run SonyPictures.com. Sony said it was aware of Lulz Security’s statement and was investigating, the Associated Press reported.

In April, hackers broke into Sony’s PlayStation Network and stole data from more than 77 million accounts. That attack was considered the biggest in internet history and led to Sony shutting down the PlayStation Network and other services for almost a month.

The company has estimated the data breach will result in a $170m (£104m) hit to its operating profit.

Since then, Sony’s networks have become targets for hackers and the company has confirmed at least four other break-ins prior to the claimed attack on Sony Pictures.

Lulz Security claims to be behind one of those attacks: an assault on Sony Music Japan.

The latest alleged attack will come as a blow to the Japanese firm, 24 hours after it announced the PlayStation Network would be fully restored in the US and Europe, and said it had beefed up its security systems.

‘Asking for it’

In a statement on Thursday, Lulz Security said it had hacked into a database that included unencrypted passwords as well as names, addresses and dates of birth of Sony customers.

"From a single injection, we accessed EVERYTHING," it said. "Why do you put such faith in a company that allows itself to become open to these simple attacks?"

"What’s worse is that every bit of data we took wasn’t encrypted. Sony stored over 1,000,000 passwords of its customers in plain text, which means it’s just a matter of taking it.

"This is disgraceful and insecure: they were asking for it."

The group also recently claimed responsibility for hacking the website of the PBS network and posting a fake story in protest at a news programme about WikiLeaks.

BBC News


Windows 8 spam let to malware ..

While most people are enjoying a long weekend off, others are busy hacking websites, writing malware, sending spam and monitoring the progress of their growing Botnet(s).

Microsoft has hardly announced Windows 8 and the first cyber-criminals are already on top of it. Below a copy of a curious email that is being spammed over the “Ascension holiday/weekend”:

From: Microsoft.com [mailto:news@microsoft.com]
Send on: Wednesday 1 June 2011 21:40
Subject: Windows 8 released.
Microsoft R Corporation is proud to announce the latest and the best
operating system available yet. For more details, click
here

When clicking on the link, a file called “8final.gif.exe” is downloaded from a hacked website.

8final

File length: 1136678 bytes.
MD5 hash: b3babe1040d10ab4cbbc62ee2d986f85.
SHA1 hash: 096d5248144240097bc4eb398301a4d355713a09

Depending on your view settings you might not be able to see the second file extension (.exe)

The website (http://ed???ormer.com) which hosts the malware is an educational interest organization, which has unfortunately been compromised by criminals.

This malware is not installed by itself. You have to click on the download link AND double click the downloaded file to be able to infect yourself. One picture is shown you while in the background the malware is installed and started.

The currently downloaded malware is a Trojan which installs an IRC Backdoor which can be used to flood IRC channels. It talks to hxxp://irc.darkbit.info and sets up a connection to 70.32.83.146 and 94.125.182.255 on port 6667.

By adding itself to the Run section of HKLM\Software\Microsoft\Windows\CurrentVersion the malware will automatically load itself when restarted.

AutoStart

This malware was first reported on June the 1st around 10:50 (UTC) and was still available while writing this. More spam and malware will be using the upcoming Windows 8 to lure you into their net.

Don’t fall for this type of spam. Do not open suspicious emails and/or links. Keep your computer up-to-date and use common sense.

For more technical details see the Threat Expert Report: b3babe1040d10ab4cbbc62ee2d986f85

- Lucky H

Your kids are online; keep them safe!

 

Internet revolution has begun – Do you know where your kids are?

Online safety for kids should be a very big concern for parents everywhere in the world. There are millions of kids getting online these days for a number of reasons. They do not understand how dangerous the internet can be for them. It is every parent’s responsibility to know what kind of potential threats there are.

For most kids winter holidays are fast approaching, so now is a great time to inform your children about online safety. More time at home means more time on the computer and internet for many, and whether or not you have had a talk about online safety with them before, it is never a bad thing to cover the ground rules of staying safe in the online world.

I am not trying to suggest you to suffocate kids with rules and regulations; just tell them that with a few common-sense tips they will stay out of digital trouble (Not to mention keep their internet access privileges/rights intact). If you do not know where to start, TRY these TEN tips. While the tips below are by no means exhaustive, it provides a good starting point to use or modify to meet the needs of your children.

Talk to your kids about rules and expectations

Every home environment is different with regard to what is acceptable to view online and what is not. Be sure to let your kids know what the rules are so they can make good decisions for them. Online safety begins at home with a discussion.

Educate yourself and your children

Every generation has its own slang words. You had it, we have it, your kids have it and there is definitely a new way of talking when it comes to texting on mobile phones or chatting on the Internet.

With the rate at which technology changes, most parents left in the dark and do not have a clue about what their kids is doing. The most important things you can do are to know what your kids are doing, talk to them about online predators and what they can do with their personal information as well as educate yourself to help protect them.

Keep time limits

Limit your kids’ time online, just as you do with their TV viewing…  It is a good idea to set time limits for kids to be able to check their email, IM with friends, or update their Facebook or Twitter pages. A set time to go online for educational information, or for fun, can make a world of difference.

Check out your kids’ Social-Networking profiles

Do NOT be afraid to get up in their business. It is your responsibility to make sure that they are not getting themselves into digital trouble. Open your own social networking account on the same website where your kids are and let them know you are there and why you are doing all these things. STEP carefully, however, and keep in mind that you CANNOT monitor your children’s 24*7, and some kids may resent such monitoring.

TRUSTe Online Survey: About 80% of teens surveyed used privacy settings to hide their online contents from certain friends and their parents.

Verify browser settings and their browsing history

Setting up an appropriate surfing environment and time is especially important for younger kids, but even teenagers and adolescents can benefit from some added safety settings. Make sure that the security settings on your internet browser are not set too low, making it easier for malicious software aka malware to get onto your system. Also, make sure that the internet browser history is left intact, so that you can periodically monitor where your kids have been browsing.

Protecting privacy

So much of your kids’ online safety is in their hands every time they type anything on social networking sites or chat rooms. Make sure your children understand the importance of not sharing certain information, like their full name, name of the school or college they attend, home address, age or cell phone number with people they (or you) have never met F2F (Face-To Face) or IRL (In Real Life).

Check your kids’ privacy settings on Facebook or other social networking website. With just a single mouse click in your kids Facebook account, you can make sure that people they are not “friends” with cannot see their posts, education or any personal information. Ask your kids to refrain from posting photographs on social networking websites. Pictures of children may be targets for Cyber-stalkers and Social Networking Predators.

TRUSTe Online Survey: More than 1 out of 5 parents have previously blocked or restricted their kids’ use of social – networking websites due to privacy concerns.

No Face-to-Face meetings with strangers

If talking with online strangers is bad, meeting them Face-To-Face (in person) is even worse! Be clear with your children that no one will set up a meeting with strangers, child or adult, who they do not know already. Explain that online friends and strangers may not be who they are issued.

Don’t Reveal Too Much

If your child participates in chat rooms or tweets on Twitter, ask them to remember that they do not reveal  too much about their daily schedules, such as “After school I’ll be at cricket practice at the school ground”, or where they are if they are alone or will be alone.

Don’t take candy from strangers

Discuss the benefits and harmful effects of internet with your child. Teach your kids that not everything they read online may be true. Any offer that’s “too good to be true” probably is. Luring emails or private messages with alluring offers to make money or win exciting gifts are most probably a scammer’s bait. So tell them to stay away from fraudulent emails.

Install Parental Control Software

Take advantage of parental control features on your computer by restricting inappropriate content. Do not forget to inform your kids that you have done this. Tell them frankly that you are not spying on them – you are keeping them safe!

The online safety tips we have listed above are a good starting point for any family with kids who are mature enough to use computers, but they are by no means an exhaustive list. Keep an eye on your kids’ online life, see what is working and what is not, and stay involved.

If you think I have missed anything, or if you have something to share, please leave a comment below. I love hearing from you!


Google Now Warns Users about Hacked and Compromised Websites !!

Google Warning

With the number of websites, blogs and portals growing every day, there is an overwhelming amount of news everyday, talking about data theft and websites that have been invaded by hackers and crackers. The latest news of this kind was the invasion of the popular blog Gawker Media, which resulted in the exposure of entire database of Gawker Media’s web properties.

Sensitive information has been exposed, including staff conversations, their private passwords used within the network and passwords also used by people who have registered to comment.

Thinking of a way to make web-browsing safer for users, Google added a new notification to its search system that alerts users about sites that may have been hacked or modified by unauthorized users.

How the notification works

Sites that possibly have been hacked or had its contents changed by unauthorized persons will show the message "This Site May Be Compromised" (This site may have been compromised), which can be seen just below the title displayed in Google search.

Clicking on top of that message, the user is redirected to security page of Google, more precisely to an article in the Help Center that explains more about the notice.

Meanwhile, If user choose to click on results, he’ll be redirected to the desired page, as expected. In some cases, a small warning is displayed, which will highlight the risk of continuing to the user.

Advising Webmaster & Developers

The new security mechanism from the search engine giant Google brings a lot of benefits to the website owners and developers. According to the Google, they are doing their best to contact the site’s webmaster, that were detected as suspicious or compromised via their Webmaster Tools account or any other contact email addresses which can be find on the webpage.

pirate computer

Google also provided a link to help the inexperienced webmasters who does not know how to proceed in case of cyber-attacks. Instructions can be accessed through the Help Center or through this link.

Still a lot of work to do

There are still a lot of things which Google has to work on, shore up and improve. The new Google tracking/notification service is not yet 100% operational, but the company is working as quickly as possible to make the new service fully functional, providing more security for users and site owners.