Posts Tagged ‘hack’

Sony: 0 LulzSec: at least 2

Posted by spaquet on June 8, 2011  |   Comments Off

2011 is Sony’s year! After shutting down the PlayStation Network for a month, being hacked in Japan this time, Sony has temporarily shuttered yet another website following reports it may have suffered an attack by hackers.

The company’s Brazilian Music site was inaccessible for much of Tuesday as website engineers investigated a possible security breach, according to news reports.

On Friday, a group calling itself LulzSec targeted Sony’s movie division in an attack it claimed exposed more than 1 million consumer email addresses and passwords. It claimed the attack on the Sony Pictures website was achieved by exploiting a simple SQL-injection vulnerability, leading to the trove of unencrypted data.

Looks like Sony’s activities should be fully checked…

UP4B offers a wide range of process and network analysis to make sure that your network is protected against what is really important for your business: information leak, network protection (penetration testing,…), network availability and more.

Feel free to contact us for more information on our IT Security services and get your company IT Sec ready.

En garde!

Posted by spaquet on June 6, 2011  |   Comments Off

Systems of an FBI-affiliated public-private partnership organization have been hacked and its website defaced by LulzSec. In addition, email addresses have been leaked from the database in the process…

Website defacements included mooching messages such as “LET IT FLOW YOU STUPID FBI BATTLESHIPS” and a video clip. Part of the message suggests that LulzSec launched the attack as some sort of response to the Obama administration’s plans to make hacking an act of war.

Apart from website meddling there were data losses including the personal info for 180 users at Infragard, a private-public partnership between the FBI and US business that works in cyber-security.

LulzSec tried the passwords exposed by the hack on other locations, allowing it to hack into other systems thanks to some users’ re-use of the same passwords.

LulzSec, group of hackers, shot to prominence last month with a high-profile hack against PBS followed days later by a break-in that yielded 1 million user records and coupon codes at Sony BMG sites and the Sony Pictures Entertainment site.

UP4B offers a wide range of process and network analysis to make sure that your network is protected against what is really important for your business: information leak, network protection (penetration testing,…), network availability and more.

Feel free to contact us for more information on our IT Security services and get your company IT Sec ready.

Unseen, uncaught!

Posted by spaquet on May 24, 2011  |   Comments Off

According to Trend Micro researcher Karl Dominguez: The vulnerability was actively being exploited using emails that contained malicious scripts and was able to stole email without warning.

Successful attacks required only that a Hotmail user open the malicious email or view it in a preview window. The commands embedded in the emails uploaded users’ correspondences and user contacts to servers under the control of attackers without requiring the victim to click on links or otherwise take any action.

The scripts also also had the capability of enabling email forwarding on the targeted Hotmail account, allowing attackers to view emails sent to the victim in the future…

Microsoft has now patched this bug, but it illustrates how important IT rules can be since it allowed attackers to silently steal confidential correspondences and user contacts from unsuspecting victims.

UP4B offers a wide range of process and network analysis to make sure that your network is protected against what is really important for your business: information leak, network protection (penetration testing,…), network availability and more.

Feel free to contact us for more information on our IT Security services and get your company IT Sec ready.

the bill please !

Posted by spaquet on May 24, 2011  |   Comments Off

The cost of a criminal intrusion that exposed sensitive data for more than 100 million Sony customers and resulted in a 23-day closure of the PlayStation Network will cost the company at least $171 million.

The estimated cost doesn’t included expenses related to any lawsuits that may be filed in response to the security breach, which was discovered on April 19. The estimate includes expenses of an identity theft prevention program and promotional packages to win back customers, among other things.

But the final cost might be far over since some Sony PlayStation Network services still have not been brought back online, as the PlayStation Store, which remains down, closing a venue that allowed the company to sell downloadable games.

UP4B offers a wide range of process and network analysis to make sure that your network is protected against what is really important for your business: information leak, network protection (penetration testing,…), network availability and more.

Feel free to contact us for more information on our IT Security services and get your company IT Sec ready.

Hack on Sony-owned ISP…

Posted by spaquet on May 22, 2011  |   Comments Off

2011 is not the year for Sony. After its PlayStation network being hacked, now it’s the turn of its own ISP…

So-Net Entertainment, a Sony subsidiary, was hacked by intruders who made off with about $1,200 worth of virtual points and gained access to 90 email accounts.

The hack took place on Monday and Tuesday and was discovered on Wednesday after customer complaints were reported. There’s no evidence the attackers accessed personal data such as names, addresses, and phone numbers (but as some email account have been accessed it does not seem to be such a true fact…)

UP4B offers a wide range of process and network analysis to make sure that your network is protected against what is really important for your business: information leak, network protection (penetration testing,…), network availability and more.

Feel free to contact us for more information on our IT Security services and get your company IT Sec ready.

And the winner is…

Posted by spaquet on May 19, 2011  |   Comments Off

Sony!

Just four days after the PlayStation Network reopened, Sony has taken down login and password recovery pages for the service following reports they contained a serious flaw that was actively exploited to hijack user accounts.

The vulnerability, which was first reported by UK-based gaming news site Nyleveia.com, required only that an attacker know the date of birth and email address associated with a targeted user’s account… forcing Sony to disable the login pages in order to prevent attacks.

Following the publication of this hack, Sony issued the following statement:

“We temporarily took down the PSN and Qriocity password reset page. Contrary to some reports, there was no hack involved. In the process of resetting of passwords there was a URL exploit that we have subsequently fixed.”

But this blunder raises new doubts about Sony’s ability to secure the PlayStation Network just as the company is trying to regain the confidence of dubious government officials and its 77 million account holders. Sony took down the service on April 20, following the discovery that core parts of its network had suffered a criminal intrusion that stole names, user names, passwords, birth dates, addresses, and other sensitive details of all its users. Company executives have said they can’t rule out the possibility that credit card data was also taken.

The exploit involved the bypass of a digital token system that Sony used when users reset their PSN password. Attackers could carry out the attack by visiting https://store.playstation.com/accounts/reset/resetPassword.action?token and then, in a separate browser tab, opening a different page on us.playstation.com and following Sony’s reset procedure, which required only the date of birth and email address associated with the account.

The attacker would then return to the original tab and, armed with the browser cookie just issued by Sony’s servers, complete an image verification on the page. The attacker would then proceed to a scree allowing him to change the victim’s password.

UP4B offers a wide range of process and network analysis to make sure that your network is protected against what is really important for your business: information leak, network protection (penetration testing,…), network availability and more.

Feel free to contact us for more information on our IT Security services and get your company IT Sec ready.

Sony PlayStation Network hack follow up

Posted by spaquet on May 14, 2011  |   Comments Off

Bloomberg News reported that the hackers who breached the security of Sony’s PlayStation network and gained access to sensitive data for 77 million subscribers used Amazon’s web services cloud to launch the attack.

The attackers rented a sever from Amazon’s EC2 service and penetrated the popular network from there, the news outlet said, citing an unnamed person with knowledge of the matter. The hackers supplied fake information to Amazon. to open a valid account (now closed).

Is Amazon cloud a hacker nest ?

German security researcher Thomas Roth earlier this year showed how tapping the EC2 service allowed him to crack Wi-Fi passwords in a fraction of the time and for a fraction of the cost of using his own computing gear. For about $1.68, he used special “Cluster GPU Instances” of the Amazon cloud to carry out brute-force cracks that allowed him to access a WPA-PSK protected network in about 20 minutes.

And in late 2009, a ZeuS-based banking trojan used the popular Amazon service as a command and control channel that issued software updates and malicious instructions to PCs that were infected by the malware.

More information can be found here (full Bloomberg article)

UP4B offers a wide range of process and network analysis to make sure that your network is protected against what is really important for your business: information leak, network protection (penetration testing,…), network availability and more.

Feel free to contact us for more information on our IT Security services and get your company IT Sec ready.

Anonymous attack not so anonymous

Posted by spaquet on February 18, 2011  |   Comments Off

An attack by Anonymous on security firm HBGary used a combination of software vulnerabilities and social engineering to pull off a highly sophisticated hack, it has emerged.

A brute force dictionary-based attack on these passwords allowed the miscreants to work out the login credentials used by HBGary Federal employees, including chief exec Aaron Barr and COO Ted Vera. Barr and Vera made the mistake of using the same passwords for their Twitter and LinkedIn accounts.

Crucially the same password was also used to administer a corporate email account, a failing seized upon by Anonymous to extract a cache of corporate emails which were subsequently posted as a torrent, exposing confidential emails. The emails, in turn, revealed who had access to the rootkit.com research site maintained by HBGary, and the probable root access password of the machine hosting the site. [see our article on password reuse here]

A detailed analysis of the hack can be found here.

UP4B offers a wide range of process and network analysis to make sure that your network is protected against what is really important for your business: information leak, network protection (penetration testing,…), network availability and more.

Feel free to contact us for more information on our IT Security services and get your company IT Sec ready.

This is the end…

Posted by spaquet on February 18, 2011  |   Comments Off

The future of Java looks pretty gloomy: removed from next version of OS X, overpassed by PHP and Rails on the Web and it is appearing as a vector for viruses and other hacks on safe thought systems such as Linux and OS X…

This fact is illustrated by Oracle fixes of this week where 21 security vulnerabilities were patched; 19 of which allow attackers to remotely install malicious software on end-user machines.

UP4B offers a wide range of process and network analysis to make sure that your network is protected against what is really important for your business: information leak, network protection (penetration testing,…), network availability and more.

Feel free to contact us for more information on our IT Security services and get your company IT Sec ready.

Passwords from locked iPhones and iPads?

Posted by spaquet on February 10, 2011  |   Comments Off

Researchers have devised a method for stealing passwords stored on locked iPhones and iPads that doesn’t require cracking of the device’s passcode.

The hack exploits cryptography in the iOS password management system – known as keychain – that uses a secret key that is completely independent of the device’s passcode. That saves attackers who manage to access the file system the hassle of deducing a key that’s based on a passphrase set up by the user.

The hack can reveal a wealth of sensitive codes, including those used for virtual private networks, Wi-Fi networks, LDAP accounts, voicemail systems and Microsoft Exchange accounts. And that’s likely to spook large business customers with employees that use the devices to connect to sensitive company systems.

How to retrieve iPhone and iPad passwords …

UP4B offers a wide range of process and network analysis to make sure that your network is protected against what is really important for your business: information leak, network protection (penetration testing,…), network availability and more.

Feel free to contact us for more information on our IT Security services and get your company IT Sec ready.