Anonymous NATO

July 21, 2011

Anonymous is at it again, this time exfiltrating a gigabyte of protected data from NATO.

“Yes, #NATO was breached. And we have lots of restricted material,” the group tweeted on its AnonymousIRC Twitter feed, one of several it and another hacker group, AntiSec, use to release information and news about their activities.

German Incursion

July 20, 2011

According to a recent report, German federal law enforcement computer networks were compromised for nearly a year before the intrusion was noticed. The attackers, who call themselves the “No Name Crew”, used that time to gather tremendous amounts of privileged information on government and law enforcement operations.

Many companies are still using the “hard shell, chewy center” model of computer security – lock down the perimeter so that nobody can get through. As the French discovered with the Maginot Line, that’s not a valid means of defense. Any network of noticeable size has compromised machines on it; that’s just a fact of life these days. Do you have the internal controls in place to find and limit the access of these machines?


May 31, 2011

Lockheed Martin, the country’s largest defense contractor, has suffered a serious network attack. Their VPN architecture was exploited, likely using code from the RSA SecureID intrusion earlier this year.

This is probably the first of many. After all, people have looked at the multifactor authentication afforded by SecureID as the gold standard for years; if that’s cracked, we’re all in a lot of trouble.


May 6, 2011

There has apparently been a sizable data exfiltration at LastPass, an application service provider who stores passwords for user accounts. The data was of sufficient size that it probably includes hashed “master passwords”, which serve as the crypto keys to unlock the stored passwords on the service.

If you’re using LastPass, you may want to change your password. And you may also want to reconsider the wisdom of storing all of your passwords in a stranger’s datacenter.

Fallout in the Cloud

May 2, 2011

The recent Amazon cloud services outage has caused some consternation, especially among the customers who permanently lost data that they had entrusted to Amazon for safekeeping.

It is important to remember that one of the three pillars of information security is “availability”: that is, ensuring that your information environment is robust enough to survive catastrophic events and continue providing information resources to the people who need them. Clearly, simply handing over your business data to a third-party and then washing your hands of responsibility for it is not a valid practice.

Playstation Network Breach

April 27, 2011

Sony is not having a great week. Looks like some “external attacker” has made off with the mother lode of data from the subscription section of Playstation Network.

Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained. If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.

Seattle Wardriving

April 27, 2011

The police in Seattle have seized a black Mercedes thought to be used for large-scale “wardriving” data theft from area businesses. The owners were cruising around the city, looking for small businesses using vulnerable WEP encryption on their wireless networks, and then intercepting data for later use.

If your company has a wireless network, PLEASE be aware of the security implications of what you’re doing. Wireless isn’t like traditional Ethernet – the radio waves can travel right through the walls into the parking lot or other public space, and simple point-and-click eavesdropping tools make it easy for even a technical neophyte to gather data from a misconfigured network.

WordPress Breach

April 15, 2011

The popular blog hosting site WordPress has been compromised – some source code and other proprietary information appears to have been copied. Apparently the intruders were not aware that most of the source code for the project is freely available under an Open Source license.

SQL Injection Attack

April 1, 2011

Nearly four hundred thousand URLs have been compromised by a massive spree of SQL injection attacks. The affected sites are being used to redirect visitors to fake antivirus software and other malicious content.

Happy Friday.

Additional Comodo Breach

March 30, 2011

In the wake of last week’s compromise at Comodo, which was use to issue fraudulent certificates, two more breaches have been announced.

Certification Authorities, or CAs, are at the top of the trust hierarchy for SSL connections. They are the people that verify that a certificate claiming to be from is actually from Google. If a large CA is compromised, and certificates can be forged, the entire trust system built into SSL implementation begins to crumble. This is, to put it lightly, a Bad Thing.