Category Archives: Security

Facebook Hacked.

Laptops belonging to Facebook employees were hacked as they were infected with malware. The attack took advantage of Java 0-day exploit.

Although Facebook says that no user data has been compromised, I wonder how good the company can protect the user’s data if they cant protect their own data. (laptop) ?

FB LOGO_ahitagni-dot-com

 

The company said it has reported the vulnerability to Oracle, which then patched the Java bug on Feb 1st.

Facebook made the following statement.

“Facebook Security has a team dedicated to tracking threats and monitoring our infrastructure for attacks at all times. In this particular instance, we flagged a suspicious domain in our corporate DNS logs and tracked it back to an employee laptop. Upon conducting a forensic examination of that laptop, we identified a malicious file, and then searched company-wide and flagged several other compromised employee laptops,” the company’s security team said in a blog post.

“After analyzing the compromised website where the attack originated, we found it was using a “zero-day” (previously unseen) exploit to bypass the Java sandbox (built-in protections) to install the malware. We immediately reported the exploit to Oracle, and they confirmed our findings and provided a patch on February 1, 2013, that addresses this vulnerability.”
The kind of attack that Facebook’s security team described is a very common scenario. Attackers regularly compromise legitimate Web sites, plant exploit code on them that targets a specific vulnerability or group of vulnerabilities and then wait for users to hit the site with vulnerable browsers. They often run these attacks with exploit kits such as Blackhole or Eleonore and typically use exploits for known vulnerabilities rather than zero days, which are much more valuable to attackers. Once a zero day is used and then discovered, as in the Facebook attack, it loses most of its value to attackers, so they tend to be selective in their use of them.
An exploit that is able to bypass the Java sandbox would be especially valuable to an attacker, given the huge installed base of Java. There have been several such exploits circulating in recent weeks, but it’s not clear which one Facebook security personnel discovered on their network.
Facebook officials were not specific about what other companies they believe were also victims of this attack, but said that once the company discovered the malware and traced it back to the originating domain, it began sharing data about the attack with other companies.
“Facebook was not alone in this attack. It is clear that others were attacked and infiltrated recently as well. As one of the first companies to discover this malware, we immediately took steps to start sharing details about the infiltration with the other companies and entities that were affected. We plan to continue collaborating on this incident through an informal working group and other means,”

Do leave your valuable comments, would love to know what do you think ? Do you really think Facebook can protect your data ?

Source: Facebook Security Page.

iOS 6.1 bug enables attacker to bypass Passcode Lock to access your phonebook.

If you have an iPhone I would ask you not to update to iOS 6.1 if you haven”t done it already. And if you have already updated it, the I would suggest don”t let your iPhone out of your sight as a new bug has been found that helps attacker to bypass the Passcode Lock and access your Contacts.

iphone5-black

Here is how to bypass the iPhone lock screen and access the Contacts on iOS 6.1

1. Lock device
2. Slide to unlock
3. Tap emergency call
4. Hold sleep button until the power down prompt shows. Click cancel, you will notice the status bar turn blue. Type in 911 casino online or your emergency number and click call then cancel it asap so the call dosen’t go through.
5. Lock your device with the sleep button then turn it on using the home button.
6. Slide to unlock then hold the sleep button and in 3 seconds tap emergency call. This will spazz out the phone and cause it to open.

[Make sure to continuously hold the sleep button until you are done looking in the phone]

 

 Update 1:

This bug only works with “simple passcode” option is enabled. It does not work if you disable “simple passcode” option. Thanx to  @andrewbway for sharing this info

TV channel got hacked, broadcast zombie apocalypse emergency alert.

TV channel got hacked and the hacker broadcasted a fake zombie apocalypse emergency alert. Public TV 13 and CBS affiliate KRTV in Montana suffered from this hack.

The official website posted on the site stating that the emergency broadcast was indeed fake.

online casino alt=”Screen Shot 2013-02-13 at 8.39.27 PM” src=”http://www.ahitagni.com/wp-content/uploads/2013/02/Screen-Shot-2013-02-13-at-8.39.27-PM.png” width=”1389″ height=”842″ />

Video of the fake broadcast.

http://www.youtube.com/watch?v=c7pNAhENBV4

This incident reminds me of a sequence from the movie Die Hard 4.0 🙂

VMWare Security hole, patch released, download it today.

VMWare has released a security patch for their virtual machine software.  The company said the following in their website

VMware ESX, Workstation, Fusion, and View address a vulnerability in the VMCI.SYS driver which could result in a privilege escalation on Windows-based hosts and on Windows-based Guest Operating Systems.

 

vmsa-2013-0002-4861

To quote further from VMSA-2013-0002:

VMware ESX, Workstation, Fusion, and View online casino contain a vulnerability in the handling of control code in VMCI.SYS. A local malicious user may exploit this vulnerability to manipulate the memory allocation through the Virtual Machine Communication Interface (VMCI) code. This could result in a privilege escalation on Windows-based hosts and on Windows-based Guest Operating Systems.

 

Screen Shot 2013-02-12 at 10.46.51 PM

 

To know more and download the patch, click on the source link.

Source: VMSA-2013-0002

Gmail warns journalists of Myanmar about State funded hacking.

Apparently there is an on going hacking spree by Government funded hacking groups, in Myanmar, on the journalist email accounts as per Gmail”s warning. Recently Gmail showed a message when journalist loggin on their Gmail account. (pic below)

Gmail Warning

 

I would say I am very impressed by this action Google, while some of big organisations play with users data, and dont care much about security and privacy of the user, Google on other hand warned about a possible hack on the users account even casino online thought it was done by Government.

To read more click the source link. And do leave your comments on what do you think about State funded hacking, what”s your view on Government looking into your data without an warrant ?

 

Image Courtesy and Source: Google Online Security Blog.

 

Former US President Bush's family photos and emails exposed by Hackers.

Hacked Emails includes the AOL account of his daughter Dorothy Bush Koch; family friends Willard Hemingway and Jim Nantz; former First Lady Barbara Bush”s brother; and George H W Bush”s sister-in-law.

emailheaderinside

 

 

The hacker also intercepted photos that George online casino W. Bush e-mailed two months ago to his sister showing paintings that he was working on, including self-portraits of him showering and in a bathtub.

original

 

To read more about the incident, click the source link.

Source: the smoking gun.

Android malware that installs malware on computer.

Recently Kaspersky has found an Android malware that not only infects the phone but also infects Windows computers when the user connects the infected Android phone to a computer. The two apps named SuperCleaner and DroidCleaner which says that it cleans uup and frees memory and helps the phone to run faster actually is a malware.

android malware

When the user runs the application it shows the list of processes running and restarts them, but here is when the malicious activity starts.

android malware in action

 

It downloads three files to the Android phone

autorun.inf,
folder.ico,
svchosts.exe.

So when 68 del 23 marzo 2010, “Disciplina dei giochi di abilita nonche dei giochi di sorte a quota fissa e dei giochi di carte organizzati in forma diversa dal torneo con partecipazione a distanza”. the user connects the phone to the computer the svchosts.exe automatically tries to execute. The file is actually Backdoor.MSIL.Ssucl.a. That records audio from the microphone and uploads it to the cyber criminal”s server after encrypting them.

And on the phone it causes a lot of malicious activities too, like

  1. Sending SMS messages
  2. Enabling Wi-Fi
  3. Gathering information about the device
  4. Opening arbitrary links in a browser
  5. Uploading the SD card’s entire contents
  6. Uploading an arbitrary file (or folder) to the master’s server
  7. Uploading all SMS messages
  8. Deleting all SMS messages
  9. Uploading all the contacts/photos/coordinates from the device to the master”s server.

Twitter got hacked.250,000 credentials compromised.

Earlier this week Twitter was hacked and the  hacker stole 250,000 credentials before they could be stopped. If you wonder if you were effected by the hack then check your email inbox associated with your Twitter account. As Twitter has sent password reset email to all the affected users.

new-twitter-logo_ahitagni-dot-com

The Twitter did not specify how the hack occurred but they mentioned he mentioned vulnerabilities related to Java in Apple’s Safari Web browser and Mozilla’s Firefox browser, and noted an advisory from the U.S. Department of Homeland Security that users disable Java on their computers.

Twitter further said

“This attack was not the work of amateurs, and we do not believe it was an isolated incident. The attackers were extremely sophisticated, and we believe other companies and organizations have also been recently similarly attacked. For that reason we felt that it was important to publicize this attack while we still gather information, and we are helping government and federal law enforcement in their effort to find and prosecute these attackers to make the Internet safer for all users.

To know more about the incident click on the source link.

Source : Twitter Blog

Happy 31st Birthday to Computer Virus.

Elk Cloner

31 years ago the first computer virus was created today. It was a 400 lines of code on an Apple II machine, yes you read it correct Apple not Windows (or MS-DOS). The first virus for PC (personal computer) was on an Apple computer, in the year 1982. It was written by a then 15 year old kid Richard Skrenta on 1981 as a prank on his friends. The name of the virus was “Elk Cloner”

Richard Skrenta
Richard Skrenta with his Apple II computer.

So what did the first virus do to the computers? The virus was basically harmless, it did not delete or corrupt your data, nor did it steal your credentials. What it did was that on ever 50th boot of the computer it would show a message.

“Elk Cloner: The program with a personality

 

It will get on all your disks

It will infiltrate your chips

Yes, it’s Cloner!

 

It will stick to you like glue

It will modify RAM too

 

Send in the Cloner!

Note the first ever computer for MS-DOS machine came on January 1986, named Brain.

Americans are being kept in the dark about how and why they are being followed by the FBI.

Americans are being kept in the dark about how and why they are being followed by the nation”s security agency,FBI.Recently a civil liberties group in the U.S asked the online slots FBI to spell out what techniques it”s using when it tracks citizens. Here in a news video from online casino RT news channel you will see that, news reader Gayane Chichakyan explains, the reply raised more questions than answers.

GPS_Tracking

Source: RT news channel.