Saturday, June 18, 2011

The Government's Gadget Habit

"The Federal procurement database reveals millions of dollars are being spent on gadgets. Over the past 10 years, the US government has spent $117 million on BlackBerries (including service plans), almost $18 million on iOS devices, about $1 million on PS3s, over $500k on Xboxes, and somehow, $12k on Zunes." - SlashDot

Friday, June 17, 2011

Is This the Golden Age of Hacking?

"With a seemingly continuous wave of attacks hitting the public and commercial sectors, there has never been a more prodigious period for hackers, argues PC Pro. What has led to the sudden hacking boom? Ease of access to tools has also led to an explosion in the numbers of people actively looking for companies with weakened defenses, according to security experts. Meanwhile, the recession has left thousands of highly skilled IT staff out of work and desperate for money, while simultaneously crimping companies' IT security budgets. The pressure to get systems up and running as quickly as possible also means that networks aren't locked down as tightly as they should be, which can leave back doors open for hackers." - SlashDot

Friday, June 3, 2011

LulzSec reveals massive Sony security breach

LulzSec hacks Sony Pictures, reveals 1m passwords unguarded HTML clipboard

Sony was embarrassed again on Thursday after Lulz Security posted that it had successfully hacked Sony Pictures' website. It lived up to its earlier promise and used a basic SQL injection attack to expose one million users' personal data, 3.5 million digital coupons and 75,000 music codes. The hacking team found that the information had few defenses and that none of the data, even including passwords, were stored in clear text.

http://cache.gawkerassets.com/assets/images/7/2011/06/medium_lulzsec.jpg

Not all of the information could be taken due to resources and time, LulzSec said. As evidence, though, it posted a selection of what it had as evidence, including databases for related sites like AutoTrader, the coupons and codes, and the plain login information for some of the database. Administrator data was compromised both at the US site as well as from Belgium and the Netherlands.

LulzSec, which doesn't pursue hacks for commercial gain, cast itself as doing both Sony and the public as a favor. The move would push Sony to lock down its security more thoroughly across its sites. For end users, it was a warning as to how easily compromised Sony's sites were even after the PSN hack and several follow-ups from different sources.

"From a single injection, we accessed EVERYTHING," the team said. "Why do you put such faith in a company that allows itself to become open to these simple attacks?"

Sony hadn't responded to the breach as of Thursday but was ironically due to testify at a Congress hearing the same day on its security practices