Sony Pictures’ network is compromised & reports claim employes are locked out, data is being held for ransom, Twitter & Google accounts compromised & that’s just the beginning.

Plus the DOJ claims iMessage will kill kids & our Kickstarter of the week!

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

Hackers shut down Sony Pictures’ computers and are blackmailing the studio | The Verge

Since this afternoon, computers at the company have been completely unresponsive, showing a glowering CGI skeleton, a series of URL addresses, and a threatening message from a hacker group that identifies itself as #GOP. Dozens of Sony Twitter accounts were also commandeered to tweet out similar messages, although Sony seems to have regained control of those accounts. Early reports from Sony employees suggest the studio has yet to regain computer access.

The ZIP files mentioned in the images contain a list of filenames of a number of documents pertaining to financial records along with private keys for access to servers. The message shown on computers mentions “demands” that must be met by November 24th at 11:00PM GMT or the files named will be released.

A source within Sony has anonymously confirmed to TNW that the hack and image that have appeared on computers inside Sony Pictures is real. They said that “a single server was compromised and the attack was spread from there.”

In the meantime, the compromise seems to have brought day-to-day work at the studio to a crashing halt. Employees are reportedly unable to send email, use their computers, or even answer phones. As one employee told Deadline, “We are down, completely paralyzed.” In the official statement, Sony used more measure language: “We are investigating an IT matter.”

• I used to work for Sony Pictures. My friend still works there and sent me this. It’s on every computer all over Sony Pictures nationwide. : hacking

Updated: Hackers replace Sony’s backup app on Google Play — Tech News and Analysis

Sony’s Backup & Restore tool is a pretty straightforward app. It can back up device settings and data to a MicroSD card. It’s pre-installed on a lot of Sony phones, including the new Xperia Z3. But the version on Google Play for several hours on Monday said it was managed by “Nirak Patel Kanudo” and its reviews were terrible. The app description also included several typos.

iMessage encryption will kill kids, DOJ warns | Cult of Mac

The U.S. Department of Justice has issued a chilling warning to Apple executives as a response to increased privacy protections added to iOS 8: Children might die because we can’t hack into bad guys’ iMessages.

Deputy Attorney General James Cole met with Apple executives last month, reports the Wall Street Journal, to discuss privacy issues, but after making the ridiculous claim that the blood of dead children will be on Apple’s hands if it doesn’t give the NSA access to iMessages, the talks have ended in a standoff.

“The No. 2 official at the Justice Department delivered a blunt message last month to Apple Inc. executives: New encryption technology that renders locked iPhones impervious to law enforcement would lead to tragedy. A child would die, he said, because police wouldn’t be able to scour a suspect’s phone, according to people who attended the meeting.”

KICKSTARTER OF THE WEEK: 6thfinger: Keep games or apps active without human touch by Danny & Wayne — Kickstarter

The post Patch your Sony | Tech Talk Today 97 first appeared on Jupiter Broadcasting.

You won’t believe how terrifying simple it is to control traffic lights and cameras, Cisco gets the boot and the hospital hack enabled by Heartbleed, plus a great batch of your emails, our answers and much, more!

Thanks to:

Become a supporter on Patreon:

— Show Notes: —

Researchers find startling lack of security in traffic management systems

• Researchers started investigating the traffic management system (that controls the traffic lights at intersections) in an unnamed city in Michigan
• They found that the system uses IP traffic transmitted over two different wireless protocols, a 5.8ghz line-of-sight protocol (turns out to be very similar to 802.11n) and an over-the-horizon 900mhz protocol
• Traffic over the wireless links is unencrypted, and has no authentication
• While it would have been possible to reverse engineer the custom wireless protocols, to save time the researchers managed to get ahold of one of the radios used by the system instead
• They found that the management system uses VxWorks 5.5, a proprietary RTOS for embedded devices from the 90s
• VxWorks is usually built from source so it can be customized. The vendor, as many do, left the debugging options enabled, this includes an open TCP port that can be used to read and write memory locations, kill running tasks, restart the OS and more
• By using this debugging feature, and capturing network traffic, the researchers were able to reverse engineer the protocol that the controller used to communicate with the traffic signals
• Each command is essentially the same with only the last bit or two being different
• There is no encryption, so anyone can see the commands being sent
• There is no authentication, so the devices will accept commands from anyone, not just the controller
• There are no firewalls, so a malactor on the network can completely take over
• An attacker can trip the failsafe mode, where the traffic lights revert to flashing red in every direction and have to be physically reset by a technician
• An attacker could before a type of denial of service attack, by tripping the traffic lights into this mode at random, and faster than crews could repair the lights
• The biggest problem is the 5.8ghz network, since most all laptops and mobile devices have a radio capable of communicating on that band built in. Someone will undoubtedly take the time to reverse engineer the radio protocol and gain access to the network
• Both the 5.8ghz network (WPA2) and the 900mhz network (WEP or WPA) support encryption, but it is not used
• The traffic management system supports username and password authentication, but the default credentials are used
• The paper was presented at USENIX: WOOT (Workshop on Offensive Technologies)
• PDF: Green Lights Forever: Analyzing the Security of Traffic Infrastructure
• The researchers point out an alarming quote they got from the vendor that sells the traffic management system: The vendor “has followed the accepted industry standard and it is that standard which does not include security.”

Secret Language, or Unlikely Bug?

• “Imagine discovering a secret language spoken only online by a knowledgeable and learned few”
• A researcher who wishes to be identified only as “Kraeh3n” was proofreading a document for a colleague
• The opening part of the document had standard lorem ipsum filler text
• Then the document was pasted into Google Translate, it was auto-detected as latin, and the translation to english was startling, key words included China, NATO, Internet, Business and “the Company” (a euphemism for the CIA)
• Kraeh3n immediately shared the revelation with Michael Shoukry, a researcher as FireEye
• This was later shared with Lance James, head of Cyber Intelligence at Deloitte, who then shared it with Brian Krebs
• Brian’s blog contains a number of screenshots showing different translations
• While Google Translate uses machine learning, and could be tricked by brute force into creating false translations like this, the fact that capitalization affects the translation suggests something more may be at work here
• Brian Krebs then started adding other latin words, specifically from a work by Cicero that spawned Lorem Ipsum in the first place
• Now he had “Russia may be suffering” and “The main focus of China”
• “Translate [is] designed to be able to evolve and to learn from crowd-sourced input to reflect adaptations in language use over time,” Kraeh3n said. “Someone out there learned to game that ability and use an obscure piece of text no one in their right mind would ever type in to create totally random alternate meanings that could, potentially, be used to transmit messages covertly.”
• However, not all of it makes that much sense, none of the translations constructed full sentences
• Sadly, around midnight on August 16th, Google Translate abruptly stopped translating the word “lorem” into anything.
• Google Translate still produces amusing and peculiar results when translating Latin to English in general.
• “A spokesman for Google said the change was made to fix a bug with the Translate algorithm (aligning ‘lorem ipsum’ Latin boilerplate with unrelated English text) rather than a security vulnerability”
• Inside Google Translate
• It is also possible that all of these keywords just came from recent news articles Google had been translating, as much of the current news is about China and the Internet, and Russia and NATO

Computers of Nuclear Regulatory Commission hacked 3 times in 3 years

• According to an inspector general report, two different foreign nationals, and one unidentified individual, have compromised the computer systems of the NRC over the course of last 3 years
• One of the attacks was a phishing attempt, sent from a compromised computer inside the NRC to 215 NRC employees asking them to verify their username and password
• A dozen NRC employees fell for the scam, and delivered their login credentials to a google spreadsheet
• The IG’s office was able to track the google account and found out it belonged to a foreigner
• In another spear phishing attack, emails were sent from outside to specific employees linking them to malware hosted on Microsoft skydrive, that would take over their machine
• “In another case, intruders broke into the personal email account of an NRC employee and sent malware to 16 other personnel in the employee’s contact list. A PDF attachment in the email contained a JavaScript security vulnerability. One of the employees who received the message became infected by opening the attachment”
• Despite the sensationalism of the headline, it does not appear that any type of APT (Advanced Persistent Threat) was detected, but these techniques are how an attacker gets a foothold in the network to set up such an attack
• Infographic: 70% of the worlds critical utilities have been breached

Feedback:

• How do you know for sure the country of origin of hackers?

• Websites that email your password to you in plaintext

• co-lo with lots of IPs.

• Question

• Server Watchdog?

Round-Up:

• Community Health hospitals hacked; 4.5M patient records stolen – because of heartbleed – Health records usually worth between $50 and $250 each, more than credit cards
• Krebs: How secure is your security badge?
• UPS says 51 stores infected with credit card stealing malware
• Hardened, tuned, reliable operating system still important in the world of containerization
• Microsoft Supports Scam Artists By Not Pulling Bogus Apps For Two Years
• Krebs: Why are there so many credit card breaches?
• New Research Blames iMessage for 30% of Mobile Spam Messages
• Inventor appologizes for creating popup ads
• Why does my Cisco switch keep resetting? Because you plugged a cable into it
• The “Chinese Menu” of what the GCHQ can do to your computer

The post Heartbleed Hospital | TechSNAP 176 first appeared on Jupiter Broadcasting.

A company known for backup shuts down after their AWS account gets hacked, the Hedge fund thats under attack, how far you can get with a little cab data…

Your questions, our answers, and much, much more!

Thanks to:

— Show Notes: —

Company shuts down after their AWS account compromised, all customer data deleted

• Code Spaces, a source code hosting and backup service has ceased doing business
• On June 17th the company came under a DDoS attack, which is apparently business as normal for them
• Later, they found messages in their Amazon Web Services portal, urging them to contact a hotmail address
• When contacted, the attacker demanded a large ransom
• When Code Spaces attempted to change their passwords in the AWS control panel, additional administrator accounts added by the attacker were used to delete all EC2 virtual machines, S3 stores and EBS volumes in the account before all accessed could be revoked
• The most embarrassing part of the situation is the text on the original Code Spaces website:
  “Backing up data is one thing, but it is meaningless without a recovery plan, not only that [but also] a recovery plan—and one that is well-practiced and proven to work time and time again,” “Code Spaces has a full recovery plan that has been proven to work and is, in fact, practiced.”
• It is not clear what the Code Spaces backup strategy was, but it seemed to involve the same Amazon account
• In general, the idea with an “offsite” backup is to separate it from a failure of the primary. If you keep the backups for your database beside the database server and your office burns down, what good are the backups
• What if Amazon suffered a catastrophic data loss? or what if your account is compromised?
• The backups should have at least been in a different Amazon account that was very strictly controlled, or better yet, stored in some other service
• It is still unclear how the account was compromised, but it seems likely that Code Spaces was not making use of the Amazon’s Multi-Factor Authentication service, which offers either a mobile phone app, or two different types of hardware authenticators (key fob and credit-card style)

Poorly anonymized NYC Taxi data, de-anonymized

• Under an Open Data initiative, the New York City Taxi & Limousine Commission released the anonymized GPS logs of all taxi trips in 2013 (173 million trips)
• Chris Whong got a hold of this data and did some interesting stuff with it
• When he was done with it, he posted the data for everyone
• Developer Vijay Pandurangan took a look at the data and noticed that the medallion and hack numbers appeared to simply be MD5 hashes
• In particular, the driver with ID# CFCD208495D565EF66E7DFF9F98764DA appeared to have an impossibly large number of trips
• Turns out, that is the MD5 hash of “0”, cases where the data was unavailable
• Realizing that the data was only anonymized using MD5, and knowing the structure of a drivers license # (5-7 characters, with specific characters being numbers or letters), he was able to brute force all 24 million combinations in only 2 minutes using a single CPU
• Once this was done, he had the original un-anonymized data
• Using other websites, it is possible to link the medallion and hack numbers to the owners names
• Original Post
• Additional Coverage – Ars Technica
• To prevent this, there are a number of approaches, the fastest but weakest is a ‘secret key’. Instead of md5(hack#) just do md5(SUPERLONGSECRETKEYhack#), as long as the attacker doesn’t know the secret key, and it is long enough to make guessing it impractical, the data would remain anonymized
• Another option is to use the md5 hash of the encrypted form of the value. However this eventually just relies on a secret key as well. However, if the data never needs to be anonymized, a very strong key can be used, and that key can then be destroyed, making decryption impossible.

Hackers attack hedge fund for monetary gain

• BAE systems, a British defense contractor that also specializes in cyber security, was called in to investigate after computers at a hedge fund were hacked
• The attackers somehow infiltrated the HFT (High Frequency Trading) system, and injected delays of several hundred microseconds into the order entry system
• This causes the Hedge Fund to miss out on profits it could have made on the trades
• It is suspected, that the attackers capitalized on this to make those profits themselves
• “Hedge funds “really have inadequate cybersecurity as a whole” and the attacks threaten to undermine the systems used globally for high-speed trading, said Tom Kellerman, chief cyber security officer for Trend Micro Inc. ”

Feedback:

• Docker flaw

• RE: Docker containers and “secure root” in a container 0

• Mirror SSD with HDD?

• SnapRAID

Round Up:

• Massachusetts high court orders suspect to decrypt his computers
• Department of Justice Canada IT department runs moch phishing campaign against staff, 37% take the bait in December, rates cut in half in April re-test after awareness campaign and additional training
• Security Industry is failing to fix underlying dangers – applications need to be securely written, rather than have security bolted on
• Huawei (Chinese router manufacturer) has some very strict password complexity requirements
• Company wins law suite with bank to recover funds stolen by hackers. 3.5 million was stolen from the company account in 2011 when it was taken over by hackers. The bank managed to claw back all but $299,000 of it, and the company sued the bank for the remaining balance and won $350,000
• Cisco open sources FNR cipher, designed to very quickly encrypt IP addresses to anonymize log data
• World Cup Security Team Accidentally Shares Its Awful Wi-Fi Password
• “Yo” mobile app hacked by 3 Georgia Tech students, founder hires one of the hackers
• LastPass CEO: The Truth About Your Password Security

The post Restores are Everything | TechSNAP 168 first appeared on Jupiter Broadcasting.

That Adobe breach we told you about? It’s about 10x worse than originally reported, we’ll share the details.

Plus PHP.net gets compromised, howto future proof your storage, and much much more!

On this week’s TechSNAP!

Thanks to:

Adobe breach worse than originally thought, number of impacted customers now atleast 38 million

• Adobe is continuing its flurry of password resets, which now extend to more than 38 million customers
• Adobe has also revised its original list of applications for which the source code was leaked to include the entire photoshop family of programs
• “This past weekend, AnonNews.org posted a huge file called “users.tar.gz” that appears to include more than 150 million username and hashed password pairs taken from Adobe” – This number apparently includes inactive and test accounts, the 38 million number mentioned earlier are those considered ‘Active’
• A company spokesperson said Adobe has no indication that there has been any unauthorized activity on any Adobe ID involved in the incident
• As part of its resolution of the breach, Adobe is offering customers a years worth of free credit monitoring… from Experian (See last weeks story about how Experian was caught selling personal data to identity thieves)
• Additional Coverage

PHP.net compromised, serves malware and is blocked by Google Safe Browsing

• On 24 Oct 2013 06:15:39 +0000 Google started saying www.php.net was hosting malware. The Google Webmaster Tools were initially quite delayed in showing the reason why and when they did it looked a lot like a false positive because we had some minified/obfuscated javascript being dynamically injected into userprefs.js.
• To summarise, the situation right now is that:
• JavaScript malware was served to a small percentage of php.net users from the 22nd to the 24th of October 2013.
• Neither the source tarball downloads nor the Git repository were modified or compromised.
• Two php.net servers were compromised, and have been removed from service. All services have been migrated to new, secure servers.
• SSL access to php.net Web sites is temporarily unavailable until a new SSL certificate is issued and installed on the servers that need it.
• Over the next few days: php.net users will have their passwords reset. Note that users of PHP are unaffected by this: this is solely for people committing code to projects hosted on svn.php.net or git.php.net.
• As part of this, the php.net systems team have audited every server operated by php.net, and have found that two servers were compromised: the server which hosted the www.php.net, static.php.net and git.php.net domains, and was previously suspected based on the JavaScript malware, and the server hosting bugs.php.net.
• All affected services have been migrated off those servers. We have verified that our Git repository was not compromised, and it remains in read only mode as services are brought back up in full.
• As it\’s possible that the attackers may have accessed the private key of the php.net SSL certificate, we have revoked it immediately.

Researchers at Vicarious software claim to be able to defeat 90% of Captchas

• “Vicarious is developing machine learning software based on the computational principles of the human brain. Our first technology is a visual perception system that interprets the contents of photographs and videos in a manner similar to humans.“
• The claim that using this technology, they can defeat 0% of common anti-bot technology used to defect websites from automated usage
• While no paper or code has been shared, they provide a demonstration video that appears fairly compelling
• If their claim is true, this could be a huge setback for the internet
• Captchas are often used to prevent automated signups for services, to defend login systems from brute force attempts, and to moderate spam in online discussion and comment forums
• CAPTCHA creator Luis von Ahn of Carnegie Mellon University says “This is the 50th time somebody claims this. I don\’t really get how they think this is news :)”
• The writing from ScienceMag jumped on a skype call with the company and send them 4 sample captchas, a recaptcha and a paypal captcha were both solved, however another containing cyrillic characters was not (the company says they have not trained their system on non-latin characters yet), and one containing a checkerboard pattern was also not solved immediately.
• If this research got into the wrong hands, it could be used to defeat protection systems across the internet, flooding websites with spam, evading brute force protection systems and otherwise wreaking havoc

Feedback:

• ZFS Choices

  • iXsystems Amazon Store – buy a FreeNAS Mini and support JB at the same time

• freenas/zfs with raid many enclosures

• Software RAID vs LVM

Round Up:

• Announcing The Dark Mail Alliance – Founded by Silent Circle & Lavabit
• Keynote: Tradeoffs in Cyber Security – Cyber Security Symposium, University of North Carolina
• NSA infiltrates links to Yahoo, Google data centers worldwide, Snowden documents say
• ShellCheck – a “Static” analyzer for shell script, finds many common flaws and mistakes
• How the NSA is infiltrating private networks
• Researcher exposes issues with online music charts like Spotify, how to make money with fake music + amazon EC2 instances, and how to get your rival’s account suspended
• Why you shouldn’t interupt a programmer
• FAA develops new guidelines for the use of Personal Electronic Devices during all phases of flight – Airlines must test each airframe and pass a safety approval process
• Bluecoat security blog Roundup of recent news
• HP sues seven optical drive manufacturers over alleged price fixing
• De-anonymizing users of french political forums
• Cyber Dialog 2013 – Canada Centre for Global Security Studies, University of Toronto
• Doing Strong Cryptography in the Browser

The post TrekSNAP | TechSNAP 134 first appeared on Jupiter Broadcasting.

A huge amount of SIM cards are susceptible to an Over the Air attack, Allan’s got the details, Apple’s hacker outs himself, and the trouble with the Ubuntu forums!

Plus a batch of your questions, and much much more!

Thanks to:

GoDaddy.com Use our code tech249 to score .COM for $2.49! Get private registration FOR FREE with a .COM! code: free5
Ting.com Visit techsnap.ting.com to save $25 off your device or service credits.

Security Researcher Claims Apple Developer Website Hack

• Apple\’s Developer Center first went offline last Thursday, and on Sunday, Apple revealed that it had been taken down as a precaution after a security breach. It is unclear who was responsible for the hacking, but a security researcher, Ibrahim Balic has suggested that he might be to blame for the outage.
• The company added that critical developer data had not been compromised and that they were working day n’ night to fix the vulnerability and bring the site back online.
• According to 9 to 5 Mac adds that, “In an email… Balic … is persistent in stating he did this for security research purposes and does not plan to use the information in any malicious manner.”
• The comment comes from independent security researcher Ibrahim Balic, who claims that his effort was not intended to be malicious and that he reported his findings to Apple just hours before the developer site was taken down by the company.
• Balic, who has reported 13 different bugs to Apple, originally discovered an iAd Workbench vulnerability on June 18 that allowed a request sent to the server to be manipulated. This security hole could be used to acquire the names and email addresses of iTunes users (even non-developers).
• After finding the loophole, Balic wrote a Python script to harvest data from the vulnerability and then displayed it in a YouTube video, which may have put him on Apple\’s radar.
• In addition to the iAd Workbench bug, Balic also discovered and submitted a report on a bug that caused the Dev Center site to be vulnerable to a stored XSS attack. While Balic says that it was possible to access user data by exploiting the Dev Center issue, he claims that he did not do so.
• New Details Emerge on Security Researcher Potentially Responsible for Dev Center Outage s
• Apple Outlines Plan for Bringing Developer Center Back Online
  Additional Coverage

Ubuntu Forums compromised

• The forums were defaced and the database compromised
• There were approximately 1.82 million registered accounts in the forum database
• Attackers have access to each of these user\’s username, password and email address
• The passwords were salted hashes, but by which algorithm was not made clear. Where these cryptographic hashes, or just md5(salt+md5(password)) or similar like some forum software?
• If you were a registered user, and reused that password anywhere else, you are likely going to have a bad time
• “Ubuntu One, Launchpad and other Ubuntu/Canonical services are NOT affected by the breach”
• Timeline:
• 2013-07-20 2011 UTC: Reports of defacement
• 2013-07-20 2015 UTC: Site taken down, this splash page put in place while investigation continues.
• 2013-07-21: we believe the root cause of the breach has been identified. We are currently reinstalling the forums software from scratch. No data (posts, private messages etc.) will be lost as part of this process.
• 2013-07-22: work on reinstalling the forums continues.

Feedback:

TechSNAP Bitmessage: BM-GuGEaEtsqQjqgHRAfag5FW33Dy2KHUmZ

• Voicemail from OSCON
• 389 Directory Server (Open Source LDAP)

The enterprise-class Open Source LDAP server for Linux. It is hardened by real-world use, is full-featured, supports multi-master replication, and already handles many of the largest LDAP deployments in the world. The 389 Directory Server can be downloaded for free and set up in less than an hour using the graphical console.

• Too many VMs in One Place?

• An Excellent Chance to Talk about FreeBSD for Allan!

• PPA for PHP5 : Ondřej Surý

• How does one learn how to become a PenTester?

  • Metaspolitable
  • Backtrack view by example
• Linux Drive Recovery | LAS s27e10 | Jupiter Broadcasting

Round Up:

• Feds Demand the Keys, Preparing for the Death of Public-Key Encryption
• The UNIX Issue of the Bell System Technical Journal turns 35 Spotted by Poul-Henning Kamp @bsdphk
• UK MP leading the charge for default blocking porn, has website hacked and filled with porn, accuses random blogger who comments on it of being behind the attack #doesnotknowhowtheinternetworks
• MIT Uses Machine Learning Algorithm To Make TCP Twice As Fast
• NSA says it cannot search its own emails to fulfill FOIA requests
• US-CERT releases advisory about DNS Amplification attacks, includes configuration suggestions to prevent your servers from being part of an attack
• True tales of white-hat hacking

The post Ethically Hacked | TechSNAP 120 first appeared on Jupiter Broadcasting.

We’ve warned against it for nearly 100 episodes, this week we’ll share the fallout from NBC.com getting hacked, Bit9’s whitelist technology is use against them and their customers.

Plus the bad news for Java users, a batch of your questions, and some big surprises.

Thanks to:

GoDaddy.com Use our code hostdeal4 to score economy hosting for $1 a month, for one year. 35% off your ENTIRE order just use our code go35off4 until the end of the month!
Ting.com Visit techsnap.ting.com to save $25 off your device or service credits.

Support the Show:

   

Support the Show:

   

Support the Show: