Hacks & Hackers

Code Spaces Probably A ‘Target of Opportunity’

The spectacular collapse this week of Code Spaces, a cloud-based code repository, may have been the result of a an unspectacular “opportunistic” hack, rather than a targeted operation, according to one cloud security expert. The sudden demise of the online application repository has sent shock waves through the tech industry, laying bare what some say are lax practices among many cloud-based application and infrastructure providers. But the attack itself was almost certainly the result of a larger, indiscriminate cyber criminal campaign, said Jeff Schilling, the Chief Security Officer of Firehost, a Texas-based secure cloud provider. “This is something we pretty frequently: companies get held ransom with a DDoS attack, and if that doesn’t work, (the attackers) will resort to doing other things,” Schilling told The Security Ledger. But Code Spaces almost certainly wasn’t the only company the extortionists worked on, Schilling said. Instead, the company was likely caught up in a wide net […]

Continue Reading

The Week in Data Breach: Pizza And Chinese Food

The news over the weekend was about more data breaches affecting chain restaurants. First, there are reports that the pizza chain Domino’s appears to have been hacked. The news came by way of an online post on Friday by a group claiming to have compromised servers used by Domino’s to store data on customers in France and Belgium. (Cached version of the announcement can be viewed here.) The group claims to have made off with information including the user name and password for 592,000 French customers and over 58,000 records from Belgian customers. It has asked Domino’s for payment of €30,000 in exchange for the data. The company has acknowledged the attack, but claims no customer financial data was stolen. In other news, the Chinese restaurant chain PF Chang’s acknowledged on Thursday that it was, indeed, the victim of a successful cyber attack that a breach last week that resulted […]

Continue Reading

Wired Imagines Our Dystopian Connected Home Future

Over at Wired.com, the ever-provocative Matt Honan has a great little thought exercise on the “nightmare” that could come from connected home technology gone wrong. His piece, The Nightmare on Connected Home Street, is a first person narrative of a man who wakes up to discover he’s transformed into a cockroach  inhabiting a virus infected home. “Technically it’s malware. But there’s no patch yet, and pretty much everyone’s got it. Homes up and down the block are lit up, even at this early hour. Thankfully this one is fairly benign. It sets off the alarm with music I blacklisted decades ago on Pandora. It takes a picture of me as I get out of the shower every morning and uploads it to Facebook. No big deal.” The story goes on to chronicle some of the other dystopian features of connected home malware – the hacked “Dropcam Total Home Immersion” account that […]

Continue Reading

UEFI: Security, BIOS and the Internet of Things

One of the notable trends in recent years has been the drive, among malicious actors, to compromise devices in new- and hard-to-detect ways. An area of interest and exploration is malicious software that can attack a computer’s BIOS – the small bit of code that runs when a computing device is first powered on. BIOS malware is so powerful because it offers adversaries the possibility of getting a foothold on systems prior to an operating system and the security features- and applications that run there. Successful BIOS attacks give attackers almost total control over the system they are installed on. BIOS malware isn’t a new idea. In fact, it has been around since the late 1990s, when the Chernobyl Virus was identified. That virus could wipe a machine’s BIOS, a well as the contents of its hard drive. But BIOS threats have been getting more attention lately. Proof of concept malware appeared as recently […]

Continue Reading

IPMI Insecurity Affects 200k Systems

It has been almost a year since security researcher Dan Farmer first warned of the danger posed by Intelligent Platform Management Interface (IPMI) – a ubiquitous protocol used to do remote management of servers. According to a new report, however, that warning went unheeded. Writing last week (PDF), Farmer said that a world-wide scan for systems using the Intelligent Platform Management Interface (IPMI) protocol identified over 230,000 Baseboard Management Controllers (BMCs) exposed to the Internet. As many as 90% of the exposed systems could be compromised by exploiting what Farmer characterized as “basic configuration and protocol weaknesses.” Even more worrying, the 230,000 systems that are Internet accessible are probably just a fraction of all the vulnerable systems that might be attacked, with many deployed on (hackable) corporate and private networks. Farmer is reiterating calls for public and private sector organizations to wake up to the dangers posed by IPMI. Hackers who are able to compromise Baseboard Management […]

Continue Reading
1 67 68 69 70 71 99