The whole APT – or “Advanced Persistent Threat” – meme has received a lot of attention in the media. This site and others have written about APT-style hacks, such as the recent compromise at The New York Times. But what does an APT hack look like? And what would it mean if you or your employer were in the crosshairs of an APT-type actor? The SANS Institute’s Securing The Human project has put together a nice training video that helps answer some of these questions, and to explain how APT-style attacks work. This is good stuff – explaining the difference between cyber crime and APT, and generic enough that any organization could use it as a training video. SANS says that it will produce one of these a month, and post them on the first of each month. My only criticism here is that, after they do a solid job describing […]
Social Networks
Friday Night Massacre: Twitter Hacked, Info on 250k Exposed
What better time to drop some really bad and embarrassing news than late on a Friday afternoon, as everyone is heading out the door? So it was with social media giant Twitter, which dropped a bombshell late Friday: revealing that it had been compromised in an “extremely sophisticated” attack that yielded the account credentials for around 250,000 users. A blog post by Twitter Security Team member Bob Lord on Friday said that the company has been investigating the breach all week long, after detecting unusual patterns of account access across its network. After stopping an attack that was in progress, the company’s investigation revealed that the attackers “may have had access to limited user information – usernames, email addresses, session tokens and encrypted/saltedversions of passwords – for approximately 250,000 users,” Lord wrote. Twitter did not discuss the circumstances of the breach, but reiterated guidance from the U.S. Department of Homeland Security for users to disable Java […]
School Shooters May Tip Their Hand In Facebook Rants
School shootings have occurred with sickening regularity in the United States in the last decade. The shootings happen in all types of communities, while the shooters come from all different backgrounds. But almost all of them have one thing in common: they used social media to vent their anger and, often, declare their murderous intentions ahead of time. An analysis of common trends in school shootings by the New Jersey Fusion Center said social media sites like Facebook are a common element in the majority of school shootings, with students who have conducted or planned attacks against their schools publicizing their anger and or intentions on sites like Facebook. The “Situational Awareness Report” (PDF) on “School Shooting Commonalities” is dated November 15, 2012, predating the horrific shooting at Sandy Hook Elementary School in Newtown, Connecticut that killed 26. In that case, the shooter, Adam Lanza, was described as a loner who spent hours […]
Does Your LinkedIn Profile Hold The Key To Your Password?
Say what you want about social media. The bare fact is that folks use it – more of them every day. In fact, social media sites like Facebook, Twitter and YouTube are growing – quickly – and have come to define our modern online experience. That said: the sites represent a huge security risk. Sites like Facebook, Twitter and Instagram are increasingly used as platforms to circulate scams and malicious links. A larger and more nebulous threat is posed by all the information that organizations and their workers are spilling online. It’s already common knowledge that hackers and other “bad guys” comb through worker profiles or LinkedIn, Facebook and other sites to help craft targeted attacks. But could your social networking profile provide more useful information – like your password? Independent security researcher Itzik Kotler thinks so. Kotler is the creator of Pythonect, a new, experimental dataflow programming language based […]
Citing Facebook, Mobile Devices, FTC Updates Online Protections for Kids
The U.S. Federal Trade Commission issued updated rules on Wednesday that will ban online advertisers from tracking the online behavior of children without explicit consent from their parents. In a press conference in Washington D.C, FTC Chairman Jon Leibowitz announced new guidelines for implementing the Children’s Online Privacy Protection Act (COPPA). Among other things, the changes expand the list of information that cannot be collected from children without parental consent to include photographs, videos and audio recordings of children and geo-location information. “Unless you get parental consent, you may not track children and use their information to build massive profiles of online behavior,” said FTC Chairman Leibowitz. The new rules are a major revision to the COPPA rule, which was first passed in 1998. The law is a kind of privacy Bill of Rights and applies to children 13 years old and younger. Speaking at a press conference on Wednesday afternoon, […]
