How do you take some of the world’s largest online brands offline in a matter of minutes? If yesterday’s events are any guide, you do it by finding a gullible employee at vulnerable, downstream partner that those companies didn’t even know they had. That’s the lesson that appears to be emerging in the aftermath of yesterday’s chaotic tug of war between hackers who claim affiliation with The Syrian Electronic Army and some of the world’s leading online brands, including The New York Times, Twitter and Huffingtonpost.com. The attacks on Tuesday saw traffic to sites owned by those firms directed to web servers controlled by the attackers which displayed messages in support of the regime of embattled President Bashar al-Assad. According to a story in The New York Times, the attackers were able to compromise systems operated by Melbourne IT, an Australian domain registrar used by many prominent firms. With access to […]
Spoofing
Update: Researchers Use Weezer Tune To Knock Defibrillators Offline
Editor’s Note: This article has been updated to include comment from Medtronic and from the researchers. A bit more on that: I spoke to the fine researchers who conducted this study. They are concerned that people might casually read the headline or first couple paragraphs and conclude that listening to Weezer will kill them. Listening to Weezer will not kill you. Listening to Weezer will not interfere with your implanted defibrillator if used under normal conditions. Their experiment (and my article) make this clear, but you do have to read down a bit in the article to get that, and I know not everyone does that. In any case, the health benefits of using an implanted defibrillator in accordance with your doctor’s instructions, far outweigh any risk from EMI or other electronic tampering. – PFR 5/22/2013. Listening to Weezer could kill you. Literally. That’s the conclusion of an unusual experiment […]
That Facebook Account Hijack Vulnerability Is Still Dangerous. Here’s Why.
Did you hear about that really dangerous security hole that allows attackers to manipulate third party Facebook applications to hack into your Facebook account? Skype and Dropbox both said they fixed a web site redirection vulnerability that both companies fixed before the vulnerability was disclosed? Great news, right? Right. Except for the fact that the same vulnerability may exist in hundreds, or even thousands of other Facebook applications and still provides a ready pathway into Facebook accounts, according to Nir Goldshlager, the Israeli security researcher who discovered the vulnerability. Goldshlager described the vulnerability, which he named the “UnFix Bug” on his web site in a post on Wednesday, after discussing details of the hole with the online publication TechCrunch. It is just the latest in a string of security holes he has discovered in OAuth, an open authentication standard used by social networking sites like Facebook and Twitter. The vulnerability allows a […]
Malware’s Future Looks A Lot Like Its Present
SAN FRANCISCO – What does the future of malicious software look like? Depressingly like the present, according to a panel of leading experts. Phishing attacks, spam and even self-propagating worms will continue to plague technology users in the years ahead, just as they have for much of the last two decades, according to experts at the RSA Security Conference in San Francisco on Wednesday. However, the malware will operate across a far more crowded landscape of mobile devices, virtual machines, cloud-based computing resources and Internet connected “stuff” – complicating the job of securing sensitive information. The panel, “50 Minutes into the Future: Tomorrow’s Malware Threats” asked the experts to look into the crystal ball and predict what malicious software would look like in the near- and distant future. The answer was: much like it looks today. Dave Marcus, the director of security research and communications at McAfee Labs, said that the […]
Update: Spammers abusing Google Rich Snippets to boost Scam Sites
Editor’s Note: Updated to add official comment from Google. Spammers prove the rule that says criminals will always stay one step ahead of the law. That’s why – despite predictions from some of the technology industry’s best and brightest (*ahem* Bill Gates) that spamming would be eradicated it survives (and thrives) even today. One way that spammers continue to stay in business is by latching on to new technology – any new technology – that might give them an edge in reaching more potential victims and luring them in. Spammers were among the first to recognize the importance of technologies like Search Engine Optimization (SEO) in driving traffic to web sites. They’re willing to try any new social media platform – no matter how nascent. And they don’t cling to technology or methods that don’t work. When the Internet community got hip to how loosely monitored infrastructure like open proxies (PDF) contributed […]
