Tag: hacks

Friday Night Massacre: Twitter Hacked, Info on 250k Exposed

What better time to drop some really bad and embarrassing news than late on a Friday afternoon, as everyone is heading out the door? So it was with social media giant Twitter, which dropped a bombshell late Friday: revealing that it had been compromised in an “extremely sophisticated” attack that yielded the account credentials for around 250,000 users. A blog post by Twitter Security Team member Bob Lord on Friday said that the company has been investigating the breach all week long, after detecting unusual patterns of account access across its network. After stopping an attack that was in progress, the company’s investigation revealed that the attackers “may have had access to limited user information – usernames, email addresses, session tokens and encrypted/saltedversions of passwords – for approximately 250,000 users,” Lord wrote. Twitter did not discuss the circumstances of the breach, but reiterated guidance from the U.S. Department of Homeland Security for users to disable Java […]

New York Times Hack Puts Antivirus on Defensive

The big news this morning is the New York Times’ scoop on…well…itself. According to a report in today’s paper, the Times’s computer network was compromised for more than four months by attackers believed to be located in China. The attacks followed a Times exposé on the wealth accumulated by family members of China’s prime minister, Wen Jiabao – one of a series of reports in Western media outlets that raised questions about corruption and influence peddling in China’s ruling Communist Party. Attackers planted 45 pieces of information-stealing malware on Times systems, despite the presence of antivirus software from Symantec Corp. protecting those systems before, during and after the hack. The story is fueling debate about the value of anti-virus software and prompted Symantec to issue a statement defending its technology, but warning that signature-based antivirus is not enough to stop sophisticated attacks. According to the Times report, the attacks used compromised systems on […]

Pi Million Dollars! Google Sets $3.14 Million Pot For Pwnium 3 Contest

Google cemented its reputation as the squarest company around Monday (pun intended), offering prizes totaling Pi Million Dollars –  that’s right: $3.14159 million greenbacks – in its third annual Pwnium hacking contest, to be held at the CanSecWest conference on March 7 in Vancouver, British Columbia. Google will pay $110,000 for a browser or system level compromise delivered via a web page to a Chrome user in guest mode or logged in. The company will pay $150,000 for any compromise that delivers “device persistence” delivered via a web page, the company announced on the chromium blog.   “We believe these larger rewards reflect the additional challenge involved with tackling the security defenses of Chrome OS, compared to traditional operating systems,” wrote Chris Evans of Google’s Security Team. The announcement is part of stepped up efforts by the Mountain View company to put a premium on information about security holes affecting its products, […]

Update: Student’s Expulsion Exposes Computer Science Culture Gap

Editor’s Note: Updated to include comment from Dawson CS Professor Simonelis. – PFR 1/22/2013 The expulsion of a  20 year-old computer science major at Dawson College in Quebec, Canada has laid bare what one expert says is a culture gap between academic computer science departments and the ‘real world’ of application development. In the wake of news stories that have drawn attention to the case, Dawson’s faculty and administration have stood by their decision, saying that “hacking” of the type Ahmed Al-Khabaz was engaged in was an example of “unprofessional conduct” by a computer sciences engineer. This, even as private sector firms – including the company whose software Al-Khabaz exposed – have come forward with job offers and scholarships. Al-Khabaz was expelled in November by a school administration that looked askance at his security audits of a student portal web site dubbed “Omnivox,” accusing him of launching “SQL injection” attacks […]

For Industrial, Medical Systems: Bugs Run In The Family

On the surface, the kinds of industrial control systems that run a power plant or factory floor are very different from, say, a drug infusion pump sitting bedside in a hospital intensive care unit. But two security researchers say that many of these systems have two important things in common: they’re manufactured by the same company, and contain many of the same critical software security problems. In a presentation at gathering of industrial control security experts in Florida, researchers Billy Rios and Terry McCorkle said an informal audit of medical devices from major manufacturers, including Philips showed that medical devices have many of the same kinds of software security holes found in industrial control system (ICS) software from the same firms. The research suggests that lax coding practices may be institutionalized within the firms, amplifying their effects. Rios (@xssniper), a security researcher at Google, and McCorkle (@0psys), the CTO of SpearPoint […]