Friday, March 8, 2013

Recent Cyber News...with Theresa Payton

Webnotes by: Theresa Payton, Fortalice, LLC. Content also featured on WBT 1100AM Talk Radio with Bo Thompson March 4, 2013

1.  Jailed cybercriminal hacked into his own prison's computer system after being put in IT class
Teenager Nicholas Webber, who ran the 
"GhostMarket.Net" cybercrime website was taking a prison computer class.

He got in trouble and sent to jail.  He took a computer class and while in class he hacked into the mainframe.
His plan was to teach others how to commit cybercrime.  Luckily, the scheme was uncovered and the UK prison says that not much damage was done.

2.  Evernote (online note taking service )was hacked - 50 million users - user name, email address and passwords

They say:
payment info was fine
notes taken were fine

They acted quickly to notify users which is a good thing.

Funny enough, they sent an email that warned their users never to click on links in emails in case it's a fake email but they had a link in their email.

3.  Facebook leaked your phone number - again!

For roughly 8 months, Facebook had a bug that allowed mobile app developers to grab your phone number without you knowing it.

They have finally closed the bug but it makes you wonder why it took them so long to do that when people are screaming for more privacy.

4.  2 very brave victims stand up and talk about being hacked at the RSA security conference
The security conference, attended by over 22,000, in San Fran had the usual briefings on emerging security threats.
Perhaps the most interesting and helpful briefing was the one given by 2 recent hacking victims.

The victims?  Technology Journalist Mat Honan and Cloudflare CEO Matthew Prince

The attacker?  UGNazi hacktivists - a group made up of teens and young adults

The session was called "We were hacked: Here's what you should know".

a.  The hack of Mat Honan - he writes for Gizmodo and Wired and told us how his life was digitally erased - Email, iPhone, iPad, and MacBook air were all impacted.
Work accounts were hijacked.  Personal pictures erased.

The UGNazi's wanted to own his Twitter account: @mat.

b.  The hack of Cloudflare 
He had a strong password and 2 factor authentication.

But UGNazi tricked the Google mail into adding a bogus recovery email address.  Once that was there, they issued a password reset and got it.
Once they got his personal account, they hopped over to his Google Apps account.

They actually called Matthew Prince and taunted him with automated voice mails.

They then redirected visitors to Cloudflare's 4chan site to their UGNazi page.

They identified the hackers - one was a 
15 year old in Long Beach Calif nicknamed "Cosmo the God"; he is now on probation and not allowed to use a computer without permission for 6 years.

a.  backups important
b.  know the security of the apps you use
c.  check those reset features to make sure you know what email addresses or accounts are in your profile

No comments:

Post a Comment