OpManager: A single console to manage your complete IT infrastructure. Click here for a 30-day free trial.
Welcome Guest | Sign In
LinuxInsider.com
FOSS and the Fear Factor
October 20, 2014
In a world that's been dominated for far too long by the Systemd Inferno, Linux fans will have to be forgiven if they seize perhaps a bit too gleefully upon the scraps of cheerful news that come along on any given day. Of course, for cheerful news, there's never any better place to look than the Reglue effort, run by longtime Linux advocate and all-around-hero-for-kids Ken Starks.
Microsoft Patch Blocks Sandworm Tunnels
October 17, 2014
iSight Partners this week revealed that a cybergang it dubbed "Sandworm" has been exploiting a zero-day vulnerability that impacts all supported versions of Microsoft Windows, including Windows Server 2008 and 2012. The announcement was held off until Microsoft issued its patch earlier this week. If exploited, the flaw will let attackers remotely execute code on target systems.
Snapchat Hackers Could Be Prosecuted for Child Porn Offenses
October 13, 2014
Private videos and pictures shared between tens of thousands of Snapchat users -- possibly as many as 200,000 -- were posted online by hackers over the weekend in an episode dubbed the "Snappening." Much of the content is sexual, including many nude photos -- some possibly of minors. The hackers appear to have gone for maximum embarrassment and humiliation with this particular breach.
Attorney Slams Google for Making Money Off Nude Celeb Pics
October 02, 2014
Google may be on the receiving end of a $100 million lawsuit from attorneys representing some of the celebrities whose nude photos were hacked from their iCloud accounts and subsequently posted online. Entertainment lawyer Martin Singer has sent a letter to Google's top executives and its legal staff, accusing the company of ignoring a take-down request sent to it four weeks ago.
Banks, Businesses Scramble to Smash Bash Shellshock Bug
September 29, 2014
Banks and businesses toiled over the weekend to crush a bug in a widely used open source operating system. The flaw has been in Unix for some 25 years, but it was revealed just last week. If exploited, the vulnerability could be used to inject malicious code or take command of a system or device. Dubbed "Shellshock," it requires patching systems and devices running Apple's OS X, Linux and Unix.
Bash Shellshock Bug Patched but Not Pummeled
September 25, 2014
Researchers on Thursday discovered proof-of-concept code that could take advantage of unpatched computer systems, and found evidence of attacks exploiting the BASH Shellshock bug in the wild. Shellshock, which came to light on Wednesday, could become a major threat to Linux/Unix and Apple operating systems if published patches to BASH are not applied before an attacker cashes in.
Banking Trojan Targets Petrochemical Outfits
September 23, 2014
The pernicious program Citadel has been around for awhile, but it's using some new tricks on new targets. From its humble origins as a "man in the browser" thief of banking credentials, Citadel has become a knave of all trades. Once it lands on a computer, it can be configured in a number of ways with a file from a server operated by Web predators.
Home Depot Gives 56 Million Customers a Heads Up
September 19, 2014
Home Depot on Thursday said it had excised the malware demon from its computerized payment system after its recent discovery of a security breach in which thieves stole records of 56 million credit cards. Home Depot stopped short of admitting that an ongoing security upgrade may have contributed to the breach. Efforts to harden the system with enhanced encryption are under way.
XSS Flaw Burns a Hole in Kindle Security
September 16, 2014
Security consultant Benjamin Mussler last week warned that the Kindle e-book library had a cross-site scripting vulnerability. It appears Amazon previously had fixed the XSS flaw but two months ago reintroduced it in a new version of the "Manage Your Kindle" Web application, according to Mussler. People who download pirated e-books are at greatest risk, he said.
Apple's Cook Promises Feeble iCloud Security Upgrades
September 05, 2014
Apple is taking steps to improve security in the wake of the furor generated by hackers' posting nude photos of celebs on the Internet, CEO Tim Cook said. Apple will alert users via email and push notifications when someone tries to restore iCloud data to a new device. It already does this when someone tries to change an account password or when a device first logs in to an account.
Bad News Hounds Apple Days Before iPhone Gala
September 05, 2014
Apple has been forced to do some serious damage control when it no doubt would rather be rallying fans for its big iPhone launch next week. The company on Tuesday learned that a number of celebrity accounts on its iCloud service had been cracked and some embarrassing photos posted. Then two activist groups on Thursday released a report critical of work conditions at an Apple supplier in China.
We Can Fly to the Moon, but We Can't Secure the Cloud?
September 04, 2014
The entire freaking tech industry is falling down on the job, and Apple, my favorite company in the world, is stumbling around too. What's worse is that it doesn't seem to care. Apple is the most profitable consumer tech company in the world, with billions of dollars in the bank. Yet the company can't seem to be bothered to imagine how easily iCloud user accounts could be compromised.
Home Depot All But Confirms Doozy of a Data Breach
September 03, 2014
Home Depot may have experienced a massive security breach -- possibly on a greater scale than last year's Target breach, which affected an estimated 110 million people. Home Depot said it was investigating the possibility, following security researcher Brian Krebs' Tuesday alert. It appears the perpetrators are the same hackers responsible for the data breaches at Target and elsewhere.
Admins Grapple With Shadow Tech
September 03, 2014
If you want to see an IT pro twitch, bring up Shadow IT in a conversation. "Shadow IT" is a term applied to technology deployed by an organization's users outside the purview of the IT department. It's bothersome to system shepherds because it can open up an organization to data leakages. It's also growing. Many Shadow IT programs run in the cloud, but all clouds are not created equal.
Other Shoe Drops in CyberVor Hack Attack
September 02, 2014
Domain name registrar Namecheap on Monday reported that it was besieged Sunday night by cyberattackers who employed username and password data possibly stolen by the so-called CyberVor hacker gang. "CyberVor" is the name Hold Security used last month when it reported the theft of 1.2 billion online credentials. However, the "vast majority" of the malicious login attempts were unsuccessful.
Victimized Celebs Blamed for Their Indecent Exposure
September 02, 2014
Apple on Tuesday issued a statement blaming the posting online of more than 100 celebrities' photos in various stages of dishabille on a highly targeted hack attack to gain access to their usernames, passwords and answers to security questions. None of the cases investigated resulted from any breach in the company's systems, including iCloud or Find my iPhone, Apple maintained.
Russian Hackers Sack US Banks: Report
August 29, 2014
Hackers appear to have stolen data from JPMorgan Chase and at least one other U.S. bank in retaliation for economic sanctions against Russia. The raid on the banks' computer systems reportedly resulted in the theft of gigabytes of sensitive data. JPMorgan did not confirm the incident. However, the FBI is conducting an investigation into reports of cyberattacks on U.S. banks.
Hacker Attacks on Healthcare Providers Jump 600 Percent
August 28, 2014
The recent data breach at Community Health Systems, in which Chinese hackers stole the personal information of 4.3 million patients, was another sign of a disturbing trend: Healthcare providers are coming under cyberattack at an alarming rate. "We've seen a 600 percent increase in attacks on the healthcare sector in the last 10 months," said Carl Leonard, senior manager at Websense Security Labs.
Sony DDoS Attack May Have Been Smokescreen
August 25, 2014
Sony's PlayStation and Sony Entertainment networks were taken down over the weekend by a distributed denial of service attack. The hackers, who call themselves the "Lizard Squad," also forced authorities to divert a plane Sony Entertainment president was on by tweeting that there might be a bomb on board. A hacker with the handle "FamedGod" later claimed responsibility for the DDoS attack.
OS Flaw Leaves Android Wide Open for App Hack Attacks
August 22, 2014
A flaw in Android's GUI framework let university researchers hack into applications with up to 92 percent success. They tested apps from Gmail, H&R Block, Newegg, WebMD, Chase Bank, Hotels.com and Amazon. "Changes in the shared memory side channel allow an attacker to infer if there is an activity transition going on in the foreground," said researcher Zhiyun Qian, an assistant professor at UCR.
Security Researchers Lay Bare TSA Body Scanner Flaws
August 22, 2014
The U.S. Transportation Security Administration, part of the Department of Homeland Security, has spent more than a billion dollars on full-body scanners designed to strengthen airport security. It turns out that at least one model of scanner in use for four years -- the Rapiscan Secure 1000 full-body scanner -- easily could have been foiled by a savvy bad actor.
Is Open Source an Open Invitation to Hack Webmail Encryption?
August 21, 2014
In a move influenced by Edward Snowden's revelations about the NSA's email snooping, Yahoo and Google last week announced that they were cooperating on end-to-end encrypting their webmail products. While the open source approach has proven its value over and over again, the idea of opening up the code for security features to anyone with eyeballs still creates anxiety in some circles.
Russian Gang's Credentials Theft Exposes Web's Wild, Wild West Side
August 12, 2014
News that a Russian gang has stockpiled more than a billion purloined user name and password combinations has revved up the Internet's reputation as a post industrial Wild, Wild West. Just how much havoc will be raised by the gang remains to be seen. The data thieves so far appear content to use their ill-gotten trove for spamming, according to Hold Security, which discovered the credential cache.
Cyberspies Help Themselves to DHS Contractor's Data
August 08, 2014
USIS, the contractor that did the background checks on Washington Navy Yard shooter Aaron Alexis and NSA leaker Edward Snowden, on Thursday reported that its computer systems have been breached. "Our internal IT security team recently identified an apparent external cyberattack on USIS' corporate network," said US Investigation Services in a statement.

See More Articles in Hacking Section >>
Facebook Twitter LinkedIn Google+ RSS