The hacker group Lizard Squad that attacked Sony and Microsoft on Christmas day: http://oversitesentry.com/christmas-hacking-while-you-were-out/ This was the result of their attack: Brian Krebs has done research (as he does) and has found that the Lizard group has been hacking default password home routers around the world, and it seems they used them to attack … Read more
Dark Reading has an article on PCI compliance from end of last year: http://www.darkreading.com/risk/compliance/how-pci-dss-30-can-help-stop-data-breaches/a/d-id/1318306 An important paragraph: “In the cases of the largest data breaches, in 2014 a common point of vulnerability was the exploit of remote access methods to implant malware on systems that store, process, or transmit cardholder data. Frequently the point of … Read more
Hacker news story: http://thehackernews.com/2015/01/iDict-icloud-password-hacking-tool.html It looks like the hacker “Pr0x13” has released a password hacking tool at GitHub that allows hackers to break into any iCloud account – thus giving them access to iPhone user account data. Tool is called iDict: https://github.com/Pr0x13/iDict/ GitHub is a repository of software development projects by various programmers around the world. … Read more
I want to focus on a couple of Bruce Schneier posts today. Jan 1 Doxing as an Attack https://www.schneier.com/blog/archives/2015/01/doxing_as_an_at.html As Bruce mentions the old attack Doxing where all your information (personal information like cell phone, ss#, birthday, emails, medical information, etc.) is posted to the Internet to pressure the target for a political or otherwise … Read more
Wall Street Journal has a very good detailed story of what happened during the hack. http://www.wsj.com/articles/behind-the-scenes-at-sony-as-hacking-crisis-unfolded-1419985719?mod=WSJ_hpp_MIDDLENexttoWhatsNewsThird (May have to have a subscription to see the whole article) Besides the improvisation of he employees and management it is obvious to me: 1. There was no Disaster Recovery plan. 2. The erased contents of their servers meant … Read more