Tag Archives: oh

[ISN] CIA Restructuring Adds New Cyber Focus

http://www.defenseone.com/technology/2015/03/cia-restructuring-adds-new-cyber-focus/106953/ By Patrick Tucker defenseone.com March 6, 2015 The CIA will create a new directorate designed to boost the agency’s ability to collect and use digital intelligence in operations, agency CIA Director John Brennan announced. The move to launch a “directorate of digital innovation” comes a two weeks after the Washington Post first reported that Brennan would be restructuring the agency to place a much stronger emphasis on the use of computers and electronic intelligence. The move is a big change for the agency, one that reflects a fundamental evolution in intelligence gathering. CIA traditionally has been tasked with collecting information from human sources (also called HUMINT). The NSA, conversely, is tasked with collecting information from electric sources in the form of signals (also called SIGINT). Today’s announcement is a formal recognition that the electronic world is overtaking the human one, and that collecting information from humans now has a digital component to it. “Digital technology holds great promise for mission excellence, while posing serious threats to the security of our operations and information,” Brennan said, in message to the Intelligence Community, released Friday. “We must place our activities and operations in the digital domain at the very center of all our mission endeavors.” Brennan said a new senior position will “oversee the acceleration of digital and cyber integration across all of our mission areas.” […]




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] ‘CSI: Cyber’ review: Hackwork

http://www.nj.com/entertainment/tv/index.ssf/2015/03/csi_cyber_review_patricia_arquette_cbs.html By Vicki Hyman NJ Advance Media for NJ.com March 04, 2015 Thank goodness Patricia Arquette just won an Oscar, because otherwise I’d really have nothing to say about “CSI: Cyber.” The newest “CSI” franchise, which debuts on CBS tonight at 10 p.m., is about the FBI’s cyber crime division, comes with all the series’ high-tech visual flourishes and stars “Boyhood” star Arquette, who, um, just won an Oscar. Yeah. Oh! This time, the Who theme song is “I Can See For Miles.” I’m not saying “CSI: Cyber” isn’t worth watching. I’m just saying there’s not a heck of a lot to say about it. (The original flavor “CSI” is still plugging away after 15 years, while the Miami and New York franchises lasted 10 and 9 seasons, respectively. The latest entry is a bit different in that there’s a lot of people peering at computer screens instead of into microscopes. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] In major goof, Uber stored sensitive database key on public GitHub page

http://arstechnica.com/security/2015/03/in-major-goof-uber-stored-sensitive-database-key-on-public-github-page/ By Dan Goodin Ars Techica March 2, 2015 Uber is trying to force GitHub to disclose the IP address of every person that accessed a webpage connected to a database intrusion that exposed sensitive personal data for 50,000 drivers. The court action revealed that a security key unlocking the database was stored on a publicly accessible place, the online equivalent of stashing a house key under a doormat. Uber officials have yet to say precisely what information was contained in the two now-unavailable GitHub gists. But in a lawsuit filed Friday against the unknown John Doe intruders, Uber lawyers said the URLs contained a security key that allowed unauthorized access to the names and driver’s license numbers of about 50,000 Uber drivers. The ride-sharing service disclosed the breach on Friday, more than two months after it was discovered. “The contents of these internal database files are closely guarded by Uber,” the complaint stated. “Accessing them from Uber’s protected computers requires a unique security key that is not intended to be available to anyone other than certain Uber employees, and no one outside of Uber is authorized to access the files. On or around May 12, 2014, from an IP address not associated with an Uber employee and otherwise unknown to Uber, John Doe I used the unique security key to download Uber database files containing confidential and proprietary information from Uber’s protected computers.” […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] CarolinaCon-11 is coming – March 20th-22nd 2015

Forwarded from: Vic Vandal h4x0rs, InfoSec geeks, script kidz, posers, and friends, CarolinaCon is back for its 11th year, which is also billed as “the last CarolinaCon as we know it”. For about the price of your average movie admission with popcorn and a drink ($20), YOU are invited to join us for yet another intimate and informative weekend of hacking-related education. This year’s event will be held on the weekend of March 20th-22nd 2015 in Raleigh NC at the North Raleigh Hilton (Midtown). The currently chosen lineup includes more presenters named Old Gregg than you’ll find at any conference anywhere, along with other esteemed individuals, such as; – Have you ever drunk Bailey’s from a shoe? (aka Pen-Testing & Social Engineering Convergence) – Old Gregg (smrk3r) – Cryptocurrency Laundering Theory for Fun and Retirement – Old Gregg (myddrn) – How to design your “You got hacked” page – Old Gregg (digital shokunin) – Electronics Engineering for Pen-Testers – Old Gregg (melvin2001) – Phony Business – What Goes Around Comes Back Around – Unregistered & Snide – Elevator Obscura: Industry Hacks & Answers to all Your Odd Questions About Those Magical Moving Rooms – Howard Payne & Deviant Ollam – Rethinking the Origins of the Lock – Schuyler Towne – RedneckSec – @th3mojo – Cyber War Stories – Andrew Shumate – One Step Closer to the Matrix: Machine Learning and Augmented Reality in Networking – Rob Weiss & John Eberhardt – I live in a van and so can you – Mark Rickert, aka Matt Foley – Drilling Deeper with Veil’s PowerTools – Justin Warner (@sixdub) & Will Schroeder (@harmj0y) – Hacker’s Practice Ground – Lokesh Pidawekar – Social engineering is bullsh*t, call it what it is – surpherdave – Anatomy of Web Client Attacks – Jason Gillam – Art of Post-infection Response and Mitigation – chill – SPAM, Phish and Other Things Good to Eat – Joshua Schroeder / JoshInGeneral …..and potentially 1-2 other l33t talks that we might be able to squeeze in! Side events currently on tap include; – Capture The Flag – Mobile Museum of Vintage Technology – Lockpicking Village – Hacker Trivia – Android Netrunner – Pulp Fiction Canonical Drinking Game – “Unofficial” Shootout (details at http://hackers.withguns.com/) For those traveling to the event or who simply want to stay at the Hilton venue throughout, hotel rooms at the special CarolinaCon group rate can be reserved via this link. http://www.hilton.com/en/hi/groups/personalized/R/RDUNHHF-CCC-20150319/index.jhtml?WT.mc_id=POG ALERT: The special group rate is only available until February 20th, so book now if interested. For other exciting details as they develop stay tuned to: http://www.carolinacon.org If you have any important questions about the event that are NOT answered in website content you can send an email to; infocarolinacon.org Peace, Vic


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Dating site Topface pays hacker who stole 20 million credentials

http://www.techworld.com/news/security/dating-site-topface-pays-hacker-who-stole-20-million-credentials-3596333/ By John E Dunn Techworld.com Jan 30, 2015 The ‘Mastermind’ hacker who stole 20 million user credentials from Russian dating website Topface has got an extraordinary response from his victim – an undisclosed payment for “finding” the vulnerability that led to the calamitous breach. It’s an extraordinary turns of events that would be unthinkable in almost any other country but the site justified its decision with the argument that recovering the data would end the matter once and for all. Recall that the hacker in question had tried to sell the stolen data on a crime forum which is where the breach was first noticed by a third party, US securty outfit Easy Solutions. Without that discovery the data would probably have been sold on without the site realising that a breach had happened in the first place. “He [Mastermind] has confirmed the findings of our investigation and has made an agreement with Topface for no further distribution of acquired email addresses database,” the firm said in a statement. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] World’s largest DDoS attack reached 400Gbps, says Arbor Networks

http://www.techworld.com/news/security/worlds-largest-ddos-attack-reached-400gbps-says-arbor-networks-3595715/ By John E Dunn Techworld Jan 27, 2015 Some time in December 2014 an unnamed ISP experienced an NTP reflection DDoS attack that peaked at a router-straining 400Gbps, easily the largest denial of service event in Internet history, Arbor Networks’ 10th Annual Infrastructure Report has revealed. It’s an apparently small detail slipped into the firm’s larger narrative which is probably less important in the grand scheme of things than the fact that super-massive DDoS attacks are now common enough to have turned into dull statistics. Message – large DDoS attacks are here to stay. But what is driving this ballooning traffic? Arbor gets its numbers from Peakflow SP sensors in 330 customers’ premises feeding into the firm’s Atlas system, which it backs up with manual surveys of important ISPs and providers not contributing to this system. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Mystery ComRAT cyber-surveillance tool still going strong, researchers confirm

http://www.techworld.com/news/security/mystery-comrat-cyber-surveillance-tool-still-going-strong-researchers-confirm-3594612/ By John E Dunn Techworld.com Jan 20, 2015 Security experts seem no nearer to confirming the nation state behind the long-running Uroburos (aka ‘Snake’ or ‘Turla’) cyberweapon (Russia) but according to German security firm G Data its developers are still hard at work. The rootkit’s existence was firmed up last March when BAE Systems, G Data and Kaspersky published separate research suggesting it had been used to compromise large enterprises and government networks for years, including its predecessor, Agent.BTZ, successfully used against the US military in 2008. G Data has continued researching the software, with a new blog note offering a fuller development and version history for what is clearly a major intelligence-gathering and compromise platform of which Uroburos was only one component. The earliest detection of 46 samples looked at was version 1.5 in June 2007 right up to a new RAT, ComRAT, discovered in 2014. BAE Systems believes this platform goes back even further, to 2005, which would make it the oldest nation state malware currently known about (Stuxnet probably didn’t get going until 2006). […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] CAA calls party foul on Tina and Amy’s Sony hack jokes

http://pagesix.com/2015/01/15/caa-calls-party-foul-on-tina-and-amys-sony-hack-jokes/ By Emily Smith and Ian Mohr PageSix.com January 15, 2015 Hollywood drama followed the Golden Globes Sunday night when top agency CAA demanded its famous clients not attend Tina Fey and Amy Poehler’s bash after the pair poked fun at the Sony hacking scandal. Sources tell us CAA’s Bryan Lourd — whom the Hollywood Reporter says has been serving as “privy counselor” to Sony Pictures Entertainment co-chairman Amy Pascal — had asked Globes hosts Fey and Poehler to lay off the hack. “CAA warned that they didn’t want jokes about the scandal,” a source told Page Six. “But Tina and Amy [who are not CAA clients] ignored their warning and made the jokes anyway, so CAA asked its own clients not to go to their after-party.” CAA’s post-Globes bash at the Sunset Tower Hotel was attended by Sony Entertainment CEO Michael Lynton as well as Selena Gomez, Taylor Swift, Lorde, Richard Linklater, Ron Howard, Adam Levine, Julianna Margulies, Kate Beckinsale and Clive Owen, spies said. Pascal did not attend the Globes. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail