From Security Weekly Wiki
Jump to navigationJump to search
3,024 bytes added ,  19:12, 8 March 2012
== Larry's Stories ==
#[ The lost phone project] - [Larry] - So what really happens when you lose your cellphone? Symantec tried an experiment, and intentionally lost 50 smartphones across the US and Canada. The phones with installed with tracking a tracking app, and just about all revealed that the finders snooped through the phones looking at the sensitive information, and trying the "stored passwords"
#[ Github/Rails hack] - [Larry] - YAY!, github had a vulnerability in which third parties could insert thier oen keys into any project. The person who found it, added his keys to the rails project and added a humorous commit in order to perform the ntotification. Yikes. I'd argue 2 things: 1. audit all your keys in your git repositories. 2. Call for a code audit of your git projects.
#[ linode bitcoin heist] - [Larry] - Attackers gain access to linode's network gear, then eventually get access to linodes management application, allowing full control of all of linode's shared hosts. From here, the attackers had full control of all of linode's servers, ad the attackers used this to transfer bitcoins out of the hot wallets of at least one bitcoin exchange.
#[ Chrome falls in Pwn2Own] - [Larry] - … and more importantly, Pwnium, Google's Chrome hacking contest. In prior years, Chrome didn't fall, but apparently offering hefty bounties changes all that. It just goes to show, that as an attacker, if there is some monetary value to it, any application os worthy of an attack. Oh, and the bug found yesterday has already been fixed and released.
#[ NASA lost complete control of networks 13 times last year] - [Larry] - Yikes. To quote from the congressional testimony, "In FY 2011, NASA reported it was the victim of 47 APT attacks, 13 of which successfully compromised Agency computers. In one of the successful attacks, intruders stole user credentials for more than 150 NASA employees – credentials that could have been used to gain unauthorised access to NASA systems. Our ongoing investigation of another such attack at [Jet Propulsion Labs] involving Chinese-based internet protocol (IP) addresses has confirmed that the intruders gained full access to key JPL systems and sensitive user accounts." Ooof.
#[ Kitties and Titties] - [Larry] I mean, what's not to like. I'm still having a hard (huhhuhuhuhuuhuhuhu) time finding the kitties though.
== Jack's Stories ==


Navigation menu