Posts Tagged ‘Twitter’

Apple’s systems hacked, internal passwords stolen

July 6th, 2011
Servers

User names stolen from Apple server

Hacking groups

Hacking attacks are on the rise.  Hacker groups such as LulzSec have been successfully breaking into networks of big companies like Fox, Sony, AT&T, PBS, Citigroup and even the CIA.   LulzSec, an anonymous group of hackers, have claimed responsibility for hacking into several major company websites.

The latest in the line is Apple’s website. It appears that hackers have broken into Apple’s systems before posting a list of names and password hashes online. The names were not linked to the more than 200m customer credit cards stored on the iTunes online store.

The complete story

Hacking group Anonymous broke into an Apple server, collecting 26 administrative user names and passwords. The group announced the breach through its Twitter where it shared a link to the data posted on text-sharing website Pastebin. “Apple could be target, too,” the group tweeted. “But don’t worry, we are busy elsewhere.”

LulzSec group has been very active in the hacking field and recently announced it was ending its hacking operation and asked its users to support Anonymous. Their movement is called “AntiSec.” Both Anonymous and LulzSec have always targeted big companies disclosing their political motives.

What does Apple have to say?

Apple declined to comment declined to comment and has not confirmed the breach as yet. Fortunately the data that was hacked has little value to the culprits.

Why is this happening?

“Part of the problem is that companies don’t have an incentive to disclose when a breach occurs unless it’s required by law,” said Ronald Deibert, director of the Citizen Lab at the University of Toronto’s Munk School of Global Affairs. “But the volume [of attacks] suggests something is going on.”

Hacking operations by groups like Anonymous and LulzSec started with Sony who is still having a hard time getting its systems back on track since its breach in April.

One of the reasons for these successful hacking attempts is the very nature of most major corporations’ digital data. Up till now, large companies had an Internet website for public information and an “intranet” for internal use. But the picture has drastically changed today. A company’s public online presence includes websites, YouTube channels, Facebook pages and Twitter accounts – all very vulnerable for getting compromised!

Add to this the high-profile nature of such services.  Even though Social networking platforms like Twitter or Facebook offer very less business value, they  can be used to quickly and publicly embarrass a company –  the latest in the news – Fox News Twitter account which displayed fake Obama tweets! Stay tuned..

Time for giant Corp orates to tighten their security – AlertSec’s security services

Organisations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Alertsec Xpress’s Check Point Full Disk Encryption is used by over 4 million users worldwide.

Enhanced by Zemanta

No comments »

Posted in Computer security, Data Protection, computer security software, data breach, data encryption

Tags:

Laptop containing private info stolen from Burnbay Hospital

September 8th, 2010

A laptop that contained confidential information of patients in the pulmonary function lab has been stolen from the Burnbay hospital. The Burnaby RCMP and the Fraser Health Authority are investigating the matter.

The theft happened in mid-August and 635 patients are affected, according to David Plug, spokesperson for the health authority. “We sent out letters to them this week notifying them of what happened and we also notified the privacy commissioner,” said Plug. “There’s no indication any of the information on that computer has been disseminated.”

He also added, “The RCMP has been notified and they are investigating, we take patient records security very seriously so we’re taking this investigation very seriously.”

Plug said the laptop might not be password protected or using any encryption. “That’s something we’re looking into,” he said. “We’re also looking at our overall security, whether we need to have more office locks or more security upgrades.”

Though, Plug also added that the thief might have been caught on the hospitals surveillance cameras.

The affected patients are being notified of the security breach and the health authority is offering them support along with complimentary one-year subscription to a credit monitoring service.

Secure your organization with Alertsec

Alertsec Xpress is used in all organisations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to large multinational companies with offices around the globe. By using industry leading Check Point Full Disk Encryption (former Pointsec) software, Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption

For security and technology observations, consider following us on Twitter.

Enhanced by Zemanta

No comments »

Posted in Uncategorized

Tags:

Large scale computer thefts at Pendle schools

September 6th, 2010

£60,000 worth of computers have been stolen from Pendle schools over the summer holidays. The thieves have struck at Fisher-More Catholic Humanities College, Primet High School and Park High School over the course of six-weeks.

Fisher-More was struck four times by thieves over the course of holidays. The first two thefts occurred at the end of July when computer equipment valued at almost £8,500 was taken. Then again, the thieves returned on August 25th and 26th, this time taking two computers and a compact computer monitor, together valued at nearly £2,000.

Laptops valued at £2,500 were stolen from Park High School in the early hours of August 26th. The worst affected is Primet High School where £40,000 worth of equipment have been stolen. Thieves raided the school’s IT suite at the weekend, taking computers, two-way radios and other resources.

Initial investigation form the police suggests that the thieves broke into Fisher-More and Park through the windows but entered Primet through the roof. PC Mark Blackey, of Colne Police, said: “We cannot say for certain, but we think it is the same thieves going around high schools in the area. In view of this, we are asking schools to be particularly vigilant.”

Fisher-More headteacher Mr Chris Bohills said: “Governors and staff were very disappointed after the summer break to find vandals had thrown stones through six large windows and thieves had also broken into school, stealing 12 computers which also created a great deal of mess. This had to be attended to as a matter of urgency for the students’ return and has cost the school considerably, a cost which would have been better used for the academic interests of our pupils. However this will not dampen our spirits after the best ever GCSE results at the school this summer and staff and students are looking forward to working in the new classrooms and administration block at the front of the building.”

Headteacher of Primet High School Janet Walsh said: “This is a particularly cruel crime targeting children and their learning opportunities. Education is already poorly funded, so to take such treasured equipment is appalling. Luckily we can still teach without the equipment, but teachers will need to re-plan their lessons and we will have to resort to old methods of teaching for a while.”

Dr Paul Parkin, headteacher at Park High School, said: “During the summer holidays the school has spent a considerable amount of money updating and extending facilities for pupils. It is disappointing that theft and vandalism of this nature has happened. The costs of replacing damaged or stolen items and increased levels of security limit the funding available for our pupils. However we will not let this affect the start to the new academic year. We remain committed to improving the quality of facilities in school.”

PC Blackey said: “We are appealing to any local residents who saw anyone in the area of the schools acting suspiciously at these times to contact us anonymously on 472441 or Crimestoppers on 0800 555111.”

Secure your organization with Alertsec

Alertsec Xpress is used in all organisations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to large multinational companies with offices around the globe. By using industry leading Check Point Full Disk Encryption (former Pointsec) software, Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption

For security and technology observations, consider following us on Twitter.

Related articles by Zemanta
Enhanced by Zemanta

No comments »

Posted in Alertsec Express, Computer security, Data Protection

Tags:

Personal details of Westfield Bondi Junction exposed in Data Breach

August 14th, 2010

The personal details of people that shop at Westfield Bondi Junction have been exposed on the Internet, following a direct marketing email mishap on Monday night, the 9th of August.

Westfield has already notified the subscribers to its mailing list stating that customer details were visible on the web for eight hours. In a note sent to customers, Westfield said it experienced a “technical problem” with a link in an email newsletter sent to subscribers, asking them to update their contact details.

“As a consequence, the personal information of people who updated their details between 6.18pm on Monday 9 August 2010 and 2.30am on Tuesday 10 August 2010 may have been able to be viewed by other subscribers clicking on the link during that time,” the note stated.

The shopping giant also claimed that within three hours of the newsletter being sent, its staff was made aware of the problem and the issue was resolved by 2.30 am on Tuesday.

According to the company’s privacy policy, Westfield would usually collect only the names and email addresses of subscribers, and the owners of shopping centers it builds or leases. It also collects domain information and IP addresses, and logs user’s browsing behavior whilst on the Westfield site. Their privacy policy also mentions that its customer database “is protected by a firewall as well as host-based security.

Westfield remained unavailable for comment when it was approached to reveal how many customer records were exposed and the nature of personal information contained within them.

“The data is not transmitted over the Internet once it has been stored in the database. If Westfield ever has a requirement to transmit the data over the Internet (For example, to make an off-site backup) it will be in encrypted form. The electronic environments are real-time monitored by Westfield and a third party specialist security monitoring company”, the privacy policy states.

Westfield described this matter as a ”one off occurrence due to a technical problem which has now been remedied and will not occur again.

“However, you should be aware that any personal information you uploaded during this period may have been viewed during this time,” the shopping giant told customers. ”If you receive any unusual emails, telephone calls or other communications you should treat these with caution.”

Currently there is no formal data breach notification requirement in place under Australian law that would require Westfield to notify its customers, but the Australian Law Reform Commission expressed a desire for the Federal Government to introduce such a law in a report released two years ago. In its absence, Australia’s privacy commission has sought organizations to create a voluntary code to self-regulate.

Secure your organization with Alertsec

Alertsec Xpress is used in all organisations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to large multinational companies with offices around the globe. By using industry leading Check Point Full Disk Encryption (former Pointsec) software, Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption

For security and technology observations, consider following us on Twitter.

Enhanced by Zemanta

No comments »

Posted in data breach

Tags:

Preventing Twitter Outage

February 3rd, 2010

If you are a twitter user, how many times have you seen the above image? Well if you do use twitter regularly, chances are that you would have noticed it in several cases.

In an age, where we are talking about high quality computer security software & encryption software, hack attacks on twitter are major cause of worry for its 45 millions users.

Let us look at some of the reasons that led to Twitter’s breakdown !

The Cause

The hijackers defaced twitter by temporarily compromising twitter’s DNS records. Following screen grab shows the DNS hijacking as recorded via the PassiveDNS systems. The host www . mowjcamp . org was hosting the defacement.

While on one side, we can blame twitter for not being awake to the situation at the same time, part of the crisis can also be attributed to volumes of noise being contributed by the users.

There have been hacker attacks on the domain name system (DNS) servers that enable access to Twitter’s website disrupted service for many users, which directed them instead to a web page declaring “This site has been hacked by Iranian Cyber Army.” In the wake of the attack, which was fended off within hours, many fingers are being pointed at Twitter’s DNS provider, Manchester, NH-based Dyn Inc

Twitter will need to try and find the root cause of the denial-of-service attack, or more importantly build a more robust infrastructure with controls in place to withstand future DoS attacks.

Today’s article on Mashable highlights Twitter’s explanation on recent phishing attacks. Twitter blamed the outage on changes made to the company’s DNS (Domain Name System) records, which had matched the domain name with the IP addresses of its servers.

On its status page, Twitter said, “Twitter’s DNS records were temporarily compromised but have now been fixed. We are looking into the underlying cause and will update with more information soon”.

Stopping the problem

It is not that folks at twitter are not doing anything to stop this issue:

  1. Recently, twitter has  a security upgrade – which disables links to hacker websites.
  2. As a user, be careful about what you are posting, it could be a small family picture even. If there is a slightest of doubt in your mind, simply remove the information rather than exposing it to the public world.
  3. A larger chunk of security experts say that you cannot stop a DDos attack as it is certainly difficult to respond in real-time to massive server requests from large ranges of IP addresses. However, there are select tools/services which can be utilized for reducing the resolution time. A nice list for the same is available at  – http://staff.washington.edu/dittrich/misc/ddos/
  4. If you want to block or stop a DDoS attack, a commonly used tactic is through a network sniffer device which allows observation of offending IP addresses before they it hits your web servers.
  5. Again as a user, never use same passwords on all social networks.
  6. Like we talked about in Joomla’s case in the last article, be careful while installing 3rd-party twitter applications.
Reblog this post [with Zemanta]

No comments »

Posted in Data Protection

Tags: