Tag Archives: celebrity

Richard Dawkins forum compromised

No Intelligent Design for Dawkins forum…

 

Richard Dawkins, the evolutionary biologist and popular science author, famed for his no-holds-barred approach to what he sees as the unsubstantiated claims made by religion, certainly has all the proof he needs to believe in the cybercriminal underground.

 

Members of the discussion forum over at RichardDawkins.net all received a message, purporting to be from the forum admin which incongruously invited them to join a warez site. 

Image from www.twitter.com/fadviral

Image from www.twitter.com/fadviral

 

The apparent hack has been confirmed by the site admins with a message posted on the front page.

 

Image from RichardDawkins.net

Image from RichardDawkins.net

 

No word yet from the web site admins on how much personal data may have been put at risk during this intrusion.  If the hackers had access to the forum admin account, they very probably had access to a large amount of user information including hashed passwords (or even worse clear text passwords?) and email addresses. My advice to anyone with an account on that particular forum would be to consider the password you used, and if it is common to any other services, then change it immediately.

 

At the time of writing the forum remains offline.

forumdown

Obama Safe House location leaked over P2P

In an article published today by Computerworld, it was revealed that the details of a US Secret Service safe house – one meant for the US First family in the event of a national emergency – had been leaked over peer-to-peer networks using the popular LimeWire client.

Image from limewire.com

Image from limewire.com

 

This is of course not the fault of LimeWire and there’s no reason why Mark Gorton, chairman of Lime Group, should have been lambasted at today’s hearing. It is also not the first time sensitive information has been leaked over peer-to-peer networks (think motorcades, nuclear facilities, presidential helicopter, terrorist threat assessments, mortgage data, M&A plans, healthcare data) the list is virtually endless. This is all of course without considering the extremely elevated threat from malware over (often) unscanned P2P connections to untrusted devices sharing illegal software and data. It has long been the case that distributing malware along with your warez over file-sharing networks is almost de rigeur.

 

In many ways, the nature of the data that was leaked is secondary to the potential conclusion that can be drawn from the reaction to this latest event.

 

According to the Computerworld article “The disclosures prompted the chairman of the committee Rep. Edolphus Towns, (D-N.Y.), to call for a ban on the use of peer-to-peer (P2P) software on all government and contractor computers and networks. “For our sensitive government information, the risk is simply too great to ignore,” said Towns

 

Does this mean that installations of P2P software are not already banned on sensitive networks? Does this mean that machines that routinely, or even occasionally, handle sensitive data are not deployed in a locked down configuration where the user has no administrative rights? Does this mean that government network admins do not have visibility over who is using rogue software on their networks? It certainly seems that way and this just reinforces the message about low-hanging fruit in my previous post.

 

If you are concerned about the proliferation of rogue services or unwanted applications inside your environment (not to mention malware) take a look at the Threat Management Solution.

Dodgy dealing & Info stealing.

broken_laptop

The results of an investigation carried out by Sky News should be enough to worry anyone who is put in the unfortunate position of having to entrust their computer to a stranger.

 

Researchers from Sky News set up a laptop with a keylogger and webcam enabled surveillance software. They gave the laptop a very common, easy to diagnose and remedy fault, by slightly unseating a memory chip. The laptop was then taken to various computer repair shops around London and the results monitored.

 

Almost unsurprisingly some of the shops gave misleading diagnoses and overcharged for the repairs. I say unsurprisingly because this immediately puts me in mind of all the well-known horror stories about car repairs rip-offs.

 

Knowledge = Power = Money and it is certain, and now proven, that some people will abuse their position of power to maximise their financial return. 

 

More worrying though was the subsequent data theft from this rigged laptop that followed once it had been repaired. The laptop was also honeytrapped with a collection of lady-in-a-bikini photos and personal data including bank logins and passwords for online services. This data was reportedly copied onto a USB stick by staff at one of the shops and the banking logon details were also used to try and access the online banking service.

 

This is far from being a localised issue as the Edison Chen sex photo scandal over in Hong Kong proved earlier this year, where as ABC News put it:

Say Britney Spears, Lindsay Lohan, and Paris Hilton took it all off for Justin Timberlake and his camera, who promised the tabloid queens that no eyes but his own baby blues would ever see evidence of their tryst. Say J.T. kept some of those photos on his laptop. Say that laptop fell into the wrong hands.

You might have a sex scandal on the level of what’s rocking Hong Kong right now.

 

An important lesson to take from all this (other than the “never trust a tradesman” one I mean) is the need for a secure place for people to store their personal data.

 

More and more enterprises are making investments in various types of device encryption technologies, but these kinds of stories demonstrate the need for this technology to filter into consumer and small business products as well.

 

As information becomes more digitised, like the photos and the logins;  and computers ever more portable (think netbooks and PDAs) the potential for mischief grows. The odds of a mobile device being handed over to a third-party for service or repair are increasing. If that device contains personal or corporate sensitive information then we need to provide people with technologies that enable them to keep their own data secure while still allowing the repair shop access to the machine to diagnose faults.

 

Importantly, if the problem is a software related one, then this security cannot be achieved through full disk encryption which is an all or nothing encryption methodology.

 

Consumer security suites need to offer people the ability to keep their most sensitive data in a secure location on the hard drive, while still allowing  the engineers to get their heads under the digital bonnet to fix software related issues.

 

Perhaps more crucially, we as consumers need to start actually using the features we pay for.