Turbotodd

Ruminations on IT, the digital media, and some golf thrown in for good measure.

Posts Tagged ‘hacking

Game of Hacks

leave a comment »

I’ve been following this HBO hack with great fascination.

One, because I’ve always had an interest in cybersecurity matters (although I’m not a hacker, nor do I play one on the Internets).

Two, because it’s HBO, whom I’m also a big fan of, and I still remember the reverberations of the Sony hack in late 2014, one which led to the downfall of its dear leader, Amy Pascal.

The Guardian has a new story out this morning on the HBO hack, alleging that the HBO hackers have "released personal phone numbers of Game of Thrones actors, emails and scripts in the latest dump of data stolen from the company," and, that they "are demanding a multimillion-dollar ransom to prevent the release of whole TV shows and further emails."

Where’s Daenerys Targaryen and those flying, fire-breathing dragons when you need them?

And is it just me, or do I find it completely serendipitous that this hack comes about around the time of probably one of the peak episodes of the entire GOT franchise…SPOILER ALERT…you know, the one where Daenerys finally unleashes the wrath of those damned dragons and Dothraki scythes on Jaime Lannister and his woefully unprepared army.

While GOT players will settle for bags of gold, the HBO hacker, now someone calling themselves "Mr. Smith." (You can’t make this $%#$ up!), has apparently told HBO chief executive Richard Plepler in a 5-minute video letter to pay the ransom within three days or they would put the HBO shows and confidential corporate data online.

Continues the Guardian report: "The hackers claim to have taken 1.5TB of data — the equivalent to several TV series box sets or millions of documents — but HBO said that it doesn’t believe its email system as a whole has been compromised."

Along with the video letter, the hackers have gone ahead and released 3.4GB of files, including technical data about the HBO internal network and admin passwords, draft scripts from five Game of Thrones episodes, and a month’s worth of email’s from HBO’s VP for film programming, Leslie Cohen.

The whole episode sounds as though it could have been derived from a script from Mr. Robot, but so far as I know, USA Network has, thus far, been immune from hacktivists.

HBO’s response, according to The Hacker News, is that the company’s "forensic review is ongoing."

But one has to wonder whether, somewhere on some back lot in Hollywood, that HBO’s brass is filling the gas tanks on a few dragons of its own.

For the audience, it may all just be pure entertainment.

But HBO is running a business, and they, nor any other going concern, should ever have to be held hostage by somebody calling themselves something as unimaginative as "Mr. Smith."

Especially not in Hollywood.

Written by turbotodd

August 8, 2017 at 10:28 am

Cyber Insecurity

leave a comment »

Some veddy interesting news on the cybersecurity front has reared its ugly head the last couple days.

First, VMware confirmed via CRN yesterday that proprietary source code from its ESX server hypervisor (server virtualization software) had been posted online, but in a blog post about the incident, the director of VMware’s Security Response Center said the posted code was created sometime in 2003 and 2004.

That raises questions as to relevance, according to CRN, with VMware explaining that “the fact that it has been made public does not necessarily put VMware customers at risk.”

Yet given the large number of providers that run vSphere, it could have “a broad and widespread impact.”

Here’s the blog post from VMware — for those potentially impacted, one to keep an eye on.

This just as the Obama Administration comes out against the current House cybersecurity bill entitled the “Cyber Intelligence Sharing and Protection Act,” or “CISPA,”  a law proposed last November by U.S. Rep. Michael Rogers (R-MI) and 111 co-sponsors that would allow the voluntary sharing of attack and threat information between the U.S. Government and security cleared technology and manufacturing companies to try and ensure the security of networks against patterns of attack.

CISPA was reported out of committee on December 1, 2011, but has yet to be debated or brought to a vote.

The Electronic Frontier Foundation has also come out against the bill, concerned that the bill’s broad warnings would leave little protection for individual consumers and not provide effective judicial oversight for the types of monitoring the bill would allow.

If, in the meantime, you’re looking for some industry thought leadership on the topic of security, IBM’s own Marc Van Zadelhoff, the director of strategy for IBM’s still relatively new Security Solutions Division, look no further than this podcast interview (MP3, 17:45 minutes, 10.2 MB) where Marc provides extensive insight into IBM’s approach to security intelligence and compliance. You can also read a transcript here. (36.4KB, PDF)

IBM X-Force Mid-Year Risk and Trend Report

leave a comment »

Now, don’t let me freak you out with this news or anything.

Especially just as the Pentagon confirmed with the New York Times “the most significant breach of U.S. military computers ever” back in 2008, in which a foreign intelligence agent used a flash drive to infect computers for Central Command, which was overseeing combat zones in Iraq and Afghanistan.

But today IBM just released the results of its X-Force 2010 Mid-Year Trend and Risk Report, which showed that security vulnerability disclosures are increasing dramatically, having reached record levels for the first half of 2010.

Specifically, 4,396 new vulnerability were documented by the X-Force R&D team in the first half of 2010, a 36% increase over the same time period last year.

Over half, 55 percent, of all these disclosed vulnerabilities had no vendor-supplied patch at the end of the period.

The report also indicated that Web application vulnerabilities continued to be the leading threat, accounting for more than half of all public disclosures.  And that covert attacks had increased in complexity, often getting hidden within Javascript and PDF formats.

Cloud computing and virtualization were noted as key future security topics for enterprise organizations.

Before you IT administrators rush to find a tall building to jump off of, here’s the glass half full news: In the first-half of 2010, organizations were doing more to identify and disclose security vulnerabilities than ever before.

This in turn is having positive effects on the industry by driving more open collaboration to identify and eliminate vulnerabilities before cyber criminals can exploit them.

Tom Cross, the manager of the IBM X-Force team, provides some background on the methodology and findings of 1H report in this video:

Now, some details from on the trends being seen in the 1H10 report:

  • Web application vulnerabilities continue to be the largest category of vulnerability disclosures. — Web application vulnerabilities have surpassed all other threats to account for 55 percent of all disclosures.  While Web application vulnerabilities continue to climb at a steady rate, these figures may only represent the tip of the iceberg of total Web application vulnerabilities that exist, as they do not include custom-developed Web applications which can also introduce vulnerabilities.
  • Covert, hidden attack methods grew in frequency and complexity, especially involving JavaScript — Enterprises are fighting increasingly sophisticated attacks on their computer networks, including Advanced Persistent Threats. These sophisticated attackers are employing covert means to break into networks without being detected by traditional security tools. JavaScript obfuscation is a particularly popular technique used by all classes of computer criminals to hide their exploits within document files and Web pages. IBM detected a 52 percent increase in obfuscated attacks during the first half of 2010 versus the same period in 2009.
  • PDF exploits continue to soar as attackers trick users in new ways — X-Force started observing widespread use of PDF-based exploits during the first half of 2009. Since then, it has captured three of the top five slots for browser exploits used in the wild. The most significant jump associated with PDF attacks in 2010 occurred in April, when IBM Managed Security Services detected almost 37 percent more attack activity than the average for the first half of 2010. This spike coincided with a widespread spam campaign in which malicious PDF attachments were used to spread the Zeus and Pushdo botnets, some of the most insidious threats on the Internet today.
  • Phishing activity declined significantly, but financial institutions remain the top target. Phishing volume has fluctuated wildly over the past few years. The first half of 2010 has only seen a fraction of the phishing attacks that were seen at the peak in 2009, a decline of almost 82 percent. Despite this drastic decline, financial institutions are still the number one phishing target, representing about 49 percent of all phishing emails, while credit cards, governmental organizations, online payment institutions and auctions represent the majority of other targets.

“Threat dynamics continue to multiply and evolve at a furious pace, making it more crucial than ever to look at unfolding trends so we can better prepare our clients for the future,” said Steve Robinson, general manager, IBM Security Solutions.

“This year’s X-Force report reveals that although threats are on the rise, the industry as a whole is getting much more vigilant about reporting vulnerabilities. This underscores the increased focus among our clients to continue looking for security solutions that help them better manage risk and ensure their IT infrastructure is secure by design.”

Looking ahead, the X-Force Research and Development team has identified some key trends to watch for in the future, including:

  • Cloud Computing — As an emerging technology, security concerns remain a hurdle for organizations looking to adopt cloud computing. As organizations transition to the cloud, IBM recommends that they start by examining the security requirements of the workloads they intend to host in the cloud, rather than starting with an examination of different potential service providers. Gaining a good understanding of the needs and requirements first will help organizations take a more strategic approach to adopting cloud services.
  • Virtualization — As organizations push workloads into virtual server infrastructures to take advantage of ever increasing CPU performance, questions have been raised about the wisdom of sharing workloads with different security requirements on the same physical hardware. X-Force’s vulnerability data shows that 35 percent of vulnerabilities impacting server class virtualization systems affect the hypervisor, which means that an attacker with control of one virtual system may be able to manipulate other systems on the same machine. This is a significant data point when architecting virtualization projects.

This report comes from IBM’s X-Force team, the premier security research organization within IBM that has catalogued, analyzed and researched more than 50,000 vulnerability disclosures since 1997.

The IBM X-Force Trend and Risk Report gathers facts from numerous intelligence sources, including its database of over 50,000 computer security vulnerabilities, millions of intrusion events monitored on tens of thousands of managed network sensors deployed on customer networks throughout the world, its global Web crawler and its international spam collectors.

This mid-year report is designed to help customers stay ahead of threats.

IBM Security Solutions include an extensive portfolio of hardware, software solutions, professional and managed services offerings covering the spectrum of IT and business security risks, including: people and identity, data and information, application and process, network, server and endpoint and physical infrastructure. IBM Security Solutions empowers clients to innovate and operate their businesses on highly secure infrastructure platforms.

To access the report, visit: www.ibm.com/security/x-force. For more information on IBM Security Solutions, visit: www.ibm.com/security.

Written by turbotodd

August 25, 2010 at 9:12 pm

%d bloggers like this: