Subscribe to this page now.

FBI: North Korea responsible for Sony Pictures hack, leaks [u]

12/19, 1:21pm

Statement from FBI notes similarities between Sony Pictures hack and other intrusions by North Korea

[Updated with comments from President Barack Obama] North Korea is responsible for the attack on Sony Pictures, the Federal Bureau of Investigation (FBI) has now announced. The statement about the agency's investigation into the intrusion of the movie studio's computer network, and subsequent leaks, comes at the same time as messages supposedly coming from the hackers wanting Sony to do more than halt the release of "The Interview" movie.

more

Google posts response to leaked Sony 'Project Goliath' emails

12/19, 4:41am

Six movie studios, including Sony, provided $500,000 per year for the MPAA's campaign against Google

In the past weeks, quite a lot has been revealed about Sony's role in ongoing anti-piracy efforts due to the leak of emails as part of the fallout of the North Korean-based GOP attack on the studio. In a post on Thursday on the Google Public Policy Blog, Kent Walker, Google SVP and general counsel, outlined even more leaks that describe a combined and carefully planned effort by Sony and five other studios that began this year to provide funding and legal support for the MPAA's efforts to court State Attorney Generals and target Google directly.

more

Misfortune Cookie exploit endangers 12 million routers

12/19, 3:06am

Newly-discovered bug introduced in 2002, affects most unpatched devices

Researchers from Check Point Software Technologies released information on Thursday about an exploit they are calling "Misfortune Cookie." This bug was introduced into "RomPager" software, which is commonly embedded into residential gateway devices such as routers, beginning in 2002. A conservatively-estimated 12 million un-patched devices, connected to the Internet in 189 countries, are at risk.

more

Interview fallout continues: actors complain, Team America taken down

12/18, 7:35pm

Team America prevented from being replacement for The Interview in cinemas

The fallout from the Sony Pictures hack continues, and is now affecting more than just The Interview. Theaters planning to screen Team America: World Police instead of the James Franco movie have been stopped from doing so, while a number of celebrities have all denounced Sony Pictures' decision to withdraw The Interview from distribution, and the White House has refused to comment on the hack investigation.

more

New USB thumb drive-sized device can take over computers

12/18, 7:06pm

Requires physical access, but works on OS X, Windows, Linux

A new USB microcontroller -- roughly the size of a small thumb drive -- has been demonstrated as a proof-of-concept device that leverages a serious and unfixable vulnerability in USB easily take over and install malware on any unlocked computer. Though it requires physical access or tricking the user into inserting the controller into a USB port, the device has worrying implications for any computer left unattended for more than a minute -- the time it takes for the device to gain admin access, change network settings, install a backdoor and remove any obvious sign of intrusion.

more

ICANN servers accessed following 'spear phishing' attack

12/18, 7:09am

Personal data, files of ICANN CZDS users accessed by hackers

The Internet Corporation for Assigned Names and Numbers (ICANN), the organization which allocates IP addresses and oversees the use of domain names, has been the latest high-profile victim of hacking. The non-profit confirmed its systems were accessed by unauthorized individuals earlier this month, following a "spear phishing" attack in late November.

more

Breaking: US reverses, to say North Korea behind Sony hack tomorrow

12/17, 7:04pm

FBI, diplomats had previously denied direct North Korean involvement

US government officials now believe North Korea is, in fact, behind the attack of Sony Pictures Entertainment's computer system and subsequent data leaks, according to reports. The government is also said to be preparing to make an official statement about its findings, which may arrive as soon as tomorrow, though apparently there is still some internal debate as to what kind of response to make to the insular country. Previously, the FBI had said it had "no evidence" of a direct North Korean connection, though the country was suspected from the outset.

more

New Windows ransomware strain replicates like a virus

12/17, 5:30pm

Spreads through networks, can re-infect if a single file is overlooked

Earlier this month the official blog of security firm KnowBe4 revealed information about a new strain of Ransomware. On top of the usual encryption of files on a computer and demanding payment in Bitcoin currency to regain access, VirRansom can replicate itself like a virus, infecting any and all files on a computer before spreading through a network.

more

Threats issued by Sony hackers against 'The Interview' viewers [u]

12/17, 4:42pm

Stars pull out of promotional activities over threats to audience

[Updated with Sony canceling the film's release] People intrigued by Sony Pictures movie The Interview may reconsider watching it in the cinemas at release, as a message appears to directly threaten its viewers. A posting claimed to be from the Guardians of Peace, the group supposedly behind the hacking of Sony's corporate network, appears to suggest some form of major incident will take place at premieres.

more

'Grinch' exploit puts Linux servers, Android phones at risk

12/17, 4:21am

Managing privileged operations on Linux servers key for protecting e-commerce servers

In a blog post today, AlertLogic Chief Security Evangelist Stephen Coty outlined ways to identify and protect against a Linux server exploit he has dubbed "Grinch." Citing a 2013 report from W3Tech stating that approximately 65 percent of all web servers utilize a Unix or Linux-based operating system, he said that the danger is that Grinch can be used to "steal Christmas." At the crux of this exploit is a way to access administrative permissions through JournalID, which could allow remote execution of commands on any Linux-based server.

more

Flaw in online boarding passes enable anyone to view others

12/16, 9:13pm

Insecure URLs from Delta revealed boarding passes from other airlines, other passengers

Dani Grant, the founder of the security research group Hackers of NY, has reported a serious flaw in the way that Delta and potentially other airlines handle online boarding passes, often displayed on smartphone screens to gain entry to flights. Grand discovered that if she shared the URL to her Delta online boarding pass, anybody could download and potentially redeem it. Even more disturbingly, when she changed with the last digit of the seemingly random numbers in the URL, she could view someone else's online boarding pass, which might even be on an entirely different airline.

more

Hacker group Lizard Squad taken down by Finest Squad, police

12/16, 8:07pm

Christmas comes early as white hats totally pwn script-kiddie newbs

Since August, a hacker group calling itself the Lizard Squad -- self-described as a handful of 'guys with too much free time on their hands' -- have been entertaining themselves by spoiling other people's fun. Primarily, they've been doing this by attacking online video game services and knocking them offline. An opposing "white hat" group of network security researchers have now exposed members of the Lizard Squad group, leading to the arrest of three members, some of whom had also been involved in bomb threats and other domestic terrorism.

more

Microsoft finds tech allies in challenge of US search warrant

12/16, 1:47am

Apple, most big tech companies support Microsoft in Irish email case

This week saw the submission of ten amicus curae briefs filed from a combined 87 individuals, businesses, and associations in support of Microsoft's challenge to a US search warrant for an email stored on a data center in Ireland to the court. The fight between the US government and the Windows maker centers around US law's reach into a customer's private records when the records are actually stored in another country.

more

Dutch data protection agency threatens 15M euro fine for Google

12/16, 12:11am

Ad giant has until February to make changes to its data-collection methods

Google doesn't properly inform users in regards to the extent of data collection and collation from all of Google's various products, a Dutch agency says about the search and advertising giant, and is threatening the company with a €15 million ($18.7 million US) fine if it doesn't change its notification to users of everything from its data collection methods to the fact that it owns YouTube by next February. The agency, known as the CBP, says Google's collation of user data is a violation of Dutch law.

more

Sony Pictures orders media outlets to delete leaked studio data

12/15, 9:29pm

Request to stop reporting details of Sony Pictures leaks sent to news outlets

Sony Pictures has requested the media not to report the contents of leaks stemming from a major intrusion at the company last month. The movie studio has written to a number of sites and organizations, telling them that the gigabytes of confidential employee, financial, and other corporate data must be deleted, and to cease publishing details gleaned from the information.

more

The Pirate Bay raid prompts retaliation from 'Anonymous' groups

12/15, 10:53am

Hacking teams release data, targets attack against Swedish authorities

The shutdown of The Pirate Bay by Swedish authorities has allegedly incurred the wrath of people claiming to be part of the Anonymous hacktivist group. At the same time, the takedown of the site does not appear to have deterred pirates, with one report claiming the takedown may have in fact increased traffic rather than reducing it.

more

Sony ignored security evaluation before GOP hack, more data coming

12/14, 3:10pm

'Christmas dump' incoming with more 'interesting' Sony Pictures data

Months before the hacker intrusion on Sony Pictures' network, analyst firm PricewaterhouseCoopers (PWC) performed an analysis on the company's security, and found it lacking. More than 100 devices were found to be unmonitored by corporate security following an incomplete transition from a private security firm to an in-house team. As a result, any Sony response to network intrusion would be, in the words of the auditors, "slow, fragmented, and incomplete, if it would even happen at all." However, corrective actions proposed by PWC seemingly went undone, which left the doors to the company open, sometimes literally, facilitating the attack.

more

FBI warns of Iranian cyber attack targeting energy, defense, education

12/13, 11:57am

Scope and scale of attack unknown; FBI briefing gives response guidelines

The US Federal Bureau of Investigation (FBI) has warned businesses, energy firms, and educational institutions all the way to the middle school level to be aware of an organized hacking effort by elements in Iran. While the FBI does not explicitly state that the Iranian government is behind the attacks, the efforts are originating from within Iran and some security experts believe that it is a state-sponsored attack.

more

Microsoft 'Patch Tuesday' brings two bad updates, one still not fixed

12/13, 11:08am

Windows 7 TLS, SSL implementation fix breaks driver installations

This week's Microsoft "Patch Tuesday," the regular scheduled day for updates and bug fixes from the Redmond giant, hit a few snags. While one problematic patch to Exchange 2013 has already been retracted and re-issued, a second patch -- this one addressing SSL and TLS authentication -- has rendered many Windows Update drivers, including video card drivers from Nvidia and AMD, uninstallable on Windows 7.

more

MPAA investigating existing legal avenues for anti-piracy measures

12/12, 1:15am

Leaked information reveals potential legal tactics and meetings with Google execs

A disturbing new email leak sent to Sony Pictures CEO Michael Lynton in 2012 has revealed a secret meeting between officials from the Department of Homeland Security and representatives from Google that was focused on methods by which the various groups could hobble or block sites known for hosting pirated materials. Meetings also occurred between the MPAA and an unnamed national law-firm across 2013 to discuss methods to force ISPs to block sites hosting or aggregating pirated content.

more

Red October malware updated, targets diplomats, military, executives

12/11, 10:13pm

Un-jailbroken iOS devices safe from attack; Android, Windows smartphones at most risk

Beginning in Russia and spreading quickly to other countries, a new variation on the formerly-dormant Red October malware has been detected by security firms such as Blue Coat and Kaspersky this week. The new version -- which is notably targeting smartphones of diplomats, military leaders and business executives -- contains a level of sophistication in the function and code that suggests a rogue state, which would have the resources to assemble the talent, is backing the attack.

more

Amazon's main Android app stricken from Google Play over app sales

12/11, 6:25pm

App replaced by 'Amazon Shopping' app with no links to app store

As a result of a revised developer's agreement, Google has made the original Amazon Android app undiscoverable in Google Play. Amazon has replaced the removed app with a new "Amazon Shopping" app, which notably removes access to the retailer's app store through a Google Play-sanctioned app, leaving users forced to "sideload" a separate app from another source in order to facilitate downloads and purchases from Amazon's app store.

more

Sony Pictures strikes back against hacker hijackers

12/11, 1:56am

Employs DDoS attacks, enlists Amazon Web Services to block distribution

In a surprising twist to the ongoing saga of an attack on Sony Pictures' internal computer system by unidentified hackers (likely to be from North Korea), the studio is starting to fight back by leveraging Amazon Web Services to carry out distributed denial of service (DDoS) attacks on identified servers that contain files stolen from Sony over the last month. Taking a page from its own playbook, the media conglomerate is flooding suspect servers with dummy files, a sequel of sorts to anti-piracy attacks carried out by the firm in conjunction with Media Defender seven years ago.

more

Google News in Spain to be shut down next week

12/10, 11:44pm

Pending law enforcement forces move, Google shutdown makes law irrelevant

The Google Europe Blog this week released an update on the status of Google News in Spain. Richard Gingras, Head of Google News, informed readers that Google News will be shut off for them next week, before a new law takes effect in January. Gingras writes this law requires publishers to charge search providers a licensing fee for any content visible on the search website (including headlines), "whether they want to or not."

more

Electronic payment gateway Charge Anywhere compromised since 2009

12/10, 10:17pm

Malware gave 'unauthorized person' access to plaintext information for at least 39 days

In a statement, electronic payment gateway provider Charge Anywhere announced that it had discovered "malware that had not been previously detected by any anti-virus program" in their system. The discovery was made after an unnamed party requested the company investigate some unauthorized transactions that appeared to be made legitimately.

more

FBI: No evidence of North Korea involvement in Sony hack at this time

12/10, 11:50am

Leading theories of state sponsored attack put forth by Sony, others in doubt

The assistant director of the Federal Bureau of Investigation's cyber division, Joe Demarest, has declared that the government of North Korea, at least, doesn't appear to be the instigator of the Sony Pictures attack. Speaking at a cybersecurity conference, the chief said that despite the attack package being compiled in Korean "there is no attribution to North Korea at this point."

more

The Pirate Bay offline after Swedish authorities raid data center

12/10, 5:18am

Multiple sites taken down as Swedish police seize Pirate Bay servers

Notorious piracy website The Pirate Bay was taken offline yesterday, as part of a raid by Swedish authorities. The server raid in Stockholm, which took place yesterday morning, is said to be performed as part of a large operation to protect intellectual property, with several servers and other computers seized for further examination by the police.

more

New iOS 8.1.2 release solves problems with missing ringtones

12/09, 2:03pm

Users directed to URL to restore missing files

Apple has released iOS 8.1.2 for iPhone, iPad, and iPod touch owners. The firmware is a minor update, dealing mainly with a glitch which removed ringtones bought through the iTunes Store. People wanting to get those files back are being pointed to a special URL, which in turn redirects visitors to a new page at the Store.

more

Blackphone gaining app store, data segregation update early next year

12/09, 10:10am

Blackphone PrivatOS Spaces update will help separate work, personal data

The security-minded smartphone from Geeksphone and Silent Circle will soon have its own privacy-focused app store. A future update for Blackphone has also been announced, with a change to the Android fork PrivatOS providing a way to separate the different types of data stored on the device, keeping them segregated for increased app security.

more

More data from Sony Pictures leaks, new movie demands from hackers

12/09, 6:44am

Continued data leaks, attacks threatened if movie release halted

Hackers behind the Sony Pictures intrusion have made a more public demand for the company to stop the release of an upcoming film. The demand from the "Guardians of Peace" is accompanied by another large release of internal data, with information about aliases used by celebrities, as well as more contact information for the stars and their assistants.

more

Apple request for dismissal in Real-iPod trial denied

12/09, 12:57am

Real hunts for new plaintiffs in 10-year-old case

Judge Gonzales Rogers has ruled against an Apple request to dismiss the 10-year-long lawsuit by audio software maker Real, but has not denied that the case may soon be without a valid plaintiff. Following the dropout of the first of two women named in the original case, more evidence was presented in court today that the remaining plaintiff, Marianna Rosen, is also not qualified by virtue of not having directly bought an iPod in the relevant time window with her own funds.

more

Cook meets with chairman of China's State Internet Information Office

12/08, 12:00pm

iCloud attacks likely key subject of discussion

Apple CEO Tim Cook met with Lu Wei -- the chairman of China's State Internet Information Office -- during the latter's recent trip to the US, reports say. Lu is also said to have met with Facebook CEO Mark Zuckerberg, and Amazon CEO Jeff Bezos. It's unclear what Lu discussed with the executives.

more

PlayStation Network goes down, hacker group takes credit

12/08, 7:35am

Series of attacks mirrors similar incidents by same group in August

Sony has suffered its second major hacking incident in recent weeks, with its PlayStation console users being the target this time. The company's PlayStation Network services were knocked offline late last night before returning to normal earlier this morning, in an attack which coincides with the 20th anniversary of Sony's original game console release.

more

Sony Pictures employees receive email threatening danger to families

12/06, 12:15pm

Alleged 'Guardians of Peace' leader sent email demanding Sony 'behave wisely'

The Sony Pictures hack attack has taken a dark turn. A mass email in broken English went out to employees whose data was stolen by the so-called "Guardians of Peace," demanding that recipients return the email, or "not only you but your family will be in danger." In the email, the attackers are demanding that employees "make your company behave wisely" in order to stop future incidents by the hack group.

more

Judge: Target's ignorance a 'key role' in 2013 Black Friday data theft

12/05, 4:28pm

Class-action suit by banks will be bellwether for future hack responsibility suits

The judge overseeing the suit filed by banks against Target regarding the "Black Friday" data breach from 2013 has allowed the suit to continue, despite protestations by the retailer. Judge Paul A. Magnuson of the Minnesota district court has ruled that Target failed to respond to warnings that an attack was imminent, and the failure to observe these warnings meant that the company played a "key role" in allowing the data theft.

more

Sony breach leaked personal details of 47,000 employees, celebrities

12/05, 6:32am

Personal data belonging to Sylvester Stallone, Rebel Wilson leaked in hack

The Sony Pictures data breach may be bigger than originally believed, as reports claim a lot more people than the 6,000 employees have been affected. Personal data including Social Security numbers for more than 47,000 current and former employees were apparently involved in the leak, including information relating to famous celebrities such as Sylvester Stallone and Rebel Wilson.

more

Sen. Wyden introduces bill to block mandated surveillance backdoors

12/04, 11:02pm

Secure Data Act attempts to ban the inclusion of vulnerabilities for surveillance, search

A new Senate bill was introduced on December 4 that aims to halt one channel of government intrusion into electronic devices and software. Privacy and technology supporter Sen. Ron Wyden (D-OR) unveiled the Secure Data Act, which he drafted to cut off recent attempts by government officials to change laws and render new private encryption and device trends obsolete in the name of government access.

more

Apple SVP Eddy Cue testifies in Real trial, defends DRM use

12/04, 7:12pm

Explains why DRM was formerly required by record companies, more

Day three of the Real vs. Apple trial over allegations that Apple deliberately blocked rival stores' DRM music files on the iPod (a potential antitrust violation) continued today with testimony from Eddy Cue, Apple's SVP of Internet software and services and the executive in charge of the iTunes Store. Cue was on the stand for hours, going through an explanation of why the original iTunes Store had to have digital rights management in the first place, how Apple developed its FairPlay wrapper, and why it chose not to license FairPlay to others.

more

Taiwanese gov't accuses Xiaomi, others of violating privacy rules

12/04, 11:50am

Apple, Samsung, HTC among identified parties

Taiwan's National Communications Commission has found 12 cellphone makers to be violating the country's Personal Information Protection Act, according to the Wall Street Journal. PIPA covers the "collection, processing and use of personal information"; the NCC has yet to say exactly how the companies broke regulations, but does explain that it discovered the issue while investigating charges that Chinese firm Xiaomi was collecting and transmitting user data without permission.

more

UN diplomat claims North Korea not involved in Sony Pictures attack

12/04, 11:45am

Anti-North Korea comedy "The Interview" scheduled to be released December 25

Despite previously calling a movie soon to be released by Sony Pictures an "act of war," North Korea has denied any involvement in the seemingly-ongoing studio hack. An anonymous diplomat from the country has refuted state involvement in the data theft, and claims that North Korea has "publicly declared that it would follow international norms banning hacking and piracy."

more

Apple updates Safari for Mountain Lion, Mavericks, Yosemite

12/03, 5:52pm

Bugfix updates add Firefox import, improves WebGL on Retina displays

On Wednesday, Apple released minor updates to Safari for the current and two most recent OS X versions. Mountain Lion (OS X 10.8.5) users will see an update to Safari v6.2.1, Mavericks (10.9.x) users will see Safari 7.1.1 available for update, and Yosemite users (10.10) will get Safari 8.0.1. The releases share a variety of bug and security fixes, and add the ability to import usernames and passwords from Firefox.

more

Google updates reCaptcha by removing image tests for most users

12/03, 2:48pm

High accuracy of scripted bots prompts change in Captcha system

Google is updating the reCaptcha human authentication system, by effectively removing the Captcha element for the majority of users. Dubbed the "No Captcha reCaptcha," the new API will attempt to monitor the user's interaction with the captcha to see if they are genuine or a script, with most valid users able to simply click a tick box without seeing a Captcha at all.

more

Android version 5.01 factory images for Nexus devices, AOSP released

12/03, 11:44am

Update to Android Lollipop may fix lock screen bug

An update for Android Lollipop is believed to be on the way, after a new factory image for Nexus devices was released for download. Version 5.01 of the mobile operating system has been pushed to AOSP along with factory images for the Wi-Fi Nexus 9, Nexus 10, and 2013 Nexus 7, a step usually followed by an over-the-air update for other devices.

more

Russian lawmaker calls for ban on iPhone for parliament politicians

12/02, 8:49pm

Security concern based on apparently false newspaper article

A member of the center-left Fair Russia party and State Duma lawmaker is proposing a bill that would recommend that all Russian parliament members stop using iPhones and iPads to protect themselves from foreign eavesdropping, based primarily on what appears to be a false report that the Russian military has done the same. The Defense Ministry has since denied the report from the newspaper Izvestia, but the bill has again opened the question of whether foreign-made smartphones and tablets are secure.

more

FBI warns of severe malware attack, likely used in Sony penetration

12/02, 11:36am

FBI gives guidance to major US corporations, including who to notify during attack

While not specifically naming any names, the FBI has warned that a major cyberattack has taken place against US businesses in the last two weeks. The advisory, likely given in the wake of the enormous Sony breach, gives some details about the tools used in the assault, and provides advice to the businesses on how to respond to the package, which includes informing the FBI.

more

Five Sony Pictures movies leak to piracy sites following hack

12/01, 8:38am

Fury, Annie, other leaked films shared over 1M times collectively

A number of Sony movies have been leaked following the Sony Pictures hack last week, according to reports. At least five movies are circulating on file-sharing sites, and while unreleased films including Mr Turner and Annie are being pirated before a theatrical release, the recent Fury is claimed to be receiving a considerable amount of attention, despite still being shown in cinemas.

more

Cox sued by labels over failure to inform users of piracy warnings

11/29, 8:10am

'Your friend in the digital age' allegedly aids piracy by ignoring infringement

A pair of music publishers have launched a suit against Internet service provider Cox Communications. BMG Rights Management and Round Hill Music accuse the provider of failing to penalize serial rights infringers, with warnings by watchdog Rightscorp (well known for its false positives) going ignored. The pair claims that Cox's refusal to deliver the messages serves to dilute the entire anti-piracy effort agreed to by the ISPs, and hurts both the ISP industry and music-producing business in the process.

more

Government could turn to 225-year-old law to force user decryption

11/26, 9:29pm

All Writs Act compels 'reasonable' unlock assistance, gives idea of future circumvention

In the face of increasing security measures on consumer devices, the US Department of Justice appears to be returning to old school tactics to get at data in devices. A judge in New York ordered an unnamed smartphone manufacturer to provide technical assistance in unlocking a device, something prosecutors argued under the All Writs Act of 1789. While the All Writs Act has been used in the past in technological situations, it could be the de facto means of law enforcement data requests in the future.

more

Home Depot faces 44 civil lawsuits from breach, spent $43M on fallout

11/26, 5:21pm

Company achieves revenue growth after breach fallout, full impact still unknown

Home improvement retailer Home Depot is still locked into a battle over the security breach it reported in September that put 56 million credit cards at risk. However, the fight is no longer against cyber criminals, but rather consumers affected by the breach and government agencies. To date, the retailer is involved in "at least 44 civil lawsuits" in the US and Canada.

more

Union, Rev. Jackson push for better terms for Apple security guards

11/26, 11:34am

USWW looks to unionize guards at Cupertino campus

With the backing of activist Reverent Jesse Jackson, United Service Workers West is hoping to unionize the security guards working at Apple's Cupertino headquarters, and in the short term is urging the company to use a different security contractor, says the San Jose Mercury News. USWW is ultimately aiming to unionize guards across Silicon Valley, but is beginning with Apple in the belief that it could set a standard for other tech companies. While the union would likely stand to benefit from dues, it notes that service workers in the Bay Area are often just scraping by financially, since the cost of living has been inflated by the salaries of high-tech workers.

more

Electronista Sponsor

Electronista Newsletter

Free Technology and Gadgets Newsletter

  • We will not share your email address with anyone.

    toggle

    Most Popular

    Sponsor

    Recent Reviews

    Dell AD211 Bluetooth speaker

    For all of the high-priced, over-engineered Bluetooth speakers in the electronics market, there is still room for mass-market solution ...

    VisionTek 128GB USB Pocket SSD

    USB flash drives dealt the death blow to both the floppy and Zip drives. While still faster than either of the old removable media, sp ...

    Kodak PixPro SL10 Smart Lens Camera

    Smartphone imagery still widely varies. Large Megapixel counts don't make for a good image, and the optics in some devices are lacking ...

    Sponsor

    toggle

    Most Commented

     
    toggle

    Popular News