“…our own policies were not followed…”; Apple and Amazon Hacks August 8, 2012
Posted by Chris Mark in Data Breach, InfoSec & Privacy.Tags: Amazon, Apple, authentication, cybercrime, cybersecurity, iCloud, mark consulting group, Matt Hanon, risk, security, social engineering
2 comments
This past week, tech writer Matt Honan (of Wired) had his Amazon and Apple accounts hacked and his “…digital life destroyed”. You can read his first hand account here. The hacker did not use any special technology rather was able to hack the accounts using a basic social engineering and knowledge of who the systems worked. Here is a description of the hack from CNN.com:
“At the heart of his story is a dangerous blind spot between the identity verification systems used by Amazon and Apple, two of the tech industry’s most popular vendors.
Like many people, Honan has a variety of email addresses. Several of them can be easily tracked down by anyone hunting around online. The hacker who went after Honan found his @me.com address — a tip-off that Honan had an AppleID account. (more…)
Oil Giants Hacked by Anonymous in “Save the Arctic Phase2” July 16, 2012
Posted by Chris Mark in Data Breach, Industry News.Tags: anonymous, bp, cybercrime, cybersecurity, data breach, exxon, InfoSec & Privacy, mark consulting group, savethearctic, security
add a comment
According to CyberWarNews.com Anonymous set its sites on oil giants Shell, BP, Gazprom, and Rosneft in what has been dubbed “Save the Arctic Phase 2”. This comes on the heels of phase one in which account details including administrator accounts, passwords and other server info was stolen from Exxon and released.
According to the messages posted on pastebin, the account were used to sign the petition on savethearctic.org and, more disturbingly, for phishing attacks. Hacktivism is a growing concern for all companies. Whether it be to combat the perceived unfair distribution of wealth of capitalism, support of US defense industry, or environmental issues, hacktivists are increasingly active against corporations.
“The Rise of CyberEspionage” – Chris Mark Published in Homeland Security Network June 18, 2012
Posted by Chris Mark in cyberespionage, cybersecurity.Tags: anonymous, china, cybercrime, cyberespionage, cybersecurity, data breach, data security, homeland security network, L3, mark consulting group, RSA, security
add a comment
An article I wrote on the Rise of Cyber Espionage was picked up by the Homeland Security Network. I must admit that the article title is not what was submitted but the article is one I wrote. If you are interested, spin on over to the Homeland Security Network and read the article. Any feedback would be appreciated..here is an excerpt:
“On April 15, 2011, the US Congressional Subcommittee on Oversight and Investigations conducted a hearing on Chinese cyber-espionage. The hearing revealed the US government’s awareness of Chinese cyberattacks. In describing the situation in her opening remarks, sub-committee chairperson Dana Rohrbacher astutely stated:
“[The]United States is under attack.”12 “The Communist Chinese Government has defined us as the enemy. It is buying, building and stealing whatever it takes to contain and destroy us. Again, the Chinese Government has defined us as the enemy.”
“One Adam Twelve, One Adam Twelve…”: Security Theater & Doggies Doo June 11, 2012
Posted by Chris Mark in security theater.Tags: cybercrime, deterrence theory, jerusalem, mark consulting group, security, security theater
add a comment
Chris’ Dog BO
Today on Yahoo News Canada is a story in which it is claimed that Jerusalem such a problem with dog poop that they are enacting a program in which they will match offending doggy doo against a master DNA database. According to a statement from the Jerusalem municipality: “The municipality pilot project calls for establishment of a database of dog DNA to allow us to reduce the soiling of pavements, parks and public spaces,” In short, the city plans on DNA profiling 70-80% of the 11,000 dogs that live in Jerusalem and then, if there is a “pile” of DNA on the sidewalk, someone will pick it up, send to a lab, test it, and then the owner of the offending pooch will be fined $193. This plan is so ridiculous that it does not merit much discussion but…for the sake of this blog let me use an example from a previous post. (more…)
Oh My!! More than 6 Million LinkedIn Passwords Stolen! June 6, 2012
Posted by Chris Mark in cybersecurity, Data Breach, Industry News.Tags: Chris Mark, cybercrime, cybersecurity, InfoSec, LinkedIn, privacy, security, Stolen Passwords
add a comment
Change your LinkedIn password now! According to an article on CNN, over 6 million LinkedIn passwords were stolen by Russian hackers. LinkedIn also confirmed in their own blog post that some of the posted passwords did match LinkedIn accounts. According to the story: “The 6.5 million leaked passwords were posted Monday on a Russian online forum, camouflaged with a common cryptographic code called SHA-1 hash. It’s a format that’s considered weak if added precautions aren’t taken. Roughly half of the “hashed” passwords have already been decoded and posted online in human-readable text.” You can read more about how Hashes are cracked using Rainbow tables in the awesome post here.
Global Security, Privacy, & Risk Management 