Tag Archives: Data breach

Old Gmail Leak – WSWiR Episode 121

Patch Day, Home Depot Update, and Gmail Leak

Why go searching for all the week’s information security (infosec) news when you can find it in one convenient place. This weekly vlog summarizes the important security updates, hacks, and threats so you can protect yourself.

This week’s episode arrives a bit late due to my business travel in Europe. Today’s show covers the week’s Microsoft and Adobe patches, the latest news on the Home Depot breach, and a story about a potentially new (but likely old) Gmail credential leak. Watch the video for the details, and check the references below for more info and some extra stories.

I will be continuing my business travel next week as well. So my weekly post may arrive earlier or later than normal. Have a great day!

(Episode Runtime: 4:53)

Direct YouTube Link: https://www.youtube.com/watch?v=I1GZpvQV6dQ

Episode References:

Extras:

— Corey Nachreiner, CISSP (@SecAdept)

Celeb Selfie Hack – WSWiR Episode 120

Software Patches, Home Depot Breach, and Celebrity Selfie Hack

If you need a quick source for all your information security (infosec) news, you’ve come to the right place. I summarize the most important infosec news in this weekly video, and provide links to other security stories as well.

Unfortunately, today’s episode includes a pretty creepy hack. The show covers next week’s upcoming software patches, another credit card leak that seems to come from Home Depot, and a gross story about hackers stealing hundreds of celebrities’ most private pictures. Find the details in the video below and see what you can learn from these unfortunate cyber attacks.

As always, check the Reference section if you are interested in other stories that I didn’t cover in the video. Also, I will be traveling the next few weeks, which means I may not be able to post this video as regularly as usual. Expect the video to turn up at irregular times, otherwise I may post a written version of the weekly summary instead. Have a great weekend, and stay safe online!

(Episode Runtime: 13:17)

Direct YouTube Link: https://www.youtube.com/watch?v=-mRjltM-tc0&

Episode References:

Extras:

— Corey Nachreiner, CISSP (@SecAdept)

Car Hacking Exposed – WSWiR Episode 71

Tor Botnets, SIM Hacking, and Pwned Prius

Blackhat and Defcon are only a few days away, so this week’s InfoSec news summary covers previews of some of the research experts plan on disclosing during next week’s security bonanza.

During this week’s episode, learn about the latest Tor-based botnets, hear how hackers can force malware through your phone’s SIM card, and see a couple researchers totally take over a Prius car with a laptop. Watch below, and check the Reference section for other interested security stories.

Show Notes: I had unexpected microphone cable problems during my recording, which I didn’t learn about until after my shoot. It caused some hum and clicks in this week’s video. I apologize for the bad audio, and will be sure to check it next week.

Also, I will be attending Blackhat next week. I still plan to post at least one video, but it may not appear at its regular time.

(Episode Runtime: 10:09)

Direct YouTube Link: https://www.youtube.com/watch?v=Pa3QsIS-TK8

Episode References:

Extras:

— Corey Nachreiner, CISSP (@SecAdept)

Rogue Femtocell Sniffs Cellular Data – WSWiR Episode 70

Google Glass Hijack, Steganography Backdoor, and Femtocell Hack

After a week missing-in-action due to vacation, I’m back with another news-packed InfoSec summary video for the week. If you’d like to quickly hear the highlights about the latest updates, breaches, and malware, give our weekly video a go.

In this week’s episode I cover some interesting new Mac malware, a Google Glass hijacking vulnerability, how to hide web backdoors in images, and a rogue femtocell. For all that and more, click play below; and don’t forget to check the Reference section for extras.

Have a great weekend, and stay safe online!

(Episode Runtime: 15:18)

Direct YouTube Link: https://www.youtube.com/watch?v=pjWEkd2htzQ

Episode References:

Extras:

— Corey Nachreiner, CISSP (@SecAdept)

Major Android Flaw Means More Trojans – WSWiR Episode 69

Snowden’s Hacker CV, Uplay Breach, and Serious Android Vulnerability

Last Thursday, US citizens celebrated our 4th of July, Independence Day holiday, which traditionally means that few workers came into the office on Friday. For that reason, I decided to hold onto last week’s InfoSec summary video until today. What better way to start the week than learning about the latest security news with a hot cup of joe.

In last week’s episode, I cover news of Snowden’s hacking credentials, the latest OS X update, a Ubisoft network breach, and a critical security vulnerability that affects 99% of Android users. For the details on those stories and more, watch our video below.

As an aside, I am taking a bit of time off at the end of the week, so I will either skip this Friday’s video, or post a short one on Monday.

(Episode Runtime: 7:21)

Direct YouTube Link: https://www.youtube.com/watch?v=DTjkmKKy-Gg

Episode References:

Extras:

— Corey Nachreiner, CISSP (@SecAdept)

Huge Sony PSN Data Breach; What Should I Do?

On Tuesday, Sony officially disclosed a humongous data breach against the Playstation Network or PSN (recently renamed to Qriocity), which allowed external attackers to get their hands on the Personally Identifiable Information (PII) of around 77 million gamers. Worse yet, they may have even stolen their credit card information, too.

If you read security news, or follow me (@SecAdept) on Twitter, you’ll know this incident has been brewing for around a week now. It first started last Wednesday, when PSN went down for all Playstation 3 users. At the time, I’d imagine that most customers assumed the outage was some sort of routine maintenance. However, with Sony recently coming out of a DDoS battle with “Anonymous” over the Geohot Playstation hacking lawsuit, paranoid security professionals like me suspected this outage might be related to more “Anonymous” hijinks. Unfortunately, we have since learned that that wasn’t the case (I wish it was).

Over the next few days, the story continued to slowly unfold, mostly on security and gaming sites. Sony blog posts (some which were later removed) eventually admitted that the issue may be related to an “external intrusion.” However, Sony was not quick to confirm the details, or share what the attackers got. If you are interested in how the story slowly unfolded, PCWorld has a great timeline of the incident. In any case,  Sony finally sent an email to all its PSN subscribers Tuesday night, sharing exactly what the bad guys stole — and unfortunately the cretins hit pay dirt.

If you’d like to read Sony’s email in full, check out this forum post, but I’ll quickly highlight what it claims the attackers stole from all PSN subscribers:

  • Your name,
  •  address (city, state, zip),
  • country,
  • email address,
  •  birthdate,
  • PSN password and login
  • PSN online ID and handle
  • purchase history,
  • billing address (may be different than normal one),
  • security answers,
  • and possibly even your credit card information (excluding security code)

Unfortunately, this is a huge repository of valuable information for identity thieves and attackers wishing to target your other online accounts. On the surface, the biggest concern is whether or not attackers gained access to credit card (CC) numbers.  Sony is not very clear on this count. They claim they have no evidence to suggest so. However, they immediately backpedal, saying they cannot rule out the possibility. A more recent Sony Blog update has at least shared that the CC date was encrypted, and that they didn’t store any security code info for CCs. Well, at least that’s semi-good news.

So what’s a PSN subscriber to do?

Being one myself, I immediately asked myself that very question. Here’s what I’ve come up with:

  1. Do you follow best password handling practices? If not, change your passwords. One well known, but often ignored, password security practice is that you should NOT use the same password everywhere. Unfortunately, many people, including security professionals, don’t follow this practice. If you are one of those people, the first thing you need to do is go to all the important sites you visit and change your password. If someone has your email address and a password, that will get them into many popular sites you may frequent.
  2. Cancel/change your credit card. This one really sucks. It can be a pain to get new credit cards, mostly when you don’t know for sure whether it is entirely necessary. Unfortunately, I have to lean towards being safe and not sorry. If you shared your CC with PSN (it’s possible you may not have), you should probably get new cards. Granted, Sony does say the CC data was encrypted. So ultimately, it is up to you if you want to take the chance.
  3. Watch your credit information. There’s really nothing you can do about that fact that a lot of your PII data is out there. This is the same data bad guys use to setup fraudulent accounts in your name. Luckily, attackers didn’t get one crucial (at least in the US) piece of data; your social security number. Without this, they probably can’t setup financial accounts in your name. Nonetheless, you should still monitor your credit via your country’s credit agencies. You may even considering submitting a fraud alert or credit freeze, which will make it harder for attackers to create new accounts in your name.
  4. Remain vigilant for follow-up attacks. Since the attackers didn’t get Social Security numbers, they don’t have all they need to totally steal your identity. However, they often follow up these sorts of attacks with other attacks (email phishing), trying to gather any additional info they need. Furthermore, they can often leverage the information they’ve already stolen to help trick you into trusting them. So remain vigilant against phishing and social engineering attacks, asking you for private info.

The last question that I’m sure is one everyone’s mind, is how did Sony actually get hacked. The short answer is, we don’t know yet. Sony’s not sharing. There has been a number of rumors, though:

  • Geohot did it. This is the guy that hacked the Playstation 3’s DRM and copy protection. Sony sued him for it, and he settled the case (saying he’d leave Sony stuff alone). This guy’s smart enough to breach networks, but I’m pretty sure he didn’t go after PSN, mostly after settling with Sony. So I doubt this is the case.
  • “Anonymous” did it. Anonymous is that random group of hackers that went after HBGary. They also sided with Geohot during the PS3 hacking case, and likely launched DDoS attacks against Sony in early April. However, they claim they had nothing to do with this breach. I tend to believe it as Anonymous tends to stick more with headline grabbing stunts, than these highly illegal, malicious breaches. That said, some solo-Anonymous hackers may have acted alone.
  • The attack is the result of a custom PS3 firmware (called Rebirth). When Geohot hacked the PS3 DRM, he made it possible for homebrew coders (and pirates) to load their own modified firmware onto the PS3. These modification could allow playstation users to do all sorts of cool things that Sony didn’t originally intend the PS3 to do. However, some of the latest custom firmwares coming out of the PS3 “scene” included modifications that would allow hacked PS3 to regain access to PSN, or worse, the PSN developer network. One of those firmwares was called Rebirth. Due to the timing of Rebirth’s release, and some of it’s features, some people suspect it has something to do with how the PSN attackers were able to breach Sony’s PSN  network. In fact, it seems very likely that the modified firmware was at least used to fraudulently download PSN games without valid CCs. Of the rumors presented, this one seems most possible to me. That said, the creators of Rebirth have claimed they weren’t responsible either. However, they admit users have found interesting ways to use their firmware.

Besides those rumors, other experts have shared their own guesses about how this breach might have happened. For instance, one mentioned that it could have been a spear-phishing email, that got malware on an administrator’s computer. That guess is as good as any. After all, that’s basically how the Aurora attackers got into Google — it’s certainly possible.  Yet, it’s still just a guess. Until Sony, or someone else, shares the real story, all we can do is wonder.

Not  knowing exactly how the breach happened makes it harder to give you a specific defense that can help prevent this from happening to you, but that’s where good ‘ole “Best Practices” come in (something we also learned during the HBGary incident). Two things come to mind for me:

  1. Defense-in-Depth. Security guys hear this so often that it stops feeling relevant. It still is. It’s simple math. The more defensive layers you build up — things like Firewalls, IPS, AV, application control, cloud reputation, etc. — the better statistical chance you have of detecting and blocking an attack. That is why WatchGuard created our XTM appliance. We want to make it as easy as possible to incorporate as many defenses as possible, in one easy to manage appliance, and to have a platform that allows you to evolve your defenses in the future. That said, when most people think “Defense-in-Depth,” they only think about the hard, preventive technology measures, such as the ones I’ve mentioned above. They don’t think as much about the softer security measures, such as visibility tools that may also help you recognize unusual incidents, like security breaches. When you are building your layers of defense, don’t forget to include products that offer visibility tools as well (we have great visibility tools, and plan to make them even better).
  2. Focus your perimeter on your data center! One of my predictions for this year was that your perimeter will not go away. It will just shrink, harden, and focus on your data center. The huge increase in mobile workforce and technologies, has caused the security industry to largely focus on mobile security technologies — for good reason. However, just because you need mobile defenses, doesn’t mean you can tear down the walls around your castle. Instead, the huge increase in big data breaches, like this PSN incident, has shown that we need strong, evolving perimeter defenses around our data centers, today more than ever. Your perimeter shouldn’t only protect your data center from the world, but also from your own workforce. Based on what Sony’s doing to improve their PSN security, it sounds like they now agree with my prediction.

This PSN data breach will surely have resounding affects on network security for years to come. I wouldn’t be surprised to see it cause PCI changes, trigger politicians to suggest new laws, and result in new business regulations. I will continue to follow the story and post any interesting new details I find. —  Corey Nachreiner, CISSP. (@SecAdept)


Follow

Get every new post delivered to your Inbox.

Join 7,659 other followers

%d bloggers like this: