In a blog post last Friday, Twitter’s Director of Information Security Bob Lord, said the company had discovered a major attack and shut it down almost immediately, but the attackers may have had access to user names, email addresses, session tokens and passwords for approximately 250,000 users.
Lord said that Twitter detected unusual access patterns that led to it identifying unauthorised access attempts to Twitter user data.
“We discovered one live attack and were able to shut it down in process moments later. As a precautionary security measure, we have reset passwords and revoked session tokens for these accounts. If your account was one of them, you will have recently received (or will shortly) an email from us at the address associated with your Twitter account notifying you that you will need to create a new password. Your old password will not work when you try to log in to Twitter.
Though only a very small percentage of our users were potentially affected by this attack, we encourage all users to take this opportunity to ensure that they are following good password hygiene, on Twitter and elsewhere on the Internet. Make sure you use a strong password – at least ten (but more is better) characters and a mixture of upper- and lowercase letters, numbers, and symbols – that you are not using for any other accounts or sites.
Using the same password for multiple online accounts significantly increases your odds of being compromised. If you are not using good password hygiene, take a moment now to change your Twitter passwords. We also echo the advisory from the US Department of Homeland Security and security experts to encourage users to disable Java on their computers in their browsers”.
The attack follows hacks into a number of major media outlets, including The Washington Post, The New York Times, and The Wall Street Journal. Unnamed sources quoted by the newspapers say they suspect Chinese hackers, possibly associated with the Chinese government, to be involved.
Twitter have not mention that how hackers were able to infiltrate Twitter’s systems, but Twitter’s blog post alluded that hackers had broken in through a zero-day vulnerability in Oracle’s Java software.
Yahoo is investigating the claims of a hacker who is selling an exploit that apparently hijacks Yahoo mail accounts.
The exploit, being sold for $700 by an Egyptian hacker on an exclusive cybercrime forum, targets a cross-site scripting (XSS) weakness in yahoo.com that lets attackers steal cookies from Yahoo! Webmail users.
Such a flaw would let attackers send or read email from the victim’s account. In a typical XSS attack, an attacker sends a malicious link to an unsuspecting user; if the user clicks the link, the script is executed, and can access cookies, session tokens or other sensitive information retained by the browser and used with that site. These scripts can even rewrite the content of the HTML page.
Demonstrating an apparent flair for marketing, the hacker, under the alias “TheHell” also posted a video on YouTube, providing a demo for potential customers. He claims it works with all browsers and does not require a bypass of XSS filters in either Chrome or Internet Explorer. He also says the exploit will be sold only to trusted individuals who are not likely to turn it over to Yahoo, which would undoubtedly develop a patch that will foil the attack.
“TheHell” claims that his exploit attacks a “stored” XSS flaw. This type of attack injects a code that is permanently stored on targeted servers until it is found and deleted. The malicious code is then passed to the victim’s machine when that particular server is accessed for legitimate download.
A standard phishing attempt is used to access the user’s cookies, from which the attacker can access the person’s email, or take full control of the account.
As of Tuesday morning, Yahoo was in the process of trying to identify the infected URL. Once the identification is successful, the malicious portion of code will be deleted.
Hacktivist group Anonymous is claiming responsibility for an attack on the computer systems of the Syrian government and its evil overlord Bashar Assad thanks to which over two million emails ended up in the hands of whistle-blowing site WikiLeaks.
As of last Thursday, the site began drip-feeding sections of the ‘Syria Files’ to its selected media partners, and given there are a total of 2.4m emails from 680 separate domains going all the way back to August 2006, it could take some time.
Anonymous revealed in a press release that its Op Syria team – comprising members of Anonymous Syria, AntiSec and sometime collaborator the Peoples Liberation Front – first breached multiple domains and servers in the war-torn country back in February.
“So large was the data available to be taken, and so great was the danger of detection (especially for the members of Anonymous Syria, many of whom are ‘in country’) that the downloading of this data took several additional weeks,” the release said.
Not knowing quite what to do with the huge treasure trove of information it had snarfed, the group handed it over to WikiLeaks, the organisation it had partnered with before in the hack of private intelligence firm Stratfor.
There were no details of exactly how the attack took place but given the usual MO of Anonymous, you can expect it took advantage of some pretty obvious web application vulnerabilities.
The hacktivist group was also keen to portray itself as a force for good offline as well as on, claiming six of its members carried medical supplies across the border and that it has been helping local activists and protesters avoid surveillance efforts by the Assad regime.
Anti-government activists in Syria have been targeted by phishing campaigns and spyware for months, most recently the BlackShades Trojan which spreads via compromised Skype accounts.
On the car forum 1Addicts, a one-time poster by the name of “stolen1m” uploaded the video showing how his BMW was stolen in under three minutes. He suspects the thieves used devices that plug into the car’s On-Board Diagnostic (ODB) port to program a new keyfob.
In this particular video, there are a few security flaws that the hackers are exploiting simultaneously: there is no sensor that is triggered when the thieves initially break the window, the internal ultrasonic sensor system has a “blind spot” just in front of the OBD port, the OBD port is constantly powered (even when the car is off), and last but not least, it does not require a password. All of this means the thieves can gain complete access to the car without even entering it.
BMW has acknowledged that there is a problem, but is downplaying this particular issue by saying the whole industry struggles with thievery. This is unfortunate given that the evidence seems to point towards BMWs being specifically targeted. Whether that’s because they are luxury cars or because they have a security loophole doesn’t matter: the point is BMW needs to do something about it.
If you want to protect yourself from this hack, look into how you can disable the OBD port on your BMW by disconnecting the corresponding wires. If you or your dealer needs it, you can always reenable it. Alternatively, you can try to further secure the port in your own custom way.
According to email transcripts posted to Pastebin yesterday, and confirmed by the company, a group of hackers attempted to extort $50,000 from Symantec in exchange for not releasing its stolen PCAnywhere and Norton Antivirus source code.
Hackers associated with the group Anonymous known as the Lords of Dharamaja leaked what appears to be another 1.27 gigabytes of source code from Symantec Monday night, what they claim is the source code of the Symantec program PCAnywhere.
The leak comes as little surprise: Symantec had previously revealed that the hackers had obtained 2006 versions of that code along with other Symantec products from the same time period, and warned users of PCAnywhere to disable its functionality until they patched the program earlier this month.
The emails between Symantec employee Sam Thomas and the hacker(s) Yamatough, began in January. Symantec confirmed in a statement that it had contacted law enforcement after confirming the theft of the code and that the email exchange was, in fact, part of a criminal investigation. The email thread ended yesterday with Yamatough threatening to immediately release the code.
In a blog post last Friday, Twitter’s Director of Information Security Bob Lord, said the company had discovered a major attack and shut it down almost immediately, but the attackers may have had access to user names, email addresses, session tokens and passwords for approximately 250,000 users.
Yahoo is investigating the claims of a hacker who is selling an exploit that apparently hijacks Yahoo mail accounts.
Hacktivist group Anonymous is claiming responsibility for an attack on the computer systems of the Syrian government and its evil overlord Bashar Assad thanks to which over two million emails ended up in the hands of whistle-blowing site WikiLeaks.
According to email transcripts posted to 
