Security Brief: Guy Fawkes, Flaws and Izz ad-Din al-Qassam Cyber Fighters
The main events of the week between November 5 and November 11, 2012
This has certainly been an interesting week. Hackers from all around the world have celebrated Guy Fawkes Day in a typical manner, researchers have found vulnerabilities, and hacktivists of the Izz ad-Din al-Qassam Cyber Fighters collective have offered us an exclusive interview.The interview focuses on the group’s goals, the attacks they’ve launched against the websites of US financial institutions, but also some other interesting aspects.
On Monday, November 5, Anonymous hackers from all over the world started breaching all sorts of websites.
They claimed to have penetrated the systems of PayPal, Symantec, ImageShack and NBC. Although social media networks were flooded with their claims, many of the targeted companies denied being breached.
Anonymous Australia seemed to be the least inspired. They defaced websites to protest against the government, but their targets were the sites of hippie festivals and NGOs.
Another interesting hack, unrelated to Guy Fawkes Day, was the one that targeted Pizza Hut Australia. The hackers claimed that they stole the details of 240,000 credit cards from the site, but Pizza Hut representatives denied storing such information.
This past week we also learned that Coca Cola was breached. Not now, but back in 2009. The attackers allegedly stole some sensitive information from its systems and the incident might have even affected the acquisition of a Chinese company.
On Thursday, Twitter started resetting user passwords after it learned that a number of accounts had been compromised by a third-party website.
Some interesting vulnerabilities have been identified in Symantec and Sophos products.
Sophos addressed a number of security holes after being notified by a researcher. Symantec, on the other hand, suggested some workarounds for issues caused by a legacy decomposer.
An expert revealed that users could launch denial-of-service (DOS) attacks via Facebook’s chat module. The researcher found that he could cause a DOS state by sending a large packet via the social media’s chat.
Cybercrime investigators from Group-IB have found that an Adobe Reader zero-day was sold for large amounts of money on the black market. The exploit has already been added to a custom version of the BlackHole exploit kit.
It’s well known that, normally, online services providers are only allowed to hand over their customers’ details to authorities based on a court order. However, Skype is accused of giving a private security firm the details of an alleged 16-year-old hacker.
Another incident involves the US Securities and Exchange Commission (SEC). According to reports, some of the agency’s staffers failed to encrypt their work computers, despite the fact they contained sensitive information.
Not only that, they also took the devices in question to the Black Hat convention.
Finally, UGNazi’s Cosmo the God was sentenced on Wednesday by a juvenile court. He is not allowed to access the Internet until he turns 21, he must hand over the login credentials for all his online accounts, and he is banned from contacting any of his old “friends” from the hacking scene.