Security Brief: Router Vulnerabilities, OpLastResort

The main events of the week between February 4 – February 10

By on February 10th, 2013 06:51 GMT

The world of information security keeps getting more and more interesting by the minute. However, over the past week, there have been some events that stood out.

First of all, we’ve heard a lot of things about vulnerabilities that affect routers. It all started in January when security firm DefenseCode identified a root access flaw in the Linksys WRT54GL router developed by Cisco.

Cisco admitted that the model was affected by the security hole, but they said other products were not susceptible to the attacks described by DefenseCode.

However, the security firm said other models might be affected. In addition, researchers have uncovered that several routers that use a certain UPnP Broadcom stack are impacted.

DefenseCode has published a partial list of the affected products.

In the meantime, security researcher Michael Messner has identified other vulnerabilities that affect D-Link, and Linksys routers.

Anonymous continues OpLastResort, the campaign initiated after the suicide of Reddit co-founder Aaron Swartz.

After hacking the US Sentencing Commission and various other government websites, the hacktivists leaked the details of over 4,000 bank executives, which they stole from the Emergency Communication System (ECS) website of the US Federal Reserve.

Representatives of the Fed admitted that their systems were hacked and called in the FBI to investigate. However, they tried to downplay the incident by saying that Anonymous’ claims were overstated and by arguing that no critical operations had been impacted.

In response, the hackers have published a 9 MB file which contains the names of thousands of files and folders from the servers of the Fed, which they claim to have “owned.”

Another interesting hack from this week is the one as a result of which the private photos and emails of several members of the Bush family have been exposed. Other noteworthy breaches are the ones that have affected Bit9 and online advertiser NetSeer.

Here are some other interesting stories from this week, in case you’ve missed them:

144 people, many of which celebrities, win damages in News of the World phone hacking case

11-year-old children are capable of writing malware

Twitter and Facebook accounts of Sky News Arabia hacked by the Syrian Electronic Army

EU publishes cybersecurity strategy and a directive on network and information security

WSJ owner Rupert Murdoch says Chines hackers are still attacking the newspaper

US Department of Energy hacked

Microsoft and Symantec take down Bamital botnet

Researchers present Lucky 13 attack against TLS and DTLS protocols. SSL has once again been cracked

Comments

A lot of router vulnerabilities identified in the last weeks
   A lot of router vulnerabilities identified in the last weeks