Hack

Google: Today we received reports of attempted SSL man-in-the-middle (MITM) attacks against Google users, whereby someone tried to get between them and encrypted Google services. The people affected were primarily located in Iran. The attacker used a fraudulent SSL certificate issued by DigiNotar, a root certificate authority that should not issue certificates for Google (and has since revoked it). Google Chrome users were protected from this attack because Chrome was able to detect the fraudulent certificate. ...

H-Online: A vulnerability in its forum software has been exploited by a hacker to compromise mobile phone maker Nokia‘s developer forum. The attacker used SQL injection to access the forum database at developer.nokia.com and, according to Nokia, obtained email addresses of registered users. Where configured to be publicly available, the table also includes details such as the user’s date of birth, web site URL and Skype, ICQ or other IM username; this is reported to be the case for around 7 per cent of users. The database did not contain passwords or credit card information. The issue does not, according to Nokia, affect any other Nokia accounts. ...

Schneier on Security: It’s hard to know how serious this really is: The screenshots appear as B-roll footage in the documentary for six seconds­between 11:04 and 11:10 minutes — showing custom built Chinese software apparently launching a cyber-attack against the main website of the Falun Gong spiritual practice, by using a compromised IP address belonging to a United States university. As of Aug. 22 at 1:30pm EDT, in addition to Youtube, the whole documentary is available on the CCTV website. ...

My Personal Opinion: I doubt if that site is really their official website or not Sophos Labs: Within days of the hacktivist group Anonymous announcing it was setting up its own social network (after being unceremoniously booted off Google+), its plans have taken a somewhat humiliating turn. AnonPlus, Anonymous’s planned social network, has been defaced by rival hackers. A group of hackers apparently based in Turkey replaced AnonPlus’s main webpage with an image of a dog wearing a suit, mocking the more normal Anonymous logo, and messages in Turkish and English: ...

Anonymous claims to have stolen around a gigabyte of classified NATO data The H-Online Security wrote: In a post on Twitter, the Anonymous hacker group said that it has managed to steal a number of secret documents from one of NATO‘s servers. As proof, Anonymous published two PDF documents from 2007 and 2008 that are allegedly from NATO. The classification “NATO Restricted” suggests that the documents are intended only for circulation within the organisation – if they are genuine. The hacktivists say they copied a gigabyte of data in total, but added that it would be “irresponsible” to publish most of the material. ...

Follow up from: Hacker Gains Access To WordPress.com Servers Tech Crunch: WordPress.com has revealed that someone has gained root-access (“low-level,” as in deep) to several of its servers this morning and that VIP customers’ source code was accessible. WordPress.com VIP customers are all on “code red” and in the process of changing all the passwords/API keys they’ve left in the source code. “Tough note to communicate today: Automattic had a low-level (root) break-in to several of our servers, and potentially anything on those servers could have been revealed. ...

Tech Crunch: WordPress.com has revealed that someone has gained access to several of the their servers this morning and that VIP customers’ source code was accessible. WordPress.com customers are all on ‘code red’ and in the process of changing all the passwords/api keys they’ve left in the source code. “Tough note to communicate today: Automattic had a low-level (root) break-in to several of our servers, and potentially anything on those servers could have been revealed. ...

Thanks to my friend, Pondus! Ars Technica: Hundreds of thousands of URLs have been compromised—at the time of writing, 694,000 (it’s over millions of site when you are reading this)—in an enormous and indiscriminate SQL injection attack. The attack has modified text stored in databases, with the result that pages served up by the attacked systems include within each page one or more references to a particular JavaScript file. ...

Cnet: A malicious attacker that appears to be the Iranian government managed to obtain supposedly secure digital certificates that can be used to impersonate Google, Yahoo, Skype, and other major Web sites, the security company affected by the breach said today. Comodo, a Jersey City, N.J.-based firm that issues digital certificates, said the nine certificates were fraudulently obtained, including one for Microsoft’s Live.com, have already been revoked. A fraudulent certificate allows someone to impersonate the secure versions of those Web sites–the ones that are used when encrypted connections are enabled–in some circumstances. ...

Play.com, one of the largest online retailers of DVDs, CDs, MP3s, books and gadgets, emailed its customers yesterday admitting to a security breach in its marketing communications. Names and emails may have been compromised. Play.com claims the breach happened outside its walls, so presumably they use a third party marketing consultancy to manage part or all of its marketing activities. Here is one of the messages that was sent out to customers by Play.com: ...