Colombian Government Website Hacked in Support of Boyaca Protests

Hundreds of thousands of farmers from eleven of Colombia’s departments are protesting these days against the government. The protesters are unhappy that the government has failed to help the farming and agricultural sector.

Colombian Government Website Hacked

Colombian Government Website Hacked

Hacktivists of the Anonymous movement have joined the protests in Boyaca, which, according to the BBC, is one of the most affected provinces. They’ve hacked and defaced the official website of Santander’s General Comptroller of North Department (contraloriands.gov.co).

On the defacement page, the hackers wrote the following message: “President Santos is lying! Boyaca is in crisis, these are it’s leaders orders.”

The message is accompanied by several videos and a link that points to an article regarding the human rights violations in Boyaca.

At the time of writing, the website still hosts the defacement page added by the hackers.

About these ads

Dalai Lama’s China website hacked, infects others: Kaspersky

The Chinese-language website of the Tibetan government-in-exile, whose spiritual head is the Dalai Lama, has been hacked and infected with viruses.

Experts at computer security company Kaspersky Lab warned that the Central Tibetan Administration (CTA) site had been compromised.

It is believed the malicious software could be used to spy on visitors.

Technical evidence suggests the hackers carried out previous cyber-attacks on human rights groups in Asia.

Dalai Lama's Chinese website hacked and infected

Dalai Lama’s Chinese website hacked and infected

Tibet.net is the official website of the CTA, which is based in Dharamshala, northern India.

The organisation’s spiritual leader is the 14th Dalai Lama, who fled Tibet in 1959 after a failed anti-Chinese uprising, and set up a government-in-exile. China considers the Dalai Lama a separatist threat.

Constant threat

Kaspersky says the CTA website has been under constant attack from the same group of hackers since 2011, but previous breaches have been quietly identified and repaired before attracting significant attention.

Other Tibetan organisations, such as the International Campaign for Tibet, have also been targeted.

Kaspersky Lab researcher Kurt Baumgartner says the hackers used a method known as a “watering-hole attack”.

A security bug in Oracle’s Java software might have been exploited, giving hackers a “back door” into browsers’ computers.

“This is the initial foothold,” Mr Baumgartner said. “From there they can download arbitrary files and execute them on the system.”

Kaspersky’s education manager Ram Herkanaidu said the discovery of the attack came after an “email account of a prominent Tibetan activist was hacked“.

Mr Herkanaidu added: “The likely actors behind the sustained campaign against Tibetan sites are Chinese speaking, as in many cases we have seen log files written in Chinese.”

“Khalil Shreateh” who exposed Facebook bug to get reward from unexpected source

A man who hacked into Mark Zuckerberg’s Facebook page to expose a software bug is getting donations from hackers around the world after the company declined to pay him under a program that normally rewards people who report flaws.

Khalil Shreateh discovered and reported the flaw but was initially dismissed by the company’s security team. He then posted a message on the billionaire’s wall to prove the bug’s existence.

Now, Marc Maiffret, chief technology officer of cybersecurity firm BeyondTrust, is trying to mobilize fellow hackers to raise a $10,000 reward for Shreateh after Facebook refused to compensate him.

Maiffret, a high school dropout and self-taught hacker, said on Tuesday he has raised about $9,000 so far, including the $2,000 he initially contributed.

He and other hackers say Facebook unfairly denied Shreateh, a Palestinian, a payment under its “Bug Bounty” program. It doles out at least $500 to individuals who bring software bugs to the company’s attention.

“He is sitting there in Palestine doing this research on a five-year-old laptop that looks like it is half broken,” Maiffret said. “It’s something that might help him out in a big way.”

Shreateh uncovered the flaw on the company’s website that allows members to post messages on the wall of any other user, including Zuckerberg’s. He tried to submit the bug for review but the website’s security team did not accept his report.

He then posted a message to Zuckerberg himself on the chief executive officer’s private account, saying he was having trouble getting his team’s attention.

“Sorry for breaking your privacy,” Shreateh said in the post.

The bug was quickly fixed and Facebook issued an apology on Monday for having been “too hasty and dismissive” with Shreateh’s report. But it has not paid him a bounty.

“We will not change our practice of refusing to pay rewards to researchers who have tested vulnerabilities against real users,” chief security officer Joe Sullivan said in a blogpost.

He said Facebook has paid out more than $1 million under that program to researchers who followed its rules.

Mark Zuckerberg’s Facebook Account Hacked

A Palestinian programmer has highlighted a flaw in Facebook’s security system by posting a message on Mark Zuckerberg’s private page.

Khalil Shreateh used a vulnerability he discovered to hack the account of the Facebook founder and raise the alarm.

Mr Shreateh said he had tried to use Facebook’s White Hat scheme, which offers a monetary reward for reporting vulnerabilities, but had been ignored.

A screenshot of the message left on Mark Zuckerberg's wall

A screenshot of the message left on Mark Zuckerberg’s wall

Facebook said it had fixed the fault but would not be paying Mr Shreateh.

Mr Shreateh found a security breach that allowed Facebook users to post messages on the private “walls” of people who had not approved them as “friends”, overriding the site’s privacy features.

‘Not a bug’

He wrote to Facebook’s White Hat team to warn them of the glitch, providing basic details of his discovery.

After a short exchange with the team, Mr Shreateh received an email saying: “I am sorry this is not a bug”.

Following this rebuttal, Mr Shreateh exploited the bug to post a message on Mr Zuckerberg’s page.

In the post, Mr Shreateh, whose first language is Arabic, said he was “sorry for breaking your privacy and post to your wall” but that he had “no other choice” after being ignored by Facebook’s security team.

An engineer on Facebook’s security team, Matt Jones, posted a public explanation saying that although Mr Shreateh’s original email should have been followed up, the way he had reported the bug had violated the site’s “responsible disclosure policy”.

He added that as Mr Shreateh had highlighted the bug “using the accounts of real people without their permission”, he would not qualify for a payout.

Gmail Users Should Have No Expectation of Privacy

Google’s legal counsel says Gmail users should have no legitimate expectation of privacy

Google : Don't Expect Privacy

Google : Don’t Expect Privacy

In response to a lawsuit Google has disclosed that, from the company’s perspective, no one should be expecting their emails to remain private. This is likely news to most gmail users who create a password thinking that limits access to their account and probably expect their emails to be private.

“Plantiffs accuse Google of violating the privacy of its users by mining their personal messages for information that it uses to inform which targeted ads it displays. The suit calls for Google to fully disclose exactly what information it’s taking from emails, and to pay damages for these alleged violations of privacy.

The company argued in its motion to dismiss the lawsuit that “all users of email must necessarily expect that their emails will be subject to automated processing.

That is an interesting attitude. A clear implication would be allowing the NSA to automatically process everyone’s gmail account emails.

“Google asserts that, in principle, if you entrust your personal messages to a third party, you can’t expect that the third party won’t touch any of that information:

Just as a sender of a letter to a business colleague cannot be surprised that the recipient’s assistant opens the letter, people who use web-based email today cannot be surprised if their communications are processed by the recipient’s ECS provider in the course of delivery. Indeed, “a person has no legitimate expectation of privacy in information he voluntarily turns over to third parties.” Smith v. Maryland, 442 U.S. 735, 743-44 (1979).

On the surface this seems reasonable, that once you send information to someone else you can’t expect them not to share it with other people. However, that is not what Google is saying.

Instead, Google is saying that users of gmail should realize that Google is the third party. By writing an email in gmail the user is essentially sending Google the email and therefore cannot expect privacy. If Google shares those emails with whoever it wants, well, you should have known better.

New targets for hackers: Your car and your house

Imagine driving on the freeway at 60 miles per hour and your car suddenly screeches to a halt, causing a pileup that injures dozens of people. Now imagine you had absolutely nothing to do with the accident because your car was taken over by hackers.

Charlie Miller, a security researcher at Twitter, and Chris Valasek, director of security intelligence at IOActive, a security research company, recently demonstrated car hacks at the DefCon computer security conferences in Las Vegas. The researchers completely disabled a driver’s ability to control a vehicle. No brakes. Distorted steering. All with a click of a button. While the demos were with hybrid cars, researchers warn that dozens of modern vehicles could be susceptible.

Vulnerabilty in Hybrid Cars

Vulnerabilty in Hybrid Cars

Hackers and security researchers are moving away from simply trying to break into — or protect — people’s e-mail accounts, stealing credit cards and other dirty digital deeds. Now they’re exploring vulnerabilities to break through the high-tech security of homes, cause car accidents or in some extreme cases, kill people who use implanted medical devices.

“Once any single computer in a car is compromised, safety of the vehicle goes out the window,” Mr. Miller said in an e-mail interview. Modern cars typically have 10 to 40 little computers in them.

“Right now, there aren’t a lot of ways for hackers to remotely attack cars: Bluetooth, wireless tire sensors, telematics units,” he added. “But as cars get Internet connections, things will get easier for the attacker.”

Carmakers and the government are aware that our vehicles are vulnerable. In fact, Mr. Miller and Mr. Valasek received a grant from the Defense Advanced Research Projects Agency, or Darpa, to research ways car-makers can thwart attacks. The biggest fear is the future: as cars become more computerized — or become fully automated, computers on wheels that drive for you — they’ll become more inviting targets. Read More on NYTIMES