Top ‘good guy’ hackers to tackle biggest cyber challenges yet Read more: Top ‘good guy’ hackers to tackle biggest cyber challenges yet

According to Symantec, its upcoming Cyber Readiness Challenge will be the ultimate in cyber-defense readiness practice

Hackers – even the “good guy” breed – tend to be a shadowy bunch, keeping their identities as secret as they can. But on January 28, the identities of some of the best hackers in Israel will be unveiled, as they try to win an all-expense paid trip to the U.S., to see how security giant Symantec does cyber-defense.

The hackers, 50 of them, will be participating in the biggest-ever simulated “hack attack,” in the Israeli version of the Symantec Cyber Readiness Challenge – a worldwide and ongoing event in which “white hat hackers” (those who use their hacking powers to help, not hinder) will attempt to get to the bottom of a simulated “industrial espionage” attack against a large corporation.

By putting participants in the hacker’s shoes, said Symantec, it enables them to understand their targets, technology and thought processes so they can ultimately better protect their organization and themselves. Symantec, which makes anti-virus and security software, works in countries around the world, where it holds similar challenges, seeking out the best white-hat hackers, sometimes hiring them as well, the company said.

A hacker contest is like any other one, in that it has goals, rules, milestones, and points awarded. In the contest, hackers must conduct a cyber-investigation of an attack against a company’s site, figuring out who hacked them and how they did it, by counter-hacking shady Internet sites and servers. Points will be given for degree of success in hacking into the suspects’ servers, and for achieving 40 milestones (such as getting access to passwords, installing spyware, etc.). The winner of the contest will get an opportunity to talk to and work with top Symantec security personnel at the company’s headquarters in the U.S., all expenses paid.

The Challenge will take place at the annual ​Cybertech International Conference, sponsored by IsraelDefense, the Prime Minister’s National Cyber Bureau, and the Ministries of Foreign Affairs and the Economy. Speakers will include top figures and cyber-security professionals from Israel and the world, including Rick Kaplan, head of IBM Israel, Erek Kreiner of Israeli security company FiveC (he is also a former head of Israel’s National Information Security Authority), Dr. Orna Berry, head of EMC Israel, and David Chinn, cyber-security director of international consulting group McKinsey and Co., among others.

Sessions will include discussions on securing financial data, how to keep hackers from physically planting cyber-spy devices on equipment, disaster recovery, and privacy issues in the digital era – all issues that have been in the news recently, with the revelations on hackers stealing credit card information from large retail stores in the U.S., and the revelations on the gathering of information by the National Security Agency in the U.S.

Dozens of cyber-security start-ups will also be showing off their wares at the event, among them Seculert, which has been working on the recent hack attacks against Target and other retailers in the U.S., in which tens of thousands of customers had their credit card information stolen, and Covertix, which created a document technology that prevents unauthorized individuals from opening and reading files, alerting managers when a document’s security is compromised, automatically blocking usage if unauthorized use is suspected. Prime Minister Binyamin Netanyahu will open the event, speaking to participants about Israel’s cyber-defense policies and challenges.

But the highlight of the event promises to be the Symantec event, said Gili Netzer, VP of marketing at Symantec Israel. That’s because instead of talking about cyber-defense, the hackers will be practicing it. “The challenge is going to be very difficult, presenting participants with problems they have not come across yet,” said Netzer. “We intend to push them to their limit. In a world where hackers attack organizations, companies and whole countries at will, we need to be one step ahead of them, prepared to deal with attacks using the most advanced hacker techniques.”

Source : The Times Of Israel

About these ads

Adobe confirms customer data stolen in security breach

Adobe Confirms Security Breach, Hackers Steal Source Code and 2.9 Million Customer’s Detail

The attackers accessed encrypted customer passwords and payment card numbers, the company said.

But it does not believe decrypted debit or credit card data was removed.

Adobe Security Breech

Adobe Security Breech

Adobe also revealed that it was investigating the “illegal access” of source code for numerous products, including Adobe Acrobat and ColdFusion.

“We deeply regret that this incident occurred,” said Brad Arkin, Adobe’s chief security officer.

“Based on our findings to date, we are not aware of any specific increased risk to customers as a result of this incident,” he said.

But Chester Wisniewski, senior adviser at internet security company Sophos, told the BBC: “Access to the source code could be very serious.

“Billions of computers around the world use Adobe software, so if hackers manage to embed malicious code in official-looking software updates they could potentially take control of millions of machines.

“This is on the same level as a Microsoft security breach,” he added.

Adobe said it had been helped in its investigation by internet security journalist Brian Krebs and security expert Alex Holden.

The two discovered a 40GB cache of Adobe source code while investigating attacks on three US data providers, Dun & Bradstreet, Kroll Background America, and LexisNexis.

Mr Krebs said the Adobe code was on a server he believed the hackers used.

 Adobe said it is resetting customer passwords of those who were affected by the attack. Adobe said it’s also in the process of notifying customers whose credit or debit card information might have been compromised, as well as getting in touch with the banks processing customer payments.

“We deeply regret that his incident occurred,” Adobe said in a blog post. “We’re working diligently internally, as well as with external partners and law enforcement, to address the incident.”

Hackers Play Space Invaders on Billboard

It is normal to hear news of hackers getting reprimanded by the legal system and the authorities whether they do some real damage or not. However, in a recent happening in Serbia, the hackers were rewarded, and well rewarded, we must say.

Well, it all happened when two young computer science students who were getting bored decided to play Space Invaders on a Billboard in Belgrave, and did so by hacking the security system of the Billboard using their iPhones for a good many twenty minutes on March 10. The two lads were Ivan Petrovic, Filip Stanisavljevic who are 21, and 20 respectively who hacked the Billboard, played the game and added a message “Hacked 4 fun” at the end, along with the logo of Pirate Bay and a quote by Gandhi i.e. “First they ignore you, then they laugh at you, then they fight you, and then you win”. Moreover, they also uploaded their video on Youtube which became popular and one can see that the onlookers were quite pleasantly surprised as they looked by. The duo, have however claimed that they are not hackers in the typical sense of the word, especially the negative sense, and that they are two computer science students who did it just to show that people in their country especially are not very serious about cyber security.  They left a message as a further explanation for their motives which is

Hackers Play Space Invaders on Billboard

Hackers Play Space Invaders on Billboard

“We are not members of “Anonymous” and are in no way affiliated with them.

We are not members of any hacker organization or group and this clip proves that in a way – we do not want to stay anonymous in any way.

We are not hackers nor do we participate in any form of hacking. We are two computer science students who did this for research purposes only, to demonstrate the lack of security in IT systems in general.

We wanted to demonstrate how companies sometimes pay very little attention to security—it had nothing to do with this specific company or even billboard companies, but rather any company that uses any form of technology that can be targeted by this kind of “attack“. We chose the billboard simply because we believed it is the strongest way to prove our point.

No damage was done by us—the billboard was inactive for a total of 22 minutes and normal function was restored as soon as our demonstration was over. The billboard owner was contacted about the weaknesses in the system with all the necessary information to fix the problem.”

The owner of the Billboard, Slobodan Petrovic, apparently liked their style of demonstration and rewarded the lads with two iPad minis. He also commented that, “This has never happened before, but we appreciate the fact that these guys have, in a charming way, pointed us to this huge problem, “ Now it is clearer than ever that we need to protect ourselves better. In more developed countries, these actions are unthinkable because of severe sanctions.” This incident will hopefully set a good precedent.

The Art of Intrusion-Kevin Mitnick

The Real stories behind the exploit of hackers, intruders and deceivers – Kevin Mitnick

When it comes to books all hackers and those interested in computer security must read, then one can hardly miss the book The Art of Intrusion by Kevin Mitnick. The Art of Intrusion is a book abou real life exploits from many hackers in their own words as given to the author Kevin Mitinick. Kevin Mitnick, the once notorious hacker who was considered the most famous computer criminal of his time in America, and now reformed security professional, has come up with yet another book  after the hugely popular The Art of Deception which brought the idea of social engineering into the mainstream. Social engineering is referred to as deceiving victims into revealing their personal details and Mitnick himself is a staunch advocate of social engineering as compared to hacking.

The Art of Intrusion- Kevin Mitnick

The Art of Intrusion- Kevin Mitnick

Both the books deal with the mechanisms of hacking and social engineering and their consequences While the first book was rife with incidents and stories which were fictional and dealt with these topics in a fictional manner. The Art of Intrusion  has a collection of real incidents of hacking and social engineering which were narrated by real hackers to the author himself. The hackers featured in the book are real who gave their version of the incidents to Mitinick as he is a well known name in the world of hacking. Moreover, he personally interviewed most of these hackers and published their stories pseudonymously. The book does not celebrate the hackers as heroes, but it also highlights the fact that the victims could have prevented what happened to them and mentions the tips and countermeasures  by victims to avert the incidents which took place.

The book is replete with many shocking, humorous, and clever incidents that demonstrate effectively the extent to which these hackers can think and plot such ingenious schemes and how they overrided nearly insurmountable security measures with great confidence. Moreover, Mitnick and ao-author Simmons did personal investigation to corroborate the truth in the stories told by the hackers. The book incudes many diverse incidents e.g  a story about four friends who won millions at a casino  in Vegas by revese engineering their slot machines. Other stories include an acccount of two teenagers who hacked into Lockheed Martin computer systems after being persuaded by terrorists. Of all these the most interesting is the one about a “Robin Hood” hacker who used to expose security flaws and shortcomings by hacking the systems of many top companies and then explained how he got past their security. Mitnick has also mentioned several incidents where the hackers were dealt with in hard manner by the  authorities.

These interesting incidents definitely evoke awe for the wits and audacity of these hackers as most of them who are young. He does not fail to make a point that all these exploits were avoidable had the victims been aware and alert and mentions the consequences of such incidents. All in all this book is entertaining and enlightening at the same time and is recommended for both hackers and non-hackers and for those who simply want to have a fascinating read about the world of hacking.

Chinese Government targets Uyghur group by malware attack

The Turkish minority residing in the Western region of China is being targeted by the Chinese government who are exploiting security vulnerability in the older versions of Microsoft Office designed for the Mac OS X. Two of the leading online security vendors viz. Kaspersky Labs and AlienVault, who have stated that they have observed a rise in the attacks of a premeditated nature against the Uyghur minority in China who are using Macs. They further commented that the attacks appear to be sponsored by the State and the hackers could be working for the Chinese government.

Chinese Government targets Uyghur group by malware attack

Chinese Government targets Uyghur group by malware attack

The Turkish minority of Sunni Muslims has always been at odds with the Chinese government and they regularly keep logging heads with the State and call their region of domicile as East Turkestan. The Uyghur had raised mass protests in the years 2009 and 2012 which unfortunately escalated into full fledged riots. That these attacks could be politically motivated can be adjudged from the fact that the targets of these attacks are organizations working for the welfare of the Uyghur community, most notably the World Uyghur Congress.  World Uyghur Congress which is a Munich based organization which fights for the rights of the community.

 This is not surprising given the fact that the Chinese government is well known for its espionage activities utilizing hacking programs to keep an eye on human right organizations, NGOs, and dissident groups across the nation and abroad.  The hackers have spread the malware using spear phishing emails which target members of the Uyghur community. These malicious emails are sent with attachments or topics which are of interest to the Uyghur people and contain attachments of MS WORD files which upon opening lead to the installation of a malware which is done by exploiting the vulnerability found in the outdated versions of MS WORD. The loophole, known as the MaControl backdoor, provides hackers with easy access to the personal and other information and monitors the internet activity of the targets. It can also run malicious commands on the Mac OS X machines. The malware has been designed in such a manner so as to specifically target the Mac computers.

According to Costin Raiu, director of the R&A team at Kaspersky Labs, who stated in a blog that During the past months, we’ve monitored a series of targeted attacks against Uyghur supporters, most notably against the World Uyghur Congress (WUC),” and that “Although some of these attacks were observed during 2012, we’ve noticed a significant spike in the number of attacks during Jan 2013 and Feb 2013, indicating the attackers are extremely active at the moment.”

Kaspersky has gone on to say that these attacks prove that the Advanced Persistent Threat (APT) attacks are still being used by hackers and that Mac devices are not impermeable from such attacks as contrary to the popular belief.  Raiu commented that   “With these attacks, we continue to see an expansion of the APT capabilities to attack Mac OS X users,”

Well, it seems that members of the Uyghur community will have to continually update their anti-malware software and avoid phishing emails.

iOS 6.1 Hack allows iPhone lock screen bypass

According to latest reports, the latest version of operating system for iPhone 5 i.e. iOS 6.1 has a certain security loophole which can be exploited by hackers to override the smartphones lock screen password so as to unlock the phone. This development was reported sometime last week when a video was posted on YouTube which details the hack procedure for unlocking the screen lock of the iPhone even when a password was in place.

iOS 6.1 Hack allows iPhone lock screen bypass

iOS 6.1 Hack allows iPhone lock screen bypass

Apparently, it is not very difficult to exploit this loophole and a simple set of steps which take only up to a minute can help unlock the iPhone. The basic trick involved is to attempt emergency calling and then cancelling those calls while holding down the power button and a few other steps. The result being that one can bypass the phone security code and access all phone features such as call logs, contacts, photos etc. but further navigation returns the phone to the locked mode. Furthermore the video has received more than 500,000 views during this week.

The glitch is applicable to all models of iPhone and iPad which are using iOS 6.1 as their operating system though it is more easy to unlock the iPhone 4 and iPhone 4S as compared to iPhone 5. The hacker commented on the video that “For prank your friends…For a magic show…Use it as you want, at your own risk, but… please… do not use this trick to do evil !!!”. Seems like a good humored prank with possibly not so funny consequences. Meanwhile officials at Apple have stated that they are indeed working on a fix and will come with a new version soon.  They stated that “Apple takes user security very seriously. We are aware of this issue, and will deliver a fix in a future software update.” In fact, a new version of the iOS i.e. iOS 6.1.1 is under development as of now.

This is not the first time that iOS 6.1 is facing such problems since its release in January. It was reported that iPhone 4S users were having trouble sending messages, making calls, surfing the internet etc. while some others complained of reduced battery life because of spiked networking activity. Moreover, researchers had earlier also unlocked a previous version of iOS as soon as in under six minutes.

For now, the users can make do with substituting their four digit pin codes with a text based code as it is not easy to hack until an updated version of the software is released officially. However, it is advisable not to lose track of your phone until the hysteria of this glitch dies away.