Energy Dept. Hack Details Emerge
The Department of Energy has disclosed new information concerning a recent cyberattack that compromised employees’ personally identifying information (PII).
According to an email sent to all DOE employees on Aug. 29, information on 2,532 current employees, 3,172 former employees and seven employees on leave was stolen in the breach, which occurred in July. “The sensitive PII data compromised was limited to names, dates of birth and social security numbers,” the internal memo stated. The stored information did not include banking, credit card or clearance information, according to the memo, which said that no information related to agency contractors had been compromised.
A spokesman for the DOE wasn’t immediately available to confirm that it sent the memo, but an agency source confirmed its authenticity. Agency officials have so far declined to respond to all requests for comment on the breach.
…
Facebook vulnerability that allowed any photo to be deleted earns $12,500 bounty
An interesting article by by Lee Munson at NakedSecurity.
An Indian electronics and communications engineer who describes himself as a “security enthusiast with a passion for ethical hacking” has discovered a Facebook vulnerability that could have allowed for any photo on the site to be deleted without the owner’s knowledge.
Arul Kumar, a 21 year old from Tamil Nadu, discovered that he could delete any Facebook image within a minute, even from verified pages, all without any interaction from the user.
For his efforts in reporting the vulnerability to Facebook’s whitehat bug bounty program Kumar received a reward of $12,500.
The vulnerability that he discovered was based around exploiting the mobile version of the social network’s Support Dashboard, a portal that allows users to track the progress of any reports they make to the site, including highlighting photos that they believe should be removed.
When such a request is submitted, and Facebook does not remove the photo in question, the user has the option of messaging the image owner directly with a photo removal request.
Doing so causes Facebook to generate a photo removal link which is then sent to the recipient of the message (the photo owner). The owner can then opt to click on that link to remove the image.
Kumar discovered that a couple of parameters within this message – ‘photo_id’ and ‘Owners Profile_id’ – could be easily modified.
With this information he then sent a photo removal request for an unrelated image on another account that he controlled. By changing the two parameters in the message received by the second account, Kumar could then choose to delete any image from any user on the network.
The victim of this photo removal technique would not be involved in the process in any way and wouldn’t receive any messages from Facebook – indeed the first they would know of this would be when they logged in to discover their photo(s) had disappeared.
Read the rest here.
A Second Round of Limited Tickets for Security B-Sides DC Goes on Sale
A second round of limited tickets for Security B-Sides DC will be available this Sunday, 9/1/13 at 12:01 am EDT at the price of $15.90.
Security B-Sides DC is a regional Security B-Sides held in Washington, DC. It operates under the umbrella principles of Security B-Sides as a larger community project within information security.
The event will be held on October 19-20, 2013 at the Washington Marriott at Metro Center. For more information check out the website and to view the list of speakers check here.
Security B-Sides operates under three simple principles:
1. Expand the conversation.
2. Enable people to join the discussion.
3. Get people involved.
Co-Directors
Mark Boltz
Bill Fisher
Committee Chairs
Robert Weiss, Sponsorships
Dorann Norman, Finance
Alex Norman, Infrastructure
Corey Sinay, Tech
Sam Small, CFP
William McBorrough, Media/PR
Daria Medved, Volunteer Wrangler
Daria Medved, Speaker Wrangler
Preston Thomas, Locksport
Volunteers
Elliot Proebstel, Jonathan Margulies, Shawn Wilson, Stephen Bono, Mark Shrout, Ted Harrington, Elliot Parker, Kellep Charles, Mark Evans, Bereket Amdemichael, Tim Wilson, Michelle Schafer, Seth Feldman, Shane Lawson
Apple new piece of technology will allow Govt. to switch off iPhone video, camera and wi-fi anywhere
Whenever any gathering occurs during a protest and you see a Policeman beating a man/woman then you will try to take a shot of that and share socially as a proof regarding the Brutality of Police but Apple’s New Technology will stop you to do this.
According to Various Media Websites Apple has patented a piece of technology which would allow government and police to block transmission of information, including video and photographs, whenever they like.
They would switch off Camera, WiFi and after that you can use your iPhone only as a stone to hit someone.
Read more here.
Anonymous injected DDoS to Yahoo & WWE, It’s time to help Syria anonymous says
An interesting article from our content partners at HackersNewsBulletin.com:
Yesterday Afternoon, World Wrestling Entertainment website (wwe.com) was taken down by Anonymous hackers,they took down the website to raise awareness about the Syrian civil war.
One of the Anonymous hacker tweeted about this which reads:
World Wrestling Entertainment Down http://www.wwe.com/ Time To HELP SYRIA By #Fr0styFr0ze #OpSyria #Anonymous
Similar tweets show the claims of Anonymous & an Individual hacker to take down groups.yahoo.com, breach onto American Choral Directors Association and leak 600+ Login details (Hack Read reported)
Read the rest here.
Hacker prevention and computer security event to take place in Reykjavík Iceland
The European edition of Hacker Halted, the world’s most foremost hacker prevention and computer security event, will be taking place in Iceland’s capital, Reykjavík, on 7th and 8th October 2013. The event is set to focus on the various IT security issues in the world today.
Hacker Halted Europe 2013 will be featuring renowned speakers and industry experts who will be highlighting current digital security threats, and discussing the various means of protection and countermeasures in dealing with these threats.
Hacker Halted is the perfect platform for information security professionals to enhance knowledge and exchange views, as well as network with other security professionals.
This will be the first Hacker Halted event to take place in Europe and will be held at the HARPA Conference Centre in Reykjavík, Iceland. Iceland is certainly an unconventional destination, but having said that, the country’s mystical nature and other-worldly landscape presents visitors with an unmissable opportunity to explore something new.
With this in mind, attendees will also get a 5 percent discount on selected tours in Iceland with Arctic Adventures. These tours include trips to the Blue Lagoon geothermal spa, sightseeing trips in Reykjavík, and Golden Circle tours. For days either side of the conference, attendees can also book more grandiose tours to see glaciers, volcanoes, geysers, waterfalls, and Northern Lights hunts.
Like Iceland’s nature, Reykjavík’s nightlife has gained a reputation as being wild and unique. It’s not uncommon on weekends to spend entire nights partying at one of the city’s many nightclubs, known for their cool atmosphere.
Early bird tickets are currently available for the event. Tickets bought before 30th June cost 599 EUR; between 30th June and 31st August 799 EUR; and full price is 999 EUR from 1st September.
For more information regarding Hacker Halted Europe 2013, visit http://proconf-iceland.com/HackerHalted/
