Twitter Panic !

August 6, 2009 · Filed Under Security, Tech · Comment 

It seems that the great Twitter is down. I am not a Twitter user but found out about it earlier this morning on TechCrunch and now they announced that it is the cause of a Distributed Denial of Service Attack (DDOS). Of course most people would see this news and ask why are people panicking over this ? One main reason is that many websites use or depend on Twitter for certain functionality, thus, if Twitter doesn’t work then neither does there website. Another reason for the panic is that Twitter has become a news source where people around the world report incidents and news before any big news broadcaster could do it. So without no Twitter we are back to “slow” news around the world.

This brings up different topics too. Where is Twitters’ security team? If they are such a huge website then they should have better security and should had prevented this better. It also brings up the topic of Clouds computing, where people put all their eggs in one basket, and one thing breaks everything else does. This is another classic example of that. At this moment it seems that Twitter is stabilizing. Now the game should start of who is to blame? Was it a government attack?

Other websites affected some what: Facebook, LiveJournal and other smaller names.

Yasser

Tags: ,

Twitter Classified Documents Leaked.

July 15, 2009 · Filed Under Security, Tech · Comment 

It seems that a lot has happen over night while I was sleeping. Reading TechCrunch this morning, I learned that they received an email with plenty of confidential information leaked from Twitter. For some odd reason the users at TechCrunch have responded saying that it is unethical to publish that information, even though websites do it all the time, that is how they get the information no one else has. It seems that the hack is somewhat related to what happen back in May where someone got access to several high profile accounts. To have gathered all this information the hacker must have been working from the inside or gone pretty deep in with his hack, unless Twitter security sucks.

The only thing TechCrunch has revealed so far from the documents is the announced TV Show that Twitter was/is thinking of doing called Final Tweet? It is a reality show where people have to complete tasks or mission, assuming that somehow like the amazing race but users Tweet about their updates and what they are up to and users could respond back to help them. If they still plan to do it I hope its more like they join some reality show that already exists because if they trying to start a new one then it smells like failure.

Update: Information about Twitter financial plans and earnings projected.

Lets see what else will TechCrunch be releasing any time soon…

Yasser

Tags: , ,

ImageShack Hacked.

July 12, 2009 · Filed Under Security, Tech · 2 Comments 

It seems that the popular image hosting service ImageShack was hacked recently. Mashable is reporting that the website was hacked by a group calling themselves “Anti-Sec Movement”. It seems like they left a nice long message on the website saying who they are and what they do. They also added to their message that no images were damaged during the process which means they didn’t do any “specific” harm to the website. It had been a while since such a big service suffered from such a big hack. So far there is no information from ImageShack talking about the hack or any specific information of what the vulnerability was that allowed the attackers to take control over the website.

Yasser

Tags: , ,

Dangerous Searches.

May 29, 2009 · Filed Under Security, Tech · Comment 

There are a few keywords that will always bring up a bunch of websites that will have malware and viruses. Most people know that some of these keywords are porn, illegal programs- cracks and serial numbers-, and websites that claim to have “free” things. ZDnet published a very interesting article illustrating the most dangerous things to search for. Amazingly the most dangerous keyword to search for is “screensavers”. I’m sure the reason for this is that people will download programs that are actually viruses thinking that they will install nice screensavers for them. Also 1 out of 4 results for the search of “lyrics” will return websites that could possibly infect your computer. Before you do searches for these things make sure you go to trusted websites, you can search information about websites and see what people have to say about it in forums and blogs, it is the best way of finding out if something is legit or not.

Yasser

Tags:

E-Passports Cloned In Minutes.

August 7, 2008 · Filed Under Security, Tech · Comment 

I have never ever trusted security mechanisms that use Biometrics because they are simply not as secure as they say and the movie shows them. When the buzz started spreading about the use of electronic passports, I knew it was going to be another bad idea. The Times Online wrote an article about how two e-passports were cloned in minutes and replaced with the image of Bin Laden and another bomber. According to the UN software passport reader they were very legit passports. People need to understand that just because it’s a chip or it’s electronic doesn’t mean that it makes it more secure. On the contrary, computers are not safe at all. According to the article there are more security measures that are getting implemented but obviously not fast enough. Until then I will keep not trusting e-passports.

Yasser

Tags: ,

Steal This Wi-Fi by Bruce Schneier.

January 10, 2008 · Filed Under Security, Tech · 3 Comments 

The security expert Bruce Schneier has recently written an article on Wired.com about using Wi-Fi networks that don’t have password protections. His position on this topic is, use it. His own wireless network is not protected so others can use it. The way he sees it is that other people benefit from it. This might come from the same ideology of hackers that everything in the internet should be free and everyone should have access to these. He is not worried about his security because he knows how to secure his computer no matter what network is he on. This is a great article to debate on whether you believe in using your neighbors unprotected WiFi and if you should allow your neighbors use your unprotected wireless network.

Similarly, I appreciate an open network when I am otherwise without bandwidth. If someone were using my network to the point that it affected my own traffic or if some neighbor kid was dinking around, I might want to do something about it; but as long as we’re all polite, why should this concern me? Pay it forward, I say.

Tags: , , , ,

Facebook Source Code Leaked ?

August 11, 2007 · Filed Under Security, Tech · 4 Comments 

Major news on Techcrunch, part of the source code of Facebook has been leaked. This either means that Facebook was hacked or is going open source. This is a big deal, this means people might have your password and information. I wouldn’t be surprised if it was done using some API bug since it is one of the most recent updates on Facebook. The source code for the main or home page was posted on a blog called Facebook Secrets. The question is how much longer will it last ?

From reading the source code you can tell that is not very well organized, seems a bit amateur. But then again it was started by college students who were still learning and are still probably learning. Now how secure is Facebook ? How much damage will it bring to the “company” that was just starting to get extremely popular ?

Update: An “official” response has been given at TechCrunch :

Hi Nic-

I wanted to clarify a few things in your story. Some of Facebook’s source code was exposed to a small number of users due to a bug on a single server that was misconfigured and then fixed immediately. It was not a security breach and did not compromise user data in any way. The reprinting of this code violates several laws and we ask that people not distribute it further.

Thanks to you and the TC readers for helping us out on this one.

Brandee Barker
Facebook

Yasser

Tags: , ,

Undercover Reporter Michelle Madigan Owned at DEFCON.

August 4, 2007 · Filed Under Security, Tech · Comment 

DEFCON is one of the biggest “underground” hacking convention in the year. Every reporter that wants to find out about the latest security issues goes to this event. FBI and other authorities go there to learn what’s new. If there is one thing for sure about this convention is that everyone is welcomed, even reporters. But when an undercover reporter named Michelle Madigan tried to video tape people without permission trying to catch them admitting to illegal stuff she got caught and embarrassed. The organizers of DEFCON offered her a press pass several times but she refused it. She put on her hidden camera at a wrong time, it was “spot the undercover reporter” game time and guess who was the victim. Over 150 attendees tried taking pictures of her and videotaping her. Someone is not doing a very good job.

Yasser

Tags: ,

YouTube Gives Me Your FTP Password.

June 25, 2007 · Filed Under Google, Security, Tech · Comment 

Thanks to Google, hackers have it a lot easier to find things. The famous website Johnny I Hack Stuff shows different tricks on how to find certain things. Since google finds everything that people let it, people are also able to find certain files that aren’t really ment to be seen by everyone. The latest Google Hack is using YouTube to find users and passwords for ftp sites. With this query we can find many ftp users, passwords and the address for the ftp.

The “flaw” is that if you click on a YouTube video from your ftp, logged in, then YouTube will record the referral with it’s full address which includes the user and password for the ftp. The simple solution would be to not click on YouTube links from your FTP. The other solution would be Google filtering the refferals so it wouldn’t capture users and their passwords.

Yasser

Tags: , , , ,

Gmail Vulnerable To Contact List Hijacking

January 1, 2007 · Filed Under Google, Security, Tech · Comment 

Happy New Year Everyone!!! The best way to start this year is with a new security bug found in Gmail. It appears that Gmail stores our contact list information on a simple JavaScript file that could be read with a simple XSS. I don’t know if you could access this file without XSS but I do know that you have to be logged in in order to see this. This was posted today on Digg and it seems as there will be more to come. This reminds me of the almost famous Gmail Bug that was found by Anelkaos, during that investigation we discovered how Gmail works its way around and I remember that many things are kept in JavaScript and if there where to be an XSS you could probably extract everything.

Yasser

Tags: , ,

Next Page »