Reckz0r is a known online hacktivist who has been involved in many online hacks and security breaches. What makes him unique, is that he likes to fly solo and regularly exposes (wannabe) security experts who cannot secure their own websites well enough. Nonetheless, Reckz0r has always supported the Anonymous group and is active on Twitter as well.

This time, Reckz0r has brought us some loot from Sony, and dramatically, it appears just in time for the court trials of the LulzSec four. Reckz0r has hacked Sony and posted the looted data on Pastebin. The Pastebin page also gives away an SQL injection vulnerability, however, it seems like not everyone is excited is about this hack. Discordian has criticized Reckz0r on this hack, saying most of the data was already out in the public domain. He wrote on Twitter, saying,

These websites and emails in that pastebin are ALL publically available, can you tell me where the vulnerabilities are listed?

The complete release is available on Pastebin.

In other news, Sony has recorded a loss for the fourth year in a row, and the amount this time is Y457 billion out of which, Y255 billion was in the last quarter alone. To make a comparison, Sony’s loss in the last fiscal year was Y260 billion. This year, a large part of this loss is being accounted to the Thailand floods and the tsunami in Japan.

A UK based ISP Virgin Media has decided to ban access to the Pirate Bay, following a court order. The court order affects five major ISPs in the UK, Virgin Media being the second largest in all of Britain. British Telecom (BT) is still in talks over this matter, in spite of being asked to implement a ban, last year. The ban on The Pirate Bay came after the British Phonographic Industry (BPI), which represents a number of media houses, aggressively pursued a case.

Furious over the ban, The Pirate Bay has given enough tips to circumvent this ban, rendering it useless anyway. On the bright side of things, it has also recorded a traffic boost of 12 million, after the court order. However, when Anonymous came out in support of The Pirate Bay and decided to DDoS Virgin Media, it was not pleased at all. The DDoS was carried out between 5 and 6 PM and Anonymous took down the Virgin Media website for over an hour.

The Pirate Bay has made it clear that it does not support DDoS as a means of protest.

We believe in the open and free Internet, where anyone can express his or her views. Even if we strongly disagree with them and even if they hate us. So don’t fight them using their ugly methods. DDOS and blocks are both forms of censorship. If you want to help; start a tracker, arrange a manifestation, join or start a pirate party, teach your friends the art of bittorrent, set up a proxy, write your political representatives, develop a new p2p protocol, print some pro piracy posters and decorate your town with, support our promo bay artists.

With this ban, Virgin Media has become the first UK based ISP to impose a ban on The Pirate Bay. Legally, Virgin Media is not at fault here because it is just following court orders. However, instead of accepting the ban so happily, Virgin should have questioned the decision and followed BT’s example. ISPs should in no way determine what content to push to its users, and what to filter; this is against net-neutrality and free speech. If they are being forced to censor content like in this case, it is their rightful duty to question such decisions, as BT did.

Windows 8 is still several months away from being released; however, major software firms are already hard at work to ensure that their applications support the latest and greatest from Microsoft’s stables right out of the gate.

Earlier this month, Symantec kicked off the public beta testing phase of Norton 2013 series of products (Norton 360 2013, Norton Internet Security 2013, and Norton AntiVirus 2013). The biggest draw of Norton 2013 seems to be complete Windows 8 compatibility. In fact, Symantec has even tweaked Norton’s interface to make it better suited to Windows 8′s design aesthetics.

Official changelog for Norton 2013 is yet to be published. The only new feature that is readily apparent is bandwidth monitoring, which can restrict the download of non-critical updates over expensive networks. However, there are quite a few other minor tweaks that Download Crew has managed to spot. Norton Insight is now integrated with the Firewall, and the Insight File Reputation database is updated more quickly. SONAR (Symantec Online Network for Advanced Response), which is Norton’s heuristics engine, now works even in safe mode. And finally, Norton now automatically downloads and installs Norton Power Eraser tool if any infection is detected.

Head over to the official public beta forum to download Norton 2013. However, keep in mind that using non-release build of security products is not recommended.

I have been using Gmail for a few years now and have come to love their spam filtering and security among other things. Gmail was probably one of the first free email provider to allow users to see where they logged in from and also provide an additional security layer with 2-step verification logins.

Some of the most interesting features in Gmail have been the ability to detect suspicious emails from your contacts, ability to alert you whenever any suspicious activity takes place in your account and the feature which alerts you whenever any filters have been setup to forward emails to another account.

However, there is a chance that most of the users do not access their accounts through the web interface and instead prefer using IMAP, notifying such types of accounts is harder. To overcome that problem Gmail has now started sending out emails to users saying that they have detected and prevented a suspicious login from an unknown location.

The email which arrived in my inbox earlier today can be seen in the image above. The message reads:

Keith,

Someone recently tried to use an application to sign in to your Google Account, [redacted]. We prevented the sign-in attempt in case this was a hijacker trying to access your account. Please review the details of the sign-in attempt:

May 8, 2012 8:37am GMT
IP Address: 204.15.240.72
Location: Sunnyvale, California, United States

If you do not recognize this sign-in attempt, someone else might be trying to access your account. You should sign in to your account and reset your password immediately. Find out how at http://support.google.com/accounts?p=reset_pw

If this was you, and you want to give this application access to your account, complete the troubleshooting steps listed at http://support.google.com/mail?p=client_login

Sincerely,
The Google Accounts Team

This email approach from Gmail seems to be new and will allow users who don’t access the web interface to find out if their account is being compromised. It is not clear though whether the user was able to login successfully or not. Nevertheless, you should definitely change your password if you receive it.

If you need help generating strong passwords, you can check out 4 unique apps to generate strong passwords.

Also Read: How to find if your Gmail account is hacked and what to do

Update: For all those asking I had already confirmed that this is a legit email and a Gmail community manager has also confirmed this it is legitimate in a stack exchange thread:

I am the Gmail Community Manager, and I can confirm that we do send email notifications in certain cases such as described here.

Always carefully check the URL and never enter your Google password on a page that is not hosted at google.com. For example, it is OK to enter your password at https://accounts.google.com or https://mail.google.com, but not gooogle.com, g00gle.com, etc.

Update 2: Turns out that Google is now actively blocking login attempts from services like Plaxo and Dropbox. A thread on Dropbox reports similar emails being sent out to users.

It seems security is still an issue with WhatsApp. Previously, it was a vulnerability that allowed users to remotely change status names on other accounts simply by entering the mobile phone number tied to their account.

The newest issue has to do with the message storage database that WhatsApp uses to keep a log of incoming and outgoing messages. While the SQLite database is stored in a directory that is only accessible through jailbreaking or rooting a device, and the database is encrypted using AES-192, it’s unfortunately crypted with a hard-coded and static key.

The entire contents of the database can be decrypted using the known key. The database, which is stored in /com.whatsapp/databases/msgstore.db on Android phones and ~/Documents/ChatStorage.sqlite on iOS devices, can be decrypted by supplying the key and requesting that openssl revert the database to plaintext;

openssl enc -d  -aes-192-ecb -in msgstore-1.db.crypt -out msgstore.db.sqlite -K346a23652a46392b4d73257c67317e352e3372482177652c

In order to make it easier for decryption, an online portal was created for doing the deed. Of course you’ll need a jailbroken or rooted device in order to get the crypted database, then you can simply upload the file to http://www2.unsec.net/whatsapp/ and it will be decrypted.

Last time, it took WhatsApp just under a week to patch the hole. In order for them to fix this issue, an update to the client will be required, in order to add a new key – hopefully one that is generated using device-specific information or something the user can input to create a strong key, and then encrypt the database again.

UPDATE: As pointed out by a reader, the original research and analysis conducted on the database can be found in a PDF and there is also a WhatsApp Xtract application posted on XDA-Developers. Thanks Martina!

“No news is good news” for cellular users concerned about security. Android seems to be going through a tough patch lately. The problem stems from the very quality that makes Android unique – the platform is too open. Hackers are developing spyware everyday that can infiltrate Android phones without user knowledge, and most of users have no idea that spyware is on their phones, or how it should be removed. Minimal check-ins and shaky security measures leave these Android devices constantly vulnerable. To top it off, the Android Market is open to all, and getting one’s app on it is as easy as signing up for an email account. By the time Google gets rid of an app, it’s already made its way to thousands of unsuspecting users.

“No permission” apps are not a no-no
Some people want to cut Google some slack, since the Android platform is relatively new. The security issues can be worked on and rectified. However, Android isn’t just failing at keeping developers from creating harmful apps, it’s also failing at controlling what permissions normal apps are acquiring. “No permission” apps have the ability to get access to things that have nothing to do with them. For example, the Facebook app has access to your text messages, even though it has nothing to do with them. An app may ask for ‘obvious’ permission which it requires to work, but can secretly gain access to, something as off limits as your SD card. A user’s sensitive data can very easily make its way into someone else’s hands.

Why so serious?
The extent of the danger can be seen in the fact that the SD card stores OpenVPN certificates, which are easily accessible to malicious apps for infiltration. The system files of an Android can also be manipulated to access information stored by other apps in the phone’s directories. Even if you don’t share sensitive information with a spy app, or a malicious app, it can just as easily find what it’s looking for in these directories.

The Facebook story
One new debacle with the Facebook app is a good example of app security gone wrong. Facebook’s app for Android (and iPhone) can help hackers steal people’s identity. Gareth Wright, a developer who created apps for both iPhone and Android, investigated the app directories on his phone and found a new loophole in the Facebook app’s architecture. He found a Facebook access token that he had managed to create for some games on his iPhone. Wright poked around the app a bit more and found that with that token, a user’s entire Facebook access can be stolen, right under their nose. All your pictures, videos, contact details, private messages, and everything else is in the hands of anyone who can access that one small piece of code. Although not directly linked to Android’s own security failures, this new discovery does nothing but add fuel to the fire. It forces people to stop and think about the number of apps that they add to their phone – and additionally, about apps that are supposedly trustworthy and will keep their data safe.

Author Bio:
Natalia David is a blogger by profession and writes about PC monitoring, keyloggers, Cell phone security software, and spy software for BlackBerry. If you want to know more about Natalia you can follow her on twitter @NataliaDavid4

Popular security firm Sophos has published its annual security report, which analyzes the major security trends of the year gone by. The latest report dives into the various security threats that we witnessed in 2011.

Sophos dubbed 2011 as the year hacking evolved from being a way to steal money to a form of protest. The first year of the new decade witnessed Anonymous and its offshoot LulzSec capture public imagination and dominate headlines. It also saw an increase in data theft, drive by infections, and malwares for Mac.

The full report, which spans 31 pages, is available for download or online viewing from Sophos’ website. Here are some of the key takeaways.

• Since 2005, security breaches have compromised more than 500 million U.S. records alone.
• In 2010, the costs of a data breach reached $214 per compromised record, and averaged $7.2 million per data breach event.
• More than three years after its initial release, the Conficker worm was still the most commonly encountered piece of malicious software, representing 14.8% of all infection attempts seen by Sophos customers in the last six months.
• There has been a sharp decline in the threat posed by fake antivirus products, but they were still responsible for 5.5% of infections in the last six months of 2011.
• As a result of the Rustock botnet shutdown (previously responsible for the largest volume of spam), there was an immediate drop of about 30% in global spam volumes in March 2011. Unfortunately, Sophos Labs also witnessed an increase in the volume of spam with attached malware.

• According to Sophos Labs, more than 30,000 websites are infected every day and 80% of these infected sites are legitimate. Eighty-five percent of all malware, including viruses, worms, spyware, adware and Trojans, comes from the web. Today, drive-by downloads have become the top web threat. And in 2011, we saw one drive-by malware rise to number one, known as Blackhole.
  About 10% of detections are exploit sites, about two-thirds of which are Blackhole sites.

• 2011 saw the emergence of Mac malwares as a genuine threat. Fake antivirus schemes such as MacDefender, Mac Security, MacProtector and MacGuard all came to light this year.

• Windows may be the most attacked OS, but the primary vectors for hacking Windows have been through PDF or Flash.

Although a large part of the DuQu trojan was confirmed to have been written in C++, Kaspersky could not reach a conclusion about a particular section of the code. This section deals with the communication with the command and control servers, and is contained inside the payload.dll file. This section of code is expected to have been written in an object-oriented language and Kaspersky Lab engineer, Igor Soumenkov, says

The mysterious programming language is definitively NOT C++, Objective C, Java, Python, Ada, Lua and many other languages we have checked.

This mysterious section of code receives instructions and returns stolen data. The Kaspersky Labs turned to enthusiastic programmers and asked for help on deciphering the doubtful section of code. Reddit, being the awesome community that it is, offered some timely help, nonetheless.

It is interesting to note that the mystery man why demystified DuQu is none other than Igor Skochinsky, who reverse-engineered the Kindle in early 2008. You can always visit his blog to refresh your memory. He goes by the handle igor_sk on Reddit and his exact comment on DuQu was,

I can say with some certainty that the code in the snippets comes from the MSVC compiler, since its register allocator tends to use esi first. “pop ecx” instead of “add esp, 4″ is another MSVC trait. Have a look at this presentation for a more formalized approach to compiler detection.

When confronted with the fact that Kaspersky had debunked the possibility of the code being compiled with MSVC compiler, he boldly claimed that the guys at Kaspersky were wrong. Redditors never fail to amaze me. This vital piece of information will be useful when dealing with the DuQu trojan and stopping its communications with the command center.

Six years after the infamous raid on The Pirate Bay (TBP)’s servers in Stockholm, the Swedish Police (aided by two noted anti piracy prosecutors Frederick Ingblad and Henrik Rasmusson) have decided to go on a secret snooping adventure around TPB’s servers with the required warrants and other paraphernalia. There is just one small catch to this mission; TPB came to know of this and decided to make the “secret” mission, not so secret. Publishing a blog post and letting noted Torrent news site TorrentFreak that this was not a joke, the folks of TPB also told the alleged conspirers that they have many public computers “scattered like diarrhea around the world” and that finding one would probably lead to a nasty surprise because they have put small Easter-eggs in each machine.

While the TPB’s founders are quite nonchalant about the entire affair and are using a reverse scare tactic at the perceived aggressors, it is odd to see warrants against the website that has recently switched from being a .torrent-file heavy website to just a list of magnet links that can easily fit into USB flash drive. Thus even if the police manage to pull down the website, multitudes of clone sites will inevitably pop up across the world.

TPB also staunchly maintains that the site itself does nothing illegal (which is true) and that it is not responsible for its users’ usage of the website and thus they are going to stand ground. In their own words:-

“We’re staying put where we are. We’re going no-where. But we have a message to hollywood [sic], the investigators and the prosecutors: LOL.”

A federal Judge has extended the date to cut off computers affected with the DNSChanger malware from the internet.

DNSChanger is a malware that replaces the default DNS servers of the infected computers with rogue DNS servers which send the victim to websites that steals your information. It is believed that around four million computers were infected by this malware including half of all Fortune 500 companies and Government agencies.

As we had previously reported, the crackdown on DNSChanger malware was part of an FBI Operation called Operation Ghost Click which resulted in the arrest of six Estonian men who were thought to be behind the creation of malware.

FBI has been trying to help the affected users by replacing the rogue servers with temporary servers to keep them connected to the internet. And, so far, they have replaced around 100 Command and Control Centers in the US, since then, according to Computer World.

[…] the FBI seized more than 100 command-and-control (C&C) servers hosted at U.S. data centers. To replace those servers, a federal judge approved a plan where substitute DNS servers were deployed by the Internet Systems Consortium (ISC), the non-profit group that maintains the popular BIND DNS open-source software.

Without the server substitutions, DNS Changer-infected systems would have been immediately severed from the Internet.

Previously, the Southern District of New York Court had order the US Government to take down the temporary servers, that had replaced the rogue servers by March 8. Now, that deadline has been extended to July 9 to give the law enforcement officials some more time to the respective ISPs to help clean their customer’s PCs.

The work done by the law enforcement agencies and the ISPs have indeed reduced the number of affected users, according to a report by a security firm, IID. But still there are thousands of users who are still affected by the malware and will be cut off from the internet in four months, if proper action is not taken.

To check whether you system is infected by DNSChanger, you can use this free tool provided by Quick Heal.