The Google’s passwords management system could be compromised, following the Chinese attacks of 2009
The attacks last December for Google from China, the management system passwords have been compromised the firm (the level of intrusiveness of the system had not known).
At Google, it's a program called Gaia which manages passwords of users for access to all web services of the firm, including those dedicated professionals (Google Apps). This application is highly confidential and rarely mentioned.
Asian Hackers have managed to get into googlienne infrastructure, but they have not managed to steal passwords of Gmail. Good news for the millions of users mail client.
However, vigilance is warranted because cybercriminals may be able, during their private tour of the bowels of the giant benefit to identify vulnerabilities unknown to date.
There is therefore a risk that hackers operate a return to the date of their choice, and despite the security enhancements introduced by Google.
These threats could explain the arrival of a geolocation tool in Gmail (to check if the connection is from a usual place).
For, according to an anonymous source close to the investigation, the intruders have targeted especially the jobs of developers in the Gaia ... And tried to access the source files of the application. How it had it been planned?
Using the information in "moma", an internal file that lists all employees and their activities.
Source:
The New York Times
Developpez.com
Spamssss !!
Argggg. Spam, spam and spams !
Less than one year that I've opened my blog and I already have more than 1000 spams caught !
A hacker sentenced to 20 years in jail for datas stealing
After a long deliberation, it is a heavy verdict was delivered several months late on the date announced in early trials.
Remember in late 2009, we had talked of Albert Gonzalez, the pirate who stole more than 130 million numbers of credit cards.
At his trial, he had finally decided to plead guilty.
The attacker was disturbed 28 years of the sentence awaiting him, but he expected a sentence too heavy?
On Thursday, he was sentenced by a court in Boston (Massachusetts) to twenty years imprisonment.
This is the highest penalty ever imposed for piracy data
The 28 year old man did not stop in so good way, and it will compare this weekend to charges of conspiracy, computer fraud and identity theft for other acts of piracy.
His sentence could thus extend to 5 years.
American justice has wanted to make this case an example, as explained by Judge Patti Saris: "Even if you have any remorse (...), I must send a message, given the enormous cost of your crime" .
Albert Gonzales was most hidden one million dollars in the garden of her parents. Amount he has returned to the authorities to repay some of his victims.
Gonzales wanted to put 15 million dollars later, bought a yacht and retire. It will take, for sure, but in the shade.
Source : developpez.com
Pwn2Own: an iPhone hacked in 20 seconds
When Pwn2Own hacking contest, the database that contains the SMS from the iPhone did not take long.
Two hackers, enzo Iozzo and Ralf Philipp Weinmann, managed to introduce himself and to copy any content (including SMS, which had been deleted) by redirecting users to a compromised website.
All this in record time, since they were just 20 seconds to suck all the data from the database of the iPhone. their technique could also provide access to contacts, photos, audio, etc ... the smartphone.
The two men received $ 15,000 for their victory, and details of their achievement will not be revealed until Apple has been informed of this vulnerability and the patch it.
Souce : developpez.com
First malware to practice overwrite discovered hidden in an Adobe Updater
A malicious code has been spotted for the first time by computer security experts.
Indeed, researchers have discovered a malware that replaces the updates to certain applications. Usually, such programs do not overwrite practice.
Only computers running Windows are affected. The malware hides in the form of an updater for Adobe products or Java. A variant mimics Adobe Reader v.9 and overwrite AdobeUpdater.exe, which aims to connect regularly to the Adobe servers to check if a new version is available.
Once installed on a warm machine, the malware opens a client DHCP (Dynamic Host Configuration Protocol), DNS (Domain Name System), a network share, and a port to receive commands.
According to an expert at Trend Micro, good antivirus should detect this threat. It also states that infected computers will be altered even after uninstalling the malware, because they will lose the auto-update any infected software, exposing the machine has other threats if patches can not then be quickly installed (because of this defect). It will indeed users victim of these malicious codes, start to download updates to their hand, what some will do or will not want to do.
Source : Nguyen Cong Cuong's blog (Security analyst)
Techcrunch.com down !
Here's what you see when you want to go to techcrunch.com this morning...
WordPress targeted by a worm
The society Automattic, WordPress platform editor, alert users about a worm that's targetting WordPress blogs. This alert is for the admins that have there blog on there own server.
All site that are not under WP 2.8.4 should update as soon as possible.
How to Keep WordPress Secure
An article about how it's important to keep your WordPress up to date, and how to secure your blog was posted on the WordPress.org development blog.
Read it full
Faille critique dans Linux
Une faille importante se trouvant dans tout les Linux depuis 2001 (de la version 2.4.4 à 2.4.37.4 et de la version 2.6.0 à 2.6.30.4), donc pouvant toucher toutes les distributions actuelles a été découverte par deux ingénieurs de Google.
Cette faille est une mauvaise gestion d'un pointeur dans une fonction de socket réseau. Elle permettrait au pirate d'exécuter du code en mode noyau, faisant ainsi sauter tout restriction d'accès sur la machine.
Linux Torvald lui-même a publié le patch. Vérifiez vos mises à jour.