javascript hit counter
Close

This site uses cookies. You can read how we use them in our privacy policy.

Windows-8-picture-password.jpgThinking of swapping your trusty typed log-in passwords for one of Windows 8's fancy picture passwords? That may be a bad idea, as a new paper published by researchers at Arizona State University and Delaware State University suggests that they may be a bit too easy to crack.

Microsoft's Picture Gesture Authentication (PGA) system lets you draw three gestures on an image with your finger or stylus on a touch-based machine, or with a mouse on a standard laptop or desktop, which can then be used as a password. Images can be drawn from your personal photos stored in the Windows 8 Picture Library, or from a default set offered up by the OS.

However, the gestures can't be freely applied, with the OS automatically converting squiggles into either a tap, line or circle. On top of that, researchers using a custom web-based PGA system similar to the Windows one found that users picked out prominent points of interest on the pictures to apply the gestures to, such as a person's nose, or a standout object in the image.

Quizzing 685 respondents, the project found that just 9.8% said they randomly chose to draw without considering the background image, while 60.3% admitted that they looked for locations where "special objects" were, 22.1% where "special shapes" were, and 8.3% where "colours are different from their surroundings".

The researchers then applied these findings to create an experimental model and attack framework, generating algorithms based on the user data to crack a series of PGA passwords. Keeping the Windows 8 five log-in attempt limit in mind, the researchers were able to crack 48% of passwords from unseen pictures in the first dataset, and 24% in a second data set.

While not showing the password system to be a total cakewalk to crack, the research certainly shows the PGA to be at the very least no better than a standard alphanumeric code. If you insist on using the PGA system, avoid family photos then, and go for something trippy like a Magic Eye image instead.

lulzsec-logo.jpgMembers of the LulzSec "hacktivisit" hacking collective have today been sentenced for their part in a string of high-profile web attacks that targeted companies including Electronic Arts, Sony, Fox News and the CIA.

All four of the group on trial each received a custodial sentence after pleading guilty, with a combined total of over eight years overall.

Jake Davis (known by the alias Topiary) received a two year sentence in a young offender's institution. Mustafa al-Bassam (AKA T-Flow) was handed a 20-month prison sentence suspended for two years along with 300 hours of unpaid community service work. Ryan Cleary was issued a 32 month sentence, and Ryan Ackroyd was given a 30 month sentence. Cleary and Ackroyd however are only expected to serve half of their sentences in jail.

"The actions of these Lulzsec hackers were cowardly and vindictive. The harm they caused was foreseeable, extensive and intended. Indeed, they boasted of how clever they were with a complete disregard for the impact their actions had on real people's lives," said Andrew Hadik, CPS London reviewing lawyer.

"Whilst aggressively protecting their own privacy and identities, they set out to hack and publish hundreds of thousands of innocent individuals' private details. Companies also suffered serious financial and reputational damage. A senior executive of one American company lost his job and had to move his young family because of death threats."

For Hadik, the sentencing will act as a stark reminder for would-be hackers that, despite their relative anonymity at times, they are not above the law and will be found.

"Coordinating and carrying out these attacks from the safety of their own bedrooms may have made the group feel detached from the consequences of their actions. But to say it was all a bit of fun in no way reflects the reality of their actions. They were in fact committing serious criminal offences for which they have been successfully prosecuted. This case should serve as a warning to other cyber-criminals that they are not invincible."

white-house-top.JPGThe Associated Press had its Twitter account hacked last night, leading to a tweet that claimed the White House had been rocked by a series of explosions, injuring President Barack Obama.

The false message read: "Breaking: Two Explosions in the White House and Barack Obama is injured."

Causing US markets to be startled, with the Dow Jones Industrial Average dropping 150 points, the Associated Press temporarily suspended its account, advising that all tweets sent from the account should be ignored.

AP said later: "The @AP twitter account has been hacked. The tweet about an attack at the White House is false."

White House spokesman Jay Carney soon told reporters that the scare had been a hoax and the financial markets stabilised.

A group stating support for Syrian President Bashar al-Assad took responsibility for the attacks, tweeting: "Ops! @AP get owned by Syrian Electronic Army! #SEA #Syria #ByeByeObama."

The FBI are now said to be investigating the cyber attack.

Staff at the Associated Press say the hack came soon after a well disguised phishing email, made to look as though it had been sent by another member of staff, requested password and login details.


lulzsec-logo.jpgThree British members of the LulzSec "hacktivist" hacking circle, responsible for cyber attacks on the Sony, Nintendo, the NHS, CIA, 20th Century Fox and News International, have pleaded guilty to computer hacking charges.

Ryan Akroyd, 26, admitted to the Southwark Crown Court to one count of carrying out an unauthorised act to impair the operation of a computer during the spree of attacks that rocked the web back in 2011. Akroyd would have faced a trial for the above offences.

Speaking of Akroyd, Crown Prosecutor Prosecutor Sandip Patel told the court: "He was the hacker, so to speak; they turned to him for his expertise as a hacker."

Also pleading guilty were co-defendants Mustafa Al-Bassam, 18, and Jake Davis, 20, also known in hacking circles as Topiary.

Sentencing will be laid down on May 14.

The latest LulzSec developments follow the arrest and charging of Ryan Cleary, 21, who pled guilty to six computer hacking charges last June.

zuckerberg-small-faces.jpgSocial networking giant Facebook have been hit by what it describes as a "sophisticated" hacking attack through a previously unknown loophole in its systems.

Though the company insists that none of the personal data belonging to its 1 billion+ users was compromised, Mark Zuckerberg's employee team found their computers had been infected with malware code.

Facebook's security teams have identified the root of the attack to be the website of a mobile applications developer that itself had been compromised. It exploited a flaw in Oracle's Java software.

However, the company believe they were not the only California-based company to be hit by the attack.

Revealing all in a blog post, Facebook stated that:

"Last month, Facebook security discovered that our systems had been targeted in a sophisticated attack.

"Facebook was not alone in this attack. It is clear that others were attacked and infiltrated recently as well."

Though Facebook's sensitive data remains unharmed by the attack, the same can't be said of Twitter following a recent attack on its systems. The micro-blogging service reported that earlier this month 250,000 usernames, passwords and email addresses were harvested by hackers, calling the attack "not the work of amateurs".

Some security specialists believe that the latest spate of high-profile attacks on prominent US-based websites is not the work of bedroom hackers, but a larger cyber espionage campaign. The National Intelligence estimate also claims that US intelligence services, financial services, aerospace and other technology companies have been targeted, while the New York Times, Washington Post and Wall Street Journal have all been attacked by what they believe were hackers funded by the Chinese government.

password-top-use.jpgAre our computer usage habits evolving so slowly that, in the year 2012, the most popular password is still "PASSWORD"? Seriously?? What idiots are they churning out in ICT classes these days?

According to SplashData, who've pooled together data from millions of stolen passwords posted online by hackers in 2012 (ranked by popularity), it makes for frankly embarrassing reading. "123456"?, "qwerty"???

I do have a soft spot for "jesus" and "ninja". "jesusninja" might have been a better bet though.

And the irony of "trustno1" in at number 12 is not lost on us.

The top 25 is as follows:

1. password (Unchanged)
2, 123456 (Unchanged)
3. 12345678 (Unchanged)
4. abc123 (Up 1)
5. qwerty (Down 1)
6. monkey (Unchanged)
7. letmein (Up 1)
8. dragon (Up 2)
9. 111111 (Up 3)
10. baseball (Up 1)
11. iloveyou (Up 2)
12. trustno1 (Down 3)
13. 1234567 (Down 6)
14. sunshine (Up 1)
15. master (Down 1)
16. 123123 (Up 4)
17. welcome (New)
18. shadow (Up 1)
19. ashley (Down 3)
20. football (Up 5)
21. jesus (New)
22. michael (Up 2)
23. ninja (New)
24. mustang (New)
25. password1 (New)

Via: PR Web

Andy_Murray_gold.jpgAndy Murray has been named the most dangerous British Olympic athlete, but not perhaps for the reasons you'd first think. No, it's not his speeding-bullet tennis serve, nor the thought of his (frankly terrifying) mum flying at you in a fit of rage. Rather, Andy Murray has been named the most dangerous British athlete in cyberspace.

Of all the most searched for British athletes on the web, search results returned for "Andy Murray" proved to hold the greatest risk for web users, according to web security firm McAfee.

Simple searches like "Andy Murray videos" or "Andy Murray downloads" returned more spyware, malware and computer security threats designed to steal personal information than any other British athlete.

Football star Ryan Giggs was found to be the second most dangerous British athlete in cyber space with gymnast Louis Smith (3), platform diver Tom Daley (4) and Mark Cavendish wrapping up the top 5.

"Cyber-crooks keep their finger on the pulse and adapt their scams to appeal to whatever we're most likely to be searching for", explained Raj Samani, CTO, McAfee EMEA.

"Andy Murray has seen regular press attention in his battle to become a serious contender in his sport, so it's no surprise that the bad guys have taken advantage of his popularity to target consumers. To keep your valuable data and devices safe over this summer of sports, surf securely by ensuring the sites you visit have been verified as safe."

It'll certainly give something for Murray's formidable rivals Roger Federer and Rafael Nadal to mull over next time they're researching the Scot's tennis techniques online.

icloud-page.jpgApple and Amazon have both pulled the ability to reset password information over-the-phone after a high profile tech journalist was hacked, leaving egg on the faces of two of the world's largest tech companies.

Wired writer Mat Honan's iCloud account was haked and wiped, costing him all the data on his iPhone, iPad and MacBook Air within minutes. Hackers had used a loophole in Apple's Applecare and Amazon's phone-based tech support.

They added a new credit card to Honan's Amazon account (which merely required Honan's name, email address and billing address), and used the new card details to reset his password.

Using the same details, they phone Applecare, impersonating Honan. They were even able to blag their way past Honan's security questions.

Apple have now told Wired that they have put a hold on phone access to security features in order to figure out exactly what went wrong. Amazon are doing likewise, telling CNET:

"We have investigated the reported exploit and can confirm that the exploit has been closed as of yesterday afternoon."

Both Apple and Amazon will need to publicly make clear any reforms they have put in place following this lapse of security in order to renew consumer confidence in their security procedures once more.

computer-says-no-dns-changer.jpgThere's a new king of nasty computer viruses in town, and it's name is DNS Changer. It threatens to shut down the internet. But that's impossible right? Becca Caddy of our pals Shiny Shiny looks into the threat. Should we be panic buying eBay tat, or is this another case of "Millennium Bug" hysteria?

Crazy zombie attacks and now threats that the internet could die next week, we really don't like how many similarities there are between the past few months and a low budget apocalyptic movie (we do, it's much more exciting than everyday life).

But is it true that the ominous DNS Changer virus could really shut down the internet as we know it? Or is it a threat about as serious as the "Millennium bug", which from what we can remember amounted to ABSOLUTELY NOTHING.

DNS Changer is a type of malware that first appeared back in 2007. It works by taking controller of DNS servers, which means when you try to visit one site you're redirected to another (often filled with ads and malicious content), money is made from your visit and then you're sent on your way to the site you originally wanted to get to (check out the FBI website for more information).

Although DNS Changer has been around for a while, it wasn't until last November that the FBI stepped in, took control of it and arrested the criminals behind it. However, the FBI has left the botnet running, because shutting it down would lead to lots of disrupted internet connections.

Until now.

On Monday the FBI will take the final steps to shut down the botnet and although big organisations and governments have been prompted to clean their systems, it's expected that more than 350,000 people will lose their internet connections and around 20,000 of those are in the UK. However, it's not just non tech savvy users that are at risk, despite warnings when The Register spoke with security firm IID, they suggested that 12% of Fortune 500 firms could be among those affected.

Although 350,000 infected computers sounds like a lot, when there's more than 2 billion currently online it seems Monday could lead to a lot of problems, headaches and IT department nightmares, but you can breathe easy, the internet isn't going to curl up and die. Not yet anyway.

Read more about DNS Changer over on the FBI website and find out if your comptuer has been violated with DCWG Detect.

linkedin_icon-4.jpgLinkedIn have reassured their userbase that no accounts were breached despite hackers grabbing some 6.5 million passwords last week in the biggest security attack the business-focussed network has ever experienced.

LinkedIn have stated that quick action on their behalf (disabling all affected passwords and quickly notifying affected users) prevented any further damage to users of the service.

"Thus far, we have no reports of member accounts being breached as a result of the stolen passwords," said LinkedIn director Vincente Silveira on the company blog.

"As soon as we learned of the theft, we launched an investigation to confirm that the passwords were LinkedIn member passwords," he continued.

"Once confirmed, we immediately began to address the risk to our members.

"We have built a world-class security team here at LinkedIn including experts such as Ganesh Krishnan, formerly vice president and chief information security officer at Yahoo!, who joined us in 2010. This team reports directly to LinkedIn's senior vice president of operations, David Henke.

"Under this team's leadership, one of our major initiatives was the transition from a password database system that hashed passwords, i.e. provided one layer of encoding, to a system that both hashed and salted the passwords, i.e. provided an extra layer of protection that is a widely recognized best practice within the industry."

No word yet on who carried out the attack, but LinkedIn are taking the whole thing very seriously indeed, enlisting the help of the FBI to catch the perpetrators.

Here's a quick lesson in Laptop Usage 101: never, EVER leave your machine unattended in a public place. EVER.

For starters, it could be stolen, like anything of reasonable value. Potentially worse is the fact that someone could access your priceless personal information in your absence, getting all sorts of juicy, valuable details while you're away.

Or, the ultimate disaster; some plucky prankster could trigger a porno video to play at full volume at an inopportune time, making it impossible to close, nor hide your infinite embarrassment.

As seen in action here. The mark in question was targeted in a library too, a place only beaten in the silent embarrassment stakes by a funeral parlour.

You have been warned!

Via: Reddit

flames.jpgSecurity specialists Kaspersky Lab have today highlighted a new threat to PC users' security. A program known as Worm.Win32.Flame, or Flame for short, is causing havoc for PC users across the globe.

It's a particularly nasty piece of work, with Kaspersky Lab stating that "the complexity and functionality of the newly discovered malicious program exceeds those of all other cyber menaces known to date."

According to Kaspersky Labs, the program is "designed to carry out cyber espionage", and is capable of accessing a computer and stealing display contents, files, data and saved audio conversations.

Though only recently uncovered by Kaspersky Lab whilst investigating the equally-malicious Wiper worm at the request of the International Telecommunication Union (ITU), Flame is believed to have existed since March 2010.

"It's important to understand that such cyber weapons can easily be used against any country," said CEO Eugene Kaspersky, describing it as "another phase" in the PC security war started by the previous Stuxnet and Duqu viruses.

"Unlike with conventional warfare, the more developed countries are actually the most vulnerable in this case."

Chief security expert at Kaspesky Lab Alexander Gostev added that, "One of the most alarming facts is that the Flame cyber-attack campaign is currently in its active phase, and its operator is consistently surveying infected systems, collecting information and targeting new systems to accomplish its unknown goals."

In order to quell the threat of Flame, the ITU is activating the ITU-Impact network, which will sees 142 countries and a number of PC security companies working together to alert governments in order prepare to defend against the potential problems that the program could cause.

Apple believe they have found a fix for the Flashback trojan which is thought to have infected some 600,000 Mac computers across the globe.

Flashback is a botnet that can issue commands to infected machines, harvesting usernames and passwords for nefarious means. Though Macs in particular have been hit hard by the trojan, the problem is not directly due to vulnerabilities in the Mac OS X software, but with Java.

Apple last week issued a makeshift Java fix for the Flashback problem, and yesterday posted news on their Knowledge Base website that a more comprehensive fix that would detect and remove Flashback is on the way. Apple will also be working with internet service providers to "disable the command and control network" that hijacks the machines.

"A recent version of malicious software called Flashback exploits a security flaw in Java in order to install itself on Macs.

"Apple released a Java update on April 3, 2012 that fixes the Java security flaw for systems running OS X v10.7 and Mac OS X v10.6. By default, your Mac automatically checks for software updates every week, but you can change that setting in Software Update preferences. You can also run Software Update at any time to manually check for the latest updates.

"Apple is developing software that will detect and remove the Flashback malware.

"In addition to the Java vulnerability, the Flashback malware relies on computer servers hosted by the malware authors to perform many of its critical functions. Apple is working with ISPs worldwide to disable this command and control network."

Via: AllThingsD

chrome-logo.jpgGoogle Chrome users beware: a series of new extensions claiming to add customisation options to your Facebook profile are in fact malicious tools created by hackers intended to hijack your social networking accounts.

Hiding in plain sight on the official Google Chrome web app store, installing one of the extensions results in a Chrome user losing control of their Facebook account, which then spams all the people on the user's Facebook friends list with links to the extension and adding "Likes" to pages.

As if the presumed credibility given to the extensions thanks to their visibility on the official store wasn't enough, the nasty add-ons are also being advertised on Facebook too! Again claiming to offer customisation options, the adverts redirect to the Chrome store, giving the impression to naive web users that the extension is endorsed by both Google and Facebook.

To make matters worse, the extensions are also masquerading as reputable apps, with one listed as the Adobe Flash Player, adding further confusion to the situation.

The extensions are thought to be used by scammers (in this case based in Brazil) who've been paid to artificially increase a Facebook page's number of fans.

Security experts are now urging users to check and then double-check Chrome extensions' credentials before adding them to the browser.

lady_gaga_thumb.jpg
Lady Gaga is the latest celebrity to see her social networking accounts hacked by scammers.

One of the true "Twitterati" with over 17 million Twitter followers and 45 million Facebook "Likes", the Bad Romance star fell foul to a hack that saw her fans lured towards a fake iPad 2 giveaway.

Unbeknownst to the singer, her Twitter account posted the message; ""Monsters, I'm giving away FREE iPad2's to each one of you in the spirit of the holidays :)", a seemingly genuine post, considering she uses the name "monsters" to refer to her fanbase.

However, the message also contained a link to a dodgy Blogspot site (which has since been removed) that collected the personal details of her fans.

A similar attack was made on her Facebook account. Two posts were made, one reading "Lady Gaga's new iPad comes out in 3 days!" and another that said: "So for the next 72 hours we will be hosting a massive giveaway to all the Mother Monster fans. Sign up and receive your special Lady Gaga edition iPad in time for the Holidays! For contest rules and registration visit the link below."

Likewise, these links were also scams. Gaga has since re-gained control of her accounts, posting "Phew. The hacking is over! And just in time, I'm on my way to Japan! So excited to spend Xmastime with my TokyoMonsters!"

Lady Gaga would have been quite out of pocket had the offer been real. Had she given each of her Twitter and Facebook fans a free iPad 2, as the posts suggested she would, she'd have racked up a whopping bill from Apple in the region of $25 billion!

Via: BBC

sesamestreet.jpgSesame Street's YouTube channel, a popular online destination for kids, was hacked in the afternoon of Sunday 16th October, with the entire contents of the video-hosting page replaced with hardcore pornography.

Accessible for around 20 minutes before YouTube pulled the page, hackers had also altered the channel's appearance so that famous Sesame Street characters had a shocked appearance on their faces, while the tagline "It's where porn lives" was added underneath the main logo. The channel's profile description was also changed so that it read:

"WHO DOESN'T LOVE PORN KIDS? RIGHT! EVERYONE LOVES IT! IM MREDXWX AND MY PARTNER MRSUICIDER91 ARE HERE TO BRING YOU MANY NICE CONTENT! PLEASE DON'T LET SESAME STREET TO GET THIS ACCOUNT BACK KIDS :( PLEASE...LET ME AND MRSUICIDER91 HAVE IT AND WE GONNA MAKE ALL THE AMERICA HAPPY!"

The attack was thought to be an anonymous attempt to frame regular YouTube gaming contributor MrEdxwx, who has denied involvement.

"I did not hack Sesame Street. I am an honsest (sic) youtuber. I work hard to make quality gameplay videos. AND MOST IMPORTANT I RESPECT COMMUNITY GUIDELINES," said MrEdxwx.

"The truth of the matter is that the channel is regularly visited by young children, and parents trust that the page will be safe for them to view," said Graham Cluley, senior technology consultant at web safety specialists Sophos.

"Attacks like this prove that websites with particularly vulnerable audiences need to be monitored regularly, and protected with the highest possible security controls. In addition, parents need to be extra vigilant about keeping an eye on the websites their children are visiting - and remember that even the seemingly most innocent websites can be compromised."

No-one has yet come forward to claim responsibility for the attack.

REVIEW: Acronis True Image Home 2012

3 Comments

acronis-3.jpg
Name: Acronis True Image Home 2012

Type: PC data back-up utility

System requirements: Click here for full details

Price: £39.95 (£23.95 if upgrading from previous edition)


review-line.JPGBacking-up PC data can be a chore, but it's a necessary pain if you hope to protect your sensitive and precious files from the odd ghost in the system. The Acronis True Image Home 2012 suite aims to take the hassle out of backing up your files, while also having enough flexibility to sate the appetite of even the most avid PC tinkerer. Read on for our verdict.
review-line.JPG

Rather than focussing on one form of data back-up, the Acronis True Image Home 2012 suite offers the complete package. Be it online back-ups, file-based or continuous incremental back-ups of whole drives as they update, drive image creation or images of partitions, the software pops all methods into a single neat product.

Whether you're using True Image Home 2012's Nonstop Back-up feature to keep your My Documents folder safely duplicated as you pop new files inside, or using an Acronis True Image Online account to synchronise local folders with a network or a laptop (which follows similar concepts to those that use the Dropbox service), there's a solution for pretty much every situation.

acronis-1.jpg

It's all presented in such a way as to be make it comfortable to use for even those who find the thought of back-up processed intimidating. A re-vamped interface opens with a "Get Started", which offers tutorials on "How to back up?", "When to recover?" and "What is sync?". Whatever your skill level, Acronis have done a fairly good job of walking you through each step of each back-up process.

Of course, if you're familiar with the concepts of preserving your files, you can dive straight in with the Backup and recovery" tab and picking from options like: "Disk and partition", "Online", "File", "Email" and "Nonstop backup". Again the interface is clear, letting you easily pick source and destination locations, and in the case of Online and File back-up processes, offering check-box style controls to select the precise files that need copying.

It's all highly configurable too, letting you set back-up schedules, password protect resulting archives and (in the case of the online back-up tools) set network bandwidth limits so that your uploads to the Acronis servers don't totally drain your internet speeds. Archives are created in manageable sizes, and the True Image Home 2012 processes can run happily in the background without hogging too much of your system's resources. The program had a few issues recognising a Crucial solid-state drive we were testing with that hadn't been assigned a drive letter, but it's a problem that seemed unique to our set-up.

acronis-2.jpg

Those looking for very specific back-up tools will be pleased to discover True Home Image 2012's Email Back-up and Try&Decide tools. Outlook users in particular will benefit from Email Back-Up, letting you quickly and effectively archive all inbox messages and contacts, saving invaluable stuff in the case of a disaster be you a business owner working from home or simply a person who'd simply die if they lost their email-archived holiday snaps. Try&Decide was our personal favourite tool, letting you road-test risky installations (say a work-in-progress driver or a download from an untrusted source) and then revert back quickly and simply to a prior state if you encounter any problems.

These are among a long list of features already present in previous versions of True Image Home 2012. Managing all these options could potentially become a pain, but again a clear UI means that it's simply a matter of checking a list in the Back-up and Recovery tab to keep on top of everything lined up.

review-line.JPG

Verdict:

While the computer whiz-kids amongst us will already have fool-proof methods for manually creating back-up copies of their valuable files, True Image Home 2012 makes the whole process much simpler for newbies. There's also enough smart features (like Try and Decide) to make even those with their own tried-and-tested back-up methods consider giving this a try. It's not without its quirks, and the full suite of online support isn't the most competitively priced, but it comes strongly recommended nonetheless..

review-line.JPG

4/5
review-line.JPG


An automated Skype call has been plaguing users of the video calling service over the last few days, encouraging them to download a dubious anti-virus program in order to protect themselves from non-existant threats.

A computer-generated voice has been contacting users, stating that their systems are vulnerable before directing them to a website that asks for their personal details before charging them for a piece of mostly useless malware protection.

The voice messages in the automated calls say:

"Attention: this is an automated computer system alert. Your computer protection service is not active. To activate computer protection, and repair your computer, go to [LINK]"

"As more and more people become acquainted with the tricks used by internet scammers and cybercriminals, scammers are pressed to find new social engineering tricks in the hope of duping the unwary. Fake anti-virus or 'scareware' is an increasingly common example of this, and takes advantage of those worried enough to visit such dubious sites," said Graham Cluley, senior technology consultant at Sophos.

"Personally, I wouldn't want to trust any product which uses Skype spam techniques to advertise itself, and presents itself in such an underhand manner. Skype users need to be vigilant in their privacy settings to combat this, and unsolicited Skype calls can be stopped by amending privacy settings so that only users listed in your contacts can get in touch with you."

Hit the video above to see the attack in action, courtesy of Naked Security. The guy gets pretty annoyed, so be ready for some strong language.

v-vendetta.jpgAnonymous, the hacking collective behind the recent attack on the Syrian Ministry of Defence website and thought to have played a hand in the major PlayStation 3 PSN outage earlier this year, are planning a major attack on Facebook for Novemeber 5th 2011.

The "medium of communication you all so dearly adore will be destroyed" claim the group, spreading thier plans via a YouTube video:

Part of the anti-sec movement that aim for complete transparency of personal digital information, they claim that "Facebook has been selling information to government agencies and giving clandestine access to information security firms so that they can spy on people from all around the world. Some of these so-called whitehat infosec firms are working for authoritarian governments, such as those of Egypt and Syria."

The date is chosen to coincide with Guy Fawkes Night (or Fireworks Night as it is otherwise known), named after the infamous member of the "Gunpowder Plot" who in 1605 planned to Houses of Parliament and assassinate King James. In the cult graphic novel/movie "V for Vendetta", the anonymous activist V wears a Guy Fawkes mask, which has since become a symbol of both the Anonymous hacking collective and anonymous protest and activism worldwide.

All the Guy Fawkes references don't bode well for Anonymous however; Fawkes met a sticky end at the hands of torturers and was executed after the Gunpowder Plot failed.

Scroll down for the full transcription of the threat.

Operation Facebook

DATE: November 5, 2011.


TARGET: https://facebook.com

Press:
Twitter : https://twitter.com/OP_Facebook
http://piratepad.net/YCPcpwrl09
Irc.Anonops.Li #OpFaceBook
Message:

Attention citizens of the world,

We wish to get your attention, hoping you heed the warnings as follows:
Your medium of communication you all so dearly adore will be destroyed. If you are a willing hacktivist or a guy who just wants to protect the freedom of information then join the cause and kill facebook for the sake of your own privacy.

Facebook has been selling information to government agencies and giving clandestine access to information security firms so that they can spy on people from all around the world. Some of these so-called whitehat infosec firms are working for authoritarian governments, such as those of Egypt and Syria.

Everything you do on Facebook stays on Facebook regardless of your "privacy" settings, and deleting your account is impossible, even if you "delete" your account, all your personal info stays on Facebook and can be recovered at any time. Changing the privacy settings to make your Facebook account more "private" is also a delusion. Facebook knows more about you than your family. http://www.physorg.com/news170614271.html http://itgrunts.com/2010/10/07/facebook-steals-numbers-and-data-from-your-iph....

You cannot hide from the reality in which you, the people of the internet, live in. Facebook is the opposite of the Antisec cause. You are not safe from them nor from any government. One day you will look back on this and realise what we have done here is right, you will thank the rulers of the internet, we are not harming you but saving you.

The riots are underway. It is not a battle over the future of privacy and publicity. It is a battle for choice and informed consent. It's unfolding because people are being raped, tickled, molested, and confused into doing things where they don't understand the consequences. Facebook keeps saying that it gives users choices, but that is completely false. It gives users the illusion of and hides the details away from them "for their own good" while they then make millions off of you. When a service is "free," it really means they're making money off of you and your information.

Think for a while and prepare for a day that will go down in history. November 5 2011, #opfacebook . Engaged.

This is our world now. We exist without nationality, without religious bias. We have the right to not be surveilled, not be stalked, and not be used for profit. We have the right to not live as slaves.

We are anonymous
We are legion
We do not forgive
We do not forget
Expect us

pottermore-vid.jpg
Harry Potter fans looking to get early access to the Pottermore social network ahead of its October opening are being tricked by dark web magic. No, it's not Voldemort hitting the internet killswitch, but a gang of scammers selling fake "early access" accounts to Pottermore.

Christopher Boyd of GFI labs has uncovered a number of deathly plots targetting Pot-heads (as we like to call Potter fans here at Tech Digest). From info harvesting surveys to spam marketing and bogus account sales, there's enough ne'er do wells exploiting Pottermore to fill the whole of Azkaban by the looks of things.

"You can expect more hacked sites serving Malware alongside poisoned search engine results - both text and image. If your kids are happily babbling on about the joys of Pottermore, it may well be worth sitting down with them and pointing out the types of shenanigans they need to avoid," said Boyd.

Due to launch in October, Pottermore will be the new online home for Harry Potter, as well as acting as a social network for fans of the boy wizard to interact through. As well as offering exclusive content and the possibility of new stories from the wizarding world, Pottermore will be the only place where you can download official ebook versions of the popular series of novels.

©2014 Shiny Digital Privacy Policy
Related Posts with Thumbnails