A Blurb about Recent High-Profile Hacks
Yes, it has happened again. A few big-name sites including Microsoft, Apple, The New York Times, and The Wall Street Journal have been hacked. That was a surprise to you, right? Facebook and Twitter are also among the growing list of victims. Facebook stated in a recent blog post titled “Protecting People On Facebook” (cough): “… we never stop working to protect the people who use our service.” Ummm… Yeah, right. Start protecting users from YOUR unethical practices, and I might start to believe that statement.
Ahem… Anyway, facebook’s debacle was apparently caused by certain employees messing around on a particular mobile developer internet site. They claim that no user information was compromised. Wait… I’m being too optimistic here. They actually said, “We have found no evidence that Facebook user data was compromised.“ No evidence. They further state (quote):
“Last month, Facebook Security discovered that our systems had been targeted in a sophisticated attack. This attack occurred when a handful of employees visited a mobile developer website that was compromised. The compromised website hosted an exploit which then allowed malware to be installed on these employee laptops. The laptops were fully-patched and running up-to-date anti-virus software. As soon as we discovered the presence of the malware, we remediated all infected machines, informed law enforcement, and began a significant investigation that continues to this day.
Facebook Security has a team dedicated to tracking threats and monitoring our infrastructure for attacks at all times. In this particular instance, we flagged a suspicious domain in our corporate DNS logs and tracked it back to an employee laptop. Upon conducting a forensic examination of that laptop, we identified a malicious file, and then searched company-wide and flagged several other compromised employee laptops.
After analyzing the compromised website where the attack originated, we found it was using a “zero-day” (previously unseen) exploit to bypass the Java sandbox (built-in protections) to install the malware. We immediately reported the exploit to Oracle, and they confirmed our findings and provided a patch on February 1, 2013, that addresses this vulnerability.
– Foremost, we have found no evidence that Facebook user data was compromised.”
As I previously mentioned, other services also fell victim. Twitter wrote about it in their “Keeping our users secure” blog post. Gotta love these post titles, right? Twitter states:
“This week, we detected unusual access patterns that led to us identifying unauthorized access attempts to Twitter user data. We discovered one live attack and were able to shut it down in process moments later. However, our investigation has thus far indicated that the attackers may have had access to limited user information – usernames, email addresses, session tokens and encrypted/salted versions of passwords – for approximately 250,000 users.
As a precautionary security measure, we have reset passwords and revoked session tokens for these accounts. If your account was one of them, you will have recently received (or will shortly) an email from us at the address associated with your Twitter account notifying you that you will need to create a new password. Your old password will not work when you try to log in to Twitter.
We also echo the advisory from the U.S. Department of Homeland Security and security experts to encourage users to disable Java on their computers in their browsers.”
Yes, it appears that Oracle’s Java 7 is the common denominator, and many sites have recommended that users disable java in their browsers. To that end, sites are pointing users to java (dot) com for directions on just how to do that. Will you? Your other option is to download Java 7 update 11 as updates 10 and earlier carry this vulnerability. Regardless of what you choose to so, I suggest you read the very detailed information put out by Oracle and CERT.
Several of the hit companies claim the source of the cyber attacks is China. China has denied these accusations. Regardless of the source, this is the time to protect yourself if you haven’t already.
Additional information from a few of the affected sites:
Be safe out there in cyber-land, and thanks for reading!