Security Briefing 1.24.17
The way Facebook handled videos – via ID # — allowed for anyone to essentially hijack and delete any video at all on the site, Dan Melamed said Monday. Facebook paid a researcher $10,000 for finding this vulnerability last summer – it was immediately patched.
A newly discovered Twitter botnet has been lying dormant for over three years, although it includes more than 350,000 bot accounts, researchers at the University College London have discovered. Strangely, the bots only tweet things relating to Star Wars, hence Star Wars botnet.
Dovecot, an IMAP mail server, has recently been hailed as being ‘nearly impenetrable’ from a security standpoint by German security team Cure53. Dovecot is the most popular IMAP mail server in the world, accounting for 68% of IMAP servers.
The team at SplashData took a look a look at more than five million passwords that were stolen from enterprises and leaked to the public last year to get a feel for the types of authentication secrets people use in real world. The results aren’t pretty. 123456 was the most commonly used password, followed by password.
The United States Army has an initiative called ‘Hack the Army’ where they pay researchers and hackers to diagnose vulnerabilities. Last year they received 400 bug reports and paid more than $100,000 to hackers who found 18 unique bugs. This is becoming more of a common trend—having the good guys diagnose problems and pay them before the bad guys can figure them out.
In a recent post on their official blog, Israel Defense Force (IDF) detailed how Hamas operatives used social engineering to trick IDF soldiers into installing malicious apps on their phone that allowed for easy eavesdropping, all by using some of the oldest tricks in the book. Fake profiles of pretty women who were really, really, interested in them, then convince them to download an app to talk outside of Facebook.
A college that sacked its IT administrator is claiming that he took his admin password with him, wiped it clean off his work PC (and “damaged” the machine to the point where it’s no longer usable), thereby rendered the school incapable of accessing its Gmail account, deprived some 2,000 students of their email and coursework, and is now suing him for $250,000 in damages. The ex-IT administrator has offered to help, for $200,000.
We all knew it would happen eventually. The Islamic State has plenty of money for bad things, but super drones – like the ones we use – are astronomically expensive. So it is much easier to take hobby drones and fashion bombs out of them. In fact, in October, 2 Kurdish fighters were killed when they were inspecting a drone they shot down that detonated.