Archive | May, 2011

Lockheed Martin Hacked – Rumoured To Be Linked to RSA SecurID Breach

Your website & network are Hackable


You all probably remember the big kerfuffle that occurred after RSA got hacked, it was widely assumed that the SecurID system was compromised somehow and could not be relied on. We reported about it in the article – RSA Silent About Compromise For 7 Days – Assume SecurID Is Broken – where we questioned their silence about the whole thing.

The latest news linked to the above breach is that Lockheed Martin has been compromised and it could possibly be linked to the SecurID tokens. Now this is a BIG deal as they are a US Military contractor and probably have some pretty juicy secrets in their network.

Lockheed Martin Saturday night acknowledged that it its information systems network had been the target of a “significant and tenacious attack,” but said that its security team detected the intrusion “almost immediately and took aggressive actions to protect all systems and data.”

No data from customers, programs or employees was compromised, the top U.S. defense contractor said in a brief statement.

The company said that it has kept U.S. government agencies informed of its investigation as it “continues to work around the clock to restore employee access to the network.”

The attack was first reported last Thursday by Reuters, which cited a defense official and two unnamed sources familiar with the situation. The news agency reported that the cyberattack was affecting many employees at Lockheed Martin, which is based in Bethesda, Maryland, and makes fighter planes and other weapons systems.

Bruce Schneier mentioned it here – Lockheed Martin Hack Linked to RSA’s SecurID Breach

And a lot of people have been sayings it’s just speculation, yah the hack is real – but does it have anything to do with SecurID really? We have no idea.

There’s some interesting thoughts on it here – Weekly Intelligence Summary:2011-05-27


On Saturday, an official with the U.S. Department of Homeland Security confirmed the attack to the news agency. However, Lockheed Martin continued to decline comment.

The intrusion reported involves the use of RSA SecurID tokens, used by Lockheed Martin employees to access the company network remotely. Security analysts have urged that companies using the tokens review authentication procedures.

Lockheed Martin did not divulge how its systems were attacked. The company faces “constant threats from adversaries around the world” and regularly acts to heighten security of its systems, it said in the statement.

Homeland Security have confirmed the compromise but as of now, Lockheed Martin has no made statement regarding what has happened or what data has been accessed.

There some thoughts from SANS ISC Diary here on how to stay secure even if you do use SecurID – Lockheed Martin and RSA Tokens.

It’ll be interesting to see what other news comes out about this and if any actual details are revealed. We shall be keeping an eye on it.

Source: Network World


Posted in: Cryptography, Exploits/Vulnerabilities, Legal Issues

Tags: , , , , , , , , , ,

Posted in: Cryptography, Exploits/Vulnerabilities, Legal Issues | Add a Comment
Recent in Cryptography:
- PEiD – Detect PE Packers, Cryptors & Compilers
- DROWN Attack on TLS – Everything You Need To Know
- Dell Backdoor Root Cert – What You Need To Know

Related Posts:

Most Read in Cryptography:
- The World’s Fastest MD5 Cracker – BarsWF - 47,693 views
- Hackers Crack London Tube Oyster Card - 44,806 views
- WPA2 Vulnerability Discovered – “Hole 196” – A Flaw In GTK (Group Temporal Key) - 32,996 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Sniffjoke 0.4.1 Released – Anti-sniffing Framework & Tool For Session Scrambling

Your website & network are Hackable


SniffJoke is an application for Linux that handle transparently your TCP connection, delaying, modifying and injecting fake packets inside your transmission, make them almost impossible to be correctly read by a passive wiretapping technology (IDS or sniffer).

An Internet client running SniffJoke injects in the transmission flow some packets able to seriously disturb passive analysis like sniffing, interception and low level information theft. No server support is needed!

The internet protocols have been developed to allow two elements to communicate, not some third-parts to intercept their communication. This will happen, but the communication system has been not developed with this objective. SniffJoke uses the network protocol in a permitted way, exploiting the implicit difference of network stack present in an operating system respect the sniffers dissector.

How Does It Work?

It works only under Linux (at the moment), creates a fake default gateway in your OS (the client or a default gateway) using a TUN interface check every traffic passing thru it, tracks every session and
applyies two concepts: the scramble and the hack.

The scramble is the technology to bring:

  1. A sniffer to accept as true a packet who will be discarded by the server, or
  2. A sniffer to drop a packet who will be accepted by the server.

The scramble technology brings in desynchronisation between the sniffer flow and the real flow.

The bogus packet accepted by the sniffer is generated by the “plugin” is a C++ simple class, which in a pseudo statefull tracking will forge the packet to be injected inside the flow. is pretty easy to develop
anew one, and if someone wants to make research on sniffers attack (or fuzzing the flow searching for bugs) need to make the hand inside its.

The configuration permits to define blacklist/whitelist ip address to scramble, a degree of aggressivity for each port, which plugin will be used.

You can download SniffJoke here:

sniffjoke-0.4.1.tar.bz2

Or read more here.


Posted in: Forensics, Hacking Tools, Network Hacking

Tags: , , , , , , , , ,

Posted in: Forensics, Hacking Tools, Network Hacking | Add a Comment
Recent in Forensics:
- Web Application Log Forensics After a Hack
- CapTipper – Explore Malicious HTTP Traffic
- Google Rapid Response (GRR ) – Remote Live Forensics For Incident Response

Related Posts:

Most Read in Forensics:
- NetworkMiner – Passive Sniffer & Packet Analysis Tool for Windows - 66,417 views
- raw2vmdk – Mount Raw Hard Disk (dd) Images As VMDK Virtual Disks - 34,239 views
- OpenDLP – Free & Open-Source Data Loss Prevention (DLP) Tool - 28,679 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Sony PlayStation Network (PSN) Reopens In Asia

Find your website's Achilles' Heel


Finally! My friends over in this hemisphere can finally stop whining and get back on PSN! We’ve been covering this whole Sony Hack quite extensively over the past few weeks and this should be the final part of the network coming back online.

Asia is the last segment of the PlayStation Network to come back up, more than five weeks after it was taken offline after a massive hack attack.

I guess there won’t be much left to report after this, only the lawsuits that will inevitably pop-up as all the money-grabbers crawl out of the woodwork.

Sony’s PlayStation Network online gaming service will reopen for millions of gamers across Asia on Saturday, more than five weeks after it was taken offline following a cyber attack.

Sony pulled the plug on the PlayStation Network and the companion Qriocity audio and video streaming service on April 20, a day after detecting what it later called a “very sophisticated” intrusion.

When service resumes on Saturday in Japan, Taiwan, Singapore, Malaysia, Indonesia and Thailand, there will only be two more countries where service is still offline: South Korea and Hong Kong. Sony is still in discussions with authorities in those markets and can’t name a date for the resumption of services in the two countries.

“It’s going to take a little while longer,” said Satoshi Fukuoka, a spokesman for Sony Computer Entertainment in Tokyo.

Gamers in Asia were kept waiting while Sony briefed authorities in several countries on the hack and its response, but service returned for users in North America, Europe, the Middle East, Australia and New Zealand on May 14 and 15.

The incident began when an unknown hacker or hackers penetrated three firewalls to get inside Sony’s system and steal data on all 77 million registered accounts.

The countries involved are Japan, Taiwan, Singapore, Malaysia, Indonesia and Thailand. Which is odd because Australia and New Zealand were already brought back online almost 2 weeks ago.

I wonder what caused the delay for the Asian countries, especially Japan – the home of Sony. Even worse than that, South Korea and Hong Kong are still offline and there is no date given as to when they will come back up.


The stolen data included user names, e-mail addresses, login IDs and passwords. It was originally feared that millions of credit card numbers had also been leaked, but a subsequent computer forensics investigation failed to find any evidence that the credit card database had been accessed by the attacker, said Sony.

PlayStation users are required to download a firmware update for the console before they can reconnect to the network. Then, as a security measure, users must change their password upon login.

Sony has initially resumed a subset of the full PlayStation Network and Qriocity services. Back online are: online gaming, playback of already rented video, “Music Unlimited” online audio streaming, access to third-party services like Netflix and Hulu, PlayStation Home and friends features such as chat.

Full service is expected to resume in all markets, except South Korea and Hong Kong, by the end of May.

The attack and Sony’s response to it will cost the company around ¥14 billion (US$170 million) this financial year, it said Monday. That includes the cost of calling in several computer security companies, a rebuild of its security system, identity theft monitoring for users in some countries and the offering of several free games to users.

And as of now all of the previous features of PSN are not back online yet, they are promising to bring back full service shortly however.

It’s quite a costly mistake on the part of Sony with the initial costs running into US$170 million – the cost of Sony giving away freebies and mitigation to avoid such a thing happening again.

Source: Network World


Posted in: Exploits/Vulnerabilities, Legal Issues

Tags: , , , , , ,

Posted in: Exploits/Vulnerabilities, Legal Issues | Add a Comment
Recent in Exploits/Vulnerabilities:
- Intel Hidden Management Engine – x86 Security Risk?
- TeamViewer Hacked? It Certainly Looks Like It
- Serious ImageMagick Zero-Day Vulnerabilities – ImageTragick?

Related Posts:

Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 234,716 views
- AJAX: Is your application secure enough? - 120,083 views
- eEye Launches 0-Day Exploit Tracker - 85,535 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


SIPVicious Tool Suite v0.2.6 – SIP/VoIP Security Auditing Tool

Your website & network are Hackable


SIPVicious suite is a set of tools that can be used to audit SIP based VoIP systems. Why the name? Because the tools are not exactly the nicest thing on earth next to a SIP device. And the play on the sound seems to work. As an extra bonus, it rhymes with the name of Sex Pistol’s bass player.

It’s been a while since we wrote about SIPVicious, way back when it first came out in 2008 – SIPVicious v0.2.3 – VoIP/SIP Auditing Toolkit. It’s come a fair way since v0.2.3 so I thought it’s about time for an update (although v0.2.6 has been out since 2010), you can view the full ChangeLog here.

It currently consists of five tools:

  • svmap – this is a sip scanner. Lists SIP devices found on an IP range
  • svwar – identifies active extensions on a PBX
  • svcrack – an online password cracker for SIP PBX
  • svreport – manages sessions and exports reports to various formats
  • svcrash – attempts to stop unauthorized svwar and svcrack scans

Requirements

Python – SIPVicious works on any system that supports python 2.4 or greater.

There’s a good blog post covering the new stuff here too, mainly svcrash:

How to crash SIPVicious – introducing svcrash.py

You can download SIPVicious v0.2.6 here:

sipvicious-0.2.6.zip

Or read more here.


Posted in: Hacking Tools, Network Hacking

Tags: , , , , , , , , , , , , , , , , ,

Posted in: Hacking Tools, Network Hacking | Add a Comment
Recent in Hacking Tools:
- Unicorn – PowerShell Downgrade Attack
- Wfuzz – Web Application Brute Forcer
- wildpwn – UNIX Wildcard Attack Tool

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,977,518 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,417,713 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 678,534 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Hotmail Exploit Has Been Silently Stealing E-mail

Find your website's Achilles' Heel


We haven’t reported a whole lot about Hotmail over the years, probably because since Gmail took over – Hotmail has mostly taken a backseat.

The most recent report we had was about SSL and how Hotmail Always-On Encryption Breaks Microsoft’s Own Apps.

The latest news is there has been a nasty bug in Hotmail for a while that has been actively exploited allowing malicious senders to snoop on e-mail and even add forwarding rules to the victim account.

Microsoft has patched a bug in its Hotmail email service that attackers were exploiting to silently steal confidential correspondences and user contacts from unsuspecting victims.

The vulnerability was actively being exploited using emails that contained malicious scripts, Trend Micro researcher Karl Dominguez said Monday. Successful attacks required only that a Hotmail user open the malicious email or view it in a preview window. The commands embedded in the emails uploaded users’ correspondences and user contacts to servers under the control of attackers without requiring the victim to click on links or otherwise take any action.

The scripts also also had the capability of enabling email forwarding on the targeted Hotmail account, allowing attackers to view emails sent to the victim in the future.

Trend Micro researchers learned of the in-the-wild attacks after a colleague in Taiwan received one of the booby-trapped emails. The email purported to be a security warning concerning the victim’s Facebook account.

This attack has been going on in the wild for at least 2-3 weeks – that’s the confirmed time frame anyway. It may have been going on for much longer than that, no one really knows.

Microsoft isn’t telling us anything, nothing at all? I’d personally like to know how many users/accounts were effected? Have they notified these users? What exactly are they doing to mitigate the loss of personal data and so on.

I wonder if this will get legal like the whole Sony case that’s blowing up right now, I’d guess not as Hotmail users tend to a less Internet savvy kind of crowd. I mean seriously how many of you guys/gals use Hotmail as your primary account? I’d guess probably none.

Most of you probably have a Hotmail account but use it as a secondary/tertiary account for signing up to forums etc and spam.


Trend first disclosed the bug on May 13. Monday’s blog post said Microsoft has since plugged the hole, which resided in CSS, or cascading style sheet functionality, but didn’t say when.

“The attack takes advantage of a script or CSS filtering mechanism bug in Hotmail,” Dominguez wrote. “Microsoft has already taken action and updated Hotmail to fix the said bug.”

The vulnerable code helped inject a character into a Hotmail filtering mechanism that changed the way it behaved. The result was a platform that ran arbitrary commands in a user’s Hotmail login session.

It’s unclear how many Hotmail users may have been affected by the exploits and whether Microsoft has adequately warned users they may have been compromised. Microsoft spokesman Bryan Nairn wouldn’t say how many subscribers were targeted or when the patch was put in place

Microsoft claims they have fixed the bug but that’s really all they are saying, they aren’t saying when the knew about the problem or when it was patched – just that right now it is fixed.

You can read the May 13th blog post by Trend Micro here:

Targeted Attack Exposes Risk of Checking Personal Email at Work

And their later, more detailed post here:

Trend Micro Researchers Identify Vulnerability in Hotmail

Source: The Register


Posted in: Exploits/Vulnerabilities, Privacy, Web Hacking

Tags: , , , , , , ,

Posted in: Exploits/Vulnerabilities, Privacy, Web Hacking | Add a Comment
Recent in Exploits/Vulnerabilities:
- Intel Hidden Management Engine – x86 Security Risk?
- TeamViewer Hacked? It Certainly Looks Like It
- Serious ImageMagick Zero-Day Vulnerabilities – ImageTragick?

Related Posts:

Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 234,716 views
- AJAX: Is your application secure enough? - 120,083 views
- eEye Launches 0-Day Exploit Tracker - 85,535 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Malware Analyser v3.0 – A Static & Dynamic Malware Analysis Tool

Your website & network are Hackable


Malware Analyser is freeware tool to perform static and dynamic analysis on malware executables, it can be used to identify potential traces of anti-debug, keyboard hooks, system hooks and DEP setting change calls in the malware.

This is a stepping release since for the first time the Dynamic Analysis has been included for file creations (will be improved for other network/registry indicators sooner) along with process dumping feature.

Features

  • String based analysis for registry, API calls, IRC Commands, DLL’s called and VM Aware.
  • Display detailed headers of PE with all its section details, import and export symbols etc.
  • On Distro, can perform an ascii dump of the PE along with other options (check –help argument).
  • For Windows, it can generate various section of a PE : DOS Header, DOS Stub, PE File Header, Image Optional Header, Section Table, Data Directories, Sections
  • ASCII dump on windows machine
  • Code Analysis (disassembling)
  • Online malware checking (http://www.virustotal.com)
  • Check for Packer from the Database.
  • Tracer functionality
  • Signature Creation: Allows to create signature of malware
  • CRC and Timestamp verification.
  • Entropy based scan to identify malicious sections.
  • Dump a process memory
  • Dynamic Analysis (Still in beginning stage) for file creations.

You can download Malware Analyser v3.0 here:

malware_analyser 3.0.zip

Or read more here.


Posted in: Countermeasures, Forensics, Malware, Programming

Tags: , , , , , , , , ,

Posted in: Countermeasures, Forensics, Malware, Programming | Add a Comment
Recent in Countermeasures:
- Fully Integrated Defense Operation (FIDO) – Automated Incident Response
- MISP – Malware Information Sharing Platform
- Google Rapid Response (GRR ) – Remote Live Forensics For Incident Response

Related Posts:

Most Read in Countermeasures:
- AJAX: Is your application secure enough? - 120,083 views
- Password Hasher Firefox Extension - 117,768 views
- NDR or Backscatter Spam – How Non Delivery Reports Become a Nuisance - 57,722 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Google Proposes Way To Speed Up SSL Handshake

Find your website's Achilles' Heel


I’m always interesting when it comes to cryptography and cryptographic trickery. We all know, the main problem with SSL is speed – it can really slow your surfing experience down and for most people it annoys them enough to just not use it.

Google researchers claim they’ve devised a way to reduce that painful wait when visiting an SSL encrypted site. Now, it may be faster but is it any less secure? You’d have to run through the paper to ascertain that.

And well it can only work in a few very specific sets of circumstances, it’s not like it’s really going to change anything on a large scale.

Google researchers say they’ve devised a way to significantly reduce the time it takes websites to establish encrypted connections with end-user browsers, a breakthrough that could make it less painful for many services to offer the security feature.

What’s more, the technique known as False Start requires that only simple changes be made to a user’s browser and appears to work with 99 percent of active sites that offer SSL, or secure sockets layer, protection.

“We implemented SSL False Start in Chrome 9, and the results are stunning, yielding a significant decrease in overall SSL connection setup times,” Google software engineer Mike Belshe wrote in a blog post published Wednesday. “SSL False Start reduces the latency of a SSL handshake by 30%. That is a big number.”

The finding should come as welcome news to those concerned about online privacy. With the notable exceptions of Twitter, Facebook, and a handful of Google services, many websites send the vast majority of traffic over unencrypted channels, making it easy for governments, administrators, and Wi-Fi hotspot providers to snoop or even modify potentially sensitive communications while in transit. Companies such as eBay have said it’s too costly to offer always-on encryption.

The Firesheep extension introduced last year for the Firefox browser drove home just how menacing the risk of unencrypted websites can be.

There’s a blog post about the speed improvements here:

SSL FalseStart Performance Results

It shows an approximate 30% reduction in the overall SSL connection setup time. They say they have implemented it in Chrome 9 (the current public release of Chrome is version 11) – so that makes me wonder has it been running in Chrome since February this year when 9 was released?

If you did want to disable it you can do so with the following command line option:


False Start works by reducing the amount of data that must be exchanged when a webserver and browser are negotiating an SSL session. Under official SSL specifications, two round-trip passes of data must be exchanged before an encrypted tunnel is established. The requirement adds latency that can slow down the time it takes pages to load and increase the packets websites must process.

Latency “makes a difference in does it feel snappy or does it feel sluggish,” said Marsh Ray, a researcher and software developer at two-factor authentication service PhoneFactor. False Start “certainly eliminates an objection that some people have for SSL, which is that it increases the load time.”

False Start, as described in a proposal Google engineers submitted last year to the Internet Engineering Task Force, makes it possible to reduce the latency penalty of offering SSL to just a single round-trip pass. The technology does this by using an abbreviated handshake when negotiating the key and other variables used in the encrypted session.

Belshe said engineers tested False Start on a list of all known websites that offer SSL and got a 94.6 percent success rate. Almost all of the unsuccessful connections came from sites that were no longer available, leaving a true failure rate of just 0.4 percent. Those sites have now been compiled into a manageable list used to turn off False Start when they are accessed in Chrome.

With all the media coverage from FireSheep – SSL is indeed a big issue now so this might come as a pleasant surprise for heavy SSL users.

You can read the entire paper here:

Transport Layer Security (TLS) False Start

Let me know your thoughts? Yah SSL is already a big mess, but does this make it worse?

Source: The Register


Posted in: Cryptography, Network Hacking

Tags: , , , , , , , ,

Posted in: Cryptography, Network Hacking | Add a Comment
Recent in Cryptography:
- PEiD – Detect PE Packers, Cryptors & Compilers
- DROWN Attack on TLS – Everything You Need To Know
- Dell Backdoor Root Cert – What You Need To Know

Related Posts:

Most Read in Cryptography:
- The World’s Fastest MD5 Cracker – BarsWF - 47,693 views
- Hackers Crack London Tube Oyster Card - 44,806 views
- WPA2 Vulnerability Discovered – “Hole 196” – A Flaw In GTK (Group Temporal Key) - 32,996 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


BackTrack 5 Released – The Most Advanced Linux Security Distribution & LiveCD

Your website & network are Hackable


We have of course been following BackTrack since the very early days, way back in 2006 when it was just known as BackTrack – A merger between WHAX and Auditor. They’ve come a long way and BackTrack is now a very polished and well rounded security distro, most of the others have dropped off the map leaving BackTrack as the giant in the security LiveCD space.

The last major release was BackTrack Final 4 Released – Linux Security Distribution – back in January 2010.

The BackTrack Dev team has worked furiously in the past months on BackTrack 5, code name “revolution” – they released it on May 10th. This new revision has been built from scratch, and boasts several major improvements over all our previous releases. It’s based on Ubuntu Lucid LTS – Kernel 2.6.38, patched with all relevant wireless injection patches. Fully open source and GPL compliant.

BackTrack 5 – Penetration Testing Distribution from Offensive Security on Vimeo.

The interesting part for me is that the new .ISO downloads offer multiple versions, including a choice between GNOME and KDE desktops and the images include ARM, 32-Bit and 64-Bit versions.

New in Version 5


  • Based on Ubuntu 10.04 LTS;
  • Linux kernel 2.6.38 (with wireless injection patches);
  • KDE 4.6;
  • GNOME 2.6;
  • 32-bit and 64-bit support;
  • Metasploit 3.7.0;
  • Forensics mode (a forensically sound instance);
  • Stealth mode (without generating network traffic);
  • Initial ARM image of BackTrack (for Android-powered devices);
  • All support for Backtrack 4 will end on May 10th, 2011 and BackTrack 4 will not be available for download from our official mirrors from that date onwards.

As for the ARM image, they have had some joy getting BackTrack running on a Motorola Xoom tablet – check it out here.

You can download BackTrack version 5 here:

http://www.backtrack-linux.org/downloads/


Posted in: Hacking Tools, Linux Hacking, Network Hacking

Tags: , , , , , , , , , , ,

Posted in: Hacking Tools, Linux Hacking, Network Hacking | Add a Comment
Recent in Hacking Tools:
- Unicorn – PowerShell Downgrade Attack
- Wfuzz – Web Application Brute Forcer
- wildpwn – UNIX Wildcard Attack Tool

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,977,518 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,417,713 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 678,534 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Sony Brings Back PSN & Gives Away Freebies After Hack

Find your website's Achilles' Heel


We’ve been following the Sony PlayStation Network hack quite closely since back in April when we reported Sony Rebuilding PlayStation Network (PSN) – Down 4 Days So Far.

Shortly after that it got a bit ugly with Sony PlayStation Network Hack Resulted In Stolen User Data & Lawsuit and then another hack, which lost an additional 25 Million customer records – Sony Loses 25 Million More Customer Account Details Through SOE (Sony Online Entertainment).

But finally, we are glad to report Sony has been bringing the network back online, users are reporting it’s slow – but that’s to be expected really with 50 million or so trying to logon at the same time.

After hackers knocked its PlayStation Network offline for nearly a month, Sony is now trying to make amends by giving customers free video games.

Sony made the announcement Monday, saying it was a way of thanking the millions of gamers on its network for their “patience, support and continued loyalty during the service outage.”

In the U.S. and Canada, PlayStation Network and Qriocity subscribers will soon be able to register for two new games each — either in PS3 or PSP format — at the PlayStation Store. The PlayStation Store isn’t online yet, but when it comes back, gamers will have 30 days to get their goods.

PS3 users can choose from the following titles: Dead Nation, inFAMOUS, LittleBigPlanet, Super Stardust HD and Wipeout HD + Fury. The PSP options are: LittleBigPlanet, ModNation Racers, Pursuit Force and Killzone: Liberation.

Depending on the package they’ve signed up for, subscribers will also get free movies, enhanced services packages and free virtual items.

The reports state the Asia section of the network is still down (which I can’t confirm or deny as I don’t actually own a PlayStation). Sony are offering up a plethora of freebies to try and placate the angry gamers.

Who can be mad after getting a couple of new games? Let’s hope other than giving away free stuff they have also secured their network and got their software up to date.

But it’s not like they’ve really disclosed any details of what happened, so it’s extremely unlikely we’ll ever really know.


Sony is offering similar plans to European and Latin American users, but the company has not said what it will do in Asia, where the network is still offline.

Last month, Sony disclosed that it had been hacked and warned its 77 million PlayStation Network users that personal information — e-mail addresses, for example — may have been compromised. Then in early May the company said that another network, the Sony Online Entertainment network, had also been broken into.This second incident affected close to 25 million users.

Sony spent the past weekend slowly bringing its gaming networks online.

Sony will give the Online Entertainment users 45 days’ free access to the service and a year’s worth of identity protection from Debix. The company has said that it will also offer PlayStation Network customers ID theft protection, but it hasn’t yet spelled out the details of that package.

They are giving the SOE users 45 days free access too – so that’s not a bad deal I guess. Plus some kind of identity protection – yah thanks Sony – I do need that after you leaked all my details to the World.

I’m not sure if we’ll see any more lawsuits after this, but media outlets are reporting they will face legal and regulatory backlash over the massive loss of data.

So good luck Sony, perhaps it’s all Karma for what you did to poor George.

Source: Network World


Posted in: Legal Issues, Privacy

Tags: , , , , , , , , ,

Posted in: Legal Issues, Privacy | Add a Comment
Recent in Legal Issues:
- The Panama Papers Leak – What You Need To Know
- FBI Backed Off Apple In iPhone Cracking Case
- TalkTalk Hack – Breach WAS Serious & Disclosed Bank Details

Related Posts:

Most Read in Legal Issues:
- Class President Hacks School Grades - 80,699 views
- Hospital Hacker GhostExodus Owns Himself – Arrested - 47,617 views
- One Of The World’s Most Prolific Music Piracy Groups Busted - 43,613 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


pytbull – Intrusion Detection/Prevention System (IDS/IPS) Testing Framework

Find your website's Achilles' Heel


pytbull is an Intrusion Detection/Prevention System (IDS/IPS) Testing Framework for Snort, Suricata and any IDS/IPS that generates an alert file. It can be used to test the detection and blocking capabilities of an IDS/IPS, to compare IDS/IPS, to compare configuration modifications and to check/validate configurations.

The framework is shipped with about 300 tests grouped in 9 testing modules:

  • clientSideAttacks: this module uses a reverse shell to provide the server with instructions to download remote malicious files. This module tests the ability of the IDS/IPS to protect against client-side attacks.
  • testRules: basic rules testing. These attacks are supposed to be detected by the rules sets shipped with the IDS/IPS.
  • badTraffic: Non RFC compliant packets are sent to the server to test how packets are processed.
  • fragmentedPackets: various fragmented payloads are sent to server to test its ability to recompose them and detect the attacks.
  • multipleFailedLogins: tests the ability of the server to track multiple failed logins (e.g. FTP). Makes use of custom rules on Snort and Suricata.
  • evasionTechniques: various evasion techniques are used to check if the IDS/IPS can detect them.
  • shellCodes: send various shellcodes to the server on port 21/tcp to test the ability of the server to detect/reject shellcodes.
  • denialOfService: tests the ability of the IDS/IPS to protect against DoS attempts
  • pcapReplay: enables to replay pcap files

It is easily configurable and could integrate new modules in the future.

There are basically 6 types of tests:


  • socket: open a socket on a given port and send the payloads to the remote target on that port.
  • command: send command to the remote target with the subprocess.call() python function.
  • scapy: send special crafted payloads based on the Scapy syntax
  • multiple failed logins: open a socket on port 21/tcp (FTP) and attempt to login 5 times with bad credentials.
  • client side attacks: use a reverse shell on the remote target and send commands to it to make them processed by the server (typically wget commands).
  • pcap replay: enables to replay traffic based on pcap files

The official documentations is available here: pytbull documentation.

Changes/Improvements in V1.1

  • Issue #2 fixed (test number incrementing twice just after the last test from multipleFailedLogins test)
  • Issue #3 fixed (pcapReplay module not present in the checks on STDOUT)
  • Code factoring in pytbull.py
  • Timing options are now in parameters (config.cfg)
  • Automatically checks and informs if a new version is available (use PROXY section in the configuration file if needed)
  • New basic checks: Checks that paths are valid
  • SVN tags added in source code

You can download pytbull here:

pytbull-2.0.tar.bz2

Or read more here.


Posted in: Countermeasures, Network Hacking, Security Software

Tags: , , , , , , , , , , ,

Posted in: Countermeasures, Network Hacking, Security Software | Add a Comment
Recent in Countermeasures:
- Fully Integrated Defense Operation (FIDO) – Automated Incident Response
- MISP – Malware Information Sharing Platform
- Google Rapid Response (GRR ) – Remote Live Forensics For Incident Response

Related Posts:

Most Read in Countermeasures:
- AJAX: Is your application secure enough? - 120,083 views
- Password Hasher Firefox Extension - 117,768 views
- NDR or Backscatter Spam – How Non Delivery Reports Become a Nuisance - 57,722 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95