DigiNotar, GlobalSign targetted.

The recent hack targetting the Dutch Internet Trust Provider, DigiNotar, appears to have been politically motivated, according to the apparent hacker: https://twitter.com/#!/ichsunx2.

According to the interim, investigative report by Fox-IT, the infrastructure at DigiNotar included unpatched web servers, no server anti-virus protection, a weak domain administrator password and an intrusion prevention system which did not block the web server attacks. The full report can be found here.

By gaining access to these servers, the hacker was able to issue bogus digital certificates, which has serious implications to organisations offering secure web services and the users making use of these services. As a result, both Microsoft and Mozilla have revoked their trust in the DigiNotar Certificate Authority. Underlining the seriousness of this, Mozilla explain this as a “last resort” measure:


As a precaution, another Certificate Authority, GlobalSign, has temporarily stopped issuing certificates following one of the first postings (http://pastebin.com/1AxH30em) by the apparent hacker. The BBC Tech website gives more details:


Rabobank targetted again.

Dutch bank Rabobank was this week targetted by a group known as the Conspiracy Cells of Fire, who launched a DDoS attack which brought its Internet Banking service down.

This again highlights the difficulty organisations have in detecting and blocking an attack that is based on the premise of using thousands, sometimes millions, of source machines to simultaneously send requests to a target server. Arbor Networks’ Peakflow SP TMS product provides both detection and mitigation of these attacks, primarily based on its ability to detect anomalies in network traffic and take action in real-time to block the necessary traffic. Previously the Arbor solution worked in conjunction with a Cisco or CheckPoint product to provide the detection and mitigation, respectively. Nowadays, Arbor has built the detection and mitigation into a single product.

For an even more complete security solution, the Arbor product could be deployed in conjunction with IBM Security Network IPS, for example.

Take a look at this video to gain a better understanding of the benefits of the Arbor Peakflow SP TMS product, as explained by one European customer.

Sony suffers second hacker attack.

Sony has suffered another blow to its brand reputation after warning an additional 25 million customers may have had their details stolen in a newly discovered attack by hackers.

The electronics giant has now disabled a second online network, Sony Online Entertainment (SOE), that houses massive multiplayer online (MMO) and Facebook games, after it was found to have been hacked last month.

Sony says personal information of 24.6 million customers including passwords, direct debit records and birthdates may have been stolen in the hack, discovered by its engineers earlier this week.

The techniques used for both recent Sony hacks appear to have been straightforward SQL injection hacks to the Sony database, which could have easily been prevented with basic security measures including Web Application Protection and Data Leakage Prevention (DLP), both of which are available in
IBM Security Network IPS.


Sony hack.

Sony has warned users of its PlayStation Network that their personal information, including credit card details, may have been stolen.

The company said that the data might have fallen into the hands of an "unauthorised person" following a hacking attack on its online service.

Access to the network was suspended last Wednesday, but Sony has only now revealed details of what happened.

Users are being warned to look out for attempted telephone and e-mail scams.

In a statement
posted on the official PlayStation blog, Nick Caplin, the company's head of communications for Europe, said: "We have discovered that between April 17 and April 19 2011, certain PlayStation Network and Qriocity service user account information was compromised in connection with an illegal and unauthorized intrusion into our network”.

See also their FAQ page:


Epsilon attack - "biggest security breach in US history"

The recent hack into Epsilon’s client database resulted in millions of client names and email addresses being stolen.

The suspicion is that this theft will lead to a spate of new spear phishing attacks.