Image via Wikipedia

According to DreamHost’s Status and Blog, staff noticed some unusual activity on one of their databases that held user login information for shell accounts. While the passwords were mostly  encrypted, hackers “hacker found a legacy pool of unencrypted FTP/shell passwords in a database table that we had not previously deleted,” according to  DreamHost CEO Simon Anderson.

As a precaution, ALL shell/FTP account passwords were reset by DreamHost. While it will cause some inconvenience for users trying to access their sites over SSH/FTP, the implications are much more serious. A lot of CMS systems store their database username and passwords in plaintext on configuration files. If whoever gained access to DreamHost’s shell account database and managed to decrypt the information, then they would have unmitigated access to not only sites’ files, but they could potentially (and most likely) gain access to the back-end database driving those sites with all user data. This could be a very major breach of user data from one of the largest web hosts in the United States.

DreamHost is being unusually mum about the technical details about the hack and is angering customers over their negligence regarding out-dated server software. While most front-end software is kept up-to-date, their back-end software is grossly outdated and there appears to be no real effort nor care by DreamHost to keep OS and back-end software updated. What makes things worse is that DreamHost’s official stance on their security solution is to not disclose what technologies they use. Rather than taking a proactive and relatively transparent stance to their own security systems, the company has decided to take-up a reactive and a “security through obscurity” stance.

Related articles

• DreamHost Security Issue Prompts FTP Password Resets (sucuri.net)
• Changing Shell/FTP Passwords due to Security Issue (dreamhoststatus.com)
• Security Update (dreamhost.com)

Image via Wikipedia

NetworkWorld has a very interesting writeup about a report that six German Information Security researchers published outlining very massive and highly exploitable flaws in Cloud Computing services; specifically Amazon’s EC2 and S3 as well as Eucalyptus Cloud Computing Software. Old concepts like XSS and what is referred to as XML Signature Wrapping attacks on the SOAP interfaces of the aforementioned cloud services. Very troubling and a large blow to the legitimacy of  security in the cloud.

The full PDF of the German researchers’ findings can be found here.

NetworkWorld Article

Related articles

• Researchers Demo Cloud Security Issue With Amazon AWS Attack (pcworld.com)
• Researchers demo cloud security issue with Amazon AWS hijacking attack (infoworld.com)
• Cloud computing: Gaps in the ‘cloud’ (physorg.com)
• Researchers demo cloud security issue with Amazon AWS attack (networkworld.com)

 The firm described the data theft as "significant" saying names, addresses, phone numbers and dates of birth were all taken on 3 June.

The company has since taken its website offline and visitors are now directed to Codemasters’ Facebook page for the meantime. This is yet another example of companies learning the hard way that IT security infrastructure is not something that should be neglected.

Details on who was responsible for the theft and methods used to carry out the attack are as of yet unknown.

The Department of Homeland Security (DHS) appointed former Microsoft executive Philip Reitinger as director of the National Cybersecurity Center.

In an announcement earlier this week, DHS Secretary Janet Napolitano filled three positions that support cybersecurity operations at DHS. Also appointed were Greg Schaffer as assistant secretary for cybersecurity and communications and Bruce McConnell as counselor tothe National Protection and Programs Directorate (NPPD) Deputy Under Secretary.

Reitinger fills the NCSC post left vacant with the departure of Rod Beckstrom. Beckstrom resigned in March citing his frustration with cybersecurity planning between federal agencies and the lack of funding for cybersecurity issues. Reitinger will also continue to serve as Deputy Under Secretary for the NPPD, a post he was appointed to in March.

KBT Computers, Jun 2009

Read the rest over at KBT Computers’ Blog

At first, T-Mobile tried to say it was just a list pulled from a corporate document; but now the company is admitting that it was, in fact a major security breach according to a USA Today Blog and are not disclosing how much data was taken. Odds are, if whoever managed to get this far, a very sizeable amount of data was captured. The person who made the posting mentioned that they had tried to sell the information to competitors, but they were not taken seriously.

On a slightly related note, the posting related the T-Mobile hack with Check Point. Does this mean a perimeter Check Point firewall was either hacked or exploited to gain access to this network? Only further elaboration from Pwnmobile, T-Mobile, or an insider can say. There have been several recently published high-visibility Check Point exploits and perhaps they were used in the hack.

“Be careful when you fight the monsters, lest you become one.” -Friedrich Nietzsche

The developers of popular Mozilla extension AdBlock Plus had been receiving bug reports of “issues” with another popular extension, NoScript, after an update was issued by the developer of the script-blocking software. The AdBlock Plus developers decided to take a look into what was wrong and found something extremely disturbing. The 1.9.2 update of NoScript had incorporated an obfuscated piece of code that actually made changes to AdBlock Plus to allow for ads on the NoScipt and related sites to be shown. In otherwords, it does what a viruses and other malware does to antivirus software only in reverse; instead of blocking access to update sites, it forced AdBlock Plus to allow ads to be shown for the developer’s site explicitly. This most likely would have flown under the radar had it not completely broken Adblock Plus and get caught doing unethical things to other software for self-interest. The issue snowballed when the issue made it to Reddit and caused an outrage amongst faithful users of both extensions. To make things worse, the developer only slightly backtracked; allowing the user to allow or disallow the code modification upon installation of NoScript. The developer eventually removed the code completely in version 1.9.2.6, but not without severely impacting user opinion of the software and spurring discussion of a policy change regarding Mozilla Extensions.

More after the jump.

http://adblockplus.org/blog/attention-noscript-users

You may not know moot is, but you are probably aware of some of the antics and feats of his site’s users (4Chan). While I could name some of the things they have done, that would be breaking rules #1 and #2, so I’ll just mention some that have reached mainstream media. A group called Anonymous began waging a war upon the Church of Scientology, which, until then, was virtually impossible to do and win. They staged protests with Guy Fawkes masks at CoS sites around the US, they successfully defeated the DMCA takedown notices the church’s lawyers had been so successful at regarding anything that could be perceived as bad press on the net, and they enabled ex-members who were too afraid of the Church to come out and speak of their experiences in public. Some other campaigns and antics that have shown just how influential moot’s site has become includes slipping fake news onto national broadcasts, having Oprah say a meme unwittingly on her show, and…hacking the Time.com poll.

Just think about the things you don’t know about and the significance of how much power moot has and can, if provoked, threaten the security of the most complex security systems. More after the jump.

The World’s Most Influential Person Is… – TIME

Fresh off related story of the company also suspending DOCSIS 3.0 trials in response to public outcry, this really seems like the company is being childish and essentially taking it’s ball and going home.

Slashdot | Time Warner Shutting Off Austin Accounts For Heavy Usage.

BBC NEWS | Technology | US ramps up cybersecurity focus.