This week the information security industry was full of some highs and lows, with everything from the closure of over 30 credit-card trading websites as well as news that Iranian oil refineries have been closed due to malicious software. Hotmail was affected by a password reset bug and source code for ESX from VMware was released following an intrusion at one of China’s defense contractors.
Iranian Oil Refineries Infected, Shut Down:
Several oil refineries were shut down on Sunday due to a virus, which shuttered 90% of Iran’s oil export capability. Almost immediately accusations were flying about the origin of the virus, mostly from news agencies. Iran has not commented about a possible source for the attack, and has even noted that no lasting damage or data theft occurred because of network air-gaps. Some news reports quoted an Iranian official as having noted that some motherboards were actually damaged by the malicious software. By Tuesday, normal operations had resumed at the affected oil plants.
Serious Organized Crime Agency Pulls Credit Card Sites from ‘Net:
Online credit-card thieves (commonly known as “carders”) are notorious members of the shadier parts of the hacking community. Many carders congregate in common territories to sell gear and credit card information in online forums and bazaars, where they can buy everything from exploit packs to snare web users to credit cards to mules and skimmers (respecitively: people who cash out stolen credit cards and devices that fit over legitimate credit card readers in order to steal data). Shutting down these communities can sometimes be difficult due to the level of secrecy around them or the international cooperation required.
This week 36 of those online communities were closed down and seized by British agents in the Serious Organized Crime Agency (SOCA). While many such sites continue to operate with impunity or at least underground, this blow against the trade and sale of credit cards is a step in the right direction.
VMWare Source Code Leak:
Those of you fretting about if the latest source code leak affects you can (probably and hopefully) breath easy – the source code leak will only be affecting ESX versions released between 2003 and 2004, ancient technology compared to todays versions of the ESX software, which has since migrated to a different codebase. Any exploits found in the aging software are unlikely to affect modern ESXi users.
More interesting than the leak of the source code itself is the way in which it was found. A hacker named “Hardcore Charlie” purportedly found the source code while traipsing through data stolen from a Chinese defense contract company. The hacker was there in the first place looking for details the Chinese may have on the war in Afghanistan and has been making the news for some time with his exploits in Chinese web-space.
CISPA Passes the House With Additions:
The new cybersecurity bill named “Cyber Intelligence Sharing and Protection Act” has passed the House with a few additions that are aimed at using the bill in order to protect children and to combat network disruption and hacking. The bill now comes into effect when violations of the Computer Fraud and Abuse act are determined.
The overall goal of the bill is to enable ISP’s to share information about their customers and their activities with the Government and other security companies without fear of retaliation. Currently this practice is illegal, which can make it somewhat harder to track and prosecute online criminals residing in America or using American internet service providers. While this bill is not as Universially hated as SOPA was, it is beginning to generate quite a bit of backlash on the internet due the perception of its common uses and verbage as destructive to the 4th amendment. The President has already commented about veto’ing the bill if it reaches his desk.
Hotmail Web Security Hole Leads to Hacker Frenzy:
Hackers were busy this week exploiting a short-lived security flaw in the password reset feature of Hotmail, the Microsoft-owned email services provider. Details released about the bug point to a validation error where malicious users were able to modify details about the password reset request to gain access to a target account. The bug has since been patched and now Hotmail servers correctly validate user-supplied values. While it was live, however, the technique was leaked and was spread through hacker channels quickly. Due to the use of email accounts as the backup option for password recovery for most online accounts, compromised emails are a favorite target for hackers. If you feel your account was targeted by this vulnerability, be sure to change your password.
Read More: http://www.bbc.com/news/technology-17866897