One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 451486 |
| Date de publication | 2017-12-15 14:00:00 (vue: 2017-12-15 14:00:00) |
| Titre | Things I Hearted This Week 15th December 2017 |
| Texte |
Continuing the trend from last week, I’ll continue trying to put a positive spin on the week’s security news.
Why? I hear you ask. Well, I’ve been mulling over the whole optimist thing, and glass half full analogy and it does work wonders. Side note, a tweet about half full / empty glasses and infosec took on a life of its own a few days ago.
But I’m reminded of the ending monologue by Morgan Freeman in “The Shawshank Redemption”, in which he starts off by saying, “Get busy living or get busy dying.”
So the thought of the week is, “Get busy securing, or get busy insecuring.” Hmm doesn’t quite have the same ring to it. Will have to think of a better word – but you catch my drift. Let’s jump into this week’s interesting security bits
Mirai Mirai on the wall
I picture Brian Krebs as being a Liam Neeson type – he sees that his website is under attack by a never-before seen DDoS attack. He mutters to himself, “I don’t know who you are, but I will hunt you, I will find you, and I will blog about it until you get arrested, prosecuted, and thrown in jail.”
It so happens that this week the hackers behind the Mirai botnet and a series of DDoS attacks pled guilty.
The Hackers Behind Some of the Biggest DDoS Attacks in History Plead Guilty | Motherboard
Mirai IoT Botnet Co-Authors Plead Guilty | KrebsonSecurity
Botnet Creators Who Took Down the Internet Plead Guilty | Gizmondo
Bug Laundering Bounties
Apparently, HBO negotiated with hackers. Paying them $250,000 under the guise of a bug bounty as opposed to a ransom.
Maybe in time, it will be found that HBO acted above board, maybe it was a sting operation, maybe it was a misconstrued email.
The worrying fact is that any payment exchange system can be used to launder money. However, bug bounty providers don’t (as far as I can tell) have financial services obligations. Does the bug bounty industry need more regulation (shudder)?
Leaked email shows HBO negotiating with hackers | Calgary Herald
Remember the 'Game of Thrones' leak? An Iranian hacker was charged with stealing HBO scripts to raise bitcoin | USA Today
Uber used bug bounty program to launder blackmail payment to hacker | ars Technica
Inside a low budget consumer hardware espionage implant
I’m not much of a hardware expert – actually, I’m not much of a hardware novice either. But this writeup by Mich is awesome. I didn’t even know there were so many ways to sniff, intercept and basically mess around with stuff at such small scale. It’s extremely detailed and I’ve permanently bookmarked it for future reference.
|
| Envoyé | Oui |
| Condensat | $250 'game “…for “get “i “sophisticated “the “this 000 15th 2017 about above accordingly acted activity actually addressed adopt advanced” after ago all almost also analogy annual another any apparently apply are aren’t around arrested ars ask attack attacks authors awesome basically because been before behind being belief better biggest bitcoin bits blackmail blog blowback board bond bookmarked botnet bounties bounty box brian budget bug busy but calgary can can’t catch chaos charged chief claire communication companies complacent consumer continue continuing creators crime days ddos december detailed didn’t does doesn’t dollar don’t down drift dying either email empty ending espionage esque even everything evolving excellent exchange expert extremely fact fair familiar far finally financial find five fleming found free freeman from full fundamentals funds future gaining generally get gizmondo glass glasses goals goes great group guilty guise hacked” hacker hackers hacking half happen happens hard hardware has have hbo heading headlines hear heard hearted heist heists helpnetsecurity herald hermit himself his history hmm hoping how however hunt i’ll i’m i’ve ian implant importance industry influence infosec insecuring inside intercept interesting internet iocs iot iranian it’s its jail james jump keep kind kingdom know korea krebs krebsonsecurity last launder laundering lazarus leak leaked let’s liam life little living longer low many maple may maybe mcafee’s mess message methods mich million mirai misconstrued money monologue more morgan motherboard much mulling multi mutters nation need needs neeson negotiated negotiating never news next norms north not note novice now obligations occurrence off often open opened operation opposed optimist out over own pandora's paying payment penetration people permanently picture plead pled positive post potentially practices pressed program prosecuted protecting providers pulses put quebec’s quite raise raj ransom read real reality really redemption” reference regulation reiterates remember reminded removed ring said samani same sanctions say saying scale scenarios scientist scripts securing security seen sees series services shawshank shoulders shows shrug shudder side similarly simple simply small sniff some sophisticated sound sounds sowing spin starts state stealing sting stood stop stratfor stuff such sure syrup system systems tailor tailoring target technica tell test tests than thankfully them these thing things think thought threat thrones' thrown tied tills time today too took trend trying tweet type uber under until usa used usual vanity very villain wall ways website week week’s well what which who whole why will wonders word work world worrying would writeup wrong year years yet your |
| Tags | Guideline Medical Cloud |
| Stories | Uber APT 38 APT 37 |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.