Hello my Monkeyreaders - and welcome back to another edition of the ongoing misadventures of the InfoSec world, as told though my Free App, available as always in the Apple App Store.Soc7.23.12.png


I figured I'd start off the week with a story that reminds me of all the Breach stories from my last Review: Eight Million Email Addresses And Passwords Spilled From Gaming Site Gamigo Months After Hacker Breach. Forbes writer Andy Greenberg breaks down a leak of over 8 million usernames and passwords from Gamigo, a free gaming site that had just told it's users back in March to change all passwords due to a breach.  If you're a Gamigo user, the article includes a link to PwnedList so you can see if your email was included in the leak itself. Luckily, this breach likely won't give anyone access to these accounts, due to the call for password changes, but this just shows again that re-using passwords is a bad idea, and keeps my monkeybrain thinking of adopting a password manager to store the many that I use daily.


Next up is a different password story: Mom arrested for hacking school computers, tweaking her kids grades. I've got to hand it to this mom, as she takes helicopter parenting to a completely new and technological level. After getting her hands on the superintendent's password, she logged in over 110 times to alter the information in the school's database. She was found out when teachers started asking why a secretary was accessing their online grade books, leading to my favorite of her alleged crimes; that she changed one of her son's grades from 98% to 99%. I'm not really seeing the risk/reward scenario here Mom, as if convicted she could be looking at 42 years in jail. That A+ isn't looking so necessary now, is it?


Next, our Commander in Chief decided to weigh in on cyber-attacks last week: Barack Obama: Taking the Cyberattack Threat Seriously - WSJ.com. In the article, The President discusses cyber attack simulations, the consequences of an attack aimed at our infrastructure, and how the Government needs to share better information with companies and vice versa.  It's a short opinion piece that doesn't break any new ground but is worth the quick read to see how the current administration feels about cyber security. While you're reading it though? Keep Stuxnet in the back of your mind. I know I couldn't help but draw parallels.


Another well read article last week was this one from Tech Week Europe: Super-Charged DDoS Attacks Spike In 2012. Something that I'm sure most of you are aware of, as the DDoS attacks in the news continue to reported, this article breaks down the data of just how much more often, and how much faster these attacks are becoming. Also, Xbox gamers are starting to get hit as well, which I'm going to use as my excuse as to why I lose so often at online multiplayer games.


Other popular pip hits:

Russian cyber bandit arrested for attacks on Amazon.com - GeekWire

How to avoid being tracked online | Analysis | Features | PC Pro


Finally, with Black Hat officially underway this week, I've been noticing a huge amount of twitter traffic regarding the conference itself. Still, the most popular item is this one: Black Hat events say that suspicious email was due to volunteer's mistake - SC Magazine UK, breaking down the supposed "phishing" email that went out under Black Hat's registration email template. How horrible must that volunteer feel right now? He sent an email to a very vocal and very well informed group of 7500 people, so I'm sure he'll be looking for different volunteer opportunities in the near future. Also on the subject of Black Hat - it looks like the pips are all finding this link: Top Ten Black Hat Pick Up Lines, to be incredibly amusing, as it's been near the top of my list since it went up late last week. Note: your mileage may vary with these lines - but with how many times I've seen this article, if might be a good ice breaker no matter what.


That's it for me, your favorite simian. We'll see you post Black Hat!