Skip navigation
All Places > Information Security > Blog > Authors socmonkey
1 2 Previous Next

Information Security

23 Posts authored by: socmonkey



Welcome back to your weekly round up of the best bits from my App that you should be downloading from the Apple App Store.


This week, let's dive right into the most clicked story from last week with an update on how Mat Honan is dealing with life post hack: How I Got My Digital Life Back Again After An Epic Hacking. Honan once again deconstructs Soc8.20.12.pngthe events that led to his digital disaster. The thing I liked best about this article is that Mat is almost apologetic about how fast he was able to resurrect his digital life, due to the fact that he's a technology writer and has contacts deep in the organizations that would have to help him restore his data. If the same thing were to happen to you or I, we'd be looking at a much longer, and potentially more expensive process. He also goes in-depth about pulling his data off the Macbook Air he was using, and the difficulties and cost of restoring from a SSD drive.  Over all, an excellent article that pulls no punches about how intense even a private network's hacking can be.


Next, let's dip into the political realm a bit, and discuss Iran's ongoing discussions about disconnecting from the Internet entirely: Iran threatens to disconnect from the Internet. This brings us back to the story about AC/DC blasting out of speakers in various nuclear facilities, and even mentions Metasploit by name. I can say with assurance, that we do not have a "thunderstruck at full volume" exploit written into the product...yet. Still, these attacks, and malware like Flame and Stuxnet have seemingly pissed off the Iranians enough that they're taking their Internet and going home. The article discussed the political, economic and social costs of cutting the cord to the rest of the world. What do you think? Can a country just pull the plug from the Internet and maintain one of the most well educated populaces in their section of the world? This should be interesting as it continues to escalate.


Speaking of malware, let's look at the top malware story from last week: Mystery malware wreaks havoc on energy sector computers. This lovely piece of work, named Shamoon, is being discussed as a copycat worm in the style of Wiper, but the real concern is the extent of the fallout from the attack itself. Shamoon goes above and beyond to destroy data, and makes sure it can't be recovered, while simultaneously wiping out the system files so the machine can't be turned back on. So far, fewer than 50 systems show this infection - but for those of you out there watching the malware world with a keen eye, this one is one to watch.


Going right back to Ars Technica, a site the Monkeynauts very much love, this article once again circles back to the new "attack the attackers" mentality that's gaining ground in the industry: White hats publish DDoS hijacking manual, turn tables on attackers. Is anyone else stressing out about an attacker with a grudge suddenly rooting around in someone's networks? Look at the high profile hacktivism events of the last year and you can see what a dedicated mind with a cause can do. Imagine that cause is revenge?  I'm willing to be wrong on this one, but I don't think offense is the key to a strong defense.


Some other hits of the week:

Resilient SMSZombie Infects 500,000 Android Users in China | SecurityWeek.Com

HP Communities - The inevitability of a data breach - The mental hurdle Security Executives must get over.


In my final spot, this article pretty much blew my mind: Harvard cracks DNA storage, crams 700 terabytes of data into a single gram | ExtremeTech. It's officially the future folks. A one gram, biological, 700TB storage devices is unreal to me. It feels like we're living in a William Gibson novel pretty much at all times, doesn't it?


Thanks for stopping by this week, and we'll be putting up the usual hit list at the same time next week.



Welcome back Monkeynauts,


It's Monday, so that means I'm going to tell you to download my App, from the Apple App Store, before launching into the top stories the Pips found interesting last week. Let's take a look, shall we?



Let's start this week with something that might hit close to home for several of you, including your favorite Monkey twitter aggregate: Blizzard's Hacked - Recommends All Users Change Passwords. This was the most retweeted article I saw on Friday, followed directly by Ars Technica's more in depth breakdown; Hackers collect significant account details from Blizzard servers. The fact that the hack exposed not only the passwords, but the personal security questions and answers, is the bit that I'm paying close attention to. Now, for those of you who haven't logged in to your Night Elf Mohawk in the past year, this might not be that dramatic of a breach for you. In any case, Blizzard is recommending that everyone with an account on log in and change their passwords. Unlike a great deal of other high profile breaches of late - Blizzard was quick to respond and got information out to the public in a very timely manner, so lots of credit there.


If I wasn't already paranoid enough about my various passwords and security questions, I absolutely was after reading the full aftermath of Mat Honan's epic hack: How Apple and Amazon Security Flaws Led to My Epic Hacking. In a beautifully efficient and brutal attack, Mat's attackers took over his google accounts, deleted all of his gmail, wiped the data on his iPhone, iPad, and Macbook, and then took over his Gizmodo twitter. Granted, my monkey accounts are not nearly as valued as a Wired and Gizmodo writer, but the moment I finished reading this article I made sure to turn on Google's Two Step Verification. The main take away from this very detailed and startling moment by moment account of a hack? Better passwords wouldn't have helped Mat at all. In fact, the attacker actually gained access into the first account by knowing only two pieces of information - Mat's billing address, and the last four digits of one of his credit card numbers. With this data, Mat's attackers bluffed their way into Apple and Amazon's services, and then were able to get access to every piece of digital data he owned. If you're like me, you'll find yourself setting up backups and security questions this week to avoid the catastrophe following the rare chance that you're next on this list.


Using Amazon as the pivot point, apparently some shipping labels got mixed up in the last few weeks: Man Orders TV Through Amazon, Gets Assault Rifle. Now, really anywhere you fall on the gun rights debate - I think we can all agree that watching the latest season of Game of Thrones on an Sig Sauer rifle instead of the 39" flat screen you ordered is a bit difficult. The article is pretty hilarious, but as shocking as it must be to open a package expecting a television and seeing a gun- opening a package expecting a gun and finding anything other than a gun must involve a cold sweat moment like nothing else. Also, I know Amazon really does have everything, but semi-automatic assault rifles? I think the last thing I bought from them was a thumb drive and a sci-fi novel, so maybe I'm not their target audience.


Back to Wired again for a moment, the always excellent Kim Zetter has a follow up article on the new evolution of the Flame and Stuxnet malware: Flame and Stuxnet Cousin Targets Lebanese Bank Customers, Carries Mysterious Payload. Generally, I could just put a link to Wired's excellent Threat Level page, and be done with it, as they do a fantastic job week after week, but this requires special mention. This article, about this newly uncovered spyware named Gauss looks to be targeting banks in and around the Middle East. The mystery here is that the payload of the malware is encrypted, and as of yet remains uncracked. We'll be hearing more on this one once the encryption is broken and as more evidence of its appearance starts to show up.


Last two links this week:

How to Hack NASA's Curiosity Mars Rover | News & Opinion | is crippled under a massive DDoS. Is the TrapWire leak to blame? | Naked Security


Usually I end with something lighthearted and funny, but I really can't beat getting an assault rifle in the mail from Amazon, so we'll call it a day here. Have you found an interesting, funny, or thought provoking article that you'd like to share?  Send it my way, and we'll see if anyone is making mention of it on my App as well.







It's good to have you back. If this is your first time here, feel free to check out where I'm getting all my stories by downloading my App from the Apple App Store.



Let's take a quick trip back to some of the big news from earlier this summer, and discuss LinkedIn again: LinkedIn: Breach Cost Up to $1M, Says $2-3 Million in Security Upgrades Coming. SecurityWeek's article touches on the overall cost, and a hazy, "improvement," cost - but the real item in this story is that even with the breach, LinkedIn seems to be pushing along very strongly with a great increase in page views and activity. While it seems to affect their bottom line, it looks like networking site is none the worse for wear after the breach. Is this a good sign of LinkedIn's popularity or a bad sign that the average user isn't worried about the data they store being compromised?


In other news from websites that I use a great deal, looks like Dropbox is on the list of recently attacked as well: Dropbox confirms it got hacked, will offer two-factor authentication | Ars Technica. When several members of the service started getting emails to their accounts they only use with Dropbox, things started to look suspicious. I'm assuming they're using separate email addresses like I do on there, for deniability and to share big files with their friends that have nothing to do with music or movies. Right... Luckily in this case, it looks like the email addresses themselves were the only thing accessed, but Dropbox is doing their part, allowing their users to see all active logins to their accounts so people can track when and where it's been active. There is a report of some accounts being hacked as well, but the official statement is that hacking is unrelated to this current problem. We'll see if this pops up again in the next few weeks.


Continuing on with my theme of companies getting attacked: Reuters hacked, fake news posted, and Reuters Twitter account hacked. On the surface, this seems like a relatively run of the mill story: Twitter account and blog gets hacked, fake news stories uploaded and tweeted. If any of your friends or co-workers have suddenly taken an interest in selling you diet pills, you know how commonly this can actually happen. The interesting piece here is that since the updates are related to the current unrest in Syria, it could be politically motivated to undermine or spread false information about the Free Syrian Army, the group of rebels currently fighting the existing Syrian Government. Reuters has said it doesn't have any information yet on the hacking itself and took down its blog to try to fix everything on Friday, but looks like everything is back to business as usual this morning.


Shifting focus a bit, one of the most retweeted articles on my app this weekend was this post from Cnet: Woz: The cloud is a nightmare. I think Wozniack is fantastic, in that he pretty much says whatever's on his mind at the time, and has enough clout in the computing world that people pay attention. For instance, this article: The Amazing Contents of Steve Wozniak's Travel Backpack, from mid-July is pretty run of the mill, but gives a good look into Wozniak's fascinating weirdness and incredibly strong back. Woz's criticism of the cloud isn't anything new - he's on the same page as a great deal of people who are concerned with keeping their data on a server they have no control over. What are your thoughts on cloud storage? Any concerns or misgivings?


The cloud and Apple figure prominently in this story as well: Hackers Got Into Reporter's iCloud Account With Deception, No Password Required. Social Engineering is to blame in this attack, in which an attacker was able to get into the accounts by working their way around the security questions instead of answering them directly. I'm always impressed at the verbal dexterity needed to work past these barriers, but apparently the reporter who was hacked originally thought he was bruteforced.  His blog about the entire attack is here: Emptyage; Yes, I was hacked. Hard. and is a good deconstruction of the slow crawl back to secure.


I'll leave you, as per usual, with a lighter and funnier story from the weeks' news: US Pentagon tells Missile Defense Agency workers to quit surfing porn | Naked Security. Now, not to be sensational - only a half dozen of the Missile Defense Agency's 8000 employees have been found to have accessed inappropriate content, but porn site malware on a computer that sends missles into the atmosphere? That's a bit of a sensitive subject.


That's it for this week - feel free to drop me a line or comment below with your own favorite stories of the week, and I'll see you next Monday.



Fellow Monkeynauts!


Welcome back to your work week after what I assume was a long Blackhat/Defcon adventure for many of you. Now that you can safely use your mobile devices again, feel free to download my App from the Apple App Store.7.30.12.jpg


Twitter tops the charts this week, with a few stories about a new malware making the rounds: Twitter malware warning: It's you on photo? or It's about you? I actually received four of these tweets over the weekend and all of them, according to the article, would have redirected me to a Russian website hosting the code for the Blackhole exploit kit. I refrained from clicking any of them (as should you), because no matter how attractive a monkey I might be, and how much I enjoy a good photo of myself, i'm also a very skeptical one.


Next we've got an article from one of the best in the business, Brian Krebs, on the increasingly complex role malicious software is playing when it comes to espionage: Tagging and Tracking Espionage Botnets. The article includes an excellent breakdown of the current distribution and communication of Government focused spy software, as well as an interview with Joe Stewart of Dell SecureWorks. The article is a bit long, but as it's one of the top mentions on the app this week, it's proving to be a valuable read. Also, for those of you who were at Blackhat, Krebs himself might look familiar: Pen and sword equally mighty for science fiction's Stephenson.


Shifting from Blackhat to Defcon for a moment, this story: A Phone Network Just for Hackers, from the Wall Street Journal shows the high bar Defcon keeps setting each year for creative and innovative party invites and user badges. Ninja Networks set up their own private cell network at the conference, and handed out 650 Ninja-Tel phones as invitations. The phone idea was a throwback to the original hackers at Defcon - the phone phreakers of the past. There's also a great breakdown of the features and look of the phone itself on this YouTube video from technology site TheVerge. Even those these phones don't work outside of the conference space, I'm assuming quite a few people wanted to get their hands on this incredibly hackable phone. Did you get one?  Let us know what you've done or plan to do with it in the comments.


The pips also enjoyed these stories:

Russia's Top Cyber Sleuth Foils US Spies, Helps Kremlin Pals | Danger Room |

Infosecurity - All your speech belongs to Apple

Strike Back At Hackers? Get A Lawyer|DarkReading


Finally, I'll leave you with this bit of hilarity:Is a Computer Worm Causing Iranian Nuclear Facilities to Blast AC/DC's 'Thunderstruck' At Night? This just might be the perfect storm of all Information Security news articles.  First, it's on Gawker, which means we're sharing headline space with various Real Housewives of various US Cities. Second, the article itself is simply breathtaking. A virus that randomly starts blasting AC/DC at full volume might be the most amazing troll moment ever. I don't know what the average Nuclear scientist listens to on Pandora while he's working, but a sudden explosion of Thunderstruck probably turns some heads. I can't stop picturing people in full radiation suits, rocking some serious air guitar. I kind of hope one of the scientists is just pranking his stuffy colleagues, and we'll hear a retraction soon.  Either way? Best story of the week.


That's my review this week - we'll see you back here next time!



Hello my Monkeyreaders - and welcome back to another edition of the ongoing misadventures of the InfoSec world, as told though my Free App, available as always in the Apple App Store.Soc7.23.12.png


I figured I'd start off the week with a story that reminds me of all the Breach stories from my last Review: Eight Million Email Addresses And Passwords Spilled From Gaming Site Gamigo Months After Hacker Breach. Forbes writer Andy Greenberg breaks down a leak of over 8 million usernames and passwords from Gamigo, a free gaming site that had just told it's users back in March to change all passwords due to a breach.  If you're a Gamigo user, the article includes a link to PwnedList so you can see if your email was included in the leak itself. Luckily, this breach likely won't give anyone access to these accounts, due to the call for password changes, but this just shows again that re-using passwords is a bad idea, and keeps my monkeybrain thinking of adopting a password manager to store the many that I use daily.


Next up is a different password story: Mom arrested for hacking school computers, tweaking her kids grades. I've got to hand it to this mom, as she takes helicopter parenting to a completely new and technological level. After getting her hands on the superintendent's password, she logged in over 110 times to alter the information in the school's database. She was found out when teachers started asking why a secretary was accessing their online grade books, leading to my favorite of her alleged crimes; that she changed one of her son's grades from 98% to 99%. I'm not really seeing the risk/reward scenario here Mom, as if convicted she could be looking at 42 years in jail. That A+ isn't looking so necessary now, is it?


Next, our Commander in Chief decided to weigh in on cyber-attacks last week: Barack Obama: Taking the Cyberattack Threat Seriously - In the article, The President discusses cyber attack simulations, the consequences of an attack aimed at our infrastructure, and how the Government needs to share better information with companies and vice versa.  It's a short opinion piece that doesn't break any new ground but is worth the quick read to see how the current administration feels about cyber security. While you're reading it though? Keep Stuxnet in the back of your mind. I know I couldn't help but draw parallels.


Another well read article last week was this one from Tech Week Europe: Super-Charged DDoS Attacks Spike In 2012. Something that I'm sure most of you are aware of, as the DDoS attacks in the news continue to reported, this article breaks down the data of just how much more often, and how much faster these attacks are becoming. Also, Xbox gamers are starting to get hit as well, which I'm going to use as my excuse as to why I lose so often at online multiplayer games.


Other popular pip hits:

Russian cyber bandit arrested for attacks on - GeekWire

How to avoid being tracked online | Analysis | Features | PC Pro


Finally, with Black Hat officially underway this week, I've been noticing a huge amount of twitter traffic regarding the conference itself. Still, the most popular item is this one: Black Hat events say that suspicious email was due to volunteer's mistake - SC Magazine UK, breaking down the supposed "phishing" email that went out under Black Hat's registration email template. How horrible must that volunteer feel right now? He sent an email to a very vocal and very well informed group of 7500 people, so I'm sure he'll be looking for different volunteer opportunities in the near future. Also on the subject of Black Hat - it looks like the pips are all finding this link: Top Ten Black Hat Pick Up Lines, to be incredibly amusing, as it's been near the top of my list since it went up late last week. Note: your mileage may vary with these lines - but with how many times I've seen this article, if might be a good ice breaker no matter what.


That's it for me, your favorite simian. We'll see you post Black Hat!



Dear Monkeynauts,


I return yet again, with more stories of the week, and bits and pieces that you found interesting on my free app, downloadable from the Apple App Store.Soc7.16.12.png


Now I'm sure it's no surprise that one of our biggest stories this past week was in regards to the attack on Yahoo! and the subsequent release of 450,000+ passwords: Hackers expose 453,000 credentials allegedly taken from Yahoo service (Updated). There were multiple versions of this same story that were posted to the app, but the more interesting discussions after the breach were the responses that seemed to point at Yahoo!'s lack of even the most basic of security measures.  Yahoo security breach shocks experts - CSO Online - Security and Risk ,is a good quick read about the ongoing lack of preparation and the utter "wha?" the infosecurity world is saying today.


Yahoo!'s not alone in the attacked and breached front though, as the Android forums found themselves a target as well: Android Forums hacked: 1 million user credentials stolen. While only login information was published from Yahoo!'s attack, the Android Forums attack included usernames, e-mail addresses,  passwords, IP addresses, and some other information.  The breach is still being investigated, so more details might be forthcoming as the week goes on.


Next is another story from one of my favorite sites; Web exploit figures out what OS victim is using, customizes payload | Ars Technica. This makes my blood run cold. An exploit that adapts to the version of OS being used means the days of Apple being virus-proof really are coming to a close. Luckily, this exploit itself can only infect Macs with a specific type of software that was phased out a few years ago. Still, if this rare type of exploit begins to become the norm, everyone - Mac, PC, or Linux user alike - will all have much more to defend against.


The other pip hits:

Serco reports 123,000 US government employees& personal information stolen | Naked Security

Researchers intercept Tatanga malware bypassing SMS based transaction authorization | ZDNet


And finally this week, I found this article to be a very interesting read: Defense expert: US should hire hackers to conduct cyberwarfare. I've said before that the act of taking the attack to the attackers can be a slippery slope for everyone, but this article brings up a point I'd not considered before. Take this quote from John Arquilla, "Let's just say that in some places you find guys with body piercings and non-regulation haircuts. But most of these sorts of guys can't be vetted in the traditional way. We need a new institutional culture that allows us to reach out to them." I'm picturing hacker special forces here, attacking terrorists groups with data, not drones. I'm still not 100% sold on the idea, (stuxnet?), but it seems to be a better use of these peoples skills, rather than the ways we currently deal with cybercrimes.


That's it for me this week - we'll see you back here at the same monkeytime,



Welcome back Monkeyminions, to the best content aggregation blog you read on Mondays that's written by a monkey. If you'd like to join in the content part, feel free to download my App, from the Apple App Store.Soc7.9.12.png


It's July 9th, so for about 300,000 people, it's the end of the internet as they know it (yet I feel fine?): Still infected, 300,000 PCs to lose Internet access July 9. The DNS Changer botnet end times are today, as the non-profit company that's been helping infected PC's still reach the internet, Internet Systems Consortium, is pulling their plug on the temporary DNS work around they've been running. It's a little too late, but the FBI has posted this site: for people to check their machines. If you find yourself affected, use your smartphone/ipad/internet connected fridge to reach this site: and follow the steps.  Are we officially in the future, when you have to use one of the several internet ready devices in your house to fix one of the others that's been hacked? We're still waiting on Jetpacks, but this is progress.


Next up, if you're a Bank and you've had some of your customers affected by a cybercrime, you might be facing some additional scrutiny soon.  Court Ruling Could Be Boon to Cyberheist Victims; Krebs on Security  is a great read on this issue (as per usual, Krebs is excellent), and details this recent ruling that could have many institutions taking a look at their current security practices. In short, if you've got outdated security practices or systems, even if your customers have signed off on them in the past, the door might now stand open for subsequent lawsuits. I'm sure several CSOs are very interested in how this plays out over the next few months.


Shifting gears a bit, Cisco has apologized for it's recent automatic update, that had several privacy advocates raising issues, as well as their own customers wondering why they were now required to sign up for a brand new service: Cisco apologizes for privacy confusion, makes cloud service an opt-in feature. Now there are times when updates to something we're used to cause some concern, but the internet mantra of "you'll get over it" tends to bear out in most cases.  The issue that seems to be the most interesting for me was the change in the terms of service. Cisco's new TOS said that it might collect internet history, and could use that history along with others' to share with a third party. Opening a new line of revenue by marketing my internet history, sounds just a bit too Big Brother to be comfortable to me, so I'm glad that's been changed - but am I overreacting? Feel free to let me know if you think this is a non-issue, or if you're looking up the TOR app as we speak.


Next, this article from ZDnet: The internet will never be secure, might seem like a pretty obvious statement to those of you elbow deep in remediation reports, but I found it to be a good quick read.  The point that jumps out the most is that unless the internet is changed, and changed for the worse, it can't ever be completely secure. As someone who's addicted to information, an open exchange is ideal, i'm willing to put up with a fair deal of risk, but Alex Kirk seems to think, "[w]e're probably in a particularly ugly point in the history of internet security." Do you agree?  Is this the Dark Ages of Infosec, before the Renaissance?


Other hits from my pips:

HP Communities - Software Security Assurance - Figuring out the developers

Privacy and Security Fanatic: Trolling Terrorists with Propaganda: The US hack of al-Qaida that wasn't a hack


Finally, this picture. Tweeted by Andy Hedges, and retweeted by a huge number of people, this is my final thought for today.  Andy titled it RIP Computer Science.


Until next week,



Happy Monday Monkeynauts!


My Free App from the Apple App Store had these following links as it's most repeated and retweeted last week.  Let's take a look at what had everyone buzzing.



First up this week, is the response from RSA to a few posts saying they were hacked: Don't Believe Everything You Read; Your RSA SecurID Token is Not Cracked. I saw a few links to this last week, but the majority of them were a great deal of speculation. This posting from RSA themselves attempts to clarify what the "crack" actually was, and how a simple shift of perspective can occasionally render a problem obsolete. I'm more than willing to take other opinions on this matter, but this seems to put a lot of the concern at rest.


Second on the list: 4 Signs That Apple's Sharpening Its Security Game - Dark Reading. I just bought a new Macbook for the MonkeyCave, so this is a good sign to me.  It seems their public battle with the Flashback trojan, and their subtle removal of the, "It doesn't get viruses," slogan have led them to a path that a majority of PC users are very familiar with; one in which security is much more of a, "when," not, "if," problem.  The article is a quick read, with some signs that have been widely reported, but since it's been burning up my charts, I'm assuming a great deal of you have macbooks in your own SecurityCaves as well.


Next up, one of the most bandied-about buzzwords in Information Security today: Expert: Advanced Persistent Threats Can Be Beaten | PCWorld. APT is constantly discussed, debated, and sometimes downplayed, but it's certainly an ongoing key security concern.  How do you deal with this threat? What steps are you taking to make sure you've got protection, and does a course like the SANS one described in the blog seem like the next step in developing a response? Drop me a line on here with you own tips for APT's.


A few more links the Pips brought to your attention this week:


Hacking festival attracts 500 aspiring young coders - Ars Technica

EU security agency advocates for 'mandatory cyber insurance' - Insurance Business Review

The Dirty DDoS Market - TechWeekEurope UK


Finally, this article: How The Angel helped 15,000 people steal broadband, from Ars Technica is a fascinating read. A hacker decided that he was fed up and angry at the cable companies, and thus published a book on how to modify cable modems to remove MAC address controls, and bandwidth limits. He might have made upwards of a million dollars due to his book and fraud, but in the end, during the trial, it was revealed his main motivation was not money, but really was just revenge at these companies he felt wronged him. Note to everyone else - publishing a book on how to commit a crime, and then commiting said crime?  Not the most foolproof heist plan out there.


That's it for your favorite simian this week, but I'll be back next week with several informative links, and at least a few weird ones.


Until then,



Dearest Monkeynauts,


I have returned to give you a full update of the big stories that you might have missed last week in Information Security. If you'd like to stay updated at any time, my App, from the Apple App store is free to download!6.25.12.jpg


Last week saw quite a few topics that I've discussed here before maintaining their position with the Pips. The news story that really seems to keep drawing the most attention is the ongoing troubles LinkedIn is having with its password problem. LinkedIn hit with lawsuit over massive data breach, is an article from Computerworld detailing a class action suit targeting the networking site for it's failure to meet, and I quote, "industry standard security practices."  OK, I'm officially starting to feel bad for LinkedIn.  I think they're putting out a great product, and it's how I managed to land this gig as everyone's favorite monkey blogger.  Still, when the lawsuit is looking for damages of 5 Million dollars? Seems to be a bit of a vendetta and cash grab instead of a real lawsuit. Feel free to throw your two cents on this ongoing drama below.


The next topic that keeps shambling along like a Zombie at a brain buffet?  The ever popular Flame malware.  This week, the Washington Post has jumped into the mix with an article that squarely puts the blame behind the creation on the U.S. and Israel: U.S., Israel developed Flame computer virus to slow Iranian nuclear efforts, officials say. Now, if you're a SOC Monkey user, you've seen these rumors, rumblings, and suspicions since the day the news broke about Flame, but for some reason, I see a major player like the Post picking it up as a pretty big turning point in this ongoing discussion. Of course, no U.S. Official or the Israeli Embassy is commenting on this story as of yet, so I expect that we'll keep seeing this pop up again and again in the ongoing months.


Keeping on the topic of malware and it's targets: Iran says detected massive cyber attack. This story from Reuters touches on the past attacks and issues with Flame, but also seems to point a finger back at the U.S., Israel, and Britain, about a new and soon to be released, " massive cyber attack." The question here is of course, is this actually a new attack vector? Will we be hearing about a new and totally different malware or worm similar to Stuxnet and Flame that's actively targeting Iran right now?


Last few links the Pips found interesting:

Department of Homeland Security and U.S Navy hacked | The Hacker News

Malware RATs can steal your data and your money, your privacy too | ESET ThreatBlog


Finally, since I'm a huge monkeynerd, and because the field of Cryptography is always interesting, I'll leave you with this article: BBC News - Centenary of the birth of WWII code breaker Alan Turing. Alan Turing, the man that some people say won the war in the Atlantic by cracking the Enigma machine used by the Germans, would have been 100 years old last Wednesday. His wartime contributions, and his influence in the eventual field of computing was incredible, and this video is well worth a watch.


I'll see you back here next Monday, with all the past weeks big hits.


Til then,



Hello again Monkeynauts,


For those of you that are returning, welcome back!  For those of you that clicked here and don't know where I find my tidbits, why not try my free SOC Monkey App, from the Apple App store, and then roll on back here next week?SocMonkey6.18.png


After the press barrage of the last week, with LinkedIn and the remnants of Flame, it seems to be a pretty light week on my monkeyfeed, so i'm going to bring you a few of the most interesting links and updates.


First off, to follow up on the LinkedIn password story: LinkedIn sheds more light on security breach, the company has said that it's once again secure, and that it's notified all its affected users. On the good news front for them, it looks like the fallout is not hurting them as much as some thought and their stock did rise on Friday. I'm going to stay tuned as we're not sure just how deep this rabbit hole goes, and we might be hearing more information on what data, if any, was also compromised during this attack. I for one am pulling for them, as I find my LinkedIn account to be far more interesting reading than my other social networks currently, and far more valuable to my monkey career.


Second, to circle back on Flame this week, it looks like the immediate reaction is starting to calm down a bit, and people are now realizing what the experts have been saying might be more to the point, Flame is Lame, sounds like the rallying cry that the experts have been saying since the news first broke on this malware.  The F-secure blog I've linked above, systematically discounts every point that's been discussed regarding Flame, and ZDNet's article: Is the antivirus era really over? Not yet, pulls us back from the brinkmanship that was hyped up when Flame first arrived.  I know that hype sells papers (or webclicks) and saying that this malware is the biggest and baddest one on the block seemed like the right angle at the time, but upon further reflection, is this really a non issue?


Couple more quick hits for you all:

CVE-2012-2122: A Tragically Comedic Security Flaw in MySQL

Introducing Metasploitable 2!    


Lastly this week, this story from CNET has me scratching my head: Post-hack, companies fire back with their own attacks. Having been a baby monkey in the 80's, I'm all for the old school revenge movies I grew up with. Van Damme comes to mind, where his brother/father/uncle/neighbor has been killed, and he must right the wrong by doing splits and kicking things. Makes complete sense, but still, does this news story about hacking your hackers strike anyone else as maybe a bit over the top?  First of all, poking the hornets nest that has stung you always seems like a bad idea, especially since the attackers were probably just after your data at first. Attacking them back makes it personal, and we all know how quickly that can escalate. Second, it's still ILLEGAL. Take it from your favorite monkey, if you're planning on striking back, it's probably not worth the victory.  I'd love to hear from the braintrust out there that reads me, where do you stand on this issue? Do you think it makes sense to take the attack back to the attackers, or would you rather be defensive, and legal about the entire matter?


Thanks Monkeynauts, I'll see you next Monday!



Dear Monkeynauts,


As some of you might have noticed, I've moved my publication date out to Monday going forward. This gives you the entire weekend to download my App, from the Apple App Store!



I'm sure it's no surprise to all of you, that our most retweeted and talked about topic this week is of course Linkedin, and their very large password leak, followed swiftly by the same group hacking eHarmony. The hottest version of this story via my monkeyfeed is this one from Ars Technica: 8 million leaked passwords connected to LinkedIn, dating website. That's right, eight million passwords overall, methodically being cracked on various websites as we speak. I, like most of you, quickly went in and changed my existing normal password to one with 47 random characters, so every time I log in I feel like R2D2 talking to the Death Star.


On a lighter note, it's always hilarious to take a look inside people's password brainspace, and this article: 10 (or so) of the worst passwords exposed by the LinkedIn hack, gives us the rundown of the 10 worst.  My personal favorite on this list has got to be "iwantanewjob." It's very zen isn't it? Typing and retyping that password every time you log in? Very positive reinforcement.  Horrible password though. Here are some simple tips for good password/ passphrase security that way too many people are clearly ignoring.


Unfortunately for LinkedIn, when it rains it pours: Your iPhone calendar isn't private;at least if you use the LinkedIn app. Jumping back to Ars again, we find that the iPhone and Android versions of LinkedIn's app pull your calendar items back to their servers, even if they were created outside of your app.


Moving away from Linkedin for a bit, it's back to the other big Infosec news item of the last few weeks: Flame. The monkeyfeed has had a great deal of Flame and Stuxnet but this new article from Securelist is jumping up the list as of this morning: Back to Stuxnet: the missing link. Kaspersky Labs is now claiming that these attacks are actually related, and this article does a great deal to explain the links. What say you, our esteemed Monkeynauts?


The other Pip hits for last week include:


When Is A Breach Not A Breach? - Dark Reading (Wendy Nather!  I've met her!)

Microsoft's reaction to Flame shows seriousness of 'Holy Grail' hack - Computerworld

Germany confirms existence of operational cyberwarfare unit - News - Stripes


Finally, my favorite story of the week is this one from Naked Security: North Korea uses infected games to DDoS South Korea | Naked Security. This is a brilliant attack. Take South Korea and their love for video games, add in a distributor selling those games cheaper than the stores, and include a free virus in every order!  The reason this is so brilliant, and scary, is that if there was suddenly a huge sale on Diablo 3 in this country, we'd have the same problem in a heartbeat.


That's it for this week.  Remember, we're shifting my Monkeybloggings to Mondays going forward.  Make sure to set your DVRs.





Dearest Monkeynauts,


As always, I'm back on Friday to give you the biggest news items the Pips have sent out this week via my free app, available in the Apple App store. Download now!SocMonkey6.1.png


I'm sure none of you are surprised to see that our biggest topic is currently Flame. My feeds started to explode earlier this week when Wired's article hit about this brand new, and incredibly massive malware discovered by Kaspersky Lab. If you're not familiar with this latest malware - here's a great break down of how it actually works:  ‘Flame’ Virus explained: How it works and who’s behind it. The shocking truth of the matter though?  This malware has potentially been undetected and infecting systems for up to five years. SC Magazine has an excellent article on how this actually marks the end of signature based anti-virus. I'm curious if the Monkeynauts have any weigh in on this story, as I find that there seems to be a pretty set split between people saying that this is the worst thing in malware history and we should all be terrified, and others saying that it's just another malware attack, and it will be the big story until the next bigger one. Lend us your two cents below.


Next up, an interesting story from ComputerWorld, about a site opening up to ethical hackers in the aftermath of a breach.  GameReplays lets hackers probe site after data breach. After an attacker released details of 10,000 members of the website on Monday and Tuesday, Jon LeMaitre - co-owner and General Manager, has invited ethical hackers in to help locate vulnerabilities. The irony here is that LeMaitre is a supporter of hackers exposing the secret links that lead to the internet limited bills like SOPA and Protect-IP. Apparently an attacker published these details after not receiving a response from him directly.


The other Pip hits this week:

Patch management still big stumbling block in risk management, survey shows

Errata Security: Bogus story: no Chinese backdoor in military chip

Q&A of the Week: The current state of the cybercrime ecosystem featuring Mikko Hypponen


Finally, since I'm a big Gaming Monkey, I wanted to do a quick shout-out to one of my favorite ongoing donations over at the Humble Indie Bundle. It's a fantastic opportunity to get some excellent games, and donate to an amazing cause in Child's Play at the same time. For those of you that haven't played Amnesia, it's probably the scariest game my little paws have ever controlled.


As always, feel free to reach out to me below or message me, and I'll be back at the same monkeytime next week.


Flame on,



It's SOC Monkey, coming to you on May 25th, otherwise known as Geek Pride Day. Unrelated, sure, but not something my Monkeynauts should be unaware of.  Also, they should be aware of my IPhone App, still free to download from the Apple App (3).jpg


First, let's start with a big company from the beginning of the Internet: Yahoo Axis Chrome Extension Leaks Private Certificate File.  You were probably as surprised as me when you saw that Yahoo, the formerly great search company, had released Axis, a browser add on of some sorts.  I'll be honest - I've not even looked at it, as Chrome seems to fit the bill pretty well for me, but I heard many people discussing how great it was all week.  Then I saw the story that it's already a privacy risk, and that the general consensus is to not install it til it's been fixed.  Poor Yahoo.  First their CEO, now their new cool product. At least they're getting a lot of press?


Second, there's this interesting piece: E-mail Trends Show Hackers Working Weekends Less and Less. I figured that malicious email would be best served during the work week, but to take an entire day off on Sunday?  A steady push on Sundays might make that Monday morning email slog so many of us go through a perfect vector for a sleepy click. Anyway, there's another link to a story about hacker weekends that's pretty interesting as well, both might be worth a conversation with your end users, as it's always a good idea to keep them informed about threats.


Here's a few other bits from my friends the Pips that stuck out this week:

How long would it take to crack your password? | Naked Security

Email Security: 10 Steps for Dealing With Dangerous Messages - Security - News & Reviews

Troy Hunt: Everything you ever wanted to know about building a secure password reset feature

Fighting Hackers With Public Relations


Finally, i'm going to leave you with a video this week: The Breakdown of a Fake AV Scammer. Originally found on Slashdot and Reddit, this is a video detailing an A/V Scammer trying to trick Noah Magram, a Software Engineer from SourceFire, into buying software.  This is a terrible idea for our friend the scammer, but a great idea for those of you who love to see these people dig themselves into hilariously deep holes. The fact the guy on the other end has no idea that he's working on a VM is my favorite part. It's a good video, and really does show that even the scammers can be using legitimate tools nowadays.


See you next week, at the usual monkey-time,


Best -


Welcome back, to the best little Monkeyhouse in Infosecurity.  As always, you can download my app at the Apple App Store, for FREE!Security News Trending.png


My first link this week is about Malicious Code in Microsoft Office Documents, from Lenny Zeltser's infosec blog. This blog was only posted yesterday, and is already running up on my weekly list, so it's getting a great deal of traffic.  It's informative, filled with good external links, including multiple CVEs, and is absolutely terrifying. I don't make it a habit of clicking strange office documents, but knowing that this exists, and seeing how it's accomplished are far different things.


Going back to a previous SOC Monkey blog, the Global Payments breach story still has legs as Krebs reports: Global Payments Breach Now Dates Back to Jan. 2011. So, to clarify, that means that the attackers were inside the network from January of 2011, all the way up to March of 2012, and they stole 24 million unique transactions before they were finally discovered.  As Krebs first broke this story, it looks like the Monkeynauts are finding his blog to be excellent week after week, as he seems to be one of the most retweeted contacts on my list.  He's a great read, on multiple fronts.


Next is an article from ZDNet, about Avira, and their latest Antivirus update. This update, earlier this week, was flagging certain Windows operating processes as malware, and blocking other programs from opening at all. As you can imagine, this had an immediate and potentially crippling effect on the businesses who pushed this update out to their entire Windows infrastructure.  As of today, Avira has released some additional updates that should fix the problem, but I'm sure that was a long couple of days for those guys. It seems to be a popular link this week, but I'm not sure if it's more due to the interesting angle of the story, or of the fear of this happening or being caused by my readers.  Feel free to drop me a line, or weigh in here with your opinions.


Multiple Human Rights, Foreign Policy Sites Hacked(Krebs, again! He's a machine!)

[SECURITY] [DSA 2473-1] security update(CVE-2012-1149 - getting a great deal of clicks this week)

HULK DDoS Tool Smash Web Server, Server Fall Down (After seeing the Avengers, anything with the Hulk on it seems to be trending.)

Popular Surveillance Cameras Open to Hackers, Researcher Says (quick shout out to Kim, as I keep linking her here.  The Monkey loves you.)


Finally, as I generally do, I'd like to welcome you to the weekend with a fun link.  Since a certain social network is in the news this week, (not Friendster?), I'd like to share my favorite story I've found that's somehow related:  Two men rob Internet cafe, forget to log out of Facebook prior to robbery.  That's it.  No set up, no comments, this is truly an article that speaks for itself.


Til next time, my fabled Monkeynaughts.





I have returned, and I bring free gifts from the Apple App Store - my SOC Monkey App that you should be downloading as I type.socmonkey5.11.12.jpg


First up, I've got a great story from the always wonderful Wired, about just how ubiquitous being attacked really is these days: Everyone Has Been Hacked. Now What? is a quick 3 page read that outlines several of the more widely known breaches of the last few years, along with some pretty terrifying statistics. The article states that the average attack on a company goes on for more than a year before it's even discovered, which is actually a step up from the past where attackers could be squatting for multiple years before being found out. With attacking becoming so commonplace, what tactics are you planning on adopting this year to best prepare yourself for the ongoing risks of doing business online?


Next, we've got one of my favorite pieces of social media seemingly having a bad start to their week: Thousands of Twitter passwords exposed. With 59,000+ usernames and passwords leaked this week, it looked like a pretty significant breach of Twitter's data, and sent more than a few prodigious tweeters off to Airdemon to see if they were going to be affected. What a difference a few hours makes in investigation though, as Twitter was quick to point out that the supposed breach, was in fact more of a hoax: Twitter Downplays Breach That Exposed Passwords. With over half of the data coming from blocked or spam accounts, and many of the usernames and passwords not actually linked to each other, it looks like this data was compiled from various sources and that Twitter itself was not in fact compromised. No Fail Whale here after all!


Then there's the story of the FBI's warning to people accessing wireless networks while traveling: FBI: Beware of software updates on hotel connections. You're about to leave your hotel in downtown NYC for your business meeting, and you're pulling together a few last minute tweaks to your presentation deck. Suddenly a pop up window notifies you that a "widely used software product," needs to be updated.  You click, and unwittingly install malware on your machine. Pretty genius attack if you ask me. I'm curious if any of my Monkey Minions know what "product" they're referencing in the article. Drop me a line, if you think you know, and make sure to run all your updates before you hit the road!


Here's a few more bits the Pips thought were good reads this week:


Hacktivists have the enterprises' attention. Now what?

FBI: We need wiretap-ready Web sites - now

NBC Chicago : Why You Shouldn't "Unsubscribe" From Spam (this is my favorite story this week.)


My last item is a picture that keeps showing up in the feed, that really is a perfect example of horrible network security. I'm sure that ESPN has some difficulty with the huge number of reporters they have to deal with on a regular basis, so posting the wireless password information on the wall might make keep an overworked IT professional sane. Perhaps they've completely segmented that particular wireless connection from the rest of their network, so it really is a secure time saver? You'd think that they'd still manage to not stand directly in front of it during a broadcast. I'm sure a large number of network security engineer/baseball fans facepalmed very hard at that moment.


That wraps up the monkey-business this week.  As always, drop me a line or feel free to comment below, and we'll see you next week.


Same Monkey-time.

Same Monkey-Channel.



Filter Blog

By date: By tag: