Soapbox style rants
Another Java privilege escalation exploit spotted in the wild. Trojans and web based java classes are already installing remote access tunnels into Macs across the globe. Apple finally updated their java binaries and you should too! Protect yourself! Just run Software Update from the Apple menu.
Apple Info:
http://support.apple.com/kb/HT5228
More info (including a AppleScript test for infection):
http://mashable.com/2012/04/05/mac-flashback-trojan-check/
If you can’t stop piracy with the hundreds of laws already on the books, i guess it cannot be done.
I stand in solidarity with Google, Wikipedia, Reddit, and all the others who are blacking out their websites to raise awareness of these terrible terrible bills.
Riot police is here now, but don’t yet appear to be doing anything. be safe.
I will be attending! will you join me? Stand up and be counted! (you almost certainly will NOT be arrested)
all the ssl blacklists are updates. we can return to thinking we are safe. Apple included the patches in a Security Update, Firefox updated to 6.0.2. Jailbroken iOS users can update or install “sslfix” in Cydia to get the protections that apple has yet to release.
After watching Moxie’s BlackHat talk, we seriously need to fix SSL. It is holding up too many technologies to be this insecure.
The guys at 1up.com did a great job with this one. take note sony. As should anyone who wants to store the data of millions of users. Especially if you are possibly one of those millions of users.
Their recents exploits include hacking FBI affiliate Infragard (Atlanta Chapter). They defaced the website, stole account information, and messed with their users. Particularly Karim Hijazi of Unveillance. LulzSec alleges that Karim (in a chat on IRC) offered them money and information to hack and his competition in the security industry. This kind hypocritical behavior is specifically deplored by hackers. Hijazi’s company email was posted online and in LulzSec’s official statement they threaten the release of his personal email as well. LulSec started taking donations with BitCoin. They used some of the money to pay for servers and their “lulzsecurity.com” domain which appears at present to be down.
A bit of ransom-ware by the name of Mac Defender is exploiting a default setting in safari that will automatically launch any installer package that you download. It still requires the user to go through the steps of installing the software including entering their administrator password. Apparently this hasn’t prevented hundreds of users from installing the bogus software. It seems to do nothing but pop up ads and messages to lure the user to pay $79.99 to remove the infection. Easy, free removal instructions are available here. But let this be a lesson. Don’t type your password if you don’t know why it is asking for it. Don’t install things you didn’t know you downloaded.
yesterday, anonymous’s irc server was hacked and user’s ip addresses and private messages were posted here. Looking at the logs, it is clear to me that many of their users use proxies, VPNs, or some other way to obscure their actual address. It is doubtful that any serious hacktivists were actually unmasked. With rumors of an internal conflict within anonymous ablaze online, it is still unclear who was responsible or when their operations will be back online.
UPDATE:
here was https://sites.google.com/site/lolanonopsdead/ and it’s since offline.
Greatest analysis and explanation of the cablegate i’ve seen on any media source. you go guys!
also, another good one. . .
http://www.youtube.com/watch?v=ob7vcepdeOA