Spyware, Viruses, & Security forum


NEWS - May 16, 2013

by Carol~ Forum moderator / May 16, 2013 4:14 AM PDT
Jail for the LulzSec hacking gang members

Members of the notorious LulzSec hacking gang have been sent to jail.

Here are the sentences that each of them have received:

Jake Davis - "Topiary"
Two years in a young offenders' institution.

Ryan Cleary - "Viral"
Imprisoned for 32 months, of which he will serve half.

Mustafa Al-Bassam - "T-Flow"
20 months prison sentence suspended for two years, and 300 hours community service.

Ryan Ackroyd - "Kayla"
30 months prison sentence, of which he will serve half.

The judge apparently took Mustafa Al-Bassam's age at the time of the offences into consideration when choosing to give him a suspended sentence.

Continued: http://nakedsecurity.sophos.com/2013/05/16/jail-lulzsec-hacking-gang/

Also from Graham Cluley @ Naked Security:
The LulzSec hackers who boasted they were "Gods" await their sentence
Opinion: No, the LulzSec hackers weren't noble

LulzSec hackers jailed for string of sophisticated cyber-attacks
LulzSec group sentenced; hacker combats child porn allegations
LulzSec hackers sentenced for sophisticated global cyber-attacks
LulzSec Hackers Sentenced to Prison
Post a reply
Discussion is locked
You are posting a reply to: NEWS - May 16, 2013
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - May 16, 2013
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Oracle to change Java version numbers
by Carol~ Forum moderator / May 16, 2013 5:04 AM PDT
In reply to: NEWS - May 16, 2013

Because of the large number of security patches that Oracle has had to release for Java SE, the company has now had to change how it assigns version numbers to updates. Oracle has hit the problem that its scheduling of "Limited Updates", that is minor feature changes within a Java version, needs to work with predictable version numbers for assignment and reporting.

What was previously a predictable system has now become much harder to track as each CPU (Critical Patch Update) for security holes has bumped up the version number, meaning any feature of a "Limited Update" that had been targeted for that version number has to be reassigned. Now Oracle has constructed a new numbering scheme which will be introduced first for JDK 7 and then applied to JDK 5.0 and 6 as needed.

Continued : http://www.h-online.com/security/news/item/Oracle-to-change-Java-version-numbers-1863304.html

Also: Oracle updates Java versioning to allow more security fixes

Collapse -
Ragebooter: 'Legit' DDoS Service, or Fed Backdoor?
by Carol~ Forum moderator / May 16, 2013 5:04 AM PDT
In reply to: NEWS - May 16, 2013

On Monday, I profiled asylumbooter.com, one of several increasingly public DDoS-for-hire services posing as Web site "stress testing" services. Today, we'll look at ragebooter.net, yet another attack service except for one secret feature which sets it apart from the competition: According the site's proprietor, ragebooter.net includes a hidden backdoor that lets the FBI monitor customer activity.

This bizarre story began about a week ago, when I first started trying to learn who was responsible for running RageBooter. In late March, someone hacked and leaked the users table for ragebooter.net. The database showed that the very first user registered on the site picked the username "Justin," and signed up with the email address "primalpoland@gmail.com."

That email address is tied to a now-defunct Facebook account for 22-year-old Justin Poland from Memphis, Tenn. Poland's personal Facebook account used the alias "PRIMALRAGE," and was connected to a Facebook page for an entity called Rage Productions. Shortly after an interview with KrebsOnSecurity, Poland's personal Facebook page was deleted, and his name was removed from the Rage Productions page.

Continued: http://krebsonsecurity.com/2013/05/ragebooter-legit-ddos-service-or-fed-backdoor/

Collapse -
Mac Spyware Found at Oslo Freedom Forum
by Carol~ Forum moderator / May 16, 2013 5:04 AM PDT
In reply to: NEWS - May 16, 2013

From the F-Secure Antivirus Research Weblog:

The Oslo Freedom Forum is an annual event "exploring how best to challenge authoritarianism and promote free and open societies." This year's conference (which took place May 13-15) had a workshop for freedom of speech activists on how to secure their devices against government monitoring. During the workshop, Jacob Appelbaum actually discovered a new and previously unknown backdoor on an African activist's Mac.

Our Mac analyst (Brod) is currently investigating the sample.

It's signed with an Apple Developer ID. [Screenshot]

The launch point: [Screenshot]

It dumps screenshots into a folder called MacApp: [Screenshot]

Continued: http://www.f-secure.com/weblog/archives/00002554.html

Collapse -
zPanel hacked after support team member insults forum user
by Carol~ Forum moderator / May 16, 2013 5:04 AM PDT
In reply to: NEWS - May 16, 2013

The official web site for the web hosting interface zPanel is currently unavailable. The cause seems to be a hacker attack provoked by a member of the support team who swore at a user on the official forum.

On Wednesday, a forum member going by the name joepie91_ posted details of a vulnerability in zPanel that has been known about for some time, saying that the developer team has been refusing to fix it. He explained that specially prepared templates can be used to execute commands on the server with root privileges and called zPanel "the most insecure hosting panel with any significant userbase" that he had ever seen.

Forum participant PS2Guy, a member of the support team, was clearly not willing to let that accusation stand. In the very first sentence of his response, he called joepie91_ a "fucken little know it all", adding that all security problems in zPanel have been fixed and challenging the accuser to try to hack into any server with the current version 10.0.2 of zPanel.

Continued: http://www.h-online.com/security/news/item/zPanel-hacked-after-support-team-member-insults-forum-user-1864795.html

Also: App developer calls critic "f*cken little know it all"; site goes down

Collapse -
Critical Linux vulnerability imperils users, even after..
by Carol~ Forum moderator / May 16, 2013 5:04 AM PDT
In reply to: NEWS - May 16, 2013
... "silent" fix

May 15, 2013 4:44 pm UTC

"A month after critical bug was quietly fixed, "root" vulnerability persists."

For more than two years, the Linux operating system has contained a high-severity vulnerability that gives untrusted users with restricted accounts nearly unfettered "root" access over machines, including servers running in shared Web hosting facilities and other sensitive environments. Surprisingly, most users remain wide open even now, more than a month after maintainers of the open-source OS quietly released an update that patched the gaping hole.

The severity of the bug, which resides in the Linux kernel's "perf," or performance counters subsystem, didn't become clear until Tuesday, when attack code exploiting the vulnerability became publicly available (note: some content on this site is not considered appropriate in many work environments). The new script can be used to take control of servers operated by many shared Web hosting providers, where dozens or hundreds of people have unprivileged accounts on the same machine. Hackers who already have limited control over a Linux machine—for instance, by exploiting a vulnerability in a desktop browser or a Web application—can also use the bug to escalate their privileges to root. The flaw affects versions of the Linux kernel from 2.6.37 to 3.8.8 that have been compiled with the CONFIG_PERF_EVENTS kernel configuration option.

Continued : http://arstechnica.com/security/2013/05/critical-linux-vulnerability-imperils-users-even-after-silent-fix/

Related noting recent (16-05-13 10:12) update: Exploit for local Linux kernel bug in circulation - Update
Collapse -
SysAdmin Hoax Goes International; Spanish Passwords Go..
by Carol~ Forum moderator / May 16, 2013 7:57 AM PDT
In reply to: NEWS - May 16, 2013
... Straight to Scammer Database

The SysAdmin scam that makes people believe they need to restore their account because of hacking attempts went international. The Spanish are now sending their passwords straight to the cyber-criminals' database. [Screenshot]

The e-mail targeting the Spanish in their language claims the user's email account needs to be urgently restored.

"Several incorrect login attempts on your email account," the phishing e-mail reads. "Open the attachment to the message and start the session of the details of your correct email account. NOTE: FAILURE CAN RESULT IN SUSPENSION of permanent account."

The messages aren't from any system administrator, of course. The e-mail is a phishing attempt designed to trick Spanish-speaking users into giving away their login details.

Continued: http://www.hotforsecurity.com/blog/sysadmin-hoax-goes-international-spanish-passwords-go-straight-to-scammer-database-6185.html
Collapse -
Mobile crimeware and the global criminal marketplace
by Carol~ Forum moderator / May 16, 2013 7:57 AM PDT
In reply to: NEWS - May 16, 2013

The sprawling mobile devices marketplace has spawned an industrialized mobile financial fraud plexus that today drives increasingly sophisticated criminal technical innovation to exploit the mobile devices explosion. It is funded by increasing revenues derived from potent new developments in mobile malware, according to the APWG.


Mobile devices increasingly present an attractive, practical and economical alternative to traditional desktops. In the coming years, global mobile payments are predicted to exceed $1.3 trillion, moreover, presenting a mother load of opportunity for cybercrime gangs who appreciate the vulnerabilities of these peripatetic communications and computing platforms, the APWG's analysis reports.

Continued : http://www.net-security.org/malware_news.php?id=2494

Collapse -
Japanese One-Click Fraud on Google Play Leads to Data ..
by Carol~ Forum moderator / May 16, 2013 7:57 AM PDT
In reply to: NEWS - May 16, 2013
... Stealing App

From the Symantec Security Response Blog:

Since the beginning of the year, a Japanese one-click fraud campaign has continued to wreak havoc on Google Play. The scammers have published approximately 700 apps in total since the end of January. The apps are published on a daily basis and the scammers have invested around US$4,000 in order to pay the US$25 developer fee to publish apps on Google Play. [Screenshot]

Dealing with the fraudulent apps has really become a game of cat and mouse. Once the apps are removed from Google Play, the scammers simply publish more under new developer accounts. These are again removed shortly afterwards, but the scammers simply continue to publish more. Most of the apps are removed on the date of publication, but some, especially those published over weekends, tend to have a longer life and in some cases have download numbers in the triple digits.

The scam attempts to lure users interested in adult videos to a site that attempts to trick them into registering for a paid service. Even if only one user falls for the scam and pays, that's JPY99,800 (around US$1,000 at the current exchange rate) in the pocket for the scammers, which also means they can make more money by creating even more developers accounts to publish more fraudulent apps

Continued : http://www.symantec.com/connect/blogs/japanese-one-click-fraud-google-play-leads-data-stealing-app
Popular Forums
Computer Help 49,613 discussions
Computer Newbies 10,349 discussions
Laptops 19,436 discussions
Security 30,426 discussions
TVs & Home Theaters 20,308 discussions
Windows 10 360 discussions
Phones 15,802 discussions
Windows 7 7,351 discussions
Networking & Wireless 14,641 discussions


Free trip to the Grand Prix

Don't miss your chance to win a trip to the Formula 1 Grand Prix in Monaco for you and a plus-one.