The Digital TV Blog ...

Aller au contenu | Aller au menu | Aller à la recherche

Tag - IT Security News

Fil des billets - Fil des commentaires

mardi 27 septembre 2011

Hide My Ass defends itself over “LulzSec Fiasco”

Par Bruno le mardi 27 septembre 2011, 11:30

A UK VPN provider has defended handing over logs relating to a member of LulzSec after it was ordered to by the courts.

In a blog statement entitled “LulzSec Fiasco”, Hide My Ass said that it had previously come to its attention that a member of the hacktivist group was using the service, following the leak of some IRC chat logs.

However, the company took no action at the time as there was no proof of any wrongdoing, nor was there any indication which services were being used by which accounts.

“At a later date it came as no surprise to have received a court order asking for information relating to an account associated with some or all of the [...] cases,” the firm said.

Hide My Ass offer a range of services that enable users to surf anonymously, including VPN and web proxies.

However, it is stated in the organisation’s privacy policy that this is not intended to help those who choose to break the law, and that they will cooperate should they receive an order from a UK court.

“It is very naive to think that by paying a subscription fee to a VPN service you are free to break the law without any consequences,” the company further pointed out.

It went on to say that any such service that refuses to cooperate with the authorities on matters such as this are likely to “have their entire VPN network monitored and tapped by law enforcement, thus affecting legitimate customers.”

VPNs are often used by companies who have employees who work from different locations in order to ensure their data remains secure.

They can also be used to secure data whilst connected to an unsecured Wi-Fi network or access television services in other countries which would otherwise be blocked, ideal for ex-pats.

Hide My Ass can also bypass censorship in other countries and the company initially founded the service with this in mind in 2005.

“We truly believe the worldwide-web should be worldwide and not censored in any way,” the company blog states.

The firm’s services were used by protestors during the uprising in Egypt, to spread their message through sites such as Twitter, Facebook and Youtube, which were blocked by the Egyptian government.

Hide My Ass further defends its service by stating that they don’t log any users activity online.

Whilst they do keep track of when an account logs in and out, they “do not log in any shape or form your actual internet traffic.”

This enables them to be able to keep track of “abusive users” such as spammers and ensure that their existing customer base is protected.

This is essential for the service the company provides and as they point out, they would quickly lose their reputation if they allowed illegal activities to be carried out and could not track such users.

Whilst they will comply with UK court orders, the company says that they will not respond to requests for information from overseas unless they are carried out through channels which will require them to provide evidence by UK law.

It seems that the company has come under some criticism for handing over the LulzSec info, more than likely by the remaining members of the group and their supporters.

However, should they have defied the court order, Hide My Ass would have been liable for prosecution themselves and most likely would have been forced out of business.

The company provides a legitimate service which has also been used to help further free speech in countries under a dictatorship, so it seems somewhat childish to accuse them of hypocrisy in this case.

mardi 2 août 2011

Sun admits reader data was stolen in hacking attack

Par Bruno le mardi 2 août 2011, 11:46

News International is warning thousands of Sun readers that their personal data may have been posted on the internet. The data, which includes names, addresses, dates of birth, email addresses and phone numbers, was grabbed when the site was hacked … Continue reading

Feds to headhunt at Defcon conference

Par Bruno le mardi 2 août 2011, 11:20

Representatives from US government agencies are to attend the hacker conference Defcon in an attempt to find talented hackers to work for them, according to a Reuters report. The convention is expected to attract over 10,000 hackers from around America … Continue reading

vendredi 3 juin 2011

Java most resposible for Windows hacking

Par Bruno le vendredi 3 juin 2011, 10:56

Vulnerabilities in the Java software platform are the main cause of infections to Windows PC, causing 70% of recorded incidents.

That’s according to Microsoft after collating data from their Windows Safety Scanner, a free anti-malware tool the company provides.

It follows a wave of malware targeting exploits in Java which was discovered last year, as increased security in Windows 7 means that malware developers are looking increasingly to third party software as delivery methods for infecting user machines.

Until recently, Adobe had been a main target, especially via Flash. Now it appears Java is the current main focus, due to the ease by which malware websites can use Java exploits to inject malicious code into PC’s.

This is precisely the sort of attack Techwatch experienced recently, when an iframe was inserted into the site template linking to a malware delivery site. This malware tried to install itself on user machines via Java.

The same attack was also used against the UK website of Electronic Arts.

However, it is worth noting that because such attacks aim to expose a large number of people quickly, it can be a very efficient way to leverage just one or two exploits.

And because Java is widely used in internet browsers, not only does it make it an easy target for attacks, it also means that when carried out through compromised websites, users may not easily be aware they are being targeted.

Java most resposible for Windows hacking

Par Bruno le vendredi 3 juin 2011, 10:56

Vulnerabilities in the Java software platform are the main cause of infections to Windows PC, causing 70% of recorded incidents.

That’s according to Microsoft after collating data from their Windows Safety Scanner, a free anti-malware tool the company provides.

It follows a wave of malware targeting exploits in Java which was discovered last year, as increased security in Windows 7 means that malware developers are looking increasingly to third party software as delivery methods for infecting user machines.

Until recently, Adobe had been a main target, especially via Flash. Now it appears Java is the current main focus, due to the ease by which malware websites can use Java exploits to inject malicious code into PC’s.

This is precisely the sort of attack Techwatch experienced recently, when an iframe was inserted into the site template linking to a malware delivery site. This malware tried to install itself on user machines via Java.

The same attack was also used against the UK website of Electronic Arts.

However, it is worth noting that because such attacks aim to expose a large number of people quickly, it can be a very efficient way to leverage just one or two exploits.

And because Java is widely used in internet browsers, not only does it make it an easy target for attacks, it also means that when carried out through compromised websites, users may not easily be aware they are being targeted.