SiliconFilter

LulzSec Hackers Face a Leak of Their Own: Read the Group’s IRC Chatroom Logs

/

LulzSec, the hacker network that gained notoriety over the last few weeks thanks to leaking large databases of user names and passwords from a wide variety of sites and service, now faces a leak of its own. The Guardian received and published logs from LulzSec’s own private chatroom today that give us a bit more insight into how this group operates. Judging from these logs, LulzSec is apparently a group of about 6 to 8 hackers and not the massive network of security experts that LulzSec pretends to be.

(more…)



5:40 pm


Has Lulzsec Leaked Your Data Online? Here’s a Simple Tool to Check

/

Over the last few months, we witnessed the rise of a new hacker group that works under the name Lulzsec. So far, they have hacked into networks from organizations that range from Sony BMG to Nintendo, Pron.com and PBS. In doing so, they have retrieved thousands of names, passwords and other personal data from unsuspecting users. While most of these organizations then go on and sell this information on the black market, Lulzsec regularly releases all of the data it collects online (they are, after all, just doing it for the ‘lulz’). Now, a new tool helps you to find out if any of your own personal data was made public in one of these leaks.

The above widget allows you to just type in your email address and see if any of your data is available in one of Lulzsec’s releases. It’s hosted by cloud hosting company cloudControl, but the author apparently wants to remain anonymous. Our friends from The Next Web assure us that there is no email harvesting or other shenanigans involved here, though. Update: For those worried about this widget harvesting emails, I have confirmed the identity of the developer and it does indeed do what it promises to do. The group behind this tool wants to remain anonymous to ensure they don’t get hacked by Lulzsec themselves.

We can safely assume that Lulzsec hasn’t released all of the data it has amassed yet. Just today, the group released another file with more than 60,000 email addresses and passwords. Chances are that this is just the tip of the iceberg.

[via: The Next Web]

Enhanced by Zemanta


6:50 pm


Cyber Solutions: The Company That’s Spamming All Your Favorite Blogs

/

Have you seen these kinds of comments on a blog lately: “Wow, Thats kinda crazy when you think about it dude” or “Wow, this really does make a lot of sense dude. Wow.” Usually it’s followed by a link to a site like www.net-privacy.at.tc, www.anonymize.edu.tc or www.anon-tools.tk. Virtually every high profile tech site on the Internet that allows comments is currently full of messages like these. Of course, comment spam is nothing new, but these guys are not only targeting high-profile sites – their comments actually make it onto these sites with alarming regularity and most are never removed by the site owners.

Given how frequently these messages pop up these days, I decided to take a closer look at who is behind them.

Easily Wowed Commenters: WemiZemi, KemiPemi and YemiYomo

Usually, they are left by commenters with names like WemiZemi, who left no less than 17 spam comments on Mashable in the last few days, as well as 14 on TechCrunch and another 14 on Engadget. Similar spam comments also appear on ReadWriteWeb, Wired, WinRumors, Clicker.com, Robert Scoble’s blog and social media sites like Reddit and Digg. The name of the commenters changes every few days (last week it was KemiPemi and YemiYomo). Most of the comments are of the “That’s kinda crazy when you think about it dude” variety, but some are also clearly geared specifically towards the article the spammer is commenting on. Chances are then, that this isn’t just bot-driven spam.

WemiZemi

From an SEO perspective, these links probably don’t help much. Links in comments today are generally tagged with nofollow or just rendered as plain, unlinked text, so search engines simply ignore it.

So what’s the company behind all of this comment spam? All the link go to identical sites that advertise a product called “Ultimate Privacy.” The company behind this site – Cyber Solutions – promises a “complete privacy and anonymity solution,” including anonymous email, anonymous web surfing, private chat, secure file storage, anonymous blog posting and commenting, as well as anonymous snail mail. According to the site, the company’s business address is in Winter Haven, Florida (in a strip mall right across from a Wal-Mart).

Subscriptions to this “service” start at $24 for 3 months up to $58 for a lifetime membership. Depending on which version of the site you arrived at, the lifetime membership is either there to celebrate the 13th or 14th birthday of the site (the domain name was indeed registered in 1997 and Archive.org first indexed the site in 1998). Payments are handled by PayPal or through the site’s own credit card form.

SPAM! [don't buy]

Image by داود via Flickr

While the spam sites are usually registered to .tc or .tk addresses, the sites sooner or later load content from www.ultimate-anonymity.com (a site registered in São Paulo, Brazil) – including the checkout page. Besides comment spam, the company’s representatives also like to post what I can only assume are fake reviews of their own product.

Who is Doing the Spamming? Probably not Resellers

In the past, Cyber Solutions has argued that it’s the company’s resellers that are involved in spamming. It’s possible that this was the case in the past. Today, however, I can’t find any referral links in their URLs, so it’s hard to imagine that the company – which doesn’t even seem to have an affiliate program – isn’t involved in spamming all of these blogs itself.

But What About Their Awesome Privacy Product?

Wonder if the site is legit? I couldn’t quite get myself to pull out my credit card and sign up, but here are a few things that make me distrust their product: The testimonials on the site, including ones from PC Today, the Electronic Frontier Foundation and the long defunct PC Computing magazine. Breaking news updates on the site are between one and three years old.

Complaints about the site and its comments spam are nothing new. Indeed, there is a whole blog just dedicated to tracking the works of Cyber Solutions/Ultimate Privacy. Quite a few of the complaints argue that the software Cyber Solutions offers is either old, doesn’t work or available for free elsewhere.

I contacted Cyber Solutions for a comment, but never heard back.

Say Hello to WemiZemi and Friends

So the next time you see WemiZemi and one of his friends spam your favorite blog’s comments, you can rest assured that this company has long established its credentials as a prolific comment spammer since the days of USENET – and then please go ahead and delete those comments.

Anon tools tk



8:45 am


Paper: Android's Graphical Passcodes are Insecure

/

Most Android phones allow users to protect their phones from unauthorized access by drawing a pattern on their device’s touchscreens. According to a team of researchers from the University of Pennsylvania, however, these graphical passwords are actually extremely easy to crack, as “oily residues, or smudges, on the touch screen surface, are one side effect of touches from which frequently used patterns such as a graphical password might be inferred.”

The team, which presented its findings during the Woot ’10 USENIX workshop in Washington, DC, found that by simply taking photographs of the screens with the right lightning and camera positions allows unauthorized users to guess a user’s security pattern.

If you think that just cleaning the screen regularly would prevent this, then think again. According to the researchers, “smudges are surprisingly persistent in time.” They found that “it is surprisingly difficult to incidentally obscure or delete smudges through wiping or pocketing the device.” In the team’s experiments, the pattern was partially identifiable 92% of the time and in 68% of cases, it was fully identifiable.

You can find the full paper here.



10:10 pm