Worst security snafus of 2012

By , Network World |  Security

" Twitter sent notices of an attempted hijacking to China-based foreign journalist and analysts just hours before apologizing for resetting the passwords of more users than necessary in a recent break-in of accounts. Twitter provided no details on the hacking but some, including Voice of America, speculated it may have been a censorship crackdown associated with China's Communist Party.

" Until it made changes that were needed to fix the problem, Skype temporarily disabled the account password reset option on its website after reports surfaced that this feature can be abuse to hijack Skype accounts if the attackers know the email addresses associated with them.

" NASA disclosed how a stolen laptop taken Oct. 31 from a locked car contained "personally identifiable information" on a large number of NASA employees. Although password-protected, the laptop didn't have whole-disk encryption, according to the email to NASA employees from Associate Deputy Administrator Richard Keegan, who gave orders to ramp up disk encryption at once.

" The hactivist collective Anonymous inserted its own online firepower into the raging battle between Hamas in Gaza and Israel, which traded rocket bombardments for several days prior to a cease fire. Coming out on the side of what it said were the "innocent people of Gaza," Anonymous started its so-called "Operation Israel" campaign by organizing attacks on Israel Defense Forces, the Prime Minister's Office, Israeli banks, airlines, media outlets and security companies.

" Hackers compromised two servers used by the FreeBSD Project to build third-party software packages, and the project's team warned that anyone who has installed such packages since Sept. 19 should completely reinstall their machines.

" E-commerce giant eBay fixed two vulnerabilities in its U.S. website, a critical SQL injection hole that gave potential attackers unauthorized read and write access to one of the company's databases, and a cross-site scripting vulnerability that could have been exploited to steal other eBay users' access credentials.

" Criminals managed to hack the DNS records of an unknown number of GoDaddy-hosted websites, inserting ransomware and hacking the DNS records of the site. GoDaddy said its own DNS management systems were not compromised and said the attacks were likely caused by phishing attacks on the victims or other exploits and recommended U.S. and Canada-based customers "enable 2-Step Authentication to help protect their accounts."

Originally published on Network World |  Click here to read the original story.
Join us:






Answers - Powered by ITworld

Ask a Question