network-security
Latest
Suspected LulzSec member arrested
Shhh. You hear that? It sounds like laughter. Lulzing, in fact. Could it be Ryan Cleary's future cellmate? Who's Ryan Cleary, you say? According to a news blurb at PC Gamer, he's the 19-year old chap recently taken into custody by the FBI and Scotland Yard and accused of spear-heading the LulzSec-sponsored DDoS attacks against EVE Online, Nintendo, the United States Senate, and the Central Intelligence Agency, to name a few. Cleary is rumored to be a former member of Anonymous, and a Scotland Yard spokesperson says that the arrest was the result of an extensive and ongoing probe into the rash of cyber-crimes perpetuated over the last several months. "The arrest follows an investigation into network intrusions and distributed denial of service attacks against a number of international business and intelligence agencies by what is believed to be the same hacking group," PC Gamer reports. Remaining LulzSec luminaries are seemingly unconcerned, if a message posted to the group's Twitter account earlier today is any indication. "Seems the glorious leader of LulzSec got arrested, it's all over now... wait... we're all still here," the message said.
RSA SecureID hackers may have accessed Lockheed Martin trade secrets, cafeteria menus (update: no data compromised)
RSA SecureID dongles add a layer of protection to everything from office pilates class schedules to corporate email accounts, with banks, tech companies, and even U.S. defense contractors using hardware security tokens to protect their networks. Following a breach at RSA in March, however, the company urged clients to boost other security methods, such as passwords and PIN codes, theoretically protecting networks from hackers that may have gained the ability to duplicate those critical SecureIDs. Now, Lockheed Martin is claiming that its network has come under attack, prompting RSA to issue 90,000 replacement tokens to Lockheed employees. The DoD contractor isn't detailing what data hackers may have accessed, but a SecureID bypass should clearly be taken very seriously, especially when that little keychain dongle is helping to protect our national security. If last month's Sony breach didn't already convince you to beef up your own computer security, now might be a good time to swap in 'Pa55werD1' for the rather pathetic 'password' you've been using to protect your own company's trade secrets for the last decade. [Thanks to everyone who sent this in] Update: According to Reuters, Lockheed Martin sent out a statement to clarify that it promptly took action to thwart the attack one week ago, and consequently "no customer, program or employee personal data has been compromised." Phew! [Thanks, JD]
SOE releases further breach details, 24.6 million accounts compromised
There's an old adage that things are always darkest just before the dawn, and right now the folks at Sony Online Entertainment -- as well as millions of customers -- are enduring another round of grim news. The San Diego-based MMORPG publisher has just announced that approximately 24.6 million accounts may have been stolen, in addition to the 12,700 credit or debit card thefts reported yesterday. A new SOE press release reports that personal information including names, addresses, email addresses, login names, and hashed passwords has been illegally obtained by hackers. Another 10,700 direct debit records were pilfered from accounts in Austria, Germany, Netherlands, and Spain, including bank account numbers and the information mentioned above. SOE plans to compensate consumers with 30 days of free subscription time as well as an additional day for each day its systems are down. The company will also provide "a complimentary offering to assist users in enrolling in identity theft protection services and/or similar programs."
