Archive for the ‘Ondrej Krehel’ Category

By Ondrej Krehel,

Ever take a long awaited vacation and sit down to order your first Mai Tai, only to find your credit card has been locked? Ever felt excited to make a major online purchase—plasma and 3D!—only to find it didn’t go through?

Inconvenient? Sure, but these measures are protections credit card companies put in place based on your spending profile.
(more…)

 

 

Intellectual property theft isn’t new. But hacker attacks on companies and governments used to be hush-hush, coming to light only years after the fact.

Now, it seems they’re making headlines on a weekly basis. This year alone we’ve read about hacker attacks on a number of governments and corporations.

Read more about cyber war , in Ondrej Krehel’s latest article “Digital Espionage in the 21st Century.” (more…)

By Ondrej Krehel,

What has been done will be done again, the old saying goes. There is nothing new under the sun.

That applies to a RankMyHack.com, a new website that has turned hacking into a game of sorts. Hackers submit details of their latest attacks so that members can award points for their complexity or difficulty. The main page is a simple leaderboard of registered members and their point totals. More than 700 members have joined the site since it opened in July, according to The New York Times.

(more…)

By Ondrej Krehel,

News of Osama bin Laden’s death wasn’t a day old before hackers moved in.

They flooded social networking sites like Facebook with spam—links that promised images of the al-Qaeda leader but that led to corrupted Flash plug-ins that disrupted Google search results.

This week’s 10th anniversary of the 9/11 attacks  will be no different. The Department of Homeland Security to be on the lookout for email scams related to Hurricane Irene and 9/11. Already, there have been reports of a commemorative 9/11 coin scam.

(more…)

By Ondrej Krehel,

Turns out Yale has more than a few Skull and Bones in the closet.

The Ivy League school fell prey to Google hacking, also known as Google dorking, when cybercriminals use Google search functions to access data on the Internet. USA Today’s Bryon Acohido has a on the topic.

(more…)

By Ondrej Krehel,

A forensic research firm recently . The team decrypted the encryption algorithm used on Apple’s iPhone iOS 4 operating system.

This means that sensitive user data—information about how, when and where the phone was used—can be lifted off the device or an iTunes copy of the phone’s backup. Previously such information was used by Apple and Apple alone.

The researchers at have said they’ll make “Phone Password Breaker” available to “established law enforcement, forensic and intelligence agencies as well as select government organizations” to make sure they don’t “fall into the wrong hands.” But we all know that if it can be done, it’s only a matter of time before the black hats figure out how to do it.

(more…)

By Ondrej Krehel,

There are more than 200 million iPhones and iPads out there in consumer land. Most of them are connected to a Mac or PC via iTunes, Apple’s popular music player and file sync program.

Every time the phone or tablet is connected, by USB, to the host computer, iTunes can automatically sync your selected music, documents, photos and contacts. There’s no prompt when you download Lady Gaga’a new album and add it to a playlist that’s on your phone. The music simply shows up on your device after a short background sync.

But what about when you use multiple computers for multiple devices? What about those pesky wires? This is what Apple’s trying to work around with its recently announced iCloud service.

(more…)

By Ondrej Krehel,

As our smartphones have become our wallets and personal computers, holding everything from banking to social network information, they’ve become targets for hackers, scammers and criminals. Our phones hold a treasure trove of data—and the bad guys know it.

A screen lock is no longer enough.

Dream Droid, a botnet-type of malware program, recently . It got its name because the malware activated at night, affecting users while they were asleep. Originally it was thought that 21 apps were infected, but an independent security firm found an additional 30 apps. Google flipped its famous kill switch—a scary, but seemingly necessary, piece of code that accesses phones without users’ permission and deletes the offending software. About 260,000 Android users were hit. The phone’s IMEI identifier numbers were stolen, but no other personal user information was breached.

(more…)

By Ondrej Krehel, Identity Theft 911

When I tell people I work in forensics they always mention CSI: Geeks in white lab coats standing over test tubes of blood, or slides of hair, running computer programs with GUIs that look more like Avatar than Windows 7, Ubuntu, or Mac OS.

Then I explain that it’s digital forensics—that I collect information in computer chips instead of tissue samples—and they get that look like I just let them down. OK, hard drives aren’t as cool as hand gun ballistics, I get that, but the process of data collection and case-building is remarkably similar whether the subject matter is Western Digital or Smith and Wesson.

Recently I wrote an , a leading network forensic website, on open source toolkits for analysts. These are computer programs that help me do my job. As I mention in the article, it’s important to plan for digital-evidence-gathering when building security systems. In hundreds of cases, network forensics has stood up to legal scrutiny as primary evidence and has put more than one black hat in jail.

(more…)

By Ondrej Krehel, Identity Theft 911

There’s been a lot of commentary and gotcha-style journalism surrounding the Sony data breach, but not much constructive criticism.

Yes, the breach could have easily been prevented. Had Sony enabled fairly standard firewall technology and kept its systems up-to-date with the latest patches, none of this most likely would have happened.

Since most of us have enabled firewalls on our personal computers and are aware of the risks if we don’t, Sony’s mistake immediately smacks of foolishness. But setting up protection for a network of 100 million users is a little different than protecting the Mac in your living room.
(more…)