Snowden’s Hacker CV, Uplay Breach, and Serious Android Vulnerability
Last Thursday, US citizens celebrated our 4th of July, Independence Day holiday, which traditionally means that few workers came into the office on Friday. For that reason, I decided to hold onto last week’s InfoSec summary video until today. What better way to start the week than learning about the latest security news with a hot cup of joe.
In last week’s episode, I cover news of Snowden’s hacking credentials, the latest OS X update, a Ubisoft network breach, and a critical security vulnerability that affects 99% of Android users. For the details on those stories and more, watch our video below.
As an aside, I am taking a bit of time off at the end of the week, so I will either skip this Friday’s video, or post a short one on Monday.
(Episode Runtime: 7:21)
Direct YouTube Link: https://www.youtube.com/watch?v=DTjkmKKy-Gg
Episode References:
- Snowden/NSA/PRISM Updates
- Authorities think Snowden is on Morales’ plane – The Guardian
- Snowden’s resume shows hacking credentials– NY Times
- Many countries deny Snowden asylum – CNN
- UPDATE: Snowden now getting asylum options – USA Today
- Software Updates
- Ubisoft breach results in Uplay account leaks – The Register
- Bluebox Security Team warns of critical, industry-wide Android vulnerability – Bluebox
Extras:
- Microsoft talks about symbiotic malware – Threat Post
- New RAT affects Middle Eastern organizations – Threat Post
- Security flaw found in encrypted phone call library – Computer World
- Story about NSA sites being hacked was FAKE – Info World
- Using Wi-Fi for physical surveillance – Help Net Security
— Corey Nachreiner, CISSP (@SecAdept)
Alexander Kushnarev (Rainbow Security) says
Compromise of UbiSoft Uplay accounts suddenly reminds me some important points of historical line of “game protection and hacking” from 198X till nowadays. If I’ll miss something – please, add it in next comments 🙂
1. Protection of starting game with keywords, printed on original booklets, provided with the game distributive (198X). Hacking – illegal copies of booklets (scans) and copies of game files.
2. Unique serial numbers to start game, printed on original floppy disks with the game distributive. Hacking – illegal copies (scans) of labels on floppies with serials and copies of game files (198X).
3. “Installing from CD, starting only from DC” concept (199X). Hacking – no-CD patches, make illegal images from CDs.
4. Unique serial numbers for game activation (each unique for each copy), printed on original CD disks with the game distributive, combined with copy protection drivers. Drivers should be installed from CD with a game (StarForce, for example – 199X and beginning of 200X). Hacking – keygens and no-CD patches, make illegal images.
5. Unique serial numbers for game activation (each unique for each copy). Activation should be done on developer’s servers on Internet (end of 200X, nowadays (20XX)). Hacking – patches to distributives, substitute of main executable module and DLLs with cracked etc.
6. Playing the game under personal credentials, and store statistics online on the online developer’s database (end of 200X, nowadays (20XX)). Hacking – stolen accounts of users from developer’s servers.
What next?