breach

2 Articles

This Week In Security: Facebook Hacked Your Email, Cyber On The Power Grid, And A Nasty Zero-day

May 1, 2019 by 33 Comments

Ah, Facebook. Only you could mess up email verification this badly, and still get a million people to hand over their email address passwords. Yes, you read that right, Facebook’s email verification scheme was to ask users for their email address and email account password. During the verification, Facebook automatically downloaded the account’s contact list, with no warning and no way to opt out.

The amount of terrible here is mind-boggling, but perhaps we need a new security rule-of-thumb for these kind of situations. Don’t ever give an online service the password to a different service. In order to make use of a password in this case, it’s necessary to handle it in plain-text. It’s not certain how long Facebook stored these passwords, but they also recently disclosed that they have been storing millions of Facebook and Instagram passwords in plain-text internally.

This isn’t the first time Facebook has been called out for serious privacy shenanigans, either: In early 2018 it was revealed that the Facebook Android app had been uploading phone call records without informing users. Mark Zuckerberg has recently outlined his plan to give Facebook a new focus on privacy. Time will tell whether any real change will occur.

Cyber Can Mean Anything

Have you noticed that “cyber” has become a meaningless buzz-word, particularly when used by the usual suspects? The Department of Energy released a report that contained a vague but interesting sounding description of an event: “Cyber event that causes interruptions of electrical system operations.” This was noticed by news outlets, and people have been speculating ever since. What is frustrating about this is the wide range of meaning covered by the term “cyber event”. Was it an actual attack? Was Trinity shutting down the power stations, or did an intern trip over a power cord?
Continue reading “This Week In Security: Facebook Hacked Your Email, Cyber On The Power Grid, And A Nasty Zero-day”

Playstation Network Breached, No End To Downtime In Sight

April 27, 2011 by 103 Comments

psn_logo

If you are not a gamer, or simply a casual player, you may not have heard about the recent breach of Sony’s Playstation Network. In short, the network was infiltrated on April 17th, and the service was completely shut down on the 19th as a precautionary measure. Now, more than a week later services have yet to be restored, but Sony is finally starting to talk a bit more about what happened.

At this point, nobody knows the total extent of the data stolen, but stories are emerging that indicate just about everything that could be accessed was accessed. Sony admits that information such as names, addresses, passwords, and security questions have all been accessed by an unauthorized third party. They have also not completely ruled out the possibility that credit card data has been stolen as well.

It seems the situation has turned from a mere inconvenience to PSN users into a full-blown security and PR nightmare. After a breach like this with so many questions left unanswered, and the gaming network rendered completely useless, we have to ask:

When everything is “fixed” and back to normal, what could Sony possibly do to regain your trust?