Friday, November 6, 2015

They pay $6.000 to stop bombing them and… they keep bombing them

The encrypted and free mail service ProtonMail has been, during two days, under a strong attack of service display denial. According to ProtonMail, “advised by third people” decided to surrender to the blackmail by the attackers and paid what they want. But it was useless. We'll talk today, as well, last day of the weekend, about a million of wifi devices saying “hack me”, from an important fine imposed to an American cable supplier and the polemic declarations by Linus Torvalds which are being the gossip of the hacker community.

ProtonMail is a server based in Switzerland which offers encrypted and free mailing to half million people. According to their blog, they have suffered attacks from government pressure lobbies but they hadn't live yet a “real one”: a DDoS which exceeded the 100 Gigabytes per second and affected all the infrastructure of their services provider. The attack began on November the 3rd. The attackers asked for 15 bitcoins in exchange of stopping the attacks and, bad advised, they decided to pay. It was useless. Now it seems to have forwarded and ProtonMail asks via crowdfunding for money to improve its security against DDoS.

New bug in Ubiquiti

Another  ill-advised company, because isn’t understandable that their devices had so serious holes, is Ubiquiti Networks. A few months ago we knew that their wifi devices have activated by default the possibility of remote administration. The failure was never fixed, maybe because it was difficult to attack it, but now another failure makes it easier: researchers have discovered that many Ubiquiti devices use the same encryption passwords. So, just find a certification to locate the hundred of thousand of devices which use the same.

Fine for data robbery

Some day the companies will pay for these mistakes. And, if not, ask the American cable company Cox Communications, to whom the Federal Commission has imposed a fine of almost 600.000 dollars after the Lizard Squad group entered in their systems and stole private data from their customers: names, addresses, information for passwords recovery and part of the Social Security numbers and drive licenses of at least 61 people. Lizard Squad changed the passwords from 28 people and published information of 6 of them in the social networks.

Linus talks

And we finish with a text to read calmly, a long but very interesting article where there are collected controversial declarations by Linus Torvals, the father of GNU/Linux, who, between other things, calls “crazies” and “masturbating monkeys” to the cyber security experts who ask for more seriousness in this field to the operative system. Torvalds answer them that “if you run a nuclear plant which could kill millions of people, don’t connect it to Internet”. It looks simple.

We finish wishing a good weekend to the people who trust in us day by day to be informed and we recommend them the interview that we’ll publish this Sunday with the popular Canary security expert, Deepak Daswani.


Post a Comment