WordPress 3.1 Released
WordPress “Reinhardt” 3.1 has been released, with the bulk of changes focused on the admin interface and functionality. Key improvements include:
- A redesigned linking workflow
- A funky new admin bar (hopefully it’ll be possible to customize this one)
- A streamlined writing interface
I particularly like the new linking functionality, which simplifies linking to internal posts and pages on your site (screenshot below). No more having to find that page, and copy/paste the URL!
I was a bit apprehensive about updating, as it’s quite easy for plugins to break, and there’s no easy way to see the compatibility status of your plugins. If anyone feels up to it, I’d like to see a plugin that allows you to quickly check the compatibility status of all your installed plugins with regard to the next available version. That said, I updated, and it went flawlessly.
Other than that, this update does not have a significant impact in terms of security apart from the usual bug fixes.
HBGary: Security Firm Investigating ‘Anonymous’ Hacked and Exposed
“Do not meddle in the affairs of hackers, for they are subtle and quick to anger.”
Following last week’s hacking of shamed LIGATT CEO Gregory D Evans, this week it was the turn of security firm HBGary to get exposed. HBGary have been aiding the FBI with their investigations into members of Anonymous. Although Anonymous isn’t a centralised ‘group’, their recent DDoS attacks and hacks of oppressive governments and anti-wikileaks organisations (including PayPal, MasterCard and VISA), have made them a target of the US Federal Government.
HBGary were allegedly preparing to hand over information about certain members of Anonymous to the FBI, who have already made several arrests in the US and UK, and obtained over 40 search warrants in an attempt to shut down Anonymous (probably not possible imo). Angered by CEO Aaron Barr and HBGary’s involvement in FBI investigations, members of Anonymous compromised a number of HBGary servers, defacing their website, gaining access to CEO Aaron Barr’s Twitter account, and obtaining a large number of emails. In what seems to be the popular punishment at the moment, over 50,000 corporate emails were released in a torrent. Anonymous also stated, on one of their many Twitter accounts, that the source code of HBGary’s security products was also obtained – although these don’t appear to have been released (yet?).
“You’ve angered the hive, and now you are being stung.”
Anonymous posted a message to HBGary on their defaced website, where they mock the firm for their lack of security and the unsubstantial ‘public’ information that was going to be handed sold to the FBI.
Hit the jump for Anonymous’ full message.
Ars Technica has a good review of how this all went down, and a step-by-step account of how the hack was possible.
[Update] Aaron Barr steps down as CEO of HBGary Federal
The Importance of Freedom
After re-watching V for Vendetta which, on a side-note, is an excellent movie, I was struck by how topical the story was with regards to events of the past few months, from Wikileaks’ Cablegate to the ongoing Egyptian Revolution. This inspired me to throw together the image above.
Although the message is probably painfully clear to the Egyptian people, it is important that we, in the so-called ‘developed’ world, not forget that the unchallenged erosion of civil liberties, and other freedoms that we take for granted, could rapidly make this message ring true for us as well.
LIGATT CEO Gregory D Evans Hacked and Exposed
It appears that the website (rm’d), email and Twitter account of the much disliked LIGATT CEO Gregory D Evans have been hacked, and 84,668 of his emails have been leaked in a 4.15GB torrent. Evans, self-declared “World’s Number 1 Hacker” and also a convicted felon, is frequently outed by many in the security industry for his use of plagiarism, fraud and unethical practices. This leak is probably due to his consistent harassment of security professionals who have been vocal about exposing his activities. A full and descriptive profile of Evans is available at SecurityErrata.org (mirrored here).
Messages were posted on Evans’ hacked Twitter account (above), pointing to a Pastebin (since removed). Here is an excerpt:
Do not meddle in the affairs of hackers, for they are subtle and quick to anger.
When one thinks of frauds in the infosec community, most people are quick to point to Gregory D Evans of LIGATT Security[...]
He’s gone after people at their home to intimidate them and their family. He’s gone after them at their work to discredit them with their employer. And as everyone knows, he recklessly sues anyone who speaks negatively of him on the internet[...]
Enough is enough. He must be stopped by any means necessary. To that end, at the end of this message is a torrent of the inbox of [email protected]
The end of the message contained a link to another pastebin (also removed), which was a Base64-encoded torrent file. The password for the archive in the torrent, as posted on his Twitter feed, is “DoomedCharlatan”. Ligattleaks (now offline), a site dedicated to leaking information about Gregory Evans’ activity (although they say they were not involved in this particular leak), have announced that they will be trawling the emails for evidence of fraud and unethical behaviour.
[Updated] Ligattleaks is back online offline online offline, for good it seems. Another security firm (HBGary) hacked and exposed for investigating Anonymous.
[Update 15/2/2011] CBS Atlanta had a news segment about LIGATT and Gregory Evans entitled “Hacker or Hoax”. LIGATT responds to CBS Atlanta. This post debunks LIGATT’s response.
When one thinks of frauds in the infosec community, most people are When one thinks of frauds in the infosec community, most people are quick to point to Gregory D Evans of LIGATT Security.quick to point to Gregory D Evans of LIGATT Security.
Egyptian Government Fighting Protesters, Shuts Down Internet
The biggest news story of this week will most probably be the recent protests currently taking place in Egypt, where the people are fighting to oust existing President Mubarak, and have the right to vote. The current Egyptian government has essentially had dictatorial powers since 1981. Since then Egypt has had a few uprisings, each quashed with the use of force by the government. The latest protests have been sparked by the Tunisian uprising that resulted in the successful ousting of President Ben Ali.
Since the start of the current protests on 25 January 2011, the government has brought in riot police, armored trucks, tear gas, and even called in the counter-terrorism unit. The government announced that all protesters would be immediately arrested, and several protesters and one police office have already been killed. The Associated Press have footage of a protester being shot down by a police sniper.
As the Internet has been the primary form of communication for protesters, Egypt has seen most popular social networking sites including Facebook and Twitter, blocked. As of this post, the Egyptian government has apparently been able to largely shut down Internet access for the entire country (apart from one network). A large number of messages are still reaching Twitter, presumably by proxy, as well as videos being posted on YouTube. Some Egyptians who manage to get online have been using Tor to get around the ISP censorship, and people are currently being urged to run Tor Exit Nodes to help out.
On Friday 28th of January, there is expected to be an even larger protest after noon prayers, and there are rumors that the government will be shutting down all landlines, mobiles and the Internet in an attempt to quell organization, as well as calling in further reinforcements. The question is being asked whether this could be the final Revolution.
[Update 11/02/2011] Mubarak removed as president by the military. Congratulations to all Egyptians for persevering in you fight for freedom. You deserve it.
[Updated] Live Al Jazeera coverage of the Egypt protests, and a full timeline of events. Definitely check out the great video below:
<br />
Pic of the Week: Assange vs Zuckerberg
Stumbled across this picture this week, and although it’s quoting Bill Hader playing as Julian Assange in the Saturday Night Live skit below, I feel the message still makes a point. It’s probably worth reminding people that Assange was voted for Person of the Year by the readers of TIME magazine. In that same vote Zuckerberg came in at a lagging 10th place. I know… how Zuckerberg got it confused me too.
[Update] Here’s an Assange/Zuckerberg mashup picture of the quote above:
Apple Hires Former Navy/NSA Expert as Head of Information Security
Apple has reportedly hired former Navy and NSA expert, David Rice, as the company’s global head of information security. Rice is the author of Geekonomics (2007) about the danger posed to US infrastructure by unpatched vulnerabilities. It’s rumored that Rice has been tapped to help Apple push further into the enterprise market (particularly iPhones and iPads), where security is becoming an increasing concern. Although Apple hasn’t formally commented on this position, Rice is expected to start work in March.
Sources: AllthingsD, Electronista
Pic of the Week: Real-World Penetration Testing
Can’t remember where I found this image, but it’s an amusing hyperbole of the sometimes limited or frustrating nature of penetration testing. Anyone who’s done pen testing/ethical hacking as a job will be able to appreciate the various points along the graph.
To the unknown author of this image: we feel your pain. ;)
There just one thing… I get M, T, W and F along the X-axis… wtf’s R ??
Banking Whistleblower Rudolf Elmer Hands Tax Information to Wikileaks
Swiss ex-banker, Rudolf Elmer, has handed over financial information on 2,000 individuals (including 60 politicians) to Wikileaks. Elmer is himself on trial for previous leaks to Julian Assange’s group and breaking notoriously strict Swiss banking privacy laws. The information, stored on two CDs, was handed over to Julian Assange in a public press conference. The discs supposedly contain evidence of tax evasion that will be reviewed by Wikileaks, with plans to disclose parts of it publicly, and to relevant authorities.
Assange said that it will be at least two weeks before any of the information can be reviewed and released. Are you a rich tax evader? Ready… set… sweat!
Loading ...
