During the second week of March 2012, a Dell Vostro notebook, used by
Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action
Team and New York FBI Office Evidence Response Team was breached using the
AtomicReferenceArray vulnerability on Java, during the shell session some files
were downloaded from his Desktop folder one of them with the name of
"NCFTA_iOS_devices_intel.csv" turned to be a list of 12,367,232 Apple iOS
devices including Unique Device Identifiers (UDID), user names, name of device,
type of device, Apple Push Notification Service tokens, zipcodes, cellphone
numbers, addresses, etc. the personal details fields referring to people
appears many times empty leaving the whole list incompleted on many parts. no
other file on the same folder makes mention about this list or its purpose. Proving not to be anti-social, the hackers removed the personal information before distributing their version of the list, because they merely wanted to let people know that the government was collecting data. Today, the FBI released a statement denying any knowledge of the theft, an action that AntiSec predicted would happen. Who do you believe? This story segues in the fourth story today. AntiSec used a well-known Java security hole to access the FBI laptop; in fact, there are several well-known security holes in Java and several well-known programs that use these security holes to access and/or control people's computers. Let's be honest, Oracle has been battling security holes for a long time. Last year, they released a patch that fixed 21 security holes, that would be almost two dozen; a behavior that they repeated last week to fix day 0 security holes with Java 7. You can read the current story of this saga at ZDNet, but security experts are advised people to disable Java in their web browsers. The last story is either funnier or scarier, it depends on how much pancakes mean to you. Last week, the Federation of Quebec Maple Syrup Producers (FQMSP) announced that over 5,000 tons of maple syrup have been stolen from their warehouses. The FQMSP fears that the thief or thieves took the syrup to sell, because the U.S. maple syrup industry had a bad year. Holey syrup, Batman! What a sticky situation! That's all for now. Have a great weekend, and I'll be back on Monday with a post about a Chrome extension that makes password management easy.
Comments