Compromised Google, Facebook, Twitter Password is the Least of your Problems

American news media and blog sites have been flooded with warnings from cyber do-gooders for everyone to change their Google, Facebook, Yahoo and Twitter passwords after more than 2 million accounts have been compromised.

But if your system was one that was compromised, changing your password is the least of your worries.

Trustwave Spiderlabs announced on Tuesday that a Russian Pony Botnet server has been identified that had stolen credentials for about 2 million accounts. But this isn’t that big of a deal to Americans as of these, the mass majority were from systems in the Netherlands:

Only a tenth of a percent of systems affected were in America, for a grand total of 1,943 accounts!

And boys and girls, this is a Russian botnet server, which means that if your account is one that has been compromised by the botnet, guess what?

Your machine is most likely still infected with a keylogging, account stealing Trojan!

You may want to scan it for viruses and get that botnet client off your system!

This is not the only Pony Botnet Server out there either. In June SpiderLabs found a smaller one that had 650,000 credentials on it.

And while we are talking passwords, unbelievably, it looks like people are still using simple passwords on their social media accounts.

Here are a list of the top 10 passwords used according to SpiderLabs Analysis:

The number one password used was “123456”…

Crazy…

Android Patch Fixes Two File Vulnerability Attacks

Android Vulnerability

Google has released a security update that patches two separate vulnerabilities that could modify apps without changing their digital signature. Thus malicious apps could be installed without triggering a warning.

The first was discovered in February of this year by BlueBox Security. They found that if you took two application install files, one legitimate and one hacked – but using the exact same file name, you could get Android to install the hacked one.

When the resulting zipped APK file is processed and installed, Android would correctly check the digital signature on the first file to verify it’s legitimacy, but would actually install the second file!

According to BlueBox, 99% of Andoid devices are vulnerable to this attack. Sophos has a great step by step write up on it here, or if you are at Black Hat USA 2013 later this month be sure to check out Jeff Forristal’s talk, “Android: one root to own them all

The second vulnerability was published last week on a Chinese website called the ‘Android Security Squad Blog‘ (Google Translation). According to the site, the signature verification process can be attacked by modifying file headers.

Apparently malicious code can be added into the file headers, which at the time of the post’s writing was not checked by the Android’s signature verification process.

Both vulnerabilities have since been patched by Google. But the problem is how long will it take device manufacturer’s to implement the changes and push them out to end user devices? Of concern too is older devices that are no longer being updated.

According to The Verge, Google has made changes to the Google Play store updating mechanism to help prevent attacks like this from happening, and Sophos recommends using an Android Anti-virus program to protect against the vulnerability.

Google, like Anonymous, Joins Fight against Israel

Google Palestine

Those who don’t know history are destined to repeat it.” – Edmund Burke (1729-1797)

Since its inception again as a nation, Israel has been in a battle to have the right to do just one thing, exist. In this battle for legitimacy as a nation it has faced invasions from Muslim countries and constant rocket attacks by militant Islamic groups. Now it would seem that search engine giant Google has entered the fight against Israel.

Since Israel’s re-creation in 1948, they have been in a constant battle to simply survive. Not only have they faced unending physical threats, but waves of online attacks too. Militant groups have joined in with Hacktivists groups like Anonymous to put constant pressure on Israel’s online presence. Last month Israeli systems were hammered in a co-ordinated denial of service attack called #OpIsrael.

Many of these groups believe that they are helping the Islamic Palestinian people gain their freedom to form a state called “Palestine”. They believe (falsely) that creating a “Two State Solution” will bring peace to the Middle East and protect the Palestinians from “Israeli aggression”.

FOLLOW THE LEADER

Just this week, Google jumped into the political arena on the Palestinian’s side by changing their “Google Palestinian Territories” site to simply say Google Palestine. A small name change, that has very large political repercussions.

In this case, we are following the lead of the UN, Icann [Internet Corporation for Assigned Names and Numbers], ISO [International Organisation for Standardisation] and other international organisations,” Google Spokesman Nathan Tyler, told the BBC.

Well beyond just “following the lead of the UN“, the move was a direct blow to Israel and it’s right to exist peacefully. Google also decided to side against their home nation as the UN recognizes Palestine as a state, but the US does not.

As you will see recognizing Palestine as a state, and the whole creation of a “Two State Solution” will not bring peace to the Middle East.

As it has been done before, and it failed…

THE BRITISH MANDATE

After WWI it was agreed that the British Mandate Palestine, land that Britain took control of from turkey, would be divided into two countries. At first Israel was to be given the entire land (reminiscent of the land promised to Israel by God in Genesis 15:18-21) but after strong Islamic objection, it was agreed between Islamic authorities and Britain that a two state solution would bring peace to the Middle East.

Jewish Palestinians would be given a small section of land (which would be eventually be called Israel) and the Muslim Palestinians were given a very large section of land called Trans-Jordan.

IsraelAndTransjordan

ISLAMIC NAZI SS TROOPS

Not all of the Muslim leaders fell in line with this decision. Radical Islamic leaders believed that Israel should not exist and began resisting the change. By the time WWII came around some of these leaders joined in with Germany to place Muslim troops in Nazi SS divisions.

Amin al Husseini bei bosnischen SS-Freiwilligen

After WWII members of these Islamic Nazi troops banned together to form many of the radical Islamic groups which still fight the legitimacy of Israel to exist.

PALESTINE AS A LAUNCHING POINT FOR TERROR

Radical Islamic fighters swarm into these “disputed Palestinian territories” to continue the fight against Israel by constantly firing mortars and rockets into their cities. According to Wikipedia, “as of November 2012, over 2,256 rockets had been launched at Israel from Gaza since January 2012.”

CONCLUSION

Google has decided to use it’s clout to support the creation of a Palestinian state.

As you can see, Google’s choice to side politically with the UN, along with Anonymous and radical Islamic groups, is a huge blow to both peace in the Middle East and Israel’s daily fight to simply survive.

Update 5/5

Okay, now I understand a little bit better, Google has business interests in Palestine:

“Palestinians have such a unique position,” says Gisel Kordestani, Google’s director of new business development. “They’re well educated. They have strong English-language skills. With 88 million people in the [Middle East and North African] region getting online, they have the opportunity to build something for the Arab world.”

Google stands to benefit from whatever is built. Currently less than 1% of the searchable content online is in Arabic. If it grows, Google can sell ads against the new content.

Google Taps Palestine For New Business Development

As they say, follow the money…

Big Brother, Google and Drones – Could Drone Strikes be coming to a Neighborhood near You?

Map_of_Drone_Flights_over_US
Map of Domestic Drone Authorizations in US from the EFF

We have more ways to connect to the internet than ever before. People are sharing information and thoughts on social media sites at a skyrocketing pace. And Governments all around the world want access to it. Now the Obama administration wants the option to perform drone strikes in the US.

The question is, though as far fetched as it once may have been seen, could Googling or tweeting the wrong information lead to a drone strike?

The thought that Big Brother is watching you is no longer a myth held by 40 year old’s wearing tin foil hats and living in their parents basement. Countries the world over have moved to block, filter or try to gain access to their citizen’s internet use. And the US is no exception.

Just this week, Google released information stating that the FBI is “secretly spying” on some of it’s users. Well, kind of. Though they could not give out the exact number of times the FBI requested information about their user’s Google use, for national security reasons, they could give out a range.

From 2009-2012 Google was asked to reveal information on 0-999 users on anywhere from 1,000-2,999 accounts.

Google NSL Requests

The range is on purpose, according to Richard Salgado, a Google legal director, “You’ll notice that we’re reporting numerical ranges rather than exact numbers. This is to address concerns raised by the FBI, Justice Department and other agencies that releasing exact numbers might reveal information about investigations. We plan to update these figures annually.”

(Google’s Policy on Government Data Requests can be found here)

And it is just not Google, multiple US government agencies want the ability to search your Social Media sites as well, as an FBI Request For Information states, to “quickly vet, identify and geo-locate breaking events, incidents and emerging threats.

This is obviously in an effort to crack down on terrorists that uses social media sites. But many are alarmed that this is an extension of warrantless wiretapping and an ever erosion of American privacy.

The problem does not stop there. This week, a letter from U.S. Attorney General Eric Holder stated that the US could use drone strikes on US soil against US citizens!

Well, under extraordinary circumstances of course:

The Obama administration believes it could technically use military force to kill an American on U.S. soil in an “extraordinary circumstance” but has “no intention of doing so.”

So who gets to decide that the situation is extraordinary?

And US citizens being executed without warning or trial sounds a bit, well, un-American. Sen. Rand Paul, R-Ky thought so too as he and a group of fellow Senators from both parties performed a 13 hour filibuster last night challenging the President’s authority to kill Americans with drones.

“My legs hurt. My feet hurt. Everything hurts right now,” Paul told Fox News shortly after stepping off the Senate floor, saying he believes “we did the best that we could.”

“I would be surprised if we didn’t hear back from the White House,” Paul said. 

So could an American be typing away on a social media site, safely in his suburban American home, and without warning be taken out by a drone strike?

One would have to think it is at least a possibility.

If the situation is extraordinary that is…