Security News

Sony Hack – FireEye Claims They Are Not At Fault… Sounds Phishy ;)

If you haven’t heard about the Sony hack (#SonyHack) you are most likely living under a rock.  Every news outlet under the sun has been reporting on the breach for just over a week now.  The data that has been leaked so far has experts estimating the damage has already exceeded $100 million dollars and in the midst of all of this, hacked e-mails between big shot producers and Sony Pictures execs have Hollywood tearing each other limb from limb.  In response to the attack, Sony has been working with the FBI and they have recruited premier incident response service Mandiant (Purchased by FireEye in January of this year). ArsTechnica recently published an article regarding Kevin Mandia’s (Head of Mandiant and founder) letter that basically states that Sony is blameless for the attack, that the attackers used “non-standard strategies”, and that the attack was unprecedented.  Coming from such a well-respected authority, it appears to be an attempt to eliminate or limit Sony’s liability on the matter, but statements like these don’t come without backlash… especially from the security community. Maybe this letter wasn’t to limit Sony’s liability, but instead, it was intended to protect the reputation of FireEye? Doesn’t Sound Right “Non-standard…

continue reading

2014 Rolls In Packing An Infosec Punch

This is just a brief post.  The holiday week has proven to been a bit hectic with time constraints and the surprising work load , but (as promised) I will be posting a new video within the next few days. On a side note… we are literally 3 days into 2014 and this is WTF is going on: The most notable security firm for their digital forensics and incident response, Mandiant, has been purchased for over a billion dollars by industry leader, FireEye.  A billion dollar acquisition?  Yeah… that’s right.  FireEye’s chairman, David DeWalt claims that he wants to create the strongest security company in the world.  Acquiring the notable talent of Mandiant into one of the industry’s most respected security providers; FireEye may have done just that. (Ref: http://www.reuters.com/article/2014/01/02/us-mandiant-fireeye-idUSBREA010W220140102) Photo messaging app SnapChat was hacked leaving over 4.6 million user accounts compromised by revealing the phone number attributed to a username.  Apparently the bug was reported months ago by security research group, GibsonSec.  The vulnerability was reported to be fixed by SnapChat in response to GibsonSec’s findings, but we all know how that turned out.  (Ref: http://www.huffingtonpost.com/2014/01/01/snapchat-leak_n_4528573.html) Finally… Everyone’s favorite Syrian hacking group, the SEA (Syrian Electronic Army) had their way…

continue reading