2015 SECURITY ROUNDUP
PUBLIC WI-FI NETWORKS REALLY ARE INSECURE – A PROOF OF CONCEPT: Swedish Pirate Party member sets up open (and insecure) wi-fi network at security/defence conference, collects reams of data from hundreds who connect to it.
INSURANCE COMPANY HACK – ANTHEM EDITION: Some 80 million records accessed.
KAPERSKY DETAILS EQUATION GROUP: Elite state-sponsored cybersnoops related to Stuxnet and Duqu teams profiled by security researchers.
INSURANCE COMPANY HACK – PREMERA EDITION: Medical and financial information for 11 million customers stolen.
WHITE HOUSE EMAIL HACK: Russian black-hats read (nonclassified) Presidential email.
BACKRONYM ATTACKS MYSQL: Defeats SSL protection on most widely used flavors of popular database.
NETNANNY PRACTICES POOR SECURITY HYGENE: Multiple profound flaws revealed in widely-used “family monitoring” software.
UBER PRACTICES REAL-TIME ENCRYPTION: As in, remotely accessing and encrypting their data during a raid by Canadian taxmen.
OPM – THE HACK KEEPS ON GIVING:
4 million 11 million 20 million current and former employees (and accredited journalists) compromised. (Bonus points: First round of victim notification only completed in December.)
GERMAN PARLIAMENT NETWORK COMPROMISED: Solution: complete shutdown and rebuild of entire network.
KASPERSKY HACK: In wake of Equation group expose, “Duqu 2.0” compromises security researcher’s own systems.
HACKING TEAM HACK: Well-known, generally reviled hackers-for-hire hoist on cyber-petard.
ICANN CREDENTIAL HACK: Master domain name organization has user profiles, email addresses and more compromised.
WHALING FOR DOLLARS: Ubiquiti wires $46 million and change to offshore accounts due to faked executive emails.
PENTAGON FOOD COURT HACK: Worker bank data compromised, nuclear codes and recipe database secure.
INSURANCE COMPANY HACK – BLUECROSS/BLUESHIELD EDITION: Records for 10 million customers compromised.
CIA DIRECTOR’s EMAIL HACKED: John Brennan’s AOL account compromised (repeatedly) by teenage hacker.
DELL PULLS SUPERFISH 2.0: Computer manufacturer pulls a Lenovo, slips bad SSL certificate onto multiple machines.
VTECH AND MATTEL MAKE VERY INSECURE TOYS: Hello Barbie and electronic toys made by VTech prove to have deeply troubling security flaws.
JUNIPER BACKDOOR WEDGED OPEN: Parties unknown find and exploit an existing, intentional security hole in Juniper devices.
As always, we appreciate your reading these words, and hope you have a terrific new year. And remember what we truly believe here at SSL.com – a safer internet is a better internet.