Cyber criminals exploit Java vulnerability to hack Apple, Facebook, and Twitter – The Verge

Foreign hackers steal more than a terabyte of data per day in ongoing cyberwar

2013-02-27T11:08:01-05:00

via assets.sbnation.com

Two decades after computer security began generating billions by selling expertise and software designed to protect unwanted network intrusions, experts say those networks are more vulnerable than ever. Florida-based Internet security firm Team Cymru said in a report released today, shared exclusively with The Verge, that analysts there uncovered a massive overseas hacking operation that is making off with a terabyte of data per day. Some of the victims include military and academic facilities and a large search engine. The report doesn't identify who might be behind the attacks, but Team Cymru director Steve Santorelli conceded that, given …

Read the full story at The Verge.

After so many hacks, why won’t Java just go away?

2013-02-22T12:30:04-05:00

Java Duke by Project Kenai

If you've been paying any attention to the security breaches hitting Apple, Facebook, Twitter, NBC, and others these past few weeks, you've probably noticed a common culprit: our poor old pockmarked friend, Java.

As a web plugin, Oracle's aging code deployment platform has practically been a revolving door for widespread malware attacks recently, and for years the general consensus has often been that its risks have outgrown its usefulness. After spending a week Java-free back in 2010, PCMag's Larry Seltzer concluded that the Java platform as a whole "is pretty clearly a failure, and all that remains of it is a big fat attack surface on you …

Read the full story at The Verge.

Website allegedly behind hacks of Facebook, Apple, and Twitter says it’s ‘clean now’

2013-02-20T15:54:47-05:00

Facebook Security

The owner of iPhone developer website iPhoneDevSDK says his team has patched a security hole behind malware that infected employee computers at Facebook, making the developer site safe to visit again.

"It is clean now," said Ian Sefferman, iPhoneDevSDK's owner and operator, in an email to The Verge. Sefferman and his colleagues are still trying to figure out exactly what went wrong and how to keep their site and its 200,000 registered users secure from hackers in the future. Malware found on employee computers at Apple and Twitter also may have come from the site while it was compromised.

"It is clean now."

"In the short term, we've reset a …

Read the full story at The Verge.

Apple, Facebook, and Twitter hacks reportedly originated in Eastern Europe

2013-02-19T19:40:21-05:00

via assets.sbnation.com

The recent attacks on Apple's systems originated in Russia or Eastern Europe, and are linked to similar attacks on Facebook and Twitter, say new reports from Reuters and Bloomberg. The goal of the attacks is said to be company secrets and intellectual property to be sold on the black market, unlike the the state-sponsored attacks coming out of China, which have instead focused on government secrets and national infrastructure.

In all cases, employees' computers were compromised after accessing the mobile developer website iphonedevsdk.com, which exploited a vulnerability in the Java browser plugin. While the precise location and nationality …

Read the full story at The Verge.

Apple and Facebook hacks traced to mobile development site, says AllThingsD

2013-02-19T17:21:05-05:00

Apple Retina MacBook Pro 15 STOCK

AllThingsD is reporting that the culprit behind high-profile hacks targeting Apple and Facebook is "likely" a website called iPhoneDevSDK. The site, which is a hub for iOS and mobile development discussion, was reportedly injected with malicious code according to the report. Employees at Facebook apparently visited the iPhoneDevSDK website in recent weeks, just prior to a hack that the social network made public last Friday. AllThingsD suspects the same developer resource is responsible for an intrusion that comprised "a limited number" of Apple's internal computers. An exploit affecting Oracle's Java plugin served as a gateway for attackers …

Read the full story at The Verge.

Apple releases Java update to eliminate malware threat

2013-02-19T16:40:25-05:00

Apple Retina MacBook Pro Stock

Apple has released a new version of Java meant to plug a vulnerability that can be exploited to install malware on user's computers. The company made an unprecedented announcement this morning, admitting that hackers had effectively infected a "small number" of its computers after employees visited a website for software developers that contained the malicious code. Apple says it isolated those computers from its network, and promised that it would release a support tool today to patch the vulnerability. The update uninstalls Apple's Java applet plugin from all browsers, as well as the Java Preferences application, which it says is no longer …

Read the full story at The Verge.

Apple says it was attacked by hackers, will issue malware removal tool today

2013-02-19T13:17:34-05:00

apple iphone logo stock 1020

In a statement provided to The Verge, Apple says that hackers infected a "small number" of its computers in an attack that exploited a Java vulnerability. As Reuters originally reported, the company says "there was no evidence that any data left Apple," and no user information is said to have been compromised. Apple says the rare security breach utilized the same malware that was recently used to target Facebook and other companies. Despite being a high-profile target, the situation is highly unusual for Apple, and the company says it is working with law enforcement to track down those responsible.

"Apple has identified malware which infect …

Read the full story at The Verge.

Facebook hacked, but has found ‘no evidence’ that user data was compromised

2013-02-15T16:47:29-05:00

Facebook Security

As one of the largest sites on the internet, there's no doubt that Facebook is a prime target for hackers. It looks like some of those hackers were apparently successful - Facebook has just admitted that its systems were targeted last month in a "sophisticated attack." However, the company was quick to point out that "we have found no evidence that Facebook user data was compromised." It sounds like users have no need to worry at this point, but Facebook is continuing to work with its internal engineering teams, security teams at other companies targeted by the attack, and law enforcement officials in an effort to make sure such an attack do …

Read the full story at The Verge.

Twitter also hacked this week, up to 250,000 accounts may have been compromised

2013-02-01T19:06:58-05:00

twitter censorship

It's been a rough week for security breaches, and Twitter has just announced it was a victim of attacks this week as well. In a blog post, the company states that during this past week it detected "unusual access patterns" that led it to uncover unauthorized attempts to access user's data. Twitter even discovered one attack as it was happening, and was able to shut it down shortly thereafter. However, Twitter's post-mortem revealed that the perpetrators of the attack may have had access to account information for approximately 250,000 different users. According to the company, "usernames, email addresses, session tokens and encrypted/salted …

Read the full story at The Verge.