Thursday, June 10, 2010

iPad Security Breach Exposes 114,000 E-mail Addresses

A security breach on AT&T's web site allowed a group of hackers to snarf up 114,000 e-mail addresses from unsuspecting iPad users, according to The New York Times. AT&T said that it has already closed the whole, but the question remains of why they stored such information on a publicly accessible web site in the first place.

While stolen e-mail addresses by themselves aren't of much use, other than to add to spam mailing lists, the hacking group, Goatse, was also able to get the ICC-ID of iPads. The ICC-ID is a unique identification number for the iPad. AT&T denied the ICC-ID could be used for anything other than getting an e-mail address, but some security experts cautioned it could still possibly lead to find the device's location.

Technical details of the breach were reported by Gawker, which said it involved spoofing the User-agent in the header to make AT&T's servers respond to a request from a PHP script for harvesting the data.

Tuesday, June 01, 2010

Never Met a Facebook Page I Liked

If you like this Facebook page, as described in recent post on Graham Cluley's Sophos blog, you're going to get hit by a clickjacking Trojan. The Likejacking exploit, as Network World and Richard Cohen at Sophos calls it, attracts users by a suggestive message -- very similar to other social-engineering tricks -- and then redirects users to a page that downloads the Trojan, which replicates the suggestive messages to all the victim's friends.

According to Sophos, the Troj/IFrame Trojan just replicates virally through Facebook pages and doesn't appear to steal user credentials. It just forces users to "like" a Facebook page, as the social-networking site calls it, without the user's knowledge.

Interestingly, the blog post, which has technical details about the exploit, advises users to join the Sophos page on Facebook to get alerts about other security threats.