Category Archive: Security

The Good, the Bad and the Ugly of the AT&T "Hacker" Fiasco

Posted on June 17, 2010 in: Security|1 Comment

If you have been following the story of AT&T being hacked, you are aware of how a hacker group known as Goatse Security (GS) was able to retrieve 114,000 iPad users’ emails via a security exploit. After reading of the latest news I felt compelled to share my comments on the story, possibly just as a way to vent on my frustrations of the entire issue.

The Good

There were many positive aspects to the developing story on both ends.

  • GS let A&T know of the exploit, giving them a chance to fix the issue.
  • GS only informed the plugin after AT&T has patched the issue.
  • GS only informed a single journalist.
  • The issue has been fixed.
  • Despite them raiding the group leader’s house for this (the bad), they did allegedly find drugs including cocaine, ecstasy, LSD, and schedule 2 and 3 pharmaceuticals in addition to some other terrible discriminatory beliefs.

The Bad

Also known as “The Frustrating”…

  • GS should not have released the exploit to the public until AT&T had done so. Regardless of how long AT&T delayed letting it become known most corporations have a lot of red tape so it takes a while to get anything moving.
  • That said, AT&T should have let everyone know of the issue at least a day or two after, not a week.
  • As far as I can tell, the only felony charges agains the leader of the hacker group is for drug possession. It is frustrating that he was even raided, because this was a white-hat hacker and not someone using the emails for malicious purposes (despite what AT&T said).
  • AT&T receives help from a hacker group and then turns around and defames them, yet in doing so also gives them more publicity.
  • GS should not try to play the “patriotism” card because that just makes you seem guilty.

Comment

There are burdensome issues on both ends. Despite society becoming more and more in the cloud and accepting technology as a necessity for the future of business, people still think “hacker” is an expletive. Actually a hacker by definition is simply a programmer that likes to code and tinker away with technology (commonly confused with a “cracker”). In this case it seems more like AT&T is just trying to pass blame and make it seem like the exploit was something created by the Goatse, instead of simply being discovered.

As always, a few bad apples give the entire industry a bad name. But I feel like this is not an instance that should be the case. I feel like for the most part Goatse did the generally “right” thing, yet AT&T rebutted with an atom bomb. Maybe one day we’ll all be able to get along…a day when maybe corporations will give hacker groups incentives (monetary and publicity) for discovering issues like these, instead of jail time.

Oh, and the Ugly

Facebook “Like” Button Phishing

Posted on June 1, 2010 in: Security|Post Comment

Anytime a new trend catches on malicious attackers are sure to be close by, mimicking the trend to capture unsuspecting users. Now that the Facebook “Like” Button is popping up on more sites around the internet, phishing attacks are going to start popping up here and there. How would Like Button Phishing work? Click “Read the rest” to see an example…

Click here to read more »