SDS

If you can’t stop piracy with the hundreds of laws already on the books, i guess it cannot be done.

I stand in solidarity with Google, Wikipedia, Reddit, and all the others who are blacking out their websites to raise awareness of these terrible terrible bills.

Riot police is here now, but don’t yet appear to be doing anything. be safe.

I will be attending! will you join me? Stand up and be counted! (you almost certainly will NOT be arrested)

all the ssl blacklists are updates. we can return to thinking we are safe. Apple included the patches in a Security Update, Firefox updated to 6.0.2. Jailbroken iOS users can update or install “sslfix” in Cydia to get the protections that apple has yet to release.

After watching Moxie’s BlackHat talk, we seriously need to fix SSL. It is holding up too many technologies to be this insecure.

The guys at 1up.com did a great job with this one.  take note sony.  As should anyone who wants to store the data of millions of users.  Especially if you are possibly one of those millions of users.

Their recents exploits include hacking FBI affiliate Infragard (Atlanta Chapter).  They defaced the website, stole account information, and messed with their users.  Particularly Karim Hijazi of Unveillance.  LulzSec alleges that Karim (in a chat on IRC) offered them money and information to hack and his competition in the security industry.  This kind hypocritical behavior is specifically deplored by hackers.  Hijazi’s company email was posted online and in LulzSec’s official statement they threaten the release of his personal email as well.  LulSec started taking donations with BitCoin.  They used some of the money to pay for servers and their “lulzsecurity.com” domain which appears at present to be down.

A bit of ransom-ware by the name of Mac Defender is exploiting a default setting in safari that will automatically launch any installer package that you download. It still requires the user to go through the steps of installing the software including entering their administrator password. Apparently this hasn’t prevented hundreds of users from installing the bogus software. It seems to do nothing but pop up ads and messages to lure the user to pay $79.99 to remove the infection. Easy, free removal instructions are available here. But let this be a lesson. Don’t type your password if you don’t know why it is asking for it. Don’t install things you didn’t know you downloaded.

yesterday, anonymous’s irc server was hacked and user’s ip addresses and private messages were posted here. Looking at the logs, it is clear to me that many of their users use proxies, VPNs, or some other way to obscure their actual address. It is doubtful that any serious hacktivists were actually unmasked. With rumors of an internal conflict within anonymous ablaze online, it is still unclear who was responsible or when their operations will be back online.

Greatest analysis and explanation of the cablegate i’ve seen on any media source.  you go guys!

also, another good one. . .
http://www.youtube.com/watch?v=ob7vcepdeOA

Gawker Media (Lifehacker, Gizmodo, etc.) was hacked by a group calling themselves #gnosis and their entire user database (as well as source code for the sites) was posted to a popular torrent site.  Downloaded already no doubt by hundreds or even thousands of would be nar do wells.  What does this mean?  what can we learn?  More then 50,000 users used “password” for their password.  Read the oficial statement here.  I did enjoy the irony of Facebook connect users being safe from this.  If you had an account on any of these sites, your information is compromised and i prey you don’t reuse your password.  Change it, change it fast.  Millions of user’s Data was exposed (names, emails, passwords). The ramifications of this breach will continue over the next few weeks as users accounts on other services begin to wreak havoc.

here is a humerious comic about password reuse:
http://xkcd.com/792/