The Indelible Bonobo Experience

Renaissance Monkey: in-depth expertise in Jack-of-all-trading. I mostly comment on news of interest to me and occasionally engage in debates or troll passive-aggressively. Ask or Submit 2 mah authoritah! ;) !

Quote Post
Last month, Facebook Security discovered that our systems had been targeted in a sophisticated attack. This attack occurred when a handful of employees visited a mobile developer website that was compromised. The compromised website hosted an exploit which then allowed malware to be installed on these employee laptops. The laptops were fully-patched and running up-to-date anti-virus software. As soon as we discovered the presence of the malware, we remediated all infected machines, informed law enforcement, and began a significant investigation that continues to this day.
Protecting People On Facebook | Facebook
Posted in facebook security breach attack exploit malware investigation
Photo Post
More than $87,000 worth of the virtual currency known as Bitcoin was stolen after online bandits penetrated servers belonging to Bitcoinica, prompting its operators to temporarily shutter the trading platform to contain the damage. (via at, /.,  FBI-PDF) forum post discussing how the attacker(s) hinted at a ‘mass leak’ in the near future It was at least the second time in 10 weeks Bitcoinica has been stung by a computer intrusion that has cost it dearly. In early March, a security lapse at cloud services provider Linode allowed hackers to make off with about $210,000 worth of bitcoin after they gained unauthorized access to bitcoin wallets stored by Bitcoinica and seven other customers. The post went on to warn that a database storing user names, e-mail addresses, and account histories was also accessed, and it also suggested cryptographically hashed passwords may also have been compromised. It advised customers who reused their Bitcoinica passwords on other sites to change them. Documents used to legally verify users’ identities are stored on separate servers at a separate data center with a different encryption regimen. Other participants complained that the theft of such a large amount of bitcoin threatened to devalue the currency. At time of writing, those fears appeared to be unfounded, with the value of a BTC remaining largely unchanged at about $4.94, according to current exchange rates. Bitcoin is a digital currency that’s transferred through a peer-to-peer network, making it virtually impossible to trace those who use it. Strong cryptographic controls ensure that once bitcoins are spent they can’t be taken back, although a recently published research paper reports limitations that allow the same bitcoins can be double spent. This is why I never send utility bills or copies of my ID for authentication - I simply don’t believe that this data was stored elsewhere and wasn’t compromised.

More than $87,000 worth of the virtual currency known as Bitcoin was stolen after online bandits penetrated servers belonging to Bitcoinica, prompting its operators to temporarily shutter the trading platform to contain the damage. (via at, /.FBI-PDF)

  • forum post discussing how the attacker(s) hinted at a ‘mass leak’ in the near future
  • It was at least the second time in 10 weeks Bitcoinica has been stung by a computer intrusion that has cost it dearly. In early March, a security lapse at cloud services provider Linode allowed hackers to make off with about $210,000 worth of bitcoin after they gained unauthorized access to bitcoin wallets stored by Bitcoinica and seven other customers.
  • The post went on to warn that a database storing user names, e-mail addresses, and account histories was also accessed, and it also suggested cryptographically hashed passwords may also have been compromised. It advised customers who reused their Bitcoinica passwords on other sites to change them. Documents used to legally verify users’ identities are stored on separate servers at a separate data center with a different encryption regimen.
  • Other participants complained that the theft of such a large amount of bitcoin threatened to devalue the currency. At time of writing, those fears appeared to be unfounded, with the value of a BTC remaining largely unchanged at about $4.94, according to current exchange rates.
  • Bitcoin is a digital currency that’s transferred through a peer-to-peer network, making it virtually impossible to trace those who use it. Strong cryptographic controls ensure that once bitcoins are spent they can’t be taken back, although a recently published research paper reports limitations that allow the same bitcoins can be double spent.

This is why I never send utility bills or copies of my ID for authentication - I simply don’t believe that this data was stored elsewhere and wasn’t compromised.

Posted in bitcoin bitcoinica btc theft hack crack phreaking gavin andresen security it breach zhou tong currency money online linode exploit reset
Quote Post
A vulnerability has been discovered in Microsoft Windows, which can be exploited by malicious people to potentially compromise a user’s system. The vulnerability is caused due to an error in win32k.sys and can be exploited to corrupt memory via e.g. a specially crafted web page containing an IFRAME with an overly large “height” attribute viewed using the Apple Safari browser. Successful exploitation may allow execution of arbitrary code with kernel-mode privileges

threatpost, secunia

it’s a Windows problem, but only the Safari browser is [so far!!!] affected. Chrome/Chromium might follow soon as they’re very similar and based on the same engine.

Posted in security secunia vulnerability windows 7 exploit safari