Fraser G

Thanks for sharing the article. This is pretty scary and quite concerning too especially because of the problems in the maritime waters. This type of cross-country digital hacks have become quite common now a days where countries are willing to do anything to get data for their own benefit. It is high time that countries have strong defense mechanisms and legal actions for such acts. You right pointed out that the legal rules between China and the US failed here. Such laws need to be scrutinized further

Great Post! Very Interesting.

his is absolutely incredible. I wonder how many users have already used the fake antivirus application and how many systems have already been attacked with this. North Korea’s involvement is even more shocking considering that it is already cornered by most countries for its economic decisions.

Shi,
Quite an interesting article that talks about how Memcached servers can be hacked using large DDoS attacks. As far as I know, prevention against DDoS is still under research and in fact many organizations still do not have the best practices to prevent such attacks. Such situations can only be avoided by having a centralized monitoring and triggering system to check port status of all devices rather than doing it manually.

Hi Richard,
The one good thing that the company did I feel was to immediately inform the users about the leak. However, I am not quite sure how protected the 3rd party database were. I feel organizations should have their in-house database for most of the critical transactions and customer information, rather than outsourcing it to 3rd party server for cost saving purposes. This is primarily the reason the above incident has happened.

Shi,
Nice summary of the article. I am quite surprised that WordPress allows execution of the PHP file at run time by changing the parameters. A similar kind of flaw was witnessed a couple of years back when users can potentially change variable parameters of images in WordPress sites and identify information of websites without security logins. The patch needs to be done as soon as possible before it affects users. I am pretty sure a large percentage of SMBs use WordPress for their business needs.

Part of the problem is that app developers know that very few users understand/read the ToS when they accept “Share my information” on these sorts of apps. I have been trying to educate my friends and family to take a more skeptical view of these kinds of things. That great maxim “If you are not paying for it, you’re not the customer; you’re the product being sold” is a good place to start.

Will follow up this story in April…

Shi Yu,
This is an individual action of someone who is either careless or who doesn’t know what he is doing. his action shows there are government policies that need to be changed and obligate employees to be careful with such sensitive files.
This is a very educative article that I am sure it will teach a lesson to so many people the consequences of taking government documents home.

It is definitely an interesting read. I wonder what was the motivation of the NSA employee to take the classified documents.

Richard – That’s really shocking to know. Spyware has become so common and these attacks question our security practices. It’s surprising that Android Spyware could actually do this. I doubt if the spyware can also have access to mobile’s internal data and contact information? If yes, then I believe many users would be subjected to this attack.

Richard,
Thank you for the article. My question at this point will be; why there use this methods only in African countries?

The answer to this question is very simple, there are no regulations or law that protect people in those countries. Which means they can be good targets for so many cyber attackers.

Quick response by Facebook to fix the bug and it’s interesting to see bug bounty hunters.

Interresting…..it s good that they fix it.

That’s quite an interesting news and I am surprises to see such flaws from world’s largest social networking community. This is pure case of internal system fix and stands a good example for many businesses related to this. It’s good that it was reported on time before any potential violation occurred and extracted personal images.

Richard,
I think this kind of leak is very normal, the Institute of Electrical and Electronics Engineers (IEEE) has to update the software on the encrypted system-on-ship with a new version that can be stronger. I am not too sure how much recent this technology, but it will be a big issue if it has been in the IT world for a long time. I like your article and I think it shows how much so many organizations don’t keep patching their products to prevent attackers from reaching their goals.

Tor is a powerful tool. It offer the way to enter dark net.

Shi Yu,

your article is very similar to many articles who came one after Iphone 6 came out with the fingerprint login button. Everyone was talking back then about how Apple was collecting fingerprints of millions of customers all over the world. However, the people knew that an important sensitive information (Fingerprint) can be used against them at anytime and they kept using apple logins.

I do believe that this time again, the people will purchase more new IPhones and will activate their cameras to login using the Face-ID feature even tho they pictures of them and the people around them will be taken without their permissions.