Noa Bar Yosef: May 2008 Archives

We've been following up on different incidents where sensitive information appearing in websites is accessible without any adequate protection measures, leaving the data vulnerable to different security threats such as Google Hacking. And yet, the following incident differs somewhat from the ones we usually read about... a recent exposure of underground information trading network reveals that hackers themselves are not immune to data leakage as a server containing stolen private information did not have any of the common safety controls (encryption, access controls) implemented on it. In effect, this allowed anyone with access to the server to freely gain 1.4 gigabytes of sensitive data!

And on a similar note, it seems that it takes a hacker to know a hacker and these crooks are very much keen on protecting their trade - a recent article described a "EULA" agreement on virus-spreading software suites. Basically, the virus writer has its copyright on the malware (no re-distribution and the likes). If violated, the hacker-seller will snitch to the appropriate authorities on the hacker-buyer. Now that's what's called Honor Among Thieves!

Earlier this month a new social network entered the scene, named "House of Hackers". I'm interested to see how this network will evolve. As of writing these lines, more than 2200 members have signed up!

As being a network for computer security researchers, I guess the members run the gamut from ethical hackers, to in-house penetration testers, to kids and to Mob-related hackers. On the one hand it can develop to become a well-established security platform where researchers collaborate and communicate, exchanging security ideas and concepts with the purpose of providing more secure and sound systems. It could however become yet another platform for the exchange of sensitive information and disclosure of 0-day exploits.