The Weekly Ink #3
THE WEEKLY INK
Hi, everyone! We're excited to announce a new series on our blog called The Weekly Ink.
The Weekly Ink is a summary of the top security content of the week injected with our own pointed opinions, and will be posted to our blog...well, weekly.
The Weekly Ink started as an internal newsletter at Duo, but we figured it would be worthwhile to share our pseudo-intelligence, attempted humor, and snark with everyone. We hope you agree.
The Weekly Ink is brought to you by Duo Labs, the advanced research team at Duo Security. Keep an eye out for more from Duo Labs in the coming weeks!
-Jon Oberheide, CTO, and the Duo Labs team
This week's installment includes stories submitted by Vikas Kumar, Duo Labs Intern.
This is not the first time tweetdeck has had an xss vulnerability either... A very similar bug was found in 2011.
A few days ago, Domino's Pizza of France and Belgium was breached. Soon after, the hacker group RexMundi claimed responsibility and posted details of the breach. They claimed to have taken over 592,000 customer records including customers' full names, addresses, phone numbers, email addresses, passwords, delivery options and their favorite pizza topping. They originally demanded a payment of €30,000 by 8pm Monday (June 16th) or they would publish the information. Dominos refused to comply.
On Tuesday, at around 5am, they extended the deadline: "If @dominos_pizzafr doesn't pay us tomorrow and we publish your data, u have the right to sue them. Speak to yr lawyer!". Dominos' French CEO stated that they would not pay the ransom demanded. RexMundi has not yet leaked any customer data... This is not the first time RexMundi has demanded a fee to prevent a customer database leak. In 2012, they demanded between 15k and 20k from AmericCash. That company did not pay, and RexMundi did leak the customer data. We have yet to see if RexMundi will do the same now.
When you log into LinkedIn.com, it sends your username and password over https (basically stuff is encrypted), which is well and good. However, after you are authenticated, it redirects you to http (unencrypted communication) where anyone on your local network can access your account by stealing your cookies. Here's how it works:
- User logs in to https://www.linkedin.com
- LinkedIn sends back authentication results
- Evil person listens in on packets being sent and steals authenticated session cookies
- Evil person logs in and changes every picture of User to a picture of Nicholas Cage