Le principe Noemi concept
Astuces informatiques
Webbuzz & Tech info
Noemi météo
Notions de Météo
Animation satellite
Mesure du taux radiation
NC Communication & Design
News Département Com
Portfolio
NC Print et Event
NC Video
Le département Edition
Les coups de coeur de Noemi
News Grande Région
News Finance France
Glance.lu
Apparently the Gawker data breach was no secret on the Internet and people had offered Gnosis money for the Gawker database before the release. According to a Gnosis representative who gave details to TechCrunch, the group received several offers all in the vicinity of 2K, mostly from spammers and re-salers, “certainly not for good.”
Already Internet nogoodniks are taking advantage of the exploit. A hack-related Twitter attack on Sunday forced users to tweet about the Acai berry diet. TechCrunch Senior Editor Erick Shoenfeld fell prey to what looks like the second iteration of the Acai attack this morning. The New York Post reports that one woman had her entire life “turned upside down“ when her social media accounts were taken over and used to post anti-Semetic messages. Behemoths LinkedIn, Yahoo and World Of Warcraft have all taken measures to protect against further attacks.
Because many people use the same password across multiple sites, this spammer’s delight is going going to get worse before it gets better. Especially if the attacks spread from social media to financial services. It’s time to get an entirely new password if you’ve ever commented on Gawker, for everything, even if your password (like both of mine) is still encrypted in the full_db.txt file. You can check if your information has been exposed here.
@pkafkaPeter Kafka
When asked why they didn’t accept any of the offers, our Gnosis source replied, “We didn’t sell because we thought that would be too far. It’s one thing finding out that your database was leaked, and its another to find out that it was sold. We are not heartless, we know the implications for selling it, even though a minority of the group wanted to sell it.”
While the Gnosis representative admitted that there are lot of interesting things that can be done with a hacked database, the more serious issue here is the public availability of the PHP source code which leaves open the possibility of further exploits, “Just say if Gawker recovers fully, and all is well, six months down the line some Eastern European hackers jump in and do the whole thing again, because they had access to the source and found a way to exploit it.”
In a comment explaining the breach Gawker founder Nick Denton, who reportedly has a meeting with the FBI today, hinted at hiring an independent security firm to improve security. Not enough says the Gnosis rep, who holds that all the sites’ API keys and cookies are in still in the source code and that while difficult, those with nefarious intent can still impersonate Gawker users, “I would bite the bullet and release all the source code if I were them officially, and go ‘open source.’”
Denton, who is in the unenviable position of being the busiest person in the world at the moment, did not reply to my questions about the measures being taken to further protect users and the ethical implications of such a large breach. He only responded with this link to show that Gawker site traffic hadn’t fallen since the release, when asked about that in an addendum to my first email.
8 8
Authors: Alexia Tsotsis
