19 March 2016

Incredible epic fails in IT security community of past week

Incredible epic fails in IT security community of past week

We all need security for a reason, but sometimes we completely forget about the true meaning of this reason and the intentions for enforcing security measures. In this article we will cover the funniest stories from IT security community, which happed last week.

Prison break (Russian version)

Russian carder Kamo Voskanyan escaped home arrest one day before the final hearing and his location is currently unknown. He was wearing an ankle bracelet, and supposedly caring his favorite cat. The alert about Mr. Voskanyan leaving his apartment was triggered at 2 A.M. Unfortunately, working day in Saint Petersburg police starts only at 9 A.M., and there was no one to react to the alert during the night (!).

But Mr. Voskanyan was not the original inventor of this incredible escape. In August 2015 Alexander Shapovalov managed to do the very same thing. His ankle bracelet was discovered in airport, and he was able to fly away.

Information leaks

In Kazakhstan lawmakers were forced to disable usage of smartphones connected to the Internet in governmental institutions. The main concern was that people are using mobile applications to make pictures of secret documents and then publish them. The memorandum about limitations of smartphone usage was also leaked using smartphone.

Presidential hack

First victim of Anonymous hacktivists was Donald Trump. Hackers published his personal information, including phone numbers, addresses and social security number. The second victim was Ukrainian acting president Peter Poroshenko. Hackers published personal information of Poroshenko’s family members and accused one politician of pro-presidential party in working for Russian Secret Services (FSB).

Wrong patching

In late 2013 Oracle issued a patch for critical vulnerability in Java (CVE-2013-5838). Unfortunately, that patch was not effective. Experts from Security Explorations published a PoC code, which triggers the vulnerability in latest Java SE 7 Update 97, Java SE 8 Update 74 and Java SE 9 Early Access Build 108.

Back to the list

Latest Posts

Remote code execution in NetBSD – nasty and potentially wormable bug

Remote code execution in NetBSD – nasty and potentially wormable bug

NetBSD users are advised to install patched ASAP.
12 February 2018
Zero-day vulnerability in Adobe Flash Player

Zero-day vulnerability in Adobe Flash Player

Second zero-day this year. No remedy available.
1 February 2018
Jackpotting: Weird Attack On ATM

Jackpotting: Weird Attack On ATM

Jackpotting requires not only technical skills and great coordination but also acting skills, audacity and composure.
30 January 2018