Hasta La Gadget!

LulzSec, short for Lulz Security, is a hacker collective that has pulled quite a few grand cyberattacks, taking high-profile and big-name websites down whilst gathering up a plethora of passwords and account info, among other things. Last year, the FBI brought the group down with the aid of its leader, “Sabu,” arresting multiple individuals and charging them with a variety of breaches of the law. Now three members have plead guilty.

According to The Guardian, Jake Davis (20-years-old), Mustafa al-Bassam (18-years-old), and Ryan Ackroyd (26-years-od), who had previously maintained his innocence, have plead guilty in London earlier today to attacking Sony, News International, and the NHS. For his part, Ackroyd plead guilty to plotting attacks on a variety of websites, among them being 20th Century Fox, as well as a single count of a computer hacking charge.

And for their parts, al-Bassam and Davis plead guilty to conspiracy to attack law enforcement agencies throughout the United Kingdom and the United States, as well as the cyberattacks against the aforementioned News International, 20th Century Fox, NHS, and Sony. This is al-Bassam’s (who is said to have gone by the name Tflow) first guilty plea in the cyberattacks.

Now the group is awaiting sentencing, which is slated to take place on May 14, about two-years after the attacks they plead guilty to took place. Also slated for sentencing on May 14 is another LulzSec hacker named Ryan Cleary (21-years-old), who had already plead guilty to six charges said to be related. Check out the timeline below for more info on the hacking group.

[via The Guardian]

LulzSec hackers plead guilty to cyberattack charges is written by Brittany Hillen & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.

Late last year, there was quite a bit of hoopla over whether the Chinese government was using devices from Chinese manufacturers such as ZTE and Huawei to spy on other nations. The manufacturers denied the claims, but it set off a firestorm of debate, and Canada moved to ban the devices. Now the US has slipped a review process into law to help safeguard against such attacks.

Congress slipped the review process into the appropriations bill that was just signed by President Obama, and with it comes new stipulations for certain government agencies. Per the language in the law, the agencies must initiate a formal review in conjunction with law enforcement that looks into the risk of espionage and sabotage before purchasing “information technology systems” that have a connection, whether through manufacturing or assembly, to China.

The Department of Justice, NASA, and the Department of Commerce are all bound by the language to perform risk assessments before potential purchases that look into “any risk associated with such system being produced, manufactured or assembled by one or more entities that are owned, directed or subsidized [by China].”

This follows many alleged cyberattacks on American media companies, banks, and other systems by the Chinese government. Likewise, late last year the White House expressed concern that ZTE and Huawei could be used by the nation for spying purposes, with the government urging telecommunications companies to tread carefully. Backlash came from both ZTE and Huawei, and sources said soon after that the White House found no evidence of spying from the latter manufacturer.

[via Reuters]

Provision restricts US government Chinese purchases due to espionage worries is written by Brittany Hillen & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.

Microsoft‘s Legal & Corporate Affairs Executive Vice President Brad Smith announced on Microsoft’s Tech Net blog that the company has released its first Law Enforcement Requests Report. The report details law enforcement data requests worldwide for information from the company’s cloud and online services, including how it responded to the requests.

According to the announcement, Microsoft’s first report includes information about data requests and responses for its various services, including Xbox LIVE, Outlook.com and Hotmail, Microsoft Account, and Office 365. It will continue to update this report twice a year (every six months) with new information. In addition, the company is also releasing data related to Skype, which it acquired a little over a year ago.

This move is to provide the public with information on consumer data requests and how they are responded to, providing transparency and contributing to the information on the topic already provided by other companies in the industry. The information is split by country, and shows how often the requests for each country are responded to with the data being handed over.

The report shows that Microsoft received 75,378 requests from various law enforcement agencies in 2012 concerning 137,424 accounts. Out of this large number, 2.1-percent of them resulted in Microsoft providing the requested information, a total of 1,558. Specifically, that 2.1-percent represents instances when the company provided content stored in/on the customer’s account, but not what it calls “non-consumer” data, which includes things like email addresses.

[via TechNet]

Microsoft publishes 2012 Law Enforcement Requests Report is written by Brittany Hillen & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.

It seems to be a bad week for cell phone safety, with another vulnerability coming to light, this time concerning T-Mobile‘s Wi-Fi Calling feature. While the feature is handy for those who want to save minutes and utilize the Internet connection they already have available, it is also a potential hazard when it comes to keeping your personal texts and calls secret. Researchers at the University of California, Berkley are credited with finding the problem.

This information comes from SecurityWeek, which interviewed the two researchers – Jethro Beekman and Christopher Thompson – about their discovery. When Android handsets utilize Wi-Fi Calling, they fail to properly validate the security certificate for the server, which leaves them open to MiTM (man-in-the-middle) attacks. This vulnerability was discovered by reverse engineering the T-Mobile feature.

Says the researchers, T-Mobile uses regular VoIP for Wi-Fi Calling instead of a connection that encrypted, something that aids in its vulnerability. An attacker can take advantage of the victim if he is using the same wifi network the call is being placed over, intercepting calls and doing with them as he pleases. Mention was also given of the possibilty for setting up a malcious network to get callers to connect and use it.

Said the researchers: “Without this proper verification, hackers could have created a fake certificate and pretend to be the T-Mobile server. This would have allowed attackers to listen to and modify traffic between a phone and the server, letting them intercept and decrypt voice calls and text messages sent over Wi-Fi Calling.”

[via Security Week]

T-Mobile’s “Wi-Fi Calling” security vulnerability leaves subscribers at risk is written by Brittany Hillen & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.

Yesterday, Apple rolled out iOS 6.1.3, patching up the popular Evasi0n jailbreak and, as a video we have available after the jump shows, introducing a security vulnerability that allows the lock screen to be bypassed. This is despite the fact that the latest iOS release contains fixes to previous vulnerabilities that allowed anyone to skip the lock screen.

The newest security issue isn’t terribly easy to pull off, although anyone with a bit of dedication could manage it. The problem was surfaced by YouTube user videosdebarraquito, who posted a video showing the entire method using an iPhone 4. This was followed up by others confirming that they managed to reproduce the bug, including the folks over at The Next Web.

As you can see on the video above, the bug is exploited by removing the SIM card at a certain moment while initiating a call via voice commands. Doing this provides access to the handset’s Contacts and Camera Roll, which can be fully browsed and edited. The obvious solution until Apple rolls out a fix for this lock screen bypass is to shut off the voice dialing feature.

Some user reports are coming in that this exploit does not work when using Siri, but some have published that they’ve managed to get it to work on the iPhone 5. The full effect of the bug will only be known as word spreads and more variations of the iPhone are tested, but for now it would seem those operating pre-Siri are vulnerable to the issue.

[via The Next Web]

iOS 6.1.3 lock-screen bypass bug provides access to Contacts and Camera Roll is written by Brittany Hillen & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.