Things have been a little quiet on the security front this week, no doubt because it is holiday season even for hackers who are presumably spending quality time in their secret island lairs, or (more likely) at Glasto. All except our Polish friends of course who were unable to leave the country due to the national airline LOT’s planes being grounded by a hacking incident.
Now if you were to believe the shrieking headlines across all of the media you would no doubt be imagining some spotty herberts taking control of LOT airliners in-flight and flying them using their games consoles, Sony PlayStations almost certainly.
After the dust has settled it transpires that the ‘panic now’ headlines were a tad misplaced. What had actually happened was that a straightforward Denial Of Service attack had prevented the airline from filing their flight plans, much more mundane.
As well as not always believing what you read, this story highlights something wehave been going on (and on) about this year. It is imperative that you have a playbook for the day when the Lizard Squad or similar come visiting. It is also imperative that the playbook includes how communications with the media will be handled in order to minimise panic and damage to your reputation.
If you have been paying attention to the news, you will no doubt be bored senseless hearing about The Onion Router or TOR, the ultra secure, top secret peer to peer network that can be used to securely and secretly connect you to both regular and hidden services (like weapons and drugs markets).
Well, it transpires that a number of people who run TOR exit nodes (the point you emerge from the dark side) are not the good citizens you would expect (surprise!). Researcher Chloe has spent a month running a honeytrap to see if any TOR exit node operators would be sniffing the (unencrypted) exit traffic. She found that no fewer than twelve TOR exit node operators were sniffing her unencrypted traffic and then using the sniffed data (planted unique passwords) to access her honeytrap. Naughty people. So yes TOR does provide anonymity but you are in the hands of parties unknown, so be careful.
While we are talking about Chloe, we are sure you would join us in wishing our very own Chloe Stichbury all the best on the occasion of her wedding this Saturday. Congratulations Chloe!
If you would like to talk to us about Denial Of Service, securing your data, the perils of TOR, building a playbook or anything else security related, please contact us on: [email protected]
If you are at Glasto, watch out for scallys robbing your tent and buy the hackers a drink. Be careful.
That’s shalLOT. (sorry).
