Steve Shead Dot Net

Zappos Hacked

January 16th, 2012 by Steve Shead - No Comments »

From CNN Money – 24 million accounts accessed. CEO states no credit card data exposed. They state the hack gave access to part of their internal network and systems, yet the server that was hacked was based in Kentucky. I thought Zappos operated out of Nevada?

The article detracts from the fact that they were hacked, period. Regardless of whether customer data or credit card data was taken, they were vulnerable enough to be hacked. Does that give the customers a vote of confidence that they are secure?

Was that last statement a little harsh? Depends on which side of the fence you are looking. I see it as a good thing that the attackers didn’t get further, but I can’t help but think that it was a starting point. We all know it only takes one person inside the company to make us vulnerable, and that chances are it isn’t malicious, but that the vulnerability that person unwittingly creates allows the hack to occur.

Was a patching / maintenance window pushed for some reason or other? Or – were bad practices involved? We don’t know the answers, we just see the headline “Zappos Hacked”. The hackers got to the last four digits of credit card numbers – perhaps that is a staged database used for testing? Again, who knows right?

You have to wonder where the fine line is for giving out information about being hacked. Not the method, just what, when etc. Since the damage is done, how do you negate that and recover?

I’m guessing there’s a lot of work going on in Zappos right now – forensics – rebuilding – double checking. It’s sad, since they have done so well up to now. How bad is the fallout going to be? I’m keeping an eye out but my thought is they will recover, since their reputation has always been good and valued.

Posted in: Tech |
Tags: hacked, zappos

BIND 9 Resolver crashes after logging an error in query.c

November 18th, 2011 by Steve Shead - No Comments »

Here’s a some news – CVE-2011-4313 with a CVE rating of 7.8 – BIND 9 Resolver crashes after logging an error in query.c. Here is the original post: http://www.isc.org/software/bind/advisories/cve-2011-4313.

Here’s the description:
An as-yet unidentified network event caused BIND 9 resolvers to cache an invalid record, subsequent queries for which could crash the resolvers with an assertion failure. ISC is working on determining the ultimate cause by which a record with this particular inconsistency is cached.At this time we are making available a patch which makes named recover gracefully from the inconsistency, preventing the abnormal exit.

Easy fix? Upgrade BIND to one of the following patched versions: BIND 9.8.1-P1, 9.7.4-P1, 9.6-ESV-R5-P1, 9.4-ESV-R5-P1

Posted in: Tech |
Tags: 9, bind, error, query.c, resolver

Twitter and Legal Hacking

November 11th, 2011 by Steve Shead - No Comments »

I’ll admit I haven’t read through the whole article in the link below, but the government legally hacked someone? The fact that “legal” and “hacked” appear in the same sentence is a little concerning.

That being said, it is feasible that there are times when something like this might need to happen – National Security etc – and this was with reference to Wikileaks …but, what rights do we really have? Are liberties taken, or do we even believe that the liberties should be taken.

My thought is it can go either way, but if you are going to take away someone’s right to privacy, there had better be a darn good reason. That being said, I’ve heard talk of traffic traveling over and IP (what a concept) doesn’t belong the the person that is using the IP, therefore, can be intercepted. Really? That’s a little low don’t you think?

Soap box aside, like I said this conversation could go either way, here’s the link. See what you think about it – here, courtesy of the Guardian, UK.

Posted in: Tech |
Tags: department, hack, hacking, justice, twitter, us

Adobe 0Day Update Tomorrow

September 20th, 2011 by Steve Shead - No Comments »

It appears Adobe is releasing an emergency update to Flash Player to fix a 0Day vulnerability. Announcing it tells more people about it – catch 22 perhaps?

Here’s the release from Adobe: http://blogs.adobe.com/psirt/2011/09/prenotification-security-update-for-flash-player.html

…it never ends!

UPDATE: It appears Google patched Flash for Chrome before Adobe patched their own! Interesting since those that want to know what the vulnerability is could analyze the differences between pre and post patched. Here’s the post from Larry Seltzer on PC Mag Security Watch.

Posted in: Tech |
Tags: 0, adobe, day, update, zero

Mark Zuckerberg – The Social Network

August 26th, 2011 by Steve Shead - No Comments »

…just watched The Social Network, and here’s my synopsis, for what it’s worth.

This was a story about two stuck up, high society snobs that couldn’t take the fact that a geek could put together a fully fledged idea. That idea wasn’t seeded by the twins idea. It was already set in his mind – he just needed the final piece of the jigsaw puzzle, and a conversation put that last piece in place. It wasn’t plagiarism, if was plain old thinking outside of the box. Zuckerberg is the genius, and the twins wanted to suck up from his idea. It’s not like they needed the money – I mean, really?

To the episode with Sean (or was that Shawn?). Tell me, in all good faith that you (the reader) hadn’t exercised bad judgement in your early years? That you hadn’t been influenced by someone you saw as a hero of sorts? I think Zuckerberg’s only issue was trusting a drug taking smooth talker. That led him to a bad judgement call with regard to Eduardo and the diluted shares issue. Perhaps he wasn’t fully aware of what he was doing, who knows, but remember his age and the influences. Tell me you were infallible at that age. That being said, there was a positive spin to Sean (Shawn) being involved. It moved the company with an angel investor and created the last piece of the puzzle that launched Facebook. Would that have happened anyway with Eduardo – perhaps – maybe not so quickly, maybe not at all.

How it played out – did he do the right thing? I think so, but the movie wasn’t going to give much of that process away. If the movies intent was to make Zuckerberg look like the villain, it failed. I saw a normal human being (well, uber intelligent, but geeky normal) at an early and impressionable stage of his life going through some ‘stuff’. Again, I defer to how good your judgment was at that age. I know mine was worse than Zuckerbergs at that age.

The twins got some cash – you have to know that was all it was about for them. Eduardo got recognition and cash – deserved to be honest – and Zuckerberg went on to make it big. Damn fine show I say, and good luck to him.

Carpe Diem.

Posted in: Day to Day |
Tags: mark, network, social, the, zuckerberg