Hackers

Hackers operating under the banner Anonymous have been poking a finger in the eye of one private company after another for two years now.

They steal files from inside corporate computer systems and occasionally, as in the case of Stratfor last week, dump company e-mail online for all to see. The Stratfor hack, in which Anonymous claimed to have joined forces with WikiLeaks, drove home a clear lesson about the era of ubiquitous “hactivism,” or hacking as a form of protest.

Sony (NYSE: SNE) is facing yet another major security breach. Hackers reportedly illegally downloaded over Michael Jackson’s entire back catalog, consisting of 50,000 tracks, many never released. Sony purchased the catalog from Jackson’s estate for $250 (£157.51) million last year.

The attack itself appears to have taken last spring, around the same time that Sony’s PlayStation Network network was hacked and 77 million users’ data stolen.

A laptop stolen from NASA last year contained command codes used to control the International Space Station, an internal investigation has found.

The laptop, which was not encrypted, was among dozens of mobile devices lost or stolen in recent years that contained sensitive information, the space agency's inspector general told Congress today in testimony highlighting NASA's security challenges.

Businesses are not taking Anonymous and hacktivism seriously enough, according to an FBI special agent.

A number of stories about a Windows 8 kill switch have appeared on the Web, each with its own odd and ominous tone. The blogosphere has gone berserk with all sorts of menacing commentary, such as the following from the Vigilent Citizen:

The tipster e-mail link for the Quebec government's anti-corruption inquiry has been shut down after it was reportedly hacked.

Seven e-mails – one of which claimed the bribing of a Montreal city employee by a construction company – were allegedly given to the QuebecLeaks website by hackers who said they were testing the site for security flaws.

The GSM mobile standard is wide open for attack, experts have warned, thanks in part to the increasing amount of computing power available to hackers.

"Voice interception capability really depends on how much processing power you have," said Aaron Turner, cofounder of security specialists N4struct, speaking at the RSA 2012 conference in San Francisco. "But that's just a function of Moore's Law – the faster computers get, the more data they can handle."

The notorious LulzSec announced the existence of LulzSecurity.com in a simple tweet on June 2, 2011. Within minutes that website was taken down by other hackers. However, less than an hour later LulzSec was back, and this time the site stayed up, at least until its announced "retirement" about three weeks later. What changed during that hour?

Duo Security, an authentication-as-a-service company that uses your phone for two-step logins, announced today it has raised $5 million in its second round of funding.

Duo Security uses your phone as a second line of defense to keep your accounts from being hacked. Why might you want that kind of protection? For starters, some online accounts are so important you want to make doubly sure that you are the only person accessing them. A strong password is a good line of defense, but attacks from Anonymous and other hackers have made it clear that your passwords aren’t always safe.

Entropy -- the measure of disorder or randomness -- isn't always desirable in the world of IT security. Kinda, sorta patching your IT systems sometimes, for example, would be a bad thing. At times, though, entropy can be a powerful tool, as in the case of well-chosen passwords that are difficult to crack. A fast-growing SIEM (security incident event managment) company called Vigilant is using entropy in an innovative way that warrants a closer look: Its anomaly-detection service identifies malicious threats based on entropy.