Basefarm SIRT Newsletter 22

This week we had the U.S. Government seize the online currency site Liberty Reserve due to being a “financial hub of the cybercrime world”. There is also an interesting articles from arstechnica how easy it is to decrypt passwords, and how easy it is to be branded a “hacker”. When it comes to our own posts we suggest that you take a look at each of them as they contain information about DoS-vulnerabilities for those running older versions of ModSecurity, as well as going over how Drupal.org got hacked – resulting in ~1 million drupal.org accounts being compromised.

Top 5 Business Intelligence links
U.S. Government Seizes LibertyReserve.com
Confidential report lists U.S. weapons system designs compromised by Chinese cyberspies
New Computer Attacks Traced to Iran, Officials Say
China announces giant military hackathon
Profiling modern hackers: Hacktivists, criminals, and cyber spies

Top 5 Miscellaneous Security links
Anatomy of a hack: How crackers ransack passwords like “qeadzcwrsfxv1331”
Reporters use Google, find breach, get branded as “hackers”
A Peek Inside the Russian Underground Market for Fake Documents/IDs/Passports
PayPal refuses to pay bug-finding teen
Hammond pleads guilty to Stratfor hack: ‘It’s a relief’

Basefarm SIRT Posts
ModSecurity 2.7.4 released – fixes critical DoS vulnerability
Ruby on Rails Exploit publicly used in the wild
Drupal.org compromised – 967,659 users and (hashed) passwords stolen