ICYMI: Lizard Squad arrest, yearly predictions and new iCloud flaw
This week's In Case You Missed It looks at the five most popular articles on SC, including news on Lizard Squad and old security predictions.
Lizard Squad downs DNS registrar, hacks Lenovo website
Thames Valley police arrested a 22-year old man from Twickenham who is reportedly a leading member of the Lizard Squad group of hackers.
The arrest came just days after Lizard Squad admitted carrying out a major DDoS attack on the Sony PlayStation and Microsoft Xbox games networks over Christmas, and said it helped in the massive breach of Sony Pictures now being attributed to North Korea.
Two weeks ago, Lizard Squad also launched a DDoS attack tool, claiming bizarrely that the games network attacks were a marketing ploy to help sell the tool.
The New Year saw many of our readers take a look back to last year's predictions to see what the experts (and SC) got right…and wrong.
Some were certainly more inspired than others, and although regional clouds didn't arrive in 2014, it was a year of more state-sponsored and insider attacks (both of which are currently being attributed to the Sony hack), social engineering and the collapse of the perimeter. Windows XP was under attack following its end-of-life but perhaps not as much as anticipated, while Internet of Things devices are yet to get as ‘smart' as first predicted.
2015 began, predictably, with a major hack of a global service provider, when on New Year's Day a tool to hack all accounts on Apple's iCloud was announced – via a vulnerability now reported to have been fixed.
The tool, iDict, (see iDict's GitHub page) uses an exploit in Apple's security in a "100 percent working iCloud Apple ID dictionary attack that bypasses account-lockout restrictions and secondary authentication on any account,” according to a 2nd January report in Business Insider (BI).
A DDoS attack brought down German government sites, with a pro-Russian group claiming responsibility and saying that the attack was for the country supporting Ukraine - though the Ukrainian premier Arseny Yatseniuk has blamed Russian security services directly for the attack.
Pro-Russian hackers demanded that Germany end its support for the Ukrainian government and claimed responsibility for an attack on German government websites, including the lower house of parliament, the foreign ministry's website and Chancellor Angela Merkel's page, ahead of a meeting in Berlin between Merkel and Yatseniuk to sign €500 million (£390 million) in loan guarantees.
It appears that the websites such as www.bundeskanzlerin.de,www.bundesregierung.de and www.cvd.bundesregierung.de, which include speeches and general government information, were subject to a DDoS attack.
Google found a ‘severe' privilege escalation bug in Microsoft Windows but has been called “reckless” for revealing the vulnerability before Microsoft has patched it.
Google's Project Zero security research team said in a blog last week that the flaw is in both 32-bit and 64-bit versions of Windows 8.1 update.
The bug is in the code that allows application compatibility data to be cached for quick re-use. Only administrators should be able to add new cached entries, but the flaw means users can bypass the check on whether they are actually admins.