Posted by & filed under Security News.

After hackers threatens to make terrorist attack if the “Interview” movie is shown in theaters, Sony releases a press statement cancelling the showing of the said movie.  The hackers which called themselves “Guardians of Peace”, has recently hacked into Sony servers compromising the company’s financial data, unreleased movies and emails.

“We are deeply saddened at this brazen effort to suppress the distribution of a movie, and in the process, do damage to our company, our employees and the American public,” a Sony spokeswoman said in a statement.  Sony further added that there is no further plans in releasing the movie.

The Guardians of Peace demanded Sony refrain from showing the movie.  The “Interview” is a movie comedy that pertains to the assassination of North Korea’s president.

In a news report from CNET, shows that North Korean hackers is behind the Sony attack.  Previous attacks by North Korea to South Korean media companies and banks in 2013 are similar in nature.

Furthermore, the hackers uses language in support to North Korea.  The North Korean government has denied the allegations that they are behind the attack.  However, they support the attack made to Sony.

“The hacking into Sony Pictures might be a righteous deed of the supporters and sympathizers with the DPRK [Democratic People”s Republic of Korea],” a spokesman for North Korea said.

If you are curious to see the movie the trailer is shown at Youtube.

Posted by & filed under Security News.

Spotify HackSpotify is planning to roll out an update on its Android app after it reported that a hacker has breached its security and accessed internal data.

According to Spotify one user account has been affected and the hacker was not access any password, financial or payment information. The company said that they were able to contained the attack after there engineers realized when their servers have been breached.

“Information security and data protection are of great importance to us at Spotify, and that is why I’m posting today,” Oskar Stål, Spotify’s chief technology officer, wrote on the company’s blog.

Windows and iOS devices are not affected by the breach. However, Android app users need to upgrade their app and re-download offline playlists.

Spotify is a music streaming digital service that gives you access to millions of songs.

Posted by & filed under Security Threats.

Anonymous Philippines attacked several Chinese government and commercial websites in protest of China”s bullying against its Asian neighbors in solely claiming the South China Sea.

According to Anonymous facebook post, almost 200 websites were defaced in the attack. Many of them remained down until Tuesday.

Anonymous Philippines posted “China’s alleged claim on maritime territories and oppressive poaching can no longer be tolerated.”

Anonymous Philippines

“The operation was a success, we might not have brought China to it”s [sic] knees but we gave hope to our brothers and sisters, because hope is what we need right now,” Anonymous Philippines said on its Facebook page. “Hope that someday people will stand up and fight back!”

Recently, Philippine authorities have detained Chinese fishermen for poaching sea turtles in Spratlys island.

China and the Philippines are among the six countries–along with Taiwan, Vietnam, Malaysia and Brunei–which claim the South China Sea and its island chains and shoals in whole or in part.

Posted by & filed under Security News.

In a news report from ZDnet, Apple admitted that they are working on the iOS 7 flaw that could left mail attachments unencrypted making it vurnerable to potential hacks and other criminal deeds.

The bug, reported by Andreas Kurtz, means that iOS email attachments are stored unencrypted in certain instances:

I verified this issue by restoring an iPhone 4 (GSM) device to the most recent iOS versions (7.1 and 7.1.1) and setting up an IMAP email account1, which provided me with some test emails and attachments. Afterwards, I shut down the device and accessed the file system using well-known techniques (DFU mode, custom ramdisk, SSH over usbmux). Finally, I mounted the iOS data partition and navigated to the actual email folder. Within this folder, I found all attachments accessible without any encryption/restriction

In a statement release by Apple, the company said that they are aware of the vurnerability and are currently working on a fix that will be deliver in future software update.

Although the email bug is scary, it is difficult to exploit and would require an attacker to physically have your phone and brute force or jail break-bypass the passcode or password.

iPhone 4s and later devices that has an updated iOS 7.1+ is not affected by the flaw.

Posted by & filed under Security News.

After an last's month announcement, Yahoo advises developers that they are implement that the changes in the API setting will be implemented on February 27. Yahoo Mail connections would be getting default HTTPS encryption, enabling HTTPS access to Yahoo Contacts and Profile APIs.

After the said date access to Yahoo Contact and Profile API”s will be limited to SSL Connections.

Tumblr, which is also owned by Yahoo, has also announced this week that SSL encryption will be available to prevent hackers snooping on their activity. However, Tumblr's SSL won’t be activated by default, users will have to go to their Account Settings and turn it on.

The tumblr staff were quoted as posting:

“Any reason I shouldn’t do this?” Nope, not really. It doesn’t change anything about the dashboard, it just encrypts your connection to it. We’ve been using it for weeks and haven’t even noticed. So, yeah, turn it on and forget about it. Easy.”