Domain: commandfive.com
Stories and comments across the archive that link to commandfive.com.
Comments · 7
-
Re:First SK Communications now KT Corp
I would imagine those users already had their personal details stolen back in July 2011 when 35 million people (practically the entire population of South Korea) had their details hacked from another telecommunications provider - SK Communications. Is this a systemic issue in South Korea?
With the South Koreans' over-reliance on Windows, yes. Added to that software monoculture are some terrible security practices. These practices are widespread in the Korean IT industry, and I'm sure would make any competent sysadmin run screaming to the hills. Part of that is there is still the old guard in play there, and due to South Korea's slow adaptation of challenging upper management due to cultural values, this problem will likely remain in place for some time still.
-
First SK Communications now KT Corp
I would imagine those users already had their personal details stolen back in July 2011 when 35 million people (practically the entire population of South Korea) had their details hacked from another telecommunications provider - SK Communications. Is this a systemic issue in South Korea?
-
SK policy changed due to massive hack - not trolls
Actually in South Korea website users were required to share a lot more than their real name. It was a requirement that they also give their Resident Registration Number which is approximately equivalent to a Social Security Number but can be easily decoded to give a citizen's gender and place/time of birth. It wasn't until the personal details of 35 million people were stolen from SK Communications' networks (affecting nearly the entire population, and some foreigners) that the government changed its "Real Name System" policy.
-
Not the first time...
This isn't the first time that a trusted software update mechanism has been used for state sponsored pwnage: SK Hack by an Advanced Persistent Threat
In some cases revoking certificates doesn't seem to be an effective response either, with hackers continuing to use malicious code signed prior to the certificate revocation date: Command and Control in the Fifth Domain (see page 3)
-
Not the first time...
This isn't the first time that a trusted software update mechanism has been used for state sponsored pwnage: SK Hack by an Advanced Persistent Threat
In some cases revoking certificates doesn't seem to be an effective response either, with hackers continuing to use malicious code signed prior to the certificate revocation date: Command and Control in the Fifth Domain (see page 3)
-
Some examples that contradict the Wired assertion
> "[E]vidence to sustain such dire warnings is conspicuously absent."
Guess the Wired.com authors live in a different world than I do:http://www.physorg.com/news/2012-02-nortel-penetrated-hackers-decade.html
http://articles.latimes.com/2008/aug/17/opinion/ed-cyberwar17
http://en.wikipedia.org/wiki/2007_cyberattacks_on_Estonia
http://arstechnica.com/business/news/2011/10/rsa-details-march-cyber-attack-blames-nation-state-for-securid-breach.ars
http://www.commandfive.com/research.html
http://www.darkreading.com/database-security/167901020/security/attacks-breaches/229700229/targeted-attacks-on-u-s-defense-contractors-fallout-from-rsa-breach.html
http://en.wikipedia.org/wiki/StuxnetI'm concerned about the response, but the threat is real.
-
What is the compromised computer running?
"the compromised computer communicating with âpath.alyac.orgâ(TM) is running Windows 2003 Server Web Edition, Service Pack 2
.. only computers running Windows XP were observed communicating with âpath.alyac.orgâ(TM)". Command and Control in the Fifth Domain, Feb 2012