Web users reward Palestinian who hacked into Mark Zuckerberg’s profile, exposing a Facebook flaw

SAN FRANCISCO — Internet users have raised more than $11,000 to reward a Palestinian security researcher who hacked into Facebook chief Mark Zuckerberg’s profile to expose a security flaw.

The fundraising campaign on the website GoFundMe raised $11,035 from 178 people in one day for Khalil Shreateh, and was continuing to take donations after he was denied a “Facebook Bounty.”

“I hope this has raised awareness of the importance of independent researchers,” said Marc Maiffret, a security expert at the firm Beyond Trust who led the effort.

“I equally hope it has reminded other researchers that while working with technology companies can sometimes be frustrating, we can never forget the greater goal; to help the Internet community at large.”

While Facebook offers rewards for those who find security holes, the company said Shreateh went too far by posting the information on Zuckerberg’s own profile page without getting consent.

Shreateh said on his blog he found a way for a Facebook user to circumvent security and modify another’s timeline, even if they were not friends on the network.

He said he took the unusual step of hacking into Zuckerberg’s profile after being ignored by the Facebook security team.

source: interaksyon.com

New Anti-Piracy System to Hit U.S. Internet Users on Monday

Starting Monday, most U.S. Internet users will be subject to a new copyright enforcement system that could force them to complete educational programs, and even slow their Internet speeds to a crawl.

A source with direct knowledge of the Copyright Alert System (CAS), who asked to not to be named, has told the Daily Dot that the five participating Internet service providers (ISPs) will start the controversial anti-piracy program Monday.

The ISPs — industry giants AT&T, Cablevision, Comcast, Time Warner, and Verizon — will launch their versions of the CAS on different days throughout the week. Comcast is expected to be the first, on Monday.





The CAS, designed as an "educational" service to combat casual piracy in the U.S., has been criticized as designed purely for corporate interests, at the expense of the average Internet user. While it doesn't require ISPs to cut off Internet access to repeat pirates — as is the case in France and New Zealand — it will issue escalating punishments to suspected pirates, severely reducing their connection speeds after five or six offenses.

Though the system's executive director promised to hire an independent consultant to vet the software that will flag copyright violators, that hasn't happened yet.

The date of the launch isn't yet official — the source expressed surprise that the news has been kept so tightly under wraps — but it's been rumored for several weeks to be at the end of February.

Apparently to mark the launch, the CAS has created a shiny new website. It replaces a drab earlier version, one that would go months without an update and seemed a metaphor for the the system's repeated delays and internal conflicts: Most recently, it was pushed from November to late February, "due to unexpected factors largely stemming from Hurricane Sandy."

The CAS also has a sleek new promotional video, wherein a woman explains the process over smooth jazz.

source: mashable.com

Hackers attack more govt websites as Cybercrime Law goes live

MANILA, Philippines — As the Cybercrime Prevention Act goes into full effect on Wednesday, October 3, local hacktivist groups changed their mode of protest by launching Distributed Denial-of-Service (DDoS) attacks against several government websites.

As of early Wednesday morning, government websites such as that of the National Bureau of Investigation, Department of Foreign Affairs, Department of Health, Senate, Social Security System, and the Official Gazette were rendered inaccessible to Internet users.


Malacañang, however, denied that the Official Gazette was a victim of a DDoS attack, saying heightened interest for the controversial bill was the reason for the surge in the website’s server requests.

“Folks, according to @govph team, they had to tweak some server settings to optimize site to accommodate the surge in traffic,” Deputy Presidential Spokesperson Abigail Valte tweeted. “Interest in full text of RA10175 mostly driving traffic.”

On its Facebook account, PrivateX, one of the local hacking groups responsible for defacing government websites in the past week, posted a DDoS tool where interested Internet users can jump in and join in overwhelming government servers.

“Let’s support anonymous, if you have your vpn with you.. turn it on
kung wala po kayong vpn, it’s a dare to us netizens. it’s like sacrificing for our country,” the group said.

DDoS is a form of cyber attack used by hacking groups to take down particular websites, which involves overwhelming the website’s server by executing external commands from a number of terminals, subsequently crippling the server indefinitely.

Unlike site defacements, DDoS attacks leave no trace of intrusion into the website and are virtually untraceable because it uses a huge number of computer systems and users to carry out the attack.

This means that by making the tool available to the public — and encouraging them to use a Virtual Private Network to mask their true IP address and location — the hacktivist groups could have several computers on its employ to overwhelm government website servers.



As of posting time, the official website of the President has installed an anti-DDoS tool after going down and being rendered inaccessible earlier in the day. The DDoS tool is currently targeting the website of Senator Vicente Sotto III, the one who allegedly inserted the libel provision in the controversial law.

While the new law punishes misuse of devices for purposes of a DDoS attack, having a distributed network of systems used for the attack means law-enforcement agencies would have a harder time going after its originators.

The same method was used by international hacking group Anonymous in crippling the services of Mastercard, Visa, and PayPal in late 2010, after the three companies blocked people from donating to WikiLeaks, a group that leaked confidential US government communications.

The government had earlier denounced the defacement of government websites by local hacking groups, saying they do very little in terms of making their issues known.

“There are proper avenues for expressing their indignation rather than committing cybercrime to protest a bill that aims to prevent cybercrime,” said Information and Communications Technology Office (ICTO) Executive Director Louis Casambre.

“[The defacements] underscore the existing vulnerabilities in some government websites that need to be addressed in a national cybersecurity plan,” Casambre added. “In the meantime, we would like to request our government systems administrators to review their own policies and utilize industry best practices when it comes to cybersecurity.”

Signed into law by President Benigno Aquino III on September 12, the Cybercrime Prevention Act of 2012 seeks to curb the increasing incidents of cybercrimes in the country, particularly those involved in organized cybercrime syndicates.

Violators face a punishment of prison mayor or reclusion temporal and/or a fine (between P200,000 to P1,000,000) depending on the offense as stated under the new law.

Aside from defacements and DDoS attacks, protests against contentious provisions of the Cybercrime Law took the form of black-out campaigns in social media sites as well as street protests in the Supreme Court.

source: interaksyon.com