Skip Links

Worst security snafus of 2012

Some of the worst online security problems of 2012 came in the form of DDoS attacks, cloud outages and political unrest

By , Network World
December 10, 2012 11:53 AM ET

Page 6 of 7

• NASA disclosed how a stolen laptop taken Oct. 31 from a locked car contained "personally identifiable information" on a large number of NASA employees. Although password-protected, the laptop didn't have whole-disk encryption, according to the email to NASA employees from Associate Deputy Administrator Richard Keegan, who gave orders to ramp up disk encryption at once.

• The hactivist collective Anonymous inserted its own online firepower into the raging battle between Hamas in Gaza and Israel, which traded rocket bombardments for several days prior to a cease fire. Coming out on the side of what it said were the "innocent people of Gaza," Anonymous started its so-called "Operation Israel" campaign by organizing attacks on Israel Defense Forces, the Prime Minister's Office, Israeli banks, airlines, media outlets and security companies.

• Hackers compromised two servers used by the FreeBSD Project to build third-party software packages, and the project's team warned that anyone who has installed such packages since Sept. 19 should completely reinstall their machines.

• E-commerce giant eBay fixed two vulnerabilities in its U.S. website, a critical SQL injection hole that gave potential attackers unauthorized read and write access to one of the company's databases, and a cross-site scripting vulnerability that could have been exploited to steal other eBay users' access credentials.

• Criminals managed to hack the DNS records of an unknown number of GoDaddy-hosted websites, inserting ransomware and hacking the DNS records of the site. GoDaddy said its own DNS management systems were not compromised and said the attacks were likely caused by phishing attacks on the victims or other exploits and recommended U.S. and Canada-based customers "enable 2-Step Authentication to help protect their accounts."

• Printers manufactured by Samsung have a backdoor administrator account hardcoded in their firmware that could enable attackers to change their configuration, read their network information or stored credentials and access sensitive information passed to them by users, the U.S. Computer Emergency readiness Team (US-CERT) said in a security advisory. "Samsung has also indicated that they will be releasing a patch tool later this year to address vulnerable devices," US-CERT stated.

December

• Secret information on counter-terrorism shared among foreign governments may have been compromised in a massive data theft by a senior IT technician for Switzerland's intelligence service, known as the NDB. According to news reports, Swiss authorities said the IT technician, arrested last summer for alleged data theft, apparently downloaded terabytes of classified intelligence material onto portable hard drives, and carried them out in a backpack. Authorities aren't sure if he tried to sell this classified information or pass it on, but they describe the suspect, whose name hasn't been released yet, as a "very talented" technician who had "administrator rights" that granted him access to vast government resources. They think he may have been "disgruntled" because his advice on operating the network "wasn't being taken seriously."

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News