Bye Bye Internet Security: 2014 the year Security shrugged and Privacy Ambivalence reigned
Gregory Alan Bolcer stashed this in Security
Source: YouTube Video
Stashed in: Teh Internets, Privacy does not exist., Music Videos!, History of Tech!, security, National Security, 2014, Twitch!, Cyberwar!
To save this post, select a stash from drop-down menu or type in a new one:
January
- The Syrian Electronic Army hacks Facebook, Twitter, Skype and associated blogs with a picture, warns users not to use Outlook.com, hack Facebook again a month later, Jan 2014
- Eric Schmidt and Bill Richardson's visit to North Korea and the subsequent 23 compromised high tech companies, Jan 2014
- The Targeting, Target's 110 million accounts bleeds over into 2014 as scammers start to exploit the information widescale, Jan 2014
- FBI coordinating with every major US technology company, at least 23 major high tech ones
- Michaels store compromised by Backoff Point of Sale system allowing hackers to steal 2.6 million customer user payment information records, Jan 2014
- Yahoo! email hacked with up to 273 million users asked to change their passwords as the true damage was unkown, Jan 2014
February
- Korea arrests hackers who stole 17 million user data records from 225 websites to sell to chauffeur companies, Feb 2014
- 100's of Dentist records are found dumped in a dumpster by a local dentist including complete social security numbers and medical history, everyone shrugs, Feb 2014
- Gizmodo reports how easy it is to game Google Maps, receives two calls to the FBI and Secret Service from unwitting users thinking they are in contact with the real government, Feb 2014
- Government built Malware such as parts of Stuxnet starts showing up in illegal markets, while not usable by itself, the techniques they exploit are, Feb 2014
- The US Federal reserve is hacked by a UK man and charged with aggravated identify theft using an SQL injection attack, Feb 2014
- Albuquerque's EC-council who offers secure SSL certificates is hacked three times in one week, Feb 2014
- Mt Gox loses $473 million worth of Bitcoins, or about 850k at the time, and files for bankruptcy, Feb 2014
March
- In an extremely prescient warning, FireEye warns US film industry is ready to be exploited by Chinese hackers intent on getting companies’ content, technology and internal communications, Mar 23
- Adobe patches severe Flash security hole, what is this last year and every year before? No, it's 2014, Mar 2014
- Apple and Google transport buses subject to reverse-wardriving, routes and user info compromised, Mar 2014
- HIPAA controlled, stolen heath data is found to have been used in Facebook and Twitter social marketing campaigns, marketing company slapped on wrist, Mar 2014
- Italian spyware used to spy on journalists and political dissidents show to rely heavily on US controlled servers, March 2014
- Researcher's talk at security conference cancelled after US DoD and French Government claims subject matter is too sensitive, Mar 2014
- Los Angeles County public health sends out 168,500 HIPAA violation letters alerting users from an earlier attack their info was compromised, Mar 2014
- Google fixes 7 major security flaws in Chrome, Mar 2014
- Russian and Ukraine enter into the world's first full-on, asymmetrical cyberwar, Mar 2014
- Researchers find attack that has compromised over 300k small offce and home office routers with majority of victims in Europe and Asia, Mar 2014
- Las Vegas Sand corporation discloses that some number of their user's data has been stolen from an attack the previous month in their PA casino, Mar 2014
- Sally Beauty confirms 25k user records were stolen including credit cars after a similar attack the previous month, Mar 2014
- US IRS employee steals a thumb drive with private information on 20k other IRS workers, claims no taxpayer information (other than political) was revealed, Mar 2014
- Sony Pictures picks up the rights to make the Target hack into a cyber-thriller movie, Mar 2014
- UCSF says 100k medical and patient records were compromised by a stolen desktop at the Family Medical Center, Mar 2014
- California DMV suffers a data breach for all online payments, number of accounts not disclosed, Mar 2014
- NSA leaks reveal the existence of Turbine, Turbulence, and Turmoil, three automated systems for breaking VPNS, planting Malware, and capturing data, Mar 2014
April
- Security firm finds fatal flaw in medical amnesia machine where tampering can lead to patient death, April 2014
- SQL Injection grows up, 65% of organizations have been hit with 140 days on average to detect, April 2014
- Aaron Brothers loses 400k worth of customer data records, a subsidary of Michaels, using a similar Backoff Point of Sale technique, April 2014
- ATT communications was hacked internally by employees who provided outsiders with social security numbers and other private info for two weeks, April 2014
- Experian caught in grand lie that none of their data from last year was used when 32-person fraud and theft ring discloses what they did with it, April 2014
- Youngest hacker ever, 5 year old hacks Xbox to get around dad's security to play games he wasn't supposed to, now works at Microsoft, April 2004
- Wide ranging bug found for oil, gas, and utility control software, 7,600 plants vulnerable, April 2014
- Chicago area Dr. loses his password resulting in the breach of 1200 patient data records, April 2014
- SSL failure part one: Apple's Goto fail caused by a one line typo in Apple code compromising encrypted data
- SSL2 GnuTLS compromised by code resident since 2005 that fails to properly verify X509 certificates
- SSL3 Heartbleed, security specialists discover a change from 2011 that has been in the wild for 2 years to exploit everything with the SSL heartbeat, hackers waste little time in exploiting it, April 2014
- Iowa State data on 30k students stolen in security breach, April 2014
- Hacked passwords shown to be able to unlock Tesla vehicles, April 2014
- Symantec discovers nJRAT trojan software infecting 24k machines worldwide and exploited by 487 different groups, April 2014
May
- French mobile provider Orange admits 1.3 million customer records stolen, May 2014
- Vietnam and China engage in second, first ever cyberwar, May 2014
- Emory University hit with cyber-attack, no wait, they are their own worst enemy and accidentally just pushed a Win7 update, May 2014
- Iranian hackers learn how to be social, fill Twitter and Facebook with fake accounts to lure US workers to watch "why can't we be friends" youtube videos, May 2014
- Zberp, the worst of the Zeus and Carberp malware programs is released and targets 450 financial institutions including secure SSL, May 2014
- Ebay hit with 145 million user data breach including email and login credentials, May 2014
- Department of Homeland Security says US energy and utility labs and sites compromised through brute force attack of passwords, May 2014
June
- Cupid weaponizes Heartbleed for wfi, routers, and plucking passwords, June 2014
- AmericanExpress issues warning after Ukraine claims it has 7 million user records from the company and Visa, Mastercard, Discover, June 2014
- DHS warns highway workers that default, hard coded passwords can be used on highway signs to warn about zombies and stuff, June 2014
- PF Changs has major credit card breach, US secret service and FBI find out about it before they do, June 2014
- Canadian Mounties disclose 4 year hack of Blackberry and intercepting of over 1 million messages, June 2014
- Australian dating site has 254k user account records stolen following 42 million the previous year, June 2014
- Houston Astro's have 10 months of player trade talks leaked, may have been solely for fantasy baseball advantages, June 2014
- Dropbox discloses "security in plain site" direct linking of files as a security hole after users complain, and then blames users for their own security problems, June 2014
- Evernote, the same week suffers denial of service outages for up to 100 million users, June 2014
- Feedly, up to 15 million users go offline for duration of denial of service attack, June 2014
July
- Oracle releases security megapatch, still several years behind current attacks on their products, July 2014
- Fitness freaks and Quantified Self advocates get their data hacked and exploited, users keep wearing them anyways, July 2014
- Tesla2, Tesla motors REST API put to the test in Chinese conference, July 2014
- Apple iOS security flaw found that allows user to bypass encryption, government access is suspected, all iOS devices seen as compromised, July 2014
August
- BadUSB is show to be able to compromise anything with a USB including replacing the BIOS, August 2014
- The firm that vetted Snowden, USIS, exposes more than half a million background checks, August 2014
- US Venture firm Kleiner Perkins suffers major security breach including internal business plans and rejected slideware, August 2014
- Private patient data stolen from Cedars-Sinai found to have been stored and stolen from employee's home, August 2014
- US officials indict a Boeing contractor for stealing plans for the US's new fighter jet over the course of 5 years, August 2014
- Backoff point of sale malware strikes again with up to 60 UPS stores compromised, Aug 2014
- Google claims to release security audits to the public, but forgets to include enough information leaving more concerns than answers, August 2014
- Community Health Services loses patient data for 4.5 million people who visited any of their hospitals over the past 5 years, August 2014
- Gamergate, online bullying is taken to a whole new level with vile threats which would be crimes offline are shrugged at and considered the norm, August 2014
September
- Gmail passwords and usernames show up on russian Bitcoin site, Sept 2014
- Goodwill suffers some bad will with 330 Goodwill stores suffering theft of over 860k credit card records, Sept 2014
- SuperValu, Cub Foods, Farm Fresh, Shop n Save, and Shoppers customer suffer back to back attacks for private information and credit card thefts, Sept 2014
- Joomla e-commerce is compromised just as much as point of sales offline devices, Sept 2014
- SSL4 Shellshocked, the number one unix shell Bash allows users through a hack to run any secure command, examples of real exploits using it discovered, Sept 2014
- Amazon fixes Kindle e-book flaw caused some by e-books installing malware on the reader, Sept 2014
- US Transportation department concludes that their systems had been successfully breached 50 times in the past, pat themselves on the back, and go back to business as usual, Sept 2014
- Healthcare.gov insurance site hacked, administrators find no evidence, 75% of hospitals worried about security of data and users urged to change passwords, Sept 2014
- The Tor network information is used to takedown and arrest several scofflaws, humorously caught by sloppy privacy practices as discovered in the criminal trial, Sept 2014
- Flightradar 24 reveals flight data inducing government and possibly secret government flights, Sept 2014
- Ransomware goes full tilt, uses FBI, NSA, DOJ seals, as it's discovered 60% of users simply pay the ransom to get their computer back, Sept 2014
- The Fappening compromises thousands of intimate celebrity pictures that they didn't even know where on iCloud, Sept 2014
- The Fappening Round 2, Sept 2014
October
- Up to 80 million households might have compromised data from the JP Morgan credit card stolen information, Oct 2014
- AirHopper air gapped computers are shown that they could be compromised at MALCON not using bluetooth or wifi, Oct 2014
- The Snappening, Self-destructing SnapChat data posted on 4chan after hackers gain access to backups, Oct 2014
- Android Browser flaw found to leak data through cross-site scripting, Oct 2014
- Verizon's unstoppable permanent cookies: injected on the server side, UIDH could not be stopped as it was controlled and sold by the provider, Oct 2014
- Uber uses their reputation system to smear and punish unflattering journalists, Oct 2014
- Home Depot hit with 56 million stolen credit cards and 53 million stolen email addresses, Sept 2014
- ATM flaw allows users without a card to grab wads of cash through malware compromise, Oct 2014
- SSL5, POODLE "padding Oracle" is a new security flaw that isn't cute, can hijack and decrypt cookies, take over accounts, Oct 2014
- Staples confirms a widespread data breach, they find out about it from debit and credit card fraud, stock price shrugs, Oct 2014
- Dairy Queen and Orange Julius shops have Backoff point of sale malware compromise 395 of their stores, Oct 2014
- Dropbox2 usernames and passwords copied to Pastebin, first 400 revealed out of 7 million, call for Bitcoin donations to release more, and a trickle of a few hundred more at a time, Oct 2014
November
- Cisco patches vulnerabilityes in small business routers caused by cross-site request forgery that they knew about for month, Nov 2014
- Darkhotel software discovered to target luxury hotel wifi for purposes of blackmailing and stealing information from high net worth business travelers, Nov 2014
- Russian security researchers find flaw in 4G sim cards and model platforms to allow eavesdropping, millions or tens of millions at risk, Nov 2014
- A core IRS system for calculating fees on Obamacare recipients found extremely vulnerable to the simplest of hacks, Nov 2014
- SSL6, MEANER POODLE can bypass 10% of all TLS Websites
- Wirelurker infects ios mobile devices when USB connected to an infected computer to steal call logs, location info, and calling home with the info, Nov 2014
- Regin Malware proven to have been used by Western governments to spy on EU, Nov 2014
- GPS Jamming proven to really work for maritime vessels, Nov 2014
- 800k US Postal employee files stolen by Chinese hackers, Nov 2014
- Chinese hackers compromise National Oceanic and Atmospheric Administration, they still can't control the weather, Nov 2014
- A survey of US consumers say they will avoid compromised retailers this Christmas shopping season, but they don't, Nov 2014
December
- Keurig 2.0 gets security hacked, users use low tech to get around high tech coffee restrictions, Keurig recalls millions of machines saying it sprays hot water on users, but it's really to fix the bar scanner, Dec 2014
- ISC F DNS server, one of 13 DNS root servers in the world, may have been compromised by the Wordpress hack and the Angler rootkit, Dec 2014
- SoakSoak Malware compromises over 100k Wordpress sites, a fix is issued, but nobody upgrades so business continues as usual, Dec 2014
- NTP, the world's computer time syncrhonization protocol shown to fall prey to reflection attacks, using it as a denial of service, Dec 2014
- Xbox Live and Playstation networks are DDoS'd to prevent millions of kids from playing games on Christmas, Dec 2014
- A Fake Tor browser is planted into Apple store and Apple refuses to take it down as they want to give the developers a chance to explain their adware/malware, Dec 2014
- Google finds a zero day Windows "escalated privilege" attack the second time this year for Win 8.1 and early Win7 version, releases info to security practitioners, Dec 2014
- Hacker group releases over 13k usernames, passwords, credit card records from hacked Amazon, Walmart, Dell, Twitch.tv, Brazzers, Digital Playground, Xbox, and Playstation accounts, Dec 2014
- Sony Pictures gets hacked by North Korea according to the FBI, security researchers claim it's an inside employee, China hopes everyone forgets about their earlier threats and hopes to blame everyone else, the rest of the world learns that Hollywood movie studios are like petty, Kindergarden playgrounds or sausage factories, Dec 2014
Wow that is a laundry list of bad.
I'm afraid it only gets further behind the curve next year.
Well yes, now that the trend is set, it's got a trajectory and momentum.
Unfortunately.
12:23 PM Dec 31 2014