SecuraBit before it Bytes

Numerous reports have been flying around the intertubes that Sarah Palin’s personal Yahoo email was hacked and items from her mailbox were posted on the internet.  Wikileaks states that the email was hacked around midnight Tuesday Sept. 16th by persons affiliated with the group ‘anonymous‘.  Numerous screenshots, contacts, and family photos have been posted on the Wikileaks website.  It is interesting that she was just asked a few days earlier to release over 1000 emails from the same private account she has been apparently using conduct government business.  

Chris Eng (guest on Securabit Episode 7) has posted some commentary on what he thinks might have happened to the account.  What are your thoughts on this matter?  Is this all fair game and the whole mailbox should be released or just despicable?

UPDATE: Apparently ‘Anonymous’ might not be too anonymous for long.  The screenshot posted listed almost the whole proxy address, which will make it much easier to find in a log.  Unless they used their neighbors wi-fi.

A new season of Hak5 just began with a bang with Securabit’s own Mubix showing off the open source forensics and intelligence gathering tool Maltego.  Look for future shows featuring both Mubix and Chris Gerling.

Google Chrome has generated a lot of press in the day since it was released on Tuesday.  It gained over a 1% market share in under 24 hours.  Some of the interesting tidbits from a risk/security standpoint:

Controversial EULA:

Google Chrome debuted with an extremely controversial EULA that basically says everything you do with the Chrome browser belongs to Google.  They have since adjusted the EULA to remove some of the strongly worded sentences, but this might just have given us a peak into Google’s world domination plot?

Vulnerabilities:

It seems that only mere hours after the Chrome browser was available for download, vulnerabilities started showing up.  Some of them as simple as a browser crash, others as serious as carpet-bombing.  This is actually not too surprising since Chrome is based off the same version of WebKit, 525.13, that the vulnerable Safari 3.1 emanates from.

Incognito Mode:

The Chrome browser has a stealth browsing mode called Incognito which will not leave any tracks of where you browse in your history or store any cookies.  This appears to be very similar to the IE8’s InPrivate browsing mode.

Independent Tabs:

Every tab opened in Chrome runs as an independent instance of the browser.  Apparently, if you experience trouble in one tab, the rest of your Chrome environment is safe from the misbehaving tab.  I guess this only works if you don’t browse to the vulnerability mentioned above that crashes your whole browser.

So what is your take on the new Chrome browser?  Mubix suggests power users should stick with Firefox or will Chrome make the internet less frustrating” as Walt Mossberg declares?

We’re working with new software this time around, yeah sorry to bring you all aboard the beta failbus, but we’ll get it out to you as soon as we can.  It’s probably one of our best episodes content-wise.

-Peace

Interesting security news for 08/29/08:

White House Imposes New Security Mandate for Federal Agencies (Washington Post) - All government agencies will be required to implement DNSSEC by January 2009.

Apple to fix hole in password-protected iPhones (Cnet) - Apple announces that it will release an update in September to fix a hole that allows users to bypass the unlock screen.

Dan Kaminsky Soundboard (0×000000.com) - Can’t get enough Dan Kaminsky, now have him talk to you all the time, any time.

MIT working on network vulnerability analysis (Slashdot) - Researchers at MIT are working on detecting exploitable vulnerabilites by graphing attacks in near real time.