For this latest edition of the Weekly Cybernote, we will expand on three hot topics that have been widely debated on the internet over the past week: the notorious hack on eBay’s website and the theft of its users’ data, the zero-day flaw identified on Internet Explorer 8 that had still not been fixed by Microsoft even after 7 months, and lastly, new revelations from WikiLeaks about the NSA.
eBay victim of hacking: personal data of millions of users exposed
eBay, the online auction giant, was last week the victim of a major online attack that aimed to retrieve its users’ private data. As such, this cyber-attack compromised the American giant’s databases, which contained among other things its users’ encrypted passwords. Following the detection of this attack, eBay decided to act in full transparency and reacted quickly by asking users to change their passwords as quickly as they could. Fortunately, only a tiny portion of eBay users were affected by this attack – those who accessed the site between late February and early March. Apparently, eBay discovered this attack about two weeks ago. eBay has indicated that it is currently working with a team of experts to identify the masterminds of this attack, who are still unknown. The only upside: PayPal data of users of the auctioning service was intact, as it is stored separately in encrypted formats.
Internet Explorer 8: a zero-day vulnerability of more than 7 months still unfixed
The Redmond-based firm dropped a bombshell last week – it was discovered that Microsoft had not fixed a security flaw affecting its web browser Internet Explorer 8, which dates back to October 2013. This is no small flaw, since it would allow users to install malicious code on workstations in order to take full control of them. It is currently estimated that more than 20% of Microsoft users surf the net using IE8, making it an even more dangerous vulnerability. For a hacker to exploit this flaw, he would need to trick his potential victim into visiting a website that has been specially crafted for this purpose, in IE8 of course. Conventional methods (phishing e-mails, instant messages containing fraudulent links etc) may help a hacker to launch his attack. This vulnerability was discovered in October 2013 by Peter Van Eeckhoutte, a Belgian researcher, during the Zero Day Initiative program. Despite this discovery, Microsoft has still not done anything ever since then to fix the flaw. Microsoft has communicated on the subject by asking its users to install the patch released urgently at the beginning of the month. Arkoon+Netasq’s ExtendedXP allows protecting workstations running on Windows XP and using Internet Explorer 8.
WikiLeaks: the NSA allegedly recorded all communications in Afghanistan
The famous whistle-blowing website WikiLeaks has just revealed that Afghanistan is the second country in which the NSA has recorded all cell phone communications. This is the country that the media such as The Washington Post and The Intercept had preferred not to name for security reasons. WikiLeaks has stated that it does not wish to name the source of this revelation in order to protect it. Julian Assange’s service therefore continues to stand up to state censorship, going as far as to claim that to date, no proof has been submitted by any government organization to show that any of the eight million publications revealed by WikiLeaks has prejudiced anyone in particular. For WikiLeaks, hiding such information would therefore condone and participate in this organized censorship.