VULNERABILITY ALERT: New Kindle Personal Documents

Date: April 16, 2014
Subject: Fw: New Kindle Personal Documents Features

Dad! Joel, Amazon subscribers:

I noticed a huge vulnerability in various sites including DHS.gov around 11pm last night when I saw bizarre files on my Kindle from “unknown” sender.

Files with sensitive client medical records and financial info that also appeared on the new Amazon cloud.

I object on principle.

Anyone can send (corrupt) files user this old school hacker trick. Lulz Adrian Lamo (Sabu) and other hacker groups; Anti-sec, Russell League, Anonymous and the FBI use this as a tactic to (1) recruit ppl with Aspergers and (2) recruit young dumb schmucks who enjoy their 15 minutes of fame.

Aspergers is a huge wild card in hacking legal scene since it was an effective defense with Gary McKinnon after a decade long extradition battle. Last October, Gary went free.

They sold Free Gary T-shirts at Defcon next to Anti-E bumper stickers, pink tank tops and offered a monetary reward for “tittie pics”

Humiliating.

Alexander recruits these black hat hackers for the NSA.

That’s SOP these days.

PART II: Microsoft Office 2010 has .rtf vulnerability.

Office 2010 AND Amazon AND google drive automatically download and store attached files in many formats and store them to your cloud, PC, dropbox, iCloud and store the files online or on a local drive.

Amazon released a statement on April 16, 2014 at 3:55am that they are automatically access YOUR 5 gigs of cloud storage and for attachments in various formats to store on your local drive as well as the less than secure Amazon cloud server.

This is a TERRIBLE idea!

Bad enough I have all this random crap from “unknown senders” on my Kindle, now it is on my netbook, laptop, and the cloud for any Tom, Dick, Harry, Sabu, Adrian Lamo, Joe Black, or any other number of undesirable snitches working with the Feds.

Using the cloud for storage in a addition to your device is a TERRIBLE idea.

Automatic download and or/execution of files multiple attachments from unknown sources (unscanned; often malicious files that use .pdf, .doc, .rtf and other formats) are easily exploited.

Now that Kindle has proven time and time again that they do not follow any standard protocol for data or security breaches, I can only imagine what lies ahead for those of us who remember the epic hack this time last year.

God forbid they have a repeat performance.

I learned this the hard way.

After six laptops, five droids, 2 iPads, a kindle, 3 iPhones (one stolen at the genius store) two laptops; 3 netbooks, a Botnet that had Shady Rat and my favorite old 486 with a 486 and a Sony Laptop that got stolen by one of my clients. And let us not forget the hacked Windoze phone, STOLEN iPhone and about 12 BlackBerries and a few other T-Mobile novelty devices.

I digress.

The pressing issue is that microsoft has a vulnerability in Microsoft Office 10 which presents additional problems since the security alerts caution that the Macro$hit Office 10 suite vulnerable to Op Shady RAT (Remote Access Terminal) has evolved and spread to plain text files.

Obviously, this could further complicate the Amazon SNAFU since it affects .rtf (Rich Text Format) files that automatically download (or upload) to you Amazon apps, Kindle, iPhone, Computer, iPad, tablet or (heaven help us) the less than secure Amazon Cloud or S3.

In short, we’re fucked. Doesn’t matter if you are on iPad or another device ranging from Android based tablets, phones, netbooks, Laptops and only god knows what else.

Please take the time to investigate this security breach and vulnerabilities that were issued by the Department of Home Security – CERT (Cyber Emergency Response Team) under DHS.gov.

By far the most disturbing and distressing part of this oh so frustrating experience was my inability to get a secure connection to DHS.gov

The Certificate Authority had been revoked, expired stale, etc…

I will update this post when time permits. I took a lengthy video of the error messages and amateur forensic video to help people see how I became aware of this disturbing security risk 5 hours before I called it in to Forensic expert who thanked me for alerting him that his account was compromised.

Will post screen and video clips after I hear from legal counsel to protect my well meaning “whistleblower” tendencies.

I have more pressing matters to attend to this morning. Like the Iranian Cyber Army that left my computer with Blue Screen of Death.

Assholes.

That’s the DailyDDoSe

Tax Day 2014

Just me,

e

@ELyssaD

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s