In what was undoubtedly one of their most easiest hacks to date, infamous hacktivist group Anonymous cracked the passwords of 78 email addresses from the Syrian Ministry of Presidential Affairs over the weekend to expose some interesting emails.

We’ll not be going into details of these emails themselves, which reveal some scandalous information on how Syrian president Bashar Al Assad was prepped for his now infamous interview with ABC last year. However, what’s more interesting to note is that 33 of the hacked 78 emails, 4 of which seem duds, had their password set as “12345″ as reported by Forbes.

Analyzing the data further it seems that 2 of these accounts are dead, while another one is just made for testing. Furthermore, one user has 5 different variations of their email, another with 2 more variations; with the same password of course.

Not denying that Anonymous wouldn’t have been able to hack more complex passwords, but at least the public wont ridicule you if your password got hacked and came out to be the second most simple password in existence.

Yesterday, after month long negotiations finally broke down between the hacker group and Symantec, Anonymous leaked the source code for Symantec’s PCAnywhere software. The source code was actually stolen in late December or early January of this year, after which Symantec apparently tried to handle the situation by paying the hacker group $50,000 to not leak the code.

Turns out the entire negotiations were just a setup by law enforcement officers, trying to lure the hackers in order to get their information. The entire email thread has been posted online for everyone to see by the Lords of Dharamaja, one of the hacker groups associated with Anonymous. Posting on his Twitter, one of the hackers, Yama Tough, wrote, “You won’t believe it but Symantec offered us money to keep quiet.”

According to Symantec spokesperson Cris Paden who told Forbes in an interview, “Symantec began to receive emails from the hackers a few days later, in which the group demanded money not to publish the portion of Symantec’s source code it hadn’t yet released.”

“When they came to us with what was for all intents and purposes extortion, we went to law enforcement,” says Paden. “From that point on, we turned over the investigation to them.” Eventually after the month long sting operation that didn’t go as intended, Anonymous finally released the source code yesterday on file sharing sites around the world. “We’re able to say with high confidence, any type of cyber attacks generated by this attack would have old characteristics and look like an attack from 2006 that can easily be stopped using current versions of our solutions,” says Paden as Symantec is still analyzing the leaked code. “Our customers are protected.”

The effectiveness of the sting operation by the unnamed law enforcement agencies isn’t clear yet, as the investigation of this leak against one of the world’s biggest security firm is still under way. “As to what happens next,” Paden says. “We’re not really sure.”

Over the weekend Google finally announced the much needed app monitoring process for the Android Marketplace, dubbed ‘Bouncer’. This news comes as a relief to many an Android user who were worried about the alarmingly high rate of malware on the Android marketplace.

Writing on the official blog, Hiroshi Lockheimer, VP of Engineering for Android said that Bouncer, “provides automated scanning of Android Market for potentially malicious software without disrupting the user experience of Android Market or requiring developers to go through an application approval process.“

“Here’s how it works: once an application is uploaded, the service immediately starts analyzing it for known malware, spyware and trojans. It also looks for behaviors that indicate an application might be misbehaving, and compares it against previously analyzed apps to detect possible red flags.” Lockheimer continued, “We also analyze new developer accounts to help prevent malicious and repeat-offending developers from coming back.”

Apart from Bouncer, Android also has a set of built-in features that will provide further security against malware. First off, everything will be run in a sandbox environment to prevent spreading of malware. Permissions will be required (with details of what services will be accessed) on the Android. And finally, Google can remotely remove malware if they deem such an action is necessary if infestation seems to be too high.

So all in all, a decent number of preventative measure have been setup by Google against malware. Time will tell how effective they really are, but for now Android users can breath a sigh of relief that a lot of work is being done to protect them.

Over the weekend, world renowned security firm Symantec unveiled in a blog post that they have discovered 13 apps on the official Android Marketplace which contain a backdoor Trojan.

Android.Counterclank is a new botnet Trojan which basically allows a backdoor open to allow hackers to carry out specific commands on the Android handset, in addition to stealing private data.

“For each of these malicious applications, the malicious code has been grafted on to the main application in a package called “apperhand”. When the package is executed, a service with the same name may be seen running on a compromised device. Another sign of an infection is the presence of the Search icon above on the home screen.”

Going through the stats of the below listed applications, the number of infected handsets is well over a million, at least.

While most of iApps7 apps have been taken down, the rest of the apps, as of posting this article, are sadly still online.

This once again brings into question Google’s policy on security regarding Marketplace apps and how easily malicious apps can infect thousands of people before they’re pulled down.

Novelist Paulo Coelho has sold millions of books, including the all time bestseller “The Alchemist” that sold more than 65 million copies worldwide. It is a lesser known fact that he is also a frequent BitTorrent user and has admitted to pirating his own books.

The Brazilian born writer believes that file-sharing is a good thing which should be seen as a means of promotion for writers like himself. He went as far as to volunteer to support The Pirate Bay in a trial all the way in Sweden. Speaking to a popular BitTorrent site Coelho was convinced of the need to see P2P sharing as a helpful, useful tool.

“Since the dawn of time, human beings have felt the need to share – from food to art. Sharing is part of the human condition. A person who does not share is not only selfish, but bitter and alone,” Coelho said, explaining his decision to to share his books on P2P sharing sites.

Publishing his books freely on The Pirate Bay and other BitTorrent sites has actually worked out really well for Coelho. He has sold tens of thousands of extra books because he shared them.

The Pirate Bays main page today shows the collaboration of the most famous BitTorrent site with one of the biggest names in literature of our times. Maybe those pesky anti-piracy lobbyists need a total, ground-up rethink of their ideas.

The ongoing battle between pro-Palestinians and pro-Israelis continues on the internet, not in the form of heated arguments on forums, but hacking online banking accounts and Facebook credentials.

The battle started off in early January of this year as Saudi hackers “Group-XP” leaked details of some 400,ooo Israeli bank accounts; of which only 14k were officially confirmed by the Israeli authorities as being real. A retaliation by pro-Israeli group, “Hannibal” then warned on 13th Jan that they have access to over “30 million email of Arabs” which they will leak online.

The back and forth between the two sides continued until this weekend when Hannibal published 100,000 Facebook login details from users in Saudi Arabia and UAE on Pastebin and other file-sharing sites. As noted by Zdnet, however, the actual number of accounts leaked is close to 20,000; with most lines of the 100k accounts being blank, repeats, or simply the username and passwords in separate lines.

However, the self-proclaimed ”general of Israel’s hackers” did have another announcement to make. Quoted from the pastebin announcement, Hannibal wrote, “Because I noticed that lately the Arab hackers are gone, I declare cyber war termination. Israeli hackers, stop! Cyber war stops until further notice I will post again if they attack the State of Israel. If they appear again, I again come to save Israel. Trust me. I’ll always be around.”

Regardless of where this online cyber warfare takes both pro-Arab and Jewish groups, we recommend all our readers to change their Facebook passwords, just in case. Hopefully this will be the end of this argument, but as history has shown us, one side will break this cease-fire, and the whole thing will breakdown again, only to hurt innocent people.

In a recent attack on the Indian intelligence agency by a group called “The Lords of Dharamraja” it was uncovered that RIM, Nokia and Apple all gave backdoor access for selling their products to the 1.2+ billion population of India.

“As of now we start sharing with all our brothers and followers information from the Indian Militaty (sic) Intelligence servers, so far we have discovered within the Indian Spy Programme (sic) source codes of a dozen software companies which have signed agreements with Indian TANCS programme (sic) and CBI,” wrote Yama Tough, one of the members of The Lords of Dharamraja.

Turns out that these backdoor accesses were agreed upon by all three companies for actually spying on the US-China Economic and Security Review Commission (USCC). Looking at the leaked military documents by the hackers, and as pointed out by ZDNET, RINOA SUR (RIM, NOkia and Apple) platform was successful.

Earlier in the year it was revealed that Lords of Dharamraja were indeed the group that was behind the Symantec source code release. And whatever the intentions of such hacker groups are in reality, some interesting things like this do surface from time to time.

Moving forward on the ‘innovation’ train, Microsoft posted a new way to manage the security issues that’s been the bane of everyone’s private data in the modern era. How about gesture based passwords on a picture?

With the new password system in place, users will be able to log into a Windows 8 based machine using a Picture Password, whereby specific gestures on a picture will translate into the password. So for instance you have a combination of taps, or straight lines, or circles. The picture can be of your choice, further personalizing the password and making it easy to remember the gestures.

“If a gesture type is wrong—it should be a circle, but instead it’s a line—authentication will always fail. When the types, ordering, and directionality are all correct, we take a look at how far off each gesture was from the ones we’ve seen before, and decide if it’s close enough to authenticate you.”

Now the gestures don’t need to be accurate, as each picture is divided into 100 grids, and the gestures need to be at least 90% accurate for the user to be granted access.

So how secure is a gesture based password input? Take a look at the graph below.

Yup, that’s 398 trillion possible combinations for a simple 5 gesture password. Like, a circle, two taps and two lines on some random picture are more powerful than a proper 8 character password. As a disclaimer, the “complex password” doesn’t comprise of a ‘space’ so the possible combinations are much lower.

In a recent study by the security research firm Accuvant Labs, the top three internet browsers in the world were thoroughly tested for security. Google’s Chrome came in first, Microsoft’s Internet Explorer came in second and Mozilla’s Firefox came in third; all three combined accounting for 93% of the global internet browser market share.

Instead of looking at historical data to see vulnerability of each browser, Accuvant instead had a more proactive approach, by looking at the anti-explotation safeguards implemented by each browser. Sandboxing, 3rd party plug-in security and JIT hardening are three key features that Chrome has successfully implemented, with Internet Explorer showing some deficiencies in. However, Firefox doesn’t have any of these technologies at all, making it one of the most vulnerable browser of the three.

Google Chrome 12 & 13, Internet Explorer 9 and Firefox 5 were tested for this study running on Windows 7 (32bit).  As far as patching security holes is concerned, once again Google came out on top with average patch time of 53 days, followed by Mozilla with 158 days and Microsoft’s 214 days.

You can see the whitepaper for full analysis of the study.

After the large furor created by the discovery of information tracking and key-logging application Carrier IQ being installed on millions of phones across the world, it was only a matter of time before some legal leg-weight was thrown behind its opponents.

This time, it’s gone beyond the companies and carriers who have issued various statements regarding their stance on the Carrier IQ app, but has gone to the american Federal Trade Commission. While some american senators such as Al Franken demanded full transparency as to the information being collected, one such congressman demanded that the FTC look into the matter.According to engadget, the congressman demanded to know if Carrier IQ violated the privacy of millions of Americans as well as violated american wire-tapping laws.

For those of us not residing in the US we can merely watch developments unfold as we ponder if someone’s been listening to our conversation lately.