Detailed Analysis of the SK Communications Hack 21
An anonymous reader writes "An Australian IT security company, Command Five Pty Ltd, has just released a detailed analysis (PDF) of the recent SK Communications hack in which the personal details of up to 35 million users were stolen. This new analysis gives details of the attackers' malicious infrastructure and contains as-yet unreported technical details of the malware used in the attack (including the fact that it has the capability to sniff raw network packets on infected machines). The report also identifies links with other malware and malicious infrastructure, demonstrating that the attack is likely to be part of a broader concerted effort by well organized attackers."
Re:35 million out of 39 million total Korean net u (Score:5, Interesting)
How is the RRN meant to be a unique number that only you know, if it is used at most websites? This sounds like the sillyness of the US SSN -- its "secret" but everyone asks for it. I can see why Australia made it illegal for anyone other than the Tax Office, Employers or Superannuation funds to ask for your tax file number.
Unique number identifiers are useful to ensure records don't get mixed up, but they are not a proof of identity. Using them as proof is moronic.
Re:Summary of Attack (Score:2, Interesting)
This highlights the danger of automatic software updates.