Sky News Google Play page defaced Sky News seems to have a habit of letting its credentials escape into the outside world, apparently letting the Syrian Electronic Army get its paws on its Google Play admin account. As a result, it's had the embarrassment of having the Sky News app screenshots in Google Play replaced with an announcement that “The Syrian …
I just don't get it. Why would a politically motivated group bother doing something like this? I can understand, sort of, why some dumbass hackers would get off just defacing something but why didn't the SEA do something that furthers their ends? "Idiots were here" doesn't seem to accomplish anything.
"I can understand, sort of, why some dumbass hackers would get off just defacing something but why didn't the SEA do something that furthers their ends?"
Who says they didn't?
It's the same reason why you should wipe your system clean after a break-in: you can never be 100% sure what the intruder(s) did or didn't do.
For all we know this could just as easily have been a diversion of some sort.
Why indeed. Just the usual kids playing but (rightly it seems) thought they'd get more press pretending to be connected with the Syrian horrors.
Is the Assad regime going to waste time and money on a 'I woz ere' when they're fighting to maintain the status quo? Are Qatati-sponsored rebels going to post something so lame using the wrong flag (3 stars on their 'embassy' in Qatar). It's kids who found they sound louder if they hijack a controversial figurehead
Sky are apparently claiming elsewhere - that the Apps on Google Play were not replaced or manipulated in any way and are perfectly safe to leave installed on your device. They claim their Twitter account was hacked to tell people that the apps needed uninstalling - but the apps themselves haven't been. As I understand it - this means that the login credentials for their Google Developer console has been found somewhere - but the signing keys to update the apps themselves is still secure. It doesn't really matter much one way or another right now - since Google pulled all the apps anyway.
Maybe if play accounts were separated from your basic user account then it might be a little more secure.
The same username and password for gmail, google+, play, analytics etc etc means Google themselves are replicating the practise of using the same password for all internet accounts... a known secure issue, no?
They don't seem to have the processes in place to respond to this sort of thing which is a big failure for such a major news organisation. I'm not sure I trust a marketing droid when they say "nothing to see here, move along" whilst at the same time, the apps have been removed from the store.
I'm suggesting to family and friends that they uninstall the apps anyway, at least until BSB get their house in order. Better safe than sorry, and its not like they're critical feature apps anyway.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
