Project Insecurity
   HOME

TheInfoList



Click Here for Items Related To - Project Insecurity
OR:
Project Insecurity on:   [Wikipedia]   [Google]   [Amazon]

Project Insecurity was a
computer security Computer security, cybersecurity (cyber security), or information technology security (IT security) is the protection of computer systems and networks from attack by malicious actors that may result in unauthorized information disclosure, the ...
organization founded in 2018 by Matthew Telfer focusing on educational resources, vulnerability identification and remediation, and
exploit Exploit means to take advantage of something (a person, situation, etc.) for one's own end, especially unethically or unjustifiably. Exploit can mean: * Exploitation of natural resources *Exploit (computer security) * Video game exploit *Exploita ...
development. Project Insecurity have responsibly disclosed and released a number of security flaws since their formation in 2018.


History

In April 2018, Project Insecurity released two exploits affecting live chat systems used by various Internet Service Providers and Financial corporations around the world. Nuance Communications and
LiveChat LiveChat is an online customer service software with online chat, help desk software, and web analytics capabilities. It was first launched in 2002 and is currently developed and offered in a SaaS (software as a service) business model by LiveC ...
were the affected software vendors, both of which appeared to be vulnerable to bugs of a similar nature. These bugs could have allowed a malicious actor to glean information on employees relating to the affected companies, such as the name, email, and employee ID of the chat agent, alongside other information such as the backend systems in use, allowing a malicious hacker to potentially gain a foothold within these networks. One of the founders of this exploit was ''Kane Gamble'', who was convicted and given a two-year prison sentence shortly after these exploits were disclosed. Kane's sentencing was unrelated to any activities involving ''Project Insecurity'' and was instead due to his involvement with ''Crackas With Attitude'', a group responsible for purportedly hacking the
CIA The Central Intelligence Agency (CIA ), known informally as the Agency and historically as the Company, is a civilian intelligence agency, foreign intelligence service of the federal government of the United States, officially tasked with gat ...
,
FBI The Federal Bureau of Investigation (FBI) is the domestic Intelligence agency, intelligence and Security agency, security service of the United States and its principal Federal law enforcement in the United States, federal law enforcement age ...
and
Department of Homeland Security The United States Department of Homeland Security (DHS) is the U.S. federal executive department responsible for public security, roughly comparable to the interior or home ministries of other countries. Its stated missions involve anti-terr ...
. Prior to his sentencing, Kane Gamble had been attempting to show that he had reformed his character, not only working alongside Project Insecurity to help secure the above affected systems, but also by reporting vulnerabilities to companies such as
T-Mobile USA T-Mobile US, Inc. is an American wireless network operator headquartered in Overland Park, Kansas and Bellevue, Washington, U.S. Its largest shareholder is a multinational telecommunications company Deutsche Telekom AG, which , holds 48.4 perc ...
of his own accord. In August 2018, Project Insecurity released a series of critical exploits for
OpenEMR OpenEMR is a medical practice management software which also supports Electronic Medical Records (EMR). It is ONC Complete Ambulatory EHR certified and features fully integrated electronic medical records, practice management for a medical practice ...
, an electronic medical system. There was over 25 vulnerabilities released in total, some of which would allow a malicious hacker to obtain full access to any machine running OpenEMR. This meant that such a flaw could be leveraged to expose the personal information of more than 100 million people worldwide, including 30-million US Citizens.


References

{{reflist Computer security organizations