0Day Tech

File sharing site The Pirate Bay is no stranger to law enforcement, its offices were raided back in 2006, which led to four convictions. Now the team believes that authorities have obtained new warrants and are bracing for another crackdown.

Pirate Bay learned from its first brush with the law. “Those who are aware of the site’s history know that without a few essential keystrokes in May 2006, The Pirate Bay may not have been here today. When Pirate Bay founder TiAMO heard that something was amiss, he decided to make a full backup of the site before heading off to the data center, where he was greeted by dozens of police officers,” reports file sharing news site TorrentFreak.

The service recently switched from torrents to magnet links for sharing files between users, meaning the entire site is now small enough to store on a conventional thumb drive. It has also put in place a number of failsafes like backup domains and different servers across the globe.

The site recently moved from a .ORG domain to prevent American authorities from pursuing legal action. But the switch to a SE. domain seems to have opened the door to a new confrontation with local authorities in Sweden.

With typical flair, the team behind Pirate Bay left a message for Swedish law enforcement. “We’re staying put where we are. We’re going no-where. But we have a message to Hollywood, the investigators and the prosecutors: LOL.”

Hackers have defeated Google Chrome first in an annual competition to test the security of the most popular web browsers.

At the Pwn2own competition in Canada, a group of French hackers were able to bypass Google’s vaunted security features to take control of a Windows PC in less than five minutes.
The result is a reversal of last year’s Pwn2own, when Chrome stood undefeated at the end of the competition.
This year it was beaten by Vupen, a French firm controversial in security circles for selling the software vulnerabilities it discovers to government spy agencies.
“We wanted to show that Chrome was not unbreakable,” the firm’s head of research Chaouki Bekrar told ZDNet.
“Last year, we saw a lot of headlines that no one could hack Chrome. We wanted to make sure it was the first to fall this year.”

The hack wins the firm 32 points in the overall Pwn2own competition.
Vupen used two previously unknown vulnerabilities to beat Chrome’s security, which is seen as stronger than its rivals Firefox and Internet Explorer because of its use of “sandboxing”. The software, now the world’s second most popular browser, effectively runs in isolation from the rest of the operating system. In theory, even if Chrome is hacked the attacker does not gain full control of the machine.

Previously hostile to attempts to discover vulnerabilities in software, major technology firms including Google, Microsoft and Facebook now cooperate with hackers and offer “bounties” for new discoveries.
Mr Bekrar said his team had worked for six weeks ahead of Pwn2own to uncover the vulnerabilities. They had also found ways to hack into Firefox and Internet Explorer, but wanted to demonstrate that Chrome was not unbeatable first.
“It’s not an easy task to create a full exploit to bypass all the protections in the sandbox,” he said. “I can say that Chrome is one of the most secure browsers available.”
Vupen said it will keep details of how it bypassed Google’s sandbox technology private “for our customers”.
Separate to Pwn2own but at the same Canadian conference, Sergey Glazunov, a Russian student also demonstrated a Chrome hack to claim a $60,000 bounty.
“It was an impressive exploit,” said Justin Schuh of Gooogle’s Chrome team.
“It required a deep understanding of how Chrome works. It’s a very difficult and that’s why we’re paying $60,000.”
Google is working on fast security updates for Chrome to patch the vulnerabilities.

One year after the Air Force blasted it into orbit, an experimental robotic space drone continues to circle the Earth.

Its mission and payload, however, remain a mystery.
The X-37B Orbital Test Vehicle, which looks like a miniature unmanned version of the space shuttle, was launched last March from Cape Canaveral, Fla.
At the time, Air Force officials offered few details about the mission, saying that the space plane simply provided a way to test new technologies in space, such as satellite sensors and other components.
It was slated to land 270 days later, which would have been in November, on a 15,000-foot airstrip at Vandenberg Air Force Base, northwest of Santa Barbara, Calif. But the Air Force extended the mission and never announced an exact landing date.
Air Force Lt. Austin Fallin, a Vandenberg spokesman, confirmed Wednesday that the X-37B is still in orbit.
It is the second X-37B launched by the military. The first one was launched in April 2010 and landed 224 days later at Vandenberg.
Some industry analysts have theorized that because of its clandestine nature, the X-37B could be a precursor to an orbiting weapon, capable of dropping bombs or disabling foreign satellites as it circles the globe.
The Pentagon has repeatedly said the space plane is simply a “test bed” for other technologies.
Both X-37Bs were built in tight secrecy by Boeing Co.’s Space and Intelligence Systems unit in Huntington Beach, Calif. Engineering work was done at the company’s facilities in Huntington Beach and Seal Beach. Other components were supplied by its satellite-making plant in El Segundo, Calif.
(c)2012 the Los Angeles Times
Distributed by MCT Information Services

Researchers at Microsoft have made software that can learn the sound of your voice, and then use it to speak a language that you don’t. The system could be used to make language tutoring software more personal, or to make tools for travelers.

In a demonstration at Microsoft’s Redmond, Washington, campus on Tuesday, Microsoft research scientist Frank Soong showed how his software could read out text in Spanish using the voice of his boss, Rick Rashid, who leads Microsoft’s research efforts. In a second demonstration, Soong used his software to grant Craig Mundie, Microsoft’s chief research and strategy officer, the ability to speak Mandarin.

Hear Rick Rashid’s voice in his native language and then translated into several other languages:

• English
• Spanish
• Italian
• Mandarin

In English, a synthetic version of Mundie’s voice welcomed the audience to an open day held by Microsoft Research, concluding, “With the help of this system, now I can speak Mandarin.” The phrase was repeated in Mandarin Chinese, in what was still recognizably Mundie’s voice.

“We will be able to do quite a few scenario applications,” said Soong, who created the system with colleagues at Microsoft Research Asia, the company’s second largest research lab, in Beijing, China.

“For a monolingual speaker traveling in a foreign country, we’ll do speech recognition followed by translation, followed by the final text to speech output [in] a different language, but still in his own voice,” said Soong.

The new technique could also be used to help students learn a language, said Soong. Providing sample foreign phrases in a person’s own voice could be encouraging, or easier to imitate. Soong also showed how his new system could improve a navigational directions phone app, allowing a stock synthetic English voice to seamlessly read out text written on Chinese road signs as it relayed instructions for a route in Beijing.

The system needs around an hour of training to develop a model able to read out any text in a person’s own voice. That model is converted into one able to read out text in another language by comparing it with a stock text-to-speech model for the target language. Individual sounds used by the first model to build up words using a person’s voice in his or her own language are carefully tweaked to give the new text-to-speech model a full ability to sound out phrases in the second language.

The company is also setting itself up to take on Microsoft (MSFT.O) and Sony (6758.T) on their home turf of game consoles.

From Electronic Arts to “Crysis” developers Crytek, industry executives are figuring out ways to migrate graphics-intensive so-called hardcore games to the iPad. Epic Games and Namco Bandai (7832.T) took the stage at Apple’s iPad unveiling this week to show off what they can do with an iPad that has a faster quad core processor.

With more than 55 million iPads sold to date, including 15.43 million last quarter, the tablet is quickly catching up to the number of consoles on the market: the PlayStation 3 has sold 62 million units and Xbox 360 has moved more than 65 million units. That growing user base is drawing developers who want to see their games played on as many devices as possible.

“Apple is definitely building their devices as if they care a lot about ‘triple-A’ games,” said Mike Capps, president of Epic Games, the studio behind “Gears of War” for consoles and “Infinity Blade” for the iPad.

The “triple-A” moniker is bequeathed to only the highest-quality video games — those with the best graphics and that cost in the tens of millions of dollars to produce. So far, not many “triple-A” titles appear on mobile devices.

Capps, who has appeared on stage at all three of Apple’s iPad launches, said he is trying to push the console manufacturers, Sony and Microsoft, to come out with more powerful devices so they do not get left behind. On Wednesday, he told the crowd in San Francisco the new iPad has better screen resolution and more memory than Microsoft’s Xbox and Sony’s PlayStation.

While gamers today might still prefer to play shooter games at home on big screen TVs with a handheld controller, that could soon change, Capps said, especially if a bluetooth controller is developed for the iPad.

“It is quite easy to imagine a world where an iPad is more powerful than a home console, where it wirelessly talks to your TV and wirelessly talks to your controller and becomes your new console,” Capps said in an interview.

Meanwhile, the industry is bracing for change. Frank Gibeau, president of Electronic Arts’ Labels (EA.O), who oversees the company’s biggest games such as “Battlefield 3″ and “Star Wars: The Old Republic,” said the company is eyeing Apple’s moves closely.

“When the iPad gets to the processing power that’s equal to an Xbox 360 and it connects to a television, that’s no big deal to us. We’ll put the game through the iPad and have it display through the television.” Gibeau said.

BRING ON THE GAMES

EA has already brought some games from its marquee franchises to the iPad: “Dead Space” and “Mass Effect”.

For publishers, “it used to be, oh hey, it’s just the Nintendo, Sony and Microsoft show, but that’s not the case anymore,” Gibeau said.

Germany’s Crytek, which developed “Crysis 2″ for consoles and PCs, is working on its first game for the iPad, due out in the spring. While that game will be puzzle-based — minus the free-wheeling pyrotechnics — the company said it could one day bring that genre of hardcore games to the device.

“As more people come to these platforms, we have to follow our fans,” said Kristoffer Waardahl, a Crytek studio manager.

While speedier iPads will soon be getting into more gamers hands, Jeremy Parish, editor in chief of gaming blog 1UP.com, said it does not necessarily put pressure on console makers to come out with a new product any faster. The Xbox 360 launched in 2005 and the PlayStation 3 came out in 2006.

“For the console makers, it has got be a little bit of an embarrassment to say that this tablet has more power and better screen resolution. But at the same time, this will not be the motivating factor to get them to jump into a new generation of consoles,” Parish said.

Yet the industry is counting on a new wave of gaming hardware in the near future. Nintendo will release the “Wii U,” its first console with high-definition graphics, later this year.

For now, experts are divided as to whether the new iPad will make a dent on consoles but at least one investor said he does expect sales of rival gaming products to be hurt.

“While consoles won’t cease to exist, it does create pressure on them by hurting their growth and taking away some of their customers,” said Michael Yoshikami, CEO of Destination Wealth Management.

Sony spokesman Dan Race said “the PlayStation 3 business is having its strongest year ever” and the “PlayStation $249 price point is resonating with gamers and families alike.”

Nintendo’s U.S. executive vice president of sales and marketing, Scott Moffitt said “Regardless of the device, consumers have repeatedly demonstrated that they care more about the experience than the tech specs.”

Microsoft declined to comment.

Apart from the iPad, Apple’s fledgling TV product is also being watched closely by video game companies. Hudson Square analyst Dan Ernst said he doubts the iPad will affect console sales, but said an Apple TV with an app store could one day pose a viable threat.

Facebook wants to make sure users are who they say they are, but it’s now allowing for the fact that some users are much better known by nicknames than what’s printed on their government ID. The fraudulent use of names is becoming a concern among all social networks, Gabe Donnini, data solutions engineer at Chitika — and it is not limited to globally recognized artists such as Lady Gaga.

Stefani Germanotta might be one of the most popular music performers today but many people still have to think a moment before they realize she’s Lady Gaga.

Recognizing this, and the plight of other people who prefer to use nicknames — or perhaps a blog name — Facebook is putting in place an account verification mechanism for subscribers with a large number of friends.

Facebook’s policy up to now has been to require all users to sign up under their real names. The new system will allow some users to submit a government ID for verification. Then they will be allowed to prominently display their nickname or alternate name — such as a maiden name, for instance — in their timelines. Their official name must also be a part of their timeline, though.

Fraud and Other Factors

Unlike Facebook, Twitter lets people sign up using whatever handle or name they choose. However, it also offers an identity-verification system. Twitter’s process came under scrutiny earlier this year, though, after someone hijacked the name of Wendi Deng, wife of media mogul Rupert Murdoch, and sent out tweets pretending to be her.

In general, social media networks have been focusing more on the issue of verification for popular or famous users, Gabe Donnini, data solutions engineer at Chitika, told TechNewsWorld. In fact, Facebook’s new policy of allowing famous users to sign up using a nickname was likely developed, in part at least, to get them to show a government-issued photo ID that will ensure they are who they say they are, he said.

The fraudulent use of names is becoming a concern among all social networks, Donnini said — and it is not limited to globally recognized artists such as Lady Gaga. Prominent people, perhaps businesspeople or local politicians, have also found their identities swiped on social networks.

There have been spoofing incidents affecting entire compaanies, such as in 2010, when someone used the handle “@BPGlobalPR” to send out mocking tweets in the wake of the oil spill crisis in the Gulf of Mexico.

“Facebook, Twitter and Google+ are all taking steps to keep fraudulent users off of the site,” Donnini said.

What About Google+?

Another famous spoof occurred on Google+ Pages last November, when someone set up a fake Bank of America (NYSE: BAC) page that ridiculed the institution’s mortgage-lending and foreclosure processes. It was reportedly up for an entire week before Google (Nasdaq: GOOG) took it down — raising doubts that the then-new network had sufficient safeguards in place.

“Google+ doesn’t have an official verification policy,” Donnini said, “but they have been verifying user accounts on their site.”

Not a Fan of Transparency

Not everyone is a fan of complete transparency, though — and it is not because they have a nefarious intent.

The use of pseudonyms can lead to more honest, interesting and deep conversations, Anjelika Petrochenko, general manager at LiveJournal, told TechNewsWorld.

“It allows users to be their true and authentic selves and gives them the opportunity to talk about and share experiences without fear of reprisal,” she said. “Furthermore, it provides a safe haven for those in need of an outlet to discuss sensitive issues, and it gives users more incentive to share opinions around a broader range of topics.”

Easy to Bypass

While the trend may be toward more transparency, the reality is that people can easily bypass such safeguards.

“My nephew, Guy Palmer, was able to set up his Facebook page as ‘Geeyouwhy Palmer,’” Charles Palmer, executive director of the Center for Advanced Entertainment & Learning Technologies at Harrisburg University of Science and Technology, told TechNewsWorld. “Take a look around the site and you’ll find lots of people already personalizing their name and URL with creative misspellings, alliterations, and anything else they can think of.

Celebrities, of course, have their own issues, he added — although offering them a special narrowly tailored option could create some resentment, depending on how widely defined “celebrity” becomes under Facebook’s rules.

In fact, I’m really surprised that Facebook is going to change its policy, but this could be a sign of many more changes as they go public,” Palmer said.

Facebook did not respond to our request to comment for this story.

The U.S. Congress buried the Stop Online Piracy Act (SOPA) and its cousin, the Protect IP Act (PIPA), following a wave of public protest earlier this year. With those pieces of legislation effectively taken off the table, the Anti-Counterfeiting Trade Agreement, or ACTA, has gained attention. A slew of countries, including the U.S., have signed the agreement, but skepticism rages on.

In this podcast, we chat with Andrew Kureth, the editor in chief of The Warsaw Business Journal. Backlash against ACTA been especially strong in Poland, where tens of thousands have protested in the streets and where members of parliament donned Guy Fawkes masks in protest. Kureth talks about ACTA and why it is that Poles are so adamant about the issue.

TechNewsWorld: We are doing a multi-part podcast about ACTA, the Anti-Counterfeiting Trade Agreement. It’s designed to get countries from around the world on the same page when it comes to copyright infringement and enforcement.

In Part I of this podcast, we broke down some of the nuances and language of the agreement with David Meyer, who is a technology reporter for BBC News, ZDNet and a few other outlets.

Today we’re going to be moving away from the agreement itself and talking a little bit about the reaction to ACTA. And it seems like nowhere has the reaction been stronger than in Poland. There were an estimated 20,000 people who protested after Poland signed the agreement in late January. There were also members of Polish parliament who donned the Guy Fawkes masks preferred by the Anonymous hacker group. So we’re going to try to get an understanding of what’s going on in Poland with this reaction.

And to do so we’re going to welcome in Andrew Kureth, who’s the editor-in-chief of the Warsaw Business Journal. Andrew, thanks a lot for taking the time to chat, I appreciate it.

Andrew Kureth: Thank you for having me.

TNW: I guess, first off, the reaction seems like it’s been very strong in Poland and it’s getting a lot of play in international news. I’m curious, from your perspective, is the media coverage accurate? Is it as big of a deal as it’s being portrayed as?

Kureth: That’s a tough question to answer. I think it’s a very big deal amongst the young people, certainly from, say, 15 or 18 to 30. It’s a huge deal. Certainly, it has absolutely been an issue that has gripped the Polish public. There have been protests throughout the country — in Warsaw, there was a huge protest in Krakow.

Poles are very Internet-savvy. So there are two sides to that. There are a lot of people in Poland who understand the Internet very well, a lot of tech people here, programmers, are continually awarded, so they really know a lot about what’s going on, so they’re very informed about issues on the Internet and protecting Internet freedom.

On the other hand, it’s not exactly the richest country in the European Union, and for that reason pirating and getting free content off the Internet is also very popular. I think those folks, especially, see that in danger, so there’s that I think.

I don’t think that people particularly understand ACTA very well. But they understand that Wikipedia protested against SOPA and PIPA, they understand that Anonymous doesn’t like this particular bit of legislation, so they’re very fearful of what it could do, although I’m not sure they understand the legislation.

TNW: If you were going to say what the root of the resistance is, do you think it comes down to kind of a freedom of speech sort of philosophy? Or does it have just as much to do with the idea that the Internet might not be as easy of a place to find free and cheap movies and TV shows and stuff? Can you pinpoint the root of the resistance to this?

Kureth: Well I think it’s a little of both. There are a lot of protests around this because of worries of censorship. There’s a lot of signs you that say, “No to Internet censorship,” and that sort of thing. But I don’t think it’s particularly connected to people being worried about being able to express themselves. I don’t think people here are worried that ACTA is going to keep them from expressing their political views, for example.

I think that it’s more about, not only finding cheap or free films and music, but about finding information. There are worries that the legislation is ambiguous and will allow large, vested interests to make an accusation and a website will have to shut down because of those accusations that the burden of proof will be on the accused rather than the accuser.

Article from TechWorldNews

With SOPA and PIPA on the back burner (at least for now), ACTA, the Anti-Counterfeiting Trade Agreement, has become the world’s eminent piece of online piracy legislation. A slew of countries, including the U.S., have signed the agreement, but skepticism rages on. There have been protests throughout Europe, threats from Anonymous and resentment from Web users the world over.

To get a better idea of what’s going on, TechNewsWorld hosts a multi-part podcast about what ACTA is and what it might mean moving forward.

In this podcast, we chat with David Meyer, a freelance journalist for ZDNet, BBC News, The Guardian and others. Meyer dissects the language, evolution and future of ACTA.

TechNewsWorld: ACTA is designed to get countries from around the world on the same page when it comes to copyright infringement and enforcement. It has become quite the international story of late — there have been huge protests in Poland, a big petition in the U.S. There was a European Parliament resignation over the ACTA issue.

So we are going to be taking a closer look at what ACTA is and what it entails for the countries that are signing on.

To do so, we’re going to be talking with David Meyer, who is a freelance journalist. He writes often for ZDNet UK, which looks at all things technology. David, thanks a lot for taking the time to chat, I appreciate it.

David Meyer:: It’s a pleasure.

TNW: You did a really good job breaking down the nuts-and-bolts of ACTA at ZD Net UK in an article, “ACTA: Facts, misconceptions and questions .” One of the things that I liked was you talked about some of the semantic ambiguity and one of the things you touched on is how ACTA is designed to prohibit copyright piracy on a “commercial scale.” And then you go on to say that commercial scale is largely undefined.

What do you take that to mean when this agreement talks about “commercial scale” issues.

Meyer: The agreement refers to the commercial scale issue twice. The first time it’s trying to, you know, stress that commercial scale is really about people who are trying to make money out of this as opposed to small-scale people just sharing. But at the same time, it’s criteria for what “commercial scale” constitutes, include making money off it at all. So off just that point alone you could be looking at somebody who has a blog, let’s say, which carries some copyright-infringing material on it, and because that blog has Google (Nasdaq: GOOG) Ads, and the proprietor of the blog is making maybe a few dollars off it, that could qualify as commercial scale.

It also then has a specific digital section which talks about, well, it basically equates “commercial scale” with “widespread distribution” on the Internet. And that’s what the Internet is for, that’s what the Internet does: It distributes in a widespread way. So both of the descriptions are problematic, potentially problematic, for small-scale violators as well as those who genuinely are trying to profit off the work of others.

TNW: Have these ambiguities been an issue for lawmakers or for people who are trying to judge the validity of ACTA? I mean, do people get caught up in how these things really aren’t defined?

Meyer: The wordings that are used in ACTA are the result of very lengthy negotiations with one side pushing and the other pulling. None of these wordings are by accident. If something is ambiguous, chances are somebody wanted it to be a pretty broad definition. Some things, equally, are pretty meaningless.

One thing people think ACTA does is it compels countries to force their ISPs to basically snoop on their users, to snitch on them, to give up details to rights holders who launch civil suits. That’s not actually true. It used to be the case that that was in ACTA, but crucially, a “shall” has become a “may” in the wording of it. So that whole section is pretty much rendered meaningless. I wouldn’t call that ambiguity, as such, but it is an example of how the wording is a very precise result of the negotiations that have taken place.

Article from TechWorldNews

Mobile shopping received a setback last week when security researchers discovered flaws in Google (Nasdaq: GOOG) Wallet that could potentially expose its PIN to enterprising hackers.

When Google introduced its wallet, it bragged that it was secure because transaction information was stored in a “secure element” in Wallet-enabled phones. What researchers at a security outfit called zVelo discovered, though, was that the PIN for the wallet was stored outside the “secure element” where it could be cracked with a brute force attack.

“Once you have a user’s PIN, you can access anything that the Google Wallet application can do, even stuff that is stored properly in the secure element, which is where the PIN should be stored,” zVelo researcher Joshua Rubin told TechNewsWorld.

“Google just chose not to use the secure element for the PIN, which doesn’t make a whole lot of sense,” he added.

Fortunately for owners of Android phones with Google Wallet, the zVelo attack requires a mobile to be “rooted” — modified for greater access to its administrative workings.

When you root a phone, you make it less secure and allow miscreants to perform mischief on it, as zVelo was able to do, according to Google.

“To date, there is no known vulnerability that enables someone to take a consumer phone and gain root access while preserving any Wallet information such as the PIN,” Google spokesperson Nate Tyler told TechNewsWorld.

“We strongly encourage people to not install Google Wallet on rooted devices and to always set up a screen lock as an additional layer of security for their phone,” he added.

No Rooting, No Problem? No Dice

That’s fine for a rooted phone, but it doesn’t address another vulnerability publicized in the wallet later in the week.

A blogger called The Smartphone Champ explained that if a crook clears the application settings for Google Wallet on a phone, then accesses the app, it will ask for a new password, which the thief can easily fill in.

Meanwhile, the wallet will automatically tie the prepaid credit card in the device to the wallet with the new password, which allows the bandit to shop with your phone and charge their purchases on your card.

Google doesn’t have a fix for that problem yet, Tyler noted. He recommended that anyone who loses a phone with a wallet on it should call Google support (855-492-5538) and cancel their prepaid card.

It remains to be seen how this flap will affect consumers’ perceptions about the wallet in particular and mobile shopping in general.

“I think these types of vulnerabilities threaten to kill the adoption of NFC [technology used in Google Wallet] before it is even fully born,” Carl D. Howe, data research vice president for the Yankee Group, told TechNewsWorld.

“All forms of mobile payment rely on being able to trust the payment system,” he continued. “If consumers lose that trust, then they just won’t use mobile payments.”

The root-less hack is a pernicious one, he asserted, and “we perceive it as a serious threat.”

“I believe that Google will have to address this vulnerability or face consumers who will become more skeptical that they can trust Google,” he added.

Customer Records Prime Target

Customer records were in the crosshairs of cybercriminals more than ever in 2011, according to Trustwave. A substantial number of all attacks (89 percent) were focused on obtaining personally identifiable information, credit card data and other customer data.

The report, based on Trustwave investigations in 2011 of more than 300 data breaches and the performance of more than 2,000 penetration tests around the world, also discovered that the food and beverage industry made up almost half (44 percent) of the company’s probes during the period and that a third of them involved industries with franchise models.

Trustwave researchers also found that the most common password used by global businesses was “Password1″ because it satisfies the default Microsoft (Nasdaq: MSFT) Active Directory complexity setting.

DDoS Attacks on IPv6

The first attacks on the new Internet numbering system, IPv6, were observed in 2011, noted a report released last week by Arbor Networks. This marks a significant milestone in the arms race between attackers and defenders, the report stated, and confirms that network operators must have sufficient visibility and mitigation capabilities to protect IPv6-enabled properties.

While this is the first instance of reported IPv6 DDoS attacks, IPv6 security incidents remain relatively rare, it added. This is a clear indication that while IPv6 deployments continue to advance, IPv6 is not yet economically or culturally significant enough to warrant serious attention by the Internet criminal underground.

Malicious hackers attacked Microsoft’s (Nasdaq: MSFT) India online retail store on Sunday evening, publishing obscured screenshots that appeared to contain personal user information.

A Chinese hacker group known as “Evil Shadow Team” took responsibility for the breach, posting a message on Microsoft’s website stating that the “unsafe system will be baptized.” In what seemed to be a warning against Microsoft’s unencrypted user information, the group posted screenshots of what appeared to be partially obscured user information, including login IDs and passwords.

The group apparently found that information in plain-text, as opposed to encrypted files.

The hackers refrained from publishing any screen shots that fully gave away user information, but Microsoft and Quasar Media, the Indian company that runs the retail site, advised users that they should change their log-on immediately.

An Evil Shadow Team member using the handle “7z1″ posted the shots on a blog that the team runs. In the post, 7z1 referred to himself in Mandarin as a “patriotic hacker.”

As of Tuesday morning in the U.S., the breached site was still down. Microsoft did not respond to our requests for comment.

Microsoft Not the First

Microsoft joins a growing group of large companies that have been forced to deal with recent security breaches from relatively small, under-the-radar groups of hackers.

“When the CIA and FBI networks are compromised at will, it should surprise no one that a company like Microsoft could have an isolated part of its sprawling network compromised,” Larry Walsh, president of the 2112 Group, told TechNewsWorld..

Powerful networks and international government agencies are seeing a rise in cyberattacks in response to unpopular decisions, such as the U.S. government’s recent crackdown on sites such as Megaupload and illegal file-sharing. Networks have been compromised by groups such as Anonymous, which state they’re using hacktivism to spread a political or social message.

In addition to attacks in protest or the promotion of causes, though, retail and e-commerce sites have been taking more hits lately as well.

The hacking group LulzSec got into Sony’s (NYSE: SNE) systems last summer, obtaining users’ personal information such as e-mail addresses, birthdates and passwords. The incident wreaked havoc with Sony’s online services for weeks while it scrambled to plug the holes.

“While some hacking methods are questionable and in fact illegal, they do reveal the insecurity of our digital world,” said Walsh.

Prevention Is Key

Taking the necessary precautions to avoid that insecurity is an absolute necessity in today’s climate, according to Mike Lloyd, CTO of RedSeal Networks.

“To prevent this, likely targets need to use automation to understand weaknesses; today, it’s all too easy for those who feel like it is to use their own automation tools to deface, degrade or even destroy online infrastructure,” said Lloyd.

Although Microsoft’s U.S. security policies might have included encrypting data, a site run by a company on an entirely different continent might not adhere to the same policy.

The growing threat of cyberattacks and increasingly vulnerable commerce sites need to serve as a warning to consumers about thinking twice before sending highly personal data online.

“The important thing to remember in all of this is there’s no such thing as 100 percent secure. Every site is vulnerable, just as your home is vulnerable to burglary. You can lock your windows and doors; you can even have an alarm system. But if someone wants into your house and they are determined, they will find a way in. It’s the same with every website and online application,” said Walsh.