Domain: information-age.com
Stories and comments across the archive that link to information-age.com.
Stories · 3
-
One Million IP Addresses Used In Brute-Force Attack On A Bank (softpedia.com)
Cisco says in just one week in February they detected 1,127,818 different IP addresses being used to launch 744,361,093 login attempts on 220,758,340 different email addresses -- and that 93% of those attacks were directed at two financial institutions in a massive Account Takeover (ATO) campaign. An anonymous reader writes: Crooks used 993,547 distinct IPs to check login credentials for 427,444,261 accounts. For most of these attacks, the crooks used proxy servers, but also two botnets, one of compromised Arris cable modems, and one of ZyXel routers/modems. Most of these credentials have been acquired from public breaches or underground hacking forums. This happened before the recent huge data breaches such as MySpace, LinkedIn, Tumblr, and VK.com.
It's apparently similar to the stolen-credentials-from-other-sites attack that was launched against GitHub earlier this week. -
UK's 4G Network Selling Subscriber Tracking Data To Police, Private Parties
Sockatume writes "The Sunday Times has revealed that analytics firm Ipsos MORI and 4G network EE attempted to sell detailed information on 27m subscribers' activities to various parties including the UK's police forces. The data encompasses the gender, postcode and age of subscribers, the sites they visit and times they are visited, and the places and times of calls and text messages. Ipsos MORI were reportedly 'bragging that the data can be used to track people and their location in real time to within 100 meters' in negotiations. Ipsos MORI has rushed to contradict this in an effort to save face, stating that the users are anonymized and data is aggregated into groups of 50 or more, while location is only precise to 700m. Despite their prior enthusiasm, the police have indicated that they will no longer go ahead with the deal. It is not clear whether the other sales will go ahead." -
Backdoor Found In China-Made US Military Chip?
Hugh Pickens writes "Information Age reports that the Cambridge University researchers have discovered that a microprocessor used by the US military but made in China contains secret remote access capability, a secret 'backdoor' that means it can be shut off or reprogrammed without the user knowing. The 'bug' is in the actual chip itself, rather than the firmware installed on the devices that use it. This means there is no way to fix it than to replace the chip altogether. 'The discovery of a backdoor in a military grade chip raises some serious questions about hardware assurance in the semiconductor industry,' writes Cambridge University researcher Sergei Skorobogatov. 'It also raises some searching questions about the integrity of manufacturers making claims about [the] security of their products without independent testing.' The unnamed chip, which the researchers claim is widely used in military and industrial applications, is 'wide open to intellectual property theft, fraud and reverse engineering of the design to allow the introduction of a backdoor or Trojan', Does this mean that the Chinese have control of our military information infrastructure asks Rupert Goodwins? 'No: it means that one particular chip has an undocumented feature. An unfortunate feature, to be sure, to find in a secure system — but secret ways in have been built into security systems for as long as such systems have existed.'" Even though this story has been blowing-up on Twitter, there are a few caveats. The backdoor doesn't seem to have been confirmed by anyone else, Skorobogatov is a little short on details, and he is trying to sell the scanning technology used to uncover the vulnerability.