Slashdot Mirror

← Back to Domains

Domain: scmagazine.com.au

Stories and comments across the archive that link to scmagazine.com.au.

Stories · 70

  1. NSA Publishes Blueprint For Top Secret Android Phone

    It · Android · · posted by samzenpus · from the you-keep-using-that-word-I-do-not-think-it-means-what-you-think-it-means dept. · 172 comments
    mask.of.sanity writes "The National Security Agency has designed a super-secure Android phone from commercial parts, and released the blueprints(Pdf) to the public. The doubly-encrypted phone, dubbed Fishbowl, was designed to be secure enough to handle top secret phone calls yet be as easy to use and cheap to build as commercial handsets. One hundred US government staff are using the phones under a pilot which is part of a wider project to redesign communication platforms used in classified conversations."

  2. Verisign Admits Company Was Hacked In 2010, Not Sure What Was Stolen

    It · Security · · posted by timothy · from the losing-the-moral-high-ground dept. · 85 comments
    mask.of.sanity writes "Verisign admitted it was hacked repeatedly last year and cannot pin down what data was stolen. It says it doesn't believe the Domain Name System servers were hacked but it cannot rule it out. Symantec, which bought its certificate business in 2010, says also that there was no evidence that system was affected. Verisign further admitted in an SEC filing that its security team failed to tell management about the attacks until 2011, despite moving to address the hacks."

  3. Hijacked Web Traffic For Sale

    Yro · Crime · · posted by timothy · from the 1-crying-young-spying-young-viewer-for-sale dept. · 68 comments
    mask.of.sanity writes "If you can't create valuable content to attract users to your site, Russian cyber criminals will sell them to you. A web store has been discovered that sells hacked traffic that has been redirected from legitimate sites. Sellers inject hidden iframes into popular web sites and redirect the traffic to a nominated domain. Buyers purchase the traffic from the store to direct to their sites and the sellers get paid."

  4. Scammers Work Around Two-Factor Authentication With Social Engineering

    It · Australia · · posted by Unknown · from the duh-you-need-three-factors dept. · 186 comments
    mask.of.sanity writes "Thieves have made off with $45k after they intercepted a victim's two factor online banking codes used to verify large transactions. The scammers got the Australian executive's mobile number from his daughter, and work place details from his willing secretary. Armed with this data, they bluffed Vodafone which ported his phone number, meaning the criminals could verify the bank's two factor verification codes generated during their spending spree and the victim never knew a thing."

  5. Tool Kills Hidden Linux Bugs, Vulnerabilities

    Linux · Os · · posted by Soulskill · from the cockroaches-hiding-in-your-tux dept. · 47 comments
    mask.of.sanity writes with this excerpt from SC Magazine: "Australian researcher Silvio Cesare has released a tool capable of automatically detecting bugs and vulnerabilities in embedded Linux libraries. The script correlates vulnerability advisory CVEs for third-party libraries to determine if holes have carried over to Linux platforms or have not been patched. Such holes often escape the eye of developers because the libraries may not be kept updated with sources. This is further compounded because vulnerabilities in cross distributed packages can leave Linux platforms vulnerable."

  6. Security Researcher Threatened With Vulnerability Repair Bill

    It · Security · · posted by Soulskill · from the biting-a-helping-hand dept. · 231 comments
    mask.of.sanity writes "A security consultant who quietly tipped off an Australian superannuation fund about a web vulnerability that potentially put millions of customers at risk has been slapped with a legal threat demanding he allow the company access to his computer, and warned he may be forced to pay the cost of fixing the flaw. A legal document (PDF) sent from the company demanded that the researcher provide its technical staff with access to his computer. The company acknowledged the researcher's work was altruistic and thanked him for his efforts, but warned that the disclosure, which was not previously made public, may have breached Australian law. The researcher had run a batch file to access about 500 accounts, which was then handed to the company to demonstrate the direct object reference vulnerability."

  7. Italian Hacker Publishes 0day SCADA Hacks

    It · Security · · posted by timothy · from the how-to-turn-on-the-hot-water dept. · 106 comments
    mask.of.sanity writes "An Italian security researcher, Luigi Auriemma, has disclosed a laundry list of unpatched vulnerabilities and detailed proof-of-concept exploits that allow hackers to completely compromise major industrial control systems. The attacks work against six SCADA systems, including one manufactured by U.S. giant Rockwell Automation. The researcher published step-by-step exploits that allowed attackers to execute full remote compromises and denial of service attacks. Auriemma appeared unrepentant for the disclosures in a post on his website."

  8. Aussie Blogger Hit With DDoS Death Threats

    It · Australia · · posted by timothy · from the bad-childhoods-continue dept. · 125 comments
    mask.of.sanity writes "An Australian blogger who blew the lid on emerging domain-name fraud campaigns has received death threats from the scammers. His blog and domain parking company are still being hit with a large distributed denial of service attack that has the death threats embedded as HTML links within its logs. Australia's government CERT team and the U.S. Secret Service (blog servers were hosted on U.S. soil) are pursuing the botnet's command and control servers. Ten days later, the victim is still being attacked and is fighting a cat-and-mouse game as IP address ranges change."

  9. Anonymous Claims Responsibility For WikiLeaks Attack

    It · Security · · posted by Unknown · from the bored-teenagers-being-idiots dept. · 183 comments
    mask.of.sanity writes "Anonymous members have taken responsibility for launching a denial of service attack against WikiLeaks this week using a custom-built tool that exploits an SQL server flaw. Field tests of the tool dubbed RefRef were launched against several websites including WikiLeaks, Pastebin and 4Chan. In a Twitter account linked to the Anonymous blog, the users were described as hacktivists with 'a personal vendetta against WikiLeaks,' adding that 'we are sorry we took you down. We are even.'"

  10. Jailbroken Devices Compromised By Charging Stations

    Mobile · Cellphones · · posted by Soulskill · from the charged-with-computer-fraud dept. · 93 comments
    mask.of.sanity writes "Data can be stolen from Windows, Android and Apple devices by unassuming power charging towers. In an attack demonstrated at the Defcon hacking conference, mobile phone charging units were rigged to pull data from phones plugged into them. Researchers found many jailbroken and modified devices activated USB functions when they were plugged in, or simply rebooted."

  11. Guide To Building a Cable That Improves iOS Exploits

    Apple · Australia · · posted by timothy · from the slurping-assistant dept. · 184 comments
    mask.of.sanity writes "An Aussie network engineer has published a guide to building a serial cable connector that allows access to a secret kernel debugger hidden within Apple iOS. The debugger was a dormant iOS feature carried over from Apple OS, and seems to serves no function other than to allow hackers to build better exploits. The cable needs an external power source and a jailbroken device to access the debugger." We've mentioned Pollock's serial adapter kit before, modulo the kernel debugging abilities.

  12. Authorities Closing On LulzSec

    It · Security · · posted by CmdrTaco · from the lul-me-to-sleep dept. · 354 comments
    mask.of.sanity writes "The noose is tightening on hacker group LulzSec, according to a coordinated group of like-minded users, some from LulzSec-Exposed that claim to have uncovered the identity of LulzSec members and supplied them to the FBI. An arrest Monday of a UK teenager was rumoured to be former hacker scene member Ryan Clearly, and the trackers, which includes a former FBI agent, say this arrest is the first of many. They refused to disclose the identities of LulzSec chief, saying it would cause the members to burn the evidence of attacks and scatter."

  13. LulzSec Debunks UK Census Hack

    It · Security · · posted by CmdrTaco · from the we-swear-we-didn't-do-this-one dept. · 93 comments
    Earlier this morning we reported that an arrest had been made relating to the hacker group LulzSec. mask.of.sanity notes "Hacking group LulzSec has poured cloud water on claims that it had stolen UK Census data and was preparing to release the records. 'Just saw the pastebin of the UK census hack. That wasn't us — don't believe fake LulzSec releases unless we put out a tweet first,' the group said from its official Twitter account."

  14. Google Asks 'Who Cares Where Your Data Is?'

    It · Cloud · · posted by timothy · from the dumbwaiter-for-bits dept. · 241 comments
    mask.of.sanity writes "The chief security officer for Google Apps, Eran Feigenbaum, said popular concerns over data sovereignty in outsourced environments are unwarranted. He said businesses should worry about security and privacy of data, rather than where it is stored. The comments clash with those made by IT pros including Gartner, who said cloud providers like Google can't be trusted with sensitive data."

  15. Google Asks 'Who Cares Where Your Data Is?'

    It · Cloud · · posted by timothy · from the dumbwaiter-for-bits dept. · 241 comments
    mask.of.sanity writes "The chief security officer for Google Apps, Eran Feigenbaum, said popular concerns over data sovereignty in outsourced environments are unwarranted. He said businesses should worry about security and privacy of data, rather than where it is stored. The comments clash with those made by IT pros including Gartner, who said cloud providers like Google can't be trusted with sensitive data."

  16. 8000 Credit Cards' Details Compromised In Australian Bank Breach

    It · Security · · posted by timothy · from the 4000-bruce-4000-sheila dept. · 54 comments
    mask.of.sanity writes "Australia's largest bank, the Commonwealth Bank, has cancelled 8,000 credit cards after it detected a data breach at a merchant. Mastercard and Visa may issue penalties including fines to the acquiring bank under the payment industry's PCI-DSS compliance rules. News of breaches is uncommon in Australia because the nation does not have data breach disclosure laws."

  17. New Bill Pushes For Warrants To Access Cloud Data

    Yro · Privacy · · posted by timothy · from the unless-you're-in-that-cloud-naked dept. · 97 comments
    mask.of.sanity writes "A bill introduced by Sen. Patrick Leahy in the US Senate would require authorities to obtain a court-issued search warrant before retrieving a person's email and other content stored in cloud services. The law would update a 28 year old law, which Leahy also introduced, that does not require warrants for data access. The Bill will not prevent the FBI from accessing data without a warrant under terrorism and intellgence clauses."

  18. Researcher Hijacks LinkedIn Profiles Using Cookie

    It · Security · · posted by Unknown · from the xeroxing-your-business-cards dept. · 49 comments
    mask.of.sanity writes "A security researcher has demonstrated holes in the way cookies are handled on LinkedIn profiles by hijacking profiles. The session cookies are sent over unsecured HTTP and remain active for up to a year."

  19. Call Interception Demonstrated On New Cisco Phones

    Yro · Privacy · · posted by Soulskill · from the can-you-hear-me-now dept. · 90 comments
    mask.of.sanity writes "Researchers have demonstrated a series of exploits that turn Cisco IP phones into listening bugs, and could allow a denial of service attack capable of silencing a call center. It allows internal staff and competitors with a little publicly-available information to hijack the phones, wiretap calls and eavesdrop on confidential meetings. The attacks work through a sequence of exploits against the latest Cisco phones enabled to run off the shelf. Most people are vulnerable, the researchers say, because they do not harden their systems in line with recommended security requirements."

  20. MySpace Worm Creator Sentenced

    It · Security · · posted by CmdrTaco · from the wear-the-hat-and-sit-in-the-corner dept. · 387 comments
    Aidan Steele writes "Remember Samy? The creator of the infamous worm was unfortunate enough to be the the target in MySpace's latest litigation. As was said in the earlier story, the script was "written for fun" and caused no damage. The source and technical explanation for the "attack" was not even released until after MySpace had patched the vulnerability. Apparently this was enough to get the 20 year old (19 at the time of writing the worm) three years of probation, three months of community service, pay restitution to MySpace and is also banned from the Internet. Clearly, disclosing security vulnerabilities doesn't pay."