Slashdot Mirror

← Back to Domains

Domain: securityweek.com

Stories and comments across the archive that link to securityweek.com.

Stories · 383

  1. New Version of Flashback Trojan Targets Mac Users

    Apple · Security · · posted by timothy · from the for-more-shiny-enter-password dept. · 160 comments
    wiredmikey writes with this extract from Security Week: "On Friday, researchers from security firm Intego reported that a new variant of Flashback is targeting passwords and as a byproduct of infection, Flashback is crashing several notable applications. Flashback was first discovered by Intego in September of 2011. It targets Java vulnerabilities on OS X, two of them to be exact, in order to infect the system. Should Flashback find that Java is fully updated, it will attempt to social engineer the malware's installation, by presenting an applet with a self-signed certificate. The certificate claims to be signed by Apple, but is clearly marked as invalid. However, users are known to skip such warnings, thus allowing the malware to be installed. ... The newest variant will render programs such as Safari and Skype unstable, causing them to crash. Interestingly enough, normally these are stable programs, so if they start suddenly crashing might be a sign of larger issues."

  2. New Version of Flashback Trojan Targets Mac Users

    Apple · Security · · posted by timothy · from the for-more-shiny-enter-password dept. · 160 comments
    wiredmikey writes with this extract from Security Week: "On Friday, researchers from security firm Intego reported that a new variant of Flashback is targeting passwords and as a byproduct of infection, Flashback is crashing several notable applications. Flashback was first discovered by Intego in September of 2011. It targets Java vulnerabilities on OS X, two of them to be exact, in order to infect the system. Should Flashback find that Java is fully updated, it will attempt to social engineer the malware's installation, by presenting an applet with a self-signed certificate. The certificate claims to be signed by Apple, but is clearly marked as invalid. However, users are known to skip such warnings, thus allowing the malware to be installed. ... The newest variant will render programs such as Safari and Skype unstable, causing them to crash. Interestingly enough, normally these are stable programs, so if they start suddenly crashing might be a sign of larger issues."

  3. Security Tool HijackThis Goes Open Source

    News · Opensource · · posted by samzenpus · from the check-it-out dept. · 101 comments
    wiredmikey writes "The popular free security tool HijackThis has been open sourced by its owner, Trend Micro. The tool scans systems to find settings that may have been modified by spyware, malware or other programs that have wiggled their way onto a system and caused problems. Downloaded over 10 million times, HijackThis generates reports to help users analyze and fix an infected or problem computer. But the tool is not designed for novices – and doesn't actually determine what's good or bad. That's up to you, but it is a good way to keep an eye on things and possibly locate anomalies that may have been missed by other security products. Trend Micro warns that if you don't know what you're doing, it's probably not a good idea to make any changes to your computer settings and system files. Trend Micro acquired the tool from creator Merijn Bellekom in 2007, and has offered it for free ever since, but now is making the code available to the public. The code, originally written in Visual Basic, is now officially available at Sourceforge here."

  4. Cryptome Hit By Blackhole Exploit Kit

    News · Security · · posted by Unknown · from the leaks-were-sleeping-around dept. · 49 comments
    wiredmikey writes with an excerpt from Security Week:"Whistleblower site Cryptome has been hacked and infected by the Blackhole exploit kit. ... Cryptome co-founder John Young however told SecurityWeek that the Cryptome site is in the process of cleaning everything up, and that process should be finished by the end of the day. Founded in 1996, Cryptome publishes thousands of documents, including many related to national security, law enforcement and military. On Feb. 12, a reader advised the site that accessing a file had triggered a warning in their antivirus about the Blackhole exploit kit. ... Subsequent analysis found thousands of files on the site had been infected." Cryptome has certainly seen worse.

  5. Hackers Hit Apple Supplier Foxconn

    Apple · China · · posted by samzenpus · from the take-it-down dept. · 193 comments
    wiredmikey writes "Protests against Apple and Foxconn due to furor over reports about working conditions have gone digital. A group known as SwaggSec has successfully hacked computers at Foxconn, and posted the stolen data to The Pirate Bay website. News of the hack comes as protesters paid a visit today to Apple stores around the world to deliver petitions demanding the improvement of working conditions at factories run by Apple suppliers in China and other countries. In response to the attack, Foxconn reportedly took down a website that explains the services it offers to some of its partners, including Apple, Cisco and Acer."

  6. Job Seeking Hacker Gets 30 Months In Prison

    News · Crime · · posted by samzenpus · from the hire-me-or-else dept. · 271 comments
    wiredmikey writes "A hacker who tried to land an IT job at Marriott by hacking into the company's computer systems, and then unwisely extorting the company into hiring him, has been sentenced to 30 months in prison. The hacker started his malicious quest to land a job at Marriott by sending an email to Marriott containing documents taken after hacking into Marriott servers to prove his claim. He then threatened to reveal confidential information he obtained if Marriott did not give him a job in the company's IT department. He was granted a job interview, but little did he know, Marriott worked with the U.S. Secret Service to create a fictitious Marriott employee for use by the Secret Service in an undercover operation to communicate with the hacker. He then was flown in for a face-to-face 'interview' where he admitted more and shared details of how he hacked in. He was then arrested and he pleaded guilty back in November 2011. Marriott claims the incident cost the company between $400,000 and $1 million in salaries, consultant expenses and other costs."

  7. SEC Takes Action Against Latvian Hacker

    News · Crime · · posted by timothy · from the latvia-lady-toniiight dept. · 57 comments
    wiredmikey writes "The SEC has filed charges against a trader in Latvia for conducting a widespread online account intrusion scheme in which he manipulated the prices of more than 100 NYSE and Nasdaq securities by making unauthorized purchases or sales from hijacked brokerage accounts. The SEC also went after four online trading firms and eight executives who are said to have helped the hacker make more than $850,000 in ill-gotten funds. The SEC's actions occurred on the same day that the Financial Industry Regulatory Authority (FINRA) issued an investor alert and a regulatory notice about an increase in financially motivated attacks targeting email."

  8. SEC Takes Action Against Latvian Hacker

    News · Crime · · posted by timothy · from the latvia-lady-toniiight dept. · 57 comments
    wiredmikey writes "The SEC has filed charges against a trader in Latvia for conducting a widespread online account intrusion scheme in which he manipulated the prices of more than 100 NYSE and Nasdaq securities by making unauthorized purchases or sales from hijacked brokerage accounts. The SEC also went after four online trading firms and eight executives who are said to have helped the hacker make more than $850,000 in ill-gotten funds. The SEC's actions occurred on the same day that the Financial Industry Regulatory Authority (FINRA) issued an investor alert and a regulatory notice about an increase in financially motivated attacks targeting email."

  9. Microsoft Names Reputed Head of Kelihos Botnet

    It · Botnet · · posted by Unknown · from the framed-by-darpa-created-ai dept. · 30 comments
    wiredmikey writes with an update on Microsoft's takedown of the Kelihos botnet. From the article: "Microsoft is not just taking down botnets; it is taking them down and naming names. In an amended complaint [PDF] filed Monday in U.S. District Court for the Eastern District of Virginia, Microsoft named a man from St. Petersburg, Russia, as the alleged head of the notorious Kelihos botnet. Naming names can be a risky business. Previously, Microsoft alleged Dominique Alexander Piatti, dotFREE Group SRO and several unnamed 'John Does' owned a domain cz.cc and used cz.cc to register other subdomains used to operate and control the Kelihos botnet. However, the company later absolved Piatti of responsibility when investigators found neither he nor his business was controlling the subdomains used to host Kelihos. Whether naming Sabelnikov – who, according to Krebs on Security, once worked as a senior system developer and project manager for Russian antivirus vendor Agnitum, will have the same effect as naming the Koobface gang remains to be seen. Though Kelihos has remained defunct since the takedown last year, the malware is still on thousands of computers."

  10. Microsoft Names Reputed Head of Kelihos Botnet

    It · Botnet · · posted by Unknown · from the framed-by-darpa-created-ai dept. · 30 comments
    wiredmikey writes with an update on Microsoft's takedown of the Kelihos botnet. From the article: "Microsoft is not just taking down botnets; it is taking them down and naming names. In an amended complaint [PDF] filed Monday in U.S. District Court for the Eastern District of Virginia, Microsoft named a man from St. Petersburg, Russia, as the alleged head of the notorious Kelihos botnet. Naming names can be a risky business. Previously, Microsoft alleged Dominique Alexander Piatti, dotFREE Group SRO and several unnamed 'John Does' owned a domain cz.cc and used cz.cc to register other subdomains used to operate and control the Kelihos botnet. However, the company later absolved Piatti of responsibility when investigators found neither he nor his business was controlling the subdomains used to host Kelihos. Whether naming Sabelnikov – who, according to Krebs on Security, once worked as a senior system developer and project manager for Russian antivirus vendor Agnitum, will have the same effect as naming the Koobface gang remains to be seen. Though Kelihos has remained defunct since the takedown last year, the malware is still on thousands of computers."

  11. Downloads of DoS Attack Tool LOIC Spike

    Entertainment · Music · · posted by timothy · from the should-come-on-by-default dept. · 267 comments
    wiredmikey writes "As Anonymous initiated what it said will be the 'largest attack ever on government and music industry sites' in response to actions taken by the Justice Department against operators of file sharing site Megaupload.com, downloads of a popular DoS attack tool have spiked. While the Denial of Service tool known as the 'Low Orbit Ion Cannon' (LOIC) was developed by the 'good guys' to stress test websites, it has been a favorite tool of Anonymous to take its targets offline via denial of service attacks. Interactions seen on Twitter and IRC, made it clear that the action against MegaUpload has sparked many more individuals to get involved in the online protests and download the LOIC to take part in the attacks and has resulted in a massive spike in downloads according Slashdot sister site Sourceforge."

  12. Downloads of DoS Attack Tool LOIC Spike

    Entertainment · Music · · posted by timothy · from the should-come-on-by-default dept. · 267 comments
    wiredmikey writes "As Anonymous initiated what it said will be the 'largest attack ever on government and music industry sites' in response to actions taken by the Justice Department against operators of file sharing site Megaupload.com, downloads of a popular DoS attack tool have spiked. While the Denial of Service tool known as the 'Low Orbit Ion Cannon' (LOIC) was developed by the 'good guys' to stress test websites, it has been a favorite tool of Anonymous to take its targets offline via denial of service attacks. Interactions seen on Twitter and IRC, made it clear that the action against MegaUpload has sparked many more individuals to get involved in the online protests and download the LOIC to take part in the attacks and has resulted in a massive spike in downloads according Slashdot sister site Sourceforge."

  13. Man Charged With Stealing Code From Federal Reserve Bank

    Developers · Crime · · posted by samzenpus · from the was-that-wrong? dept. · 199 comments
    wiredmikey writes "A Chinese computer programmer was arrested by U.S. authorities in New York on Wednesday, on charges that he stole proprietary source code while working on a project at the Federal Reserve Bank of New York. The man arrested, Bo Zhang of New York, worked as a contract employee developing a specific portion of the GWA's (Government-Wide Accounting and Reporting Program) source code at the Federal Reserve Bank of New York where the code is maintained. The complaint alleges that in the summer of 2011, Zhang stole the GWA code, something he admitted to in July 2011. Zhang said that he used the GWA Code in connection with a private business he ran training individuals in computer programming."

  14. Zappos Hacked: Internal Systems Breached

    News · Security · · posted by samzenpus · from the under-the-wire dept. · 122 comments
    wiredmikey writes "Zappos appears to be the latest victim of a cyber attack resulting in a data breach. In an email to Zappos employees on Sunday, CEO Tony Hsieh asked employees to set aside 20 minutes of their time to read about the breach and what communications would be sent to its over 24 million customers. While Hsieh said that credit card data was not compromised, he did say that 'one or more' of the following pieces of personal information has been accessed by the attacker(s): customer names, e-mail addresses, billing and shipping addresses, phone numbers, the last four digits of credit card numbers. User passwords were 'cryptographically scrambled,' he said."

  15. Symantec Looks Into Claims of Stolen Source Code

    News · Security · · posted by samzenpus · from the all-your-code-are-belong-to-us dept. · 116 comments
    wiredmikey writes "A group of hackers claim to have stolen source code for Symantec's Norton Antivirus software. The group is operating under the name Dharmaraja, and claims it found the data after compromising Indian military intelligence servers. So far it's unclear if the claims are a significant threat, as the information posted thus far by the hackers includes a document dated April 28, 1999, that Symantec describes as defining the application programming interface (API) for the virus Definition Generation Service. However, a second post entitled 'Norton AV source code file list' includes a list of file names reputedly contained within Norton AntiVirus source code package. Symantec said it is still in the process of analyzing the data in the second post." Update: 01/06 07:05 GMT by S : In a post to their Facebook page, Symantec has now said some of their source code was indeed accessed, but it was four or five years old.

  16. Same Platform Made Stuxnet, Duqu; Others Lurk

    News · Microsoft · · posted by timothy · from the what-evil-lurks-in-the-hearts-of-men dept. · 89 comments
    wiredmikey writes "New research from Kaspersky Labs has revealed that the platform dubbed 'tilded' (~d), which was used to develop Stuxnet and Duqu, has been around for years. The researchers say that same platform has been used to create similar Trojans which have yet to be discovered. Alexander Gostev and Igor Sumenkov have put together some interesting research, the key point being that the person(s) behind what the world knows as Stuxnet and Duqu have actually been using the same development platform for several years." An anonymous reader adds a link to this "surprisingly entertaining presentation" (video) by a Microsoft engineer, in which "he tells the story of how he and others analysed the exploits used by Stuxnet. Also surprising are the simplicity of the exploits which were still present in Win7." See also the report at Secureist from which the SecurityWeek story draws.

  17. Microsoft Issuing Unusual Out-of-Band Security Update

    Developers · Microsoft · · posted by timothy · from the rolls-downhill dept. · 156 comments
    wiredmikey writes "In a rare move, Microsoft is breaking its normal procedures and will issue an emergency out-of-band security update on Thursday to address a hash collision attack vulnerability that came into the spotlight yesterday, and affects various Web platforms industry-wide. The vulnerability is not specific to Microsoft technologies and has been discovered to impact PHP 5, Java, .NET, and Google's v8, while PHP 4, Ruby, and Python are somewhat vulnerable. Microsoft plans to release the bulletin on December 29, 2011, at 10:00 AM Pacific Time, and said it would addresses security vulnerabilities in all supported releases of Microsoft Windows. 'The impact of this vulnerability is similar to other Denial of Service attacks that have been released in the past, such as the Slowloris DoS or the HTTP POST DoS,' said security expert Chris Eng. 'Unlike traditional DoS attacks, they could be conducted with very small amounts of bandwidth. This hash table multi-collision bug shares that property.'"

  18. Microsoft Issuing Unusual Out-of-Band Security Update

    Developers · Microsoft · · posted by timothy · from the rolls-downhill dept. · 156 comments
    wiredmikey writes "In a rare move, Microsoft is breaking its normal procedures and will issue an emergency out-of-band security update on Thursday to address a hash collision attack vulnerability that came into the spotlight yesterday, and affects various Web platforms industry-wide. The vulnerability is not specific to Microsoft technologies and has been discovered to impact PHP 5, Java, .NET, and Google's v8, while PHP 4, Ruby, and Python are somewhat vulnerable. Microsoft plans to release the bulletin on December 29, 2011, at 10:00 AM Pacific Time, and said it would addresses security vulnerabilities in all supported releases of Microsoft Windows. 'The impact of this vulnerability is similar to other Denial of Service attacks that have been released in the past, such as the Slowloris DoS or the HTTP POST DoS,' said security expert Chris Eng. 'Unlike traditional DoS attacks, they could be conducted with very small amounts of bandwidth. This hash table multi-collision bug shares that property.'"

  19. Data Exposed In Stratfor Compromise Analyzed

    Yro · Privacy · · posted by Unknown · from the forecast-is-for-doom dept. · 141 comments
    wiredmikey writes with an excerpt from an article in Security Week: "Following news that security and intelligence firm Stratfor is downplaying the recent hack of its systems, Identity Finder today shared a detailed analysis of the data released so far by the attackers. Based on the analysis, 50,277 Individual Credit Card Numbers were exposed, but 40,626 are expired, leaving just 9,651 that are not expired. In terms of emails, 86,594 Email addresses were claimed to be exposed by the hackers, but only 47,680 were unique. The hackers have released personal information for Stratfor subscribers whose first names begin with A through M, with N through Z expected to be released soon. In addition to the presently published data compromised during the attack, the attackers claim that 200GB of company email containing 2.7 million emails was captured as well." As of posting, Stratfor's website is still down.

  20. Data Exposed In Stratfor Compromise Analyzed

    Yro · Privacy · · posted by Unknown · from the forecast-is-for-doom dept. · 141 comments
    wiredmikey writes with an excerpt from an article in Security Week: "Following news that security and intelligence firm Stratfor is downplaying the recent hack of its systems, Identity Finder today shared a detailed analysis of the data released so far by the attackers. Based on the analysis, 50,277 Individual Credit Card Numbers were exposed, but 40,626 are expired, leaving just 9,651 that are not expired. In terms of emails, 86,594 Email addresses were claimed to be exposed by the hackers, but only 47,680 were unique. The hackers have released personal information for Stratfor subscribers whose first names begin with A through M, with N through Z expected to be released soon. In addition to the presently published data compromised during the attack, the attackers claim that 200GB of company email containing 2.7 million emails was captured as well." As of posting, Stratfor's website is still down.

  21. New Standard For Issuance of SSL/TLS Certificates

    Tech · Network · · posted by Soulskill · from the new-model-new-flaws dept. · 62 comments
    wiredmikey writes "In light of the many security breaches and incidents that have undermined the faith the IT industry has in Certificate Authorities (CAs) and their wares, the CA/Browser Forum, an organization of leading CAs and other software vendors, has released the 'Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates,' an industry-wide baseline standard for the operation of CAs issuing SSL/TLS digital certificates natively trusted by the browser. The CA/Browser Forum is requesting Web browser and operating system vendors adopt the requirements (PDF) as part of their conditions to distribute CA root certificates in their software. According to the forum, the Baseline Requirements are based on best practices from across the SSL/TLS sector and touch on a number of subjects, such as the verification of identity, certificate content and profiles, CA security and revocation mechanisms. The requirements become effective July 1, 2012, and will continue to evolve to address new risks and threats."

  22. OpenDNS Releases DNS Encryption Tool

    It · Encryption · · posted by timothy · from the do-nothing-secret dept. · 94 comments
    wiredmikey writes "It's not news that some of the underlying foundations of the DNS protocol are inherently weak, especially what they call the "last mile" — or the part of the internet connection between the client and the ISP. To address this, OpenDNS has released a preview of DNSCrypt, a tool that enables encrypted DNS traffic, much in the same way SSL enables encrypted HTTP traffic. DNSCrypt will stop DNS replay, observation, and timing attacks, as well as Man-in-the-Middle attacks and resolver impersonation attacks. The tool, available already compiled for OS X, will also run on OpenBSD, NetBSD, Dragonfly BSD, FreeBSD, and Linux. There is no Windows client, which is odd considering a majority of the 30 million OpenDNS users run Microsoft's operating system."

  23. Adobe Warns of Critical Zero Day Vulnerability

    News · Security · · posted by Soulskill · from the might-want-to-just-trademark-that-term dept. · 236 comments
    wiredmikey writes "Adobe issued an advisory today on a zero-day vulnerability (CVE-2011-2462) that has come under attack in the wild. According to Adobe, the issue is a U3D memory corruption vulnerability that can be exploited to cause a crash and permit an attacker to hijack a system. So far, there are reports the vulnerability is being exploited in limited, targeted attacks against Adobe Reader 9.x on Windows. However, the bug also affects Adobe Reader and Acrobat 9.4.6 and earlier 9.x versions for UNIX and Macintosh computers, as well as Adobe Reader X (10.1.1) and Acrobat X (10.1.1) and earlier 10.x versions on Windows and Mac. Patches for Windows and Mac users of Adobe Reader X and Acrobat X will come on the next quarterly update, scheduled for Jan. 10, 2012."

  24. News Corp. Hacking Scandal Spreads To Government

    Yro · Privacy · · posted by samzenpus · from the fox-in-the-house-of-commons dept. · 105 comments
    wiredmikey writes "The scandal revolving around the News Corporation's now defunct British tabloid, News of the World, has entered a new phase with news that the hacking extended into areas of national security, as detectives working for the Murdoch media empire may have hacked into the computer of a government minister responsible for Northern Ireland. Scary stuff, yet the enterprise security community seems strangely quiet on the topic, aside from showing other journalists how easy it is to do. Potentially, if you know the correct mobile number and you can guess four digits, you too can be listening to your elected leaders' personal messages. The chances are pretty good that it could be their birthday."

  25. Behind the Government's Rules of Cyber War

    It · Security · · posted by Soulskill · from the defining-preemptive-retaliation dept. · 117 comments
    wiredmikey writes "Deciding when malware becomes a weapon of war that warrants a response in the physical world – for example, a missile – has become a necessary part of the discussion of military doctrine. The Pentagon recently outlined (PDF) its working definition of what constitutes cyber-war and when subsequent military strikes against physical targets may be justified as result. The main issue is attribution of cyber attacks. The Department of Defense is working to develop new ways to trace the physical source of an attack and the capability to identify an attacker using behavior-based algorithms. 'If a country is going to fire a missile at someone, it better be sure it has the right target,' said one expert. A widely held misconception in the U.S. government is our offensive capabilities provide defensive advantage by identifying attacker toolkits and methods in foreign networks prior to them hitting our networks. So when do malware and cyber attacks become a weapon or act of war that warrant a real-world military response?"

  26. Internet Monitoring: Who Watches the Watchers?

    Yro · Censorship · · posted by samzenpus · from the unseen-mechanized-eye dept. · 75 comments
    wiredmikey writes "Here's an interesting take on the IT security industry and tools being sold and used by to monitor internet users. It's no secret that many states and nations are censoring and monitoring the Internet. Many of these governments are considered authoritarian regimes, often times with trade restrictions and other sanctions against them. Most of these censorship systems are based on proprietary, enterprise hardware and solutions. Unfortunately, those who decide where these tools end up are often torn between conflicting interests. How many services and devices are actually being used by people whom we prefer would not have access to them? How long until they are used against us, even if indirectly? At which point do we have to stop looking at Information Security as a market, and begin viewing it as a matter of defense and (inter)national security?"

  27. Hacker Tries To Land IT Job At Marriott Via Extortion

    It · Security · · posted by Soulskill · from the you-have-not-thought-this-through dept. · 218 comments
    wiredmikey writes "A tough global economy has certainly created challenges for many people looking for jobs, but one Hungarian man took things to another level in an effort to gain employment at hotel giant Marriott International. On Wednesday, the 26-year-old man pleaded guilty to charges that he hacked into Marriott computer systems and threatened to reveal confidential company information if Marriott didn't offer him a job. Assuming his efforts were working, with the possibility of a new job with Marriott in his sights, the hacker arrived at Washington Dulles Airport on Jan. 17, 2011, using an airline ticket purchased by Marriott for him. He thought he would be attending a job interview with Marriott personnel. Unbeknown to him, he was actually being 'interviewed' by a Secret Service agent posing as a Marriott employee."

  28. Smart Meters Wreaking Havoc With Home Electronics

    Hardware · Networking · · posted by samzenpus · from the learn-to-play-nice dept. · 375 comments
    wiredmikey writes "About 200 customers of the Central Maine Power Company recently noticed something odd after the utility installed smart meters in their homes: household electronics, including wireless devices, stopped working, or behaved erratically. Many Smart Meters broadcast in the 2.4GHz frequency range. Unfortunately, so do many of the consumer gadgets we take for granted these days including routers, electric garage doors, fire alarms, clocks, electric pet fences, answering machines, and baby monitors — even medical devices. The electromagnetic congestion in the home is in some ways similar to the growing electronic congestion in hospitals as they acquire more and more electronic monitors all operating within a few feet of each other. Medical equipment has been known to shut down or give erroneous results when positioned close to another piece of equipment. Such interference is not new, just getting worse — rapidly."

  29. Separating Fact From Hype On Mobile Malware

    Apple · Android · · posted by Soulskill · from the viruses-in-your-pocket dept. · 46 comments
    wiredmikey writes with this quote from an article about determining whether the recent doom-and-gloom reports about malware on mobile devices are justified: "As twilight approaches for 2011, security vendors have set their gaze on the rise of Android malware during the year and what is ahead. Last week, Juniper Networks entered the fray, declaring the number of malware samples it observed targeting devices running Google Android had shot up nearly 500 percent since July. Today, McAfee released its threats report for the third quarter of the year, which found that the amount of malware targeting Android devices jumped 37 percent since the second quarter. While there is no doubt the amount of malicious programs with Windows in their bull's eye dwarfs the amount of threats to mobile devices, the focus on Android malware have left some wondering how to separate fact from hype."

  30. GAO Criticizes IRS Over Serious IT Deficiencies

    Yro · Government · · posted by Unknown · from the gaozilla-vs-irsthra dept. · 57 comments
    wiredmikey writes with an analysis of a GAO report on the dismal failure of the IRS to implement secure IT practices. From the article: "The Government Accountability Office has blasted the Internal Revenue Service for failing to implement stronger security measures after a succession of dismal reports on the subject. In a report issued to the Secretary of the Treasury last week, the GAO said that the IRS had met just 15 percent of the 105 previously reported recommendations where information security is concerned. Taking a blunt approach, the GAO said that the IRS 'lacks reasonable assurance as to the accuracy of financial information or the adequate protection of sensitive taxpayer information.' ... It also said it would issue a limited distribution report to the IRS that addresses details omitted from this most recent report due to the sensitivity of the information."

  31. Cray Replaces IBM To Build $188M Supercomputer

    Hardware · Ibm · · posted by samzenpus · from the we-have-the-technology-we-can-make-it-better dept. · 99 comments
    wiredmikey writes "Supercomputer maker Cray today said that the University of Illinois' National Center for Supercomputing Applications (NCSA) awarded the company a contract to build a supercomputer for the National Science Foundation's Blue Waters project. The supercomputer will be powered by new 16-core AMD Opteron 6200 Series processors (formerly code-named 'Interlagos') a next-generation GPU from NVIDIA, called 'Kepler,' and a new integrated storage solution from Cray. IBM was originally selected to build the supercomputer in 2007, but terminated the contract in August 2011, saying the project was more complex and required significantly increased financial and technical support beyond its original expectations. Once fully deployed, the system is expected to have a sustained performance of more than one petaflops on demanding scientific applications."

  32. Brazilian ISPs Hit With Massive DNS Attack

    It · Security · · posted by Soulskill · from the going-for-the-gusto dept. · 85 comments
    wiredmikey writes "Millions of people in Brazil have potentially been exposed to malware, as a result of a nationwide DNS attack. Additionally, several organizations in Brazil are reporting that network devices are also under attack. After being compromised remotely, scores of routers and modems had their DNS settings altered to redirect traffic. In those cases, when employees of the affected companies tried to open any website, they were asked to execute a malicious Java applet, which would install malware presented as 'Google Defence' software."

  33. Hacked MIT Server Used To Stage Attacks

    News · Security · · posted by timothy · from the always-hurt-the-ones-you-love dept. · 75 comments
    wiredmikey writes "A compromised server at the Massachusetts Institute of Technology (MIT) has been identified as being used as a vulnerability scanner and attack tool, probing the Web for unprotected domains and injecting code. According to researchers, the ongoing attacks appear to be related to the Blackhole Exploit Pack, a popular crime kit used by criminals online. The attacks started in June, and an estimated 100,000 domains could have been compromised. Judging by initial data, one MIT server (CSH-2.MIT.EDU) hosts a malicious script actively used by cyber-crooks to scan the web for vulnerable websites. These types of attacks are how BlackHat SEO scams are propagated, which target search results in order to spread rogue anti-virus or other malware. In addition, compromised hosts are also leveraged for other schemes, such as spam or botnet control."

  34. Open Source Tool Scans For Duqu Drivers

    News · Security · · posted by timothy · from the my-system-is-duqu-free dept. · 64 comments
    wiredmikey writes "A new open source scanning tool has been released by engineers at independent security testing firm NSS Labs that can be used to detect Duqu drivers installed on a system. The tool was developed with the goal of discovering any additional drivers, and to enable researchers to learn more about the functionality, capabilities and ultimate purpose of the Duqu malware."

  35. Is RIM's Centralized Network Model Broken?

    Mobile · Blackberry · · posted by Unknown · from the packet-switching-will-never-catch-on dept. · 104 comments
    wiredmikey writes "Is RIM's centralized network model broken? Andrew Jaquith thinks so, and provides an interesting analysis on why RIM should move to a decentralized model. After two long outages this month, many believe that the end is drawing near for Research in Motion, maker of the BlackBerry. But is Research In Motion in trouble? Financially, RIM continues to be a healthy company, throwing off billions in profit each year. But if it doesn't 'think different' about its network strategy, its customers may think different about their choice of handset vendor, Jaquith argues. Jaquith says RIM should dismantle its proprietary centralized delivery network, something that has been a key strength for the company. Data plans that provide TCP/IP over wireless carrier networks are now ubiquitous, nullifying a key RIM advantage. Does BlackBerry need to rethink its network model to effectively compete moving forward?"

  36. Authorities Seize Duqu's C&C Servers In Mumbai

    News · Security · · posted by samzenpus · from the following-the-trail dept. · 53 comments
    wiredmikey writes "In Mumbai, Indian authorities seized components from servers in a data center after Symantec informed them that they were communicating with the command and control infrastructure used by Duqu, the Trojan that is touted as the precursor to the next Stuxnet. According to a report from Reuters, officials the Department of Information Technology in India seized hard drives and other components from a server hosted in a Mumbai data center. Security vendors and government labs are worried that malware such as Duqu and Stuxnet are the building blocks needed in order for attackers to target critical infrastructure. Based on the initial analysis of Duqu, many researchers warned that it was the second generation development of Stuxnet, but this is still the subject of much debate, with some experts now saying that the connection between the two malicious programs is questionable."

  37. Microsoft Drops Suit Against Firm In Botnet Case

    It · Botnet · · posted by samzenpus · from the on-second-thought dept. · 49 comments
    wiredmikey writes "Microsoft has dismissed a lawsuit against a company it contended a month ago was at the heart of the now-defunct Kelihos botnet. In September, Microsoft named Dominique Piatti and his company dotFree Group SRO as controllers of the botnet. The move marked the first time Microsoft had named a defendant in one of its botnet-related civil suits. 'Since the Kelihos takedown, we have been in talks with Mr. Piatti and dotFree Group s.r.o. and, after reviewing the evidence voluntarily provided by Mr. Piatti, we believe that neither he nor his business were involved in controlling the subdomains used to host the Kelihos botnet,' blogged Richard Domingues Boscovich, Senior Attorney for Microsoft's Digital Crimes Unit. 'Rather, the controllers of the Kelihos botnet leveraged the subdomain services offered by Mr. Piatti's cz.cc domain.' In regards to Kelihos, Boscovich said Microsoft is continuing its legal fight against the 22 'John Does' listed as co-defendants in the lawsuit."

  38. RIM Offers Free Apps Following Outage

    Mobile · Blackberry · · posted by samzenpus · from the please-come-back dept. · 122 comments
    wiredmikey writes "Following a series of outages last week that affected BlackBerry users around the word over a three day period, RIM has come forward with its plans to "make good" on the incidents that frustrated millions of users who bashed the mobile technology provider. Research In Motion today said it would offer a selection of premium apps worth more than US $100 free of charge to subscribers as 'an expression of appreciation for their patience during the recent service disruptions.' The company also announced that its enterprise customers will also be offered one month of free Technical Support."

  39. A Day In the Life of Privacy

    Yro · Facebook · · posted by samzenpus · from the lets-see-what-you-got-going-on-over-there dept. · 103 comments
    wiredmikey writes "Here's an interesting read on the state of privacy and how technology, along with government and social media have changed the idea, and reality of privacy forever. The article takes the reader through a typical day, and highlights many of the privacy issues that we face, from our mobile phones, Internet at local coffee shops, Facebook, Twitter, Foursquare, all the way down to cars equipped with OnStar, public cameras, facial recognition technology and more. The author concludes everyday we make compromises in the face of Privacy, and none of us will ever have as much privacy as we want."

  40. Air Force Comments On Drone Malware

    News · Security · · posted by samzenpus · from the nothing-to-see-here-citizen dept. · 74 comments
    wiredmikey writes "Air Force officials have revealed more details about a malware infection that impacted systems used to manage a fleet of drones at the Creech Air Force Base in Nevada as reported last week. The 24th Air Force first detected the malware – which they characterized as a 'credential stealer' as opposed to a keylogger as originally reported — and notified Creech Air Force Base officials Sept. 15 that malware was found on portable hard drives approved for transferring information between systems. The infected computers were part of the ground control system that supports remotely-piloted aircraft (RPA) operations. The malware is not designed to transmit data or video or corrupt any files, programs or data, according to the Air Force. The ground system is separate from the flight control system used by RPA pilots to fly the aircrafts."

  41. Air Force Comments On Drone Malware

    News · Security · · posted by samzenpus · from the nothing-to-see-here-citizen dept. · 74 comments
    wiredmikey writes "Air Force officials have revealed more details about a malware infection that impacted systems used to manage a fleet of drones at the Creech Air Force Base in Nevada as reported last week. The 24th Air Force first detected the malware – which they characterized as a 'credential stealer' as opposed to a keylogger as originally reported — and notified Creech Air Force Base officials Sept. 15 that malware was found on portable hard drives approved for transferring information between systems. The infected computers were part of the ground control system that supports remotely-piloted aircraft (RPA) operations. The malware is not designed to transmit data or video or corrupt any files, programs or data, according to the Air Force. The ground system is separate from the flight control system used by RPA pilots to fly the aircrafts."

  42. Android Malware Using Blog As C&C Server

    News · Android · · posted by samzenpus · from the command-and-comment dept. · 89 comments
    wiredmikey writes "Security researchers have discovered a unique feature circulating in some Android-based malware. The malicious application is using a blog in China to act as a Command and Control (C&C) server. On Tuesday, Trend Micro discovered a malicious Android application out of China using the new trick to receive instructions, and appears to be the first time Android malware implemented this kind of technique to communicate with its server."

  43. Hitachi-LG Fined $21M For Price-Fixing Optical Drives

    Hardware · Crime · · posted by Soulskill · from the hand-in-the-cookie-jar dept. · 98 comments
    wiredmikey writes "Hitachi-LG Data Storage, a joint venture between Hitachi and LG Electronics, has agreed to plead guilty and to pay a $21.1 million criminal fine for its part in a scheme to rig bids and fix prices of optical disk drives. According to the Department of Justice, the company had conspired with others to rig the bidding process on optical disk drives sold to Dell, HP, and Microsoft. Court documents show that Dell and HP hosted optical disk drive procurement events in which bidders would be awarded varying amounts of optical disk drive supply depending on where their pricing ranked."

  44. Facebook Adds Malicious Link Protection

    Yro · Facebook · · posted by samzenpus · from the click-away-grandma dept. · 113 comments
    wiredmikey writes "As any IT security department knows, social networks pose a significant threat to users across the board as they blindly click links which often lead to spam or other malicious sites that could result in malware infection. In a move to further protect users of the world's largest social networking site, Facebook is adding a new feature to help protect users from links to these malicious sites. Starting today, when a Facebook user clicks on a link it will be checked against a database from Websense in an attempt to determine if the link is malicious. If the link is determined to be risky, the user will be given the choice to continue at their own risk, return to the previous screen, or get more information on why it was flagged as suspicious."

  45. Prototyping Boards Make It Easier To Find Flaws in Specialized Hardware

    Hardware · Security · · posted by timothy · from the arduino-nuclear-plant dept. · 56 comments
    wiredmikey writes "Author Robert Vamosi writes an interesting piece on how security researchers are using open source 'prototyping boards' and other open source tools now available via the Internet for rapid prototyping of tools used in hardware analysis. 'The days of saying it would take the resources of a nation-state to discover or exploit vulnerabilities in a particular piece of hardware in an industrial control system or a healthcare environment are rapidly fading,' he writes. Vendors who do not test their products before selling them into the field are doomed to be targets of future research and, perhaps, attacks."

  46. HideMyAss.com Doesn't Hide Logs From the FBI

    Yro · Crime · · posted by timothy · from the technically-sir-you-were-being-a-donkey dept. · 233 comments
    An anonymous reader writes "People use VPN services to hide their identities online, right? And a UK-based service called HideMyAss would seem to fit that bill perfectly. Not so, unfortunately: they have to hand over the logs to the FBI when a UK judge tells them to." Reader wiredmikey points to a story at SecurityWeek, too.

  47. Adobe Pushes Emergency Flash Player Security Fix

    It · Security · · posted by samzenpus · from the slap-on-the-patch dept. · 56 comments
    wiredmikey writes "As expected, Adobe today released a security update for its Flash Player. The out of cycle update addresses critical security issues in flash player as well as an important universal cross-site scripting issue. Adobe reported that one of the vulnerabilities (CVE-2011-2444) is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious link delivered in an email message. To illustrate the importance of keeping systems up to date, including Adobe Flash products, the fact that the RSA cyber attack was executed using a spear phishing attack with an embedded flash file should serve as a friendly reminder. RSA was breached after an employee opened a spreadsheet that contained a zero-day exploit that installed a backdoor through an Adobe Flash vulnerability."

  48. Japan's Largest Defense Contractor Hacked

    News · Security · · posted by samzenpus · from the show-me-the-secrets dept. · 96 comments
    wiredmikey writes "Mitsubishi Heavy Industries Ltd, Japan's largest defense contractor, has been a victim of a cyber attack, according to a report from the company. The company said attackers had gained access to company computer systems, with some reports saying the attacks targeted its submarine, missile and nuclear power plant component businesses. According to The Yomiuri newspaper, approximately 80 systems had been infected with malware at the company's headquarters in Tokyo, as well as manufacturing and research and development sites, including Kobe Shipyard & Machinery Works, Nagasaki Shipyard & Machinery Works and Nagoya Guidance & Propulsion System Works. 'We can't rule out small possibilities of further information leakage but so far crucial data about our products or technologies have been kept safe,' a Mitsubishi Heavy spokesman told Reuters. 'We've found out that some system information such as IP addresses have been leaked and that's creepy enough,' the spokesman added."

  49. SpyEye Botnet Nets Fraudster $3.2M In Six Months

    News · Botnet · · posted by Soulskill · from the get-rich-quick-with-malware dept. · 99 comments
    wiredmikey writes "The SpyEye Trojan has a well-earned place of respect in the cyber-underground as an adaptable and effective piece of malware. Those same traits have also made it a bane for countless victims and the security community, and new research provides yet another reminder of why. According to security researchers, a hacker in his early 20s known by the alias 'Soldier' led a bank fraud operation that netted $3.2 million in six months. Powered by the SpyEye crimeware kit and aided by money mules and an accomplice believed to reside in Hollywood, Soldier commanded a botnet of more than 25,000 computers between April 19 and June 29 that compromised bank accounts and made off with the profits. Most of the victims were in the U.S., but there were a handful of victims in 90 other countries as well. Among the affected organizations were banks, educational facilities and government agencies."

  50. Researchers Report Spike In Boot Time Malware

    It · Security · · posted by CmdrTaco · from the can't-fight-the-fever dept. · 132 comments
    wiredmikey writes "In their most recent intelligence report, Symantec researchers pointed out a massive increase in the amount of boot time malware striking users, noting there have already been as many new boot time malware threats detected in the first seven months of 2011 as there were in the previous three years. Also known as MBR (master boot record) threats, the malware infect an area of the hard disk that makes them one of the first things to be read and executed when a computer is turned on. This enables the threats to effectively dodge many security defenses."