This section is devoted to featuring late-breaking cyber security news stories.
Aug. 31, 2008 - Jason Trahan
Teen Wouldn't Quit His Hacking Ways, FBI Says
Two years ago, Matthew Weigman and his mother sat down with an FBI agent, and he was offered a second chance.
The 16-year-old had a reputation in hacker circles as one of the best around. His specialty was the phone system, and he was known for conning telecom employees into believing he was a colleague to gain access to unlisted numbers, the ability to shut off a rival's service or listen in on others' calls.
Aug. 30, 2008 - Michael Arrington
MySpace Cofounder Tom Anderson Was a Real Live "WarGames" Hacker in 1980s
Late last year we discovered that MySpace cofounder Tom Anderson, arguably the most popular individual on the Internet with 240+ million MySpace friends (he is added by default to every MySpace account) was actually 37 years old, not the 32 that he continues to claim on his MySpace page.
Now we’ve learned a much more colorful part of Anderson’s history: In 1985, when he was fourteen and in high school in Escondido, California, Anderson was subject to one of the largest FBI raids in California history after hacking into a Chase Manhattan Bank computer system and subsequently showing his friends how to do it.
Aug. 29, 2008 - Charles Levinson
Hackers Attack Iraq's Vulnerable Computers
Maj. Ahmed Khathem, the head of Iraq's newly formed cybercrimes division, sits in a borrowed office, at a borrowed desk, working on a laptop borrowed from one of his subordinates.
It is his unit's lone computer, highlighting the country's vulnerability to a community of Iraqi hackers defacing websites and attempting to hack into sensitive internal networks.
Aug. 29, 2008 - CNN
FAA Computers Delay Hundreds of Flights
Air traffic delays began to clear up Tuesday evening after computer problems left travelers across the United States waiting in airports, the Federal Aviation Administration said.
Airports experienced hours of flight delays Tuesday afternoon after a communications breakdown at a Federal Aviation Administration facility, the administration said.
Aug. 29, 2008 - James Schlett
TrustCo Sues TJX Over Breach
TrustCo Bank Corp is resorting to litigation to recoup costs it incurred after reissuing thousands of credit cards to customers affected by the security breach at the parent company of the T.J. Maxx and Marshalls chains.
The Glenville bank holding company last month filed a lawsuit in Schenectady County Supreme Court against TJX Companies, shedding light on the financial burdens hackers are indirectly imposing on local banks and credit unions.
Aug. 29, 2008 - Charles Levinson
Hackers Attack Iraq's Vulnerable Computers
Maj. Ahmed Khathem, the head of Iraq's newly formed cybercrimes division, sits in a borrowed office, at a borrowed desk, working on a laptop borrowed from one of his subordinates.
It is his unit's lone computer, highlighting the country's vulnerability to a community of Iraqi hackers defacing websites and attempting to hack into sensitive internal networks.
Aug. 29, 2008 - David Brown
British Hacker Gary McKinnon in Final Appeal to Home Secretary Over Extradition
A UFO enthusiast who hacked into top-secret US military computers appealed to the Home Secretary yesterday to stop his extradition after losing a legal appeal.
Gary McKinnon is due to be extradited to the United States within two weeks and could face a sentence of up to 80 years in a maximum-security prison if found guilty. He admits to having accessed 97 US Navy, Army, Nasa and Pentagon computers in what has been described as “the biggest computer hack of all time.”
(Click here to read news.) (Related Story)
Aug. 28, 2008 - CNN
European Court Backs UK Hacker Extradition
The European Court of Human Rights cleared the way Thursday for the extradition of a British man to the United States, where prosecutors say he hacked into computers at a variety of military installations including the Pentagon, U.S. Navy, and NASA.
Gary McKinnon had appealed to the court to block his extradition, but the court announced Thursday it was refusing his request.
(Click here to read news.) (Related Story)
Aug. 27, 2008 - Elinor Mills
Rising Fraud Threats in Virtual Worlds
Virtual worlds are playgrounds not just for people who want some online fantasy role-playing, but for cybercriminals who are looking for places to launder money and steal data, according to a new white paper from McAfee (PDF).
The in-game economies of virtual worlds are being hijacked by criminals who attempt to hide their profits through the exchange of virtual currencies, Dr. Igor Muttik, a senior architect at McAfee's Avert Labs says in a white paper entitled "Securing Virtual Worlds Against Real Attacks--The Challenges of Online Game Development."
Aug. 27, 2008 - Egan Orion
Taiwan Busts Hacking Ring
Inspector Knacker of the Taiwan yard has swooped down on a ring of cyber-thiefs who had been targeting government and corporate data stores.
The six individuals arrested allegedly had attacked various government agencies, state-run companies, telecom corporations and a television shopping network.
Aug. 27, 2008 - Elinor Mills
Security Hole Opens Up Password Protected iPhones
A serious security hole in the latest iPhone software exposes e-mail, text, and voice messages to whoever gets a hold of the device despite it being password-protected.
Basically, clicking emergency call and double-clicking the "home" button brings up the favorites on iPhone 2.0.2, which opens up the address book, the dial keypad and voice mail, according to a report on Engadget, which got the tip on the hole from the MacRumors Forum.
Aug. 27, 2008 - Kim Hart
A New Breed of Hackers Tracks Online Acts of War
Here in the Citizen Lab at the University of Toronto, a new breed of hackers is conducting digital espionage.
They are among a growing number of investigators who monitor how traffic is routed through countries, where Web sites are blocked and why it's all happening. Now they are turning their scrutiny to a new weapon of international warfare: cyber attacks.
Aug. 26, 2008 - Kim Zetter
Revealed: The Internet's Biggest Security Hole
Two security researchers have demonstrated a new technique to stealthily intercept internet traffic on a scale previously presumed to be unavailable to anyone outside of intelligence agencies like the National Security Agency.
The tactic exploits the internet routing protocol BGP (Border Gateway Protocol) to let an attacker surreptitiously monitor unencrypted internet traffic anywhere in the world, and even modify it before it reaches its destination.
Aug. 26, 2008 - Brian Prince
Attackers Targeting Linux Infrastructures with Rootkit to Steal SSH Keys
U.S.-CERT is warning of attacks targeting Linux-based infrastructures using compromised SSH keys. After access is gained to the system, local kernel exploits are used to gain root access. A rootkit is then installed to steal more SSH keys. The attack could be related to a flaw affecting Debian-based encryption keys discovered earlier this year.
Aug. 26, 2008 - Roee Nahmias, Israel News
Fatah Hackers Breach Hamas Website
Fatah hackers brought down Tuesday a website belonging to Izz al-Din al-Qassam, Hamas' military wing, precisely two months after the site was breached by the Israeli Fanat Al Radical group.
"Don't say this is the work of the intelligence services. This is only Fatah youth and the hackers of Palestine," said a message planted on the Hamas site. "Our commander is Abu Mazen (Mahmoud Abbas.) We won't accept anyone but him."
Aug. 26, 2008 - Peter Schworm
Needham Schools Say System Was Breached
A junior at Needham High School posted students' schedules and identification numbers and teachers' classroom rosters on his Facebook account after hacking into an online student information system, school officials said yesterday.
In an e-mail sent yesterday morning to high school parents, principal Paul Richards and the district's superintendent, Dan Gutekanst, said the student admitted he had obtained and posted the information after learning part of a teacher's password, then developing a program to penetrate the system.
Aug. 26, 2008 - Dennis Fisher
Microsoft Makes Privacy a Priority in IE 8
Microsoft is planning to add a significant number of privacy enhancements in Internet Explorer 8, including a new private browsing mode called InPrivate. The list of new features addressing privacy concerns is impressive and reflects the growing concern in the industry and the user community at large about the amount of private information that Web sites routinely collect from visitors, much of it without their knowledge. The most significant addition is the InPrivate browsing mode, which enables users to control whether IE saves a record of their online movements. In this mode, IE 8 will not save cookies, passwords, browsing history or any other record of the user’s browsing session.
Aug. 26, 2008 - Ryan Singel
Virus Infects Space Station Laptops (Again)
Viruses intended to steal passwords and send them to a remote server infected laptops in the International Space Station in July, NASA confirmed Tuesday.
And according to NASA, this wasn't the first infection.
Aug. 26, 2008 - Dan Newling
Government Probe Launched After Details of One Millon Bank Customers Found on Computer Sold on eBay
The eBay computer scandal which saw the loss of personal data on a million bank customers is to be investigated by the Information Commissioner.
The firms involved - the Royal Bank of Scotland, NatWest and American
Express - have also promised to launch probes.
The Mail revealed today that the data was found on a second-hand computer sold for £35 in an eBay auction.
Aug. 26, 2008 - Joseph Mann
Public, Private Sectors at Odds Over Cyber Security
Three very big and very different computer security breaches that have dominated recent headlines did more than show how badly the Internet needs major repairs. They also exposed the huge rift between corporate America and the federal government over who should fix it, cyber-security experts say.
In the last few months, law enforcement officials cracked an international ring that tapped customer databases and trafficked in tens of millions of credit card numbers; a researcher uncovered a major flaw that permits hackers to steer some Web surfers to fake versions of popular websites filled with malicious software; and computer assaults, which some researchers said they had traced back to Russia's state-run telecommunications firms, crippled websites belonging to the country of Georgia.
Aug. 25, 2008 - Brenda Zulu, IDG News Service
Cybersecurity Lacking in Africa, Official Says
Africa will not realize the benefits of IT without improvements in cybersecurity, the secretary general of the Common Market for Eastern and Southern Africa (COMESA) said today.
Speaking at the International Telecommunication Union's (ITU's) regional Cybersecurity Forum being held here this week, Amos Marawa said that IT infrastructure must be properly secured before any e-government programs are put into place, and he called for better training for members of the judiciary and law enforcement in computer forensics. He also called for regional cooperation on both legal and technical matters relating to cybersecurity.
Aug. 25, 2008 - Iain S. Bruce
Revealed: 8 Million Victims in the World's Biggest Cyber Heist
An international criminal gang has pulled off one of the most audacious cyber-crimes ever and stolen the identities of an estimated eight million people in a hacking raid that could ultimately net more than £2.8billion in illegal funds.
A Sunday Herald investigation has discovered that late on Thursday night, a previously unknown Indian hacker successfully breached the IT defences of the Best Western Hotel group's online booking system and sold details of how to access it through an underground network operated by the Russian mafia.
Aug. 23, 2008 - Jonathan Richards
Thousands of Cyber Attacks Each Day on Key Utilities
Computer networks controlling electricity supplies, telecommunications and banking are being attacked thousands of times a day in a new cyberwar against Britain waged by criminals and terrorists — some of them backed by foreign states — the Government has said.
Lord West of Spithead, the Security Minister, told The Times that a mixture of state-sponsored individuals “and those operating at a terrorist level” frequently tried to break into the key networks.
Aug. 22, 2008 - Brian Krebs
Web Fraud 2.0: Distributing Your Malware
The allure of cyber crime lies in its promise of quick riches, much like that of the illegal drug trade. But building a network of hacked personal computers that can distribute your data-stealing malicious software is a time-consuming process that requires a modicum of skill. That is, until recently, when several online services have emerged that promise to help would-be cyber crooks graduate from common street dealers to distributors overnight.
Aug. 22, 2008 - John Leyden
Red Hat Hack Prompts Critical OpenSSH Update
Red Hat has warned that hackers were able to commandeer its systems and tamper with code - but said that since its content distribution was not hit, it is confident that polluted code has not served up to users.
Aug. 21, 2008 - BusinessWire
Midsize Companies Say Information Security Outranks Reducing Costs as a Business Issue, Finds Arrow ECS Midmarket Survey
A majority of information technology decision-makers at U.S. midsize companies say that information security is the most important business issue for their companies’ future success, followed by reducing costs and improving customer service. This is just one of the findings of a survey by the Midmarket Group of Arrow Enterprise Computing Solutions, a business segment of Arrow Electronics, Inc. (NYSE: ARW).
The survey, which examines the role and importance of technology in addressing business issues at midsize companies, finds that 61 percent plan to increase spending on information technology (IT) in the coming year, with only 10 percent expecting budget cuts.
Aug. 21, 2008 - Victor Mallet
Mutually Assured Destruction in Cyberspace
The crisis in Georgia has not only stoked fears of a belligerent Russia. It has also served as a reminder that a new style of warfare - potentially as devastating as those that terrified previous generations - is almost upon us: cyberwar.
Before Russia invaded Georgia, co-ordinated attacks were launched against Georgian government websites, leaving internet servers overloaded and disabled.
(Click here to read news.) (Related article)
Aug. 21, 2008 - Jeremy Kirk, IDG News Service
Nokia Admits Mobile Phone Security Flaws
Nokia has confirmed that its widely used Series 40 operating system has security vulnerabilities that could allow stealth installation and activation of applications.
But the company is evasive on whether it paid €20,000 (£15,854) to researcher Adam Gowdiak of Security Explorations, who wanted payment for the six-month effort spent finding the flaws.
Aug. 21, 2008 - Thomas Claburn
FEMA's Phone System Hacked
A hacker hijacked the Federal Emergency Management Agency (FEMA) phone system over the weekend, leaving the agency with bill of about $12,000.
According to the Associated Press, someone placed over 400 calls through FEMA's National Emergency Training Center in Emmitsburg, Md., to several countries in the Middle East.
Aug. 21, 2008 - Elinor Mills
Security Expert: DNS Attacks Are Happening
A fatal flaw with the DNS (Domain Name System) is being exploited in Internet attacks and more attacks are likely, the security researcher who discovered the flaw said on Thursday.
"I do think we are going to see attacks. I think we have been seeing attacks already going on in the field," said Dan Kaminsky, director of penetration testing for IOActive, who warned the industry about the DNS vulnerability nearly five months ago. "We're doing everything we can to mitigate and reduce its incidence."
Aug. 20, 2008 - Edward Parshotam
Spammers Prepare New Anti-Georgia Botnet Onslaught
Cybercriminals are attempting to create a botnet network to launch cyber attacks against Georgian Government computers, according to Gary Warner, director of computer research and forensics at the University of Alabama at Birmingham.
Spam e-mails sent by the criminals seek to trick the user into clicking on a mock-up BBC story about the Georgian president.
Aug. 20, 2008 - Wyatt Kash
Army CIO Sets Revised Course
A year into his role as the Army’s chief information officer, Lt. Gen. Jeffrey Sorenson is pushing to sharpen and shift the focus of the Army’s information technology operations.
The new emphasis is on building the Army’s enterprisewide information technology capabilities as quickly as possible, he said at the LandWarNet conference this week.
Aug. 20, 2008 - Bruce Schneier
Boston Court's Meddling With "Full Disclosure" Is Unwelcome
In eerily similar cases in the Netherlands and the United States, courts have recently grappled with the computer-security norm of "full disclosure," asking whether researchers should be permitted to disclose details of a fare-card vulnerability that allows people to ride the subway for free.
The "Oyster card" used on the London Tube was at issue in the Dutch case, and a similar fare card used on the Boston "T" was the center of the U.S. case. The Dutch court got it right, and the American court, in Boston, got it wrong from the start -- despite facing an open-and-shut case of First Amendment prior restraint.
(Click here to read news.) (Related Story)
Aug. 20, 2008 - Ken Silverstein, Editor
Russia's Rise
The Free World triumphed during the Cold War. But the central antagonist in that conflict has risen once more as a global energy titan that is determined to regain respect.
Russian leaders recognize their clout and want to use that to bargain for such things as new energy infrastructure and seamless entry into the World Trade Organization. But such desires have been offset by their willingness to withhold energy supplies and to use aggression against the Georgian nation. While Russia's foreign investment climate is warming, investors are still concerned about political stability and regulatory certainty.
Aug. 20, 2008
Romanian Hackers Stripped Foreign Companies of Over 150 Million Dollars in 2008 Alone
Romanian hackers stripped foreign companies of over 150 million dollars in 2008 alone, Romania's Police representatives declared quoted by Romanian news television Realitatea TV.
Romania's secret service representatives declared that this sum represents only half of the total damages caused.
Aug. 20, 2008 - Chen Qian
10 Arrested For Hacking in Fake-Diploma Scheme
Ten people accused of hacking into government databases to add false information and create bogus diplomas were caught by police in Jiangxi Province, Legal Daily reported yesterday.
Alleged leaders of the hacker group have been arrested, the report said. One of them, surnamed Li, had made more than 2 million yuan (US$294,118) in only four months.
Aug. 19, 2008 - Kim Zetter
Federal Judge Throws Out Gag Order Against Boston Students in Subway Case
A federal judge in Boston this morning let expire a temporary gag order against three MIT students who were prevented from presenting a talk on security vulnerabilities in the Boston subway's fare tickets and cards.
Aug. 19, 2008 - Andreas M. Antonopoulos
Georgia Cyberwar Overblown
Last week Russian tanks rolled into South Ossetia while Russian bombers were taking out critical communications infrastructure. But even before the first tank rolled across the disputed borders, another war was brewing in cyberspace.
Aug. 18, 2008 - Brandon Griggs
U.S. At Risk of Cyberattacks, Experts Say
The next large-scale military or terrorist attack on the United States, if and when it happens, may not involve airplanes or bombs or even intruders breaching American borders.
Instead, such an assault may be carried out in cyberspace by shadowy hackers half a world away. And Internet security experts believe that it could be just as devastating to the U.S.'s economy and infrastructure as a deadly bombing.
Aug. 18, 2008 - Matthew B. Stannard
A Road Map to Wardriving in These Times
Memorize this: a5d1tmI#9DWSFX`/ksbo"RZ"l`SN`ito%b)Bel*B_EiCZ)q-h/`VF"3Gb_CM#TT.
Got it? You might want to try because that's the kind of password you'll need if you really want your wireless network to be secure.
Aug. 17, 2008 - Thais Portilho-Shrimpton
Battle for South Ossetia Fought in Cyberspace
The six-day war between Russia and Georgia may have seemed a scruffy, bloody, almost 19th-century nationalist conflict, but it saw the deployment of what will be a major weapon in the wars of the future: the internet. South Ossetia was, say experts in both technology and military studies, the world's first cyberwar.
Aug. 16, 2008 - Dan Karpenchuk
Canada Probes Security Breach
Canada is again facing an embarrassing security breach after a sensitive government document was found on a rainy Ottawa street.
The document, made up of 131 pages, was found on a rain-soaked street in a brown envelope. It detailed a number of the system's failings and even described how the data could be attacked by industrial hackers, environmental activists or organised crime.
Aug. 15, 2008 - Ari Takanen
VoIP Security Auditing Is Becoming More and More Complex...Not!
I am curious how people can conduct penetration tests of a complex VoIP system when they barely understand how VoIP infrastructure works. Today, security people are still stuck to auditing practices from 1990s. When asked to do a penetration test, a consultant often is only looking at past issues that can be detected using various vulnerability scanners. Very few of them know that vulnerability scanners have extremely bad coverage of vulnerabilities in VoIP solutions. And even if the tools did know VoIP, who really cares about past issues that might have been relevant several years ago.
Aug. 14, 2008 - Andrew Donoghue
Cybercriminal Prosecutions Falling Way Behind
The U.S. legal system is failing to bring prosecutions in cybercrime cases. This is despite being presented with online fraud and abuse complaints that number in the thousands.
The Center for American Progress and the Center for Democracy and Technology have issued a report titled “Online Consumers at Risk and the Role of State Attorneys General.” It claims that in 2006 and 2007, U.S. authorities, with the exception of several notable standouts, brought few significant cases to trial in response to online crime complaints.
Aug. 14, 2008 - Nancy Gohring, IDG News Service
McCain Promotes Online Security, Privacy Policies
Presumptive Republican presidential candidate John McCain, sometimes criticized for admitting to not using the Internet much, flexed his technology credentials while outlining his opinions about online security and privacy on Thursday.
While such issues are unlikely to be the ones to sway voters to one candidate or another, they could have an affect on national security and on day-to-day life for many Americans. "Whether it sways votes or not, privacy and security are two critical issues we face," said Chris Ridder, a residential fellow at Stanford Law school's center for Internet and society.
Aug. 14, 2008 - Siobhan Gorman
Cyberattacks on Georgian Web Sites Are Reigniting a Washington Debate
The cyberattacks in Georgia are re-energizing a debate over whether the laws of war apply in cyberspace. Among the biggest questions: When is a cyberattack an act of war?
As Russia continued military actions inside Georgia, in apparent violation of a Tuesday cease-fire agreement, some Georgian government Web sites, including the president's office, remained under attack.
Aug. 13, 2008 - Paul Davidson
U.S. Power Grid in Better Shape 5 Years After Blackout
Five years after the worst blackout in U.S. history, the nation's electrical system is far better equipped to prevent another big outage, but significant shortcomings remain, federal officials, grid operators and consultants agree.
Since the blackout on Aug. 14, 2003, which affected 50 million people in the Northeast, Midwest and part of Canada, federal regulators have approved standards for upkeep of the power grid. And utilities have new systems to monitor the network.
Aug. 13, 2008 - Alice Lipowicz
DHS Awards $11.7 Million For Cyber Research
The Homeland Security Department today awarded $11.7 million in grants for cybersecurity research to 13 recipients from industry and academia.
The department’s Science and Technology Directorate made some awards to focus research and development on botnets and malware, composable and scalable secure systems, cybersecurity metrics and data anonymization tools.
Aug. 13, 2008 - Gadi Evron
Georgia Cyber Attacks From Russian Government? Not So Fast
It is natural for people to link cyber attacks against Georgia to the Russian government's military actions. But industry expert Gadi Evron says the evidence so far indicates otherwise.
Aug. 12, 2008 - John Markoff
Before the Gunfire, Cyberattacks
Weeks before bombs started falling on Georgia, a security researcher in suburban Massachusetts was watching an attack against the country in cyberspace.
Jose Nazario of Arbor Networks in Lexington noticed a stream of data directed at Georgian government sites containing the message: “win+love+in+Rusia.”
Aug. 12, 2008 - Brad Stone
Trail in Global Theft Ring Leads to Miami
Investigators looking into a vast international credit card theft ring extending from Ukraine and Belarus to China and victimizing nine of the largest U.S. retailers faced a central mystery: Who was orchestrating the crimes on the ground in the United States?
It turned out, investigators now say, that he was right under their noses. And it was a reference to a character in the popular U.S. comedy "Seinfeld" - the Soup Nazi - that helped break the case.
Aug. 12, 2008 - John Leyden
Pentagon Hacker McKinnon Earns Extradition Delay
Pentagon hacker Gary McKinnon has been granted a short reprieve from possible extradition to the US while a European court decides whether or not to intervene.
Law lords rejected McKinnon's appeal against extradition last month, leaving the European Court of Human Rights as his final avenue of appeal. McKinnon's solicitors Kaim Todner have lodged an appeal to the European court arguing that strong arm tactics used by US authorities during plea bargaining negotiations and concerns that McKinnon may be subject to a military tribunal constitute a violation of his human rights.
(Click here to read news.) (Related Story)
Aug. 12, 2008 - Marin Perez
Researcher Wants to Charge Nokia, Sun For Phone Vulnerability
A security researcher said he has discovered serious vulnerabilities in the mobile Java technology on some Nokia (NYSE: NOK) handsets, but his method of raising awareness of this bug is potentially controversial.
Security researcher Adam Gowdiak, who is setting up the security company Security Explorations, said he's found 14 vulnerabilities in Java 2 Micro Edition (J2ME) that could allow hackers to attack Nokia's Series 40 handsets.
Aug. 12, 2008 - Brian Prince
Microsoft Patch Tuesday Targets 26 Application Flaws
Microsoft released its August Patch Tuesday update Aug. 12 with 11 bulletins that plug 26 security holes across multiple products.
Six of the bulletins are rated "critical" and address remotely exploitable flaws in Internet Explorer, PowerPoint, Excel, Microsoft Office Access, Microsoft Office and the Windows operating system. The critical bulletins swat a total of six bugs in Internet Explorer, five affecting Microsoft Office filters, four in Microsoft Excel, three in Microsoft PowerPoint, and one apiece affecting Office Access and the Windows Image Color Management system.
Aug. 12, 2008 - Robert Vamosi
Russia and Georgia Continue Attacks – Online
Researchers studying botnets have reported an increase in attacks on Georgian Web sites, including that of the country's president, within the last two weeks. While the attacks--Web site defacement and denial-of-service packet floods--are reminiscent of the Internet attacks waged against Estonia in May 2007, Jose Nazario, security researcher for Arbor Networks, told CNET News that he's seeing evidence that Georgia is apparently fighting back, attacking at least one Moscow-based newspaper site.
(Click here to read news.) (Related Story)
Aug. 11, 2008 - Ericka Chickowski
Recapping the Hacker Security Conference Black Hat
The 2008 Black Hat Security Conference in Las Vegas was chock full of security research and vulnerability information provided by the brightest minds in the security community. Here is a recap of the highlights from this year's Black Hat security sessions.
Aug. 11, 2008 - Jill R. Aitoro
Top IT Cops Say Lack of Authority, Resources Undermine Security
To understand what it's like to be a federal chief information security officer, consider Larry Ruffin. As CISO at the Interior Department, his job could be described as having little to do with being a chief and not much more about security.
Aug. 11, 2008 - Humphrey Cheung
Defcon's Wall of Sheep Eats iPhones for Breakfast, Lunch and Dinner
Las Vegas (NV) – Smartphones are great for texting and surfing the web, but many of those applications have absolutely no security according to security researchers at the recently completed Defcon computer security conference. Volunteers at the Wall of Sheep told TG Daily that mobile application developers are emphasizing usability over security. They add that many secure desktop applications become unsecure when ported over to the smartphone environment.
Aug. 11, 2008 - Johathan Richards
Georgia Accuses Russia of Waging "Cyber-war"
Georgia today accused Russia of waging a parallel ‘cyber-war’, using hacking techniques to block key Georgian government websites.
There was confusion as to the extent of the attacks, however, with at least two independent internet monitoring companies saying they had seen no evidence of large scale attacks on Georgian government infrastructure.
(Click here to read news.) (Related Story)
Aug. 7, 2008 - Declan McCullagh, Politics and Law
"Cybersecurity Commission" to Proffer Advice to Next President
Transitions between presidential administrations are typically influence-peddling, power-consolidating, appointee-vetting exercises run by Washington insiders. Perhaps that's why the quintessential Washington think tank, the Center for Strategic and International Studies, is trying to insert itself into the process.
The private organization, which has close ties to the U.S. military and counts Henry Kissinger on its payroll, has gathered about 35 people and awarded them the official-sounding title of "Commission on Cyber Security for the 44th Presidency." Adding to the formality are some closed-to-the-public meetings and ex-officio members from federal agencies, congressional offices, and the nebulous "intelligence community."
Aug. 5, 2008 - John Markoff
Russian Gang Hijacking PCs in Vast Scheme
A criminal gang is using software tools normally reserved for computer network administrators to infect thousands of PCs in corporate and government networks with programs that steal passwords and other information, a security researcher has found.
The new form of attack indicates that little progress has been made in defusing the threat of botnets, networks of infected computers that criminals use to send spam, steal passwords and do other forms of damage, according to computer security investigators.
Aug. 5, 2008 - Stefanie Hoffman
U.S. Indicts 11 For Alleged TJX Data Theft
A U.S. federal grand jury indicted 11 people Tuesday on charges that included the alleged theft of more than 45 million credit and debit card numbers from retail giant TJX in what officials call one of the largest data heists in history.
The U.S. Attorney's office in Boston said that the individuals indicted were responsible for "wardriving" and then hacking into wireless networks of numerous retailers, including TJX companies, BJ's Wholesale Club, OfficeMax (NYSE:OMX), Boston Market, Barnes & Noble, Sports Authority, forever 21 and DFW Inc. in order to steal tens of millions of credit card numbers.
Aug. 4, 2008 - David Hobson, MD
Olympics and IT - Be Aware, Be Very Aware
Not everyone loves the UK and our culture. Once the Olympics begin, we will become a major target of attacks driven by political and religious beliefs – and these attacks are likely to be both physical and digital.
This year’s Games haven’t even begun in Beijing and yet protests about human rights have been making headlines. London and the UK will step into the limelight the minute that Prime Minister Gordon Brown accepts the baton at the closing ceremony on 24 August. These attacks will provide a magnificent smokescreen behind which organised crime can hide. The security community must wake up to what may be in store and begin educating organisations about the threats to business.
Aug. 4, 2008 - Dan Goodin, San Francisco
Feds Accuse Bank Insider of Massive Data Heist
A financial analyst for Countrywide Home Financial, one of the world's biggest and most troubled mortgage lenders, has been arrested and charged with stealing personal information concerning a breathtaking number of the company's customers.
Rene Rebollo, 36, of Pasadena, California, downloaded 20,000 customer profiles including names and social security numbers just about every week for about two years, according to documents filed in federal court in Los Angeles. He would then sell the purloined information for about $500 per 20,000 profiles to various buyers. He netted as much as $70,000 through the scheme, prosecutors alleged.
Aug. 4, 2008 - Robert Vamosi
Apple Nixes Second Black Hat Talk
A panel discussion with Apple employees talking about the company's security practices was canceled by its moderator.
Black Hat founder and director Jeff Moss told ComputerWorld that "it was them talking about security engineering and how they take security seriously. It would have put Apple in a positive light."
Aug. 4, 2008 - Carole Fennelly
Hacker Court at Black Hat!
Hacker Court is once again returning to the Black Hat Briefings! For our seventh Black Hat presentation, we will be conducting a mock court trial focused on the issues of entrapment, journalist privilege and wiretapping, titled "Hack MyFace."
Hacker Court is a loose organization of attorneys, security professionals and hackers with the goal of demonstrating the dynamics, frustrations and complexity of computer crime trials.
Aug. 1, 2008 - Lahore, Pakistan
Awareness Campaign Urged Against Cyber Crime
Speakers at a seminar on "What is Computer Forensic?" stressed the need for launching a campaign to create awareness among the people about cyber crimes besides introducing new degree courses on computer forensic at college and university level to make database and online transactions safe and protected.
It was the first seminar of its kind on the computer forensic in Pakistan in which a large number of intellectuals, IT experts and heads of different educational and banking sectors were invited to explore ways to curb cyber crime.
