Headlines

Check out what is happening in Security and ABS Computer Technology, Inc.

Undercover Cameras Catch PC Repair Scams, Privacy Violations

By aewhale - 7/23/2009 So you take your PC to a repair shop, and the repair shop takes you to the cleaners.

Adobe download site contains vulnerable software

By Admin - 7/23/2009 Would you expect that the software available for your next download to be free from known vulnerabilities?

Spyware In BlackBerry Updates For Users in the UAE

By aewhale - 7/17/2009 What is your expectation of privacy? Do you think that your service provider is installing spyware on your Crackberry?

12% of E-mail Users Have Responded To Spam

By aewhale - 7/17/2009 That's a higher rate of return than what you get at the bank!

Attacks against IE (Internet Exploder) multiply

By aewhale - 7/15/2009 The exploits of unpatched ActiveX controls are multiplying rapidly. Time to switch browsers to FireFox, if you haven't already!

UK, Not North Korea, Is Source of DDoS Attacks

By aewhale - 7/15/2009 Surprise, look at what is happening in your own back yard! In fact, a VPN connection from Florida may point to another leg in the attack of various websites.

German Health Insurance Card CA Loses Secret Key

By aewhale - 7/15/2009 OK who's got the key? Without a good backup plan, the German Health agency needed to replace up to 80 million issued health care cards.

Is that HotSpot you are using Safe?

By aewhale - 7/12/2009 Most Hot Spots are being run from someone's PC.

Is your ATM Hacked?

By aewhale - 7/12/2009 I still think that writing checks is safer than using the ATM.

PC infection give hackers immediate access and $400,000.00 +

By aewhale - 7/8/2009 This new keystroke logger and Trojan, as well as co-conspirators defeat banking security.

Korean DDoS Bots To Self-Destruct

By aewhale - 7/12/2009 Attacks of the future are coming from the internet. This is the easiest method for disrupting the business of the victims.

Microsoft Warns of New Video ActiveX Vulnerability

By aewhale - 7/8/2009 New vulnerabilities in Microsoft software reported.

Symantec does not like it when you use Free AntiVirus

By aewhale - 7/5/2009 The product manager at symantec does not like it when consumers use free anti-virus products to protect yourself. Of course if they are upset, perhaps it's not so bad after all.

iPhone Vulnerability Yields Root Access Via SMS

By aewhale - 7/4/2009 Your next Text Message can give hackers direct root access.

New AES Attack Documented

By aewhale - 7/2/2009 New encryption methods reduce the strength of AES-256 encryption.

New Click-Fraud Attack Is Stealthiest Yet

By aewhale - 7/2/2009 This piece of Malware can seemingly ruined your Adwords campaigns, and make it seem that you have more visitors than you actually do.

Once a Hacker, always a hacker

By aewhale - 6/28/2009 Kevin Mitnick, famous for gaining access to many high-profile systems, warns today's young hackers not to follow in his footsteps, because their crimes never go away. He can call himself a security consultant, but he's still a Hacker.

Reporters Find US Gov't Data In Ghana Market

By aewhale - 6/26/2009 Hundreds and hundreds of documents about government contracts,' were found on a hard drive purchased at a market in Ghana for the bargain basement price of $40.

Who needs Wireless Security?

By aewhale - 6/24/2009 We believe that everyone does. Today we learned that TJX is paying out more than $9.75 Million dollars to patch up the lawsuits from their wireless security breach.

Attack On a Significant Flaw In Apache Released

By aewhale - 6/20/2009 There are many Apache Servers which may remain vulnerable. These attacks are easy to miss.

Computer hackers victimize Portsmouth coffee shop customers

By aewhale - 6/17/2009 This is certainly not the first occurrence, and most certainly won't be the last either.

The Next Ad You Click May Be a Virus

By aewhale - 6/16/2009 Jay notes a Wall Street Journal report about ad networks unintentionally selling empty space to malware loaders (the link is to a syndicating site that doesn't require a subscription to view). The submitter comments: "The labeling of the fake ad sellers as hackers is pretty bogus; there's no hacking involved. Simply sign up for one of these networks, create your fake site, put up another company's creative, and you're good to go." The incidents being reported go back a few months, but the pattern of this criminal activity seems to be coming clear only recently."EWeek.com, a technology news site owned by Ziff Davis Enterprise, in February displayed an ad on its homepage masquerading as a promotion for LaCoste, the shirt maker. The retailer hadn't placed the ad — a hacker had, to direct users to a Web site where harmful programs would be downloaded to their computers, says Stephen Wellman, director of community and content for Ziff Davis."

The "Hidden" Cost Of Privacy

By aewhale - 6/16/2009 Schneier points out an article from a while back in Forbes about the "hidden" cost of privacy and how expensive it can be to comply with all the various overlapping privacy laws that don't necessarily improve anyone's privacy. "What this all means is that protecting individual privacy remains an externality for many companies, and that basic market dynamics won't work to solve the problem. Because the efficient market solution won't work, we're left with inefficient regulatory solutions. So now the question becomes: how do we make regulation as efficient as possible?"

New Exploit Uses JavaScript To Compromise Intranets, VPNs

By aewhale - 6/13/2009 "Security researcher Robert Hansen, known as Rsnake, has developed a new class of attack that abuses a weakness in many corporate intranets and most browsers to compromise remote machines with persistent JavaScript backdoors. Threatpost reports: 'The attacks rely on the long-term caching policies of some browsers and take advantage of the collisions that can occur when two different networks use the same non-routable IP address space, which happens fairly often because the amount of address space is quite small. The bottom line is that even a moderately skilled attacker has the ability to compromise remote machines without the use of any vulnerability or weakness in the client software.'"

Is China Creating the World's Largest Botnet Army?

By aewhale - 6/13/2009 "The Chinese government is mandating that all computers sold in China come with Internet blocking software. Rob Cottingham writes an excellent piece noting how the censorship application of this software should be the least of our concerns. This new software may create an opportunity for the Chinese Government to appropriate these computers and use them to create the worlds largest botnet army." Update: 06/11 21:26 GMT by T : J. Alex Halderman writes "My students and I have been examining the Green Dam censorware software. We've found serious vulnerabilities that can be exploited by any web site a user visits with the software installed. We also found that some of the blacklists seems to have been taken from the American-made filtering program CyberSitter. We've posted a report and demo."

Collateral Damage From Cyber Warfare?

By aewhale - 6/13/2009 "If you're thinking about applying for that open US cyber warfare czar position, Robert X. Cringely points out that you will have to effectively function as a world cyber warfare czar, a fact that neither Republican nor Democratic Administrations have yet been willing to embrace, at least in public. The international nature of today's outsourced-and-offshored IT business has big implications for US security. Try to do a security audit of your company's technical resources in Argentina or Bangladesh, suggests Bob, and see what nightmare is unveiled. Toss some random Code Gods into the mix, says Cringely, and it's really too tough to predict who might win in a game of US vs. Albania."

Chinese Govt Spyware Puts Computers At Risk

By aewhale - 6/13/2009 "China's mandatory 'Green Dam Youth Escort' web filter software apparently has a series of severe flaws. In addition to not working on Linux or MacOS, traffic between the software and its servers is unencrypted."

NSA Ill-Suited For Domestic Cybersecurity Role

By aewhale - 6/13/2009 "Former CIA counterterrorism analyst Stephen Lee has an interesting article in the Examiner asserting that the National Security Agency is 'a secretive, hidebound culture incapable of keeping up with innovation,' with a history of disregard for privacy and civil liberties. Lee says that for most of its sixty-year history, the NSA has been geared to cracking telecom and crypto gear produced by Soviet and Chinese design bureaus, but at the end of the cold war became 'stymied by new-generation Western-engineered telephone networks and mobile technologies that were then spreading like wildfire in the developing world and former Soviet satellite countries.' When the NSA finally recognized that it needed to get better at innovation, it launched several mega-projects, tagged like 'Trailblazer' and 'Groundbreaker,' that have been spectacular failures, costing US taxpayers billions. More recently, the NY Times reported that the NSA has been breaking rules set by the Obama administration to peer even more aggressively into American citizens' phone traffic and email inboxes. Whistleblower reports portray NSA domestic eavesdropping programs as unprofessional and poorly supervised, with intercept technicians ridiculing and mishandling recordings of citizens' private 'pillow talk' conversations. Lee concludes that 'if the Federal government must play a role, then Congress and President Obama should turn to another agency without a record of creating mistrust — perhaps even a new entity. Meanwhile, NSA should focus on listening in on America's enemies, instead of being an enemy of Americans and their enterprises.'"

Security Flaw Hits VAserv; Head of LxLabs Found Hanged

By aewhale - 6/10/2009 "The discovery of 24 security vulnerabilities may have contributed to the death of the chief of LxLabs. A flaw in the company's HyperVM software allowed data on 100,000 sites, all hosted by VAserv, to be destroyed. The HyperVM solution is popular with cheap web hosting services and the attacks are easy to reproduce, which could lead to further incidents."

Paris Hosts the Second Hacker Space Festival

By aewhale - 6/10/2009 "Hackers from all over Europe will meet at the end of the month (27-30 June) at the second Hacker Space Festival in Paris. The four-day schedule includes conferences and workshops on: Metasploit, HostileWRT, FPGA for beginners, ICT disaster recovery, software patents in Europe, Hadopi, and many other topics. The future of Hacker Spaces will also be debated. The event will be hosted by the first French hackerspace, /tmp/lab, located in an industrial zone on the outskirts of Paris."

Hackers Claim To Hit T-Mobile Hard

By aewhale - 6/8/2009 "Hackers are claiming to own T-Mobile USA's servers and to have access to the cellular phone carrier's operations, finance and subscriber data." (Here's the seclists.org post of the claimed breach.)

Hacker Jeff Moss Sworn Into Homeland Security Advisory Council

By aewhale - 6/7/2009 "Hacker Jeff Moss, founder of computer security conferences DEFCON and Black Hat, has been sworn in as one of the new members of the Homeland Security Advisory Council (HSAC) of the DHS. Moss, who goes by the handle 'the Dark Tangent' says he was surprised to be asked to join the council and that he was nominated to bring an 'outside perspective' to its meetings. He said, 'I know there is a new-found emphasis on cybersecurity, and they're looking to diversify the members and to have alternative viewpoints. I think they needed a skeptical outsider's view because that has been missing.'"

New Denial-of-Service Attacks Threaten Wireless Data Networks

By aewhale - 6/7/2009 "Forget spam, viruses, worms, malware and phishing. These threats are apparently old school when compared to a new class of denial-of-service (DOS) attacks that threaten wireless data networks. The threats were outlined in a talk in NYC Thursday by Krishan Sabnani, vice president of networking research at Bell Labs, at the Cyber Infrastructure Protection Conference at City College of New York. Sabnani said they are the result of inherent weaknesses in Mobile IP, a protocol that uses tunneling and complex network triangulation to allow mobile devices to move freely from one network to another. 'We need to especially monitor the mobile networks — with limited bandwidth and terminal battery — for DOS attacks,' Sabnani said, adding that the newest DOS attacks on wireless networks involve repeatedly establishing and releasing connections. These attacks are easy to launch and hard to detect, he said."

The Pirates Will Always Win, Says UK ISP

By aewhale - 6/7/2009 "The head of UK ISP TalkTalk, Charles Dunstone, has made the comment ahead of the communications minister's Digital Britain report that illegal downloading cannot be stopped. He said 'If you try speed humps or disconnections for peer-to-peer, people will simply either disguise their traffic or share the content another way. It is a game of Tom and Jerry and you will never catch the mouse. The mouse always wins in this battle and we need to be careful that politicians do not get talked into putting legislation in place that, in the end, ends up looking stupid.' Instead he advocates allowing users 'to get content easily and cheaply.'"

Hackers Claim $10K Prize For StrongWebmail Breakin

By aewhale - 6/7/2009 "Telesign, a provider of voice-based authentication software, challenged hackers to break into its StrongWebmail.com Web site late last week. The prize: $10,000. On Thursday, a group of security researchers claimed to have won the contest, which challenged hackers to break into the Web mail account of StrongWebmail CEO Darren Berkovitz and report back details from his June 26 calendar entry. The hackers, led by Secure Science Chief Scientist Lance James and security researchers Aviv Raff and Mike Bailey, provided details from Berkovitz's calendar to IDG News Service. In an interview, Berkovitz confirmed those details were from his account. However, Berkovitz could not confirm that the hackers had actually won the prize. He said he would need to check to confirm that the hackers had abided by the contest rules, adding, 'if someone did it, we'll kind of put our heads down.'"

L0phtCrack (v6) Rises Again

By aewhale - 5/31/2009 "L0phtCrack — now 12 years old — used to be a security 'tool of choice' for black hats, pen-testers, and security auditors alike — that is, until it was sold by L0pht to @stake, then Symantec, to be released and subsequently dropped as LC 5. As an IT security consultant, I used this tool to regularly expose vulnerabilities or recover data when there were few other options available. Eventually, I let it go as tech evolved away. Now, after being returned to its original developers, version 6 was released this week with fresh features: support for 64-bit multiprocessors, (current) Unix and Windows operating systems, and a number of other features, including enhanced handling of NTLM password hashes and support for rainbow tables. Interested parties, especially consultants, will find this shiny new version sports a hefty price tag. It raises doubts in my mind whether it can effectively compete with open source alternatives that go by similar names, but as I found earlier versions so useful, its re-emergence seems worth the mention."

What a Hacked PC Can Be Used For

By aewhale - 5/30/2009 "Computer users often dismiss Internet security best practices because they find them inconvenient, or because they think the rules don't apply to them. Many cling to the misguided belief that because they don't bank or shop online, that bad guys won't target them. The next time you hear this claim, please refer the misguided person to this blog post, which attempts to examine some of the more common — yet often overlooked — ways that cyber crooks can put your PC to criminal use."

White House To Appoint "Internet Czar"

By aewhale - 5/28/2009 "The Washington Post reports that President Obama is set to appoint a 'Cybersecurity czar with a broad mandate': 'The adviser will have the most comprehensive mandate granted to such an official to date and will probably be a member of the National Security Council but will report to the national security adviser as well as the senior White House economic adviser, said the sources, who spoke on the condition of anonymity because the deliberations are not final. The announcement will coincide with the long-anticipated release of a 40-page report that evaluates the government's cybersecurity initiatives and policies. The report is intended to outline a "strategic vision" and the range of issues the new adviser must handle, but it will not delve into details, administration officials told reporters last month.' Cynics are expecting the appointee to be a lawyer for the RIAA."

DoD Sharing Threat Data With Critical Industries

By aewhale - 5/28/2009 "The Washington Post reports that for the past two years, the Defense Department has been collaborating with critical industries to stem the loss of important defense industry data — by some estimates at least $100 billion worth over that time. The Pentagon is considering ways to share its threat data with other industries including telecommunications and Internet service providers, led by the DoD's Cyber Crime Center, the clearinghouse for threat data from the NSA, military agencies, the DHS, and industry. The Pentagon's trial program with industry illuminates the promise and the pitfalls of such partnerships: a reluctance of intelligence and law enforcement agencies to release threat data they consider classified, and the companies' fear of losing control over personal or proprietary information. 'This isn't just about national security,' says Barbara Fast, vice president of Boeing Cyber Solutions. 'It's about the economic well-being of the United States.'"

Malware fighting Firewalls are not enough

By aewhale - 5/28/2009 "The InfoWorld Test Center has released vulnerability testing results for four so-called 'unified threat managers' — single units that combine firewall, VPN, intrusion detection and prevention, anti-malware, anti-spam, and Web content filtering in lieu of a relay rack stuffed top to bottom with appliances. The lab threw nearly 600 exploits of known vulnerabilities in a wide range of popular OSes, applications, and protocols, and despite being designed to thwart such threats, the UTMs as a class allowed hundreds to pass through. Why did the UTMs miss so many exploits? A lack of horsepower to perform the necessary deep packet inspection under load is suspected, as the lab pushed the limits of each unit's throughput with legitimate traffic. 'The upshot is, although the vendors have packed these devices with additional gateway security functions, clearly many UTMs are still strictly firewalls at heart.'"

«Previous Page • 1 2 3 4 5 6 7 8 9 10 • Next Page»