Headlines

Check out what is happening in Security and ABS Computer Technology, Inc.

New Bill Could Shift Federal Cybersecurity Work From DHS To White House

By aewhale - 3/23/2009 CNet reports on legislation currently being drafted that would transfer federal cybersecurity responsibilities away from the Department of Homeland Security. Instead, they would fall under the authority of the Executive Office of the President, creating an Office of the National Cybersecurity Advisor. A tech commission recommended relieving the DHS of cybersecurity responsibilities late last year, saying it simply wasn't prepared to deal with organized online threats. More recently, the director of the DHS's National Cybersecurity Center resigned, citing interference from the NSA. The new legislation would "put the White House National Cybersecurity Advisor in charge of coordinating cyber efforts within the intelligence community and within civilian agencies, as well as coordinating the public sector's cooperation with the private sector. The advisor would have the authority to disconnect from the Internet any federal infrastructure networks — or other networks deemed to be 'critical' — if found to be at risk of a cyberattack. The private sector will certainly speak out if this provision is included in the final draft of the bill, a representative of the technology industry who spoke on condition of anonymity said."

Social Search Reveals 700 Comcast Customer Logins

By aewhale - 3/22/2009 "When educational technology specialist Kevin Andreyo recently read a report on people search engines, he decided to conduct a little 'people search' on himself. Andreyo did not expect to find much — so, imagine the surprise when he uncovered the user name and password to his Comcast Internet account, put out there for the entire online world to see. In addition to his personal information, Andreyo also discovered a list that exposed the user names and passwords of (what he believed) to be 8,000 other Comcast customers. Andreyo immediately contacted both Comcast and the FBI, hoping to find the ones responsible for divulging such personal information to the public. While the list is no longer available online, analysts fear that the document still lives on in various cache and online history services."

Cyber attacks reach Florida Intelligence Committee members

By aewhale - 3/22/2009 Recent Cyber attacks in Florida have hit a Florida State Senator. Ironically, we have recently been working on resolving issues where cyber attacks are generating knock-off sites to redirect unknowing consumers.

Intel CPU Privilege Escalation Exploit

By aewhale - 3/22/2009 "A paper and exploit code detailing a privilege escalation attack on Intel CPUs has just been published. The vulnerability, uncovered by security researchers Joanna Rutkowska (of Blue Pill fame), Rafal Wojtczuk, and, independently, Loic Duflot, makes use of Intel's System Management Mode (SMM). Quote: "The attack allows for privilege escalation from Ring 0 to the SMM on many recent motherboards with Intel CPUs. Rafal implemented a working exploit with code execution in SMM." The implications of this exploit are severe."

Breach Exposes 19,000 Active US, UK Credit Cards

By aewhale - 3/22/2009 "A defunct payment gateway has exposed as many as 19,000 credit card numbers of US and UK consumers in a major worldwide breach. The data, held in Google cache, includes credit card numbers, CVVs, expiry dates, names and addresses. The credit card numbers are for accounts held with Visa, Mastercard, American Express, Solo, Switch, Delta and Maestro/Cirrus. Within the address bars of the cached pages are URLs of e-commerce sites that have become victims of the breach. They include clothing, science, health, sports and photo imaging stores. The cause appears to be a known issue with the Google search engine, in which the pages of defunct web sites containing sensitive directories remain cached and available to anyone."

Conficker Worm Asks For Instructions, Gets Update

By aewhale - 3/17/2009 "Conficker/Downup/Downadup/Kido malware, that according to Symantec 'is, to date, one of the most complex worms in the history of malicious code,' has been updated and this time for real. The new variant, dubbed W32.Downadup.C, adds new features to malware code and makes the threat even more dangerous and worrisome than before."

Cybercrime-As-a-Service Takes Off

By aewhale - 3/15/2009 "Malware writers that sell toolkits online for as little as $400 will now configure and host the attacks as a service for another $50, according to email offers cited by security experts. A technical account manager at authentication firm Vasco said that cyber crime is becoming so business-like that online offerings of malicious code often include support and maintenance services. He said 'it was inevitable that services would be sold to people who bought the malware toolkits but didn't know how to configure them. Not only can you buy configuration as a service now, you can have the malware operated for you, too.'"

Researchers Sniff Keystrokes From Thin Air, Wires

By aewhale - 3/15/2009 "Two separate research teams have found that the electromagnetic radiation that is generated when a computer keyboard is tapped is actually pretty easy to capture and decode. Using an oscilloscope and an inexpensive wireless antenna, the Ecole Polytechnique team was able to pick up keystrokes from virtually any keyboard, including laptops — with 95 percent accuracy over a distance of up to 20 meters. Using similar techniques, Inverse Path researchers Andrea Barisani and Daniele Bianco picked out keyboard signals from keyboard ground cables. On PS/2 keyboards, 'the data cable is so close to the ground cable, the emanations from the data cable leak onto the ground cable, which acts as an antenna,' Barisani said. That ground wire passes through the PC and into the building's power wires, where the researchers can pick up the signals using a computer, an oscilloscope and about $500 worth of other equipment. Barisani and Bianco will present their findings at the CanSecWest hacking conference next week in Vancouver. The Ecole Polytechnique team has submitted their research for peer review and hopes to publish it very soon."

French Police Save Millions Switching To Linux

By aewhale - 3/15/2009 "The French national police force, the Gendarmerie Nationale, has spoken about their migration away from the Windows platform to Linux. Estimated to have already saved the force 50 Million Euros, the migration is due to be completed on all 90,000 workstations by 2015. Of the move, Lt. Col. Guimard had this comment: '"Moving from Microsoft XP to Vista would not have brought us many advantages and Microsoft said it would require training of users. Moving from XP to Ubuntu, however, proved very easy. The two biggest differences are the icons and the games. Games are not our priority."'"

BBC Hijacks 22,000 PCs In Botnet Demonstration

By aewhale - 3/15/2009 "'[The BBC] managed to acquire its own low-value botnet — the name given to a network of hijacked computers — after visiting chatrooms on the internet. The programme did not access any personal information on the infected PCs. If this exercise had been done with criminal intent it would be breaking the law. But our purpose was to demonstrate botnets' collective power when in the hands of criminals.' The BBC performed a controlled DDoS attack, 'then ordered its slave PCs to bombard its target site with requests for access to make it inaccessible.'"

Kremlin-Backed Nashi Admits Cyberattacking Estonia

By aewhale - 3/13/2009 "Russia's Kremlin-based youth movement Nashi admits being responsible for 2007 cyberattacks against Estonia. An interesting point is that when you DDoS the systems, it's not the fault of some people who want to crash it but instead the systems' for blocking their users due to technical limitations. So if I shot someone to death it's not my fault for shooting them, but theirs instead because of technical limitations of their body."

Adobe Fixes Recent PDF Flaw, But Not Before Auto Exploit

By aewhale - 3/13/2009 With Adobe's patch for the JBIG2Decode vulnerability due in a few days time, new methods to target the vulnerability have been discovered that make it far riskier than previously thought. Didier Stevens recently showed the world how it is possible to exploit the vulnerability without the user actually opening an affected file, and now he has discovered a way that allows for completely automated exploitation that results in anything up to a Local System account without any user interaction at all and only relies upon basic Windows components and Acrobat Reader elements. There are some mitigating factors that limit the overall risk of this new discovery, but it does also highlight that merely uninstalling the Reader will not protect you from exploitation and does raise the possibility that other tools will access the vulnerable components and thus be vectors for attack." However, the fix is now in: nk497 writes "Adobe had finally released a fix for a PDF vulnerability discovered — and already exploited — last month. The update only applies to the most recent versions of Reader and Acrobat, with early versions and Unix editions not fixed until later this month. Adobe has taken its time with the patch, despite an independent security researcher releasing her own fix just days after the flaw was announced."

Norton Users Worried By PIFTS.exe, Stonewalling By Symantec

By aewhale - 3/11/2009 "[Monday] evening, on systems with Norton Internet Protection running, users began to see a popup warning about an executable named PIFTS.exe trying to access the internet. The file was shown to be located in a non-existent folder inside the Symantec LiveUpdate folder. There were several posts about this to the Norton customer forums asking for help or information on this mysterious program. The initial thread received several thousand views and several pages of replies in a few short hours before being deleted. Several subsequent posts to the Norton forum were deleted much more quickly. These actions — whether actively covering up, or simply not well thought through — have spurred people to begin crafting conspiracy theories about the purposes of this PIFTS program. I for one am blocking the program until more information becomes available." The current top link on Google for "PIFTS.exe" links to one of these deleted questions on Norton's support boards, which sounds innocent enough: "I searched this forum but did not see PIFTS.exe. Any idea what this is?"

Verizon Wants To Share Your Personal Information

By Admin - 3/9/2009 "Gizmodo reports that Verizon is sending out notification letters infested with virtually-indecipherable legalese. In their sneaky, underhanded way, they're informing you that you have 45 days to opt out of their plan to share your personal data with 'affiliates, agents and parent companies.' That data can include, but isn't limited to, 'services purchased (including specific calls you make and receive), billing info, technical info and location info.' If you view your statement on-line, you won't even get the letter. You'll have to access your account and view your messages. However, Read Write Web says the link provided there, called the 'Customer Proprietary Network Information Notice,' was listed as 'not available.' No doubt Verizon would like to reassure you that everyone they're going to hand your personal data over to will have your best interests at heart."

Big Swedish Filesharing Server Seized

By Admin - 3/9/2009 "Authorities are continuing to apply pressure on Sweden's filesharing community amid the trial of several principals of The Pirate Bay filesharing site. Today they seized a fileserver containing about 65 terabytes of files, corresponding to around 16,000 full-length movies."

Tigger.A Trojan Quietly Steals Stock Traders' Data

By aewhale - 3/4/2009 **$tarDu$t** recommends a Washington Post Security Fix blog post dissecting the Tigger.A trojan, which has been keeping a low profile while exploiting the MS08-66 vulnerability to steal data quietly from online stock brokerages and their customers. An estimated quarter million victims have been infected. The trojan uses a key code to extract its rootkit on host systems that is almost identical to the key used by the Srizbi botnet. The rootkit loads even in Safe Mode. "Among the unusually short list of institutions specifically targeted by Tigger are E-Trade, ING Direct ShareBuilder, Vanguard, Options XPress, TD Ameritrade, and Scottrade. ... Tigger removes a long list of other malicious software titles, including the malware most commonly associated with Antivirus 2009 and other rogue security software titles... this is most likely done because the in-your-face 'hey, your-computer-is-infected-go-buy-our-software!' type alerts generated by such programs just might... lead to all invaders getting booted from the host PC."

Portugal's Vortalgate — No Microsoft, No Bidding - A SilverLight Monolopy?

By aewhale - 3/4/2009 "Companies using software other than Microsoft's are unable to bid at many Portuguese public tenders. This is due to the use of Silverlight 2.0 technology by the company, Vortal, contracted to build the e-procurement portal. This situation has triggered a complaint to the European Commission by the Portuguese Open Source Business Association; the case is unofficially known in Portugal as 'Vortalgate.'"

Diebold Election Audit Logs Defective

By aewhale - 3/4/2009 "Premier Election Solutions' (formerly Diebold) GEMS 1.18.19 election software audit logs don't record the deletion of ballots, don't always record correct dates, and can be deleted by the operator, either accidentally or intentionally. The California Secretary of State's office has just released a report about the situation (PDF) in the November 2008 election in Humboldt County, California (which we discussed at the time). Here's the California Secretary of State's links page on Diebold. The conclusion of the 13-page report reads: 'GEMS version 1.18.19 contains a serious software error that caused the omission of 197 ballots from the official results (which was subsequently corrected) in the November 4, 2008, General Election in Humboldt County. The potential for this error to corrupt election results is confined to jurisdictions that tally ballots using the GEMS Central Count Server. Key audit trail logs in GEMS version 1.18.19 do not record important operator interventions such as deletion of decks of ballots, assign inaccurate date and time stamps to events that are recorded, and can be deleted by the operator. The number of votes erroneously deleted from the election results reported by GEMS in this case greatly exceeds the maximum allowable error rate established by HAVA. In addition, each of the foregoing defects appears to violate the 1990 Voting System Standards to an extent that would have warranted failure of the GEMS version 1.18.19 system had they been detected and reported by the Independent Testing Authority that tested the system.'"

German Court Bans E-Voting As Currently Employed

By aewhale - 3/4/2009 "The highest German Court (Bundesverfassungsgericht, Federal Constitutional Court) ruled that electronic voting machines like Nedap ESD1 and ESD2 are not permissible in Germany. Der Spiegel, a well-known German newspaper, is featuring article on today's decision (in German; Babelfish translation here) which was the result of a lawsuit by physicist Ulrich Wiesner and his father Joachim Wiesner, a professor emeritus of political science. The main argument against the voting machines in the eyes of the Court is that they conflict with the principle of transparency. 2009 is a major election year for Germany, with parliamentary elections in the fall." Reader Dr. Hok writes "Voting machines are not illegal per se, but with these machines it wasn't possible to verify the results after the votes were cast. The verification procedure by the German authorities was flawed, too: only specimens were tested, not the machines actually used in the elections, and the detailed results (including the source code) were not made public. The results of the election remain legally valid, though."

UK Government Wants To Bypass Data Protection Act

By aewhale - 3/4/2009 "Clause 152 of the Coroners and Justice Bill, currently being debated by the UK Parliament, would allow any Minister by order to take from anywhere any information gathered for one purpose, and use it for any other purpose. Personal information arbitrarily used without consent or even knowledge: the very opposite of 'Data Protection.' An 'Information Sharing Order', as defined in Clause 152, would permit personal information to be trafficked and abused, not only all across government and the public sector — it would also reach into the private sector. And it would even allow transfer of information across international borders. NO2ID has launched a Facebook group to challenge this threat to data protection."

Obama Helicopter Security Breached By File Sharing

By aewhale - 3/1/2009 "A company that monitors peer-to-peer file-sharing networks has discovered a potentially serious security breach involving President Barack Obama's helicopter. 'We found a file containing entire blueprints and avionics package for Marine One, which is the president's helicopter,' says Bob Boback, CEO of Tiversa, a security company that specializes in peer-to-peer technology. Tiversa was able to track the file, discovered at an IP address in Tehran, Iran, back to its original source. 'What appears to be a defense contractor in Bethesda, Md., had a file-sharing program on one of their systems that also contained highly sensitive blueprints for Marine One,' says Boback, adding that someone from the company most likely downloaded a file-sharing program, typically used to exchange music, without realizing the potential problems. 'I'm sure that person is embarrassed and may even lose their job, but we know where it came from and we know where it went.' Iran is not the only country that appears to be accessing this type of information through file-sharing programs. 'We've noticed it out of Pakistan, Yemen, Qatar and China. They are actively searching for information that is disclosed in this fashion because it is a great source of intelligence.'"

Zero-Day Excel Exploit In the Wild

By aewhale - 2/25/2009 "Microsoft Excel has a zero-day vulnerability that attackers are exploiting on the Internet, according to security vendor Symantec. The problem affects Excel 2007 both without and with Service Pack 1, according to an advisory on SecurityFocus, and other versions going back to Excel 2000. The program's vulnerability can be exploited if a user opens a maliciously crafted Excel file, allowing a hacker to leave a Trojan horse on the infected system."

Outage Knocks Gmail Offline For Many Users

By aewhale - 2/25/2009 Many readers noted an outage affecting Google's gmail service last night. Firmafest points to a statement from Google, according to which only a small subset of users were affected. According to reader CaptHarlock, mail itself remained accessible through IMAP clients, and the chat feature via external applications. jw3 asks "Of course, gmail is just one of the many providers of web-based e-mails. When I look around, almost everyone seems to be using them nowadays. So — what do you do? Do you trust that the site of your web-based e-mail provider will never go down? Do you make backups of all your e-mails?" (Some readers still seem to be unable to reach the site, too.)

Uncle Sam's Travel Site Grounded By Breach

By aewhale - 2/23/2009 "Northrop Grumman's Govtrip.com website has been shut down following a security breach, according to a report by 'Security Fix' blogger Brian Krebs. Being a federal employee and frequent work traveler, I am (was?) a Govtrip user. My agency required me to use Govtrip to book all of my trips, including my airfare, car rentals, and hotel reservations, so Northrop Grumman's Govtrip databases contain my frequent flier numbers, Avis & Budget car rental numbers and frequent hotel guest (Choice Privileges, Marriott Rewards, Priority Club, etc.) numbers. Northrup-Grumman also stored all of my trip itineraries, including destinations, dates & modes of travel and the particular vendors (airline, hotel, rental car brand, etc.) used on a particular trip. Also stored on the website were my work travel credit-card (it has a $15,000 charge limit), personal checking account where my travel reimbursements were deposited, my home address, and emergency contacts ... just imagine what an accomplished social engineer can do with that combination of information!"

'Cybot' Development For Network Defense

By aewhale - 2/22/2009 "UNTAME is the product of a long-term program by the division's Cyber Security and Information Intelligence Research Group to develop futuristic security functionality for increasingly large, complex environments. The cybots differ from traditional software agents in that they form a collective and are aware of the condition and activities of other cybots in the collective. 'You give it a mission and tools to work with, such as mobility and intrusion sensors, and it uses those tools and cooperates with other cybots to accomplish the mission," said Lawrence MacIntyre, one of the project's developers.'"

Kaminsky Continues to Stress the importance on DNS Patching

By aewhale - 2/21/2009 "Dan Kaminsky, who for years was ambivalent about securing DNS, has become an ardent supporter of DNS Security Extensions. Speaking at the Black Hat DC 2009 conference Thursday, the prominent security researcher told the audience that the lack of DNS security not only makes the Internet vulnerable, but is also crippling the scalability of important security technologies. 'DNS is pretty much our only way to scale systems across organizational boundaries, and because it is insecure it's infecting everything else that uses' DNS, the fundamental Internet protocol that provides an IP address for a given domain name, said Kaminsky, director of penetration testing at IOActive. 'The only group that has actually avoided DNS because it's insecure are security technologies, and therefore those technologies aren't scaling.'"

Satellite-hacking boffin sees the unseeable Lady Di gossip plucked from sky

By aewhale - 2/19/2009 White-hat hacker Adam Laurie knows better than to think email, video-on-demand, and other content from Sky Broadcasting and other satellite TV providers is a private matter between him and the company. That's because he's spent the past decade monitoring satellite feeds and the vast amount of private information they leak to anyone with a dish.

Hacker pokes third hole in secure sockets layer

By aewhale - 2/19/2009 A man named Moxie Marlinspike has made a mockery of SSL authentication, proving that web surfers can be tricked into visiting secure sites that aren't

Apple's Mac OS X Update Breaks Perl

By aewhale - 2/19/2009 "It looks like if you use CPAN to install modules, Apple's latest security update might just have broken your Perl. According to Tatsuhiko Miyagawa 'The Security Update brings (old) IO.bundle with version 1.22 but your IO.pm has been updated to the latest 1.23 on CPAN shell. (But hey, 1.23 was released in 2006...Why do you bring that ancient version back, Apple!?)'."

Researchers Hack Biometric Faces

By aewhale - 2/19/2009 "Vietnamese researchers have cracked the facial recognition technology used for authentication in Lenovo, Asus, and Toshiba laptops in lieu of the standard logon/password. The researchers were able to easily bypass the biometric authentication system built into the laptops by using photos of an authorized user, as well as by presenting multiple phony facial images in brute-force attacks. One of the researchers will demonstrate the hack at Black Hat DC this week. He says the laptop makers should remove the facial biometrics feature from their products because the vulnerability of this technology can't be fixed."

Microsoft and Red Hat Team Up On Virtualization

By aewhale - 2/18/2009 "For years Microsoft has insisted that open-source vendors acknowledge its patent portfolio as a precursor to interoperability discussions. Today, Microsoft shed that charade and announced an interoperability alliance with Red Hat for virtualization. The nuts-and-bolts of the agreement are somewhat pedantic, providing for Red Hat to validate Windows Server guests to be supported on Red Hat Enterprise virtualization technologies, and other technical support details. But the real crux of the agreement is what isn't there: patents. Red Hat has long held that open standards and open APIs are the key to interoperability, even as Microsoft insisted patents play a critical role in working together, and got Novell to buy in. Today, Red Hat's vision seems to have won out with an interoperability deal heavy on technical integration and light on lawyers."

Pirate Bay P2P Trial Begins In Sweden

By aewhale - 2/18/2009 Many readers are writing to tell us that The Pirate Bay trial is now in full swing in Sweden. Looking at a possible two years in prison and $150,000 in fines (plus another $14.3 million if the record companies get their way), the battle of infringement is sure to be one of the most watched p2p trials. "The International Federation of Phonographic Industry (IFPI) which is representing the case of music and film producers, made a statement about the case on Friday. Stating, For people who make a living out of creativity or in a creative business, there is scarcely anything more important than to have your rights protected by the law. Copyright exists to ensure that everyone in the creative world from the artist to the record label, from the independent film producer to the TV program maker - can choose how their creations are distributed and get fairly rewarded for their work. The operators of The Pirate Bay have violated those rights and, as the evidence in Court will show, they did so to make substantial revenues for themselves. That kind of abuse of the rights of others cannot be allowed to continue, and that is why these criminal proceedings are so important for the health of the creative community."

Web Scam Bilks State of Utah Out of $2.5M

By aewhale - 2/17/2009 KitB sends in a story in the Salt Lake Tribune that tells of a Web-based scam, resembling some used by Nigerian gangs, that snared the state of Utah. $2.5M was sent to a bank account in Texas before the bank raised a question and then froze $1.8M in the account. "Thieves apparently used a Nigerian-based scam to steal $2.5 million from the Utah treasury, covering their tracks by using intermediaries and a church address. A Salt Lake Tribune review of the names listed in a search warrant as receiving or transferring money [found] names of African origin or connections to that continent. Michael Kessler, ... a forensic accounting [investigator] in New York City, said the thieves appear to have used a simple scam that originated in Nigeria about five years ago. The Utah theft is the first time he's seen a government victimized. 'Their IT people should have known better,' Kessler said after reviewing a copy of the search warrant Thursday. 'It sounds like any kid could have done this.'"

F-Secure latest security vendor hacked

By aewhale - 2/15/2009 The website of security vendor F-Secure Corp. is the latest victim in a series of SQL injection attacks targeting security firms. A Romanian hacker has detailed the latest SQL injection attack in a posting on the hackersblog.org forum. The anonymous hacker said he viewed some statistics regarding past virus activity after exploiting coding errors on the Helsinki, Finland-based antivirus vendor's website. The hacker said the website was vulnerable to both SQL injection and cross-site scripting attacks.

Microsoft Slaps $250K Bounty On Conficker Worm

By aewhale - 2/13/2009 "The spreading Conficker/Downadup worm is now viewed as such a significant threat that it's inspired the formation of a posse to stop it, with Microsoft leading the charge by offering a $250,000 reward to bring the Conficker malware bad guys to justice. The money will be paid for 'information that results in the arrest and conviction of those responsible for illegally launching the Conficker malicious code on the Internet,' Microsoft said today in a statement, adding it is fostering a partnership with Internet registries and DNA providers such as ICANN, ORG, and NeuStar as well as security vendors Symantec and Arbor Networks, among others, to stop the Conficker worm once and for all. Conficker, also called Downadup, is estimated to have infected at least 10 million PCs. It has been slowly but surely spreading since November. Its main trick is to disable anti-malware protection and block access to anti-malware vendors' Web sites."

Next Pwn2Own Contest Targets IE8, Firefox, iPhone

By aewhale - 2/12/2009 "After two straight years of taking dead aim at Macbooks and Windows-powered machines, hackers at this year's CanSecWest conference will have shiny new targets: Web browsers and mobile phones. According to CanSecWest organisers, there will be two separate Pwn2Own competitions this year — one pitting hackers against IE8, Firefox 3 and Safari and another targeting Google Android, Apple iPhone, Nokia Symbian and Windows Mobile."

MS Critical Patch Fixes 8 Vulnerabilities

By aewhale - 2/12/2009 "A hole allowing hackers to take control of Microsoft Exchange was just one 'critical' issue the Redmond-based company promises it has fixed with a patch correcting a total of eight vulnerabilities in its programs, including the Internet Explorer browser, Office, and its SQL Server. Three of the eight vulnerabilities patched yesterday were marked 'critical.' The most concerning is an issue with Exchange that would allow attackers to take over an Exchange server by simply forwarding a carefully crafted message to a corporate mail server. Microsoft has admitted that the vulnerability can be exploited when a user opens or previews an email in the Transport Neutral Encapsulation Format (TNEF)."

FAA Network Hacked

By aewhale - 2/12/2009 "The Federal Aviation Administration has joined the growing list of government agencies that have had their supposedly safe systems hacked. The agency this week notified about 45,000 employees that one of its servers was hacked into and employee personal identity information was stolen. The FAA was quick to say the server that was accessed was not connected to the operation of the air traffic control system or any other FAA operational system. It did say two of the 48 files on the breached computer server contained personal information about more than 45,000 FAA employees and retirees who were on the FAA's rolls as of the first week of February 2006."

FTC Kills Dirty Online Check Processing Outfit

By aewhale - 2/11/2009 "The Federal Trade Commission today got a US District Court to stop permanently what it called the illegal operations of an Internet-based check creation and delivery service, and to require the group to give up over half a million dollars in ill-gotten gains. According to the FTC, Qchex.com created and sent checks drawn on any bank account that a Qchex user identified, but did not verify whether the user had authority to draw checks on that account. As a result, fraudsters worldwide used the Qchex service to draw thousands of checks on bank accounts that belonged to unwitting third parties. 'The evidence shows that the launch of Qchex.com was a "dinner bell" for fraudsters and resulted in a high number of accounts frozen for fraud...' said District Court Judge Janis Sammartino."

Kaspersky website hacked, customer activation codes exposed

By aewhale - 2/10/2009 A Romanian hacker broke into a custom-built, U.S.-based Kaspersky Lab support website on Saturday, exposing a server containing thousands of customer email addresses and up to 25,000 activation codes. Kaspersky's Roel Schouwenberg, a senior research engineer, said the company was conducting a full investigation into the matter. Initial analysis showed that the hacker accessed no data files, he said. The Russian-based antivirus company hired high-profile database security expert David Litchfield to conduct an independent audit of its systems.

«Previous Page • 1 2 3 4 5 6 7 8 9 10 • Next Page»