RSS
Valleywag
great moments in journalism
Posts Tagged “
Security
”
great moments in journalism
safari
Google copied Apple Web browser's bug, too
Security researcher Aviv Raff says Google's new browser Chrome exposes users "malicious hacker attacks," because it allows users to launch executable files directly from the browser and without warning. Raff created a harmless demonstration to show how with successful bait, Google Chrome users could accidentally download and launch a Java archive file that goes on to execute without warning. Security experts call this trick "carpet-bombing." ZDNet's Ryan Narraine says the flaw exists because Google Chrome is actually built from the same software as Apple's Safari 3.1, which had the same vulnerability until Apple issued Safari version 3.1.2.
your privacy is an illusion
Sarah Palin -- beauty queen, sportscaster, hacker
Did you know Sarah Palin was a hacker, too? We already suspected there was nothing the Republican vice-presidential candidate couldn't do. While serving as Alaska's governor, she just had a baby. Even as she runs for office, she's preparing to be a grandma and planning her eldest daughter's not-so-coincidental wedding. Google has revealed the superwoman from the north's background as Miss Wasilla, her career as a sports journalist, and other highlights of her resume. But rifling through computer files for evidence? Not a problem for Palin. The Anchorage Daily News laid out how the VPILF used her technical savvy to discover evidence that suggested a state politician was in bed with the oil industry: More »
hackers
British superhacker will likely be tried in the U.S.
Gary McKinnon, the British hacker who broke into an astonishing number of U.S. military systems via a 56k modem, lost his court bid to avoid being extradited to the United States. Here's what that means for him: More »
hackers
How do you clean a virus in space?
The laptops up on the International Space Station have been infected with a virus — the W32.Gammima.AG worm, to be precise — which raises an interesting challenge: How do you wipe a computer clean when you're 217 miles away from Earth and moving at 17,000+ miles per hour? According to the BBC, the ISS isn't net-connected. All data is subject to scan before transmission upstairs. So the laptops were probably infected via flash drive before they left. The worm itself doesn't threaten the station — all it wants is your gaming passwords — and the laptops aren't connected to mission-critical computers. But the lack of an Internet connection makes fixing things tricky. More »
We Read Facebook So Sheryl Sandberg Doesn't Have To
Facebook security a laughing matter for cofounder
Officially, Facebook is treating the onslaught of viruses piggybacking on the social network's popularity as a very, very serious matter. We're talking Sheryl Sandberg serious. Facebook's press statement reads: "We are investigating every report, removing false content, blocking bogus links and addressing the concerns of our users. These efforts have limited the affected users to a small percentage of those on Facebook.” The unofficial response from cofounder Dustin Moskovitz, posted on CEO Mark Zuckerberg's Facebook profile, is much more fun: More »
your privacy is an illusion
Virus mimics Facebook's hated Beacon ads
Facebook CEO Mark Zuckerberg should be relieved to learn that someone is at last "leveraging the social graph," as he might put it, for financial gain. Problem is, it's not Facebook. It's hackers pulling a phishing scam. A tipster tells us his friends at Facebook are busy fighting a virus that tricks a user into opening "a YouTube phishing site," delivered in the form of a Facebook message from one of the user's Facebook friends. More »
hackers
Red Hat server break-in hushed up
"Last week Red Hat detected an intrusion on certain of its computer systems," says a security advisory from the leading Linux vendor. "The intruder was able to sign a small number of OpenSSH packages," in what seemed like an attempt to place something into the company's downloadable enterprise software packages. Red Hat's spokespeople say they don't believe any hacked packages were distributed, but still. More »
hackers
FEMA phone system hacked to make free calls
Although not as hardcore as the British hacker that did his work over 56k, another hacker should be commended for his ability to hijack FEMA phone systems and make $12,000 worth of free phone calls this weekend. The Department of Homeland Security was apparently upgrading FEMA's voicemail system with outdated Private Branch Exchange (PBX) technology but failed to configure the security settings properly. The phreak was able to exploit a vulnerability and use Homeland Security's own phones to ring up countries like Afghanistan, Saudi Arabia, and Yemen. Which all proves that Michael Chertoff was right to fear the power hackers have over inept government bureaucracies. [AP] (Photo by gthills)
British hacker gets temporary reprieve
Gary McKinnon — crowned by the Pentagon as the biggest hacker of all time — will have to wait a bit longer before heading to the U.S. to face criminal charges. The European Court of Human Rights will now allow him to stay in Britain until August 28 to review his appeal against extradition. McKinnon has been pleading innocence throughout all this, claiming he was simply curious about what information the U.S. military and NASA had about UFOs. [News.com]
Gary McKinnon — crowned by the Pentagon as the biggest hacker of all time — will have to wait a bit longer before heading to the U.S. to face criminal charges. The European Court of Human Rights will now allow him to stay in Britain until August 28 to review his appeal against extradition. McKinnon has been pleading innocence throughout all this, claiming he was simply curious about what information the U.S. military and NASA had about UFOs. [News.com]
Apple Users Held Hostage
iPhone day 33: The most eye-pleasing phishing spam ever
A Macworld reader sent in a screenshot of a charmingly credible HTML email that claims to be from Apple: "We were unable to process your most recent payment. Did you recently change your bank, phone number or credit card?" It's convincing not just because it's pretty, but because this sort of error from MobileMe at this point would seem like a minor hurdle — I'm still trying to figure out how my wife's name got onto my account in the conversion. That'll teach me to sneak her credit card.
security
How 15 minutes of shame can save your company
The Wall of Sheep is a tradition at the annual Defcon computer-security conference. Hackers at the event post information that other attendees have accidentally placed unsecured onto the conference's network. Passwords and porn are the best examples. Organizers at last week's Black Hat conference set one up, too. It's a fun prank, but here's a serious idea: Why not run a Wall of Sheep at your own company? There are two good reasons: More »
cyberwar
Claim: Russian hackers behind spam crime ring took over Georgia's national websites
Before the Russian army pushed past the borders of breakaway republic South Ossetia and invaded Georgia's interior, Russian hackers took over Georgian government websites last Friday, taking control over a central government site as well as the homepages for the ministries of foreign affairs and defense. Researcher Jart Armin told Britain's Daily Telegraph he blames the attacks an organization called the Russian Business Network, which the Telegraph describes as a "a network of criminal hackers with close links to the Russian mafia and government." More »
security
Vista security completely end-run by hack
Today at the Black Hat conference in Las Vegas, two security experts showed off a new Web-based break-in that completely bypasses all of the hardware memory protection built into Windows Vista. Once inside, a program can then load any content at all from the Internet via your browser. The best tech writeup is at Electronista: "The malicious code not only negates the effectiveness of Vista's Address Space Layout Randomization and Data Execution Prevention technologies, but specifically abuses their behavior to ensure an attack gets through." What does this mean for you? It's not the end of the world. But stand by for one very important Security Update.
great moments in journalism
Reporters who hacked hackers at Black Hat get jacked
Three French reporters for Global Security Magazine attending this week's Black Hat Security Conference in Las Vegas were booted, after they "allegedly" (that's reporter-speak for "they won't admit it") sniffed the private network set up for the press. The private network is meant to be a sort of chill room for journalists, so they can file a few articles without getting pwned by conferencegoers every five minutes. Note to the French: We'll be more impressed if you hack Rachel Marsden's Facebook page.
security
Facebook security spends all night battling worms
Facebook is under an attack of the worms similar to the MyDoom worm, rendered into an image above, that became the fastest spreading email worm ever in 2004. In recent days, thousands of users have fallen prey to at least two strains of malicious code that once downloaded onto a users computer, steal that user's Facebook username and password in order to spread itself via false links posted to friends' messages boards. Facebook security chief Max Kelly writes on the company blog that after a night of work, his team "identified and blocked the ability to link to the malicious websites from anywhere on Facebook." Security firm Sophos, which of course makes a living scaring people, says the threat isn't over. "If workers are allowed to be given access to these sites," goes Sophos "analyst" Graham Cluley's pitch,"then it's vital that they do not put their personal and corporate data at risk, and are protected from web-based infections."
hackers
Phisher-on-phisher crime -- not so much victimless as we just don't care
Microsoft security engineer Billy Rios tells the Wall Street Journal that some of the best scams are the ones that phishers play on each other: More »
Your Privacy is an Ilusion
