×
Crime

SEC Takes Action Against Latvian Hacker 57

Posted by timothy from the latvia-lady-toniiight dept.
wiredmikey writes "The SEC has filed charges against a trader in Latvia for conducting a widespread online account intrusion scheme in which he manipulated the prices of more than 100 NYSE and Nasdaq securities by making unauthorized purchases or sales from hijacked brokerage accounts. The SEC also went after four online trading firms and eight executives who are said to have helped the hacker make more than $850,000 in ill-gotten funds. The SEC's actions occurred on the same day that the Financial Industry Regulatory Authority (FINRA) issued an investor alert and a regulatory notice about an increase in financially motivated attacks targeting email."
Crime

Hijacked Web Traffic For Sale 68

Posted by timothy from the 1-crying-young-spying-young-viewer-for-sale dept.
mask.of.sanity writes "If you can't create valuable content to attract users to your site, Russian cyber criminals will sell them to you. A web store has been discovered that sells hacked traffic that has been redirected from legitimate sites. Sellers inject hidden iframes into popular web sites and redirect the traffic to a nominated domain. Buyers purchase the traffic from the store to direct to their sites and the sellers get paid."
Cellphones

Defending Your Cellphone Against Malware 157

Posted by timothy from the did-anyone-else-pack-your-cellphone-today dept.
Hugh Pickens writes "Kate Murphy writes that as cellphones have gotten smarter, they have become less like phones and more like computers, and that with more than a million phones worldwide already hacked, technology experts expect breached, infiltrated or otherwise compromised cellphones to be the scourge of 2012. Cellphones are often loaded with even more personal information than PCs, so an undefended or carelessly operated phone can result in a breathtaking invasion of individual privacy as well as the potential for data corruption and outright theft. But there are a few common sense ways to protect yourself: Avoid free, unofficial versions of popular apps that often have malware hidden in the code, avoid using Wi-Fi in a Starbucks or airport which leaves you open to hackers, and be wary of apps that want permission to make phone calls, connect to the Internet or reveal your identity and location."
Facebook

Facebook, Washington State Sue Firm Over Clickjacking 71

Posted by timothy from the just-trying-to-earn-a-living dept.
Trailrunner7 writes "Facebook and the state of Washington are suing an ad network they accuse of encouraging people to spread spam through clickjacking schemes and other tactics. The company at the center of the allegations, Adscend Media, denies the charges and said it will fight them vigorously. According to the office of Washington Attorney General Rob McKenna, the company paid and encouraged scammers to design Facebook pages to bait users into visiting Websites that pay the company. The bait pages would appear in posts that seem to originate from a person's Facebook friends and offer visitors an opportunity to view 'provocative' content in exchange for clicking the 'like' button on the Facebook page."
Android

Android Malware May Have Infected 5 Million Users 280

Posted by timothy from the there-aren't-enough-whips-in-the-world dept.
bonch writes "A massive Android malware campaign may be responsible for duping as many as 5 million users into downloading the Android.Counterclan infection from the Google Android Market. The trojan collects the user's personal information, modifies the home page, and displays unwanted advertisements. It is packaged in 13 different applications, some of which have been on the store for at least a month. Several of the malicious apps are still available on the Android Market as of 3 P.M. ET. Symantec has posted the full list of infected applications."
Security

How Allan Scherr Hacked Around the First Computer Password 89

Posted by timothy from the used-his-onion dept.
New submitter MikeatWired writes "If you're like most people, you're annoyed by passwords. So who's to blame? Who invented the computer password? They probably arrived at MIT in the mid-1960s, when researchers built a massive time-sharing computer called CTSS. Technology changes. But, then again, it doesn't, writes Bob McMillan. Twenty-five years after the fact, Allan Scherr, a Ph.D. researcher at MIT in the early '60s, came clean about the earliest documented case of password theft. In the spring of 1962, Scherr was looking for a way to bump up his usage time on CTSS. He had been allotted four hours per week, but it wasn't nearly enough time to run the detailed performance simulations he'd designed for the new computer system. So he simply printed out all of the passwords stored on the system. 'There was a way to request files to be printed offline by submitting a punched card,' he remembered in a pamphlet (PDF) written last year to commemorate the invention of the CTSS. 'Late one Friday night, I submitted a request to print the password files and very early Saturday morning went to the file cabinet where printouts were placed and took the listing.' To spread the guilt around, Scherr then handed the passwords over to other users. One of them — J.C.R. Licklieder — promptly started logging into the account of the computer lab's director Robert Fano, and leaving 'taunting messages' behind."
Security

DARPA Funding a $50 Drone-Droppable Spy Computer 86

Posted by Soulskill from the this-is-how-you-name-your-device dept.
Sparrowvsrevolution writes "At the Shmoocon security conference, researcher Brendan O'Connor plans to present the F-BOMB, or Falling or Ballistically-launched Object that Makes Backdoors. Built from just the disassembled hardware in a commercially-available PogoPlug mini-computer, a few tiny antennae, eight gigabytes of flash memory and some 3D-printed plastic casing, the F-BOMB serves as 3.5"-by-4"-by-1" spy computer. With a contract from DARPA, O'Connor has designed the cheap gadgets to be spy nodes, ready to be dropped from a drone, plugged inconspicuously into a wall socket, (one model impersonates a carbon monoxide detector) thrown over a barrier, or otherwise put into irretrievable positions to quietly collect data and send it back to the owner over any available Wi-Fi network. O'Connor built his prototypes with gear that added up to just $46 each, so sacrificing one for a single use is affordable."
Security

When Viruses Infect Worms 96

Posted by Soulskill from the it's-malware-all-the-way-down dept.
An anonymous reader writes "Bitdefender reports that there exist viruses which, when they encounter other viruses, will merge and combine effects so that they create a new virus. 'A virus infects executable files; and a worm is an executable file. If the virus reaches a PC already compromised by a worm, the virus will infect the exe files on that PC — including the worm. When the worm spreads, it will carry the virus with it. Although this happens unintentionally, the combined features from both pieces of malware will inflict a lot more damage than the creators of either piece of malware intended. While most file infectors have inbuilt spreading mechanisms, just like Trojans and worms (spreading routines for RDP, USB, P2P, chat applications, or social networks), some cannot replicate or spread between computers. And it seems a great idea to “outsource” the transportation mechanism to a different piece of malware (i.e. by piggybacking a worm).'"
Facebook

FBI Building App To Scrape Social Media 133

Posted by Soulskill from the they-know-you-read-everything-you-can-about-bieber dept.
Trailrunner7 writes "The FBI is in the early stages of developing an application that would monitor sites such as Twitter and Facebook, as well as various news feeds, in order to find information on emerging threats and new events happening at the moment. The tool would give specialists the ability to pull the data into a dashboard that also would include classified information coming in at the same time. One of the key capabilities of the new application, for which the FBI has sent out a solicitation, would be to 'provide an automated search and scrape capability for social networking sites and open source news sites for breaking events, crisis and threats that meet the search parameters/keywords defined by FBI/SIOC.'"
Government

Railroad Association Says TSA's Hacking Memo Was Wrong 121

Posted by timothy from the switch-in-time-saves-none dept.
McGruber writes "Wired reports that the American Association of Railroads is refuting the U.S. Transportation Security Administration memorandum that said hackers had disrupted railroad signals. In fact, 'There was no targeted computer-based attack on a railroad,' said AAR spokesman Holly Arthur. 'The memo on which the story was based has numerous inaccuracies.' The TSA memo was subject of an earlier Slashdot story in which Slashdot user currently_awake accurately commented on the true nature of the incident."
Security

Symantec Tells Customers To Stop Using pcAnywhere 149

Posted by timothy from the but-I-gotta-use-it-somewhere dept.
Orome1 writes "In a perhaps not wholly unexpected move, Symantec has advised the customers of its pcAnywhere remote control application to stop using it until patches for a slew of vulnerabilities are issued. If the attackers place a network sniffer on a customer's internal network and have access to the encryption details, the pcAnywhere traffic — including exchanged user login credentials — could be intercepted and decoded. If the attackers get their hands on the cryptographic key they can launch remote control sessions and, thus, access to systems and sensitive data. If the cryptographic key itself is using Active Directory credentials, they can also carry out other malicious activities on the network."
Chrome

Chromium-Based Spinoffs Worth Trying 185

Posted by samzenpus from the best-of-the-lot dept.
snydeq writes "InfoWorld's Serdar Yegulalp takes an in-depth look at six Chromium-based spinoffs that bring privacy, security, social networking, and other interesting twists to Google's Chrome browser. 'When is it worth ditching Chrome for a Chromium-based remix? Some of the spinoffs are little better than novelties. Some have good ideas implemented in an iffy way. But a few point toward some genuinely new directions for both Chrome and other browsers.'"
Security

Exploits Emerge For Linux Privilege Escalation Flaw 176

Posted by samzenpus from the protect-ya-neck dept.
angry tapir writes "Linux vendors are rushing to patch a privilege escalation vulnerability in the Linux kernel that can be exploited by local attackers to gain root access on the system. The vulnerability, which is identified as CVE-2012-0056, was discovered by Jüri Aedla and is caused by a failure of the Linux kernel to properly restrict access to the '/proc//mem' file."
Privacy

The Web's Worst Privacy Policy 107

Posted by samzenpus from the bottom-of-the-barrel dept.
Sparrowvsrevolution writes "With much of the web upset over about Google's latest privacy policy changes, it's helpful to remember it could be much worse: A search engine called Skipity offers the world's worst privacy policy (undoubtedly tongue-in-cheek), filled with lines like this: 'You may think of using any of our programs or services as the privacy equivalent of living in a webcam fitted glass house under the unblinking eye of Big Brother: you have no privacy with us. If we can use any of your details to legally make a profit, we probably will.' The policy gives the company the right to sell any of your data that it wants to any and all corporate customers, send you limitless spam, track your movements via GPS if possible, watch you through your webcam, and implant a chip in your body that is subject to reinstallation whenever the company chooses."
Cloud

States Using Cloud Based Voting System For Overseas Citizens 125

Posted by Unknown Lamer from the making-diebold-machines-seem-like-a-good-idea dept.
gManZboy writes "If a ballot was lost in the cloud, would anyone know? Several states are using an online balloting website based on Microsoft's Azure cloud-computing platform to allow U.S. voters living overseas to cast their votes via the Web in 2012 primary elections. In addition to a now complete Florida primary, Virginia and California will use the system for their primaries, and Washington state will use it for its caucus. To ensure the ballots are from legitimate voters, people use unique identifying information to access their ballots online, according to Microsoft. Once received, the signature on the ballot is matched with registration records to further verify identity."
KDE

KDE 4.8 Released 165

Posted by Unknown Lamer from the never-ending-progress dept.
jrepin writes "The KDE community has released version 4.8 of their Free and open source software bundle. The new version provides many new features, improved stability, and increased performance. Highlights for Plasma Workspaces include window manager optimizations, the redesign of power management, and integration with Activities. The first Qt Quick-based Plasma widgets have entered the default installation of Plasma Desktop, with more to follow in future releases. KDE applications released today include Dolphin file manager with its new display engine, ..., and KDE Telepathy reaching its first beta milestone. New features for Marble virtual globe keep arriving, among these are: Elevation Profile, satellite tracking, and Krunner integration. The KDE Platform provides the foundation for KDE software. KDE software is more stable than ever before. In addition to stability improvements and bugfixes, Platform 4.8 provides better tools for building fluid and touch-friendly user interfaces, integrates with other systems' password saving mechanisms and lays the base for more powerful interaction with other people using the new KDE Telepathy framework."
Security

Corporate Boardrooms Open To Eavesdropping 120

Posted by Unknown Lamer from the it's-a-feature-i-tell-ya dept.
cweditor writes "One afternoon this month, a hacker toured a dozen corporate conference rooms via equipment that most every company has in those rooms: videoconferencing. Rapid7 says they could 'easily read a six-digit password from a sticky note over 20 feet away from the camera' and 'clearly hear conversations down the hallway from the video conferencing system.' With some systems, they could even capture keystrokes being typed in the room. Teleconferencing vendors defended their security, saying the auto-answer feature that left those system vulnerable was an effort to strike the right balance between security and usability."
Botnet

Microsoft Names Reputed Head of Kelihos Botnet 30

Posted by Unknown Lamer from the framed-by-darpa-created-ai dept.
wiredmikey writes with an update on Microsoft's takedown of the Kelihos botnet. From the article: "Microsoft is not just taking down botnets; it is taking them down and naming names. In an amended complaint [PDF] filed Monday in U.S. District Court for the Eastern District of Virginia, Microsoft named a man from St. Petersburg, Russia, as the alleged head of the notorious Kelihos botnet. Naming names can be a risky business. Previously, Microsoft alleged Dominique Alexander Piatti, dotFREE Group SRO and several unnamed 'John Does' owned a domain cz.cc and used cz.cc to register other subdomains used to operate and control the Kelihos botnet. However, the company later absolved Piatti of responsibility when investigators found neither he nor his business was controlling the subdomains used to host Kelihos. Whether naming Sabelnikov – who, according to Krebs on Security, once worked as a senior system developer and project manager for Russian antivirus vendor Agnitum, will have the same effect as naming the Koobface gang remains to be seen. Though Kelihos has remained defunct since the takedown last year, the malware is still on thousands of computers."

Slashdot Top Deals