×
Government

Ongoing Attacks Target Defense, Aerospace Industries 77

Posted by Soulskill from the hackers-want-spaceships-with-lasers dept.
Gunkerty Jeb writes "Researchers have identified a strain of malware that's being used in a string of targeted attacks against defense contractors, government agencies and other organizations by leveraging exploits against zero-day vulnerabilities. The attacks may have been going on since 2009 in some form and the emails containing the malicious attachments are specifically targeted at executives and officials in various industries using fake conference invitations. The attack campaign, as many do, appears to be changing frequently, as the attackers use different binaries and change up their patterns for connecting to remote command-and-control servers. The research, done by Seculert and Zscaler, shows that the attackers are patient, taking the time to dig up some information about their potential targets, and are carefully choosing organizations that have high-value intellectual property and assets (PDF)."
Privacy

Surveillance Cameras Used To Study Customer Behavior 126

Posted by samzenpus from the unseen-mechanized-eye dept.
An anonymous reader writes "Technology Review reports on a startup with software used by stores to track, count and log people captured by security cameras. Prism Skylab's technology can produce heatmaps showing where people went and produce other statistics that the company claims offer tracking and analytics like those used online for the real world. One use case is for businesses to correlate online promotions and deals — such as Groupon offers — with real world footfall and in-store behavior."
Google

Apple Versus Google Innovation Strategies 187

Posted by samzenpus from the getting-it-done dept.
porsche911 writes "The NY Times has a great story comparing the top-down versus bottom-up innovation approaches of Apple and Google. From the article: '"There is nothing democratic about innovation," says Paul Saffo, a veteran technology forecaster in Silicon Valley. "It is always an elite activity, whether by a recognized or unrecognized elite."'"
Security

DHS Sends Tourists Home Over Twitter Jokes 709

Posted by Unknown Lamer from the it's-not-like-anyone-would-miss-la dept.
itwbennett writes "In a classic case of 'we say destroy, you say party hard,' the U.S. Dept. of Homeland Security detained a pair of British twenty-somethings for 12 hours and then sent them packing back to the land of the cheeky retort. At issue is a Tweet sent by Leigh Van Bryan about plans to 'destroy America,' starting with LA, which, really, isn't that bad an idea."
Government

10-Year Gary McKinnon Case To End This Year 72

Posted by Soulskill from the right-to-a-speedy-trial dept.
judgecorp writes "The ten-year legal quagmire surrounding Gary McKinnon, who hacked into U.S. military and NASA computers in 2001 and 2002, must end this year, a British High Court Judge has ordered. McKinnon has been appealing against extradition to the U.S., and two medical experts must report in 28 days on his mental state, ruling whether he would be a suicide risk if deported. This ruling could short-circuit an extradition appeal hearing in July."
Crime

Shmoocon Demo Shows Easy, Wireless Credit Card Fraud 273

Posted by timothy from the now-how-much-would-you-pay dept.
Sparrowvsrevolution writes with this excerpt from a Forbes piece recounting a scary demo at the just-ended Shmoocon: "[Security researcher Kristin] Paget aimed to indisputably prove what hackers have long known and the payment card industry has repeatedly downplayed and denied: That RFID-enabled credit card data can be easily, cheaply, and undetectably stolen and used for fraudulent transactions. With a Vivotech RFID credit card reader she bought on eBay for $50, Paget wirelessly read a volunteer's credit card onstage and obtained the card's number and expiration date, along with the one-time CVV number used by contactless cards to authenticate payments. A second later, she used a $300 card-magnetizing tool to encode that data onto a blank card. And then, with a Square attachment for the iPhone that allows anyone to swipe a card and receive payments, she paid herself $15 of the volunteer's money with the counterfeit card she'd just created. (She also handed the volunteer a twenty dollar bill, essentially selling the bill on stage for $15 to avoid any charges of illegal fraud.) ... A stealthy attacker in a crowded public place could easily scan hundreds of cards through wallets or purses."
Facebook

Big Internet Players Propose DMARC Anti-Phishing Protocol 92

Posted by timothy from the gotta-have-a-license dept.
judgecorp writes "Google, Microsoft, PayPal, Facebook and others have proposed DMARC, or Domain-based Message Authentication, Reporting and Conformance, an email authentication protocol to combat phishing attacks. Authentication has been proposed before; this group of big names might get it adopted." Adds reader Trailrunner7, "The specification is the product of a collaboration among the large email receivers such as AOL, Gmail, Yahoo Mail and Hotmail, and major email senders such as Facebook, Bank of America and others, all of whom have a vested interest in either knowing which emails are legitimate or being able to prove that their messages are authentic. The DMARC specification is meant to be a policy layer that works in conjunction with existing mail authentication systems such as DKIM (DomainKeys Identified Mail) and SPF (Sender Policy Framework)."
Government

Maine Senator Wants Independent Study of TSA's Body Scanners 335

Posted by timothy from the but-first-this-delicious-barium dept.
OverTheGeicoE writes "U.S. Senator Susan Collins, the top Republican on the homeland security committee, plans to introduce a bill that would require a new health study of the X-ray body scanners used to screen airline passengers nationwide. If the bill becomes law, TSA would be required to choose an 'independent laboratory' to measure the radiation emitted by a scanner currently in use at an airport checkpoint and use the data to produce a peer-reviewed study, to be submitted to Congress, based on its findings. The study would also evaluate the safety mechanisms on the machine and determine 'whether there are any biological signs of cellular damage caused by the scans.' Many Slashdotters are or have been involved in science. Is this a credible experimental protocol? Is it reasonable to expect an organization accused of jeopardizing the health and safety of hundreds of millions of air travelers to pick a truly unbiased lab? Would any lab chosen deliver a critical report and risk future funding? Should the public trust a study of radiology and human health designed by a US Senator whose highest degree is a bachelor's degree in government?"
Crime

SEC Takes Action Against Latvian Hacker 57

Posted by timothy from the latvia-lady-toniiight dept.
wiredmikey writes "The SEC has filed charges against a trader in Latvia for conducting a widespread online account intrusion scheme in which he manipulated the prices of more than 100 NYSE and Nasdaq securities by making unauthorized purchases or sales from hijacked brokerage accounts. The SEC also went after four online trading firms and eight executives who are said to have helped the hacker make more than $850,000 in ill-gotten funds. The SEC's actions occurred on the same day that the Financial Industry Regulatory Authority (FINRA) issued an investor alert and a regulatory notice about an increase in financially motivated attacks targeting email."
Crime

Hijacked Web Traffic For Sale 68

Posted by timothy from the 1-crying-young-spying-young-viewer-for-sale dept.
mask.of.sanity writes "If you can't create valuable content to attract users to your site, Russian cyber criminals will sell them to you. A web store has been discovered that sells hacked traffic that has been redirected from legitimate sites. Sellers inject hidden iframes into popular web sites and redirect the traffic to a nominated domain. Buyers purchase the traffic from the store to direct to their sites and the sellers get paid."
Cellphones

Defending Your Cellphone Against Malware 157

Posted by timothy from the did-anyone-else-pack-your-cellphone-today dept.
Hugh Pickens writes "Kate Murphy writes that as cellphones have gotten smarter, they have become less like phones and more like computers, and that with more than a million phones worldwide already hacked, technology experts expect breached, infiltrated or otherwise compromised cellphones to be the scourge of 2012. Cellphones are often loaded with even more personal information than PCs, so an undefended or carelessly operated phone can result in a breathtaking invasion of individual privacy as well as the potential for data corruption and outright theft. But there are a few common sense ways to protect yourself: Avoid free, unofficial versions of popular apps that often have malware hidden in the code, avoid using Wi-Fi in a Starbucks or airport which leaves you open to hackers, and be wary of apps that want permission to make phone calls, connect to the Internet or reveal your identity and location."
Facebook

Facebook, Washington State Sue Firm Over Clickjacking 71

Posted by timothy from the just-trying-to-earn-a-living dept.
Trailrunner7 writes "Facebook and the state of Washington are suing an ad network they accuse of encouraging people to spread spam through clickjacking schemes and other tactics. The company at the center of the allegations, Adscend Media, denies the charges and said it will fight them vigorously. According to the office of Washington Attorney General Rob McKenna, the company paid and encouraged scammers to design Facebook pages to bait users into visiting Websites that pay the company. The bait pages would appear in posts that seem to originate from a person's Facebook friends and offer visitors an opportunity to view 'provocative' content in exchange for clicking the 'like' button on the Facebook page."
Android

Android Malware May Have Infected 5 Million Users 280

Posted by timothy from the there-aren't-enough-whips-in-the-world dept.
bonch writes "A massive Android malware campaign may be responsible for duping as many as 5 million users into downloading the Android.Counterclan infection from the Google Android Market. The trojan collects the user's personal information, modifies the home page, and displays unwanted advertisements. It is packaged in 13 different applications, some of which have been on the store for at least a month. Several of the malicious apps are still available on the Android Market as of 3 P.M. ET. Symantec has posted the full list of infected applications."
Security

How Allan Scherr Hacked Around the First Computer Password 89

Posted by timothy from the used-his-onion dept.
New submitter MikeatWired writes "If you're like most people, you're annoyed by passwords. So who's to blame? Who invented the computer password? They probably arrived at MIT in the mid-1960s, when researchers built a massive time-sharing computer called CTSS. Technology changes. But, then again, it doesn't, writes Bob McMillan. Twenty-five years after the fact, Allan Scherr, a Ph.D. researcher at MIT in the early '60s, came clean about the earliest documented case of password theft. In the spring of 1962, Scherr was looking for a way to bump up his usage time on CTSS. He had been allotted four hours per week, but it wasn't nearly enough time to run the detailed performance simulations he'd designed for the new computer system. So he simply printed out all of the passwords stored on the system. 'There was a way to request files to be printed offline by submitting a punched card,' he remembered in a pamphlet (PDF) written last year to commemorate the invention of the CTSS. 'Late one Friday night, I submitted a request to print the password files and very early Saturday morning went to the file cabinet where printouts were placed and took the listing.' To spread the guilt around, Scherr then handed the passwords over to other users. One of them — J.C.R. Licklieder — promptly started logging into the account of the computer lab's director Robert Fano, and leaving 'taunting messages' behind."
Security

DARPA Funding a $50 Drone-Droppable Spy Computer 86

Posted by Soulskill from the this-is-how-you-name-your-device dept.
Sparrowvsrevolution writes "At the Shmoocon security conference, researcher Brendan O'Connor plans to present the F-BOMB, or Falling or Ballistically-launched Object that Makes Backdoors. Built from just the disassembled hardware in a commercially-available PogoPlug mini-computer, a few tiny antennae, eight gigabytes of flash memory and some 3D-printed plastic casing, the F-BOMB serves as 3.5"-by-4"-by-1" spy computer. With a contract from DARPA, O'Connor has designed the cheap gadgets to be spy nodes, ready to be dropped from a drone, plugged inconspicuously into a wall socket, (one model impersonates a carbon monoxide detector) thrown over a barrier, or otherwise put into irretrievable positions to quietly collect data and send it back to the owner over any available Wi-Fi network. O'Connor built his prototypes with gear that added up to just $46 each, so sacrificing one for a single use is affordable."
Security

When Viruses Infect Worms 96

Posted by Soulskill from the it's-malware-all-the-way-down dept.
An anonymous reader writes "Bitdefender reports that there exist viruses which, when they encounter other viruses, will merge and combine effects so that they create a new virus. 'A virus infects executable files; and a worm is an executable file. If the virus reaches a PC already compromised by a worm, the virus will infect the exe files on that PC — including the worm. When the worm spreads, it will carry the virus with it. Although this happens unintentionally, the combined features from both pieces of malware will inflict a lot more damage than the creators of either piece of malware intended. While most file infectors have inbuilt spreading mechanisms, just like Trojans and worms (spreading routines for RDP, USB, P2P, chat applications, or social networks), some cannot replicate or spread between computers. And it seems a great idea to “outsource” the transportation mechanism to a different piece of malware (i.e. by piggybacking a worm).'"
Facebook

FBI Building App To Scrape Social Media 133

Posted by Soulskill from the they-know-you-read-everything-you-can-about-bieber dept.
Trailrunner7 writes "The FBI is in the early stages of developing an application that would monitor sites such as Twitter and Facebook, as well as various news feeds, in order to find information on emerging threats and new events happening at the moment. The tool would give specialists the ability to pull the data into a dashboard that also would include classified information coming in at the same time. One of the key capabilities of the new application, for which the FBI has sent out a solicitation, would be to 'provide an automated search and scrape capability for social networking sites and open source news sites for breaking events, crisis and threats that meet the search parameters/keywords defined by FBI/SIOC.'"
Government

Railroad Association Says TSA's Hacking Memo Was Wrong 121

Posted by timothy from the switch-in-time-saves-none dept.
McGruber writes "Wired reports that the American Association of Railroads is refuting the U.S. Transportation Security Administration memorandum that said hackers had disrupted railroad signals. In fact, 'There was no targeted computer-based attack on a railroad,' said AAR spokesman Holly Arthur. 'The memo on which the story was based has numerous inaccuracies.' The TSA memo was subject of an earlier Slashdot story in which Slashdot user currently_awake accurately commented on the true nature of the incident."

Slashdot Top Deals