First the iphone and now android phones have been center focus for trojan applications that collect personal data and send it off to some nefarious foreign server. One of the trojan apps is a simple desktop wallpaper manager.
Ever wondered why some companies have such strict policies about what you may or may not install on your company-issued cellphone?
Friday, July 30, 2010
Tuesday, July 27, 2010
MoD Squad Loses an Unencrypted Laptop Every Other Day
For the past 2 years, the British Ministry of Defense has been on a losing streak. 120 laptops are known to have been stolen, and 220 more went missing one way or other. Most of them did not use encryption.
What else did they lose?
What else did they lose?
- 593 CDs, DVDs and diskettes
- 215 memory cards
- 96 USB hard drives
- 13 cell phones
- 600,000 records of recruits and potential recruits
Dell Blames Their Own Staff for Spybot Infected Motherboards
Instead of admitting it was a huge corporate blunder, Dell blames a handful of its workforce instead of its own processes and governance, for a recent spat of infected server-class motherboards.
Dell claims all infected motherboards have been replaced.
Dell claims all infected motherboards have been replaced.
Technician Aboard the BP Oil Rig that Exploded Shut Alarms Off To Avoid Waking Up The Crew
Apparently the system that monitors and controls drilling operations was running Windows, and kept crashing with the famed Blue Screen of Death (BSoD). An alarm that goes off to alert the crew to dangerous levels of combustible gases was shut off to avoid waking anyone up. Aren't BSoD's and alarms meant to wake people up and alert them to problems?
Monday, July 26, 2010
Phishers are getting smarter, and their social engineering has gotten more subtle and harder to detect
A World of Warcraft account could be a gold pot for phishers, depending on the player's achievement. In-game items are in demand and could be sold for real cash value, making WoW accounts a favorite phishing target.
An analyst from our Response Lab recently received an e-mail from Blizzard (the creator of WoW) asking for account verification. At a glance, the e-mail appeared to be coming from a legit source.
This article analyzes some of the newer techniques being employed.
An analyst from our Response Lab recently received an e-mail from Blizzard (the creator of WoW) asking for account verification. At a glance, the e-mail appeared to be coming from a legit source.
This article analyzes some of the newer techniques being employed.
Thursday, July 15, 2010
FBI Raids ‘Electronik Tribulation Army’ Over Witness Intimidation
FBI agents have raided the homes of three alleged members of a hacker gang that harassed a security expert who helped put the group’s leader in jail, according to a recently unsealed search warrant affidavit.
Jesse William McGraw, aka “GhostExodus,” pleaded guilty in May to computer-tampering charges for putting malware on a dozen machines at the Texas hospital where he worked as a security guard. He also installed the remote-access program LogMeIn on the hospital’s Windows-controlled HVAC system.
Jesse William McGraw, aka “GhostExodus,” pleaded guilty in May to computer-tampering charges for putting malware on a dozen machines at the Texas hospital where he worked as a security guard. He also installed the remote-access program LogMeIn on the hospital’s Windows-controlled HVAC system.
How Hard Is It To Hack The Country Infrastructure?
Wired have published a very good article refuting hacker claims of being able to "shut off the Internet", and explain why critical infrastructure attacks so rarely succeed.
It is still important to note that critical infrastructure attacks have succeed before.
It is still important to note that critical infrastructure attacks have succeed before.
Internet Luring - 2 Cases, 2 different outcomes
2 Internet child luring cases that occurred recently ended with 2 very interesting outcomes.
In the first case, a police officer was charged for trying to "communicate with a minor" for some sort of evil deed. The undercover officer who busted him was found to be guilty of luring since the evidence showed that the accused officer repeatedly turned down girls who claimed to be under-aged. In the end, it sounds like the cop harassed him into the communications that occurred, and that in no way did the officer try to "persuade" the apparently under-aged teen.
In the second case, a man is charged with a similar offense for chatting up a 13 year old boy for some extra-curricular grown-up activities. The accused argued that the boy's profile stated that he was 18 years old. However, in chat transcripts, the boy repeatedly told him that he was actually 13. The accuse states that he did not believe the boy was under-aged because of *unverified* profile information, and that the boy typed much too fast to be so young.
Isn't it obvious? If you are hitting on someone online, and then they tell you repeatedly that they are under-aged.... isn't that a sign to RUN AWAY FROM THEM? Such acts of willful blindness have rarely convinced the courts, and certainly this one wasn't fooled.
In the first case, the accused appears to have been pressured and entrapped. In the second, the accused seems to have been exercising a textbook case of confirmation bias.
In the first case, a police officer was charged for trying to "communicate with a minor" for some sort of evil deed. The undercover officer who busted him was found to be guilty of luring since the evidence showed that the accused officer repeatedly turned down girls who claimed to be under-aged. In the end, it sounds like the cop harassed him into the communications that occurred, and that in no way did the officer try to "persuade" the apparently under-aged teen.
In the second case, a man is charged with a similar offense for chatting up a 13 year old boy for some extra-curricular grown-up activities. The accused argued that the boy's profile stated that he was 18 years old. However, in chat transcripts, the boy repeatedly told him that he was actually 13. The accuse states that he did not believe the boy was under-aged because of *unverified* profile information, and that the boy typed much too fast to be so young.
Isn't it obvious? If you are hitting on someone online, and then they tell you repeatedly that they are under-aged.... isn't that a sign to RUN AWAY FROM THEM? Such acts of willful blindness have rarely convinced the courts, and certainly this one wasn't fooled.
In the first case, the accused appears to have been pressured and entrapped. In the second, the accused seems to have been exercising a textbook case of confirmation bias.
Wednesday, July 7, 2010
Microsoft Officially Out of the Vulnerabilities Loop
Companies have finally started to realize that giving Microsoft free security consulting is losing them money overall.
VUPEN, who used to be known as FrCIRT, who used to be a 0-day vulnerability disclosure site, have ceased sending free vulnerability reports to Microsoft to help them fix their security woes. Instead the reports, exploit code, patches, and whatever else they produce goes straight to their paying customers - none of whom are Microsoft.
VUPEN, who used to be known as FrCIRT, who used to be a 0-day vulnerability disclosure site, have ceased sending free vulnerability reports to Microsoft to help them fix their security woes. Instead the reports, exploit code, patches, and whatever else they produce goes straight to their paying customers - none of whom are Microsoft.
Subscribe to:
Posts (Atom)