February 2011
45 posts
3 tags
Government employs hackers in brave new scheme →
Since the dawn of computing there’s been a cold war between those who run computer systems and those who attack them. And never the twain shall meet, at least until now. Speaking at the ShmooCon hacker convention in Washington, DC, Defense Advanced Research Projects Agency (DARPA) project manager Peiter Zatko has announced Cyber Fast Track, a new scheme that will rely on the skills of...
3 tags
Cross Site Scripting vulnerability reported, fixed →
While no client data was impacted, we were notified at ~3pm Eastern time yesterday of a non-persistent cross site scripting vulnerability on the LastPass.com website. By 5:30pm it was fixed, tested and deployed; closing the hole. It’s important to note that this was not a flaw with the extensions, and could only be potentially exploited if you visited a malicious site that was setup to...
3 tags
LastPass Vulnerability Exposes Account Details →
LastPass is a password manager that stores your website login details in an encrypted container, protected by a master password, and synced between your various browsers and machines. They provide browser plugins, and also provide a web interface for you to access and manage your credentials. They have both free and premium accounts, and they recently claimed to have hit one million users. I...
3 tags
RSA 2011: Winning the War But Losing Our Soul →
There was lots of noise and distraction on the crowded Expo floor of the RSA Security Conference this year. After a grueling couple of years, vendors were back in force with big booths, big news and plenty of entertainment designed to attract visitor traffic. Wandering the floor, I saw - variously - magic tricks, a man walking on stilts, a whack-a-mole game, a man dressed in a full suit of armor...
3 tags
Sony’s War on Makers, Hackers, and Innovators →
Two weeks ago I proclaimed a winner in the microcontroller dev board arena with “Why the Arduino Won, and Why It’s Here to Stay.” There’s still lots of great debate going on, and conversations that still haven’t ended. Is my prediction right? We’ll see what happens in the upcoming months and years. This week I’m going to switch gears a little and declare an enemy for all makers, hackers, and...
5 tags
Ligatt Security sues Attrition.org and others for... →
Earlier this week, we reported on Ligatt Security blasting CBS Atlanta over a report that painted the company and their CEO in a bad light. Today, The Tech Herald has learned that Ligatt recently filed a lawsuit against eight John Does, after they reported on leaked information found on the Web. One of the John Does in the case is Attrition.org, a site that has reported on the Ligatt saga since...
7 tags
Black ops: how HBGary wrote backdoors for the... →
On November 16, 2009, Greg Hoglund, a cofounder of computer security firm HBGary, sent an e-mail to two colleagues. The message came with an attachment, a Microsoft Word file called AL_QAEDA.doc, which had been further compressed and password protected for safety. Its contents were dangerous.
Full Article
3 tags
Living Single →
I hate the term single. Despite the fact that most of us come in to this world by ourselves and leave that way there’s an expectation of partnering in the interim. And while you are granted a bit more of a reprieve from single shade* in queerdom, there’s still a palpable partner privilege that operates. Couples only hang outs, automatic invites to your partner’s friends’ functions, less unwanted...
4 tags
Police Chief Tells Parents To Hack Kids' Facebook... →
Chrys Matyszcyk points us to a report about how a police chief in New Jersey is running seminars for parents on how to hack their kids’ Facebook accounts and install spyware and keyloggers to spy on everything they do. There’s so much wrong with the claims by Mahwah Police Chief James Batelli, it’s difficult to know where to start. “Trust sounds good. It’s a good...
3 tags
Libyan Disconnect →
Renesys confirms that the 13 globally routed Libyan network prefixes were withdrawn at 23:18 GMT (Friday night, just after midnight Saturday local time), and Libya is off the Internet. One Libyan route originated by Telecom Italia directly is still BGP-reachable, but inbound traceroutes appear to die in Palermo. A minority of our peers report some surviving paths through the peering connection...
6 tags
The HB Gary Email That Should Concern Us All →
As I wrote yesterday , there is a leaked email that has gotten surprisingly little attention around here. It’s the one where Aaron Barr discusses his intention to post at Daily Kos - presumably something negative about Anonymous, the hacking group. But that’s not the email I’m talking about here. As I also mentioned yesterday, in some of the emails, HB Gary people are talking...
3 tags
"16 Year old [Anonymous] Girl" Gets no Respect →
iamnotyelling:
I’ve been following the recent HBGary hacking because deep in my heart of hearts I wish I were devious enough to be a hacker. DKos has an otherwise Great post about some other crazy stuff this crazy firm was going to get up to before their e-mails became the bathroom reading of millions of…
4 tags
Anonymous speaks: the inside story of the HBGary... →
It has been an embarrassing week for security firm HBGary and its HBGary Federal offshoot. HBGary Federal CEO Aaron Barr thought he had unmasked the hacker hordes of Anonymous and was preparing to name and shame those responsible for co-ordinating the group’s actions, including the denial-of-service attacks that hit MasterCard, Visa, and other perceived enemies of WikiLeaks late last year....
3 tags
1 tag
A Civil Perspective on Cybersecurity →
How important is cyberspace? It is hardly possible to overstate it. The internet is an engine of immense wealth creation, a force for openness, transparency, innovation and freedom. Without it, generators stop turning, phones fall silent, critical goods sit on loading docks. Without confidence in the integrity of financial data or health information, the economy trembles. Without connectivity,...
6 tags
Did Security Firms Pitch Bank Of America On... →
Bank of America may be in a state of WikiLeaks-induced anxiety after Assange’s remarks in November that the secret-spilling site plans to release a trove of documents leaked from a major U.S. bank. But where America’s largest bank sees a crisis, a group of security firms may have seen an opportunity. According to a report at the tech news site Tech Herald, data intelligence firms including...
7 tags
Data intelligence firms proposed a systematic... →
After a tip from Crowdleaks.org, The Tech Herald has learned that HBGary Federal, as well as two other data intelligence firms, worked to develop a strategic plan of attack against WikiLeaks. The plan included pressing a journalist in order to disrupt his support of the organization, cyber attacks, disinformation, and other potential proactive tactics.
Full Article
7 tags
Spy Games: Inside the Convoluted Plot to Bring... →
When Aaron Barr was finalizing a recent computer security presentation for the U.S. Transportation Security Administration, a colleague had a bit of good-natured advice for him: “Scare the shit out of them!” In retrospect, this may not have been the advice Barr needed. As CEO of the government-focused infosec company HBGary Federal, Barr had to bring in big clients — and quickly — as the startup...
7 tags
The leaked campaign to attack WikiLeaks and its... →
There’s a very strange episode being widely discussed the past couple of days involving numerous parties, including me, that I now want to comment on. The story, first reported by The Tech Herald, has been written about in numerous places (see Marcy Wheeler, Forbes, The Huffington Post, BoingBoing, Matt Yglesias, Reason, Tech Dirt, and others), so I’ll provide just the summary.
...
2 tags
6 tags
Report: Stuxnet Hit 5 Gateway Targets on Its Way... →
Attackers behind the Stuxnet computer worm focused on targeting five organizations in Iran that they believed would get them to their final target in that country, according to a new report from security researchers. The five organizations, believed to be the first that were infected with the worm, were targeted in five separate attacks over a number of months in 2009 and 2010, before Stuxnet...
2 tags
Groupon users outraged over misleading FTD voucher →
A day after Groupon offered $20 off of $40 worth of flowers and gifts from FTD, users are calling the deal a scam. The coupon, which nearly 3,300 people bought, directed buyers to a special FTD website — FTD.com/groupon — to take advantage of the offer. The problem, users said, was that prices were higher than on the regular website, effectively diminishing the value of the deal.
...
7 tags
Bank of America using Private Intel Firms to... →
In a document titled “The WikiLeaks Threat” three data intelligence companies, Plantir Technologies, HBGary Federal and Berico Technologies, outline a plan to attack Wikileaks. They are acting upon request from Hunton and Williams, a law firm working for Bank of America. The Department of Justice recommended the law firm to Bank of America according to an article in The Tech Herald....
3 tags
Anonymous Claims Possession Of Insidious Stuxnet... →
Houston, we have a problem. Or should I say, “Iran, we have your problem?” Last night, a member of hacker group Anonymous – a devious 4chan-spawned Internet coalition known for increasingly serious web-based attacks – announced on Twitter that the group was in possession of the Stuxnet virus. Stuxnet is one of the more powerful viruses to ever spread across the internet. As Bruce Schneier...
2 tags
Why 3D doesn't work and never will. Case closed →
I received a letter that ends, as far as I am concerned, the discussion about 3D. It doesn’t work with our brains and it never will. The notion that we are asked to pay a premium to witness an inferior and inherently brain-confusing image is outrageous. The case is closed. This letter is from Walter Murch, seen at left, the most respected film editor and sound designer in the modern...
6 tags
Why the U.S. shouldn't try Julian Assange →
The Obama administration is under pressure to respond to WikiLeaks’ massive disclosures of State Department cables. It cannot stop the continued publication of the cables, which several news organizations around the world possess. It is reportedly leaning toward using criminal law to make an example of WikiLeaks founder Julian Assange in order to deter future Assanges. The government is...
5 tags
Analysis: Military coup was behind Mubarak's exit →
It was the people who forced President Hosni Mubarak from power, but it is the generals who are in charge now. Egypt’s 18-day uprising produced a military coup that crept into being over many days - its seeds planted early in the crisis by Mubarak himself. The telltale signs of a coup in the making began to surface soon after Mubarak ordered the army out on the streets to restore order...
4 tags
Hackers Penetrate Nasdaq's Computers →
Hackers have repeatedly penetrated the computer network of the company that runs the Nasdaq Stock Market during the past year, and federal investigators are trying to identify the perpetrators and their purpose, according to people familiar with the matter. The exchange’s trading platform—the part of the system that executes trades—wasn’t compromised, these people said. However, it...
How one man tracked down Anonymous and paid a... →
Aaron Barr believed he had penetrated Anonymous. The loose hacker collective had been responsible for everything from anti-Scientology protests to pro-Wikileaks attacks on MasterCard and Visa, and the FBI was now after them. But matching their online identities to real-world names and locations proved daunting. Barr found a way to crack the code. In a private e-mail to a colleague at his...
5 tags
HBGary Federal Hacked by Anonymous →
A company that is helping the federal government track down cyberactivists who have been attacking business which refused to support Wikileaks has itself been hacked by the very same activists. At the center of the storm is a leaderless and anarchic Internet group called Anonymous, which more recently has been coordinating attacks against Egyptian government Web sites. Late last month,...
4 tags
Egypt's Internet Blackout Highlights Danger of... →
In response to ongoing protests, Egyptian president Hosni Mubarak ordered a shutdown of all Internet access for five whole days, from January 28 to February 2, but social media and news continued to flow in and out of the country thanks to a group of protagonists dedicated to supporting the flow of information. EFF board member and co-founder John Gilmore once described the technical robustness...
3 tags
Researcher [Moxie] Makes Free Phone and Text... →
Free phone and text-message encryption software that has until now been available mostly to U.S. users can now be used in Egypt, according to the security researcher who developed it. The researcher, who goes by the name Moxie Marlinspike, released the software last year for use in the United States through his company Whisper Systems, and has been working on making it available for...
3 tags
eHarmony Hacked →
Online dating giant eHarmony has begun urging many users to change their passwords, after being alerted by KrebsOnSecurity.com to a potential security breach of customer information. The individual responsible for all the ruckus is an Argentinian hacker who recently claimed responsibility for a similar breach at competing e-dating site PlentyOfFish.com.
Full Article
2 tags
Cracking the Scratch Lottery Code →
Mohan Srivastava, a geological statistician living in Toronto, was working in his office in June 2003, waiting for some files to download onto his computer, when he discovered a couple of old lottery tickets buried under some paper on his desk. The tickets were cheap scratchers—a gag gift from his squash partner—and Srivastava found himself wondering if any of them were winners. He fished a coin...
3 tags
[Egypt] Hosni Mubarak resigns as president →
Hosni Mubarak, the Egyptian president, has resigned from his post, handing over power to the armed forces. Omar Suleiman, the vice-president, announced in a televised address that the president was “waiving” his office, and had handed over authority to the Supreme Council of the armed forces. Suleiman’s short statement was received with a roar of approval and by celebratory...
2 tags
3 tags
A Hole in the Internet →
Even before their communications blackout, Egypt really was a small part of the Internet in absolute terms, just a few thousand routable networks out of nearly 400,000 making up the global IPv4 address space. To illustrate the point, we put together these images, which use a Hilbert curve representation of the Internet. The world’s routed networks are in translucent grey, the unrouted...
3 tags
'S3' Identity Theft Ring Busted In Brooklyn →
Manhattan District Attorney Cyrus R. Vance, Jr., this week announced indictments of 27 individuals in connection with “S3,” a credit card forgery and identity theft ring based in Brooklyn that compromised hundreds of bank accounts and fraudulently purchased Apple products from stores around the country to resell for profit. According to documents filed in court and statements made on...
7 tags
Netflix, Egypt, and the Case for Net Neutrality →
In the wake of the FCC decision to approve a basic framework of net neutrality rules, the battle rages. While Internet providers like Verizon file preemptive challenges to regulations that haven’t even taken effect yet, Netflix chimes in to defend net neutrality, and the political strife in Egypt provides a poignant illustration of how important it is for the Internet to be free and...
5 tags
Times Editor Alarmed By Prospect of WikiLeaks... →
New York Times executive editor Bill Keller may not regard Julian Assange as a journalistic peer, but he made clear Thursday that he doesn’t think the WikiLeaks founder should face criminal prosecution in the United States. Keller joined his counterpart from Britain’s Guardian newspaper and a prominent Harvard Law School professor on a panel at Columbia University to discuss WikiLeaks, the...
3 tags
Immigration officer fired after putting wife on... →
An immigration officer tried to rid himself of his wife by adding her name to a list of terrorist suspects. He used his access to security databases to include his wife on a watch list of people banned from boarding flights into Britain because their presence in the country is ‘not conducive to the public good’.
Full Article
2 tags
Egypt and Information Security →
Yesterday, I said on Twitter that “If you work in information security, what’s happening in Egypt is a trove of metaphors and lessons for your work. Please pay attention.” My goal is not to say that what’s happening in Egypt is about information security, but rather to say that we can be both professional and engaged with the historic events going on there. Further, I think it’s important to be...
3 tags
ATM Skimmers That Never Touch the ATM →
Media attention to crimes involving ATM skimmers may make consumers more likely to identify compromised cash machines, which involve cleverly disguised theft devices that sometimes appear off-color or out-of-place. Yet, many of today’s skimmer scams can swipe your card details and personal identification number while leaving the ATM itself completely untouched, making them far more difficult to...
6 tags
Why I have nominated Wikileaks for the Nobel Peace... →
It is always easier to support freedom of speech when the one who speaks agree with you politically. This is one of the “tests” on liberal and democratic values that governments tend to fail. For instance, western governments have a long history on tolerating oppressive regimes that are “friendly-minded”. Internet companies assist China in censoring search engines. And many countries respond to...
3 tags
Pioneers of Freedom →
The people of Egypt are crying out for freedom. This much, we have learned, over the past few days, despite the best efforts of the Egyptian government to silence it’s people. We have seen the images of the protestors in the streets, unwavering though their eyes burn from tear gas. We have seen the power of the youth, who mobilize through Facebook and Twitter, to try and do what they can to...