Gregory Evans admits plagiarism charges.
(Audio source for this mash-up from SHITcast - Episode 7 - LIGATT Edition!)
Easily the most-viewed post at krebsonsecurity.com so far has been the entry on a cleverly disguised ATM skimmer found attached to a Citibank ATM in California in late December. Last week, I had a chance to chat with Rick Doten, chief scientist at Lockheed Martin’s Center for Cyber Security Innovation. Doten has built an impressive slide deck on ATM fraud attacks, and pictured below are some of the more interesting images he uses in his presentations.
Full Article (Krebs on Security - krebsonsecurity.com)
Those with no technical knowledge generally believe that they are anonymous when simply browsing the Web. Those who know more might recognize that IP addresses can be used to do some rough targeting, while browser cookies can be used to track someone across sessions and across IP addresses. But what if your browser itself—even with cookies off and IP addresses out of the picture—was leaving a digital fingerprint at every site you visit?
Full Article (Ars Technica - arstechnica.com)
“Buying You: The Government’s Use of Fourth-Parties to Launder Data about ‘The People’,” a paper by Columbia Law School’s Joshua L. Simmons in the Columbia Business Law Review, describes the way that US government agencies circumvent the fourth amendment and privacy statutes by outsourcing their surveillance to private credit reporting bureaux and other mega-databases. He argues that the law should ban the use of this improperly gathered information, binding paid government informants to the same rules that the government must follow.
Full Article (Boing Boing - boingboing.net)
Google made headlines when it went public with the fact that Chinese hackers had penetrated some of its services, such as Gmail, in a politically motivated attempt at intelligence gathering. The news here isn’t that Chinese hackers engage in these activities or that their attempts are technically sophisticated — we knew that already — it’s that the U.S. government inadvertently aided the hackers.
Full Article (CNN - cnn.com)
A selection of applications written and uploaded by an Android Marketplace user/developer have been found to contain malicious code that attempts to compromise banking information stored on the device in order to commit bank/credit card fraud.
Earlier today, The Rumpus published a very revealing interview with someone claiming to be a Facebook employee. The interview covers a variety of subjects, including privacy restrictions at the world’s largest social network and some of the technological hurdles the site has to deal with. The biggest revelations? That Facebook collects more data about your habits than you may realize, and that there was once a ‘master password’ that would grant employees access to anyone’s Facebook profile — a password that some employees abused.
Nothing has ever changed the world as quickly as the Internet has. Less than a decade ago, “60 Minutes” went to the Pentagon to do a story on something called information warfare, or cyber war as some people called it. It involved using computers and the Internet as weapons.
New update available! Click here to download now! From virus signature updates that identify competing products as a trojan, to operating system updates that break core functionality, there has been no shortage of quality control failures in updates released by vendors. Many of these updates are delivered to the user’s computer via automatic update mechanisms. That means these problematic updates are delivered to millions of computers quietly and efficiently, typically without user interaction. It’s always welcome to see security bugs fixed or better rules released in the products we use. But when the price of that fix is at best an annoyance and at worst a complete system failure, we’re not so sure it’s worth it. At the very least, users should be aware of the various types of failures and the frequency with which they occur. While mistakes happen to everyone, we’ll leave it as an exercise to the reader to notice any trends from repeat offenders.
Jeff Moss, founder of the Black Hat and Defcon security conferences, is one of 16 people appointed to the Department of Homeland Security Advisory Council, as the government casts a wide net for perspectives on cybersecurity.
A government audit (PDF) has pinpointed more than 3,800 vulnerabilities — 763 of which are high-risk — in the Federal Aviation Administration’s Web-based air traffic control system applications, including some that could potentially put air travel at risk.
The Torpig botnet was hijacked by the good guys for ten days earlier this year before its controllers issued an update and took the botnet back. During that time, however, researchers were able to gain a glimpse into the kind of information the botnet gathers as well as the behavior of Internet users who are prone to malware infections.
There’s a scene toward the end of the book Contact by Carl Sagan, where the protagonist Ellie Arroway finds a Message embedded deep in the digits of PI. The Message is perhaps an artifact of an extremely advanced intelligence that apparently manipulated one of the fundamental constants of the universe as a testament to their power as they wove space and time. I’m reminded of this scene by the Time.com 100 Poll where millions have voted on who are the world’s most influential people in government, science, technology and the arts. Just as Ellie found a Message embedded in PI, we find a Message embedded in the results of this poll. Looking at the first letters of each of the top 21 leading names in the poll we find the message “marblecake, also the game”. The poll announces (perhaps subtly) to the world, that the most influential are not the Obamas, Britneys or the Rick Warrens of the world, the most influential are an extremely advanced intelligence: the hackers.
Spies hacked into the U.S. electric grid and left behind computer programs that would let them disrupt service, exposing potentially catastrophic vulnerabilities in key pieces of national infrastructure, a former U.S. government official said Wednesday. The intrusions were discovered after electric companies gave the government permission to audit their systems, the ex-official said. The official was not authorized to discuss the matter and spoke to The Associated Press on condition of anonymity.
CYBERSPACE is ideal for spies. Digitally disguised and undeterred by borders or passports, they can pick locks anywhere in the world, pilfer secrets without trace and even leave toxic traps for the unwary. Security chiefs are very worried; NATO’s new cyberwarfare think-tank in Estonia gets requests for help from across the world. And for researchers outside the charmed circle of high-security clearance, establishing hard evidence of mischief on the net is even harder.
