Thursday, April 30, 2009

Anonymous Bloggers At Risk

"The Internet has become a great soapbox for ordinary citizens, but there is increasing controversy around the trend of anonymous political blogging. In 2006, it was estimated that 55 percent of American bloggers post under a pseudonym. But along with the explosion of anonymous blogs has come a whole host of problems. Some bloggers have used their anonymity to spread false information without ramifications. Others have used it to launch personal attacks against friend and foe alike.

"This has led to appeals from all over the political spectrum for regulation. Some blogging platform providers such as Tumblr are taking action on their own and shutting down anonymous blogs. The European Union entertained a proposal last fall to prohibit anonymous blogs. In the U.S., some have asked that the FCC categorize anonymous political blogs under campaign finance laws subject to regulation...

More at The American Spectator...

Hackers Pig Out On Swine Flu Concerns

"Computer scammers are feeding off swine flu fears to entice people to download viruses or purchase bogus products.

"Emails titled `Are you worried about flu outbreak?` and `Global panic as swine flu spreads to Europe` are luring people into clicking on links or opening attachments that could be malicious, computer security company PC Tools said.

"PC Tools spokeswoman Magida Ezzat said cyber criminals were also using the celebrity angle, with email titles such as `Swine flu in Hollywood` and `Madonna caught swine flu`.

"`Hackers will play on any big event or celebrities and we've recently seen a lot of scams around the financial crisis as well as the inauguration of Barack Obama,` she said.

"The spam emails usually contain a link to a malicious website or what appears to be a PDF file, but is in fact a program that tries to steal user names and passwords."


Tuesday, April 28, 2009

Mini Servers For Mega Pwnage

"Tiny computers are everywhere—our cell phones, handheld gaming devices and set-top boxes, to name a few—so it should be no surprise that Marvell Technology in Santa Clara, Calif., one of the companies that makes the chips that go into such devices, managed to cram an entire home server into the SheevaPlug, a two-inch by four-inch (five- by 10-centimeter) box that plugs into any wall outlet and is almost indistinguishable from an oversize power supply.

" found some adventurous alpha geeks at the Massachusetts Institute of Technology's (M.I.T.) Computer Science and Artificial Intelligence Laboratory (CSAIL), Carnegie Mellon University, Intel and elsewhere and asked them what kind of uses they could come up with for the SheevaPlug. We came away with eight different ideas..."

More at

Brit Twit Quits

"A magistrate has resigned from the bench following a complaint about his use of the Twitter network.

"IT consultant Steve Molyneux, from Telford, Shropshire, posted messages on the social networking site about cases at the town's magistrates' court.

"He said everything he reported on Twitter had already been said in open court and he had done nothing illegal.

"Mr Molyneux said he had been making use of the latest technology to bring `transparency` to the judicial system."

From the BBC...

Monday, April 27, 2009

Unemployed IT Worker Of The Week

"An IT administrator faces up to five years in prison after he tried to extort money from his former employers by threatening to crash the company’s servers.

"Viktor Savtyrev, 29, pleaded guilty to extortion after he threatened his former employers with computer crashes. He also threatened to enlist Eastern European hackers to launch attacks against his former employer, New York investment firm Third Avenue Management.

"`My comrades for a small fee are able to help me out with bridging the firewall security and carry out data destruction and virus outbreak,` Savtyrev wrote in an e-mail to the company, according to the complaint.

"`I located the names and e-mail addresses of the editors of Wall Street Journal, Newsweek and the Daily News and all of them should be very interested in getting an article about a mutual fund (losing) data because some 'Crazy Russian' (this is the name of the article which I wrote last night), was fired after 5 years of loyal service.`

"Savtyrev was laid off in November but was reportedly upset at the parsimonious nature of his severance package. He told his employers that he wanted more money, better medical coverage and `excellent references,` or he would take action.

"However, Savtyrev made a serious mistake in putting his demands down in an email to directors, who promptly handed it over to the FBI, who arrested him within days."


Wednesday, April 22, 2009

I Like Big Bots And I Cannot Lie

Baby Got Haxx

"The world's largest-ever malware network has been uncovered, affecting 1.9 million corporate, government and consumer computers.

"Finjan Inc's Malicious Code Research Center (MCRC) uncovered the network as part of research into command and control servers operated by cybercriminals.

"`It is the biggest ever - 600,000 was the largest last year,` a spokesman for Finjan told TG Daily. He declined to name the organisations affected, but said `I think you can assume that most large corporations and most western governments are affected.`"

More at TG Daily...

Tuesday, April 21, 2009

Hackers Download "Terabytes" Of Pentagon Data

"Hackers broke into U.S. Department of Defense computers and downloaded terabytes of data containing design information about the Joint Strike Fighter, a US$300 billion stealth fighter currently under development, according to The Wall Street Journal.

"The stolen files all relate to the design of the Joint Strike Fighter and its electronic systems, the Wall Street Journal reported, saying they could be used to help defend against the jet...

"The reported attack raised more questions than it answered.

"For example, the report did not say how attackers managed to download terabytes of data before being discovered. A single terabyte can take up to several weeks to download over a relatively fast data connection, such as a DSL or cable modem..."

More at NetworkWorld...

Friday, April 17, 2009

Evidence Of Zombie Mac Botnet Found

"If you let yourself get tempted into installing the pirated versions of iWork or Photoshop CS4 that circulated on Bit Torrent earlier this year, you may have unwittingly turned your Mac into a zombie. Security researchers for Symantec have turned up evidence that these zombie machines are being used to create a Mac-based botnet.

"Botnets are used to perform DDoS attacks on systems, gather sensitive personal information, and send out a majority of the spam that clogs up the 'Net. While commonly made out of infected Windows computers, this is the first known attempt to create one from Macs..."

More at Ars Technica...

Wednesday, April 15, 2009

Polish Pep Bois Discover SEO

"PandaLabs has identified over a million spam links used to target Google searchers looking for information about automotive parts from Ford and Nissan especially. Panda calls it `a major Blackhat SEO attack` designed to dupe searchers into downloading spyware or purchasing phony security software.

"Searching for the keyphrase `Diagram Of A 1998 Nissan Pathfinder Blower Motor,` for example leads to a Google results page packed with spammy sites. A savvy user can identify them by their unusual URLs starting with an arbitrary number, followed by nonsensical combinations of letters and resolving to Polish domains..."


Tuesday, April 14, 2009

Bad News For Proxy Users

"SAN FRANCISCO (AP) - Proxy servers are an everyday part of Internet surfing. But using one in a crime could soon lead to more time in the clink.

"A key vote Wednesday on new federal sentencing guidelines would classify the use of proxies as evidence of `sophistication,` increasing sentences by about 25 percent _ which could mean years or even decades longer behind bars, depending on the crime. It's akin to judges handing down stiffer sentences when a gun is used in a robbery.

"Yet digital-rights advocates are worried. Although they aren't absolving criminals, they complain that the proposal is so broad, it could lead to unnecessarily harsh sentences for tech neophytes who didn't know they were using proxies in the first place or who were simply engaging in a practice often encouraged as a safer way of using the Internet..."

More at

Thursday, April 9, 2009

Conficker Researchers: Still CLUELESS

"The Conficker worm is finally doing something--updating via peer-to-peer between infected computers and dropping a mystery payload on infected computers, Trend Micro said on Wednesday.

"Researchers were analyzing the code of the software that is being dropped onto infected computers but suspect that it is a keystroke logger or some other program designed to steal sensitive data off the machine, said David Perry, global director of security education at Trend Micro.

"The software appeared to be a .sys component hiding behind a rootkit, which is software that is designed to hide the fact that a computer has been compromised, according to Trend Micro. The software is heavily encrypted, which makes code analysis difficult, the researchers said."


All Your Grid Are Belong To Us

"The hackers who reportedly planted malware on key parts of the U.S. electrical grid, perhaps with the intent to cripple the country's power infrastructure, most likely gained access like any other cybercriminal -- by exploiting a bug in software such as Windows or Office, a security researcher said today.

"`Any computer connected to the Internet is potentially vulnerable,` said Roger Thompson, chief research officer at AVG Technologies USA Inc. `Getting to the actual infrastructure devices directly -- that's always possible, but a whole lot less likely. In any industry, critical or not, there are always plenty of PCs that have been compromised.`"

Source: ComputerWorld...

Saturday, April 4, 2009

Unemployed IT Worker Of The Month

"BINGHAMTON, N.Y. (AP) — A gunman opened fire on a room where immigrants were taking a citizenship exam in downtown Binghamton on Friday, killing as many as 13 people before committing suicide, officials said.

"Gov. David Paterson said at a news conference that 12 or 13 people had been killed. The suspected gunman carried identification with the name of 42-year-old Jiverly Voong of nearby Johnson City, N.Y., a law enforcement official said.

"The suspect's body was found with a self-inflicted gunshot wound in an office of the American Civic Association building, said the official, who was not authorized to speak publicly and was talking on condition of anonymity.

"The gunman barricaded the rear door of the building with his car before entering through the front door, firing his weapon, the official said.

"The gunman had recently been let go from IBM in Johnson City, said Rep. Maurice Hinchey, whose district includes Binghamton. The gunman opened fire on a citizenship class, he said."

More at The Macomb Daily...

Friday, April 3, 2009

Don't Mess With Texas

Texas Senate Bans Vista

"The Texas state Senate yesterday gave preliminary approval to a state budget that includes a provision forbidding government agencies from upgrading to Microsoft Corp.'s Windows Vista without written consent of the legislature.

"Sen. Juan Hinojosa, a Democrat from McAllen and vice chairman of the Finance Committee, proposed the rider because "of the many reports of problems with Vista."

"`We are not in any way, shape or form trying to pick on Microsoft, but the problems with this particular [operating] system are known nationwide,` Hinojosa said during a Senate session debating the rider Wednesday evening (starting at 4:42 of this RealMedia video stream). `And the XP operating system is working very well.`

"The rider requires state agencies to get the written approval of the Legislative Budget Board before purchasing Vista licenses, upgrades or even new PCs with Vista pre-installed on it."

From ComputerWorld...

Wednesday, April 1, 2009

Beware The Smiley :-)

"Yoann Guillot and myself have been assessing the security of instant communication applications for a couple of years.

"For quite some time now, we have both suspected that it was possible to conduct both stealth and massive attacks on popular chat clients such as MSN, AIM, Trillian or mIRC.

"Today, we have verified our intuition by creating an encoder that can make any shellcode look like a smiley. It is possible to encode malicious shellcodes in emoticons, leaving exploits indistinguishable from genuine chat messages.

"This would make massive attacks against instant messaging applications impossible to catch by anti-virus, IDS or similar signature based technologies. Moreover, it is possible to conduct attacks with plausible deniability."

More at blogspot...