Sunday, January 31, 2010

Killer Robot In Custody

"An 81-year-old Australian man has shot himself dead with an elaborate suicide robot built using plans he downloaded from the Internet.

"The Gold Coast man, who lived alone, left notes of his plans and thoughts as he struggled to come to terms with demands by interstate relatives that he move out his home and into care.

"He spent hours searching the Internet for a way to kill himself, downloaded what he needed and then built a complex machine that would remotely fire a gun.

"He set the device up in his driveway about 7 a.m. Wednesday, placed himself in front of it and set it in motion.

"His notes explained that he chose the driveway as he knew there were tradesmen working next door who would find his body. The plan worked as the workmen heard the gunshots and ran to investigate.

"The machine was attached to a .22 semi-automatic pistol loaded with four bullets.

"It was able to fire multiple shots into the man's head after he activated it."

From FOX News...

Friday, January 29, 2010


"Insecurity outfit McAfee has named the US as the most likely source of cyber attacks, beating out the widely perceived favourites China and Russia.

"McAfee conducted a study that questioned 600 IT and security executives from various countries to discuss, rate and rank their biggest Internet security concerns. Most of the report just states the bleedin' obvious, except for the finding that the Americans are the most feared by the others.

"With the recent scuffles between Google and the Chinese government it comes as no surprise that almost 75 per cent of respondents believed that the Chinese government was involved in cyber attacks against their country. However, the figures for both the US and Russia were identical at 60 per cent. The UK government came in third from last with only 50 per cent or so believing that it was involved in naughty cyber aggression activities.

"Probably the most startling discovery was that it is the US, not China or Russia, that is feared the most. The majority of countries in the West listed the US ahead of China and Russia as the country `of most concern` when it came to attacks."

More at the Inquirer...

Tuesday, January 26, 2010

More Internet Explorer Fun

"Microsoft's Internet Explorer (IE) could inadvertently allow a hacker to read files on a person's computer, another problem for the company just days after a serious vulnerability received an emergency patch.

"The problem was actually discovered as long as two years ago but has persisted despite two attempts by Microsoft to fix it, said Jorge Luis Alvarez Medina, a security consultant with Core Security Technologies. He is scheduled to give a presentation at the Black Hat conference in Washington, D.C., on Feb. 3.

"The issue could allow a hacker to read files on a person's computer but not install other code. Nonetheless, the problem represents a serious security issue, Medina said. It affects all of Microsoft's operating systems from Windows NT through Windows 7 and every version of IE, including the latest one, IE8."

More at ComputerWorld...

Google's Downfall: Social Networking

"People behind the China-based online attacks of Google and other companies looked up key employees on social networks and contacted them pretending to be their friends to get the workers to click on links leading to malware, according to a published report on Monday.

"`The most significant discovery is that the attackers had selected employees at the companies with access to proprietary data, then learnt who their friends were,` the Financial Times reported. `The hackers compromised the social network accounts of those friends, hoping to enhance the probability that their final targets would click on the links they sent.`

"`We're seeing a lot more up-front reconnaissance, understanding who the players are at the company and how to reach them,` George Kurtz, chief technology officer at security firm McAfee, told the Financial Times. `Someone went to the trouble to backtrack: 'Let me look at their friends, who I can target as a secondary person.'`"

"The attackers used a popular instant-messaging program to distribute the malware link to target employees, Kurtz said. The malware exploited a hole in Internet Explorer that Microsoft patched just last week."

More at CNET...

AV Spending Seen As Pointless

"Following the highly publicized and successful malware attacks on Google, Symantec, Adobe, Dow Chemical, and others, business and government executives are questioning the value of their AntiVirus subscriptions. Their unprecedented skepticism will grow even more intense as more executives learn that all of these successful attacks were easily preventable.

"`In almost every meeting I’ve had since the mainstream media started reporting on these highly visible failures, executives and IT personnel have criticized their AntiVirus computer protection. This Aurora/Hydra outbreak could spark a big change in 2010 enterprise IT security spending, a multi-billion dollar change`, predicts Mike Fumai, CEO of Blue Ridge Networks.

"There’s nothing particularly novel about the exploitable vulnerabilities in Internet Explorer this month, or those in Adobe Acrobat Reader last month. These are merely new entries in a formulaic story re-written almost monthly. Last week’s out-of-cycle security patch from Microsoft is just a less frequently seen plot twist. Until now, these recurring stories only served to increase spending on AntiVirus software from well-known security vendors. However, these targeted organizations with deep pockets and large IT security staffs were successfully attacked because their name-brand AntiVirus software did not have signatures to detect the malware attack code."

More at PRWeb...

Friday, January 22, 2010

ID Theft Ring Included City Employees

"In a six-count indictment filed in U.S. District Court, federal prosecutors assert a Seattle Municipal Court employee passed account information into an identity theft ring in which four people are presently charged.

"Federal prosecutors claim Diamond Wendell Alexander Jr. and Crystal Loren Lee recruited others to copy credit card information from their places of employment and forward that information to them.

"Alexander and Lee would then use that credit card information to make purchases, chiefly Wal-Mart gift cards, according to prosecutors statements to the court. In total, they attempted to fraudulently charge more than $300,000 in gift cards and other merchandise using `skimmed` credit cards.

"Among those recruited for the scheme was a Seattle Municipal Court employee who handled payments, prosecutors allege. That employee would then pass on credit card numbers -- referred to by prosecutors as `access device information` -- to Alexander and Lee.

"Identified only by initials in court documents, the city employee is considered an unindicted co-conspirator in the scheme.

"`The Seattle Municipal Court employee would print access device information pertaining to people who used their cards to pay for traffic tickets and other transactions with the court,` according to a grand jury indictment filed Wednesday."

More at

Thursday, January 21, 2010

Firefox, Opera Benefit From IE Schadenfreude

"Mozilla yesterday reported a `huge increase` in downloads of Firefox in Germany after that country's computer security agency urged users of Microsoft's Internet Explorer (IE) to dump the browser and run a rival instead.

"German downloads of Firefox during a four-day stretch starting last Friday jumped by about 300,000 over normal, said Ken Kovash, Mozilla's director of analytics, on the company's `Blog of Metrics.` `Over the past few days there has been a huge increase in the number of Firefox downloads from IE users in Germany,` Kovash claimed.

"Norwegian browser maker Opera Software said that downloads in Germany of its desktop application were double the usual rate last weekend, and downloads in Australia were up 40% over normal.

"Mozilla and Opera cited recommendations by German, French and Australian authorities to stop using IE as the cause for the jump. Last Friday, Germany's Federal Office for Information Security, known by its German initials of BSI, and France's CERTA each called for users to stop running IE until Microsoft patches a critical vulnerability. `Pending a patch from the publisher, CERT recommends using an alternative browser,` a translation of the French advisory stated."

More at ComputerWorld...

Wednesday, January 20, 2010

Facebook Follies

"Vanessa Palm and Alexander Rust, two 20-something Americans vacationing in the Bahamas last February, decided to catch and eat an iguana - a species protected under Bahamian law. Unfortunately for them, they also decided to post pictures on Facebook of their illicit meal.

"Bahamian authorities were alerted to the photos, and promptly proceeded to track down and arrest the two tourists for killing and eating a protected iguana.

"Perhaps they used the jail time to debate whether or not it tasted like chicken.

"Similarly, a 20-year-old employee of a Petland pet store in Ohio not only drowned rabbits from the store, she creepily bragged about it on her Facebook "wall." Someone from People for the Ethical Treatment of Animals (PETA) learned of this, and she was soon charged with two counts of animal cruelty.

"Meanwhile, it wasn't enough for 38-year-old Jacob Rehm of Morrisville, Vt., to steal a tour bus from his former employer, Lamoille Valley Transportation, and take it on a joyride. No, he had to go and make a four minute video of his little adventure (complete with a tour of the $500,000 bus itself) and post it on YouTube.

"After the bus was recovered in another town and Rehm was charged with the theft, the prosecutors found that video very helpful when they went to court."

More at The Southeast Texas Record...

Saturday, January 16, 2010

Firefox Über Alles

"In a statement issued today, the German Federal Office for Security in Information Technology (known as BSI) recommends that all Internet Explorer users switch to an alternative browser. They may resume using Explorer after a fix is issued by Microsoft for a critical vulnerability that has been implicated in the Chinese cyberattack against Google.

"According to the statement from BSI, even running Internet ExplorerInternet ExplorerInternet Explorer in “protected” mode is not enough to prevent a hacker from exploiting this security flaw.

"IE, while the world’s most popular browser, has been steadily losing marketshare over perceptions that it is slower and less secure than rival browsers, especially FirefoxFirefoxFirefox. This incident won’t help."

More at Mashable...

Wednesday, January 13, 2010


"Cloud computing will become so pervasive that by 2012, one out of five businesses will own no IT assets at all, the analyst firm Gartner is predicting.

"The shift toward cloud services hosted outside the enterprise's firewall will necessitate a major shift in the IT hardware markets, and shrink IT staff, Gartner said.

"`The need for computing hardware, either in a data center or on an employee's desk, will not go away,` Gartner said. `However, if the ownership of hardware shifts to third parties, then there will be major shifts throughout every facet of the IT hardware industry. For example, enterprise IT budgets will either be shrunk or reallocated to more-strategic projects; enterprise IT staff will either be reduced or reskilled to meet new requirements, and/or hardware distribution will have to change radically to meet the requirements of the new IT hardware buying points.`

"If Gartner is correct, the shift will have serious implications for IT professionals, but presumably many new jobs would be created in order to build the next wave of cloud services...."

From NetworkWorld...

Adobe Hoisted On Its Own Petard

"Adobe today confirmed that the cyberattack that hit its corporate network earlier this month was connected to the large-scale attacks Google cited yesterday as one reason it might abandon China.

"Meanwhile, some researchers have hinted, and others have claimed, that the attacks against both Google and Adobe were based on malicious PDFs that exploited a just-patched vulnerability in Adobe's popular Reader software...

"Security researchers hinted earlier today that the attacks against Google, Adobe and dozens of other major firms were conducted using malicious PDFs that exploited one or more vulnerabilities in Adobe Reader. Analysts at Verisign's iDefense security group told Robert McMillan of IDGNews today that hackers had launched targeted attacks using a malicious document attached to e-mail messages."

More at ComputerWorld...

McAfee To Leverage "Captive Audience" Marketing

"Facebook announced late Tuesday that it is offering free computer security software for six months to all of its 350 million members to head off increasing threats of hackers and computer viruses on the social network.

"Facebook has cut a deal with anti-virus maker McAfee Inc. of Santa Clara to provide the security software, available on McAffe's Facebook fan page.

"McAfee's Internet Security Software Suite will be free for six months and available for a "special discount subscription" afterwards, the companies said in a statement. The announcement did not detail how much the paid subscription would cost once the free period ends..."

More at SFGate...

Saturday, January 9, 2010

$15M Cyberscam PWN3D

"U.S. prosecutors indicted 19 people Friday – most in Dallas and Fort Worth – on charges related to a `massive cybercrime conspiracy` that they said defrauded local telecommunications companies and other merchants of $15 million worth of services and goods.

"The indictments follow raids by the FBI last year on two data hosting companies where computer servers were taken on suspicion of fraudulent activity. Friday's move expands a Sept. 2 indictment by U.S. Attorney James Jacks that targeted nine people.

"Several of those charged are believed to have fled the United States; one, Michael Faulkner of Southlake, is reported anonymously to have been killed trying to re-enter the U.S., Jacks' office said, though that has not been confirmed.

"The scheme went from 2003 to 2009 and involved the creation of shell companies through the data hosting companies run by Faulkner, according to the indictment."

More at

Friday, January 8, 2010

Crafty Packets PWN Juniper Routers

"Juniper Networks is warning customers of a critical flaw in its gateway routers that allows attackers to crash the devices by sending them small amounts of easily-spoofed traffic.

"In an advisory sent Wednesday afternoon, the networking company said a variety of devices could be forced to reboot by sending them internet packets with maliciously formed TCP options. The flaw affects versions 3 through 10 of Junos, the operating system that powers devices at ISPs, backbones, and other large networks. Software releases built on or after January 28, 2009 have already fixed the issue.

"`The Junos kernel will crash (i.e. core) when a specifically crafted TCP option is received on a listening TCP port,` the bulletin, which was issued by Juniper's technical assistance center, stated. `The packet cannot be filtered with Junos's firewall filter. A router receiving this specific TCP packet will crash and reboot.`

"There are `no totally effective workarounds,` the bulletin added."

More at The Register...

Wednesday, January 6, 2010

School District Locks Barn Door

"Over three days last month, about $3 million was drained by computer hackers from the bank account of the Duanesburg Central School District and deposited into overseas accounts. The cyber crime has prompted a joint probe into what banking and security officials say is a growing problem, underscoring the need for airtight internal controls.

"Duanesburg Superintendent Christine Crowley said during a news conference Tuesday at Duanesburg Elementary that the discovery of the unauthorized electronic transfers from the district coffers three days before Christmas left her in `total shock` and then `sheer anger.`

"...In response to the security breech, Crowley said Duanesburg school officials have closed all district bank accounts and established new ones with restricted online access."

More at