tag:blogger.com,1999:blog-14794105055995344472024-03-13T01:48:42.439-04:00Hinky LinksMr. Hinky Dink's News for IT Security ProfessionalsHinkyhttp://www.blogger.com/profile/06653840501271828662noreply@blogger.comBlogger310125tag:blogger.com,1999:blog-1479410505599534447.post-56876955274422525462010-07-09T10:18:00.002-04:002010-07-09T10:21:53.324-04:00Facebook Can Get You Killed<br>"<i>WHNT NEWS 19 is tracking down new details on a murder-suicide in South Huntsville including information that shows the shooter and victim were friends at one time.<br /><br />"Alan Brown is the man police say shot and killed another man before taking his own life. A friend of Brown says he leaves behind two children, a teenage son and a young daughter.<br /><br />"The murder-suicide happened at an apartment off South Memorial Parkway. Witnesses in the area say they heard the two men arguing before hearing gunfire.<br /><br />"WHNT NEWS 19 has uncovered a string of internet activity that links Brown to Lowhorne. It's on the social networking site, Facebook. We found postings from April made by Brown on Lowhorne's business page on Facebook. The comments were in a joking nature indicating the two may have been friends.<br /><br />"There is also a recent picture on Lowhorne's personal Facebook page showing him with Alan Brown's wife, Christine, atop Lookout Mountain. Other postings on the page point to Lowhorne and Christine Brown having a romantic relationship. The page also show just a matter of hours before his death, Lowhorne had just changed his status on Facebook to `in a relationship.`<br /><br />"WHNT NEWS 19 spoke with one of Brown's friends. Adrienne Griggs said Alan Brown, Christine Brown, and Ben Lowhorne were indeed friends. She also says her friend never showed he had the ability to kill anyone. The same friend believes something set Brown off.<br /><br />"`I just couldn't see him doing anything like this. He was an extremely nice person,` said Griggs."</i><br /><br />From <a href="http://www.whnt.com/news/whnt-friend-of-murder-suicide-shooter-talks,0,4725989.story">WHNT News</a>...<br /><br>Hinkyhttp://www.blogger.com/profile/06653840501271828662noreply@blogger.com0tag:blogger.com,1999:blog-1479410505599534447.post-89915208631294884732010-07-09T10:15:00.001-04:002010-07-09T10:17:39.400-04:00Microsoft: Sleeping With The Enemy... Again<br><i>"Microsoft has signed a deal to open its Windows 7 source code up to the Russian intelligence services.<br /><br />"Russian publication Vedomosti reported on Wednesday that Microsoft had also given the Russian Federal Security Service (FSB) access to Microsoft Windows Server 2008 R2, Microsoft Office 2010 and Microsoft SQL Server source code, with hopes of improving Microsoft sales to the Russian state.<br /><br />"The agreement will allow state bodies to study the source code and develop cryptography for the Microsoft products through the Science-Technical Centre 'Atlas', a government body controlled by the Ministry of Communications and Press, according to Vedomosti."</i><br /><br />More at <a href="http://www.zdnet.co.uk/news/security/2010/07/08/microsoft-opens-source-code-to-russian-secret-service-40089481/">ZDNet UK</a>...<br /><br>Hinkyhttp://www.blogger.com/profile/06653840501271828662noreply@blogger.com0tag:blogger.com,1999:blog-1479410505599534447.post-61290317484294177232010-07-05T12:25:00.001-04:002010-07-05T12:28:09.936-04:00IT Contractor Of The Month<br><i>"A former IT worker for the Bank of New York has admitted to stealing personal information of 2,000 employees and using it to steal more than $1m from charity bank accounts, city prosecutors said.<br /><br />"Adeniyi Adeyemi, 27, used his position as a contract computer technician at the bank's headquarters to steal the personal identifying information of 2,000 employees, most of whom worked in the IT department. Over an eight-year span, he used the information to set up dummy bank accounts in the employees' names and then transfer stolen funds from at least 11 charities throughout the world.<br /><br />"Adeyemi used publicly available routing numbers for the charities to initiate wire transfers through financial sites such as ETrade and Fidelity and deposit them into the dummy accounts. To better cover his tracks, he then transferred the funds to a second layer of dummy accounts, according to a press release issued by the New York City District Attorney."</i><br /><br />From <a href="http://www.theregister.co.uk/2010/07/02/bank_insider_data_theft/">The Register</a>...<br /><br>Hinkyhttp://www.blogger.com/profile/06653840501271828662noreply@blogger.com0tag:blogger.com,1999:blog-1479410505599534447.post-19205999054913395232010-06-04T10:50:00.002-04:002010-06-04T10:53:21.180-04:00$30M ERP Clusterf*ck<br><i>"California's Marin County has sued Deloitte Consulting LLP for $30 million over an allegedly botched SAP Enterprise Resource Planning (ERP) project.<br /><br />"The lawsuit, filed in Marin County Superior Court last Friday, accuses Deloitte of misrepresenting its skills and capabilities when originally pitching for the project in 2004.<br /><br />"The 38-page complaint alleges that Deloitte was lying when the company promised to assemble a team of its "best resources" for the project and when it claimed to have `deep SAP and public sector knowledge` when marketing itself to the county.<br /><br />"Deloitte's misrepresentation of facts resulted in a defectively designed and deficiently implemented project that resulted in the county having to pay millions of dollars to remedy, the lawsuit alleged.<br /><br />"Meanwhile, Deloitte is claiming that it fulfilled all of its obligations under the contract..."</i><br /><br />More at <a href="http://www.computerworld.com/s/article/print/9177655/Deloitte_hit_with_30M_lawsuit_over_ERP_project?taxonomyName=ERP&taxonomyId=121">ComputerWorld</a>...<br /><br>Hinkyhttp://www.blogger.com/profile/06653840501271828662noreply@blogger.com0tag:blogger.com,1999:blog-1479410505599534447.post-90782995439501619002010-05-31T23:24:00.003-04:002010-05-31T23:27:19.786-04:00Google To Defenestrate Windows<br><i>"Google is phasing out the internal use of Microsoft’s ubiquitous Windows operating system because of security concerns, according to several Google employees.<br /><br />"The directive to move to other operating systems began in earnest in January, after Google’s Chinese operations were hacked, and could effectively end the use of Windows at Google, which employs more than 10,000 workers internationally.<br /><br />"`We’re not doing any more Windows. It is a security effort,` said one Google employee.<br /><br />"`Many people have been moved away from [Windows] PCs, mostly towards Mac OS, following the China hacking attacks,` said another.<br /><br />"New hires are now given the option of using Apple’s Mac computers or PCs running the Linux operating system. `Linux is open source and we feel good about it,` said one employee. `Microsoft we don’t feel so good about.`"</i><br /><br />More at <a href="http://www.ft.com/cms/s/2/d2f3f04e-6ccf-11df-91c8-00144feab49a.html">FT.com</a>...<br /><br>Hinkyhttp://www.blogger.com/profile/06653840501271828662noreply@blogger.com0tag:blogger.com,1999:blog-1479410505599534447.post-36997259371793283402010-05-31T08:30:00.002-04:002010-05-31T08:34:32.441-04:00Tax Dollars To Fund Government Time-Waster<br><i>"Federal employees and managers will be able to meet, interact, train and learn together in a government-only online virtual world being created in the vGov project.<br /><br />"The Agriculture and Homeland Security departments, Air Force and National Defense University iCollege have joined to create the vGov virtual world behind a secure firewall that can only be accessed by federal employees with authenticated identities.<br /><br />"Paulette Robinson, assistant dean for teaching, learning and technology at the iCollege, said at the Gov 2.0 Expo today the project will use the three-dimensional immersive experience of virtual worlds to bring employees together from locations worldwide for real-time interactions. People will use avatars to appear in the virtual world, where they can chat with other avatars and interact with the environment."</i><br /><br />More at <a href="http://fcw.com/articles/2010/05/27/government-only-virtual-world-under-construction.aspx?s=fcwdaily_280510">Federal Computer Weekly</a>...<br /><br>Hinkyhttp://www.blogger.com/profile/06653840501271828662noreply@blogger.com0tag:blogger.com,1999:blog-1479410505599534447.post-30484042682999667682010-05-24T15:06:00.002-04:002010-05-24T15:09:52.951-04:00Tech CEOs Play Fiddle While Rome Burns<br><i>"Data security and breach prevention ranks low as a risk factor for most big technical companies, according to new research that identifies the most widespread concerns among the 100 largest U.S. public technology companies. The research, released by BDO, a professional services firm, examines the risk factors listed in the fiscal year 2009 10-K SEC filings of the companies; the factors were analyzed and ranked in order by frequency cited. <br /><br />"Among security risks, natural disasters, wars, conflicts and terrorist attacks were cited by 55 percent of respondents as a risk concern and was 16th on the list, much higher than breaches of technology security, privacy and theft, which was mentioned by 44 percent of the companies, putting it at 23rd on the list..."</i><br /><br />More at <a href="http://www.networkworld.com/news/2010/052410-data-breaches-not-among-top.html?hpg1=bn">NetworkWorld</a>...<br /><br>Hinkyhttp://www.blogger.com/profile/06653840501271828662noreply@blogger.com0tag:blogger.com,1999:blog-1479410505599534447.post-61721850231222266172010-05-05T09:36:00.002-04:002010-05-24T15:10:34.120-04:00Treasury Department Web Sites PWN3D<br><i>"The Treasury Department has taken offline four public Web sites for the Bureau of Engraving and Printing after the discovery Monday of malicious code on a parent site.<br /><br />"The bureau began using a third-party cloud service provider to host the sites last year, it said Tuesday in a statement about the incident. “The hosting company used by BEP had an intrusion and as a result of that intrusion, numerous websites (BEP and non-BEP) were affected,” the statement said. The Treasury Government Security Operations Center was alerted to the problem and notified the bureau, which responded by taking the sites offline."</i><br /><br />More at <a href="http://gcn.com/articles/2010/05/04/treasury-hack-update-050410.aspx?s=gcndaily_050510" rel="nofollow" target="_blank">Government Computer News</a>...<br /><br>Hinkyhttp://www.blogger.com/profile/06653840501271828662noreply@blogger.com0tag:blogger.com,1999:blog-1479410505599534447.post-46945217640583909662010-05-04T07:50:00.002-04:002010-05-04T07:53:43.049-04:00Proxies Not Secure? duh.<br><i>"A widely used proxy service thought to provide anonymous Web surfing and used to skirt network administrator bans on access to sites like Facebook frequently reveals sensitive information about its users, according to a Swiss security researcher.<br /><br />"Glype is a small bit of PHP code that routes requests for Web pages through other Web pages running its software, said the researcher, who runs the Swiss Security Blog and the Zeus Tracker project. He prefers to remain anonymous.<br /><br />"The Glype code allows someone to, for example, access Facebook at work even if that page is blocked, as it appears the traffic is coming from the Web page running the proxy. Many companies now block sites such as Facebook.<br /><br />"Glype's code is free, and anyone can install it on their Web page. But Glype is frequently misconfigured, the researcher said. It allow someone running a Glype proxy to turn on a log, which shows the IP (Internet protocol) address of the user, what site they requested and the time.<br /><br />"Many of those people running a Glype proxy have not turned that logging function off, and worse yet, made it Web facing, meaning that URLs can be manipulated to reveal full logs.<br /><br />"The researcher checked about 20 Glype proxies, found 1,700 logs files and more than one million unique IP addresses. `There are dozens of such 'insecure' proxies out there,` he said via instant message on Friday..."</i><br /><br />From <a href="http://news.techworld.com/security/3222227/glype-proxy-may-not-cloak-your-identity/" target="_blank">TechWorld</a>...<br /><br>Hinkyhttp://www.blogger.com/profile/06653840501271828662noreply@blogger.com0tag:blogger.com,1999:blog-1479410505599534447.post-14850923018156179882010-04-23T13:18:00.001-04:002010-04-23T13:20:54.492-04:00Blippy Now An Officially Fucked Company<br><i>"One day after being profiled by the New York Times, the social buying site, Blippy, is finding out that being in the public eye cuts in both directions.<br /><br />"The six-month-old site lets users link their credit cards and e-commerce accounts and share that information with friends and even strangers on their purchases. The venture capitalists seem to be intrigued. Blippy has raised $11.2 million in funding from August Capital and Charles River Ventures.<br /><br />"But there are limits to sharing private data - especially when it's not done voluntarily. Some sleuths have found they can use Google to come up with the credit card numbers of Blippy users."</i><br /><br />More at <a href="http://www.cbsnews.com/8301-501465_162-20003286-501465.html?" target="_blank">CBSNEWS</a>...<br /><br>Hinkyhttp://www.blogger.com/profile/06653840501271828662noreply@blogger.com0tag:blogger.com,1999:blog-1479410505599534447.post-46834027091857114952010-04-23T09:56:00.003-04:002010-04-23T10:01:10.189-04:00Scammers Riding High On McAfee's FAIL<br><i>"Scammers have quickly piggybacked onto news of a buggy McAfee antivirus update that clobbered thousands of computers, security researchers said today.<br /><br />"Early Wednesday, McAfee released a flawed signature update that wrongly tagged a crucial system file in Windows XP Service Pack 3 (SP3) as malware. After the software quarantined the `svchost.exe` file, thousands of PCs, most of them in businesses, crashed and rebooted repeatedly.<br /><br />"Firms are still dealing with the aftermath, with some companies forced to manually reconfigure hundreds or even thousands of systems.<br /><br />"The debacle made news not just in the technical press, but in more mainstream outlets, including the New York Times and USA Today.<br /><br />"And news is scammers' bread and butter. Using their now-traditional technique of poisoning results at majorsearch engines like Google and Bing, `scareware` makers have pushed links touting fake antivirus software to at or near the top of the results lists, said Graham Closely, senior technology consultant with Sophos.<br /><br />"The links appear when users type search terms such as `McAfee update` and `McAfee 5958,` the latter a reference to the faulty update's designation, <a href="http://pandalabs.pandasecurity.com/false-positive-to-distribute-false-antivirus-isn%E2%80%99t-it-ironic/" target="_blank">added Panda Security in a post to its company blog</a> today..."</i><br /><br />More at <a href="http://www.computerworld.com/s/article/print/9175925/Scammers_embrace_McAfee_fiasco_to_pitch_fake_AV?taxonomyName=Security&taxonomyId=17" target="_blank">ComputerWorld</a>...<br /><br>Hinkyhttp://www.blogger.com/profile/06653840501271828662noreply@blogger.com0tag:blogger.com,1999:blog-1479410505599534447.post-1584451615587666112010-04-21T20:48:00.006-04:002010-04-21T23:12:11.086-04:00McAfee Steps On Its Dick<br><i>"PCs across the country rebooted continuously Wednesday, in a mass outbreak reminiscent of the widespread computer viruses from a decade ago. The cause this time wasn’t a virus, however, but a glitch on the part of a company that’s supposed to stop such malicious programs.<br /><br />"Security company McAfee Wednesday morning issued a software update intended to give the computers that it’s contracted to protect a new list of malicious files to block and delete. Somehow a file that is part of Microsoft’s Windows operating system made it on to the list. And when McAfee’s software deleted this file, all hell broke loose.<br /><br />"People all over the country reported that their computers stopped working. Among the victimized organization were a hospital in Rhode Island, police in Kentucky and the National Science Foundation, according to the AP.<br /><br />"Jamal Mazhar, who runs LodgeXcode Inc., a consulting firm for hotels, says his computer and others in his office have been rebooting since morning. His tech staff downloaded a fix, but hasn’t yet been able to get the computers working again. `We’re down hard,` he says.<br /><br />"McAfee said in a statement that the company was `not aware of significant impact on consumers.` In terms of numbers, it said the incident impacted less than `one half of one percent` of its consumer base and enterprise accounts globally."</i><br /><br />More at <a href="http://blogs.wsj.com/digits/2010/04/21/mcafee-glitch-reboots-computers-again-and-again/" target="_blank">The Wall Street Journal</a>...<br /><br>EDITORIAL COMMENT: I can't help but wonder if the McAfee employess who are going to get fired for this will <a href="http://hinkylinks.blogspot.com/2009/03/mcafee-jumps-on-anti-it-worker.html">turn to cybercrime</a>. <br /><i>- Hinky</i><br /><br>Hinkyhttp://www.blogger.com/profile/06653840501271828662noreply@blogger.com0tag:blogger.com,1999:blog-1479410505599534447.post-25151677947306762312010-04-16T09:12:00.003-04:002010-04-16T09:15:39.045-04:00Zeus Botnet Exploits PDF "Feature"<br><i>"The Zeus botnet is now using an unpatched flaw in Adobe's PDF document format to infect users with malicious code, security researchers said today.<br /><br />"The attacks come less than a week after other experts predicted that hackers would soon exploit the `/Launch` design flaw in PDF documents to install malware on unsuspecting users' computers.<br /><br />"The just-spotted Zeus variant uses a malicious PDF file that embeds the attack code in the document, said Dan Hubbard, CTO of San Diego, Calif.-based security company Websense. When users open the rogue PDF, they're asked to save a PDF file called `Royal_Mail_Delivery_Notice.pdf.` That file, however, is actually a Windows executable that when it runs, hijacks the PC.<br /><br />"Zeus is the first major botnet to exploit a PDF's /Launch feature, which is, strictly speaking, not a security vulnerability but actually a by-design function of Adobe's specification. Earlier this month, Belgium researcher Didier Stevens demonstrated how a multistage attack using /Launch could successfully exploit a fully-patched copy of Adobe Reader or Acrobat..."</i><br /><br />From <a href="http://www.computerworld.com/s/article/print/9175612/Zeus_botnet_exploits_unpatched_PDF_flaw?taxonomyName=Security&taxonomyId=17" target="_blank">ComputerWorld</a>...<br /><br>Hinkyhttp://www.blogger.com/profile/06653840501271828662noreply@blogger.com0tag:blogger.com,1999:blog-1479410505599534447.post-62380339120838846112010-04-15T07:59:00.001-04:002010-04-16T07:57:06.685-04:00Oracles Relents, Offers "Quick & Dirty" Patch<br><i>"Oracle today patched a critical Java vulnerability that is being exploited by hackers to install malicious software.<br /><br />"The security update to Java SE 6 Update 20 patches a bug disclosed last Friday by Google security researcher Tavis Ormandy, who spelled out how attackers could run unauthorized Java programs on a victim's machine by using a feature designed to let developers distribute their software. Only systems running Windows are at risk.<br /><br />"Oracle's patch appears quick and dirty, Ormandy said. `They've completely removed the vulnerable feature, literally replaced with 'return 0,'` he said on Twitter...<br /><br />"Other researchers noted Oracle's turnaround today. `So it turns out that Oracle can actually patch Java in less than a week! Funny how vendors only care to do this after full-disclosure,` said noted browser researcher Alexander Sotirov, also on Twitter..."</i><br /><br />From <a href="http://www.computerworld.com/s/article/print/9175597/Oracle_issues_emergency_Java_patch_to_stop_zero_day_attacks?taxonomyName=Security&taxonomyId=17">ComputerWorld</a>...<br /><br>Hinkyhttp://www.blogger.com/profile/06653840501271828662noreply@blogger.com0tag:blogger.com,1999:blog-1479410505599534447.post-24226406925847345642010-04-15T07:56:00.001-04:002010-04-15T07:58:44.361-04:00Oracle To Users: FUCK YOU<br><i>"Just five days after a Google researcher published information of an unpatched Java bug, a compromised song lyrics site is sending users to a Russian attack server exploiting the flaw to install malware, an antivirus firm said today.<br /><br />"Last Friday, Google's Tavis Ormandy posted details of the Java vulnerability to the Full Disclosure security mailing list, spelling out how attackers could run unauthorized Java programs on a victim's machine by using a feature designed to let developers distribute their software. According to Ormandy, all versions of Java for Windows since SE 6 update 10 -- which debuted two years ago -- are vulnerable. Other operating systems running Java are unaffected, he said...<br /><br />"Although Ormandy reported the flaw to Sun -- now part of Oracle -- he said the company declined to rush out a patch. `They informed me they do not consider this vulnerability to be of high enough priority to break their quarterly patch cycle,` Ormandy wrote on the mailing list. `I explained [to them] that I did not agree, and intended to publish advice to temporarily disable the affected control until a solution is available.`<br /><br />"Oracle patched Java last week; its next regularly-scheduled update is slated for July."</i><br /><br />More at <a href="http://www.computerworld.com/s/article/print/9175499/Hackers_exploit_new_Java_zero_day_bug?taxonomyName=Security&taxonomyId=17">ComputerWorld</a>...<br /><br>Hinkyhttp://www.blogger.com/profile/06653840501271828662noreply@blogger.com0tag:blogger.com,1999:blog-1479410505599534447.post-17053412477805133322010-04-13T08:27:00.002-04:002010-04-13T08:31:42.893-04:00Another Day, Another Facebook Hack<br><i>"For all the credit Facebook has received for its privacy controls and user safety, the site still falls prey to an unsettling number of security issues and potential data breaches. Last month a botched code push accidentally revealed private user email addresses, and before that Facebook accidentally sent private messages to the wrong recipients. Today, security engineer Joey Tyson, AKA theharmonyguy, has detailed a major security hole in Facebook Platform — one that would allow a malicious website to silently access a user’s profile information, photos, and in some cases, messages and wall posts, with no action required on the user’s part..."</i><br /><br />From <a href="http://techcrunch.com/2010/04/10/researcher-uncovers-another-major-facebook-security-exploit/" target="_blank">TechCrunch</a>...<br /><br>Hinkyhttp://www.blogger.com/profile/06653840501271828662noreply@blogger.com0tag:blogger.com,1999:blog-1479410505599534447.post-77446511653789639332010-04-13T08:21:00.004-04:002010-04-13T08:32:07.681-04:00McAfee: Partnering With Scumbags To Rip You Off<br><i>"Two California women have sued security company McAfee, accusing it of duping customers into subscribing to third-party services and passing consumers' credit or debit card information to the service supplier without their permission.<br /><br />"The lawsuit, which was filed by Melissa Ferrington and Cheryl Schmidt, asked a San Francisco federal court to grant the case class-action status, and demanded that McAfee be barred from continuing the practice. The pair also asked for compensatory and punitive damages, which would be decided at trial.<br /><br />"When customers purchase McAfee security software online, but before the download beings, a pop-up with a large "Try It Now" button appears.<br /><br />"`The pop-up, mimicking the look of the other pages on the McAfee site, thanks the customer for purchasing McAfee software, and prompts McAfee's customers to click a red button to 'Try it Now,'` the lawsuit alleged.<br /><br />"`The pop-up contains no obvious visual cues or conspicuous text indicating that it is an advertisement for another product, or that clicking on 'Try it Now' will lead not to the delivery of the McAfee product but rather to the purchase of a completely different product. Instead, all the visual cues suggest that 'Try It Now' is a necessary step in downloading the McAfee software.`<br /><br />"By clicking on the pop-up, users agree to a $4.95 per month fee charged by Arpu, a company that creates Web ads "enabling an advertised product or service to be obtained with a single click," according to the Washington D.C. firm's Web site.<br /><br />"Arpu's site lists McAfee as one of its partners...<br /><br />"`A single click on the deceptive pop-up causes the purchase of an unwanted product from Arpu, a sale made without the knowledge or authorization of customers, using credit/debit card billing information that they have entrusted solely to McAfee,` said the women's lawsuit."</i><br /><br />More at <a href="http://www.computerworld.com/s/article/print/9175364/Consumers_sue_McAfee_over_pop_ups?taxonomyName=DRM+and+Legal+Issues&taxonomyId=144" target="_blank">ComputerWorld</a>...<br /><br>Hinkyhttp://www.blogger.com/profile/06653840501271828662noreply@blogger.com0tag:blogger.com,1999:blog-1479410505599534447.post-51013297570025342492010-04-09T10:54:00.002-04:002010-04-09T10:57:51.038-04:00Chinese Fire Drill Borks The Interwebs<br><i>"For the second time in two weeks, bad networking information spreading from China has disrupted the Internet.<br /><br />"On Thursday morning, bad routing data from a small Chinese ISP called IDC China Telecommunication was re-transmitted by China's state-owned China Telecommunications, and then spread around the Internet, affecting Internet service providers such as AT&T, Level3, Deutsche Telekom, Qwest Communications and Telefonica.<br /><br />"`There are a large number of ISPs who accepted these routes all over the world,` said Martin A. Brown, technical lead at Internet monitoring firm Renesys.<br /><br />"According to Brown, the incident started just before 10 a.m. Eastern Time on Thursday and lasted about 20 minutes. During that time IDC China Telecommunication transmitted bad routing information for between 32,000 and 37,000 networks, redirecting them to IDC China Telecommunication instead of their rightful owners. <br /><br />"These networks included about 8,000 U.S. networks including those operated by Dell, CNN, Starbucks and Apple. More than 8,500 Chinese networks,1,100 in Australia and 230 owned by France Telecom were also affected.<br /><br />"The bad routes may have simply caused all Internet traffic to these networks to not get through, or they could have been used to redirect traffic to malicious computers in China.<br /><br />"While the incident appears to have been an accident, it underscores the weakness of the Border Gateway Protocol (BGP), a critical, but obscure, protocol used to bind the Internet together."</i><br /><br />More at <a href="http://www.networkworld.com/news/2010/040810-a-chinese-isp-momentarily-hijacks.html" target="_blank">NetworkWorld</a>...<br /><br>Hinkyhttp://www.blogger.com/profile/06653840501271828662noreply@blogger.com0tag:blogger.com,1999:blog-1479410505599534447.post-8439840231696519612010-04-08T13:02:00.002-04:002010-04-08T13:06:09.824-04:00IT Worker Of The Month<br><i>"A Bank of America computer specialist is set to plead guilty to charges that he hacked the bank's automated tellers to dispense cash without recording the activity.<br /><br />"Rodney Reed Caverly, of Charlotte, North Carolina, is scheduled to plead guilty to a computer fraud charge next Tuesday in federal court in Charlotte, according to his lawyer Christopher Fialko, who declined to comment further on the case.<br /><br />"Caverly was charged last week with one count of computer fraud for allegedly writing a malicious program that ran on Bank of America's computers and ATMs, according to court filings. The documents say Caverly made more than the statutory minimum of US$5,000 from the scam, but they do not spell out the bank's total losses. That number could come out when his plea is entered next week.<br /><br />"He faces a maximum sentence of five years in prison."</i><br /><br />More at <a href="http://www.computerworld.com/s/article/print/9174991/BofA_insider_to_plead_guilty_to_hacking_ATMs?taxonomyName=Security&taxonomyId=17" target="_blank">ComputerWorld</a>...<br /><br>Hinkyhttp://www.blogger.com/profile/06653840501271828662noreply@blogger.com0tag:blogger.com,1999:blog-1479410505599534447.post-27092085623945196642010-04-01T11:07:00.002-04:002010-04-01T11:09:50.539-04:00Microsoft's African Investments Start To Pay Off<br><i>"Imagine a network of virus-driven computers so infectious that it could bring down the world's top 10 leading economies with just a few strokes. It would require about 100 million computers working together as one, a `botnet` -- the cybersecurity world's version of a WMD. But unlike its conventional weapons equivalent, this threat is the subject of no geopolitical row or diplomatic initiative. That's because no one sees it coming -- straight out of Africa.<br /><br />"Cybercrime is growing at a faster rate in Africa than on any other continent in the world, according to statistics presented at a conference on the matter in Cote D'Ivoire in 2008. Cybersecurity experts estimate that 80 percent of PCs on the African continent are already infected with viruses and other malicious software. And while that may not have been too worrisome for the international economy a few years ago, the arrival of broadband service to Africa means that is about to change. The new undersea broadband Internet cables being installed today will make Africa no further away from New York than, say, Boston, in the virtual world.<br /><br />"Broadband Internet access will allow Africa's virus and malware problems to go global. With more users able to access the Internet (and faster), larger amounts of data can be transferred both out and inward. More spam messages in your inbox from Africa's email fraudsters will be only the beginning..." </i><br /><br />More at <a href="http://www.foreignpolicy.com/articles/2010/03/24/africas_cyber_wmd?page=0,0" target="_blank">ForeignPolicy.com</a>...<br /><br>Hinkyhttp://www.blogger.com/profile/06653840501271828662noreply@blogger.com0tag:blogger.com,1999:blog-1479410505599534447.post-90036300997070020382010-03-28T11:00:00.002-04:002010-03-28T11:05:01.565-04:00Big Players To Spy On IPv6-Enabled Users<br><i>"Leading Web content providers -- including Google, Yahoo, Netflix and Microsoft -- are conducting early-stage conversations about creating a shared list of customers who can access their Web sites via IPv6, the long-anticipated upgrade to the Internet's main communications protocol.<br /><br />"The DNS Whitelist for IPv6 would be a list of IP addresses that have functioning IPv6 connectivity. Content providers would use this shared DNS Whitelist to serve up content to these IP addresses via IPv6 rather than through IPv4, which is the current version of the Internet Protocol. Web site visitors not listed on the DNS Whitelist for IPv6 would receive IPv4-based content...<br /><br />"Content providers say they need a DNS Whitelist for IPv6 because the Internet has so many broken IPv6 links due to problematic default behavior and incompatibilities in operating systems, home gateways and customer premises equipment. Without a whitelist to help sort out which customers can and cannot receive IPv6 content, Web developers say they will inadvertently block too many customers from accessing their content."</i><br /><br />From <a href="http://www.networkworld.com/news/2010/032610-dns-ipv6-whitelist.html?hpg1=bn" target="_blank">NetworkWorld</a>...<br /><br>Hinkyhttp://www.blogger.com/profile/06653840501271828662noreply@blogger.com0tag:blogger.com,1999:blog-1479410505599534447.post-77574324152521711772010-03-26T08:46:00.002-04:002010-03-26T08:49:21.997-04:00Tweeker Busted For High School Hack<br><i>"A 21-year-old former <a href="http://www.egreen.wednet.edu/Pages/default.aspx" target="_blank">Evergreen Public Schools</a> student has pleaded guilty to criminal charges in connection with a computerized payroll security breach in November that put more than 5,000 past and current Vancouver Public Schools employees at risk of identity theft.<br /><br />"Christopher Berge, a 2006 Mountain View High School graduate last known to live in Oregon City, Ore., was sentenced to 10 years in prison on Wednesday by Clark County Superior Court Judge Roger Bennett.<br /><br />"Berge pleaded guilty to 31 counts, including 24 counts of second-degree identity theft, first-degree computer trespass, forgery and possession of methamphetamine."</i><br /><br />More at <a href="http://www.columbian.com/news/2010/mar/25/former-student-pleads-guilty-to-hacking-school-pay/" target="_blank">The Columbian</a>...<br /><br>Hinkyhttp://www.blogger.com/profile/06653840501271828662noreply@blogger.com0tag:blogger.com,1999:blog-1479410505599534447.post-1297798024593062382010-03-26T08:17:00.002-04:002010-03-26T08:20:41.430-04:00MS, Adobe, Apple Bitch-Slapped At Pwn2Own<br><i>"The only researcher to `three-peat` at the Pwn2Own hacking contest said today that security is such a `broken record` that he won't hand over 20 vulnerabilities he's found in Apple's, Adobe's and Microsoft's software.<br /><br />"Instead Charlie Miller will show the vendors how to find the bugs themselves.<br /><br />"Miller, who yesterday exploited Safari on a MacBook Pro notebook running Snow Leopard to win $10,000 in the hacking challenge, said he's tired of the lack of progress in security. `We find a bug, they patch it,` said Miller. `We find another bug, they patch it. That doesn't improve the security of the product. True, [the software] gets incrementally better, but they actually need to make big improvements. But I can't make them do that.`"</i><br /><br />From <a href="http://www.computerworld.com/s/article/print/9174120/Pwn2Own_winner_tells_Apple_Microsoft_to_find_their_own_bugs?taxonomyName=Security&taxonomyId=17" target="_blank">ComputerWorld</a>...<br /><br>Hinkyhttp://www.blogger.com/profile/06653840501271828662noreply@blogger.com0tag:blogger.com,1999:blog-1479410505599534447.post-67811283627589677272010-03-25T11:51:00.003-04:002010-03-25T11:55:30.241-04:00Unemployed IT Worker Of The Month<br><i>"A Frenchman who broke into Barack Obama and Britney Spears' Twitter feeds insisted Thursday he is no hacker but a `kind pirate` seeking to expose security weaknesses.<br /><br />"`I did not act with a destructive aim ... I wanted to warn them, to show up the faults in the system,` said the 23-year-old, who was arrested Tuesday after an operation by French police and FBI agents.<br /><br />"The curly-haired unemployed computer technician wore a pair of slippers adorned with smiley faces as he sat in his parents' home in central France and told of how he broke into the popular micro-blogging site.<br /><br />"Francois C., who spoke to AFP on condition that his full surname not be used, is accused of breaking into Twitter and Google accounts, including ones used by US president Obama and pop star Spears..."</i><br /><br />Full article at <a href="http://www.expatica.com/fr/news/french-rss-news/im-no-hacker,-says-frenchman-who-cracked-obamas-twitter_33354.html" target="_blank">EXPATICA.com</a>...<br /><br>Hinkyhttp://www.blogger.com/profile/06653840501271828662noreply@blogger.com0tag:blogger.com,1999:blog-1479410505599534447.post-60046825043314724982010-03-22T15:03:00.002-04:002010-03-22T15:07:48.019-04:00Hinky Dink Publishes Koobface Data<br>"<i>Mr. Hinky Dink, a Big Time Security Professional™ today released an analysis of the spread of the Koobface worm. Based on an exhaustive study of his database of over two and a half million open Web proxies collected over two years, Hinky’s findings demonstrate where the most vulnerable social networking users can be found.<br /><br />"`With more losers piling into social networking sites this trend is very likely to continue,` said Hinky. `This study highlights the cities with the most gullible users on the Internet. This study will no doubt help cybercriminals, script kidz, and Cameroonian puppy scammers target their next online marketing campaigns.`"</i><br /><br />Read the complete report <a href="http://www.mrhinkydink.com/Koobface%20Shithole%20Report%2003-22-2010.pdf">here</a>.<br /><br>Hinkyhttp://www.blogger.com/profile/06653840501271828662noreply@blogger.com0