Posted 11/18/09 at 01:46:08 AM by Nathan Grayson

Read More

Posted 10/28/09 at 01:05:31 PM by Paul Lilly

Mid-sized businesses are finding themselves in a precarious position as of late. Forced to cut back spending because of the ongoing recession, many firms are spending less on security, but at the same time, cyber attacks are on the rise, according to a McAfee report released today.

McAfee surveyed 900 mid-sized businesses around the globe with workforces ranging from 51 to 1,000 employees, and more than half of them reported an increase in security breaches over the past 12 months. The United States, along with India, ranked at the top of the charts with 63 percent of organizations noting an increase in attacks, and only China was higher at 68 percent.

But what's most frightening is how many of those same organizations think they're only a single serious security breach away from being put out of business. Of those surveyed in the U.S., 71 percent said it's a real possibility, yet IT budgets have either dropped or remained the same.

"An organization's level of worry and awareness about increasing threats has not overcome the downward pressure on budgets and resources," said Darrell Rodenbaugh, senior vice president of global midmarket for McAfee, in a statement. "But this creates a vicious cycle of breach and repair that costs far more than prevention."

While most companies note that a single attack could do them in, McAfee notes that most businesses may underestimate the risk. Over 90 percent of those surveyed felt they're protected from cybercriminals and aren't in as much danger as larger businesses.

Read More

Posted 08/23/09 at 08:06:44 PM by Justin Kerr

Making a high profile hacker arrest is respectable accomplishment, but bragging about it to his friends on the community forums is clearly a bad idea. I’m sure you didn’t need to be told this, but apparently it’s a lesson the Australian Police Department had to learn the hard way. In a recently televised take down broadcast on ABC’s Four Corners, Australian investigators raided, and sized computer equipment belonging to the administrator of an underground hacking forum located at r00t.y0u.org. Following the arrest, interrogators were able to obtain passwords, and began using the site as a honey pot to try and expose other potential suspects.

Unfortunately for Police word of the arrest leaked out quickly, and it didn’t take long for the community to discover something was up. Matters were further complicated when the police agency began taunting the forums visitors by saying “all member IP addresses have been logged, and arrests are being made”. Enraged by the comments, members of the hacker community broke into the system police were using during the investigation and supposedly gained access to intelligence contained within the federal police mainframe.

The hacker posted his own retort to the Australian police on pastebin.com mocking them for busting a couple of “script kiddies” and posted pictures of fake IDs and stolen credit card numbers lifted from police servers. The hacker continued by claiming “I couldn’t stop laughing on seeing that the federal police server was running Windows”. Apparently the MYSQL password was also left blank (opps!). Apparently this 30 minute long hack could have been faster if he “didn’t stop to laugh so much”.

Police claim the files were intentionally planted on the compromised system. Anyone buy that?

Read More

Posted 07/30/09 at 11:03:45 AM by Paul Lilly

Two high-profile security professionals -- security researcher Dan Kaminsky and former hacker Kevin Mitnick -- were targeted by hackers this week in what appears to be an attempt to call into question the duo's credibility right on the eve of the Black Hat and DefCon security conference.

"There are people who just live press release by press release," the hackers wrote in note posted on Kaminsky's website. "And on top of it all, somehow you STILL have not got rid of Kevin Mitnick. The industry cares about virtualization one year and iPhones the next, every year forgetting the lessons it should have picked up in the last."

The hackers also stole personal data and posted it online, which included private emails between Kaminsky and other security researchers, very personal chat logs, and a list of files Kaminsky downloaded that pertain to dating and other topics, Wired reports.

After discovering a flaw in the DNS protocol, Kaminsky received the Pwnie award for the "Most overhyped security vulnerability" at Black Hat 2008. Mitnick was once considered "the most wanted computer criminal in United States history" by the government but has been accused by some in the hacking community as living off a dated reputation.

Read More

Posted 07/15/09 at 07:21:58 PM by Pulkit Chandna

Mozilla has confirmed the presence of a critical vulnerability in Firefox 3.5. The vulnerability is nestled in the browser’s Just-in-time (JIT) JavaScript compiler – part of the new TraceMonkey engine – and can be used to execute malicious code. Hackers may lure gullible Firefox 3.5 users to websites containing code meant to exploit the flaw. While Mozilla burns the midnight lamp in finding a solution, you can simply disable the JIT. However, it must be noted that disabling the JIT will have an adverse effect on JavaScript performance. 

Read More

Posted 07/07/09 at 09:00:07 AM by Paul Lilly

Social networking is all fun and games until someone hijacks your social security number, sells it to the seedy underground world of cyber-crime, and ultimately destroys your credit. But does that really happen?

According to a new study, it very well could. Researchers at Carnegie Mellon University showed how social security numbers can be guessed using information found in sites like Facebook, MySpace, and other popular Web portals. And it's not just a freak occurrence, either. Using information culled from such sites, researchers were able to predict, on the first try, the first five digits of a person's social security number 44 percent of the time for 160,000 people born between 1989 and 2003.

"We live in a precarious time, where knowledge of a Social Security number, along with other information about one's name and date of birth, is sometimes sufficient to impersonate another individual," said Alessandro Acquisti, the study's lead author, in an telephone interview with Bloomberg.

Sites like Facebook leave personal information visible by default when creating a profile, and it's the birth data that is particularly telling, as the first three digits are assigned based on where a person lived at the time of obtaining a Social Security card. Using this information, Acquisiti said "the first five digits are easy to predict."

Read More

Posted 06/30/09 at 03:00:09 PM by Paul Lilly

Celebrities have been dropping like flies in recent weeks, with Michael Jackson, Farrah Fawcett, Ed McMahon, and Billy Mays all having parted ways with the living. If you follow feeds on Twitter, you may have thought a lot more passed on, making you wonder if there really is something unsanitary flowing in Hollywood's water. That's because hackers have been gaining access to celebrity accounts and sending out bogus death notices for the likes of Britney Spears, Ellen DeGeneres, Jeff Goldblum, and P. Diddy.

"Britney has passed today," the fake tweet announced on Sunday. "It is a sad day for everyone. More news to come."

After learning of the message, Spears' staff tweeted that the pop singer's account had been compromised and that "She is fine and dandy spending a quiet day at home relaxing."

To gain access to celebrity accounts, hackers took advantage of a vulnerability allowing them to try every pin combination possible until one worked. Twitter claims a "fix has been put in place to prevent ths from happening."

Read More

Posted 06/28/09 at 03:28:41 PM by Justin Kerr

Google has confirmed that the error messages people received on Thursday when searching for details of Michael Jackson’s death, was initially perceived as an attack. Searches between 2:45 and 3:15pm were returned with "We're sorry, but your query looks similar to automated requests from a computer virus or spyware application. To protect our users, we can't process your request right now."

The error messages lasted for about 25 minutes on Thursday, just long enough for Google to confirm what was actually going on. The search giant noted that the amount of traffic it saw on this topic was unprecedented, as millions around the world scrambled for accurate information, seemingly all at once. Yahoo has also confirmed that it hit an all-time record for unique visitors with over 16.4 million following the story. This blows away the previous record held by the Obama election day, with a paltry 15.1 million uniques.

The outpouring of sympathy online has been astonishing, and I’m sure Google will learn its lesson on this one.

Read More