Information Security News
Matthew Keys, deputy social media editor for Reuters, has been charged with conspiring with members of Anonymous to hack into the website of the Los Angeles Times in December 2010.
Keys, 26, was charged with one count each of conspiracy to transmit information to damage a protected computer, transmitting information to damage a protected computer, and attempted transmission of information to damage a protected computer. The crimes carry sentences of up to ten years and fines of up to $250,000, though any actual sentences are likely to be a small fraction of these.
Keys was a former employee of California television station KTXL Fox 40. Fox 40 and the LA Times are both owned by media conglomerate the Tribune Company. Through his employment, he had credentials to the Tribune Company's content management system (CMS).
by Sean Gallagher
If you've got 99 security problems, odds are Microsoft's not one—or at least it's just a minority of them. In its annual review of software vulnerabilities, security software firm Secunia found that 86 percent of vulnerabilities discovered on systems scanned by its software in the 50 most popular Windows software packages in 2012 were attributable to third-party developers and not to Microsoft's Windows operating system or applications. And for most of these vulnerabilities, a patch was already available at the time they were discovered.
Of the top 50 most used Windows packages—including the Windows 7 operating system itself, 18 were found to have end-point security vulnerabilities, a 98 percent increase over five years ago. Of those 18 packages, Google's Chrome and the Mozilla Firefox browser were the biggest culprits, with 291 and 257 detected vulnerabilities respectively. Apple iTunes came in third, with 243 detected vulnerabilities. The remainder of the top ten offenders were:
Of the vulnerabilities documented in Secunia's database, 84 percent had already been patched by vendors when they were discovered on systems. "This means that it is possible to remediate the majority of vulnerabilities," said Secunia Director of Product Management Morten R. Stengaard. "There is no excuse for not patching."
The federal government's official catalog of software vulnerabilities was taken offline after administrators discovered two of its servers had been compromised. By malware. That exploited a software vulnerability.
The National Vulnerability Database is maintained by the National Institute of Standards and Technology and has been unavailable since late last week, according to an e-mail sent by NIST official Gail Porter published on Google+. At the time of this article on Thursday afternoon, the database remained down and there was no indication when service would be restored.
"On Friday March 8, a NIST firewall detected suspicious activity and took steps to block unusual traffic from reaching the Internet," Porter wrote in the March 14 message. "NIST began investigating the cause of the unusual activity and the servers were taken offline. Malware was discovered on two NIST Web servers and was then traced to a software vulnerability."
by Dan Goodin
Researchers have devised two new attacks on the Transport Layer Security and Secure Sockets Layer protocols, the widely used encryption schemes used to secure e-commerce transactions and other sensitive traffic on the Internet.
The pair of exploits—one presented at the just-convened 20th International Workshop on Fast Software Encryption and the other scheduled to be unveiled on Thursday at the Black Hat security conference in Amsterdam—don't pose an immediate threat to the millions of people who rely on the Web-encryption standards. Still, they're part of a growing constellation of attacks with names including BEAST, CRIME, and Lucky 13 that allow determined hackers to silently decrypt protected browser cookies used to log in to websites. Together, they underscore the fragility of the aging standards as they face an arsenal of increasingly sophisticated exploits.
"It illustrates how serious this is that there are so many attacks going on involving a protocol that's been around for years and that's so widely trusted and used," Matthew Green, a professor specializing in cryptography at Johns Hopkins University, told Ars. "The fact that you now have CRIME, BEAST, Lucky 13, and these new two attacks within the same week really illustrates what a problem we're facing."
Sadly, far too often we hear about hackers getting punished for their exploits—even when the hack doesn’t really damage anyone. (RIP Aaron Swartz.)
Today, however, two people are being rewarded for a fun, harmless hack. After taking over a prominent electronic billboard in Belgrade, installing Space Invaders on it, and playing it via their iPhones for 20 minutes, two Serbian students were rewarded by the billboard's owner with two iPad mini 4Gs.
“This has never happened before, but we appreciate the fact that these guys have, in a charming way, pointed us to this huge problem,” Slobodan Petrovic, the manager of the billboard ad company, DPC, told Serbian news site Kurir on Wednesday (Google Translate). “Now it is clearer than ever that we need to protect ourselves better. In more developed countries, these actions are unthinkable because of severe sanctions.”
It was straight out of your favorite spy novel. The US and Israel felt threatened by Iran's totalitarian-esque government and its budding nuclear program. If this initiative wasn't stopped, there was no telling how far the growing conflict could escalate. So militaries from the two countries reportedly turned to one of the most novel weapons of the 21st century: malware. The result was Stuxnet, a powerful computer worm designed to sabotage uranium enrichment operations.
When Stuxnet was found infecting hundreds of thousands of computers worldwide, it was only a matter of time until researchers unraveled its complex code to determine its true intent. Today, analysts are up against a similar challenge. But they're finding considerably less success taking apart the Stuxnet cousin known as Gauss. A novel scheme encrypting one of its main engines has so far defied attempts to crack it, generating intrigue and raising speculation that it may deliver a warhead that's more destructive than anything the world has seen before.
Gauss generated headlines almost immediately after its discovery was documented last year by researchers from Russia-based antivirus provider Kaspersky Lab. State-of-the-art coding techniques that surreptitiously extracted sensitive data from thousands of Middle Eastern computers were worthy of a James Bond or Mission Impossible movie. Adding to the intrigue, code signatures showed Gauss was spawned from the same developers responsible for Stuxnet, the powerful computer worm reportedly unleashed by the US and Israeli governments to disrupt Iran's nuclear program. Gauss also had links to the highly advanced Flame and Duqu espionage trojans.
Posted by InfoSec News on Mar 14http://healthitsecurity.com/2013/03/13/pa-health-system-reports-144-patient-data-identity-theft/
Posted by InfoSec News on Mar 14http://www.nextgov.com/defense/2013/03/officials-worry-about-vulnerability-global-nuclear-stockpile-cyber-attack/61855/
Posted by InfoSec News on Mar 14http://www.dailymail.co.uk/news/article-2292756/Brazilian-doctor-used-fake-fingers-silicon-sign-absent-colleagues-ghost-worker-scam.html
Posted by InfoSec News on Mar 14http://www.eweek.com/security/google-offers-help-advice-for-hacked-website-owners/
Posted by InfoSec News on Mar 14http://www.abs-cbnnews.com/nation/03/14/13/hackers-took-3-days-crack-pnoy-website