A former Subway sandwich shop franchisee pled guilty to taking part in a scheme to hack point-of-sale terminals for at least 13 stores and obtaining gift cards worth $40,000.

Shahin Abdollahi, who also ran a business that sold and maintained point-of-sale terminals, sold the computerized checkout registers to the Subway shops that were illegally accessed, according to federal prosecutors in Massachusetts. He set up the terminals with software from LogMeIn, which allows people to remotely log in to PCs over the Internet. Abdollahi and other conspirators then used the software to repeatedly access the Subway terminals without authorization, usually early in the morning, when the restaurants were closed. Once logged in, they loaded gift cards with credit totaling $40,000. Co-conspirator Jeffrey Wilkinson, 37, of Rialto, California, would then advertise the cards for sale on eBay and Craigslist and hand deliver them to buyers.

On Wednesday, Abdollahi 46, of Lake Elsinore, California, pled guilty in federal court in Massachusetts to one count of conspiracy to commit computer intrusion and wire fraud and one count of wire fraud. He is scheduled to be sentenced on for August 6. Wilkinson, 37, of Rialto, California, pled guilty in February and is scheduled to be sentenced on May 28. It's not the first time Subway point-of-sale terminals have been illegally accessed by crooks for purposes of skimming the till. In 2012, two men pled guilty to participating in an international conspiracy that hacked into credit-card payment terminals at more than 150 Subway franchises and racked up more than $10 million in losses.

Read on Ars Technica | Comments

Red Hat said it provides commercial support for its Linux distribution regardless of which version of OpenStack its customers are using, rejecting a report to the contrary from earlier Wednesday.
Cisco posted lower sales and profit in the third quarter but beat its own forecast, signaling that the company is continuing to work against economic and industry challenges following two earlier weak performances.
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Russia, a critical partner in the operation of the International Space Station, is threatening to stop its work on the station by 2020.
Google Chrome CVE-2014-1740 Use After Free Remote Code Execution Vulnerability
You could look at SAP's recent flurry of eye-opening news -- high-profile executive departures, reorganizations and most recently, a layoff announcement -- as a negative thing, given they come just weeks before the company's big Sapphire conference in Orlando.
Adobe Flash Player and AIR CVE-2014-0519 Unspecified Remote Security Bypass Vulnerability
Adobe Flash Player and AIR CVE-2014-0518 Unspecified Remote Security Bypass Vulnerability
Adobe Flash Player and AIR CVE-2014-0516 Same Origin Security Bypass Vulnerability
Adobe Flash Player and Adobe AIR CVE-2014-0510 Unspecified Heap Based Buffer Overflow Vulnerability
A federal appeals court this week ruled that a woman's Fourth Amendment rights may have been violated when San Francisco police arrested her after an automated license plate reader mistakenly identified her car as stolen.
With Europe's top court ordering Google to allow people to basically edit their online personal histories, some wonder what this will mean for finding the truth online.
Living a genuinely private life in today's increasingly social and interconnected world requires an equal measure of patience, research and ingenuity. Of course, digital marketers say you worry too much.
Intel will ship the second-generation Galileo open-source computer soon, as the company tries to reach a larger crowd of enthusiasts and do-it-yourselfers.
Microsoft will webcast its Surface event next Tuesday, boosting the chance that the company will reveal significant news and/or multiple products.
A small band of net neutrality advocates who have pitched their tents beside the U.S. Federal Communications Commission hope that their on-the-ground activism can counterbalance well-funded lobbying efforts by large broadband providers.
NSA techs perform an unauthorized field upgrade to Cisco hardware in these 2010 photos from an NSA document.

A document included in the trove of National Security Agency files released with Glenn Greenwald’s book No Place to Hide details how the agency’s Tailored Access Operations (TAO) unit and other NSA employees intercept servers, routers, and other network gear being shipped to organizations targeted for surveillance and install covert implant firmware onto them before they’re delivered. These Trojan horse systems were described by an NSA manager as being “some of the most productive operations in TAO because they pre-position access points into hard target networks around the world.”

The document, a June 2010 internal newsletter article by the chief of the NSA’s Access and Target Development department (S3261) includes photos (above) of NSA employees opening the shipping box for a Cisco router and installing beacon firmware with a “load station” designed specifically for the task.

The NSA manager described the process:

Read 1 remaining paragraphs | Comments

Class of 2014 college graduates looking for their first IT jobs take note: Your passion for technology and experience may prove more helpful in your employment search than your diplomas.
Platfora is continuing to evolve its Hadoop-focused analytics platform with a series of features catering to various user roles, such as data scientists and business analysts.
Amazon Web Services' monitoring tool CloudTrail is now available from the company's EU region in Ireland, allowing all data to remain in Europe.
The developers of Blink, a messaging app that could be programmed to destroy messages, are moving to Yahoo to work on communications products.
Class of 2014 college graduates looking for their first IT jobs take note: your passion for and experience with technology may prove more helpful in your employment search than your diplomas.
The National Institute of Standards and Technology (NIST) announced today that its primary advisory committee, the Visiting Committee on Advanced Technology (VCAT), has begun its review of the institutes cryptographic standards and ...
A lunch date with Apple CEO Tim Cook went for $330,000 yesterday in an online charity auction -- a little more than half what someone paid last year for a 30-minute coffee break with him.
Microsoft released optional security updates Tuesday for various versions of the .NET Framework that prevent the RC4 encryption algorithm from being used in TLS (Transport Layer Security) connections.
BlackBerry is working on an unannounced smartphone that has a 4.5-inch screen with a 1440 by 1440 pixel resolution, as evidenced by the latest version of the company's software development kit (SDK).
AT&T's apparent interest in DirecTV is only the latest move by the wireless carrier to expand into just about every wired and wireless market it can.

Terrorists loyal to al Qaeda and its offshoots are using new encryption software, most likely in response to revelations that the National Security Agency is able to bypass standard cryptographic protections as part of an expansive surveillance program, according to a recently released report from intelligence firm Recorded Future.

The three new major encryption tools were adopted within a three- to five-month period following leaks from former NSA contractor Edward Snowden, according to the report. The apps replace or bolster the original Mujahideen Secrets crypto program that al Qaeda members have mainly used for e-mail since 2007. One of the new releases, known as Tashfeer al-Jawwal, is a mobile program developed by the Global Islamic Media Front and released in September. A second, Asrar al-Ghurabaa, was released by the Islamic State of Iraq and Al-Sham in November, around the same time the group broke away from the main al Qaeda group following a power struggle. The third program is known as Amn al-Mujahid and was released in December by that Al-Fajr Technical Committee.

The influx of new programs for al Qaeda members came amid revelations that the NSA was able to decode vast amounts of encrypted data traveling over the Internet. Among other things, according to documents Snowden provided, government-sponsored spies exploited backdoors or crippling weaknesses that had been surreptitiously and intentionally built in to widely used standards.

Read 2 remaining paragraphs | Comments

AlienVault OSSIM and Unified Security Management Multiple Security Vulnerabilities
Samsung offered its "sincerest apology" for the sickness and deaths of some of its workers, vowing to compensate those affected and their families.

We all know that the ssh honeypot "kippo" is a great tool. But it is awful easy for an attacker to figure out that they are connected to a kippo honeypot. The latest trick I see people use is to run the "file" command, which is not impleneted in kippo. For example:

# file /sbin/init
bash: file: command not found

While on a real system, I would get

# file /sbin/init
/sbin/init: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.24, BuildID[sha1]=0x7aa29ded613e503fb09fb75d94026f3256f01e7a, stripped

This is a bit a tricky one to "fix" in that it requires more then just a static response as the attacker may try different files to test. So it would require something like a full database of possible files to try. Or (risky...) an implementation that would use actual output from the system kippo is running on.

Maybe I will have a patch for kippo latre today to implement either solution.

Johannes B. Ullrich, Ph.D.
SANS Technology Institute

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
The UN wants to talk about killer robots as 'conventional weapons.' Someone needs to learn the IT facts of life: If something can go wrong, it will.
LinuxSecurity.com: Security Report Summary
LinuxSecurity.com: Updated java-1.7.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having Critical [More...]
Oracle Java SE CVE-2014-0448 Remote Security Vulnerability
Is your office paperless? Didn't think so. Consider one of these six printers, then, for the workgroups in your enterprise.
Adobe Systems released critical security updates for several products Tuesday in order to fix vulnerabilities that could allow attackers to take remote control of systems running the vulnerable software.
The Internet community has arisen with one voice to lambaste the FCC chairman's proposal to make the Internet less neutral for some.
BlackBerry is allowing rivals AirWatch, Citrix, SAP and IBM to directly manage its smartphones with the Blackberry 10 operating system as part of its strategy to open up management of its devices to third parties.
Hackers are already exploiting an Internet Explorer vulnerability left unpatched in Windows XP on Tuesday, Microsoft and security experts said.
Sony's move to abandon PCs has contributed to a massive net loss of AY=128.4 billion ($1.25 billion for the year to March 31, and it has forecast a loss of AY=50 billion for the coming 12 months.
Apple's online productivity suite is exceptionally polished and easy to use, but lacking in word processing and spreadsheet features

Posted by InfoSec News on May 14


By Thomas Brewster
Tech Week Europe
May 13, 2014

A vulnerability in Microsoft Word has been used to target a range of
Taiwanese government bodies and an educational institute, a security
company has warned.

Whilst a patch was released by Microsoft in its April Patch Tuesday
release, attackers continue to use the flaw in the knowledge...

Posted by InfoSec News on May 14


By William Bastone and Andrew Goldberg
The Smoking Gun
May 13, 2014

In an effort to identify leaders of Anonymous, the FBI arrested an
autistic New York man and then used him as a cooperating witness to help
snare a notorious fellow hacker who was subsequently indicted for his
central role in a series of high-profile online attacks, The Smoking Gun
has learned.

In return for...

Posted by InfoSec News on May 14


By Roger A. Grimes

Here's a surprise for you: We actually have a fairly good understanding of
who is attacking us on the Internet and why. Various entities know not
only which groups are doing the attacking, but also the names of the
people in those groups. They know where they live, who their family
members are,...

Posted by InfoSec News on May 14


By Lona Olavia
The Jakarta Globe
May 13, 2014

Jakarta -- The chief of the National Police and the head of the Indonesian
financial watchdog said cybercrime in Indonesia remained a significant
challenge as Internet use in the country continued to grow.

“Do not be overconfident,” Gen.Sutarman said at a panel discussion in
Jakarta on Tuesday. “Indonesian...

Posted by InfoSec News on May 14


By Eric Novinson
May 13, 2014

Shares of Target (NYSE: TGT ) fell by about 3% on Monday May 5, 2014 after
the big-box retailer announced that Greg Steinhafel would no longer head
up the company as its CEO. This move marked the second high-profile
departure related to the data breach at the retailer, as CIO Beth Jacob
left the company back in...
Multiple Yokogawa Products Simulator Management Process Stack Buffer Overflow Vulnerability
Internet Storm Center Infocon Status