Greetings Nethappening People,
Happy Reading for Today.
<Karen>
1)
CA's website hacked by malware authorsPart of security software vendor CA's website was hacked last week and
was redirecting visitors to a malicious website hosted in China.
Although the problem now appears to have been corrected, cached versions
of some pages in the press section of CA.com show that the site had been
redirecting visitors to the uc8010.com domain, which has been serving
malicious software since late December, according to Marcus Sachs,
director of the SANS Internet Storm Center.
The hack is similar to last year's attack on the Dolphin Stadium
website, which infected visitors looking for information on the Super
Bowl football game, Sachs said. "It's exactly the same setup," he said.
"It's JavaScript that they've managed to insert into the title or the
body of the HTML."
CA itself may not even host the press release section of its site, as
that job is often outsourced to a third party, Sachs said. Often a
misconfigured application server or a web or database programming error
can give hackers all the opening they need to insert their malicious
code.
2)
"The truism of the web: people talking about you is far more effective than talking about yourself."
No, Ian Rogers of Yahoo didn't write the above aphorism, Seth Godin did. Check out the entire post under the title "
Blogs and self promotion"
Lucy Van Pelt may not be right about precipitation, but she's got the future of the record business nailed. You've got to pull, HARD! And you've got to pull for a very long time before even part of the landscape is covered. People like Ian Rogers understand this. They are inheriting the music business.
3)
'Picky' thieves take only list of clientsPICKY thieves have led one private education centre to believe that
industrial espionage might be the motive for a recent break-in.
Early this week, three of the CES group's computers - containing the
personal details and contacts of its 30,000 students - were stolen from
its Eu Tong Sen Street office.
Surprisingly, 10 other computers in the same location, some of them
newer than the stolen items, and other expensive equipment like scanners
were left untouched.
4)
FAA: Boeing's New 787 May Be Vulnerable to Hacker AttackBoeing's new 787 Dreamliner passenger jet may have a serious security
vulnerability in its onboard computer networks that could allow
passengers to access the plane's control systems, according to the U.S.
Federal Aviation Administration.
The computer network in the Dreamliner's passenger compartment, designed
to give passengers in-flight internet access, is connected to the
plane's control, navigation and communication systems, an FAA report
reveals.
The revelation is causing concern in security circles because the
physical connection of the networks makes the plane's control systems
vulnerable to hackers. A more secure design would physically separate
the two computer networks. Boeing said it's aware of the issue and has
designed a solution it will test shortly.
5)
Officials say no data was compromised by hackersA hacker from China successfully penetrated Pennsylvania's state
government Web site Friday, but did not spread a virus or compromise
citizen data.
"We know that there was no damage done," said Mia DeVane, spokeswoman
for the Governor's Office of Administration, which oversees information
technology.
Friday morning, four state government departments received indications
of a security problem. Rather than limit the response to just those
departments -- Education, Labor and Industry, Lottery and Military and
Veteran's Affairs -- the state shut down its entire Web site as a
precautionary measure.
The Web site was down from about 9:30 a.m. to about 5 p.m. on Friday,
said Ms. DeVane.
The greatest response from those unable to access the Web site came from
people looking for Department of Agriculture information about the
Pennsylvania Farm Show in Harrisburg, which opened yesterday.
6)
Mushroom Cloud Pranksters to Stand TrialA Prague artists' collective made headlines in 2007 -- and frightened a
number of people -- by slipping a digital image of a nuclear blast into
a live weather-cam broadcast. Now six artists may face jail.
Last June, anyone watching a certain Czech weather channel at the right
moment saw a panning shot of the countryside near the Krkonose, or Giant
Mountains, in Bohemia, when a yellow flash filled their screens and a
skinny mushroom cloud lifted in the distance.
It was a hoax. A Czech artists' group had inserted the explosion
digitally. A state prosecutor said on Thursday that six members of the
group will now have to stand trial for the hack. They could face up to
three years in jail.
The TV channel CT2 received frantic phone calls from viewers who thought
a nuclear war had started. But the Prague-based collective, Ztohoven,
said it had mounted the hoax to show how media images could be
manipulated.
7)
Microsoft admits Office 2003 'mistake'Microsoft has acknowledged it made a mistake over a security advisory it
released concerning Office 2003.
The advisory, posted in December, told users that dozens of file formats
had been blocked in the latest service pack for Office 2003--Service
Pack 3 (SP3)--because they were insecure.
It provided a workaround for users who wanted to unblock the formats,
but made the process complicated, requiring changes to the registry
which could have made users' PCs inoperable if they were applied
incorrectly.
On Friday, Microsoft admitted that the information it had provided was
wrong, and that it had underestimated how many users had been affected.
It now says that, instead of the file formats themselves being insecure,
it is the parsing code that Office 2003 uses to open and save the file
types that is less secure.
8)
'First' iPhone Trojan rolls into townHackers have created Trojan horse malware targeted at Apple's much-hyped
iPhone device.
The package - more of a prank than a threat - poses as an "important
system" upgrade supposedly needed prior to upgrading to version 1.1.3 of
Apple's firmware. The "iPhone firmware 1.1.3 prep" seems to lack
malicious purpose. Problems kick in when users try to uninstall the
package.
The bogus firmware reportedly affects components of other applications
during the install process including Erica's Utilities (a collection of
command-line utilities for the iPhone) and OpenSSH. If the user chooses
to uninstall the rogue package, these others applications will also be
removed leaving users of the much-hyped device with the chore of
reinstalling these applications.
"This is technically the first Trojan horse seen for the iPhone, however
it does appear to be more of a prank than an actual threat," Symantec
researcher Orla Cox. "The impact of uninstalling the 'Trojan' would
appear to be an unintended side effect".
9)
'Hacker Safe' Geeks.com HackedGeeks.com, a Web site that still displays a banner from McAfee's
ScanAlert certifying that it is "Hacker Safe," on Friday sent a letter
to customers saying that it had been hacked last month.
"Genica dba Geeks.com ('Genica') recently discovered on December 5, 2007
that customer information, including Visa credit card information, may
have been compromised," said a letter posted on The Consumerist from
Jerry L. Harken, Genica's chief of security, to an undisclosed number
Geeks.com customers. "In particular, it is possible that an unauthorized
person may be in possession of your name, address, telephone number,
e-mail address, credit card number, expiration date, and card
verification number. We are still investigating the details of this
incident, but it appears that an unauthorized individual may have
accessed this information by hacking our e-commerce Web site."
Geeks.com has reported the incident to federal authorities and Visa, and
is encouraging customers to review their credit card statements for
unauthorized charges. The company has set up two help numbers --
1-888-529-6261 or 1-212-560-5108 for non-US customers -- that will be
active starting on Tuesday for those with questions about the incident.
It is also providing contact information for the major credit agencies
to make it easier to report any identity theft fraud arising from the
incident.
10)
Data center robbery leads to new thinking on security Last October, a data center in Chicago owned by Web hosting and
collocation vendor C I Host Inc. was robbed by two masked men, who
pistol-whipped a lone IT staffer working the graveyard shift and then
held him hostage for two hours while stealing computer equipment.
It's rare for data centers and their employees to be attacked in such a
brutal way. Typically, IT facilities are designed with physical security
in mind, featuring protections such as steel doors, security guards and
electronically controlled access mechanisms.
But the armed robbery at the Chicago data center has changed how
Christopher Faulkner, CEO of Dallas-based C I Host, views security.
Faulkner said this month that he no longer thinks data centers are as
secure as IT managers believe they are, and that he sees what happened
at his company as a warning of what may lie ahead for other
organizations.
11)
'Untraceable' Cyber Criminals? Former FBI Agent Says There's No Such Thing If you're reading this article on a computer,
we know. If you've clicked to this site from an outside link, we know.
And if you leave here and go somewhere else, somewhere you're not
supposed to go, well, we don't know but someone does.
"Is a Web site completely untraceable? No. It goes through mirrors,
through proxy bounces, it goes international. To solve that it takes
time, but it's just a simple factor," former FBI special agent Ernest
Hilbert told MTV News. "The FBI has a whole division just to deal with
this. There are 65,000 doors and windows on a computer that can be
opened. You look inside of them, you own that box."
For eight years, Hilbert was one of 1,000 agents who focused on cyber
investigations and computer forensics. Now a director of security for
MySpace.com, Hilbert lent his years of expertise to director Gregory
Hoblit's new film "Untraceable," which centers on an FBI agent (Diane
Lane) who uses computer technology to track a serial killer through his
Web site.
Hoblit, who said he set out to make "Untraceable" a film that "didn't
play fast and loose with how sites are set up and how they are tracked
and traced," recently showed MTV News some scenes from the film during a
visit to an edit bay at Sony Studios. In the first scene, Lane types
furiously on three different computers to track a credit-card thief
using a backdoor Trojan horse to steal confidential numbers.
The fact that Lane uses three computers is not a stylistic choice,
insisted Hilbert, but an FBI necessity. "You can't get on the Internet
from your desktop computer. There's a reason for that. If your computer
is on the Internet, it can be hacked. So the FBI network is completely
separate," he revealed. "Then you'd have an Internet undercover computer
that runs on a blank IP that doesn't come back to the FBI. You can make
copies from there."
That modern criminals are flocking to the Internet to steal money should
come as no surprise to anyone who's ever had an e-mail address, Hilbert
said, but while he admits that a lot of cases do involve fraud or
organized crime, an increasing number also involve kidnapping,
pedophilia or terrorism.
That soon becomes Lane's problem as well. Each of the successive scenes
deals with her attempts to discover the identity behind Kill With Me, a
Web site with streaming video of an execution. The more people who visit
the site, the faster the victim dies. In the film, Lane's search is
complicated by the fact that the user continually switches IP addresses
in an effort to stop the FBI's search.
"There's been a number of sites I've gone after where people have done a
similar thing," Hilbert recalled. "These would all be things that the
FBI would eventually figure out and track back. [It would] probably take
upwards of a couple months, locking it down to each particular thing."
What's interesting to Hilbert, though, isn't that smart criminals are
using the Internet, it's that even the smartest still seem to have a
fundamental misunderstanding of how the Internet works.
"Computers are not like telephones. It's just that simple, that's what
people think. The novelty of computers is gone. More and more people are
learning it. But the old conception was just that simple," he said. "But
as much as you try to hide it, it's a machine. It's gonna come back to
whoever was really behind it. We can catch you. The pedophilia [sting]
is the only known undercover operation that the FBI is running, and they
still catch people doing it every single day."
And, like Lane in the first scene, the FBI catches you using the same
technology you're using to perpetrate the crime.
"We Google. If you're on MSN, we're on MSN. I spent two years as a
hacker online. They thought I was a money man, they brought me stolen
goods. They sold it to me via [instant messenger]," Hilbert said.
"Anything that the bad guys would use, we at the FBI would use."
Like Hilbert, Lane scans blogs, news servers and news groups to root out
crime. But is the film entirely accurate?
"It is fairly boring to watch all the steps that it really would take
[to catch a cyber criminal]," Hilbert smiled. "You really want to see
what that looks like? Join the FBI."
"Untraceable," which also stars Colin Hanks, opens January 25.