Wednesday, January 28, 2009

Programming Note: ISOI 6

University of Texas at Dallas

Blog posting will be on hiatus for a few days, given that I'm off to Dallas early this morning for the 6th ISOI Workshop.

Given that this weekend also contains Superbowl Sunday, blogging may not actually get back to normal until Monday (but we'll see).

Cheers,

- ferg

Tuesday, January 27, 2009

Banks, Credit Unions Scramble in Wake of Heartland Breach

Jaikumar Vijayan writes on ComputerWorld:

In the first real indication of the scope of the recently disclosed breach at Heartland Payment Systems, banks and credit unions from Washington to Maine have begun to reissue thousands of credit and debit cards over the past few days.

Several have also begun disclosing fraud associated with payments cards that were reported to them by Visa and MasterCard as having been exposed in the breach.

A Pennsylvania law firm today filed the first class action lawsuit related to the breach. The lawsuit was filed by Chimicles & Tikellis LLP of Haverford, PA on behalf of Alicia Cooper, a resident of Woodbury, MN, and others who might have been affected by the breach.

More here.

Monday, January 26, 2009

Firms Face Giant Phone Bills After Voicemail Hacked

A Canadian Press article, via The Globe and Mail, reports that:

Businesses are crying foul after receiving sky-high phone bills that charged them upwards of $200,000 because hackers broke into their voice mail system and hijacked it to make long-distance calls.

While a spokeswoman for Bell Canada says the bills have been reduced by the phone company, the businesses insist they shouldn't be forced to pay for any of the illicit calls.

Martin & Hillyer, a law firm based in Burlington, Ont., says it has been hacked and is battling to erase a bill that includes charges worth more than $207,000 in calls to Sierra Leone in western Africa.

The law firm isn't alone, but Bell Canada spokeswoman Julie Smithers calls the situation "really rare" and a "very old scam" that affects primarily business customers, although she said some residential consumers have been caught.

More here.

Security Fix: When Cyber Criminals Eat Their Own

Brian Krebs writes on Security Fix:

Some of the most prolific and recognizable malware disbursed by Russian and East European cyber crime groups purposefully avoids infecting computers if the program detects the potential victim is a native resident. But evidence from the Conficker worm -- which by some estimates is infecting more than one million new PCs each day -- shows that trend may be shifting.

According to an analysis by Microsoft engineers, the original version of the Downadup (a.k.a. "Conficker") worm will quit the installation process if the malware detects the host system is configured with a Ukrainian keyboard layout. However, the latest variant has no such restriction. Stats collected by Finnish computer security firm F-Secure show that Russia and Ukraine had the second and fifth-largest number of victims from the worm, 139,934 and 63,939, respectively, as of Tuesday, Jan. 20.

In the past, attackers such as the infamous rogue anti-spyware families -- such as Antivirus 2009 -- have programed the worms and viruses to simply fail to install if the installer program detects the system is running a Russian or Ukrainian version of Windows.

More here.

NSA Whistleblower on Credit Card Data Mining, Illegal Spying

Kim Zetter writes on Threat Level:

Former National Security Agency analyst Russell Tice shed new light on the Bush administration's warrantless domestic spying last week when he told MSNBC that the NSA blended credit card transaction records with wiretap data to keep tabs on thousands of Americans.

But Tice didn't say where the credit card information, and other financial data, came from. Did the agency scoop it in as part of its surveillance of U.S. communications backbones, or did financial companies give up your records in bulk to the NSA?

The distinction is significant. Telecommunication companies, such as AT&T and Verizon, are embroiled in lawsuits over their alleged cooperation with the government's warrantless surveillance. If credit card companies and banks also provided information without a warrant, it's conceivable they could face a courtroom challenge as well.

More here.

Hackers Exploit Obama Site to Spread Malware

Gregg Keizer writes on ComputerWorld:

A social networking site operated by the 2008 Barack Obama campaign is serving up malware to unwary visitors a full week after the tactic was reported, a security researcher said today.

My.BarackObama.com, still active after the innauguration last week of President Obama, is being used by hackers trying to dupe users into downloading a Trojan horse, said Dan Hubbard vice president of security research at Websense Inc.

The criminals have set up bogus accounts on My.BarackObama.com, which provides tools to join groups of Obama supporters, raise funds and create a personal blog hosted on the site, and they used the accounts to post blogs. When a user reaches one of the fake blogs, a YouTube-like video window is displayed; clicking on that video frame takes the user to a malicious Web site packed with pornography.

If the user clicks to view the porn, a message pops up claiming a video codec must be downloaded and installed. The executable file is no codec, but rather a Trojan horse that hijacks the PC.

More here.

NZ Man Finds Sensitive U.S. Military Files on MP3 Player

An AFP newswire article, via ABC News Australia, reports that:

A New Zealand man has found confidential US military files on an MP3 player he bought in an Oklahoma thrift shop, it has been reported.

Chris Ogle, 29, paid $15 for the player and when he plugged it into his computer he found 60 pages of military data, Television One News said.

The files contained the names and personal details of US soldiers, including some who served in Afghanistan and Iraq, as well as information about equipment deployed to bases and a mission briefing.

"The more I look at it, the more I see and the less I think I should be [seeing]," Mr Ogle said.

Although most of the files are dated 2005, TV One said it rang some of the phone numbers and they were answered by the corresponding personnel.

Mr Ogle said the MP3 had never worked as a music player and he would hand it over to the US Defence Department if asked.

More here.

Migration to IPv6 Could Cause Network Problems, Threaten Cyber Security

Erin Kelly writes on SearchSecurity:

The move to Internet Protocol version 6 (IPv6) could have a profound affect on the Internet, breaking it up into islands of connectivity and threatening cybersecurity in the process, according to Jeff Young, a senior analyst at the Burton Group.

As the IPv4 free address pool continues to dwindle, enterprises can expect to see IPv6-only hosts on the Internet within a three-year timeframe, Young said. In the report, "IPv4 Address Exhaustion: An Inconvenient Truth," Young addresses the incompatibility of IPv4 and IPv6 and some of the problems that need to be addressed during the changeover.

"The biggest problem I see right now with security is that there are not a lot of well-informed networking people or security people with regard to IPv6," Young said in an interview with SearchSecurity.com.

In 1998, the Internet Engineering Task Force (IETF) designated IPv6 as the successor to version 4. But adoption has been slow with currently less than 1% of all Internet traffic on IPv6, according to statistics released by Google. For some time, IPv6 was considered a security threat due to the many net tunnels used to connect to IPv6. Some operating systems automatically create these tunnels, allowing them to go undetected by security systems, Young said.

More here.

Chinese New Year: Welcome The Ox



Today welcomes the Year of The Ox in the Chinese Zodiac.

Cheers.

- ferg

Sunday, January 25, 2009

Australia: Cyber Criminals Hack Into Government Jobs Website

Ashar Moses writes in The Sydney Morning Herald:

The NSW Government website used to advertise public service jobs has been hacked into and the perpetrators have spammed the Government's database of job seekers with phony vacancies in an effort to steal personal data and possibly to spread viruses.

The Department of Commerce, which administers the jobs.nsw.gov.au site, refused to say whether any personal details had been stolen from Government servers but the site was offline all of last week for "system maintenance".

It is still not back online today and the department will not explain how the incident occurred nor when it expects the site to be back up and running.

Catherine Parrott, from Maitland, applied for a Government job earlier this month and soon after received an email from jobs.nsw.gov.au offering her the "perfect job" with large commissions.

The email asked recipients to click on a link or reply for more information but Parrott thought the email was suspicious and deleted it straight away.

More here.