Friday, August 13, 2010

India May Put Restrictions on Skype and Google

John Ribeiro writes on ComputerWorld:

India may ask Google, Skype and other online service providers to allow the country's law enforcement agencies to access communications on their networks, the head of an Internet association said on Friday.

On Thursday the government said it will ask service providers in the country to ensure that some BlackBerry services should be made accessible to its law enforcement agencies by Aug. 31, or face a block of these services.

Rajesh Chharia, president of the Internet Service Providers Association of India (ISPAI), said that at a meeting he attended about a month ago of the country's Department of Telecommunications, it was discussed that other online services besides BlackBerry would also be asked to provide access to India's security agencies.

The Indian government's public threat against BlackBerry is running in parallel with an as yet unannounced decision to pursue similar concerns with Google, Skype and other communications services, The Financial Times said in a report on Friday, citing a government report.

More here.

Thursday, August 12, 2010

Mark Fiore: Activist Judges



More Mark Fiore brilliance.

Via The San Francisco Chronicle.

Enjoy.

- ferg

FAA Computers Still Vulnerable to Cyber Attack

An AP newswire article by Lolita C. Baldor, via SFGate.com, reports:

Federal Aviation Administration computer systems remain vulnerable to cyber attacks despite improvements at a number of key radar facilities in the past year, according to a new government review.

The Department of Transportation's Inspector General said while the FAA has taken steps to install more sophisticated systems to detect cyber intrusions in some air traffic control facilities, most sites have not been upgraded. And there is no timetable yet to complete the project, the IG said.

FAA spokeswoman Laura Brown said the agency is working on a timetable and will notify the IG with that information soon. The FAA also said that upgrades to critical air traffic control systems have taken precedence over the intrusion detection improvements at a number of facilities.

Without the detection abilities, the FAA cannot effectively monitor air traffic control for possible cyber attacks or take action to stop them, the inspector general said in a letter obtained by The Associated Press.

The findings echo broad U.S. government worries about gaps in critical U.S. computer systems and networks that leave them vulnerable to cyber attacks by criminals, terrorists or nation states.

More here.

Wednesday, August 11, 2010

Compromised Web Servers Used to Build SSH Brute Force Botnet

Lucian Constantin writes on Softpedia News:

There are strong indications that unidentified hackers are currently building a botnet, possibly by exploiting a vulnerability in outdated phpMyAdmin installations, and are using it to launch SSH brute force attacks.

Apparently more and more Web server owners are finding instances of an unauthorized script called dd_ssh running on their systems

The script is located in the /tmp/ directory, runs under the same account as Apache and is apparently being used to brute force SSH logins.

The SANS Internet Storm Center (ISC) confirms detecting a recent spike in the number of unique IP addresses that participate in SSH scanning.

More here.

Russian 'Carding' Suspect Arrested in France

Linda McGlasson writes on BankInfoSecurity.com:

A Russian man, thought to be one of the most prolific sellers of stolen payment card data, was arrested in France last weekend and awaits an extradition hearing about being sent to the United States to face charges.

Vladislav Anatolievich Horohorin, 27, aka "BadB" of Moscow, Russia, was indicted by a federal grand jury back in November 2009 on charges of access device fraud and aggravated identity theft. French police arrested the alleged criminal in Nice, France on August 7 as he was attempting to board a plane headed for Moscow.

Law enforcement officials say Horohorin was among the creators of a network called "CarderPlanet," which remains one of the most sophisticated organizations of online financial criminals in the world. This network has been repeatedly linked to nearly every major intrusion of financial information reported to the international law enforcement community.

Horohorin's arrest is the second major example of international law enforcement cooperation in just a matter of days. Late last week, Sergei Tsurikov one of the alleged masterminds of the RBS WorldPay hack of $9.4 million, was extradited to the U.S. to face criminal charges related to the infamous ATM caper.

More here.