Friday, March 11, 2011

German Federal Finance Agency's Web Server Wide Open

Via The H Security:

Having been informed of serious security problems by the Chaos Computer Club (CCC), Germany's federal finance agency has taken its online service offline. According to the CCC, for several years internet users have been able to set up their own quotes for financial transactions from a web browser and to alter, amend and add to quotes provided by the agency. What is not clear is whether or not this has occurred in practice.

Bundesrepublik Deutschland – Finanzagentur GmbH, also known as the Deutsche Finanzagentur, is a financial services company which deals with placing federal borrowing with large customers and managing federal debt. The agency also offers free portfolio management of Federal securities; a service which private investors can also make use of.

The cause of the problem appears to have been a browser based file manager which was accessible to all users and allowed free access to files on the server. This made it possible to change both settings and content. Because the agency's website also includes an entry page to internet banking services, attackers could have intercepted access data entered by customers – this could have been achieved using a PHP script or by reconfiguring the Apache server, for example.

More here.

Wednesday, March 09, 2011

Xeth Feinberg: How To Be A Media Pundit

More Fiore brilliance, this time by Xeth Feinberg (filling in for Mark).

Via The San Francisco Chronicle.

- ferg

Monday, March 07, 2011

Report: French Ministry of Finance Confirms Hack

Paul Roberts writes on Threat Post:

The French Ministry of Finance has confirmed a report in a French Magazine on Monday that a widespread hack of computers on its networks occurred.

The hack, of over 150 MOF machines has been traced to computers in China and appears to have targeted documents that outline France and the G20's economic planning documents, including those addressing the issue of global trade imbalances.

The news was reported first in Paris Match Magazine (Attention: l'article est rédigé en français!) France is currently serving as the Chair of the G20 and has made tackling global trade imbalances a top priority.

Paris Match quoted French Budget Minister Francois Baroin saying that the attack was "spectacular" and involved "a number of messages," suggesting the attack may have involved phishing e-mail messages, possibly containing malicious files.

The computers affected by the attack have been cleaned and French authorities say they are investigating the incident and have leads on its origins.

More here.

Sunday, March 06, 2011

60 Minutes: The Hard Times Generation

"The government considers a family of four to be impoverished if they take in less than $22,000 a year. Based on that standard, and government projections of unemployment, it is estimated the poverty rate for kids in this country will soon hit 25 percent. Those children would be the largest American generation to be raised in hard times since the Great Depression."

It is heartbreaking what is happening in this country.

If you have not seen this, please watch here.

- ferg