Topic: SECURITY - on July 16, 2007 at 10:27:00 AM CEST
Attacking Sandboxes
Many anti-malware applications use a sandbox as a tool to help identify potentially malicious software. Now knowledge is spreading about techniques and methods that can allow sandboxed software to target the sandbox itself (and by extension the application that applied it). While attacks that specifically target sandboxing applications are probably a little way off, this technology can be considered the logical extension of techniques and procedures to identify the presence of hosted systems (VMWare, Virtual PC, etc.)
... Link (0 comments) ... Comment
Topic: SECURITY - on July 7, 2007 at 2:04:00 PM CEST
Trojan creates bogus webmail accounts to punt drugs
Miscreants have created a strain of malware capable of setting up bogus Hotmail and Yahoo! accounts in order to send spam.
The HotLan-A Trojan uses automatically-generated webmail accounts, suggesting that spammers have found a way to bypass the Captcha system (which typically means accounts can't be created until a user correctly identifies letters depicted in an image).
The Captcha system was set up by online service providers in order to try to ensure that only requests generated by a human, and not automated by a program, are serviced.
These challenge-response systems are often used to stop the automatic creation of webmail accounts by spammers, so their apparent defeat by the HotLan-A Trojan is of particular note.
... Link (0 comments) ... Comment
Topic: SECURITY - on July 6, 2007 at 1:49:00 PM CEST
Heathrow to trial RFID tags
In September, Heathrow Airport will become the largest in Europe to trial RFID-based tags for tracking passenger luggage, comparing accuracy and read rates against their existing barcode-based systems.
Radio Frequency Identification tags are a throw-away technology which can be embedded in the labels attached to luggage on check-in, and then read from a distance of a metre or so (depending on the technology) as the luggage makes its way around the world - sometimes even to the same destination as the passenger.
... Link (0 comments) ... Comment
Topic: SECURITY - on June 28, 2007 at 11:18:00 AM CEST
Worms 2.0! The Metasploit menace inside your firewall
In his research he focused on using a web browser as a beachhead to launch Metasploit-style attacks. What this means is that any Javascript enabled web browser might be used to launch an attack against a service, for example a VoIP server, and gain complete control of the box.
Generally exploits are executed inside a development framework such as Metasploit, or run directly from the code. But this time, the code would run inside the browser, using Javascript. And all of this takes palce without exploiting any bugs in the browser itself.
Your browser is now an active menace against the security of your internal network. However, the problem can't be easily fixed, because it is not based on a bug: it simply uses "Web 2.0" technologies against you.
... Link (0 comments) ... Comment
Topic: SECURITY - on June 22, 2007 at 11:38:00 AM CEST
Hacker Posts Possible Harry Potter Spoiler, Illustrating Corporate Vulnerabilities
An anonymous hacker claims to have used computer magic to peer through the extreme secrecy surrounding the ending of the Harry Potter saga and posted online unverified details from the soon-to-be released final book in best-selling series.
The hacker, posting under the handle Gabriel, claims to have gotten a copy of the seventh and final installment of the blockbuster Harry Potter series that chronicles the adventures of a child magician by hacking into Bloomsbury, the series' London-based publisher.
... Link (0 comments) ... Comment
Topic: SECURITY - on June 22, 2007 at 11:37:00 AM CEST
Cyber attack on Pentagon e-mail
A hacker has managed to penetrate one of the Pentagon's e-mail systems, leading officials to take up to 1,500 accounts offline.
The e-mail system did not contain classified information relating to military operations, a spokesman said.
... Link (0 comments) ... Comment
Topic: SECURITY - on June 22, 2007 at 11:35:00 AM CEST
Detailed Report of CIA's Wiretapping of Americans and Dirty Tricks To Be Unclassified
In its first 25 years, the Central Intelligence Agency violated its charter by plotting assassinations, funding behavioral and drug studies that included "unwitting participants," opening U.S. mail, creating dossiers on nearly 10,000 American dissidents, wiretapping journalists to root out their sources, and interrogating a Soviet defector against his will for two years, according to a summary of a decades-old CIA report on the agency's activities released Thursday by the National Security Archive, an open government group.
... Link (0 comments) ... Comment
Topic: SECURITY - on March 9, 2007 at 3:58:00 PM CET
Lightning vs Car
What would it be like, if you were struck by lightning while in your car? Richard Hammond finds out by sitting in a VW Golf struck by 800,000 volts from a huge power generator.
... Link (0 comments) ... Comment
Topic: SECURITY - on March 8, 2007 at 11:07:00 AM CET
How to clone a biometric passport while it's still in the bag
They are the "safest ever", according to the Government. But the Daily Mail has revealed how easily a person’s identity can be stolen from new biometric passports.
... Link (0 comments) ... Comment
Topic: SECURITY - on March 8, 2007 at 11:04:00 AM CET
Italy tops global wiretap league
Britain may have more CCTV cameras per head than anywhere else in the world but when it comes to electronic surveillance the country is way behind Italy, the Netherlands and even Sweden.
... Link (0 comments) ... Comment
Topic: SECURITY - on March 4, 2007 at 3:20:00 PM CET
Invasion of the naked body scanners
Last week, TSA began using backscatters at airports to screen passengers for weapons. The first machine is up and running in Phoenix. The next ones will be in New York and Los Angeles. The machines have been modified with a "privacy algorithm" to clean up what they show. But even the tempered images tell you more than you need to know about the endowments of the people seated next to you.
... Link (0 comments) ... Comment
Topic: SECURITY - on February 13, 2007 at 12:18:00 PM CET
How hackers make money
It's a murky world of chat rooms, malware factories, and sophisticated phishing schemes. Here's a look inside.
... Link (0 comments) ... Comment
