The Art of Hacking - on display now in NYC.
26 students have been suspended for altering their transcipts after cracking the school's servers. Sounds like Wargames - but times have changed. The school 's IT staff worked for 3 months in order to catch them.
There must have been some interesting dynamics at this roundtable.
They're a study in opposites: K2, stocky and jovial, has created, among other things, a "rootkit"--a tool for locking down unauthorized control of a server after an initial hack. Dittrich, tall and mainly serious, found K2's rootkit on several systems at UW, put there by a hacker who grabbed K2's tool off the Net.
MSNBC comes up with another wireless security story - this time on cash registers. Evidently, several large stores use a wireless register system for checkouts. Surprise - they're vulnerable.
Security researchers who study wireless networks have found another embarrassing information leak, this one involving well-known retail giants. Some stores use cash registers with wireless networks that beam data — including credit card numbers — to a central computer elsewhere in the store. But a hacker can sit in a store’s parking lot and “listen in” to the data.
Neat video clip from MSNBC showing how easy it is to intercept wireless video. What should this be called? It's related to war driving - but a specialized type.
Thanks to everyone tonight who came to Scott Granneman's "Transitioning to Linux" class for my security presentation. I hope you guys learned a little and come back frequently.
I don't watch much TV, but I own a Tivo and love it. I highly recommend it for anyone with a few favorite shows and a hectic schedule. Came across this today and I'm still laughing, so I'll pass it along. This guy is the CEO of Turner Broadcasting.
In response to a question on why personal video recorders (PVR's) were bad for the industry, Kellner responded: "Because of the ad skips.... It's theft. Your contract with the network when you get the show is you're going to watch the spots. Otherwise you couldn't get the show on an ad-supported basis. Any time you skip a commercial or watch the button you're actually stealing the programming."
This snippet came from 2600 and contains a link to the whole conversation. So no more bathroom breaks during commercials - criminals.
No Stone Unturned Part III is online at SecurityFocus. I always enjoy these little lessons wrapped in fiction.
News.com has Day 2 of their online banking security stories up. Today is supposed to outline how a bank can be hacked - it sounds more exciting than it really is. The piece just contains standard information - nothing too interesting.
ZDNet has a story out on online banks and security. Same old, same old - but the lead caught my eye. Evidently a brokerage house paid one million dollars to keep a cracker from crashing their machines.
Late one recent Sunday night, an executive at a midsized financial services firm received the kind of call everyone in the industry dreads: a demand for $1 million, or else the brokerage's network would crash the next day with a surreptitiously installed program.
You'd never think a silly online scheme could net sixty million dollars. Unbelievable.
What the hell!? Hitachi starts a security firm that begins with a Q? Copycats. Looks like they're good too - the website got hit by Nimda (haha).
My friend Jason conjured up an even stranger google search:
And you want to know what makes this whole thing a hell of a lot funnier? The search below -- came from a government agency. Honest.
The search below wins the award for strangest referring page. I wouldn't believe it had I not checked myself. Strange how one can end up here...
Hacking - legal? In Argentina, that appears to be the case. I wonder how long this will hold up. And what are the international ramifications?
According to Reuters, warning of a "dangerous legal void" making digital crimes hard to prosecute, a judge ruled that hacking is legal by default in Argentina. This decision came in the case of cyberpirates who defaced the Supreme Court's Web page.
If you read one thing today, it should be this. Security Focus columnist George Smith takes a look at some of the ridiculous damage figures which often appear in the news. I laughed for 5 minutes after reading the fiscal comparisons! Great to see someone finally address the nonsense which comes out in so many articles.
The first step in the exercise: Put together a grab bag of virus damage estimates culled from unimpeachable sources.
Scott Granneman's second piece on privacy is up at Security Focus. This installment deals with software:
Keeping software up-to-date is vital, but it's even more important that users keep their knowledge up-to-date. New software threats are surfacing all the time, and it is vital that privacy-concerned users keep abreast of such developments.
A BBC story on insider security threats was picked up by Slashdot. This statistic jumped out at me:
It showed that 48% of large companies blame their worst security incident on employees.
It also notes that employers have to consider new gadgetry like handhelds, MP3 players and digital cameras to be security threats.
This must have lengthened the morning commute:
In Santiago de Chile, 800 of the city's 1,800 traffic lights went haywire after thieves stole 15 PCs and 2 servers from the Unidad Operativa de Control de Tránsito (UOCT), the office that manages the traffic flow of the city.