The Art of Hacking - on display now in NYC.

26 students have been suspended for altering their transcipts after cracking the school's servers. Sounds like Wargames - but times have changed. The school 's IT staff worked for 3 months in order to catch them.

There must have been some interesting dynamics at this roundtable.

They're a study in opposites: K2, stocky and jovial, has created, among other things, a "rootkit"--a tool for locking down unauthorized control of a server after an initial hack. Dittrich, tall and mainly serious, found K2's rootkit on several systems at UW, put there by a hacker who grabbed K2's tool off the Net.

posted by mt at 10:04

MSNBC comes up with another wireless security story - this time on cash registers. Evidently, several large stores use a wireless register system for checkouts. Surprise - they're vulnerable.

Security researchers who study wireless networks have found another embarrassing information leak, this one involving well-known retail giants. Some stores use cash registers with wireless networks that beam data — including credit card numbers — to a central computer elsewhere in the store. But a hacker can sit in a store’s parking lot and “listen in” to the data.

posted by mt at 10:44

Neat video clip from MSNBC showing how easy it is to intercept wireless video. What should this be called? It's related to war driving - but a specialized type.
posted by mt at 10:27

Thanks to everyone tonight who came to Scott Granneman's "Transitioning to Linux" class for my security presentation. I hope you guys learned a little and come back frequently.
posted by mt at 22:13

I don't watch much TV, but I own a Tivo and love it. I highly recommend it for anyone with a few favorite shows and a hectic schedule. Came across this today and I'm still laughing, so I'll pass it along. This guy is the CEO of Turner Broadcasting.

In response to a question on why personal video recorders (PVR's) were bad for the industry, Kellner responded: "Because of the ad skips.... It's theft. Your contract with the network when you get the show is you're going to watch the spots. Otherwise you couldn't get the show on an ad-supported basis. Any time you skip a commercial or watch the button you're actually stealing the programming."
...
Kellner, however, is not completely unreasonable. When asked if he considers people who go to the bathroom during a commercial to be thieves, he responded: "I guess there's a certain amount of tolerance for going to the bathroom. But if you formalize it and you create a device that skips certain second increments, you've got that only for one reason, unless you go to the bathroom for 30 seconds. They've done that just to make it easy for someone to skip a commercial." Heaven forbid.

This snippet came from 2600 and contains a link to the whole conversation. So no more bathroom breaks during commercials - criminals.
posted by mt at 12:10

No Stone Unturned Part III is online at SecurityFocus. I always enjoy these little lessons wrapped in fiction.
posted by mt at 09:24

News.com has Day 2 of their online banking security stories up. Today is supposed to outline how a bank can be hacked - it sounds more exciting than it really is. The piece just contains standard information - nothing too interesting.
posted by mt at 09:04

ZDNet has a story out on online banks and security. Same old, same old - but the lead caught my eye. Evidently a brokerage house paid one million dollars to keep a cracker from crashing their machines.

Late one recent Sunday night, an executive at a midsized financial services firm received the kind of call everyone in the industry dreads: a demand for $1 million, or else the brokerage's network would crash the next day with a surreptitiously installed program.

The firm's security team spent a frenzied night searching for the pernicious code but failed to find it, and the system went down for an hour in the morning. The executive's phone rang once more: The caller threatened to crash the system again, but this time during peak trading hours. The brokerage, in this case, paid up.

posted by mt at 09:02

You'd never think a silly online scheme could net sixty million dollars. Unbelievable.
posted by mt at 08:57

What the hell!? Hitachi starts a security firm that begins with a Q? Copycats. Looks like they're good too - the website got hit by Nimda (haha).
posted by mt at 08:45

My friend Jason conjured up an even stranger google search:
http://www.google.com/search?hl=en&ie=UTF8&oe=UTF8&q=attractive+women+in+bikinis+violating+microsoft+employees
And you want to know what makes this whole thing a hell of a lot funnier? The search below -- came from a government agency. Honest.
posted by mt at 08:25

The search below wins the award for strangest referring page. I wouldn't believe it had I not checked myself. Strange how one can end up here...
http://www.google.com/search?q=single+women+in+bikinis&hl=en&start=20&sa=N
posted by mt at 19:48

Hacking - legal? In Argentina, that appears to be the case. I wonder how long this will hold up. And what are the international ramifications?

According to Reuters, warning of a "dangerous legal void" making digital crimes hard to prosecute, a judge ruled that hacking is legal by default in Argentina. This decision came in the case of cyberpirates who defaced the Supreme Court's Web page.

posted by mt at 14:38

If you read one thing today, it should be this. Security Focus columnist George Smith takes a look at some of the ridiculous damage figures which often appear in the news. I laughed for 5 minutes after reading the fiscal comparisons! Great to see someone finally address the nonsense which comes out in so many articles.

The first step in the exercise: Put together a grab bag of virus damage estimates culled from unimpeachable sources.

* Cost of the "LoveLetter" virus: "...as much as $10 billion." (ICSA.Net, October 23, 2000, "2000 Computer Virus Prevalence Survey")

* Cost of the Code Red and SirCam viruses: $3.8 billion. (Computer Economics)

* Overall cost of computer viruses in 2001: "...US $10 billion or $100 billion last year, it's hard to say." (Symantec mouthpiece, NewsFactor Network, February 21, 2002.)


Next, the humble correspondent gathers even more statistics from a somewhat different area of expenditure so that readers will have some framework in which to contrast and compare computer virus costs.

* "The price of the [Afghan] war could be $12 billion, half of what the federal government spends on medical research ... the bombing campaign against Yugoslavia in 1999 cost ... $3 billion." (Associated Press, November 12, 2001.)

* Combined military budgets of the "Axis of Evil": $11.5 billion. (Center for Defense Information)

* Fiscal year 2003 funding request for ballistic missile defense: $8.6 billion. (Center for Defense Information)

posted by mt at 11:16

Scott Granneman's second piece on privacy is up at Security Focus. This installment deals with software:

Keeping software up-to-date is vital, but it's even more important that users keep their knowledge up-to-date. New software threats are surfacing all the time, and it is vital that privacy-concerned users keep abreast of such developments.

posted by mt at 10:49

A BBC story on insider security threats was picked up by Slashdot. This statistic jumped out at me:

It showed that 48% of large companies blame their worst security incident on employees.

By contrast, the 2001 edition of the survey showed that 75% of those questioned named external hackers and criminals as the biggest threat to security.

It also notes that employers have to consider new gadgetry like handhelds, MP3 players and digital cameras to be security threats.
posted by mt at 09:36

This must have lengthened the morning commute:

In Santiago de Chile, 800 of the city's 1,800 traffic lights went haywire after thieves stole 15 PCs and 2 servers from the Unidad Operativa de Control de Tránsito (UOCT), the office that manages the traffic flow of the city.

Without the computer system, the traffic lights continued working but at their own pace, losing all synchronization between one crossroad and the others. Five million citizens were in fear of crossing the streets, whether on foot or by car.

posted by mt at 09:17