Got a nice note from the admins of Vulns.com a new blog for security vulnerabilities. Very cool idea. And they have an RSS feed, which is fantastic for these types of updates. Exciting news to see RSS finally trickling down to the security community, Security Focus is adding it soon.
posted by mt at 13:28

The NYTimes on a consumer database hack. Never heard of the company, but evidently they are a major player with banks and credit card companies. Scary quote follows:

``The data on the servers was a wide variety of information, some of which was personal, some of which was not,'' Jennifer Barrett, the company's chief privacy officer, said in an interview with The Associated Press on Thursday. The AP was notified of the intrusion by an anonymous caller who would not identify himself or his connection with the company.

Barrett said the company did not know about the breach until a law enforcement agency from Ohio contacted it last week.

posted by mt at 10:03

The NYTimes has a story on a identity hacker who might have 450 victims.

After a few minutes, he realized that software does not make the sort of noise he was hearing. Curious, he walked over to the computer and watched as the mouse moved around the screen, opening up files and searching, as if they were dresser drawers that might harbor cash.

A few weeks earlier, Victim 1 had signed up for a $179-a-year service called GoToMyPC, which gives users remote access to their own computer desktops. Instantly, he wondered if that might be the tool by which this ghost was casing his hard drive.

Like a determined sleuth, Victim 1 resisted the urge to stop the rogue cursor, and instead watched it move.

"I sat there as this person opened my CV, and some documents in other files, and got my Social Security and credit card numbers," he said. They were easy to get: Victim 1 had them stored on a desktop organizing program. Armed with the data, the phantom user dialed up a bill-paying service called Neteller and opened an account in Victim 1's name.

The virtual intruder's next stop was the Web site for American Express. There, Victim 1 saw his credit card information being entered on the screen.

posted by mt at 15:15

News.com has a nice page summarizing their Defcon coverage.
posted by mt at 11:37

Neat wifi idea debuts at Defcon. While impractical now, is this something we could see in the future?

In its prototype version, the robot weighs about 40 pounds, can reach a speed equal to that of a fast walk and can roll around for three hours at a stretch before using up its power supply. It uses one 802.11b card to eavesdrop on a wireless network and a second card as a control channel to communicate with its owner.

posted by mt at 11:35

George Smith wonders how last week's DARPA debacle (the terrorist futures market) could be applied to the computer security world.

Those who might do well would be the people willing to hedge their predictions, or who went for small bets on cybertrouble at the grass roots level -- like picking the top three computer viruses for the next quarter, or the growth percentage for spam in the next six months. You couldn't go wrong on the near term prospects for Klez, Bugbear and Sobig.

posted by mt at 15:00

The Washington Times reports on a story that has it all - industrial espionage, hacking and national security. Definitely worth a look.

The Terfenol-D data were stolen within the past three years in a computer hacking incident, the FBI official said.

posted by mt at 09:56

Slate discusses the future of elections - and security.
posted by mt at 12:51