Smaller companies often assume they have nothing of interest to hackers. Often times that is the case, but they are still after resources, as in this case. Unfortunately, the hackers in this case are tied to Al Qaeda. They placed the recent hostage video on a California companies server. Imagine all of the lovely publicity this brought in.

The origin of the video was traced to Silicon Valley Land Surveying Incorporated, a California land surveying and mapping company, said Spiegel online, the internet service for the respected German weekly.

The magazine said that according to its research the move was the first time al-Qaeda had "hijacked" a website to broadcast its propaganda.

The network usually spreads its message through Islamist sites but this time, Spiegel maintains, hackers created a special file at the company's web address at least an hour before global news agencies broke word of the video.

posted by mt at 07:59

Excellent article at News.com on the state of network security. Complacency and a few basic defense mechanisms cannot handle the changing demands of security.

Modern hacks aren't quite so obvious. Remember the old "Three Stooges" skits when the boys would knock out some guards, dress up in their uniforms and then skip freely past a watchman? That's kind of how it works.

Hackers look for a place with a lot of traffic; a university or an Internet service provider network with many unaffiliated users is perfect. The hacker compromises every system in this high-traffic network by attacking well-known vulnerabilities. This brings in the booty: PCs with virtual private network (VPN) connections to corporate networks. Don't look now, but Larry, Curly and Moe have taken out your security staff and are about to come through the door!

With a VPN connection at hand, the hacker simply enters the network, compromises one internal system after another--and then steals your customer information, credit card numbers or source code. Worst of all, you have no idea that anything is wrong until the barrage of phone calls comes in from irate customers, banks and business partners. Better pour some coffee and call your attorneys; it's going to be a long night.

posted by mt at 09:06

News that Microsoft will be selling antivirus software made my blood boil this morning. On how many levels is this wrong? Their code is insecure, and they get to make more money? They can discount the price and run companies like McAffee and Symantec out of business? Seriously - when will it end? I was just contemplating replacing a laptop running XP with Mandrake and a Codeweaver plugin, makes the decision even easier.

Mike Nash, chief of Microsoft's security business unit, told reporters that Microsoft is developing software to protect personal computers running Windows against malicious software, the worms and viruses that have plagued users with data loss, shutdowns and disruptions in Web traffic in recent years.

"We're still planning to offer our own AV (anti-virus) product," Nash said.

Asked if that would hurt sales of competing products, such as Network Associates' McAfee and Symantec's Norton family of products, Nash said that Microsoft said that it would sell its anti-virus program as a separate product from Windows, rather than including it in Windows.

posted by mt at 08:28

Now there is some irony for ya:

The author of a free Trojan horse program favored by amateur computer intruders found himself with some explaining to do to the underground last month, after his users discovered he'd slipped a secret backdoor password into his popular malware, potentially allowing him to re-hack compromised hosts.

posted by js at 13:22