http://it.slashdot.org/article.pl?sid=09/05/21/1858233&from=rss
Investigators Replicate Nokia 1100 Banking Hack
Posted by timothy on Thursday May 21, @03:32PM from the could-be-an-ebay-scam-rumor dept. Security Cellphones The Almighty Buck
Ian Lamont writes
"Investigators have duplicated an online banking hack using a 2003-era Nokia mobile phone. Authorities had been aware for some time that European gangs were interested in buying the phone, and were finally able to confirm why: It can be used to access victims' bank accounts using "special software written by hackers." The hack apparently works by letting criminals reprogram the phones to use someone else's phone number and receive their SMS messages, including mTANs (mobile transaction authentication numbers) from European banks. However, the only phones that work are 1100 handsets (pictures) made in a certain factory. [Does this suggest an undetected error in that factory or the much scarier scenario: they planted an employee who made subtle changes to the manufacturing process? Bob] Nokia had claimed last month it had no idea why criminals were paying thousands of euros to buy the old handsets."
[From the article:
The Nokia 1100 hack is powerful since it undermines a key technology relied on by banks [Who apparently have never heard the maxim: If they build it, hackers will come. If they build it with a gapping hole, many hackers will come. Bob] to secure transactions done over the Internet.
Banks in countries such as Germany and Holland send a one-time password called an mTAN (mobile Transaction Authentication Number) to a person's phone in order to allow, for example, the transfer of money to another account
… Cybercriminals must already have a person's login and password for a banking site, but that's easy since millions of computers worldwide contain malicious software that can record keystrokes.
… Nokia has sold more than 200 million of the 1100 and its successors, although it's unknown how many devices have the particular sought-after firmware.
… For the final step, the hacker must also clone a SIM (Subscriber Identity Module) card, which Becker said is technically trivial.
… However, the company has said it does not believe there is a vulnerability in the 1100's software.
Becker said that may be semantically true, however, it's possible that the encryption keys used to encrypt the firmware have somehow slipped into the public domain. [Which may suggest another insider? Bob]
This is suspect. If you give me bad advice that I happen to like, I'll give you a good review. Tell me the truth, and I'll pan you.
Avvo
… Avvo Answers: Get free legal advice from lawyers
… Review Your Lawyer
This business model has been staring us in the face for several years. (Barnes & Noble uses this technique to print/bind/sell out of print books.) Let's hope Amazon can drive a wooden stake into the RIAA vampire...
http://slashdot.org/article.pl?sid=09/05/22/1234254&from=rss
Amazon & TuneCore To Cut Out the RIAA Middleman
Posted by kdawson on Friday May 22, @08:57AM from the but-who-needs-CDs dept. Music Media
eldavojohn writes
"So you're an aspiring band and you haven't signed with a record label. Maybe you've got a fan base interested in purchasing your stuff but you're not really into accounting? Enter Amazon's partnership with TuneCore, a CD printing and music distribution service. You want to sell a full album on Amazon of you brushing your teeth? $31. And you get about 40% back on sales, so selling nine digital copies of your CD will put you back in the black. There you have it, public availability on one of the largest online commerce sites for $31 — no RIAA involved!"
TuneCore's CEO put it this way: "As an artist, you have unlimited physical inventory, made on demand, with no [sic] upfront costs and worldwide distribution to anyone who orders it at Amazon.com."
In the ubiquitous surveillance area, I have Good News and Bad News. “We see you were in your Tuesday morning Math class, and in the Tuesday afternoon riot, and the Tuesday evening keg party...”
http://mdn.mainichi.jp/mdnnews/national/news/20090516p2a00m0na001000c.html?inb=rs
Aoyama Gakuin U. to hand out free iPhones to students
Aoyama Gakuin University is phasing out traditional methods of taking attendance at its School of Social Informatics, in favor of free GPS-enabled iPhones.
… The school also has plans to expand their use to setting simple tests and questionnaires, submitting homework and reviewing class video materials.
Completely unrelated...
http://www.popularmechanics.com/technology/how_to/4318204.html
How to Email Text Messages to Any Phone
Do you feel like your cell phone's text message bill is getting higher every month? You're not alone. By some accounts, text messages cost more per megabyte to send than do messages from outer space to Earth. But you can email and Instant Message texts to phones for free. Here's how.
By Seth Porges Published in the June 2009 issue.
At roughly 20 cents a pop, text messages are expensive. But it takes a bit of perspective to realize just how pricey they really are.
Short-message-service messages (that’s the official name for text messages, often abbreviated to SMS) have a maximum of 160 bytes of data. Unless you purchase a bulk text-message package (which can cost as much as $20 per month), the 20 cents-per-message rate adds up to $1310.72 per megabyte. This is double the cost three years ago [“We love our (gullible) customers!” Bob] and, quite literally, astronomical: A space scientist at the University of Leicester in the U.K. did the math and discovered that this is several times as much as it costs to transmit data from the Hubble space telescope back to Earth. And most of this cost is pure profit for the phone companies, who are able to deliver text messages for nearly nothing by piggybacking them on other transmissions.
Thankfully, there are ways to bring your bill down to earth. The key is to use what are known as SMS gateways. These are backdoors [the hacker's friend... Bob] that transform other (usually less expensive) types of communications, such as e-mail and instant messages, into text messages. The upshot: You can send all the texts you want without paying for the privilege.
Is this a statistic to be proud of? No doubt it will be demonized from the pulpit. Will anyone applaud?
http://games.slashdot.org/article.pl?sid=09/05/21/2221246&from=rss
More Americans Play Video Games Than Go To Movies
Posted by Soulskill on Thursday May 21, @06:35PM from the majority-achieved-now-let's-work-on-tyranny dept.
New research from the NPD Group has found that the number of Americans who play video games has surpassed the number who go to movies. In a survey of over 11,000 people, 63% had played a video game within the past six months, while only 53% had gone to a movie. They also found that the purchase of game consoles was on the rise, as were new methods of accessing the games themselves, such as playing over a social networking site or downloading a game onto a mobile phone. The report said, "the average gamer spent just over $38 per month on all types of gaming content" in the first three months of 2009, adding that "video games account for one-third of the average monthly consumer spending in the US for core entertainment content, including music, video, games."
Not particularly informative, but more a “Man we're good, and you can't stop us!” hacker rant. And they have a point. Are the Russians trying to tell us something? (Looking for similar articles from China and North Korea) Download the video (in English)
http://russiatoday.com/Sci_Tech/2009-05-21/Outlaw_Legends__Secrets_of_Russian_Hackers.html
Outlaw Legends: Secrets of Russian Hackers
21 May, 2009, 11:41
… As a leader in computer technology, America is a juicy target for hackers.
“I don't know if Americans are afraid of us, but we’re definitely not afraid of them,” the interviewed hacker told RT.
“Half of our country is made up of hackers, why would we be afraid of the Americans?
… “I was arrested, taken to three prisons in three weeks,” said Dmitry Sklyarov, programmer from Moscow.
“Then I was let out on bail and couldn’t return to Russia for six months because of the American justice system."
Dmitry Sklyarov’s arrest several years ago exploded into a frenzy of outrage among the public, both in the US and abroad.
At a computer conference in America several years ago, Dmitry showed how easy it is to break through the PDF format and was arrested by the FBI. He became a symbol of the fight for programmers’ freedom, and was soon released from an American prison.
Dmitry is now an IT professor at a prestigious Russian computer science university.
Geek Alert! Some powerful new toys, with the potential to let employees turn off their security? I've gotta read this more carefully.
http://blogs.techrepublic.com.com/10things/?p=738
10 cool tools in Windows 7
Date: May 21st, 2009 Author: Debra Littlejohn Shinder
… Deb Shinder runs through some of the most impressive enhancements, from the ISO burner to the Biometric Framework to PowerShell v2.
… Action Center
… It’s all combined in an easy-to-use Control Panel applet, where you get maintenance and security messages and can view performance information, change UAC settings, and more, as shown in Figure A.
… The Action Center also shows up as an icon in the system tray, which displays a red X if there are problems you need to address, as shown in Figure B.
… A nice touch is that Microsoft makes it easy for you to turn the various types of notifications on or off, as shown in Figure C. Thus, if you have an antivirus program installed that Windows doesn’t recognize, you don’t have to deal with constant messages urging you to install one — just turn off virus protection messages. [Can employees turn off the messages that tell them they are infected? What else can they turn off? Can the Security Manager configure Windows 7 so they can't turn off the security features? Bob]
A “Must Have” for us Trek-Geeks
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9133342
Sophos beams up free Klingon antivirus app to Star Trek fans' PCs
Downloads of Klingon Anti-Virus 'through the roof,' says U.K. security firm
By Gregg Keizer May 20, 2009 01:51 PM ET
I love lists. I would love this list if it were much longer. Is this every site?
http://www.makeuseof.com/tag/2-sites-providing-simple-explanations-for-complex-questions/
2 Sites Providing Simple Explanations For Complex Questions
May. 21st, 2009 By David Pierce
… CommonCraft is all about simple explanations. And frankly, CommonCraft does great work. The site features videos on tons of different subjects, from Twitter to borrowing money, all showing you how they work in simple, everyday terms.
… Got a question burning in your brain? Want to know what a Smoking Gun is? Either way, the Wise Geek knows the answer. WiseGeek is a site boasting over 40,000 articles covering a ridiculous range of topics, all answering the questions you may have.
Something for my rich friends. (Well, I'm gonna have some, maybe, someday...)
SaneBull Market Monitor
SaneBull Market Monitor is an online financial platform which provides live stock quotes, real-time news, investment tools and more in an easy to use interface.
… The SaneBull Market Monitor is a free live stock market monitor that lets you view market data from absolutely anywhere. Although registration is not required, registered users enjoy the benefits of customized workspaces, saved sessions, custom alerts and much more.
… SaneBull Plugins allow you to integrate live market data directly into your desktop, website, Facebook profile or iPhone.
No comments:
Post a Comment