http://blog.wired.com/27bstroke6/2009/01/professed-twitt.html
Weak Password Brings 'Happiness' to Twitter Hacker
By Kim Zetter January 06, 2009 7:35:33 PM
An 18-year-old hacker with a history of celebrity pranks has admitted to Monday's hijacking of multiple high-profile Twitter accounts, including President-Elect Barack Obama's, and the official feed for Fox News.
The hacker, who goes by the handle GMZ, told Threat Level on Tuesday he gained entry to Twitter's administrative control panel by pointing an automated password-guesser at a popular user's account. The user turned out to be a member of Twitter's support staff, who'd chosen the weak password "happiness."
Cracking the site was easy, because Twitter allowed an unlimited number of rapid-fire log-in attempts.
"I feel it's another case of administrators not putting forth effort toward one of the most obvious and overused security flaws," he wrote in an IM interview. "I'm sure they find it difficult to admit it."
… He also posted a video he made of his hack to prove he had administrative access to Twitter.
Does this mean they get an automatic “pass”? Another “we didn't think” security hole.
http://www.databreaches.net/?p=267
Kr: Hacker opens gaping holes in CSAT score security
January 6th, 2009 by admin
As the investigation into the leak of college entrance exam results rolls on, prosecutors said yesterday that the computer server at the Korea Institute for Curriculum and Evaluation, which administers the exam, had been hacked over 200 times. Not only the test results but also the institute’s internal information was stolen.
According to prosecution and police sources, a manager at a public relations firm called Inuni Co. whose surname is Kim accessed the institute’s server over 200 times between August 2007 and December 2008.
[...]
In this way, Kim downloaded 16 types of internal information from the institute. Among the materials downloaded were plans to grade answer sheets from the 2009 College Scholastic Ability Test, scoring schedules and the number of students who missed the test.
“Kim could look at the Korea Institute for Curriculum and Evaluation’s internal information by accessing the e-mail of seven employees,” a prosecutor said.
Read more in JoongAng Daily
[From the article:
Kim easily broke into the server. In August 2007, he accessed an employee’s e-mail account at the institute. Kim obtained the e-mail ID from a press release, and the password was the same as the ID.
… One of his successes was with the account of someone in the institute’s administrative office. The employee used a password identical to the romanized spelling of his name.
One of the employee’s e-mails contained an attached file containing the passwords of five other employees at the institute. The employee temporarily managed the other employees’ e-mail access information because he dealt with changes in the institute’s server. Their passwords were identical to the last seven digits of their residential identification numbers.
Wasn't this technique described (endorsed) in “The Devil's Advocate?”
http://www.pogowasright.org/article.php?story=20090107054623864
Fla. Prosecutor’s Office Disqualified for Listening to Lawyer Phone Calls
Wednesday, January 07 2009 @ 05:46 AM EST Contributed by: PrivacyNews
A Florida judge has disqualified the entire Broward State Attorney's Office from trying a murder case after learning that two prosecutors had listened to recordings of the jailed defendant's phone calls to his attorney.
Defendant Luis Martinez's right to a fair trial was violated by the eavesdropping, Circuit Judge Susan Lebow held yesterday. Today she sent jurors in the case home for two months while the situation is resolved, after granting a government motion to put the trial on hold, the Miami Herald reports.
Source - ABA Journal hat-tip, :LawofCriminalDefense.com
A peak at the files...
http://yro.slashdot.org/article.pl?sid=09%2F01%2F06%2F2238228&from=rss
A Peek At DHS's Files On You
Posted by kdawson on Tuesday January 06, @06:07PM from the fifteen-year-retention dept. Government Privacy Transportation
kenblakely writes
"We've known for a while that the Department of Homeland Security was collecting travel records on those who cross US borders, but now you can see it for yourself. A Freedom of Information Act request got this blogger a look at DHS's file on his travels. Pretty comprehensive — all the way down to the IP address of the host he used to make a reservation."
[From the article:
Officials use the information to prevent terrorism, acts of organized crime, and other illegal activity. [Is any of this truly “preventive?” Bob]
… Regulations prohibit officials from sharing the records of any traveler—or the government's risk assessment of any traveler—with airlines or private companies. A record is kept for 15 years—unless it is linked to an investigation, in which case it can be kept indefinitely. Agency computers do not encrypt the data, but officials insist that other measures—both physical and electronic—safeguard our records.
Related: Too much is not enough!
http://www.pogowasright.org/article.php?story=20090107062854332
Homeland Security rules on data collection rile businesses
Wednesday, January 07 2009 @ 06:28 AM EST Contributed by: PrivacyNews
The Department of Homeland Security will collect millions of new electronic records about private planes, imported cargo, foreign visitors and federal contractors as part of an array of controversial last-minute security policies imposed by the Bush administration.
Businesses say the policies are costly, and worry that sensitive information could be released if a database is lost or stolen. Some charge the Homeland Security Department with rushing to impose policies and ignoring business concerns.
Source - USA Today
We held a meeting but nobody came. Now we blame you for our failure?
http://www.pogowasright.org/article.php?story=2009010706565314
Hacked Lawmaker Calls For Cyber Briefings
Wednesday, January 07 2009 @ 06:56 AM EST Contributed by: PrivacyNews
Rep. Frank Wolf, R-Va., told House leaders Tuesday that few members of Congress have availed themselves of secret briefings meant to educate them about outsiders trying to penetrate lawmakers' computers and steal sensitive information. Despite "repeated assurances" that the House leadership would inform members of Congress about threats to their computer systems and personal electronic devices, members are still at risk of being hacked by foreign and domestic sources, Wolf wrote in a letter [PDF] sent to House Speaker Nancy Pelosi and other leaders, which was obtained by National Journal.
Source - Congress Daily
CyberWar: If I download the botnet tool, have I become the agent of a foreign power? I bet there are implications I can't even imagine! Might make an interesting article.
http://tech.slashdot.org/article.pl?sid=09%2F01%2F06%2F1924224&from=rss
Israel, Palestine Wage Web War
Posted by kdawson on Tuesday January 06, @02:45PM from the spilling-over dept. The Internet Politics
An anonymous reader writes
"A war has erupted on the Internet between Israel and Palestine, alongside the war being fought on the ground in Gaza. A new report claims that a group called the 'DNS Team' has defaced an Israeli Website, with anti-Israel graphical images — one in a series of instances of 'e-vandalism.' This sort of e-vandalism, says the author, is not only an inconvenience for Webmasters, but many of the images contain malware links and 'redirects or Flash links to Jihadist forums or blogs.' However, while the Jihadist forums are registered in Saudi Arabia, they are hosted by companies like Layered Tech and SoftLayer in Plano, Texas. On the Israeli side, 'A fascinating approach over the last few days is being made by an Israeli Website, "Help Israel Win," which provides a download so your PC can become part of a worldwide pro-Israeli botnet. So far 7,786 have joined, already a fairly powerful global computing force...'"
[Note: The website www.help-israel-win.org is down (or blocked?) but the Google Cache is still available. Bob]
Several things occur to me: 1) I can hire a bunch of phishers, cheap. 2) If I automate a phishing scheme using free internet services, I could vastly increase the volume of phishy emails, and drive returns to zero. 3) I find the conclusions “suspect.”
http://news.slashdot.org/article.pl?sid=09%2F01%2F06%2F2213256&from=rss
Phishing Is a Minimum-Wage Job
Posted by kdawson on Tuesday January 06, @08:06PM from the triumph-of-the-commons dept. The Almighty Buck Security
rohitm918 writes
"A study by Microsoft Research concludes that phishers make very little (PDF): '...low-skill jobs pay like low-skill jobs, whether the activity is legal or not.' They also find that the Gartner numbers that everyone quotes ($3.2B/year etc) are rubbish, off by a factor of 50. 'Even though it harvests "free money," phishing generates total revenue equal to the total costs incurred by the actors. Each participant earns, on average, only as much as he would have made in the opportunities he gave up elsewhere. As the total phishing effort increases the total phishing revenue declines: the harder individual phishers try the worse their collective situation gets. As a consequence, increasing effort is a sign of failure rather than of success.'"
Costs of a data breach: How would you split the cost?
http://pressherald.mainetoday.com/story.php?id=231624&ac=PHnws
Price of data theft response: Millions
A report on how much it cost to deal with breaches at two retailers has banks looking to spread the pain.
By EDWARD D. MURPHY, Staff Writer January 7, 2009
Two major data breaches since early 2007 have cost Maine banks and credit unions more than $2.1 million, and those institutions might ask lawmakers to force retailers to share some of the costs of future breaches.
A report by the state's Bureau of Financial Institutions said the costliest breach involved Hannaford Bros., the Maine-based grocery chain that learned last February that its transactions system had been compromised. Maine banks and credit unions said they spent nearly $1.6 million to investigate the breach, tell customers, reissue cards and bear the cost of fraud.
Implications for IP?
http://politics.slashdot.org/article.pl?sid=09%2F01%2F06%2F2342251&from=rss
Obama Picks RIAA's Favorite Lawyer For Top DoJ Post
Posted by kdawson on Tuesday January 06, @10:05PM from the paging-mister-lessig dept.
The Recording Industry of America's favorite courtroom lawyer, Tom Perrelli, who has sued individual file swappers in multiple federal courts, is President-elect Barack Obama's choice for the third in line at the Justice Department. CNet's Declam McCullagh explores the background of the man who won the RIAA's lucrative business for his DC law firm: "An article on his law firm's Web site says that Perrelli represented SoundExchange before the Copyright Royalty Board — and obtained a 250 percent increase in the royalty rate for music played over the Internet by companies like AOL and Yahoo," not to mention Pandora and Radio Paradise. NewYorkCountryLawyer adds, "Certainly this does not bode well for CowboyNeal's being appointed Copyright Czar."
Gutenberg is being replaced by Gates – that's a good thing, right? (Politicians may “view with alarm” the reduced volume of mail and create a “Bureau of Stuff to Mail” to keep full employment in the Post Office.)
http://news.slashdot.org/article.pl?sid=09%2F01%2F06%2F1647259&from=rss
Dr. Dobb's Journal Going Web-Only
Posted by timothy on Tuesday January 06, @01:08PM from the times-change-and-sometimes-that's-good dept. The Media
paleshadows writes
"The first issue of Dr. Dobb's Journal (DDJ) was published in January 1976. A few days ago, Herb Sutter (the chair of the ISO C++ committee and a long-time DDJ columnist) announced through his latest blog post that, 'as of January 2009, Dr. Dobb's Journal is permanently suspending print publication and going web-only.' This follows an earlier announcement that PC Magazine is to become digital-only, too, as of February 2009. To those of us who enjoy reading such stuff away from the computer these are bad news, as there seems to be no other major technical programmers' magazines left standing."
Might be useful... I'll need to explore it a bit.
http://www.killerstartups.com/Social-Networking/scholarz-net-an-online-community-of-scholars
Scholarz.net - An Online Community Of Scholarsscholarz net
Self-defined as “a communication platform for academics”, this new initiative (out in public beta) is arranged by Ph.D students for Ph.D students and young graduates. On the site, you can learn about the life of any person who is engaged into academic activities such as teaching, writing and researching.
As it is the norm with social sites, you can invite your friends in an instant manner, and once you have created your own circle it is possible to interact with others in a straightforward way. You can upload files and archives to your own personal folder, and a sharing menu is there to make for a smooth time indeed.
A nice touch is that the site is available both in English and in Deutsch, effectively having a broader scope and outreach.
The site also deals with an interdisciplinary research project named “Scientific Work in the web 2.0”. In addition to that, a research software which goes by the name of “Scholarz.net” and which is developed by the team behind the network is being developed right now, and you can learn about it in the pertinent section.
No comments:
Post a Comment