http://www.databreaches.net/?p=3066
Five Romanians arrested for hacking into U.S. pharmaceutical companies
April 14, 2009 by admin Filed under: Hack, Healthcare Sector, ID Theft, Malware, U.S.
Dan Kaplan of SC Magazine reports that five people have been arrested for illegally accessing computer systems belonging to unnamed U.S. pharmaceutical companies.
The hackers allegedly installed keylogger software to steal card data on point-of-sales systems.
Lucian Constantin reports that according to a DIICOT press release (in Romanian), the remote administration system used by the companies was the entry point for the hackers. The hacks reportedly began in November 2007. Constantin also reports:
Two of the suspects have received temporary 29-day arrest terms, while the rest have been released after 24 hours. All of them will face charges of unauthorized access to a computer system and intercepting electronic data, performing fraudulent financial operations by utilizing electronic payment methods, as well as money laundering, under Romanian law.
So…. does anyone remember seeing any U.S. pharmaceutical company report a hack/keylogger breach, because I don’t.
Evderyone wants to be Big Brother
http://yro.slashdot.org/article.pl?sid=09/04/15/0055241&from=rss
Mexican Government To Document Cell Phone Use
Posted by Soulskill on Tuesday April 14, @11:36PM from the i'm-sure-criminals-will-oblige dept. Cellphones Government
Alyssey writes
"The Mexican government wants to have a database to track every cellphone number in the country (in Spanish, Google translation) and whom it belongs to. They want to tie in the CURP (Unique Registration Population Code in Spanish, like the Social Security Number in the US) with cellphone numbers. If Mexicans don't send in their number and CURP via SMS before April 10, 2010, their cellphone number will be blocked. The new law was published back in February and is going into effect now."
Which way would you argue?
http://www.pogowasright.org/article.php?story=20090414121136619
Why a national data breach notification law makes sense (commentary)
Tuesday, April 14 2009 @ 12:11 PM EDT Contributed by: PrivacyNews
As we await the 60-day federal cybersecurity review from Melissa Hathaway, acting senior director for cyberspace for the National Security and Homeland Security Councils , there is something else that could be done. It seems to me that the federal government could take another related action to help protect the private information of U.S. citizens while reducing the cost of doing so. In my humble opinion, it is time to create a single federal data breach disclosure law.
Source - Jon Oltsik, on cnet
Perhaps we need to update more than the PCI standard?
http://blog.wired.com/27bstroke6/2009/04/pins.html
PIN Crackers Nab Holy Grail of Bank Card Security
By Kim Zetter April 14, 2009 10:55:00 PM
Hackers have crossed into new frontiers by devising sophisticated ways to steal large amounts of personal identification numbers, or PINs, protecting credit and debit cards, says an investigator. The attacks involve both unencrypted PINs and encrypted PINs that attackers have found a way to crack, according to the investigator behind a new report looking at the data breaches.
… "We're seeing entirely new attacks that a year ago were thought to be only academically possible," says Sartin.
… The revelation is an indictment of one of the backbone security measures of U.S. consumer banking: PIN codes. In years past, attackers were forced to obtain PINs piecemeal through phishing attacks, or the use of skimmers and cameras installed on ATM and gas station card readers. Barring these techniques, it was believed that once a PIN was typed on a keypad and encrypted, it would traverse bank processing networks with complete safety, until it was decrypted and authenticated by a financial institution on the other side.
But the new PIN-hacking techniques belie this theory, and threaten to destabilize the banking-system transaction process.
Information about the theft of encrypted PINs first surfaced in an indictment last year against 11 alleged hackers accused of stealing some 40 million debit and credit card details from TJ Maxx and other U.S. retail networks. The affidavit, which accused Albert "Cumbajohnny" Gonzalez of leading the carding ring, indicated that the thieves had stolen "PIN blocks associated with millions of debit cards" and obtained "technical assistance from criminal associates in decrypting encrypted PIN numbers."
But until now, no one had confirmed that thieves were actively cracking PIN encryption.
… PIN hacks hit consumers particularly hard, because they allow thieves to withdraw cash directly from the consumer's checking, savings or brokerage account, Sartin says. Unlike fraudulent credit card charges, which generally carry zero liability for the consumer, fraudulent cash withdrawals that involve a customer's PIN can be more difficult to resolve since, in the absence of evidence of a breach, the burden is placed on the customer to prove that he or she didn't make the withdrawal.
This will be interesting as hackers force users to proxy... But then ignorance of the technology is no excuse.
http://yro.slashdot.org/article.pl?sid=09/04/14/2234253&from=rss
Using Net Proxies Will Lead To Harsher Sentences
Posted by Soulskill on Tuesday April 14, @07:37PM from the no-word-on-mask-and-cape-penalties dept. Privacy
Afforess writes
"'Proxy servers are an everyday part of Internet surfing. But using one in a crime could soon lead to more time in the clink,' reports the Associated Press. The new federal rules would make the use of proxy servers count as 'sophistication' in a crime, leading to 25% longer jail sentences. Privacy advocates complain this will disincentivize privacy and anonymity online. '[The government is telling people] ... if you take normal steps to protect your privacy, we're going to view you as a more sophisticated criminal,' writes the Center for Democracy and Technology. Others fear this may lead to 'cruel and unusual punishments' as Internet and cell phone providers often use proxies without users' knowledge to reroute Internet traffic. This may also ultimately harm corporations when employees abuse VPN's, as they too are counted as a 'proxy' in the new legislation. TOR, a common Internet anonymizer, is also targeted in the new legislation. Some analysts believe this legislation is an effort to stop leaked US Government information from reaching outside sources, such as Wikileaks. The legislation (PDF, the proposed amendment is on pages 5-15) will be voted on by the United States Sentencing Commission on April 15, and is set to take effect on November 1st. The EFF has already urged the Commission to reject the amendment."
Is this gathering information or just filtering out stuff I don't need? Does the birth of an industry cause the death of another or does the death of an industry cause the birth of another? In either case, shouldn't I know this type of information?
‘Hyperlocal’ Web Sites Deliver News Without Newspapers
By CLAIRE CAIN MILLER and BRAD STONE
Published: April 12, 2009
If your local newspaper shuts down, what will take the place of its coverage? Perhaps a package of information about your neighborhood, or even your block, assembled by a computer.
A number of Web start-up companies are creating so-called hyperlocal news sites that let people zoom in on what is happening closest to them, often without involving traditional journalists.
The sites, like EveryBlock, Outside.in, Placeblogger and Patch, collect links to articles and blogs and often supplement them with data from local governments and other sources. They might let a visitor know about an arrest a block away, the sale of a home down the street and reviews of nearby restaurants.
… Still, said Peter Krasilovsky, a program director at the Kelsey Group, which studies local media, many small businesses have never advertised outside the local Yellow Pages and are an untapped online ad market whose worth his firm expects to double to $32 billion by 2013.
What about the middle-of-the-road extremists?
http://www.bespacific.com/mt/archives/021106.html
April 14, 2009
DHS Reports on Rightwing and Leftwing Extremists
Via FAS: Unclassified - Rightwing Extremism: Current Economic and Political Climate Fueling Resurgence in Radicalization and Recruitment, 7 April 2009. Prepared by the Extremism and Radicalization Branch, Homeland Environment Threat Analysis Division. Coordinated with the FBI.
Via FOXNews: Unclassified - Leftwing Extremists Likely to Increase Use of Cyber Attacks over the Coming Decade, 26 January 2009, (U) Prepared by the Strategic Analysis Group, Homeland Environment and Threat Analysis Division.
I have strong evidence that this isn't as bad as it sounds. The porn industry hasn't adopted it yet.
http://www.bespacific.com/mt/archives/021105.html
April 14, 2009
EPIC Demands Disclosure of Documents Detailing "Virtual Strip Search" Airport Scanners
"Today, EPIC filed a Freedom of Information Act request demanding disclosure of records detailing airport scanners that take naked pictures of American travelers. Security experts describe the "whole body imaging" scanners as virtual strip searches. The Transportation Security Administration plans to make the scans mandatory at all airport security checkpoints, despite prior assurances that whole body imaging would be optional. EPIC's request seeks documents concerning the agency's ability to store and transmit detailed images of naked U.S. citizens. For more information, see EPIC's Whole Body Imaging page and EPIC's FOIA Litigation Manual."
When you need coordinates for your armed drones...
http://singlefunction.com/tinygeocoder/
TinyGeocoder
TinyGeocoder is a nifty service that translates an address to latitude and longitude coordinates, better known as Geo-coding.
The history of the world according to geeks
http://www.maximumpc.com/article/features/cpu_retrospective_the_life_and_times_x86
A Brief History of CPUs: 31 Awesome Years of x86
Posted 04/14/09 at 12:00:00 PM | by Paul Lilly
No comments:
Post a Comment