Thursday, February 18, 2010

Louisiana takes Identity Theft seriously!

http://www.databreaches.net/?p=10052

La. man gets 309 years in prison for ID theft scam

February 17, 2010 by admin

The Associated Press reports:

A Louisiana man whom prosecutors said was the ringleader of an identity theft scheme with dozens of victims has been sentenced to 309 years in prison.

U.S. Attorney David Dugas said the sentence handed down Wednesday to 43-year-old Robert Thompson, of Zachary, is the longest prison sentence for any white-collar crime in the history of his Baton Rouge-based office’s jurisdiction.

[...]

Thompson, also known as John Lawson, allegedly used the identities and financial information of 61 individuals, churches, financial institutions and businesses to steal more than $200,000 worth of cash and goods.

Read more on WXVT15.



Employees are a security hole – get rid of them whenever you can!

http://www.databreaches.net/?p=10054

Broad New Hacking Attack Detected

February 17, 2010 by admin

Siobhan Gorman reports:

Hackers in Europe and China successfully broke into computers at nearly 2,500 companies and government agencies over the last 18 months in a coordinated global attack that exposed vast amounts of personal and corporate secrets to theft, according to a computer-security company that discovered the breach.

The damage from the latest cyberattack is still being assessed, and affected companies are still being notified. But data compiled by NetWitness, the closely held firm that discovered the breaches, showed that hackers gained access to a wide array of data at 2,411 companies, from credit-card transactions to intellectual property.

Read more on WSJ.

[From the article:

The hacking operation, the latest of several major hacks that have raised alarms for companies and government officials, is still running and it isn't clear to what extent it has been contained, NetWitness said. Also unclear is the full amount of data stolen and how it was used.

… Starting in late 2008, hackers operating a command center in Germany got into corporate networks by enticing employees to click on contaminated Web sites, email attachments or ads purporting to clean up viruses, NetWitness found.

In more than 100 cases, the hackers gained access to corporate servers that store large quantities of business data, such as company files, databases and email.



Something your Security Manager can look forward to? Are your backups complete? The last couple of paragraphs in the article are gibberish, so I'll have to wait for more details. Comments suggest this could be the “push update” from Microsoft that resulted in a “blue screen of death” on so many systems...

http://news.slashdot.org/story/10/02/17/196230/-Time-Bomb-May-Have-Destroyed-800-Norfolk-City-PCs-Data?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Time Bomb May Have Destroyed 800 Norfolk City PCs' Data

Posted by timothy on Wednesday February 17, @02:20PM

krebsonsecurity writes

"The City of Norfolk, Virginia is reeling from a massive computer meltdown in which an unidentified family of malicious code destroyed data on nearly 800 computers citywide. The incident is still under investigation, but city officials say the attack may have been the result of a computer time bomb planted in advance by an insider or employee and designed to trigger at a specific date, according to krebsonsecurity.com. 'We don't believe it came in from the Internet. We don't know how it got into our system,' the city's IT director said. 'We speculate it could have been a time bomb waiting until a date or time to trigger. Whatever it was, it essentially destroyed these machines.'"

[From the article:

Cluff added that city employees are urged to store their data on file servers, which were largely untouched by the attack, but he said employees who ignored that advice and stored important documents on affected desktop computers may have lost those files.

IT specialists for the city found that the system serving as the distribution point for the malware within the city’s network was a print server that handles printing jobs for Norfolk City Hall. However, an exact copy of the malware on that server may never be recovered, as city computer technicians quickly isolated and rebuilt the offending print server. [Repair must come after identification and isolation of the malware! Bob]



Good news for the asymmetric attackers; bad news for the US.

http://tech.slashdot.org/story/10/02/17/2033247/Mock-Cyber-Attack-Shows-US-Unpreparedness?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Mock Cyber Attack Shows US Unpreparedness

Posted by timothy on Wednesday February 17, @03:44PM

An anonymous reader writes with word that the outcome of the large-scale cyberattack simulation promised a few days ago isn't too rosy. From the Help Net Security article:

"During the simulated cyber attack that took place yesterday in Washington and was recorded by CNN, one thing became clear: the US are still not ready to deflect or mitigate such an attack to an extent that would not affect considerably the everyday life of its citizens. The ballroom of the Washington's Mandarin Oriental Hotel was for this event transformed into the White House Situation Room, complete with three video screens displaying maps of the country, simulated updates and broadcasts by 'GNN,' an imaginary television network 'covering' the crisis."



Take heart! Even Security “experts” can grasp the obvious.

http://it.slashdot.org/story/10/02/17/141228/Rogue-PDFs-Behind-80-of-Exploits-In-Q4-09?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Rogue PDFs Behind 80% of Exploits In Q4 '09

Posted by CmdrTaco on Wednesday February 17, @09:30AM

CWmike writes

"Just hours before Adobe is slated to deliver the latest patches for its popular PDF viewer, ScanSafe announced that by its counting, malicious Adobe Reader documents made up 80% of all exploits at the end of 2009. In the first quarter of 2009, malicious PDF files made up 56% of all exploits tracked by ScanSafe. That figure climbed above 60% in the second quarter, over 70% in the third and finished at 80% in the fourth quarter. Mary Landesman, a ScanSafe senior security researcher, said, 'Attackers are choosing PDFs for a reason. It's not random. They're establishing a preference for Reader exploits.' Exactly why hackers choose Adobe as their prime target is tougher to divine, however. 'Perhaps they are more successful,' she said. 'Or maybe it's because criminal attackers are human, too. We respond when we see a lot of people going after a particular product... We all want to go after that product, too. In the attacker arena, they might be thinking, 'Gee, all these reports of Adobe Reader zero-days, maybe I should get in on them too.'"



We can, therefore we must!” Can't wait to hear about the results of e-discovery. Photographs of children doing homework in their bedrooms have a high probability of looking like Child Porn. Did no one consider that?

http://www.pogowasright.org/?p=7852

PA: Big Brother Is Here: Families Say Schools Snoop in Their Homes With District-Issued Laptops & Webcams

February 18, 2010 by Dissent

Jeff Schreiber reports:

A federal class action claims a suburban school district has been spying on students and families through the “indiscriminant use of and ability to remotely activate the webcams incorporated into each laptop issued to students,” without the knowledge or consent of students or parents. The named plaintiffs say they learned that Big Brother was in their home when an assistant principal told their son that the school district knew he “was engaged in improper behavior in his home, and cited as evidence a photograph from the webcam embedded in minor plaintiff’s personal laptop issued by the school district.”

Read more about the lawsuit on Courthouse News. Newsolio also covers the story.

A copy of the complaint can be found here.



Now here's the dilemma: If the intent was to gather for fun in the snow (isn't a snowball fight fun?) what would the city 'flag' as a potential crime?

http://news.cnet.com/8301-13577_3-10455254-36.html?part=rss&subj=news&tag=2547-1_3-0-20

Philly authorities target Facebook, Twitter after snowball fight turns ugly

by Caroline McCarthy February 17, 2010 1:29 PM PST

Two members of Philadelphia's city council are considering legal action against Facebook, Twitter, and MySpace in the wake of a "flash mob" earlier this week that turned violent, according to a letter sent to the city's mayor and obtained by CNET. They claim that social-media sites don't do enough to keep tabs on violence that could be organized through their communication channels.



Perhaps now is the time to start leaking the horrors of a “global copyright agreement?”

http://yro.slashdot.org/story/10/02/17/1521239/ACTA-Document-Leaks-With-Details-On-Mexico-Talks?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

ACTA Document Leaks With Details On Mexico Talks

Posted by CmdrTaco on Wednesday February 17, @10:50AM

An anonymous reader writes

"A brief report from the European Commission authored by Pedro Velasco Martins (an EU negotiator) on the most recent round of ACTA negotiations in Guadalajara, Mexico has leaked, providing new information on the substance of the talks, how countries are addressing the transparency concerns, and plans for future negotiations. The document notes that governments are planning a counter-offensive to rebut claims of iPod-searching border guards and mandatory three-strikes policies."



A couple of thoughts occur: This technique will require more bandwidth (almost all new communications techniques do) and any hesitation in the connection will result in dropping game players – great way to ensure loyalty.

http://games.slashdot.org/story/10/02/18/0719256/Ubisofts-Constant-Net-Connection-DRM-Confirmed?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Ubisoft's Constant Net Connection DRM Confirmed

Posted by Soulskill on Thursday February 18, @02:26AM

A few weeks ago we discussed news of Ubisoft's DRM plans for future games, which reportedly went so far as to require a constant net connection, terminating your game if you get disconnected for any reason. Well, it's here; upon playing review copies of the PC version of Assassin's Creed 2 and Settlers VII, PCGamer found the DRM just as annoying as you might expect. Quoting:

"If you get disconnected while playing, you're booted out of the game. All your progress since the last checkpoint or savegame is lost, and your only options are to quit to Windows or wait until you're reconnected. The game first starts the Ubisoft Game Launcher, which checks for updates. [More “push” updates. Bob] If you try to launch the game when you're not online, you hit an error message right away. So I tried a different test: start the game while online, play a little, then unplug my net cable. This is the same as what happens if your net connection drops momentarily, your router is rebooted, or the game loses its connection to Ubisoft's 'Master servers.' The game stopped, and I was dumped back to a menu screen — all my progress since it last autosaved was lost."



Ah! The latest “We gotta do something!”

http://www.pogowasright.org/?p=7846

TSA to swab airline passengers’ hands in search for explosives

February 18, 2010 by Dissent

Jeanne Meserve and Mike M. Ahlers report:

To the list of instructions you hear at airport checkpoints, add this: “Put your palms forward, please.”

The Transportation Security Administration soon will begin randomly swabbing passengers’ hands at checkpoints and airport gates to test them for traces of explosives.

Previously, screeners swabbed some carry-on luggage and other objects as they searched for the needle in the security haystack — components of terrorist bombs in an endless stream of luggage.

Read more on CNN.



'cause I have readers who are interested in this kind of stuff!

http://e-discoveryteam.com/2010/02/16/announcing-my-new-book-on-e-discovery-and-how-to-buy-it-at-a-discount/

Announcing My New Book on e-Discovery and How to Buy it at a Discount



This could be fun. Now I could have a “We don't need no stinking badges” ringtone (if I had a cellphone...)

http://www.killerstartups.com/Video-Music-Photo/tube2tone-com-create-ringtones-from-youtube-videos

Tube2Tone.com - Create Ringtones From YouTube Videos

http://www.tube2tone.com/howto

A simple app if I ever saw one, Tube2Tone is also quite useful and (most of all) very, very easy to get to grips with. You see, through this site you will be capable of taking any video hosted on YouTube and have it processed so that it becomes a ringtone.

No comments: