...and the beat-down goes on. La-de-da-de-da...
Sony Could Face Developer Exodus On PSN
"As the PlayStation Network outage continues, developers are feeling the economic pinch. There's been no word from Sony on whether they'll compensate companies who produce games for PSN, but Capcom has already said it's losing potentially 'millions' from the downtime. Worse yet, developers who rely on PSN revenues may jump ship if they aren't compensated, warns Dylan Cuthbert, creator of popular PSN game PixelJunk. 'I have a feeling they [Sony] are thinking about doing something or they will lose developers, which of course is pretty bad for them,' he said."
While a major shift away from the PS3 is unlikely — downtime or not, developers don't want to lock themselves out of such a big piece of the market — it does have undeniable negative effects on some companies. For example, Bethesda's FPS Brink, which focuses heavily on multiplayer, launched without that capability for PS3 users. You can bet Microsoft will use this outage as a selling point for exclusivity or Xbox-first arrangements.
No numbers yet, but “coast to coast” suggests it was not a lone teenager...
http://www.databreaches.net/?p=18201
Michaels Stores breach bigger than first reported
May 10, 2011 by admin
Brian Krebs reports that a breach involving Michaels Stores is not just a Chicago-area breach but is affecting stores nationwide:
Earlier this month, arts & crafts chain Michaels Stores disclosed that crooks had tampered with some point-of-sale devices at store registers in the Chicago area in a scheme to steal credit and debit card numbers and associated PINs. But new information on the investigation shows that many Michaels stores across the country have discovered compromised payment terminals.
Investigators close to the case, but who asked to remain anonymous because they did not have permission to speak publicly, said that at least 70 compromised POS terminals have been discovered so far in Michaels stores from Washington D.C. to the West Coast.
Read more on KrebsonSecurity.com
[From the article:
In an alert (PDF) sent to customers, Irving, Texas based Michaels Stores said it learned of the fraud after being contacted by banking and law enforcement authorities regarding fraudulent debit card transactions traced back to specific stores. The Beacon-News, a Chicago Sun-Times publication, last week cited local police reports from several victims, describing the typical fraud as multiple unauthorized withdrawals of up to $500 made from ATMs at banks on the West Coast. It remains unclear when affected stores were compromised.
It also is not clear yet how the fraudsters compromised the POS devices, or whether the devices were tampered with in-place, or were replaced with pre-compromised look-alikes. But investigators say the fraudsters have used the stolen data to create counterfeit cards that are used in tandem with stolen PINs to withdraw funds from ATMs.
For my Ethical Hackers. This is NOT the way to use your superpowers...
http://www.databreaches.net/?p=18198
Catch a clue from an EDU: Universities that get security right
May 10, 2011 by admin
Mary K. Pratt reports:
Professor Corey Schou was working in his school’s library when he realized his computer was picking up a particularly strong Wi-Fi signal.
Normally that would be welcome news. But Schou knew that spot was usually a dead zone, which meant something was probably amiss. So Schou, a professor of informatics at Idaho State University, set out with some of the school’s IT workers to solve the mystery.
Turns out a young man in a nearby coffee shop was causing trouble. “He was running an access point and broadcasting without credentials on the same address as the university’s access point, and people were logging in,” Schou says.
Read more on Computerworld.
For my Ethical Hackers, ditto. It should be fun to analyze though... Also note that even hackers can be hacked...
Zeus Crimeware Kit Source Code Leaked
"The source code to the infamous Zeus crimeware kit, which has been sold on underground forums for years, has been leaked and is now available for anyone to see if they know where to look. Security researchers over the weekend noticed that files appearing to contain the source code for the Zeus crimeware kit were starting to pop up on various forums frequented by attackers and cyber-criminals. The Zeus exploit kit is perhaps the most well-known kit of its kind right now, and has been used by a variety of attackers for numerous malware campaigns and targeted attacks."
A question for my Computer Security students: If they can easily tell where you are why do they need to install a “special chip?” What do you suppose the chip really does?
Cellphones Get Government Chips For Disaster Alert
"The chairman of the Federal Communications Commission, Julius Genachowski, said the Commercial Mobile Alert System that Congress approved in 2006 will direct messages to cellphones in case of a terrorist attack, natural disaster, or other serious emergency. There will be at least three levels of messages, ranging from a critical national alert from the president to warnings about impending or occurring national disasters to alerts about missing or abducted children. The alert would show up on the phone's front screen, instead of the traditional text message inbox, and arrive with a distinct ring and probably a vibration. People will be able to opt out of receiving all but the presidential alerts."
(Related) If this can be implemented with “a software download” why do they need a chip?
Bloomberg, FEMA, FCC Detail NYC Emergency Notification System
Mayor Michael R. Bloomberg unveiled the nation’s first comprehensive, geographically targeted emergency notification system for cellphones on Tuesday, declaring the launch to be a “quantum leap forward in using technology to help keep people safe.”
… “The City’s opt-in Notify NYC system is a great example of that: It alerts people to dangers and delays via e-mail, text and phone, and it has become a national model of emergency communication.”
“But given the kinds of threats made against New York City at the World Trade Center, Times Square and other places popular with visitors and tourists, we’ll be even safer when authorities can broadcast warnings to everyone in a geographic area regardless of where they came from or bought their phone,” Bloomberg said.
PLAN runs on existing wireless networks but only a handful of the newest mobile phones are currently compatible, Bloomberg said, and they require a software download. The assembled wireless-company executives, including AT&T CEO Randall L. Stephenson and Verizon CEO Ivan Seidenberg, pledged their support for the system and said new devices will be equipped with a PLAN chip.
… About 90 percent [In New York, that's a “handful” Bob] of New Yorkers who have a PLAN-capable mobile device will be able to receive alerts from the system
… the PLAN system will have the ability to override existing network traffic in times of emergency to ensure that critical alerts reach citizens. [What a target! Bob]
The “Recapitulation Theory” (Ontogeny Recapitulates Phylogeny) applies to Security as well. Every new technology is conceived with none of the “Best Practices” of earlier generations and must develop their own from scratch.
WebGL Poses New Security Problems
"Researchers are warning that the WebGL standard undermines existing operating system security protections and offers up new attack surfaces. To enable rendering of demanding 3D animations, WebGL allows web sites to execute shader code directly on a system's graphics card. This can allow an attacker to exploit security vulnerabilities in the graphics card driver and even inject malicious code onto the system."
Not exactly on point, but will this even be noticed by the US Copyright Group which is going after 23,000 downloaders (see yesterday's blog)
http://www.databreaches.net/?p=18192
UK’s ICO fines ACS:Law for data breach (updated)
May 10, 2011 by admin
John Oates reports:
ACS:Law has been fined by the Information Commissioner’s Office for failing to follow data protection law.
The one-man law firm, which has since ceased trading, won infamy for using IP numbers to accuse people of illegal file-sharing. Victims received a letter offering to settle the claims rather than go to court. But ACS:Law never took anyone to court, and some judges doubted whether it ever had the legal basis to do so.
The ICO said it would have fined ACS:Law £200,000 for failing to keep information secure, but since it’s gone titsup it will instead fine Andrew Crossley as an individual.
Crossley has been served with notice to pay a fine of £1,000 because he has limited means.
Read more in The Register. Links to previous coverage of the ACS:Law breach can be found on DataBreaches.net.
In a press release issued today, the Information Commissioner, Christopher Graham, said:
“This case proves that a company’s failure to keep information secure can have disastrous consequences. Sensitive personal details relating to thousands of people were made available for download to a worldwide audience and will have caused them embarrassment and considerable distress. The security measures ACS Law had in place were barely fit for purpose in a person’s home environment, let alone a business handling such sensitive details.”
[...]
In September 2010, ACS Law’s website was subjected to an online attack which caused it to crash. After the attack a file containing emails between ACS Law staff, and some to and from ISPs or members of the public, appeared on a website which allowed anyone who downloaded the file access to around 6,000 people’s sensitive personal information. This included individuals’ ISP account details, their names and addresses, their IP addresses and information about the content they were alleged to have illegally copied. Some of the emails also included people’s credit card details, as well as references to their sex life, health and financial status.
The monetary penalty served on Andrew Jonathan Crossley is available on the ICO website here: http://www.ico.gov.uk/what_we_cover/promoting_data_privacy/~/media/documents/library/Data_Protection/Notices/acs_law_monetary_penalty_notice.ashx
Update: The ICO is being criticized by Privacy International for only fining Crossley £1,000 as an individual instead of fining the firm £200,000. Read more in The Guardian.
(Related) I don't suppose “Academic Purposes” is an adequate defense?
Find Out if You’re a Target in the Biggest U.S. BitTorrent Lawsuit Ever
More than 23,000 people will soon be notified by their internet service providers that their subscriber information is being turned over to lawyers suing over the 2010 Sylvester Stallone flick The Expendables.
As we first reported Monday, the case is the largest BitTorrent file-sharing lawsuit in U.S. history.
We just updated our IP Detective tool with the 23,322 IP addresses targeted between Feb. 5 and April 22 in the mass lawsuit filed by the Washington-based U.S. Copyright Group on behalf of Nu Image.
All told, more than 140,000 BitTorrent downloaders are being targeted in dozens of lawsuits across the country, many of them for downloading B-grade movies and porn. Film companies pay snoops to troll BitTorrent sites, dip into active torrents and capture the IP addresses of the peers who are downloading and uploading pieces of the files.
The Electronic Frontier Foundation has a great resource on what to do if you’re a target.
Grasping the obvious?
http://www.bespacific.com/mt/archives/027236.html
May 10, 2011
Law Enforcement Use of Global Positioning (GPS) Devices to Monitor Motor Vehicles: Fourth Amendment Considerations
CRS - Law Enforcement Use of Global Positioning (GPS) Devices to Monitor Motor Vehicles: Fourth Amendment Considerations, February 28, 2011
"As technology continues to advance, what was once thought novel, even a luxury, quickly becomes commonplace, even a necessity. Global Positioning System (GPS) technology is one such example. Generally, GPS is a satellite-based technology that discloses the location of a given object. This technology is used in automobiles and cell phones to provide individual drivers with directional assistance. Just as individuals are finding increasing applications for GPS technology, state and federal governments are as well. State and federal law enforcement use various forms of GPS technology to obtain evidence in criminal investigations. For example, federal prosecutors have used information from cellular phone service providers that allows real-time tracking of the locations of customers’ cellular phones. Title III of the Omnibus Crime Control and Safe Streets Act of 1958 (P.L. 90-351) regulates the interception of wire, oral, and electronic communications. As such, it does not regulate the use of GPS technology affixed to vehicles and is beyond the scope of this report. The increased reliance on GPS technology raises important societal and legal considerations. Some contend that law enforcement’s use of such technology to track motor vehicles’ movements provides for a safer society. Conversely, others have voiced concerns that GPS technology could be used to reveal information inherently private. Defendants on both the state and federal levels are raising Fourth Amendment constitutional challenges, asking the courts to require law enforcement to first obtain a warrant before using GPS technology."
[From the report:
In California, the Los Angeles Police Department “outfit[ted] its cruisers with air guns that can launch GPS-enabled ‘darts’ at passing cars.”15 Once affixed to a vehicle, police can track it in real time from police headquarters. The air guns are generally used in situations requiring immediate action such as a high-speed chase.
How will news be delivered and paid for. It's a long way from the three modes of communication in the mid-20th Century (telephone, telegraph and tell-a-woman)
http://www.bespacific.com/mt/archives/027228.html
May 10, 2011
The Story So Far: What We Know About the Business of Digital Journalism
"Can digital journalism be profitable? What's making money, what isn't, and why? A new report from Columbia University faculty members Bill Grueskin, academic dean of the Columbia Graduate School of Journalism, and Ava Seave, principal at Quantum Media and adjunct professor at the Columbia Business School, addresses these questions about the financial state of digital journalism. The report provides the most comprehensive analysis to date of the business challenges that for-profit news organizations face with their digital ventures. The report, The Story So Far: What We Know About the Business of Digital Journalism, is being issued by the school's Tow Center for Digital Journalism, which is committed to the research and advancement of journalism on digital platforms."
Because free is good! At least you can try programs very similar to those costing hundreds of dollars...
http://www.makeuseof.com/tag/7-free-open-source-programs-replace-commercial-windows-software/
The 7 Best Free Open Source Programs To Replace Commercial Windows Software
LibreOffice replaces Microsoft Office
Mozilla Thunderbird replaces Windows Live Mail
Inkscape replaces CorelDraw & Adobe Illustrator
GIMP replaces Adobe Photoshop
Blender replaces 3ds Max
BRL-CAD replaces AutoCAD
7-Zip replaces WinZip or WinRAR
No comments:
Post a Comment