Sunday, May 29, 2011

This is a biggie people. First hack into the “Secure ID” provider, then use that knowledge to bypass two-factor security at Lockheed. I wonder if the noticed the first tickle or if this had been going for some time before it was detected?

Duplicate RSA Keys Enable Lockheed Martin Network Intrusion

"Unknown hackers have broken into the security networks of Lockheed Martin Corp and several other US military contractors, a source with direct knowledge of the attacks told Reuters. They breached security systems designed to keep out intruders by creating duplicates to 'SecurID' electronic keys from EMC Corp's RSA security division, said the person who was not authorized to publicly discuss the matter."

There's also coverage at PC Magazine.

[From the MSNBC article:

They breached security systems designed to keep out intruders by creating duplicates to "SecurID" electronic keys from EMC Corp's RSA security division, said the person who was not authorized to publicly discuss the matter.

The hackers learned how to copy the security keys with data stolen from RSA during a sophisticated attack that EMC disclosed in March, according to the source.

… The RSA breach did raise concerns about any security tokens that had been compromised, and EMC now faced tough questions about whether "they can repair that product line or whether they need to ditch it and start over again," he said.

EMC disclosed in March that hackers had broken into its network and stolen some information related to its SecurIDs. It said the information could potentially be used to reduce the effectiveness of those devices in securing customer networks.

[From the PC Magazine article:

According to a source, once Lockheed was made aware of the attack, the company began instigating new security measures to prevent future breaches. These included shutting down some of the company's remote access capabilities on its systems, as well as a new order for 90,000 replacement SecurID tokens for the company's employees. Users were also asked to change their passwords company-wide.


(Related) So it's not just Lockheed.

http://news.cnet.com/8301-1009_3-20067081-83.html

Report: Major weapons makers see networks breached by hackers

Hackers have broken into the computer systems of Lockheed Martin and other major U.S. weapons manufacturers, potentially gaining access to information about future weapons programs as well as military technology currently in use, according to a Reuters report.

In an early report, the news agency cited a defense official and "two sources familiar with the issue." It has since said that it's unclear what--if any--data had been stolen.



Why can't the law simply protect data rather than specify each new technology?

http://www.pogowasright.org/?p=23119

Data in the “Cloud” Needs Fourth Amendment Protection

May 29, 2011 by Dissent

Steven Titch writes:

…What most Americans don’t realize is that data stored in the cloud is not protected by the Fourth Amendment the way that same data is if stored on a PC, CD or detachable hard drive in the home. My op-ed in the Washington Times today outlines this problem, and points to a new bill in Congress, S.1011, introduced last week by Sen. Patrick Leahy (D-VT), as a big step toward closing this loophole. S.1011, also cited by Berin here, extends the due process provisions against illegal wiretapping in the existing Electronic Communications Privacy Act (ECPA) to personal data stored in data centers owned and operated by third parties.

Read more on The Technology Liberation Front.



I can see a project for my Computer Security students... and a useful too for my Ethical Hackers?

http://www.makeuseof.com/tag/identity-finder-cleanse-computer-sensitive-personal-information/

Identity Finder – Cleanse Your Computer Of Sensitive Personal Information [Windows & Mac]

At one point or another, you’re bound to have your privacy breached.

… Alas, this is the world we live in. So, the best you can do is install virus software, anti-malware and anti-adware.

… Most people are familiar with these software tools, but did you know that there is one additional line of personal information protection you can set up to guard yourself from identity theft? It’s a line of defense built on the premise that it isn’t much good for a burglar to break into your home if you store all of your valuables in a lock-box at the bank. This additional line of defense is called Identity Finder.

The free version of Identity Finder will perform a full system scan, and it will attempt to find sensitive identity information that may be stored on your computer without you realizing it. It attempts to do a deep search that is as good or better (hopefully) than any spyware may be. The goal is to identify the sensitive information on your computer so that you can decide what to do with it so that it isn’t accessible should your computer get infected.

… When you discover that there’s information on your computer that you really don’t want to be there – like stored credit card information, Identity Finder offers the option to “Shred” the information.



Eventually, Long John Silver got used to that peg leg...

http://www.pogowasright.org/?p=23122

Zuckerberg: Privacy anxiety is fleeting

May 29, 2011 by Dissent

Tom Espiner reports:

Facebook services that have increasingly allowed “friends” to keep track of each other have drawn criticism from users, who then begin to use them, Zuckerberg told the e-G8 Forum conference in Paris this week.

“We’ll roll it out, and pretty often there’ll be this backlash, and people will say, ok, we don’t like this new thing,” said Zuckerberg. “It’s I think a real anxiety. People were really afraid of more people being able to be involved in the social network.”

Zuckerberg said that 1 million people, or 10 percent of the Facebook user base, in 2006 protested against Facebook’s news feed service, which gives updates about what “friends” are doing.

“People thought that, you know, it was just too much, right, they wanted to share stuff on the site but they didn’t want it to be so much in people’s face,” said Zuckerberg. “You know now it’s just part of the site that I think most people in a way would be like ‘What’s going on? How can there be Facebook without this?’”

Zuckerberg said that Platform, which gives third-party developers access to people’s “friends,” was “fairly controversial.” He said that Facebook took steps so that “everything is under good control, and there isn’t a lot of abuse.”

He added that “one of the good things about the Internet is you can just kind of build something, and people will choose to use it or not, and that’s how we win debates.”

Read more on cnet.

Of course, as Privacy International’s Simon Davies told ZDNet, there are peer influences at work and what might be a privacy intrusion can be accepted eventually if enough of one’s friends accept it and go along with it.

Zuckerberg might see that as a good thing, but I see it as no different than people becoming complacent after initially being outraged about warrantless domestic surveillance. Little by little, privacy – and the expectation of privacy – is being eroded. And in my opinion, privacy advocates who use services with questionable or deplorable privacy practices are sending an unfortunate message by the use of such services.



My math students love this...

http://www.wired.com/epicenter/2011/05/wolfram-alpha-two/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+wired%2Findex+%28Wired%3A+Index+3+%28Top+Stories+2%29%29

Wolfram Alpha Turns 2: ‘People Just Need What We Are Doing’

Wolfram Alpha is an online service that computes the answers to queries (e.g., age pyramid for the Philippines or glycogen degradation pathway rather than searching for those terms showing up on webpages.

… But Wolfram is frustrated a bit that users don’t know the full power of Wolfram Alpha.

“The mental model for when to go to Wolfram Alpha is not fully fleshed out yet,” Wolfram says.

One of the company’s solution for that is to create a wide range of very focused apps, such as its app for computer network administrators, and those for classes, including astronomy, calculus and algebra.



When you find yourself repeating the same actions...

http://www.makeuseof.com/dir/ghostmouse-repeat-mouse-and-keyboard-actions/

GhostMouse: An App To Record & Repeat Your Mouse And Keyboard Actions

GhostMouse is a freeware application for Windows, sized at nearly 800KB. Once the program is installed, you can click on the red recording button to have the app record your mouse and keyboard actions. A balloon notification in the System Tray tells you to press the F7 key to stop recording; you can also stop the recording using the app’s main window.

You can save your recordings and these can later be played by GhostMouse to repeat the mouse and keyboard gestures you performed. To select exactly which gestures you want recorded, you can access the application’s options.

www.remouse.com

Similar tools: Dejaclick, GhostRec and MouseFlow.



These are handy. You just need to find the one you like best... This one should work from your thumb drive!

http://www.makeuseof.com/tag/snapshoter-screen-capture-tool-clipboard-manager-rolled-windows/

SnapShoter: A Screen Capture Tool & Clipboard Manager Rolled Into One [Windows]

Fast, lightweight, and portable are three adjectives that fit SnapShoter (ver1.4.9b) to the T. You can throw in ‘free’ too and you have a winner among the portable app ranks. SnapShoter also brings a smile to your face if you are a rapid fire screen-shooter. It is also a clipboard manager that can hold multiple images and manipulate them around.

… A 973KB size for screen capture software with a clipboard manager and image manipulation is a nice thing in a small package. Unzip the download and put it in its own folder as that’s where the captures and app preferences will also get saved. Clicking the EXE file launches SnapShoter as a sidebar on the right side of your screen. You can shift it to the left and also minimize it.


No comments: