Wednesday, June 01, 2011

Who are these guys? They are not acting like a “mad genius teenager” nor are they doing what I'd expect hackers from say North Korea to try either...

http://www.wired.com/threatlevel/2011/05/l-3/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+wired%2Findex+%28Wired%3A+Index+3+%28Top+Stories+2%29%29

Second Defense Contractor L-3 ‘Actively Targeted’ With RSA SecurID Hacks

An executive at defense giant L-3 Communications warned employees last month that hackers were targeting the company using inside information on the SecurID keyfob system freshly stolen from an acknowledged breach at RSA Security.

The L-3 attack makes the company the second hacker target linked to the RSA breach — both defense contractors. Reuters reported Friday that Lockheed Martin had suffered an intrusion.

“L-3 Communications has been actively targeted with penetration attacks leveraging the compromised information,” read an April 6 e-mail from an executive at L-3’s Stratus Group to the group’s 5,000 workers, one of whom shared the contents with Wired.com on condition of anonymity.

The attacks come as the Pentagon is in the final stages of formalizing a doctrine for military operations in cyberspace, which will reportedly view cyberattacks that cause death or significant real-world disruption as the equivalent of an armed attack.

… Asked if the RSA intruders did gain the ability to clone SecurID keyfobs, RSA spokeswoman Helen Stefen said, “That’s not something we had commented on and probably never will.”

If the intruders have gained cloning ability, the implications could be far-reaching. SecurID is used by most federal agencies and Fortune 500 companies. As of 2009, RSA counted 40 million customers carrying SecurID hardware tokens, and another 250 million using software clients.

RSA has been privately briefing its customers about its intrusion, but only after placing them under nondisclosure agreements, and the company has shared few details with the public.



No seriously, we really mean it this time.

http://www.thetechherald.com/article.php/201122/7222/PlayStation-Network-should-be-fully-restored-by-Friday

PlayStation Network should be fully restored by Friday

However, as the calendar of disruption moves towards six weeks, Sony claims the fully restored PSN service will be back online by Friday—except for those in Hong Kong, Japan and South Korea.

More pointedly, according to an official post from the PlayStation Blog, Sony has said any remaining services missing from the online network (i.e., PlayStation Store, Qriocity) will be up and running by the end of week.



More “Joys of a Data Breach”

http://www.databreaches.net/?p=18519

Michaels Stores hit with 2nd suit seeking class-action status

May 31, 2011 by admin

Becky Yerak reports:

Michaels Stores Inc., which disclosed that its checkout-line PIN pads were tampered with in Illinois and 19 other states, has been hit with two lawsuits seeking class-action status by consumers alleging that the arts and crafts retailer failed to safeguard shoppers’ credit and debit card information and PIN numbers.

The latest lawsuit was filed Friday in U.S. District Court in the Northern District of Illinois by Libertyville resident Mary Allen, who said an $18.16 purchase at a Michaels in Vernon Hills on March 15 led to more than $1,000 in unauthorized transactions.

Read more in The Chicago Tribune.



Early notice. A quick Google News search shows only articles in German.

http://www.databreaches.net/?p=18525

De: Hackers steal 1.2 million names and email addresses

May 31, 2011 by admin

Relying on Google’s translation is always risky, but here goes:

Spiegel Online appears to be reporting that hackers acquired 1.2 million names and email addresses of customers registered on neckermann.de, a mail order firm.

If anyone can provide a reliable translation, please use the comments section below to add any important details.

via @PrivaSens



Unprecedented? Has anyone ever classified a non-weapons attack as equivalent to a weapons attack? Earlier disruptive technologies include: The book, telegraph, telephone, radio, tv and microwave pizza.

http://www.bespacific.com/mt/archives/027388.html

May 31, 2011

WSJ - Pentagon Considers Cyberattacks as Acts of War

WSJ: "The Pentagon has concluded that computer sabotage coming from another country can constitute an act of war, a finding that for the first time opens the door for the U.S. to respond using traditional military force. The Pentagon's first formal cyber strategy, unclassified portions of which are expected to become public next month, represents an early attempt to grapple with a changing world in which a hacker could pose as significant a threat to U.S. nuclear reactors, subways or pipelines as a hostile country's military. In part, the Pentagon intends its plan as a warning to potential adversaries of the consequences of attacking the U.S. in this way. "If you shut down our power grid, maybe we will put a missile down one of your smokestacks," said a military official. Recent attacks on the Pentagon's own systems—as well as the sabotaging of Iran's nuclear program via the Stuxnet computer worm—have given new urgency to U.S. efforts to develop a more formalized approach to cyber attacks. A key moment occurred in 2008, when at least one U.S. military computer system was penetrated. This weekend Lockheed Martin, a major military contractor, acknowledged that it had been the victim of an infiltration, while playing down its impact."



They're all probably guilty. This way they can prove their innocence...

http://www.pogowasright.org/?p=23184

FL: Scott signs law requiring drug testing for welfare recipients

June 1, 2011 by Dissent

Kathleen Haughney reports:

Thousands of the state’s poorest Floridians will have to take a drug test if they want to qualify for welfare assistance, under a law signed by Gov. Rick Scott Monday.

The idea, plugged by Scott and the GOP-dominated Legislature, is that drug tests will root out welfare recipients who are using public dollars to buy drugs. But Democrats and advocates for the poor say the requirement could violate individuals’ constitutional rights to privacy, and the American Civil Liberties Union is likely to challenge the law in court.

Read more in the Sun-Sentinel.



Probably not a “best practice” for a terrorist organization...

http://www.bespacific.com/mt/archives/027392.html

May 31, 2011

NPR: Al-Qaida's Paper Trail: A 'Treasure Trove' For U.S.

Dina Temple-Raston, NPR Counterterrorism Correspondent: "When U.S. commandos stormed Osama bin Laden's compound earlier this month, they spent much of their time on the ground shoving papers, CDs and thumb drives into huge document bags strung around their necks. That sweep was considered an integral part of the operation, and it confirmed what the intelligence community had long believed: that bin Laden was obsessive about documenting everything. From its earliest days, al-Qaida leaders insisted on receipts. If fighters were buying a car for an operation, or even disc drives and floppy disks for their computers, they were required to return to base with a precise accounting of everything they had spent. Experts say that was the influence of bin Laden. Before he became the ideological leader of al-Qaida, he got an undergraduate degree in economics and public administration. He clearly applied what he learned to the organization... More proof of its corporate structure: As odd as it sounds, al-Qaida had excellent HR benefits..."



“Oh come on! You don't actually believe that the government has to follow the law like regular people.” If Senator Udall knows what is going on, why not just tell us?

http://www.pogowasright.org/?p=23177

Unmasking “Secret Law”: New Demand for Answers About the Government’s Hidden Take on the Patriot Act

May 31, 2011 by Dissent

As I hoped, the ACLU has filed a FOIA request about the “secret” interpretation of the PATRIOT Act that Senators Wyden and Udall referred to during the renewal debate in Congress:

In the days before last week’s Patriot Act reauthorization vote, members of the Senate Intelligence Committee raised concerns — see here and here — about the way that the Justice Department has interpreted and used the Patriot Act’s Section 215, which is perhaps the most controversial of the provisions that Congress reauthorized. “When the American people find out how their government has secretly interpreted the Patriot Act,” Colorado Senator Mark Udall said, “they will be stunned and they will be angry.”

Today we filed a Freedom of Information Act (FOIA) request demanding that the Justice Department release information about the government’s use and interpretation of Section 215. We anticipate litigating the request.

Read more on ACLU’s Blog.



For my Disaster Recovery and Computer Security students... Shouldn't everyone in your company use a service like this? Might even want to start one myself...

http://www.makeuseof.com/tag/entrustet-ensures-digital-assets-smoothly-passed-pass/

Entrustet Ensures Your Digital Assets Are Smoothly Passed On After You Pass On

Most online companies are happy to close an account after death, but don’t want to get bogged down with the confusion involved in account succession. You can imagine how difficult it would be to ensure requests were real! But, not to worry. Entrustet gives us a way to get things under control from one single control point.

… If you think your online accounts aren’t assets, think again. What will happen to your domains? Where’s that Adsense money going? What about your PayPal account? What about your blog? How will your family update things to ensure your work now benefits them? Do you have lots of photos in Flickr? The half-finished novel backed up in Dropbox? How will your family have access to these?

Now, consider your options here. If you want to give someone access to an account after your death, how will you do it? Give them the password now? Write the password into your will (and update your will every time you change your password)? Keep a secret list with that password on it? None of these options are ideal — they all post a current security threat and leave the plan vulnerable if you forget to update the password with them in time.

… Sign-up with Entrustet is free, meaning you can set things in motion without paying a cent. After verification, you can immediately begin to add your accounts to Entrustet, nominating what should occur with them after your death.

Note that Entrustet cannot control accounts which are covered by a regular will, such as bank accounts.

… You may choose a digital executor for your estate. This person will receive an email immediately notifying them of their role.

... If you already have a lawyer looking after your affairs, you may add their details to Entrustet, ensuring they can easily work together when the time comes. You should also ensure your lawyer knows about your plans with Entrustet and your digital executor.

If you don’t yet have a legal will, Entrustet can point you in the direction of some who understand digital estates. There’s also plenty of places online where you can ask legal questions for free and get an understanding of what you need to do.


No comments: