Recent Entries in Hacking

  The empires strike back

BACK WHEN the Internet was young -- oh, say, eight years ago -- there was a school of thought that held that cyberspace was its own sovereign nation.

For one thing, "The Net perceives censorship as damage, and routes around it." What government could control what was said on the Net? The more fuss someone made about a particular site or piece of information, the more likely it was to be mirrored widely, even, sometimes, by people who violently disagreed with it but disagreed with censorship even more. Besides, bands of activist programmers could unite to create circumvention technologies such as anonymizing Web sites, clever software to enable anonymous email and Usenet postings, cleverer software to create hidden, uncontrolled networks.

The empires strike back

State and federal authorities are investigating a hacker attack at University of California, Berkeley, after someone broke into a computer containing the Social Security numbers and other personal information of more than 1 million people, many of them elderly and disabled participants in a state home-care program.

The break-in appears to be the largest yet to be publicly disclosed since passage of a 2003 California law requiring companies and agencies to warn people when their personal data may have been compromised, said Joanne McNabb, chief of the state Office of Privacy Protection.

While officials don't know yet if any personal information was taken, they are nonetheless urging anyone whose information may have been compromised to guard against identity theft. Investigators haven't discovered any instances of identity theft stemming from the break-in.

Oakland Tribune Online - Local & Regional News

Trusted Computer Solutions, which supplies secure applications to organisations such as the FBI, has built a secure version of Linux due for release in Spring 2005

Software company Trusted Computer Solutions (TCS) is currently beta testing a secure version of Linux, which will provide its customers with an alternative to Trusted Solaris to run its product line.

The company builds applications which allow information to be shared securely. Edward Hammersla, chief operating officer at TCS, told ZDNet UK that when the UK Ministry of Defense or NATO requires a piece of US intelligence, the data is often shared using TCS software. Its customers include the FBI, the US Defense Intelligence Agency and the US Office of Naval Intelligence.

FBI supplier puts finishing touches on secure Linux

Hurley is a wardriver -- a tech geek who, as a hobby, loads a laptop, a network detector and a GPS locator into his 1994 Mustang GT and roams the streets of Baltimore, Maryland, sniffing the air for unprotected wireless computer networks. He doesn't connect to the networks he finds (that's illegal), he just makes a note of them and their security settings.

This summer Hurley and a group of some 600 like-minded wardrivers sniffed out and mapped 228,537 wireless networks in 41 states, 17 countries and 4 continents, in an eight-day "Worldwide War Drive" (WWWD). It was the fourth in a series of worldwide efforts Hurley has organized to raise awareness of vulnerable wireless networks. He's also written a book on the subject, called "Drive, Detect, Defend: A Guide to Wireless Security." - Out of the box and into the ether - Oct 18, 2004

  Threats against privacy

The e-mails, ostensibly from banking giant SunTrust, spilled into people's in-boxes all last week. I received several myself, urging me to check the security settings for a non-existent SunTrust Internet banking account.

The e-mails, of course, were fake. On the other hand, an examination of both the bogus messages and the companies they're scamming raises some very real privacy issues.

What's going on here, for those unfamiliar with the practice, is called phishing.

Threats against privacy

Linux News: Legal: FBI Gives Back Seized Servers

The UK-based servers of media company Indymedia have been returned to the London data center of hosting firm Rackspace.

But Indymedia is still none the wiser about why the U.S. Federal Bureau of Investigation (FBI) seized them in the first place.

It had been using the seized servers to run independent news sites and radio streams dedicated to social activist groups, as well as open-source projects, from all over the world. Data and services in 17 countries were affected.

Today @ PC World - Google Desktop Search: Security Threat?

Google Desktop Search might just be too good. Using the new software, I was able to bypass user names and passwords that secure Web-based e-mail programs and view personal messages sent and received on public PCs.

Using Google's new software on a shared computer at the Google booth at the Digital Life trade show floor I was able to easily search for, find, and read private Yahoo e-mail sent on the computer by previous users earlier in the day.

Marissa Mayer, Google's director of consumer Web products, told me she wasn't surprised. "This is not a bug, rather a feature," she says. Google always intended people to be able to index and search Web-based e-mail viewed and composed on PC, she says. Google Desktop Search is not intended to be used on computers that are shared with more than one person, she says.

Hackers can launch attacks over IM - ZDNet UK News

Security experts have discovered an instant messaging tool that could change the way denial-of-service (DoS) attacks are performed.

Combining the open-source tool nmap -- a program that discovers devices on a network -- with an IM bot, hackers can infiltrate, steal information and carry out denial-of-service attacks on networks, says the director of security for Whitehat UK, Jason Hart.

IM runs over port 80, which is often regarded as a trusted port because Internet traffic travels through it. Nmap uses ping requests and port scans to discover network devices.

A new form of spam is emerging this fall, called debate-spin spam, experts told UPI's The Web. The veracity of the e-mail messages being sent as letters to the editor is coming into question, as are the timing and content of many of the messages, because a significant percentage is being generated by bots, or intelligent software agents.

"In the world of politics, there are good bots and bad bots," said Christopher Faulkner, chief executive officer of C I Host, an online hosting service in Bedford, Texas. "There are hundreds of bots available for spamming or political use."

For example, makes available a bot known as "Mr. Smith E-Mails Washington," which occupies a high-profile in the computing community, because it is intended for consumers to use to e-mail members of Congress. Bots also can be customized quite easily, too, and can send out millions of messages in minutes.

The Web: 'Bots' pushing poll results - (United Press International)

Microsoft on Tuesday issued 10 security advisories -- seven of them critical -- urging consumers and businesses to patch 21 new flaws in Windows software products.

The announcement was expected as part of Microsoft's monthly security communiqu�. But the number of serious flaws was higher than expected, recalling the month of April when the company issued seven advisories detailing 20 flaws, one of which led to the widespread Sasser worm.

Microsoft recommends home PC users download patches by going to and signing up for its free Windows Automatic Update service. - Microsoft tells users to patch 21 new flaws in Windows

The Supreme Court on Tuesday sidestepped a dispute over whether Internet providers can be forced to identify subscribers illegally swapping music and movies online.

The subject, however, may be back at the court soon.

The Bush administration agrees with recording and movie companies which want to use a 1998 law to get information about Internet users, but the administration also had encouraged the Supreme Court to wait to settle the issue.

The recording industry had sought court intervention now, arguing that more than 2.6 billion music files are illegally downloaded each month and that the law is needed to identify culprits.

ABC News: High Court Won't Hear Music Sharing Case - October 12, 2004 - By taking advantage of a hole in Microsoft's Internet Explorer web browser, hackers have been able to introduce 'spyware' or 'adware,' which is downloaded on to hard drives without owners' knowledge. The scourge causes countless 'pop-up' ads to appear, driving many users away from their computers. But now, the government is cracking down.

The U.S. Federal Trade Commission last week filed a legal complaint against two companies that allegedly infected computers with spyware and pop-up advertising, then tried to sell their owners spyware-blocking software, IDG News Service reported.

And, last week the U.S. House of Representatives passed the SPY ACT (Securely Protect Yourself Against Cyber Trespass), which outlaws computer technology that downloads programs onto users' computers without their permission. The spyware legislation is not yet law, IDG reported.

The FTC charges the two defendants, Sanford Wallace, owner or president of Seismic Entertainment Products, based in Rochester, New Hampshire, and SmartBot.Net, based in Richboro, Pennsylvania, with using unfair business practices by marketing "purported" antispyware software called Spy Wiper and Spy Deleter to Internet users through pop-up ads on websites controlled by Seismic Entertainment, IDG reported.

'Spyware' Under Attack by Government

A company which makes software that infiltrates users' computers and demands $30 to be removed has been targeted by US authorities.

The US Federal Trade Commission (FTC) is has asked a federal court to shut down the operations of Seismic Entertainment Productions and SmartBot.Net. The FTC action was initiated after it received a complaint from a Washington consumer group, the Center for Democracy and Technology. This is the first time that the FTC has taken action against a company that produces so-called "spyware".

The software exploits a flaw in Microsoft's Internet Explorer to gain access to a computer without the users' knowledge. The spyware interferes with the operation of the web browser, causes CD-ROM trays to slide open, slows down the computer or causes it to stop working entirely. The spyware then invokes a number of pop-up messages which urge consumers to buy programs called Spy Wiper or Spy Deleter to fix the problem for a fee of $30. Regardless of the veracity of the FTC's allegations, this tactic is not unknown among unethical spyware developers.

US gov targets spyware outfit | The Register

The government's cybersecurity chief has abruptly resigned from the Homeland Security Department amid a concerted campaign by the technology industry and some lawmakers to persuade the Bush administration to give him more authority and money for protection programs.

Amit Yoran, a former software executive from Symantec Corp., made his resignation effective Thursday as director of the National Cyber Security Division, giving a single's day notice of his intention to leave. He kept the job one year.

Yoran has privately confided to industry colleagues his frustrations in recent months over what he considers the department's lack of attention paid to computer security issues, according to lobbyists and others who recounted these conversations on condition they not be identified because the talks were personal. Update 2: U.S. Cybersecurity Chief Abruptly Resigns

A German security firm has hired the teen accused of writing the Sasser and Netsky worms, a move that sends a dangerous message to hackers, anti-virus firms said Monday.

Firewall provider Securepoint, which is based in a city in northern Germany not far from the hometown of admitted hacker Sven Jaschan, hired the 18-year-old to work on its products because "he has a certain know-how in this field," a company spokesman said in a statement.

The rehabilitation didn't go down well with Sophos, the U.K.-based anti-virus vendor.

Internet Week > Securepoint > German Security Firm Hires Hacker Awaiting Trial > September 20, 2004

Authorities raided five residences and and an Internet service provider Wednesday morning in the first federal criminal enforcement action against private peer-to-peer (P2P) (define) networks.

Search warrants were executed in Texas, New York and Wisconsin as part of an investigation into the illegal distribution of copyrighted movies, software, games and music over P2P networks. Federal agents seized computers, software and computer-related equipment in the raids.

"Today's actions send an important message to those who steal over the Internet. When online thieves illegally distribute copyrighted programs and products, they put the livelihoods of millions of hard-working Americans at risk and damage our economy," U.S. Attorney General John Ashcroft said at a Wednesday afternoon press conference.

Ashcroft said the joint investigation by the FBI, the Office of the U.S. Attorney for the District of Columbia, and the Justice Department's Computer Crime and Intellectual Property Section, known as Operation Gridlock, "disrupted an extensive peer-to-peer network suspected of enabling users to traffic illegally in music, films, software and published works."

Barely hours after home users started securing their PCs with a key update for Windows XP, security experts have found ways around it.

The SP2 update makes XP less attractive to virus writers and malicious hackers by plugging widely exploited loopholes.

But discoveries by security firms Secunia and German company Heise show that some holes have been left open.

Microsoft said it was investigating one of the new bugs but said no users had been caught out by this loophole.

In a judicial blow to the entertainment industry, a federal appeals court ruled that makers of two leading file-sharing programs aren't legally liable for the songs, movies, and other copyrighted works their users swap online.

The decision is likely to force the industry to take the more costly and less popular route of going directly after file-swappers.

Jack Valenti, president of the Motion Picture Association of America Inc., said his group is reviewing its next step following Thursday's ruling by the 9th U.S. Circuit Court of Appeals in favor of Grokster Ltd. and StreamCast Networks Inc.

Mitch Bainwol, chairman of the Recording Industry Association of America, said the decision begs the question of whether "digital music will be enjoyed in a fashion that supports the creative process or one that robs it of its future."

Hackers swarmed over the Web site of New York's DoubleClick Inc., the company that handles online advertising for hundreds of commercial sites

The Tuesday attack left PC users frustrated when trying to access some of the Internet's most heavily visited sites, the Washington Post said Wednesday.

At one point, affected Web pages were available less than 25 percent of the time, according to Keynote Systems Inc., a Web performance monitoring company in San Mateo, Calif.

Hacktivism isn't found in the graffiti on defaced Web pages, in e-mail viruses bearing political screeds or in smug take-downs of government or organizational networks.

These sorts of activities are nothing more than reverse censorship and "the same old cheap hacks elevated to political protest," according to Cult of the Dead Cow member Oxblood Ruffin.

Hacktivism, as defined by the Cult of the Dead Cow, the group of hackers and artists who coined the phrase, was intended to refer to the development and use of technology to foster human rights and the open exchange of information.,1377,64193,00.html?tw=rss.CUL

The black market trade in pirated DVDs is expected to top 1 billion pounds by 2007 as organised crime moves into the increasingly profitable racket of bootlegged movies, anti-piracy campaigners say.

Cheap, knock-off versions of the latest films can be picked up at car boot sales and street corners, often before the cinema release date.

Police have had some success in the past year cracking down on pirate DVD sellers, but in an era of online file-sharing, networks and DVD copiers, the volume of bootleg movies is growing fast.

In an effort to slow down the black market trade, a host of film companies and retailers launched a 1.5 million pound campaign awareness campaign on Monday to alert consumers that buying pirate DVDs is a crime.

  Piracy Paranoia

Yesterday, the Motion Picture Association of America (MPAA) released results of what it called a "worldwide" study on movie piracy through downloading. This self-serving release is obviously crafted to paint a scary picture, and the methodology isn't well explained. (By world, for instance, the MPAA means eight countries.)

Still, results from the U.S., U.K., France, Germany, Japan, Australia, Italy, and Korea -- especially Korea -- offer a glimpse of the struggles facing moviemakers such as Time Warner (NYSE: TWX), Lions Gate Entertainment (NYSE: LGF), and Sony (NYSE: SNE).

About Me

About the Blogger

I suppose if you've been reading my site for any length of time, you're probably curious to know who I am, and why I think people will read my blog. Online, I'm known as Zuckervati, mostly because it's easy...
» More ...

Mailing List Signup

What? There's a mailing list?

Sign up for the Mailing List

Follow Me on Twitter

Recent Entries

Tag Cloud

politik / film / video / skeptic / cewl / techno / humour / haxors / nosh / can-con / gaming / religion / weird / sex / funny / eco / music / stupid / photos / cocktails / George Bush / blogosphere / flickr / travel / evolution / politics / creationism / creationist / mobile / awful / photography / Star Wars / awesome / geek / bartending / coffee / drinking / mixology / alcohol / liquor / bartender / cocktail recipe / cats / food / Savoy Cocktail Book / science / Lovecraft / books / parody / Cthulhu / articles / TV / pets / John McCain / Movable Type / promos / cartoons / sci-fi / Canada / Radio Zuckervati / cool / Roger Ebert / system / atheism / comics / reviews / technology / writing / zombies / anime / anonymous / MMO / Star Trek / television / Alinea / animation / Batman / Futurama / Halloween / horror

Twitter Stream

D H McKee's bookshelf: to-read

Sunset and Sawdust
tagged: to-read
The Thicket
tagged: to-read
tagged: to-read