Yorkshire 'hacker' held in FBI probe

Rob Preece




'....The 26-year-old man was detained in York on Thursday by detectives from Scotland Yard's Central e-Crime Unit, which specialises in tackling internet crime. He was released on police bail yesterday after being interviewed at a police station in North Yorkshire.......'



Mideast Uses Western Tools to Battle the Skype Rebellion





'....An internal memo from the "Electronic Penetration Department" even boasted it had intercepted one conversation in which an activist stressed the importance of using Skype "because it cannot be penetrated online by any security device."Skype, which Microsoft Corp. is acquiring for $8.5 billion, is best known as a cheap way to make international phone calls. But the Luxembourg-based service also is the communications tool of choice for dissidents around the world because its powerful encryption technology evades traditional wiretaps......'



One in four US hackers 'is an FBI informer'

Ed Pilkington




'....The underground world of computer hackers has been so thoroughly infiltrated in the US by the FBI and secret service that it is now riddled with paranoia and mistrust, with an estimated one in four hackers secretly informing on their peers, a Guardian investigation has established.Cyber policing units have had such success in forcing online criminals to co-operate with their investigations through the threat of long prison sentences that they have managed to create an army of informants deep inside the hacking community.......'



Hackers Say They Hit a Sony Unit Network





'....The group of hackers, which calls itself "LulzSec"—a combination of "lulz," or laughs, and security—said it successfully had hit Sony for a fifth time, posting network plans and code allegedly from the company's developer network and music entertainment group.Sony did not immediately respond to a request for comment.......'



RSA finally comes clean: SecurID is compromised

Peter Bright




'....The exact sequence of numbers that a token generates is determined by a secret RSA-developed algorthm, and a seed value used to initialize the token. Each token has a different seed, and it's this seed that is linked to each user account. If the algorithm and seed are disclosed, the token itself becomes worthless; the numbers can be calculated in just the same way that the authentication server calculates them.......'



Anonymous reveals passwords for hundreds of Middle East government email accounts

Nancy Messieh



'....As reported on Twitter, a document was released on PasteBin, a site that already bears the reputation as a hangout for hackers, revealing the log-in details of hundreds of government officials from Bahrain, Egypt, Morocco and Jordan.The document is accompanied by the disclaimer, "These are probably not too reliable as they are from 3rd parties, but many do reuse old passwords." A quick glance at some of these passwords show that might be very true as their concept of an airtight password often comes down to the use of 123456 or Qwerty......'



Siemens SCADA hacking talk pulled over security concerns

Robert McMillan


Excerpt:'....A planned presentation on security vulnerabilities in Siemens industrial control systems was pulled Wednesday over worries that the information in the talk was too dangerous to be released.Independent security researcher Brian Meixell and Dillon Beresford, with NSS Labs, had been planning to talk Wednesday at a Dallas security conference about problems in Siemens PLC (programmable logic controller) systems.......'




The DOMinator Project
Minded Security

'....DOMinator is a Firefox based software for analysis and identification of DOM Based Cross Site Scripting issues (DOMXss). It is the first runtime tool which can help security testers to......'





Online criminals trading in Twitter

Mikko Hypponen




'....surely nobody would sell stolen credit cards on Twitter? Except they do. For example, check out Mr. SshoaibAhmed:.....'


War on… teenagers: Boy, 13, interrogated by the SECRET SERVICE for posting message about Bin Laden on Facebook

Daily Mail




'....A 13-year-old boy was interrogated at his school by Secret Service agents without his mother's permission after posting a message about Osama Bin Laden on Facebook. Following the Al Qaeda leader's death, Tacoma schoolboy Vito LaPinta wrote on his Facebook page that President Barack Obama should be be wary of repercussions....'


Diplomats: IAEA fears Iran hackers





'....The U.N. nuclear agency is investigating reports from its experts that their cellphones and laptops may have been hacked into by Iranian officials looking for confidential information while the equipment was left unattended during inspection tours in the Islamic Republic, diplomats have told The Associated Press. One of the diplomats said the International Atomic Energy Agency is examining "a range of events, ranging from those where it is certain something has happened to suppositions," all in the first quarter of this year. He said the Vienna-based nuclear watchdog agency was alerted by inspectors reporting "unusual events," suggesting that outsiders had tampered with their electronic equipment......'


Regulator plans to discipline Hyundai Capital over hacking





'....South Korea's financial regulator decided Wednesday to punish Hyundai Capital Services Inc. for lax computer system maintenance, which led to a major hacking attack at the biggest local consumer finance firm.......'


Many browsers runs insecure plug-ins, analysis finds

John E Dunn




'....Analysing 420,000 scans from the company's Browsercheck tool, Qualys discovered that the biggest problems lie with a handful of common plug-ins for video such as Adobe Flash, Apple Quicktime, Shockwave and Windows Media Player, plus more general utilities such as PDF Reader, and old favourite, Java. The most vulnerable pug-in was Java, installed on 80 percent of browsers, 40 percent of which were running an out-of-date version of the software open to exploits. Adobe Reader took second spot, also installed on 80 percent of browsers, just over 30 percent of which were vulnerable......'


Secure Software Engineering Initiatives





'....Most high-profile cyberattacks are enabled by flaws in computer systems software, so-called software vulnerabilities in the application layer. As a preliminary step towards addressing the problem of software vulnerabilities, we have compiled a list of \existing initiatives focused on finding and preventing software vulnerabilities. This document provides a comprehensive list of different SSE initiatives, with a focus on the EU,but also including some major US and global SSE initiatives......'


The Common Vulnerability Reporting Framework

Mike Schiffman




'....The Industry Consortium for Advancement of Security on the Internet (ICASI) published of its Common Vulnerability Reporting

Framework (CVRF)......'


Not so fast: Sony's PlayStation Network hacked again

Matthew Panzarino




'....Less than 2 days after Sony started bringing its PlayStation Network back online reports are coming in that the besieged gaming giant's platform has been hacked yet again. MCV is reporting that the exploit allows for hackers to change users passwords using only a PSN account email and date of birth, two pieces of user information that were obtained in the original hack......'


Catching AuthTokens in the Wild - The Insecurity of Google's ClientLogin Protocol

Bastian Könings, Jens Nickels, and Florian Schaub




'....In a recent blog post Dan Wallach outlined some of the risks of using Android smartphones in open Wifi networks. He found that some Android applications transmit data in the clear, allowing an attacker to eavesdrop any transmitted information. Besides third-party apps, such as Twitter or Facebook, also the Google Calendar app transmitted unencrypted information. Wallach stated that "an eavesdropper can definitely see your calendar transactions and can likely impersonate you to Google Calendar". A fact that also applies to Google Contacts as another blog post revealed....'


Obama warns: "Hack us, and we'll bomb you"

James Nixon




'....Barack Obama has revealed his ultimate strategy for dealing with hackers who carry out cyber-attacks against the US government......'


TinKode Hacked NASA's Goddard Space Flight Center

Ms. Smith




'....A hacker who has a proven track record of targeting security holes and exposing vulnerabilities has struck again - this time at NASA and a server related to a satellite-based Earth Observation System which is used to assist in disaster relief. A Romanian hacker who goes by the online alias of TinKode published a screenshot from a server at NASA's Goddard Space Flight Center. The screen capture proof appears to be an FTP server of NASA's Goddard Center at servir.gsfc.nasa.gov. TinKode did send an email alert of the hack to NASA's webmaster......'


4 Free Online Tools for Examining Suspicious PDFs

Lenny Zeltser




'....In an earlier post I outlined 6 free local tools for examining PDF files. There are also several handy web-based tools you can use for analyzing suspicious PDFs without having to install any tools. These online tools automate the scanning of PDF files to identify malicious components...'


Anonymous leaks PSN ssh logs, shows Sony is responsible for data theft

Stefan Keller




'....German publication Computer BILD got information from Anonymous proofing that Sony may have acted negligent when it comes to the servers of the PSN. Computer BILD reports that Sony tries to hide the facts, but now there are some embarracing news......'


Experts on PSN Hack: Sony Could Have Done More

Jared Newman




'....Santorelli, who before his current job worked at Microsoft and as a detective sergeant on Scotland Yard's Computer Crime Unit, warned that there's no silver-bullet approach to stopping network breaches. He argued that there needs to be a sea change in the way consumers treat their data.

"If there's one message post-Sony, it's that this is the reality these days, and you have a responsibility to protect yourself, your networks, your family, and your information, because no one else is going to do it for you," Santorelli said. ......'


Cyber attackers try Treasury hack at least once a day

Anh Nguyen




'....'Hostile intelligence agencies' made hundreds of attempts to hack into the Treasury's computer system last year, Chancellor George Osborne has revealed. Osborne said that the number of attempts averaged at least one attack a day...'