1     2     3     4     5     6     7     8     9     10    | [Next]  [Last] of 172 page(s)

Database hacking spree on US Army, NASA, and others costs gov't millions
arstechnica.com
by Dan Goodin
October 28, 2013

"You have no idea how much we can f**k with the US," alleged hacker says.

Federal prosecutors have accused a UK man of hacking thousands of computer systems, many of them belonging to the US government, and stealing massive quantities of data that resulted in millions of dollars in damages to victims. Lauri Love, 28, was arrested on Friday at his residence in Stradishall, UK following a lengthy investigation by the US Army, US prosecutors in New Jersey said. According to prosecutors, the attacks date back to at least October 2012. Love and other alleged hackers are said to have breached networks belonging to the Army, the US Missile Defense Agency, NASA, the Environmental Protection Agency, and others, in most cases by exploiting vulnerabilities in SQL databases and the Adobe ColdFusion Web application. The objective of the year-long hacking spree was to disrupt the operations and infrastructure of the US government by stealing large amounts of military data and personally identifying information of government employees and military personnel, a 21-page indictment said.

US agency baffled by modern technology, destroys mice to get rid of viruses
arstechnica.com
by Peter Bright
July 8, 2013

$170,000 of PCs, printers, keyboards, cameras, and mice destroyed in gross overreaction.

The Economic Development Administration (EDA) is an agency in the Department of Commerce that promotes economic development in regions of the US suffering slow growth, low employment, and other economic problems. In December 2011, the Department of Homeland Security notified both the EDA and the National Oceanic and Atmospheric Administration (NOAA) that there was a possible malware infection within the two agencies' systems. The NOAA isolated and cleaned up the problem within a few weeks. The EDA, however, responded by cutting its systems off from the rest of the world-disabling its enterprise e-mail system and leaving its regional offices no way of accessing centrally held databases. It then recruited an outside security contractor to look for malware and provide assurances that not only were EDA's systems clean, but also that they were impregnable against malware. The contractor, after some initial false positives, declared the systems largely clean but was unable to provide this guarantee. Malware was found on six systems, but it was easily repaired by reimaging the affected machines.

Members of Congress finally introduce serious DMCA reform | Ars Technica
arstechnica.com
by Timothy B. Lee
May 9, 2013

Bill allows DRM circumvention for cell phone unlocking and other lawful purposes.

eBay buries its own advisory to change passwords following database hack
arstechnica.com
by Dan Goodin
November 21, 2012

Seven hours on, users still not warned that hackers obtained their personal data.

eBay officials are taking flak for burying news of the password reset issued in response to a hack on the company's corporate network that exposed sensitive data for millions of users. More than seven hours after eBay published an advisory that was five clicks removed from end users, the company still made no mention of the breach, said to affect 145 million customers, in e-mails, on its front page, or when users log in to their accounts. The bare-bones post disclosed a breach in February or March that allowed attackers to make off with cryptographically protected passwords. It advised users to change their login credentials. The breach also exposed customers' names, e-mail addresses, home addresses, phone numbers, and dates of birth in a human readable format.

iOS apps hijack Twitter accounts, post false "confessions" of piracy
arstechnica.com
by Jon Brodkin
November 14, 2012

Dictionary app maker's move is the very definition of how not to fight theft.

An iOS application developer has come up with an extreme way of fighting software piracy-by auto-posting "confessions" to its users' Twitter accounts. If you search Twitter for the hashtag #softwarepirateconfession you'll find a stream of tweets stating, "How about we all stop using pirated iOS apps? I promise to stop. I really will. #softwarepirateconfession." There are many dozens of these tweets in the past day alone, all identical. So what's happening? It turns out that Enfour, the maker of a variety of dictionary apps, is auto-posting tweets to users' accounts to shame them for being pirates. But the auto-tweeting seems to be affecting a huge portion of its paid user base, not just those who actually stole the apps.

Mac OS X invulnerability to malware is a myth, says security firm
arstechnica.com
by Jacqui Cheng
October 1, 2012

Mac users can expect more OS X botnets, drive-by downloads, and mass malware from here on out.

That's according to security researchers from Kaspersky Lab, who said during a press conference on Thursday morning that anti-malware software is now a necessity for Mac users, and that "Mac OS X invulnerability is a myth." The firm acknowledged that malware for the Mac has existed for years but only recently started gaining more momentum thanks to a critical increase in Mac market share. In the case of Flashback (also known as Flashfake), the malware morphed from a socially engineered installation app to an attack that targeted an unpatched Java vulnerability. So far, it has been used to hijack search results-a technique often used in click fraud scams-but the attackers have the ability to employ the malware tactic of their choice on a machine at any time as long as it remains infected.

Sniffing open WiFi networks is not wiretapping, judge says
arstechnica.com
by Timothy B. Lee
September 7, 2012

Cheap and widely used interception gear means open WiFi traffic is public.

A federal judge in Illinois has ruled that intercepting traffic on unencrypted WiFi networks is not wiretapping. The decision runs counter to a 2011 decision that suggested Google may have violated the law when its Street View cars intercepted fragments of traffic from open WiFi networks around the country. The ruling is a preliminary step in a larger patent trolling case. A company called Innovatio IP Ventures has accused various "hotels, coffee shops, restaurants, supermarkets," and other businesses that offer WiFi service to the public of infringing 17 of its patents. Innovatio wanted to use packet sniffing gear to gather WiFi traffic for use as evidence in the case. It planned to immediately delete the contents of the packets, only keeping the headers. Still, the firm was concerned that doing so might violate federal privacy laws, so it sought a preliminary ruling on the question.

Why passwords have never been weaker-and crackers have never been stronger
arstechnica.com
by Dan Goodin
August 21, 2012

Thanks to real-world data, the keys to your digital kingdom are under assault.

In late 2010, Sean Brooks received three e-mails over a span of 30 hours warning that his accounts on LinkedIn, Battle.net, and other popular websites were at risk. He was tempted to dismiss them as hoaxes—until he noticed they included specifics that weren't typical of mass-produced phishing scams. The e-mails said that his login credentials for various Gawker websites had been exposed by hackers who rooted the sites' servers, then bragged about it online; if Brooks used the same e-mail and password for other accounts, they would be compromised too. The warnings Brooks and millions of other people received that December weren't fabrications. Within hours of anonymous hackers penetrating Gawker servers and exposing cryptographically protected passwords for 1.3 million of its users, botnets were cracking the passwords and using them to commandeer Twitter accounts and send spam. Over the next few days, the sites advising or requiring their users to change passwords expanded to include Twitter, Amazon, and Yahoo.

Crypto breakthrough shows Flame was designed by world-class scientists
arstechnica.com
by Dan Goodin
June 9, 2012

The spy malware achieved an attack unlike any cryptographers have seen before.

The Flame espionage malware that infected computers in Iran achieved mathematic breakthroughs that could only have been accomplished by world-class cryptographers, two of the world's foremost cryptography experts said. "We have confirmed that Flame uses a yet unknown MD5 chosen-prefix collision attack," Marc Stevens and B.M.M. de Weger wrote in an e-mail posted to a cryptography discussion group earlier this week. "The collision attack itself is very interesting from a scientific viewpoint, and there are already some practical implications."

Promotional Firefox community site hacked (again)
arstechnica.com
by Ryan Paul
October 4, 2005

Some of you may remember when the SpreadFirefox site got hacked by spammers in July. Well, it happened again. Although the unfortunate Drupal vulnerabilities have all been adequately patched, site maintainers overlooked significant, remotely exploitable v

SpreadFirefox members received e-mails this morning informing them of a potential intrusion. The e-mail assures us that the exploit was limited to the SpreadFirefox server, and never affected the Mozilla sites or software. Like last time, the administrators believe that no critical data was acquired, but they recommend that users change their passwords...

  1     2     3     4     5     6     7     8     9     10    | [Next]  [Last] of 172 page(s)