Archive for November, 2009

US Military cyber forces on the defensive in network battle

November 30, 2009

US Military cyber forces on the defensive in network battle: “

Operation Screaming Whimpering Fist

The US 24th Air Force – the first dedicated American military cyber force to go operational – is ‘not yet a warfighting organisation’ and needs to ‘create an awareness of the battlespace’, according to its commander.…

(Via The Register – Security.)

Toshiba worker arrested for selling copy limit busting SW

November 30, 2009

Toshiba worker arrested for selling copy limit busting SW: “

You can’t do that in Japan

A Toshiba employee in Japan has been arrested for selling copy limit breaking software, letting buyers copy digital TV programmes on Japanese recording and playback products as much as they liked.…

(Via The Register – Security.)

Web service automates WordPress password cracking

November 30, 2009

Web service automates WordPress password cracking: “

Malefactors debut Hacking as a Service

Hackers have developed a distributed WordPress admin account cracking scheme that poses a severe risk for the security of blogs whose owners select insecure passwords.…

(Via The Register – Security.)

4 threats that scare CISOs

November 30, 2009

Chief information security officers answer 4 burning questions

6 chief information security officers share how they plan to keep government data and computers safe in the face of constantly changing risks, red tape and tight budgets

By John Moore

Nov 16, 2009

Unto the breach—that’s the everyday reality for the government chief information security officer, arguably one of the most difficult yet important jobs in government IT.

When the CISO title first started appearing on agency organization charts about seven years ago, the job was largely a paper-pushing exercise, focused on gathering data on the security of agency systems and rolling it into an annual report to Congress, as required by the Federal Information Security Management Act.

So what do CISOs need to do to make sure that security gets its due? What problems do they see coming, and how do they plan to address them with limited resources?

To discuss these and other important issues, contributing editor John Moore set up a virtual round table with five current and one former government CISOs. All participants received each question by e-mail and were invited to respond to one another’s answers.

Zeus: Same Criminal, New Spam Infrastructure

November 30, 2009

CyberCrime & Doing Time: Zeus: Same Criminal, New Spam Infrastructure: ”
CyberCrime & Doing Time
A Blog about Cyber Crime and related Justice issues
Zeus: Same Criminal, New Spam Infrastructure
Last week, one of the most long-lived malware spam delivery systems, which the anti-phishing community knew as ‘Avalanche’ went off-line. After sending spam almost non-stop for many months, no spam at all has been received from the ‘Avalanche’ group, which has been used since June to deliver a variety of Zeus or Zbot infectors, including scams pretending to be MySpace, Facebook, the FDIC, the IRS, NACHA, a Microsoft Outlook Update, and other scams.

Last night a new spam campaign began using a new scam to spread malware. A sample of the email looks like this:
We recorded a payment request from ‘Amy’s Kitchen’ to enable the charge of $94.71 on your account.

The payment is pending for the moment.

If you made this transaction or if you just authorize this payment, please ignore or remove this email message. The transaction will be shown o”

(Via .)

BackTrack4 Uses IPv6 to Cover Tracks

November 27, 2009

BackTrack4 Uses IPv6 to Cover Tracks

Security assessment toolkit uses Miredo as back-channel

By Scott Hogg on Mon, 11/23/09

This past week I was working on performing a security assessment and I was using the latest version of BackTrack 4. I noticed that it has Miredo support to help auditors establish a secret IPv6 back-channel to their exploited systems. This shows that the security community is recognizing how IPv6 can be used as a backdoor to owned systems.

Let’s face it; IPv6 deployments haven’t been as numerous as many of us would have hoped. Several years ago we were expecting that at the end of 2009 migration to IPv6 would be in full motion. However, the fact that IPv6 is still fairly obscure to most security administrators means that is can fly under the radar of most organizations. However, IPv6 is starting to gain the attention of hackers as a means of creating a covert channel to compromised systems.

FCC forms cyber security group

November 27, 2009

FCC forms cyber security group: “November 27, 2009 | Follow TG Daily: TWITTER FACEBOOK RSS

Prospects fade for quick Real ID repeal – Nextgov

November 27, 2009

Prospects fade for quick Real ID repeal – Nextgov: ”

Prospects fade for quick Real ID repeal
Congress appears increasingly unlikely to repeal a sweeping driver’s license law by the end of the year, which may force the Homeland Security Department to grant blanket waivers to states unable or unwilling to issue licenses that meet federal security standards.

Without the waivers or a congressional repeal, the Real I”

Hackers Crack GSM Encryption For Full Access To Private Phone Calls | BrickHouse Security Blog

November 27, 2009

Hackers Crack GSM Encryption For Full Access To Private Phone
Hackers Crack GSM Encryption For Full Access To Private Phone Calls
Published on 28 August 2009 by Jimmy Bosch in Security News

If you think that your phone calls are safe from third parties, you may want to think again. Members from the hacking group called The Chaos Computer Club plan to release a code that will supposedly give hackers complete access to your private phone calls. They claim that it can be done with a simple laptop and an antenna.

They also claim that various government criminal organizations already use this technique to break the encryption that protects your calls. GSM uses algorithms for key generation, authentication, and to encrypt its connections. The Chaos Computer Club has found a way to crack the encrypt”

(Via .)

Cyber breaches are a closely kept secret

November 27, 2009

By Diane Bartz and Jim Finkle

WASHINGTON (Reuters) – Cybercriminals regularly breach computer security systems, stealing millions of dollars and credit card numbers in cases that companies keep secret, said the FBI’s top Internet crimes investigator on Tuesday.

For every break-in like the highly publicized attacks against TJX Co (TJX.N) and Heartland Payment (HPY.N), where hacker rings stole millions of credit card numbers, there are many more that never make the news.

Read the rest here.