GDT::Security::Watchdog::Archive::Year 2008

Security Watchdog

Using RFID to Track HIV-Positive Humans
Time.com has reported that the Papua province in Indonesia might start implanting RFIDs into certain humans. The goal: to "prevent the extinction of the Papuan people."

Time.com::Papua Proposal: A Microchip to Track the HIV-Positive [06 December 2008, top]

Suckers are Everywhere
Glenn Beck from 21 November 2008.
   "By now 99.999% of people out there are aware of the Nigerian 
    email scam. And those who aren't aware of it are not dumb 
    enough to wire hundreds of thousands of dollars to the 
    Central Bank of Nigeria."

Meet not Britney, but Janella Spears...

GlennBeck.com::Glenn Beck: Nigerian email scam nets 400k

[22 November 2008, top]
Pentagon Under Cyberattack (We Need DARPA)
PCWorld.com reported that the the U.S. Department of Defense took an "estimated 1,500 computers offline Wednesday after a security breach within the Office of the Secretary of Defense (OSD)."

"I don't do e-mail," said Secretary of Defense Robert Gates. "I'm a very low-tech person."

Our next Secretary of Defense must be a very high-tech person because cyber-warfare, bio-warfare, nano-warfare and robo-warfare could be stark reminders that the United States of America has been asleep at the wheel.

"September 11 was essentially a collision of early 20th-century technology: the airplane and the skyscraper. We don't want to see a collision of 21st-century technology," said Bill Joy in 02006.

The United States needs to say 02008 is the 01958 of the 21st century; therefore, DARPA's current annual budget of approximately $3.2 billion needs to be increased at least ten-fold.

[21 November 2008, top]
Crackers Adding Cell Phones to Botnet Armies
I posted the following as a comment to a blog posting at AzCentral.com that was titled "Coming to a cell phone near you: Business cards."
   Crackers are foaming at the mouth as cell phones become 
   more computer-like and Internet connected. Just think 
   of the botnets that can be formed when cell phones join 
   the zombie computer systems found world-wide.  What's 
   even better is that cell phones are being given to kids 
   of all ages... cracker heaven!

   Did you ask this company how they ensure secure usage/communications?

The ACM had a posting that started as follows: "Georgia Tech security researchers say that hackers will likely target cell phones for use in creating botnet armies."

Note to ACM: These "hackers" are "crackers."

[01 November 2008, top]
If Palin's Cracker is Guilty, Send Him to Jail
I saw AP reported that David Kernell has been charged with "intentionally accessing Palin's e-mail account without authorization."

If Kernell is found guilty, then he is a cracker and crackers are criminals; therefore, he should receive the maximum sentence of "five years in prison, a $250,000 fine and three years of supervised release."

Ken Thompson was correct when he wrote: "The act of breaking into a computer system has to have the same social stigma as breaking into a neighbor's house."

[10 October 2008, top]
Shoddy IT Practices at OK's Dept. of Corrections
This is an old item that never go posted until now...

WTF--What the Foo!

If this is true, then Oklahoma's Dept. of Corrections needs to fire some of their IT workers.

TheDailyWTF.com:: Oklahoma Leaks Tens of Thousands of Social Security Numbers, Other Sensitive Data

[01 October 2008, top]
Sarah Palin's Yahoo Email Account Cracked
Wired is correct to state: "The simplicity of the attack, of course, makes it no less illegal."
   "As detailed in the postings, the Palin hack didn't 
    require any real skill. Instead, the hacker simply 
    reset Palin's password using her birthdate, ZIP code 
    and information about where she met her spouse -- the 
    security question on her Yahoo account, which was 
    answered (Wasilla High) by a simple Google search."

Palin is now being critized for conducting work business using her Yahoo! email account.

Blog.Wired.com::Palin E-Mail Hacker Says It Was Easy

[Extra] I posted the following to the my AzFoo@AzCentral.com blog.

Sarah Palin's Yahoo! email account was cracked (not hacked) by a cracker (not a hacker).

People who criticize Palin's computing practices should be careful because there is a good chance many of us are using our computers in non-secure ways. For example, I suspect over the span of the last decade lots of email has been sent over the Internet as plain-old-text when it should have been encrypted.

Most of the software that we use everyday is "just good enough software." This type of software is fine when using it on a personal computer that is not connected to the Internet; but, this code becomes "just bad enough software" when the personal computer is connected to the Internet (and a whole wide world of crackers/criminals).

Don Henley, back in 01989, wrote a song titled "Gimme What You Got" that contained the lyric: "A man with a briefcase can steal more money than any man with a gun." Henley should modernize his lyric by adding the line "And a cracker with a high-speed Internet connection can steal more money than any man with a briefcase."

Although they will eventually become a computing relic, passwords still play a critical role in our computing world. During 01999, I created a webpage about passwords.

[20 September 2008, top]
Crackers Cracking Away at the Large Hadron Collider
Crackers cracking supercomputers is beyond scary.

Telegraph.co.uk::Hackers attack Large Hadron Collider

[15 September 2008, top]
Google's Chrome Suffers Buffer Overflow Defect
Last week Google released a beta-version of a web browser named Chrome. Browsers are software and most software, especially when new, contains defects.

Buffer overflows live!

   [source: PCWorld.com]
   "The bug is a buffer overflow that occurs if a user saves a 
    Web page containing an overly long 'title' tag, according 
    to Bach Koa Internetwork Security (Bkis), based at the 
    Hanoi Institute of Technology."

PCWorld.com reported that the Chrome defect "can be exploited on PCs running Windows XP SP2 and Chrome version 0.2.149.27."

Hmmm... I wonder what the version number means?

PCWorld.com::Critical Vulnerability Patched in Google's Chrome

[08 September 2008, top]
Laptop at the Intl. Space Station Cracked
The following was obtained from NewsFactor.com via My.Yahoo.com.
   "Space-oriented Web site SpaceRef.com has reported that a 
    laptop aboard the International Space Station has become 
    infected with a Level 0 virus, and on Tuesday the National 
    Aeronautics and Space Administration (NASA) confirmed that 
    a virus was carried aboard last month."

When it comes to virus levels, I doubt we can go any lower than zero, but I wonder what the maximum virus level is?

SpaceRef.com::NASA Discovers Computer Virus Aboard the International Space Station

[28 August 2008, top]
E-Voting Systems Approaching ACCURATE
I get the shivers everytime I hear about e-voting systems being deployed. For the last couple of decades, the computing profession has been alerting politicans that e-voting systems are not ready for elections of any significance. Thank goodness the National Science Foundation agrees.

Back in August of 2005, the NSF awarded $7.5 million to ACCURATE. ACCURATE is A Center for Correct, Usable, Reliable, Auditable, and Transparent Elections.

Given who the principal investigators are for ACCURATE, especially with the inclusion of Peter Neumann and Avi Rubin, e-voting systems might someday become a reality.

[20 August 2008, top]
Good Passwords Are Still Important
Passwords remain critically important in today's computing world. Someday this will change, but until it does computer users need to learn how to select good password.

GoogleBlog.Blogspot.com::Does your password pass the test?

Back in the 20th century, I wrote ThurmSpeaks::About Passwords

[04 August 2008, top]
SysAdmins Are Key Employees
Time and time again I've commented about how employers needs to treat their SysAdmins with the utmost respect. SysAdmins, especially those who are decent programmers, are in extremely powerful positions.
   "San Francisco's computer system has denied access to 
    IT administrators. Authorities said a disgruntled employee 
    programmed the system with a password only he knows."

NewsFactor.com reported that "Cisco has been consulted, and estimates are that in the worst case, the network could be rebuilt from scratch in six to eight weeks." Yuck!

NewsFactor.com::Admins Locked Out of San Francisco's I.T. System

[Extra] From last century... GDT::Speaks::About System Administrators (SysAdmins)

[18 July 2008, top]
Un-Patched DNS Defects Are Dangerous
DNS (Domain Name System) allows devices connected to the Internet to be reference by name rather than IP address.

It appears as though Dan Kaminsky, director of penetration testing at IOActive, deserves a huge Thank You from all us Internet users.

NetworkWorld.com::Major DNS flaw could disrupt the Internet

[10 July 2008, top]
Potential Set-Back To Privacy Rights (YouTube-Viacom)
The court has ruled that Google needs to hand over YouTube usage data to Viacom (and the Football Assoc. Premier League).
   "Defendants encourage individuals to upload videos to the YouTube 
    site, where YouTube makes them available for immediate viewing by 
    members of the public free of charge.  Although YouTube touts
    itself as a service for sharing home videos, the well-known 
    reality of YouTube's business is far different.   YouTube has 
    filled its library with entire episodes and movies and significant
    segments of popular copyrighted programming from Plaintiffs and 
    other copyright owners, that neither YouTube nor the users who 
    submit the works are licensed to use in this manner.  Because 
    YouTube users contribute pirated copyrighted works to YouTube 
    by the thousands, including those owned by Plaintiffs, the videos
    'deliver[ed]' by YouTube include a vast unauthorized collection of     
    Plaintiffs' copyrighted audiovisual works. YouTube's use of this 
    content directly competes with uses that Plaintiffs have authorized    
    and for which Plaintiffs receive valuable compensation."

The EFF reported that the "court ordered production of not just IP addresses, but also all the associated information in the Logging database."

The EFF said the Logging database contains:

   "for each instance a video is watched, the unique 'login ID'
    of the user who watched it, the time when the user started 
    to watch the video, the internet protocol address other devices 
    connected to the internet use to identify the user's computer 
    (IP address), and the identifier for the video."

At least one person has suggest Google should provide the information in paper form.

Luckily for Google, they do not have to supply the code with the data.

EFF.org::Court Ruling Will Expose Viewing Habits of YouTube Users

[05 July 2008, top]
Using Tattoos and Scars For Identification
There are numerous forms of biometrics that work well: fingerprint, face, eye and DNA are examples. Heck, advances are being made with "gait" recognition systems, which identify us based upon how we walk.

I had not heard of identification systems that can "recognize" tattoos, but I can see them being effective.

   "Called 'Tattoo-ID,' the system Jain has been working on is a 
    software program, which includes an annotated database containing 
    images of scars, marks and tattoos, provided by law enforcement 
    agencies. Each tattoo image in the database is linked to the 
    criminal history records of all the suspects and convicts who 
    have a tattoo."

MedicalNewsToday.com::Taking Biometric Recognition To The Next Step By Adding Scar, Mark And Tattoo Recognition Capability

[03 July 2008, top]
Bruce Schneier on "Digital Manners Policies"
When Bruce Schneier speaks, I try to listen.

I've known about "kill switches."

   "OnStar will soon include the ability for the police to shut 
    off your engine remotely. Buses are getting the same capability, 
    in case terrorists want to re-enact the movie Speed. The Pentagon 
    wants a kill switch installed on airplanes, and is worried about 
    potential enemies installing kill switches on their own equipment.

But I had not heard heard of "Digital Manners Policies."

   "Microsoft is doing some of the most creative thinking along these 
    lines, with something it's calling 'Digital Manners Policies.' 
    According to its patent application, DMP-enabled devices would 
    accept broadcast 'orders' limiting capabilities. Cellphones could 
    be remotely set to vibrate mode in restaurants and concert halls, 
    and be turned off on airplanes and in hospitals. Cameras could be 
    prohibited from taking pictures in locker rooms and museums, and 
    recording equipment could be disabled in theaters. Professors finally 
    could prevent students from texting one another during class."

Students texting during class is not that big of deal... at least they're not sleeping.

Scheneir ends his posting with the following.

   "'Digital Manners Policies' is a marketing term. Let's call this 
    what it really is: Selective Device Jamming. It's not polite, it's 
    dangerous. It won't make anyone more secure -- or more polite."

Wired.com::I've Seen the Future, and It Has a Kill Switch

[01 July 2008, top]
East Valley Tribune--At Least a Decade Too Late
East Valley Tribune Editorial on 27 June 2008. The headline caught my eye, but it was the first paragraph that captured my attention.
   "Our View: More safeguards must be in place before 
              moving all our information online"

   "Perhaps it's time we Americans start to talk honestly about 
    the dangers we subject ourselves to by accepting an ever-widening 
    use of our personal information on government and private 
    Internet sites."

Hmmm... this is the middle of 2008. This editorial should have been printed at least a decade ago.

Plus, in addition to being at least a decade behind the times, the East Valley Tribune use the word hacker when they should have used the word cracker.

[28 June 2008, top]
Research Continues On Gait Recognition
It has been a while since I've heard anything about the gait biometric. It appears as though researchers are continuing to work on gait recognition technololgy.
   "C. Nandini of the Vidya Vikas Institute of Engineering and
    Technology and C.N. Ravi Kumar of the S.J. College of Engineering 
    in Mysore, India, explain that human gait typifies the motion 
    characteristics of an individual. Viewed from the side, we each 
    have a unique gait that makes us easily recognizable."

EurekAlert.org:: Tell me by the way I walk

[16 June 2008, top]
Is China Cracking U.S. Government Computers?
It got a small column in today's (12 June 2008) Arizona Republic, but the news is getting heavily pushed around the Internet.

I don't have any data to say anything about China cracking the computers that belong to the U.S. government, but for some reason I suspect these computers are easily crackable.

From the duh department...

   "We cannot afford to look the other way when foreign sources 
    are threatening to compromise our government institutions, 
    our economy, our very way of life through cyber espionage. 
    We cannot sit by and watch."--Rep. Frank Wolf of Virginia

Note: The state of Virginia is Internet heartland.

NewsFactor.com::China Accused of Hacking Computers on Capitol Hill

[12 June 2008, top]
From ACM Technews... China's Cyber-Militia
The Security Watchdog has zero doubts that the following is true.
   "Chinese hackers pose a clear and present danger to U.S. 
    government and private-sector computer networks and may 
    be responsible for two major U.S. power blackouts."

Cyberwarfare is going to be uglier than ugly.

   "Cyber-networks are the new frontier of counterintelligence.
    If you can steal information or disrupt an organization by 
    attacking its networks remotely, why go to the trouble of 
    running a spy?" -- Joel Brenner, the government's senior 
                                     counterintelligence official

NationalJournal.com::China's Cyber-Militia

[09 June 2008, top]
VOIP Users Beware
VOIP is Voice Over Internet Protocol) and it supports the making of phone calls via the Internet.
   "It exploits the fact VOIP uses UDP, not TCP; it is designed 
    to tolerate some packets going missing so hijacking a few to 
    transmit a hidden message is not a problem."

Technology.NewScientist.com::Secret messages could be hidden in net phone calls

[02 June 2008, top]
Huge Crack Found In OpenSSL Library
Finding cracks in the OpenSSL library is indeed "alarming."

Talk about the power of The Code...

   "Two changed lines of code have created profound security 
    vulnerabilities in at least four different open-source 
    operating systems, 25 different application programs, 
    and millions of individual computer systems on the Internet."

SSL stands for "Secure Socket Layer" and it is used to encrypt and decrypt information.

   "Modern computer systems employ large numbers to generate 
    the keys that are used to encrypt and decrypt information 
    sent over a network."

Large numbers are critical when it comes to encryption.

   "Instead, it reduces the number of different keys that 
    these Linux computers can generate to 32,767 different 
    keys, depending on the computer's processor architecture, 
    the size of the key, and the key type."

32,767 is not a large number.

TechnologyReview.com::Alarming Open-Source Security Holes

Blogs.ZDNet.com:: With the Quickness: HD Moore sets new land speed record with exploitation of Debian/Ubuntu OpenSSL flaw

[02 June 2008, top]
UofA's Phoenix Mars Mission Website Cracked
The University of Arizona is hosting a website in support of the Phoenix Mars Lander. The website was cracked.
   "A spokeswoman for the Phoenix Mars Lander mission says 
    a hacker took over the mission's public Web site during 
    the night and changed its lead news story."

Phoenix.LPL.arizona.edu::Phoenix Mars Mission

[01 June 2008, top]
China Engaged In Cyberwarfare With India?
This is bad news for the United States of America. With each attack, China gets better and better at cyberwarfare.
   "China's cyber warfare army is marching on, and India is 
    suffering silently. Over the past one and a half years, 
    officials said, China has mounted almost daily attacks 
    on Indian computer networks, both government and private, 
    showing its intent and capability."

Cyberwarfare is beyond ugly.

IndiaTimes.com::China mounts cyber attacks on Indian sites

[05 May 2008, top]
More and More Webpages Being Cracked
Crackers are finding increasingly difficult to crack systems using email; therefore, they have turned to using webpages instead.

Good news...

   "A year ago, one out of every 909 e-mails was infected with 
    malicious code. In the first quarter of 2008, only one out 
    of every 2,500 was infected. 

Bad news...

    "Last year, Sophos detected an average of roughly 5,000 infected 
     Web pages a day; this quarter, the average is 15,000 per day. 
     That's one new infected Web page every five seconds."

   "And these are sites you may well visit: 79 percent are legitimate 
    sites, not sites set up specifically to host malicious attacks."

More bad news...

   "The Sophos report also shows that more than 92 percent of all 
    e-mail sent in the first quarter of this year was spam. 

Crackers are criminals.

NewsFactor.com::Study Finds Infected Web Pages on the Rise

[01 May 2008, top]
E-Voting Systems Not Ready For Presidential Election
Electronic voting... many in the computing world think it could be worse than hanging chads.
   "The three systems we looked at are three of the most widely 
    used around the nation.  They're going to be using them in 
    the 2008 elections; they're still going to have the same 
    vulnerabilities we found."--David Wagner, Computer Science
    professor at UC-Berkeley

PCWorld.com:: U.S. Presidential Election Can Be Hacked Cracked

[14 April 2008, top]
Click Fraud Happens
I've never understood how clicks could be accurately counted. Surprise, surprise... some people are using the inexact science of counting clicks to commit fraud. In fact, click counting has spawned an "industry" (at least for the time being).

ClickForensics.com:: Industry Click Fraud Rate Climbs to 16.6 Percent for Fourth Quarter 2007

[01 April 2008, top]
No Excusing Sloppy IT Practices
It's bad enough when computer systems contain cracks that allow crackers to crack them, but there are no excuses for sloppy IT practices.

BlueCross BlueShied's Dental Network unit needs to improve their IT operations.

   "A dental HMO accidentally put the social security numbers 
    of 75,000 members online last month, and the people weren't
    notified until three weeks later, the Baltimore Sun reports.

USA Today reported that the HMO said "the data is now secure and the issues that resulted in the data breach have been corrected." That's nice, but I doubt the 75,000 people who have had their SSNs exposed could care less.

[27 March 2008, top]
Hannaford Brothers Shoppers Beware
Hannaford Brothers supermarket chain was attacked by crackers. The company announced that "as many as four million credit- and debit-card numbers" were stolen from a "data intrusion into its computer network." Hannaford Brothers reported that "no personal information, such as names and addresses, was accessed or obtained" and that it is "aware of fewer than 2,000 cases of reported fraud related to this crime."

The Security Watchdog hopes "fewer than 2,000 cases of reported fraud" isn't considered "good" news; just one case of fraud is one case too many.

Hannaford's press release indicated that "data was illegally accessed from Hannaford's computer systems during the card-authorization transmission process."

The Security Watchdog found the following quote humorous.

   "What showed up here was a new trend where criminals are going 
    after data in transit, as opposed to data at rest. I think 
    everybody was caught off-guard by that."--Avivah Litan, 
    a security analyst for Gartner, via NewsFactor.com

It is difficult to believe that anybody was "caught off-guard" by the fact that crackers around the world are intercepting data that's being transmitted via the world's networks.

Hannaford.com:: Credit Card Security Press Release

[20 March 2008, top]
Crackers Don't Need To Be Hackers
Forbes.com--Cyber Security: "The No-Tech Hacker." It starts with the following...
   "Hackers have a lot of fancy names for the technical exploits 
    they use to gain access to a company's networks: cross-site 
    scripting, buffer overflows or the particularly evil-sounding 
    SQL injection, to name a few. But Johnny Long prefers a simpler 
    entry point for data theft: the emergency exit door."

   "By law, employees have to be able to leave a building without 
    showing credentials," Long says. "So the way out is often the 
    easiest way in." 

   "Case in point: Tasked with stealing data from an ultra-secure 
    building outfitted with proximity card readers, Long opted for 
    an old-fashioned approach. Instead of looking for vulnerabilities 
    in the company's networks or trying to hack the card readers at 
    the building's doors, he and another hacker shimmied a wet washcloth 
    on a hanger through a thin gap in one of its exits. Flopping the 
    washcloth around, they triggered a touch-sensitive metal plate 
    that opened the door and gave them free roam of the building. 
    'We defeated millions of dollars of security with a piece of 
    wire and a washcloth,' Long recalls, gleefully."

Physical security remains a huge issue and I don't think it is going away anytime soon.

Forbes.com:: The No-Tech Hacker

[18 March 2008, top]
ASP, PHP, JavaScript--Cracker Goodies
First crackers cracked 10,000 websites using mostly dot-asp (Active Server Pages). Now they have cracked 200,000 webpages using a combination of Javascript and PHP.
   "The infected pages bring up what appears to be a pornographic 
    web site. Upon loading the page, a 'fake codec' social engineering 
    attack is attempted. The user is told that in order to view the 
    movie on the page, a special video codec must be installed."

   "The user then downloads a trojan program which installs a malware 
    package on the users system then delivers a fraudulent error message 
    telling the user that the supposed codec could not be installed."

Crackers are criminals.

ITNews.com.au::Second mass hack exposed

[18 March 2008, top]
Crackers Use GNU Radio To Crack Pacemakers
Hackers don't hack pacemakers, but crackers might crack them.

Crackers can use GNU Radio software to crack a "combination pacemaker and defibrillator having wireless capabilities."

InformationWeek.com wrote the following.

   "The researchers say they believe that their attempts to 
    reverse-engineer the communications going to and from the 
    Medtronic implantable cardioverter defibrillator represent 
    the first use of software defined radios in the security 
    community for reverse engineering wireless protocols. The 
    group used the GNU Radio software toolkit to create a radio 
    receiver capable of processing radio waves as defined by software."

InformationWeek.com:: Pacemakers Vulnerable To Hacking

[13 March 2008, top]
Our Educational Systems Are Behind The Times
When it comes to taking a test, a common policy seems to be no talking, no books, no notes, no computer, no Internet, and no cell phone. Coming soon? No wrist watches.
   "Thai students will be barred from wearing watches in national 
    university entrance exams this weekend after a student was 
    caught cheating using a mobile phone wrist watch."

In our March department meeting, one faculty member indicated that instructor copies of textbooks can be obtained on eBay.com for $10.

Our educational systems have not adapted to the Internet world. What a shame.

[11 March 2008, top]
FTP Remains a Cracker Power Tool
FTP is the File Transfer Protocol (Program). According to a NewsFactor.com posting, "8700+ FTP login names and passwords are being peddled at an online auction site for stolen data."

The crackers are using the "NeoSploit 2" toolkit, which is "designed to exploit and trade FTP account credentials stolen from legitimate companies."

NewsFactors.com headline uses the term "Saas" and SaaS stands for "Software as a Service."

NewsFactor.com:: Hackers Use SaaS To Auction FTP Passwords, Inject Code

[29 February 2008, top]
Who Owns Electronic Address Books?
Headlines (titles, subject-lines, et al.) are important.

Fortune Magazine had an article titled "Who owns your address book?" The answer seems almost as obvious as who owns your door knob, but then again nothing's easy.

Money.CNN.com:: Who owns your address book?

[23 February 2008, top]
Biometrics Becoming a Growth Industry
Biometrics might morph into a growth industry.
   "Next Generation Identification, will give the government new 
    capabilities to identify people in the United States and abroad."

From $2.7 billion in 2007 to $7.1 billion on 2012?

   BCC Research called The Global Biometrics Market, the 
   global market for biometrics was worth nearly $2 billion 
   in 2006 and is expected to increase to $2.7 billion in 
   2007 and $7.1 billion by 2012, a compound annual growth 
   rate of 21.3 percent over the next five years.

NewsFactor.com:: FBI Unveils $1B Biometrics Initiative

[23 February 2008, top]
Crackers Are All Over the World
Crackers are all over the world and they come in many shapes and sizes and ages. Crackers crack systems and sometimes they do it without intending to be criminals.
   "A Polish teenager allegedly turned the tram system in 
    the city of Lodz into his own personal train set, triggering 
    chaos and derailing four vehicles in the process. Twelve 
    people were injured in one of the incidents."

   "The 14-year-old modified a TV remote control so that it could 
    be used to change track points, The Telegraph reports. Local 
    police said the youngster trespassed in tram depots to gather 
    information needed to build the device. The teenager told 
    police that he modified track setting for a prank."

TheRegister.co.uk:: http://www.theregister.co.uk/2008/01/11/tram_hack/ Polish teen derails tram after hacking train network

[04 February 2008, top]
Defending Hackers, Exposing Crackers
I posted the following in response to an Arizona Republic article found in the Business section on 2 February 2008. The article was titled: "U.S. tests its hacker defenses."
   The United States has little to fear from hackers, but 
   we have lots to be worried about when it comes to crackers.

   Hackers good; crackers criminals. Some crackers are hackers 
   that have gone bad; however, these days it is relatively easy 
   for somebody who is not a hacker to be an effective cracker.

   This posting should have been titled "U.S. tests its 
   cracker defenses." 

   I wanted to extend a Thank You to kgcoleman and 
   rootwebmasteraz for their informative comments.

   Cyberwarefare, if it happens, is not going to be fun. 
   Reboot America could be a movie titled "Reboot America
   --Invasion of the Blue Screens of Death."

[Extra] Quoting Bill Joy: "September 11 was essentially a collision of early 20th-century technology: the aeroplane and the skyscraper. We don't want to see a collision of 21st-century technology."

I suspect Joy was referencing bioterrorism (near term) and nanowarfare (next 2-3 decades), but cyberwarfare has probably already started. Simple attack: crack banking systems and multiple every positive account balance by zero. When the masses don't have any money, then what?

[04 February 2008, top]
Cyber-gangs Getting Into Mac Attacks
Get ready for some serious Mac attacks? Sophos, an IT security and control firm, thinks so.
   "No-one should underestimate the significance of 
    financially-motivated malware arriving for Apple 
    Macs at the end of 2007. Although Macs have a long 
    way to go in the popularity stakes before they overtake 
    PCs,particularly in the workplace, their increased 
    attractiveness to consumers has proven irresistible 
    to some criminal cybergangs."--Graham Cluley

Sophos.com:: Sophos Security Threat Report reveals cybercriminals moving beyond Microsoft

[31 January 2008, top]
RIAA Sends 407 Letters To Universities
I came across this news story on the PLUG-discuss mailing-list. (PLUG is the Phoenix Linux Users Group)

The RIAA's press release started with the following paragraph.

   "The Recording Industry Association of America (RIAA), on 
    behalf of the major record companies, this week sent a new 
    wave of 407 pre-litigation settlement letters to 18 universities 
    nationwide as part of an ongoing campaign against online music 
    theft. The letters reflect evidence of significant abuse of 
    campus computer networks for the purpose of copyright infringement."
    [source: RIAA.com on 10 January 2008]

On the local front, Arizona State University received 33 of the RIAA's 407 letters.

RIAA.com:: RIAA Continues College Deterrence Campaign Into 2008

[15 January 2008, top]
Revisiting "Reflections on Trusting Trust"
Ken Thompson won the ACM Turing Award in 1984. He wrote a paper titled "Reflections on Trusting Trust" that many computing gurus consider a classic. Thompson ended his essay with the following essay.
   "I have watched kids testifying before Congress. It is clear 
    that they are completely unaware of the seriousness of their 
    acts. There is obviously a cultural gap. The act of breaking 
    into a computer system has to have the same social stigma as 
    breaking into a neighbor's house. It should not matter that 
    the neighbor's door is unlocked. The press must learn that 
    misguided use of a computer is no more amazing than drunk 
    driving of an automobile."

Anybody who breaks into a computer is a cracker and crackers are criminals. And this is true independent of the cracker's age.

Bell-Labs.com:: Reflections on Trusting Trust by Ken Thompson

[15 January 2008, top]
U.K. Might RFID Criminals
I have suggested that everybody coming into the country be "chipped" with a RFID. However, this probably won't happen until there's another 911-like attack on our homeland. Chipping criminals sounds like a 21st century thing to do.

Independent.co.uk:: Prisoners 'to be chipped like dogs'

[14 January 2008, top]
Privacy--Huge Issue In 2008?
An AzCentral.com blogger posted Business Week's predictions for 2008. The following was listed as #10: "The world is going to find out how our privacy has been invaded by click-tracking software online."

It's more than just clicks. An "event" is generated everytime a computer mouse moves from one pixel to another. In addition, the amount of time a mouse hovers over a pixel can be measured. All this information can be transmitted over the Internet to supercomputers and subjected to 21st century Informatic processing.

With respect to privacy, I wonder if Business Week said anything about RFID?

[11 January 2008, top]
2007 Was a Great Year For Crackers
It is no surprise that 2007 was a record year when it comes to crackers/criminals stealing data.
   "The number of publicly reported data breaches in the U.S. 
    rose by more than 40% in 2007, compared to the previous year, 
    according to statistics compiled by the Identity Theft Resource 
    Center (ITRC), a consumer rights advocacy group."

InformationWeek.com reported that "127 million data records were exposed during 2007."

The Security Watchdog will remain operational during 2008 and it might even make it into 2009.

InformationWeek.com:: Record Number Of Data Breaches Reported In 2007

[03 January 2008, top]
About the Security Watchdog
The Security Watchdog starts 2008 with 422 postings. This blog was started during March of 2000 and the current world of computer security is worse now than it was then. Needless to say, there will always be content for the Security Watchdog for at least the next couple of years.

Security Watchdog Archives: 2007 | 2006 | 2005 | 2004 | 2003 | 2002 | 2001 | 2000

[01 January 2008, top]


Creator: Gerald Thurman [deru@deru.com]
Last Modified: Saturday, 05-Jan-2013 11:17:39 MST

Thanks for Visiting