German ID cards hacked by the CCC
Date: 2010-09-02 02:30:56Source: The Local The sensitive personal information found on the new German identification cards with data chips scheduled for nationwide introduction this November can be easily hacked, according to testing done by a TV news show.
Public broadcaster ARD’s show “Plusminus” teamed up with the hacker organisation the Chaos Computer Club to find out how secure the controversial new radio-frequency (RIHD) chips were.
Set to air Tuesday evening, the report shows how they used the basic new home scanning machines that will go along with the cards, and found that scammers would have few problems extracting personal information. This includes two fingerprint scans, which German citizens can opt out of, and a new six-digit PIN number meant to be used as a digital signature for official government business and beyond. The home scanners will be necessary for use with home computers to process the personal data for official business and possibly even online shopping.
Apple's elephant in the cloud
Date: 2010-09-02 02:29:51Source: ZDNet (UK) Apple has an obsession with elegance. Just look at the line-up at yesterdays annual orgy of consumer desire. A new iPod Nano that looks like a tiny, animated, touch-sensitive, acid-drenched postage stamp - without losing a microgram of cool. An iPod Touch that generates and displays video, plays games and audio, and runs a kazillion apps, all with fewer buttons than a Mark 1 Walkman. An Apple TV that hooks together HD movies, Internet still and moving pictures, hewn from a minimalist block of ebony-black plastic.
On this count, Apple still has it - and has it with enough insouciance to carry off a pricing structure only explicable if they have their flash memory hand-carved by octogenarian Japanese craftsmen using unicorn horn instead of silicon. Not to mention a dollar-to-pound conversion rate uncontaminated by actual forex.
Yet theres one place where the whole business falls down. iTunes, now in its tenth incarnation, is the prog rock wig-out at the techno rave. And like the LPs of some of the 70s more behemothian bands, each new version is more overblown than the last. If iTunes was a record, by now it would be a quad album in a gatefold sleeve, with lyrics written in faux runescript and a free Roger Dean poster showing space-going whales dancing a quadrille around Planet Pomp. It is the app that taste forgot.
Russian cops cuff 10 ransomware Trojan suspects
Date: 2010-09-02 02:29:08Source: The Register (UK) Russian police have arrested 10 suspected members of a ransomware gang who allegedly made millions via a locked computer malware scam.
PCs infected by the WinLock Trojan at the centre of the scam were rendered unusable because the malware disabled key Windows components. More embarrassingly pornographic images were displayed on compromised machines, IDG adds.
The crooks claimed the damage could only be undone by sending premium rate SMS messages at a cost of between 300 rubles ($9.72) and 1,000 rubles. Tens of thousands of victims, mostly in Russia, were hit by the scam, Host Exploit reports. Web users in Ukraine, Belarus and Moldova were also reportedly affected by the scam, which reportedly earned crooks as much as $16m in just one month.
How to Design a Secure DMZ
Date: 2010-09-02 02:28:09Source: eWeek We have come a long way when it comes to DMZs (demilitarized zones). Its no longer a question of if your organization needs a DMZ, but rather, its now a question of how you should design one.
In computer security, a DMZ is a physical or logical subnetwork that contains and exposes an organizations external services to a larger, untrusted network—usually the Internet. The original DMZ designs included a simple network separated from the internal network, where everything that needed access to the Internet was placed.
Today, there are as many DMZ designs as there are vehicles on the road. You have industrial trucks designed to simply transport goods as cheaply as possible. You have economy cars designed to save money. And you have exquisite Italian sports cars that are sure to make your friends jealous (and fast enough that you always arrive with plenty of extra time for a nice cup of espresso). DMZ designs are a lot like cars: there are many varieties which go by a lot of different names but they all serve the same purpose.
Feds crack phone clone scam that cost Sprint $15m
Date: 2010-09-02 02:27:25Source: The Register (UK) Federal prosecutors have uncovered a scam that used tens of thousands of cloned cellphones to defraud Sprint out of $15m in lost long distance revenue.
The operation dates back to at least the latter half of 2009, when cellular customers began complaining that they were billed for international calls they didnt make, according to court documents made public on Wednesday. When Sprint employees looked into the matter, they discovered that many of the calls were made from hundreds of miles away from where the customers lived and within minutes of other calls made from the customers homes.
Eventually, the Sprint investigators discovered that electronic credentials belonging to “tens of thousands of its customers” were used to make international calls that would have cost $15m had they been billed at the going rate. Whats more, many of the defrauded customers online accounts were breached so that changes could be made to passwords, international calling features and other settings.
VMWare Sees Big Business In Becoming The Internet Operating System
Date: 2010-09-02 02:26:39Source: Forbes.com VMWare’s annual “VMWorld” conference is in full swing and on Tuesday the company announced vCloud Director, vShield Edge and four other new products. The products are an important development for virtualization despite sounding a little vSilly to non-IT professionals.
In case you don’t know your vSphere from a hole in the ground, here’s a quick summary of where VMware is today: the company has spent a decade evangelizing the value of virtualizing hardware resources to make them do more with less. The “cloud” proselytization efforts have been successful: People started deploying more virtual machines than physical ones starting last year, according to IDC, and VMware now claims 190,000 customers worldwide.
VMware’s flagship product is called vSphere and it can be thought of, more or less, like a Windows for the data center. On PCs operating systems like Windows play two roles: they offer an interface for the user to run applications and manage all the hardware (video cards, USB connections, etc.) via “device drivers” that speak their language.
How Your Cloud Dream Is Becoming a Security Nightmare
Date: 2010-09-02 02:25:02Source: NY Times L33tdawg: Dont miss our special keynote panel on cloud computing security at HITBSecConf2010 - Malaysia featuring Mikko Hypponen, Dennis Maslennikov, Dr. Jose Nazario and Paul Ducklin. After extracting a deal from Research In Motion that appears to give state authorities the ability to monitor messages sent over the company’s BlackBerry network — similar to a deal that RIM agreed to with the government of Saudi Arabia — the Indian government has suggested that it may go after both Google and Skype in an attempt to get similar kinds of security concessions.
India’s threat means that this is no longer just about Research In Motion and its specific network or security controls; it’s about gaining widespread and potentially unlimited access to a whole range of cloud-based services. In other words, it means that our growing use of the “cloud” — whether it’s web-based email or web-based voice calls such as those recently launched by Google, or mobile email and data from companies such as Research In Motion — is colliding headlong with the demands of foreign governments to control those services and applications, or at least their demands to monitor them whenever they wish.
China demands real names from mobile phone users
Date: 2010-09-02 02:12:27Source: IT World China is now requiring people setting up new mobile phone accounts to register with their real identities as part of a new government measure to reduce anonymity among the countrys 800 million mobile users.
All carriers are to adopt the real-name registration system starting this month, said China Telecom spokesman Xu Fei. Within three years, the carriers must also register the real identities of all existing users.
"The policy on existing users is not being carried out very forcefully," Xu said. "If existing users do not register their names, their service probably will not be discontinued." Street newsstands in China, where cell phone accounts were once conveniently sold, will also be prohibited from selling SIM cards, Xu added.
Windows Phone 7: Done
Date: 2010-09-02 02:11:46Source: OS News Its been only a mere six months since its first unveiling, but Microsoft has already announced that Windows Phone 7 has been released to manufacturing. This means device makers can start tuning the software to their hardware, leaving plenty of time to release devices before the holiday season.
The news was announced by Microsofts Terry Myerson. "Windows Phone 7 is the most thoroughly tested mobile platform Microsoft has ever released,"he details, "We had nearly ten thousand devices running automated tests daily, over a half million hours of active self-hosting use, over three and a half million hours of stress test passes, and eight and a half million hours of fully automated test passes. Weve had thousands of independent software vendors and early adopters testing our software and giving us great feedback. We are ready."
US undergrads crash NASA satellite into Arctic
Date: 2010-09-02 02:11:06Source: The Register (UK) Undergraduate students in America managed to get control of the manoeuvring thrusters of an orbiting 2000-lb NASA satellite at the weekend, sending it plummeting into the Earths atmosphere to rain burning fragments across the chilly seas north of Norway and Russia.
"They ran calculations to determine where the spacecraft was located," said Darrin Osborne, flight director for the now-destroyed Ice, Cloud and Land Elevation Satellite, or ICESat. "The students did this seven days a week."
Rather than a posse of delinquent space hacker youths pranging satellites for lolz, however, the undergraduates in question were actually supposed to be in charge of the ICESat. They had been given a go on the controls as part of the ongoing operations of the Laboratory for Atmospheric and Space Physics (LASP) at the University of Colorado. LASP operates various science satellites for NASA from its space command centre on campus in Boulder, Colorado.
|