Gawker
-
security
Entire U.S. Government Under Hacker Attack
Security experts have to admit they kind of admire him, the hacker who is bizarrely attacking every last boring part of the U.S. government, online. His mysterious army is living the American Dream, really. More »
6,038
28
By Ryan TateComment by Kid Twist: As long as they don't hit the Federal Interagency Committee for the Management of Noxious and Exotic Weeds (FICMNEW) [www.fs.fed.us] That... 4 Responses | Other threads
-
facebook
Why the Koobface virus spread so fast
A long-dormant virus aimed directly at Facebook struck Thursday, spreading quickly via the social network. What's surprising isn't that Koobface hit Facebook so hard. It's that it took so long to do it.
16,381
By Owen ThomasComment by GiuliaEurytus: interesting. I got one of the messages, but it didn't say anything about video--sent me to a photo site, saying... 1 Responses | Other threads
-
hackers
YouTube users in virus panic
Hasn't YouTube always seemed too good to be true — all those video clips, for free? We must be getting away with something. That's why rumors about a new YouTube virus have spread so far, so fast.
9,760
By Owen ThomasComment by OswaldChelios: Although this article sounds logical, I touch computers everyday and my antivirus is NOT out of date. i own a... more » | Other threads
-
hackers
Credit-Card Hackers in New Attack
It's the last thing cash-strapped banks need right now: Holders of credit and debit cards are reporting an epidemic of unauthorized charges on their bills. It could be the sign of a massive card-fraud operation in the making. A company called Adele Services, based in Melville, N.Y., has been charging cards small amounts — 21 to 29 cents. Such charges are usually attempts by card fraudsters to test whether a particular card number is valid.
11,985
By Owen ThomasComment by finky: First time my card was hacked, I was 14, sitting in my dorm room bopping my head to Dashboard Confessional.... 3 Responses | Other threads
-
Tim the IT Guy
PDFs now as rock-solid secure as ActiveX
It's a verified bug: PDF files can be used to take over your PC. Adobe's mistake was adding support for ever-sloppy JavaScript inside the once-benign PDF format. Core Security, the company that outed the vulnerability, says, "An attacker could put malicious code in JavaScript embedded in a PDF and [...] could manipulate the program's memory allocation pattern and trigger the vulnerability to execute arbitrary code with the privileges of the user." Great. I can hardly wait to reinstall Paul's PC after he pretends to read another of those ethics-in-journalism PDFs.
397
Comment by macbeach: Sometimes it's good when the open source alternatives to these things don't follow the lead of the products they imitate.... more » | Other threads
-
software as a disservice
Vista is so secure, no one uses it
Pity the poor Microsoft employees in charge of protecting Windows from third-party apps with security holes. The only code they can fix is Microsoft's. But as John Markoff reports this morning, Microsoft's boldest move to protect Windows Vista users totally backfired: More »
2,103
By Paul BoutinComment by WagCurious: Come on! Every single Android app asks you a dozen security questions before it launches ("Should this app have access... 5 Responses | Other threads
-
Tim the IT Guy
Cisco concludes we're all breaking the rules
I'm a liar. So are you. The funny part is, we all know it. A new study by Cisco just confirms it. The 10-word version: "Everyone breaks published security policy to get their job done." None of this is a surprise to your IT department. We long for the day we can punish problem users for violating the pages of acceptable-use policies they signed but never read their first day on the job. Please, please, please just let us ban one guy from the network — pour encourager les autres, as Voltaire said.
1,223
Comment by Paul Boutin: What Tim means is: I use the same password for Valleywag as I do at First Republic. But damned... 2 Responses | Other threads
-
Tim the IT Guy
Microsoft saves my job for the weekend
Hooray — another zero-day patch! The financial sky is falling! The only good news is I'm used to hedge fund managers throwing themselves out the windows. If you're as familiar with zero-day patches as collateralized debt obligations, let me explain the difference to an IT guy. A CDO means I'm fired. A zero-day patch means I'm working. All weekend. More »
3,467
Comment by Nekoni: Maybe he's like my partner, likes the routine, regular money, a challenge, but not too much responsibility, just enough to... 1 Responses | Other threads
-
-
Blamestorming
Adobe: Amazon.com goof allowed free movie downloads
Amazon.com's Video On Demand service, which allows you to preview and purchase streaming videos online, uses Adobe's Flash Media Server to deliver the video. Late last week, Reuters reported that hackers had discovered an exploit that would allow users to turn the free preview into the full stream, allowing folks to watch movies for free using software like Replay Media Catcher from Applian. Adobe took issue with Reuters' contention that Flash isn't secure — instead suggesting it was Amazon's fault for not enabling various security options such as streaming encryption and player verification. Why did Adobe choose to blame a customer instead of quietly fixing the problem behind the scenes? Probably seemed easier. -
security
Israeli hacker in jail ten years after U.S. military break-in
Ehud "The Analyzer" Tenenbaum, who became world-famous when he and a number of fellow Israeli and California teens successfully exploited a vulnerability in Sun Solaris to gain access to computers at Nasa, Andrews Air Force Base and the Department of Defense, is in jail. Earlier this month he was arrested in Montreal on suspicion of having helped defraud credit card companies of $1.8 million. Wired dug up a slickly produced, pretty entertaining video produced by the FBI a year after the intrusion. More » -
security
College students fail fake-popup test
In a study conducted by the Psychology Department of North Carolina State University, 42 college students were asked to watch as a series of medical sites loaded. It was a trick: The researchers had rigged the computers to display typical malware popup dialogs, such as "Warning, your computer is infected with spyware. Windows needs to download and install the anti-spyware updates to remedy this issue. Click OK to begin." Just over half the test subjects clicked OK on three flagrant malware dialogs. Timing of the clicks suggests that most users simply wanted to get the popups out of the way, without considering their contents. (Image by Ars Technica)
823
By Paul BoutinComment by Shadowlayer: The 70 percent of all idiots that still use IE and dont have any blockers installed, they get the pop-ups... This... more » | Other threads
-
breakdowns
Bank of America site down for seven hours
Thinking about making a run on your bank from the privacy of your own home? If you're a Bank of America customer, good luck — the site has been down since 8 a.m. PST, and the problem has seems to have grown worse since it started. At first, users couldn't verify their "SiteKey" to access their accounts. The company then disabled online access and posted a note to the homepage, pictured. I couln't even access the homepage until just now, possibly because millions of customers are now desperately checking and re-checking the site to see when access is restored. Now that I can get in, it looks like I still have some money! So don't panic — I'm sure Bank of America, like the rest of America's financial services industry, has everything under control.
785
By Jackson WestComment by schlizzag: it's up now, but it was down for me throughout the day, without so much of a notice like the... more » | Other threads
-
great moments in journalism
Users booted for Facebook spam cry to the Washington Post about it
Elizabeth Coe sent 100 friends a link to her company's website. This feat got her booted from Facebook — and got her featured in the opening of a Washington Post story about Facebook's spam-fighting effort. Facebook is now banning users who ask too many people to be friends all at once, send too many messages, join too many groups, or "poke" too many people. "All I was doing is using it to communicate more efficiently, which is what I thought it was for," Coe told the Post, which goes on to explore the ins and outs of Facebook's unpublished rules. More »
916
Comment by debbydeb: I can see it now: "Washington Post said thanks to that spam cry story, it upped their newspaper status to... more » | Other threads
-
safari
Google copied Apple Web browser's bug, too
Security researcher Aviv Raff says Google's new browser Chrome exposes users "malicious hacker attacks," because it allows users to launch executable files directly from the browser and without warning. Raff created a harmless demonstration to show how with successful bait, Google Chrome users could accidentally download and launch a Java archive file that goes on to execute without warning. Security experts call this trick "carpet-bombing." ZDNet's Ryan Narraine says the flaw exists because Google Chrome is actually built from the same software as Apple's Safari 3.1, which had the same vulnerability until Apple issued Safari version 3.1.2.
1,013
Comment by dizzydj: I think its your XP machine man. I haven't had a bit of problem with Chrome. I can access anything and... more » | Other threads
-
your privacy is an illusion
Sarah Palin — beauty queen, sportscaster, hacker
Did you know Sarah Palin was a hacker, too? We already suspected there was nothing the Republican vice-presidential candidate couldn't do. While serving as Alaska's governor, she just had a baby. Even as she runs for office, she's preparing to be a grandma and planning her eldest daughter's not-so-coincidental wedding. Google has revealed the superwoman from the north's background as Miss Wasilla, her career as a sports journalist, and other highlights of her resume. But rifling through computer files for evidence? Not a problem for Palin. The Anchorage Daily News laid out how the VPILF used her technical savvy to discover evidence that suggested a state politician was in bed with the oil industry: More »
6,676
Comment by D98: That isn't a picture of Sarah Palin. It's a picture of the Overstock.com model/spokeswoman, Sabine Ehrenfeld. 3 Responses | Other threads
-
hackers
British superhacker will likely be tried in the U.S.
Gary McKinnon, the British hacker who broke into an astonishing number of U.S. military systems via a 56k modem, lost his court bid to avoid being extradited to the United States. Here's what that means for him: More »
1,169
By Paul BoutinComment by Barce: I'm glad he's doing his part to dispel the myth that hackers all look suspicious like me. more » | Other threads
-
hackers
How do you clean a virus in space?
The laptops up on the International Space Station have been infected with a virus — the W32.Gammima.AG worm, to be precise — which raises an interesting challenge: How do you wipe a computer clean when you're 217 miles away from Earth and moving at 17,000+ miles per hour? According to the BBC, the ISS isn't net-connected. All data is subject to scan before transmission upstairs. So the laptops were probably infected via flash drive before they left. The worm itself doesn't threaten the station — all it wants is your gaming passwords — and the laptops aren't connected to mission-critical computers. But the lack of an Internet connection makes fixing things tricky. More »
434
Comment by Robert Synnott: They should just be glad that no-one considers antique Soviet spacecraft control systems sensible targets for viruses... Spacecraft tend to use... more » | Other threads
-
We Read Facebook So Sheryl Sandberg Doesn't Have To
Facebook security a laughing matter for cofounder
Officially, Facebook is treating the onslaught of viruses piggybacking on the social network's popularity as a very, very serious matter. We're talking Sheryl Sandberg serious. Facebook's press statement reads: "We are investigating every report, removing false content, blocking bogus links and addressing the concerns of our users. These efforts have limited the affected users to a small percentage of those on Facebook.” The unofficial response from cofounder Dustin Moskovitz, posted on CEO Mark Zuckerberg's Facebook profile, is much more fun: More »
2,276
By Owen ThomasComment by macbeach: "fooling a lot of the people, a lot of the time." It's called self-selection. more » | Other threads
-
your privacy is an illusion
Virus mimics Facebook's hated Beacon ads
Facebook CEO Mark Zuckerberg should be relieved to learn that someone is at last "leveraging the social graph," as he might put it, for financial gain. Problem is, it's not Facebook. It's hackers pulling a phishing scam. A tipster tells us his friends at Facebook are busy fighting a virus that tricks a user into opening "a YouTube phishing site," delivered in the form of a Facebook message from one of the user's Facebook friends. More » -
hackers
Red Hat server break-in hushed up
"Last week Red Hat detected an intrusion on certain of its computer systems," says a security advisory from the leading Linux vendor. "The intruder was able to sign a small number of OpenSSH packages," in what seemed like an attempt to place something into the company's downloadable enterprise software packages. Red Hat's spokespeople say they don't believe any hacked packages were distributed, but still. More »
638
By Paul BoutinComment by Spy from the Land of Rainpeople: Contrary to RedHat's statement the customer information WAS compromised. At the very least hackers got ahold of the list of... more » | Other threads
-
hackers
FEMA phone system hacked to make free calls
Although not as hardcore as the British hacker that did his work over 56k, another hacker should be commended for his ability to hijack FEMA phone systems and make $12,000 worth of free phone calls this weekend. The Department of Homeland Security was apparently upgrading FEMA's voicemail system with outdated Private Branch Exchange (PBX) technology but failed to configure the security settings properly. The phreak was able to exploit a vulnerability and use Homeland Security's own phones to ring up countries like Afghanistan, Saudi Arabia, and Yemen. Which all proves that Michael Chertoff was right to fear the power hackers have over inept government bureaucracies. [AP] (Photo by gthills)
569
Comment by kimbjo: ALLO GUANTANAMO? YES THIS IS HQ AS YOU CAN SEE ON THE CALL DISPLAY. LISTEN, I NEED YOU TO RELEASE... more » | Other threads
-
Gary McKinnon
British hacker gets temporary reprieve
Gary McKinnon — crowned by the Pentagon as the biggest hacker of all time — will have to wait a bit longer before heading to the U.S. to face criminal charges. The European Court of Human Rights will now allow him to stay in Britain until August 28 to review his appeal against extradition. McKinnon has been pleading innocence throughout all this, claiming he was simply curious about what information the U.S. military and NASA had about UFOs. [News.com] -
Apple Users Held Hostage
iPhone day 33: The most eye-pleasing phishing spam ever
A Macworld reader sent in a screenshot of a charmingly credible HTML email that claims to be from Apple: "We were unable to process your most recent payment. Did you recently change your bank, phone number or credit card?" It's convincing not just because it's pretty, but because this sort of error from MobileMe at this point would seem like a minor hurdle — I'm still trying to figure out how my wife's name got onto my account in the conversion. That'll teach me to sneak her credit card.
1,357
By Paul BoutinComment by stiletto_the_wise: In this day and age, anyone who falls for "click here to update your billing information" deserves what they get.... more » | Other threads
-
security
How 15 minutes of shame can save your company
The Wall of Sheep is a tradition at the annual Defcon computer-security conference. Hackers at the event post information that other attendees have accidentally placed unsecured onto the conference's network. Passwords and porn are the best examples. Organizers at last week's Black Hat conference set one up, too. It's a fun prank, but here's a serious idea: Why not run a Wall of Sheep at your own company? There are two good reasons: More »
5,074
Comment by Shadowlayer: @sample032: What about WPA2-AES? from what I know it's impenetrable. @Advertising Guru: I was going to say that. For this to... more » | Other threads
-
cyberwar
Claim: Russian hackers behind spam crime ring took over Georgia's national websites
Before the Russian army pushed past the borders of breakaway republic South Ossetia and invaded Georgia's interior, Russian hackers took over Georgian government websites last Friday, taking control over a central government site as well as the homepages for the ministries of foreign affairs and defense. Researcher Jart Armin told Britain's Daily Telegraph he blames the attacks an organization called the Russian Business Network, which the Telegraph describes as a "a network of criminal hackers with close links to the Russian mafia and government." More »
640
Comment by categorically: Hey Russia... 1979 called an it wants its antiquated tanks and airplanes back. Jesus Boris, precision weapons means that they fall where... more » | Other threads
-
security
Vista security completely end-run by hack
Today at the Black Hat conference in Las Vegas, two security experts showed off a new Web-based break-in that completely bypasses all of the hardware memory protection built into Windows Vista. Once inside, a program can then load any content at all from the Internet via your browser. The best tech writeup is at Electronista: "The malicious code not only negates the effectiveness of Vista's Address Space Layout Randomization and Data Execution Prevention technologies, but specifically abuses their behavior to ensure an attack gets through." What does this mean for you? It's not the end of the world. But stand by for one very important Security Update.
1,107
Comment by drywaller79: I hope that this isn't as horrible as they make it out to be. I'm interested into finding out exactly... more » | Other threads
-
great moments in journalism
Reporters who hacked hackers at Black Hat get jacked
Three French reporters for Global Security Magazine attending this week's Black Hat Security Conference in Las Vegas were booted, after they "allegedly" (that's reporter-speak for "they won't admit it") sniffed the private network set up for the press. The private network is meant to be a sort of chill room for journalists, so they can file a few articles without getting pwned by conferencegoers every five minutes. Note to the French: We'll be more impressed if you hack Rachel Marsden's Facebook page.
843
By Paul BoutinComment by Passerby: oh guess what french journalistas from a magazine are going to reaping the rewards of that little stunt more » | Other threads
-
security
Facebook security spends all night battling worms
Facebook is under an attack of the worms similar to the MyDoom worm, rendered into an image above, that became the fastest spreading email worm ever in 2004. In recent days, thousands of users have fallen prey to at least two strains of malicious code that once downloaded onto a users computer, steal that user's Facebook username and password in order to spread itself via false links posted to friends' messages boards. Facebook security chief Max Kelly writes on the company blog that after a night of work, his team "identified and blocked the ability to link to the malicious websites from anywhere on Facebook." Security firm Sophos, which of course makes a living scaring people, says the threat isn't over. "If workers are allowed to be given access to these sites," goes Sophos "analyst" Graham Cluley's pitch,"then it's vital that they do not put their personal and corporate data at risk, and are protected from web-based infections."
846
Comment by freeformed: FYI: MessageLabs used these images for an Ad campaign for their security software more » | Other threads
-
hackers
Phisher-on-phisher crime — not so much victimless as we just don't care
Microsoft security engineer Billy Rios tells the Wall Street Journal that some of the best scams are the ones that phishers play on each other: More » -
Your Privacy is an Ilusion
Google doesn't care about widget users, security analyst says
SecTheory CEO Robert "RSnake" Hansen, a security consultant — and therefore a professional fearmongerer — for clients like Microsoft and eBay, says computer fraudsters can insert malicious JavaScript and HTML into Google Gadgets — widgets for Google's customized iGoogle homepage. Google doesn't screen the widgets for this code, he claims, and so users put themselves at risk of data theft and computer-killing worms. "Google cares more about tracking users than they do about consumer safety," Hansen told an audience at a convention yesterday. More » -
security
A picture may be worth a thousand logins
Hackers will reveal a new way to steal user accounts with pictures later this week, at the Black Hat security conference in Las Vegas. The method uses hybrid files that are read as photos by some programs and as code by others These hybrid files can have code, such as Java, embedded in them, and then be uploaded to websites such as Facebook, MySpace, or eBay where they can skirt security measures to do harm. More »
820
Comment by sample032: If we had strict file typing, this wouldn't be a problem, but last I checked, even Macs use file extensions. more » | Other threads
-
Gary McKinnon
The biggest military hacker of all times did his work over 56k modem
Gary McKinnon, a British computer expert, claims he's just fascinated with UFOs. Using his home computer and a modem — how WarGames! — he infiltrated military networks and accessed thousands of computers trying to find evidence of alien contact. Now caught and having lost an appeal with the British courts, he's awaiting extradition to the United States to stand trial, accused of the "biggest military hack of all time." The full list of his computer-exploiting prowess: More »
44,428
Comment by Mouser_UK: I suspect hes the Barry George of hackers - whos only getting threttened with the big stick because he embaressed... more » | Other threads
-
your privacy is an illusion
Facebook redesign exposed birth dates
Here's a good way for Facebook to keep its demographic young: IT security firm Sophos reports that early on during Facebook's beta test of a new user-profile design, the site revealed its members birth dates, even if members had set that information to private. That'll keep the Olds who turn 43 every year off the site. Facebook needs to be very careful when it comes to privacy — the site would like to figure out a way to target ads based on user's personal data, and wants to make sure users are comfortable inputting accurate information. And Facebook is being hypocritical: When Slide's Facebook Top Friends app revealed users' birth dates, Facebook temporarily kicked the app off the website. Of course, we won't hold our breath waiting for Facebook to suspend its entire website. But maybe it could back down from its holier-than-thou pose that the platform is a level playing field and Facebook is just another player? Yes, please.
1,908
Comment by Nicholas Carlson: @macbeach: How do you think we really lost Jordan? more » | Other threads
-
your privacy is an illusion
Facebook's widget security? You could throw a sheep through it
Linking up social websites, as proponents of "data portability" would have us do, can be hazardous to your privacy. And Paris Hilton's, and Lindsay Lohan's. But even the widgets on a single social network can leave us exposed. SuperPoke, a popular application made by Slide, will show you who's thrown a sheep at anyone, as long as you have their Facebook ID — the unique numeric identifier which shows up in the URL of their Facebook profile. Mark Zuckerberg's SuperPoke feed is here; substitute the number of another Facebook user for Zuckerberg's "4", and you can see every last sheep he or she has been involved with. More » -
your privacy is an illusion
Paris Hilton, Lindsay Lohan private pics exposed by Yahoo hack
Want to see Paris Hilton's MySpace profile? How about Lindsay Lohan's? Don't worry about those pesky privacy settings. Thanks to "data portability," a faddish technology movement that the Valley has been buzzing about for months, you can see any profile you want on MySpace. Byron Ng, a Canadian computer technician with a knack for finding Web security holes, has discovered that Yahoo's integration with MySpace makes it easy to view photos for any profile. These images, which Ng obtained from Hilton's and Lohan's profiles, speak to the danger Yahoo and MySpace's lax data-sharing habits pose: More » -
security
Comcast hackers say they used a Network Solutions exploit
"EBK" and "Defiant," the online monikers of the hackers who disrupted Comcast's online service, have gone on record about their exploits. They say that a hole in domain-name registrar Network Solutions' security let them change Comcast's registered address in domain records to "Dildo Room, 69 Dick Tard Lane." Network Solutions denies there was a vulnerability. [Wired]
335
By Jackson WestComment by DJCarbon43: Yeah, but its NW. They are like the worst ever. Comcast will switch to a more competent reg hopefully more » | Other threads
-
security
Hackers own Comcast homepage
Internet service provider Comcast had the comcast.net domain name server redirected to a server in Germany after hackers got control of the site's DNS entry with Network Solutions. For a portion of yesterday evening, the homepage read:KRYOGENICS Defiant and EBK RoXed Comcast
More » -
e-commerce
Zappos advertising in some unexpected places
Las Vegas-based e-tailer Zappos, which prides itself on innovative management techniques like paying new hires to leave, is also an "innovator" in the advertising space. Not for the company's TV ads, but for leveraging the post-9/11 security landcape to get the word out. "When I'm coming through security I know that it can be frustrating and this is to provide a little lightheartedness," senior marketing manager Andy Kurlander said of the ad-buy for space in the buckets used by travelers to feed shoes and other items through the x-ray machine. The company should also consider a market which can only buy mail-order that's an even more captive audience: Prisoners. Heck, they could order new kicks straight from a Microsoft TouchWall.
711
By Jackson WestComment by Whocares: I saw these a couple months ago, the one I saw had little dashes in the shape of shoes. ... more » | Other threads
-
crime
Private phone snooping now big in Germany
Deutsche Telekom, the dominant telephone and communications provider in Germany, has been caught using private phone records in a scandal reminiscent of Hewlett-Packard's industrial espionage. During a spell of layoffs in 2005 and 2006, the company hired a data-mining firm to scan the records of supervisory board members in the hopes of matching the numbers to those of journalists as it looked for the source of leaks about the company's downsizing. New CEO René: Obermann wasn't there at the time, but is stuck cleaning up the mess. [NY Times] (Photo by AP/Frank Augstein) -
we read twitter so you don't have to
Revision3 hit by possible hacker attack
Veronica Belmont only recently signed on to do Tekzilla with Revision3, and is already reporting from behind the scenes of the web network's infrastructure with "Holy DDOS attacks, Batman! Rev3 is under fire!" I contacted co-founder and VP David Prager, who wrote it's a "possible DDOS attack," and that "our IT and tech team is working on if there is an issue or not." For what it's worth, the site's loading fine for me, so no need to fret that you'll miss the latest from Diggnation just yet.
valleywag
San Francisco, 9:24 AM
Sat Jul 11
42 posts in the last 24 hours
Tip Your Editors:
tips@valleywag.com
| AIM
Valleywag:
Ryan Tate | Email
Valleywag elsewhere on the Web:
Twitter | Facebook
Valleywags Emeriti:
Nick Denton
Nick Douglas
Owen Thomas
Original material is licensed under a Creative Commons License permitting non-commercial sharing with attribution.
