A Mafia boss was caught because of his using Facebook, while unrelated to that the EFF released the result of their Freedom of Information request for material on how law enforcement uses social networking to investigate suspects. "under cover".
The SEC moved to freeze portfolios and accounts following attacks by a Russian hacker, who manipulated stocks.
InfoSecurity magazine has a story on espionage in sport, mentioning how where there's a motive, cyber-crime follows.
And of course, the leading story (which I discovered thanks to a post on Facebook by Dave Aitel) is how an hacker (if that is a descriptive word in this case) broke into 100 cars to cause inconvenience, such as honking, or immobilizing customer the cars.
He hijacked the remote control system ("web-based vehicle-immobilization system normally used to get the attention of consumers delinquent in their auto payments") by logging on with an account of an employee. He used to be an employee himself, until fired later on.
Also, check out this extremely interesting paper from Cormac Herley at Microsoft Research on why people reject security advice:
So Long, And No Thanks for the Externalities:
The Rational Rejection of Security Advice by Users
Gadi Evron,
ge@linuxbox.org.
Follow me on twitter! http://twitter.com/gadievron
Showing posts with label interesting incidents. Show all posts
Showing posts with label interesting incidents. Show all posts
Thursday, March 18, 2010
Saturday, January 16, 2010
Traffic Video Ads Replaced with Porn
Fergie (Paul Ferguson, one of my favorite people in the world), posted a news item to the funsec mailing list:
ge@linuxbox.org.
Follow me on twitter! http://twitter.com/gadievron
Traffic jerked to a standstill as rubbernecking motorists ogled a pornographic clip posted by hackers on big-screen video billboards in Moscow, Russian news agencies reported Friday.Gadi Evron,
The company that operates the billboards, Panno.ru, said hackers were behind a graphic sex video broadcast late Thursday night on two roadside screens along Moscow's Garden Ring Road, one of the city's busiest arteries.
"This was an attack by hackers on the computers, as a result of which one of the commercial video clips was swapped for an indecent video," Panno.ru commercial director Viktor Laptev told RIA-Novosti.
ge@linuxbox.org.
Follow me on twitter! http://twitter.com/gadievron
Friday, January 15, 2010
China Hacks Google, Etc.
Many news sources are reporting on how Google and other corporations were hacked by China.
The reports, depending on vendor, blame either PDF files via email as the original perpetrator, or lay most of the blame on an Internet Explorer 0day.
Unlike my colleagues (save for the ones reporting), I rather not discuss this too much before more data is available.
Regardless of what really happened, which I hope we will know more on later, these things are clear:
1. Unlike GhostNet, which showed an interesting attack, but unfortunately many of us jumped to conclusions without evidence that it was China behind them -- based on Ethos alone I'd like to think that when Google says China did it, they know. Although being a commercial company with their own agenda, I am saving final judgement.
2. The 0day disclosed here shows a higher level of sophistication, as well as m.o. which has been shown to be used by China in the past.
3. If this was China, which some recent talk seems to make ambiguous, but still likely; they would have more than just one weapon in their arsenal.
4. This incident has brought cyber security once again to the awareness of the public, in a way no other incident since Georgia has succeeded, and to political awareness in a way no incident since Estonia has done.
Gadi Evron,
ge@linuxbox.org.
Follow me on twitter! http://twitter.com/gadievron
The reports, depending on vendor, blame either PDF files via email as the original perpetrator, or lay most of the blame on an Internet Explorer 0day.
Unlike my colleagues (save for the ones reporting), I rather not discuss this too much before more data is available.
Regardless of what really happened, which I hope we will know more on later, these things are clear:
1. Unlike GhostNet, which showed an interesting attack, but unfortunately many of us jumped to conclusions without evidence that it was China behind them -- based on Ethos alone I'd like to think that when Google says China did it, they know. Although being a commercial company with their own agenda, I am saving final judgement.
2. The 0day disclosed here shows a higher level of sophistication, as well as m.o. which has been shown to be used by China in the past.
3. If this was China, which some recent talk seems to make ambiguous, but still likely; they would have more than just one weapon in their arsenal.
4. This incident has brought cyber security once again to the awareness of the public, in a way no other incident since Georgia has succeeded, and to political awareness in a way no incident since Estonia has done.
Gadi Evron,
ge@linuxbox.org.
Follow me on twitter! http://twitter.com/gadievron
Subscribe to:
Posts (Atom)