Security posts

Scientists Find RFID 'Fingerprint' That Could Prevent Counterfeiting

by Caleb Johnson (RSS feed) — Nov 20th 2009 at 3:45PM

Radio frequency identification tags (RFID), which appear in items like credit cards and passports, have long been susceptible to hackers looking to steal personal information. Still, RFID tags are used in many ways -- from tracking a shipment of clothes to automatically opening a doggie door. But a breakthrough from a group of University of Arkansas scientists might just ease the minds of those who worry these devices aren't secure enough. The discovery hasn't much to do with the devices themselves, but the way in which they are read.

According to Physorg.com, Professors Dale R. Thompson and Jai Di discovered that each RFID tag has a "fingerprint." Essentially, each tag has a unique power response at different radio frequencies -- even for tags of the same make and model. With preexisting physical characteristics in mind, scientists can interpret an electronic "fingerprint" to each tag. Using those fingerprints as a key would make the devices harder to hack and counterfeit.

With RFID being used more and more by government agencies and private businesses, it's comforting to know that somebody is thinking about security. Maybe now we can stop wrapping our credit cards in aluminum foil. It's a good thing this news broke before we let paranoia take over. [From: Physorg.com, via Engadget]

Tags: counterfeit, credit cards, CreditCards, fingerprint, hack, identity theft, IdentityTheft, radio, research, rfid, security

Web

'Twilight' Content Leaves Scammers Thirsting for Your (Digital) Blood

by Terrence O'Brien (RSS feed) — Nov 20th 2009 at 1:17PM

Malware Makers Cash-In on 'Twilight' Craze

As per usual, malware purveyors are hopping on the latest fad in order to lure unsuspecting Web surfers into their dens of digital evil. And what are the kids talking about right now? Well, 'Twilight,' of course.

With the new installment of the teen vampire saga set to hit theaters Friday, Web searches for interviews with cast members, for bootleg copies of the film, and for other content related to 'The Twilight Saga: New Moon' have sky-rocketed. Using this buzz to their advantage, makers of viruses, trojans, and spyware are embedding malicious code in fake movie files and video streams, and posting the nefarious results.

Tags: malware, security, top, twilight, twilight new moon, TwilightNewMoon, virus

Web

Chinese Military Web Site Battered With Attempted Cyber-Attacks

by Caleb Johnson (RSS feed) — Nov 20th 2009 at 8:40AM

When China launched a Web site for its defense ministry in August, the whole world took notice. With both English and Chinese versions, the government hoped the site would prove it was serious about being more transparent when it came to the military. However, this attempt also attracted hackers.

According to BBC News, there have been about 2.3 million cyber-attacks on the site in its first month of operation alone. We thought Twitter was bombarded with a ridiculous number of attacks, but that's just a flat-out, mind-boggling number. There are no reports that any military information was compromised, but it seems that hackers aren't the only truth-seekers visiting the site. The site's editor, Ji Guilin, told the state-run newspaper that 1.25 billion people -- many from the U.S., U.K., Australia, Singapore, and Japan -- have visited the site to search topics like "military photos," "top military leaders," "high-level events," and "military power."

This can't be comforting news for the Chinese government, which is notorious for limiting its citizens' Web access. We can only hope that China won't step back from free-flowing information and shut down the site as a result of the attacks. Our more rational minds, though, are pretty sure that once a hacker successfully cracks the site (and one will), it will get yanked faster than an Olympic gymnast on her 16th birthday. [From: BBC News and Al Jazeera]

Tags: china, defense military, DefenseMilitary, hack, hackers, military, security, web

Web

80-Percent of Cyber Attacks Could Be Prevented, Says NSA

by Caleb Johnson (RSS feed) — Nov 19th 2009 at 3:32PM

While the Federal government might throw a hundred million dollars at cyber-attacks, the real solution to the problem is much easier and cheaper -- at least that's what National Security Agency information assurance director Richard Schaeffer told the U.S. Senate Tuesday. According to Wired, Schaeffer says about 80-percent of the attacks could be prevented if network administrators were to simply adhere to conventional configuration policies and closely monitor the networks. If this occurred, Schaeffer believes, it would deter hackers from making attacks because their chances of being caught would be much higher.

Tags: common sense, CommonSense, hack, network, nsa, security, senate, top, web

Web, Social Networking

Spam Spreading on Twitter via Direct Messages -- Again

by Caleb Johnson (RSS feed) — Nov 12th 2009 at 1:35PM

Not to sound like a broken record, but there's a lot of spam on Twitter. Let us illustrate. If the Internet were high school, Twitter would be voted "Most Likely to be Spammed." So, it was no surprise when Mashable reported that a number of users have recently been flooded with spam via direct messages. A quick search on the micro-blogging site proves that people are pretty upset about it, too. There's still not a lot of details on the scam, but you should be on the lookout for any suspicious messages from people you don't recognize. For example, if you receive a message from a half-naked girl asking you about a quiz, don't click the link! We know that sounds obvious, but apparently some people are falling for the scam. After all, it takes hacked accounts to continue spreading the spam.

So what do you do if you become a victim? First, change your password right away. While Mashable has reported this wave of spam to Twitter, it's probably not a bad idea for you to report it to the site, too. Last, don't feel ashamed if your account gets hacked. Remember, this isn't the first time the Twitterverse has been plagued by spam, and we're sure it won't be the last, either. [From: Mashable]

Tags: scam, security, socialnetworking, spam, top, trends, twitter, web

Computers, Visionaries

Ultrasound Could Protect Pacemakers From Hackers

by Caleb Johnson (RSS feed) — Nov 11th 2009 at 4:01PM

You never want your wireless device open to attacks, but if that device is implanted inside your body, security becomes even more important. With pacemakers and other medical devices being controlled and monitored from afar, scientists say it's time to step up protection. Those concerns in mind, a group of researchers from the Swiss Federal Institute of Technology and the French National Institute for Research in Computer Science and Control have developed a new safety net.

According to Technology Review, the system uses ultrasound waves to measure the distance between a medical device and the wireless reader trying to communicate with it. This could prevent potential hackers from wirelessly gaining access to private information stored on the device, draining its battery, or causing it to malfunction. With the ultrasound system, access to the device would be restricted to the physical proximity of the communicator. In the plan proposed by senior researcher Claude Castelluccia and his team, you'd need to go through a series of authentication steps and be within 10 meters of the device in order to gain access.

Tags: hack, health, medical, pacemaker, research, science, security, top, ultrasound, wireless

Hackers Charged for Stealing Over $9M From ATMs

by Caleb Johnson (RSS feed) — Nov 11th 2009 at 3:10PM

After running an elaborate scam that netted about $9 million, eight men were indicted by a federal grand jury Tuesday for their alleged roles in a massive ATM hacking scheme. While similar heists have been pulled before, this one is impressive not only because of the large chunk of cash, but because of the sheer scope of the crime, as well.

According to Threat Post, hackers discovered a way to bypass RBS WorldPay's payroll debit card encryption system sometime last November. After doing so, they created 44 debit cards and increased the limit on each one. Within 12 hours, they had withdrawn $9 million from 2,100 ATMs in 280 different cities. Now, that's some day of work! The alleged hackers -- most of whom are from Eastern Europe -- were busted when, prosecutors say, they failed to cover their tracks on the card-processing network. RBS WorldPay noticed suspicious activity and reported it to authorities. According to a statement from the Justice Department, each of these men faces what amounts to a lifetime sentence for various counts of fraud and identity theft. Some could be given heavy fines, too.

They might not be totally dumb criminals (They did beat the encryption system.), but didn't they consider spacing out the withdrawals? Even if it is worldwide, that's a lot of money for a mere 12-hour period. [From: Threat Post and U.S. Justice Department]

Tags: atm, criminal, dumbcriminal, hack, money, security, top

Web

Viruses Secretly Downloading Child Pornography

by Terrence O'Brien (RSS feed) — Nov 9th 2009 at 1:21PM

Malware and viruses have a lot of tricks up their sleeves -- from stealing passwords and harvesting credit card information, to simply destroying data and crashing PCs. But of all those nasty abilities, the worst and most confounding is the ability to secretly load a PC with child pornography.

It's difficult to understand the motives for dumping boatloads of child pornography on the hard drives of unsuspecting Web users. It is possible, though, for pedophiles to secretly store their highly illegal collections on other people's PCs, view them remotely, and thus avoid incriminating themselves. Another possibility is that the programs are designed simply to wreak havoc on the reputations of others, framing them as collectors of underage filth. The first publicly recognized case of such an infection, in 2003, involved a British man who was arrested on child pornography charges, only to be cleared later when it was determined that a virus loaded the illegal content on his PC.

Tags: child pornography, ChildPornography, crime, malwarre, porn, pornography, security, top, virus

Cell Phones, Video Games, iPhone

App Developer Sued for Stealing Customers' iPhone Numbers

by Terrence O'Brien (RSS feed) — Nov 7th 2009 at 10:29AM

iPhone Game Developer Sued for Secretly Collecting Customer Phone Numbers

Storm8, the developer of popular (but terrible) iPhone games like 'Vampires Live' and 'iMobsters,' has found itself on the wrong end of a potential class-action lawsuit.

A lawsuit has been filed, on behalf of Washington resident Michael Turner, that alleges Storm8 built its games with a "feature" that automatically sends the phone number of each host iPhone to the developer. Turner is suing on the grounds that this practice is in violation of both the federal Computer Fraud and Abuse Act and California state law, and is pushing to turn it into a class-action suit, on behalf of all Storm8 customers.

Storm8 has admitted to collecting the phone numbers, but denies any real responsibility, attributing the "phone home" function to a simple bug in the code. The company maintains that the glitch has been fixed. Turner countered that a "glitch" could not lead to the collection of phone numbers and that specialized code would have to be purposely placed within the games to have that effect. Not being programmers,we can't say for certain whether or not the collecting of phone numbers was intentional, but it doesn't sound like the sort of feature that could be accidentally implemented.

Tags: class action, ClassAction, computer crimes and abuse act, ComputerCrimesAndAbuseAct, lawsuit, privacy, security, storm8, top

Computers, Advice, Windows Software, Mac Software

Just How Risky Are Public Wi-Fi Hotspots?

by Terrence O'Brien (RSS feed) — Nov 2nd 2009 at 6:16AM

Ever wonder how safe all your personal information is when it's beamed through the air over Wi-Fi ? If you haven't, then chances are, you haven't taken the right precautions to keep that information safe, either. In clear, easy-to-understand language, the 'Today Show' recently examined the security of Wi-Fi networks. While the video above is a little on the fear-mongering side, it does make some good points about the vulnerability of wireless traffic, in particular, those public hot-spots at your local coffee shop, park, or airport.

Here's what you need to know: Public hot-spots -- most of which are open and don't require a password -- are, by nature, insecure. Sure, they may be easy and convenient to hop on from your computer, but that very openness is also what allows anyone, including hackers, to just walk in and sign on. In other words, when you're signed on to a public Wi-Fi hotspot (or at an unsecured network at your or someone's private home), it's entirely possible for someone to come along and snatch your data, literally out of the air.

Luckily, there are some essential precautions you can take to protect yourself when you're in a public hotspot. First and foremost, get a good firewall program -- not the one built into Windows or Macs, though. Most security suites from Norton, McAfee, and others come with one, and you can download free ones from the likes of Zone Alarm and Comodo. These apps are designed to prevent hackers from gaining access to the data on your PC, and will block and alert you to any attempts to wirelessly access your computer.

Tags: hackers, hacking, security, top, wi-fi, wifi, wifisecurity

Web, Social Networking

Twitter Hit by Another Direct Message Phishing Scam

by Caleb Johnson (RSS feed) — Oct 29th 2009 at 11:01AM

It seems like every day that a new phishing scam hits Twitter, and Wednesday was no different. According to CNET News, Twitter warned its users to be on the lookout for a phishing scam that attacks via direct messages. "[If] you've received a strange (direct message), and it takes you to a Twitter log-in page, don't do it!," Twitter warned in a post.

Of course, this isn't the first scam that disguises itself in a direct message. But this message attempts to fool you by posing as a dear friend. According to Sophos, the message reads: "hi. this you on here?" and is followed by a link to the phishing site. The link, if clicked, redirects you to a fake Twitter log-in page, where the phishers intend to steal your user name and password. If you enter both, you'll see a faux over-capacity page that's supposed to make the scam seem more real. When Sophos logged in to the false page, it was directed to the over-capacity page, and then to a blog by someone called NetMeg99. It's unclear as to whether or not that blog is part of the scam, too.

Tags: microblogging, password, phishing, scam, security, socialnetworking, top, twitter, web

Computers, Web

Lazy Passwords Leave 21K Routers, Cams, Phones Open to Attack

by Evan Shamoon (RSS feed) — Oct 28th 2009 at 4:58PM

In the "yet another thing to be paranoid about" category comes a report that nearly 21,000 routers, webcams and VoIP products are wide open to remote attack, simply because their owners have committed the ultimate sin: failing to change the manufacturer's default password for the devices.

The study was performed by Ang Cui, a grad student at Columbia University's Intrusion Detection Systems Laboratory, which has sponsored the likes of DARPA and the Department of Homeland Security. Researchers have now scanned over 130 million IP addresses, and discovered nearly 300,000 devices to be remotely accessible. And the 21,000 devices with default passwords are, of course, the most vulnerable -- "runts of the litter", if you will.

Tags: hack, hacker, password, router, security, top, wifi, wireless

Web, Social Networking

Fake Facebook 'Password Reset' E-Mails Hiding Malware

by Terrence O'Brien (RSS feed) — Oct 27th 2009 at 3:57PM

Facebook's good name is being leveraged for yet another brutal round of malware dispersal. The trojan, Bredolab, is being distributed via e-mails with the subject line "Facebook Password Reset Confirmation". The message generally reads:

Hey (insert username),
Because of the measures taken to provide safety to our clients, your password has been changed.
You can find your new password in attached document.

Thanks,
The Facebook Team

The attachment, a .zip file, will have the name "Facebook_Password_" followed by a short sequence of random numbers and letters. Inside, there is an identically named file, except that it's an .exe (or executable) file instead of an archive. Run that file and you'll be kick-starting a torrent of malware downloads, including a fake anti-spyware program. Bredolab is able to hide by injecting its own code into existing Windows components, and by automatically shutting down if it detects another program (such as an anti-virus package) investigating its activities.

Tags: bredolab, facebook, malware, scam, security, spam, top, trojan

Advice, Editor's Picks, Web

10 Ways to Spot an E-Mail Scam

by Chris Morris (RSS feed) — Oct 26th 2009 at 12:24PM

The increasing flood of e-mail hitting your inbox can lower the guard of even the most cautious person. In the rush to keep up with important notes, it's easier than ever to fall prey to the scam artists and identity thieves who lurk online.

E-mail scams and phishing attempts evolve constantly, hoping to take advantage of the latest trends and current events. Although the e-mails change, the people behind them inadvertently send up the same warning signs again and again. We dug through mountains of spam to find the most prevailing trends. We've collected some actual scam e-mails and highlighted the warning signs to help you spot a hustle the next time one lands in your inbox.

Tags: e-mail, e-mailscams, features, phishing, scams, security, top, web

Computers, Web

Atheists Fall Victim to Cyber Attack

by Amar Toor (RSS feed) — Oct 22nd 2009 at 4:15PM

Months before the Global Atheists Convention is held in Melbourne this March, a couple of major atheist Web sites have been forced to shut down due to coordinated, denial-of-service attacks. The Sydney Morning Herald reports that the Atheist Foundation of Australia (AFA) and the Global Atheist Convention both had their sites paralyzed by the attack, which overloaded both sites with traffic. At that point, the Global Atheists Convention had already sold over 1,000 tickets, with the AFA hailing it as the largest gathering of atheists in Australian history. Yesterday's attack, though, put a sudden stop to the sales, and, as of Thursday morning, both sites had still not yet regained full consciousness.

Tags: atheism, cyberattack, denial of service, DenialOfService, hack, religion, security, top

Most Emailed Stories

Editors' Picks

Deals of the Day

http://xml.channel.aol.com/xmlpublisher/fetch.v2.xml?option=expand_relative_urls&dataUrlNodes=uiConfig,feedConfig,entry&id=758444&pid=758443&uts=1256672453

http://cdn.channel.aol.com/cs_feed_v1_6/csfeedwrapper.swf

'Black Friday' Deals to Watch For

Getty Images

Black Friday' Deals to Watch For

Traditionalists might balk, but the holiday shopping season is already underway. Skeptical? Head to your local department store and you'll be inundated by Christmas trees and ornaments. Bargain hunters, though, know that the real deals are more than a month away.

Black Friday, traditionally, is when retailers truly slash prices. Early birds can save hundreds, if not thousands, of dollars off of their holiday bills. Switched.com checked with a few elves, who gave a sneak peek at what you can expect deal-wise this year.

Blu-ray Players and Movies: Blu-ray is shaping up to be the biggest door buster of this year's Black Friday. de Grandpre expects at least one retailer will offer a Blu-ray player for just $49. Look for bargains on Blu-ray films as well, with last year's hit titles (such as "Iron Man") to fall as low as $5.

Laptops: With the proliferation of Netbooks this year, it's never been easier to find affordable portable computing, but Dan de Grandpre, CEO of DealNews.com says it will get even cheaper on Black Friday. Look for well-equipped Netbooks to sell for $199 – and basic 15" laptops to go for as little as $249.

HDTVs (Pretty big): The holidays are typically the best time to buy a new TV – and Black Friday is the time to do it. If you're looking for a normal sized set, you're in luck. Piper Jaffrey analyst Mitch Kaiser says he expects to see 32-inch LCD sets for as low as $299. GottaDeal.com is estimating 37-inch plasma and LCD sets will fall to $399 or less.

HDTVs (Really big): Need something bigger? How about a 46-47 inch LCD set for $599 – a 25 percent savings? Or a 52-inch LCD for $999? Dealnews says you can expect both. Plasma deals will be a little harder to come by, but a 50-inch set should run roughly $899.

HD Camcorders: You've wanted to shoot your child's school play in HD for a while, but haven't been able to spring for the pricey camcorder. This might be the year. Low-end, flash-based 720p models could drop as low as $60 (though you won't be able to zoom with those). Expect a high quality 1080p HD camcorder for $349.

GPS: While navigation systems have dramatically expanded their reach this year – even making it onto the iPhone – there's still a market for car-based systems. Dealnews predicts you'll be able to find a no-name entry-level system for $49, while a Garmin or Tom-Tom brand will be as low as $69.

Digital Picture Frames: Showcasing your digital pictures consistently gets cheaper. This year, skip the 7-inch screens and focus on the 8- or 9-inch ones, which should be available on Black Friday for as little as $30.

Monitors: Computer monitors might not be the sexiest of gifts, but they're usually welcomed with open arms – and they'll be cheap this year. Name brand 22-inch LCD models may go for as low as $99, while 24-inch models will drop below $150.

Memory: Don't know anyone who needs a monitor? External hard drives are always popular, since they're an easy way to back-up data. Dealnews expects a 1TB drive to fall as low as $49 this year. Gottadeal is looking for 8GB flash drives to hit $15.

Latest Reviews from CNET.com

CNET provides the latest tech news, unbiased reviews, videos, podcasts, software, and downloads, making tech products easy to find, understand and use.

Top Product Reviews

Home Audio Reviews
9.0 out of 10
Definitive Technology BPX
Works great with Dolby Pro Logic and Dolby Digital. Full Review
9.0 out of 10
Denon AVR-4306 (black)
Incredibly well-featured 7.1-channel receiver; excellent sound quality; three HDMI inputs; converts analog video to HDMI output; upconverts analog video to 720p/1080i HD resolution; iPod and USB MP3 player connectivity; Internet radio and MP3/WMA streaming audio via built-in Ethernet port; XM Satellite Radio compatible; touch-screen remote; multizone, multisource operation; browser-based control via home network; accurate autocalibration routine. Full Review
8.8 out of 10
KEF KHT3005 (black)
The KEF KHT-3005 is one compact, beautifully designed speaker package with solid aluminum satellites that feature unique driver technology to produce incredible clarity. Meanwhile, the equally astounding dual 10-inch, 250-watt powered subwoofer delivers ultradeep bass. Full Review
Cell Phone Reviews

8.7 out of 10
SignalBoost Mobile Professional Amplifier Kit
The Mobile Professional Amplifier delivers a powerful signal boost to your cell phone. Also, it offers a compact design and easy setup. Full Review
8.6 out of 10
Wi-Ex zBoost YX510-PCS-CEL cell phone signal extender
The Wi-Ex zBoost YX510-PCS-CEL significantly boosts your cell phone reception and is easy to operate. Also, it uses a wireless connection to your phone. Full Review
8.3 out of 10
LG VX6000 (Verizon Wireless)
Compact and stylish; impressive battery life; solid audio quality; sharp color screen; built-in camera; USB ready; affordable. Full Review
Digital Camera Reviews

9.3 out of 10
Canon EOS 1D Mark III
Extremely fast, 10-megapixel continuous shooting; very low noise; highly customizable; well-designed body with weather sealing; 3-inch LCD; abundant optional accessories. Full Review
9.3 out of 10
Nikon D3 (body only)
Full-frame sensor; well designed, pro-level weather-sealed body; very low noise, even at extremely high ISOs; fast. Full Review
9.0 out of 10
Canon EOS-1Ds Mark III
Very low noise, high quality images; 21.1 megapixels; live view shooting; pro-level build-quality and performance. Full Review
Desktop Reviews

8.9 out of 10
Velocity Micro Edge Z30 (Intel Core i7)
Best value among midrange gaming PCs; Velocity Micro's consistently high build quality; compact case makes few sacrifices; second graphics card slot previously uncommon at this price. Full Review
8.5 out of 10
Apple iMac (24-inch, 2.8GHz)
A minor specification update results in some significant performance gains; graphics upgrade an option on this 24-inch model; sleek, polished design didn't receive an update, but we won't start clamoring for a new design until the current one is at least 12 months old. Full Review
8.4 out of 10
Velocity Raptor Signature Edition Gaming PC
One of the fastest PCs we've tested; a PCI Express RAID card helps media encoding performance; typically immaculate Velocity Micro assembly; strong, three-year warranty. Full Review