Skip to Content

The new ParentDish: helping raise kids of all ages
AOL Tech

Posts with tag security

Eastern European Security Center to Defend Against Cyber Attacks

by Will Safer, posted May 16th 2008 at 2:45PMBreaking News

The Estonian flag.

Seven European members of NATO are banding together to create a cyber defense center in Estonia, following that country's experience with an overwhelming attack on its Internet structure last year, which it blamed on hackers in Russia who were been upset with the Estonian government's decision to move a statue of Vladimir Lenin in its capital city of Tallinn to a graveyard. In the end, it may have been an Estonian who staged some of the attacks but ethnic Russians living in the Baltic state and others in Russia itself were likely responsible.

More than 1 million remotely operated computers are estimated to have been involved in the attack. Actual riots occurred in the city after this event last April.

Germany, Slovakia, Latvia, Lithuania, Italy and Spain will provide staff for the center and the United States will send observers to watch how this group devises strategies to defend against cyber attacks, which can easily escalate into a national security problem for a country under fire.

The center will be fully staffed by the end of August and fully operational in 2009. [Source: BBC]

Internet Phone Calls at Risk For ID Theft?

by Will Safer, posted May 15th 2008 at 11:16AMBreaking News



The next target for identity theft has been identified.

Voice-over-IP communication is growing in popularity as it allows people to make free or low-cost calls to friends and family around the world – and like any other service that requires a user name and password, it is a target for hackers who have nefarious plans for your personal information.

The upside is that most of us don't yet use this kind of service, so as a matter of numbers, the problem is not large but that doesn't make security experts any more comfortable with the potential for security problems.

Voice over IP – or VoIP, as those in the know call it – allows a user to make a phone call over the internet. People who use public networks or unsecured Wi-Fi hotspots could be broadcasting their user information to anyone intent on "listening in." VoIP service has been popularized mostly by Skype, which enables free computer-to-computer calls, as well as inexpensive computer-to-phone calls, and even phone-to-phone calls with specially designed handsets.

Interestingly enough, the folks at Skype say the security threat need not be a problem, since data encryption is possible with their service already. It's other less robust services that seem to be most at risk. Even so, some analysts say the idea of a threat is overblown, since relatively few people are using this type of service. It's likely as VoIP calling grows in popularity the need for security will be recognized.

And now a question for you loyal Switched readers: Do you use Skype or another VoIP calling service? [Source: BBC News].

Rock Band Films Latest Video With Security Cameras

by Blake Besharian, posted May 14th 2008 at 12:35PM

band uses cctv to film music video

The Get Out Clause -- an unsigned band from Manchester, England -- has used the eyes of the surveillance state to produce its own music video. While Britain currently has an estimated 13-million closed-circuit TV cameras (CCTV), the band only played to 80 of them around the city of Manchester. After playing its song for the CCTV cameras (and anyone else who happened to be around), the band requested the footage from the organizations that own the cameras, under the UK's Freedom of Information Act. While only about 20 of the locations eventually turned over the footage, they had more than enough footage to make a pretty solid music video.

"We wanted to produce something that looked good and that wasn't too expensive to do," guitarist Tony Churnside told Sky News.

Seems the Freedom of Information act could have saved Kevin Smith a bunch of money when he made 'Clerks.' We really wonder if this is the last time we'll see this tricky way of filming (actually, it's not, as Adam Rifkin's recent 'Look' proved). [Source: The Telegraph]


FBI Finds Counterfeit Chips Leave U.S. Military Vulnerable

by Will Safer, posted May 12th 2008 at 11:39AM

The U.S. Military may have been using a whole slew of counterfeit computer chips in its systems, leaving it open to security breaches that could lead to information leaks or worse, according to the FBI.

During a two-year period, Operation Cisco Raider has lead to 15 criminal cases in which counterfeit products were bought and used by military agencies, military contractors and electric power companies. According to the New York Times, "36 search warrants have been executed, resulting in the discovery of 3,500 counterfeit Cisco network components with an estimated retail value of more than $3.5 million, the F.B.I. said in a statement."

Part of an FBI briefing on the investigation and its findings can be found in this PowerPoint presentation hosted by the site Above Top Secret.

The counterfeit chips could lead to some interesting security holes. For one, they are extremely hard to sort out from real chips. Two, the kind of security weakness they have could lead to computers being taken over by a remote system. The article states that there has been speculation about anti-aircraft systems being disabled during the first Gulf War and also when the Israeli air force has attacked a suspected Syrian nuclear power plant.

The FBI isn't saying the counterfeit chips were specifically designed to leave systems vulnerable. There's a chance the chip makers just wanted to make some quick money on a high volume product. And (surprise) the chips seem to have come from China.

But the U.S. Military isn't just taking this lying down. The Pentagon's Defense Advanced Research Projects Agency (or DARPA) has initiated a Trusted Integrated Circuits program with the aim of strengthening the country's defense against network security breaches.

This sounds like a good idea to us, as long as they don't call their new system Skynet. [Source: The New York Times]

What Happens When You Scam Back the E-Mail Scammers

by Terrence O'Brien, posted May 5th 2008 at 5:06PMBreaking News



We're sure you've seen them in your e-mail inbox before, those messages from someone in Africa offering you millions of dollars in questionably legal funds in exchange for your assistance and -- naturally -- a few thousand dollars of your own funds. They call them 419 scams, for the article in the Nigerian criminal code that covers this particular brand of fraud.

There is very little that one can do to find and stop these fraudsters, but what you can do is waste their time. This is called scam baiting, and it involves replying to the scammers without ever giving them what they want. The idea is the more time they're talking to you, the less time they're talking to other people who might fall for the scam. It's also kind of a hoot when you see the lengths to which some spammer scammers will go to maintain their fraudster identities.

The folks at Cracked, who often entertain us, have posted the e-mail exchanges between John Cheese of Juvenile Humor and one such scammer who called himself/herself Stella Tricia Colling. We won't ruin the surprises, but rest assured this e-huckster was quite confused and derailed after getting some "real" responses to his/her initial spam e-mail. [Source: Cracked]

Hackers Target Safari and Firefox Browsers

by Tim Stevens, posted Apr 28th 2008 at 9:49AMBreaking News

Hackers Going on Safari, Hunting FirefoxIt's long been held that Microsoft's Internet Explorer (IE) browser was far and away the least secure browser available. Anyone who thought otherwise only had to look at the long and constant IE security bulletins to see what could be perceived as a glaring hole in the thing. But it seems as though maybe those updates are at least partially due only to commonality, as the increasing popularity of Firefox and Safari is putting those browsers under fire.

Firefox has released two updates to Firefox over the past six weeks, fixing five critical security holes that could let attackers access a user's browsing history -- not exactly life threatening stuff here, but still disconcerting. Apple's Safari is rather more compromised, since it allows attackers to completely take over your computer, and rather less fixed, as no updates to solve the problem are available.

These attacks and compromised levels of security are held to be due to those browsers' new-found popularity. IE, on the other hand, which has seen its usage wane in recent months, had no security vulnerabilities to report in the last month, meaning hackers may be getting tired of beating up on the thing. So which browser is most secure? Our money's still on Firefox, but IE is clearly not a bad choice either. [Source: Washington Post]

U.N. Site Hacked Spreads Malware

by Terrence O'Brien, posted Apr 25th 2008 at 4:26PMBreaking News

U.N. Site Hacked Spreads Malware
The hacking of Barack Obama's Web site was embarrassing for the campaign, but more or less a harmless prank. An attack the Web sites for the United Nations and the United Kingdom on the other hand have resulted in the infection of computers all over the globe with malware.

The sites were specifically targeted because of their high traffic and reputation as secure places to go online. The exact number of computers infected is unknown, but due to the high volume of visitors, it could easily be in the millions.

The security hole has been closed and the malicious code removed from the site, but the attack underscores the importance of properly protecting yourself and your computer by keeping your operating system, firewall, and anti-virus software up-to-date. [Source: Channel Web]

Obama's Web Site Hacked, Takes You to Clinton's Page

by Terrence O'Brien, posted Apr 24th 2008 at 1:23PMBreaking News


Barack Obama's Web site was hacked sometime just before the Pennsylvania primaries, showing that even a presidential candidate's Web site isn't safe from those looking to have a little digital fun.

The attack redirected certain links on the Obama Web site to the Hillary Clinton campaign site. The "cross-site scripting" code, which automatically sends users from one Web site to another, was inserted through a vulnerability in the "community blogs" section.

The links have been fixed, and the security hole has been reportedly closed, but we're sure to see more of these as the presidential race drags on... and on... and on. [Source: Newsvine]

PayPal Blocking Old, Insecure Browsers

by Tim Stevens, posted Apr 19th 2008 at 3:48PMBreaking News

PayPal Blocking Ancient BrowsersStill rolling online using Internet Explorer 3.0, released almost 12 years ago? If so, you're doing the digital equivalent of walking around with your fly down, and it's well and truly time to upgrade. Don't take our word for it; take PayPal's. The online banking and payment service site is going to actively start blocking older, insecure browsers, including the once mighty IE 4.0, released way back in 1997, but still disturbingly popular.

PayPal is a very popular target for phishers, who send phony e-mails directing users to phony PayPal-lookalike sites, stealing their login info and, later, stealing their money. Newer browsers are able to highlight the address bar at the top in green when visiting a legitimate site and highlight it in red when the destination is a bit more shady, giving users a visual clue that they're about to get ripped off.

Here's hoping this move is enough incentive to ditch those aging, archaic browsers and get with the times. Might we suggest Firefox, or a nice 2006 vintage IE7? [Source: BBC]

New Body Scans at Airport Security See Through Clothes

by Will Safer, posted Apr 18th 2008 at 7:32AM



Which would you prefer at the airport security check: a pat down or a "whole body imaging scan" that provides a highly detailed image of all your, um, curves (but does have your face blurred to protect your identity)?

The Transportation Security Administration (TSA) has been testing out these devices, called millimeter wave machines, at Phoenix's Sky Harbor International Airport and this week is adding the machines to Los Angeles International Airport and New York City's John F. Kennedy International.

The TSA says that during the test in Phoenix, 90 percent of travelers preferred the scan to having a full body pat down. The TSA agent viewing the image from one of the devices will be in a separate booth and will not be able to see the traveler's face in order to maintain privacy. After the image has been checked it won't be stored, according to the TSA.

Even so, are these images invasive? What about privacy concerns?According to the TSA blog, "These images are friendly enough to post in a preschool. Heck, it could even make the cover of Reader's Digest and not offend anybody."

The TSA also claims the machine emits 10,000 times less energy than a cell phone transmission.

You can see how the body image is captured in a video here and also watch a demonstration of the actual machine in motion here.

Millimeter wave machines are already in use at airports in Britain, Spain, Japan, Australia, Mexico, Thailand and the Netherlands. [Source CNN]

Women More Likely Than Men to Give Away Passwords (for Chocolate!)

by Evan Shamoon, posted Apr 17th 2008 at 8:43AMBreaking News



A recent survey by Infosecurity Europe of 576 office workers found, among other things, that women far more likely to give away their passwords to total strangers than man. Specifically, 45% of the fairer sex (versus 10% of the unfairer sex) were prepared to give away their password: The offers came from strangers masquerading as market researches with the lure of a chocolate bar as an incentive for filling in the survey.

The survey was actually part of a social engineering exercise to raise awareness about information security, outside Liverpool Street Station in London, England. In similar news, the research firm Accenture found 88 percent of people surveyed use the same password for different places, which increases the likelihood of identity theft.

As unbelievable as the stats are, this year's survey results were actually significantly better than those of previous years. In 2007 64% of people were prepared to give away their passwords for a chocolate bar. Research also discovered that over half of people questioned use the same password for all of their online accounts.

"Our researchers also asked for workers names and telephone numbers so that they could be entered into a draw to go to Paris, with this incentive 60% of men and 62% of women gave us their contact information", said Claire Sellick of Infosecurity Europe.

As she revealed her details to our researchers one woman said, "even though I have just been to Paris for the weekend I would love to go again."

Lesson: sometimes it's good to be paranoid (about strangers offering you chocolate). [Sources: Infosecurity Europe and AOL Money & Finance/AP]

Top Tips to Avoid Identity Theft

by Dan Reilly, posted Apr 16th 2008 at 12:31PMFeatured Story

In 2007, there were 8.4 million adult victims of identity fraud in the United States, according to research firm Javelin, resulting in $49.3 billion in losses and many hours of grief for the victims. Even though it seems so easy for criminals to steal your information, you can easily safeguard your ID by changing some habits and putting in a little extra effort. To help you protect yourself, Switched presents ten tips that will keep your money and information safe and, as a bonus, get you less junk mail in the process.


1. Shred everything

Anything with an account number, signature, social security number or any personal information can be used against you, and since most people throw this stuff in the trash, it's readily available for dumpster-diving thieves. Shredding your bills, ATM and credit card receipts, pay stubs, back statements and anything else with confidential info is a much safer alternative. If the paper shredder you use cuts horizontally and vertically across the paper, that's even better, since it makes taping the paper back together difficult. Likewise, any digital data on hard drives, CDs, or DVDs should also be fully wiped or physically destroyed. On the plus side, shredding is kind of fun.


'Phishing' Becomes 'Whaling' As E-Mail Scams Go After Corporate Execs

by Tim Stevens, posted Apr 16th 2008 at 9:34AMBreaking News

Phishers Aim Bigger, Start Whaling

What do you call it when phishers, people who trick people with official looking e-mails, start aiming for bigger targets? Whaling, apparently, as that's the new term being applied to a particular breed of phisher that is going after corporate executives, adding a new angle to the traditional fake e-mail scam.

The new phishing e-mail appears to be from the United States District Court in San Diego. It indicates that if you click on a link, you'll get the full subpoena, but, of course, what you'll actually get is some malware, software that runs in the background capturing passwords and other information you'd rather were kept private.

So, regardless of your pay grade, make sure you watch what you click on when reading e-mails. Oh, and you might want to tell your secretary to do the same.

From the New York Times

Oklahoma Leaks 10,000 Social Security Numbers

by Evan Shamoon, posted Apr 16th 2008 at 7:56AMBreaking News




In what can be called a true Homer Simpson moment, the Oklahoma Department of Corrections managed to leak 10,000 social security numbers by way of an incompetent Web programming team. You see, when the Oklahoma DOC created the state's Sexual and Violent Offender Registry, it essentially put the personal information of those on the list queries into the URLs (Web addresses) linked to each individual.

What's worse, the gaffe means that it not only leaked the personal data of tens of thousands of people, but also enabled anyone with basic Web knowledge to put anyone he or she chooses on the state's sexual offender list.

And yes, that was the Department of Corrections. High five, dudes.

From Slashdot


Related Links:

Hacker Consultants Infiltrate Power Grid In Hours

by Tim Stevens, posted Apr 11th 2008 at 10:21AMBreaking News



To many, a power grid is just a bunch of wires spreading out like a web, some sort of a power plant sitting in the middle turning the lights on all along its reach. That perception leads to a feeling of security; so long as that plant in the middle is safe from physical attack, the grid itself is also safe. Surround the plant with barbed wire fences and armed guards and it's easy to think that those power plants are safe. Sadly, in this networked age, that's simply not the case, as proven by a team of security consultants who pulled a few simple hacking tricks to infiltrate the computer systems of an anonymous power company within a few hours.

The consultants apparently didn't have to resort to any advanced tactics to gain control over computers that monitored and controlled the power grid. They relied on human nature to get initial access, finding the e-mail addresses of many of the plant's employees and sending them a supposedly corporate e-mail that indicated their worker benefits were being cut. They were directed to a URL to get more information. That URL was, of course, bogus and simply resulted in the installation of malicious software.

Once installed the team had full control to do whatever they want, including shutting down the grid and potentially even causing physical damage to the plant itself. Thankfully, though, they were just there to find holes in the plant's security infrastructure, which they certainly did. So, be aware that your power is perhaps a bit more vulnerable than you might think, but be thankful the companies that provide it are at least working to find those vulnerabilities.

From BetaNews


AOL Tech Network



Latest Reviews from CNET.com

CNET provides the latest tech news, unbiased reviews, videos, podcasts, software, and downloads, making tech products easy to find, understand and use.

Top Product Reviews

Weblogs, Inc. Network

AOL News

Other Weblogs Inc. Network blogs you might be interested in:

Joystiq
Download Squad
The Unofficial Apple Weblog (TUAW)
BloggingStocks
Xbox 360 Fanboy
Autoblog