Hackers News

New VoIP Phishing Scams

2006-04-26T23:54:00.000+08:00

Cloudmark, an anti-spam company, put the word out about a new type of email phishing scam targeting banking customers. These fake emails don't provide a URL for you to click--you're much too smart for that. Rather, they provide a phone number, which calls into a voice mail system that asks for your account number. According to Cloudmark, what's new here is the criminal use of VoIP and PBX (private branch exchange) software to set up a voice-mail system that sounds like your bank. The process is cheap and easy, thanks to VoIP and open-source PBX software such as Asterisk. The same low-cost setup that's enabling small businesses to sound professional is enabling small-time scam artists to do the same. "The convergence of the Internet with the phone system allows someone with VoIP to do what the big boys used to do," says Adam J. O'Donnell, Ph.D., senior research scientist at Cloudmark. Cloudmark's enterprise spam filters found two such phishing scams, one targeting a small bank in a large U.S. city. Cloudmark says more than 1000 such messages were received over a three-day period. The scam artists set up a toll-free number and a number with area code.

read more

Linux, Mac viruses on the rise

2006-04-26T23:52:00.000+08:00

The crusade to win a greater share of the operating system market away from Microsoft's Windows has long fired up the hearts of the Mac and Linux faithful. But popularity breeds contempt - from hackers. A new study of "malware" - viruses, worms, and other software nasties - released Friday by Moscow-based Kaspersky Lab shows a doubling in the number of viruses and worms targeting Linux from 2004 to 2005. The trend is worth watching, says Linux Pipeline, but must be put in context. There were only 863 cases of Linux attacks last year, while Symantec found 11,000 viruses and worms in Windows. And Apple's (Research) Mac? It got off easy in the Kaspersky report, but last week brought news of vulnerabilities in OS X, following on a February report of the first documented Mac OS X virus. Additionally, independent security researcher Tom Ferris posted to his blog a series of "serious" Mac security breaches that he recently discovered.

read more

Viruses and hackers cost UK business £10bn a year

2006-04-26T23:51:00.000+08:00

Security breaches from computer viruses, hacker attacks and staff misuse of the internet are costing British business £10bn a year, according to a DTI backed report published yesterday. The biannual survey of 1,000 companies by PricewaterhouseCooper shows losses are 50% higher on the 2004 figure - this despite increased spending on security systems. Larger firms saw the number of security breaches fall, but the average cost of each incident rose to £65,000-£130,000 in disruption.

read more

Weak passwords leave firms open to hackers

2006-04-26T23:50:00.000+08:00

Poor password policy management is leaving firms open to hacking attacks, a survey published today at Infosec Europe 2006 has warned. Nearly two thirds of the 500 IT administrators who responded to the poll considered the passwords of their users to be inadequate, either using common dictionary words, names or other weak passwords. Overall 86 per cent of users used one password for all their sites or a very limited pool of passwords. Over 40 per cent fall into the former category. "It is madness to use the same password for your banking site as for your football supporters' page," said Graham Cluley, senior technology correspondent at Sophos, which carried out the survey.

read more

Microsoft rolls out browser fixes

2006-04-26T23:49:00.000+08:00

Microsoft Corp. is releasing a new test version of Internet Explorer, the market-leading Web browser that is facing competition from smaller players. The new beta, available Tuesday for free download to English-languages customers, includes fixes for problems that were causing Internet Explorer 7 to stop working, said Dean Hachamovitch, general manager in charge of Internet Explorer development. With the previous test version, Hachamovitch said the most common problems reported involved banking and news sites, in part because of security changes. Improving security can be tricky since any changes can cause legitimate Web sites to stop working, frustrating users.

read more

Five new vulnerabilities in Mac OS X

2006-04-25T21:26:00.000+08:00

A researcher has discovered a new round of holes in Mac OS X, further proof that hackers are starting to look beyond the Windows landscape for exploit opportunities. The flaws, discovered by Tom Ferris of the Security-Protocols blog, can lead to DoS attacks, said monitoring service Secunia, which rated the vulnerabilities highly critical on Friday. Some of the errors can be exploited when the Safari browser processes malformed HTML tags or GIF images on a malicious website or when Safari decompresses malformed ZIP archives in the Finder. Ferris, who included proof-of-concept exploit code in his posting, said he notified Apple about the flaws early this year and has been told they "will be fixed in the next security release." As users await patches, Secunia recommends they avoid untrusted websites and do not open ZIP archives or images originating from unknown sources.

read more

Windows to Linux, and vice versa

2006-04-25T21:25:00.000+08:00

These days, the "revolution" is all about Linux. The word alone has become a catchcry for everything anti-establishment, anti-Bill, and anti-licensing fees. If you listen to the hype, it's being used everywhere, in businesses of all sizes, to do everything but make the coffee. Just because everybody's using Linux, however, doesn't mean everybody's happy for that fact to be known, as I found recently while looking for potential candidates for this special report about companies that had made the switch from Windows and Linux, and vice versa. Based on the ongoing enthusiasm about Linux, I presumed it would be simple to find companies just busting to tell how they'd ditched their Microsoft server software and moved onto Linux servers. Everybody's doing it, after all, aren't they? Unfortunately, only Wotif.com -- a last-minute accommodation Web site due to be listed this year -- was willing to tell its story.

read more

Linux Performance Tuning

2006-04-25T21:23:00.000+08:00

Why tune my system? This is probably the first thing you want to know. When a distribution is packaged and delivered to clients, it is designed to be fully compatible with most of the computers available in the market. This is a very heterogeneous set of hardware (hard disks, video cards, network cards, etc.). So distribution vendors like Red Hat, SuSe, Mandriva and the rest of them choose some conservative configuration options to assure a successful installation. For instance, probably you have a very advanced hard disk with some special features that are not being used due to standard configuration settings. To summarize: your linux distribution goes well… but it can goes even better! For instance, probably you have a very advanced hard disk with some special features that are not being used due to standard configuration settings.

read more

'World of Warcraft' battles server problems

2006-04-25T21:22:00.000+08:00

With 6 million subscribers, each of whom pays $15 a month, Blizzard Entertainment's online game "World of Warcraft" has become a billion-dollar enterprise. Now comes the hard part: Making sure WoW is always up and running. Some players are angered by ongoing server problems that have led the game to crash without warning while they were playing. Complaints have also surfaced about long lag times and frustrating waits to even play. Despite Blizzard's contention that it's been keeping WoW customers informed of system problems at all times, some players contend that the company has been slow to react to complaints and reluctant to offer support when problems arise. According to players, the problems have been especially acute since Blizzard implemented its last major patch to WoW, in late March. At that time, the company acknowledged it had some temporary server problems but said they'd resolve themselves within hours. But some players say that ever since then, they're routinely encountered "urgent maintenance" that can result in being booted from the game at any time.

read more

Firefox to overtake Internet Explorer by Dec-2007

2006-04-25T21:20:00.001+08:00

So it seems that not only has the percentage of Firefox users been increasing for the last 2.5 year but the rate of increase in the percentage of users has also been increasing.

read more

iPod Sync Comes to Linux

2006-04-25T21:20:00.000+08:00

Linspire Inc's Developer Duane Maxwell recently released libipod for Linux which allows you to develop programs to load ipods up with music files in the same manner as iTunes. This has worked pretty well with Ltunes which also has been released on sourceforge and will hopefully make it's way into other fine music management software for Linux.

read more

Read this! The internet is about to get messed up.

2006-04-25T21:19:00.000+08:00

The Internet, as we know it, is going to change (and not for the good... think the really bad, worst-case remember-that-Internet-thing? bad) if the gov and Verizon, comcast, att, etc. get their way. I doubt there is any other issue that is more important right now. Digg up.

read more

Beware wireless hacking

2006-04-24T18:51:00.000+08:00

SECURITY experts are warning internet users of a new threat to their computer systems, with thieves gaining access to other people's broadband from unsecured wireless networks in homes and businesses. Known as "leaching", the unusual form of theft involves neighbours and passers-by logging on to a home or business wireless network and surfing the web for free. The consequences can range from slower download speeds to massive bills for unsuspecting network owners. Market research firm IDC estimates there are more than 200,000 wireless networks operating in homes around Australia, increasing the opportunities for sneak thieves. Stealing internet access has also become easier. Thieves need only a tiny wireless card for their laptop computer.

read more

Chinese users want Google to pick a new name

2006-04-24T18:50:00.000+08:00

Some Chinese Internet users aren't happy with Google's recently announced Chinese name, and they've started an online petition to express their displeasure. "We love Google, but we don't love Guge," said the message atop the NoGuge.com Web site, referring to Google's Chinese name. By mid-morning on Monday more than 7,000 users had signed the petition -- a tiny fraction of China's 110 million Internet users. Guge, which incorporates the Chinese characters for 'valley' and 'song,' is an allusion to traditional songs that celebrate a rich harvest. But many Chinese Internet users find the name just doesn't sound right to them. "The name Guge makes us feel bad, it disappoints us," the Web site said. "Google are you listening?" Among a list of alternative names for Google posted on a NoGuge.com, the most popular was Gougou, a slang term for Google that literally means 'dog dog.' Gougou received 2,774 votes out of 28,942 cast in an informal poll. The second most-popular pick was Google, followed by Goule, which means 'enough.'

read more

Report: Non-Windows attacks on the rise

2006-04-24T18:48:00.000+08:00

Attacks against platforms other than Windows, particularly Linux, are growing quickly, according to a Kaspersky Lab report released today. The number of malware affecting Linux during 2004 and 2005 jumped from 422 to 863, said the report, written by Konstantin Sapronov on the Viruslist.com website. Other Unix-based systems also are experiencing similar rises in attacks, although not to the level of Linux. Sapronov said this is not surprising news, especially as alternate platforms become more popular. "Slowly but surely Linux is being chosen over Windows not only for servers, but also for desktops," he said. "Mac OS X's (stock) may also rise. Since Apple has switched to Intel processors, Macintosh is rapidly gaining popularity."

read more

SSL/TSL and SSH Not So Secure Anymore

2006-04-24T18:44:00.000+08:00

Polish scientists from Wroclaw University of Technology have found a vulnerability in security technologies used across the Internet that may allow kleptographic attacks resulting in silent theft of information without user's awareness. The attack is only possible if client application has been modified by a malicious person e.g. by infecting computer system by a virus or persuading a user to install a plug-in, download or compile modified code. Such application would not send any additional information and would act according to protocol specification but the data sent over secure channel would easily be disclosed only by sniffing network traffic. Probably all of the SSL/TLS and SSH protocols may be affected including Internet Explorer, Outlook Express, Mozilla Firefox, Mozilla Thunderbird and Opera.

read more

Rootkits to mask most malware by 2008

2006-04-24T18:39:00.000+08:00

Rootkits that hide malicious software from anti-virus and anti-spyware tools are growing in number and sophistication, and will pose an unprecedented risk to users by 2008, security company McAfee said this week. In the opening quarter of 2006, said McAfee in the first of a trilogy of reports on rootkits, its Avert Labs spotted more rootkit components in worms, Trojan horses, and spyware than in all of 2005. During the past three years, the use of rootkits in malicious code has soared by more than 600 percent. "There have been dramatic increases in the last year or two," said Stuart McClure, a McAfee vice president and the chief of Avert Labs. "This hasn't been a linear ramp-up." Although rootkits began innocently enough - the term originally referred to a collection of Unix utilities that gave administrator-level access (known as root access) - they began to go dark as long ago as 1986. Most users first became aware of them much more recently; in late 2005, news broke that Sony BMG Music was using a rootkit to hide anti-piracy protection on audio CDs played on PCs.

read more

Banks move to limit losses from security breach

2006-04-24T18:35:00.000+08:00

From Citibank to SunTrust, credit unions to community banks, America's financial institutions are scrambling to deal with the biggest cyber-heist of customer debit-card numbers to date. The huge computer-hacking incident, which took place more than a month ago, has led to potentially millions of dollars in theft by a global ring of hackers using the stolen debit information and personal-identification numbers, industry experts said this week. In recent weeks, the nation's banks have quietly tried to extinguish the problem by closing hundreds of thousands of debit-card accounts and providing customers new cards, account numbers and PINs, industry officials said. Exact figures are unknown _ some banks have reported numbers, others have not. It is thought that at least 350,000 accounts across the country were defrauded, involving more than $10 million in losses, according to some experts.

read more

Doubts, fears and the Australian ID card

2006-04-24T18:26:00.000+08:00

Concerns about the privacy of individuals are as important as ever and ought not be compromised. Whenever the Federal Government discusses its plans for a "smartcard" - which would allow citizens to electronically access Medicare and other government services - speculation inevitably strays to the possibility that a compulsory national ID card will also be introduced. Is the "smartcard" a way of accustoming people to the notion of a national ID card? The smartcard would have a photo ID and a computer chip allowing bureaucrats to access personal information. It would not be compulsory, but most people over 18 would need one because it is the only way they would have access to government money including Medicare, Austudy, child-care benefits, pensions and pensioner concessions, the family tax benefit, unemployment benefit and maternity payments.

read more

Security Myths and Passwords

2006-04-23T21:51:00.000+08:00

In the practice of security we have accumulated a number of “rules of thumb” that many people accept without careful consideration. Some of these get included in policies, and thus may get propagated to environments they were not meant to address. It is also the case that as technology changes, the underlying (and unstated) assumptions underlying these bits of conventional wisdom also change. The result is a stale policy that may no longer be effective…or possibly even dangerous.

read more

Linux Distributors Unite on Standard

2006-04-23T17:02:00.000+08:00

In a move to make the Linux OS a stronger alternative to Windows, a group of major Linux distributors announced Friday they have united on a standard set of components for desktop versions of Linux.

read more

CIA fires officer over leak; criminal probe also opened

2006-04-22T15:44:00.000+08:00

The CIA has fired one of its officers for leaking classified information, an agency spokeswoman said Friday. The officer admitted to "unauthorized discussions with the media in which the officer knowingly and willfully shared classified intelligence including operational information," said spokeswoman Michelle Neff. Neff declined to divulge the officer's name or position, or what specifically was leaked. (Watch how a failed polygraph test outed a journalist's source -- 1:50) A U.S. official said the person's name has been turned over to the Justice Department, where a determination will be made on whether to file criminal charges. A senior government official said the dismissal was related to a story in The Washington Post about the United States holding terror suspects in secret prisons overseas.

read more

eBay Worried About Google

2006-04-22T12:25:00.000+08:00

eBay is reportedly in talks with both Yahoo and Microsoft on how they can work together to counter the threat from Google.

According to an article in Friday’s edition of The Wall Street Journal, the San Jose, California-based online auction giant began separate talks late last year with both companies on how they could cooperate with one another to fend off competitive threats from the search engine company.

New Toshiba HD-DVD player is really a Pentium 4 PC

2006-04-22T11:51:00.000+08:00

Toshiba has fired a shot in the war between formats to have high definition on a disc. Their HD-A1 player hit the shelves earlier this week, and has been met with fairly good reviews overall. Being interested in the format, I decided to hunt around and find an available player to go and check out. After bringing one back to the office, I took a little look under the hood to see what goes into a high definition DVD player. I had heard it was really a standard PC in there, with an IDE drive playing back content. Sure enough, after poking around that's exactly what I found. There is a USB flash disk inside the unit that holds the bootable firmware that runs the player, and it will be very interesting in the near future to see what secrets it holds.

read more

Myth or reality: Is the fax dead?

2006-04-22T11:48:00.000+08:00

Leading developer of network security, GFI, today released a report on how companies can streamline faxing technology to improve employee productivity. The report examines the costs involved in manual faxing and estimates that the average yearly cost for businesses sending 50 faxes per day is $26,000. The report concludes that GFI’s integrated fax solution, GFI FAXmaker, can reduce the annual cost of manually sending 50 faxes per day to $2,600, if they are sent directly from their email client. A recent Gallup/Pitney Bowes poll of Fortune 500 companies conducted in the US discovered that faxing is still the number one method for sending and receiving official international messages that must be signed for, at an average cost of $15 million per year. Whilst email is still the most common form of business communication, until the digital signature is deemed as a legal entity, many industries are still reliant on faxing.

read more