Those behind the Zeus botnet recently decided to press the big red button, bluescreening 100,000 computers around the globe. Security experts aren’t sure why yet, although they have some ideas.
PL/SQL Guy writes “Hackers have repeatedly broken into the air traffic control mission-support systems of the US Federal Aviation Administration, according to an Inspector General report sent to the FAA this week, and the FAA’s increasing use of commercial software and Internet Protocol-based technologies as part of an effort to modernize the air traffic control systems poses a higher security risk to the systems than when they relied primarily on proprietary software, the report said. Intrusion detection systems (IDS) are deployed at only 11 of hundreds of air traffic control facilities. In 2008, more than 870 cyber incident alerts were issued to the organization responsible for air traffic control operations and by the end of the year 17 percent (more than 150 incidents) had not been remediated, ‘including critical incidents in which hackers may have taken over control’ of operations computers, the report said.”
Read more of this story at Slashdot.
An anonymous reader writes “From The Washington Post’s Security Fix blog comes a tale that should make any Windows home user or system admin cringe. It seems the latest version of the Zeus Trojan ships with a command that will tell all infected systems to self-destruct. From the piece: ‘Most security experts will tell you that while this so-called “nuclear option” is an available feature in some malware, it is hardly ever used. Disabling infected systems is counterproductive for attackers, who generally focus on hoovering as much personal and financial data as they can from the PCs they control. But try telling that to Roman Hüssy, a 21-year-old Swiss information technology expert, who last month witnessed a collection of more than 100,000 hacked Microsoft Windows systems tearing themselves apart at the command of their cyber criminal overlords.'”
Read more of this story at Slashdot.
 Telegraph.co.uk |
Pakistan says army will eliminate "terrorists"
Reuters By Junaid Khan MINGORA, Pakistan, May 7 (Reuters) – Pakistan's government ordered the army to eliminate militants on Thursday, setting the stage for a major offensive against Taliban fighters battling security forces in a northwestern valley. Video: Residents Flee Pakistani War Zone The Associated Press Pakistan Orders Military to Eliminate Militants, Terrorists Voice of America Telegraph.co.uk – Washington Post – guardian.co.uk – Daily Times all 5,976 news articles |
An anonymous reader writes “Highly sensitive details of a US military missile air defense system were found on a second-hand hard drive bought on eBay. The test launch procedures were found on a hard disk for the THAAD (Terminal High Altitude Area Defense) ground to air missile defense system, used to shoot down Scud missiles in Iraq. The disk also contained security policies, blueprints of facilities and personal information on employees including social security numbers, belonging to technology company Lockheed Martin — who designed and built the system. First part of story. Scary that they did not wipe it to Department of Defense standards which I believe is wiping the whole disk and then writing 1010 all over it.”
Read more of this story at Slashdot.
An anonymous reader writes “Highly sensitive details of a US military missile air defense system were found on a second-hand hard drive bought on eBay. The test launch procedures were found on a hard disk for the THAAD (Terminal High Altitude Area Defense) ground to air missile defense system, used to shoot down Scud missiles in Iraq. The disk also contained security policies, blueprints of facilities and personal information on employees including social security numbers, belonging to technology company Lockheed Martin — who designed and built the system. First part of story. scary that they did not wipe it to Department of Defense standards which I believe is wiping the whole disk and then writing 1010 all over it.”
Read more of this story at Slashdot.
An anonymous reader writes “The Washington Post’s Security Fix is reporting that hackers broke into servers at the Virginia health department that monitors prescription drug abuse and replaced the homepage with a ransom demand. The attackers claimed they had deleted the backups, and demanded million for the return of prescription data on more than 8 million Virginians. Virginia isn’t saying much about the attacks at the moment, except to acknowledge that they’ve involved the FBI, and that they’ve shut down e-mail and a whole mess of servers for the state department of health professionals. The Post piece credits Wikileaks as the source, which has a copy of the ransom note left behind by the attackers.”
Read more of this story at Slashdot.
An anonymous reader notes that this weekend, ReadWriteWeb discovered a security hole on several McAfee sites, which lets any attacker piggyback on the company’s reputation and brand in order to distribute malware, Trojans, or anything else. The submitter adds an ironic coda to McAfee’s epic fail: “In the ‘how to HTML Injection’ section, the author provided the four steps needed to execute a simple, no-brainer injection, but unfortunately, exposed a hole in NY Times website when they republished the article. While the author changed the offending text to an image, the Times is still using the original story which redirects directly to ReadWriteWeb [via XSS].” From the RWW post: “During tests this weekend, we discovered the company who claims to ‘keep you safe from identity theft, credit card fraud…’ has several cross-site scripting vulnerabilities and provides the bad guys with a brilliant — albeit ironic — launching pad from which to unleash their attacks.”
Read more of this story at Slashdot.
Exposed: the great password scandal How some sites are taking a cavalier attitude to your security : TechRadar UK
crankyspice writes “I work routinely in environments where a camera cannot physically be present (e.g., federal court), which really limits what I can carry with me. For instance, I’m a Mac guy, but there’s no way to order a MacBook without a built-in webcam (which I’ve never used on the machines I’ve owned that have had one). Ditto the iPhone. I’m left with a BlackBerry 8830 and the bottom rung of the [W|L]Intel portables. Even then, when I ordered a Dell Mini 9, I had to wait more than a month because I specified no webcam when I placed the order. This is a relatively common (government, law, sensitive corporate environments) requirement; what have other Slashdotters done? Disabling the camera with a script or somesuch won’t convince the /hour security guard that there’s no camera. How can one easily find portable devices without a built-in camera?”
Read more of this story at Slashdot.
