And what better way to do that then to get your hands on the details of everyone on the list. Well, it appears that the TSA has forgotten its middle name, and failed to protect its own laptop carrying the (unencrypted, of course) details of 33,000 people on the clear list. While it certainly may have just been lost or stolen by someone who wanted a free laptop, whoever has that laptop now has the names, addresses and driver’s license or passport numbers of 33,000 applicants. It’s unclear if it indicates which of those applicants were approved, but I would still imagine that info would be useful to someone looking to bypass airport security. (TechDirt)

Share This

Juergen Marester, a 24-year-old French network consultant, needed seed capital to start his own computer-security company. So he turned to his off-hours hobby — black-hat hacking — and did what a growing number of hackers are doing: selling “0days” (pronounced “oh-days” or “zero days,” it generally refers to unknown, or zero-hour, software threats). These are recipes and code for penetrating the software run by governments, corporations, and private citizens. When properly deployed, 0days can result in minor disruptions such as a Web site’s temporary paralysis. At their extreme, they grant an attacker total control over a network. (Fast Company)

Share This

A 21-year-old Northern California man agreed to a two-year prison deal Tuesday after pleading guilty to charges of unleashing distributed-denial-of-service attacks against two web sites.

Gregory King, known as Silenz, Silenz420, sZ, GregK, and Gregk707, admitted in U.S. District Court in Sacramento that he controlled about 7,000 bots and used them to attack sites Killanet and Castlecops. [Wired]

But this isn’t….?

When MediaDefender rained down an attack of some 8,000 SYN packets a second on an open BitTorrent tracker that pointed the way to hundreds of thousands of copyrighted movies for the taking, it had no idea it was shuttering a legitimate San Francisco media company.

What does it matter whether they were shuttering a legitimate company or not?  Their actions are illegal, period.  If MediaDefender was concerned about the tracker pointing to copyrighted content, it is their responsibility to inform the authorities, not take matter into their own hands by engaging in ILLEGAL DDOS attacks.

It’s an open debate whether MediaDefender’s actions were lawful, even when it targets illicit torrent-tracking sites pointing the way to unauthorized, copyrighted material. The FBI is examining the Revision3 affair.

One bureau source told Threat Level that it was a “gray” area in federal computer security law.

Then there’s the area of corporate responsibility. Louderback said in an interview that Revision3 closed the hole in its tracker over the Memorial Day weekend and subsequently got slammed by MediaDefender. [Wired]

There is no “gray area” here.  If DDOS is illegal, it is illegal for everyone equally.  The FBI needs to do the right thing here and take these guys to court and shut down their illegal hacker venture that is wasting Internet bandwidth and engaging in attacks against the innocent.  If they believe someone is a guilty party, they are not entitled to shut them down, they are entitled to address it within the existing legal system.  They are not above the law.

Share This

Two longtime House members say computers in their Capitol Hill offices have been hacked by sources apparently working out of China.Virginia Rep. Frank Wolf says four of his computers were hacked. New Jersey Rep. Chris Smith says two of his computers were compromised.

The two lawmakers are longtime critics of Beijing.

In an interview Wednesday, Wolf said the hacking of computers in his Capitol Hill office began in August 2006. He says a computer at a House committee office also was hacked, and he suggested others in the House and possibly the Senate could be involved.

The FBI has declined immediate comment.

Share This

High street chains will be the next victims of cyber terrorism, some of the world’s elite hackers have warned.

They claim it is only a “matter of time” before the likes of Tesco and Marks & Spencer are targeted.

Criminals could use the kind of tactics which crippled Estonia’s government and some firms last year, they warned.

The experts were members of the infamous “Hackers Panel” which convened in London this week at the InfoSecurity Europe conference.

The panel includes penetration testers and so-called “white hat” hackers, who help companies tighten up their digital security by searching for flaws in their defences. (BBC)

Share This

 A Symantec employee tells us that on April 18, management will cut most of the company’s engineers in Durham, North Carolina and over a third of its Mountain View workforce. “This is not unexpected,” our tipster tells us. “Since the merger of Veritas and Symantec there has been a layoff each spring and fall.” Employees have, however, confronted management to ask why a software security firm would lay of security developers first. (ValleyWag)

Share This

BT has admitted that it secretly used customer data to test Phorm’s advertising targeting technology last summer, and that it covered it up when customers and The Register raised questions over the suspicious redirects.

The national telecoms provider now faces legal action from customers who are angry their web traffic was compromised.

Stephen Mainwaring, a BT Business customer in Weston-super-Mare, believes sensitive banking data relating to his online horse racing business was press-ganged into a trial of an unproven technology. He suffered sleepless nights after detecting the dodgy DNS requests, and said today: “It is very likely that I and others will take legal action against BT for what they did last summer.”

In a statement, BT said: “We conducted a very small scale technical test of a prototype advertising platform on one exchange in June 2007. The test was specifically conducted to evaluate the functional and technical performance of the platform. (Register)

Share This

Share This

A security breach at an East Coast supermarket chain exposed 4.2 million credit and debit card numbers and led to 1,800 cases of fraud, the Hannaford Bros. grocery chain announced Monday.

Hannaford said credit and debit card numbers were stolen during the card authorization process and about 4.2 million unique account numbers were exposed.

The breach affected all of its 165 stores in the Northeast, 106 Sweetbay stores in Florida and a smaller number of independent groceries that sell Hannaford products.  (WBZTV)

Share This

Share This