With Hacking, Music Can Take Control of Your Car

With Hacking, Music Can Take Control of Your Car
By Robert McMillan | March 10, 2011 07:01 PM ET

IDG News Service – About 300 years ago, the English playwright William Congreve wrote, “music has charms to soothe a savage breast, to soften rocks, or bend a knotted oak.” This week we learned that it can also help hackers break into your car.

Researchers at the University of California, San Diego, and the University of Washington have spent the past two years combing through the myriad computer systems in late-model cars, looking for security flaws and developing ways to misuse them. In a new paper, they say they’ve identified a handful of ways a hacker could break into a car, including attacks over the car’s Bluetooth and cellular network systems, or through malicious software in the diagnostic tools used in automotive repair shops.

Full story here: With Hacking, Music Can Take Control of Your Car

Research: Robert Cazares
Source: www.computerworld.com/s/article/9214167/With_hacking_music_can_take_control_of_your_car

Most Sites are Exposed to at Least One Vulnerability Each Day

Most Sites are Exposed to at Least One Vulnerability Each Day
By Help net Security | Posted on 10 March 2011

The average website has serious vulnerabilities more than nine months of the year and data leakage has over taken cross site scripting as the most common website vulnerability, according to WhiteHat Security.

“It’s inevitable that websites will contain some faulty code – especially in sites that are continually updated. Window of Exposure is a useful combination of the vulnerability prevalence, the time it takes to fix vulnerabilities, and the percentage of them that are remediated,” said Jeremiah Grossman, founder and CTO of Whitehat Security. “Specifically for CIOs and security professionals, measuring window of exposure offers a look at the duration of risk their business and user data is exposed to by not having sufficient remediation processes in place.”

Full story here: www.net-security.org/secworld.php?id=10730

Research: Robert Cazares
Source: www.net-security.org/secworld.php?id=10730

“Most Recent Earthquake in Japan” Searches Lead to FAKEAV

"Most Recent Earthquake in Japan" Searches Lead to FAKEAV
March 11, 2011 2:58 am | by Norman Ingal (Threat Response Engineer)

Unsurprisingly, we saw blackhat SEO attacks almost immediately after an 8.9 magnitude earthquake affected Japan, which was followed by a tsunami, causing massive damage to affected areas.

We immediately monitored for any active attack as soon as news broke out. True enough, we saw Web pages that have been inserted with keywords related to the earthquake. One of the active sites that we saw used the keyword "most recent earthquake in Japan" that led to FAKEAV variants we currently detect as MalFakeAV-25.

Full story here: blog.trendmicro.com/most-recent-earthquake-in-japan-searches-lead-to-fakea/

Research: Robert Cazares
Source: blog.trendmicro.com/most-recent-earthquake-in-japan-searches-lead-to-fakea/

N.J. State Computers Nearly Sold with Sensitive Data

N.J. State Computers Nearly Sold with Sensitive Data
NEW YORK | Thu Mar 10, 2011 2:17pm EST
Reporting by Barbara Goldberg; Editing by Ellen Wulfhorst and Jerry Norton

(Reuters) – Child abuse reports, Social Security numbers and other highly sensitive data were discovered on a batch of government computers headed for the auction block to be sold by the State of New Jersey, authorities said on Thursday.

Data was found on 79 percent of the computers that were already shrink-wrapped on pallets at the state’s surplus property warehouse and bound to be sold to the highest bidder, said Peter McAleer, spokesman for the New Jersey Office of the State Comptroller.

Full story here: N.J. State Computers Nearly Sold with Sensitive Data

Research: Robert Cazares
Source: www.reuters.com/article/2011/03/10/us-computer-snafu-idUSTRE7296KC20110310

Police Find ATM Skimmer at Credit Union; Suspect Sought

Police Find ATM Skimmer at Credit Union; Suspect Sought
By KATU.com | Story Published: Mar 10, 2011 at 5:19 PM PDT

Summary: A customer at Lacamas Credit Union sees something that’s not quite right when he’s at the ATM. He calls police and they uncover an ATM skimmer along with a pinhole-size camera.

VANCOUVER, Wash. — Police in Vancouver are searching for a man who allegedly put a skimming device on an ATM at a local credit union.

At approximately 10:30 p.m. March 6, Vancouver Police responded to the Lacamas Credit Union at 19200 SE 31st St. after someone reported a suspicious device on on one of the ATMs, saying he believed there was some type of device located over the card slot of the ATM. Vancouver Police arrived and located a credit card skimming device attached to the ATM as well as a pinhole camera that was mounted just above the key pad.

Full story here: Police Find ATM Skimmer at Credit Union; Suspect Sought

Research: Robert Cazares
Source: www.katu.com/news/117769798.html

Rogue Antivirus Via Skype Phone Call?

Rogue Antivirus Via Skype Phone Call?
By Brian Krebs | Posted on Friday, March 11th, 2011 at 8:32 pm

A few readers have written, saying that they recently received Skype phone calls urging them to download and install a system update for Microsoft Windows. Users who visit the recommended site are bombarded with the same old scareware prompts that try to frighten them into purchasing worthless security software.

Scareware scams are nothing new to Skype: They have spread for some time now over the instant message client built into Skype, but this is the first I’ve heard of rogue anti-virus peddlers resorting to robocalls via Skype to spread their junk software.

One quick-thinking reader managed to record the tail end of the call, which is available by clicking here. It says, “To download the patch update, request professional maintenance at www.sosgt.com.” It seems from this thread on the Skype.com user forum that a great many others are getting these rogue AV calls.

Full story here: Rogue Antivirus Via Skype Phone Call?

Research: Robert Cazares
Source: krebsonsecurity.com/2011/03/rogue-antivirus-via-skype-phone-call/