Tech Talk

Hacking a nation’s infrastructure

InfoSec News — Mon, 20 May 2013 19:11:32 +0000

By Mark Ward

That CCTV feed is just one of many inadvertently put online. Finding them has got much easier thanks to search engines such as Shodan that scour the web for them. It catalogues hundreds every day. “Shodan makes it easier to perform attacks that were historically difficult due to the rarity of the systems involved,” Alastair O’Neill from the Insecurety computer security research collective told the BBC. “Shodan lowers the cost of enumerating a network and looking for specific targets.” It is not just CCTV that has been inadvertently exposed to public scrutiny. Search engines are revealing public interfaces to huge numbers of domestic, business and industrial systems. Mr O’Neill and other researchers have found public control interfaces for heating systems, geo-thermal energy plants, building control systems and manufacturing plants. The most worrying examples are web-facing controls for “critical infrastructure” – water treatment systems, power plants and traffic control systems.
Source: http://www.bbc.co.uk/news/technology-22524274

Cybercrime: by the numbers

InfoSec News — Mon, 20 May 2013 19:10:18 +0000

By Rich Exner
18: Cybercrime victims every second somewhere in the world, according to a 2012 Norton by Symantec study.
1.6 million: Cybercrime victims each day on average.
$156 billion: Money corporations in 33 countries, including the United States, lost to cyberattacks from 2005 through 2010.
50 million: Customers of LivingSocial, an online deals site, who may have been affected when its website was hacked recently. The website included, at least for some users, names, email addresses, dates of birth and encrypted passwords.
$1 billion: Estimated revenue in 2012 for the booming industry of Internet security, according to the consulting firm Frost & Sullivan.
Source: http://www.cleveland.com/datacentral/index.ssf/2013/05/cybercrime_occurring_18_times.html

The Future Of Web Authentication

InfoSec News — Mon, 20 May 2013 19:09:14 +0000

By Ericka Chickowski
It may have been drawn two decades ago, but the old New Yorker cartoon still rings true: “On the Internet, nobody knows you’re a dog.” “It’s really easy to be whoever you want to be on the Internet,” says Paul Simmonds, a board member of the Jericho Forum, a group of security thought leaders dedicated to advancing secure business in open network architectures. “We’ve known about it as an industry for 20 years. We’ve done almost nothing about it. So shame on us.”
Source: http://www.darkreading.com/end-user/the-future-of-web-authentication/240155046

MESA Students join Hack for Change – Seattle

Megan Coppersmith — Fri, 17 May 2013 21:46:04 +0000

We’re thrilled that more than 40 students, MESA Advisors and parents from the MESA Washington program will join Hack for Change – Seattle on Saturday, June 1. MESA students are developing an application to address the problem of managing students’ assignments and projects. The students’ application is called “MESA Solutions for Learning” which should make managing any student tasks fun, inspiring and attainable for the struggling, as well as motivated, students.

The high-school students will also work with software developers in workshops and open-data advocates to build applications and visualizations. These applications are based on the data available on data.seattle.gov, Seattle’s open data platform. The day-long event will culminate in the presentation and judging of MESA team projects, and awarding prizes to the winners.

For more information, visit codeforseattle.org or follow #Hack4Seattle on Twitter or seattle.opendata on Facebook.

Iran-Based Hackers Traced to Cyber Attack on U.S. Company

InfoSec News — Wed, 15 May 2013 22:15:06 +0000

By Chris Strohm

A previously unknown hacking group believed to be based in Iran has started cyber attacks inside the U.S., according to Mandiant Corp., a security company that’s linked China’s army to similar activity. The Iranian group emerged within the last six months and has infiltrated the networks of at least one U.S. corporation, Richard Bejtlich, Mandiant’s chief security officer, said in an interview in Washington today. “You’re starting to see the Iranians get more active,” Bejtlich said. “We’ve got at least one case where we think it’s Iran, and we think what they are doing is trying to gain some experience on a live network.”

Source: http://www.bloomberg.com/news/2013-05-14/iran-based-hackers-traced-to-cyber-attack-on-u-s-company.html

Fraudster who hired hackers to manipulate stock prices goes to prison

InfoSec News — Wed, 15 May 2013 22:13:37 +0000

Fraudster who hired hackers to manipulate stock prices goes to prison The central organizer of a worldwide conspiracy to manipulate stock prices through a “botnet” network of virus-controlled computers was sentenced today to 71 months in prison and was ordered to pay a $30,000 fine. 44-year-old Texas resident Christopher Rad was previously convicted of six counts arising from the fraud scheme: conspiring to further securities fraud using spam; conspiring to transmit spam through unauthorized access to computers; and four counts of transmission of spam by unauthorized computers.

Source: http://www.net-security.org/secworld.php?id=14906

Cheapest Way to Rob Bank Seen in Cyber Attack Like Hustle

InfoSec News — Mon, 06 May 2013 15:28:31 +0000

By Jordan Robertson

The hackers often struck late on Fridays, starting about a year ago, sending skeleton crews at more than a dozen European banks rushing to keep bombardments of digital gibberish from crashing their websites. Damaging as the bandwidth-choking attacks were, they were merely smokescreens. Once employees dropped their guard to fight one attack, hackers struck again, exploiting the openings to steal account information and create counterfeit debit cards. One attack was so fast that, within two hours, $9 million was withdrawn from automated teller machines in 46 cities, according to Francis deSouza, president of products and services for Symantec Corp (SYMC)., the Mountain View, California-based information security company that investigated the incidents.
Source: http://www.bloomberg.com/news/2013-05-06/cheapest-way-to-rob-bank-seen-in-cyber-attack-like-hustle.html

Android virus scanners are easily fooled

InfoSec News — Mon, 06 May 2013 15:25:36 +0000

Researchers at Northwestern University and North Carolina State University have discovered that anti-virus programs for Android can usually be bypassed using trivial means. The researchers developed DroidChameleon, a tool that can modify known malware apps in numerous ways to prevent them from being detected. Most of the ten scanners they tested mainly performed signature-based analyses. In some cases, simply changing the package name in the metadata was enough for virus scanners to consider the malware harmless. Several scanners could be fooled by unpacking the malware and then creating new installation packages. In other cases, the researchers were successful after encrypting parts of the app or redirecting function calls.
Source: http://www.h-online.com/security/news/item/Android-virus-scanners-are-easily-fooled-1856133.html

Vulnerability data shows majority of websites are susceptible to a serious flaw

InfoSec News — Mon, 06 May 2013 15:22:04 +0000

Despite the average number of serious vulnerabilities per website declining in 2012, 86 per cent of all websites tested were found to have at least one serious vulnerability that exposed it to attack. According to correlated vulnerability data from more than 650 organisations’ websites by WhiteHat Security, ‘serious’ vulnerabilities per website went down from 79 in 2011 to 56 in 2012. Serious vulnerabilities were defined as those in which an attacker could take control over all, or some part, of the website, compromise user accounts on the system, access sensitive data or violate compliance requirements.
Source: http://www.scmagazineuk.com/vulnerability-data-shows-majority-of-websites-are-susceptible-to-a-serious-flaw/article/291825/

Join us! Hack for Change – Seattle: June 1, 2013

Megan Coppersmith — Fri, 03 May 2013 18:32:46 +0000

#Hack4Seattle

The City of Seattle and Code for Seattle invite you to attend Hack for Change – Seattle as part of the National Day of Civic Hacking. Co-sponsored by Seattle open data innovators, Socrata, Inc., the event will take place from 10 a.m. to 4 p.m., in Seattle’s City Hall (600 Fourth Ave, Seattle).

Register for the free event at: RSVP

If you are a software developer, entrepreneur, self-proclaimed computer geek or just an interested resident, we encourage you to join us on June 1 as we work collaboratively to create, build and invent new solutions using publicly-released data, code and technology to solve challenges relevant to our neighborhoods, cities, states and country.

In addition to working on applications and visualizations based on Seattle’s open data platform, data.seattle.gov, Hack for Change – Seattle participants will have the opportunity to attend workshops and join in discussions on civic data and engagement.

For more information, visit codeforseattle.org or follow #Hack4Seattle on Twitter or seattle.opendata on Facebook.