Oil company breach, a good example of industrial espionage?
Quite an interesting story regarding a breach at three Oil companies where corporate executives in particular were targeted so that the hackers could gain access to competitive data. Who is to blame is unclear… http://www.wired.com/threatlevel/2010/01/hack-for-oil/
Your passwords aren’t as secure as you think
This is a good article on Lifehacker.com with a simple description of the issues and instructions on how to better manage the storage of your passwords on your computer.
Virginia healthcare database compromised, ransom demanded
Yikes! What a trend we are seeing with health care related computer intrusions. Apparently it is not good enough for the criminals to just get in and steal the data and then sell it on the black market. http://voices.washingtonpost.com/securityfix/2009/05/hackers_break_into_virginia_he.html?wprss=securityfix
Survey finds that most people use the same one or two passwords everywhere
The results of the Gartner research are detailed here: http://www.itsecurityportal.com/itsecurity_news.asp?articleid=262928
While it is understandable that people generally are not fond of having to remember a ton of different passwords, the reality is that there are some excellent FREE applications/add-ons that help you maintain password disparity. Keepass allows you to have different passwords without the need to memorize them all, while Password Hasher allows you to just worry about a master key and it then computes the unique password based on the domain name of the target website.
Keepass (runs on just about any platform, not just Windows): http://keepass.info/
Password Hasher add-on (for Firefox, and who in their right min would use any other browser?): http://wijjo.com/project/?c=passhash
Conficker C detection signatures created
Now easier ways to find Conficker C worm on those pesky Windows machines.
http://www.theregister.co.uk/2009/03/30/conficker_signature_discovery/
Malware, using your BIOS as a hosting platform
A chilling technique that uses a computer’s BIOS to store malware so that it can survive a boot. This means you can replace your hard drive, or use software packages such as Deep Freeze (that effectively restore any changes made to your disk – with the intent of having a pristine malware-free image upon reboot) and STILL the malware can rear its ugly head, because it is installed in a persistent state in BIOS.
http://blogs.zdnet.com/security/?p=2962
The actual presentation was given at CanSecWest, it can be found here:
http://i.zdnet.com/blogs/core_bios.pdf
Psyb0t targets home routers
Interesting trends we are seeing in the b0t world, this worm takes over people’s routers/modems and use them as an attack platform to conduct distributed denial of service (DDoS) attacks. People usually notice a bot on their PC, but when you put it on the router, who would ever notice the performance hit and suspect the router? The worm also blocks access to the admin ports on the router/modem, thereby making it most difficult to troubleshoot.
http://www.theregister.co.uk/2009/03/24/psyb0t_home_networking_worm/
The story behind the recent “smart grid” story
Now it comes out, apparently the department of homeland security (DHS) got a brief from some Seattle based consultants who provided to them a demo of how the smart grid is vulnerable. Amusing how reactive the Government is, vice thinking about the risks and designing a mitigation before someone comes in to provide a demo of the doomsday scenario.
http://www.itworld.com/security/64770/power-grid-found-susceptible-cyberattack
Smart Grid Vulnerable
This shouldn’t be any shocker to anyone, but it is good to see it is getting attention again.
http://www.cnn.com/2009/TECH/03/20/smartgrid.vulnerability/index.html
Vue Mesh Video
Friends often ask for an inexpensive video monitoring system, this one looks worthy of testing.
http://www.engadget.com/2009/03/02/vue-mesh-network-video-system-hands-on/