Sign up for our Technology Newsletter 
Hacked Companies Still Not Alerting Investors
February 9, 2012 by admin
Filed under Around The Net
Comments Off on Hacked Companies Still Not Alerting Investors
At least a half-dozen major U.S. companies whose computer networks have been breached by cyber criminals or international spies have not admitted to the incidents despite new guidance from securities regulators urging such disclosures.
Top U.S. cybersecurity officials believe corporate hacking is widespread, and the Securities and Exchange Commission issued a lengthy “guidance” document on October 13 outlining how and when publicly traded companies should report hacking incidents and cybersecurity risk.
But with one full quarter having elapsed since the SEC request, some major companies that are known to have had significant digital security breaches have said nothing about the incidents in their regulatory filings.
Defense contractor Lockheed Martin Corp, for example, said last May that it had fended off a “significant and tenacious” cyber attack on its networks. But Lockheed’s most recent 10-Q quarterly filing, like its filing for the period that included the attack, does not even list hacking as a generic risk, let alone state that it has been targeted.
A Reuters review of more than 2,000 filings since the SEC guidance found some companies, including Internet infrastructure company VeriSign Inc and credit card and debit card transaction processor VeriFone Systems Inc, revealed significant new information about hacking incidents.
Yet the vast majority of companies addressing the issue only used new boilerplate language to describe a general risk. Some hacking victims did not even do that.
Symantec Admits Network Was Hacked
Symantec today reversed course away from earlier statements regarding the theft of source code of some of its flagship security products, now admitting that its own network was breached.
In a statement provided to the Reuters news service, the security software giant acknowledged that hackers had broken into its network when they stole source code of some of the company’s software.
Previously, Symantec had denied that its own network had been breached, and instead pointed fingers at an unnamed “third party entity” as the attack’s victim. Evidence posted by a hacker nicknamed “Yama Tough” — a self-proclaimed member of a gang calling itself “Lords of Dharmaraja” — indicated that the information was obtained from a server operated by the Indian government.
Two weeks ago, Symantec spokesman Cris Paden said that the hacker made off with source code of Symantec Endpoint Protection 11.0 and Symantec Antivirus 10.2, enterprise products between five and six years old.
Symantec’s Virus Code Hacked
Symantec is looking into an Indian hacking group’s claims that it accessed source code used in the company’s flagship Norton Antivirus program.
A spokesman for the company on Thursday said that one claim by the group was false, while another is still being investigated.
Meanwhile, the Indian group, which calls itself Lords of Dharmaraja, has threatened to publicly disclose the source code very soon.
On Wednesday, the group posted on Pastebin what it claimed was confidential documentation related to Norton AntiVirus source code. A review of the material showed what appears to be a description of an application programming interface (API) for Symantec’s AV product.
The group also posted what it claimed was the complete source code tree file for Norton Antivirus. That document appears to have been taken down.
‘Yama Tough,’ the hacker who posted the documents, released at least two more on Google+ allegedly related to Symantec source code. One of the documents appears to be a detailed technical overview of Norton Anti-Virus, Quarantine Server Packaging API Specification, v1.0. The other document, from 2000, describes a Symantec Immune System Gateway Array Setup technology.
.
Apache Finally Goes To The Cloud
The Apache Software Foundation (ASF) has announced Hadoop 1.0.
The open source software project has reached the milestone of its first full release after six years of development. Hadoop is a software framework for reliable, scalable and distributed computing under a free licence. Apache describes it as “a foundation of cloud computing”.
“This release is the culmination of a lot of hard work and cooperation from a vibrant Apache community group of dedicated software developers and committers that has brought new levels of stability and production expertise to the Hadoop project,” said Arun Murthy, VP of Apache Hadoop.
“Hadoop is becoming the de facto data platform that enables organizations to store, process and query vast torrents of data, and the new release represents an important step forward in performance, stability and security,” he added.
Apache Hadoop allows for the distributed processing of large data sets, often Petabytes, across clusters of computers using a simple programming model.
The Hadoop framework is used by some big name organisations including Amazon, Ebay, IBM, Apple, Facebook and Yahoo.
Yahoo has significantly contributed to the project and hosts the largest Hadoop production environment with more than 42,000 nodes.
.
Apple Goes Down In Court
Apple has lost a move in US District Court in San Francisco to keep some of its software ‘secrets’ out of view of the public.
It had asked Judge William Alsup to keep documents sealed that had surfaced in its lawsuit against Psystar, Bloomberg reports. The information about Apple’s Mac OS X operating system covers topics such as technological protection measures, system integrity checks and thermal management techniques.
The court turned down Apple’s request, however, noting that the company didn’t deny that the information was already public or claim that it had been misappropriated. Apple had argued that it still deserved trade secret protection because it didn’t release the information and had never confirmed it, but that didn’t convince Judge Alsup.
The information at issue is available on a web site about the Mac OS X operating system, the judge noted, adding that Apple’s decryption key haiku is available to any user that compiles and runs publicly available source code on a Macbook Air laptop.
.
Can Hackers Attack A Trains Network?
January 7, 2012 by admin
Filed under Around The Net
Comments Off on Can Hackers Attack A Trains Network?
Security expert Professor Stefan Katzenbeisser of Technische Universität Darmstadt told a security conference in Berlin that the GSM-R which is being installed in train networks makes them vulnerable to hackers.
Katzenbeisser said that the new system was vulnerable to “Denial of Service” attacks and, while trains could not crash, service could be disrupted for quite some time. Speaking to the Chaos Communication Congress he said that Network Rail is currently installing GSM-R across the British railway network.
It uses the similar technical standards to 2G mobile networks and is due to replace older signalling technology in southern England next year, and throughout the whole country in 2014. But train switching systems, which enable trains to be guided from one track to another at a railway junction, have historically been separate from the online world. If they were connected to the internet as they are in GSM-R they could be hit by Denial of Service attacks.
Stratfor Security Hit By Anonymous
January 4, 2012 by admin
Filed under Around The Net
Comments Off on Stratfor Security Hit By Anonymous
The Stratfor, security firm whose website was compromised over the weekend by members of the anarchic computer-hacking group Anonymous, has reported that victims of the attack have had their credit cards used again.
Victims of the attack, mostly employees of major companies or agencies which use Stratfor’s, learnt at Christmas that their names, addresses and credit card details had been published online. The cards were then used to make large donations to major charities.
Now it seems that Stratfor is warning that the cards were being used again if the victims complained to the press. On another webiste Anonymous used another website to mock victims who spoke to the Associated Press about their experience. Its said “We went ahead and ran up your card a bit.”
Yahoo Messenger Flaw Exposed
December 10, 2011 by admin
Filed under Around The Net
Comments Off on Yahoo Messenger Flaw Exposed
An unpatched Yahoo Messenger vulnerability that allows hackers to change people’s status messages and possibly perform other unauthorized functons can be exploited to spam malicious links to a large number of users.
The flaw was discovered in the wild by security researchers from antivirus vendor BitDefender while investigating a customer’s report about unusual Yahoo Messenger behavior.
The flaw appears to be located in the application’s file transfer API (application programming interface) and allows attackers to send malformed requests that result in the execution of commands without any interaction from victims.
“An attacker can write a script in less than 50 lines of code to malform the message sent via the YIM protocol to the attacker,” said Bogdan Botezatu, an e-threats analysis & communication specialist at BitDefender.
“Status changing appears to be only one of the things the attacker can abuse. We’re currently investigating what other things they may achieve,” he added.
Victims are unlikely to realize that their status messages have changed and if they use version 11.5 of Yahoo Messenger, which supports tabbed conversations, they might not even spot the rogue requests, Botezatu said.
This vulnerability can be leveraged by attackers to earn money through affiliate marketing schemes by driving traffic to certain websites or to spam malicious links that point to drive-by download pages.
Hackers Attempt To Access AT&T Mobile
November 30, 2011 by admin
Filed under Smartphones
Comments Off on Hackers Attempt To Access AT&T Mobile
AT&T Inc, the No. 2 U.S. wireless carrier, said it is investigating an “organized and systemic attempt” to access mobile customers’ information but that it did not believe any accounts were breached.
The company, which had 100 million subscribers at the end of the third quarter, said it is advising less than 1 percent of its wireless customers that there was an attempt to obtain information about their accounts.
It said that the parties involved appeared to have used “auto script” technology to see if AT&T telephone numbers were linked to online AT&T accounts.
Spokesman Mark Siegel said AT&T’s “investigation is ongoing to determine the source or intent of the attempt to gather this information.”
.
Did Hackers Attack Water System?
November 28, 2011 by admin
Filed under Around The Net
Comments Off on Did Hackers Attack Water System?
Federal investigators are investigating a report that hackers managed to remotely shut down a utility’s water pump in central Illinois last week, in what could be the first known foreign cyber attack on a U.S. industrial system.
The November 8 incident was described in a one-page report from the Illinois Statewide Terrorism and Intelligence Center, according to Joe Weiss, a prominent expert on protecting infrastructure from cyber attacks.
The attackers obtained access to the network of a water utility in a rural community west of the state capital Springfield with credentials stolen from a company that makes software used to control industrial systems, according to the account obtained by Weiss. It did not explain the motive of the attackers.
He said that the same group may have attacked other industrial targets or be planning strikes using credentials stolen from the same software maker.
The U.S. Department of Homeland Security and the Federal Bureau of Investigation are examining the matter, said DHS spokesman Peter Boogaard.
.