Anonymous Attacks MIT
January 23, 2013 by admin
Filed under Around The Net
Comments Off on Anonymous Attacks MIT
Anonymous goes after the Massachusetts Institute of Technology (MIT) website after its president called for an internal investigation into what role it played in the prosecution of web activist Aaron Swartz.
MIT president Rafael Reif revealed the investigation in an email to staff that he sent out after hearing the news about Swartz’s death.
“I want to express very clearly that I and all of us at MIT are extremely saddened by the death of this promising young man who touched the lives of so many. It pains me to think that MIT played any role in a series of events that have ended in tragedy,” he wrote.
“I have asked Professor Hal Abelson to lead a thorough analysis of MIT’s involvement from the time that we first perceived unusual activity on our network in fall 2010 up to the present. I have asked that this analysis describe the options MIT had and the decisions MIT made, in order to understand and to learn from the actions MIT took. I will share the report with the MIT community when I receive it.”
Hacktivists from Anonymous defaced two MIT webpages in the wake of the announcement and turned them into memorials for Swartz.
IBM Goes After Apache’s Tomcat
Java Developers looking for a mobile-friendly platform could be happy with the next release of IBM’s Websphere Application Server, which is aimed at offering a lighter, more dynamic version of the app middleware.
Shown off at the IBM Impact show in Las Vegas on Tuesday, Websphere Application Server 8.5, codenamed Liberty, has a footprint of just 50MB. This makes it small enough to run on machines such as the Raspberry Pi, according to Marie Wieck, GM for IBM Application and Infrastructure Middleware.
Updates and bug fixes can also be done on the fly with no need to take down the server, she added.
The Liberty release will be launched this quarter, and already has 6,000 beta users, according to Wieck.
John Rymer of Forrester said that the compact and dynamic nature of the new version of Websphere Application Server could make it a tempting proposition for Java developers.
“If you want to install version seven or eight, it’s a big piece of software requiring a lot of space and memory. The installation and configuration is also tricky,” he explained.
“Java developers working in the cloud and on mobile were moving towards something like Apache Tomcat. It’s very light, starts up quickly and you can add applications without having to take the system down. IBM didn’t have anything to respond to that, and that’s what Liberty is.”
For firms needing to update applications three times a year, for example, the dynamic capability of Liberty will make it a much easier process.
“If developers want to run Java on a mobile device, this is good,” Rymer added.
The new features are also backwards compatible, meaning current Websphere users will be able to take advantage of the improvements.
However, IBM could still have difficulty competing in the app server space on a standalone basis, according to Rymer.
Are Medical Implants Vulnerable To Hackers?
April 16, 2012 by admin
Filed under Around The Net
Comments Off on Are Medical Implants Vulnerable To Hackers?
Security experts have warned that many medical implants are vulnerable to cyber attacks that could endanger their users’ lives. While an increasing number of patients are being fitted with devices such as pacemakers and insulin pumps to manage chronic conditions apparently the inventors did not think anyone would be evil enough to try and hack them.
For some reason they installed unprotected wireless links so that they could be updated easily. Therefore this means that hackers could gain remote control of such implants because they rely on unprotected wireless links to update them. After gaining access to the device, a cyber criminal could then switch it off or tell it to deliver a dangerous dose of medicine to the patient.
Do You Trust Data-recovery Providers?
Comments Off on Do You Trust Data-recovery Providers?
Data-recovery service providers are tasked with saving important data for you when something goes wrong — a drive crashes or storage device is dropped, and no backup is available. But do you trust them with the important data you let them recover or could they actually be a source for a data breach?
A survey of 769 IT professionals published this week finds those surveyed need to find out more about the third-party data-recovery services their organizations use. For example, according to the survey, 67% felt that encryption they had in place protected their organizations from data loss or theft during the data recovery process. But encryption keys are often handed over to the third-party data recovery service provider as part of the process, according to the study done by Ponemon Institute.
Ponemon’s “Trends in Security of Data Recovery Operations” report says of the 87% of survey respondents who said their organization had at least one data breach in the past two years, “21% say the breach occurred when a drive was in the possession of a third-party data service provider.”
Stratfor Security Hit By Anonymous
January 4, 2012 by admin
Filed under Around The Net
Comments Off on Stratfor Security Hit By Anonymous
The Stratfor, security firm whose website was compromised over the weekend by members of the anarchic computer-hacking group Anonymous, has reported that victims of the attack have had their credit cards used again.
Victims of the attack, mostly employees of major companies or agencies which use Stratfor’s, learnt at Christmas that their names, addresses and credit card details had been published online. The cards were then used to make large donations to major charities.
Now it seems that Stratfor is warning that the cards were being used again if the victims complained to the press. On another webiste Anonymous used another website to mock victims who spoke to the Associated Press about their experience. Its said “We went ahead and ran up your card a bit.”
Hackers Plan To Go After Fox
Anonymous plans to take out the Fox news network because of its coverage of the Wall Street Protests.
Dubbed “Operation Fox Hunt”, Anonymous announced the plans on YouTube to attack the Fox News website on the anniversary of Guy Fawkes Day. Anonymous is also planning to target former Fox News personality Glenn Beck as well as current Fox News representative Sean Hannity and Bill O’Reilly during “Operation Fox Hunt”.
Anonymous said that it has had a gutsful of “right wing conservative propaganda” and “belittling the occupiers” of the Occupy Wall Street demonstrations. Anonymous recently a distributed denial-of-service attack against the Oakland police department’s website after a 24-year-old wounded Marine home from serving two tours in Iraq was critically injured in the Occupy Oakland protest. Police allegedly threw an object that fractured the marine’s skull landing him in the hospital.
China Denies Hack Attack
China has denied involvement in hacking US environment monitoring satellites.
Last week the US-China Economic and Security Review Commission released a draft report about several incidents where US satellites were interfered with in 2007 and 2008.
The Commission did not say that the attacks were traced back to China, but it did cite China’s military as a prime suspect, due to the similarity of the techniques used with “authoritative Chinese military writings” on disabling satellite control.
The hackers gained access to the satellites on at least four occasions through a ground station in Norway. The unauthorised access lasted for between two and 12 minutes. While the attacks did no real damage, they did demonstrate that it is possible to hijack satellites, which is a worrying realisation when military satellites are taken into consideration.
China has a bad reputation throughout the world for alleged cyber attacks, often being the first to blame when a major attack has been discovered. The US has not been the only target either, with alleged attacks against Canada and France having been reported earlier this year.
“[The US] has always been viewing China with colored lenses. This report is untrue and has ulterior motives. It’s not worth a comment,” said Hong Lei, a spokesperson for the Chinese Foreign Ministry, according to Reuters.
SEC Asks Companies To Disclose Attacks
Comments Off on SEC Asks Companies To Disclose Attacks
U.S. securities regulators formally asked public companies for the first time to disclose cyber attacks against them, following a trend of high-profile cyber crimes.
The Securities and Exchange Commission issued guidelines on Thursday that laid out the kind of information companies should disclose, such as cyber events that could lead to financial losses.
Senator John Rockefeller had asked the SEC to issue guidelines amid concern that it was becoming hard for investors to assess security risks if companies failed to mention data breaches in their public filings.
“Intellectual property worth billions of dollars has been stolen by cyber criminals, and investors have been kept completely in the dark. This guidance changes everything,” Rockefeller said in a statement.
“It will allow the market to evaluate companies in part based on their ability to keep their networks secure. We want an informed market and informed consumers, and this is how we do it,” Rockefeller said in a statement.
There is a growing sense of urgency about cyber security following breaches at Google Inc, Lockheed Martin Corp, the Pentagon’s No. 1 supplier, Citigroup, the International Monetary Fund and others.
The Linux Kernel Got Hacked
Servers that are part of the Linux kernel.org infrastructure were affected during a recent intrusion where attackers managed to gain root access and plant Trojan scripts.
According to an email sent out to the community by kernel.org chief administrator John Hawley, known as warthog9, the incident started with the compromise of a server referred to as Hera. The personal colocated machine of Linux developer H Peter Anvin (HPA) and additional kernel.org systems were also affected.
“Upon some investigation there are a couple of kernel.org boxes, specifically hera and odin1, with potential pre-cursors on demeter2, zeus1 and zeus2, that have been hit by this,” Hawley wrote.
The intrusion was discovered on 28 August and according to preliminary findings attackers gained access by using a set of compromised credentials. They then elevated their privileges to root by exploiting a zero-day vulnerability that the kernel.org administrators have yet to identify.
Fortunately, logs and parts of the exploit code were retained and will help the investigation. A Trojan was added to the startup scripts of affected systems, but gave itself away through Xnest /dev/mem error messages.
According to the kernel.org admins, these error messages have been seen on other systems as well, but it’s not clear if those machines are vulnerable or compromised. “If developers see this, and you don’t have Xnest installed, please investigate,” the administrators advised.
The good news is that the exploit failed on systems running the latest Linux kernel version, 3.1-rc2, which was released two weeks ago. This is possibly the fortunate consequence of one of the bugfixes it contains.
Accused Hacker Out On Bail In England
Comments Off on Accused Hacker Out On Bail In England
The accused ‘Topiary’, whose name is Jake Davis, was charged on Sunday and bailed by the courts yesterday. He was charged with five offences: Unauthorised access to a computer system, Encouraging or assisting offences, Conspiracy with others to carry out a Distributed Denial of Service Attack on the website of the Serious and Organised Crime Agency, Conspiracy to commit offences of Section 3 Computer Misuse Act 1990, and Conspiracy with others to commit offences of Section 3 Computer Misuse Act 1990 contrary to Section 1 of the Criminal Law Act 1977.
According to a report at the Guardian, his bail conditions are that Davis must wear an electronic tag, not access the internet, and not leave his house between 10pm and 7am.
Davis, who appeared outside court wearing sunglasses and holding a copy of “Free Radicals: The Secret Anarchy of Science” by Micheal Brooks and who allegedly authored the Rupert Murdoch is dead story that appeared on the hacked web site of the Sun newspaper, has already gained support on the internet in general and especially on Twitter.