Sign up for our Technology Newsletter 
Anonymous Attacks MIT
January 23, 2013 by admin
Filed under Around The Net
Comments Off on Anonymous Attacks MIT
Anonymous goes after the Massachusetts Institute of Technology (MIT) website after its president called for an internal investigation into what role it played in the prosecution of web activist Aaron Swartz.
MIT president Rafael Reif revealed the investigation in an email to staff that he sent out after hearing the news about Swartz’s death.
“I want to express very clearly that I and all of us at MIT are extremely saddened by the death of this promising young man who touched the lives of so many. It pains me to think that MIT played any role in a series of events that have ended in tragedy,” he wrote.
“I have asked Professor Hal Abelson to lead a thorough analysis of MIT’s involvement from the time that we first perceived unusual activity on our network in fall 2010 up to the present. I have asked that this analysis describe the options MIT had and the decisions MIT made, in order to understand and to learn from the actions MIT took. I will share the report with the MIT community when I receive it.”
Hacktivists from Anonymous defaced two MIT webpages in the wake of the announcement and turned them into memorials for Swartz.
Passwords Continue As The Weakest Link
Comments Off on Passwords Continue As The Weakest Link
Passwords aren’t the only failure point in many recent widely publicized intrusions by hackers.
But passwords played a part in the perfect storm of users, service providers and technology failures that can result in epic network disasters. Password-based security mechanisms — which can be cracked, reset and socially engineered — no longer suffice in the era of cloud computing.
The problem is this: The more complex a password is, the harder it is to guess and the more secure it is. But the more complex a password is, the more likely it is to be written down or otherwise stored in an easily accessible location, and therefore the less secure it is. And the killer corollary: If a password is stolen, its relative simplicity or complexity becomes irrelevant.
Password security is the common cold of our technological age, a persistent problem that we can’t seem to solve. The technologies that promised to reduce our dependence on passwords — biometrics, smart cards, key fobs, tokens — have all thus far fallen short in terms of cost, reliability or other attributes. And yet, as ongoing news reports about password breaches show, password management is now more important than ever.
All of which makes password management a nightmare for IT shops. “IT faces competing interests,” says Forrester analyst Eve Maler. “They want to be compliant and secure, but they also want to be fast and expedient when it comes to synchronizing user accounts.”
Red Hat Outs Fedora 17
Red Hat has released its Fedora 17 ‘Beefy Miracle’ distribution just over a month after Canonical released its Ubuntu 12.04 distribution.
The Red Hat sponsored Fedora project serves as the proving ground for new features that eventually end up in the firm’s Red Hat Enterprise Linux (RHEL) operating system. Now Red Hat has announced that it has released Fedora 17 including updates to Gnome, Eclipse, GIMP and Openstack along with numerous patches.
Canonical’s Ubuntu Linux distribution might have shunned Gnome 3 in favour of its Unity desktop interface but Red Hat continues to stick with Gnome in Fedora, shipping Gnome 3.4 as its default window manager. Fedora 17 also includes GIMP 2.8 and Openstack Essex, while developers who like to live on the edge can run Eclipse Juno, the full release of which is expected later this year.
Fedora project leader Robyn Bergeron said, “I am extremely proud of the Fedora 17 release. The addition of projects such as Ovirt [virtual machine management] and JBoss Application Server 7, enhancements in Openstack, and continued support for fresh releases of desktop environments demonstrate the Fedora Project’s commitment to deliver rich features and capabilities. This, combined with our leading-edge innovations at the operating-system level, truly makes Fedora 17 a comprehensive and robust operating system for all types of users.”
Will Linux See Growth Next Year?
Canonical has said it expects Ubuntu to ship on 18 million PCs next year.
Having just launched Ubuntu 12.04, Canonical is bullish about its future, with Chris Kenyon, its VP of sales and business development forecasting that the firm’s operating system will ship on 18 million machines in 2013. According to Phoronix, Kenyon claimed that will amount to five per cent of worldwide PC shipments.
Kenyon’s prediction represents more than double the number of PCs shipped currently with Ubuntu and while that might seem optimistic the firm has been on a roll when it comes to OEM support. Prior to Canonical’s launch of Ubuntu 12.04 it announced certification for HP Proliant servers, and yesterday it revealed that it has been working with Dell on an Ubuntu image for Dell’s headline XPS 13 ultrabook.
Although Kenyon mentioned PC unit sales, it is unlikely to forecast a similar growth in servers pre-installed with Ubuntu despite the firm’s certification for some Proliant servers.
Kenyon believes that most firms buy bare metal servers and load their own tweaked images. He said, “As a point of fact the vast majority of this [Ubuntu on servers] is not sold pre-installed. […] Pre-install in the server market is just irrelevant, it is not how the market works. Even when something gets pre-installed an enterprise will wipe it because they will have their own image. [OS pre-installation] is a distraction [for servers, but] it’s a very applicable question in the client world.”
Are Medical Implants Vulnerable To Hackers?
April 16, 2012 by admin
Filed under Around The Net
Comments Off on Are Medical Implants Vulnerable To Hackers?
Security experts have warned that many medical implants are vulnerable to cyber attacks that could endanger their users’ lives. While an increasing number of patients are being fitted with devices such as pacemakers and insulin pumps to manage chronic conditions apparently the inventors did not think anyone would be evil enough to try and hack them.
For some reason they installed unprotected wireless links so that they could be updated easily. Therefore this means that hackers could gain remote control of such implants because they rely on unprotected wireless links to update them. After gaining access to the device, a cyber criminal could then switch it off or tell it to deliver a dangerous dose of medicine to the patient.
Symantec’s Virus Code Hacked
Symantec is looking into an Indian hacking group’s claims that it accessed source code used in the company’s flagship Norton Antivirus program.
A spokesman for the company on Thursday said that one claim by the group was false, while another is still being investigated.
Meanwhile, the Indian group, which calls itself Lords of Dharmaraja, has threatened to publicly disclose the source code very soon.
On Wednesday, the group posted on Pastebin what it claimed was confidential documentation related to Norton AntiVirus source code. A review of the material showed what appears to be a description of an application programming interface (API) for Symantec’s AV product.
The group also posted what it claimed was the complete source code tree file for Norton Antivirus. That document appears to have been taken down.
‘Yama Tough,’ the hacker who posted the documents, released at least two more on Google+ allegedly related to Symantec source code. One of the documents appears to be a detailed technical overview of Norton Anti-Virus, Quarantine Server Packaging API Specification, v1.0. The other document, from 2000, describes a Symantec Immune System Gateway Array Setup technology.
.
Stratfor Security Hit By Anonymous
January 4, 2012 by admin
Filed under Around The Net
Comments Off on Stratfor Security Hit By Anonymous
The Stratfor, security firm whose website was compromised over the weekend by members of the anarchic computer-hacking group Anonymous, has reported that victims of the attack have had their credit cards used again.
Victims of the attack, mostly employees of major companies or agencies which use Stratfor’s, learnt at Christmas that their names, addresses and credit card details had been published online. The cards were then used to make large donations to major charities.
Now it seems that Stratfor is warning that the cards were being used again if the victims complained to the press. On another webiste Anonymous used another website to mock victims who spoke to the Associated Press about their experience. Its said “We went ahead and ran up your card a bit.”
Hackers Plan To Go After Fox
Anonymous plans to take out the Fox news network because of its coverage of the Wall Street Protests.
Dubbed “Operation Fox Hunt”, Anonymous announced the plans on YouTube to attack the Fox News website on the anniversary of Guy Fawkes Day. Anonymous is also planning to target former Fox News personality Glenn Beck as well as current Fox News representative Sean Hannity and Bill O’Reilly during “Operation Fox Hunt”.
Anonymous said that it has had a gutsful of “right wing conservative propaganda” and “belittling the occupiers” of the Occupy Wall Street demonstrations. Anonymous recently a distributed denial-of-service attack against the Oakland police department’s website after a 24-year-old wounded Marine home from serving two tours in Iraq was critically injured in the Occupy Oakland protest. Police allegedly threw an object that fractured the marine’s skull landing him in the hospital.
SEC Asks Companies To Disclose Attacks
Comments Off on SEC Asks Companies To Disclose Attacks
U.S. securities regulators formally asked public companies for the first time to disclose cyber attacks against them, following a trend of high-profile cyber crimes.
The Securities and Exchange Commission issued guidelines on Thursday that laid out the kind of information companies should disclose, such as cyber events that could lead to financial losses.
Senator John Rockefeller had asked the SEC to issue guidelines amid concern that it was becoming hard for investors to assess security risks if companies failed to mention data breaches in their public filings.
“Intellectual property worth billions of dollars has been stolen by cyber criminals, and investors have been kept completely in the dark. This guidance changes everything,” Rockefeller said in a statement.
“It will allow the market to evaluate companies in part based on their ability to keep their networks secure. We want an informed market and informed consumers, and this is how we do it,” Rockefeller said in a statement.
There is a growing sense of urgency about cyber security following breaches at Google Inc, Lockheed Martin Corp, the Pentagon’s No. 1 supplier, Citigroup, the International Monetary Fund and others.
The Linux Kernel Got Hacked
Servers that are part of the Linux kernel.org infrastructure were affected during a recent intrusion where attackers managed to gain root access and plant Trojan scripts.
According to an email sent out to the community by kernel.org chief administrator John Hawley, known as warthog9, the incident started with the compromise of a server referred to as Hera. The personal colocated machine of Linux developer H Peter Anvin (HPA) and additional kernel.org systems were also affected.
“Upon some investigation there are a couple of kernel.org boxes, specifically hera and odin1, with potential pre-cursors on demeter2, zeus1 and zeus2, that have been hit by this,” Hawley wrote.
The intrusion was discovered on 28 August and according to preliminary findings attackers gained access by using a set of compromised credentials. They then elevated their privileges to root by exploiting a zero-day vulnerability that the kernel.org administrators have yet to identify.
Fortunately, logs and parts of the exploit code were retained and will help the investigation. A Trojan was added to the startup scripts of affected systems, but gave itself away through Xnest /dev/mem error messages.
According to the kernel.org admins, these error messages have been seen on other systems as well, but it’s not clear if those machines are vulnerable or compromised. “If developers see this, and you don’t have Xnest installed, please investigate,” the administrators advised.
The good news is that the exploit failed on systems running the latest Linux kernel version, 3.1-rc2, which was released two weeks ago. This is possibly the fortunate consequence of one of the bugfixes it contains.