Published March 12, 2010
crime , Data Recovery , Identity Theft , news , technology
Tags: breach, chinese, data, hackers, korea, private, security, south, theft
They just never quit do they? South Korea is the latest victim of a major data breach courtesy of Chinese hackers. Korean retailer Shinsegae, in addition 24 other companies, reported the theft of approximately 20 million customer accounts and private data. Police tracked down 3 South Koreans for attempting to sell the information online. The original Chinese hackers are still at large.
The government security agency plans on launching a probe into whether the corporations implemented adequate security measures to prevent such a theft. Otherwise, somebody gonna get fired. To date this has been the worst data breach in the country’s history.
“Shinsegae issued a statement of apology after data on 3.3 million of its customers was leaked from its online shopping mall.” (link)
So Conficker‘s big day rolled around and a little dust stirred up. April 1st was the date the worm was to update itself by contacting a few websites for further instructions. A few reports have streamed in but little has happened. A few government facilities hit DEFCON3 temporarily as their systems were on the fritz but were quickly put back under control. Other than that, nothing has happened. Security experts continue to worry what the creators have in store for the future.
How about remotely disabling computers for unpaid Internet bills or if your laptop was stolen? Ericsson has developed a module which can perform such a task. Several manufacturers are currently using the modules: LG Electronics Inc., Dell Inc., Toshiba Corp. and Lenovo.It’s unlikely that ISPs would cut you off for missing a payment however the technology does exist and might show up in a computer near you. The real use comes into play when it comes to data protection. Stolen laptops and preventing sensitive data from falling into the wrong hands. Ever had a laptop stolen and had to resort to your backup? And then have that fail and need data recovery? Yeah, it’s a real pain. Trust me, you don’t want to go through it.
With the Black Hat security conference drawing to a close, it’s a good time to take a look at the various topics that dominated this year’s seminars. Security researcher Dan Kaminsky’s presentation on the DNS exploit he discovered months ago was a standing-room only event, and while we’ve covered the vulnerability several times here at Ars, Kaminsky provided additional details and some back history on his discovery. Cisco was also discussed at Black Hat this year, after several years of silence, and the EFF announced its own Coder’s Rights Project.
Kaminsky has made the slide deck from his presentation available (PPT); the slides are thorough enough to get a sense of his presentation. According to his talk, DNS and the infrastructure of the Internet itself remain fundamentally vulnerable in ways that will not be easy to correct. Kaminsky refutes the idea that SSL is an antidote to these DNS vulnerabilities, as SSL certifications are themselves dependent on proper DNS functionality. (link)
There’s a new option for people annoyed at having to take their laptops out of their bags at airport security. The Transportation Security Administration will now allow travelers to leave their computers inside “checkpoint friendly” cases.
The new rules, announced Tuesday and set to take effect Aug. 16, are intended to help streamline the X-ray inspection lines.
TSA said it reached out to bag manufacturers this year to design laptop cases that would provide a clear, unobstructed image of the computer as it passed through an X-ray machine. The agency said the new bags will be available for purchase this month. (link)