Published March 12, 2010
crime , Data Recovery , Identity Theft , news , technology
Tags: breach, chinese, data, hackers, korea, private, security, south, theft
They just never quit do they? South Korea is the latest victim of a major data breach courtesy of Chinese hackers. Korean retailer Shinsegae, in addition 24 other companies, reported the theft of approximately 20 million customer accounts and private data. Police tracked down 3 South Koreans for attempting to sell the information online. The original Chinese hackers are still at large.
The government security agency plans on launching a probe into whether the corporations implemented adequate security measures to prevent such a theft. Otherwise, somebody gonna get fired. To date this has been the worst data breach in the country’s history.
“Shinsegae issued a statement of apology after data on 3.3 million of its customers was leaked from its online shopping mall.” (link)
So Conficker‘s big day rolled around and a little dust stirred up. April 1st was the date the worm was to update itself by contacting a few websites for further instructions. A few reports have streamed in but little has happened. A few government facilities hit DEFCON3 temporarily as their systems were on the fritz but were quickly put back under control. Other than that, nothing has happened. Security experts continue to worry what the creators have in store for the future.
How about remotely disabling computers for unpaid Internet bills or if your laptop was stolen? Ericsson has developed a module which can perform such a task. Several manufacturers are currently using the modules: LG Electronics Inc., Dell Inc., Toshiba Corp. and Lenovo.It’s unlikely that ISPs would cut you off for missing a payment however the technology does exist and might show up in a computer near you. The real use comes into play when it comes to data protection. Stolen laptops and preventing sensitive data from falling into the wrong hands. Ever had a laptop stolen and had to resort to your backup? And then have that fail and need data recovery? Yeah, it’s a real pain. Trust me, you don’t want to go through it.
With the Black Hat security conference drawing to a close, it’s a good time to take a look at the various topics that dominated this year’s seminars. Security researcher Dan Kaminsky’s presentation on the DNS exploit he discovered months ago was a standing-room only event, and while we’ve covered the vulnerability several times here at Ars, Kaminsky provided additional details and some back history on his discovery. Cisco was also discussed at Black Hat this year, after several years of silence, and the EFF announced its own Coder’s Rights Project.
Kaminsky has made the slide deck from his presentation available (PPT); the slides are thorough enough to get a sense of his presentation. According to his talk, DNS and the infrastructure of the Internet itself remain fundamentally vulnerable in ways that will not be easy to correct. Kaminsky refutes the idea that SSL is an antidote to these DNS vulnerabilities, as SSL certifications are themselves dependent on proper DNS functionality. (link)
There’s a new option for people annoyed at having to take their laptops out of their bags at airport security. The Transportation Security Administration will now allow travelers to leave their computers inside “checkpoint friendly” cases.
The new rules, announced Tuesday and set to take effect Aug. 16, are intended to help streamline the X-ray inspection lines.
TSA said it reached out to bag manufacturers this year to design laptop cases that would provide a clear, unobstructed image of the computer as it passed through an X-ray machine. The agency said the new bags will be available for purchase this month. (link)
Published July 17, 2008
news , technology
Tags: attacker, bugs, chips, computer, cpu, intel, ip, java, kaspersky, script, security, tcp
Kaspersky will demonstrate how such an attack can be made in a presentation at the upcoming Hack In The Box (HITB) Security Conference in Kuala Lumpur, Malaysia, during October. The proof-of-concept attacks will show how processor bugs, called errata, can be exploited using certain instruction sequences and a knowledge of how Java compilers work, allowing an attacker to take control of the compiler.
“I’m going to show real working code…and make it publicly available,” Kaspersky said, adding that CPU bugs are a growing threat and malware is being written that targets these vulnerabilities.
Different bugs will allow hackers to do different things on the attacked computers. “Some bugs just crash the system, some allow a hacker to gain full control on the kernel level. Some just help to attack Vista, disabling security protections,” he said. (link)
Until recently, the development of mobile-friendly websites has been regarded as nothing more than an irrelevant black art. That has since changed, thanks to more web-capable phones making their way into the mainstream (such as, of course, the iPhone). But the landslide of new and improved mobile sites has opened the doors to a sort of standard-free chaos, where almost anything (that works) goes and security is a second thought. The Open Mobile Terminal Platform (OMTP) group hopes to change that, however, by launching a new initiative that focuses on mobile development without sacrificing important principles like security.
The project will be called BONDI and will be supported by a number of OMTP members: 3 Group, AT&T, T-Mobile, Telenor, Telefónica, Telecom Italia, and Vodafone. The group plans to “harmonize the various open and proprietary ongoing initiatives and this cooperative work will minimise the potential for technology fragmentation,” and will provide a secure web services interface for developers to use when creating mobile sites. “The new handset software will be engineered in such a way as to prevent fraudulent and malicious activity through unauthorized access to functions or sensitive personal information,” says OMTP. (link)