Monday, August 22, 2011

Cyber Security News of the Week, August 21, 2011

Cyber Security News of the Week, August 21, 2011

Contributed by Stan Stahl Ph.D., President of Citadel Information Group, Inc.

Information at Risk
eThieves Steal $217k from Arena Firm: Cyber thieves stole $217,000 last month from the Metropolitan Entertainment & Convention Authority (MECA), a nonprofit organization responsible for operating the Qwest Center and other gathering places in Omaha, Nebraska. KrebsOnSecurity, August 16, 2011

BART website hacked, customer info leaked: The amorphous hacker group known as Anonymous made good Sunday on its threat to strike BART, breaching an agency website and releasing customers’ personal information in retaliation for BART’s decision to cut cellular phone service to prevent an antipolice protest in San Francisco. SF Gate, August 15, 2011

AntiSec hackers target Vanguard Defense exec: The hacktivist group AntiSec says it has released a gigabyte of private documents from Vanguard Defense Industries, including e-mails from an executive connected with a cybersecurity organization it has targeted previously. cnet, August 19, 2011

Hackers crack Purdue University server: Hackers illegally accessed a server containing the personal information, including Social Security numbers and course records, of more than 7,000 former Purdue University students. msnbc, August 19, 2011

Information at Risk Insider Abuse
Fired techie created virtual chaos at pharma company: Logging in from a Smyrna, Georgia, McDonald’s restaurant, a former employee of a U.S. pharmaceutical company was able to wipe out most of the company’s computer infrastructure earlier this year. Computer World, August 16, 2011

Investigation reveals widespread insider hacking at immigration agency: A yearlong probe into computer fraud at an immigration application processing center uncovered multiple incidents of internal hacking where staff accessed management-level emails and other confidential files, according to Homeland Security Department interviews, network analyses and internal emails obtained by Nextgov. Nextgov, August 18, 2011

Cyber Security Management
5 things you probably didn’t know could be hacked: Hackers are making headlines these days like never before. From video game systems to voicemail accounts, it seems like almost every type of electronic device or information storage medium can be hacked to either give up information or perform actions it wasn’t initially designed to do. We’ve gathered a handful of the weirdest hacks out there, and the vulnerability of some of your everyday devices might surprise you. Yahoo News, August 15, 2011

GAO: FDIC cybersecurity lacking: The confidentiality and integrity of the Federal Deposit Insurance Corporation’s information systems are vulnerable, says a Government Accountability Office report (.pdf) published Aug. 12. Weak passwords, poor user-access policies, inconsistent encryption and unsatisfactory patch implementation threaten FDIC’s financial systems and databases, finds the GAO. Fierce Government, August 15, 2011

Internet Badlands
Beware of Juice-Jacking: You’re out and about, and your smartphone’s battery is about to die. Maybe you’re at an airport, hotel, or shopping mall. You don’t have the power cable needed to charge the device, but you do have a USB cord that can supply the needed juice. Then you spot an oasis: A free charging kiosk. Do you hesitate before connecting your phone to this unknown device that could be configured to read most of the data on your phone, and perhaps even upload malware? KrebsOnSecurity, August 17, 2011

Watch out for botnet-driven Google Dorks, the next automated cyber attacks: Botnets have been taking down web sites for years by overwhelming sites with too much traffic. But now the swarms of compromised computers are being unleashed for the first time on an old kind of vulnerability: Google Dorks. Venture Beat, August 16, 2011

Theft via text: Cars vulnerable to hack attacks: Texting and driving don’t go well together — though not in the way you might think. Computer hackers can force some cars to unlock their doors and start their engines without a key by sending specially crafted messages to a car’s anti-theft system. They can also snoop at where you’ve been by tapping the car’s GPS system. VolunteerTV, August 19, 2011

Cyber Security Learning Community
Programs aim to get the word out when cyber attacks occur: It’s not the loud pronouncements by hacking groups or the highly visible denial-of-service attacks that scare cybersecurity experts. It’s silence. In the escalating battle against cyber attackers, the focus has been on new security software and cyber hygiene, but one of the greatest tools against “the adversary,” as cyber attackers are called in industry parlance, is the relatively low-tech approach of sharing information about attacks. Federal Times, August 20, 2011

Privacy Matters
The Dangers of Supercookies: Browser cookies have been around almost as long as the web. Invented by an engineer at Netscape in 1994, the method for keeping track of people’s browsing activity started out as a way for e-commerce sites to store your purchases in a shopping cart and are now widely used. But researchers and regulators now think that the evolution of a more advanced type of cookie known, appropriately, as a “supercookie” poses some serious privacy concerns. Used on websites like Hulu and MSN, invasive new tracking techniques like supercookies track users every move, steal your browser history and feed the data to advertisers, largely undetected. And whereas regular cookies are easy to find and delete, supercookies and history-stealing software are almost impossible to get rid of. The Atlantic, August 18, 2011

Privacy Matters News of the World Hacking Scandal
New documents undermine Murdoch phone-hacking defense: Phone hacking was “widely discussed” at News of the World, the royal correspondent jailed and sacked for the practice wrote in 2007, according to documents released Tuesday by a Parliament committee investigating the scandal. CNN, August 16, 2011

Securing the Future
Administration issues far-reaching plan for building cyber workforce: The Obama administration on Friday released the first-ever roadmap for building a U.S. cybersecurity workforce and testing the government’s success at raising public awareness of computer threats. Nextgov, August 12, 2011's Security Recruiter Blog