Via the Washington Post: Hackers have been breaking into customer accounts at large online brokerages in the United States and making unauthorized trades worth millions of dollars as part of a fast-growing new form of online fraud under investigation by federal authorities. Anyone else being pummled with an onslaught of advertisements to buy penny stocks? This recent spate of online brokerage fraud seems to be related to the same pump-and-dump schemes showing up in your inbox. Buy a penny stock at a low price. Spam a bunch of people and say that it’s a great deal—inevitably some will agree and buy it. Why not stop there? Use other peoples’ accounts to buy a bunch of it too, pumping up the[…]
Year: 2006
Found in eWeek … Veteran malware researcher Joe Stewart was fairly sure he’d seen it all until he started poking at the SpamThru Trojan—a piece of malware designed to send spam from an infected computer. The Trojan, which uses peer-to-peer technology to send commands to hijacked computers, has been fitted with its own anti-virus scanner—a level of complexity and sophistication that rivals some commercial software. Other mass-mailing software running on your botnet getting you down? Not able to maximize that bandwidth on your pwned computer? Simply download, install, patch, and use pirated anti-virus software as part of your trojan! Much like the fight against the terrorists, the only way we can win this war is to take away the economic[…]
via Bruce Schneier’s blog. MSNBC has a neat article entitled Double Standards in Security Hassles: If you want to know why America’s security is so heavy on busywork and inconvenience and light on practicality, consider this: The people who make the rules don’t have to live with them. Public officials, some law enforcement officers and those who can afford expensive hobbies are often able to pull rank. Class warfare isn’t new. But in this form it is dangerous. By paying attention to the wrong things – grandma at the airport – we are ignoring the right things – identifying the most dangerous people. By training an army of low-paid workers to harass us all at airports by taking away our[…]
Good article on SecurityFocus about the rise of targeted attacks with specially designed trojans. A similarly themed story is running on CNET news.com.com. Bruce Schneier has posted about it on his blog as well. “If you haven’t noticed these attacks and you are a big company, you have likely already been attacked,” [MessageLabs security researcher Alex] Shipp told attendees at the Virus Bulletin 2006 conference. “Your problem is no longer how do I avoid being attacked, but how do I find where I’ve been compromised.” Scary but accurate. If one wanted infiltrate a network, a trojan specifically crafted for that purpose which had never been seen before would probably be your best bet. OK, maybe not as good as free[…]
NIST’s CSRC has released a whitepaper detailing an attack against RSA digital signature verification using PKCS-1 padding. NIST has designed a sequence of messages that can be used by a vendor to test the vulnerability of an implementation to this type of attack (see http://csrc.nist.gov/cryptval/anncmnts.htm). Concerned users should contact the vendor of their RSA digital signature application to request information on the vulnerability of their implementation. Worth noting and checking into…
From eWeek: If the plan is perfectly executed, Nicholas Negroponte’s One Laptop Per Child project will deploy 100 million laptops in the first year. In one fell swoop, the nonprofit organization will create the largest computing monoculture in history. Wary of the security risks associated with a computing monoculture—millions of machines with hardware and software of identical design—OLPC foundation officials are seeking help from the world’s best hackers to review the full specifications of the $100 laptop’s security model. It’s a good question, and worth some thought. You probably can’t go down the typical anti-virus route depending on constantly updated signatures of common viruses. Yet, you need an updating scheme for when flaws are detected. You need strong controls everywhere[…]