security

473 Articles

Palin Hacking Roundup

October 9, 2008 by 49 Comments

[youtube=http://www.youtube.com/watch?v=Ps71T3EcyWs]

[David Kernell], the 20-year-old son of Democratic politician [Mike Kernell], turned himself in for hacking into Vice Presidential nominee Governor [Sarah Palin]’s Yahoo! email account. He was indicted on one felony count of violating the 1986 Computer Fraud and Abuse Act. Although the charge would normally be a misdemeanor, the indictment invokes another statute, the Stored Communications Act to beef up its claim. Some lawyers are of the opinion that the U.S. Department of Justice overreached in charging [Kernell] with a felony. They claim that the government’s justification is flawed and relies on “circuitous logic”. [Kernell] has been released without bond, and instructed not to have any contact with [Governor Palin], her family, or any witnesses to the case. If convicted fully, he faces a maximum sentence of five years in prison and a fine of up to $250,000. We also discovered that this isn’t [Kernell]’s first time in trouble. In high school, he received detention for guessing the password of the school server and obtaining access to some lesson plans.

ATM Skimmers With SMS

October 7, 2008 by 40 Comments

You may want to be more careful where you put that ATM card. There are now ATM skimmers with SMS notification. ATM skimmers are placed over real ATM slots and the information off the cards as they’re inserted. The new models will send the skimmed information via SMS notifications to a phone that’s attached to a computer. This solves the problem of scammers needing to retrieve their skimmers without attracting the attention of police. ATM skimmer manufacturers have so far been really successful because of their commitment to security, from the paint they use to cover their skimmers to their exclusive clientele. The manufacturer of this particular model claims that none of their clients who’ve used this new ATM skimmer has been arrested, and they only accept business from “recommended” clients. We think it’s interesting and ironic how these criminals have adapted their security procedures to deal with institutions we wish were more secure.

Yahoo! Employee Accused Of Involvement With Terrorists

October 7, 2008 by 15 Comments

[Mohammed Mansoor Asghar Peerbhoy], a software engineer at Yahoo!’s Indian facility, has been accused of involvement with one of India’s most-wanted terrorist organizations, the Islamic Mujahideen. According to investigators, [Peerbhoy] wrote and sent emails just before and after terrorist attacks in Delhi, Ahmedabad in Gujarat, and Jaipur in Rajasthan. [Peerbhoy] makes an unlikely suspect; he visited the U.S. on several occasions for work without suspicion, but authorities claim that he was a “mastermind” who hacked into wireless internet sites to send hostile emails. The local community and his family have rallied around [Peerbhoy], calling the arrest an attempt to “defame the Muslim community”. There are also claims that his arrest, and other similar arrests, were made to soothe political pressures and not based on any factual evidence.

[photo: josemurilo]

Helix V2.0 Released

October 2, 2008 by 20 Comments

Helix 2.0 has been released.  Helix is a collection of various tools for electronic forensics.  Just like on TV, you can use this to find all kinds of information on a computer.  Some of the useful tools added were Winlockpwn a tool for breaking windows security, Volitility which processes data out of the raw memory, and several other tools that are beyond our comprehension.

You’ve undoubtedly noticed that the title says Helix V2.0, but the image and header of the Helix site say 3.  We have no idea why. Look at the download info to see that it says V2.0.

[Via Midnight Research labs]

System Admin Steals 20,000 Items From Work

October 2, 2008 by 32 Comments

Over the course of 10 years, [Victor Papagno] stole 19,709 pieces of equipment from the Naval Research Laboratory. He began taking stuff home in 1997 and had so much that he had to store some in a neighbors house. The report says that no secret technological information was taken.  Some items listed were CDs, hard drives, floppy disks, adding up to an estimated value of 1.6 million dollars. He could face up to two years in prison for this. We shudder to think of the total cost of all the post its, CDs, and floppy disks we’ve taken home over the years.

[via NetworkWorld]
[photo: Blude]

Remote Access Programs Are Good Security For Laptops

October 1, 2008 by 28 Comments

Don’t be [Gabriel Meija], the criminal pictured above. He stole [Jose Caceres]’ laptop, but didn’t realize that [Caceres] had installed a remote access program to track the activity on the laptop. Although the first few days were frustrating, as [Meija] didn’t seem to be using the laptop for anything but porn, [Caceres]’ luck turned when he noticed that an address was being typed in. [Caceres] turned the information over to police, who were able to find [Meija] and charge him with fourth-degree grand larceny. It’s not the first time that tech-savvy consumers have relied on remote access programs to capture the criminals who’ve stolen their computer equipment, and it certainly won’t be the last, as the technology becomes more readily available to consumers.

[via Obscure Store and Reading Room]

IPhone Forensics 101: Bypassing The Passcode

September 25, 2008 by 12 Comments

[youtube=http://www.youtube.com/watch?v=aaxSF9EOjxw]

Watch in wonder as forensics expert [Jonathan Zdziarski] takes you step by step through the process of bypassing the iPhone 3G’s passcode lock. Gasp in amazement as he creates a custom firmware bundle. [Jonathan], creator of NES.app a Nintendo emulator for the iPhone, is well respected for his work on opening the iPhone. In this presentation, he sheds some light on the forensics toolkit he helped develop for law enforcement agencies that we covered earlier.