Free Republic

Google plans to warn more than half a million users of a computer infection that may knock their computers off the Internet this summer. Unknown to most of them, their problem began when international hackers ran an online advertising scam to take control of infected computers around the world. In a highly unusual response, the FBI set up a safety net months ago using government computers to prevent Internet disruptions for those infected users. But that system will be shut down July 9 -- killing connections for those people.

More than 600,000 Macs have been infected with a new version of the Flashback Trojan horse that's being installed on people's computers with the help of Java exploits, security researchers from Russian antivirus vendor Doctor Web said on Wednesday. Flashback is a family of Mac OS malware that appeared in September 2011. Older Flashback versions relied on social engineering tricks to infect computers, but the latest variants are distributed via Java exploits that don't require user interaction. On Tuesday, Apple released a Java update in order to address a critical vulnerability that's being exploited to infect Mac computers with the...

Chinese hackers gained control over NASA’s Jet Propulsion Laboratory (JPL) in November, which could have allowed them delete sensitive files, add user accounts to mission-critical systems, upload hacking tools, and more -- all at a central repository of U.S. space technology, according to a report released Wednesday afternoon by the Office of the Inspector General. That report revealed scant details of an ongoing investigation into the incident against the Pasadena, Calif., lab, noting only that cyberattacks against the JPL involved Chinese-based Internet Protocol (IP) addresses. Paul K. Martin, NASA’s inspector general, put his conclusions bluntly. “The attackers had full functional...

Google, Microsoft, AOL and other big companies have agreed to install a "do not track" button in Web browsers to make sure that you can surf the Web with an assured amount of privacy. It's a big step for the industry -- but until this button arrives, how can you assure yourself a little more privacy online? The "No Track" button would stop companies from using data about your Web browsing habits to customize ads for you. They have also agreed not to use the data for employment, credit, health-care or insurance purposes. For obvious reasons, that type of usage...

If there is one war that Greece could not afford to join, that is with the global computer hacking collective known as Anonymous. Yet as of minutes ago, that is precisley what happened, after Anonymous, as part of what it now calls Operation Greece, took down the Greek Ministry of Justice (http://www.ministryofjustice.gr/). While the pretext for the hacking appears to have been an arrest of the wrong people, is seems to have angered Anonymous to the point where they have left an extended message of demands on the Greek website, warning that unless the IMF withdraws from the country and...

The director of the National Security Agency warned that the hacking group Anonymous could have the ability within the next year or two to bring about a limited power outage in the US through a cyber attack. Gen. Keith Alexander, the agency's director, provided his assessment in meetings at the White House and in other private sessions, according to people familiar with the gatherings.

An unpatched critical flaw in 64-bit Windows 7 leaves computers vulnerable to a full 'blue screen of death' system crash. The memory corruption bug in x64 Win 7 could also allow malicious kernel-level code to be injected into machines, security alert biz Secunia warns. Fortunately the 32-bit version of Windows 7 is immune to the flaw, which has been pinned down to the win32k.sys operating system file - which contains the kernel portion of the Windows user interface and related infrastructure.Proof-of-concept code showing how to crash vulnerable Win 7 boxes has been leaked: the simple HTML script, when opened in...

The pending Stop Online Piracy Act (SOPA) continues to inspire opponents to come up with creative solutions to circumvent it. A new anti-SOPA add-on for Firefox, titled “DeSopa,” is such a counter measure.When installed, users can click a single button to resolve a blocked domain via foreign DNS servers, bypassing all domestic DNS blockades and allowing the user to browse the site though the bare IP-address (if supported). “I feel that the general public is not aware of the gravity of SOPA and Congress seems like they are about to cater to the special interests involved, to the detriment of...

1. Introduction For many years people have wanted to protect their right to privacy. As technology changes, it seems that privacy evolves away more and more. I2P is a protocol used for an encrypted multi-proxy on the Internet. While, this sounds simple, there is actually a lot of work going on with I2P to achieve this. Unlike some multi-proxies, I2P will allow you to tunnel many more applications through it than just web browsing, making it a very robust protocol.I2P is available for all platforms, not just Linux. For this example I have used Debian Sid to perform the installation. With...

> According to the indictment, the suspects entered into deals with various internet advertisers in which they would be paid for generating traffic to certain websites or advertisements. But instead of earning the money legitimately, the FBI said the defendants used malware to force infected computers to unwillingly visit the target sites or advertisements -- pumping up click results and, therefore, ill-gotten profits to the tune of $14 million. The malware was also designed to prevent users from installing anti-virus software that may have been able to free the infected computers. > In the first case, if a user searched...

An unnamed computer virus is compromising the security of U.S. Reaper and Predator drones as they fly missions in Afghanistan, Iraq, Yemen, and Pakistan. Wired reports the virus was found about two weeks ago and hasn't kept the drone pilots at Creech Air Force Base in Nevada from conducting missions. There haven't been any reports of classified data breaches, but the virus has resisted the military's best efforts to remove it.

Microsoft’s security used to be a joke. Its operating systems were riddled with bugs that were exploited by hackers and mocked at conferences such as Black Hat, the Las Vegas confab for security technology. But yesterday, one of the independent security researchers at the conference praised Microsoft’s progress on improving security. Chris Paget, chief hacker at security consulting firm Recursion Ventures, is a well-known figure at the twin Black Hat and Defcon conferences in Las Vegas, having demonstrated a live interception of a cell phone call last year. In her talk this year, she said she hated the limitations of...

`NK programmers hired in S.Korea to make security software` AUGUST 08, 2011 07:54 The CEO of a computer security company repeatedly looked around in an interview with a Dong-A Ilbo reporter. The executive seemed wary of whether somebody was listening to what he was saying. He started talking after placing on a table two mobile phones with different numbers. He showed nervousness in the interview, saying, “If what I say is leaked (to a third party)...” What the CEO was afraid of was none other than North Korea. He told Dong-A, “North Korean programmers are developing information security programs for...

Wireless drone sniffs Wi-Fi, Bluetooth, phone signals By: Declan McCullagh August 4, 2011 11:19 AM PDT LAS VEGAS--Forget Wi-Fi war driving. Now it's war flying. A pair of security engineers showed up at the Black Hat security conference here to show off a prototype that can eavesdrop on Wi-Fi, phone, and Bluetooth signals: a retrofitted U.S. Army target drone, bristling with electronic gear and an array of antennas. "Nobody's really looking at this from a threat perspective," said Mike Tassey, a security consultant who works for the U.S. government intelligence community. "There's some pretty evil stuff you can do from...

The world's most extensive case of cyber-espionage, including attacks on U.S. government and U.N. computers, is set to be revealed Wednesday by online security firm McAfee, and analysts are speculating that China is behind the attacks. The spying was dubbed "Operation Shady RAT," or "remote access tool" by McAfee -- and it led to a massive loss of information that poses a huge economic threat, wrote vice president of threat research Dmitri Alperovitch "What is happening to all this data — by now reaching petabytes as a whole — is still largely an open question," Alperovitch wrote on a blog detailing the threat. "However,...

On Thursday, the US House of Representatives approved an internet snooping bill that requires internet service providers (ISPs) to keep records of customer activity for a year so police can review them as needed. Here's what this bill means for you and what you can do about it. What Is This Internet Snooping Bill, Exactly, and Why Is It Bad? The lovingly titled Protecting Children From Internet Pornographers Act of 2011 (PCFIPA of 2011) requires ISPs to retain customer names, addresses, phone numbers, credit card numbers, bank account numbers, and dynamic IP addresses. It's a record of your personal information...

Internet providers would be forced to keep logs of their customers' activities for one year--in case police want to review them in the future--under legislation that a U.S. House of Representatives committee approved today. The 19 to 10 vote represents a victory for conservative Republicans, who made data retention their first major technology initiative after last fall's elections, and the Justice Department officials who have quietly lobbied for the sweeping new requirements, a development first reported by CNET. A last-minute rewrite of the bill expands the information that commercial Internet providers are required to store to include customers' names, addresses,...

Boing-boing notices that “yesterday, the House Judiciary Committee voted 19-10 for H.R. 1981, a data-retention bill that will require your ISP to spy on everything you do online and save records of it for 12 months. California Rep Zoe Lofgren, one of the Democrats who opposed the bill, called it a ‘data bank of every digital act by every American’ that would ‘let us find out where every single American visited Web sites.’” The databank is “for the children”. HR 1981 is actually titled “Protecting Children From Internet Pornographers Act of 2011″. Its sponsors say “the Protecting Children from Internet...

A group of computer hackers claims to have breached NATO security and accessed hordes of restricted material. The group called Anonymous says it would be "irresponsible" to publish most of the material it stole from NATO but that it is sitting on about 1 gigabyte of data. Anonymous posted a PDF file Thursday, and broadcast a link to it from its Twitter page, showing what appeared to be a document headed "NATO Restricted."

The FBI is executing search warrants at two Long Island, N.Y., homes and one Brooklyn, N.Y., home of three suspected members of notorious hacking group Anonymous early Tuesday morning, FoxNews.com has learned. More than 10 FBI agents arrived at the Baldwin, N.Y., home of Giordani Jordan with a search warrant for computers and computer-related accessories. The targets of the FBI searches are all in their late teens to early 20s.

Prosecutors cited a report prepared by a software program called CacheBack, which the state argued showed 84 web searches for chloroform being made on the Anthony computer. The defense would later contradict the CacheBack report with a separate report generated by another program, NetAnalysis. That report returned only one search result for chloroform. Last week, CacheBack CEO John Bradley posted a statement on his website, acknowledging that the 84-search result was an error, and criticizing the state for its use of flawed data. It was Bradley who introduced those results as a witness for the defense. On the stand, he...

Security: The Pentagon has disclosed perhaps the largest theft of sensitive data by an unnamed foreign government. The threat to our electronic infrastructure is real, growing and as dangerous as a North Korean missile. In outlining America's cyberwarfare strategy last Thursday at the National Defense University, Deputy Secretary of Defense William Lynn disclosed that 24,000 sensitive files containing Pentagon data at a defense company were accessed in a cyberattack in March, likely by a foreign government. He didn't disclose the identity of that government, but in a bit of an understatement he acknowledged, "We have a pretty good idea." So...

The Obama campaign website was hacked on Tuesday and invited supporters to two fake anti-government events hosted by an unnamed "Commy Obama."The campaign's application for mobile devices, such as iPhones and iPads, directed users to two events titled "Rules of Politics" scheduled for noon on Tuesday in Washington."1. Politicians and other public servants lie," read the event description provided on the Obama campaign website. (Full screenshot here.) "2. Politicians tell you what you want to hear and offer to provide things for 'free' to get votes. 3. When government buys, the people pay."The 430-word message lists 21 total anti-government criticisms,...

LulzSec the hacker group that has been a thorn in the side of major institutions ranging from Sony to the CIA, says it is going away -- but not quietly. The group said late Saturday it would disband. In what it says is its final act of mayhem, it publicly unloaded a trove of documents containing a significant amount of compressed data. "Our planned 50-day cruise has expired, and we must now sail into the distance...our crew of six wishes you a happy 2011," LulzSec says in its final message. . The group says it chose to end its campaign...

TOKYO (AFP) – Japan will punish people who create or wilfully spread computer viruses with fines and prison terms of up to three years under a new law enacted by parliament. Under the law, police can seize email communication logs of suspects from Internet service providers, among other information. The action, which has met with opposition from privacy and free speech advocates, brings Japan a step closer to concluding the Convention on Cybercrime, a Europe-led effort. The convention is the first international treaty to combat crimes committed via the Internet and other computer networks. Japan has signed the treaty but...

CNN) -- They've breached or busted the websites of the CIA, PBS and the U.S. Senate, and launched at least part of an extended attack on Sony, whose PlayStation Network was brought to a grinding halt for the better part of a month. And, to hear them tell it, it's all for a laugh. Meet Lulz Security, or LulzSec, the gleeful and secretive band of hackers who appear to be responsible for a string of high-profile and sometimes embarrassing Internet attacks. Their most recent strike, and arguably the most ambitious, was a distributed denial-of-service attack Wednesday that shut down the...

Last year's Stuxnet virus attack represented a new kind of threat to critical infrastructure. Just over a year ago, a computer in Iran started repeatedly rebooting itself, seemingly without reason. Suspecting some kind of malicious software (malware), analysts at VirusBlokAda, an antivirus-software company in Minsk, examined the misbehaving machine over the Internet, and soon found that they were right. Disturbingly so: the code they extracted from the Iranian machine proved to be a previously unknown computer virus of unprecedented size and complexity. On 17 June 2010, VirusBlokAda issued a worldwide alert that set off an international race to track down...

angry tapir writes "Seattle police are investigating a group of criminals who they say have been cruising around town in a black Mercedes stealing credit card data by tapping into wireless networks belonging to area businesses. The group has been at it for about five years, according to an affidavit signed by Detective Chris Hansen, a fraud investigator with the Seattle Police Department."

I have received notification of email breaches from Kroger, Best Buy and Home Depot so far. They seem legit as they are not asking for any info, just notifying me of probable phishing scams based on these breaches. so how many credit cards got info stolen recently?

I thought I'd share this with you all, as some may benefit from this. Today, I was called by Wells-Fargo's fraud protection department to let me know my online ID and password had been compromised. Not only could they not tell me when exactly this occurred, or for what reason, but I was also told, I would have to run a full virus scan before they could restore my access. Now I could easily lie of course, although they make a point of saying that if an online scan truly was not performed, then they are not responsible for any...

Most of us by now have heard about Anonymous. Anonymous has had its roots in various areas for a while now. Its primary targets tend to be a focused attempt at righting the wrongs of corporate monopolies and injustices that face the average person. Anonymous became a household known entity as it was exposed in its efforts to defend the operations of Wikileaks and Wikileaks founder Julian Assange. Their newest activities have revolved around shutting down various copyright agencies such as BMI as an attempt to fight back in the ongoing file sharing battle. A member of Anonymous who goes...

It wasn’t an insecure SIPRNet that created the “perfect storm” that allowed Private Bradley Manning to dump the State Department cables to Wikileaks. It was the failure of our government to apply standard IT practices in a theater of war. >== snip == So if SIPRNet is secure, and with the NetTop 2 environment it’s impossible to copy data off to a USB flash drive or a DVD from a secure session, how the heck was Manning able to dump that data to Wikileaks? == SNIP == But according to a Wired article from over the summer, we know...

A Russian software company today released a password cracking tool that instantly reveals cached passwords to Web sites in Microsoft Internet Explorer, mailbox and identity passwords in all versions of Microsoft Outlook Express, Outlook, Windows Mail and Windows Live Mail. Moscow based ElcomSoft, developer of the new password recovery tool, “Elcomsoft Internet Password Breaker,” says the product designed as tool to provide forensics, criminal investigators, security officers and government authorities with the ability to retrieve a variety of passwords stored on a PC. With a price tag of just $49, it doesn’t seem as though investigators and government authorities are...

Traditional phishing attacks are reasonably easy to avoid, just don’t click links in suspicious e-mails (or, for the really paranoid, any e-mail). But Firefox Creative Lead Aza Raskin has found a far more devious way to launch an attack — by hijacking your unattended browser tabs. The attack works by first detecting that the tab the page is in does not have focus. Then the attacking script can change the tab favicon and title before loading a new site, say a fake version of Gmail, in the background. Even scarier, the attack can parse through your history to find sites...

One of the Internet security companies (McAfee) that monitors hacker activity (by compiling data on attacks their clients have suffered), estimates that more computers are being turned into zombies in China, than in the United States. At least during the last three months of 2009. Both countries have about 12 million zombie computers. Many of 1.5 billion computers in the world are infected with secret programs that enable criminals, or intelligence agencies, to control these PCs, turning them into "zombies". These captive computers are organized into "botnets" of thousands, or even a million or more, PCs that do the bidding...

January 3, 2010 CYBERSECURITY Wanted: ‘Cyber Ninjas’ By CHRISTOPHER DREW FOR a regional competition last spring, eight students from California State Polytechnic University, Pomona, spent six months of Saturdays practicing how to defend a typical business computer network from attacks. Then, over two grueling days, they outscored teams from five other schools at blocking worms and other efforts to disrupt their e-mail and Internet systems. For the six seniors in the group, all in computer information systems, the victory was even sweeter. Boeing, the giant aerospace and military company, offered them jobs. Boeing’s decision to snap up all the graduates...

Had a virus alert yesterday from AVAST. As usually, it allowed me to abort connection and proceed. Cyber Security popups came up on my sceen and thinking it was AVAST prompting me, I ran a program. Turns out it was a fake site trying to get info and now it's embedded in my system. CAN ANYONE HELP? It's trying to block FR as a malicious website.

Microsoft sends biggest patch on record Tue Oct 13, 2009 4:03pm EDT SEATTLE (Reuters) - Microsoft Corp issued its biggest software patch on record on Tuesday to fix a range of security issues in its programs, including the yet-to-be-released Windows 7 operating system. In a monthly update sent to users of its software, Microsoft released 13 security bulletins, or patches, to address 34 vulnerabilities it identified across its Windows, Internet Explorer, Silverlight, Office and other products. It said six of the patches were high priority and should be deployed immediately. The patches -- which update software to write over glitches...

Security: A Senate bill lets the president "declare a cybersecurity emergency" relating to "nongovernmental" computer networks and do what's needed to respond to the threat. Didn't they just collect our e-mail addresses?We wish this was just a piece of the fictional "Dr. Strangelove" that fell to the cutting-room floor, but it's not. It is a real piece of disturbingly vague legislation sponsored by Sens. Jay Rockefeller, D-W.Va., Bill Nelson, D-Fla., and Olympia Snowe, R-Maine. Senate Bill 773 would grant the administration emergency powers (where have we heard that before?) in the event of a cyberemergency that the president would have...

A Briton wanted in the United States for breaking into NASA and Pentagon networks in "the biggest military hack of all time" lost an appeal against his extradition Friday, making a U.S. trial more likely. Gary McKinnon, 43, has fought a three-year battle to avoid extradition, including going to the European Court of Human Rights, but he appeared to have run out of options as Britain's High Court ruled against his latest appeal Friday. The court rejected arguments by McKinnon's lawyers that extraditing McKinnon, who was recently diagnosed with Asperger's Syndrome, a form of autism, would have disastrous consequences for...

If you have any interest in the sporting world, you undoubtedly have heard about the recent video depicting an exposed Erin Andrews--a high-profile sports reporter for ESPN--filmed through a peephole at her hotel room. This video is now being tied to security issues on both PCs and Macs. Although, as Graham Cluley notes, Ms. Andrew's lawyers have threatened lawsuits for any Web site distributing the video, several sites have set up pages claiming to offer the footage. Cluley writes on his blog: "And - surprise surprise - if you visit those webpages you could be putting the security of your...

Survey finds one in six consumers act on spam by Jeremy Kirk, IDG News Service About one in six consumers have at some time acted on a spam message, affirming the economic incentive for spammers to keep churning out millions of obnoxious pitches per day, according to a new survey.Due to be released Wednesday, the survey was sponsored by the Messaging Anti-Abuse Working Group (MAAWG), an industrywide security think tank composed of service providers and network operators dedicated to fighting spam and malicious software.Eight hundred consumers in the U.S. and Canada were asked about their computer security practices habits...

PCs Used in Korean DDoS Attacks May Self Destruct There are signs that the concerted cyber attacks targeting U.S. and Korean government and commercial Web sites this past week are beginning to wane. Yet, even if the assaults were to be completely blocked tomorrow, the attackers could still have one last, inglorious weapon in their arsenal: New evidence suggests that the malicious code responsible for spreading this attack includes instructions to overwrite the infected PC's hard drive. Update: This is already happening. Please be sure to read the updates at the end of this post. Original post: According to Joe...

NRO colleague Kevin Williamson passes along this item from Wired.com’s Danger Room:  It's like Burn After Reading, the latest Coen brothers' flick, come to life. Well, kinda sorta."A New Zealand man has found confidential United States military files on an MP3 player," the Age reports. He bought at an Oklahoma thrift shop, for less than ten bucks. Chris Ogle wasn't looking for secrets during his little shopping trip, of course. But when he brought the player home and hooked it up, "he discovered a playlist he could never have imagined," New Zealand's TV One pants.The sixty files included personal details of...

Internet security is broken, and no one knows how to fix it By John Markoff Sunday, December 7, 2008 SAN FRANCISCO: Internet security is broken, and nobody seems to know quite how to fix it. Despite the efforts of the computer security industry and a half-decade struggle by Microsoft to improve the security of its Windows operating system software, malicious software is spreading faster than ever. The so-called malware surreptitiously takes over a PC and then uses that computer to spread the software to other machines exponentially. Computer scientists and security researchers acknowledge that they cannot get ahead of the...

In a move that could backfire, according to one security expert, Apple pulled out of a prominent hackers' convention taking place this week in Las Vegas. Apple abruptly canceled what would have been its first appearance at Black Hat, an annual event in Las Vegas that features presentations from the world's most preeminent security researchers – a.k.a. hackers – according to Computerworld. Speakers typically highlight security shortcomings in a number of different technologies, including operating systems, e-mail and the Internet itself. Taking one's lumps at Black Hat is a right of passage in a technology's security evolution, as companies like...

George Ledin teaches students how to write viruses, and it makes computer-security software firms sick.In a windowless underground computer lab in California, young men are busy cooking up viruses, spam and other plagues of the computer age. Grant Joy runs a program that surreptitiously records every keystroke on his machine, including user names, passwords, and credit-card numbers. And Thomas Fynan floods a bulletin board with huge messages from fake users. Yet Joy and Fynan aren't hackers—they're students in a computer-security class at Sonoma State University. And their professor, George Ledin, has showed them how to penetrate even the best antivirus...

Expert urges China visitors to encrypt data Aug 3, 2008 - 9:02:10 AM WASHINGTON (Reuters) - China's blocking of Web sites has embarrassed the International Olympic Committee, but a computer security expert said on Thursday that visitors to Beijing also needed to protect their data from prying eyes. "People who are going to China should take a clean computer, one with no data at all," said Phil Dunkelberger, chief executive of security software firm PGP Corp.

Computer industry heavyweights are hustling to fix a flaw in the foundation of the Internet that would let hackers control traffic on the World Wide Web. Major software and hardware makers worked in secret for months to create a software "patch" released on Tuesday to repair the problem, which is in the way computers are routed to web page addresses. "It's a very fundamental issue with how the entire addressing scheme of the Internet works," ... "You'd have the Internet, but it wouldn't be the Internet you expect. (Hackers) would control everything." The flaw would be a boon for "phishing"...

Symantec, Windows users beset by Vista SP1 flaws By Tom Espiner, ZDNet UK Monday, March 24, 2008 10:56 AM Security vendor Symantec has said that updated drivers to replace those adversely affected by Windows Vista Service Pack 1 are not yet available. The company said users will have to wait for the updated drivers, which will be available "in the coming weeks". The drivers in question are for Endpoint Protection and Network Access Control, two of Symantec's flagship enterprise security products. Microsoft released Vista Service Pack 1 (SP1) to Windows Update on Tuesday. However, in the Vista team blog, Vista...