115 items | 1 visits
Liudvikas Bukys's List: security-examples
-
-
Microsoft.com Hacked and Defaced
-
Microsoft.com Hacked and Defaced
-
-
-
-
Here's where things get interesting. The tradeoff that Rebecca notes is not a necessary consequence of using toll transponders. It's really the result of technical design decisions that could have been made differently. Want a toll transponder system that can't be read usefully by third parties? We can design it that way. Want a system that allows only authorized third parties to be able to track vehicles? We can design it that way. Want a system that allows anyone to be able to tell that the same vehicle has passed two points, but without knowing which particular vehicle it was? We can design it that way, too.
-
Here's where things get interesting. The tradeoff that Rebecca notes is not a necessary consequence of using toll transponders. It's really the result of technical design decisions that could have been made differently. Want a toll transponder system that can't be read usefully by third parties? We can design it that way. Want a system that allows only authorized third parties to be able to track vehicles? We can design it that way. Want a system that allows anyone to be able to tell that the same vehicle has passed two points, but without knowing which particular vehicle it was? We can design it that way, too.
-
-
-
But on a Web site on at least one of the computers, the police found something quite uncommon. It was a listing of their own cell phone numbers, undercover names, makes and models of their cars and even license plate numbers.
-
But on a Web site on at least one of the computers, the police found something quite uncommon. It was a listing of their own cell phone numbers, undercover names, makes and models of their cars and even license plate numbers.
-
-
-
But by late October, after GE and their energy consultants from KEMA Inc spent weeks going through 4 million of lines of C/C++ code, they had identified the race condition that led to operators at FirstEnergy Corp’s Akron, Ohio control room being in the dark while three of the company's high voltage lines sagged into unkempt trees and tripped. Because the alarm portion of the XA/21 system failed silently, control room operators didn't know they were relying on outdated information; apparently, choosing to trust their systems, they even discounted phone calls warning them about worsening conditions on their grid.
-
But by late October, after GE and their energy consultants from KEMA Inc spent weeks going through 4 million of lines of C/C++ code, they had identified the race condition that led to operators at FirstEnergy Corp’s Akron, Ohio control room being in the dark while three of the company's high voltage lines sagged into unkempt trees and tripped. Because the alarm portion of the XA/21 system failed silently, control room operators didn't know they were relying on outdated information; apparently, choosing to trust their systems, they even discounted phone calls warning them about worsening conditions on their grid.
-
-
-
JUNE 30, 2003 (COMPUTERWORLD) - When an employee from an Australian company that makes manufacturing software got fired in early 2000, he applied for a job with the local government, but was turned down. In retaliation, he got a radio transmitter, went to a nearby hotel where there was a sewage valve, and used the radio to hack into the local government's computerized waste management system. Using software from his former employer, he released millions of gallons of raw sewage near the hotel grounds and into rivers and parks. "He did this 46 times before he was caught," notes Joe Weiss, a process-control cybersecurity expert and consultant at the Cupertino, Calif., office of Kema Consulting. "The first 20 [times], they didn't even know it was cyber," meaning an external attack launched using a computer, he says. "From 20 to 45, they finally figured it was cyber, but they didn't catch him until 46." Though this person never worked for the wastewater utility, he was still able to break into its supervisory control and data acquisition system, which was designed with a big security assumption in mind -- that only insiders would want to access it.
-
JUNE 30, 2003 (COMPUTERWORLD) - When an employee from an Australian company that makes manufacturing software got fired in early 2000, he applied for a job with the local government, but was turned down. In retaliation, he got a radio transmitter, went to a nearby hotel where there was a sewage valve, and used the radio to hack into the local government's computerized waste management system. Using software from his former employer, he released millions of gallons of raw sewage near the hotel grounds and into rivers and parks. "He did this 46 times before he was caught," notes Joe Weiss, a process-control cybersecurity expert and consultant at the Cupertino, Calif., office of Kema Consulting. "The first 20 [times], they didn't even know it was cyber," meaning an external attack launched using a computer, he says. "From 20 to 45, they finally figured it was cyber, but they didn't catch him until 46." Though this person never worked for the wastewater utility, he was still able to break into its supervisory control and data acquisition system, which was designed with a big security assumption in mind -- that only insiders would want to access it.
-
-
-
Indeed, anybody can make a smartcard that sends the three-message sequence "Okay; Yes; Okay" over and over, and can thereby vote as many times as desired, at least until a poll worker asks why the voter is spending so long in the booth.
-
Indeed, anybody can make a smartcard that sends the three-message sequence "Okay; Yes; Okay" over and over, and can thereby vote as many times as desired, at least until a poll worker asks why the voter is spending so long in the booth.
-
-
-
I was flying home to Boston from Atlanta on Delta Airlines. When I got to my gate at the Atlanta airport, I immediately noticed that there was a Windows error alert box in the middle of the large display screen over the gate door. I walked around the terminal and saw that many of the gate display units had the same error alert box being displayed. In many cases, the display units were no longer usable since the alert boxes covered up critical information on the screens.
-
I was flying home to Boston from Atlanta on Delta Airlines. When I got to my gate at the Atlanta airport, I immediately noticed that there was a Windows error alert box in the middle of the large display screen over the gate door. I walked around the terminal and saw that many of the gate display units had the same error alert box being displayed. In many cases, the display units were no longer usable since the alert boxes covered up critical information on the screens.
-
-
-
The group had taken in hundreds of thousands of dollars in extortion money, Deets said. Including lost profits at the bookmakers, at least two major banks and other targets, the ring caused about $90 million in damage, Platonov said. Lyon has mixed feelings about the sting against Maksakov, who told Lyon he made only $2,000 a month for fairly sophisticated work. "It's not going to get better with one or two kids put in prison," Lyon said.
-
The group had taken in hundreds of thousands of dollars in extortion money, Deets said. Including lost profits at the bookmakers, at least two major banks and other targets, the ring caused about $90 million in damage, Platonov said. Lyon has mixed feelings about the sting against Maksakov, who told Lyon he made only $2,000 a month for fairly sophisticated work. "It's not going to get better with one or two kids put in prison," Lyon said.
-
-
-
Today, The Register posted an article on the suspension of two Oxford students who hacked their university's network. The students didn't hack with malicious intent, they just wanted to investigate the security of Oxford's network and report any insecurities, (supposedly), for the good of the school. However, these guerilla pen-testers performed their assessment without anyone's permission. Unfortunately for them, the IT staff didn't appreciate their extra-curricular exploration regardless of its intent.
-
Today, The Register posted an article on the suspension of two Oxford students who hacked their university's network. The students didn't hack with malicious intent, they just wanted to investigate the security of Oxford's network and report any insecurities, (supposedly), for the good of the school. However, these guerilla pen-testers performed their assessment without anyone's permission. Unfortunately for them, the IT staff didn't appreciate their extra-curricular exploration regardless of its intent.
-
-
-
-
Last month, about 1,000 University of Colorado continuing-education students became the latest to have their personal information compromised. Advertisement Officials said CU's hacker was a "joyrider" who broke into the system without actually taking identifying information. But the break-in added CU to the list of victim universities throughout the country. In August, a hacker broke into the University of California at Berkeley's system and got access to about 600,000 people's personal information. A University of Texas hacker accessed about 55,000 identities from that system last year. There have been similar incidents recently from Boston University to Georgia Tech, from Southern Illinois University to San Diego State University.
-
Last month, about 1,000 University of Colorado continuing-education students became the latest to have their personal information compromised. Advertisement Officials said CU's hacker was a "joyrider" who broke into the system without actually taking identifying information. But the break-in added CU to the list of victim universities throughout the country. In August, a hacker broke into the University of California at Berkeley's system and got access to about 600,000 people's personal information. A University of Texas hacker accessed about 55,000 identities from that system last year. There have been similar incidents recently from Boston University to Georgia Tech, from Southern Illinois University to San Diego State University.
-
-
-
Currently, researchers are expected to swap sensitive information for "pseudo identifiers" before working with the data -- the August hack attack came while Howes was performing that process, she says. But state agencies don't have the resources to do that sanitizing themselves, so the Bowen bill would effectively cut the research community off entirely, she argues.
-
Currently, researchers are expected to swap sensitive information for "pseudo identifiers" before working with the data -- the August hack attack came while Howes was performing that process, she says. But state agencies don't have the resources to do that sanitizing themselves, so the Bowen bill would effectively cut the research community off entirely, she argues.
-
-
-
Saad Echouafni, head of a satellite communications company, is wanted in Los Angeles, California for allegedly hiring computer hackers to launch attacks against his company's competitors. On August 25, 2004, Echouafni was indicted by a federal grand jury in Los Angeles in connection with the first successful investigation of a large-scale distributed denial of service attack (DDOS) used for a commercial purpose in the United States. In a DDOS, a multitude of compromised systems attack a single target causing a sustained denial of service for its customers. The investigation, codenamed Operation Cyberslam, was initiated in 2003 when a large-digital video recorder vendor based in Los Angeles reported a series of crippling denial of service attacks that effectively halted its business for nearly two weeks. That business, as well as others both private and government in the United States, were temporarily disrupted by these attacks which resulted in losses ranging from $200,000 to over $1 million.
-
Saad Echouafni, head of a satellite communications company, is wanted in Los Angeles, California for allegedly hiring computer hackers to launch attacks against his company's competitors. On August 25, 2004, Echouafni was indicted by a federal grand jury in Los Angeles in connection with the first successful investigation of a large-scale distributed denial of service attack (DDOS) used for a commercial purpose in the United States. In a DDOS, a multitude of compromised systems attack a single target causing a sustained denial of service for its customers. The investigation, codenamed Operation Cyberslam, was initiated in 2003 when a large-digital video recorder vendor based in Los Angeles reported a series of crippling denial of service attacks that effectively halted its business for nearly two weeks. That business, as well as others both private and government in the United States, were temporarily disrupted by these attacks which resulted in losses ranging from $200,000 to over $1 million.
-
-
-
Mr. Jay Echouafni, the CEO of satellite receiver reseller Orbit Communication was charged for hiring hackers to launch DDoS attacks against their competitors. Their idea was to take down the online ordering systems of other large satellite operators, using hackers from USA and UK. We just noticed that Mr. Echouafni has skipped bail, and is actually now listed among the FBI's most wanted. The website of Orbit Communication Corporation has been down now for some months (surprise, surprise). However, we managed to take this screenshot of their welcome page before it vanishe
-
Mr. Jay Echouafni, the CEO of satellite receiver reseller Orbit Communication was charged for hiring hackers to launch DDoS attacks against their competitors. Their idea was to take down the online ordering systems of other large satellite operators, using hackers from USA and UK. We just noticed that Mr. Echouafni has skipped bail, and is actually now listed among the FBI's most wanted. The website of Orbit Communication Corporation has been down now for some months (surprise, surprise). However, we managed to take this screenshot of their welcome page before it vanishe
-
-
-
By August 5th the agents already had a good idea what was going on, when Ethics made a fateful mistake. The hacker asked the Secret Service informant for a proxy server -- a host that would pass through Web connections, making them harder to trace. The informant was happy to oblige. The proxy he provided, of course, was a Secret Service machine specially configured for monitoring, and agents watched as the hacker surfed to "My T-Mobile," and entered a username and password belonging to Peter Cavicchia, a Secret Service cyber crime agent in New York.
-
By August 5th the agents already had a good idea what was going on, when Ethics made a fateful mistake. The hacker asked the Secret Service informant for a proxy server -- a host that would pass through Web connections, making them harder to trace. The informant was happy to oblige. The proxy he provided, of course, was a Secret Service machine specially configured for monitoring, and agents watched as the hacker surfed to "My T-Mobile," and entered a username and password belonging to Peter Cavicchia, a Secret Service cyber crime agent in New York.
-
-
-
Panix's main domain name, panix.com, has been hijacked by parties unknown. The ownership of panix.com was moved to a company in Australia, the actual DNS records were moved to a company in the United Kingdom, and panix.com's mail has been redirected to yet another company in Canada. Panix staff are currently working around the clock to recover our domain, but this may take until Monday, due to the time differences and difficulties in reaching responsible parties over the weekend.
-
Panix's main domain name, panix.com, has been hijacked by parties unknown. The ownership of panix.com was moved to a company in Australia, the actual DNS records were moved to a company in the United Kingdom, and panix.com's mail has been redirected to yet another company in Canada. Panix staff are currently working around the clock to recover our domain, but this may take until Monday, due to the time differences and difficulties in reaching responsible parties over the weekend.
-
-
List Comments
(0)
List Info