New German Government ID Hacked By CCC
Sep 3, 2010 IT
wiedzmin writes “Public broadcaster ARD’s show ‘Plusminus’ teamed up with the known hacker organization ‘Chaos Computer Club’ (CCC) to find out how secure the controversial new radio-frequency (RFID) chips were. The report shows how they used the basic new home scanners that will go along with the cards (for use with home computers to process the personal data for official government business) to demonstrate that scammers would have few problems extracting personal information. This includes two fingerprint scans and a new six-digit PIN meant to be used as a digital signature for official government business and beyond.” That was quick. Earlier this year, CCC hackers demonstrated vulnerabilities in German airport IDs, too.
Read more of this story at Slashdot.
UN Telecom Chief Urges Blackberry Data Sharing
Sep 3, 2010 IT
crimeandpunishment writes “The top man in telecommunications at the United Nations is weighing in on the Blackberry battle … and he says share the data. The UN’s telecom chief says governments have legitimate security concerns, and Research in Motion should give them access to its customer data. In an interview with the Associated Press, Hamadoun Toure said ‘There is a need for cooperation between governments and the private sector on security issues.’”
Read more of this story at Slashdot.
Google Releases Chrome 6, Pays $4337 In Bounties
Sep 3, 2010 IT
Trailrunner7 writes “Google has released a new version of its Chrome browser and has included more than a dozen security fixes in the update. The new version, 6.0.472.53, was released two years to the day after the company pushed out the first version of Chrome. Google Chrome 6 includes patches for 14 total security vulnerabilities, including six high-priority flaws, and the company paid out a total of $4,337 in bug bounties to researchers who reported the vulnerabilities. A number of the flaws that didn’t qualify for bug bounties were discovered by members of Google’s internal security team.” (Read on for more, below.)
Read more of this story at Slashdot.
Facebook To Add Remote Logout
Sep 3, 2010 IT
angry tapir writes “Facebook users will soon have a new way of knocking spammers out of legitimate accounts. The social-networking company is rolling out a new security feature that lets users see which computers and devices are logged into their Facebook accounts, and then removing the ones that they don’t want to have access.”
Read more of this story at Slashdot.
Northrop Grumman Says ‘I’m Sorry’ For Virginia IT Outage
Sep 3, 2010 IT
Lucas123 writes “After a storage area network in a data center run by Northrop Grumman went down last week, crippling 26 state agencies’ websites — some for more than a week — Northrop Grumman has now apologized to Virginia, saying it will learn from its mistakes in order to recover systems faster in the future. Northrop’s $2.6 billion service contract with Virginia’s government has come under harsh criticism in the past for service outages, along with project delays and cost overruns.”
Read more of this story at Slashdot.
Android Fork Brings Froyo To 12 Smartphones
Sep 2, 2010 IT
jj110888 writes “CyanogenMod has just been updated to version 6.0, bringing Android Open Source Project 2.2 (Froyo) to several devices. This fork includes enchantments to many of the built-in apps, Ad-hoc network connectivity, OpenVPN support, Bluetooth HID, Incognito browsing, extensive control over audio and UI elements, and more found in the extensive CHANGELOG. The CyanogenMod team uses an instance of Google’s gerrit tool for code review and patch submission, helping make this former backport of Android 1.6 to T-Mobile’s G1 into thriving development for the G1/MyTouch/MyTouch 1.2, Droid, Nexus One, HTC Aria, HTC Desire, HTC Evo 4G (minus 4G and HDMI output), Droid Incredible, and MyTouch Slide. HTC Hero (including Droid Eris) are coming soon for 6.0, with Samsung Galaxy S devices expected to be supported in 6.1.”
Read more of this story at Slashdot.
Apple Announces New iPods, iTunes 10, Social Network, AppleTV
Sep 2, 2010 IT
Steve Jobs gave his iPod keynote this morning. He started with iOS 4.1 and Game Center which will be coming out next week. iOS 4.2 will add printing to the iPad and will be out in November. The new iPod Shuffle has buttons again, and costs $49. The new iPod Nano has a tiny multi-touch screen, and an FM radio, and starts at $149. The new (thinner) Touch has the iPhone 4 screen, an A4 chip, and FaceTime over WiFi, starting at $229 for 8GB. They all ship next week.
iTunes 10 looks the same, but adds a social network called “Ping,” which basically looks like Last.fm integrated, and should be out today.
AppleTV is updating: 1/4th the size, no purchases — only rentals. 99 cents for TV rentals (ABC & Fox), Netflix on Demand built in, and for $99.
Read more of this story at Slashdot.
Snoop Dogg Joins the War On Cybercrime
Sep 2, 2010 IT
wiredmikey writes “Think you can bust out some silly fresh rhymes on the subjects of hacking, identity theft and computer viruses? In a somewhat untraditional partnership, Snoop Dogg and Symantec’s Norton want you to show off your their lyrical skills on the subject of cybercrime and enter the ‘Hack is Wack’ cybercrime rap contest. If you have the skills and bust out the phattest rap, you’ll receive round trip airfare for two to Los Angeles along with two days and two nights’ hotel stay to meet with Snoop’s management, learn more about his business. You’ll also get two tickets to a Snoop Dogg concert and a new laptop pimped out with Norton Internet Security 2011.”
Read more of this story at Slashdot.
New QuickTime Flaw Bypasses ASLR, DEP
Sep 1, 2010 IT
Trailrunner7 writes “A Spanish security researcher has discovered a new vulnerability in Apple’s QuickTime software that can be used to bypass both ASLR and DEP on current versions of Windows and give an attacker control of a remote PC. The flaw apparently results from a parameter from an older version of QuickTime that was left in the code by mistake. It was discovered by Ruben Santamarta of Wintercore, who said the vulnerability can be exploited remotely via a malicious Web site. On a machine running Internet Explorer on Windows 7, Vista or XP with QuickTime 7.x or 6.x installed, the problem can be exploited by using a heap-spraying technique. In his explanation of the details of the vulnerability and the exploit for it, Santamarta said he believes the parameter at the heart of the problem simply was not cleared out of older versions of the QuickTime code. ‘The QuickTime plugin is widely installed and exploitable through IE; ASLR and DEP are not effective in this case and we will likely see this in the wild,’ said HD Moore, founder of the Metasploit Project.”
Read more of this story at Slashdot.
The Nuclear Bunker Where Wikileaks Will Be Located
Sep 1, 2010 IT
An anonymous reader writes “Engadget has photos of ‘Pionen White Mountains, the nuclear bunker in which Wikileaks will locate some of its servers. It was excavated 98 feet underground, in a rock hill in the center of Stockholm, Sweden, during the Cold War.’ It looks like they hired the same interior designer who decorated Batman’s lair.”
Read more of this story at Slashdot.