Donald Sears

Hardware hacker and author, Ryan Harris, aka “DerEngel,” has been arrested in Boston for aiding and abetting intrusion and wire fraud. Harris oversees TCNiSO, a group who hacks cable modems and other hardware. Harris thinks he is being busted for the plights of those who took performance-boosting hacks and committed crime–something he says he never condoned or publicized on his website.

A new open-source honeypot project called Glastopf “dynamically emulates vulnerabilities attackers are looking for” and can auto-detect and allow unknown attacks. The project, designed by Lukas Rist, came out of the Google Summer of Code program. ISPs, web hosting companies and researchers can use Glastopf to collect data about attacks, particularly PHP botnets and other Web applications. Read the full article. [Dark Reading]

UK security researchers MWR InfoSecurity have found a flaw in the driver software of USB sticks that could allow the technology to “interrogate” and download the complete content of any system. The company believes the use of such devices is only months away, and has shared its research with the British government.

Martin Quoc Pham, 28, of Garden Grove was sentenced by a judge to 11 years in Federal prison for spearheading an identity theft ring targeting home equity lines. The compromised accounts of JP Morgan Chase customers were fraudulently accessed and lines of credit were stolen including nearly $1 million that was transferred to accounts controlled by the ring.

The Shadowserver Foundation reported that it has discovered 7 million unique IP addresses infected by Conficker and its variants. Tracking of the attack was accomplished by cracking the algorithm that the worm uses to find instructions on the Internet.

Amid all the malware on Facebook, Twitter, Bit.ly and other social networks and microblogs, there are some new tips and strategies on how to avoid being hijacked. The article describes a number of methods including the hijacking of Twitter trending topics and hijacking legitimate Twitter accounts for total control and then spreading malware links. Advice points to being skeptical of links, even from friends, and eing careful with shortened urls (a great place to hide malicious links). Even though Twitter and Bit.ly are using Google’s Safe Browsing API, some malware continues to work. Read the full article. [ReadWriteWeb]

Independent Sen. Joe Lieberman of Conneticut is set to propose a bill that would make the lead security post for the U.S. government a Presidential nominee approved by the Senate and accountable to Congress. This is in sharp contrast to the proposed hierarchy laid out by the ranking Republican leader of the Homeland Security panel, Senator Susan Collins of Maine, who views the position as residing in the DHS, said Ed O’Keefe on his Federal Eye blog. Read the full story   [Washington Post]