Detectives from Australia’s Victoria Police last week executed a raid of offices at The Age, one of the largest newspapers in Melbourne, seizing computers and documents they believe were used in a hacking scheme.
Browsing Category: Hacks
VIEW SLIDESHOW Threatpost Top Security News Stories of 2011We’ve compiled our list of the Top Security Stories of 2011, presented here in no particular order. These are the issues that shook the world’s markets and kept us awake at night.
A month after an unknown gray hat hacker calling himself “pr0f” used a three character password to hack his way onto computers used to manage water treatment equipment in South Houston, Texas, a security researcher is accusing the company that makes the industrial control system (ICS) software, Siemens, of trying to cover up the existence of other, more serious vulnerabilities.
A band of hackers from China was able to gain access to the U.S. Chamber of Commerce and retrieve information on the organization’s employees for over a year before they were discovered in May 2010, according to a report in the Wall Street Journal today.
The security of Android devices has come under quite a lot of scrutiny in recent months, with researchers identifying various root exploits and permission leaks that could be exploited. In this video, researcher Thomas Cannon of ViaForensics demonstrates a method for setting up a remote shell on an Android device without using any exploits or vulnerabilities. The method works on various versions of Android, up to and including Gingerbread.
The creators and maintainers of exploit kits often rely on public reports of new exploits and proof-of-concept exploit code in order to be able to add new exploits to their software. And in many cases, the exploits included in kits such as Black Hole and Eleonore and others will be for vulnerabilities that are older and have long since been patched. But, if recent events are any indication, that could be changing.
Investigations by the BBC suggest a widening probe into alleged computer hacking by UK newspapers. In all, the computer hacking may have been as widespread as now-notorious voicemail hacking conducted by reporters at Rupert Murdoch’s News of the World, and may have compromised classified British intelligence from government officials, the reports say.
A report on the Web site of the Christian Science Monitor claims that Iran exploited a long-known vulnerability in the GPS navigation system of the U.S.’s RQ-170 Sentinel drone to force it into landing safely within Iran.
GlobalSign, the certificate authority that the attacker who compromised Comodo and DigitNotar claimed he had infiltrated as well, said it has completed its months-long security review and found no evidence that its CA infrastructure was compromised or that any rogue certificates had been issued. The investigation did confirm that the company’s public Web server had been compromised, and GlobalSign decided to revoke its own SSL certificate and key.
The FBI is one of a handful of U.S. agencies tasked with investigating computer crimes and one of the many roadblocks that has stood in the way of more successful cases and prosecutions is a lack of resources, mostly in the form of trained agents. It looks like the bureau will be getting the money in 2012 to hire more agents for its cybercrime unit, but the 14 new agents included in next year’s budget still aren’t nearly enough to address the full scope of the problem in the U.S., let alone globally.