In an e-mail interview with Threatpost, the hacker who compromised software used to manage water infrastructure for South Houston, Texas, said the district had HMI (human machine interface) software used to manage water and sewage infrastructure accessible to the Internet and used a password that was just three characters long to protect the system, making it easy picking for a remote attack.
Browsing Category: SMB Security
When most people think of the Great Firewall of China, they think of government censors black holing the comments of political dissidents or conversations related to the long list of topics the governing Communist Party finds disruptive to political harmony. But in testimony before Congress, the head of a U.S.-based technology industry group said that the censorship is also taking an economic toll on Western Internet firms, as China steers Chinese consumers away from Western Web based services including Facebook, Google, Twitter, Yahoo and Foursquare and toward domestic competitors.
The cyber attack on the NASDAQ OMX Group late last year was the result of shoddy security, according to a new report via Reuters.
There’s a new vulnerability in the popular BIND name server software that is causing various versions of the application to crash unexpectedly after logging a certain kind of error. The Internet Software Consortium, which maintains BIND, is investigating the issue and trying to determine the severity of the problem.
The hacktivist group Anonymous, it seems, is bent on rehabilitating its image. In recent months, the anarchic hacking collective has moved from retaliatory attacks on enemies (like Aaron Barr) and outing “snitches,” to squelching out child pornography networks (Operation DarkNet, launched in October) and supporting the Occupy Wall Street protests.
Anonymous’s efforts to don the white hat AND the Guy Fawkes mask may take more than just picking different targets for its “Ops,” says Joshua Corman, the Director of Security Intelligence at Akamai Technologies. In a recent, exclusive interview with Threatpost, Corman told Threatpost editor Paul Roberts that the group’s cyber vigilantism itself is the problem and “rife with unintended consequences.”
Here’s a transcript of their talk, which took place October 26th.
Information security failings are making it impossible for the U.S. Internal Revenue Service (IRS) to get its financial house in order and could be putting taxpayers’ sensitive information at risk, according to a financial audit of the agency by the Government Accountability Office (GAO).
F-Secure researchers claim that malware spreading via malicious PDF files is signed with a valid certificate stolen from the Government of Malaysia, in just the latest evidence that scammers are using gaps in the security of digital certificates to help spread malicious code.
After months as a consumer-only beta, Google finally opened up its Google+ social network to companies this week, launching Google Brand pages. While response to the new brand pages was tepid (Robert Scoble penned a rather scathing review), it didn’t take long for folks poking around the new feature to identify a serious shortcoming: Google brand pages allow pretty much anyone to stake out a page for any brand, regardless of their affiliation with it.
[img_assist|nid=10213|title=Joe Gottlieb|desc=CEO, Sensage|link=none|align=right|width=115|height=115]The “up side” of social networks like Facebook, Twitter and G+ are well known. But the down side of these networks for both users and for organizations that employ them are only now becoming clear. Worms, malware and spam are just the beginning of the security problems engendered by the social net. In this exclusive interview, conducted via e-mail, Threatpost editor Paul Roberts asked Joe Gottlieb, the CEO of security event management firm Sensage, about the many, subtle ways that social networks are eroding organizations’ online defenses.
An indictment filed in U.S. District Court for the Southern District of New York charges seven individuals with a a global scheme to commit Internet advertising fraud. The scheme infected more than four million machines in over 100 countries with malware. It is believed to have netted the scammers more than $14 million in commissions from online advertisers.