WordPress Hacked: Anyone Can View Future/Draft Posts

There is a bug in WordPress right now that is rather critical for anyone who uploads posts without immediately publishing. Simply by manipulating the URL any visitor can view all future, draft, or pending posts. Our site was vulnerable to this issue, but we patched it quickly because it could be used to retrieve the CyberNotes posts that we write ahead of time.

WordPress Hacked: Anyone Can View Future/Draft Posts

Australian UFO Sighted and Captured

Well, it certainly looks like one and almost behaves like any real UFO -- except we have identified it.
We are talking about an exciting development at Entecho here in Australia where they are working on the Hoverpod, a manned aerial vehicle that not only can hover but also fly up to 3000 m at speeds up to 120 km an hour.
It is billed as the ultimate recreational vehicle which can negotiate any terrain.


Australian UFO Sighted and Captured Blog Archive Alice Hill’s Real Tech News - Independent Tech

Top US military research labs infiltrated by hackers

Hackers successfully infiltrated Oak Ridge National Laboratory (ORNL), one of the nation's leading military research facilities. The attackers gained access by sending e-mails infected with trojan horses to ORNL employees. The lab claims that no classified information was retrieved, but admits that the perpetrators managed to acquire a database containing personal information about ORNL visitors and employees, including Social Security numbers.

"A hacker illegally gained access to ORNL computers by sending staff e-mails that appeared to be official legitimate communications. When the employees opened the attachment or accessed an embedded link, the hacker planted a program on the employees' computers that enabled the hacker to copy and retrieve information," ORNL revealed in a statement. "No classified information was lost; However, visitor personal information may have been stolen. If you visited ORNL between the years 1990 and 2004 your name and other personal information such as your social security number or date of birth may have been part of the stolen information."


Top US military research labs infiltrated by hackers

Hackers Ram Through Security at Oak Ridge Lab

The Oak Ridge National Laboratory has warned that its computer systems have been infiltrated by one or more hackers who skirted system's security to gain access to personal information on the lab's visitors. The information was then used in a phishing scheme that attempted to convince victims to open a malicious e-mail attachment. The lab has not commented on the attackers' suspected motives


E-Commerce News: Network Intrusion: Hackers Ram Through Security at Oak Ridge Lab

Teenager allegedly headed international hacking ring, Sophos comments

IT security and control firm Sophos has welcomed news that a teenager from New Zealand, believed to be the brains behind an international cyber gang, has been arrested.

The gang was allegedly responsible for infecting more then one million computers, stealing bank and credit card information, and embezzling more than USD 20 million. It is suspected that the teenager, known only by his cyber moniker 'AKILL' was the head of the gang and began his hacking activity while still at school.


Teenager allegedly headed international hacking ring, Sophos comments

Man sentenced to 20 years in murder of online rival

A 48-year-old man caught up in an internet love triangle was sentenced to 20 years in prison for killing his rival after being dumped by the woman they both competed for.

Thomas Montgomery of Cheektowaga, New York, pleaded guilty in August to the shooting death of 22-year-old Brian Barrett while he sat in a pickup truck shortly after work ended.

Montgomery had passed himself off as an 18-year-old Marine in online chats with a middle-aged West Virginia mother, identified as Mary Sheiler. Never mind that the woman herself posed as an 18-year-old student by using photos of her daughter. When she learned the truth about Montgomery, their online romance cooled and she turned her attention to Barrett.

“When he could no longer get the Sheiler girl, the chats reveal an obsessive desire to make Brian Barrett suffer and to make her suffer,” prosecuting attorney Frank Sedita said.


Man sentenced to 20 years in murder of online rival | The Register

United Airlines exploits tragedy in Brazil

I'm sure you've all heard the tragic story of Tony Harris by now...the son/son-in-law of a loving wife, a soon to be born child, a devoted step-father and his wife... Tony Harris goes to Brazil to play basketball and life takes a tragic turn... But...is United Air Lines hospitable? Sympathetic? NO! instead of giving the grieving step-father...

Digg - United Airlines exploits tragedy in Brazil

Alleged Cisco hacker convicted in Sweden, bewails fate

A 19-year-old from Uppsala, Sweden, has been found guilty on seven counts of unauthorized access to Swedish university servers and research computers. He is also suspected by the FBI of breaking into servers at Cisco Systems and stealing classified source code.

The man, who was no older than 16 when the crimes were committed, was found guilty by the court of appeals on Monday. He will have to pay about $32,000 to three Swedish universities and to the national supercomputer center in Linköping. The man, who had no previous record, was also given a suspended prison sentence.


Alleged Cisco hacker convicted in Sweden, bewails fate

New Trojan In The Wild, Update Your Antivirus Now!

A new day, a new Trojan to infect our computers. This time it’s Troj_Small.Jiu, a Trojan horse which was discovered by security vendor Trend Micro that informed the infection can be installed by other malware or as a standalone file by any user. "This Trojan arrives as a file dropped by other malware. It can be a component bundled with other malware packages.
It can also be downloaded unknowingly by a user when visiting malicious Web sites," Trend Micro wrote in the report.


Update Your Antivirus Now! - Troj_Small.Jiu discovered by Trend Micro - Softpedia

Ballmer talks a big game against Google

Google ain't no thang, according to the confrontational stylings of Microsoft CEO Steve Ballmer. The leading search-turned-services giant poses no real threat to Microsoft, Ballmer said, which is doing fabulously. Ballmer is clearly tired of the big G's shadow, so he turned up the "what, me worry?" attitude in Tokyo this week during the launch of Windows Live Service Microsoft's suite of IM, e-mail, photo sharing, and every other service imaginable—and made a serious effort to play down Google's level of competition.

Ballmer talks a big game against Google

Facebook invites ads into user profiles

Social network Facebook unveiled a new advertising system on Tuesday that will let companies introduce ads into the user pages of its 50 million members, and launch dedicated pages on the site for their brands.

Microsoft Corp took a minority investment in Facebook last month that valued the privately held company at $15 billion, largely on the expectation the social network would soon be able to mine user profiles for valuable ad data.

( OH...Really...humph! )

"It's not about being commercial, it's about being useful," said Quincy Smith, president at CBS Interactive.

( geeez, do you really think everyone's an idiot...right, yer doin' it to be ' useful ' ...barf )

Facebook invites ads into user profiles | Technology | Reuters

Cracking passwords

Passwords
When you type in a password, the computer converts whatever you type into a hash. A hash is a unique algorithmic value that is then stored on your computer (or Web server). "Computers have been designed this way for the last 20 years," said Graham, "so that when hackers break into your computers they can not just easily steal your passwords. All they can steal is that cryptographic information." Typically, passwords are stored in MD4 hash, says Graham.

Security Watch: Cracking passwords - CNET reviews

Storm Worm spews out 15 million pump-and-dump messages

The spam run began on 17 October and lasted about 36 hours, using infected computers in the Storm Worm network to send out the mails, MessageLabs said in a statement released on Tuesday. The spam sounded strange because the voice in the message was "synthesised using a very low compression rate of 16KHz to keep the overall file size small, at around 50KB, to avoid detection," the company said.

Storm is thought to have landed on as many as 15 million PCs over the past year, but recently its network of infected PCs has been shrinking. University of California, San Diego, researchers recently pegged it at about 160,000 computers, only 20,000 of which are accessible at any one time.

Storm Worm spews out 15 million pump-and-dump messages - Computerworld UK - The Voice of IT Management

Study Gives Insight Into Identity Theft

The Center for Identity Management and Information Protection (CIMIP) has released the first -ever study of closed United States Secret Service cases dealing with identity theft.

Organized group activity took place in 42 percent of the cases, involving 2-45 offenders. In about half of those cases the Internet was used to commit the crime. Just 20 percent of the cases involved non-technological methods for identity theft such as dumpster diving or change of address.

More than a third of the victims were financial institutions such as banks, credit unions and credit card companies. Individuals were victims 34 percent of the time and 59 percent of the victims did not know the offenders. Only 5 percent of the victims were related to the offender.

Study Gives Insight Into Identity Theft | WebProNews

Extra Security After New Raid at School

A DEFIANT head teacher has increased security measures and vowed not to be beaten by burglars after his school was raided for the second time in two weeks.

Thieves smashed their way into the learning support office at The Friary School, in Eastern Avenue, Lichfield, and stole more than pounds 1,500 worth of electrical equipment, including two computers, a video and overhead projector.

The incident happened between 10pm and 10.45pm on October 11, just two weeks after the first break-in when a computer was stolen.

Police believe an offender scaled the roof from the back of the school and climbed down into a quadrangle, before using a large concrete block to smash the window.

Bars have now been put up around the windows of the office in an attempt to stop further burglaries.

Extra Security After New Raid at School - Technology - RedOrbit

USB encryption security for Windows: IronKey review

The IronKey is a hardware-based, high-grade encrypted USB drive, produced by a company of the same name, IronKey Inc. It was made with the idea in mind that there's a growing tendency for people to carry their data, documents and their applications with them on a USB drive.

This product is also a sort of personal encryption hub that serves many functions. The single most eyebrow-raising aspect of the IronKey is that it self-destructs if an attempt is made to read the data on the device without following the proper decryption protocol. Not with a bang or a flash; the data encryption keys stored on the drive will be erased, making the data impossible (or at least unfeasibly difficult) to recover. Tampering physically with the device (i.e., trying to crack it open) causes it to self-destruct as well.

USB encryption security for Windows: IronKey review

Mother's ire puts Ballmer on defense over Vista

"I'm one of those early adopters of Vista," said Yvonne Genovese, an analyst who was interviewing Ballmer along with fellow analyst David Smith on stage at a conference forum. "My daughter comes in one day and says, 'Hey Mom, my friend has Vista, and it has these neat little things called gadgets -- I need those.'"

Said Ballmer: "I love your daughter."

"You're not going to like her mom in about two minutes," said Genovese, while the crowd laughed.

She went on to explain that she installed Vista for her daughter -- and two days later went right back to using the XP operating system. "It's safe, it works, all the hardware is fine, and everything is great," she said of XP.

Genovese also argued that her experience with Vista is broadly shared: "What we're seeing and what we're hearing from users is a very similar thing. It's difficult to implement. What should we be seeing that we're not seeing?"

"Let's start with the end user. Your daughter saw a lot of value," said Ballmer.

"She's 13," Genovese shot back.

Ballmer was good-natured about the critique as he defended the operating system. "Users appreciate the value that we put into Vista," he said. But, as with earlier operating system releases, "there is always a tension between the value that end users see -- and frankly, that software developers see -- and the value that we can deliver to IT."

Mother's ire puts Ballmer on defense over Vista

Hackers Could Shut Down Car Engines!

I had mentioned this a while ago in a conversation with a friend that these computerized cars would eventually be the subject of some potentially serious problems

Hackers Could Shut Down Car Engines!

Some people just have no idea what they are doing. Here we go again – this is another case of overzealous security that can seriously end up in hurting the ones who should be protected!
General Motors is going to come up with a system to make car thefts history…

http://itexperts.thetazzone.com/viewtopic.php?p=1045#1045
TAZForum 2 :: Security Zone :: View topic - Hackers Could Shut Down Car Engines!

Hacker broke into routers and stole VoIP services

In the US, a hacker has been jailed for two years after breaching security at 15 separate telcos with incredible ease.

At the trial, AT&T reported that Robert Moore ran six million scans on its network alone. Other companies that were successfully targeted used aliases in an attempt to build up confidence in their services.

The global hacking exercise conducted by Robert Moore was targeted at telcos and corporations, and the aim was to steal VoIP services and sell them through a third party.

For the UK Voice and Data commun

AT&T threatens to disconnect subscribers who criticize the company

AT&T has rolled out new Terms of Service for its DSL service that leave plenty of room for interpretation. From our reading of it, in concert with several others, what we see is a ToS that attempts to give AT&T the right to disconnect its own customers who criticize the company on blogs or in other online settings.

In section 5 of its legal ToS, AT&T stipulates the following:

AT&T may immediately terminate or suspend all or a portion of your Service, any Member ID, electronic mail address, IP address, Universal Resource Locator or domain name used by you, without notice, for conduct that AT&T believes (a) violates the Acceptable Use Policy; (b) constitutes a violation of any law, regulation or tariff (including, without limitation, copyright and intellectual property laws) or a violation of these TOS, or any applicable policies or guidelines, or (c) tends to damage the name or reputation of AT&T, or its parents, affiliates and subsidiaries.

AT&T threatens to disconnect subscribers who criticize the company

Hackers Crack Layered Tech Database

Dedicated hosting company Layered Technologies is advising customers to reset account logins after an incident Monday night in which hackers were able to access a client support database. Layered Tech said it doesn't believe that any customer credit card numbers were compromised, but is nonetheless advising customers to change the login credentials on all their servers and underlying services created in the past two years, including webmail, SSH access, MySQL databases and cPanel reseller control panels.


Netcraft: Hackers Crack Layered Tech Database

Salary survey: IT pay falls short

Typical raises beat national rate of inflation, bringing average base pay to $86,700. Yet network professionals aren’t happy with their salary packages, our annual survey finds.

x.cgi

Find Out If Your Computer Is Secretly Connecting to the Web

* Type cmd in your Windows Run box.
* Type "netstat -b 5 > activity.txt" and press enter.
* After say 2 minutes, press Ctrl+C.
* Type "activity.txt" on the command line to open the log file in notepad (or your default text editor)


Windows: Find Out If Your Computer Is Secretly Connecting to the Web - Lifehacker

A new way to pay in the UK

Contactless cards such as the OnePulse recently launched by Barclays can be used to "wave and pay" for low cost items.

A new way to pay in the UK | Video | Reuters.com

Canadian police detain Nigerian in alleged 419 scam

Canadian police detain Nigerian in alleged 419 scam

A Nigerian national who had been living in Canada was taken into custody by Winnipeg police in connection with a West African email scam alleged to have bilked an 84-year old man of $30,000.

Toluwalade Alonge Owolabi, 36, of Toronto, was charged with fraud in excess of $5,000

Canadian police detain Nigerian in alleged 419 scam | The Register

Quechup is rotten: don't accept invites

Quechup is rotten: don't accept invites

While you were Burning / vacationing / spacing out offline this Labor Day weekend, many folks online were hit with invitations from a social networking service called Quechup that violates your address book, and abuses user trust by spamming all your contacts.

Quechup is rotten: don't accept invites - Boing Boing

Winfrey turns it on for Obama

Oprah Winfrey was rolling out the red carpet for Barack Obama and the high-wattage stars invited to a gala "celebration" expected to raise $US3 million ($3.6 million) for the Democratic presidential candidate.

The most powerful woman in show business was celebrating her favourite candidate at her palatial estate in this coastal enclave south of Santa Barbara yesterday. Tickets to the sold-out private event went for $US2300 apiece, keeping them within campaign finance limits.

Stevie Wonder was scheduled to perform for the guests, who were expected to include actors Will Smith, Jamie Foxx and Halle Berry. As the presidential hopeful was preparing for his fundraiser, former president Bill Clinton was contemplating a possible return to the White House as "first laddie" if his wife, senator Hillary Clinton, were elected president.

The Australian, News from Australia's National Newspaper

Warning On Office 2007 "Try-Before-You-Buy"

In fairness, I have not used the trial version of Office-2007. But, after my experience with the trial version of Office-2003, I would touch it with a ten foot pole. Please make sure your friends don't touch it either.

Slashdot | Warning On Office 2007 "Try-Before-You-Buy"

Googling "how to crack a safe" nets robbers $12,000

Googling "how to crack a safe" nets robbers $12,000

These burglars may not have been the sharpest tacks in the box to begin with; they attempted to cover a security camera lens not with spray paint or some other opaque agent, but the clear, cleaning properties of WD-40, and attempted to do the same to a fire alarm that they thought was a camera. But at least they were resourceful; after spending an hour and 15 minutes attempting to unsuccessfully crack the safe using their handy passcodes, according to the Colorado Springs Gazette, they used the computer in the next room to search Google for "how to crack a safe."

The Google search proved fruitful for the two burglars, as they were able to get the information they needed and walk away with $12,000 in cash as well as a PlayStation and a laptop. And despite their inept attempts to outwit the security cameras, they have not yet been arrested.


Googling "how to crack a safe" nets robbers $12,000

Hotlan Trojan defeats captcha

Hotlan Trojan defeats captcha

A new Trojan horse that sends spam through Hotmail and Yahoo email accounts has antivirus companies worried that the commonly used "captcha" system, used to prove new members are real people, may have been compromised.

Captcha systems typically use a selection of alphanumeric characters that have been distorted and presented in a graphic with other elements designed to confuse character-recognition software. The idea is that, as only a person can read it and type in the correct sequence, spam bots and other malware can be stopped from automatically setting up accounts.

http://news.zdnet.co.uk/security/0,1000000189,39287905,00.htm
Hotlan Trojan defeats captcha - ZDNet UK

New IBM supercomputer achieves petaflop

The petaflop era has begun.

IBM has devised a new Blue Gene supercomputer--the Blue Gene/P--that will be capable of processing more than 3 quadrillion operations a second, or 3 petaflops, a possible record. Blue Gene/P is designed to continuously operate at more than 1 petaflop in real-world situations.

Blue Gene/P marks a significant milestone in computing. Last November, the Blue Gene/L was ranked as the most powerful computer on the planet: it topped out at 280 teraflops, or 280 trillion operations a second during continuous operation.

Put another way, a Blue Gene/P operating at a petaflop is performing more operations than a 1.5-mile-high stack of laptops.

New IBM supercomputer achieves petaflop | CNET News.com

Dell apologizes for remove-this-blog-post-or-else nastygram

A blog post at Consumerist.com offering tips on buying from Dell drew a nasty cease-and-desist letter from the company's attorney and then, in quick succession, a chastened apology from a Dell manager.

The original post, titled "22 Confessions Of A Former Dell Sales Manager," appeared last Thursday. The same afternoon, Dell attorney Tracy J. Holland sent a nastygram to Consumerist saying the post must be deleted because "it contains information that is confidential and proprietary to Dell."

Dell apologizes for remove-this-blog-post-or-else nastygram | Tech news blog - CNET News.com

BBC, Yahoo invite developers to hack Web apps

BBC, Yahoo invite developers to hack Web apps

The event is a series of open days held around the world by Yahoo for anyone such as computer programmers and developers to attend and come up with new innovative applications.

The latest event has been held over the last 24 hours in London, staged by Yahoo and the British Broadcasting Corporation for anyone to develop new projects that use either of the media group's programs.

BBC, Yahoo invite developers to hack Web apps | CNET News.com

New Gimp packages fix arbitrary code execution

A buffer overflow has been identified in Gimp's SUNRAS plugin in
versions prior to 2.2.15.  This bug could allow an attacker to execute
arbitrary code on the victim's computer by inducing the victim to open a
specially crafted RAS file.

For the stable distribution (etch), this problem has been fixed in
version 2.2.13-1etch1.

New Gimp packages fix arbitrary code execution

Symantec launches next-generation anti-virus beta

Symantec will launch the first public beta of its next-generation corporate
anti-virus software, Endpoint Protection 11.0, at its annual Symantec Vision conference next week.

The product has been available to a select group of beta testers since March, under the codename Hamlet. Symantec would not reveal Hamlet's official product name, but it is listed on the Vision conference website. Hamlet will be a follow-up to Symantec's AntiVirus Corporate Edition, version 10.

The new software is a major advance for Symantec, which has been working
for more than a year to integrate firewall, zero-day protection and network access control features into its anti-virus product.

Symantec launches next-generation anti-virus beta - ComputerworldUK - The Voice of IT Management

NBC tests prompt investigation into U.S. armor

NBC tests prompt probe into U.S. armor - Military Affairs - MSNBC.com

On May 3 at a ballistics laboratory in Germany, NBC News testing showed that Dragon Skin, made by privately held Pinnacle Armor Inc., outperformed Interceptor, the Army’s standard-issue armor. Before the results were aired, a retired U.S. general reviewed the testing conducted in simulated combat conditions.

Google: Attack code more likely on Microsoft IIS

Web sites running Microsoft Corp.'s Web server software are twice as likely to be hosting malicious code as other Web sites, according to research from Google Inc.

Last month, Google's Anti-Malware team looked at 70,000 domains that were either distributing malware or hosting attack code. "Compared to our sample of servers across the Internet, Microsoft IIS features twice as often as a malware-distributing server," wrote Google's Nagendra Modadugu, in a Tuesday blog posting.

Together, IIS (Internet Information Services) and Apache servers host about 89 percent of all Web sites, but collectively they're responsible for 98 percent of all Web-based malware.

Google: Attack code more likely on Microsoft IIS

Spotlight on staff security risks as data watchdog probes C&W breach

A BBC Newsnight investigation found that customer details had been used by call centres abroad to approach Bulldog customers and obtain credit card details. Cable & Wireless and current Bulldog owner Pipex have issued a High Court injunction requiring the former employee and call centres to cease using the data.

The ICO said it had received a response from Cable & Wireless last month explaining how the breach occurred and would begin a dialogue with the company in the coming weeks to ensure that it does not happen again.

Analysts advised organisations to assess the risks to their confidential data in the light of the incident.

Spotlight on staff security risks as data watchdog probes C&W breach - 04/Jun/2007 - ComputerWeekly.com

Password-cracking contest proves theory

Quote:

The password hacking contest I started 10 months ago is two-thirds over. We have a winner for the second of three hash challenges... I just don’t know who that person is.

On July 17, 2006, I challenged Security Adviser blog readers to a password hash cracking contest. The prizes were nominal (US$100 and free copies of my books), but the main challenge was to prove my password theories wrong and to live on in infamy through internet blogs (yeah, right, Roger).

Password-cracking contest proves theory