Friday, August 3, 2012

Hackers hit Major League Baseball teams' Facebook sites


(Reuters) - Hackers hit Major League Baseball teams' Facebook pages with phony postings on Thursday, including an announcement that New York Yankees star Derek Jeter would undergo sex change surgery, the sports site Deadspin reported.
"He promises to come back stronger than ever in 2013 as Minnie Mantlez," said a posting that was quickly removed from the Yankees' page. Hall of Famer Mickey Mantle was a Yankees' slugger in the 1950s and 1960s.
The Miami Marlins' page falsely announced a pit bull giveaway. The animal is banned in Miami-Dade County.
The Chicago White Sox, President Barack Obama's favorite team, purported to endorse Republican presidential candidate Mitt Romney, while the Washington Nationals' page said the team, which used to be the Montreal Expos, was moving back to Canada.
The sites of the San Francisco Giants, San Diego Padres and Chicago Cubs were also hit with fake posts, some of them profane or insulting. The messages were quickly removed and the teams posted notes explaining that they had been hacked.
"For a brief moment today, a few MLB Club Facebook accounts were hacked and inappropriate material was briefly on display from those Clubs' pages on Facebook. MLB Advanced Media oversees these Facebook pages on behalf of the Clubs and regrets this occurrence," Major League Baseball said in a statement.
"We are working with Facebook, Major League Baseball Security and, where appropriate, legal authorities to determine the circumstances surrounding this situation," it added.
(Reporting by Jane Sutton; Editing by Peter Cooney)
Sources by : http://news.yahoo.com
Posted by at
Labels: , , , , , ,

China's Huawei responds to US hackers


Chinese communications giant Huawei Technologies on Wednesday responded to US hackers' claims that its routers were easily cracked, saying its security strategies were rigorous.
The annual Def Con hackers' convention in Las Vegas on the weekend was shown how to slip into networks through some Huawei routers, which Recurity Labs chief Felix "FX" Lindner described as a "gift" to the hacker community.
Huawei routers, equipment that connects networks to the Internet, are widely used in Asia, Africa and the Middle East and the company has been striving to gain ground in US and European markets, according to Germany-based Recurity.
Lindner and his teammate Gregor Kopf said they were troubled that Huawei had not issued security advisories about its routers to warn users to take precautions.
"These machines have serious security issues," Kopf told AFP. "In my eyes, the greatest danger is that you don't know how vulnerable it is; you're left in the dark."
Kopf said that once attackers slipped through the routers thdy could potentially run amok in networks.
In response, Huawei issued a statement to AFP saying it was aware of "media reports on security vulnerabilities in some small Huawei routers" and was trying to verify the claims.
"Huawei adopts rigorous security strategies and policies to protect the network security of our customers, and abides by industry standards and best practices in security risk and incident management," it said.
The company said it had a "robust response system to address product security gaps and vulnerabilities".
Huawei, founded by a former People's Liberation Army engineer, has established itself as a major force in the global telecoms industry where its technology is widely used to build mobile phone networks.
But it is also battling an image problem in the broader technology market due to its perceived close ties with the Chinese state.
It has recently been blocked from bidding for contracts on Australia's national broadband project, reportedly due to concerns about cyber-security.
The company has in the past also run afoul of US regulators and lawmakers because of worries over its links with the Chinese military -- fears that Huawei has dismissed.

Sources by : http://news.yahoo.com
Posted by at
Labels: , , , , ,

Def Con hackers go mainstream but still love to party


LAS VEGAS (Reuters) - When Jeff Moss founded the Def Con hackers convention in 1993, he never imagined that two decades on, one of the key speakers at the annual Las Vegas event would be four-star General Keith Alexander, head of the U.S. National Security Agency.
Once known as an excuse for computer geeks and social misfits to drink cheap beer, create mischief and party all night Sin City-style, Def Con has transformed itself into a venue where elite and amateur hackers alike debate serious security issues with experts from the public and private sectors.
While there was still plenty of merrymaking for hackers at last weekend's conference, it also drew top corporate executives, military officers and intelligence agencies looking to recruit the brightest minds in the crowd.
"Hacking has gone from being a hobby to a profession," said Moss, who was working as a messenger at a law firm when he founded Def Con to mark the shutdown of a Canadian hacking network known as Platinum Net.
Talented computer security experts are in high demand as government agencies and corporations grapple with increasingly sophisticated cyber attacks.
About 100 hackers showed up at the first Def Con nearly 20 years ago. A record 15,000 people attended the latest meeting, including Alexander, who called on hackers to join U.S. government efforts to make the Web more secure.
The changes in Def Con reflect the influence of Moss and other hackers who now counsel government leaders and technology companies on how to protect their information networks.
Moss, known in hacking circles as "The Dark Tangent" or just DT, is an advisor to the U.S. Department of Homeland Security and chief security officer of ICANN, an organization that manages some of the Internet's key infrastructure.
Def Con promotes "white hat" hacking, which aims to identify security flaws so that software makers and other manufacturers can fix them before criminals use the vulnerabilities to launch attacks.
"Black hats" are felons, and "gray hats" fall somewhere in the middle.
WHITE HATS
In its early years, Def Con had such a wild reputation -- even by Las Vegas standards -- that Moss had trouble finding major venues to host the meeting. The raucous attendees not only liked to hack into every computer network they came across, but also sometimes caused physical damage to facilities, organizers said.
Last year, the restaurant computer system crashed at the Rio Las Vegas Hotel and Casino, which has hosted the past two Def Cons. Long lines ensued, and servers had to take orders with pen and paper. This year, cellphone calls were mysteriously jammed for several hours.
Organizers routinely advise attendees to leave their ATM cards at home, turn off all wireless connections on their mobile devices and generally be on guard, describing Def Con as one of the most hostile hacking environments on the planet.
Nevertheless, there are fewer problems nowadays than in the early iterations of Def Con, and organizers say that mischief makers account for a small minority of attendees.
"Def Con has cleaned up," said Brendon "cstone" Creighton, a member of the "Ninja" hacker crew, which hosted one of the conference's biggest parties over the weekend.
That calmer atmosphere may be partly due to an increased military presence at the conference.
"Everybody is trying to recruit you," noted Creighton. "There are Army guys handing out business cards."
There were even investors scouting the crowd of teens and adult males, some of whom were tattooed and had colored hair and Mohawks. Some were dressed in kilts and exotic costumes, but most just wore T-shirts with shorts or jeans.
Nico Sell, an organizer who is also an angel investor, decided to help two college students build a company in 2004 after they showed up with a hacking "gun" that could attack mobile phones from more than a mile away. It was dubbed "Bluetooth Sniper."
They eventually founded Lookout, now one of the biggest providers of software for mobile devices, with products available through major carriers including Verizon Wireless, Sprint Nextel Corp and T-Mobile USA.
"The roots of our company are in Def Con," said Lookout Chief Technology Officer Kevin Mahaffey.
'HACK ALL THE THINGS'
Moss calls Def Con a "neutral zone" for feds and hackers to mingle. The conference's all-night parties have become increasingly lavish, with corporate sponsors including Facebook Inc, Zynga Inc and Qualcomm Inc.
One such event was organized by the Ninjas, who invited more than 1,200 hackers, security experts, federal agents, corporate executives and other "cool people" to a pool party in the courtyard of a boutique hotel on Saturday night.
A rapper belted out songs with lyrics like "Drink all the booze. Hack all the things." The invitations were in the form of HTC One Android smartphones that could access a specially built GSM mobile wireless network that ran off a wireless antenna on top of a van filled with computer equipment.
Building that network -- and designing retro Ninja Tel phones -- took nearly a year and several hundreds of thousands of dollars, which the Ninjas got from Facebook, Zynga, Lookout and a unit of Qualcomm known as AllJoyn.
Why put in so much work for a party?
"Strippers aren't so interesting anymore, so build a phone company," said Ninja crew member pinguino, a 34-year-old woman from Los Angeles. "It's kids growing up."
To be sure, the vast majority of Def Con attendees are not recruited by the feds or invited to a Ninja party. Most -- known in Def Con parlance as "humans" -- hang out with friends, watch movies, learn to pick locks and enter hacking contests.
In one big room, 20 teams of geeks spent three days crouched over laptops, jamming out code at a feverish pace in Def Con's "Capture the Flag" contest, considered one of the world's top hacking competitions. The goal was to attack the computers of other teams and defend your own.
Electronic music played in the background, and projectors showed videos of scantily clad young women and other footage on the walls. Irreverent organizers handed out finger condoms to promote "safe hacking."
By Saturday night, about thirty hours into the competition, the contestants looked dazed.
Jared Demott, the principal security researcher with Harris Corp, says he enters these contests to stay at the top of his game.
"It's fun," he said, "but not all that fun."
(Editing by Tiffany Wu and Lisa Von Ahn)
Sources by : http://news.yahoo.com
Posted by at
Labels: , , , , , ,

Mac Malware Alert Surfaces as Mountain Lion Goes Live [REPORT]


Mac malware.
The malware, known as Crisis and Morcut, arrived via a file named "AdobeFlashPlayer.jar." The "jar" in this case refers to "Java archive" and are just a ZIP file by another name, according to Sophos. In this case, opening the file will unleash a .class file named WebEnhancer, and "two unassuming-looking files named win and mac." The "mac" is an installer for Crisis or Morcut
[More from Mashable: Mountain Lion Arrives Today and Two Other Stories You Need to Know]
However, the good news is that the WebEnhancer applet will trigger the digital signature alert below:
[More from Mashable: Apple OS X Mountain Lion Goes on Sale Tomorrow]
The researcher warns, though, that the malware doesn't necessarily have to be delivered via a ".jar" file -- that's just the way it came about in this case. If you do download Morcut/Crisis, then beware. According to Sophos, "Morcut has kernel driver components to help it hide, a backdoor component which opens up your Mac to others on your network, a command-and-control component so it can accept remote instructions and adapt its behaviour, data stealing code, and more."
SEE ALSO: 3 Ways to Protect Your Mac From Malware
Sophos warns Mac users not to assume that they're safe from malware attacks. Indeed, such threats have been on the rise as the platform has grown in popularity. Another piece of advice is to uninstall Java if you don't need it. "That leaves one less convenience for malware writers."
Have you run across WebEnhancer? Let us know in the comments.
Image courtesy of iStockphoto, Forzua

Sources by : http://news.yahoo.com
Posted by at
Labels: , , , ,

Congress halts posting of civilian, military officials' assets


WASHINGTON (Reuters) - In a last-minute act before skipping out on a five-week vacation, the Congress on Thursday temporarily spared thousands of top military officers and civilian government officials from having their financial assets publicly posted -- and exposed to hackers and spies.
Had both the House and Senate not acted before leaving town, the financial disclosures for the military and executive branch officials from the Pentagon to the State and Treasury departments would have been posted to agency websites by August 31, thanks to Congress' own inadvertent handiwork.
The public posting plan, which also was to include a convenient searchable database that could be used by identity thieves and foreign intelligence services alike, was part of legislation enacted in April to deter insider trading by members of Congress.
The provision of the so-called STOCK Act was aimed at spreading some disclosure pain to the Obama administration by requiring the posting of data for 28,000 executive-branch officials. The annual financial disclosures include assets such as bank accounts, stock and mutual fund holdings, investment properties, major non-mortgage debts and sales and purchases of these assets.
However, it later emerged that this treasure trove of information could pose a national security risk.
"What a bonanza for domestic and foreign criminal groups, terrorist organizations and foreign intelligence services intent on harming U.S. national security officials," said John Bellinger, a former State Department and White House legal adviser.
"With the anonymous click of a button, they can know which executive branch officials have the most assets or the greatest debts," said Bellinger, now a national security lawyer with Arnold & Porter LLP in Washington. "Foreign intelligence services spend billions to try to find out who's vulnerable to influence, and this would lay it all out for them."
U.S. officials posted in foreign countries could be put at risk of kidnappings, he added.
On Friday, both the House and Senate by voice vote and with no debate, passed a measure to delay the effective date for posting any executive branch disclosures until September 30. The stop-gap will be sent to President Barack Obama to be signed into law.
Congress returns from its break on September 10 and can make further changes at that time before any information gets posted.
Bellinger and a group of other former U.S. national security officials had been pressing Congress for a full exemption for any executive branch official with a security clearance.
(Editing by Fred Barbash and Sandra Maler)

Sources by:http://news.yahoo.com
Posted by at
Labels: , , , ,
Subscribe to: Comments (Atom)