Up until two years ago, my school was running Microsoft Exchange Server for student and staff email, and it made the Technology Office’s life miserable. I believe we had three servers just dedicated to handling the email of 550 staff and students. A tremendous amount of time was spent backing up email, troubleshooting Exchange issues, clearing out spam, patching and upgrading Exchange servers, managing security and dealing with various user issues.
There’s a story in the Houston Chronicle that malware has incapacitated the computer networks of some oil rigs and platforms. This malware was unintentionally downloaded by oil workers. The malware gained access to the oil platforms and rigs in several ways:
- OIl workers brought it aboard on their laptops or via USB drives.
- Infected music and pornogrophy files were downloaded directly through oil rig satellite connections.
Experts are concerned, because a worst case scenario could involve compromised safety systems that could cause a well blow out, an explosion, an oil spill or even the loss of human life.
One such instance caused a system to lock up on a facility in the Gulf of Mexico.
The principal tactical analyst for the National Electric Sector Cybersecurity Organization, Jack Whitsitt, said a typical malware infection on energy infrastructure would likely cause no serious problems. But he said a tailored attack, engineered to target a facility through widely distributed malware, could have dangerous repercussions.
Click here for the article from the Houstan Chronicle
On Tuesday Apple disclosed that a small number of employee computers had been hacked via a vulnerability in the Java plug-in for browsers.
Facebook security had been breached in a similar manner.
An Apple spokesperson told the website AllThingsD that “The malware was employed in an attack against Apple and other companies, and was spread through a website for software developers. We identified a small number of systems within Apple that were infected and isolated them from our network. There is no evidence that any data left Apple. We are working closely with law enforcement to find the source of the malware.”
Apple has not included an enabled version of the Java plug-in on it’s Macs since Mac OS X Lion shipped in October 2010.
There’s a story out on the web that a Chinese Army unit has been linked to widespread hacking of U.S. interests.
According to Symantec’s recent state of the Internet Report, there was an interesting statistic: adult/pornographic sites have three times fewer threats per infected site than religious or ideological sites.
This seems counter-intuitive. However, Symantec had a possible explanation: “We hypothesize that this is because pornographic website owners already make money from the Internet, and as a result, have a vested interest in keeping their sites malware-free – it’s not good for repeat business,” the company said.
Scammers aren’t just faking websites, they’re also spoofing your ATM machine.
There have been a number of cases where criminals have attached a false card slot on top of an ATM’s legitimate card slot. The false slot contains a second card reader, which captures and store’s your ATM Card number when you insert your card. A miniature wireless camera, disguised as a pamphlet holder affixed to the ATM machine record’s your PIN number when you type it on the keypad.
Both the camera and the second card reader could be wireless, with the thieves up to several hundred feet away recording legitimate ATM transactions. What’s really brilliant about this is the ATM machine still dispenses cash and a receipt as normal – you probably wouldn’t know that your ATM card and PIN have just been hacked.
Click here to view the original article. This site has pictures of the second card reader, attached to an ATM, as well as the camera.
Wired magazine has an article about how certain company’s electronic locks, lighting systems, elevator control systems, video surveillance systems, etc are vulnerable to hacking.
These systems, sold by the company Tridium, operate on a Windows system running a Java virtual machine and the Tridium client software, as well as the company’s embedded software. The vulnerability could allow hackers to get root access to this system.
Billy Rios and Terry McCorkle are the security researchers who discovered the zero day vulnerability. “The platform is written in Java, which is really, really good from an exploitation standpoint,” Rios said. “Once we can own the platform, a lot of the other stuff is very, very straightforward [to attack].”
The creators of PGP encryption and Apple’s whole-disk encryption have teamed up to form Silent Circle, a company that has created a new App called “Silent Text” which will easily give the average user the ability to encrypt a document, image, or video on their smart phone, send it to someone else, and then “shred” the original file without leaving a trace on the Smart Phone.
Law enforcement agencies are concerned about the potential for abuse of such an App by criminals or terrorists.
However, Mike Janke, the CEO of Silent Circle, believes that “Every citizen has a right to communicate, the right to send data without the fear that of it being grabbed out of the air and used by criminals, stored by governments, and aggregated by companies that sell it.”
According to the article, some human rights reporters have already used the App to take a video of brutality that took place at a checkpoint in South Sudan. The human rights reporters were able to shoot a video of the abuse, upload it to collegues thousands of miles away, and have the video deleted off their device. This helped ease the fear of being caught with the video.