AFP: Hack attack hits ATM jackpots

Posted by Global EDD Group on July 31, 2010 · Leave a Comment 

Computer security researcher Barnaby Jack jokes that he has resorted to hiding cash under his bed since figuring out how to crack automated teller machines remotely using the Internet.

The New Zealand native on Saturday demonstrated his “ATM jackpotting” discovery for an overflow crowd of hackers during a presentation at the infamous DefCon gathering in Las Vegas.

“You don’t have to go to the ATM at all,” Jack told AFP after briefing fellow software savants. “You can do it from the comfort of your own bedroom.”

Jack proved his findings using two kinds of ATMs typically found in corner stores, bars or other “stand-alone” venues in the United States but said the flaw likely exists in machines at banks.

Banks use “remote management” software to monitor and control their ATMs, and Jack used a weakness in that kind of code to take control of machines by way of the Internet.

via AFP: Hack attack hits ATM jackpots.

Filed under Tech Bytes · Tagged with , , , , , , , , ,

The quiet threat: Cyber spies are already in your systems – Computerworld

Posted by Global EDD Group on July 28, 2010 · Leave a Comment 

Is your company’s data under surveillance by foreign spybots looking for any competitive advantages or weaknesses they can exploit? This might sound farfetched, but such electronic espionage is real. It’s an insidious security threat that’s a lot more common than you probably realize.

As an IT or security executive, determining whether your organization is under attack via this seemingly undetectable threat — and putting in place adequate technology and procedural safeguards — should be a high priority. The stakes are too high to ignore the problem.

[ Not all corporate espionage is high-tech; find out how to stop low-tech spies. | InfoWorld's Roger Grimes says you should lure spies with honeypots. | Master your security with InfoWorld's interactive Security iGuide. ]

Security experts believe that a growing number of companies are being spied upon electronically by sources from other countries, most notably China. What makes these attacks so troublesome is that their techniques are often undetectable by the usual security tools. Electronic spies try to get into systems without causing disruptions, so they can quietly gather information over a period of time.

via The quiet threat: Cyber spies are already in your systems – Computerworld.

Filed under Tech Bytes · Tagged with , , , , , , , , ,

Researcher finds Safari reveals personal information – Computerworld

Posted by Global EDD Group on July 26, 2010 · Leave a Comment 

A feature in Apple’s Safari browser designed to make it easier to fill out forms could be abused by hackers to harvest personal information, according to a security researcher.

Safari’s AutoFill feature is enabled by default and will fill in information such as first and last name, work place, city, state, and e-mail address when it recognizes a form, wrote Jeremiah Grossman, CTO for WhiteHat Security, on his blog.

The information comes from Safari’s local operating system address book.

The feature dumps the data into the form even if a person has entered no data on a particular Web site, which opens up an opportunity for a hacker.

“All a malicious website would have to do to surreptitiously extract Address Book card data from Safari is dynamically create form text fields with the aforementioned names, probably invisibly, and then simulate A-Z keystroke events using JavaScript,” Grossman wrote. “When data is populated, that is AutoFill’ed, it can be accessed and sent to the attacker.’

via Researcher finds Safari reveals personal information – Computerworld.

Filed under Tech Bytes · Tagged with , , , , , , , ,

Why your companies need Ethical Hacking? | mycomputer2u.com

Posted by Global EDD Group on July 12, 2010 · Leave a Comment 

Many people refers to hacking as a horrible think and some think which they should avoid but the term ethical hacking makes people scratch their head and think why they would want to get hacked but ethical hacking saves many companies millions.

Ethical hacking is an important step in the security process of a company. How can a company be sure that they are safe against a real damaging hacking? Company can hire cyber security experts that will try to hack the network and find the areas which are insecure so that company can take necessary actions to become more secure. They normally checks for actually hacking into customer files and leaks that allows viruses which can be harmful to net network. These can cost companies an enormous amount of money as well as reputation, thus making ethical hacking an important part of the security process of any company. Ethical hacking is mostly done by the individuals who are trained in the cyber security.

via Why your companies need Ethical Hacking?.

Filed under Tech Bytes · Tagged with , , , , , , , , ,

U.S. Government’s FCPA Probe of Weatherford Expands

Posted by Global EDD Group on June 25, 2010 · Leave a Comment 

The federal government’s probe into Weatherford International Ltd’s dealings in foreign countries has burgeoned far beyond a simple bribe inquiry by the Securities and Exchange Commission. It is now a multi-agency civil and criminal investigation into allegations that Weatherford did business with terrorist-friendly countries that are under U.S. trade sanctions.

Weatherford is one of the world’s largest oilfield service companies, operating in over 100 countries.

In an unusual twist to the tale last year, Weatherford general counsel Burt Martin left his job in mid-probe, and the company decided to move its headquarters from Houston to Geneva, Switzerland. It still has U.S. operations in Houston.

The company conceded in its 10-Q financial report to the SEC on May 3 that the federal inquiry that began in 2006 has now grown to include the Department of Justice, the Department of Commerce’s Bureau of Industry & Security, and the U.S. Treasury’s Office of Foreign Assets Control. The latter two agencies handle matters of national security.

The report said the feds are looking at allegations on three fronts. They include Weatherford’s participation in the scandal-plagued Oil-for-Food program, the possible misuse of $175,000 at a European subsidiary for alleged bribes in violation of the Foreign Corrupt Practices Act, and the sales of services and products “in certain sanctioned countries.”

It specifically cited Cuba, Iran, Sudan, and Syria — four countries under U.S. sanctions due to their support of terrorism and/or violations of human rights.

The company said it is cooperating with the multi-faceted probe. The report said it has incurred $53 million in costs related to its exit from sanctioned countries and incurred $108 million for legal and professional fees in connection with the ongoing investigations.

via U.S. Government’s FCPA Probe of Weatherford Expands.

Filed under From The News · Tagged with , , , , , , , , ,

Twitter Settles U.S. Charges Over Hacker Attacks – BusinessWeek

Posted by Global EDD Group on June 24, 2010 · Leave a Comment 

Twitter Inc., the microblogging service with about 190 million visitors per month, agreed to settle a U.S. government complaint that security lapses allowed hackers to view private messages and send “tweets” from other people’s accounts.

Failures in the company’s data security allowed hackers to gain administrative control of Twitter, the Federal Trade Commission said in a statement today announcing its complaint and settlement. One hacker sent a bogus tweet in January 2009 from the account of then-President-elect Barack Obama offering his followers a chance to win $500 in free gasoline.

San Francisco-based Twitter, which is closely held, allows users to send tweets, or messages of up to 140 characters. Privacy settings allow users to designate some tweets as private.

“When a company promises consumers that their personal information is secure, it must live up to that promise,” said David Vladeck, director of the FTC’s Bureau of Consumer Protection, in the statement. “Likewise, a company that allows consumers to designate their information as private must use reasonable security to uphold such designations.”

The company said in a blog posting that the attacks on the site resulted in 45 accounts being accessed in January 2009 and 10 in April last year. The company said it moved quickly to address the security issues then.

via Twitter Settles U.S. Charges Over Hacker Attacks – BusinessWeek.

Filed under From The News · Tagged with , , , , , , , , ,

Mobile Enterprise: Data Encryption for the Smartphone

Posted by Global EDD Group on June 17, 2010 · Leave a Comment 

One way to protect smartphone data is with encryption. While the more and more companies are adding mobile security to their products and services, it’s not always clear what to look for, especially when there are more varieties of smartphone than there are security patches. Recently Dave Shackleford, contributing writer at SearchSecurity.com offered a list of critical factors organizations should consider when evaluating smart phone encryption products.

  • Cost: Though they want to protect data, companies don’t want to break the bank if they don’t have to. Yet, because current encryption services available are targeted toward individuals rather than enterprise users, providing little to no centralized management or policy capabilities, enterprises should expect to pay a significant amount for these products and should start to grow their budgets to accommodate.
  • Platform Support: Since most companies will include loyal Blackberry users along side loyal (crazed?) Apple iPhone enthusiasts, companies should choose a product that covers multiple platforms.
  • Policy Focus: All organizations have their own unique security needs and policies related to mobile device use and sensitive data protection. As well, industry standards may outline strict compliance controls. If a company is able to outline its mobile security policies before selecting a product, it will be easier to articulate your needs. As mobile security expands globally, consider products that have the flexibility to grow alongside your policy.
  • Central Management: Most companies are inclined to centrally manage and monitor the status of each employee’s phone's encryption in real time. Consider products that offer centralized dashboards and compatibility with a company’s current infrastructure.
  • Encryption Identification: Some phones provide out-of-the-box encryption with limited features, while others running the Windows Mobile operating system offer a more full-bodied encryption. BlackBerry provides encryption through the BlackBerry Enterprise Server (BES) application, while Apple offers “strong hardware encryption”. Knowing what you have and what you need to build on it will help guide ask the right questions.

via Mobile Enterprise: Data Encryption for the Smartphone.

Filed under Tech Bytes · Tagged with , , , , , , , , ,

FT.com / Technology – Google ditches Windows on security concerns

Posted by Global EDD Group on May 31, 2010 · Leave a Comment 

Google is phasing out the internal use of Microsoft’s ubiquitous Windows operating system because of security concerns, according to several Google employees.

The directive to move to other operating systems began in earnest in January, after Google’s Chinese operations were hacked, and could effectively end the use of Windows at Google, which employs more than 10,000 workers internationally.

“We’re not doing any more Windows. It is a security effort,” said one Google employee.

“Many people have been moved away from [Windows] PCs, mostly towards Mac OS, following the China hacking attacks,” said another.

New hires are now given the option of using Apple’s Mac computers or PCs running the Linux operating system. “Linux is open source and we feel good about it,” said one employee. “Microsoft we don’t feel so good about.”

In early January, some new hires were still being allowed to install Windows on their laptops, but it was not an option for their desktop computers. Google would not comment on its current policy.

Windows is known for being more vulnerable to attacks by hackers and more susceptible to computer viruses than other operating systems.

Employees wanting to stay on Windows required clearance from “quite senior levels”, one employee said. “Getting a new Windows machine now requires CIO approval,” said another employee.

via FT.com / Technology – Google ditches Windows on security concerns.

Filed under Tech Bytes · Tagged with , , , , , , , , ,

U.S. businesses need gov’t cyber security: official – The China Post

Posted by Global EDD Group on May 28, 2010 · Leave a Comment 

A U.S. government computer security system that can detect and prevent cyber attacks should be extended to private businesses that operate critical utilities and financial services, a top Pentagon official said Wednesday.

William J. Lynn III, the deputy defense secretary, said discussions are in the very early stages and participation in the program would be voluntary. The idea, he said, would allow businesses to take advantage of the Einstein 2 and Einstein 3 defensive technologies that are being developed to put in place on government computer networks.

Extending the program to the private sector raises a myriad of legal, policy and privacy questions, including how it would work and what information — if any — companies would share with the government about any attacks or intrusions they detect.

Businesses that opt not to participate could “stay in the wild, wild west of the unprotected Internet,” Lynn told a small group of reporters during a cybersecurity conference.

And in the case of Einstein 2 — an automated system that monitors federal Internet and e-mail traffic for malicious activity — companies already may have equal or superior protections on their networks.

“Einstein 2 is like a 1999 Mustang with a little rust,” said James Lewis, a cybersecurity expert and senior fellow at the Washington-based Center for Strategic and International Studies. “For some companies it isn't a big deal. But for others who haven’t done much (to secure their networks) it would be a good idea.”

Lewis said the larger challenges would come with Einstein 3, a separate program being developed which would detect and actively block or prevent cyber intrusions.

via U.S. businesses need gov’t cyber security: official – The China Post.

Filed under Tech Bytes · Tagged with , , , , , , , , ,

McAfee acquires Trust Digital for mobile security | Infosecurity

Posted by Global EDD Group on May 26, 2010 · Leave a Comment 

Veteran IT security vendor McAfee has announced plans to acquire privately-held Trust Digital, a mobile management and security software specialist. Terms of the deal have not been revealed.

McAfee says that it seeking to boost its offerings by integrating Trust Digital’s policy and device management technology into its ePolicy Orchestrator platform.

McAffee adds that it is looking to target the larger smartphone market by supporting multiple mobile operating systems including Apple iPhone, Android, WebOS, Windows Mobile, and Symbian.

Trust Digita’s CEO Mark Shull, said: “Business users are thrilled by the capabilities of iPhones, smartphones and tablets and are quickly adopting them as their handheld computers, but their IT counterparts must now find tools to effectively secure and manage them.”

“The integration of Trust Digital with McAfee will enable enterprises to rapidly deploy new mobility devices such as smartphones across diverse mobile environments cost effectively and with the highest level of security. Together, we will enable IT to say yes to the iPhone and Android”, he said.

via Infosecurity (USA) – McAfee acquires Trust Digital for mobile security.

Filed under Tech Bytes · Tagged with , , , , , , , , ,

Next Page »