By Elinor Mills
InSecurity Complex
CNet News
November 11, 2009
Microsoft said on Wednesday it is looking into a report of a vulnerability in Windows 7 and Server 2008 Release 2 that could be used by an attacker to remotely crash the computer.
The company is investigating claims of a "possible denial-of-service vulnerability in Windows Server Message Block (SMB)," the Microsoft spokesperson said, adding that the company was unaware of any attacks trying to exploit the hole.
The bug triggers an infinite loop on the Server Message Block (SMB) protocol used for sharing files in Windows, researcher Laurent Gaffi wrote in a posting on the Full-Disclosure mailing list and on a blog.
"Whatever your firewall is set to, you can get remotely smashed via IE or even via some broadcasting NBNS [NetBIOS Naming Service] tricks,"
Gaffi wrote.
[...]
Thursday, 12 November 2009
How to DDOS a federal wiretap
By Robert McMillan
November 11, 2009
IDG News Service
Researchers at the University of Pennsylvania say they've discovered a way to circumvent the networking technology used by law enforcement to tap phone lines in the U.S.
The flaws they've found "represent a serious threat to the accuracy and completeness of wiretap records used for both criminal investigation and as evidence in trial," the researchers say in their paper, set to be presented Thursday at a computer security conference in Chicago.
Following up on earlier work on evading analog wiretap devices called loop extenders, the Penn researchers took a deep look at the newer technical standards used to enable wiretapping on telecommunication switches. They found that while these newer devices probably don't suffer from many of the bugs they'd found in the loop extender world, they do introduce new flaws. In fact, wiretaps could probably be rendered useless if the connection between the switches and law enforcement are overwhelmed with useless data, something known as a denial of service (DOS) attack.
Four years ago, the University of Pennsylvania team made headlines after hacking an analog loop extender device they'd bought on eBay. This time, the team wanted to look at newer devices, but they couldn't get a hold of a switch. So instead they took a close look at the telecommunication industry standard -- ANSI Standard J-STD-025 -- that defines how switches should transmit wiretapped information to authorities. This standard was developed in the 1990s to spell out how telecommunications companies could comply with the 1994 Communications Assistance for Law Enforcement Act (CALEA).
November 11, 2009
IDG News Service
Researchers at the University of Pennsylvania say they've discovered a way to circumvent the networking technology used by law enforcement to tap phone lines in the U.S.
The flaws they've found "represent a serious threat to the accuracy and completeness of wiretap records used for both criminal investigation and as evidence in trial," the researchers say in their paper, set to be presented Thursday at a computer security conference in Chicago.
Following up on earlier work on evading analog wiretap devices called loop extenders, the Penn researchers took a deep look at the newer technical standards used to enable wiretapping on telecommunication switches. They found that while these newer devices probably don't suffer from many of the bugs they'd found in the loop extender world, they do introduce new flaws. In fact, wiretaps could probably be rendered useless if the connection between the switches and law enforcement are overwhelmed with useless data, something known as a denial of service (DOS) attack.
Four years ago, the University of Pennsylvania team made headlines after hacking an analog loop extender device they'd bought on eBay. This time, the team wanted to look at newer devices, but they couldn't get a hold of a switch. So instead they took a close look at the telecommunication industry standard -- ANSI Standard J-STD-025 -- that defines how switches should transmit wiretapped information to authorities. This standard was developed in the 1990s to spell out how telecommunications companies could comply with the 1994 Communications Assistance for Law Enforcement Act (CALEA).
Alleged $9 Million Hacking Ring Exposed
By Tim Wilson
DarkReading
Nov 11, 2009
A group of alleged hackers from Eastern Europe has been indicted on charges of hacking into a computer network operated by the Atlanta-based credit card processing company RBS WorldPay, which is part of the Royal Bank of Scotland.
Eight individuals, mostly from Russia and Estonia, have been charged.
The 16-count indictment charges four of the defendants with conspiracy to commit wire fraud, wire fraud, conspiracy to commit computer fraud, computer fraud, access device fraud, and aggravated identity theft.
The indictment alleges the group used sophisticated hacking techniques to compromise the data encryption that was used by RBS WorldPay to protect customer data on payroll debit cards. Payroll debit cards are used by various companies to pay their employees. By using a payroll debit card, employees are able to withdraw their regular salaries from an ATM.
Once the encryption on the card processing system was compromised, the hacking ring allegedly raised the account limits on compromised accounts, and then provided a network of "cashers" with 44 counterfeit payroll debit cards, which were used to withdraw more than $9 million from more than 2,100 ATMs in at least 280 cities worldwide, including cities in the United States, Russia, Ukraine, Estonia, Italy, Hong Kong, Japan, and Canada. The $9 million loss occurred within a span of less than 12 hours.
The hackers then allegedly sought to destroy data stored on the card processing network in order to conceal their hacking activity. The indictment alleges that the "cashers" were allowed to keep 30 to 50 percent of the stolen funds, but transmitted the bulk of those funds back to the defendants. Upon discovering the unauthorized activity, RBS WorldPay immediately reported the breach.
[...]
DarkReading
Nov 11, 2009
A group of alleged hackers from Eastern Europe has been indicted on charges of hacking into a computer network operated by the Atlanta-based credit card processing company RBS WorldPay, which is part of the Royal Bank of Scotland.
Eight individuals, mostly from Russia and Estonia, have been charged.
The 16-count indictment charges four of the defendants with conspiracy to commit wire fraud, wire fraud, conspiracy to commit computer fraud, computer fraud, access device fraud, and aggravated identity theft.
The indictment alleges the group used sophisticated hacking techniques to compromise the data encryption that was used by RBS WorldPay to protect customer data on payroll debit cards. Payroll debit cards are used by various companies to pay their employees. By using a payroll debit card, employees are able to withdraw their regular salaries from an ATM.
Once the encryption on the card processing system was compromised, the hacking ring allegedly raised the account limits on compromised accounts, and then provided a network of "cashers" with 44 counterfeit payroll debit cards, which were used to withdraw more than $9 million from more than 2,100 ATMs in at least 280 cities worldwide, including cities in the United States, Russia, Ukraine, Estonia, Italy, Hong Kong, Japan, and Canada. The $9 million loss occurred within a span of less than 12 hours.
The hackers then allegedly sought to destroy data stored on the card processing network in order to conceal their hacking activity. The indictment alleges that the "cashers" were allowed to keep 30 to 50 percent of the stolen funds, but transmitted the bulk of those funds back to the defendants. Upon discovering the unauthorized activity, RBS WorldPay immediately reported the breach.
[...]
Microsoft tries to clean up COFEE spill
By Kurt Mackie
GCN.com
Nov 11, 2009
Someone spilled hot COFEE, otherwise known as Microsoft's Computer Online Forensic Evidence Extractor.
The spill or leak was noted on Monday in reports from CrunchGear and Ars Technica. COFEE is a computer forensics solution that Microsoft provides for free to law enforcement agencies. It's really a collection of tools packaged together on a thumb drive for easy use by police on the scene of a crime or cybercrime.
Now, the software has somehow become expropriated, and it's found its way onto bit torrent sites.
Essentially, COFEE is now openly distributed as pirated software. The distribution was supposed to have been controlled through the National White Collar Crime Center or INTERPOL.
Microsoft confirmed the leak on Tuesday, stating that it plans to "mitigate unauthorized distribution of our technology beyond the means for which it's been legally provided," according to a statement from Richard Boscovich, senior attorney for Internet safety at Microsoft Corp. He discouraged people from downloading pirated COFEE software - not just because it's an unauthorized distribution, but because the copies could have been modified.
[...]
GCN.com
Nov 11, 2009
Someone spilled hot COFEE, otherwise known as Microsoft's Computer Online Forensic Evidence Extractor.
The spill or leak was noted on Monday in reports from CrunchGear and Ars Technica. COFEE is a computer forensics solution that Microsoft provides for free to law enforcement agencies. It's really a collection of tools packaged together on a thumb drive for easy use by police on the scene of a crime or cybercrime.
Now, the software has somehow become expropriated, and it's found its way onto bit torrent sites.
Essentially, COFEE is now openly distributed as pirated software. The distribution was supposed to have been controlled through the National White Collar Crime Center or INTERPOL.
Microsoft confirmed the leak on Tuesday, stating that it plans to "mitigate unauthorized distribution of our technology beyond the means for which it's been legally provided," according to a statement from Richard Boscovich, senior attorney for Internet safety at Microsoft Corp. He discouraged people from downloading pirated COFEE software - not just because it's an unauthorized distribution, but because the copies could have been modified.
[...]
Subscribe to:
Posts (Atom)