Apple’s iPhone is more vulnerable to phishing attacks than users might realise because it can obscure the true addresses of the websites that phone owners are visiting. Read more
Normally in the business of making others embarrassed, Nick Denton’s Gawker Media empire had some awkward explaining to do itself on Monday after hackers breached the database containing hundreds of thousands of usernames and passwords that people used to comment on the sites in the network.
Gawker executives, who had initially denied the breach, were forced to reverse course and apologise after the hackers posted a large batch of the passwords online. The intruders also took Gawker’s own source code and perused internal chats and employee e-mails, which in turn provided log-in credentials for Google Apps, taking a similar trajectory to the 2009 electronic break-in at Twitter that unearthed sensitive financial information. Read more
A researcher on Thursday posted software tools that he said would enable widespread eavesdropping on calls made over GSM networks with less than $2,000 worth of equipment.
Speaking at the second day of the Black Hat technology security conference in Las Vegas, researcher Karsten Nohl, who had previously reported that he had cracked GSM encryption, said he was distributing the tools free in order to pressure carriers to make fairly simple changes to fix the vulnerability. Read more
More than a hundred innocuous-looking wallpaper applications for Android handsets have been harvesting users’ phone numbers and SIM card information and sending them off to a Website based in China, researchers said Wednesday at the Black Hat tech security conference in Las Vegas.
The wallpapers–background pictures of ponies, basketball scenes and the like–have been downloaded more than a million times, the researchers said in highlighting growing concern about potential for malicious applications on Android, Apple’s iPhone and other smartphones that are rapidly gaining popularity. Read more
Most of the organised hacking rings aiming at bank fraud these days are stealing login credentials and then taking advantage of the relatively recent opportunities provided by online account access, wire transfers and other means for mis-shipping electronic funds.
But a newly discovered Russian group was using networks of compromised personal computers and techniques for hacking into databases to write $9m in counterfeit checks, thought until now to be the purview mainly of old-time loners. Read more
In what may be the first of many such formal disclosures, Intel included an unusual admission in its annual 10k filing to the SEC on Tuesday: It had been subjected to a “sophisticated incident” of computer hacking that might have been an act of “industrial or other espionage”.
The top semiconductor manufacturer said that the incident in question occurred last month, around the same time Google made a startling and more detailed announcement along similar lines. Intel spokesman Chuck Mulloy said there was no definitive link between the attempt to break into Intel and the spying campaign that targeted Google and as many as 30 other technology companies, including Adobe and Symantec. Read more
An editorial in Tuesday’s Financial Times says China’s policy towards technology companies shows it knows how to tilt markets to its advantage – to the disadvantage of others.
Whereas national security once required controls on what technology could be exported, today it increasingly requires a critical look at what is imported. If the world converges to the standards China requires, computers everywhere risk being at the mercy of its willingness to refrain from cyberattacks. A recent infiltration of Google’s systems, allegedly with Beijing’s involvement, puts that willingness very much in doubt.
Albert Gonzalez, a onetime star informant for the US Secret Service, pleaded guilty Tuesday to conspiracy charges in the largest known identity theft case to date. He stands to be sentenced to more than 15 years behind bars at hearing scheduled for March.
Mr Gonzalez formally entered the plea in US District Court in Boston in a case brought over the penetration of multiple retail chains and Heartland Payment Systems, a credit card and debit card processor that prosecutors said coughed up more than 130m records. Read more
More than 10,000 user names and passwords for Hotmail and other Microsoft services were anonymously posted over the weekend at a free site for programmers, it was reported Monday, prompting security experts to recommend that users change their passwords.
Microsoft said it was investigating the posting to a coding site called pastebin.com, which hinted at a much bigger password collection: according to tech news site Neowin.net, the account names all started with A or B. Read more