Updated: 24.11.2002; 13:59:42 Uhr.
disLEXia
lies, laws, legal research, crime and the internet
        

Wednesday, November 21, 2001

Playboy says hacker stole customer info

By Greg Sandoval and Robert Lemos, CNET News.com, 20 Nov 2001

Playboy.com has alerted customers that an intruder broke into its Web site and obtained some customer information, including credit card numbers. The online unit of the nearly 50-year-old men's magazine said in an e-mail to customers that it believed a hacker accessed "a portion" of Playboy.com's computer systems. In the e-mail, a copy of which was reviewed by CNET News.com, Playboy.com President Larry Lux did not disclose how many customers might have been affected.

Playboy.com encouraged customers to contact their credit card companies to check for unauthorized charges. New York-based Playboy.com also said it reported the incident to law enforcement officials and hired a security expert to audit its computer systems and analyze the incident. [...] http://news.cnet.com/news/0-1007-200-7932825.html [Monty Solomon via risks-digest Volume 21, Issue 78]
0:00 # G!

Re: Porn spam being sent in my name (Sanders, RISKS-21.76)

> Imagine my surprise to find that the original (bounced) message had
> been spam, apparently sent from me!

That "original message" was never sent. The "bounce notification message" was forged by the spammer. And it worked -- you paid close attention to it. [Andrew Klossner via risks-digest Volume 21, Issue 78]
0:00 # G!

FBI targets suspects' PCs with spy virus

The FBI is working on software that could insert a computer virus into a suspect's computer capable of reading encrypted data. The software, known as "Magic Lantern," installs "keylogging" software that can capture keystrokes typed on a computer. The virus can be sent via e-mail. Once on the targeted PC, it waits for a suspect to launch the Pretty Good Privacy encryption program and then logs the passphrase used to start the program, essentially giving agents access to the keys needed to decrypt files. The Magic Lantern software is part of the FBI's "Enhanced Carnivore Project Plan," which operates under the umbrella project name of Cyber Knight. Electronic Privacy Information Center attorney David Sobel says privacy issues arise when keylogging results in "overly broad" searches, since it would be possible to observe every keystroke typed by the suspect, even if a court order specified only encryption keys. The FBI has already used a less-sophisticated version of the software to build the high-profile racketeering case against Nicodemo Scarfo, but had to manually turn the system on and off in order to comply with the court order. [MSNBC/Wall Street Journal 21 Nov 2001; NewsScan Daily, 21 November 2001] http://interactive.wsj.com/articles/SB10062942834030720.htm (sub req'd)

[Insertion by e-mail probably works well for Microsoft software, which is prone to that kind of attack. Various reports suggest that Magic Lantern can also plant itself by penetrating systems. Penetrability of supposedly secure systems has long been noted here, with further risks resulting from a weak system that is directly networked to supposedly more secure systems (especially if done with single-sign-on authentication). This may not be a case where one good (LAN-)turn deserves another. PGN] ["NewsScan" via risks-digest Volume 21, Issue 77]
0:00 # G!


Maximillian Dornseif, 2002.
 
November 2001
Sun Mon Tue Wed Thu Fri Sat
        1 2 3
4 5 6 7 8 9 10
11 12 13 14 15 16 17
18 19 20 21 22 23 24
25 26 27 28 29 30  
Oct   Dec
Search
about this disLEXia thing
presentations
scientific publications
logner Texts
my old homepage
categories in this weblog
Subsections of this WebLog
bloging by me
german language content
hacks
computer investigations
computer incidents
going to court
events and conferences
statistics and the like
privacy
main page

Subscribe to "disLEXia" in Radio UserLand.

Click to see the XML version of this web page.

Click here to send an email to the editor of this weblog.