 |
Sunday, September 22, 2002 |
|
Visa International plant ein neues Kreditkarten-Zahlungssystem, beim dem Smart-Cards mit so genannten Radio Frequency Identification Tags (RFIDs) zum Einsatz kommen. [ComputerWoche: Nachrichten]
Kenner der Trickbetr[florin]gerszene freuen sich schon auf die kreativen Ideen b[ring]ser Menschen, uns drahtlos Geld aus der Tasche zu ziehen.
23:19
#
G!
Translate
| |
|
Someone has been playing around with Advogato, and has come up with something I can only think of as an Advogato virus. It spreads each time you visit this person's page - or even the People index! [Advogato]
As far as I can see, this is the first virus spreading through XSS/CSS - while there isn't really Cross Side Scripting happening here it is injection of code through trusted sides.
23:12
#
G!
| |
Der Deal war anscheinend sorgf...ltig geplant. Denn ein oder mehrere T...ter haben mit der Versteigerung von hochwertigen Elektronikartikeln bei eBay zahlreiche User betrogen.
Versteigert wurden Waren im Wert von rund 100 000 Euro. [...]
Feststehe, dass der T...ter unter verschiedenen Usernamen zun...chst harmlose Gegenst...nde versteigert hatte, um ein sauberes und ordentliches Nutzerprofil zu erlangen. Erst danach sei das schmutzige Gesch...fts gestartet worden. [PC-Magazin]
23:07
#
G!
Translate
| |
|
In an unprecedented move, the Danish police has shut down at least six servers on the eDonkey2000 network on Monday (Heise has a German summary). eDonkey-servers are similar to Napster servers -- they do not host any actual files (and unlike Napster, eDonkey indexes much more than just music). Apparently, Danish police acted under pressure from the anti-piracy group, Antipiratgruppen.
One of their representatives even accompanied the police raid on one eDonkey server operator's home.
The operator of that server, Siffan, has contacted an attorney and has gained access to a friend's computer. He is blogging the events as they unfold, currently in Danish, but English translations will follow soon. According to people on the #SiffansPlace IRC channel, 11 more eDonkey client users were "busted", but only 2 persons were charged. More details as they emerge.
Update [2002-9-21 13:19:15 by erik]: Someone in the German eDonkey forum has posted a translation of the account currently posted on Siffan's site. Note that this is a translation of a translation, but you can trust me to get it right :-)
On Sep 16 2002 around 7:30 PM three persons knocked on my door: a judge [could be translation error], a computer expert and a member of the APG (Anti Piracy Group). They wanted to enter my apartment and to see the eDonkey server, contents on the computer etc. After arguing back and forth, threats and much more, the computer and a handful of legal CD copies were confiscated. They examined drawers and the desk and prohibted me from entering my own rooms. The so-called computer expert sat down in front of my machine and watched what was happening on IRC in order to find out who was talking to whom. This was of more interest to him than the reason for him being there, namely taking care of the eDonkey server.
Furthermore I was told that the installation of mIRC was forbidden because it was a P2P application. The "computer expert" appeared to be a complete amateur who didn't even know the meaning of ports.
The poster points out, and another poster in a different forum confirms, that most eDonkey servers in Denmark have been shut down for the time being. Although the mIRC quote above might make you believe otherwise, this case is no hoax -- it is documented on APG's website, and Siffan has now posted the scanned search warrant. Of particular interest is appendix 1 (part 1, part 2), which shows screenshots of eDonkey connected to Siffan's server. Again, this is only an index server that does not host files. The search results displayed are hosted by the connected clients.
I don't think this will go to court, it's probably just meant to shock people. Note that it can take weeks or months to get your PC back after it has been confiscated.
[infoArnachy via News Is Free: Security]
23:02
#
G!
| |
PaSaMuF is a new system to keep an eye on. A project of the German Hasso-Plattner-Institute for Software Systems Engineering, PaSaMuF is a filesharing system which indexes and shares common document types (Microsoft Word, Excel, PDF, HTML, XML, plain text, etc). PaSaMuF extracts information from the documents along with basic file metadata to ease searching. [Link credit to Matt Croydon of Postneo.] [infoAnarchy]
22:57
#
G!
| |
Anscheinend kann man R-Gespr...che (collect calls) annehmen, ohne das man bei der Gespr...chsannahme darauf hingewiesen wird. Klingt wirr, ist aber die neuste Betrugs-Masche, sagt[heise online news]
22:54
#
G!
Translate
| |
Cnet has published an interview with David Sorkin, associate professor at the John Marshall Law School. He's answering questions about the current state of cyberlaw, and he also has much to say about why current federal legislation being considered could make the problem of spam worse rather than curbing it. [slashdot via Privacy Digest]
22:23
#
G!
| |
In einer Mammut-Aktion gegen einen internationalen Kinderprono-Ring haben die Polizeibeh[ring]rden am Dienstag und Mittwoch in mehreren Bundesl...ndern zahlreiche Wohnungen und B[florin]ros durchsucht. Nach einem Online-Bericht des "Spiegel" waren allein in Niedersachsen 140 Haushalte von der Razzia betroffen. [ComputerWoche: Nachrichten]
21:46
#
G!
| |
|
When computer engineer Stephen Carey bodged a firm's system upgrade, its bosses felt justified in refusing to pay his bill.
They did not realise, however, how much damage he could do with his inside knowledge of their operation.
The 28-year- old engineer hacked into the firm's computer network and systematically wiped all its data, costing the company an estimated GBP 50,000. After being traced in a joint operation by BT and the police, Carey faced one of the first prosecutions of its kind to be launched in this country.
Yesterday the shamed engineer, from Eastbourne, East Sussex, was given an 18-month prison sentence after being convicted of unauthorised modification of computer material.
Jailing Carey, Judge David Rennie said the case highlighted the 'growing menace' of computer hacking.
Hove Crown Court heard that Carey had been employed by sheet metal company RP Duct Work in April last year at its offices in Hailsham, East Sussex.
The father of four adapted the system so he would be able to dial in to the database from home.
After the engineer bodged the work, the company had to pay an expert GBP 80 an hour to rectify his mistakes.
When the company refused to pay him, Carey hacked into the system from his home computer and deleted the files one by one. Managers at the company, which has a large database of designs for equipment such as airconditioning ducts, watched in horror as the drawings files they had taken three years to build up were deleted.
Police seized Carey's computer and discovered the time the files were destroyed matched the time his telephone line was connected to the firm's.
Mark Watson, defending, said: 'There is no suggestion that anyone lost their jobs or the company was forced to close or even any customer suffered direct harm. There's also no evidence of financial gain.
'There's no suggestion that Mr Carey knew that the computer files held by this company were not backed up on a regular basis.
'He supports his wife, three step-children and own child. He also supports his grandmother and father-in-law. He is concerned they will suffer greatly in his absence.'
Judge Rennie said the hacker had been caught out by someone cleverer than him. 'You were prepared to act in a dishonest fashion, without thinking of the consequences,' he said.
'You are a clever man and, in my view, a cunning man and knew you would cause great harm and that your actions were malicious in the extreme.'
[Security News Portal]
20:12
#
G!
| |
|
Security publication Information Security magazine announced this week that its newly-released survey reveals that large organizations are at a greater risk from hacking and viruses than small companies, due to organizational issues that hinder the implementation of security practices. The survey, which benchmarks critical IT security trends and practices by organization size, finds that small companies spend nearly 20 percent of their IT budgets on security, while large companies spend only 5 percent, and suffer five times as many security incidents. According to the survey, malicious code including viruses, worms and Trojans remains the primary concern of most IT security professionals. About 31 percent of respondents said it was their most important problem, followed by the security of authorized users and security vulnerabilities in IT equipment.
The research also showed that IT security has yet to successfully gain a foothold in the day-to-day activities governing the operation and culture of organizations. The security departments of organizations growing in size, says the survey, fail to keep up with the demands of their increasingly complex infrastructures. Security spending per user and per machine declines with growth in most organizations.
Also according to the report, senior IT security professionals have little authority in determining the overall security mission, including budgets, in heir organizations. Released this month, Information Security magazineâs fifth annual industry survey was completed by 2,196 information security managers, engineers, administrators, consultants and analysts
[Security News Portal]
20:09
#
G!
| |
|
A well-known plaintiff's attorney in suburban Detroit is the latest victim of a variation on the Nigerian scam. His bookkeeper embezzled $2.1 million over a period of six months and sent the funds by means of 13 separate wire transfers to overseas banks.
Said an investigating FBI agent: "She was gullible -- gullible and had access to $2.1 million."
The lawyer is going after his bank, because the bookkeeper did not have the authority to approve wire transfers.
from the Detroit Free Press [The LitiGator]
20:01
#
G!
| |
It was so simple. They had an admin interface without password protection and documented that in robots.txt.[The Register]
19:40
#
G!
| |
Maximillian Dornseif, 2002.
|
|
|
