Bad news if you enjoy seeing corporate Twitter accounts hacked and hijacked as often as possible: Twitter has finally added the option of enabling two-factor authentication for your account. Once you flip the switch, you’ll have to enter a six-digit code sent to your cell phone in order to complete the log-in Read More
The dirtbags who make malware are at it again. Sophos’s Naked Security blog reports that scammers are already taking advantage of Monday’s bombing at the Boston Marathon, because they have zero sense of decency.
Scammers are sending out emails with subject lines like, “2 Explosions at Boston Marathon,” “Aftermath to explosion at Boston Marathon,” and “Boston Explosion Caught on Video.” Inside the emails is a link to a website with the promised YouTube videos–plus a Windows virus. “Clearly, there are no depths to which cybercriminals are not prepared to stoop in their hunt for victims,” Sophos said. Read More
The Honeynet Project has made monitoring the war in cyber space weirdly fascinating with its HoneyMap, which displays malicious attacks as they happen. The result is reminiscent of old animated maps from newsreels reporting on battles during World War II.
If nothing else, hackers’ exploits in the last couple of years have revealed the frailty of the password protection system. With that in mind, Intel Labs has developed a biometric device and software that could essentially turn the patterns of veins in our palms into biological bar codes. On Thursday Sridhar Iyengar, Intel’s director of security research, revealed the system to an annual Intel Developer Forum: Read More
The Federal Bureau of Investigation may yank several crucial domain name servers (DNS) offline on March 8, blocking millions from using the Internet. The servers in the FBI’s crosshairs were installed in 2011 to deal with a nasty worm dubbed DNSChanger Trojan. DNSChanger can get an innocent end-user in trouble; it changes an infected system’s DNS settings to shunt Web traffic to unwanted and possibly even illegal sites.
DNSChanger oozed out of Estonia and may have fouled up as many as a half-million computers in the United States. The feds’ temporary fix to keep the worm from propagating was to replace infected servers with clean surrogates. Read More
There seems to be an uptick in cybercrime lately, no? Some 200,000 Citibank customers had their accounts hacked at the beginning of May and are just finding out about it now, Reuters reports. Sony similarly dragged its feet when hackers gained access to an astonishing 77 million accounts in April and the company waited more than a week to tell customers their data had been compromised. The hackers got access to names, emails, account numbers and passwords, customers were notified this weekend, and Citibank has replaced cards for compromised accounts.
“Citigroup joins Google and Sony in victims club,” says the headline in the International Business Times. We have a Citibank card. Can we be in the victim’s club too?
Today we learned security breaches are costly! After a glorious IPO, LinkedIn’s stock value dropped more than 7.2 percent when a blogger in India discovered that user accounts are relatively easy to hack; Sony’s stock has suffered lately due to the earthquake in Japan and a string of embarrasing hacks. Read More
There’s a second part to the story of a hacker who built a malicious worm at a Yahoo-sponsored hackathon in Bucharest that exploits a vulnerability in a Yahoo developer service. The hacker, who goes by Pax, was offended when the hackathon organizers cut short his time on stage due and failed to give him due respect for a clever (though malicious) hack, or thank him and his team partner for exposing a security hole. “They were/are complete assholes,” he said on Twitter after someone commented that the officials’ reaction had turned a white hat effort into a grudge. Read More