Developages - Development and Technology Blog

dunezone writes “As the election ends news is coming out from both campaigns on what happened behind closed doors. During the summer the Obama campaign had their systems hacked, but so did McCain — and not by each other but a third party. ‘… both the FBI and the Secret Service came to the campaign with an ominous warning: “You have a problem way bigger than what you understand,” an agent told Obama’s team. “You have been compromised, and a serious amount of files have been loaded off your system.” The following day, Obama campaign chief David Plouffe heard from White House chief of staff Josh Bolten, to the same effect: “You have a real problem … and you have to deal with it.” The Feds told Obama’s aides in late August that the McCain campaign’s computer system had been similarly compromised.’” Also from the article: ” Officials at the FBI and the White House told the Obama campaign that they believed a foreign entity or organization sought to gather information on the evolution of both camps’ policy positions–information that might be useful in negotiations with a future administration.”

Read more of this story at Slashdot.

Original post by timothy

An anonymous reader writes “Core Security Technologies issued an advisory disclosing a vulnerability that could affect millions using Adobe’s Reader PDF file viewing software. Engineers from CoreLabs determined that Adobe Reader could be exploited to gain access to vulnerable systems via the use of a specially crafted PDF file with malicious JavaScript content. Successful exploitation of the vulnerability requires that users open a maliciously crafted PDF file, thereby allowing attackers to gain access to vulnerable systems and assume the privileges of a user running Acrobat Reader.”

Read more of this story at Slashdot.

Original post by timothy

rsiles writes “When security professionals are dealing with huge amounts of information, and who is not nowadays, correlation and filtering is not the easiest path (and sometimes enough) to discern what is going on. The in-depth analysis of security data and logs is a time consuming exercise, and security visualization (SecViz) extensively helps to focus on the relevant data and reduces the amount of work required to reach to the same conclusions. It is mandatory to add the tools and techniques associated to SecViz to your arsenal, as they are basically taking advantage of the capabilities we have as humans to visualize (and at the same time analyze) data. A clear example is the insider threat and related incidents, where tons of data sources are available. The best sentence (unfortunately it is not an image that describes SecViz comes from the author: A picture is worth a thousand log entries.” Read on for the rest of rsiles’s review.

Read more of this story at Slashdot.

Original post by samzenpus

KentuckyFC writes “Steganography is the art of hiding a message in such a way that only the sender and receiver realize it is there. (By contrast, cryptography disguises the content of a message but makes no attempt to hide it.) The central problem for steganographers is how much data can be hidden without being detected. But the complexity of this problem has meant it has been largely ignored. Now two computer scientists (one working for Google) have made a major theoretical breakthrough by tackling the problem in the same way that the electrical engineer Claude Shannon calculated the capacity of an ordinary communications channel in the 1940s. In Shannon’s theory, a transmission is considered successful if the decoder properly determines which message the encoder has sent. In the stego-channel, a transmission is successful if the decoder properly determines the sent message without anybody else detecting its presence (abstract). Studying a stego-channel in this way leads to some counter-intuitive results: for example, in certain circumstances, doubling the number of algorithms looking for hidden data can increase the capacity of the steganographic channel″

Read more of this story at Slashdot.

Original post by timothy

An anonymous reader tips a piece from the UK’s Daily Mail that recounts another sad tale of the careless loss of massive amounts of private user data. “Ministers have been forced to order an emergency shutdown of a key Government computer system to protect millions of people’s private details. The action was taken after a memory stick was found in a pub car park containing confidential passcodes to the online Government Gateway system, which covers everything from tax returns to parking tickets. An urgent investigation is now under way into how the stick, belonging to the company which runs the flagship system, came to be lost.”

Read more of this story at Slashdot.

Original post by kdawson

theodp writes “The NYTimes reports that pre-wired home security installations by alarm companies are on the way out. Thanks to wireless window and door sensors and motion detectors, installing and maintaining one’s own security system is becoming a do-it-yourself project, with kits available from companies like InGrid and LaserShield. Time to start cranking out some new iPhone and Android apps, kids?”

Read more of this story at Slashdot.

Original post by kdawson

The Walking Dude writes “A lengthy article published in Culture Mandala details how China is using cyber warfare (PDF) as an asymmetric means to obtain technology transfer and market dominance. Case studies of Estonia, Georgia, and Project Chanology point towards a new auxiliary arm of traditional warfare. Political hackers and common Web 2.0 users, referred to as useful idiots (PDF), are being manipulated through PSYOPS and propaganda to enhance government agendas.”

Read more of this story at Slashdot.

Original post by Soulskill

bl8n8r writes “Still going strong since February 2006, the ‘Sinowal’ Master Boot Record infector (also called ‘Torpig’ and ‘Mebroot’ by various anti-virus companies) has compromised more than half a million financial accounts. An HTML injection engine adds fields to login pages to compromise credentials. Injection is triggered by the Web addresses &mdash more than 2,700 bank and e-commerce sites are hard-coded into the malware. ‘RSA investigators found more than 270,000 online banking account credentials, as well as roughly 240,000 credit and debit account numbers and associated personal information on Web servers the Sinowal authors were using to set up their attacks.’ The majority of anti-virus and anti-malware scanners do not detect this threat.”

Read more of this story at Slashdot.

Original post by kdawson

Weblveѵ writes “A recent report by web security firm Finjan shows how easily data can be accessed on PCs by malware which circumvents existing defenses. With the use of obfuscated code, antivirus software and static Web filters could not identify the scrambled attack code as a threat. The report walks through a real-life scenario of the infection process step-by-step, and tracks what happens to the stolen data. This demonstrates how stealing sensitive data has become unbearably easy — especially, given the abundance of easy-to-use DIY crimeware toolkits. Finjan’s report is available here (PDF, registration required). Shortly after this report, Security firm RSA has released their findings of a huge amount of stolen ‘virtual wallets’ in one of the largest discoveries of stolen data from computers compromised by the Sinowal trojan. While the trojan can be traced back to 2006, it managed to become more productive over time with frequent variants. Given the scale, ease of use, and hiding techniques making infections extremely difficult to find, no wonder today’s crimeware achieves such ‘impressive’ results.”

Read more of this story at Slashdot.

Original post by Soulskill

netbuzz writes “The Internet will mark an infamous anniversary Sunday, when the Morris worm turns 20. Considered the first major attack on the ‘Net, Morris served as a wake-up call about the risk of software bugs, and it set the stage for network security to become an important area of computer science. It was also the first time many non-techies heard of the ‘Net, as the mainstream media covered the story extensively.” Reader maximus1 contributes a brief ITWorld story about Robert Morris himself.

Read more of this story at Slashdot.

Original post by Soulskill

An anonymous reader writes “Bruce Schneier and company have created a new hash function called Skein. From his blog entry: ‘NIST is holding a competition to replace the SHA family of hash functions, which have been increasingly under attack. (I wrote about an early NIST hash workshop here.) Skein is our submission (myself and seven others: Niels Ferguson, Stefan Lucks, Doug Whiting, Mihir Bellare, Tadayoshi Kohno, Jon Callas, and Jesse Walker). Here’s the paper.”

Read more of this story at Slashdot.

Original post by timothy

Roland Piquepaille writes “Some clever computer scientists at UC San Diego (UCSD) have developed a software that can perform key duplication with just a picture of the key — taken from up to 200 feet. One of the researchers said ‘we built our key duplication software system to show people that their keys are not inherently secret.’ He added that on sites like Flickr, you can find many photos of people’s keys that can be used to easily make duplicates. Apparently, some people are blurring ‘numbers on their credit cards and driver’s licenses before putting those photos on-line,’ but not their keys. This software project is quite interesting, but don’t be too afraid. I don’t think that many of you put a photo of their keys online — with their addresses.” I wonder when I′ll be able to order more ordinary duplicate keys by emailing in a couple of photos.

Read more of this story at Slashdot.

Original post by timothy

Well, yet another teenage hacker who “did the right thing″ by reporting a security flaw is being punished for his actions. Although it definitely sounds like the whole story may not be in the clear yet, a 15-year-old New York high school student has been charged with three felonies claiming that he accessed a file containing social security numbers, driver’s license numbers, and home addresses of past and present employees…and then sent an anonymous email to the principal alerting him to the security flaw. “All that was needed to access the information was a district password. School officials have admitted that thousands of students, faculty and employees could have accessed the same file for up to two weeks.”

Read more of this story at Slashdot.

Original post by ScuttleMonkey

Arno Igne writes to tell us that the number of underage participants in “high-tech” crimes has risen steeply in recent history. Reporting children as young as 11 swapping credit card details and asking for hacks, many are largely unskilled and thus more likely to get caught and arrested. “Communities and forums spring up where people start to swap malicious programs, knowledge and sometimes stolen data. Some also look for exploits and virus code that can be run against the social networking sites popular with many young people. Some then try to peddle or use the details or accounts they net in this way. Mr Boyd said he spent a lot of time tracking down the creators of many of the nuisance programs written to exploit users of social networking sites and the culprit was often a teenager.”

Read more of this story at Slashdot.

Original post by ScuttleMonkey

Filed under: Misc. Gadgets

Surely your remember Project Lantern from back in 2006, right? If you weren’t too fond of that initiative, let’s just say your worst nightmare is coming true. Going forward, every police force in the UK will be equipped with mobile fingerprint scanners, which will allow the fuzz to carry out identity checks right on the street. Dubbed Project Midas, this here setup is supposed to “transform the speed of criminal investigations”while simultaneously freaking out anyone remotely concerned about personal privacy; in fairness, cops insist that fingerprints scanned via these portable devices will not be stored or added to databases, and we’re told that they’ll only be used ” when they suspect an individual of an offense and can′t establish his / her identity.” The £30 million ($47.5 million) to £40 million ($63.4 million) initial phase should hit widespread deployment within 18 months, and in case you thought it was over after this, you should probably know that facial recognition in the field is the next top priority.

[Via Pocket-lint, image courtesy of SpringCard]

Read | Permalink | Email this | Comments

Original post by Darren Murph