Group items tagged

Hackers reportedly used an off-the-shelf computer attack created in China to compromise the computers of at least 48 companies, including in the chemical and defense industries -- an attack described as being similar to the notorious Stuxnet virus, if not as severe. The goal of the attacks, reported Monday by security software company Symantec, "appears to be to collect intellectual property such as design documents, formulas, and manufacturing processes." The purpose: "industrial espionage, collecting intellectual property for competitive advantage." Symantec dubbed the attack "Nitro" and said a total of 29 companies in the chemical industry were targeted, in addition to 19 in other sectors, starting in late July. Among the companies were some that develop materials used primarily in military vehicles. Read more: http://www.foxnews.com/scitech/2011/10/31/nitro-hackers-reportedly-attack-dozens-companies-in-chemical-defense-industries/?test=latestnews#ixzz1cTIClsp4

yber attacks on the UK are at "disturbing" levels, according to the director of Britain's biggest intelligence agency. Government computers, along with defence, technology and engineering firms' designs have been targeted, Iain Lobban, the head of GCHQ, has said. China and Russia are thought to be among the worst culprits involved in cyber attacks. On Tuesday, the government hosts a two-day conference on the issue. Foreign Secretary William Hague convened the London Conference on Cyberspace after criticism that ministers are failing to take the threat from cyberwarfare seriously enough.

And so it begins in the real world and not in a movie, or lab demo. This is a real attack on US infrastructure via the internet. Foreign hackers broke into a water plant control system in Illinois last week and damaged a water pump in what appears to be the first reported case of a malicious cyber attack damaging a critical computer system in the United States, according to an industry expert. On Nov. 8, a municipal water district employee in Illinois noticed problems with the city's water pump control system, and a technician determined the system had been remotely hacked into from a computer located in Russia, said Joe Weiss, an industry security expert who obtained a copy of an Illinois state fusion center report describing the incident. "This is a big deal," said Weiss. The report stated it is unknown how many other systems might be affected.

The main phone network in the West Bank and Gaza has suffered a sustained attack by computer hackers, the Palestinian Authority (PA) says. It says most of the Palestinian territory has lost internet service. PA spokesman Ghassan Ghattib said the attacks started in the morning and came from multiple sources around the world. He said he did not know if the hacking was linked to the Palestinian leadership's successful bid to get membership of Unesco on Monday. The move by the UN's cultural and scientific organisation was strongly criticised by Israel and the United States. The US immediately announced it was cutting off all of its funding to UN body. Prolonged lack of access to the internet would prove costly to many Palestinian businesses.

This is more for reference and is a little dated. However, the basic approaches and techniques are still relevant and the diagrams are also useful. The approach is mostly UNIX,

Foundations of Security: What Every Programmer Needs to Know teaches new and current software professionals state-of-the-art software security design principles, methodology, and concrete programming techniques they need to build secure software systems. Once youre enabled with the techniques covered in this book, you can start to alleviate some of the inherent vulnerabilities that make today's software so susceptible to attack. The book uses web servers and web applications as running examples throughout the book. For the past few years, the Internet has had a "wild, wild west" flavor to it. Credit card numbers are stolen in massive numbers. Commercial web sites have been shut down by Internet worms. Poor privacy practices come to light and cause great embarrassment to the corporations behind them. All these security-related issues contribute at least to a lack of trust and loss of goodwill. Often there is a monetary cost as well, as companies scramble to clean up the mess when they get spotlighted by poor security practices. It takes time to build trust with users, and trust is hard to win back. Security vulnerabilities get in the way of that trust. Foundations of Security: What Every Programmer Needs To Know helps you manage risk due to insecure code and build trust with users by showing how to write code to prevent, detect, and contain attacks. The lead author cofounded the Stanford Center for Professional Development Computer Security Certification. This book teaches you how to be more vigilant and develop a sixth sense for identifying and eliminating potential security vulnerabilities. Youll receive hands-on code examples for a deep and practical understanding of security. Youll learn enough about security to get the job done.

This almost reads like something out of a made for TV movie but is real.;-( Federal authorities are concerned about new research showing U.S. prisons are vulnerable to computer hackers, who could remotely open cell doors to aid jailbreaks. The Federal Bureau of Prisons is "aware of this research and taking it very seriously," spokesman Chris Burke told The Washington Times. Mr. Burke was reacting to research by private experts who found that the security systems in most American prisons are run by computer software vulnerable to hackers. "You could open every cell door, and the system would be telling the control room they are all closed," said John J. Strauchs, a former CIA operations officer who helped develop a cyber-attack on a simulated prison computer system and described it at a hackers' convention in Miami last week. The security systems in most American prisons are run by special computer equipment called industrial control systems, or ICS. They are also used to control power plants, water treatment facilities and other critical national infrastructure. ICS has increasingly been targeted by hackers because an attack on one such system successfully sabotaged Iran's nuclear program in 2009.