Group items tagged

The defendants, aged between 18 and 28, are believed to have stolen more than $100 million in intellectual property and other proprietary data from the likes of Microsoft Corporation, Epic Games, Valve, and even the US Army. This includes pre-release versions of Gears of War 3 and Call of Duty: Modern Warfare 3, Apache helicopter simulation software developed for the US army, and information about the Xbox One console. Two of the suspects have pleaded guilty, one of which is 22-year old David Pokora. His plea represents what may be the first conviction of a foreign-based individual for hacking into US businesses to steal trade secret information.

18-count superseding indictment

Researchers on Thursday discovered a critical remotely exploitable vulnerability in the widely used command-line shell GNU Bourne Again Shell (Bash), dubbed "Shellshock" which affects most of the Linux distributions and servers worldwide, and may already have been exploited in the wild to take over Web servers as part of a botnet that is currently trying to infect other servers as well.

The two main components of Uroburos are - a driver and an encrypted virtual file system, used to disguise its nasty activities and to try to avoid detection. Its driver part is extremely complex and is designed to be very discrete and very difficult to identify.

The virtual file system can’t be decrypted without the presence of drivers, according to the Gdata’s analysis explained in the PDF.

The massive data breach was a result of keylogging software maliciously installed on an untold number of computers around the world,

The virus was capturing log-in credentials for key websites over the past month and sending those usernames and passwords to a server controlled by the hackers.

Of all the compromised services, Miller said he is most concerned with ADP. Those log-ins are typically used by payroll personnel who manage workers' paychecks. Any information they see could be viewed by hackers until passwords are reset.

Further evidence of overeager and illegal police work emerged Thursday in New Zealand as Inspector General of Security and Intelligence Paul Neazor released a report on the illegal bugging of Kim Dotcom and Megaupload programmer Bram van der Kolk. Two GCSB officers were present at a police station nearby Dotcom’s mansion as the raid took place.

Police weighed several options for the raid named “Operation Debut,” undertaken at the behest of US authorities, and sought to take Dotcom and associates with the “greatest element of surprise” and to minimise any delays the in executing the search and seizure operation should the German file sharing tycoon’s staff be uncooperative or even resist officers on arrival.

The police planners also noted that “Dotcom will use violence against person’s [sic] and that he has several staff members who are willing to use violence at Dotcom’s bidding” after a U.S. cameraman, Jess Bushyhead, reported the Megaupload founder for assaulting him with his stomach after a dispute. Based on Dotcom’s license plates such as MAFIA, POLICE, STONED, GUILTY, and HACKER, police said this indicates the German “likes to think of himself as a gangster” and is “described as arrogant, flamboyant and having disregard for law enforcement.” However, the documents show that Dotcom had only been caught violating the speed limit in New Zealand. The request for assistance from the STG notes that the US investigation against Mega Media Group and Dotcom was started in March 2010 by prosecutors and the FBI. According to the documents, US prosecutors and FBI “discovered that the Mega Media Group had engaged in and facilitated criminal copyright infringement and money laundering on a massive scale around the world.” FBI in turn contacted NZ Police in “early 2011," requesting assistance with the Mega Media Group investigation as Dotcom had moved to New Zealand at the time.

The Exploitation process relied upon a Java vulnerability (CVE-2013-2460) and after getting dropped into the target computer system, the malware detects the Java version installed on the operating system and based upon it requests the suitable exploit.

Documents leaked by former NSA contractor Edward Snowden show that the NSA created and promulgated a flawed formula for generating random numbers to create a "back door" in encryption products, the New York Times reported in September. Reuters later reported that RSA became the most important distributor of that formula by rolling it into a software tool called Bsafe that is used to enhance security in personal computers and many other products.Undisclosed until now was that RSA received $10 million in a deal that set the NSA formula as the preferred, or default, method for number generation in the BSafe software, according to two sources familiar with the contract. Although that sum might seem paltry, it represented more than a third of the revenue that the relevant division at RSA had taken in during the entire previous year, securities filings show.

RSA, meanwhile, was changing. Bidzos stepped down as CEO in 1999 to concentrate on VeriSign, a security certificate company that had been spun out of RSA. The elite lab Bidzos had founded in Silicon Valley moved east to Massachusetts, and many top engineers left the company, several former employees said.And the BSafe toolkit was becoming a much smaller part of the company. By 2005, BSafe and other tools for developers brought in just $27.5 million of RSA's revenue, less than 9% of the $310 million total."When I joined there were 10 people in the labs, and we were fighting the NSA," said Victor Chan, who rose to lead engineering and the Australian operation before he left in 2005. "It became a very different company later on."By the first half of 2006, RSA was among the many technology companies seeing the U.S. government as a partner against overseas hackers.New RSA Chief Executive Art Coviello and his team still wanted to be seen as part of the technological vanguard, former employees say, and the NSA had just the right pitch. Coviello declined an interview request.An algorithm called Dual Elliptic Curve, developed inside the agency, was on the road to approval by the National Institutes of Standards and Technology as one of four acceptable methods for generating random numbers. NIST's blessing is required for many products sold to the government and often sets a broader de facto standard.RSA adopted the algorithm even before NIST approved it. The NSA then cited the early use of Dual Elliptic Curve inside the government to argue successfully for NIST approval, according to an official familiar with the proceedings.RSA's contract made Dual Elliptic Curve the default option for producing random numbers in the RSA toolkit. No alarms were raised, former employees said, because the deal was handled by business leaders rather than pure technologists.

The FBI has an elite hacker team that creates customized malware to identify or monitor high-value suspects who are adept at covering their tracks online, according to a published report.

the report recognized that email privacy is critical

one issue was left conspicuously unaddressed in the report. The Securities and Exchange Commission, the civil agency in charge of protecting investors and ensuring orderly markets, has been advocating for a special exception to the warrant requirement. No agency can or should have a get-out-of-jail-free card for bypassing the Fourth Amendment.

the algorithm is only as fair as the data fed into it.