Sony hacking suspect smashes computers to get out of prosecution
A posting from Naked Security: A 23-year-old man suspected of helping to hack into Sony’s PlayStation Network got out of being penalized for the crime by smashing his computers and making his hard drives disappear.
Todd M. Miller, of Columbus, in the US state of Ohio, was sentenced on Thursday to a year on house arrest for obstructing a federal investigation and styming an FBI investigation into the hack.
According to The Columbus Dispatch, the judge also sentenced Miller to three years probation and ordered him to get his high-school equivalence certificate.
US District Judge Peter C. Economus said in federal court that Miller was a member of a hacking group called the KCUF clan that, starting in 2008, organized an ongoing attack on Sony’s servers.
The hack took the PlayStation Network offline in April 2011. Sony soon realized that the breach had enabled the attackers to access the personal data, including credit card information, of millions of online gamers.
To read more click here:
May Patch Tuesday coming up – Microsoft still not sure if latest 0-day fix will make the cut
A posting from Naked Security on patch Tuesday : Microsoft’s Patch Tuesday for May 2013 will be published in the coming week.
It’ll be out on Tuesday 14 May 2013. (Wednesday 14 May for everywhere from about Malaysia eastwards.)
Here’s the elevator pitch:
- 33 vulnerabilities identified and fixed.
- Ten separate patches.
- Eight rated Important. (Apply ASAP.)
- Two rated Critical. (Apply immediately.)
- A reboot is required.
Loosely translated, Microsoft’s interpretation of important means that an exploit against the vulnerability is likely to be found, but you’ll probably get some sort of warning, such as a pop-up dialog, if an attacker tries to use it.
On the other hand, critical means not just that a exploit is likely (or already known), but that it can be used silently – what’s known as a drive-by install – without popups or any other kind of warning.
The burning question about the May 2013 Patch Tuesday is this: will it fixCVE-2013-1347?
To read more click here:
Indian government investigates firms at center of global cyber heist
A posting from NBCNEWS in there technology section about Indian’s government investigates firms at center of global cyber heist: MUMBAI/BANGALORE, May 12 (Reuters) – The Indian government’s cyber watchdog is investigating how security at two companies that are part of the country’s vast IT services industry was breached in a global ATM heist that saw $45 million stolen from two banks in the Middle East.
EnStage Inc, which operates from Bangalore, and ElectraCard Services, based in the Indian city of Pune, processed card payments for the two banks that were hit in the theft, several people familiar with the situation said.
“We are investigating the technical aspect,” Gulshan Rai, director general of the Indian Computer Emergency Response Team (CERT), part of the department of electronics and information technology, told Reuters by phone on Sunday.
“What kind of breach has happened in the system, how did it happen, what processes are in place, and the entire technical aspect we will look at,” he said, adding that the agency had started its investigation on Saturday.
To read more click here:
US cyberwar strategy stokes fear of blowback
A posting from NBC NEWS in there technology section: WASHINGTON (Reuters) – Even as the U.S. government confronts rival powers over widespread Internet espionage, it has become the biggest buyer in a burgeoning gray market where hackers and security firms sell tools for breaking into computers.
The strategy is spurring concern in the technology industry and intelligence community that Washington is in effect encouraging hacking and failing to disclose to software companies and customers the vulnerabilities exploited by the purchased hacks.
That’s because U.S. intelligence and military agencies aren’t buying the tools primarily to fend off attacks. Rather, they are using the tools to infiltrate computer networks overseas, leaving behind spy programs and cyber-weapons that can disrupt data or damage systems.
To read more click here:
WordPress and Internet Security with Kellep Charles
Scott talks to Security Consultant Kellep Charles about WordPress and public website security. What can you do to protect yourself? Where does internet security break down?
Listen to it here or you can past the link into your browser:
http://www.hanselminutes.com/369/wordpress-and-internet-security-with-kellep-charles
Microsoft rushes out CVE-2013-1347 “Fix it” for the latest Internet Explorer zero-day
A posting from Naked Security: Remember the US Department of Labor hackwe wrote about at the beginning of the month?
A microsite off the main web page was compromised and used to serve up a drive-by download cocktail that aimed to infect your computer surreptitiously.
The vulnerability that was exploited in the drive-by turned out to an unpatched bug (what’s known as a zero-day or 0-day) in Internet Explorer 8, and was soon labelled CVE-2013-1347.
The good news is that Microsoft had just published an emergency patch, known as a Fix it, that is simple to apply, easy to reverse if it causes any problems, and (so Redmond says) knocks the vulnerability on the head.
You can read more about the Fix it in a well-worth-reading blog post from Microsoft’s Secure Windows Initiative team.
To read more click here:
