[ISN] Cosmo Strikes Again, Taking Over Another Westboro Twitter Account

http://www.wired.com/threatlevel/2012/12/cosmo-strikes-again-takes-over-another-westboro-twitter-account/ By Mat Honan Threat Level Wired.com 12.19.12 It feels a little bit like hacker Groundhog Day. After hijacking a Westboro Baptist Church leader’s Twitter account on Monday, Wired has confirmed that the 15-year-old hacker known as Cosmo the God took over another account belonging to one of the of the same church members on Wednesday, using much the same method. A source with direct knowledge of the attack who spoke on condition of anonymity confirmed to Wired that Cosmo had in fact taken possession of Fred Phelps Jr.’s Twitter account. Phelps Jr. is the son of church leader Fred Phelps Sr. Cosmo took over the @WBCFredJR Twitter account via Phelps’ Hotmail account, which he gained entry to by forwarding the password-reset phone number on the Hotmail account to the phone number he controlled, according to Wired’s source. Previously, Cosmo had control of church spokesperson and attorney Shirley Lynn Phelps-Roper’s @DearShirley Twitter account for about 24 hours before the account was suspended. During that time, Wired’s source also claims that Cosmo remotely recorded gay porn to her DVR, before canceling her internet service. Westboro Baptist Church is notorious for picketing funerals of American soldiers killed in action in Iraq and Afghanistan. Last week the organization apparently announced its intention to protest at the funerals of the children killed at Sandy Hook Elementary in Newtown, Connecticut. Following the church’s announcement, the hacker collective Anonymous and others have targeted WBC members online, especially in ways that affect their ability to communicate and operate. […]
______________________________________________ Visit the InfoSec News Security Bookstore Best Selling Security Books and More! http://www.shopinfosecnews.org



Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Keeping data safe on a billion and a half cellphones

http://www.timesofisrael.com/keeping-data-safe-on-a-billion-and-a-half-cellphones/ By David Shamah The Times of Israel December 20, 2012 An Israeli company is responsible for nearly three quarters of the wireless software updates for cell phones around the world. Red Bend, which has developed a secure firmware over-the-air (FOTA) system, allows users to get automatic operating system and firmware updates on their cellphones. It’s used by more than 80 mobile operators and device manufacturers to manage updates on more than 1.6 billion mobile phones. This week Red Bend is on a new phone — LG Electronics’ new Optimus G smartphone, which will use Red Bend’s vRapid Mobile FOTA updating software and vDirect Mobile device management software. It’s the latest of more than 100 LG mobile phone models that are Red Bend-enabled, said the company. One of the reasons the world has migrated to smartphones — those all-in-one devices for talking, texting, surfing, game playing, and who knows what else — is their convenience, and the fact that users can be connected anywhere, anytime, without the need for tethering. All communications are done over the air, but over-the-air connections are notoriously insecure — insecure enough that companies fear that hackers, or industrial spies, could “poison” phone firmware with rogue files, causing usage failures and data theft. It was a problem Red Bend predicted back at the inception of the cellular age more than a decade ago, said Roger Ordman, Red Bend’s director of product marketing. “As people integrate devices more into their daily lives they become more dependent on them, and we are all increasingly concerned about the insecurity of our sensitive data on less than secure public networks,” Ordman said. […]
______________________________________________ Visit the InfoSec News Security Bookstore Best Selling Security Books and More! http://www.shopinfosecnews.org

Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Feds reportedly plan to prosecute hackers sponsored by other nations

http://arstechnica.com/security/2012/12/feds-reportedly-plan-to-prosecute-hackers-sponsored-by-other-nations/ By Dan Goodin The Register Dec 19 2012 US Justice Department officials plan to bring criminal charges against hackers, governments, and companies involved in nation-sponsored computer intrusions on US companies, according to a published report. “I’ll give you a prediction,” John Carlin, the principal deputy assistant attorney general in the national security division of the Department of Justice, told a DefenseNews reporter. “Now that we are having people look at bringing one of these cases, it’s there to be brought and you’ll see a case brought.” More than 100 prosecutors are being trained to participate in the new initiative, which is being organized by a little-noticed program known as the national security cyber specialist network. Prosecutors plan to work with agents in the FBI to find additional cases to bring. Prosecutors could possibly call on investigators in the National Security Agency, the Department of Defense, and other agencies for additional help. […] ______________________________________________ Visit the InfoSec News Security Bookstore Best Selling Security Books and More! http://www.shopinfosecnews.org

Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Stony Brook CS Hiring Multiple Tenure-Track Positions (Systems, Cyber-security etc)

Forwarded from: Stony Brook University (Multiple Tenure-Track Positions) Stony Brook Computer Science invites exceptionally qualified applicants for multiple tenure-track faculty positions for Fall 2013. Candidates in the following areas are particularly encouraged to apply: Cyber-security, Distributed Networking and Systems, Interactive Systems (e.g., HCI, Virtual Reality), Smart Environments (e.g., AI, Machine Learning, Embedded and Pervasive Computing), Smart Energy (e.g., Electrical Grid Security, Grid Networking, Green Computing), Biomedical Informatics and Healthcare IT. Applicants should hold a Ph.D. in Computer Science or a closely related discipline and must demonstrate superior research potential. The Department currently has 45 faculty members and is expected to recruit additional members in the next several years. There are five main research areas in the Department: computer systems, visual computing, logic programming/databases, concurrency/verification, and algorithms. The Department is in a stage of significant expansion, including a new Computer Science building, a recent Center of Excellence in Wireless and Information Technology (CEWIT) building, a recent Center of Excellence in Advanced Energy, along with new graduate programs at SUNY Korea. The Department is also associated with the New York Center for Computational Sciences (NYCCS) and the New York Blue supercomputer. Home to many highly ranked graduate research programs, Stony Brook University is located 55 miles from Manhattan on Long Island’s scenic North Shore. Stony Brook University is a member of the prestigious Association of American Universities (AAU) and co-manager of nearby Brookhaven National Laboratory (BNL), a Department of Energy multidisciplinary research laboratory. Applicants should apply online at: https://hiring.cs.stonybrook.edu. Review of applications will begin immediately and will continue until the position is filled. Stony Brook University/SUNY is an equal opportunity, affirmative action employer. ______________________________________________ Visit the InfoSec News Security Bookstore Best Selling Security Books and More! http://www.shopinfosecnews.org

Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Oracle’s Java security update lacking, experts say

http://www.csoonline.com/article/724327/oracle-s-java-security-update-lacking-experts-say By Antone Gonsalves CSO December 19, 2012 Oracle’s latest update of the Java Development Kit fails to go far enough in fixing the security-troubled platform, bringing only marginal improvements instead, experts say. Among the improvements in Java SE Development Kit 7, Update 10 (JDK 7u10) is the ability to use the control panel to prevent Java applications from running in browsers. Vulnerabilities in Java are a major target for cybercriminals hoping to infect computers with malware. That’s because hackers know many people do not keep the Java plug-in for browsers up to date, leaving old flaws open to exploitation. This has resulted in a high success rate for attackers. In 2011, an exploit integrated into the Blackhole toolkit, a hacker favorite, had more than an 80 percent success rate, according to HP’s security research division. Other improvements in JDK 7u10 include using the control panel to choose from four levels of security for unsigned applets, Java Web Start applications and embedded JavaFX applications that run in a browser. In addition, Oracle has added a dialogue box that will warn people when the Java plug-in needs to be updated to prevent exploits. […] ______________________________________________ Visit the InfoSec News Security Bookstore Best Selling Security Books and More! http://www.shopinfosecnews.org

Facebooktwittergoogle_plusredditpinterestlinkedinmail