[ISN] Gov’t red-faced as card data leaks lead to thefts

http://koreajoongangdaily.joins.com/news/article/Article.aspx?aid=2987770 Korea JoongAng Daily April 11, 2014 Fear of hacked personal information being used in financial fraud and leading to actual losses, which the financial authorities promised was unlikely to happen, has been realized. As a result, public mistrust and frustration is growing over the assurances by the financial authorities. Yesterday, the financial authorities issued a warning to the public after personal information of 200,000 credit card accounts was hacked via a point-of-sale card reader at a cafe in Mokpo, South Jeolla. Information about 200,000 credit card accounts was leaked since January from that single cafe, and the hackers withdrew cash to 268 accounts before they were caught recently. […]




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Who is Robin Seggelmann and did his Heartbleed break the internet?

http://www.smh.com.au/it-pro/security-it/who-is-robin-seggelmann-and-did-his-heartbleed-break-the-internet-20140411-zqtjj.html By Lia Timson smh.com.au April 11, 2014 German computer programmer Robin Seggelman has been outed as the man whose coding mistake, now known as Heartbleed, has left millions of internet users and thousands of websites vulnerable to hackers. The discovery, by Google engineers, has prompted experts to call on people to change their passwords to most, if not all, websites they subscribe to after site owners have fixed their vulnerabilities. Dr Seggelman, 31, from the small town of Oelde in north-west Germany, is a contributor to the Internet Engineering Task Force (IETF), a not-for-profit global group whose mission is to make the internet work better. He is attached to the Munster University of Applied Sciences in Germany, where, as research associate in the networking programming lab in the department of electrical engineering and computer science, he has published a number of papers, including his thesis on strategies to secure internet communications in 2012. He has been writing academic papers and giving talks on security matters since 2009, while still a PhD student. Advertisement His academic research influence index score of two, based on the number of scientific citations of his work, suggests an influential thinker at the early stages of his scientific career. According to the IETF, Dr Seggelman previously worked for Dutch Telecom IT services subsidiary T-Systems, possibly the largest such consultancy in Germany. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Hacker exposes ’embarrassing’ weakness in Met’s online security

http://www.telegraph.co.uk/technology/internet-security/10753180/Hacker-exposes-embarrassing-weakness-in-Mets-online-security.html By Theo Merz The Telegraph 10 Apr 2014 A computer security expert took less than two minutes to exploit an “embarrassing” flaw in the Metropolitan Police’s website, which he claims could have left computer users vulnerable to malicious attacks. Ilia Kolochenko, a consultant who is employed by companies to find weaknesses in their systems, said it took just 90 seconds to find a vulnerability which allowed him to create a fake page under the Met’s domain name. A malicious hacker could have exploited this to create a page asking members of the public for personal information, or one injecting malware, which would have been impossible to distinguish from a genuine police link. “I couldn’t access the Met’s police database, but I could very easily create a new link for the site,” the 27-year-old said. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Whitehat hacker goes too far, gets raided by FBI, tells all

http://arstechnica.com/tech-policy/2014/04/whitehat-hacker-goes-too-far-gets-raided-by-fbi-tells-all/ By Sean Gallagher Ars Technica April 9, 2014 A whitehat hacker from the Baltimore suburbs went too far in his effort to drive home a point about a security vulnerability he reported to a client. Now he’s unemployed and telling all on reddit. David Helkowski was working for Canton Group, a Baltimore-based software consulting firm on a project for the University of Maryland (UMD), when he claims he found malware on the university’s servers that could be used to gain access to personal data of students and faculty. But he says his employer and the university failed to take action on the report, and the vulnerability remained in place even after a data breach exposed more than 300,000 students’ and former students’ Social Security numbers. As Helkowski said to a co-worker in Steam chat, “I got tired of being ignored, so I forced their hand.” He penetrated the university’s network from home, working over multiple VPNs, and downloaded the personal data of members of the university’s security task force. He then posted the data to Pastebin and e-mailed the members of the task force anonymously on March 15. One day later, the FBI obtained a search warrant for Helkowski’s home. While no charges have yet been filed against him, Helkowski’s employment with Canton Group has ended. And yesterday, he took to reddit to tell everyone about it in a post entitled “IamA Hacker who was Raided by the FBI and Secret Service AMAA!” To prove his identity, he even posted a redacted copy of the search warrant he was served. How did the FBI track him down so fast? It turns out that Helkowski told just about everyone (including co-workers) about what he was doing. And since the vulnerability he used was the same one Canton Group had reported to UMD on February 27, it didn’t take a lot of sleuthing to follow a trail that pointed straight back to Helkowski’s home in the Baltimore suburb of Parkville. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail