[SecurityRatty] tag: break-in

Web mail rivals at risk of password-reset hacks

Mon, 29 Sep 2008 00:00:00 +0000

Yahoo Mail isn't the only Web-based e-mail service that hackers could dupe into giving up passwords, the tactic that apparently was used to break into Alaska Gov. Sarah Palin's Yahoo account this month.

Yahoo, Hotmail, Gmail all vulnerable to password reset hack

Fri, 19 Sep 2008 20:00:00 +0000

Yahoo Mail isn't the only Web-based mail service that could be duped into giving up someone else's account password, the tactic that some have argued was used to break into Gov. Sarah Palin's e-mail earlier this week.

Hackers Claim To Break Into Palin's Yahoo Mail Account

Thu, 18 Sep 2008 07:00:02 +0000

Hackers say they have gained access to U.S. vice presidential candidate Sarah Palin's Yahoo account and published some of its contents on the Wikileaks Web site.Wikileaks today published several screenshots of Yahoo e-mail messages, e-mail addresses of Palin family members and associates, and other data that hackers claimed to have obtained.

Update: Hackers claim to break into Palin's Yahoo Mail account

Wed, 17 Sep 2008 09:00:00 +0000

Wikileaks claims to have published details from Republican vice presidential candidate Sarah Palin's personal Yahoo account.

Neo-Nazi Forum Blood & Honour Hacked By German Anti-Fascist Group, 800MB Of Content Available For Download

Mon, 01 Sep 2008 18:27:17 +0000

German anti-fascist hackers have broken into the secure forum server of one of the world’s largest neo-Nazi groups, Blood & Honour, and copied more than 30,000 pieces of data. Members of Daten-Antifa managed to break the access codes of the forum last week. They copied roughly 800MB of data, including information that was only available [...]

TSA Follies

Thu, 21 Aug 2008 05:12:22 +0000

They break planes:

Citing sources within the aviation industry, ABC News reports an overzealous TSA employee attempted to gain access to the parked aircraft by climbing up the fuselage... reportedly using the Total Air Temperature (TAT) probes mounted to the planes' noses as handholds.
"The brilliant employees used an instrument located just below the cockpit window that is critical to the operation of the onboard computers," one pilot wrote on an American Eagle internet forum. "They decided this instrument, the TAT probe, would be adequate to use as a ladder."

They harass innocents:

James Robinson is a retired Air National Guard brigadier general and a commercial pilot for a major airline who flies passenger planes around the country.
He has even been certified by the Transportation Security Administration to carry a weapon into the cockpit as part of the government's defense program should a terrorist try to commandeer a plane.

But there's one problem: James Robinson, the pilot, has difficulty even getting to his plane because his name is on the government's terrorist "watch list."

It's easy to sneak by them:

The third-grader has been on the watch list since he was 5 years old. Asked whether he is a terrorist, he said, "I don't know."
Though he doesn't even know what a terrorist is, he is embarrassed that trips to the airport cause a ruckus, said his mother, Denise Robinson.

[...]

Denise Robinson says she tells the skycaps her son is on the list, tips heavily and is given boarding passes. And booking her son as "J. Pierce Robinson" also has let the family bypass the watch list hassle.

And here's how to sneak lockpicks past them.

Snooping into a co-worker's e-mail? You could be arrested

Sat, 02 Aug 2008 20:00:00 +0000

Ever pass by a co-worker's unattended computer and consider taking a peek at her e-mails? Or have you ever thought it would be a funny prank to figure out your cube mate's e-mail password and break into his work account to mess with him?

For your hacking pleasure - Cold Boot utilities released!

Wed, 23 Jul 2008 09:32:00 +0000

Interesting news over the weekend. Looks like one of the original researchers from the Princeton Cold Boot attack work, Jacob Applebaum, published all the utilities they used to break full disk encryption products.

We, at BitArmor, have talked a bit about cold boot and how we protect against it. Our CEO Patrick and a few of our senior engineers will be presenting at Black Hat on techniques to prevent this attack - check out his perspective as well from his Princeton days.

Is that black box technology?

Sun, 22 Jun 2008 19:32:31 +0000

Dr Anton has a short to the point post up about a conversation he had with someone recently. The bought a "security appliance" (and I use that term loosely) that is just off the shelf hardware with Linux/BSD and some security software. The vendor however refuses to give the customer who bought the frigging box the root password! Root password is shared among vendor's support people only!

Dr Anton want to know if somebody is insane. I am afraid the answer is yes. Too many vendors do this to add a layer of mystique to their "black box, purpose built" schtick. Give me a break. If you buy a box and you can't have root password to it, either give it back or use it as a flowerpot!

Great article about keeping your kids safe online

Sat, 14 Jun 2008 12:02:24 +0000

Part 1 of 2 nicely written articles written by someone at Trend Micro. The article is not driven at selling you a product, just real good advice. Take the time to read em.

clipped from newsletters.trendmicro.com

Threat Landscape (Part I)

Keeping Your Kids Safe from Unwanted Content and Contact

The Internet is now an integral part of everyday life for most people. And within a short period of time, it has evolved from simply a tool for accessing information and conducting communication and commerce to becoming a significant venue for social activity and interaction. For many young people who have never known a world without the Internet, it is also a vehicle for self-expression, a source of entertainment, and a creativity and distribution tool unimaginable by previous generations. As most schools approach the summer break, young people will have more time on their hands – time to further experiment online.