|
Ultrasaur Blog
Keeping track of exciting new threats to your digital records.
Posts Tagged ‘hacking’
Monday, July 13th, 2009
Apparently this is old news in the security world, but in a world where critical passwords are still on post-it notes on the monitor, it’s still interesting. Hackers can read your keystrokes through the power grid, Currently it’s only been proven to a distance of about 15 meters which means they have to get access to an outlet in the same building, even if it can be floors away. And the researchers claim this is done with only $500 in equipment, so it stands to reason that specialized equipment could do better.
The Slashdot discussion points out that defenses against this technology were declassified over 20 years ago. (See TEMPEST.)
Most importantly, there’s a fun way to try this at home if you have a CRT monitor and a short wave radio (unfortunately I have neither), Tempest for Eliza is a program that will do essentially the reverse of this hack — vary what’s being shown on your monitor to do something specific with the leaking electromagnetic waves: playing a song in a short wave radio frequency.
Tags: hacking, privacy, techniques
Posted in hackers | No Comments »
Thursday, June 11th, 2009
Not entirely counter-intuitive, but there’s a new study out showing that different industires suffer data breaches in different proportions (but still suffer them).
The Health Care and Social Assistance sector reported a larger than average proportion of lost and stolen computing hardware, but reported an unusually low proportion of compromised hosts. Educational Services reported a disproportionally large number of compromised hosts, while insider conduct and lost and stolen hardware were well below the proportion common to the set as a whole. Public Administration’s proportion of compromised host reports was below average, but their proportion of processing errors was well above the norm. The Finance and Insurance sector experienced the smallest overall proportion of processing errors, but the highest proportion of insider misconduct. Other sectors showed no statistically significant difference from the average, either due to a true lack of variance, or due to an insignificant number of samples for the statistical tests being used.
Source: Interhack (Full study as a PDF)
Tags: attacks, fraud, hacking, statistics
Posted in hackers | No Comments »
Friday, May 29th, 2009
Another reminder that everyone is susceptible to hacking:
The hackers, who collectively go by the name “m0sted” and are based in Turkey, penetrated servers at the Army’s McAlester Ammunition Plant in McAlester, Okla., and at the U.S. Army Corps of Engineers’ Transatlantic Center in Winchester, Va.
The hacks are troubling in that they appear to have rendered useless supposedly sophisticated Defense Department tools and procedures designed to prevent such breaches. The department and its branches spend millions of dollars each year on pricey security and antivirus software and employ legions of experts to deploy and manage the tools.
Tags: government, hacking, stub
Posted in worldnews | No Comments »
Monday, March 30th, 2009
KPMG weighs in to remind us that employees do commit fraud
The E-crime Survey 2009, presented at the E-Crime Congress in London on Tuesday, surveyed 307 private companies, government organizations, and law enforcement agencies.
In the survey, KPMG said that fraud committed by managers, employees and customers tripled compared to 2007, which indicates that the recession will likely only exacerbate those problems.
Tags: crime, hacking, stub
Posted in Uncategorized, misc | 1 Comment »
Thursday, March 5th, 2009
IT Worker Indicted For Setting Malware Bomb At Fannie Mae: “a malicious script buried in a legitimate script”…. “Industry experts warn that such exploits may become more common”.
We’ll be making our beta public as soon as possible.
Tags: crime, hacking, stub
Posted in legal, record falsification | No Comments »
Thursday, March 5th, 2009
Australian police now have the ability to “hack into [a suspect's] computers for up to three years without their knowledge.”
Australian legal processes are not my forte, but if this trend continues, that’s one more risk going on with your network: even if their intent is only to read the files accidental changes can happen — especially since hacking attempts are almost by definition a violation of your system’s integrity.
The law apparently applies to “offences punishable by at least seven years’ jail, including … money laundering, hacking, organised theft and corruption.” Setting you up for the possible double whammy of having your records hacked and used against you, but the records you use in your defense being called into question since your system was hacked.
Tags: australia, hacking
Posted in legal | No Comments »
Saturday, February 7th, 2009
Regarding the recent multi-person ATM scam one line stuck out as especially scary from a data integrity perspective:
Somehow the group managed to remove the daily withdrawal limits usually imposed on the cards and accounts, allowing for multiple large withdrawals to be made.
Meaning that the team that managed to hack the system, were able to change more than just the data but also the rules of the system. If they were able to do that, it’s safe to assume they may have been able to tamper with records and safety audits to cover their tracks. There may be no way to determine which records in the system are legitimate clues and which have been altered.
Tags: crime, hacking, money lost, records
Posted in worldnews | No Comments »
|
|