Referers lead back to internal discussions
Tim Bray: Insecurity by Obscurity: A legal department’s weblog is open to the world, and easily discovered via referer logs.
software development, security, opinion
Archive for the ‘security examples’ Category.
Tim Bray: Insecurity by Obscurity: A legal department’s weblog is open to the world, and easily discovered via referer logs.
Two more scam victims tell their tales – theage.com.au:
“They transferred $20,000 to my bank account and then sent me details to transfer money via Western Union to some place in Russia,” he said. “I told them that it would take five working days to take the money out, as I wanted to make sure this money weren’t stolen.
One must note that, having given account information to a stranger, it’s amazing that these dolts have any money left at all.
The person who has coded both the client and the master server (I think that is the same person) is an intelligent person, with strong knowledge of technology, just because there are too many things involved: thread and network programming, mail server modification adding new commands, mask feature, reports, binary auto-removal, UPX compression, …, she also reads the security vulnerabilities mailing lists (bugtraq, full-disclosure, …), and somehow finds out another ones (I haven’t been able to find my vulnerability described in the Internet).
Linux Today: Debian Investigation Report After Server Compromises
Another source server compromise,
this one at Debian
Ed Felten in Freedom to Tinker: Flaky Voting Technology cites
The
Washington Post: Fairfax Judge Orders Logs Of Voting Machines Inspected regarding yet another specific example of a buggy or fraudulent voting machine in action, and concludes:
You could hardly construct a better textbook illustration of the importance of having a voter-verifiable paper trail. The paper trail would have helped voters notice the disappearance of their votes, and it would have provided a reliable record to consult in a later recount. As it is, we’ll never know who really won the election.
SecurityFocus: Banking Scam Revealed:
A single spam gang, using a unique bulk-mailing tool, appears responsible for the recent rash of financial fraud emails. This gang has targeted over a dozen financial sources, had dabbled in malware, and has struck over 20 times, showing what appears to be a serial pattern.
Attempts to report these findings to Citibank were unsuccessful, and Citibank was unavailable for comment. Citibank has publicly stated that they do not know who has been victimized by the Citibank scams, nor do they know how many victims [ref 10]. In truth, their web logs very likely indicate exactly who fell victim to the 16-Aug-2003 fraudulent Citibank scheme. In addition, Citibank may not be able to identify “who” fell victim on 25-Sep-2003 and 25-Oct-2003 to the second and third revisions of the fraud scheme, but Citibank can identify “how many” victims are likely. This is because the fraudulent web sites used HTML links that directly referenced the financial institution’s web site.
Financial Times: Crime gangs extort money with hacking threat:
Evidence of a new type of international extortion racket emerged on Tuesday with revelations that blackmailers have been exploiting computer hacking techniques to threaten the ability of companies to conduct business online.
Gangs based in Eastern Europe have been found to have been launching waves of attacks on corporate networks, costing the companies millions of dollars in lost business and exposing them to blackmail.
SecurityFocus: Wireless hacking bust in Michigan:
In a rare wireless hacking prosecution, federal officials this week accused two Michigan men of repeatedly cracking the Lowe’s chain of home improvement stores’ nationwide network from a 1995 Pontiac Grand Prix parked outside a suburban Detroit store.
Rick Alber, via
Dave Farber’s Interesting-People:
David Lazarus, an investigative business reporter for the San Francisco
Chronicle, had a series of 3 chilling articles about how companies
cannot maintain privacy protections when they send medical and tax
records overseas for processing. The folks on the IP list might like to
read about these recent developments:
- A tough lesson on medical privacy:
Pakistani transcriber threatens UCSF over back pay – Pakistani clerk threatens to reveal patient
medical information unless she receives additional pay.- Privacy takes a backseat – U.S. accountants are taking advantage of Indian
tax accounting services, shipping client information overseas for return
preparation, without informing clients.- A politician who reads the papers – California legislator proposes bill to prohibit
sending medical data overseas.