Monthly Archives: March 2010

TSA Worker Tried to Sabotage Terror Database

0
Posted by Tech Paranoia on March 12, 2010 – 9:53 am
Filed under Hacks
Tagged as , ,

A former Transportation Security Administration contractor is being charged in Colorado for allegedly injecting malicious code into a government network used for screening airport security workers and others.

The malicious code, a logic bomb installed last October, was designed to cause damage and disrupt data on servers on an undisclosed date but was caught by other workers before it delivered its payload.

Douglas James Duchak, 46, had worked as a data analyst at the TSA’s Colorado Springs Operations Center, or CSOC, since 2004. The CSOC is used to vet people who have “access to sensitive information and secure areas of the nation’s transportation network,” according to the indictment. A source involved in the case said this involved screening of both passengers and workers at airports and other transportation facilities.

He pleaded not guilty in a Denver federal court on Wednesday and was released on a $25,000 unsecured bond. The indictment did not say whether the malware was crafted to erase or alter data, or simply disable servers.

The CSOC network stores updated information from the government’s terrorist watchlist as well as criminal histories from the U.S. Marshal’s Service Warrant Information Network.

Duchak’s job was to update the CSOC database as new information arrived from these two sources. But on Oct. 15, he was given two weeks’ notice that his job would be terminated.

About a week later, on Oct. 22, Duchak allegedly transmitted the malicious code onto a CSOC server that stored data from the U.S. Marshal’s Service, according to the indictment. The next day, he allegedly loaded malicious code to a server containing the Terrorist Screening Database. The source involved in the case said the servers “are part of the system that contains the no-fly list” and added that the code, if it had gone undetected, could have traveled to a facility in another state that uses a similar computer system.

Duchak has been charged in the U.S. District of Colorado with two counts of attempting to cause damage to a protected computer. If convicted, he faces a possible prison sentence of 10 years and a $250,000 fine for each count.

Duchak’s attorney, David Lindsey, disputes the government’s charges and says that the system Duchak worked on was a beta system used for testing statistical analyses.

“It wasn’t connected to anything that had to do with security,” Lindsey said. “Before anything he had his hands on left, it went to another system before it got into any live system that did screening. As I understand it, it is a system that does statistical analyses on the systems that are up and running. And when the tests are run, those are done at one level and then [go to] a second level and then at a final level before the analyses are verified and passed onto anything you would call a live system.”

Lindsey said the CSOC servers that were allegedly targeted for sabotage were used for screening workers primarily and were only “remotely, remotely” related to passenger screening, though he could not elaborate.

“The government has been very misleading in the indictment and press release as to any potential harm [this might have caused] to the public,” he said, adding that the alleged malware was not a virus and will ultimately be shown to have been “nothing.”

Source: Wired

Monoprice.com Offline After Fraud Complaints

0
Posted by Tech Paranoia on March 10, 2010 – 10:12 am
Filed under Security
Tagged as ,

Audio visual cabling giant monoprice.com shut down its Web site – possibly for the next couple of weeks – while it investigates the possible compromise of its customer credit and debit card information.

Vincent Lim, monoprice.com’s operations manager, said the company took the site offline around midnight on Friday, Mar. 5, after it received e-mails and phone calls from several customers complaining about fraudulent charges on their cards that they had used on monoprice.com.

“A few of our customers recently reported to us that information from credit cards they used on the Monoprice website had been misused,” Lim said. “We promptly began an investigation with the help of expert computer forensic investigators to determine if any card data had been stolen from our computers.”

To date, he said, investigators have found no evidence that card information has been stolen from Monoprice’s computer network. The site is now allowing customers to browse products, but Monoprice won’t be taking any new orders until the investigation is completed, Lim said.

“We want to ensure that there is no security vulnerability in any part of our computer network system. We notified local and federal law enforcement agencies, our credit card processing business partners, and all credit card companies that some of our customers reported concerns regarding their card information to us,” the company said in a statement that now frames the top of its Web site. “We also advised these entities that we are working with outside security specialists to determine if there was breach of our computer system. We will post additional information when it is available.”

Monoprice’s corporate page on Facebook.com features a number of interesting comments from customers, some of whom attributed recent fraudulent charges to the incident, while others are praising the company for being so forthcoming and providing continuous updates via Facebook.

Source: Krebson Security

Ubisoft confirms server attack

0
Posted by Tech Paranoia on March 8, 2010 – 9:35 am
Filed under Software
Tagged as ,

Ubisoft has revealed that the downtime of its DRM servers over the weekend was caused by an attack, making it difficult for gamers to play both Assassin’s Creed II and Silent Hunter 5 on PC.

“Apologies to anyone who couldn’t play ACII or SH5 yesterday,” said the publisher in a tweet. “Servers were attacked which limited service from 2:30pm to 9pm Paris time.”

Earlier Ubisoft said the server was having difficulty coping with “exceptional demand”.

Given the widespread negativity of Ubisoft’s latest DRM policy – requiring users to authenticate the game over the internet – it wouldn’t come as a surprise if the attack was orchestrated by members of the PC gaming community in protest.

Source: Videogamer.com

Severe IE vulnerability threatens Windows XP users

0
Posted by Tech Paranoia on March 1, 2010 – 10:02 am
Filed under Security, Software
Tagged as , , ,

News of a newly discovered bug in VBScript and Windows Help files in Internet Explorer that could allow a remote attacker to run an arbitrary command has reached Microsoft on Friday and they immediately sat down to investigate the matter.

After two days, they confirmed that this vulnerability “could allow an attacker to host a maliciously crafted web page and run arbitrary code if they could convince a user to visit the web page and then get them to press the F1 key in response to a pop up dialog box”, but that there has been no news about attacks exploiting it so far.

Maurycy Prodeus, the security analyst that discovered the vulnerability, says that Windows XP SP3 running IE 8,7 or 6 are vulnerable, and Microsoft assures that users running Windows 7, Windows Server 2008 R2, Windows Server 2008, and Windows Vista, are not affected by this issue.

Microsoft is yet to confirm when the fix will be released, but Computerworld reports that Prodeus himself offered a temporary solution: blocking TCP port 445. “However, it is worth to note that blocking this port doesn’t solve the problem, because there might be [an]other attacking vector, for example, uploading an arbitrary file to the victim’s machine at known path location using some third-party browser plug-ins,” he said.

Source: Help Net Security

http://www.net-security.org/secworld.php?id=8935

Microsoft to drop support for Vista SP0 and XP SP2

0
Posted by Tech Paranoia on March 1, 2010 – 9:59 am
Filed under Software
Tagged as , , ,

Microsoft has stated that it will drop support for Windows Vista (Service Pack 0) on April 13th, 2010 and Windows XP (Service Pack 2) on July 13th. If you are still running these versi0ns, it is time to update.