Ad: Manage updates with the Download App
  • CNET
  • All krebs posts

krebs

Snap a photo with a turtle shell

Taxidermy and technology aren't two words you usually associate with one another, but Swiss artists Taiyo Onorato and Nico Krebs managed to make the two subjects collide in an unconventional series of works featuring cameras made out of the hallowed remains of books, armadillos, and turtles. Yes, you read that correctly.

Fortunately, no animals were harmed in the making of the series, as Onorato and Krebs sourced the creatures from flea markets and other uncommon outlets. … Read more

Who wrote the Flashback Trojan?

In September 2011, security companies first noticed a new malware scam for OS X, which posed as a fake Adobe Flash installer, and hence became known as Flashback. Unlike prior scams, this malware took on some new approaches to tricking users by infecting common browsers, disabling Apple's XProtect system, and eventually morphing into a Java-based exploit that resulted in approximately 600,000 Macs being infected worldwide.

The Flashback malware has been seen as one of the more widespread and successful attacks on the OS X platform, but while it was eventually snuffed out a year later, it left everyone … Read more

Security reporter hit by 'swatting' attack

"Swatting" is what you do to a fly that's buzzing around your head. But when that fly is respected security reporter Brian Krebs, swatting is what you do to him when you want to scare him and possibly cause him serious physical harm.

As recounted by Ars Technica this morning and later today by Krebs himself, the reporter was at home and cleaning his house when he opened his front door to come face-to-barrel with at least three guns, including a shotgun, handgun, and semiautomatic rifle; numerous police officers; and a half dozen police cars.

The term &… Read more

The 404 885: Where we weeze the juice (podcast)

"Woot" joins "jeggings," "mankini," "noob," and 400 other new definitions in the 12th edition of the Concise Oxford English Dictionary published today, but what happened to "glamazon," "hangry," and "retrosexual"?

Along with our suggestions for new slang to be added, we're also warning everyone about a privacy breach called juice-hacking and a virtual hit-man service that charges $10 an hour for DDoS attacks. And we talk about whether it's necessary to reboot or shut down your computer at night.

This, plus a handful of Calls From the Public on today's episode--enjoy!

The 404 Digest for Episode 885

'Woot' is officially a thing, according to Oxford English Dictionary. Beware of juice-hacking. Russians outsource DDoS attacks for $10 per hour. Is it necessary to restart or shutdown your laptop every night? Congratulations to Sir Ron for completing the maze we featured on yesterday's show!

Episode 885 Subscribe in iTunes (audio) | Subscribe in iTunes (video) | Subscribe in RSS Audio | Subscribe in RSS VideoRead more

Social networks--the new front in war on terror

Unnamed intelligence agencies and certain academics have yet to give up on data mining to identify terrorists and predict attacks, despite a 352-page tome published last year pronouncing the practice a waste of time.

The U.S. is spending "hundreds of millions of dollars" to develop techniques to mine the mountains of information gleaned from e-mails, telephone calls, interviews with suspects, and now social networks to build-up Facebook-style databanks on international terrorists, according to a recent piece in the British newspaper, The Independent.

The result has been the arrest and interrogation of "many thousands of innocent people&… Read more

Spam declines after hosting company shut-down

Internet hosting site McColo disappeared on Tuesday. Along with it went thousands of pieces of spam, thanks, in part, to investigative work by Washington Post reporter Brian Krebs.

For about four months, security experts have been collecting data about McColo Corp., a San Jose, Calif.-based Web hosting service that may have been used by by the cyber underground, according to the The Washington Post. Krebs said that the McColo hosting company had been responsible for up to 75 percent of all spam spent.

Security vendor MXLogic said it was seeing about a 50 percent decline in spam volume as … Read more

Black Hat says 'canceled' Apple talk never existed

This post has been updated with Charles Edge's response.

LAS VEGAS--On the eve of this year's Black Hat Briefings here, officials disputed a researcher's claim that his talk had to be canceled. They say the talk never even existed.

Last Thursday, researcher Charles Edge told Brian Krebs of The Washington Post that a talk on a previously disclosed flaw within the encryption for Apple FileVault had to be canceled because of a signed agreement with Apple.

The story had the individuals at Black Hat who handle the Call for Papers--the process by which a researcher submits a … Read more

Hundreds of Lithuanian Web sites defaced

Last weekend, several hundred Lithuanian Web sites were defaced with pro-Soviet and anti-Lithuanian slogans, according to The New York Times.

Last Friday, Lithuanian government sites were warned of an impending Web attack and mounted appropriate defenses. Several hundred commercial sites did not do so and over the weekend took the brunt of the attack. By Monday, most all of the sites had been restored.

As with last year's Estonian denial-of-service attacks, the new attacks appear to be in reaction to a law outlawing the display of Soviet symbols in Lithuania. Germany has similar laws outlawing the display of Nazi … Read more

Trojans exploit Mac OS X ARDAgent flaw

Building on the Trojan released last week, a group of hackers appear to be targeting the Mac OS X platform with more variations.

Last Thursday, Mac antivirus vendors Intego and SecureMac reported a serious vulnerability within the Apple Remote Desktop Agent (ARDAgent). It is part of the remote-management component of Mac OS X 10.4 and 10.5 and is owned by root. Thus, the ARDAgent executable runs this malicious code as root without requiring a password.

The Washington Post's Brian Krebs reported on Monday the presence of a hacker forum devoted to the development of Trojans around this … Read more

Convicted Ukrainian hacker starts political party

Would you hire a former criminal hacker? Better question: would you elect a former criminal hacker to political office?

Credit goes to Brian Krebs over at the Washington Post's Security Fix blog for recognizing that Dmitri Ivanovich Golubov, a 24-year-old from Odessa, has started the "Internet Party of Ukraine." Golubov, whose hacker nickname is "Script," was arrested and even jailed in 2005 in connection with Carderplanet.com, a site that bought and traded credit and debit card credentials. After only six months in prision, Ukrainian politicians convinced a judge to set Golubov free.

What's … Read more