NEWS - May 30, 2011

Hacktivists Scorch PBS in Retaliation for WikiLeaks Documentary

A hacker group unhappy with PBS Frontline's hour-long documentary on WikiLeaks has hit back at the Public Broadcasting System by cracking its servers, posting thousands of stolen passwords, and adding a fake news story to a blog belonging to the august PBS Newshour.

On Sunday night, visitors to the Newshour website read the news that famed rapper Tupac Shakur had been found "alive and well" in New Zealand. The false story (Tupac died in 1996) was indexed by Google News, and spread rapidly through Facebook and Twitter, even after PBS pulled it down. "Again, our site has been hacked - please stay with us as we work on it," read one of the Newshour's several tweets responding to the incident Sunday.

The anonymous hacking group Lulzsec claimed credit for the attack in its Twitter feed, where it linked to several pages displaying information stolen in the hack. A calling card the intruders installed at was still live by 2:00 a.m. EDT. The text read "All your base are belong to Lulzsec." The title of the page was "FREE BRADLEY MANNING. F CK FRONTLINE!"

Continued :

Also: hacked... LulzSec targets Sesame Street?
Discussion is locked
Reply to: NEWS - May 30, 2011
PLEASE NOTE: Do not post advertisements, offensive materials, profanity, or personal attacks. Please remember to be considerate of other members. If you are new to the CNET Forums, please read our CNET Forums FAQ. All submitted content is subject to our Terms of Use.
Reporting: NEWS - May 30, 2011
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
- Collapse -
Hackers break into Lockheed Martin

On Friday, Reuters news agency reported that unknown hackers have managed to break into the networks of arms manufacturer Lockheed Martin as well as those of other US military contractors. According to the report, the intruders exploited the information about cryptography specialist RSA's SecurID products that was seized by hackers during an attack in March. It is currently unclear whether the intruders actually managed to obtain valuable information; however, the fact that all the systems attached to the network are likely to contain documentation relating to weapons systems which are currently in use, or are in development, doesn't bode well.

The US Defense Department reportedly told Reuters on Saturday that it was working with Lockheed to determine the scope of the attack. Lockheed confirmed, in a statement, that it had detected a "significant" attack on its network on 21 May and had reacted "almost immediately" to institute counter measures; it said that its "systems remain secure". The company is currently investigating the attack but is already claiming that "no customer, program or employee personal data has been compromised". It is still working to restore employee access to its network.

Continued :

- Collapse -
Honda Canada loses 283,000+ records, now faces lawsuit

Honda Canada disclosed the loss of more than 283,000 records this week. Letters mailed to affected customers explained that the information was stolen in March when hackers broke into the myHonda and myAcura websites.

Honda waited over two months to notify its customers, claiming it needed to assess the gravity of the situation and determine exactly what data may have been stolen. While it is important to determine the facts, Honda appears to have been less forthright than they claim.

The letter mailed to Honda customers stated:

"The incident involved the possible improper access of information, as held in our records in 2009, specifically your name, address and Vehicle Identification Number."

A few days later they then appended the statement on their website to say:

"and in a small number of cases, Honda Financial Services ("HFS") account numbers."

The Toronto Star reports that this has triggered a class action lawsuit on behalf of affected customers. The lawyers are suing for $200 million in damages for failure to protect personal and confidential information and failure to notify customers in "a reasonable amount of time."

Continued :

Related: Honda Canada warns customers of data breach

- Collapse -
Third-Party Update Leads to Skype Malware Scare

Skype users thought they were being targeted by a worm this weekend when a piece of software suddenly installed itself on their computers through the VoIP client.

The application, called EasyBits GO, was delivered as a Skype Extras update and left a lot of users baffled over its purpose or origin.

"I know that I was never asked, nor given information about it before it was not only installed on my machine, BUT RUNNING in the background.

"Everyone I know who has Skype is kind of sitting around saying 'WTF?!?' on Facebook and forums and trying to research this piece of garbage," one user wrote on the Skype forums.

Because of the suspicious behavior and the fact that people had trouble removing it from their computers after the installation, some users understandably flagged it as a worm.

It turns out the program belongs to EasyBits Media, the company which created Skype Extras, a framework for games and other apps bundled with Skype since 2006.

"Given the popularity of our Skype Game channel, EasyBits Media is currently expanding this service by launching the GO Games platform which will add more features and games to satisfy the growing demand of our gaming community," the company announced on Saturday.

However, Skype admitted that the aggresive delivery method was wrong and disabled the update temporarily. "This latest update from EasyBits included elements of their desktop games organizer in error, but it neither installs nor un-installs correctly," Skype spokesperson Jennifer Caukin said.

Continued :

- Collapse -
Combating social engineering tactics, like cookiejacking, ..
Combating social engineering tactics, like cookiejacking, to stay safer online

From the Windows Security Blog:

You may have seen articles recently that highlight a social engineering technique called "cookiejacking" and how a particular instance may currently affect Internet Explorer.

It's important to note that we have not seen widespread attacks related to this specific case. However we take security very seriously and to ensure customers are protected, we are working on an update to Internet Explorer.

Cookiejacking is a variant of an industry-wide attack type known as clickjacking. All Internet browsers are potentially susceptible to clickjacking which is a form of social engineering attack, so as well as talking about this issue we wanted to highlight some more general best practices for staying safe online.

We also wanted to put this specific issue in context. In order to be exposed to risk a number of things would need to happen. You'd need to be tricked into interacting with malicious content on a website. Only after this could a third party steal cookies from a website that you were previously logged into. While this threat has been demonstrated by a security researcher, to date we are not aware of any actual attacks online.

The InPrivate Browsing feature in Internet Explorer will prevent cookies from earlier browsing sessions being stored on your PC, and mean they are not vulnerable to cookiejacking even in the circumstances described.

Continued :

Related: Microsoft downplays IE 'cookiejacking' bug
- Collapse -
Googles Docs Found Hosting Phishing Sites and ..
Googles Docs Found Hosting Phishing Sites & Other Questionable Forms

The security researchers at F-Secure have discovered several phishing sites hosted on Google Docs, Google's online office suite. This is not an uncommon occurrence, it seems. According to a new blog post on the security firm's site, the team says "we regularly see phishing sites via Google Docs spreadsheets and hosted on"

The dangerous thing about these attacks is that they're hosted on a domain, which gives these nefarious pages an air of legitimacy. One form even had the researchers themselves stumped as to whether it was phishing or not!

Because the phishing sites are on the domain, they have a valid SSL (secure sockets layer) certificate. In other words, your Web browser won't be able to warn you that you're about to proceed to an untrustworthy, unsafe site, as many browsers do today, including Google Chrome. Instead, a click on the green icon in the address bar will confirm that "the identity of this website has been verified by Google Internet Authority." [Screenshot] [Screenshot] [Screenshot] [Screenshot]

While researching the many examples of Docs-hosted phishing sites, the F-Secure researchers came across this form (see below), which asks for your Google Voice number, email address and the secret PIN code on your account. It appears to be a phishing site, but oddly, at least one Google employee was found to have linked to the form on online Help forums.

Continued :
- Collapse -
A 419 scam via snail mail

One of the researchers in SophosLabs waltzed up to my desk the other day and said:

"Would you like to see the latest 419 scam?"

"Sure!" I replied, and out of his back pocket he plucked an envelope and a neatly printed letter. [Screenshot: Letter]

Yep, it's a 419 scam via snail mail - sent via the postal service to land on your doormat rather than emailed into your inbox.

The gentleman who contacted my colleague calls himself Tim Wu, and claims to be a private investment manager based in Hong Kong.

It seems that a former client of his (who had the first name "Anderson" and came to a sticky end in a hiking accident in mainland China) didn't leave a will, and because there is no next of kin some of his $21 million fortune could be coming to my colleague here at Sophos instead!

Speaking as someone who is still waiting for the three million euros that Bill Gates awarded me earlier this year, I have to admit to some skepticism.

Tim Wu is offering to split the money 50:50 with my colleague - claiming "this practice is not unusual in the banking sector here in my Country China".

He continues:


- Collapse -
Did you get a YouTube illegal video warning too?

BitDefender's Malware City Blog:

Delete it, it's fake!

A few days ago, I received in my inbox something that appeared to be a notification from YouTube regarding some not-too-ok content that I'd uploaded and broadcast through my channel. Weird thing, this actually arrived on the same e-mail address that I used to register on the video sharing platform so it seemed to be quite legit. Quite, but not entirely, as you can see in the screenshot below. [Screenshot]

Aside from the telegraphic style, which is odd enough for such an important legal issue as the one invoked by the alleged warning, what struck me was that any of the links purporting to lead to the video sharing platform actually directed me towards a Web site registered in Spain. To make sure, I logged in to my YouTube account and, as I had suspected, there was no such thing as a warning or any other message from the platform administrators.

Where was I supposed to land if I had followed the links in the spam e-mail? As you can see below, my destination would have been the Web page of a "drugstore", which, judging by the flag in the background of the header photo, is probably a sibling of the old Canadian pharmacy pages that allegedly sell all sorts of male potency enhancements pills.

Continued :

CNET Forums