Some U.S. airports back to normal after computer glitch

Firefox plug-in warns of compromised Internet connection

A new software released as a browser plug-in by researchers at Carnegie Mellon University's School of Computer Science and College of Engineering provides an additional layer of security to warn users of potential eavesdropping when connections to secure websites are established. While the tool quietly resides in the corner of the browser windows and may not be noticed most of the time, it may become an important tool that can verify that a secure connection, for example when visiting a bank website, in fact is free from an attack.  

Red Hat hack prompts critical OpenSSH update

Intel’s upcoming “Kill Pill” stops laptop thieves and ninjas

Laptop theft is a nightmare for businesses and individuals alike and it’s often said that the most valuable part of a laptop isn’t the drive or the screen, but your data.  Yesterday, Intel’s executive vice president and general manager of the mobility group, Dadi Perlmutter, demonstrated an upcoming anti-theft technology that promises to track, disable and even scramble the data on the laptops.  Coincidentally, a not so stealthy ninja ran up to the stage and stole Perlmutter’s laptop during the demo.  But never fear, Intel’s “Kill Pill” is here.

Microsoft issues massive security update for Windows, Office

Defcon’s Wall of Sheep eats iPhones for breakfast, lunch and dinner

Smartphones are great for texting and surfing the web, but many of those applications have absolutely no security according to security researchers at the recently completed Defcon computer security conference.  Volunteers at the Wall of Sheep told TG Daily that mobile application developers are emphasizing usability over security.  They add that many secure desktop applications become unsecure when ported over to the smartphone environment.

Transit Authority jumps in front of train, publishes confidential white paper

Court cases are a wonderful thing because almost all the evidence and filings become public record.  The Massachusetts Bay Transit Authority is suing MIT University and three students for hacking its fare system.  The three students, Zack Anderson, 21, Alessandro Chiesa, 20 and Russell”RJ” Ryan, 22, were also hit with a temporary restraining order that forbids them from giving their scheduled speech at Defcon on Sunday afternoon.  But unfortunately for the MBTA, its attorneys included a confidential white paper about the hack … a paper that was supposed to be, well, confidential.  Of course, we’ve included that document below.

Massachusetts Bay Transit Authority given restraining order, but still an epic fail

The Massachusetts Bay Transit Authority has been granted a temporary restraining order against three MIT hackers who were scheduled to give a Defcon talk.  Zack Anderson, RJ Ryan and Alessandro Chiesa were scheduled for a Sunday talk about hacking the Boston subway card in order to get free rides, obviously the Transit Authority doesn’t want this information made public, but in getting the TRO, the authority’s attorneys have ineptly released much more information than perhaps they originally intended.

Massachusetts transit authority sues Defcon subway hackers

Three MIT students probably won’t be giving their scheduled Defcon speech on getting free subway rides.  The Massachusetts Bay Transit Authority – the agency in charge of the Boston T subway – sued the trio for computer fraud and requested a temporary restraining order to prevent them from presenting the talk.

Death from the mailroom – iPhone hacks your company from the inside

The Apple iPhone is great for phone calls and viewing YouTube videos, but it can also be turned into one heck of a wireless hacking tool capable of wrecking havoc on almost any company or government organization from the inside.  In a talk at the Defcon security convention, Robert Graham and David Maynor of Errata Security explained how they could defeat firewalls, intrusion detection systems and even armed security guards by Fedexing a modified iPhone to a fictitious employee.   The phone calls home every hour and can then be instructed to sniff network traffic, discover nearby wireless devices and even download information.

Banned French reporters skip out on press conference

The three French reporters who were banned for sniffing traffic in the Black Hat press room have skipped out on a scheduled press conference at Defcon.  The trio captured the login data of other reporters, but say the whole thing was done as a joke and wanted to explain their position at 2PM today.  Well, it’s now almost 3 PM and they haven’t shown up.

Apple’s secret iPhone kill switch a step too far?

An iPhone enthusiast discovered a kill switch that enables Apple to wipe a malicious or unauthorized iPhone application even after it has been paid for and installed on a user's iPhone. It did not take long for the information to spread and questions over the secrecy and purpose of the feature are being asked. While some argue that the blacklisting feature isn't in best interest of iPhone users, others believe it is effective weapon that can quickly kill potential malware and viruses hidden in legitimate applications. And yes, you guessed it right, Apple has not said anything yet.

Reporters booted from Black Hat for hacking

Three French reporters attending the Black Hat computer security conference have been banned for life for sniffing the press room network.  The hackers worked for a French security publication called Global Security Magazine and admitted to capturing login information of two other reporters covering the convention.  Our legal sources tell us the three could face federal charges for wiretapping.

Wall of Sheep catches security pros at Black Hat

The security pros at Black Hat got a little surprise this year with the appearance of the infamous Wall of Sheep.  Run by a loose group of volunteers, the wall displays usernames, passwords (partially obscured) and services sniffed from the wireless network.  This is all done in the name of security awareness and several security pros have already been caught.

Black Hat friendly fire – press on press hacking

The press at the Black Hat and Defcon conventions have always been somewhat exempt from hacking, but today we saw journalist on journalist hacking with editors from Eweek and News.com as the victims. Traditionally, the press room network has been relatively secure because the Wall of Sheep team promised to not sniff the reporters, but that promise didn’t extend to another reporter who fired up Cain and began scanning traffic. He quickly found two of his competitors on the network, logging into their respective administrator panels. 

Consumer Reports says Apple users should drop Safari, for now

Consumer Reports has published its annual State of the Net survey and found that one of the most common “online blunders” is to believe that a Mac will shield you from malware threats, such as phishing scams. The magazine zeroed in on Apple’s web browser and said that users should use Firefox or Opera until Apple improves the security features of its web browser.

Security guru describes DNS flaw, says Internet Armageddon narrowly averted

The Internet relies on trust, but what if all that trust comes tumbling down?  That’s exactly the problem noted security researcher Dan Kaminsky described today in his Black Hat talk about DNS cache poisoning.  Several months ago, Kaminsky discovered a vulnerability in the DNS protoctol that allowed bogus name information to be sent to other servers and desktop computers – in essence hackers could redirect web surfers, chat clients and even email servers to machines of their choosing.  Specific details about the vulnerability and the ways to exploit it have been kept secret until today …

Let the (War)games begin! Black Hat and Defcon hacking conventions begin

For the next week, the brightest computer security minds are meeting in Las Vegas to drum up new ways of breaking into and protecting networks.  The annual pilgrimage can be described as a temporary truce between the forces of good and evil as federal agents and corporate security officers try to learn the most from their black hat cousins.  Of course, like in previous years, TG Daily will be covering the event.

Olympic tourists advised to go naked

Countrywide employee in massive data heist case