From the Navy Times: Hackers access DFSA myPay accounts

By Rod Hafemeister - Staff writer

Posted : Saturday Mar 24, 2007 8:04:21 EDT



"SAN ANTONIO — Defense officials announced March 23 that nearly two dozen “myPay” users have had money redirected from their accounts in the past eight months by hackers who apparently accessed the service members’ home computers."



    If true this points to a serious breach of security, while the pay and finance inst a critical war infrastructure, it is secured in a similar manner to government network services such as N.M.C.I. (Navy, Marine Corp Intranet).



Also I like to point out that the pay system in question is a separate network from the war fighting infrastructure.



    Never the less, all Military network Admins and their associated sub-contractors need to pull a full up review of policy's and procedures and personnel training on these networks as intrusions like this have a nasty habit of being socially engineered, or perniciously through email phishing scams.



  





Powered by ScribeFire.

Powered by ScribeFire.

Live from slashdot: FAA May Ditch Vista For Linux

Posted by kdawson on 6:07 Wednesday 07 March 2007

from the hello-Google dept.



An anonymous reader writes "Another straw in the wind: following last week's news that the US Department of Transportation is putting a halt on upgrades to Windows Vista, Office 2007, and Internet Explorer 7, today comes word that the Federal Aviation Administration may ditch Vista and Office in favor of Google's new online business applications running on Linux-based hardware. (The FAA is part of the DOT.) The FAA's CIO David Bowen told InformationWeek he's taking a close look at the Premier Edition of Google Apps as he mulls replacements for the agency's Windows XP-based desktop computers. Bowen cited several reasons why he finds Google Apps attractive. 'From a security and management standpoint that would have some advantages,' he said."

powered by performancing firefox

Crack! Security expert hacks RFID in UK passport

Successful effort pulled data off document in mailing envelope
Jeremy Kirk

March 06, 2007 (IDG News Service) -- A security expert has cracked one of the U.K.'s new biometric passports, which the British government hopes will cut down on cross-border crime and illegal immigration.

If true this illustrates the dangers of naively putting RFID chips into not only passports but credit and debit cards as well. This could well be a huge economic boomerang that could hurt the very core of trust in government and in our economy. All an identity thief needs to do is scan the passport for the person's photograph and fingerprints and other biometric data on the rfid chips.

The problem is isn't if the the data will be stollen but when it will be. This data is too valuable when it is stored enmasse on a large centralized database. There are criminals who would love to "A" prove that the hack can be done and "B" make a tone of cash off of the reselling of your personal information. Also there are Criminals who will just sit reading news papers at the airport waiting for you to walk by with your passport and its rfid chip inside, while they sit there reading the rfid reader in their pocket is skiming your vital information right out of your passport.

Further since your at an airport, you obviously not on the no fly list, that makes you a prime candidate for an identity theft, by any of a hundred types of criminals from organized crime, terrorists, or just regular criminals swiping identitys for resale on the black market. You as a travel capable passenger are who they'll be looking for. This is the real problem of putting our information in such a convienient location, it makes it convienient for both the goverment and criminals to scrape all the data you have stored on the passport.

We really need to rethink this idea!

powered by performancing firefox

Hardware-based rootkit detection proven unreliable

OR how with the right amount of time and drive, nothing is totally safe

From a story by Ryan Naraine /Tracking the hackers

Apparently Joanna Rutkowska, a security researcher at COSEINC Malware Labs, an elite hacker who specializes in offensive rootkit research s found several ways to manipulate the results given to hardware-based solutions (PCI cards or FireWire bus).



The research, though theoretical, points to the need for multiple solutions (hardware and software) to work in tandem during forensics. It also highlights just how scary the threat from sophisticated rootkits can be. If, Rutkowska has proven this, forensic examiners then can't depend on images collected from RAM, then it's game over.



This is a terrifying prospect, I'll keep on this item as this could render any infected computer unuseable until the system is wiped and recovered. Well as long as the machine isn't a virtually machine rootkit'd you can recover it.

Trully interesting times.

powered by performancing firefox