What makes this hacker conviction story interesting is the circumstances under which a British computer consultant found its way on a tsumani relief site and how he "hacked" into it. The conviction was in a District Court in the UK under the British Computer Misuse Act of 1990.

According to the story, Cuthbert [the convicted hacker] initially told authorities that he donated money to the tsunami relief efforts by using the text-only browser Lynx, which in some cases may have a different footprint than a normal graphics-based browser. However, in court on Wednesday, Cuthbert changed his story and said that he made a £30 donation to the website after clicking on a banner ad. When he didn’t received "thank you" or any other confirmation, he suspected that he might have fallen victim to a phishing scam so he decided to check himself and carried out two tests to check the security of the site.

Cuthbert’s defense then was that he only "knocked" on the door of the site, without entering, even though he had the skills to enter, if he wished to do so. However, Judge Purdy found him guilty despite his spotless record and ambiguous story - one of the main arguments that the judge put forward was that Cuthbert had changed his story and tried to mislead the police during the investigation.

The British Computer Misuse Act of 1990 [Wikipedia], §1 states that it is an offence to make "unauthorized access to computer material." In addition to an extremely broad wording, the act does not place any burden on the prosecution to prove that the accused had intended to cause any damage.

Do you want to be an "UnGoogleable?" For most of us, it may be too late as the cat is out of the bag, but with some advance planning and careful data entry anonymity online is not that hard. Are you surprised that spam that reaches your email knows too much about you already? Or are you worried that your personal information posted in a resume somewhere is now being used to social-engineer your identity? These are valid concerns, and I would even call them ‘vulnerabilities’ of our online presence. Making purchases online, posting a resume, participating in an online forum, or even blogging can reveal a lot about a person. If all this information is combined, a pretty good profile, often with personal information, can be obtained.

But how can we become "unGoogleable?" There are few simple ways - avoid posting your information in the open Internet (even password protected sites may count here,) avoid making purchases from untrusted e-commerce sites, don’t post your resume on an unprotected site, don’t supply your name unless you have to, use an alias that is not an easy derivative of your name or email address, etc.

For the rest - there is little you can do - owning a phone, having a bank account, is not really an option these days. But even then, you might be able to contact and make the custodians of your information to remove it from a public site - or otherwise engage in an activity called Privacy Activism.

[Via Wired News -]

This story sounds disturbing. According to computer security researchers at Pennsylvania State University, malicious hackers could take down cellular networks in large cities by inundating their popular text-messaging services with the equivalent of spam.

In essence, the attack is done by sending a large amount of text messages over wireless telephone network. By pushing 165 messages a second into the network "you can congest Manhattan."

Is this true? Apparently, so. Mobile operators have acknowledged that such network jamming is a possibility, but they claim that they have developed systems to prevent effective attacks on their networks. The fact that we haven’t seen an outage caused by such attack may show that they are correct, or may also show that attackers haven’t hit hard enough.

"If you’re not prepared, that could happen," said Brian Scott, senior
manager for wireless messaging operations at Sprint. "If you are
prepared and you have means in place to identify, detect and mitigate
that, it’s not as much of a concern.

[Via CNET News.com, United States -]

Interesting change of tactics by virus writers - instead of blanketing the Internet with virus attacks, an increasing number of viruses are starting to be more targeted and "quiet" in nature. One possible explanation is that having a virus with a smaller "footprint" decreases the likelihood of quick detection and protection. Many anti-virus software manufacturers try to use their resources and cover the "major" offenders first, thus allowing a "quieter" virus more time before it is detected.

The types of attacks that we’re seeing is all wrapped up in the fact that virus writers are no longer in it just to make a name for themselves. They’re in it for the money. And new motive means new means of aggression.

[Via InternetNews.com -]

It may be obvious to many, but it is worth repeating. Follow the 10 steps to a secure wireless network and you will sleep (at least in theory) easier at night.

1. Use encryption - chances are bad guys won’t bother breaking it.
   
2. Use strong encryption - in case they are trying to break it, make it harder for them.
   
3. Change the default admin password - avoid using ‘password as the password.
   
4. Turn off SSID broadcasting - don’t ’shout’ to everybody in the neighborhood "come and try me."
5. Turn off WAP when not in use - do you leave your TV on running when you are not at home?
   
6. Change your default SSID - yes, there are at least 50 other ‘linksys’ stations around, and they are easier to find.
7. Use MAC filtering - you give keys to your home only to trusted people - do the same with the wireless network.
8. Isolate the wireless LAN from the rest of the network - why did you think Titanic sank? Create levels of protection.
9. Control the wireless signal - unless you want to power the whole city, there is no need to use signal amplifiers.
10. Transmit on a different frequency - this is why we haven’t intercepted the aliens yet
    

Read the full text here - ZDNet UK, UK

Sony knows the game can’t be won, but it keeps trying..

The company is preparing another update to the PSP firmware to fix a
recently disclosed bug that lets hackers downgrade the PSP system
software and run their own, so-called homebrew code on the device, a
Sony representative said Thursday.

Being one of the most popular gadgets of the year, the PlayStation Portable (PSP) is a natural target for hackers who try to take down some of the digital rights management and protection schemes that Sony has put. Sony’s new update to fix the recent bug will close some of the "gaps" but only temporarily. The previous update, version 2.0, was designed in a similar way to close loopholes which hackers exploited to downgrade the firmware to the 1.5 version which was more "hacker friendly."

Any bets how long it takes before the new firmware update is hacked again?

[Via ZDNet -]

 Next entries »