Grade "A" Hack Attack with VoIP Crack

GA - A college student was behind bars Friday night, accused of stealing his professor's identity to change his grades. Police called 19-year-old Christopher Fowler a computer hacker.

Investigators said the student also, "Hacked into their Voice/Internet Protocol system where it uses internet to make phone calls and intercepted phone conversations."

Fowler could get five years for an unlawful eavesdropping charge. (more) (video)

Crypt Your Stick - USB Vaults to Go

Remember?
• Nato Secrets USB Stick Lost
• Airport Laptop Searches - No Probable Cause Needed
• Lax USB stick security causing havoc
• More than 100 USB memory sticks lost admits Ministry of Defence

Don't want to be next?
Get a cryptstick.
There is no excuse not to.
Many models to choose from...
• Ironkey
• Kingston DataTraveler Secure
• Kingston DataTraveler Secure - Privacy Edition
• Kingston DataTraveler Vault
• Kingston DataTraveler Vault - Privacy Edition
• Kingston DataTraveler BlackBox (government version)
• SanDisk Cruzer® Titanium Plus
• SanDisk Cruzer® Professional
• SanDisk Cruzer® Enterprise FIPS Edition
• SanDisk CMC (Central Management and Control) for IT Departments

Email Sinks Two Anchors - Keystroke Logger Helped

Philadelphia, PA - A longtime television newscaster was charged Monday with illegally accessing the e-mail of his glamorous former co-anchor, who suspected details of her social life were being leaked to gossip columnists.

Federal prosecutors say fired KYW-TV anchor Larry Mendte accessed Alycia Lane's e-mail accounts hundreds of times and leaked her personal information to a Philadelphia Daily News reporter. Lane's personal life had routinely become tabloid fodder and eventually led to her own dismissal from the station.

"The mere accessing and reading of privileged information is criminal," acting U.S. Attorney Laurie Magid said. "This case, however, went well beyond just reading someone's e-mail." (more)

How Alycia Lane's passwords were tapped...
According to sources close to the case, former CBS anchor Larry Mendte used a hardware keylogger system to obtain Alycia Lane's e-mail passwords. Keylogger systems secretly capture every keystroke made on a targeted computer.

Keyloggers come in two forms: software, which is installed on a computer, and hardware, which is a battery-sized recording device that is secretly attached to the cord between the keyboard and a computer. The precise type and brand of keylogger used in the Mendte case could not be determined, but sources said it was the hardware version. (more)

My all-time favorite anchors. ~ KDM
(John Hart, Walter Cronkite, Susan Stamberg, Charles Osgood, Charles Kuralt, Lloyd Dobbins, Linda Ellerby, Tom Snyder and you know who.)

Rogue Lid Shuts Grid

Rogue laptops aren't the only rogues out there...
A disgruntled city computer engineer has virtually commandeered San Francisco's new multimillion-dollar computer network, altering it to deny access to top administrators even as he sits in jail on $5 million bail, authorities said Monday.

Terry Childs, a 43-year-old computer network administrator who lives in Pittsburg, has been charged with four counts of computer tampering and is scheduled to be arraigned today.

Prosecutors say Childs, who works in the Department of Technology at a base salary of just over $126,000, tampered with the city's new FiberWAN (Wide Area Network), where records such as officials' e-mails, city payroll files, confidential law enforcement documents and jail inmates' bookings are stored.

Childs created a password that granted him exclusive access to the system, authorities said. He initially gave pass codes to police, but they didn't work. When pressed, Childs refused to divulge the real code even when threatened with arrest, they said. He was taken into custody Sunday. (more)

So, how do you protect yourself against insider hijacking?
One way to start...
• Don't give the keys to the kingdom to only one person.
• "Checks and Balance" "Checks and Balance" "Checks..."
• Establish an admin / root password emergency reset plan.
• Bell your cat(5). Get notified when it hits the fan: Tripwire
• Keep my number handy. Rogues are know for their bug and wiretap tricks, too.

Money Card Bugs

A UK crime survey shows credit and debit card fraud has reached a record high of £535 million...new trend was the use of bugging devices which are fitted near shop tills to record the information stored on the magnetic microchip. (more)

Larry, The IT Guy (No... make that, Spy)

Security Directors, CEOs, Chief Legal Counsels:
Immediately after you read this, make sure you have a clear, concise written policy in place detailing allowable IT behavior.

One in three IT administrators say they or one of their colleagues have used top-level admin passwords to pry into confidential or sensitive information at their workplace, according to a survey by a password-management vendor.

Nearly half also confessed that they have poked around systems for information not relevant to their jobs.

"We asked these questions last year, too," said Adam Bosnian, vice president of product strategy and sales for Cyber-Ark, a Newton, Mass.-based maker of password file security management software. "And we got similar results. So on one hand, the results weren't surprising. What was surprising initially -- and this time around, too -- is that people admit to it." (more)

"My password is stronger than your password!"

"Oh, yea... Prove it!"
...even strong passwords can be cracked in seconds using an open source tool called Ophcrack.

Ophcrack is an extremely fast password cracker because it uses a special algorithm called rainbow tables. Brute-force cracking tools typically try thousands of combinations of letters, numbers and special characters each second, but cracking a password by attempting every conceivable combination can take hours or days. (by Scott Sidel)

Corporate Espionage Arrest - AMX Corp. V.P.

Short version: AMX Corporation's Vice President, David Goldenberg, was "arrested for allegedly participating in corporate espionage practices against a competing manufacturer's representative firm."

The following is from the Bergen County (NJ) Prosecutor's press release...
NJ - Bergen County Prosecutor John L. Molinelli announced the arrest of David A. Goldenberg, D.O.B. 05/18/1962, of 432 Golf Dr., Oceanside NY. Goldenberg was arrested on March 28, 2008, on charges of Unlawful Access of a Computer System / Network (2C:20-25b); Unlawful Access of Computer Data / Theft of Data (2C:20-25c); and Conducting an Illegal Wiretap (2A:156A-27)...

The arrest stemmed from an investigation concerning the following: The Paramus Police Department received a complaint from a Paramus based corporation known as Sapphire Marketing, who specializes in high-end audio/visual systems. Representatives of Sapphire reported that they were being suspiciously and consistently underbid for contracts by a competitor for whom David Goldenberg works. They expressed suspicion of corporate espionage. Based on anomalies that the complainant noticed within their computer network and more specifically their electronic mail (e-mail) system, they suspected that the company’s e-mail system had been compromised and that e-mail was being intercepted. The Paramus Police Department (a member of the Computer Crimes Task Force) and the Bergen County Prosecutor’s Office Computer Crimes Unit initiated an investigation.

The investigation revealed that Mr. Goldenberg had engineered the passwords protecting several of the complainant’s e-mail accounts. For a period of time, Mr. Goldenberg was intercepting and reading e-mails that related to potential contracts. Mr. Goldenberg then established a free e-mail account that he had control over, and created an automatic forward of the victim’s e-mail so that they would be sent to him directly. This afforded Mr. Goldenberg advanced knowledge of Sapphire’s customers and bid prices, thus further affording him an opportunity to underbid Sapphire. Sapphire Marketing estimates the loss in revenue from Mr. Goldenberg’s actions to exceed one-million dollars. Mr. Goldenberg was arrested without incident on this date. (more) (more - scroll down)

Goldenberg was hired by AMX June 11, 2007...
“David has a proven track record of satisfying the needs of his customers while boosting sales and profitability. He is also an aggressive marketer focused on value creation,” said Rashid Skaf, AMX president and CEO. “David is a dynamic leader who has proven that he can successfully manage and motivate a diverse team of individuals. I am confident that he will fit well into the AMX culture and accomplish great things with our company.” (more)

Unsecured Wi-Fi Could Compromise Your Identity

CBS3.com - Special Report...
The wireless internet signal you rely on for convenience could be making things easier for internet intruders. Police said hackers could be using your computer to download illegal music, child porn, or even your bank information.

Using a simple can antenna from his car, George Sandford can burglarize homes from hundreds of yards away out in the open and without wearing a mask.

"You can open bank accounts. You get drivers licenses, you can get practically anything you want," Sandford said.

All by using relatively low tech equipment, just about anyone with knowledge can hack into computers using unsecured wireless internet or Wi-Fi signals of unsuspecting people...

"I can build a body of information about you, your back accounts," Sandford said.

Jamie Smith spoke to one unsuspecting resident, "We were able to get onto your internet just a few seconds ago," and Rebecca Hansen of Swarthmore responded, "No."

Rebecca is a client of Tech Guides Incorporated and George Sandford is far from a thief. He is actually Tech Guides' security expert. He sat down and showed Rebecca how to secure her Wi-Fi something everyone should do.

"Not securing your wireless networking is pretty much putting a sign on your house saying 'Hey, we're open,'" Sanford said. Only about half of homes with Wi-Fi are locked. If you don't your computer's connection could be slowed down by others accidentally using your Wi-Fi. (complete story with video)

• Directions for securing your Wi-Fi

FREE Password Cracker

Here is how it works in geek-speak...
RainbowCrack is a general propose implementation of Philippe Oechslin's faster time-memory trade-off technique. In short, the RainbowCrack tool is a hash cracker. A traditional brute force cracker try all possible plaintexts one by one in cracking time. It is time consuming to break complex password in this way. The idea of time-memory trade-off is to do all cracking time computation in advance and store the result in files so called "rainbow table". It does take a long time to precompute the tables. But once the one time precomputation is finished, a time-memory trade-off cracker can be hundreds of times faster than a brute force cracker, with the help of precomputed tables.

Bottom line...
Your cat's name never was a good password anyway. Change it. (help)

"Encryption can't save you now, Sonny Boy... Muhhahahaaaaa!"

from c|net, by Declan McCullagh...
Computer scientists have discovered a novel way to bypass the encryption used in programs like Microsoft's BitLocker and Apple's FileVault and then view the contents of supposedly secure files.

In a paper (PDF) published Thursday that could prompt a rethinking of how to protect sensitive data, the researchers describe how they can extract the contents of a computer's memory and discover the secret encryption key used to scramble files. (I tested these claims by giving them a MacBook with FileVault; here's a slideshow.)

"There seems to be no easy remedy for these vulnerabilities," the researchers say...

Their technique doesn't attack the encryption directly. Rather, it relies on gaining access to the contents of a computer's RAM--through a mechanism as simple as booting a laptop over a network or from a USB drive--and then scanning for encryption keys. How the scan is done is one of the most clever portions of the paper. (more)

Perfect Passwords - GRC's Ultra High Security Password Generator

Every time you visit this page, you get (FREE) a unique set of custom, high quality, cryptographic-strength password strings which are safe for you to use.
Example...
If you decide to use these great passwords, you might also need this.

2136 Passwords You Should NEVER Use

Check the computer products you own against the manufacturer's default passwords database. (the list)