With increasing lobbying efforts from the entertainment industry against BitTorrent sites and users, we wondered whether these companies hold themselves to the same standards they demand of others. After some initial skimming we’ve discovered BitTorrent pirates at nearly every major entertainment industry company in the US, including Sony Pictures Entertainment, Fox Entertainment and NBC Universal. Busted.
The vulnerability is in Microsoft Office Excel 2003 Service Pack 2, along with Microsoft Office Excel Viewer 2003, Microsoft Office Excel 2002, Microsoft Office Excel 2000 and Microsoft Excel 2004 for Mac, Microsoft said. If successfully exploited on a vulnerable computer, it could enable remote code execution, the company added.
Microsoft is now investigating public reports and the extent of the vulnerability’s impact on customers. Once that’s done, it may provide a security update through its monthly release process or as an out-of-cycle release, it said.
“While the attack appears to be targeted, and not widespread, we are monitoring the issue and are working with our MSRA (Microsoft Security Response Alliance) partners to help protect customers,” wrote Microsoft’s Security Response Center on the group’s blog. “We will update the advisory and this blog as new information becomes available.”
A 14 year-old schoolboy hacked into a Polish tram system and used a remote control to change the direction of a number of vehicles.
Transport employees in Lodz immediately suspected outside interference when a driver who was trying to turn right found his tram veering to the left.
The tram’s back wagon was derailed and hit a passing tram. Another derailment injured 12 passengers.
With the help of security experts, we reconstruct a typical hack attack on two large organisations and walk through the steps that the head of IT should follow in such a case.
Blackjack, a hacker working from an internet cafe in London, is about to launch an attack on a major government agency. His aim is to cause maximum disruption and embarrassment. And, according to security experts, his job is going to be worryingly easy.
“Most organisations have dozens of vulnerabilities they haven’t patched, or aren’t even aware of,” said Toralv Dirro, a security strategist with McAfee. “Even if a penetration-testing service says you’re not vulnerable, that only means they haven’t found a vulnerability, not that one doesn’t exist.”
Sears Holdings Corp. has come under fire from privacy advocates for making the purchase history of its customers publicly available on its Managemyhome.com Web site.
Manage My Home is a community portal where Sears shoppers can download product manuals, find product tips and get home renovation ideas.
The Web site has a feature called “Find your products” that lets users look up past purchases. Ostensibly, this is designed to help customers keep track of items they’ve bought from the retailer, but the site also lets them look up the purchase histories of other people.
“Sears offers no security whatsoever to prevent a Manage My Home user from retrieving another person’s purchase history by entering that person’s name, phone number and address,” wrote Ben Edelman, an assistant professor at Harvard Business School, in a blog posting.
There is a bug in WordPress right now that is rather critical for anyone who uploads posts without immediately publishing. Simply by manipulating the URL any visitor can view all future, draft, or pending posts. Our site was vulnerable to this issue, but we patched it quickly because it could be used to retrieve the CyberNotes posts that we write ahead of time.
We’re now launching a new project within Mozilla Labs to formally explore this integration. This project will be known as Weave and it will focus on finding ways to enhance the Firefox user experience, increase user control over personal information, and provide new opportunities for developers to build innovative online experiences.
Just like Mozilla enables massive innovation by making Firefox open on many levels, we will aim to do the same with Weave by developing an open extensible framework for services integration.
Hackers successfully infiltrated Oak Ridge National Laboratory (ORNL), one of the nation’s leading military research facilities. The attackers gained access by sending e-mails infected with trojan horses to ORNL employees. The lab claims that no classified information was retrieved, but admits that the perpetrators managed to acquire a database containing personal information about ORNL visitors and employees, including Social Security numbers.
“A hacker illegally gained access to ORNL computers by sending staff e-mails that appeared to be official legitimate communications. When the employees opened the attachment or accessed an embedded link, the hacker planted a program on the employees’ computers that enabled the hacker to copy and retrieve information,” ORNL revealed in a statement. “No classified information was lost; However, visitor personal information may have been stolen. If you visited ORNL between the years 1990 and 2004 your name and other personal information such as your social security number or date of birth may have been part of the stolen information.”
The Oak Ridge National Laboratory has warned that its computer systems have been infiltrated by one or more hackers who skirted system’s security to gain access to personal information on the lab’s visitors. The information was then used in a phishing scheme that attempted to convince victims to open a malicious e-mail attachment. The lab has not commented on the attackers’ suspected motives
A TEENAGE hacker who managed to get around the Aussie government’s $84 million internet filter scheme has been recruited by the opposition Labor party to design its cyber safety policy.
Tom Wood has now become the subject of a slanging match between the Labor and Liberal parties.
Liberal Communications Minister, Helen Coonan, denies that Wood “hacked” the software filters, saying he bypassed them by gaining access to the administrator account on his computer.