Next »« Previous

‘LulzSec suspect’ arrested by New Scotland Yard

Published at: 03:06 pm - Tuesday June 21 2011

New Scotland Yard has confirmed that it has arrested a 19-year old suspected hacker in Essex, UK, in connection with a series of hacks and denial-of-service attacks against a number of organisations.

It is being widely speculated that the arrest is in connection with the high-profile attacks by the LulzSec hacking group, which has claimed amongst its victims Sony, the CIA, the FBI, and the Serious Organised Crime Agency (SOCA).

Officers from the Police Central e-Crime Unit (PCeU) arrested the man last night on suspicion of breaching the Computer Misuse Act, and searched a house in Wickford, Essex, where they seized computer equipment which will undergo forensic examination.

The FBI and local Essex police worked in co-operation with the PCeU to investigate the case.

It’s important to note at this point that it has not been confirmed that the arrested man is suspected of being involved with LulzSec by the authorities. But many observers are speculating that that could be the case.

(more…)

Posted in: Hacking, Law Enforcement, Lulzsec by Zac No Comments , , , , , , ,

Lulzsec target SOCA website with DDoS attack

Published at: 08:06 pm - Monday June 20 2011

The UK Serious Organised Crime agency has taken its website offline after it appeared to be a victim of an attack by hacking group Lulz Security.

Soca said it had taken its website offline to limit the impact attack on clients hosted by its service provider.

Soca.gov.uk had been unavailable for much of Monday afternoon, with an intermittent service restored later.

Lulz Security has said it was behind the denial of service attack which had taken the website offline.

Earlier on Monday, as the agency launched an investigation, LulzSec tweeted: “Tango down – in the name of #AntiSec”.

The group has hit a number of high-profile websites in recent weeks, including the CIA and US Senate.

Soca appeared to be the victim of a distributed denial of service (DDoS) attack, where large numbers of computers, under malicious control, overload their target with web requests.

(more…)

Posted in: Government, Hacking, Lulzsec, Public Sector, Security by Zac No Comments , , , , , , , ,

UK Met Police hit by IT outage but plays down attack fears

Published at: 09:06 am - Monday June 20 2011

The Metropolitan Police Service is investigating the cause of a “major network issue” that has prevented staff using some IT services for almost two weeks including aspects of the Police National Computer system..

A Met spokesman confirmed the problem was first identified on 9th June, but insisted no critical systems had been downed by the incident.

“As a result of a major network issue, the MPS is currently experiencing issues with a small number of ICT services, including printing services and system access for some MPS staff and officers,” he told the Reg.

“MPS has taken significant steps to investigate this as a matter of priority. Progress has been made to restore a number of services and urgent work continues to resolve the issues and restore the remaining services to all staff and officers as quickly as possible.

(more…)

Posted in: Law Enforcement, Privacy, Security by Zac No Comments , , , , , , , , , , , ,

Is it time to use Password Managers?

Published at: 09:06 pm - Sunday June 19 2011

The endless list of usernames and passwords we have to remember certainly isn’t getting any smaller and I often impress myself with the amount of random usernames and passwords I can remember, however there’s always that ‘What if’, what if I forget them. Granted most products and services which require secure credentials offer a password recovery service, but there is still the inconvenience of having to then remember the answer to that secret question you gave an answer to using an answer other the correct/obvious one in order to avoid social engineering tactics.

Given the amount of usernames and passwords we need to remember ranging from personal and internet banking credentials, various work usernames, passwords and access codes (for organisations which don’t use single sign on!) and all of the social networking, shopping, media and entertainment sites we use in our own personal day to day lives are password managers the answer?

Instead of having to remember those usernames and passwords many people often use the same usernames and passwords across multiple sites. If not the same, they use very similar passwords or closely associated items such as family and pets names/dates of birth, vehicle registration numbers and telephones numbers for example. All of which can be quite easily socially engineered.

(more…)

Posted in: Mobile, Security, Uncategorized by Zac No Comments , , , , , , , , , ,

Want to keep up with the ITSec community? Listen to the podcasts

Published at: 03:06 pm - Sunday June 19 2011

Given how fast paced the IT and Info Sec community is it is often difficult to keep up to date with current events as these are changing constantly minute by minute around the world. There was a time when if something occurred half way around the earth it would have little effect. Now however, with the internet, if one thing occurs around the world, such as a vulnerability or exploit, the world has to know.

I found this very early on and tried numerous ways of keeping up with the IT/InfoSec news. These included reading the various tech websites, watching/listening to the new headlines and following various blogs. Overtime I found it actually took a lot of time to read articles and blogs so went in search of podcasts. Podcasts I find offer the ability to provide an experienced and opinionated view from either an individual or group of recent and current events, often over the past week as a sort of educated digest.

I still read the article and the blogs on specific topics, however I feel podcasts offer the ability to keep up to date when your away from you PC or laptop. Personally, I download them to my MP3 player and FM transmitter so I can listen to them during the commute to work or walking around town or waiting for ‘something’ (usually a scan of some kind) to finish doing what it’s doing. The podcasts enable you to not be restricted to reading all the time and be fixed to a screen for hours.

(more…)

Posted in: Entertainment, Security, Social Networking by Zac No Comments , , , , , ,

Want to get in to ITSec? Get on Twitter

Published at: 02:06 pm - Sunday June 19 2011

We’ve had a few emails recently from people asking ‘How to get in to the security industry’ and ‘How to learn more about security’ and overall just keep their finger on the pulse.

Along with get the right qualifications, read the write books, browse the right security blogs (we link to most of them!) as well as getting them selves to as many conferences and seminars for social networking I would say yourself on Twitter. You don’t have to tweet about every breath you take or donut you eat, you can even just stand in the virtual corner and just listen to what everyone has to say.

There is a lot said on Twitter often before it even hits the new headlines as well as a lot of things which should hit the new headlines but don’t.

Granted your not going to become an expert in everything simply by watching Twitter and you will spend time sorting out the trash, but over time you will find the gems. These are the gems which will give you the insight which mite not even be possible without Twitter and the opinions and experience of the professionals around the world.

(more…)

Posted in: Social Networking, Uncategorized by Zac No Comments , , , ,

Citigroup breach exposed more accounts than first claimed

Published at: 01:06 am - Friday June 17 2011

The security breach that hit the website of Citigroup exposed data for more than 360,000 accounts, the bank said on Wednesday, about 80 percent more than it previously reported.

Citigroup publicly disclosed the compromise last week, but said it involved about 200,000 accounts. Wednesday’s revision came amid an inquiry by the Connecticut Attorney General’s office, which is one of several state and federal authorities looking into the breach. The hack exposed account holders names, account numbers, and email addresses. It didn’t included data typically required in credit card theft, such as the three-digit CVV codes or card expiration dates.

Citi said it discovered the breach on May 10 and immediately rectified the vulnerability that lead to it. It took another two weeks for investigators to determine that customer data had been stolen. The bank has come under criticism for waiting until June 3 to mail notification letters to customers and until June 9 to issue a public statement.

People familiar with the investigation told The New York Times that the attackers gained access to the data by exploiting a garden-variety web flaw in which the hackers changed the numbers in the URLs on the company’s website.

Posted in: Hacked, Privacy, Security by Zac No Comments , , , ,

IT/InfoSec who to follow on Twitter

Published at: 08:06 pm - Thursday June 16 2011

More to follow, message us if there’s one we’re missing, especially yours!

https://twitter.com/#!/jessicambair
https://twitter.com/#!/Steve_at_EnCase
https://twitter.com/#!/irongeek_adc
https://twitter.com/#!/McGrewSecurity
https://twitter.com/#!/ChrisJohnRiley
https://twitter.com/#!/rapid7
https://twitter.com/#!/HackerRun
https://twitter.com/#!/matthewneely
https://twitter.com/#!/hack3rcon
https://twitter.com/#!/securityspeak
https://twitter.com/#!/ErrataRob
https://twitter.com/#!/hdmoore
https://twitter.com/#!/SecurityHumor
https://twitter.com/#!/SpireSec
https://twitter.com/#!/indi303

(more…)

Posted in: Social Networking by Zac No Comments , , , , , , , , , ,

Dell partners with UK based Evidence Talks

Published at: 02:06 pm - Wednesday June 15 2011

A PIECE of software developed by a small Milton Keynes IT company has been taken up by one of the biggest computer companies in the world.

Evidence Talks, based in Crownhill, has developed forensic intelligence software called SPEKTOR which can access and collect digital evidence for law enforcement agencies.

The software has been bought by computer giant Dell for its mobile digital forensics product.

As far as Dell is concerned the software can automatically and securely examine data at the scene of the crime, allowing for the efficient analysis of time-sensitive, actionable information.

Andrew Sheldon, MD of Evidence Talks said: “We are pleased to be working with Dell as part of their Digital Forensics Solution.

“Our unique experience of performing thousands of digital forensic examinations, coupled with a highly talented and dedicated software development team, enabled us to design a digital solution that has proved to be a perfect complement to Dell’s industry-leading forensic architecture as well as the top-of-the-line performance of its solutions.

“We are very proud and excited that Dell selected our products to play such an important role in their solution.”

The software uses the latest technology to provide quick and secure identification of evidence on PCs, laptops and mobile phones, both volatile memory and hard drives, USB sticks and other external memory devices, and satellite navigation systems. Investigative organisations typically remove devices such as computers, phones, USB devices and other digital devices from a crime scene in order to properly analyse the information stored on them.

The mobile solution allows on-site investigation of digital storage device using one piece of technology. It can also deliver results within a few minutes of capture, reducing processing time and eliminating legal backlogs.

The software has been given the thumbs up by police who say they’ve been able to use the product on a smart phone to obtain information including emails, text messages, phone calls and pictures.

Evidence Talks was established 18 years ago as one of the first independent digital forensic consultancies in the UK. It has developed several unique proprietary products at its Milton Keynes research and development, including the two award-winning technologies, Remote Forensics and SPEKTOR Forensic Intelligence.

More information about Dell Forensic solutions can be found here.

(more…)

Posted in: Digital Forensics, Law Enforcement, Mobile by Zac No Comments , , , , , , , , , , , ,

LulzSec opens hack request hotline

Published at: 11:06 am - Wednesday June 15 2011

The hacker group Lulz Security has opened a telephone request line so its fans can suggest potential targets.

It claims to have launched denial of service attacks on several websites as a result, although it did not detail which ones.

The unspecified hacks formed part of a wave of security breaches that the group called Titanic Takeover Tuesday.

LulzSec has risen to prominence in recent months by attacking Sony, Nintendo and several US broadcasters.

The group publicised the telephone hotline on its Twitter feed.

Callers to the US number are met with a recorded message, in a heavy French accent, by an individual calling themself Pierre Dubois.

While the 614 area code appears to relate to the state of Ohio, it is unlikely that this is its real location.

Lulz Security said it had used distributed denial of service attacks (DDoS) against eight sites suggested by callers.

(more…)

Posted in: Hacking, Lulzsec, Privacy, Security by Zac No Comments , , , , ,
Next »« Previous