Facial recognition on Android 4.0 has some bugs

A new feature of the new Android 4.0, a.k.a. Ice Cream Sandwich, has a new feature that will allow you to unlock the phone using facial recognition. Though if you prefer security over convenience you should try not to use this new feature.

As seen in a video created by a mobile blog, the face unlock feature can be fooled by showing it an image of the face used to set up the locking mechanism.  You can do this by taking a picture with one phone and holding it up to another to try to fool the unlock feature.

A google representative has stated that it is considered a low security and experimental way of locking your phone and the interface warns users the face unlock is less secure than a pattern, pin, or password and that someone who looks similar to you could unlock your phone.

So this poses the question do I use this new feature because of the ease of use and the convenience even though it has been show that it has weakness and vulnerabilities. Good has said that they have started looking into the problem and that because Android 4.0 has not been released yet they are still working out the experimental system.

Feds concerned about hackers opening prison doors

Federal authorities have been doing research and investigations due to the raising concern that the U.S. prisons are vulnerable to computers hackers, who could remotely open cell doors to aid jailbreaks.

They have already found problems with in their computer systems where someone could open every cell door, and the system would tell the control room they are all closed. The security systems in most American prisons are run by specialized computer equipment called industrial control systems. These ICS are also used to control power plants, water treatment facilities and other critical national infrastructure. The problem though being that these ICS systems have been increasingly targeted by hackers in the past couple of years because of the amount of damage that can occur when doing so.

Another vulnerability they have found is that a hacker could destroy the doors by overloading the electrical system that controls them, locking them permanently open and shut down secure communications through the prison intercom system and crash the facility closed circuit tv system as well.

The problem though with hacking a ICS system though is that they are not supposed to be connected to the internet but often there are connections to other networks or devices that are connect to the internet, making it possible for hackers to use those to get in.

Even though they are not supposed to be connected to the internet hackers still could get into the building or another computer on that network and use a usb thumb drive to release a malicious code that would do the same thing.

The federal officials say that they are doing everything they can right now to make sure the systems are up to date on all security measures they can have and are working on fixing the problems with the overloaded circuits that could occur with a hack.

Have you heard of “Juice-Jacking”?

Seeing that I work at a bank I receive numerous memos about different social engineering type attacks and one in particular that I received caught my attention because of how different it was.

Most people have never heard of “Juice-Jacking” because it is a new hacking method used to steal digital data stored on mobile devices, and this happens right in public places.

This type of social engineering attack targets on-the-go users who plug their device into a public charging kiosk in places like airports, train station, hotels and shopping malls. This type of hacking was first introduced this year at DefCon, where they educated attendees about he potential perils of juicing up at random power stations.

They have been talking about how dangerous these charging stations could be because how most smartphones are configured to just connect and allow access to the data on the phone. Anyone who had an inclination to could put a system inside one of these kiosks that when someone connects their phone can steal all of the data off of it or even write malware to the device.

It is recommended to using a power cord, rather than a USB cable to charge your phone when outside your home or office since they do not transmit dat from the phone. If you only have a USB cable on you, turn off the phone before you charge it and some security experts also suggest to adjust the device settings to password protect the ability to transmit data.

Police data leaked by Anonymous again

On late friday, Anonymous posted a notice on Pastebin claiming that it had leaked more information by hacking into websites such as the International Chiefs of Police, the Boston Police Patrolmens’ Association, and the law enforcement agencies in Alabama’s Birmingham and Jefferson Counties. This post from late friday was deleted off of Pastebin, though a different one appeared on saturday.

Saturday was the opening of the opening conference of The International Association of Chiefs of Police. The leaked information includes internal documents, membership rosters, Social Security Numbers, addresses, passwords, and other personal data.

Anonymous says that though the IACP conference was saturday, that day is also going to be the start of the Day of Action Against Police Brutality. Though Anonymous had done the same thing, with the release of data pertaining to the Arizona Department of Public Safety in June, they are continuing to leak sensitive data of other police and public safety organizations stating that they had little concern for the safety of those whose information it had made available with the most recent leak.Anonymouse state, this being their reasoning, that they had no problem targeting police and releasing their information even if it puts them at risk because they wanted them to experience just a taste of the brutality and misery they serve them on an everyday basis.

This latest action was also meant to show support for those arrested and charged with being members of the collective. Anonymous claims that they are conducting peaceful protests. Now is this really how it is going to last, or could this information that was leaked lead to something else happening which could end up in future bigger problems down the way. If these hacker groups keep posting this private information on the internet for the world to see, what could happen if a real criminal got a hold of this information at used it to get revenge on a law enforcement officer or other things like that. How far is this going to go?

Fake Android Netflix App Steals Account Information

Source: Symantec

As people begin to use their cell phones for more than just calling and texting, such as playing games and streaming movies, hackers have begun to find ways to exploit this applications to be able to steal information from users. Currently there is a Netflix mobile app that is currently circulating, that though look like the legit Netflix app, in fact is a Trojan that steals your account information.

According to a Symantec blog post the fake app with ask you to login with your account information, after doing so will send your information to a remote server and then display a message on your cell phone that there is an incompatibility issue and then attempts to uninstall itself.

Even though it is unclear what the hackers plans to do with this information, seeing that Netflix is a movie streaming application and on the website it only shows the last four digits of credit card numbers, it is hard to say what they will use this information for. Now though for those people out their that use the same information to login into every website with, same email address as your username and same password for everything, with this information that the hacker stole he could figure out other sites you travel to and use those credentials to log in and presume your identity on those sites.

The problem that Symantec said with the Netflix app and why it was such a great target for this exploit was because there was such a gap in availability earlier in the year, combined with the large interest of users attempting to get the popular service running on their Android device, this created the perfect cover for Android.Fakeneflic to run. This should be said people should be careful where they get their apps and download them from trusted sources only, and have antivirus and anti-malware on their devices as well. There is a picture above that shows the real Netflix app and the fake Netflix app.

The White House orders new computer security rules

Due to the disclosure of hundreds of thousands of classified government documents to WikiLeaks last year, The White House is planning to issue an executive order to replace the flawed patchwork of the computer security safeguards they hard in place, but were exposed after the leak of classified information. This order by the President after a seven month review of its policies and procedures regarding the handling of classified information and documents, and now they have created recommendations and how to reduce the risk of breaches.

The military after the initial WikiLeaks disclosures last November disabled 87 percent of its computers to prevent people from downloading classified data onto memory sticks, CD’s or DVD’s. The Pentagon also developed procedure to monitor and detect suspicious behavior on classified compute systems. There are computer security analysts that say these safeguards, as well as the new orders in the executive order, will bring greater consistency and accountability to information sharing and protection policies.

Now currently every Defense Department computer is blocked from downloading classified information on to memory sticks or CDs, except for a few explicitly authored machines’s, needed for mission essential duties. The Pentagon has also issued cyber identity credentials to anyone using unclassified networks in order to allow supervisors to track what users are working on, and the military is accelerating the analysis of logs from computers on the classified networks to detect large transfer of data or the use of data that is unrelated to an individual’s job duties.

Monte Hawkins, the director for identity management and biometrics policy at the National Security Council stated, “I don’t think we’ll ever be able to guarantee this won’t happen again, but this will greatly enhance our chances of preventing it or catching it in the process”. I believe this is true, it is very hard to prevent the hacking and leaking of information because as we figure out how to block one way, hackers just figure out another way, but if we can put in place safeguards to try to stop it, or even catch it in the act, we can better stop classified information from getting out.

Pastebin – A source for leaked information in the world

Hackers have used the website, Pastebin, to post information about the JP Morgan Chase CEO, James Dimons. The hackers, “CabinCr3w” were able to post information about James Dimon’s addresses, family, business connection, political contributions and legal information.

These hackers have also been responsible for posting the personal information of Goldman Sachs CEO Lloyd Blankfein and of Anthony Bologna, the New York Police Deputy Inspector Anthony Bologna.

This is a concern to all Americans because this information was posted to the whole world, and with this information it is unknown what someone could do with this information, and what they may be capable of doing because of someone that may have a problem with that individual would do.

There have already been numerous protests already where the demonstrators are protesting a US financial system that they claim favors the wealthy at the expense of everyone else. These protests which began about two weeks ago, and have already attracted thousands of participants and garnered the support of Noam Chomsky, and students and organized labor groups.

The major concern is that hackers are now using public websites to be able to get mass amounts of information to hundreds of thousands of people at one time, being about to get many people to believe the ideas and theories of an individual or group which can allow, a group or individual to manipulate people into do things that they would not otherwise think or do. These websites should be a concern to all people and should be monitored for information that would harm or have a major impact on an individual.

 

Anonymous planning a Day of Vengeance on Sept. 24

Anonymous, a hacktivist group has released a statement that they
are planning on having a special “Day of Vengeance” this Saturday
September 24. They did not state what city they were planning to do this in but
most clues point to New York. This is because they stated that they are planning
to have peaceful protests along with cyber-attacks on “various
targets” such as Wall Street, Corrupt Banking Institutions, and the New
York Police Department.

To spread the message Anonymous used a website called, Pastebin,
to post their message out to everyone. Though the police are not worried about
the protestors, Anonymous has been very successful in launching cyber-attacks.
Just last month the group has claimed to have hacked the servers of companies
such as Symantec, Apple, Facebook, and Microsoft.

Though Anonymous has kept their organization very secretive, a
number of alleged Anonymous members have been arrested around the world. Even
though there have been arrests, Anonymous has kept a brave face stating that
even though they are arresting some of their members, there are always other
members to take their place.

If you look at the Anonymous slogan it states “We are
everywhere. We are legion. We never forget. We never forgive.” and I guess
we will see how far they take this, this coming up Saturday.

Cyber-attack on the Intelligence and National Security Alliance (INSA) leaks official’s email addresses

Recently the Intelligence and National Security Alliance (INSA) was hacked by unknown group, though the information that was taken was posted on the site, Cryptome.com, but the man who runs Cryptome, John Young, denies all involvement in the hacking of the INSA’s computers, stating that the information was sent to him by an unknown source.

The INSA is a nonprofit that claims to be the country’s premier intelligence and national security organization, whose membership includes the government and US intelligence officials of the United States.

The hackers that were able to get into the INSA’s computers were able to steal the names and email addresses of over 3000 of US Intelligence officials, which includes some senior officials in the Obama Administration. The list also includes at least 95 individuals with email address from the National Security Agency as well as individuals in positions at the White House, the Pentagon, FBI, CIA, and the Office of the Director of National Intelligence.

All though no charges have been filed against the website, Cryptome, because of the lack of evidence that they actually were the ones that hacked into the system, they are looking into to seeing if posting the names and email address violates the Intelligence Identities Protection Act, which forbids the public disclosure of the names of covert intelligence operatives. Though as of right now they are not aware of any of the names that were published as a being apart of a covert or undercover capacity.

This just goes to show that even our government computers and government contractors computers are not secure enough to protect against hacks and intrusions into their systems. And with the use of public websites like Cryptome, the information could be dispersed the whole world. Many government officials were trying to downplay the situation too, but many others are calling them out for the breach in security in the first place, and calling for better security measures to be instituted.

What can a hacked social networking site do to society?

Source:
http://news.cnet.com/8301-27080_3-20104165-245/nbc-news-twitter-account-hacked/?tag=topTechContentWrap;editorPicks

What can a hacked social networking site due to society? Recently the NBC News Twitter account was hacked by The Script Kiddies, who posted things such as “Breaking News! Ground Zero has just been attacked. Flight 5739 has crashed into the site, suspected hijacking. More as the story develops,” and they also sent of messages that said “This is not a joke.”

Could you imagine being a person, sitting there on the 10th anniversary of the 911 attacks and receive a twitter message, whether it be on the computer or on your cell phone, stating that there has been another attach. This kind of hacks could have caused mass hysteria and panic.

Though thanks to the fast work of Twitter and NBC News the posts were deleted and NBC posted an apology for it and also told fellow titter followers to disregard the tweets posted because they had been hacked and not to retweet them.

Now could you imagine what would happen if this message could have gotten out even more. NBC has 133,306 followers out of the 312,190,826 people in the united states. With the use of other social media sites, such as Facebook, were there are even more people connected to it, hackers could use this to spread new, that is false, that could cause people to believe this information and act upon it with out really knowing the true situation.

We must applaud the fast action of the administrators of the NBC Twitter account and the administrators of Twitter for correcting this problem. It is probably due to this that there was no problems and this is probably a great response to the situation on their part. The group that hacked the twitter account, The Script Kiddies, are really an unknown group right now, but who knows what they are planning next. It is my recommendation and well as probably a lot of other users of Twitter for the creators of Twitter to update and increase security measures and security options on their accounts so they can try to avoid this in the future.