Largest data breach ever?

It’s just being reported that Heartland Data Systems, a credit card processing company, was breached for a large portion of 2008. They’ve just recently discovered the problem. They process CC transactions for millions of merchants and accept Mastercard, Visa, Discover. You may want to watch your statement carefully — but if the culprits have captured god-knows-how-many-numbers what’s the chance they would use yours?

Heartland has created a website about this event here: http://2008breach.com/

Impersonation

If you’re not a member of Bruce Schniere’s CRYPTO-GRAM mailing list I suggest you sign up right now. It’s a wonderful monthly mailing where Bruce talks about everything from security to cryptographyand comments on the latest news.

In the latest CRYPTO-GRAM there’s an interesting story about one of the first well published cases of impersonation, Martin Guerre.  Guerre was a 16th century French peasant who was impersonated for 3yrs — the impersonator living with his wife and kids!!!

Obama’s cyberspace security roadmap?

In Late December the Center for Strategic and International Studies published Securing Cyberspace for the 44th Presidency. It’s a very good read albeit some parts can become long and dry.  It sounds more like a child’s unrealistic Christmas wish list than anything else.  The whitepaper is heavily suggesting creating a new agency to head up cyberspace security and recommends creating a spot in the president’s inner council.

You can find some interesting critiques of the whitepaper here:

http://www.cs.columbia.edu/~smb/blog/2008-12/2008-12-15.html

http://www.interesting-people.org/archives/interesting-people/200812/msg00093.html

Two simple steps to lockdown a Microsoft Windows machine…

Trying to keep your Windows box secure?  Trying to keep your Windows box secure for cheap?  For free?

The quickest, easiest, and most affordable things you can do to lock down your Microsoft Windows PC are:

1) Configure MVPS’ customized hosts file

2) Install Firefox and the NoScript Add-On (ok, ok, this should be 2 steps…)

3) If you have a few more minutes of time to spare you may want to consider a free Virus Scanner: AVG

Nintendo DS Hacking

Back in the day a friend’s father solder a mod chip into my Sony Playstation.  We were then able to rent PS1 games and copy them using a PC and a CD-R drive.  It was amazing — I think I ended up with over 30+ PS1 games — of course these were only for evaluation.  I promptly destroyed these copies once I decided to purchase the game or I didn’t like it.

Fast forward about 10 years…

Low and behold people have been doing the same procedure with more or less difficulty with every console before and after the Sony PS1.

If you own a Nintendo DS and you’d like to download and play games from the ‘net you will need the following:

Here is the M3 DS Card you want to order:

http://www.realhotstuff.com/real-rumble-p-257.html

You will need to order a memory card, but I would recommend you order it from Amazon because it’s very cheap from them (see below)

http://www.amazon.com/Kingston-microSDHC-Memory-SDC4-4GB/dp/B000VX6XL6/ref=wl_it_dp?ie=UTF8&coliid=I98608FJNXFRO&colid=1RQOD6DWMI5L3

Once you get the memory card you will need to download the “OS” for the
card here:

http://down.gbalpha.com/GBalpha/Softwares/G6&M3DS-R_E36.zip

Once you download it extract it to a folder called system on the memory stick (via
your mom’s PC)

Then you can download game files from here:

http://www.nds-roms.com/

Extract them into a folder on the memory stick for each game then boot the DS and you
can play all the downloaded games!

Storm botnet makes a comeback

It is official: Storm is back. The notorious botnet that ballooned into one of the biggest botnets ever and then basically disappeared for months last year is rebuilding — with all-new malware and a more sustainable architecture less likely to be infiltrated and shut down.

Storm all but disappeared off of the grid last year, basically going dormant in mid-September after its last major spam campaign in July — a “World War III” scam. In October, researchers started to write off Storm, at least in the short term. But now they say the big botnet has reinvented itself with new binary bot code, and that it is no longer using noisy peer-to-peer communications among its bots. It has instead moved to HTTP communications, which helps camouflage its activity among other Web traffic.

The manager of security research for Arbor Networks says he was initially skeptical of speculation that Waledac and Storm were one in the same. But the latest findings on the malcode and its activity, the botnet is using many of the same IP addresses that were used in Storm, changed his mind.  But the biggest difference is it is no longer as easily detectable now that it has converted to HTTP communications. “P2P was part of the reason for Storm’s demise. It was easy to filter it,” the manager says. “With HTTP, it is a little harder [to filter] because you have got to know what you are looking for.”
Source: Dark Reading

Microsoft patches ‘super nasty’ Windows bugs

Microsoft Corp. patched three vulnerabilities in the company’s Server Message Block (SMB) file-sharing protocol, including two that could make “Swiss cheese” out of enterprise networks, according to one researcher.  “Expect to see a worm on this one in the very near future, [because] this is Blaster and Sasser all over again.” Those two worms, 2003’s Blaster and 2004’s Sasser, wreaked havoc worldwide as they spread to millions of Windows machines.

Of the three bugs outlined in the MS09-001 security bulletin, two were rated “critical,” the most serious ranking in Microsoft’s four-step scoring system, while the third was pegged “moderate.” The pair identified as critical are extremely dangerous because attackers can exploit them simply by sending malformed data to unpatched machines, according to the chief technology officer. “These flaws enable an attacker to send evil packets to a Microsoft computer and take any action they desire on that computer [with] no credentials required,” he said. “The only prerequisite for this attack to be successful is a connection from the attacker to the victim over the NetBIOS ports, TCP 139 or TCP 445. By default, most computers have these ports turned on. More people have blocked those ports, and more personal firewalls block them by default, but they are typically left open in a corporate network.”

Source: Computer World