Hacking and Anonymous surfing

Facebook on Thursday announced a new security feature that will allow users to see if they are logged into their accounts on a different computer and to remotely log out if so.

This will address the problem that many of us have of leaving a computer–either one we borrowed at a friend’s house or used at a public spot like a library–logged in to our Facebook account without realizing it. Doing so leaves it open for abuse by whoever happens to visit the site next on that machine, allowing them to use the account to send spam or masquerade as the legitimate user.

“When anyone else is in charge of your online account there is the opportunity for foul play,” Jake Brill, a product manager for Facebook’s site integrity team, told CNET. Using the new feature that Facebook is rolling out worldwide, users will be able to click on the Account tab in the upper right-hand corner of their profile page, click on “Account Settings” in the drop-down menu and see new information about account activity under the “Account Security” area.

Just how popular are add-ons to Mozilla Firefox’s Web browser? A usage survey taken by Mozilla as of one year ago revealed that one-third of all Firefox users—at least—use add-ons in some capacity. That’s a pretty big deal, but not quite as eye-opening a number as the raw statistics from Mozilla’s official add-ons page.

According to the company, more than two billion add-ons have been downloaded since Firefox’s started tracking statistics back in August of 2007. There are currently 125 million add-ons in use as of this article’s writing, with more than 890,000 registered users attached to Mozilla’s official add-ons directory. I won’t bore you with any more statistics; suffice, there’s a lot of neat stuff you can install into your browser. And it appears that many are indeed doing so. But what? Where does one begin?

These are both questions that hit to the core of the Mozilla add-on experience. Simply put, your browser is only as good as the extensions you choose to install, and trying to get a handle on the ever-increasing world of Firefox add-ons can be as difficult for a first-timer as it is for an experienced add-on enthusiast. So we’ll make it simple. We’ve scoured the Web to come up with a listing of must-have add-ons for any Firefox installation, period.

Israel Police Computer Crimes Division – Lahav 433 is investigating a case in which hackers remotely accessed computers owned by producers and participants of the Israeli version of “Survivor,” the reality television show, Calcalist reported Wednesday.

According to suspicions, two suspects and a minor tried to access inside information before episodes were broadcast, thus granting advertisers a marketing and advertising advantage.

Based on evidence gathered during the course of the investigation, spoilers and details from episodes that had not yet been broadcast, including the names of the four finalists and tidbits from the contracts contestants signed, were posted on a blog called “French Nut” on the Tapuz portal, as well as other sites, one month before the season finale aired.

The U.S. Air Force is investigating the circumstances surrounding a Cape Girardeau recruiter who allegedly discarded sensitive documents belonging to potential recruits, such as birth certificates, Social Security cards and high school diplomas.

The Air Force’s public affairs division in San Antonio issued a statement Wednesday saying that a new recruiter to the Cape Girardeau Air Force recruiting office at 3019 William St. was cleaning out old files when he inadvertently threw a “limited amount” of identifying information into a Dumpster behind the building.

“The Air Force is actively working with the disposal company involved … to recover any improperly released information,” the release said. “We take the protection of Privacy Act information seriously and will be contacting those individuals whose Privacy Act information was or may have been inadvertently released.”

Organized cyber thieves stole more than $600,000 from the Catholic Diocese of Des Moines, Iowa earlier this month. The funds were spirited away with the help of dozens of unwitting co-conspirators hired through work-at-home job scams, at least one of whom was told the money was being distributed to victims of the Catholic Church sex abuse scandals, KrebsOnSecurity.com has learned.

In a statement released last week, the diocese said the fraud occurred between Aug. 13 and Aug. 16, apparently after criminals had stolen the diocese’s online banking credentials. The Diocese it was alerted to the fraud on Aug. 17 by its financial institution, Bankers Trust of Des Moines.

The diocese also said the FBI and U.S. Treasury Department were notified, and that the FBI had taken possession of several diocesan computers. To date, roughly $180,000 has been recovered. The diocese added that law enforcement had advised them that the theft seems to have been the work of a highly sophisticated operation based overseas, which moved the stolen money out of the United States by recruiting people who unknowingly act as intermediaries.

It took just three days for The Pirate Bay to collect the $25,000 it needed for the editing of the TPB: Away from Keyboard documentary.

While critics would suggest that a story about three computer addicts who revolutionized the world of online piracy is better suited for the big screen and the Hollywood red carpet, it is unlikely that any of the big production companies would want to spread the black plague of their industry even more. No problem, after all The Pirate Bay’s distribution system is much more efficient in reaching viewers.

The Pirate Bay: Away From Keyboard is going to be in documentary format directed by Simon Klose. Klose, whose career is unlikely to be helped by this venture, says that he believes in alternative ways in rewarding culture. Three hackers joined up to give people free access to copyrighted software, cracked video games, scanned PDF books, camera captured or DVD-ripped Hollywood blockbusters, and of course ripped music CDs.

Tomorrow’s WikiLeakers may have to be sneakier than just dumping military docs onto a Lady Gaga disc. The futurists at Darpa are working on a project that would make it harder for troops to funnel classified material to WikiLeaks — or to foreign governments. And that means if you work for the military, get ready to have your web, email and other network usage monitored even more than it is now.

Darpa’s new project is called CINDER, for Cyber Insider Threat. It’s lead by a legendary hacker-turned-Darpa-manager. CINDER may have preceded Pfc. Bradley Mannings’ alleged disclosure of tens of thousands of documents about the Afghanistan war from Defense Department servers. But the idea is to find someone just like him. By hunting for poker-like “tells” in people’s use of Defense Department computer networks, Darpa hopes to find indications of indicate hostile intent or potential removal of sensitive data. “The goal of CINDER will be to greatly increase the accuracy, rate and speed with which insider threats are detected and impede the ability of adversaries to operate undetected within government and military interest networks,” according to the defense geeks’ request for contractor solicitations on the project.

Ever wonder what IT resource is the easiest for hackers to exploit? According to a survey of attendees of the annual DEFCON security conference, the answer is misconfigured networks.

The survey was conducted by Tufin Technologies, and polled 101 attendees at DEFCON 18 in July. Seventy-six percent named misconfigured networks as the easiest IT resource to attack.

Fifty-seven percent of those surveyed said network misconfiguration was caused by IT staffers not knowing what to look for when assessing the security posture of the network. Another 18 percent believe misconfigured networks are the result of insufficient time or money for audits, while 14 percent felt compliance audits that fail to capture security best practices are a factor. The rest do not think security can keep up with the threat landscape.

A temporary ban on the sale of the PS Jailbreak device, a USB stick that overrides PlayStation 3 security and allows game discs to be copied, has been extended until Friday, September 3 when a Federal Court hearing will take place.

PS Jailbreak overrides the PlayStation 3’s notoriously tight security setup and lets users rip games from their retail discs, installing them directly on the console’s hard drive.

Though this allows for faster loading times, it also opens the machine up to the threat of widespread piracy, depriving game developers of a financial return on their work, in the same way that the PS Jailbreak manufacturers are threatened by the expected emergence of copycat gizmos, should the crack remain unpatched by Sony.

Apple has announced that it will provide a public, live stream of Wednesday’s keynote, which will be made available via the company’s HTTP Live Streaming open standard to Mac and iOS device users.

The Cupertino, Calif., company made the announcement as a media alert Tuesday evening. The live video stream will be available when the keynote begins Wednesday at 10 a.m. Pacific Time, 1 p.m. Eastern, at apple.com.

“Apple will broadcast its September 1 event online using Apple’s industry-leading HTTP Live Streaming, which is based on open standards,” the company said. “Viewing requires either a Mac running Safari on Mac OS X version 10.6 Snow Leopard, an iPhone or iPod touch running iOS 3.0 or higher, or an iPad.”