Hacking and Anonymous surfing

A feature of Cisco’s Aironet 1200 Series Access Point can be abused by hackers to gain access to a company network, claim researchers from Core Security Technologies.

The device is usually used to power wireless LANs, and has the option of being set to a WPA migration mode, in order to allow companies to gradually migrate from using the insecure WEP encryption to using the more secure WPA standard without having to upgrade the equipment all at once.

If this migration mode is not disabled after the migration is complete, the network is as insecure as it was before when WEP devices were used, since the researchers managed to crack the network encryption key by forcing the device to send out WEP broadcast packets.

Nearly a month after a Google engineer released details of a new Windows XP flaw, criminals have dramatically ramped up online attacks that leverage the bug.

Microsoft reported Wednesday that it has now logged more than 10,000 attacks. “At first, we only saw legitimate researchers testing innocuous proof-of-concepts. Then, early on June 15th, the first real public exploits emerged,” Microsoft said in a blog posting.

“Those initial exploits were targeted and fairly limited. In the past week, however, attacks have picked up.” The attacks, which are being launched from malicious Web pages, are concentrated in the U.S., Russia, Portugal, Germany and Brazil, Microsoft said.

JAPAN’S Sony on Wednesday issued a warning to customers worldwide that a system glitch affecting more than half a million of its Vaio laptop computers may cause overheating and possible burns.

The electronics giant said a heat-monitoring chip in some of its Vaio F and C series models that were launched in January this year could be defective, leading to possible overheating, a company statement said.

Although the defect has not been known to cause personal injuries, the firm said it received a total of 39 complaints from overseas customers saying that the shape of their computers became distorted from overheating.

Businesses are too quick to jump on the cloud computing bandwagon and not asking the right security questions before deploying, an industry observer has pointed out.

Such “instant noodle” mentality, where organizations want to quickly roll out their cloud deployments at the expense of security, is the “biggest mistake” in the era of collaboration and connectivity, said Anthony Lim, evangelist and representative of the International Information Systems Security Certification Consortium, or (ISC)2. He is also Asia-Pacific director for security solutions at IBM Singapore’s Rational Software business unit.

Speaking at a security conference here Tuesday organized by market analyst IDC, Lim noted that cloud security considerations typically cover three areas: confidentiality, integrity and availability. However, he said, not enough attention is paid to the first two aspects.

United States Federal Trade Commission intercepted a long-running online scam. This scam, which has been around for four years, incorporates offshore fraudsters to steal millions of dollars from overseas.

FTC proclaims that the online technology of the 21st century can also be misused. According to Steve Wernikoff, a staff attorney with the FTC who is prosecuting the case, the scam was well organized. He added that “It was a very patient scam,” and that “The people who are behind this are very meticulous.”

Phishing e-mails, spams and money mule scams are just some of the most popular kind of online theft that has flourished all through the years across the Internet.

Facebook is updating its policies to explicitly allow a handful of third-party search engines to crawl public content.

Before, Facebook banned robots, spiders, scrapers or harvesting bots from automatically collecting data across the social network’s pages, unless their creators had written permission. This raised the criticism that the social network was trying to have it both ways — it could juice up search engine optimization and be discovered on Google, and crack down on emerging threats from smaller companies that might use the data in innovative ways.

The company’s chief technology officer Bret Taylor countered that criticism on Hackers News today, saying that Facebook’s policies were meant to protect users from “sleazy” crawlers that might grab their data and resell it.

New York-based Lincoln Medical and Mental Health Center has become one of the latest medical providers to expose highly sensitive patient data after CDs containing unencrypted data sent by FedEx never made it to their destination.

The breach exposed medical and psychological diagnoses and procedures for 130,495 patients, according to a notification posted Tuesday. The CDs, which remain missing despite an investigation that was launched in early April, also contained names, addresses, social security numbers medical record numbers, dates of birth and other details that are regularly snarfed up by identity thieves.

Cybersecurity is a complicated affair. In addition to the numerous and highly sophisticated technical tools in place to fend of malware and cyberattacks, so much of an organization’s defense capabilities comes down to the habits of its employees, according to a panel of security experts recently convened in New York.

With data breaches making near-daily headlines and Congress in the midst of a lively debate on a major cybersecurity overhaul, the panel was timely. But what of the other factors that confound enterprise security, such as the precarious relationship between corporations and white-hat hackers? eSecurity Planet takes a look.

Legislative staffers reloaded data into a state website Wednesday after discovering the site was infected by a virus. Hackers were drawn to the site after they learned the system was vulnerable to attack, the Legislature’s director of information technology said Wednesday.

Scott Clark updated legislative leaders on the situation that first came to his attention last week, when someone who attempted to use the state’s bill status system alerted him it was running slowly.

He said he doesn’t think the hacker had a grudge against the Legislature. “They probe and they look for particular openings or decreased security and then take advantage of it,” he said. “I don’t think the Legislature was targeted.”

Blogger Nguyen Hue Chi is locked in an electronic game of cat and mouse with a mystery cyberattacker—widely believed to be the government.

Chi and his colleagues have set up a series of websites and blogs questioning government policy in the past year, only to see them attacked and blocked.

Observers blame the communist state, which they say has adopted a more aggressive stance towards politically sensitive Internet sites. “It seems that the government is definitely starting to follow the China model,” said a foreign diplomat who asked for anonymity.