Security & Privacy

U.S. Army warns of twittering terrorists

The U.S. intelligence community is concerned that terrorists might use micro-blogging tool Twitter to coordinate attacks, according to a purported draft Army intelligence report posted on the Web.

The report--present by the 304th Military Intelligence Battalion and posted to the Federation of American Scientists Web site--examines the possible ways terrorists could use mobile and Web technologies such as the Global Positioning System, digital maps, and Twitter mashups to plan and execute terrorist attacks.

The report (PDF), which appears to have been first presented earlier this month, was reported Friday by Wired magazine's Noah Shachtman. A chapter titled "… Read more

Time to patch Windows again, ASAP

If you use a Windows computer connected to a network, a newly discovered bug makes it possible for a bad guy to wreak havoc on the computer without your doing anything. The most vulnerable versions of Windows are XP, 2000 and Server 2003. Vista and Server 2008 are also vulnerable, but not as badly. Microsoft considers the bug important enough to issue the patch immediately rather than waiting for their normal once-a-month patch Tuesday.

Susan Bradley, writing for the Windows Secrets newsletter recommends immediately installing the just-issued patch. Then she offers some unusual advice, suggesting people first restart their computers &… Read more

Using the mobile phone as a credit card

I admit it; I've been put off by the term "contactless payments." But it's an emerging area that deserves some attention.

If you are in Asia, you know what I'm talking about. People there have been making payments with their mobile phones using what's called "near-field communications." Just wave the handset in front of a reader and voila, the transaction is done.

In the U.S., we've had RFID technology embedded in cards. But the long-term goal is to eliminate the need to carry credit cards, building access badges and transit … Read more

Microsoft RPC exploit could be a packaged deal

While Microsoft has labeled Thursday's emergency patch MS08-067 as "critical" and provided a rareout-of-cycle fix because its exploit could easily be used as worm on a compromised network, one security researcher doesn't think it will happen that way.

"It's likely we're going to see this packaged with some other attack." said Ben Greenbaum, senior research manager at Symantec. "A Web-based attack, for example. We're looking out for are exploits of this being bundled with client-side exploits or Trojans so that the worm can get past corporate firewalls and get … Read more

Microsoft's urgent security update: What it means

Earlier today, Microsoft did something unusual. The company made an exception to its normal security processes and issued an "out-of-band" urgent update. The update applied is classified as critical for Windows XP and older versions and is considered important for Windows Vista.

After speaking with Microsoft earlier today, I strongly suggest that users understand the importance of this update and begin emergency patching procedures immediately. While exploits around this Windows vulnerability have been limited thus far, Microsoft concedes that it could be exploited by old-school Internet-based worms a la 2004 and do massive amounts of damage. In addition … Read more

Microsoft patches potential 'worm hole'

On Thursday, Microsoft issued a rare out-of-cycle patch for a vulnerability in the Windows Server service that handles remote procedure calls (RPC) that allows programmers to run code either locally or remotely. In issuing MS08-067, Microsoft warns "it is possible that this vulnerability could be used in the crafting of a wormable exploit." Entitled "Vulnerability in Server Service Could Allow Remote Code Execution (958644)" the specific vulnerability has been assigned a National Vulnerability Database designation of CVE-2008-4250.

Microsoft rates this patch as critical for Microsoft Windows 2000, Windows XP, Windows Server 2003, and important for Windows … Read more

High insecurity at LockCon

Once again I made the annual trek to a little town in the northern Netherlands, Sneek, to meet with about 75 colleagues to discuss the latest security issues and bypass techniques for locks, safes, and access control systems. LockCon, the new name for "The Dutch Open" is organized by Barry Wels and Han Fey. For the past six years, they have put together a three-day event, replete with lock picking contests, safe cracking demonstrations, and briefings on new security technologies.

More importantly, the conference provides a forum for serious discussions and presentations about design flaws in security hardware, … Read more

Guns-for-cameras program aimed at Toronto shooters

Toronto police launched an innovative gun amnesty program on Wednesday. It's dubbed Pixels for Pistols, and through it, police are offering to give out a Nikon digital camera to anyone turning in a firearm.

A handgun or assault rifle is worth a $400 Nikon Coolpix S52 and a shotgun nets a $250 Nikon Coolpix P60. The deal includes free photography lessons.

The amnesty program will run for four weeks, according to Henry's camera store, which is providing the cameras.

This might be a good idea for U.S. cities with a lot of street crime. Other amnesty programs … Read more

Microsoft issues 'critical' patch outside normal cycle

Microsoft will issue a patch for a "critical" security flaw in Windows, the company said Thursday. The patch comes outside of its normal monthly patching cycle due to the severity of the issue.

The vulnerability can result in a remote code execution, in which malicious attackers could take control of a user's computer to launch code.

According to Microsoft's bulletin, the vulnerability is found in Windows 2000 with Service Pack 4, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008.

Microsoft will hold a Webcast at 1 p.m. PDT to address the issue. … Read more