InSecurity Complex

Was U.S. water utility hacked last week?

Intruders compromised a water utility network last week and destroyed a pump, according to a state government report cited by a critical infrastructure security expert today.

It appears that hackers breached the network of a company that makes SCADA (supervisory control and data acquisition) and stole customer usernames and passwords, said Joe Weiss, managing partner of Applied Control Solutions. "There was damage--the SCADA system was powered on and off, burning out a water pump," he wrote in a brief blog post.

The report did not identify the water utility attacked or the SCADA software vendor compromised, Weiss said … Read more

Android researcher: Carrier IQ 'diagnostic' tool really a rootkit spy

Android developer Trevor Eckhart recently noticed something odd on several EVO HTC devices: hidden software that phoned home to the carrier with details about how the phone was being used and where it was.

The software, Carrier IQ, tracked the location of the phone, what keys were pressed, which Web pages were visited, when calls were placed, and other information on how the device is used and when.

Eckhart discovered that Carrier IQ can be shown as present on the phone to users or configured as hidden, which was the case on the HTC phones he analyzed. And he found … Read more

Anti-censorship protests irk some Web surfers

Web sites opposed to a federal anti-piracy bill were coming up with some innovative ways of protesting the proposed law, which they claim would allow for Internet censorship. But the protests were interfering with some Web surfers.

In honor of "American Censorship Day," some Web sites were symbolically blacking out their front pages today. The big pop-ups with a darkened background urge people to contact Congress and express opposition to the Stop Online Piracy Act (SOPA). The House of Representatives held its first hearing on the controversial bill today.

Hollywood studios, the recording industry, large content holders and … Read more

4chan outage could be digital version of a food fight

4chan, a site known for launching memes and harboring trolls, was down early today following an outage earlier this week that could be attributed to a digital version of a lunchroom food fight with users of Tumblr, according to a knowledgeable source.

The evidence is in what appear to be tit-for-tat online fliers circulating among users of the sites. One flier titled "Operation Overlord: Final Phase Tumblr" vowed to take down the popular microblogging site. It urged people to download the LOIC (Low Orbit Ion Cannon) software so their computers could be used to overwhelm Tumblr with traffic … Read more

Apps that can access Google+ photos, videos may not be far off

Google is apparently almost ready to launch its first application programming interface (API) for developing new features on Google+ using photos and videos--at least, according to a Google blog post that surfaced on RSS readers before being pulled again earlier today.

Mike Elgan, a Computerworld columnist, posted a screenshot of the post on his Google+ feed and said it was "accidentally made public for a few moments," which allowed time for distribution via RSS Readers. The post also shows up in a targeted Google search, but displays the "Page not found" message when the result is … Read more

F-Secure finds rare digitally signed malware

Researchers at F-Secure have uncovered a rarity--malware that is signed with a valid code-signing certificate stolen from a government.

The malware uses a certificate for mardi.gov.my, which is the Agricultural Research and Development Institute of Malaysia. That agency told F-Secure that the certificate had been stolen "quite some time ago." It expired at the end of September so is no longer effective for authentication.

The Trojan program, which F-Secure detected as Agent.DTIW, spreads via malicious PDF files that exploit a vulnerability in Adobe Reader 8, according to the F-Secure blog.

"The malware downloads additional … Read more

Digital image can dupe Android face-based lock

A new feature in Android 4.0 will allow you to unlock the phone using facial recognition. But if you want high security, don't rely on it.

A video demonstration created by mobile blog SoyaCincau shows that the Face Unlock feature can be fooled by showing it a mere image of the face used to set up the locking mechanism. The video shows someone unlocking a Galaxy Nexus running Android 4.0, also known as Ice Cream Sandwich, by holding in front of the device a digital photo taken of him that is displayed on another phone.

Per the … Read more

Mobile app helps clean up your Facebook image

Programmer Michael Devine was looking for a job earlier this year and realized that not all potential employers would appreciate his Facebook posts as much as his friends do. So he wrote a mobile app that allowed him to clean up his potentially off-color and political posts and comments.

"I'm an impulsive guy," Devine said in a recent phone interview with CNET. "I like making people laugh and I also have strong political views. Given that, you can imagine the kinds of things I post on Facebook. So I wanted to clean up my own profile … Read more

Steam Web sites hacked, gamer data exposed

Hackers broke into a database with customer information at the Steam online gaming site, accessed user forum accounts and defaced a forum site, the company said.

"Our Steam forums were defaced on the evening of Sunday, November 6. We began investigating and found that the intrusion goes beyond the Steam forums," Gabe Newell, co-founder of Steam developer Valve Corp., said in a statement posted to the Steam site.

"We learned that intruders obtained access to a Steam database in addition to the forums," he added. "This database contained information including user names, hashed and salted … Read more