InSecurity Complex

A hacker facing trial on charges that he and a cohort conspired to break into an AT&T Web site for 3G iPad users told CNET today that he will fight the charges "to the end."

Andrew "Escher" Auernheimer, 26, was indicted several months ago on one count of conspiracy to gain unauthorized access to computers and one count of identity theft. He faces up to 10 years in prison and $500,000 in fines. Co-defendant Daniel Spitler pleaded guilty in June and a judge put the case on hold, reportedly because of plea negotiations. … Read more

Hackers compromised the NBC News Twitter account today and sent several fake tweets from the account about an attack on Ground Zero reminiscent of the attacks of September 11, 2001.

"Breaking News! Ground Zero has just been attacked. Flight 5736 has crashed into the site, suspected hijacking. More as the story develops," was the first tweet this afternoon. It was followed by two others, including one that started "This is not a joke."

The fourth tweet said "NBCNEWS hacked by The Script Kiddies."

An e-mailed NBC News statement said: "The NBC News twitter … Read more

A Dutch prosecutor has decided not to charge journalist Brenno de Winter with fraud for publicly discussing security weaknesses in the country's new OV transit chip card.

"Given the public interest, (his) meticulous work and the minimal damage caused, the prosecutor stated that the importance of freedom of information in this case outweighs (claims of fraud) and decided to close the case," a statement from the Dutch public prosecutor in Utrecht said.

De Winter told CNET in an interview that he is relieved at the decision and will now be able to resume his writing on the … Read more

Google is telling people in Iran to change their passwords and take other security precautions in the wake of an Internet attack in which the google.com domain was spoofed.

"We learned last week that the compromise of a Dutch company involved with verifying the authenticity of websites could have put the Internet communications of many Iranians at risk, including their Gmail," Eric Grosse, Google's vice president of security engineering, wrote in a blog post last night.

"While Google's internal systems were not compromised, we are directly contacting possibly affected users and providing similar information … Read more

The Anonymous group of online activists released a new tool today designed to allow people to hijack trending topics on Twitter and tweet messages within them.

Dubbed URGE (for Universal Rapid Gamma Emitter), the beta software is available for download for Windows computers and requires .Net Framework 4 to work.

"This is not a hacking tool nor is it an exploit tool," the group said in a statement. "It was created to make it easier for us to tweet faster without copying and pasting constantly."

Anonymous members say they are annoyed with all the redundant and &… Read more

Firefox browser distributor Mozilla today gave companies that sell digital certificates a week to take actions to improve their security after a certificate authority (CA) was hacked and Gmail users in Iran were targeted in a recent attack.

When a Web surfer visits a site over a protected SSL (Secure Sockets Layer) connection, the browser provides a visual indication that the site is trusted--a green URL bar or padlock, usually--based on the digital certificate for the site. If the digital certificate, which is used to authenticate a site as legitimate, is revoked or has some other problem, the browser will … Read more

A second company that provides digital certificates used to authenticate Web sites won't be issuing them while it investigates whether it has been compromised as a hacker has claimed.

A hacker who goes by the alias "Ich Sun" has taken responsibility for a recent breach at Dutch certificate authority DigiNotar that resulted in more than 500 SSL (Secure Sockets Layer) certificates being fraudulently issued, including one that was used to spoof Google.com.

The self-proclaimed Iranian patriot, who was behind a hack on certificate authority Comodo this spring, says he has hacked four or more certificate authorities, … Read more

A U.K. domain name registrar confirmed today that an attack on its system redirected traffic for some of its customers' sites to a Web page controlled by hackers.

Fewer than a dozen domain names registered by NetNames were affected by the attack, which occurred on Sunday, according to Stuart Fuller, a spokesman for NetNames parent Group NBT. He declined to name the sites that were redirected.

A list on Zone-H, which retains copies of Web defacements, shows seven sites registered by NetNames or affiliate Ascio that were affected by the Domain Name System (DNS) redirect attack on Sunday, including … Read more

For an unknown period of time this weekend, Gmail users in Iran who tried to access their accounts were at risk of having their log-in credentials stolen, after someone broke into a Dutch company to steal the digital equivalent of an identification card for Google.com.

"The people affected were primarily located in Iran," Google said in a post late last night. "The attacker used a fraudulent [Secure Sockets Layer] certificate issued by DigiNotar, a root certificate authority that should not issue certificates for Google (and has since revoked it)."

The problem surfaced yesterday after someone … Read more