Vulnerabilities & attacks

BOSTON--A federal judge on Thursday let stand a temporary restraining order preventing three Massachusetts Institute of Technology students from discussing or disclosing their research into security vulnerabilities in the payment system for the local subway system.

In a 45-minute hearing here, U.S. District Judge George O'Toole Jr. also granted a request by the Massachusetts Bay Transportation Authority to obtain documents from the three students and their MIT professor Ron Rivest, a renowned researcher best known as co-inventor of the RSA public key encryption system commonly used in e-commerce systems.

O'Toole didn't amend or revoke the temporary … Read more

In Wednesday's edition of the Daily Debrief, CNET security expert Robert Vamosi and I discuss the latest exchange of cyberattacks between warring countries Russia and Georgia. It's been concluded that the initial attacks on the Georgian president's Web site were not the work of another government or sanctioned agency, but rather, amateurs whose country or origin is still unknown. Regardless, the Web site of a Russian newspaper has since come under attack in retaliation, most likely at the hands of the Georgians.

As Vamosi points out, there've been a handful of such attacks over the last … Read more

A flood of e-mails pretending to be from MSNBC contain links to malicious software, security companies warned Wednesday.

According to an MX Lab blog post, subject lines always start with "msnbc.com - BREAKING NEWS" then are followed with a variety of possible headlines, including: "Google launches free music downloads in China"; "Plane crashes into prep school, hundreds of kids killed"; "Please give your opinions for change"; and "US Dollar hits 6-year high, further gains expected."

The Web address http://breakingnews.msnbc.com is valid if you type it into … Read more

Update at 8:35 a.m. PT on Wednesday: Since ZDNet UK published this article, a patch for the flaw has been posted to VMware's Web site.

VMware virtual machines on all hosts with the company's latest hypervisor, ESX 3.5 Update 2, in enterprise configurations have found that it will not power on after being turned off.

The hypervisor refuses to start when the date is August 12, with customers around the world discovering the problem as midnight was passed in their time zones. A flaw in the VMware licensing code is responsible, according to Martin Niemar, … Read more

Initial information suggests that Internet attacks on Georgian Web sites over the last two weeks are the work of kids, according to one researcher, while another says the intensity of these attacks is short-lived when compared with attacks in Estonia last year.

In an e-mail to CNET News, Gadi Evron, founder of the Zero Day Emergency Response Team, said that "although the impact on their Web sites is clear, I believe this may end up being just some kids who got overexcited, with Georgia being ill-prepared to say the least. "

Posting on CircleID, Evron wrote that there are … Read more

The state of Massachusetts plans to ask a federal judge on Thursday to keep in place a restraining order that prevents three MIT students from publicly discussing vulnerabilities they discovered in subway card security.

U.S. District Judge George O'Toole in Boston is scheduled to hear arguments at 11 a.m. ET on whether to modify or eliminate the temporary restraining order, which attorneys for the students characterize as a prior restraint in violation of decades of First Amendment precedent.

A different judge who was on duty on Saturday gave the Massachusetts Bay Transportation Authority an order prohibiting the … Read more

Three MIT students are disputing the Massachusetts transit agency's version of the events that led to the state filing a lawsuit last week--and obtaining a restraining order against their talk on subway card security scheduled for Sunday.

The latest dispute originates in comments made by to CNET News by Massachusetts Bay Transportation Authority spokesman Joe Pesaturo in in a report published Monday. In his e-mail to us, he said the students "agreed to provide the MBTA with a copy of the presentation" scheduled for the Defcon hacker conference on Sunday but never did.

A response posted Tuesday … Read more

Gary McKinnon, a British man accused of hacking into U.S. military systems, has been granted a short stay of his extradition.

Last month, McKinnon lost his battle in the House of Lords against extradition to the U.S. to face charges of hacking various military systems. His final recourse now will be if the European Court of Human Rights (ECHR) agrees to hear his appeal.

The London law firm representing McKinnon, Kaim Todner, stated on Tuesday that the ECHR will consider as soon as August 28 whether McKinnon can appeal.

"The presidents of the European Court (of) Human … Read more

The state of Massachusetts said Monday it is not prepared to abandon its lawsuit against MIT students who uncovered security vulnerabilities in Boston transit cards, even though thousands of copies of their 87-page presentation have been distributed.

A federal judge on Saturday granted the state transit authority's request for a restraining order barring the students' planned presentation at the Defcon conference. It orders them not to disclose any "program, information, software code, or command that would assist another in any material way to circumvent or otherwise attack the security of the Fare Media System."

The MIT students … Read more