hacker

NASA hacker judicial review date set

A date has been set for a High Court judicial review of NASA hacker Gary McKinnon's case.

The review, set for June 9 and 10, will focus on whether McKinnon's diagnosis with Asperger's syndrome was taken into account during his appeals process.

McKinnon's mother, Janis Sharp, told ZDNet UK about the judicial review date via an e-mail on Friday. Sharp said she had felt "broken" and "beaten up" by a Crown Prosecution Service decision on Thursday not to prosecute McKinnon in the U.K., but that she was now "getting back … Read more

NASA hacker McKinnon moves closer to extradition

The Crown Prosecution Service has decided it will not prosecute self-confessed NASA hacker Gary McKinnon in the U.K., edging him closer to extradition to the U.S.

McKinnon's diagnosis with Asperger's Syndrome, a condition on the autistic spectrum, had not been taken into account in the decision, a Crown Prosecution Service (CPS) spokesperson told ZDNet UK on Thursday.

U.S. authorities last year won the extradition of McKinnon to face charges of breaking into 97 military and NASA computers. In December, McKinnon's legal team sent a letter to the CPS in which he confessed to offenses … Read more

Adobe warns of critical, unpatched security flaw

Update at 8:45 a.m. PST: Information from security firm Symantec added.

Attackers are making the rounds and exploiting a critical security flaw in Adobe Reader 9 and Acrobat 9.

Earlier versions of the PDF-related software are also affected by the critical security flaw, which could cause the applications to crash and potentially let an attacker gain control of a person's computer, Adobe Systems warned Thursday.

Reports also surfaced that attackers have developed an exploit and are taking advantage of the flaw, the company said.

Adobe has yet to develop an update to address the vulnerability but noted … Read more

Audit: No customer data exposed in Kaspersky breach

An independent audit of a data breach at security firm Kaspersky's U.S. Web site has confirmed that no customer data was exposed, Kaspersky said on Friday.

A Romanian hacker site used a SQL injection and cross-site scripting attack to get access to a database on a Web site of the Moscow-based Kaspersky and publicized the attack on Saturday.

Kaspersky announced on Monday that it would hire database security expert David Litchfield to analyze the breach.

In the report, Litchfield concludes that an attacker based in Romania used Google to search for Web servers owned by Kaspersky running applications … Read more

F-Secure provides details on Web site breach

Helsinki-based security firm F-Secure said on Thursday that a breach of its Web site earlier in the week by a Romanian hacker site was limited in scope and impact.

On Wednesday the HackersBlog site said it had used a SQL injection and cross-site scripting attack to get access to data on an F-Secure Web site. Earlier, the site had launched similar attacks on a site of security firm Kaspersky and one belonging to a partner of BitDefender.

F-Secure said the problem with its site was due to a bug in a Web application and not related to an unpatched system.… Read more

Podcast: Beware of Valentine malware

Valentine's Day, like other holidays, is a time when malicious software writers and hackers like to trick people into clicking on links that could deliver a malicious payload to their PC. CBS News and CNET Technology Analyst Larry Magid talked about the threat with David Perry of security company Trend Micro. Perry isn't terribly worried about the threat but does say that web users need to be aware. He says that certain Valentine's Day search terms are more likely than others to lead to infected websites.

Hacker site claims breach of third security firm Web site in a week

A Romanian hacker site said on Wednesday it was able to breach the Web site of Helsinki-based security firm F-Secure just as it had gained access to the sites of two other security companies earlier in the week.

F-Secure is "vulnerable to SQL Injection plus Cross Site Scripting," an entry on the HackersBlog site said. "Fortunately, F-Secure doesn't leak sensitive data, just some statistics regarding past virus activity."

An F-Secure spokesman said the company had taken the affected server down and that it was a low-level server that was not critical to the company and … Read more

Kaspersky hires expert to analyze Web site hack

Updated 3:10 p.m. PST with comment from BitDefender.

Moscow-based security firm Kaspersky has hired a security expert to investigate the weekend breach of its U.S. site, the company said Monday.

Meanwhile, the hacker site claiming credit for the breach said on Monday that it had done the same compromise on the Portuguese Web site of antivirus provider BitDefender.

In a statement, BitDefender said an unnamed partner site was compromised and that the company was investigating the incident to help the partner prevent it from happening again. "This was an unfortunate event and while we sympathize with … Read more

Kaspersky denies leaks after SQL hack

The U.S. Web site of Russian antivirus vendor Kaspersky Lab was hacked over the weekend, exposing the company's customer database. But Kaspersky denies any data was compromised and says the vulnerability wasn't critical.

An unidentified hacker reported over the weekend that he was able to access a complete profile of the company's databases, revealing its clients' names, activation codes, list of bugs the company tracks, and client e-mail addresses.

The hacker claims to have hacked Kaspersky's databases using an SQL injection attack, which exploits a vulnerability in an application's database layer.

The method has … Read more