hijacking

A hole in the Face.com mobile app KLIK has been closed after a researcher discovered that it could be used to hijack Facebook and Twitter accounts.

KLIK lets people tag faces in photos using Facebook, which recently acquired Israel-based Face.com. But Ashkan Soltani, a privacy and security researcher, found that it also allowed anyone to hijack a KLIK user's accounts on Facebook and Twitter to get access to photos that were private.

"The above attack not only allows access to non-public photos, but also lets the attacker potentially manipulate the Face.com app to automatically 'recognize' … Read more

Federal Communications Commission Chairman Julius Genachowski wants Internet service providers to work with government and security experts to adopt voluntary standards to protect consumers from cyber attacks.

On Wednesday, the chairman gave a speech in Washington, D.C., in which he discussed voluntary measures that ISPs and other technology companies could take to help protect the public from three major cyber threats: botnets, domain name fraud, and IP hijacking.

"Cyber attacks pose a critical threat to our economic future and national security," he said in his speech. "If you shut down the Internet, you'd shut down … Read more

When it comes to software, the desktop is the best neighborhood, and nearly every piece of software tries to move in there. Some merely set a shortcut, but others "do things," often things you don't want and, worse, can't undo.

You have several options for restoring your desktop settings when software hijacks them, most of which aren't difficult but nevertheless often prove challenging to those users who really don't care what's "under the hood" of their computer any more than they do their car or their washing machine. For them, Random … Read more

Lissn, a start-up focusing on online conversations, has picked up and moved to a new Web address after having its own hijacked last week.

Lissn had been hosted at Lissn.com, but now is located at Lissn.in, chief executive Myke Armstrong said in a blog post today.

"We have contacted the authorities and proper parties to get the domain back, but the legal process of reclaiming a domain name can take months and thousands of dollars," he said. That's "too much time and too much money for a learn startup where momentum is key. In … Read more

A funny thing happened to some traffic heading to Facebook earlier this week. It ended up going out of the way through China.

Barrett Lyon, an entrepreneur and network security expert who blogged about the incident on Tuesday, suggested it was merely an accident. But Rodney Joffe, senior technologist at DNS (Domain Name System) registry Neustar, disagrees and described it as "route hijacking."

"It's real. It is happening. It can't be described as an 'accident' anymore," Joffe, who observed similar traffic snafus involving China last year, said in an e-mail to CNET today.

China … Read more

Fooling people on the Internet is far from a difficult feat, but Web magicians are finding creative ways to make us question our own skepticism. Take YouTube user BITcrash44's concept video that shows him hacking video screens in Times Square.

This guy supposedly fashioned a broadcast device that pulls video data from the headphone jack in an iPhone and can hijack any feed in the process. The accompanying video makes creative use of After Effects, but real techies should be able to spot the discrepancies--even still, without dissecting it to death like everyone else has online, can we at least appreciate the humor and ingenuity in this project? Well done BITcrash44!

Unfortunately, not everyone uses the Internet in jest like our buddy BITcrash44--some people use it to exploit the philanthropy of innocent people who just want to donate money to charities in Japan to assist the relief effort. Be careful if you receive an e-mail that claims to be from the British Red Cross using the subject line "Japan Tsunami Appeal | British Red Cross"; it's a charity scam.

You should also keep a lookout for traps hidden… Read more

Hosts files translate human-readable domain names--"yoursite.com"--to machine-readable IP addresses. HostsMan is a free yet powerful and comprehensive tool for managing, merging, updating, disabling, editing, protecting, and duplicating hosts files from a single interface. It packs some useful extras, too.

We chose to install HostsMan and its documentation but not the optional HostsServer, a local HTTP server for browsing with custom hosts files, or the HostsOptimizer, which is designed to prevent delays caused by the DNS Client Service. HostsMan's installer also gave us the option to disable our DNS Client Service and make a backup … Read more

A report delivered today to Congress by a commission on U.S.-Chinese relations is pointing the finger at the Chinese government for continued hacking attempts and computer exploits.

"Recent high-profile, China-based computer exploitations continue to suggest some level of state support. Indicators include the massive scale of these exploitations and the extensive intelligence and reconnaissance components," noted the report from the U.S.-China Economic and Security Review Commission's (USCC).

The report specifically concluded that the Chinese government, Communist Party, and Chinese individuals and organizations continue to hack into computer systems and networks in the U.… Read more

A Chinese state-run telecom provider was the source of the redirection of U.S. military and corporate data that occurred this past April, according to excerpts of a draft report sent to CNET by the U.S.-China Economic and Security Review Commission.

The current draft of the U.S.-China Economic and Security Review Commission's (USCC's) 2010 annual report, which is close to final but has not yet been officially approved, finds that malicious computer activity tied to China continues to persist following reports early this year of attacks against Google and other companies from within the country.

In several cases, Chinese telecommunications firms have disrupted or impacted U.S. Internet traffic, according to the excerpts.

On March 24, Web traffic from YouTube, Twitter, Facebook, and other popular sites was temporarily affected by China's own internal censorship system, sometimes known as the Great Firewall. Users in Chile and the United States trying to reach those sites were diverted to incorrect servers or encountered error messages indicating that the sites did not exist. The USCC report said it was as if users outside China were trying to access restricted sites from behind China's Great Firewall.

Then on April 8, a large number of routing paths to various Internet Protocol addresses were redirected through networks in China for 17 minutes. The USCC identified China's state-owned telecommunications firm China Telecom as the source of the "hijacking." This diversion of data would have given the operators of the servers on those networks the ability to read, delete, or edit e-mail and other information sent along those paths.

The April incident affected traffic to and from U.S. government and military sites, including sites for the Senate, the Army, the Navy, the Marine Corps, the Air Force, and the office of the Secretary of Defense, the USCC said. Rodney Joffe, senior technologist at Domain Name System registry Neustar, also confirmed in a recent interview with CNET that the data diverted to China came from Fortune 500 companies and many branches of the U.S. government.

Evidence didn't clearly indicate whether this diversion of data was done intentionally or for what purpose, according to the USCC. But the capability alone raises a red flag.

"Although the commission has no way to determine what, if anything, Chinese telecommunications firms did to the hijacked data, incidents of this nature could have a number of serious implications," said the report excerpts. "This level of access could enable surveillance of specific users or sites. It could disrupt a data transaction and prevent a user from establishing a connection with a site. It could even allow a diversion of data to somewhere that the user did not intend (for example, to a 'spoofed' site)."

The report also commented on an incident in April in which a China-based spy network was accused of targeting government departments, diplomatic missions, and other groups in India. The activity, which also compromised computers in at least 35 other countries, including the U.S., grabbed sensitive documents from the Indian government.… Read more