InSecurity Complex

Update of Android malware uses exploit to take over

A new variant of a piece of Android malware dubbed LeNa (Legacy Native) has been modified so that it does not require user interaction to take control of a device, mobile security firm Lookout said today.

LeNa has been seen on alternative Android markets and not Google Play, so its spread will be limited to people who risk those exchanges, particularly Chinese users, Lookout said in a blog post. The malware masquerades as a legitimate app, and the latest version can appear as a fully functional copy of the recently released Angry Birds Space, among other apps.

The original version … Read more

Old-time hacktivists: Anonymous, you've crossed the line

In December 1998, a U.S.-based hacker group called Legions of the Underground declared cyberwar on Iraq and China and prepared to protest human rights abuses in those countries by disrupting their Internet access.

About a week later, a coalition of hackers from groups including Cult of the Dead Cow (cDc), L0pht, Chaos Computer Club in Germany, and hacker mags 2600 and Phrack issued a statement condemning the move. "We - the undersigned - strongly oppose any attempt to use the power of hacking to threaten to destroy the information infrastructure of a country, for any reason," … Read more

Sophos warns of Twitter scam involving Draw Something

The Pictionary-type game Draw Something is so popular it was only a matter of time before online scammers jumped on the bandwagon.

Security firm Sophos is warning about a scam on Twitter that is designed to trick people into filling out a survey with the promise of possibly winning a prize. But like nearly all prize offers online, this one is fake.

Basically, the scam is triggered by Twitter posts mentioning "Draw Something." A Twitter account that is not affiliated with game creator OMGPOP is offering prizes to people who have referenced the game in a tweet and … Read more

110,000 PC-strong Kelihos botnet sidelined

A new version of the Kelihos spamming botnet has been sidelined by using the peer-to-peer distribution mechanism to basically hijack it, researchers announced today.

The botnet, which was used mostly to distribute spam for Canadian pharmaceutical firms but also stole bitcoin wallets containing virtual currency, was about three times larger than an earlier variant, according to CrowdStrike, the security firm that worked with Kaspersky, Dell SecureWorks, and Honeynet Project to shut down the botnet.

The researchers reverse-engineered the malware code and wrote their own software that rerouted infected computers to communicate with servers controlled by researchers and law enforcement rather … Read more

Apparent Groupon hole exposes customer data

An apparent security hole in Groupon's Web site has exposed the data of at least one customer, a Groupon customer who discovered the problem told CNET today.

When Stephen Pipino logged into the Web site to make a purchase, he saw someone else's credit card information and address displayed in his account, along with his own credit card data. The information belonged to someone with his same first and last name. Pipino verified that the address matched a business address for the other Pipino and has contacted him to let him know about the problem.

"This was … Read more

TSA asks congressional panel to uninvite critic Bruce Schneier

Bruce Schneier, a vocal critic of security measures used by the Transportation Security Administration, was asked to testify before Congress about TSA's security screening initiatives but then was "formally uninvited" after the agency complained.

"On Friday, at the request of the TSA, I was removed from the witness list," Schneier wrote on his blog. "The excuse was that I am involved in a lawsuit against the TSA, trying to get them to suspend their full-body scanner program. But it's pretty clear that the TSA is afraid of public testimony on the topic, and … Read more

Hackers steal passwords from military dating site

Hackers broke into the database for a military dating Web site and stole passwords, e-mail addresses, and other information from nearly 171,000 accounts, according to a post on the Pastebin site this weekend:

"The website http://www.militarysingles.com/ was recently closed day ago or so, so we dumped email db," the hackers said in their post. "There are emails such as @us.army.mil ; @carney.navy.mil ; @greatlakes.cnet.navy.mil ; @microsoft.com ; etc.."

So-called "data dumps" are a common occurrence, but what makes this one notable is that the group is … Read more

Why 'data breach' isn't a dirty word anymore

Three years ago one of the largest payment processors in the country reported that hackers had accessed its computer system, exposing millions of credit card numbers in what is believed to be the largest hacking-related security breach ever.

Heartland Payment Systems' CEO said at the time that the breach had occurred in 2008, but had only been discovered in January 2009. According to the DataLossDB site, the Heartland breach involved 130 million credit and debit card numbers. The company was sued by shareholders, but the suit was dismissed. Meanwhile, after pleading guilty to that hack as well as a slew … Read more

Puppy mill ads halted on Facebook

In a win for animal shelters and dogs in general, puppy mill ads on Facebook are being pulled.

Oodle Classifieds, the company that powers the marketplace section of Facebook, has agreed to stop allowing ads on the popular social-networking site from people who breed dogs and sell them over the Internet, according to the American Society for the Prevention of Cruelty to Animals (ASPCA).

Many puppies sold online come from breeders that keep dogs caged in unsanitary, overcrowded, and often cruel conditions without adequate veterinary care, food, water or socialization. Puppy mills that sell directly to people are exempt from … Read more