Security News Shootout!
At the end of each month, two consultants from Matta put forward three of their favourite stories
in information security and invite a guest judge to pick the best story.
There's no prizes, only fame or shame.
This month, March, Rob Connolly will be seeing if he can come up trumps again against the
dethroned ex-champion Nick Baskett.
 Nick
First story
SWAT's that? A knock on the door?
To paraphrase Home Simpson "Bad things are only funny when they
happen to someone else". In this case, a blend of social
engineering and spoofed VOIP numbers led to some SWAT teams swooping
all over Texas on innocent families. A number of injuries to these
innocent parties were mentioned, but no details given. I guess the
SWAT teams are not known for the softly softly approach.
http://www.securityfocus.com/brief/702?ref=rss
Second Story
Shocking new commercial product!
Worried about terrorists when flying? Air marshalls may be on
flights, but how do you know they're not going to plug holes in
everyone around them when tackling the terrorist threat. Well,
thankfully we can now rest assured, as new technology is being
developed with a different approach. Shackle every passenger with
electrocuting bracelets and just zap the bad guys. It's not clear
whether this will be authorised just for terrorist threats, or
whether it could be extended to include passengers who've had too
much to drink, football supporters, or people who talk too loudly.
http://www.youtube.com/watch?v=f7yJXhxF1mM...
Third Story
Hacking is the Heart of the Problem
Brings a whole new meaning to the term Denial of Service. Hackers
step up the pace, and find out that pumping information out of these
devices is not so tough.
http://www.nytimes.com/2008/03/12/business/12heart-web.html?_r=1&ref=...
Rob
First story
Digital billboards in California hacked by graffiti artist
Every major city has to deal with the troubles of neighborhood
graffiti. On the one side it.s a way for some of today.s youth to express
themselves and on the other it is costly to remove and lowers property values in
neighborhoods. Well, graffiti art has now crossed into the 21st century as one clever
graffiti artist recently hijacked several digital billboards in Southern California.
http://www.geek.com/digital-billboards-in-california-hacked-by-graffiti-artist/
Second Story
Hackers Assault Epilepsy Patients via Computer
Internet griefers descended on an epilepsy support message board last
weekend and used JavaScript code and flashing computer animation via
Cross-Site Scripting (XSS) attacks to trigger migraine headaches and
seizures in some users.
http://www.wired.com/politics/security/news/2008/03/epilepsy
Third Story
Hackers expand massive IFrame attack to prime sites
This is an interesting new attack (or at least a new spin on an old attack)
using XSS attacks to implant browser exploit code into website search
engine caches.
http://www.computerworld.com/action/article.do?command=viewArticleBasic&ar...
The Result!
This month the judging was done by Jon McClelland, from AEMS.
Jon says,
"Well, if it's a vote for the most unusual hack, that's proved to be
very effective, I'd go for the hack on Epilepsy Patients."
"It's amazing to see computer hacking used to inflict pain/injury on
people so directly!? Quite scary. Although the hack on the Pace
Makers is quite similar, it looks like it wouldn't work at long
distance, so just a theorectical attack currently."
"The epilepsy attack is like something from a B-movie, where
thousands of 'zombies' are created and 'programmed' to go and do
evil deeds on behalf of Dr. Evil-Hacker. What next? Will they add
subliminal frames (1 every 25th frame) into Flash movies programming
everyone (not just epileptic people) who views the movie into doing/
buying something?"
http://www.wired.com/politics/security/news/2008/03/epilepsy
|
