Intel raised the bar in the processing game when this Tuesday they announced the release of the first 32nm processors. The big selling point here, according to the vendor, is the security aspects.

From The Taiwan Economic Times:

According to world`s No.1 chipmaker, the new processors are the industry`s first 32nm enterprise-grade devices integrating security capabilities that enhance data integrity and server virtualization as well as first six-core embedded computing processors. New structures enable the processors to deliver up to 60% greater performance than the 45nm Intel Xeon 5500 cousins, allowing data centers to replace 15 single-core servers with only one Xeon 5600-driven server and achieve a return on their investment in as little as five months.

The big selling points here being cloud computing and the financial sector. The real rub here will be how it will stand up against Joanna Rutkowska this time. Last time this is what happened (.pdf).

Article Link

(Image used under CC from Josh Bancroft)

While I’ve been working on Liquidmatrix now since around ‘98 there have been amusing moments along the way. This morning I was struck with this interesting advertisement placement. Apparently you can find “Liquid Matrix” at roughly 6500 different vendors.

Um, yeah.

Sexy headline. Cool sounding story. The bait is set. Now just to reel me in…

From Wired:

More than 100 drivers in Austin, Texas found their cars disabled or the horns honking out of control, after an intruder ran amok in a web-based vehicle-immobilization system normally used to get the attention of consumers delinquent in their auto payments.

Police with Austin’s High Tech Crime Unit on Wednesday arrested 20-year-old Omar Ramos-Lopez, a former Texas Auto Center employee who was laid off last month, and allegedly sought revenge by bricking the cars sold from the dealership’s four Austin-area lots.

OK, that sounds interesting. I wonder how Ramos-Lopez managed to pull this one off. Could have been a zero day? Some sort of system compromise? System breach using malware?

The troubles stopped five days later, when Texas Auto Center reset the Webtech Plus passwords for all its employee accounts,

Wait, what?

Ramos-Lopez’s account had been closed when he was terminated from Texas Auto Center in a workforce reduction last month, but he allegedly got in through another employee’s account,

He had a password? Since when does that qualify as a “hacker”?

“Omar was pretty good with computers,” says Garcia.

Apparently. Who knew that a little knowledge (ie. password) and a browser could be so powerful.

Sarcasm off. Clarity when dealing with terms is always something to behold. Was this a crime? Yes. Was he a hacker? Hell no.

Article Link

(Image used under CC from nolifebeforecoffee)

A Happy St. Patrick’s Day to one and all!

cheers,
Dave

Click here to subscribe to Liquidmatrix Security Digest!.

And now, the news…

1. Researchers find zero day flaw in Windows Virtual PC | V3
2. How Privacy Vanishes Online | NY Times
3. UK ID card data to be split among three databases | Third Factor
4. Secret Document Calls Wikileaks ‘Threat’ to U.S. Army
5. Medicare data breaches increase privacy fears | Australian IT
6. Ford preps anti-hacking tech for in-car WiFi | The Register
7. Shootout at Chandrayaan’s data facility | India Times
8. Survey: Disaster recovery a bigger priority than data security | Security Info Watch

Tags: News, Daily Links, Security Blog, Information Security, Security News

So, when you log in to your FaceMyTwiBookSpacetter account next time, do you know who your “friends” are? Back in 2008 we had fun with the fact that Satan was on our friends list. But now, it turns out that some of those people in your list might be wearing the mirrored sunglasses with the ear piece.

From Wired:

The next time someone tries to “friend” you on Facebook, it may turn out to be an undercover fed looking to examine your private messages and photos, or surveil your friends and family. The Electronic Frontier Foundation has obtained an internal Justice Department document that describes what law enforcement is doing on social networking sites.

The 33-page document shows that law enforcement agents from local police to the FBI and Secret Service have been logging on to MySpace and other sites undercover to communicate with suspects, read private postings and view photos and videos that are restricted to a user’s friends.

This puts a decidedly bizarre bent on criminal investigations. How many people did they add that were not of a criminal disposition? Did any of this information ultimately get used in court and would it be admissible?

For more on this story read on.

Article Link

(Image used under CC from Dunechaser)

“It’s gotta be Monday. No other day makes me feel this way” – Doug & The Slugs

cheers,
Dave

Click here to subscribe to Liquidmatrix Security Digest!.

And now, the news…

1. Iran hacks US spy websites, arrests cyber activists | Tech World
2. Ottawa lays out ‘all-hazards’ national emergency plan | The Globe and Mail
3. IT contractors convicted of UK casino hack scam | The Register
4. Microsoft races to plug IE hole after exploit code released | CNET
5. Phishing emails from ‘Amazon’ are well out of order | The Guardian
6. Cost of Internet fraud on steep rise | Washington Post
7. Pentagon trains workers to hack Defense computers | CNN

Tags: News, Daily Links, Security Blog, Information Security, Security News

HSBC has been having a really rough go trying to keep a handle on their data and system security. Examples 1, 2, 3, 4, 5 and 6.

A tad disconcerting for their customer base.

From Infosecurity UK:

HSBC’s Swiss banking operation – operating in an industry that is reknowned for its secrecy – has been rocked by revelations that details on as many as 24 000 of its wealthiest clients have been leaked.

When the news of the data leakages – apparently caused by a rogue member of the HSBC staff – were first reported last December, it was thought that fewer than 10 accounts were involved. At the time, Herve Falciani, a former HSBC IT specialist, was reported to have stolen the data and passed it to the French tax authorities.

HSBC has now admitted it has now discovered that 15 000 existing and 9000 former clients were affected.

That certainly is a lot more than ten accounts which was the number they thought were affected when this first came to light in Dec ‘09. This is further compounded by this passage, “HSBC says it only realised the full extent of the data leak earlier this month when the Swiss authorities returned the data in their possession.” I would hazard a guess that at some point HSBC will realize that they have what appears to be a systemic problem with their security program. A quick scan of their Canadian site shows that they are trying to bring on some new security people. I wonder if they have a decentralized security model at HSBC. It would certainly explain a fair bit.

For more on this latest breach, read on.

Article Link

(Image used under CC from K e v i n)

In what has the hallmarks of being the largest recorded data breach in South Korea ever, 20 million+ individuals have had their data exposed. As a result of this an investigation has begun.

From AFP:

South Korea said Friday it would launch a probe into security systems of major retailer Shinsegae and 24 other companies after private data on some 20 million customers was leaked.

The move came a day after police arrested three South Koreans for selling private information, including IDs, passwords and addresses, of more than 20 million compatriots online.

The three suspects bought the data from Chinese hackers who are still at large, police said.

Ah, the spectre of the ever present Chinese hacker. The Korea legal structure is definitely taking this problem seriously. Just last month the heads of four ISPs were each sentenced to a month in jail for facilitating illegal online activity. Hmm. Now there’s a concept.

Article Link

(Image used under CC from US Army Korea – IMCOM)

This week it appears that the data breaches are falling from the trees. In this particular case a physicians assistant was alleged to have been collecting data on patients. It was apparently for some unsanctioned study. To make matters worse the data was being stored on an unencrypted laptop.

Now a criminal investigation has begun into the allegations.

From Atlanta Journal Constitution:

The inspector general is investigating a report that a physician assistant stored unauthorized clinical information on her personal laptop regarding veterans who were seen at one of the VA specialty clinics, according to the document.

The document said there are reportedly two sets of patient information involved — one that includes more than 18 years of data, and another that includes up to three years of data.

The agency has yet to determine how many veterans are affected or the degree to which the data contained personal and medical information.

From the article it seems unclear as to whether or not any of the data was compromised beyond this particular individual. These are points that will no doubt be addressed as a part of the investigation.

Article Link

(Image used under CC from Garrulus)

Sometimes it appears that the influence of the 1983 film “War Games” continues to hold sway with people.

Sometimes, it doesn’t end so well.

From My Fox Houston:

A 17-year-old Cy-Fair ISD student is facing a felony charge after he allegedly hacked into the district’s computer security network and caused more than $10,000 in damage.

Cy-Fair High School student Richard Alan Urban is scheduled to appear in court April 13 on a charge of computer security breach, a state jail felony.

The odd thing that I found with this article, about this apparently hapless student from Houston, was that at the end of the article it says that “The breach only slowed down the servers.” However earlier in this passage, “By the next day, more users had been deleted from the network, so the school district’s technical team began searching for a possible hacker.”

I have the distinct impression that they do not in fact have a clear grasp on what this person was allegedly able to access. I’m imagining that this will come out in the wash later.

For more on the story, read on.

Article Link