The financial Times is reporting today that the Pentagon’s computers were hacked by the Chinese Military in June of this year!
If it is true then this is the first publicised attack on US computer systems by the Chinese Military since the Titan Rain attacks of 2003.
According to the article:
The PLA regularly probes US military networks â€“ and the Pentagon is widely assumed to scan Chinese networks â€“ but US officials said the penetration in June raised concerns to a new level because of fears that China had shown it could disrupt systems at critical times.
â€œThe PLA has demonstrated the ability to conduct attacks that disable our system…and the ability in a conflict situation to re-enter and disrupt on a very large scale,â€ said a former official, who said the PLA had penetratedâ€‰theâ€‰networksâ€‰of US defence companies and think-tanks.
What with the Russian cyber attacks on Estonia earlier this year and now this Chinese attack on the US, cyber warfare seems to be becoming less science fiction and more science fact.
Update – more coverage of this story on Techmeme
I see on the Google Security Blog that Google have launched a Safe Browsing api.Â In other words, Google are making available its dynamic blacklist of phishing and malware sites so ISPs and web app coders can check against it.
This should help ensure unwitting users are notified before they browse to to unsafe sites and submit their confidential information.
Google are actively encouraging 3rd party participation –
Sign up for a key and let us know how we can make the API better. We fully expect to iterate on the design and improve the data behind the API, and we’ll be paying close attention to your feedback as we do that. We look forward to hearing your thoughts.
Great idea guys.
Not that we haven’t known that for some time but it was recently drilled home to me on my flight back from Madrid last week.
My son Enrique has asthma. He got quite bad with it earlier this year when we were in Spain and a Spanish doctor prescribed a cough suppressant called Expectu to help him sleep.
When I was in Madrid, my wife asked me to get another bottle of Expectu to bring home. So far, so good. Except, the bottles for sale in the pharmacies were 200ml and you can only bring bottles less than 100ml onto the plane (I only had hand luggage).
What did I do? I asked the pharmacist to decant the 200ml of Expectu into smaller bottles (in dreadfully pidgen Spanish!). He obliged and poured it into four 75ml bottles. I put these bottles into a clear plastic bag along with my deodorant and toothpaste fully expecting to be stopped at the airport.
Not a bit of it. Going through security, the guard took out one of the four bottles, checked the volume of it and, satisfied that it was less than 100ml, replaced it in the clear plastic bag!
Fantastic! For all you aspirant terrorists out there making liquid bombs – decant the bombs into small bottles if you want to get them onto the plane and you are sorted (oh, and just in case you thought I was serious, here’s why you should save yourself the trouble of trying to make a liquid bomb)!
WordPress was updated to 2.1.2 overnight after it was found that one of their download servers was compromised and malicious code introduced into version 2.1.1 to include code that would allow for remote PHP execution!
From the WordPress site:
What You Can Do to Help
If your blog is running 2.1.1, please upgrade immediately and do a full overwrite of your old files, especially those in wp-includes. Check out your friends blogs and if any of them are running 2.1.1 drop them a note and, if you can, pitch in and help them with the upgrade.
If you are a web host or network administrator, block access to â€œtheme.phpâ€ and â€œfeed.phpâ€, and any query string with â€œix=â€ or â€œiz=â€ in it. If youâ€™re a customer at a web host, you may want to send them a note to let them know about this release and the above information.
This only affects you if you are hosting your own copy of WordPress and it is version 2.1.1. If you are on any other version or are on WordPress.com then you can safely ignore this.
According to an article in InformationWeek, a privilege escalation vulnerability has been found in Windows Vista.
The vulnerability was reported to Microsoft by eEye Digital Security on the 19th of January.
Marc Maiffret, Chief Hacking Officer of eEye said:
with this vulnerability, you can elevate yourself to system-level access. Any normal user can do anything they want to the system.
He went on to speculate that:
If it was coupled with a virus or a different remote vulnerability, it would be a lot more serious… On its own, though, it’s only medium [threat]
Oh dear! How much did Microsoft invest in Vista again?
UPDATE: This video has been taken down from YouTube,
There is a version of it on the Mac site here (.mov) and there are two similar ads on this page on the Apple site.
Good buddy Dennis Howlett has uncovered, through some clever financial detective work (Dennis is a former accountant), some very dodgy dealings.
It seems that the CEO of Symantec, John Thompson, made $1.5m profit on the sale of Symantec shares very shortly before the announcement to the market of losses by Symantec (and the inevitable share price fall that ensued).
This looks very bad and reeks of insider knowledge (whether or not that is, in fact, the case).
Companies engaged in security need to be whiter than white. When the CEO’s reputation is on the line like this, Symantec needs to explain this one quickly to everyone’s satisfaction of John Thompson needs to resign.
Microsoft released updates for critical vulnerabilities in Windows (2000, XP and 2003). This includes fixes for three vulnerabilities that “criminal hackers are already exploiting” according to Brian Krebs.
The patches fix vulnerabilities which can allow remote code execution (it doesn’t come much worse than that!).
Personally, I think they are trying to scare people into upgrading to Vista 😉
Let the conspiracy theories commence…
I’m delighted to see that all my nagging of my old friend John Prendergast has paid off and he has started a blog!
However, I wouldn’t have been more surprised if it was about crochet! I never knew John was a closet golf fan.
John’s is the Ryder Cup blog (the Ryder cup is the biennial golf competition between Europe and the US). The Ryder cup is being held in Ireland this year.
John has all the Ryder Cup info on his blog from the Park and Ride facilities to security arrangements (no mobile phones allowed – security my arse, they just don’t want any camera phones getting news out before Sky do!) to player profiles.
John also makes use of Microsoft’s Live Local mapping to put up maps of the area and he has and a great looking template too.
Good stuff John – as someone who knows nothing about golf, even I found this site interesting!
WordPress was updated to version 2.0.4 over the weekend.
This release contains several important security fixes, so itâ€™s highly recommended for all users. Weâ€™ve also rolled in a number of bug fixes (over 50!), so itâ€™s a pretty solid release across the board.
WordPress 2.0.4 is available for download here.