Tuesday, June 29, 2010

Destination Hotels Card-Processing System Hacked

Robert McMillan writes on ComputerWorld:

Hackers have broken into the payment processing system of Destination Hotels & Resorts, a high-end chain best known for its resort hotels in destinations such as Vail, Colorado; Lake Tahoe, California; and Maui, Hawaii.

Guests who recently stayed at 21 of the resort's 30 hotels may have been victimized by the scheme, which appears to have compromised point-of-sale systems. The company refused to release many details of the incident -- citing an ongoing investigation by the U.S. Federal Bureau of Investigation -- but in a note posted to its Web site said that it had "uncovered a malicious software program inserted into its credit card processing system from a remote source."

Destination Hotels is in the process of notifying victims but will not say how many people have had their credit card numbers stolen, a company spokeswoman said.

However, the attackers appear to have hit only point-of-sale processing systems, where credit cards are swiped for purchases. Personal information such as guests' home addresses was not compromised, the company said.

More here.

Also, from last week: 700-Plus Credit Cards Stolen from Hotel Chain

ACLU Study Highlights U.S. Surveillance Society

David Kravets writes on Threat Level:

Welcome to the surveillance society.

That’s what the American Civil Liberties Union concluded Tuesday with a report chronicling government spying and the detention of groups and individuals “for doing little more than peacefully exercising their First Amendment rights.”

The report, Policing Free Speech: Police Surveillance and Obstruction of First Amendment-Protected Activity [.pdf], surveys news accounts and studies of questionable snooping and arrests in 33 states and the District of Columbia the past decade.

Dated June 2 but announced and released Tuesday, the report provides an outline of, and links to, dozens of examples of Cold War-era snooping in the modern age.

“Our review of these practices has found that Americans have been put under surveillance or harassed by the police just for deciding to organize, march, protest, espouse unusual viewpoints and engage in normal, innocuous behaviors such as writing notes or taking photographs in public,” Michael German, an ACLU attorney and former Federal Bureau of Investigation agent, said in a statement.

More here.

Monday, June 28, 2010

e-Banking Bandits Stole $465,000 From California Escrow Firm

Brian Krebs:

A California escrow firm has been forced to take out a pricey loan to pay back $465,000 that was stolen when hackers hijacked the company’s online bank account earlier this year.

In March, computer criminals broke into the network of Redondo Beach based Village View Escrow Inc. and sent 26 consecutive wire transfers to 20 individuals around the world who had no legitimate business with the firm.

Owner Michelle Marisco said her financial institution at the time — Professional Business Bank of Pasedena, Calif. – normally notified her by e-mail each time a new wire was sent out of the company’s escrow account. But the attackers apparently disabled that feature before initiating the fraudulent wires.

The thieves also defeated another anti-fraud measure: A requirement that two employees sign off on any wire requests. Marisco said that a few days before the theft, she opened an e-mail informing her that a UPS package she had been sent was lost, and urging her to open the attached invoice. Nothing happened when she opened the attached file, so she forwarded it on to her assistant who also tried to view it. The invoice was in fact a Trojan horse program that let the thieves break in and set up shop and plant a password-stealing virus on both Marisco’s computer and the PC belonging to her assistant.

More here.

Sunday, June 27, 2010

FTC Says Scammers Stole Millions, Using Virtual Companies

Robert McMillan writes on ComputerWorld:

The U.S. Federal Trade Commission has disrupted a long-running online scam that allowed offshore fraudsters to steal millions of dollars from U.S. consumers -- often by taking just pennies at a time.

The scam, which had been run for about four years years, according to the FTC, provides a case lesson in how many of the online services used to lubricate business in the 21st century can equally be misused for fraud.

"It was a very patient scam," said Steve Wernikoff, a staff attorney with the FTC who is prosecuting the case. "The people who are behind this are very meticulous."

The FTC has not identified those responsible for the fraud, but in March, it quietly filed a civil lawsuit in U.S. District Court in Illinois. This has frozen the gang's U.S. assets and also allowed the FTC to shut down merchant accounts and 14 "money mules" -- U.S. residents recruited by the criminals to move money offshore to countries such as Bulgaria, Cyprus, and Estonia.

More here.

Friday, June 25, 2010

Pentagon Spies Build New Database on Foreign and Domestic Threats

Mark Hosenball writes on Newsweek.com:

The Pentagon’s main spy outfit, the Defense Intelligence Agency, is building a new database which will consolidate in one system “human intelligence” information on groups and individuals—potentially including Americans—collected by DIA operatives in United States and abroad.

A notice published earlier this week in the government’s regulatory bulletin, the Federal Register, says the manager of the system will be a little-known DIA unit called the Defense Counterintelligence and Human Intelligence Center (DCHC).

Records held in the database, the notice says, could include information on “individuals involved in, or of interest to, DoD intelligence, counterintelligence, counterterrorism, and counternarcotic operations or analytical projects as well as individuals involved in foreign intelligence and/or training activities.” Among the data to be stored: “information such as name, Social Security Number (SSN), address, citizenship documentation, biometric data, passport number, vehicle identification number and vehicle/vessel license data.” Actual intelligence reports from the field and analytical material which would help “identify or counter foreign intelligence and terrorist threats to the DoD and the United States” will also be included.

“That’s potentially a lot of information,” Donald Black, chief spokesman for DIA, acknowledged in an interview with Declassified. But he said that material entered into the new database would be carefully reviewed—as regularly as every 90 days—to ensure that out-of-date, discredited, or irrelevant data on individuals would be destroyed if there was no longer a good reason to keep it.

More here.

ATM Security Flaws Could be a Jackpot for Hackers

Jom Finkle writes for Reuters:

Barnaby Jack, head of research at Seattle-based, security firm IOActive Labs, will demonstrate methods for "jackpotting" ATMs at the Black Hat security conference in Las Vegas that starts on July 28.

"ATMs are not as secure as we would like them to be," Jeff Moss, founder of the Black Hat conference and a member of President Obama's Homeland Security Advisory Council said. "Barnaby has a number of different attacks that make all the money come out."

Jack declined to discuss his techniques before the conference. The world's biggest ATM manufacturers include Diebold Inc and NCR Corp. Officials with those companies could not be reached for comment.

Banks may cringe when he speaks, fearing would-be crooks will adopt his methods. But Moss said that going public will raise awareness of the problem among ATM operators and prompt them to tighten security.

More here.

Hat-tip: techdirt.com

Thursday, June 24, 2010

700-Plus Credit Cards Stolen from Hotel Chain

Scott Mayerowitz writes on ABC News:

Computer hackers targeting travelers at luxury hotels across the country made off with hundreds of thousands of dollars during the past three months by breaking into the computer system of a national hotel chain and stealing the guests' credit card information, Texas police officials told ABC News today.

Destination Hotels & Resorts had its computer system hacked and the credit card data of more than 700 guests across the country was stolen, according to Austin, Texas, police. The Englewood, Colo., company manages more than 30 upscale hotels, resorts and conference centers in places such as Washington, D.C., Denver, San Diego, Santa Fe, Aspen, Colo., Los Angeles, Palm Springs, Calif., Houston and Lake Tahoe.

In Austin, more than three dozen guests and diners at the posh Driskill Hotel had their data stolen after spending a night there or eating at the hotel's two restaurants.

The police said the security hole has been fixed but that the unknown criminals had access to the data for months.

More here.

U.S. Senators Seek to Defuse Criticism of Cybersecurity Bill

A CongressDaily article by Chris Strohm, via NextGov.com, reports:

Senate Homeland Security and Governmental Affairs Committee Chairman Joe Lieberman, I-Conn., and ranking member Susan Collins, R-Maine, plan to fight back Thursday against criticism that their sweeping cybersecurity bill goes too far in allowing the government to shut down Internet services during emergencies.

The bill, which their committee plans to mark up Thursday, has come under fire in the blogosphere and from some privacy-rights advocates because it would give the president authority to declare a national cybersecurity emergency and take critical information technology systems offline in dire situations when no other option is available.

Under the bill, the emergency declaration could last for 30 days and then be renewed.

But Lieberman and Collins, along with Sen. Tom Carper, D-Del., another principal sponsor of the measure, plan to introduce a manager's amendment Thursday that would require a congressional resolution of approval if the president wants to impose emergency measures longer than 120 days.

The senators also issued a document Wednesday to counter what they said are myths being spread about their bill.

More here.

Wednesday, June 23, 2010

Mark Fiore: Lifestyles of The Rich & Fossil Fueled




More Mark Fiore brilliance.

Via The San Francisco Chronicle.

- ferg

Q&A Time

Tagged again by TBG here. Delayed a little – but well, I am on a vacation and I forgive myself ;).

Yes, and I do realize this month has been more of tags than blog posts :)!

Anyways, so I'm supposed to answer these questions, then make up my own ten questions for you and pass on the tag.
I learn quickly, and like TBG will let you answer the same questions. Please feel free to tag yourself – Let me know if you do – I’ll catch you on your blog!


1. What one material thing are you hoping/ scoping to inherit?
I would love to inherit a huge palatial house on a sea side – Pacific sounds great or even a castle somewhere in the Norwegian wilderness!

2. You're driving. It's great weather. Attractive member of opposite sex in expensive car looks at you and half-smiles. You're in a relationship. Do you return the look and half-smile back?
One, if I am driving I’d be too nervous to notice either the expensive car or the good looking hunk. Two, even if I did notice, in all probability the half-smile would be because either I am too slow or in the wrong lane! So no, I would not return the look or the smile, irrespective of my relationship status.

3. Can't smell or can't taste? For six months, and if you had to chose, would you rather lose your sense of smell or not be able to taste anything?
I would rather lose my sense of smell – It doesn’t matter. My food needs to taste good!

4. Pick a situation
a. You're 42. Would you rather go without sex for three years and win a lottery after that, enabling you to never have to work again? Or
b. Get twice the lottery money now (at 42) but have your partner sleep with your boss?
So option b is lame! Option A, if these were the only two choices with None of the above not being an alternative.

5. What's a quicker turn off, bad pronunciation or maroon lipstick?
I assume this question is to be answered by the guys.
If not, a guy with bad pronunciation would be a definite turn off, and a guy wearing maroon lipstick would be a revolt to my senses!

6. Would you rather your kid turn out to be a nymphomaniac or gay?(For my amusement, please answer in the format: I would rather my kid be ---)
I would rather my kid be confident, poised, sure of himself/herself and my support and backing irrespective of sexual preferences.

7. For which one thing have you not forgiven your mother?
For not going for regular cholesterol and other checkups.

8. Would you rather go bald or lose your front tooth?
Hmmppphhhh – Artificial dentures would be irritating – so I’d rather go bald and get a pretty wig!

9. Your sibling is sleeping with your married close friend. Who do you go to first, sibling or married close friend?
Though I would like to believe I have no right to interfere and that I would stick to that stance if this ever happened, but in a practical scenario, I think I would have a word with my sibling.

10. When was the last time you cried that wasn't while watching a movie?
It doesn’t take much to make me cry – I cry out of joy and sadness. I am quite your typical emotional fool :D


Phew! Am done. Your turn now!

Tuesday, June 22, 2010

Domain Registrars Push Back on Law Enforcement Changes

Kieren McCarthy writes on The Register:

The companies that sell domain names have pushed back on proposals made by law enforcement yesterday to change their contracts to make cybercrime more difficult.

Calling the proposals “policy by the back door”, the registrars complained to members of ICANN’s Board in Brussels that the Registrar Accreditation Agreement (RAA) should only be changed through the organization’s official policy-development process. And they asked for the Board’s help in making sure they weren’t used as the fall-guys for online crime.

In a main session yesterday at the ICANN meeting in Brussels, the international police, including the UK’s Serious Organised Crime Agency, argued for changes to the contract that defines what registrars are obliged to do, in an effort to make sure there were “mandatory minimum standards” in the registration of domain names.

But the registrars themselves feel that publicizing changes to their main contract without going through the proper processes put them into a defensive position and made their business environment difficult.

More here.

Cyber Cops Want Stronger Domain Rules

Kevin Murphy writes on The Register:

International police have called for stricter rules on domain name registration, to help them track down online crooks, warning the industry that if it does not self-regulate, governments could legislate.

The changes, which are still under discussion, would place more onerous requirements on ICANN-accredited domain name registrars, and would likely lead to an increase in the price of domains.

Here in Brussels at the 38th public meeting of ICANN, police from four agencies said that registrars need to crack down on criminals registering domains with phoney contact info.

Law enforcement has long argued that weaknesses in the domain name industry allow criminals such as fraudsters and child abusers to remain anonymous and evade the law.

More here.

Australia: Inquiry Calls for 'Cyber Czar', Compulsory Anti-Virus

Liz Tay writes on ITNews.com.au:

A parliamentary inquiry into cybercrime has recommended the Government appoint a Cyber Security Coordinator to lead whole-of-Government activities.

In a report presented to the Federal House of Representatives yesterday, the Standing Committee on Communications highlighted a need to consolidate Australian security efforts.

The Committee called for the establishment of an 'Office of Online Security', which would be located in the Department of Prime Minister and Cabinet and headed by the Cyber Security Coordinator.

Working with State and Territory governments, regulators, departments, industry and consumers, the Office would be tasked with bringing together the current "plethora" of Government organisations responsible for tackling cyber crime.

The Committee considered advice from Microsoft and the Australian Communications Consumer Action Network (ACCAN) in its Recommendation 3, which called for a Cyber Security Coordinator.

More here.

Monday, June 21, 2010

Domain Registrars Accused Of Supporting Online Criminals

Thomas Claburn writes on InformationWeek:

Even as ICANN CEO Rod Beckstrom on Monday called for greater international cooperation to secure the Internet's Domain Name System, a report issued by an independent security research group claims that ICANN-accredited Internet Registrars are violating their contracts with ICANN to support online criminals.

The Internet Corporation for Assigned Numbers and Names accredits Internet Registrars under specific contractual terms. Accredited Registrars in turn may sell domain names to companies and individuals.

The report [.pdf] published on Monday by KnujOn, which identifies itself as an independent Internet policy and security research group located in Boston and Vermont, claims that 162 of Internet Registrars may be violating their agreements with ICANN and that 80 of them are blocking access to WHOIS data about their customers.

The report singles out eNom, one of the largest sellers of Web addresses, for knowingly facilitating traffic in illegal pharmaceuticals online.

More here.

Thursday, June 17, 2010

Tagged (by TBG)

My first ever tag - tagged by TBG here.

Okay, so I'm supposed to mention 9 things that I've worn the most. These could be anything!

And, here I go:

1. My wedding ring - More than 3 years now, and it is on me almost always!

2. My pink flip flops - I am wearing them right now and wear them pretty much all the time I spend at home - Have owned them now for more than a year – and love them!

3. My plain black hair pins – Very rarely will I be seen without my hair pinned back ;). And if I tell you for how long I have been using hair pins, you will pretty much guess my age :D.

4. My favorite denim skirt – My parents bought this from a Numero Uno sale in CP when I was in Class X for my birthday! With each passing year I fall in love with it even more! (and yes, I still fit into it :p)

5. My blue jeans – basic Levi’s 584. Very comfortable for just about anywhere and everywhere. I have owned this one for more than 5 years now!

6. My favorite pair of earrings – and obviously the most worn pair ever! One of the just-after-wedding gifts from my hubby!

7. White capris/shorts – My first ever buy in the U.S of A at the American Eagle Outfitters store on the Third Street, Santa Monica, a couple of years back. And that’s not the only reason I like it so much. It’s convenient for most activities – walk, trek, trip to the theme parks, etc etc.

8. My only khaki skirt – Have owned this one now for almost three years now and whenever I have got the opportunity to wear skirts (which I don’t do much in Chennai) this one’s always on the top!

9. Last but not the least - My formal black trousers – I have this pair from Van Heusen that has been with me since my first ever job interview. It’s classy and neat at the same time. Team it up with any formal shirt and am ready to take it on :).

All those who read this, please consider yourself tagged and I am sure it will be fun reminiscing on all the treasured possessions over the years!

Tuesday, June 15, 2010

Krista Allen new gallery

Krista Allen new galleryKrista Allen Birthday April 5



Krista Allen new galleryKrista Allen resimleri



Krista Allen new galleryKrista Allen Birthday April 5



Krista Allen new galleryJust missed out on the Mother



Krista Allen new galleryMore about: Krista Allen



Krista Allen new galleryMore about: Krista Allen



Monday, June 14, 2010

The Sin City

Las Vegas has been on my list of must dos since a long time now, so when finally Vish and I got down to making the trip, I was super kicked!

Road trips are always fun in the US thanks to the wonderful infrastructure that provides for basic amenities that human beings would require on a travel – food and restrooms!

As we left balmy coastal California for one of largest deserts – Mojave in California, and of course Nevada itself - the change in scenery was prominent. The elegant palm trees gave way to stunted shrubs, cacti and prickles, as I learnt, white cotton wool over a blue spread covering the barren mountains also make a picturesque site.


After a 5 hour drive, the fabulous city of Vegas welcomed us. There was an unmistakable sense of excitement and abandoned gaiety (no pun intended) in the air. So I was at THE Entertainment Capital of the World – true to its word, the sin city offers everything it promises – glamour, glitz, gaming, fine dining and a truly high end shopping experience.


The Venetian is undoubtedly the classiest and the most happening (and Vish will add the most expensive :)) hotel I have ever stayed at. Everything about the hotel was awe-inspiring – beautifully done up scaffolding, the Grand Canal, the Gondola, Madame Tussauds, casinos – It took us a couple of hours just here!


I will not get into details of what the attractions at The Strip are – just about everything is available on the Internet and trust me when I say that all what they show in the movies – The Hangover, What happens in Vegas, and the many others IS absolutely true :D.

Vegas is, in many ways, the embodiment of what the big American dream means to most outsiders – fast money, instant gratification, an oasis in the middle of a desert, convenient morality, enabling anonymity – the chimera of the Midas touch.

It also, at multiple levels, exposes the shallowness of a whole civilization of people that most of us – across the world – represent. Short lived relationships, compromised solutions to problems we don’t even try to understand, complicated sensibilities, the rat race to own it all, the enchantment of the blinding neon lights fading into obliviousness in the reality of the day, the urge to risk it all in a gamble and the obsession to not let go, the irony of doing whatever it takes to get inside a limo and then rolling up the darkened window to avoid recognition.
We have learnt societal and political diplomacy – aren’t, so very often, our smiles and polite nothings as fake as the Eiffel Tower or the Statue of Liberty that adorn the Las Vegas boulevard?

Programming Note: Back in Estonia This Week

Tallinn, Estonia

Posting to the blog will probably light to almost non-existent next week, as I am traveling to Tallinn, Estonia, this week for the Estonian CERT (CERT-EE) meeting (among other things).

I'll try to post as the situation and time allows, but posting will probably not get back to normal until the weekend.

Cheers, and thanks for following.

- ferg

Sunday, June 13, 2010

In Passing: Jimmy Dean


Jimmy Dean
August 10, 1928 - June 13, 2010

Melyssa Ford top wallpapers

Melyssa Ford top wallpapersCelebridades>> melyssa ford>>



Melyssa Ford top wallpapersMore about: Melyssa Ford



Melyssa Ford top wallpapersvery sexy Melissa Ford aka



Melyssa Ford top wallpapersMore about: Melyssa Ford



Melyssa Ford top wallpapersvery sexy Melissa Ford aka



Melyssa Ford top wallpapersCelebridades>> melyssa ford>>



Friday, June 11, 2010

Brooke Burns top images

Brooke Burns top imagesBrooke Burns: I Almost Died



Brooke Burns top imagesBrooke Burns wallpaper



Brooke Burns top imagesBrooke Burns: I Almost Died



Brooke Burns top imagesBrooke Burns



Brooke Burns top imagesBrooke Burns wallpaper



Brooke Burns top imagesBrooke Burns - photo postée



Francine Dee images

Francine Dee imagesFrancine Dee Top Ten Model



Francine Dee imagesFrancine Dee Import Model



Francine Dee imagesFrancine Dee,J Fox,Jessica



Francine Dee imagesFrancine Dee at Halo in



Francine Dee imagesFrancine Dee Model



Francine Dee imagesFrancine Dee Babes



Meagan Good images 2010

Meagan Good images 2010Meagan Good Wallpaper #5



Meagan Good images 2010Lee's Movie Info - Meagan Good



Meagan Good images 2010meagan-good.jpg



Meagan Good images 2010Meagan Good se une al elenco



Meagan Good images 2010meagan good pictures



Meagan Good images 2010Her feet go down to death



3 Latvian Men to be Deported for Extortion Plot

An AP newswire article, via ABC Montana, reports:

Three Latvian men who pleaded guilty to receiving the proceeds of an extortion plot against a Great Falls investment firm will be deported.

U.S. District Judge Charles Lovell sentenced the men Thursday in Helena for their role in an attempt to extort $80,000 from Davidson Companies after the company's computer system was hacked into in late 2007 and early 2008.

Court records say a man demanded $80,000 in exchange for revealing security vulnerabilities and destroying any confidential information he obtained.

The Latvian men were charged with picking up wire transfers in the Netherlands and turning the money over to other people who purportedly were taking it to the suspected hacker, Robert Borko. The Latvian men have been in custody since February 2008. Borko remains at large.

Link.

Blu Cantrell desktop wallpapers HD

Blu Cantrell desktop wallpapers HDBlu Cantrell at the 79th



Blu Cantrell desktop wallpapers HDBlu Cantrell



Blu Cantrell desktop wallpapers HDBlu Cantrell Picture



Blu Cantrell desktop wallpapers HDWhich Disney Character R U!



Blu Cantrell desktop wallpapers HDListen to Blu Blu Cantrell



Blu Cantrell desktop wallpapers HDCUN Blu Cantrell.jpg



My Ping in TotalPing.com