Threat Level: green Handler on Duty: Daniel Wesemann

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Onboard Computers Subject to Attack?

Published: 2010-05-15
Last Updated: 2010-05-15 12:23:44 UTC
by Deborah Hale (Version: 1)
11 comment(s)

New Scientist has an article online titled New cars vulnerable to malicious attacks.  The article states that 2 researchers have used the a socket under the dashboard to plug a laptop into.  Using the laptop they were able to control various controls on the car.  As the article states it would be difficult to use this method.  I think the driver would notice a laptop connected to their dashboard.  However, imagine the possibilities if some device plugged into the socket allowed wireless control of the control systems.  Again probably still difficult to do but things thought to be impossible are cracked everyday.  As an owner of one of these new vehicles with all the computer controlled gadgets it is a scary thought for me.  Hopefully, the automakers will solve this potential security problem before someone does successfully take advantage of it and use it for malicious purposes. Imagine an out of control freight train or 18 wheeler heading straight at you because some terrorist or other knot head overrides the computer control system.  

In these days of high tech gadgets with computer control of everything from cell phones to automobiles to 18 wheelers to Train Engines,  it is time for everyone to take Computer/Data Security seriously.  

www.newscientist.com/article/dn18901-modern-cars-vulnerable-to-malicious-hacks.html

 Thanks to our reader Adam for bringing this to our attention.

 

Deb Hale Long Lines, LLC

11 comment(s)

Google Acknowledges Grabbing Personal Data

Published: 2010-05-15
Last Updated: 2010-05-15 02:49:26 UTC
by Deborah Hale (Version: 1)
5 comment(s)

It appears that Google, Inc has had a lapse in judgment for the last 4 years and has been scooping up snippets of personal data from open WiFi networks.  Google has acknowledged that they have indeed done the captures.  Google has issued a public apology and state that none of the information has made it to their search engines or other services.  According to the article:

"Google characterized its collection of snippets from e-mails and Web surfing done on public Wi-Fi networks as a mistake, and said it has taken steps to avoid a recurrence. About 600 gigabytes of data was taken off of the Wi-Fi networks in more than 30 countries, including the U.S. Google plans to delete it all as soon as it gains clearance from government authorities."

finance.yahoo.com/news/Google-grabs-personal-info-apf-2162289993.html

It looks like Google, Inc has some explaining to do.

Deb Hale Long Lines, LLC

Keywords: Google WiFi
5 comment(s)

Phony Phone Scam

Published: 2010-05-15
Last Updated: 2010-05-15 02:36:11 UTC
by Deborah Hale (Version: 1)
0 comment(s)

The FBI and their partner organizations have issued a warning to consumers in the US that a new phone scam has appeared.  This scam is basically a telephone denial of service attack that is being used to distract the receiver of the calls from a much more important problem.  The article states:

"The scheme is known as telephony denial-of–service (TDOS) and according to several telecommunications companies working with the FBI, there has been a recent surge of these attacks in the past few weeks. The perpetrators are suspected of using automated dialing programs and multiple accounts to overwhelm the land and cell phone lines of their victims with thousands of calls.

When the calls are answered, the victim may hear anything from dead air (nothing on the other end), an innocuous recorded message, an advertisement, or even a telephone sex menu! The calls are typically short in duration but so numerous that victims have had to have their numbers changed to make the calls stop. 

The FBI has determined that these calls serve as a diversionary technique. During these TDOS attacks, online trading and other money management accounts are being accessed by the perpetrators who are transferring funds out of those accounts. The perpetrators will obtain account information of their victims in some way and then contact the financial institutions to change their victims’ profile information such as email addresses, telephone numbers and bank account numbers.

The purpose of the malicious phone calls is to occupy the victim phone numbers on record with the financial institutions managing the accounts so that when the institutions contact the victim to verify the changes and transactions, the institution is unable to reach the victim. Consequently, the victim has no idea what has really transpired until it’s too late."

You can see the full article at the NJToday website. 

njtoday.net/2010/05/12/phony-phone-calls-distract-consumers-from-genuine-theft-%E2%80%94-fbi-partners-warn-public/

The article warns the receiver of any of these types of calls to be hyper vigilant and keep an eye on all of your personal finances, accounts and make sure that you take advantage of the right to your free credit report annually.  All of us should take this advice to heart whether or not you are receiving these harassing calls.

Deb Hale Long Lines, LLC

Keywords: telephone scam
0 comment(s)
Diary Archives