Two-bit Thief Goes All “Mission: Impossible”

A white bank robber used a “Hollywood-quality” mask to disguise himself as a black man.  This allowed him to hit four banks in under three hours, while cops were out there looking for a black guy:

“Authorities say 30-year-old Conrad Zdzierak would rob the banks in a high-quality mask, then take it off as he drove to his next robbery target…His mistake? He never disguised his car.”

Reminds me of a Mission: Impossible episode where a guy who “practically invented the mask” is able to get in and out of a prison cell to frame Jim, God rest his soul.

Use McAfee? Computer Crashed?

If you’re one of the many computer users who’ve experienced a computer crash (with perpetual reboot) because of McAfee’s latest update (and screw up), here’s an article you might want to read.  It will tell you why it happened, how it happened, and what you need to do fix it.

If you haven’t experienced the crash, chances are you’re not using Windows XP SP3 with VirusScan 8.7, the newest version.

The snafu was blamed on rapid turnover: the pressure to release virus signatures as fast as possible meant shortcuts in QA, which would have picked up on the problem.

Photocopier Breaches Gaining Wind?

Well, it’s old news, but it looks like CBS may have triggered something of a national obsession.  After an expose of digital photocopiers and the amount of sensitive data that can be found on those machines, a CBS affiliate has carried out the same experiment with pretty much the same results:

No surprise that they found something. A lot of somethings. This time the sensitive documents were from a Tommy Bahamas chain restaurant in Scottsdale. They pulled names and Social Security numbers of all their employees and copies of payroll and traveler’s checks.

Basically, the story is going to be the same anywhere: old photocopiers don’t exist anymore, most are modern digital ones, and every single one of those have a hard drive, just like a computer.

Google China Attack Hit GOOG´s Password System

The Chinese hacker attack on Google last January hit the search company’s crown jewels: Gaia, Google’s “password system that controls access by millions of users worldwide to almost all of the company’s Web services, including e-mail and business applications.”  Click the link to read the NYT’s story.

What gets me the most is that the entire thing started because a Google engineer clicked a poisoned link:

The theft began with an instant message sent to a Google employee in China who was using Microsoft’s Messenger program, according to the person with knowledge of the internal inquiry, who spoke on the condition that he not be identified.

By clicking on a link and connecting to a “poisoned” Web site, the employee inadvertently permitted the intruders to gain access to his (or her) personal computer and then to the computers of a critical group of software developers at Google’s headquarters in Mountain View, Calif. Ultimately, the intruders were able to gain control of a software repository used by the development team.

Obviously Microsoft had nothing to do with anything, but there must be a poetic something-or-other involved here.

Tattooing Passwords For Medical Devices?

An interesting idea.  Pacemakers pose something of a risk because some of them can be hacked wirelessly.  This means that such pacemakers require some kind of password to protect them (for example, to stop a hacker from having the pacemaker go haywire).  But how to maintain the password?

An interesting idea is to have it tattooed to the patient’s skin.  The password will only show up when shined with a UV light:

By tattooing passwords onto patients with ink that can only be seen under a UV light, doctors would have an easily accessible password in case of an emergency and patients would have an additional layer of security protecting their medical gadgets.

The idea certainly isn’t perfect nor is it being put into use yet—after all, the whole issue of how to handle password changes still hasn’t been resolved—but it’s good to see that research is being done for the sake of protecting medically necessary technology.

Well, sure, there’s that.  But there’s another problem as well: what if a hacker decides to go hardcore in cracking the password, brute-forcing it? (It’s one of the ways hackers try to get past laptop encryption).  That would really run down the battery life on the pacemaker….

Trojan Reveals Your Hentai Addiction

According to Gizmodo.com, a new trojan is making the rounds that will blackmail you for $15.  Don’t pay and the trojan will reveal the fact that you went to Winni, supposedly a popular Japanese file-sharing site:

The trojan presents itself as the game’s registration screen, only to turn around and publish your personal details, along with a screenshot of your browser’s history, on the internet. Scrubbing your seedy details from the web—the same one searched by your grandmother, your boss, and your prospective fiance’s parents—requires the payment of a 1500 yen ransom, about $15.

Hm.  That kind of reminds a story where people who pirated a game found screenshots of their desktops aired on the internet.

While the advice given by Gizmodo is to clear your cookies and histories right now, doesn’t the trojan already know you downloaded some weird game?

Plus, does it matter?  How are people going to know my freaky history from some other person’s freaky history?  It’s not as if my name is listed anywhere….

BofA Tech Pleads Guilty, $167,000 Recovered

As covered before, a Bank of America employee hacked ATMs to dispense money without recording the transaction.  He has plead guilty to the scam and to creating the code for it.

It was previously believed that the loss of money was related to a East European virus.

The Secret Service recovered $167,000 in cash.  Which makes sense.  I mean, ATMs don’t dispense IOUs, right?

3D Anti-Terrorist Action: Beware of Trojan’ed Game

Some people who downloaded the mobile game “3D Anti-terrorist action” have found to their chagrin that it surreptitiously makes calls overseas:

A number of owners of Windows Mobile phones are reporting online that their cellphones have been making pricey calls to numbers to a variety of destinations including the Dominican Republic, Somalia and Sao Tome and Principe, without their permission.

What the victims all appear to have in common is that they installed the same game to their Windows Mobile phone.

Apparently, some Russian hacker has compromised a particular (but legitimate) game with a trojan, then uploaded it again to download sites.  Like those 1-900 numbers in the US, that are for pay, the hacker makes money when people call his appointed numbers.

If you’re downloading, make sure you’re downloading from a legitimate site.

Australian Firms’ Data Breaches Cost 2 Mill AUS

Data breaches in Australia cost, on average, $2  million (Australian, of course).  The most expensive one cost $4 million to clean up.  The research is based on 16 companies, so it needs to be taken with caveat.  However, it shouldn’t be surprising that these things cost a lot of money.

Learn more here.

A Hundred Grand Stolen From A Town?

The Illinois town of Village of Summit (man, that’s a cool name.  Hard to find prepositions in names) has lost $100,000 to cyber thieves:

According to Rivera, the theft took place Mar. 11, when her assistant went to log in to the town’s account atBridgeview Bank. When the assistant submitted the credentials to the bank’s site, she was redirected to a page telling her that the bank’s site was experiencing technical difficulties. What she couldn’t have known was that the thieves were stalling her so that they could use the credentials she’d supplied to create their own interactive session with the town’s bank account.

Stories like these are occurring more and more often.  Gotta love Krebs.  He used to be with the Washington Post; now he’s doing his own thing.  Visit his page for more news.