Apparently the Chinese have decided they can do better on computer security (via Schneier). They are using linux. You can download your own copy if you don’t mind being seen as a cyberwar threat.
China has developed more secure operating software for its tens of millions of computers and is already installing it on government and military systems… The secure operating system, known as Kylin, was disclosed to Congress during recent hearings… U.S. offensive cyberwar capabilities have been focused on getting into Chinese government and military computers outfitted with less secure operating systems like those made by Microsoft Corp.
The Oyster card — used by public-transit systems all over the world — has been thoroughly hacked, now remotely.
At the IEEE Symposium on Security and Privacy… researchers from Radboud University, in the Netherlands, will demonstrate a new, even easier… attack, which requires only a cheap, off-the-shelf card reader and an ordinary computer… can pull sensitive data out of a card in less than a second – even if the attacker has no physical access to the card… The researchers use an off-the-shelf reader to make a series of strategic requests of a card. As the card tries to determine whether it should trust the reader, it inadvertently reveals enough information for the attacker to guess the correct secret key.
Commercial businesses that store data (and governments too) have got to recognise that there are attendant responsibilities.
Hackers… broke into a Virginia state Web site used by pharmacists to track prescription drug abuse. They deleted records on more than 8 million patients and replaced the site’s homepage with a ransom note demanding $10 million for the return of the records, according to a posting on Wikileaks.org, an online clearinghouse for leaked documents.
“I have your shit! In *my* possession, right now, are 8,257,378 patient records and a total of 35,548,087 prescriptions. Also, I made an encrypted backup and deleted the original. Unfortunately for Virginia, their backups seem to have gone missing, too. Uhoh :(For $10 million, I will gladly send along the password.”
The United Kingdom’s MI6 agency acknowledged this week that in 2006 it had to scrap a multi-million-dollar undercover drug operation after an agent left a memory stick filled with top-secret data on a transit coach.
Schneier: the botnet wars are heating up, and botnet designers would rather destroy their networks than have them fall into “enemy” hands…
Roman Hüssy, a 21-year-old Swiss information technology expert, who last month witnessed a collection of more than 100,000 hacked Microsoft Windows systems tearing themselves apart at the command of their cyber criminal overlords.
Somewhat muddled thinking on the national security implications of cyber security. Lots of people think they could help, for a cut of the federal budget.
Good analysis of an April incident in which fibre connections were cut by unknown parties.
Just after midnight on Thursday, April 9, unidentified attackers climbed down four manholes serving the Northern California city of Morgan Hill and cut eight fiber cables in what appears to have been an organized attack on the electronic infrastructure of an American city… The city of Morgan Hill and parts of three counties lost 911 service, cellular mobile telephone communications, land-line telephone, DSL internet and private networks, central station fire and burglar alarms, ATMs, credit card terminals, and monitoring of critical utilities… Cell phones failed. Cellular towers can not, in general, connect phone calls on their own… networks depend on outside services to match host names to network addresses, and thus stop operating the moment they are disconnected from the internet…
The Chinese bot network meme.
A vast electronic spying operation has infiltrated computers and has stolen documents from at least 1,295 computers in 103 countries, including many belonging to embassies, foreign ministries and other government offices… researchers, who have a record of detecting computer espionage, said they believed that in addition to the spying on the Dalai Lama, the system, which they called GhostNet, was focused on the governments of South Asian and Southeast Asian countries… The researchers were able to monitor the commands given to infected computers and to see the names of documents retrieved by the spies, but in most cases the contents of the stolen files have not been determined… Although the Canadian researchers said that most of the computers behind the spying were in China, they cautioned against concluding that China’s government was involved.