American Police Refused To Hand Over Hackers To France

While the American government requires that UK citizens are dragged into one of their courts to face sixty-year sentences, it looks like it is not even reluctant to hand over one of its own hackers over to a more sensible French court.

The US cyclist Floyd Landis had a go at cracking the PCs of the anti-doping lab that found him cheating during Tour de France 6 years ago. He was charged by the court in Paris, which heard how he and his former coach refused to show up in court. In addition, they both were helped by the government of the United States that refused to co-operate against the US hackers.

It turned out that Landis was similar to a UK hacker looking for UFOs or an Australian who published secret tapes of the US helicopter pilots who laughed as they gun down Reuters journalists. Anyway, the authorities seem to be reluctant to hand over American sporting heroes when they do the same sort of thing.

In fact, the French did have enough evidence to convict both Landis and Baker after a Trojan horse spy program was used 6 years ago to poke into the lab's servers to extract data about Landis' file, several months after he tested positive. After this, Landis admitted that he took drugs in his career. Meanwhile, the police explained that they couldn’t turn up who exactly ordered the hacking, thanks to the American authorities sitting on their hands. The data received during the hack was later used in an unsuccessful appeal to sports authorities. It was supposed to prove that Landis was clean and that the lab work was actually faulty. The court decided that Landis' role was limited to the knowledge that he had about the fraudulent origin of the laboratory data used by him and his defense team. The court also ruled that Landis knew that these lab results were really accurate, because he would admit 4 years later that he had taken drugs since 2002.

While Landis didn’t comment the trial, Baker insisted that the charges weren’t true. He said that he had nothing to do with any hacking and as far as he knew, the lab papers he received while serving as an expert consultant to the legal team were received in a legal way. He believes that everything is part of a plot to protect the laboratory, which appears to be a national French institution. As a result, they were both given a year's suspended sentences, which means that there’s probably nothing to worry about unless they ever commit another crime in this country again.

Big Hole Found In Apache

Security experts claim they’ve discovered a yet-to-be-patched vulnerability in the Apache HTTP server. The hole, according to their claims, allows hackers to access protected resources within the internal network. Due to the importance of the issue, Apache developers gathered a conference where they tried to decide how to fix the problem.

All you need for “goodnight Vienna” to happen on the internal network is for some rewrite rules not to be configured correctly. Right after this you can see hackers inside the server doing whatever they want. The big hole hits Apache installations operating in reverse proxy mode – that’s what is used for load balancing, caching and many other operations using multiple servers.

The matter is that while trying to set up Apache HTTPD to work as a reverse proxy, server administrators have to use some specialized modules, such as mod_proxy or mod_rewrite. That’s where it happens: if some rules aren’t determined properly, hackers are able to trick servers into performing unauthorized requests in order to access internal resources. In fact, the trouble has been around for a while, because the patch was released to fix something similar last month.

Nevertheless, after security experts reviewed the patch in question, they realized that it can be easily bypassed thanks to a bug in the procedure for Uniform Resource Identifier scheme stripping. In other words, you have to clearly understand what you are doing, since the fault was something to do with the part of Uniform Resource Identifier coming before the colon. So, if you haven’t mastered your colon, it can become a problem with your Apache server configuration.

As for Apache, they’ve had a discussion about the outlined issue and the problem was allocated to have a look at it. Today the developers aren’t sure what will be better to do with the discovered vulnerability – either to strengthen the earlier released patch in the server code so that it could reject requests of this type or make up something a bit heavier. The reason why they can’t agree on details is the suggestion made by some experts who believe that tinkering with one branch of the code may also have negative consequences. For example, this move can lead to opening another hole somewhere else.

Duqu Hackers Moved Operations Abroad

Hackers who developed the latest doomsday virus named Duqu seem to have moved their illegal operations to Belgium. This country, known for being the birthplace of French fries, and also the rudest word in any language, is reported to have become the new headquarters of operations for the software developers who created this malware.

The hackers have begun using a server located in Belgium in order to gather information stolen from the computers infected with the Duqu malware. This started after security experts closed down their operations in India. Thus far, virus called Duqu has nations and security observers in a panic, since it could become another big Internet threat after the Stuxnet virus, which is considered to have infected the nuclear program of Iran.

Worldwide-known security company Symantec claimed that its experts had identified a sample of Duqu virus, which was designed to communicate with a certain server at Combell, the biggest web-hosting organization in Belgium. Symantec explained that the company had already notified Combell that one of their servers had been used for malicious activity. Combell immediately shut down the website.

It was a couple weeks ago that Duqu first surfaced online. It was spotted by experts from the Hungary’s Laboratory of Cryptography and System Security. The scariest part about the virus was that the latter exploited a hole in Windows operating system and had code similar to Stuxnet malware. The industry observers believe that Duqu has been developed to help lay the groundwork for cyber attacks on important infrastructure like pipelines, power plants, or oil refineries.

One of the unnamed Combell employees admitted that the server in question had been running continuously for almost a week. It was leased through the end of October 2012. He also told local media that it looked fishy, as someone tracking the server appeared to be intentionally deleting information that would log details about its communications. Meanwhile, the mail log itself had virtually no entries, which means that the intruders keep deleting information not to leave traces.

Security experts also admit that when the hackers moved to Belgium, they went further and modified the original method used to communicate with the infected machines, which made it harder for the outfits to detect infected equipment based on previous communication patterns.

 

PayPal Gave FBI Details Of 1,000 Hackers

After the FBI raids against Anonymous members that were carried out a few weeks ago, some might wonder where exactly the police was getting the names and addresses of the hackers the FBI claimed to arrest. Now the answer seems to be close to us: it turned out that such information was included into the shopping list details provided to the FBI by PayPal.

According to the media reports, PayPal, the online financial entity, is no longer a friend of Anonymous, and is known for collecting a thousand of IP addresses of people noticed to carry out Anonymous' denial-of-service attacks against PayPal late last year.

Meanwhile, everyone who understands that a hacker must know at least some ways to mask their address before doing things like this will realize that the names on the provided list most likely appear the bottom feeding script kiddies. Considering that the FBI is trying to catch the high-profiles Anonymous leaders rather than average members, there are some doubts that the clever hackers won’t think about hiding their IP addresses first. Still, an FBI affidavit suggests that the authorities may have many more people to arrest.

According to one of the FBI agents, PayPal security department has been cooperating with the bureau since the beginning of December, a couple days after the online payment system froze WikiLeaks’ donation account, because it soon found out that the company website started receiving serious DDoS traffic.

The FBI agents started monitoring Anonymous press releases, and at the same time PayPal started collecting traffic logs on its intrusion prevention system that had been installed on its network. The online payment company provided the FBI a USB thumb drive with the traffic logs in question, which contained about one thousand of IP addresses sending malicious network packets to the service within the DDoS attacks. The FBI receives the IP addresses engaged in sending the largest number of packets coming from hackers. Those packets contained such strings as “Wikileaks” and “Goodnight”.

According to the media reports, the affidavit was offered in support of a search warrant for the house of a Texas couple and their son. Although the family hasn’t been charged yet, the house became the source of over 3,500 packets in about 2.5 hours.

Sony PSN Hacked Again; 100-M Users' Info Stolen

NEW YORK — Sony Corp has been hacked again, exposing more security issues for the company less than a month after intruders stole personal information from more than 100 million online user accounts.

A hacked page on a Sony website in Thailand directed users to a fake site posing as an Italian credit card company. The site was designed to steal information from customers, Internet security firm F-Secure disclosed on Friday.

It is the latest in a series of security headaches for Sony, which discovered in April hackers had broken into its PlayStation Network and stole data from more than 77 million accounts. On May 2, Sony disclosed hackers had also stolen data from about 25 million user accounts of the Sony Online Entertainment website, a PC-based games service.

The PlayStation attack, considered the biggest in Internet history, prompted the Japanese electronics giant to shut down its PlayStation Network and other services for close to a month.

"It's a Sony security issue," said Jennifer Kutz, a representative for F-Secure, referring to the fraudulent website.

The latest hacking, which the security company said occurred separately from the April attack, was reported just hours after Sony told customers of another breach on one of its units.

So-Net, the Internet service provider unit of Sony, alerted customers on Thursday that an intruder had broken into its system and stolen virtual points worth $1,225 from account holders.

Critics have slammed the company for not protecting its networks securely and then waiting up to a week before telling its customers of the attack and the possible theft of credit card information, prompting lawmakers and state attorneys general to launch investigations.

Security experts said they were not surprised that the electronics company has not yet fixed weaknesses in its massive global network. Earlier this week, Sony shut down one of its websites set up to help millions of users change their passwords after finding a security flaw.

"Sony is going through a pretty rigorous process and finding the holes to fill," said Josh Shaul, chief technology officer for computer security firm Application Security Inc.

"The hackers are going through the same process and they're putting their fingers in the holes faster than Sony can fill them."

"What we've done is stopped the So-Net points exchanges and told customers to change their passwords," So-Net said in a statement in Japanese to consumers.

About 100,000 yen ($1,225) was stolen from accounts that were attacked. The company said there was no evidence other accounts in the online system had been compromised.

"At this point in our investigations, we have not confirmed any data leakage. We have not found any sign of a possibility that a third party has obtained members' names, address, birth dates and phone numbers."

Security experts have told Reuters Sony's networks around the world remain vulnerable to attack.

Sony's string of security problems could be attracting more hackers to attack its networks.

"I think it's now 'I'm a hacker and I'm bored, let's go after Sony,'" Shaul said.

A Sony representative in the United States could not immediately be reached for comment.

Hackers Pick Up Where Facebook Privacy Leaves Off

LAS VEGAS--Hackers are weighing in on the Facebook privacy controversy with creations that help people strengthen privacy or empty profile pages at the world's leading social networking service.

American Civil Liberties Union (ACLU) technology fellow Chris Conley showed off an arsenal of such applications at the infamous DefCon gathering, which kicked off Friday in Las Vegas.

"They are needed because people don't have control of their privacy and don't really understand," Conley said after the presentation.

"They give people options."

A program written by Conley displays pictures, posts, or other profile data being accessed by applications at Facebook accounts. People can then see what personal information programs are gleaning from their pages.

News stories about privacy control issues at Facebook may slip people's minds by the time they sit down at their computers, but Conley's application grabs their attention with a winning subject -- themselves.

"People love to hear about themselves, that is the thing that Facebook is great at," said Ceren Ercen, who worked briefly for the California company and wore a T-shirt bearing the words "Disgruntled Facebook ex-employee."

"People don't have the attention spans to carry over concerns they have to actual Facebook usage." Ercen added that during her brief stint at Facebook she had "serious problems" regarding the privacy of users and that she wasn't alone.

Applications shared by Conley included a software tool that helps people change Facebook privacy settings using simple color coding to demystify the process.

Other programs let people pack-up Facebook profile data in order to take it elsewhere or stop the social-networking service getting automated feedback about where members go elsewhere on the Internet.

"The long-term goal is they should become obsolete because Facebook has addressed this in some way," Conley said. "We would like Facebook to be doing this."

Conley's application, available online, at dotrights.org has been used by 150,000 people.

"I think people don't see the real potential damage of their information going out the door," a DefCon veteran who asked not to be named said after attending Conley's presentation.

Facebook this week launched a Web page devoted to staying safe on the Internet.

The "Safety Page" highlights news and initiatives focused on ways people can keep data secure at the social-networking community.

The new page augments a virtual Safety Center that Facebook introduced in April and was based on a "security page" that boasted more than 2.2 million "fans."

The number of people using Facebook recently topped the 500 million mark, meaning one in every 14 people on the planet has now signed up to the social network.

The launch of the Safety Page came in the wake of demands by the ACLU and other privacy activists and governments that Facebook give users more control over the use of their personal data.

A coalition of privacy groups, in an open letter to Facebook co-founder and chief executive Mark Zuckerberg last month, welcomed the social network's recent overhaul of its privacy controls but said additional steps were needed.