Hacking & Security Flaws

I’ve read a lot about hacking and security flaws this week, culminating in yesterday’s issuance of a federal arrest warrant for Adrian Lamo, the hacker who breaks into sites and then calls their owner to help them fix the flaws. Seems that one of those “victims” didn’t take him up on his offer of help, and instead went to the FBI. It is believed to be the New York Times at the moment, but that has not been confirmed.

Other tales that caught my eye this week include the story of a whistleblower who ended up in jail for trying to report a serious security flaw in a system that promised its customers absolute security.

Then there were conflicting reports about the Romanian police’s capture of the person who launched another variant of the MS Blaster worm. On the subject of dealing with these kids that launch these attacks, a perhaps not very scientific survey of IT workers over some beers concluded that the solution for the teen arrested here in the US for launching MSBlaster-B was to “Fry him!”

Of course, we shouldn’t forget this week’s five new security flaws in the products from the world’s least secure software house, Microsoft. Amusing that the US Department of Homeland Security issues a warning about MS Blaster and, in the same month, decides to select MS products for its own servers.

It is not all bad news though. Earlier in the week police arrested a man who was registering misspelled domain names for things that kids might like, such as Teletubbies or Britney Spears, and then linking them to porn sites. Not one or two either, 3000 of these a year. Sadly, it seems that the maximum this sub-human person can spend in jail is 4 years; shame it can’t be 4 years for each domain name registered really.

Finally, there was a report that a new worm was attacking British Prime Minister Tony Blair’s website. It seems that this one overwrites text with the words “Infected by the WIN32.SORT-IT-OUT-BLAIR Virus!” can display a message accusing him of wasting money on immigrants (probably true) and also launches a denial of service against the 10 Downing Street website.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.