“We are alerting all government agencies to review and improve security of their websites in view of the hacking of the website this afternoon,” presidential spokesman Herminio Coloma said.

“We are adopting best practices to lessen the vulnerability of our websites to hacking and other cyber crimes,” Coloma said.

The information agency website was inaccessible for several hours in the afternoon with the words “Hacked by 7z1″ appearing if searched on Google.

Coloma did not say whether the hacker attack was related to widespread public anger in Hong Kong over police bungling of a hostage crisis that left eight tourists dead on Monday.

Full Story: Yahoo PH

Hackers are using tales of dead celebrities to build out Zeus botnets by duping users into compromising their own PCs, security experts said today.

The list of celebrities, actors and singers for the most part, with an occasional sports star tossed in, range from Jennifer Anniston and Tom Cruise to Kanye West and Jay Z, said Symantec.

According to the spam that carries the malware, the personalities perished along with 34 others when their aircraft crashed into a mountainside during a landing. Later, the hackers changed the campaign to claim that the celebs were killed in car accidents.

Full Story: Computer World (UK)

Some of the world’s most popular Windows programs are vulnerable to attacks that exploit a major bug in the way they load critical code libraries, according to sites tracking attack code.

Among the Windows applications that are vulnerable to exploits that many have dubbed “DLL load hijacking” are the Firefox, Chrome, Safari and Opera browsers; Microsoft’s Word 2007; Adobe’s Photoshop; Skype; and the uTorrent BitTorrent client.

“Fast and furious, incredibly fast,” said Andrew Storms, director of security operations for nCircle Security, referring to the pace of postings of exploits that target the vulnerability in Windows software. Called “DLL load hijacking” by some, the exploits are dubbed “binary planting” by others.

On Monday, Microsoft confirmed reports of unpatched vulnerabilities in a large number of Windows programs, then published a tool it said would block known attacks. The flaws stem from the way many Windows applications call code libraries — dubbed “dynamic-link library,” or “DLL” — that give hackers wiggle room they can exploit by tricking an application into loading a malicious file with the same name as a required DLL.

Full Story: Computer World

Of all the mods/hacks I’ve seen, this is both the most ingenious and somewhat scary. A pair of bored yet crafty American (not Dutch!) fellows took a retired Army Drone and re-deployed it with a new, lesser violent mission — to sniff for WiFi networks. Controlling the drone only needs human intervention for takeoff and landing. Once up in the air, pre-plotted routes using Google Earth keep the plane on it’s dedicated route.

Inside the drone, the downward facing WiFi antenna located in the nose is good for ~1,000sq. ft. of coverage at 400 feet up. After said wireless signals are sniffed and an appropriate network found, the drone will then automatically circle the area and continue feeding network packets back to hacker HQ, from which the hacking pair can eventually break into the network. And to think, they could be on the other side of the world as the drone. Again, awesome in implementation, scary in regards to potential scenarios.

Full Story: Gadgetsteria

They combined the Zeus malware with exploit toolkits to remain undetected by anti-fraud systems, M86 Security Labs has discovered. Once the victim’s system had been infected and they entered their online banking service, Zeus v3 was able to initiate transfers from user accounts to the criminal masterminds.

Money mules were used to support the operation, as legitimate bank account holders were duped into becoming unsuspecting middlemen, helping transfer funds for the cyber criminals.

Full Story: IT Pro (UK)

BEIJING, CHINA – Although cyber attacks have been frequently reported across the mainland, China is not home to a vast web of malicious hackers, as many attacks here originate from countries overseas, according to analysts.

“It is very complicated to locate an original attack”, said a participant at the 9th Xcon conference, an annual gathering of senior cyber security analysts in Beijing.

Internet security threats are on the rise and public awareness of hacking has increased.

In 2009, for example, 75 percent of global companies experienced severe cyber attacks totaling individual losses of at least $2 million, according to Symantec’s 2010 report.

Complicating matters for the Chinese government, there have been fervent claims by websites and search engines worldwide – from Google to Optus to the official website of the Republic of Korea – that they have been victimized by Chinese attackers.

Full Story: Asia One

One visit to a booby-trapped website could direct attackers to a person’s home, a security expert has shown.

The attack, thought up by hacker Samy Kamkar, exploits shortcomings in many routers to find out a key identification number.

It uses this number and widely available net tools to find out where a router is located.

Demonstrating the attack, Mr Kamkar located one router to within nine metres of its real world position.

‘Creepy’ attack

Many people go online via a router and typically only the computer directly connected to the device can interrogate it for ID information.

However, Mr Kamkar found a way to booby-trap a webpage via a browser so the request for the ID information looks like it is coming from the PC on which that page is being viewed.

He then coupled the ID information, known as a MAC address, with a geo-location feature of the Firefox web browser. This interrogates a Google database created when its cars were carrying out surveys for its Street View service.

Full Story: BBC News

Many of the hacking tools are inexpensive, highly customizable, and easy to use. Most of the early users of the malware products have sought to steal has been from from online gaming accounts inside China. But now experts are seeing much broader use of such tools.

Hackers in China are developing malicious software “almost like a commercial product”, said Val Smith founder of Attack Research, a Los Alamos, N.M.-based security firm. The products come complete with version numbers, product advertising, end-user license agreements and 24-hour support services, he said.

Full Story: PC World

LAS VEGAS — A security researcher created a cell phone base station that tricks cell phones into routing their outbound calls through his device, allowing someone to intercept even encrypted calls in the clear.

The device tricks the phones into disabling encryption and records call details and content before they’re routed on their proper way through voice-over-IP.

The low-cost, home-brewed device, developed by researcher Chris Paget, mimics more expensive devices already used by intelligence and law enforcement agencies – called IMSI catchers – that can capture phone ID data and content. The devices essentially spoof a legitimate GSM tower and entice cell phones to send them data by emitting a signal that’s stronger than legitimate towers in the area.

“If you have the ability to deliver a reasonably strong signal, then those around are owned,” Paget said.

Paget’s system costs only about $1,500, as opposed to several hundreds of thousands for professional products. Most of the price is for the laptop he used to operate the system.

Doing this kind of interception “used to be a million dollars, now you can do it with a thousand times less cost,” Paget said during a press conference after his attack. “If it’s $1,500, it’s just beyond the range that people can start buying them for themselves and listening in on their neighbors.”

Full Story: Wired

Whose fault is this paradigm shift toward Linux as an accepted data center-capable OS? The adopters, like you, are somewhat to blame. The media takes partial blame for providing “air time” to Linux and associated open source technologies. The big vendors like Citrix, IBM, Oracle and VMware carry much guilt, too. But, the biggest culprits of all, including Linus Torvalds, are the Linux developers. Their vision has put Linux into every large data center in the world.

Full Story: Enterprise Networking Planet

Hackers have built a computer virus that attacks Siemens AG’s widely used industrial control systems, creating malicious software that analysts said can be used for espionage and sabotage.

The German company said the malware is a Trojan worm dubbed Stuxnet that spreads via infected USB thumb drives, exploiting a yet-to-be-patched vulnerability in Microsoft Corp’s Windows operating system.

“Just viewing the contents of the USB stick can activate the Trojan,” said Siemens spokesman Alexander Machowetz. “Siemens recommends avoiding the use of a USB stick.”

Siemens first learned of the problem on July 14, he said.

Stuxnet is among the first to surface that attacks software programs that run Supervisory Control and Data Acquisition, or SCADA, systems. Such systems are used to monitor automated plants — from food and chemical facilities to power generators.

Full Story: Reuters

Hackers have attacked 25,000 PCs affected by the Windows Help and Support Center zero-day vulnerability, patched yesterday. According to a post on the Microsoft Malware Protection Centre (MMPC) blog, the attacks on infected systems accelerated significantly after the company announced that it would be patching the vulnerability in this month’s MS10-042 bulletin.

Writing on the MMPC blog, Holly Stewart wrote: “Early on, we saw attackers incorporate code to single out Windows XP targets, but more recently the attackers have been less discriminant, attempting this attack on a variety of operating systems.”

She said that the hackers had primarily targeted computers in Portugal and Russia, but that the UK had seen the most number of increased attacks on computer systems running Windows XP.

Full Story: IT Pro Portal

According to security researcher Craig Heffner, about half the existing models of home routers, including most Linksys, Dell, and Verizon, are vulnerable to being hacked.

The hack relies on tricking people to visit a malicious website. From that point on, the router itself can be hijacked and the poor user redirected pretty much anywhere the hacker wants them to go.

The hack relies on a hack known as “DNS rebinding,” something that has been around for nearly 15 years: The hack exploits an element of the Domain Name System, or DNS, the Internet’s method of converting Web page names into IP address numbers. (When you visit Google.com, for instance, a domain name server might convert that name into the IP address 72.14.204.147.) Modern browsers have safeguards that prevent sites from accessing any information that’s not at their registered IP address.

Full Story: ZDNet