tricky

Phishing by altering the bank’s server

From Computerworld‘s “Florida banks hacked in new spoofing attack“:

Three Florida banks have had their Web sites compromised by hackers in an attack that security experts are calling the first of its type.

Earlier this month, attackers were able to hack servers run by the Internet service provider that hosted the three banks’ Web sites. They then redirected traffic from the legitimate Web sites to a bogus server, designed to resemble the banking sites, according to Bob Breeden, special agent supervisor with the Florida Department of Law Enforcement’s Computer Crime Center.

Users were then asked to enter credit card numbers, PINs and other types of sensitive information, he said.

According to Breeden, the affected banks are Premier Bank, Wakulla Bank and Capital City Bank, all small, regional banks based in Florida.

This attack was similar to phishing attacks that are commonly used against online commerce sites, but in this case hackers had actually made changes to legitimate Web sites, making the scam much harder for regular users to detect.

… Though Breeden said the scam was operational for only “a matter of hours” and probably affected fewer than 20 banking customers, the technique appeared to be very effective at extracting sensitive information.

Phishing by altering the bank’s server Read More »

Hear someone typing & know what was written

From Edward Felten’s “Acoustic Snooping on Typed Information“:

Li Zhuang, Feng Zhou, and Doug Tygar have an interesting new paper showing that if you have an audio recording of somebody typing on an ordinary computer keyboard for fifteen minutes or so, you can figure out everything they typed. The idea is that different keys tend to make slightly different sounds, and although you don’t know in advance which keys make which sounds, you can use machine learning to figure that out, assuming that the person is mostly typing English text. (Presumably it would work for other languages too.) …

The algorithm works in three basic stages. First, it isolates the sound of each individual keystroke. Second, it takes all of the recorded keystrokes and puts them into about fifty categories, where the keystrokes within each category sound very similar. Third, it uses fancy machine learning methods to recover the sequence of characters typed, under the assumption that the sequence has the statistical characteristics of English text. …

The only advantage you have is that English text has persistent regularities. For example, the two-letter sequence “th” is much more common that “rq”, and the word “the” is much more common than “xprld”. This turns out to be enough for modern machine learning methods to do the job, despite the difficulties I described in the previous paragraph. The recovered text gets about 95% of the characters right, and about 90% of the words. It’s quite readable.

Hear someone typing & know what was written Read More »

The secret plans of Libertarians revealed

From The New York Times‘ “1 Cafe, 1 Gas Station, 2 Roads: America’s Emptiest County“:

At last count (by Sheriff Hopper toting it up in his head), 16 people make Mentone their home and 55 others are spread throughout the rest of Loving County’s 645 square miles of parched, salty West Texas grassland and rattlesnakes — about one person for every nine square miles. …

Yet it is modest enough, as a plaque outside the courthouse confesses: “Mentone has no water system (water is hauled in) nor does it have a bank, doctor, hospital, newspaper, lawyer, civic club or cemetery.”

And since Mentone is the only town, neither does Loving County.

What it does have is the Boot Track Café (open mornings), a post office, a gas station and the yellow Deco two-story courthouse. There are two roads. There is no operating church, although the county’s oldest building, a 1910 schoolhouse, is open for nondenominational worship. Seven children ride a school bus 33 miles to Wink in the next county.

… The material described the plans of a Libertarian faction in its own words “to win most of the elected offices in the county administration” and “restore to freedom” Loving County. The blueprint, called “Restoring Loving County,” said that land was hard to come by but that a ranch had been split up and members were in the process of buying sections.

“The people who are living there will be able to register to vote,” it said. “They must swear that they intend to make Loving their home.”

The goal, said an e-mail message attributed to a group member, was to move in enough Libertarians “to control the local government and remove oppressive regulations (such as planning and zoning, and building code requirements) and stop enforcement of laws prohibiting victimless acts among consenting adults such as dueling, gambling, incest, price-gouging, cannibalism and drug handling.”

The secret plans of Libertarians revealed Read More »

A brief history of backdoors

From Network Magazine:

Ken Thompson, a designer of the Unix OS, explained his magic password, a password that once allowed him to log in as any user on any Unix system, during his award acceptance speech at the Association for Computing Machinery (ACM) meeting in 1984. Thompson had included a backdoor in the password checking function that gets included in the login program. The backdoor would get installed in new versions of the Unix system because the compiler had Trojan Horse code that propagated the backdoor code to new versions of the compiler. Thompson’s magic password is the best known, and most complex in distribution, backdoor code.

A brief history of backdoors Read More »