Security Incidents of This Week (weekly)

• VoIP hacker sentenced to 10 years

  A Venezuelan citizen on Friday was sentenced to 10 years in US federal prison for hacking into the networks of telecommunications companies and then routing millions of minutes of voice over IP calls over their systems.
  
  Edwin Andres Pena, 27, admitted in February that he pocketed more than $1m in the scam, in which he posed as a legitimate reseller of long-distance calling services. By scanning networks of AT&T and other companies, Pena was able to identify unprotected ports through which he could transmit more than 10 million minutes of unauthorized calls.

  tags: SecurityIncident Phones

• Un cannone orbitale contro i siti delle major

  è tuttora reperibile in rete il software LOIC (Low Orbit Ion Cannon) che permette facilmente di saturare di richieste i siti oggetto dell'attacco sino a renderli irraggiungibili.

  tags: SecurityIncident DoS

• 4chan invades Tea Party website • The Register

  Website vulnerabilities on the official teaparty.org website allowed pranksters to divert surfers landing on the photo section of the site to smut and shock sites.

  tags: SecurityIncident Defacement

• Tea Party website 4Channed - Boing Boing

  tags: SecurityIncident Defacement

• OnMouseOver XSS Vulnerability on Twitter | PandaLabs Blog

  tags: SecurityIncident Vulnerable XSS

• SCADA worm a 'nation state search-and-destroy weapon' • The Register

  A highly sophisticated computer worm that has burrowed into industrial systems worldwide over the past year may have been a “search-and-destroy weapon” built to take out Iran's Bushehr nuclear reactor, according to news reports published on Tuesday.

  tags: SecurityIncident malware Politics

• AES Encryption Flaw Exposes ASP.NET Sites -- Visual Studio Magazine

  tags: SecurityIncident Vulnerable

• US-CERT Technical Cyber Security Alert TA10-263A -- Adobe Flash Vulnerabilities

  If a user opens specially crafted Flash content, a remote attacker may be able to execute arbitrary code.

  tags: SecurityIncident Vulnerable

• Interpol Chief Ronald K. Noble Has Facebook Identity Stolen

  tags: SecurityIncident

• Swedish far-right party defaced on eve of general election

  tags: SecurityIncident Defacement Politics

• Parliamentary website hacked | The National Business Review - New Zealand - business, markets, finance, politics, property, technology and more

  The government-funded Parliament TV on Demand (inthehouse.co.nz) website was defaced over the weekend by Turkish hacker Iskorpitx - or possibly a copycat.
  
  The cyber-vandal has a long history of compromising a website's server, then replacing its contents with his own "graffiti" - sometime political, but usually just showing off his own talents. But software is also readily available that automates the process of finding a website then exploiting a vulnerability, and it's equally likely the attack was initiated by a no-name "script kiddie".
  
  In Parliament TV's case, the site has been madeover with an animated flag, and the cheery, Borat-ish message: "best regards to all world".
  
  At least one observer was not amused.
  
  "This is serious. Where is our cyber-protection?" asked a Beehive insider who tipped off NBR at 10.30pm last night. "Where's the certification?"
  
  The site came back online late Monday morning.

  tags: SecurityIncident Defacement Politics

• Un miliardo di furti digitali E i ladri sono accanto a noi

  La metà delle violazioni dei dati (48% del totale) è causata da soggetti che hanno impiegato in modo non autorizzato i propri diritti di accesso alle informazioni aziendali per scopi illeciti.

  tags: SecurityIncident Italy

• Epic failures: 11 infamous software bugs |

  tags: SecurityIncident Testing Bugs

• Under attack: 4,300 Indian websites defaced in H1 2010

  tags: SecurityIncident Defacement

Posted from Diigo. The rest of my favorite links are here.