This afternoon, the hacking collective known as Lulzsec announced that after 50 days of lulz, that they were hanging up their boots. In many respects, the decision would almost guarantee that the organization would vanish, despite attempts to identify or apprehend the members. Many people within the security community and beyond promptly tweeted the announcement, and responses on IRC and social media ranged from jubilance and relief, through shock, disbelief, and rage. After considering the meaning, a couple of things came to mind: Lulzsec is [...]

By Peter Bright | Published about 3 hours ago The Rustock botnet, taken down earlier this year in a Microsoft-led action, appears to have been operated by Russians according to evidence collected by the company. Court action by Microsoft saw the Rustock botnet taken offline in March, causing an almost immediate drop in global spam volumes. The Rustock action was unusual in that Microsoft made claims not only of spamming, but also of trademark infringement. Trademark infringement allows the wronged party to seize the property [...]

Thursday, April 21, 2011 New communications schemes could make zombie PC networks far harder to shut down. By Kurt Kleiner Last week the FBI took down the Coreflood botnet—a major network of zombie computers that had been used to steal personal information worth hundreds of thousands of dollars. But the bust relied on an important weakness of conventional botnets—that they are controlled by a few central computers. Take down those central machines and you’ll disable the whole network of as many as hundreds of thousands [...]

By Thomas Lowenthal | Last updated 2 days ago On the Internet, nobody knows you’re a dog—but they might now have an easy time finding your kennel. In a research paper and technical report presented at the USENIX Networked Systems Design and Implementation (NDSI) conference at the beginning of April, researchers from Northwestern University presented new methods for estimating the exact physical location of an IP address tens or hundreds of times more accurately than previously thought possible. The technique builds on existing approaches but [...]

‘Wibimo’ botnet also employs an unusual encryption process By Kelly Jackson Higgins Darkreading SAN FRANCISCO — RSA Conference 2011 — A researcher has discovered a new botnet that uses the rare fast-flux method to stay alive and evade takedown.Joe Stewart, director of malware research for Dell SecureWorks Counter Threat Unit, here yesterday showed a sample of the botnet’s malware he had reverse-engineered, with evidence that the botnet uses fast-flux. Fast-flux is basically load-balancing with a twist: It’s a round-robin method where infected bot machines serve [...]

Researchers in Germany say they’ve been able to reveal passwords stored in a locked iPhone in just six minutes and they did it without cracking the phone’s passcode. » Comments By Martyn Williams February 10, 2011 — IDG News Service — Researchers in Germany say they’ve been able to reveal passwords stored in a locked iPhone in just six minutes and they did it without cracking the phone’s passcode. The attack, which requires possession of the phone, targets keychain, Apple’s password management system. Passwords for [...]

PandaLabs announced the discovery of security exploits via popular social media sites Facebook and Twitter. In the last several days, two new malware strains have been wreaking havoc on Facebook users. The first, Asprox.N, is a Trojan delivered via email informing users their Facebook account is being used to distribute spam and that, for security reasons, the login credentials have been changed. The email includes a fake Word document attachment, supposedly containing the new password, with an unusual icon and the filename Facebook_details.exe. Deceiving victims [...]

An Amazon.com security flaw allows some customers to log in with variations of their actual password that are close to, but not exactly, their real password. The flaw lets Amazon accept as valid some passwords that have extra characters added on after the 8th character, and also makes the password case-insensitive. For example, if your password is “Password,” Amazon.com will also let you log in with “PASSWORD,” “password,” “passwordpassword,” and “password12345.” Wired has been able to confirm the flaw, which was first reported on Reddit. It [...]