Archive for the Security Category

Apple Boots Developer for Shady App Store Dealings

Posted in Apple Dev, Apple/Mac, Information Technology, iTunes, Programming, Security on 2010.07.07 by w3bguy

via E-Commerce Times

An Apple App Store developer has been shown the door for allegedly scamming the system in order to propel his applications to the top of the store’s “Books” category. The operation may have also involved fraudulent charges placed on the accounts of hundreds of iTunes customers. Apple said iTunes’ main servers, where millions of customers’ credit card numbers are stored, were not compromised.

Security experts will tell you that cybercriminals like to hit online operations with large numbers of users. So it shouldn’t be surprising that an unscrupulous individual has apparently been caught lurking in the heavily trafficked Apple (Nasdaq: AAPL) iTunes App Store.

Clues that something was amiss in the App Store surfaced over the weekend when apps by a particular developer — with very few customer reviews or ratings — captured 42 of the top 50 spots in the App Store’s “Books” category. There were also reports of some App Store customers seeing hundreds of dollars in unauthorized charges to their accounts for the purchase of some of these apps. …

Advertisements

Hacking Network Printers

Posted in Hacking, Information Technology, Programming, Security with tags , , on 2010.04.07 by w3bguy

via ironGeek.com

Hack a printer you say, what kind of toner have you been smoking, Irongeek? Well, I’m here to tell you, there’s more that can be done with a printer to compromise network security than one might realize. In the olden days a printer may not have been much of a concern other than the threat from folks dumpster diving for hard copies of the documents that were printed from it, but many modern printers come network aware with embedded Operating Systems, storage and full IP stacks. This article will attempt to point out some of the more interesting things that can be done with a network based printer to make it reveal information about its users, owners and the network it’s part of.

Some of this article may seem a little Black-hat as it concentrates more on the breaking-in than the keeping-out. However I feel this information will be useful to system administrators and auditors so that they know what sorts of things to look out for when it comes to network printers. If you want more advice on how to lock down your network printer visit your vendors web site. A guide from HP is linked at the bottom of this article for your convenience. If nothing else, this article may get you thinking in the right direction.

For my tests I will mostly be using a Hewlett-Packard LaserJet 4100 MFP (Fax/Printer/Copier/Scanner), an HP JetDirect 170x and a HP JetDirect 300X (J3263A) but I will also touch a bit on the Ricoh Savin series of printers lest you think HPs are the only network printers with security problems.

Much of this article will read like a huge brain dump, sort of disorganized and hazy like my mind. It all started as a project for Droop’s Infonomicon TV and it snowballed from there with no specific direction. Bear with me as I clean it up and other folks send me new additions and suggestions to make this article more useful.

The most recent version of this article can be found at: http://www.irongeek.com/i.php?page=security
/networkprinterhacking

FTC Puts Social Nets on Notice With Twitter Smackdown

Posted in Information Technology, Security, Social Media, Twitter on 2010.25.06 by w3bguy

via E-Commerce News

The FTC has settled its beef with Twitter over the service’s security practices. Twitter will go on a probation of sorts, and some conditions of the arrangement will remain in effect for 20 years. The charges originated when hackers took advantage of weak passwords the site had been using and gained administrative privileges that enabled them to control accounts and read private messages.

Twitter has agreed to settle Federal Trade Commission charges that it deceived consumers and put their privacy at risk by failing to safeguard users’ personal information, the FTC announced Thursday.

In what was the agency’s first such case against a social networking service, the FTC charged that serious lapses in Twitter’s data security Planning for the next peak season? Ensure your website is fast, secure and available 24/7. Click here to learn how. practices allowed hackers to obtain unauthorized administrative control of Twitter, including access to nonpublic user information, tweets that users had designated as private, and the ability to send out phony message from any account — including one belonging to Barack Obama, who at the time was the U.S. President-Elect…

FREE security resources…

Posted in Information Technology, Security with tags , on 2010.16.06 by w3bguy

http://bx.businessweek.com

For everyone that doesn’t know what CERIAS is: The Center for Education and Research in Information Assurance and Security (CERIAS) is currently viewed as one of the world’s leading centers for research and education in areas of information security that are crucial to the protection of critical…