12-year-old admits to hacking major government websites for Anonymous

A 12-year-old Canadian boy has pleaded guilty to three charges of hacking government websites under the affiliation of ‘hacktavist’ initiative Anonymous.

A court heard on Thursday how the fifth grader – from the Montreal suburb of Notre-Dame-de-Grâce – wreaked computer havoc during the Quebec student uprising in 2012, with some sites out of service for two days.

He has pleaded guilty to three charges related to hacking websites that included those of Montreal police, the Quebec Institute of Public Health, the Chilean government and some non-public sites.

The attacks took some of the sites offline for up to two days, at what police estimated as a cost of $60,000 in damages.
Read more: http://www.dailymail.co.uk/news/article-2477746/Fifth-grader-just-12-years-old-admits-charges-major-hacking-targeting-government-websites.html#ixzz2j1rHVB00

Advertisements

Ponemon Institute Survey Results: How Single Sign-On is Changing Healthcare – SSO Vendor Comparison

Ponemon Institute Survey Results: How Single Sign-On is Changing Healthcare – SSO Vendor Comparison

by Imprivata

 

This report reveals the findings of the Ponemon Institute Survey: How Single Sign-On Is Changing Healthcare and provides a detailed analysis of single sign-on vendors. The report shows that of the >400 users of SSO technology surveyed, it was determined that SSO technology saves clinicians from 8 to 15 minutes a day depending on the SSO solution utilized, which can be translated into 103-191 hours per year.

 

Single sign-on automates the login process, enabling clinicians and IT practitioners to login only

once to their desktop in order to gain faster access to applications – removing clicks, keystrokes

and complex passwords. In light of the rigorous data security requirements in the healthcare

industry, SSO and authentication management are almost always deployed together. The

combination is growing in popularity because, as shown by our research, it increases employee

productivity, reduces helpdesk calls, and strengthens security.

 

We surveyed a total of 404 individuals who work for healthcare organizations and who use SSO

technology. They work in private and public hospitals or integrated delivery healthcare systems.

Most of the respondents work in IT functions such as operations, data security, IT compliance,

quality assurance, network management, helpdesk operations and other key MIS functions. Of

the 404 participants in the study, 65 are customers of Imprivata OneSign.

 http://healthitsecurity.com/2013/09/03/white-paper-ponemon-institute-survey-results-how-single-sign-on-is-changing-healthcare-sso-vendor-comparison/

AHMC Healthcare reports 729,000-patient data breach

About 729,000 patients’ data may have been compromised because two password-protected laptops with their data were stolen on October 12 from AHMC Healthcare Inc.’s administrative offices.

The Los Angeles Times reports that the breach affected patients under Medicare who received care at the six hospitals owned by AHMC Healthcare Inc. Affected AHMC patients were treated at Garfield Medical Center, Monterey Park Hospital, Greater El Monte Community Hospital, Whittier Hospital Medical Center, San Gabriel Valley Medical Center and Anaheim Regional Medical Center.

About 10 percent of Medicare patients had their Social Security numbers compromised, while the laptops also included patient names, Medicare/insurance identification numbers, diagnosis/procedure codes, and insurance/patient payments. The laptops had been guarded and gated by a security team with video surveillance, but the thieves broke into the office and stole the laptops.

AHMC Healthcare Inc. learned of the breach on October 14 and though it doesn’t believe that any information had been accessed inappropriately, it didn’t rule out the possibility of foul play with the data.

 

http://healthitsecurity.com/2013/10/22/ahmc-healthcare-reports-729000-patient-data-breach/

March against NSA surveillance in Washington DC

At a rally in Washington Saturday, self-exiled whistleblower Edward Snowden described “a system of pervasive surveillance” operating against American citizens, and he urged technology and free rights activists to spread awareness of the spying violations in the name of reform.

Just last week, leaks linked to Snowden revealed that the NSA had allegedly eavesdropped on cell phone calls by German Chancellor Angela Merkel. This follows protests by other world leaders from Brazil, France, Spain, Italy, and as many 30 other countries – most of them US allies – who say NSA spying is a violation and could seriously impair their relationship with the US.

“Today, no telephone in America makes a call without leaving a record with the NSA. Today, no Internet transaction enters or leaves America without passing through the NSA’s hands. Our representatives in Congress tell us this is not surveillance. They’re wrong,” Snowden said. “Now it’s time for the government to learn from us.”

 http://www.csmonitor.com/USA/2013/1026/NSA-Washington-March-against-surveillance-and-a-call-from-Edward-Snowden-photos

The NSA Tracks Tor Users Entry and Exit Nodes Using Fake Google Ads

The system that the NSA uses to locate and identify Tor users begins, at least sometimes, with the buying of ads on networks like Google’s AdSense.

“Just because you’re using Tor doesn’t mean that your browser isn’t storing cookies,” said Jeremiah Grossman, a colleague of Hansen’s who also specializes in browser vulnerabilities.

As Grossman described the procedure to CNET, the NSA is aware of Tor’s entry and exit nodes because of its Internet-wide surveillance.

 

“The very feature that makes Tor a powerful anonymity service, and the fact that all Tor users look alike on the Internet, makes it easy to differentiate Tor users from other Web users,” he wrote.

 

The NSA buys ads from ad display companies like Google and seeds them around Tor’s access points.

Not all Tor installations are created equal, added Hansen, who has an unusual pedigree in the browser vulnerability field because he’s also a veteran of the ValueClick ad network, which was later bought by DoubleClick, which subsequently was purchased by Google.

“It depends on whether you’re using Tor Button or Tor Browser,” he said. “The Tor Button tends to be more secure because as you jump in and out of the Tor Browser, it tracks cache and cookies.”

However, since the Tor Project now includes a patched version of Firefox, it recommends not using the Tor Button and only using the standard Tor Browser Bundle instead.

More secure than either, Hansen said, was to run Tor on a virtual machine so that cookies and cache are dumped when the machine is closed, and the kind of man-in-the-middle and man-on-the-side attacks described by Schneier are avoided.

“If you don’t take the critical steps to protect your privacy, you will be de-cloaked if you’re doing something interesting,” Hansen said.

 

http://news.cnet.com/8301-1009_3-57606178-83/nsa-tracks-google-ads-to-find-tor-users/

 

“The NSA then cookies that ad, so that every time you go to a site, the cookie identifies you. Even though your IP address changed [because of Tor], the cookies gave you away,” he said.

Adobe hacked, 3 million accounts compromised

The massive attack exposes customer names, encrypted credit or debit card numbers, expiration dates, and other information relating to customer orders.

Adobe announced on Thursday that it has been the target of a major security breach in which sensitive and personal data about millions of its customers have been put at risk.

Brad Arkin, senior director of security for Adobe products and services, explained in a blog post that the attack concerns both customer information and illegal access to source codes for “numerous Adobe products.”

A few examples include Adobe Acrobat, ColdFusion, and the ColdFusion Builder. However, as far as the source code is concerned, Adobe assured that there is no “increased risk to customers as a result of this incident.”

Adobe officials added that the investigation has not turned up any zero-day attacks either.

Unfortunately, the culprits have obtained access to a large swath of Adobe customer IDs and encrypted passwords.

 

http://news.cnet.com/8301-1009_3-57605962-83/adobe-hacked-3-million-accounts-compromised/?Privacy

Online Tor anonymizer network among NSA’s targets

Top-secret national security documents disclosed to the Guardian by Edward Snowden show United States and British intelligence have long attempted to crack the Tor anonymizer network used by human rights workers, journalists, cybercriminals and others.

  On Friday, the Guardian published leaked documents attributed to  the former intelligence contractor revealing how the US National  Security Agency and Britain’s Government Communications  Headquarters, or GCHQ, have worked extensively towards  compromising the computers of people who browse the Internet with  Tor, a program that routes traffic through multiple nodes in an  effort to help mask the identities of its users.

  According to the Guardian’s James Ball, Bruce Schneier and Glenn  Greenwald, the NSA’s “current successes against Tor rely on  identifying users and then attacking vulnerable software on their  computer.”

  “While it seems that the NSA has not  compromised the core security of the Tor software or network, the  documents detail proof-of-concept attacks, including several  relying on the large-scale online surveillance systems  maintained by the NSA and GCHQ through internet cable  taps,” the writers add.

 

Read the rest at http://rt.com/usa/nsa-target-tor-network-739/