Tag security

Nigerian Scammers Are Good People

Via Slashdot comes an IEEE Spectrum article about a new scam from Nigeria. In brief, instead of asking you for money directly, they redirect your business email. They wait until someone orders something from your company, then rewrites the bank routing numbers and such so that the client sends money to the scammers’ account instead of yours.

So far, so bad. Technically interesting, ethically very bad. The moral of the story, as always, is be careful where you type your password, and if something looks hinky, think about it.

But then there’s this part:

Bettke and Stewart estimate the group they studied has at least 30 members and is likely earning a total of about $3 million a year from the thefts. The scammers appear to be “family men” in their late 20s to 40s who are well-respected, church-going figures in their communities. “They’re increasing the economic potential of the region they’re living in by doing this, and I think they feel somewhat of a duty to do this,” Stewart says.

Let’s just toss that on the pile marked “Religion doesn’t make people more moral”, shall we?

Sony Learns Nothing From Its Mistakes

Remember back in 2005, when Sony decided it would be a smashingly brill idea to include a rootkit on one of their CDs? Well, now they’re selling USB keychain drives with built-in fingerprint scanners, and they figured it’d be totally rad to include a rootkit with that as well.

As the old saying goes, subvert my security to prevent the inevitable release of your IP onto the net by 15 minutes, shame on you; subvert my security etc. twice, shame on you still, dumbass.

/kernel.el

From an Ubuntu security advisory:

After a standard system upgrade you need to restart emacs to effect the
necessary changes.

Details follow:

Hendrik Tews discovered that emacs21 did not correctly handle certain
GIF images. By tricking a user into opening a specially crafted GIF,
a remote attacker could cause emacs21 to crash, resulting in a denial
of service.

Gosh, they make it sound as if Emacs is a daemon, run from an init file, running all the time and… oh, wait. Right.

Let’s Hire A Grizzly as a Babysitter, While We’re at It

Brad Blog reports that someone managed to make a key that opens Diebold voting machines… by copying it off of an image on Diebold’s web site.

Can you imagine what would happen if an individual, rather than a company, had screwed up this way? If you answered “that person would be awarded the Presidential Medal of Freedom”, pat yourself on the back. Unfortunately, we can’t give medals to corporations, but this comes close:

NORTH CANTON, Ohio– Diebold, Incorporated, one of the nation’s largest security integrators with expertise in the government, commercial, financial and retail markets, has solidified its homeland security presence. The company recently earned certification from the General Services Administration (GSA) to deliver security integration services that meet the requirements of the Homeland Security Presidential Directive 12 (HSPD-12).

I tried to come up with a better subject line. Really, I did. But all I could come up with was “It’s like letting Bush & Co. run the country” or “Like letting Halliburton handle the post-Katrina reconstruction”.