DigitMemo.com

Two labs of America’s top scientists have fallen for the oldest trick in the hackers’ book

A report featured on ABC News concluded that two nuclear labs had been “hacked.”  The true story is a bit more entertaining and the reveals that there is no threat to the country’s nuclear safety.  Real threats such as concerted “hacks” conducted by the Chinese against the U.S. government are certainly a concern, but the only thing dangerous about the compromise at these labs is the stupidity of a few scientists and workers at the plants.

The Oak Ridge National Laboratory (ORNL) in Tennessee and Los Alamos National Lab in New Mexico have made a habit of collecting the social security numbers, names, and birth dates of scientists who visit the plants.  The information is put into a database, which reads like a who’s who of America’s top scientists.

Click for more on The True Story: Two U.S. Nuclear Labs "Hacked" »

Although Apple is closing security holes with the update, hackers have kept opening up the devices.

Apple has released, only through their iTunes application, a 1.1.2 system update for the iPhone and the iPod Touch.

This addressed an “ImageIO” vulnerability that could allow the execution of malicious code through the viewing of a doctored TIFF image, according to Apple. The malicious TIFF image could cause a buffer overflow that could either crash an application or run code, according to Apple’s technical note on the issue. But in real life, its used to jailbreak iPod and iPhone.

Click for more on Apple Updates iPod Touch and iPhone »

If you ever have the opportunity to illegally change your grades, think of these two California students - they’re facing up to 20 years in prison and a $250,000 fine for exactly that crime.

29-year-old John Escalera and 28-year-old Gustavo Razo were indicted on October 25 for hacking their way into the California State University, Fresno computer system and changing their grades.

According to the charges, Escalara worked in CSUF’s information technology department and was able to slip into the grading database fairly easily.  He allegedly used the password of his supervisor to gain access to some of the university’s most sensitive data banks.

Click for more on Two students charged with hacking into system, changing grades »

The so-called “impenetrable” BD+ DRM scheme has reportedly already been subverted

We haven’t broken down the minutes and seconds or anything, but we’re fairly certain that July 10th wasn’t exactly ten years ago. Nevertheless, the so-called “impenetrable” BD+ DRM scheme has reportedly already been subverted, and it’s no shock to hear that the folks behind SlySoft had a hand in it. Regrettably, there’s not a lot of details beyond that just yet, but according to the outfit’s CEO, the software is ready to rock and should be released before the end of 2007.

Microsoft is warning users to avoid suspicious websites and emails after attacks were reported on an unpatched flaw in Internet Explorer 7.

The company would not provide exact figures, but said that a “limited number ” of attacks had been reported.

The attacks target a vulnerability in IE7’s handling of the uniform resource indicator (URI) commands used by browsers to launch third-party applications.

Microsoft disclosed the vulnerability on 10 October, explaining that it arises when the browser fails to check malformed URI instructions in Windows XP and Server 2003. Windows Vista is not believed to be vulnerable.

Click for more on Attackers take aim at IE7 unpatched flaw »

A technique for cracking computer passwords using inexpensive off-the-shelf computer graphics hardware is causing a stir in the computer security community.

It may not be the most popular thing to consider, but high-end graphics cards contain a very powerful internal computing engine, called the GPU.  This massively parallel device can attack a problem in parallel, rather than serial as most CPUs are required to process data.  This means it can compute many hundreds of simultaneous calculations.  This is actually how 3D graphics cards get their high-speed gaming abilities.  Still, a new use has been found for this robust computing engine:  password cracking.

Click for more on Password cracking, the new use for high speed GPUs »

Something as small as swapping the video card or updating a device driver can trigger a total Vista deactivation.

Put simply, your copy of Windows will stop working with very little notice (three days) and your PC will go into “reduced functionality” mode, where you can’t do anything but use the web browser for half an hour.

You’ll then need to reapply to Microsoft to get a new activation code.

How can this crazy situation occur? Read on for the sorry tale.

Click for more on WARNING: device driver updates causing Vista to deactivate »

Wired has up an article with a man named Robert Anderson, who was recruited by the MPAA in 2005 to inform on people in the BitTorrent community.

In a tell-all interview with the site, Anderson explains how the powerful media organization encouraged him to obtain the information they were looking for:

According to Anderson, the MPAA told him: ‘We would need somebody like you. We would give you a nice paying job, a house, a car, anything you needed…. if you save Hollywood for us you can become rich and powerful.’ In 2005, the MPAA paid Anderson $15,000 for inside information about TorrentSpy — information at the heart of a copyright-infringement lawsuit brought by the MPAA against TorrentSpy of Los Angeles. The material is also the subject of a wiretapping countersuit against the MPAA brought by TorrentSpy’s founder, Justin Bunnell, who alleges the information was obtained illegally.

Click for more on Hacker for the MPAA Interviewed »

Hackers are actively exploiting a zero-day hole in RealNetworks’ RealPlayer media player

The in-the-wild attacks, which began late last night (October 18), targets a previously unknown and unpatched ActiveX vulnerability in the way RealPlayer interacts with Microsoft’s Internet Explorer browser.

Only systems on which both RealPlayer and IE have been installed are vulnerable.

The flaw is causing drive-by malware downloads when an IE user simply browsers to a maliciously rigged Web page, according to an alert issued by Symantec DeepSight Threat Management System.

The issue affects an ActiveX object installed by RealPlayer, accessible over the web using Internet Explorer. By instantiating the object and invoking a specific method and attacker is able to corrupt process memory and execute arbitrary code with the privileges of the browser. The attack currently known to be in-the-wild has been confirmed to download malicious code to the compromised host.

Click for more on IE users beware: RealPlayer zero-day flaw under attack »

Apple agrees to sell iPhones in France unlocked

The move comes after Apple met a roadblock when its international policy of banning unlocking was challenged by French law.  A French telecommunications law, passed in 1998 states that manufacturers must offer to unlock consumers phones for a small fee for the first sixth months after release, and for free after that, as reported via French news site Les Echoes.

Click for more on Viva la Unlocking! French Law Dictates Apple Must Allow Unlocking »