Archive for December, 2014

Steam chat spreading dangerous malware

Most people know not to click on suspicious links from strangers, but suspicious links from friends are more of a marginal case. Malefactors are currently using Steam, Valve’s popular PC gaming platform, to spread malware by hiding a nasty program in a supposedly innocuous screenshot that looks like it is coming from a trusted friend.

Security expert Graham Cluley shared the story, which one of his readers brought to his attention. The malware comes via Steam’s built-in chat client and, in all likelihood, will appear to come from someone you know.

If you receive a message on Steam that reads “WTF?????” and links to a JPEG image called “screenshot,” steer clear and inform your friend that he or she needs to run a virus scan posthaste. The link leads not to a strange picture, but rather to an executable SCR file.

Once clicked, the file will download and install automatically. This particular SCR file targets Steam, meaning it may be able to steal your login and financial information. At the very least, it compromises your Friends list and sends the malware-ridden “WTF” message to all of your contacts.

Worse still, only about half of antivirus programs seem capable of detecting the malware. While AVG, Malwarebytes, Kaspersky, Sophos and Symantec users are in the clear, those who rely on Microsoft, TrendMicro, Kingsoft or AegisLab are out of luck. The best solution for them would be to download the free version of AVG or Malwarebytes and run it with extreme prejudice.

This is not the first time that malware has targeted Steam users, suggesting that the platform is still not perhaps as secure as it could be. PC gamers should double-check with their friends before clicking on links that look out-of-the-ordinary.

Read More

At a cybersecurity convention in Hamburg last week, the “Chaos Computer Club” demonstrated how it can mimic a fingerprint just by analyzing photographs.

Fingerprints have been recreated from smudges on windows and other smooth surfaces. In the past, forgers have used tape, a scanner, some plastic material and glue to build a gummy fingerprint that can fool scanners.

But the Chaos Computer Club says this is the first time fingerprints have been spoofed from afar. The group’s leader, known as “Starbug,” said he was able to recreate the thumbprint of the German Minister of Defense Ursula von der Leyen, from several news photos.

The hack isn’t terribly complicated, but it’s also not something most people would have the patience or ability to pull off. Starbug printed the fingerprint from the photos onto tracing paper, copied it onto a plastic board, covered it in graphite and made a dummy print by coating the plastic in wood glue.

Not easy. Still he made a dummy fingerprint from a photo. Impressive.

In one demonstration, the dummy print was able to trick Apple’s (AAPL, Tech30) TouchID (which controls Apple Pay).

“There will be no need to steal objects carrying the fingerprints anymore,” the group said in a preview of the event. “After this talk, politicians will presumably wear gloves when talking in public.”

The Club said the presentation calls into question the validity of fingerprint security systems. It would be difficult to do anything useful with the German Defense Minister’s fingerprints, but you could use the hacking method to get into your friend’s iPhone.

Read More

Prince William County VA Dec 30 2014 — Enjoy the free I-95 express lanes while you can. This time Monday, you’ll have to pay to drive them.

“Enforcement begins tomorrow,” says Virginia State Police Captain James DeFord, commander of the state police department’s Northern Virginia division.

While tolling begins at 2 a.m., Virginia State Police officers took time Sunday to show how they will catch express lane violators – -by using newly-installed equipment in their patrol cars. Officers met with the media for the demo at the Park-n-Ride Commuter lot in Prince William County, right off of I-95 by Occoquan/Route 123.

“It’s definitely going to be a learning process,” says state trooper Joy Gary, comparing this learning curve to when the 495 express lanes opened.

Gary’s police cruiser was decked out with EZ pass readers in each backseat side window — one on the left, one on the right. The readers feed to her computer, mounted to the side of the driver’s seat.

Gary says the readers can determine if it’s a regular EZ pass or EZ Flex. If you have an EZ Flex, the readers can tell if it’s in toll mode or HOV mode.

Under HOV mode, for instance, officers can identify the car and determine if there are three or more passengers inside. That helps determine if drivers should be ticketed or not.

“It’s just like an HOV violation: $125 for the first offense; $250 for a second,” DeFord says. “And then a third in five years is $500, and a fourth in five-years is $1,000.”

Apparently, several motorists have taken advantage of the free I-95 express lanes. The southern end saw bumper-to-bumper traffic late Friday and Saturday.

The southern extension of the lanes opened early December, but weren’t tolled. As a result, many travelers found themselves trapped in 10-mile traffic jams.

By Saturday afternoon, the line to exit the express lanes began south of Dale City. Some drivers said it took nearly two hours to get away from them. Traffic was heavy in the main lanes throughout Stafford County.

View Source

NJ Target store cashier voided transactions

RIVERDALE NJ Dec 26 2014– A Target cashier allegedly canceled out thousands of dollars worth of transactions and let shoppers leave the store without paying for items, police said.

Authorities did not say whether Zariah Lozada was granting the deep discounts to people she knew or if she was doing as a nice gesture for for strangers doing their holiday shopping at the Target in Riverdale, but police said the 18-year-old is now facing charges for reportedly voiding out $3,830.96 worth of transactions over the past week.

On Wednesday evening, Riverdale Police Officer Joe McDermott was dispatched to the Target on Route 23 after the store’s security personnel contacted authorities regarding an employee theft, Lt. James Macintosh said.

McDermott met with security officers who reported that one of the store’s cashiers, Lozada, “had been involved in a scheme where she would allow people to pretend to use a credit card, then void out the transaction and let the people leave with the merchandise,” Macintosh said.

Authorities did not say whether she was canceling out entire transactions or just knocking a few items off a total bill.

Subsequently, Lozada, who resides in the Haskell section of Wanaque, was arrested and transported to Riverdale Police Department, where she was charged with theft and conspiracy to commit theft, he said.

She was also charged with possession of a controlled dangerous substance after officers discovered she had four Oxycodone pills, Macintosh said.

Lozada was released with a Dec. 24 court date at the Morris County Central Judicial Processing, he said.

When asked whether Lozada was still employed at the Riverdale Target, an on-duty supervisor – who declined to identify herself – told NJ Advance Media she could not comment on matters involving the store’s personnel.

View Source

ATLANTA — Channel 2 Action News has confirmed federal charges for a Delta employee.

He’s accused of helping to put 18 firearms on a plane at Atlanta’s Hartsfield-Jackson International Airport.

Channel 2 Action News is the only station to get a hold of the criminal complaint before federal court closed.

In a Federal Bureau of Investigation affidavit obtained only by Channel 2 Action News, we learned that agents believe a current employee working in Atlanta helped another man smuggle the guns onto a flight.

The affidavit names Eugene Harvey, a bag handler, as the suspected smuggler who was a Delta employee.

The flight originated from Hartsfield Jackson International Airport and went into New York’s JFK airport on Dec. 10, the complaint states.

According to the complaint, the former Delta employee was using a “buddy pass” and he worked in collaboration with a current delta employee

According the complaint, Harvey, the employee, bypassed TSA security and brought the smuggler the guns.

The FBI believes a total of 18 guns bypassed security and ended up on a carryon baggage aboard a Delta Airlines flight to New York.

The complaint alleges that the undercover officer was supplied a total of 129 guns, including and AK 47 and an AR 15.

It is not yet clear if all those guns were also smuggled onto a flight.

The breach is one of the biggest security breaches in recent years, according to affidavit details.

Delta sent Channel 2 Action News the following statement Monday:
“Delta is cooperating with authorities in this investigation. We take seriously any activity that fails to uphold our strict commitment to the safety and security of our customers and employees.”

View Source

Major Ruling Shields Privacy of Cellphones

WASHINGTON — In a sweeping victory for privacy rights in the digital age, the Supreme Court on Wednesday unanimously ruled that the police need warrants to search the cellphones of people they arrest.

While the decision will offer protection to the 12 million people arrested every year, many for minor crimes, its impact will most likely be much broader. The ruling almost certainly also applies to searches of tablet and laptop computers, and its reasoning may apply to searches of homes and businesses and of information held by third parties like phone companies.

“This is a bold opinion,” said Orin S. Kerr, a law professor at George Washington University. “It is the first computer-search case, and it says we are in a new digital age. You can’t apply the old rules anymore.”

Chief Justice John G. Roberts Jr., writing for the court, was keenly alert to the central role that cellphones play in contemporary life. They are, he said, “such a pervasive and insistent part of daily life that the proverbial visitor from Mars might conclude they were an important feature of human anatomy.”

But he added that old principles required that their contents be protected from routine searches. One of the driving forces behind the American Revolution, Chief Justice Roberts wrote, was revulsion against “general warrants,” which “allowed British officers to rummage through homes in an unrestrained search for evidence of criminal activity.”

“The fact that technology now allows an individual to carry such information in his hand,” the chief justice also wrote, “does not make the information any less worthy of the protection for which the founders fought.”

The government has been on a surprising losing streak in cases involving the use of new technologies by the police. In Wednesday’s case and in a 2012 decision concerning GPS devices, the Supreme Court’s precedents had supported the government. “But the government got zero votes in those two cases,” Professor Kerr said.

Read More

Recent research reveals that identity theft affects millions of people a year, costing victims countless hours and money in identity recovery and repair. What causes this pattern of online theft and fraud? It’s a combination of factors: a lack of consumer knowledge regarding protecting your identity online; growing comfort with, and trust in, social platform providers; the need for social platforms to generate revenue; and a lack of standards or policing of these standards. Although this issue is not yet in the mainstream consciousness, it likely will be sooner rather than later.

Fueling the Fire
Social media sites generate revenue with targeted advertising, based on personal information. As such, they encourage registered users to provide as much information as possible. With limited government oversight, industry standards or incentives to educate users on security, privacy and identity protection, users are exposed to identity theft and fraud. Additionally, these platforms have a ton of confidential user information, and are likely vulnerable to outside (or inside) attack. On the marketing front, Google recently patented an algorithm to rate individual’s influence within social media. Once publicized, it will likely encourage greater participation by active users in order to boost their influence score.

Crimes of Opportunity
With the increased global use of social media, there are more opportunities than ever before to steal identities or perpetrate fraud online. For example, status updates posted on Twitter, Facebook and many other social media sites can be used by criminals. If you post that you’re out of town on vacation, you’ve opened yourself up for burglary. If you mention that you’re away on business for a weekend, you may leave your family open to assault or robbery. When it comes to stalking or stealing an identity, use of photo- and video-sharing sites like Flickr and YouTube provide deeper insights into you, your family and friends, your house, favorite hobbies and interests.

Read More

WASHINGTON (AP) — President Barack Obama on Thursday capped a swift and forceful response to an Associated Press investigation by signing into law a measure that bars suspected Nazi war criminals from receiving U.S. government pension benefits, known as Social Security.

AP’s investigation, which was the impetus for the No Social Security for Nazis Act, found that dozens of former Nazis collected millions of dollars in retirement benefits after being forced to leave the United States. Recipients ranged from the SS guards who patrolled the Third Reich’s network of camps where millions of Jews died to a rocket scientist who helped develop the V-2 rocket that Nazi Germany used to attack London.

The speed with which the legislation moved underscored the outrage AP’s findings triggered among lawmakers in Congress — and American taxpayers. The House unanimously approved the bill Dec. 2 and the Senate passed it by voice vote just two days later.

Mike King, a Vietnam veteran and a retired police office, gets a Social Security check of $900 a month. That’s less than half of what he could be getting based on his years in the workforce. But his benefits are reduced because of a rule that docks retirees who simultaneously collect a public pension. It’s “appalling,” he said, that former Nazis collected benefits when he and others in his position are forced to accept less.

Read More

A Massachusetts pharmacy owner has been arrested and charged with second-degree murder in connection with the 2012 fungal meningitis outbreak tied to tainted steroid injections.

The outbreak killed 64 people and sickened 687 others who received the injections across 20 states. Prosecutors said the pharmacists’ actions displayed “extreme and appalling disregard for human life.”

Barry Cadden, who owns the New England Compounding Center, and supervising pharmacist Glenn Chin were charged with second-degree murder in the deaths of 25 victims in six states who received tainted vials of methylprednisolone acetate. Cadden and Chin were “acting in wanton and willful disregard of the likelihood that the natural tendency of their actions would cause death or great bodily harm,” according to the indictment announced today.

“The investigation uncovered widespread sustained and systematic unlawful conduct at NECC that was not only condoned but was expressly directed by management and senior partners,” Acting Associate Attorney General Stuart Delery said during a news conference this morning announcing the culmination of a two-year investigation involving state and federal officials.

In addition to Cadden and Chin, 14 people associated with NECC were indicted on a laundry list of charges including racketeering, conspiracy and mail fraud. The indictment details how cleaning logs were falsified, expired ingredients were used with fictitious labels, and drugs weren’t recalled when microbes were found.

“Production and profit were prioritized over safety,” said U.S. Attorney Carmen Ortiz for the District of Massachusetts, adding that the clean room where drugs were compounded “failed to comply with the most basic health standards.”

Eleven people, including Cadden and Chin, were arrested this morning, Delery said. Three others were not arrested but were named in the indictment.

View Source

CHERRY HILL, N.J. — A traffic stop in Cherry Hill, N.J. resulted in the seizure of 250 pounds of marijuana, CBS Philadelphia reported.

According to investigators, the investigation began when Narcotics detectives uncovered suspicious deliveries and activity at a self-storage unit.

Police say a person of interest was identified and he was spotted removing large boxes from the storage unit, placing them in a car and driving away.

Officers with the Cherry Hill Police Department stopped the driver for having a suspended driver’s license and he was arrested on a local warrant. The driver was identified by police as 57-year-old Nelson Anderson of Camden.

A K-9 with the Cherry Hill Police Department named Mika was brought to the scene and detected a narcotic odor.

The vehicle was impounded and officers applied for a search warrant of the car and rental unit.

Investigators said a search revealed 100 pounds of marijuana in the car and over 150 pounds of marijuana in the rental unit.

After an investigation, it was determined that the marijuana was stored in Cherry Hill, but it was distributed in the city of Camden.

Anderson has been charged with Possession of Marijuana over 50 Grams, Distribution of Marijuana over 25 Lbs, Distribution of Marijuana in a School Zone. He is being held at the Camden County Jail in default of $250,000.00 cash bail.

View Source