[ISN] Nuke plant gets new locks after keys lost
http://news.scotsman.com/latest.cfm?id=513752006 Reuters 3 Apr 2006 BERLIN (Reuters) - German authorities are changing 150 locks at a nuclear power plant after its owner said they had lost keys to a security area, a ministry spokesman in the south western state of Baden-Wuerttemberg said on Monday. Plant operator EnBW said that in spite of intensive searches and questioning it had not been able to recover 12 keys for its Philippsburg plant after discovering they were lost in March. The environment ministry said EnBW informed it the keys were missing and the operator had put extra safety measures in place to control access to the secure area. This has never happened anywhere in Germany before, the ministry spokesman said. The keys have simply disappeared. Prosecutors have launched an investigation for theft. _ Donate online for the Ron Santo Walk to Cure Diabetes http://www.c4i.org/ethan.html
[ISN] Payment processor fears credit card crooks
http://news.com.com/Payment+processor+fears+credit+card+crooks/2100-7349_3-6057305.html By Joris Evers Staff Writer, CNET News.com April 3, 2006 A major online payment provider said Monday that its processing service had been used in an attempt to charge money to stolen credit and debit cards. Several Web hosting companies that use the Authorize.Net service to accept credit cards online saw a sudden spike in transactions over the weekend. The transactions, most for $500 and $700, were billed to Visa, MasterCard and American Express cards that belong to people across the U.S., representatives for three Web hosts told CNET News.com. These hackers got their hands on high quality data, and they used merchants of ours to run that data through the merchant's Web site, which goes through our platform, said David Schwartz, a spokesman for Authorize.Net in American Fork, Utah. The company says more than 130,000 merchants use its online payment service. The Web hosting companies discovered the unusual charges through e-mail alerts that Authorize.Net sends after each transaction. Close to 3,000 suspicious transactions were pushed through the merchant accounts of three companies with which CNET News.com spoke, and more likely happened at other Web hosts, these three companies said. Unclear, however, is where the weakness in the transaction chain is, whether it was at the level of the payment processor or the Web hosts. Also unclear is where the culprits obtained the card information they used in the transaction attempts. On Sunday morning, in about an hour-and-a-half time period, fraudsters ran close to 1,500 transactions through the Authorize.Net account of Defender Technologies Group, a Web host in Ashburn, Va., said Tom Kiblin, the company's CEO. It was just under $1 million that got put through on our account, he said. Kiblin says he has reported the matter to the U.S. Secret Service. Lance Conway, president of Viper Logic in Palm Springs, Calif., and Lisa Willman, billing manager at Vortech in Orlando, Fla., have similar stories. Viper's account was used on Friday to charge $700 to almost 800 cards, Conway said. At Vortech, that same amount was billed on Friday to about 400 cards, Willman said. In all cases, the information that was put through the system included a card number, expiration date, name and address, representatives for the Web hosts said. The episode is another example of credit card and debit card insecurity. Recently, a crime spree forced banks across the nation to replace hundreds of thousands of debit cards. Last year a cyber break-in at a payment processor exposed names, account numbers and verification codes for 40 million credit cards. The three Web hosting companies have all voided the fraudulent transactions, which took up significant time, the company representatives said. Nevertheless, some consumers noticed that their banks had put holds on their credit cards or even charged their debit cards, and they called the Web hosting companies for clarification. We try to explain to them: 'No we're not thieves, we're not stealing your money, your credit card information was stolen,' said Kiblin. His company, Defender Technologies, has fielded calls from about 100 cardholders, he added. Conway at Viper Logic received about 30 calls over the weekend, and his phone was ringing often on Monday as well, he said. What a nightmare. We're just a small company; there are only eight of us here. Though the attackers already had control over a database of credit card numbers, Authorize.Net and the Web hosting companies are pointing fingers as to who is to blame for allowing the mass charges to the accounts. The Web hosts say there are no traces of transactions on their servers, so fraudsters must have accessed Authorize.Net directly. But Authorize.Net denies any blame. Authorize.Net did not suffer from any sort of security breach whatsoever, Schwartz said. If someone commits fraud in a physical store using a stolen credit card, the merchant would never hold the manufacturer of the card-swipe terminal accountable for that fraud. In the e-commerce world, a payment gateway is the equivalent. The Web hosting companies may have left open a door to the payment processing service, possibly through their online shopping carts, Schwartz speculated. Opinions also differ on why someone would want to send large amounts of money into the accounts of the Web hosts. It looks like somebody was fishing with a credit card list, trying to validate credit cards, said Kiblin. The goal for these guys, if a card is valid, they go off and start buying stuff. All these guys that got hit are going to see other charges. But for that to be true, the transaction amounts are too high, Schwartz said. Usually, when hackers try to validate whether a card is good or not, they will do an authorization attempt for a dime. If it goes through, they know they have got a good card number, and when it is rejected it is
[ISN] Policeman Charged With Cyberstalking
http://www.wral.com/apstrangenews/8449104/detail.html April 3, 2006 HAUPPAUGE, N.Y. -- A police officer named Valentine has been charged with hacking into the e-mail account of a woman he met through an online dating service and posing as her in messages sent to himself and to other men. Officer Michael Valentine, 28, met the woman on Match.com last November and dated her for about six weeks before she broke up with him, Suffolk County District Attorney Thomas Spota said in a news release. Valentine is accused of reading her e-mail, changing her Match.com profile and sending e-mails using her name. He went into her account and, posing as her, sent himself an e-mail threatening that her friends would come out of the bushes with a baseball bat and beat your brains in, prosecutors said. He also sent Match.com messages to 70 men on the dating service to falsely indicate she was romantically interested in them, Spota said. At least twice men showed up at the woman's house to take her out on a date because they were under the mistaken impression she wanted to go out with them, Spota said. Valentine pleaded not guilty. His lawyer, Paul Gianelli, said he planned to vigorously defend his client. It certainly comes as a shock to my client to be charged with a crime, Gianelli said. Spota said computer crimes detectives determined that Valentine used a number of computers, including one that belonged to the Suffolk County Police Department. Valentine, who joined the police force in 2002, was arraigned Monday on a 197-count indictment that included charges of stalking, computer trespassing, official misconduct and tampering with evidence. He was released on his own recognizance and was scheduled to return to court on April 20. He has been suspended from his job without pay. Copyright 2005 by The Associated Press. _ Donate online for the Ron Santo Walk to Cure Diabetes http://www.c4i.org/ethan.html
[ISN] REVIEW: Snort Cookbook, Angela Orebaugh/Simon Biles/Jacob Babbin
Forwarded from: Rob, grandpa of Ryan, Trevor, Devon Hannah [EMAIL PROTECTED] BKSNRTCB.RVW 20051208 Snort Cookbook, Angela Orebaugh/Simon Biles/Jacob Babbin, 2005, 0-596-00791-4, U$39.95/C$55.95 A% Angela Orebaugh A% Simon Biles A% Jacob Babbin %C 103 Morris Street, Suite A, Sebastopol, CA 95472 %D 2005 %G 0-596-00791-4 %I O'Reilly Associates, Inc. %O U$39.95/C$55.95 800-998-9938 fax: 707-829-0104 [EMAIL PROTECTED] %O http://www.amazon.com/exec/obidos/ASIN/0596007914/robsladesinterne http://www.amazon.co.uk/exec/obidos/ASIN/0596007914/robsladesinte-21 %O http://www.amazon.ca/exec/obidos/ASIN/0596007914/robsladesin03-20 %O Audience i+ Tech 2 Writing 2 (see revfaq.htm for explanation) %P 270 p. %T Snort Cookbook: Solutions and Examples for Snort Administrators Chapter one covers the installation of Snort on various systems, and even includes a wiring diagram for a passive tap, if you need that sort of application. (The cookbook format, with its Problem/Solution structure, seems a bit odd, in this case.) An assortment of issues in logging are dealt with in chapter two. The creation and maintenance of rules, in chapter three, is discussed in a very useful fashion. Chapter four is about preprocessing, and is somewhat more demanding of the reader. Administrative tools, for managing Snort sensors, rulesets, and data, are described in chapter five, while utilities for analysis and display of collected information are presented in six. A variety of additional uses for Snort are mentioned in chapter seven. This book outlines the basic use and operation of Snort in a convenient and easy-to-use manner. Aside from the first chapter, the cookbook format is used effectively, and thus the work becomes a handy, quick reference for those interested in using and exploring Snort. copyright Robert M. Slade, 2005 BKSNRTCB.RVW 20051208 == (quote inserted randomly by Pegasus Mailer) [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] What you see and hear depends a good deal on where you are standing; it also depends on what sort of person you are. - Clive Staples Lewis http://victoria.tc.ca/techrev/rms.htm _ Donate online for the Ron Santo Walk to Cure Diabetes http://www.c4i.org/ethan.html