Prey helps you find your stolen laptop by sending timed reports to your email with a bunch of information of its whereabouts. This includes the general status of the computer, a list of running programs and active connections, fully-detailed network and wifi information, a screenshot of the running desktop and — in case your laptop has an integrated webcam — a picture of the thief.

Richard Wolf acknowledged that his behavior was inappropriate when he used his work computer to upload nude photos of himself to an adult web site and view other photos on porn sites, but he didn’t think he should be convicted of hacking for doing so.

A jury disagreed and felt he exceeded his authorization on the computer, which the appellate court recently upheld

Tiversa employees found engineering and communications information about Marine One at an IP address in Tehran, Iran.

”We found a file containing entire blueprints and avionics package for Marine One, which is the president’s helicopter,” said Bob Boback, CEO of Tiversa.

[…] “What appears to be a defense contractor in Bethesda, Md., had a file sharing program on one of their systems that also contained highly sensitive blueprints for Marine One,” Boback said.

Microsoft Threat Analysis & Modeling tool allows non-security subject matter experts to enter already known information including business requirements and application architecture which is then used to produce a feature-rich threat model.

I spent about five minutes with it, but it’s very deep. You identify different interfaces your system exposes, the different roles, and the different actions they can take on various pieces of data. The system will them model all the potential threats and points of compromise, which you can then categorize and address.

Here’s a larger blog post about how to use the tool.

[…] this tool really shines when used in the design phase of new applications. In fact, the Threat Analysis and Modeling Tool is robust enough that you may consider using it as your primary design tool for all new applications.

It’s impressive for a free tool, and it appears it would take a fair amount of usage to make sense. But if you’re in charge of security for your app, this is probably worth looking at.

Variations of the word “jordan” are popular, which almost certainly refers to “Michael Jordan”, a prominent basketball start (such as “jordan23”, referring to his jersey number).

[…] 4% of passwords appear to reference things nearby. The name “samsung” is a popular password, I think this is because it’s the brand name on the monitor that people are looking at

The feedback we have gotten from the hundreds of people who say they are using BASIC has all been positive. Two surprising things are apparent, however, 1) Most of these “users” never bought BASIC (less than 10% of all Altair owners have bought BASIC), and 2) The amount of royalties we have received from sales to hobbyists makes the time spent on Altair BASIC worth less than $2 an hour.

Why is this? As the majority of hobbyists must be aware, most of you steal your software.

And, towards the end:

Most directly, the thing you do is theft.

Via Jeff Atwood who has a longer post about the problem of piracy and how it’s never going to change.

What’s frightening about the spread of this Trojan is not the worm itself - it’s really nothing new in terms of malware - but the way its being spread. Over the years people have learned to be suspicious of unknown links and attachments in their emails, so the virus writers turned to hit us where we’re more vulnerable: on our social networks. Here, many people still have a feeling of comfort and security. They don’t always have their guard up.

An add-on for the Firefox browser called ‘Pirates of the Amazon’ makes it possible to shop at the Amazon store but leave without paying a dime. Instead, on Amazon product pages the add-on integrates links to ‘free’ copies on The Pirate Bay.

Kaminsky froze. This was far more serious than anything he could have imagined. It was the ultimate hack. He was looking at an error coded into the heart of the Internet’s infrastructure. This was not a security hole in Windows or a software bug in a Cisco router. This would allow him to reassign any Web address, reroute anyone’s email, take over banking sites, or simply scramble the entire global system. The question was: Should he try it?

He tells me about one of his cases involving Symbolic Motors in La Jolla, California. Symbolic, which supplies Ferraris, Lotuses, Aston Martins and Bentleys to the stars, is arguably the most lucrative dealership in the States. It wanted to find out just how good its multi-million dollar security system was, so Pyr0 and his friends Ryan Jones and Chris Nickerson, who call themselves ethical hackers, went to work.

“First we did a bit of dumpster-diving, looking in their trash, to find out who their computer company was,” says the spiky-haired Pyr0. “Then I paid a visit, posing as one of their technicians and got access to the company’s servers. I secretly installed a wireless network behind a desk while I was there, which allowed Ryan, who was in a car outside, to begin hacking into their computer system remotely.” While Jones was downloading Symbolic’s files — details of sales, prices, film-star customers and so on — Pyr0 was wandering around the building taking pictures. There was no alarm security above the ground-floor showroom and the roof skylights were not alarmed. In the showroom, he worked out the blind spots in an array of motion sensors.

Meanwhile, Nickerson, dressed to kill and posing as a potential customer, was taking pictures with a camera disguised as a Zippo lighter. He stuck a tiny wireless camera on to the back of a Bentley advertising display aimed at the keypad that switched the alarm system on and off. Outside in the car, Jones zoomed in on his computer and captured the code when a member of staff punched it in.

That night, they broke in through the unalarmed skylights, exploited the motion sensors’ blind spots, crawled to the alarm keypad and switched off the system. They opened the showroom doors, drove out a Lotus and returned it, parking it the wrong way round.

It gets better — there’s a video series of the whole thing out on truTV. A little dramatic, but it plays like a spy movie. Four parts, each about 10 minutes. It’s interesting to see how “traditional” computer hacking gets combined with social engineering and straight breaking and entering.

[…] Michael Josem […] analysed detailed hand history data from Absolute Poker and UltimateBet and uncovered that certain player accounts won money at a rate too fast to be legitimate.

His findings led to an internal investigation by the parent company that owns both sites. It found rogue employees had defrauded players over three years via a security hole that allowed the cheats to see other player’s secret (or hole) cards.

Now the owners of the sites have filed a $US75 million claim against the makers of the software that powers them, claiming they were unaware of the security holes when they purchased the sites in 2006, MSNBC reported this month.

A man who chose “Lloyds is pants” as his telephone banking password said he found it had been changed by a member of staff to “no it’s not”.

A laptop on the International Space Station is infected with a virus, according to SpaceRef, a website that covers the space program.

NASA confirmed the report to Wired. A spokesman describes the virus — SpaceRef says it’s W32.Gammima.AG — as a “nuisance” that won’t infect mission-critical computers.

[…] the Web site of the Georgian president, Mikheil Saakashvili, had been rendered inoperable for 24 hours by multiple D.D.O.S. attacks. The researchers said the command and control server that directed the attack, which was based in the United States, had come online several weeks before it began the assault.

Perhaps this is why the Georgian Ministry of Foreign Affairs started blogging from Blogspot sometime yesterday.

On Monday afternoon, he handed the passwords over to Mayor Newsom, who was “the only person he felt he could trust,” […]

Childs’ attorney has asked the judge to reduce Childs US$5 million bail bond, describing her client as a man who felt himself surrounded by incompetents and supervised by a manager who he felt was undermining his work.