Sniff Out This...Obama's Deception??? or NWO!!!

August 2009

Hackers reveal security vulnerability in trusted sites.

A nefarious new tactic used by hackers works similar to a telephone tap, intercepting information between computers and the trusted Web sites they visit. Hackers at last week’s Black Hat and DefCon security conferences revealed a significant flaw in the way Web browsers filter untrustworthy sites and block users from accessing them. The flaw allows cybercriminals who penetrate a network to establish a secret eavesdropping position, enabling them to capture passwords, credit card numbers and other private data flowing between computers on that network and the Web sites users believe are safe. In an even more worrisome scheme, a hacker could hijack the auto-update feature on a victim’s computer, and trick it into automatically installing malicious code from the attacker’s Web site. In that case, the computer would simply believe the code was a valid update coming from the software manufacturer.

Surveillance camera hack swaps live feed with spoof video.

Corporate teleconferences and other sensitive video feeds traveling over internet are a lot more vulnerable to interception thanks to the release of free software tools that offer penetration testers and attackers a point-and-click interface. At the Defcon hacker conference in Las Vegas, the Viper Lab researchers demonstrated new additions to UCSniff, a package of tools for sniffing internet-based phone conversations. The updates offer tools that streamline the process of intercepting video feeds, even when they are embedded in voice-over-internet-protocol traffic. The researchers showed how a companion tool called VideoJak can be used to tamper with video surveillance feeds in museums and other high-security settings. As several hundred conference attendees looked on, they displayed a live feed of a water bottle that was supposed to be a stand in for a precious diamond egg. When someone tried to touch the bottle, the video caught the action in real time. Then they fired up VideoJak. When the bottle was touched again, the video, which presumably would be piped to a security guard, continued to show the bottle was safe and sound. “We used UCSniff to actually capture valid stream for 20 seconds and then we played it against the security guy receiving the traffic,” the director of Sipera’s Viper Labs said in an interview afterward. “So he saw the room was just sitting there unmolested while the person was actually taking the diamond egg.” A separate demo showed a live teleconference that was being secretly intercepted so the video feeds of both participants could be logged in real time. Both attacks convert the intercepted feeds to a raw H.264 video file and from there to a simple AVI file. http://www.theregister.co.uk

U.S. weighs risks of civilian harm in cyberwarfare.

Fears of collateral damage are at the heart of the debate as the Presidential Administration and its Pentagon leadership struggle to develop rules and tactics for carrying out attacks in cyberspace. While the former Administration seriously studied computer-network attacks, the current Administration is the first to elevate cybersecurity — both defending American computer networks and attacking those of adversaries — to the level of a White House director, whose appointment is expected in coming weeks. But senior White House officials remain so concerned about the risks of unintended harm to civilians and damage to civilian infrastructure in an attack on computer networks that they decline any official comment on the topic. And senior Defense Department officials and military officers directly involved in planning for the Pentagon’s new “cybercommand” acknowledge that the risk of collateral damage is one of their chief concerns. “We are deeply concerned about the second- and third-order effects of certain types of computer network operations, as well as about laws of war that require attacks be proportional to the threat,” said one senior officer. http://news.cnet.com