Instead of the more traditional BIOS loader or OEM BIOS methods, digital pirates have rolled out a software-based way to circumvent Windows 7's required online activation, making it easier to use stolen copies of Microsoft's new OS.
Several tools are available online, with the most popular being RemoveWAT (meaning "Windows Activation Technology") and Chew-WGA, according to My Digital Life. Both of these utilities use various means to accomplish the same end; removing or blacklisting the files that Windows uses to start the activation process.
My Digital Life reports that the workarounds were made possible by Microsoft's less strict security settings in Windows 7, which were put in place to cut down on false positives and reduce installation headaches for users. Windows Vista, which featured more active security measures, was never permanently cracked.
Windows 7's security features have drawn mixed reviews, with most praising the removal of Vista's intrusive User Account Control features, but some arguing that the OS is less safe than its predecessors precisely because UAC is less ubiquitous.
Tag Archives: hackers
Hackers bypass Windows 7 remote activation requirement with software workaround
Filed under Security News
Tagged as activation, bypass, Chew-WGA, hackers, My Digital Life, RemoveWAT, UAC, WAT, Windows 7
Tagged as activation, bypass, Chew-WGA, hackers, My Digital Life, RemoveWAT, UAC, WAT, Windows 7
Two-factor security can’t keep all hackers at bay
Advanced online security measures adopted by banks, including passwords that change every minute, are just one more hurdle for professional hackers to overcome, warn security experts.
One-time passwords and other cutting edge techniques can keep out low-level cyber criminals, but no system is safe from particularly clever or determined hackers. Sam Curry, vice president of security firm RSA told tech blog Zikkir that "Companies should be very leery of both prophecies of doom, like the death of a technology, [and] rosy visions of security. Everything is breakable."
All is not lost to the hackers, however. Experts like Curry suggest a number of additional steps that can be taken to throw additional roadblocks into the path of would-be cyber criminals. Bank transactions, for example, could be conducted only using a computer running Linux, or one that was specially secured against the interception of online communication.
Alternatively, financial firms can take the initiative back from hackers by returning to low-tech methods of doing business. One company that was the victim of a financial Trojan attack told Zikkir that they have "gone back to writing manual checks."
One-time passwords and other cutting edge techniques can keep out low-level cyber criminals, but no system is safe from particularly clever or determined hackers. Sam Curry, vice president of security firm RSA told tech blog Zikkir that "Companies should be very leery of both prophecies of doom, like the death of a technology, [and] rosy visions of security. Everything is breakable."
All is not lost to the hackers, however. Experts like Curry suggest a number of additional steps that can be taken to throw additional roadblocks into the path of would-be cyber criminals. Bank transactions, for example, could be conducted only using a computer running Linux, or one that was specially secured against the interception of online communication.
Alternatively, financial firms can take the initiative back from hackers by returning to low-tech methods of doing business. One company that was the victim of a financial Trojan attack told Zikkir that they have "gone back to writing manual checks."
Hackers hijack PBS.org
Malicious JavaScript was found on PBS.org after hackers replaced code in the Curious George section of the website.
The hack redirected users who clicked on an image of the curious little monkey to an error page. The error page contained an iframe linked to a third-party .info domain, which hosted a wide array of malware, including exploits targeting Acrobat Reader, AOL SuperBuddy, AOL Radio AmpX and Apple QuickTime.
The web security blog Purewire said that information found on several associated web domains indicates that a criminal was using this exploit and others to build a botnet that he or she is planning to lease. PBS said that the malicious code was removed from the website late Friday. The number of users whose computers were infected is not known.
It is unknown how the hackers gained access to PBS.org in order to plant the malware-spreading JavaScript, but the incident does serve to further highlight the recent trend of criminals using legitimate websites to spread malicious programs and data. Security experts say that caution is necessary during the current wave of malware-related incidents.
The hack redirected users who clicked on an image of the curious little monkey to an error page. The error page contained an iframe linked to a third-party .info domain, which hosted a wide array of malware, including exploits targeting Acrobat Reader, AOL SuperBuddy, AOL Radio AmpX and Apple QuickTime.
The web security blog Purewire said that information found on several associated web domains indicates that a criminal was using this exploit and others to build a botnet that he or she is planning to lease. PBS said that the malicious code was removed from the website late Friday. The number of users whose computers were infected is not known.
It is unknown how the hackers gained access to PBS.org in order to plant the malware-spreading JavaScript, but the incident does serve to further highlight the recent trend of criminals using legitimate websites to spread malicious programs and data. Security experts say that caution is necessary during the current wave of malware-related incidents.
Hacker attack forces shutdown of Michael Savage website
The website of controversial radio talk show host Michael Savage was forced to shut down for an hour on Saturday after a hacker infiltrated the site, according to WorldNetDaily.
WorldNetDaily reported that the hacker had broken in through a feedback portal and "damaged" the site. Savage, who has been placed on a list of banned people in the UK for spreading hatred, blamed Britain for the hack on his website.
Savage has been critical of the UK over the recent release of the convicted bomber of the flight over Lockerbie, Scotland, Abdelbaset Ali al-Megrahi, who has since returned to his native Libya.
"Why on the day of the worldwide furor over the release of the Lockerbie bomber by [British Prime Minister] Gordon Brown would Michael Savage's website be hacked?" Savage said, according to WorldNetDaily. "We cannot say who did this, but would it not be a possibility that the Brits themselves ordered this hack attack?"
Political hackers often use methods like a SQL injection attack to infiltrate web servers and post digital graffiti on websites.
Earlier this month, hackers broke into the websites of several members of the U.S. House of Representatives, replacing portions of their home pages with digital graffiti, according to the Washington Post Security Fix blog.
WorldNetDaily reported that the hacker had broken in through a feedback portal and "damaged" the site. Savage, who has been placed on a list of banned people in the UK for spreading hatred, blamed Britain for the hack on his website.
Savage has been critical of the UK over the recent release of the convicted bomber of the flight over Lockerbie, Scotland, Abdelbaset Ali al-Megrahi, who has since returned to his native Libya.
"Why on the day of the worldwide furor over the release of the Lockerbie bomber by [British Prime Minister] Gordon Brown would Michael Savage's website be hacked?" Savage said, according to WorldNetDaily. "We cannot say who did this, but would it not be a possibility that the Brits themselves ordered this hack attack?"
Political hackers often use methods like a SQL injection attack to infiltrate web servers and post digital graffiti on websites.
Earlier this month, hackers broke into the websites of several members of the U.S. House of Representatives, replacing portions of their home pages with digital graffiti, according to the Washington Post Security Fix blog.
Hackers prefer Firefox, Opera web browsers
Hackers prefer to use the Firefox and Opera web browsers, according to web security researcher Paul Royal of Purewire, who spent three months monitoring the activity of hackers who use exploit toolkits.
Royal said hackers likely prefer Opera, which 26 percent use, because its overall marketshare is only about 2 percent, meaning few other hackers bother to write malware to attack that browser. Mozilla's Firefox browser was used by 46 percent of the hackers, Royal said, according to a report from the UK Register.
Hackers are likely aware of the exploits that plague the most popular browser, Microsoft's Internet Explorer (IE). "It makes them wary of using mainstream browsers," Royal said, according to the Register.
IE has been exploited recently by flaws in the Video ActiveX controls, the subsystem that allows IE users to watch videos in the browser. The company has issued multiple security updates to fix flaws in that system, including an "out-of-band" patch earlier this month.
The latest version, IE8, surpassed other browsers in a security test sponsored by Microsoft and run by an independent research lab.
Royal said hackers likely prefer Opera, which 26 percent use, because its overall marketshare is only about 2 percent, meaning few other hackers bother to write malware to attack that browser. Mozilla's Firefox browser was used by 46 percent of the hackers, Royal said, according to a report from the UK Register.
Hackers are likely aware of the exploits that plague the most popular browser, Microsoft's Internet Explorer (IE). "It makes them wary of using mainstream browsers," Royal said, according to the Register.
IE has been exploited recently by flaws in the Video ActiveX controls, the subsystem that allows IE users to watch videos in the browser. The company has issued multiple security updates to fix flaws in that system, including an "out-of-band" patch earlier this month.
The latest version, IE8, surpassed other browsers in a security test sponsored by Microsoft and run by an independent research lab.
Radisson data breach exposed credit card numbers
Filed under Security News
Tagged as Canada, CC, credit cards, hackers, hotels, ntwork, Radisson, security, US
Tagged as Canada, CC, credit cards, hackers, hotels, ntwork, Radisson, security, US
Between November 2008 and May 2009, hackers infiltrated the network security of computer systems at some Radisson hotels in the U.S. and Canada and accessed customer names and credit card numbers, the hotel chain disclosed Wednesday.
Citing an ongoing forensic investigation, the company did not provide much detailed information on the nature of the data breach, but said Social Security numbers were not included in the computers that were accessed.
Radisson said it was notified of the data theft by credit card companies and payment processors. The company does not suspect an insider breach, meaning it was likely the result of a hacking attack, according to Networkworld.
"We believe at this time it is limited to an isolated number of hotels in the U.S. and Canada," Radisson said of the data breach in a FAQ on its website. "Since the investigation is still on-going and sensitive, we are not able to comment on particular properties."
Identity theft and theft of credit card information has been a plague on the banking and retail industries. Federal prosecutors earlier this week indicted a Miami man for his alleged involvement in a hacker attack that accessed 130 million credit card numbers from Heartland Payment Systems.
Citing an ongoing forensic investigation, the company did not provide much detailed information on the nature of the data breach, but said Social Security numbers were not included in the computers that were accessed.
Radisson said it was notified of the data theft by credit card companies and payment processors. The company does not suspect an insider breach, meaning it was likely the result of a hacking attack, according to Networkworld.
"We believe at this time it is limited to an isolated number of hotels in the U.S. and Canada," Radisson said of the data breach in a FAQ on its website. "Since the investigation is still on-going and sensitive, we are not able to comment on particular properties."
Identity theft and theft of credit card information has been a plague on the banking and retail industries. Federal prosecutors earlier this week indicted a Miami man for his alleged involvement in a hacker attack that accessed 130 million credit card numbers from Heartland Payment Systems.
Hackers use Twitter to control botnets
A web security researcher has discovered accounts on Twitter that act as command and control (C&C) centers for directing botnets - networks of malware-infected PCs that can be directed to send spam or launch denial of service attacks.
Researcher Jose Nazario of security firm Arbor Networks said he discovered Twitter accounts that use status messages (tweets) to send out links containing new commands or executables for the botnet to download and run. The botnet uses the RSS feed to get updates from Twitter, Nazario said in a blog post.
One such account with the Twitter profile name upd4t3 has been used to as part of an information stealing scheme.
Nazario said the account is presently live but under review by Twitter and is "just one of what appear to be a handful of Twitter C&C accounts."
Hackers typically use rogue servers to operate their botnets, which can be rented out to other cybercriminals for activity ranging from sending spam to stealing bank account or other information from PCs.
Botnets can also be used to launch distributed denial-of-service attacks (DDoS), which can slow or stop websites from working by overwhelming a site with traffic.
Twitter itself was downed by DDoS attacks last week and again this week.
Researcher Jose Nazario of security firm Arbor Networks said he discovered Twitter accounts that use status messages (tweets) to send out links containing new commands or executables for the botnet to download and run. The botnet uses the RSS feed to get updates from Twitter, Nazario said in a blog post.
One such account with the Twitter profile name upd4t3 has been used to as part of an information stealing scheme.
Nazario said the account is presently live but under review by Twitter and is "just one of what appear to be a handful of Twitter C&C accounts."
Hackers typically use rogue servers to operate their botnets, which can be rented out to other cybercriminals for activity ranging from sending spam to stealing bank account or other information from PCs.
Botnets can also be used to launch distributed denial-of-service attacks (DDoS), which can slow or stop websites from working by overwhelming a site with traffic.
Twitter itself was downed by DDoS attacks last week and again this week.
Korean hackers, MyDoom worm suspected in DDoS attacks
Government websites in the U.S. and South Korea were hit by a major cyberattack beginning on July 4, which intelligence officials believe were launched by hackers sympathetic to the authoritarian regime in North Korea.
U.S. officials told the Associated Press that websites for the Treasury department, the Secret Service, the Federal Trade Commission and the Department of Transportation were hit by a sustained distributed denial-of-service attack (DDoS) over the holiday weekend.
South Korean intelligence officials said a botnet of 18,000 infected computers located on the Korean peninsula was used to launch the attacks, according to the Korea Herald.
A series of attacks on South Korean government sites began on Tuesday, including the sites of the office of the president, Cheong Wa Dae and the National Assembly, Ministry of Defense and Shinhan Bank and Korea Exchange Bank, the newspaper reported.
Amy Kudwa, a spokeswoman for the Department of Homeland Security, said the U.S. Computer Emergency Readiness Team issued a notice to federal departments and "advised them of steps to take to help mitigate against such attacks," according to the AP.
Web security researchers from AhnLab said the attack could have been spawned by PCs infected with a version of the MyDoom worm, according to IDG News Service.
U.S. officials told the Associated Press that websites for the Treasury department, the Secret Service, the Federal Trade Commission and the Department of Transportation were hit by a sustained distributed denial-of-service attack (DDoS) over the holiday weekend.
South Korean intelligence officials said a botnet of 18,000 infected computers located on the Korean peninsula was used to launch the attacks, according to the Korea Herald.
A series of attacks on South Korean government sites began on Tuesday, including the sites of the office of the president, Cheong Wa Dae and the National Assembly, Ministry of Defense and Shinhan Bank and Korea Exchange Bank, the newspaper reported.
Amy Kudwa, a spokeswoman for the Department of Homeland Security, said the U.S. Computer Emergency Readiness Team issued a notice to federal departments and "advised them of steps to take to help mitigate against such attacks," according to the AP.
Web security researchers from AhnLab said the attack could have been spawned by PCs infected with a version of the MyDoom worm, according to IDG News Service.
Hackers hijack Britney Spears’ TwitPic account
Filed under Security News
Tagged as Britney Spears, Facebook, hacked, hackers, hijack, spam, TwitPic, Twitter, viruses
Tagged as Britney Spears, Facebook, hacked, hackers, hijack, spam, TwitPic, Twitter, viruses
Hackers broke into the TwitPic accounts of Britney Spears, Ellen DeGeneres and other celebrities to broadcast bogus information, the Associated Press reported.
The hacked accounts were discovered Sunday after TwitPic, the largest service for posting photographs to the micro-blogging site Twitter, noticed phony messages, including one that said Spears had died.
Twitpic, which is not owned or affiliated with Twitter, said on its Twitter feed that the company had "implemented a fix for the email posting vulnerability."
Hackers have increasingly hijacked user accounts on Facebook and Twitter to spread viruses and spam and to phish other users' account information.
Web security experts say phishing attacks on social networking sites are up to 10 times more effective than those sent via email.
A recent survey found that 30 percent of users of social networks had been subject to cyberattacks. Many users leave themselves open to attacks but publishing personal information that could be used for identity theft.
Among younger users, 51 percent use the same password on multiple sites and two-thirds share personal information that may compromise online privacy, the survey found.
The hacked accounts were discovered Sunday after TwitPic, the largest service for posting photographs to the micro-blogging site Twitter, noticed phony messages, including one that said Spears had died.
Twitpic, which is not owned or affiliated with Twitter, said on its Twitter feed that the company had "implemented a fix for the email posting vulnerability."
Hackers have increasingly hijacked user accounts on Facebook and Twitter to spread viruses and spam and to phish other users' account information.
Web security experts say phishing attacks on social networking sites are up to 10 times more effective than those sent via email.
A recent survey found that 30 percent of users of social networks had been subject to cyberattacks. Many users leave themselves open to attacks but publishing personal information that could be used for identity theft.
Among younger users, 51 percent use the same password on multiple sites and two-thirds share personal information that may compromise online privacy, the survey found.
Iranian hackers hijack University of Oregon network
Filed under Security News
Tagged as Cyber Secure Institute, hackers, hijack, Iran, iranian, network, Obama, Rob Housman, University of Oregon
Tagged as Cyber Secure Institute, hackers, hijack, Iran, iranian, network, Obama, Rob Housman, University of Oregon
Hackers sympathetic to Iran's ruling regime hijacked the University of Oregon website on Wednesday to redirect visitors to a site that said the regime "never cheated" in the disputed June 12 election.
The Associated Press reported that visitors to the university's web system during a 90-minute window Wednesday were taken to an 89-word pro-Iranian message that warned President Obama to stay out of Iranian affairs.
The hackers used the university's network to send the message to AP and others. The message addressed the president as "Hey Stupid Fly Catcher Obama!"
Diane Saunders, spokeswoman for the university, told AP that the hackers were able to gain control of the site through third-party software that had not been updated. Saunders said the computers of visitors to the site were not compromised.
Rob Housman, executive director of the Cyber Secure Institute, a research and advocacy firm, said the hack highlighted how the United States is engaged in a "low-level conflict" across cyberspace.
Housman said it reveals the extent to which U.S. network security is inadequate.
"[C]onsider the damage possible if the attackers weren't less sophisticated Iranian protestors but the Chinese military's cyber-special-forces or the legions of Russian cyber-irregulars," he said.
The Associated Press reported that visitors to the university's web system during a 90-minute window Wednesday were taken to an 89-word pro-Iranian message that warned President Obama to stay out of Iranian affairs.
The hackers used the university's network to send the message to AP and others. The message addressed the president as "Hey Stupid Fly Catcher Obama!"
Diane Saunders, spokeswoman for the university, told AP that the hackers were able to gain control of the site through third-party software that had not been updated. Saunders said the computers of visitors to the site were not compromised.
Rob Housman, executive director of the Cyber Secure Institute, a research and advocacy firm, said the hack highlighted how the United States is engaged in a "low-level conflict" across cyberspace.
Housman said it reveals the extent to which U.S. network security is inadequate.
"[C]onsider the damage possible if the attackers weren't less sophisticated Iranian protestors but the Chinese military's cyber-special-forces or the legions of Russian cyber-irregulars," he said.