'Oleg Pliss' Hack Makes for A Perfect Teachable IT Moment

Computerworld - Earlier this week, a number of iOS device owners woke up to discover that someone had locked them out of the iPhones, iPads, and iPod touches. The attack, primarily aimed at users in Australia and New Zealand (though there are now reports of users in North America and other countries being hit), demanded a ransom be paid to unlock each device. Ironically, the PayPal account referenced in the demand did not seem to even exist.

The "Oleg Pliss" hack, if you can call it one, wasn't particularly sophisticated. The party behind it -- most likely relied on information like user IDs (including email addresses used as usernames) collected by attacks on non-Apple websites like the recent breach that compromised eBay user accounts. Since a lot of people reuse user IDs, passwords and account security questions, all the hacker(s) needed to do was use that information to log into iCloud and use the Find My iPhone/iPad/iPod feature to lock the device and display a message on it. (The feature is typically used to locate a lost or stolen iOS device.)

Read more...

Board Declares NSA Data Sweep Illegal

An independent board tasked with reviewing National Security Agency surveillance called Thursday for the government to end its mass data collection program and "purge" its files, declaring the program illegal in a major challenge to President Obama.

The president did not go nearly as far when he called last week for ending government control of phone data collected from hundreds of millions of Americans. In its report, obtained by Fox News and scheduled for release Thursday afternoon, The Privacy and Civil Liberties Oversight Board (PCLOB) said the program ran afoul of the law on several fronts.

"The ... bulk telephone records program lacks a viable legal foundation," the board's report said, adding that it raises "serious threats to privacy and civil liberties" and has "only limited value."

"As a result, the Board recommends that the government end the program," the panel wrote.

It remains to be seen whether Obama will accept all or part of the recommendations, but the findings could nevertheless be used as leverage in federal lawsuits against NSA spying.

The report concluded that the NSA collection raises "constitutional concerns" with regard to U.S. citizens' rights of speech, association and privacy.

Read more:

Guccifer Unmasked!

• Romanian authorities announced Wednesday the arrest of Marcel Lazar Lehel, 40, a hacker believed to work under the name 'Guccifer'.
• Guccifer became known in the U.S. a year ago after releasing personal Bush family pictures.
• In Romania his hacking dates as far back as 2010. 
• He was found guilty in his home country of a dozen hacking-related charges in February 2012.

The hacker who goes by the alias Guccifer and is known for releasing pictures of former President George W Bush's paintings has been captured in Romania.

Romanian authorities announced Wednesday that they arrested 40-year-old Marcel Lazar Lehel in the town of Arad.

The raid was organized by Romania's Directorate of Investigating Organized Crime and Terrorism (DIICOT) who said that they were cooperating with U.S. authorities.

Guccifer became known in the U.S. last year when he released pictures of former President George H.W. Bush in the hospital along with other former president George W Bush's hobby paintings.

While Bush II's paintings turned out to be more of a lighthearted hack, Guccifer eventually went on to expose the more serious secrets of America's powerful.

Guccifer hacked into the website of Colin Powell, revealing an affair between the former secretary of state and Romanian European Parliament member Corina Cretu - an affair the married man continues to deny.

Read more: