China’s military is under attack. At least its Web site is…from hackers.

In a sign that China’s Ministry of National Defense faces the same kind of Internet security challenges that militaries around the world have reported, its new Web site was attacked more than 2.3 million times within a month of its August launch. The state-run People’s Daily newspaper reported that revelation Wednesday in an interview with the editor-in-chief of the Chinese defense department’s site, Ji Guilin.

In the report, Ji said it battled down a variety of hackers and no harm was done to China’s national security. He said the site has boosted its network security.

He didn’t say where the hacker attacks originated.

Read the rest of this post on the original site

Benjamin Moody got hooked on calculators the moment his father bought him one to help with his math homework when he was 15. He squirreled away with it and devoured the 19-chapter owners’ manual.

Before long, he had written onto his Texas Instruments Inc. (TXN) graphing calculator a program for his version of a Whac-A-Mole game. A few months later, he created one that mapped out star positions on its 1½-inch-by-2½-inch screen. He once made his calculator into a sort of e-book reader, although he could only read a couple lines at a time.

“Pushing the limits of what the hardware can do, that’s where a lot of the fun is,” said Mr. Moody, 23, a computer programmer who lives in Newton, Mass.

Calculator hackers are a small band of enthusiasts who revel in making their clunky devices perform sometimes oddball tasks.

Read the rest of this post on the original site

For fast-growing technology start-ups, there are many approaches to employee hiring and retention.

Two of the more successful ones, Facebook and Zappos, have very different methods, each with different goals: Facebook wants to hire entrepreneurs even if that means they will eventually leave, while Zappos wants to hire the best people to fit its culture and figure out how to keep them.

Mark Zuckerberg, chief executive of Facebook, said at a talk this weekend at Startup School, a Berkeley, Calif., event organized by Y Combinator, that Facebook seeks to hire entrepreneurial “hackers”–people who want to build something new–even though they may not want to stay for long. The company is focused on technology and tilts its hiring toward engineers, even for people in non-technical roles such as marketing, he said.

Read the rest of this post on the original site

Wal-Mart (WMT) was the victim of a serious security breach in 2005 and 2006 in which hackers targeted the development team in charge of the chain’s point-of-sale system and siphoned source code and other sensitive data to a computer in Eastern Europe, Wired.com has learned.

Internal documents reveal for the first time that the nation’s largest retailer was among the earliest targets of a wave of cyberattacks that went after the bank-card processing systems of brick-and-mortar stores around the United States beginning in 2005. The details of the breach, and the company’s challenges in reconstructing what happened, shed new light on the vulnerable state of retail security at the time, despite card-processing security standards that had been in place since 2001.

Read the rest of this post on the original site

Microsoft says a phishing scheme is behind the exposure of passwords to thousands of Hotmail accounts late last week and adds that it’s helping affected customers regain control of their accounts.

On Monday, the Neowin technology blog posted a story saying that an anonymous user on Oct. 1 had uploaded a list with password details of more than 10,000 Hotmail accounts to a Web site called pastebin.com, where developers typically share programming code with each other. Neowin said it had seen part of the list, which has since been removed, and notified Microsoft of the issue.

After an internal investigation into the leaked Hotmail credentials, Microsoft (MSFT) said in a statement that it determined the passwords were obtained through a phishing scam. In a phishing scam, hackers send out legitimate-looking emails under the letterhead of banks, eBay (EBAY) and other institutions, usually telling consumers they need to reset online passwords to their Web sites for security purposes.

Read the rest of this post on the original site

Internet pranksters, gathered around the popular anonymous Internet forum 4chan, have seemingly orchestrated an attack on Twitter, creating a number of fake accounts and pushing the hashtag #gorillapenis to the trending topics.

The attack now seems to be under control, as that particular hashtag is no longer visible in Twitter trends, but coupled with the recent problem with the suspension of several real accounts–which might have been partly due to the 4chan attack–it once again shows that Twitter is going to have a hard time controlling spammers, pranksters and hackers whose number will inevitably increase with the rise of Twitter’s popularity.

Read the rest of this post on the original site

High school hackers, crackers and digital deviants: Uncle Sam wants you.

As part of a government information security review released as early as Friday, White House interim cybersecurity chief Melissa Hathaway likely will mention a new military-funded program aimed at leveraging an untapped resource: the U.S.’ population of geeky high school and college students.

Read the rest of this post on the original site

New York City’s police department joins the Dalai Lama, the Joint Strike Fighter and the U.S. electrical grid as the latest alleged target of Chinese hackers.

New York Police Commissioner Raymond Kelly said Wednesday that hackers make at least 70,000 attempts every day to access computer systems of the New York Police Department, the largest police force in the U.S. Kelly said most of the attacks originated from computers with IP addresses in China and the Netherlands, according to Newsday, but that all attempts have failed thanks to the department’s security system.

Read the rest of this post on the original site.

Basketball fans, beware.

Hackers are taking advantage of bracket-related Web surfing and initiating some madness of their own, with tactics as sneaky as spreading malicious software through March Madness blog posts.

Online security company Websense discovered two March Madness-related malware scams earlier this week, one in the form of URLs posted in blog comments that took users to a phony anti-virus scanning site, and another as a search engine optimization scam that infected basketball-related terms and pushed them to the top in Google (GOOG).

It’s a clever and common tactic, particularly for an event like the NCAA tournament, which has fans checking sports sites, blogs and mobile devices for updates on their favorite teams. Websense’s chief technology officer, Dan Hubbard, says that hackers try to capitalize on popular events or stories on the Internet, whether it’s a major athletic event such as the Olympics, the recent presidential election, or a celebrity breakup that drives Web traffic. Users need to be wary of links to fake anti-virus scanners that urge installation. “Just because something comes up on your screen and tells you to install it doesn’t mean you have to actually do it,” he says. “That’s a really hard message to get across to the consumers.”

Read the rest of this post

How secure is your smartphone? We may find out next month.

Hackers and computer security experts gathering on March 18 in Vancouver, British Columbia, for the third annual Pwn2Own contest will be targeting five smartphones: an Apple (AAPL) iPhone, a Research in Motion (RIMM) BlackBerry and phones running on Google’s (GOOG) Android, Microsoft’s (MSFT) Windows Mobile and Nokia’s (NOK) Symbian operating systems.

The contest, sponsored by 3Com’s (COMS) TippingPoint computer security division, will award $10,000 prizes to anyone who can break into one of the phones and “pwn” it–hacker and Internet-gamer slang meaning to conquer or gain ownership. The smartphones themselves will be awarded as prizes to whomever cracks them first.

Read the rest of this post

The Amish have the undeserved reputation of being Luddites, of people who refuse to employ new technology. It’s well known the strictest of them don’t use electricity, or automobiles, but rather farm with manual tools and ride in a horse and buggy. In any debate about the merits of embracing new technology, the Amish stand out as offering an honorable alternative of refusal. Yet Amish lives are anything but anti-technological. In fact on my several visits with them, I have found them to be ingenious hackers and tinkers, the ultimate makers and do-it-yourselfers and surprisingly pro technology.

Read the rest of this post

Freedom of the press belongs to those who own one. After hackers took down SoapBlox, a one-man blog-hosting company which runs local political Web sites, a silenced liberal commentariat found out how true that was.

SoapBlox grew out of Scoop, the software used on DailyKos, Markos Moulitsas’s left-of-center superblog. Paul Preston, its developer, found himself running 25 different sites–the likes of My Left Wing, Blue Hampshire, West Michigan Rising, and Swing State Project. (All politics is local!)

And yet SoapBlox remained a one-man band. So when still-unidentified hackers infiltrated SoapBlox’s servers, causing them to be taken offline, Preston despaired.

Read the rest of this post

Here’s the latest sign that businesses are losing the tech security fight: The bad guys are starting to steal from one another.

That could sound like a good thing–better that hackers and other cyber criminals squabble among themselves than attack innocent businesses and consumers–but it really isn’t. This internecine theft isn’t the online version of a gangland fight to the death. Rather, veteran criminals are finding ways to take credit card numbers and other information from newbie crooks, Billy Rios, a security engineer at Microsoft who spends his free time researching the cyber black market, tells the Business Technology Blog.

Read the rest of this post

About two weeks ago, we covered the release of a DNS security fix meant to patch a vulnerability in the system that matches domain names with IP addresses. The flaw had been discovered by security researcher Dan Kaminsky some months earlier but, at the time, details on the exploit were being kept secret. That information has since leaked thanks to an accidental blog post by someone at Matasano Security. Fast forward four days, and hackers, enterprising little children that they are, have released an exploit aimed squarely at the vulnerability.

This would be less of an issue if the widely released patch from two weeks ago had been fully deployed, but a number of companies or ISPs don’t seem to have gotten the memo.

Read the rest of this post

Hackers enjoy a reputation as computer whizzes who can break into the most sophisticated systems. They may be whizzes, but the reason for their success is that businesses rely on defenses filled with holes big enough to drive a truck through.

A new study by Verizon’s Business Risk team, which performs post-breach forensics, looked at the causes of more than 500 data-loss incidents and concluded that sloppy security procedures were partly to blame in almost every one.

Read the rest of this post