Vulnerabilities & attacks

Update at 8:35 a.m. PT on Wednesday: Since ZDNet UK published this article, a patch for the flaw has been posted to VMware's Web site.

VMware virtual machines on all hosts with the company's latest hypervisor, ESX 3.5 Update 2, in enterprise configurations have found that it will not power on after being turned off.

The hypervisor refuses to start when the date is August 12, with customers around the world discovering the problem as midnight was passed in their time zones. A flaw in the VMware licensing code is responsible, according to Martin Niemar, … Read more

Initial information suggests that Internet attacks on Georgian Web sites over the last two weeks are the work of kids, according to one researcher, while another says the intensity of these attacks is short-lived when compared with attacks in Estonia last year.

In an e-mail to CNET News, Gadi Evron, founder of the Zero Day Emergency Response Team, said that "although the impact on their Web sites is clear, I believe this may end up being just some kids who got overexcited, with Georgia being ill-prepared to say the least. "

Posting on CircleID, Evron wrote that there are … Read more

The state of Massachusetts plans to ask a federal judge on Thursday to keep in place a restraining order that prevents three MIT students from publicly discussing vulnerabilities they discovered in subway card security.

U.S. District Judge George O'Toole in Boston is scheduled to hear arguments at 11 a.m. ET on whether to modify or eliminate the temporary restraining order, which attorneys for the students characterize as a prior restraint in violation of decades of First Amendment precedent.

A different judge who was on duty on Saturday gave the Massachusetts Bay Transportation Authority an order prohibiting the … Read more

Three MIT students are disputing the Massachusetts transit agency's version of the events that led to the state filing a lawsuit last week--and obtaining a restraining order against their talk on subway card security scheduled for Sunday.

The latest dispute originates in comments made by to CNET News by Massachusetts Bay Transportation Authority spokesman Joe Pesaturo in in a report published Monday. In his e-mail to us, he said the students "agreed to provide the MBTA with a copy of the presentation" scheduled for the Defcon hacker conference on Sunday but never did.

A response posted Tuesday … Read more

Gary McKinnon, a British man accused of hacking into U.S. military systems, has been granted a short stay of his extradition.

Last month, McKinnon lost his battle in the House of Lords against extradition to the U.S. to face charges of hacking various military systems. His final recourse now will be if the European Court of Human Rights (ECHR) agrees to hear his appeal.

The London law firm representing McKinnon, Kaim Todner, stated on Tuesday that the ECHR will consider as soon as August 28 whether McKinnon can appeal.

"The presidents of the European Court (of) Human … Read more

The state of Massachusetts said Monday it is not prepared to abandon its lawsuit against MIT students who uncovered security vulnerabilities in Boston transit cards, even though thousands of copies of their 87-page presentation have been distributed.

A federal judge on Saturday granted the state transit authority's request for a restraining order barring the students' planned presentation at the Defcon conference. It orders them not to disclose any "program, information, software code, or command that would assist another in any material way to circumvent or otherwise attack the security of the Fare Media System."

The MIT students … Read more

The Georgian embassy in the U.K. has accused forces within Russia of launching a coordinated cyberattack against Georgian Web sites, to coincide with military operations in the breakaway region of South Ossetia.

Speaking to ZDNet UK on Monday, a Georgian embassy spokesperson said that Web sites had been unavailable over the weekend, claiming this was due to Russian denial-of-service attacks.

"All Georgian Web sites have been blocked," said the spokesperson. "Georgia is working on redirecting Web traffic."

At the time of writing, the Web site for the Ministry of Defense of Georgia was unavailable for … Read more

LAS VEGAS--A federal judge on Saturday granted the Massachusetts transit authority's request for an injunction preventing three MIT students from giving a presentation about hacking smartcards used in the Boston subway system.

The Electronic Frontier Foundation, which is representing the students, anticipates appealing the ruling, said EFF senior staff attorney Kurt Opsahl.

The undergraduate students had been scheduled to give a presentation Sunday afternoon at the Defcon hacker conference here that they had said would describe "several attacks to completely break the CharlieCard," an RFID card that the Massachusetts Bay Transportation Authority uses on the Boston T … Read more

LAS VEGAS--Don't have special lock-picking skills or equipment but want to pick a high-security lock?

A security researcher explained at the Defcon hacker conference here how to make a fake key out of a credit card that can open certain types of Medeco M3 locks used in the White House, Pentagon, and high-security areas around the world.

You need to make a picture of a legitimate key to have an image to transpose onto the plastic, which means an insider or someone with access to the key would need to cooperate, said Marc Weber Tobias, a lawyer who has … Read more