This week’s link collection tends to fall on the side of security. Whether you have a Mac or you work for Lockheed Martin, it’s been a rough few days.
Krebs on Security: ChronoPay Fueling Mac Scareware Scams
Perhaps Apple will have better luck than others who have tried convincing ChronoPay to quit the rogue anti-virus business, but I’m not holding my breath. As I noted in a story earlier this year, ChronoPay has been an unabashed “leader” in the scareware industry for quite some time.
I don’t need to tell you that the majority of spyware/malware/crapware out there is motivated today by money. It is a little surprising to find out that one company seems to be masterminding things. And with the surge in Mac sales raising their profile among hackers, expect a flood of junk for the Mac.
Reuters: Hackers Breach US Defense Contractors
Unknown hackers have broken into the security networks of Lockheed Martin Corp and several other U.S. military contractors, a source with direct knowledge of the attacks told Reuters. They breached security systems designed to keep out intruders by creating duplicates to "SecurID" electronic keys from EMC Corp's RSA security division, said the person who was not authorized to publicly discuss the matter.
I am Jack’s complete lack of surprise. As we discussed on Packet Pushers almost 2 months ago, there was more to the RSA breach than was being let on. Looks like the tokens are compromised and making copies is easier than RSA would like. If you’re using SecurID tokens, it’s best to discontinue their use if possible and get in touch with RSA to get them replaced. You might also think about mentioning you don’t want them pulled from stock. You know, just in case…
RFC 6127 – IPv4 Run-Out and IPv4-IPv6 Co-Existence Scenarios
Check out our latest discussion of All Things NAT, as well as fun things like Carrier-Grade NAT (NAT 444), Teredo, and my personal favorite…jabbing bamboo shoots under your fingernails.