The BBC demonstrated that by acquiring some software from chatrooms on the internet, they were able to set up their own botnet and take control of 22,000 user’s PCs.

Apparently the BBC are voicing that as this was not done with "criminal intent" it’s not illegal – and that no personal information was obtained from the slave machines.

I’m a little shocked, I must admit. When has a TV corporation had the power to take it on themselves to hack thousands of computers and then in the same breath say it’s not illegal? Just the mere fact that the BBC took control, means they have broken the law. They have unlawfully obtained use of equipment that they didn’t pay for, don’t pay the electricity bill for & don’t pay the user’s ISP for use of the bandwidth. Stealing, as far as I have been aware has always been a criminal activity – and it doesn’t matter if you dress this with "criminal intent" or not. And if it’s not stealing, then it’s a breach of privacy in the most basic form – you have the right to use your own property without interference from anyone else.

So what happens next? I think if you were one of the 22,000 users that had their PCs hijacked – maybe you should send a letter to your local MP, or perhaps contact the Electronic Frontier Foundation. I know that’s the route I would be taking. Read the BBC article here.

Users of Internet Explorer are being urged to switch to a different browser in a bid to escape a serious zero day flaw.

Internet Explorer 5, 6 and 7 are all shown to contain the flaw that could potentially allow somebody access to your computer. Admittedly, if you stick to well known websites you should be relatively safe, although Trend Micro Anti-Virus estimate 10,000 websites have already been compromised – with many more to follow after the flaw has been made public.

So maybe now is the push you need if you’re still using Internet Explorer, to perhaps switch to a more secure alternative? Firefox, Chrome or Opera (or even Flock) are alternatives that are actually faster and more web standards compliant than Internet Explorer also, so it’s a win-win situation. If however you don’t have a choice and you’re stuck with Internet Explorer, make sure that the browser is put into it’s high security mode (Tools menu, Internet Options, Security Tab, Internet – set the slider to “High”) and also make sure you only stick to websites you know and trust.

PC World reports today that the once full-proof wireless encryption standard, WPA, has been partially cracked by Erik Tews and Martin Beck – two researchers which are due to make an appearance in the PacSec applied security conference next week.

Erik Tews was involved previously with developing new ways to crack the older, and shown to be weak, WEP method of wireless security. He has now developed an attack, along with Martin Beck, that can compromise the TKIP protocol within 15 minutes – much less time than was previously thought possible.

TKIP is a wrapper protocol that surrounds the old WEP encryption, essentially turning the once weak WEP into the thought to be stronger WPA. The encryption standard hasn’t fully been cracked however as the data was decrypted from the router to the PC and not from the PC to the router. So even though the password you type in to your browser is safe, the data coming back that might contain your bank balance won’t be. I’m sure it will just be a matter of time before it’s fully broken.

For those who are worried, WPA2, the latest version, does not suffer from the same flaws, but is also not available on every router and PC. If you have the latest service pack for Windows XP, or Windows Vista, WPA2 is built in, but you’ll have to verify that your router supports it too.

A job everyone can relate to – especially me as it’s something I do during the working week! System Administrators are the key to any IT systems in a business. They’re the people that keep things running on a day to day basis. They’re the ones who keep everything secure and well-oiled. So it comes as a surprise when somebody who works in such a high position of responsibility goes bad. Thankfully it’s not something you hear about every day, although fairly recently I wrote an article about the sysadmin in San Francisco who failed to hand over the passwords to the mainframe! Anyhow, on to the story:

Priyavrat H Patel, a sysadmin who worked for a screwdriver company, was convicted in the US for Computer Intrusion. He will spend 6 months behind bars, pay $120,000 in restitution, and be under house arrest for a further 6 months after release, and still be answerable to the courts for another 2 and a half years to make sure he stays an upstanding citizen. Apparently, the fuel that caused Mr. Patel to remotely access the servers and bring down their email and network systems? The demon drink of course! Read the full Register article for the rest of the details.

Of course it begs the question, why weren’t the passwords changed when the guy left?

A post graduate master’s degree is available to students of the Abertay University, in Dundee, Scotland. The Master’s is being offered as a gateway into the security sector, with coursework enabling students to test security vulnerabilities, whilst at the same time learning about common techniques people use to gain unlawful access to computer systems.

I can see the real benefit in using this tactic to educate people – after all, all the big companies have been hiring people who hack their systems for years, to better understand how to improve things behind the scenes. However, the whole language behind the course (it’s even called an “MSc Ethical Hacking and Computer Security” course) makes me cringe a little bit. But then a course called “Ethical Computer Security” isn’t going to get as much press!

The Hacker from Blighty, Garry McKinnon, has recently lost his most recent battle to prevent his expedition to the US on counts of hacking.

Gary, who is being charged in excess of $700,000 in damages, is taking his case to the European court, which is expected to take at least a couple of years before it’s looked upon again. Originally charged with hacking into the NASA computer systems, the damages really amount to the cost of upgrading their systems (and user’s education you would imagine) to counter future attacks. Surely NASA should be shaking his hand, giving him a paycheck and patting his back for showing them how to improve their systems, after accounts were hacked using the most obvious methods possible: Administrator accounts without passwords, or default passwords, all available over the net via a terminal services connection. That’s like making a guy who punched you in the face to not only pay for the surgery to your teeth, but also pay for a couple of bodyguards, and karate lessons for you, to ensure you were more prepared in case somebody else tried their luck. I’m sure we would all want it, but is it really justified??

The website, Sportsnetwork.com, has been hacked, apparently, by Chinese nationalists looking to put western civilisation straight!

When originally hacked on Sunday, sportsnetwork.com had their front page removed and replaced with Chinese slogans stating the hacker’s disgust at how the media had apparently twisted the ongoing situation in Tibet. Assuming this has actually been done by Chinese hackers, it shows how twisted this person’s outlook is. I’m used to living in a society where I wouldn’t go and break or hack a website just because their opinion was different to mine.

In what seems like a theme, I have another “Make your own…” post! It’s not my fault – firstly it’s the world of tech for creating very uninspiring news, and secondly it’s Dazza’s fault for pointing me in the direction of this hack (thanks mate!)

So here it is. You too can have a custom USB memory stick that looks like somebody has ripped a USB cable in half and plugged it into your laptop! You can be guaranteed lots of attention when people see it (and probably more than when I created my own custom USB memory stick made out of Duplo). A great project for the terminally bored amongst you, and a cool addition to anybody’s laptop bag. See how it’s done here.

Firstly, I would like to say that using a wireless network which is not yours, will probably land you in some trouble. But, hey, it’s not for me to judge, I’m just here to provide the information!

After very recently looking for some admin-like answers to some wireless network problems I was having, I found this article that details in a Make Magazine or Instructables style, how to create a “Predator” wireless access point sniffer.

The Predator is a hacked router and huge wireless receiver, plus a tripod. It will scan the surrounding area for the strongest unencrypted, or “open” wireless network and repeat it into your network. And because of the over-average size of the receiver, you should be able to get a good signal as long as you have a fairly good line-of-sight. So you will have free wireless internet, while still retaining control of your network security. Very cool, but remember it might be illegal depending on where you live and laws in that country etc. Also, I wouldn’t suggest sticking the thing right next to the window as in the pictures, unless you want the SAS zip-lining into your lounge after reports of a sniper in your building!

As reported just yesterday, the Macbook Air was the first laptop to fall to the hands of the security experts. Well today, the Vista laptop has also been compromised, by hacking Adobe Flash. This time the competition focused on 3rd-party software that was available for the laptops with Security Objectives being the first to exploit a flaw today, grabbing the £5,000 prize money. Ubuntu has been crowned the most secure by the competition., but what was interesting for me, though, was that none of the OS’s were actually hacked – just the applications that were installed on them. [SHOW ME]