The website of the Oklahoma Tax Commission was the apparent victim of a hack in which visitors to the website were prompted to accept an Adobe license agreement and download software.

The hack could not come a worse time for the Commission, whose site is undoubtedly experiencing an uptick in visitors as tax season approaches.

The hack was first noticed by Roger Thompson, chief researcher for security software provider AVG. In his blog posting Thompson warned about the pop-up Adobe license agreement that greeted visitors to the website. Apparently, code was waiting to infect the computer of any visitor who clicked on the agreement's “Accept” button.

Ref: http://www.infosecurity-us.com/view/6869/all-is-not-ok-in-oklahoma-st...

In the near future, you may be more worried about a hacker attack on your car than on your PC!!

Over a range of experiments, both in the lab and in road tests researchers demonstrated the ability to adversarially control a wide range of automotive functions and completely ignore driver input.

They could remotely lock the brakes, the engine, and windows on a car; turn on the radio, heat, and windshield wipers, honk the horn and change the speedometer display.

They were able to do all of that in tests on two cars of unnamed make and model by connecting a laptop to the electronic control system and controlling that computer wirelessly using a second laptop in a separate car.

Ref: http://www.autosec.org/pubs/cars-oakland2010.pdf

Ref: http://news.cnet.com/8301-27080_3-20005047-245.html

His0k4 has discovered a vulnerability in the MyContent component for Joomla!, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "id" parameter in the Joomla! installation's index.php script (when "option" is set to "com_mycontent" and "task" to "view") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Successful exploitation allows e.g. retrieving administrator password hashes, but requires knowledge of the database table prefix. The vulnerability is confirmed in version 1.1.13. Prior versions may also be affected.

Ref: http://milw0rm.com/exploits/5714
Ref: http://www.securityfocus.com/archive/1/510374/30/0/threaded
Ref: http://secunia.com/advisories/30490/

Authorities in Andhra Pradesh are planning to set up an outsourcing unit in a jail.

The unit will employ 200 educated convicts who will handle back office operations like data entry, and process and transmit information. The project will begin at Charlapally Central Jail, near the state capital Hyderabad, in the next four months. The prison, with 2,100 inmates, is Andhra Pradesh's most modern with state-of-the-art facilities.

The proposed outsourcing unit is a public-private partnership between the department of jails and an IT company. The unit, which is expected to undertake back-office work for banks, will work round the clock with three shifts of 70 staff each. Working in the unit will also be financially rewarding for the prisoners.

Officials say this is a pilot project and, if it succeeds, it could be extended to other jails in the state. Of the total 13,000 convicts in Andhra Pradesh jails, about 2,000 are considered well-educated and could potentially be good workers for BPOs and even call centres in the future.

Ref: http://news.bbc.co.uk/2/hi/south_asia/8677486.stm

Officers from the Federal Bureau of Investigation (FBI) and its Indian counterpart detained a Ukrainian national from the Indira Gandhi International Airport (IGIA) for his involvement in Net fraud and identity theft.

The man, Sergey V. Storchak, was travelling on a Jetlite flight S2 120 (Goa-Mumbai-Delhi).

He is alleged to have been involved in the theft and sale of more than 40 million credit and debit card numbers. Sources said 11 people were involved in the fraud and Storchak was one of them.

Officials said that the accused used to obtain the credit and debit card numbers by 'wardriving' and hacking into the wireless networks of major retailers in the US.Once inside the network, they installed 'sniffer' programmes that would capture card numbers, as well as password and account information.

After collecting the data, the accused used to conceal it in encrypted servers that they could control from Eastern Europe and the US. The stolen numbers were 'cashed out' by encoding card numbers on the magnetic strips of blank cards. They then used these cards to withdraw tens of thousands of dollars at a time from the ATMs.

The US justice department had described it as the largest hacking and identity theft case ever in the country.

The FBI intimated the Central Bureau of Investigation (CBI) about his presence in Delhi. Officers from the CBI, FBI and Delhi Police waited at the terminal, a CISF team went to the aircraft and escorted Storchak out and handed him over to the CBI.

Sources said that the FBI cannot arrest Storchak in India and will have to initiate the extradition process.

Ref: http://indiatoday.intoday.in/site/Story/96990/India/Ukrainian+in+bigg...