Security Bytes: Man charged with stealing, selling VoIP service |
 |
By SearchSecurity.com Staff
09 Jun 2006 | SearchSecurity.com |
|
|
Man charged with stealing, selling VoIP service
Authorities have charged a Miami man with stealing more than 10 million minutes of Voice over Internet Protocol (VoIP) telephone service and then selling them. According to published reports, Edwin Pena paid a Spokane, Wash. computer hacker named Robert Moore about $20,000 to help him illegally route Internet telephone calls through the networks of more than 15 unnamed VoIP companies. News reports cited criminal complaints made available by the U.S. Attorney's Office.
Pena posed as a legitimate telecommunications wholesaler and used hacking techniques to steal networking services valued at as much as $300,000 from each of the carriers. Pena faces a charge of wire fraud for violating computer hacking laws, the U.S. Attorney's Office said.
Hackers target an older Microsoft flaw
Digital desperados aren't finished targeting a Microsoft flaws that was patched in April. According to Atlanta-based Exploit Prevention Labs Inc., hackers are using bot-seeding scripts to exploit the MDAC (Microsoft Data Access Components) flaw patched in Microsoft's MS06-014 bulletin.
"I've seen three different scripts in one week. That's an indication that at least three different [hacker] groups have independently worked out their own exploit," Roger Thompson, chief technical officer at Exploit Prevention Labs, told eWeek. "As far as I know, there has been no published proof-of-concept for this exploit. Usually, they will simply copy and paste a published exploit with their own payload. But, it looks like they are now reverse-engineering the patches themselves." The flaw is in the RDS.Dataspace ActiveX control that's part of the ActiveX Data Objects distributed in MDAC. Attackers could take complete control of affected machines by exploiting this flaw.
Flaw affects both IE and Firefox
Both Internet Explorer and Firefox are vulnerable to a JavaScript flaw attackers could exploit to compromise people's personal data. But Danish security clearinghouse Secunia deems it a low-risk threat.
The flaw, which also affects Netscape and Mozilla's SeaMonkey program, is in how the browsers handle JavaScript. Security experts believe the flaw is difficult to exploit because it requires a lot of user interaction. Users can mitigate the threat by disabling Active Scripting support and not entering sensitive text when visiting untrusted Web sites.
|
