News Stay informed about the latest enterprise technology news and product updates.

Security Bytes: Dirty cyber deeds in Tinseltown?

The Motion Picture Association of America is accused of hiring a black-hat hacker. Meanwhile: Cisco and HP fix flaws and blood donors' information is compromised.

Motion Picture association accused of online misdeeds
The Motion Picture Association of America (MPAA) is being sued for allegedly enlisting a black-hat hacker to help it take revenge on a company it accuses of helping copyright violators.

According to a report from CNET, the lawsuit was filed in U.S. District Court for the Central District of California by parent Valence Media Ltd. The suit doesn't identify the man Valence alleges was approached by an MPAA executive, but the hacker was a former associate of one of the plaintiffs who was asked to steal private information on, a search engine that directs users to download links.

Valence claims the MPAA paid the hacker $15,000 to steal email correspondence and trade secrets. The man has apparently admitted his role in the plot, CNET reported, and is cooperating with the company.

The suit comes three months after the MPAA filed suit against Torrentspy and other Torrent directories for allegedly making it easier for pirates to distribute movies over the Internet.

Cisco fixes VPN flaw
Cisco Systems Inc. has fixed a flaw in its virtual private network (VPN) Client software that attackers could exploit to gain local system privileges.

Cisco VPN Client is designed to create IPsec tunnels to Cisco VPN-capable devices. It is available for Microsoft Windows, Linux, Sun Solaris, Apple Mac Classic and OS X operating systems.

The San Jose, Calif.-based networking giant said VPN Client is susceptible to a local privilege-escalation vulnerability because of an unspecified flaw in the VPN client dialer application. "It is conjectured that this issue is due to a failure of the application to properly drop privileges prior to opening user-specified files and applications," Cisco said. "This allows local attackers to gain local system privileges on affected computers. This facilitates the complete compromise of affected computers."

The flaw specifically affects Cisco VPN Client installations on the Microsoft Windows platform. Versions prior to 4.8.01.x, with the exception of version are affected. The advisory outlines the fixes that are available.

Blood donors' information compromised
The personal information of about a million blood donors in the Missouri-Illinois Blood Services Region of the American Red Cross might have been stolen earlier this year by a former employee and was possibly used in identity thefts.

According to a Computerworld report, the former worker had access to 8,000 blood donors in a database she used in her job, all of whom were notified by mail of possible identity theft problems on March 17. After the warning letters went out, the Red Cross decided to expand the identity theft warnings to all 1 million donors in the Missouri-Illinois region because of concerns that she may have accidentally accessed other records in the larger group, Computerworld reported.

At least four of the donors among the original 8,000 in the donor database were victims of the data-theft scheme, Jim Williams, a spokesman for the regional agency, told Computerworld. The agency is investigating whether anyone else has been affected.

The former employee apparently entered random numbers of past donors into her 8,000-donor database, then was able to access the names, Social Security numbers, phone numbers and birth dates of potential victims.

HP fixes multiple flaws
Hewlett-Packard Co. has fixed a number of flaws attackers could exploit to execute arbitrary commands, create malicious files and gain elevated user privileges.

The first problem is an error in HP OpenView Storage Data Protector that surfaces when certain requests are handled. Attacker could exploit this to execute arbitrary commands.

The second problem involves multiple vulnerabilities in HP OpenView Network Node Manager. Like the first problem, this is an error that surfaces when certain requests are handled. Attackers could exploit this to gain privileged access, execute arbitrary commands or create arbitrary files on a vulnerable system.

The third problem is an error in the Software Distributor of HP-UX, which local attackers could exploit to obtain elevated privileges.

Dig Deeper on Information security laws, investigations and ethics

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.