tag:securitywatch.eweek.com,2012:/13 2012-03-05T10:31:48Z Movable Type Pro 4.32-en tag:securitywatch.eweek.com,2012://13.36196 2012-03-05T04:27:17Z 2012-03-05T10:31:48Z

The Office of the Inspector General briefly described the attack against the Jet Propulsion Laboratory in which intruders gained full control over the network. NASA has seen over 5000 attacks in the past two years.

Fahmida Rashid NASA Inspector General Paul Martin told the House Science, Space and Technology committee Feb. 29. NASA made the discovery in November, and the JPL incident is still under investigation, according to Martin. There have been a total of 5,408 security incidents in 2010 and 2011 that resulted in either malware being installed on NASA systems or attackers gaining unauthorized access to the agency's systems, Martin said. There were 47 APT incidents in fiscal year 2011, of which 13 had succeeded. In one attack, perpetrators stole user credentials for more than 150 employees, according to Martin. "These incidents ranged from individuals testing their hacking skills, to well-organized criminal enterprises seeking to exploit NASA systems for profit, to intrusions that may have been sponsored by foreign intelligence services," Martin said. The attacks affected "thousands" of NASA computers, caused "significant disruption" to mission operations, and resulted in theft of sensitive data which cost NASA more than $7 million, Martin said. The Subcommittee on Investigations and Oversight met to examine the NASA Office of the Inspector General (IG) reports and to discuss how to protect the agency from future attacks. "NASA is a high-priority target for criminals and state-level actors attempting to steal, compromise, or corrupt technical data," according to a document prepared by the subcomittee prior to the hearing. NASA technology is "inherently dual-use in nature," meaning that the information obtained could be used both for military purposes as well as in civilian-focused applications, according to the document. If compromised, there would be "significant nonproliferation concerns," the subcommittee members wrote. In the attack on JPL systems, the intruders had full system access and could modify, copy or delete sensitive files; add, modify or delete user accounts for mission-critical JPL systems; upload tools to steal user credentials or compromise other systems; and modify system logs to hide their activities. There were "systemic internal control weaknesses in NASA's IT security control monitoring and cyber-security oversight," Martin said in his testimony. An audit in May 2010 found that only 24 percent of "applicable coputers" on a mission network were monitored to received critical software patches, and only 62 percent were monitored for technical vulnerabilities. Another audit in December 2010 found the agency was not properly sanitizing or disposing equipment at four different centers and sensitive data was still on computers being prepared for sale. Other incidents reported by Martin included a laptop stolen in March 2011 containing algorithms used to control the International Space Station. Thieves had stolen 48 notebooks or mobile devices from NASA between April 2009 and April 2011, Martin said. The thefts are even more worrying when considered that as of Feb. 1 this year, only one percent of NASA's portable devices were encrypted, according to Martin. ]]> tag:securitywatch.eweek.com,2012://13.36193 2012-03-02T04:17:43Z 2012-03-05T09:42:37Z

A Kaspersky Lab researcher discussed some issues he discovered with both Google's Chrome OS platform and Apple's iCloud service

Fahmida Rashid Forbes. Google also told Forbes that security companies can use extension APIs for Chrome OS to create security products for the platform. Apple's iOS and the associated iCloud online storage service both have issues with potential data leaks, Schouwenberg warned. Instead of using standard SMS protocols when processing messages, Apple is treating SMS as data, he said. Users can just switch the SMS card from one iPhone to another, but even after removing the SIM card, the other phone continued receiving SMS messages, Schouwenberg found. iOS devices also shared notes over iCloud even after turning note-sharing off. "That is not good," he said. Apple also set up the iOS to be able to supercede user settings in order to connect to certain wireless hotspots. While it may be convenient, it isn't secure, as the data could be sniffed from the device if connected to an unsecured access point, Schouwenberg said. ]]> tag:securitywatch.eweek.com,2012://13.36195 2012-03-02T03:31:38Z 2012-03-05T09:33:52Z

The National Security Agency customized Google's Android mobile operating system for a pilot program.

Fahmida Rashid Smartphones running Google's Android mobile operating system are secure enough to make top-secret and classified phone calls from the field, according to the National Security Agency. The NSA is currently conducting a pilot program of 100 Motorola smartphones running a modified version of Android, Margaret Salter, a technical director of the Information Assurance Directorate at the NSA, said during a presentation at the RSA Conference Feb. 29. The NSA chose Android for the project because of the fact that it was open source. "It's not because iOS was lousy, no," Salter said. Android offered "freedom" to make modifications, she said. NSA's IAD has been responsible for creating proprietary communications equipment for the U.S. Government. The process was generally more expensive and took "years to approve a device," Salter said. The devices were incredible secure, but were often not "incredibly easy to use," she said. For the pilot, dubbed Project Fishbowl, reflected IAD's attempt to start using best of breed commercial gear that could be customized. NSA needed certain controls to manage the classified conversations and was able to make those changes to Android. "We took stuff out the OS we didn't need," which made the attack surface very small, Salter said. Salter didn't discuss the changes or which Motorola brand it used in the piolot. tag:securitywatch.eweek.com,2012://13.36194 2012-03-01T03:25:31Z 2012-03-05T09:28:10Z

When LulzSec signed up for CloudFlare's CDN services, the company found itself under attack by people trying to knock the prankster group offline.

Fahmida Rashid The CloudFlare team was surprised when cyber-pranksters LulzSecurity signed up to take advantage of its services last year, Matthew Prince, CEO of CloudFlare said Feb. 28 at the RSA Conference in San Francisco. With LulzSec as a customer, CloudFlare had a unique insight into the group's activities and also the opportunity to discover the security resilience of its infrastructure and operations, Prince said. For a three-week period between May and June, CloudFlare's infrastructure was under heavy bombardment by several groups and individual cyber-attackers intent on knocking LulzSec offline with their own distributed denial of service attacks, Prince said. The attacks included Layer 7 and Layer 3 /4 DdoS attacks, reflection attacks and IP scans. Some attackers figured out what switching and routing infrastructure was being used by CloudFlare and launched vendor-specific attacks on the router interfaces, according to Prince. Attack traffic peaked at 21 gigabytes on June 16, shortly after LulzSec had attacked several popular online gaming sites, including Minecraft, Prince said. CloudFlare treated the experience, not as a nightmare, but as a learning experience, Prince said. "You can't pay for penetration testing like this," Prince told attendees. "It was interesting." CloudFlare is a content delivery provider, much like the bigger and better known Akamai. The company operates 14 data centers worldwide and handles 30 million page views a month. LulzSec signed up for the free version of the service June 2. LulzSec had gained notoriety less than a month previously with frequent and audacious attacks against high-profile targets that caused a lot of embarrassment for parties involved. The group was not out for financial gain and was launching attacks for entertainment. LulzSec ceased operations June 25. Immediately after joining the network, the group began launching DdoS attacks against other sites, including Sony Pictures and the Central Intelligence Agency, Prince said. None of the actual hacking activity occurred within CloudFlare's network, nor was any illegal content hosted on its sites. With LulzSec as a customer, law enforcement agencies came knocking. Prince declined to share specifics on the kind of information CloudFlare handed over, but said it complied with "valid subpoenas." After careful contemplation, CloudFlare chose not to cancel the group's account. The company generally works with law enforcement if a botnet command and control server is identified within its distributed network environment but generally doesn't terminate any accounts unless there is clear criminal activity such as distributing malware or offensive content, Prince said. Law enforcement also did not ask CloudFlare to stop doing business with LulzSec, according to Prince. While users on the free service are required to provide only a valid email address, username and password, CloudFlare collects and stores limited amounts of information for each customer, Prince said. LulzSec used the same username on CloudFlare as the one used on Internet Relay Chat and once forgot to use multiple proxies to hide the IP address before logging in, he said. CloudFlare privacy policies dictated Prince ask LulzSec permission to use the data gathered from the LulzSec account for his RSA discussion. "You have my permission - signed, Jack Sparrow," read the response to Prince's query. tag:securitywatch.eweek.com,2012://13.36167 2012-02-15T17:37:07Z 2012-02-15T20:26:50Z

An update to Microsoft's Forefront and Security Essentials tool resulted in a false positive for the Blackhole exploit kit on Google's home page for a few hours. Microsoft has fixed the problem.

Fahmida Rashid Internet Storm Center Diary. "Access to the requested file is blocked due to a detected infection," the message said, before identifying the infection as Exploit:JS/Blacole.BW. Pelaez analyzed the packets and was unable to find anything wrong. Security writer Brian Krebs saw a similar warning on a Windows XP machine running Microsoft Security Essentials. Microsoft's Technet support forums were full of questions from concerned users and administrators. "For whatever reason, Microsoft's security software thought Google's home page was infected with a Blackhole Exploit Kit," Krebs wrote. The Blackhole exploit kit is a popular attack kit used to compromise legitimate Websites and direct users to malicious portals that download more malware, steal data or perform other nefarious acts. The kit is regularly updated with new exploits and can be used to launch attacks targeting vulnerabilities in Java, Adobe and Microsoft products. Leak repository Cryptome disclosed it had recently been infected with Blackhole and may have redirected about 2,900 visitors to malicious sites. The kit was the source of about 95 percent of all malicious links identified by M86 researchers between July and December 2011. False positives happen with security products, and Microsoft was able to push out a new update within four hours to fix the problem. "Microsoft AV team is removing the detection from Signature. 1.119.1986.0 or higher will contain this change," Microsoft Support said. As false positives go, this was a minor one, as the security tool did not try to remove or modify files in order to clean up the perceived threat. If the user clicked on the "remove" option to clean the infection, the software reported that it was unable to find the threat, according to Krebs. Interestingly enough, it appears that the false positive was detected when users landed on the Google home page using the Internet Explorer Web browser or actually performed a search using Mozilla Firefox. Google Chrome or Safari users did not appear to have seen the warning. Some users on Technet reported seeing warnings on any site using Google Adwords or Google Analytics.]]> tag:securitywatch.eweek.com,2012://13.36163 2012-02-12T18:25:59Z 2012-02-13T18:28:28Z

Mozilla has closed a serious security vulnerability in its latest Firefox Web browser. Users who have upgraded to Firefox 10 should immediately update the browser.

Fahmida Rashid Less than two weeks after releasing Firefox version 10, Mozilla has updated its popular Web browser to close a security flaw. A critical security vulnerability has been fixed in Firefox 10.0.1, Mozilla wrote in its advisory Feb. 10. The serious use-after-free flaw was found in a component that is shared with other Mozilla products, including the Thunderbird mail client and SeaMonkey application suite. "Mozilla developers Andrew McCreight and Olli Pettay found that ReadPrototypeBindings will leave a XBL binding in a hash table even when the function fails. If this occurs, when the cycle collector reads this hash table and attempts to do a virtual method on this binding a crash will occur. This crash may be potentially exploitable," Mozilla said in its advisory. Firefox 9 and earlier versions are not affected by this vulnerability, according to Mozilla. Mozilla had released Firefox 10 on Jan. 31. Nine security holes had been patched in the new version, of which five had been rated critical. The critical issues addressed included a potential memory corruption flaw, objects being accessible even after being removed, memory safety hazards, malformed stylesheets, and frame scripts bypassing security checks. tag:securitywatch.eweek.com,2012://13.36157 2012-02-09T21:49:29Z 2012-02-10T19:19:33Z

Spammers are not turning into political pundits, but they are using Republican candidates to advertise their scams, according to Bitdefender. Mitt Romney is handily beating Newt Gingrich in this contest.

Fahmida Rashid "Most Mentioned Politician" spam survey, at 33 percent, followed by Ron Paul at 12.18 percent. "The results could indicate the politicians spammers think are most likely to get a reaction from random e-mail readers," Botezatu said Romney's name was being used in scam messages that advertise low-interest loans, free credit score analysis or ways to reduce the costs of the energy bill, Botezatu said. Gingrich spam tried to sell high-interest loans and miracle devices that could dramatically cut energy costs. "Political parties and colors don't really make any difference for spammers, who use candidates' names alike just to accomplish their hidden agenda," Botezatu said. While messages referencing political figures account for less than 1 percent, or 0.243 percent, of total spam volume, spammers are aware that the average Internet user is worried about the impact political change will have on their lives, according to Botezatu. In contrast, celebrity spam, which used to be one of the most popular spam vehicles a few years ago, is a mere 0.158 percent of global spam volume. Spammers are also inserting fragments of news reports about the primaries in order to "give extra credibility to the message," and to trick anti-spam filters, Botezatu said. ]]> tag:securitywatch.eweek.com,2012://13.36151 2012-02-08T16:11:13Z 2012-02-08T20:41:40Z

SwaggSec has picked up where LulzSec left off, attacking Apple's China-based iPhone manufacturer for fun and dumping passwords online

Fahmida Rashid Pastebin. @SwaggSec claimed responsibility for the breach on its Twitter account. The Pastebin post also included a link to the torrent file containing the leaked data. The torrent has yet to be analyzed, but it appears to contain user names and passwords. SwaggSec gave "consent" to others to "scavenge" through the torrent file to find user names and passwords that may work on other sites. "The passwords inside these files could allow individuals to make fraudulent orders under big companies like Microsoft, Apple, IBM, Intel and Dell," SwaggSec wrote in the post. These companies are known Foxconn customers. Foxconn had an "appropriate firewall" but SwaggSec was able to bypass it "almost flawlessly." The post mentions the breach occurred over several days and the group used several different techniques. SwaggSec's Twitter feed has a post from Jan. 26 claiming one of their victims was running an outdated and unpatched version of the Internet Explorer Web browser. It is not clear whether there were other victims, but it is likely the post refers to Foxconn. While SwaggSec enjoys "exposing governments and corporations," it appears the group attacked Foxconn just for fun. The "statement" on Pastebin references reports of inhuman conditions suffered by Foxconn workers and the recent rumor of an iPhone 5 launch. The group was "considerably disappointed" about the working conditions, but SwaggSec is not "hacking a corporation for such a reason," the statement said. "We are slightly interested in the existence of an iPhone 5, we are not hacking for this reason," the group added. "The more prominent reason is the hilarity that ensues when compromising and destroying an infrastructure," according to the statement. Even hacktivists with good intentions have a small part that enjoys feeling the "menacing satisfaction" that comes from a successful attack, the group claimed. "But to us and many others, the destruction of an infrastructure, the act of destruction that does not affect an individual, brings a sense of newfound content, a unique feeling, along with a new chance to start your own venture," SwaggSec wrote on the post. The sentiment is very similar to the statements made by LulzSec, a group of six hackers that wreaked havoc through cyber-space for a little over two months last year. The group insisted its activities were carried out for fun, to "entertain" and supposedly was not financially motivated. LulzSec disbanded in June. Some of the members, including Topiary, Kayla and T-flow have been arrested. Others who have not yet been caught are believed to be still active under the Anonymous banner. SwaggSec's icon, a sketch of a person wearing a top hat, is drawn in a style similar to LulzSec. ]]> tag:securitywatch.eweek.com,2012://13.36159 2012-02-08T15:22:41Z 2012-02-10T15:28:46Z

For anyone who has deleted photos on Facebook, it turns out the social networking company still hasn't fixed the problem where the images aren't removed from its CDNs.

Fahmida Rashid reported Ars Technica. Facebook offers the option to delete photos, but it appears the images are removed only from the site and not from the content delivery networks it uses to speed up user experience. Anyone who has the direct link to the image is able to navigate to it, even if it's not accessible from Facebook directly. Ars Technica originally brought the issue to Facebook's attention back in 2009, and the social networking site promised a fix was on the way. Facebook was "working with our content delivery network (CDN) partner to significantly reduce the amount of time that backup copies persist," the social networking giant said at the time. Ars Technica this month tested out some of the links to deleted images and found the images were still available, nearly three years after the initial 2009 report. Ars had also followed up with Facebook in Oct. 2010. The tested links belonged to staffers and to readers who had submitted their own links for testing. On Feb.3, Facebook admitted that its older systems for storing uploaded content "did not always delete images from content delivery networks in a reasonable period of time even though they were immediately removed from the site." Facebook is apparently finishing up a newer system that would make the process quicker, according to the Ars report. In contrast to Twitter and Flickr, where images are deleted instantly, Facebook's new system, when finally live, would ensure photos are fully deleted within 45 days of the removal request being received. Or so the spokesperson promised to Ars. As Ars Technica's Jacqui Cheng noted, "With a company history of stretching the truth when asked about this topic - we'll have to see it before we believe it."]]> tag:securitywatch.eweek.com,2012://13.36156 2012-02-04T21:23:29Z 2012-02-09T21:29:28Z

Apple and PHP released another set of security updates to fix serious issues that were introduced in a previous security update.

Fahmida Rashid HTTP Server 2.2.22 which included fixes to six significant security flaws. Most of the vulnerabilities were rated either moderate or low. Apache fixed two low-priority privilege escalation issues, three moderate-priority exposure flaws, and another low priority bug that could be exploited with a malicious cookie in the 2.2.22 release. Apple updated Mac OS X Snow Leopard and Lion with a massive Security Update on Feb 1. Apple released Security Update 1.1 on Feb. 4 to address some of the issues that was introduced with the earlier update. Mac OS X Security Update 2012-001 v1.1 also removed the three ImageIO fix that had been part of the original update but did not provide any explanations as to why. The PHP team also released PHP 5.3.10 to fix a remote code execution vulnerability that had been introduced in a previous update on Feb. 3. A pair of researchers at the Chaos Communication Congress conference in Germany demonstrated a new technique in December that could cause a denial of service condition. The vulnerability existed in several Web application frameworks, including ASP.NET, Apache Tomcat, Oracle Glassfish Server and PHP. The PHP team released version 5.3.9 in January to address the hash collision problem. PHP fixed the issue by limiting the number of input parameters and didn't introduce a new function. The "max_input_var" parameter limited the number of input parameters a request may send to 1,000. It turned out the fix was implemented incorrectly and instead, introduced a remote code execution flaw in PHP 5.3.9. An attacker would be able to craft a malicious request that could executive code on a Web server running PHP 5.3.9. Administrators running PHP 5.3.9 should patch immediately. The SANS Institute's Johannes Ullrish recommended that administrators running PHP 5.3.8 actually wait and not upgrade at all. ]]> tag:securitywatch.eweek.com,2012://13.36144 2012-02-01T22:26:43Z 2012-02-01T23:12:45Z

After earlier reports claimed all the data on Megaupload would be deleted this week, it appears users may be able to reclaim their legitimate data.

Fahmida Rashid MegaRetrieval.com to help users work with the EFF "to investigate their options for retrieving their legitimate, non-infringing files," the company said in a statement. Carpathia insisted that it "does not have, and has never had, access to the content on Megaupload's servers," and it still wants to "assist lawful users of the Megaupload service." Although originally reported that the data would be deleted as early as Feb. 2, it now appears that the data would be maintained for at least two more weeks, according to Ira Rothken, an attorney representing Megaupload in the legal case. "Carpathia Hosting has no immediate plans to reprovision some or all of the Megaupload servers. This means that there is no imminent data loss for Megaupload customers. If this situation changes, Carpathia will post a notice at least seven days in advance of reprovisioning any Megaupload servers at http://www.Carpathia.com and MegaRetrieval.com," Brian Winter, chief marketing officer at Carpathia, said in a statement. The data reprieve means that users who used the service to store personal files and photos may be able to regain access to their data. The servers have been offline since the Federal Bureau of Investigation shut down Megaupload and arrested seven executives on charges of racketeering, money laundering and copyright violations. ]]> tag:securitywatch.eweek.com,2012://13.36155 2012-02-01T21:17:32Z 2012-02-09T21:21:52Z

Romanian police have arrested TinKode and charged him for breaching Websites belonging to NASA and the Pentagon

Fahmida Rashid Romanian Directorate for Investigating Organized Crime and Terrorism said in a statement Jan. 31. He's charged with breaking into wireless systems to obtain data, unauthorized transfer of data, and seriously disrupting computer operations. The agency also claimed that Cernaianu sold hacking tools to others online. TinKode broke into Websites belonging to the Department of Defense and the National Aeronautics and Space Administration as well as computers belonging to the United States Army. He publicized the SQL injection vulnerabilities he had discovered and he disclosed the confidential data he had stolen from the US Army online. TinKode had "no right to access multiple servers belonging to the U.S. Army, in order to obtain confidential data" that was copied and transferred into another computer, according to a Google Translate version of the statement. Those two incidents are not all that he's done, as his list includes breaking into the British Royal Navy's Website in November 2010 and obtaining several site passwords. TinKode also exploited SQL injection vulnerabilities to break into MySQL.com and the European Space Agency. TinKode was not out for financial gain or data. The attacks were all about showing off TinKode's abilities and getting bragging rights. Romanian security experts say that hackers are often treated like heroes in Romanian press. Even so, "Perhaps now is a good time to remind everyone who thinks it's cool or amusing to expose an organisation's weak security that hacking into a site is still a crime, regardless of what your incentive may be," Graham Cluley, a senior technology consultant at Sophos, said. ]]> tag:securitywatch.eweek.com,2012://13.36132 2012-01-25T03:36:17Z 2012-01-25T04:54:07Z

Pwn2Own hacking contest has been modified to drop mobile devices and to make it a fairer competition than the previous winner-takes-all model.

Fahmida Rashid launched contest Website. Each successful compromise with a zero-day vulnerability will be worth 32 points. In the past, as soon as one researcher succeeded in the exploiting the targeted software, that aspect of the competition was over in a winner-take-all format. With the new points system, all the researchers would be able to take their turn, and the winners will win based on the number of points accumulated during the entire contest. Mobile devices have been dropped altogether from this year's Pwn2Own contest. The Pwn2Own organizers will also announce two previously patched vulnerabilities for which contestants could write exploits over the three day contest. Points awarded for a successful exploit will decrease with each day, with 10 days on the first day, nine on the second day and eight points on the third. The exploits won't need to use a sandbox escape or bypass protected mode in browsers. The changes are intended to make the event fairer for everyone involved. The three researchers with the highest point totals at the end of the three-day contest will win the cash awards, of $60,000, $30,000 and $15,000, respectively. The prizes are coming from Hewlett Packard. Contestants also win the laptops that they're able to successfully compromise targets on. Google is offering prizes of $20,000 for every unique set of bugs that can compromise the Chrome browser without any platform-specific bugs. Participants will have to get full code execution outside of Chrome's sandbox to claim the prizes. Google will also pay $10,000 for Chrome vulnerabilities that get code execution outside of the sandbox but require an operating system specific vulnerability to work successfully. All the vulnerabilities used in the contest become part of the ZDI database and immediately disclosed to the affected vendor. ZDI works with the vendor to get all the relevant information and helps get the security flaw fixed. CanSecWest will be held March 7 to March 9 in Vancouver. ]]> tag:securitywatch.eweek.com,2012://13.36131 2012-01-24T03:24:47Z 2012-01-25T03:34:10Z

Download apps only from trusted sources and official application stores, but also scrutinize the developer name to verify the app's legitimacy.

Fahmida Rashid Glyn Evans of iPhoneography, who found the app on Jan. 21. Once notified, Apple pulled the app from the App Store. It was not clear if Camera+ 4.0 VS & SS was just piggybacking on the popular name or if it actually has malicious functionality, according to Graham Cluley, a senior technology consultant at Sophos, wrote on the Naked Security blog. Even so, Apple's approval process should have noticed that someone was uploading an app with the same name as an app that is currently the 14th best-selling app in the App Store, according to Cluley. "Apple should surely recognize if someone other than Tap Tap Tap tries to submit it to the store?" Cluley said. The real makers of Camera+, Tap Tap Tap, confirmed on Twitter that the app was fake. "Oh Apple and your all too often disappointing approval process," the developers posted on Twitter. Android users learned the hard way last year that malicious apps can masquerade as photo apps and mobile wallpapers on the Android Market. There was a sense that Apple's App Store was safer because Apple pre-approves each app before it appears in the store, something Google doesn't do for the Android Market. Even so, that doesn't mean fake or malicious apps have never appeared on the App Store. Mac security researcher Charlie Miller's proof-of-concept app that would have allowed remote users to execute unsigned code on the iPhone was approved for the App Store last fall. "As always, be careful what applications you install on your computing devices - even if they come from the Apple App Store," Cluley said.]]> tag:securitywatch.eweek.com,2012://13.36100 2012-01-07T19:47:28Z 2012-01-09T19:55:55Z

McAfee addressed hacktivism in their 2012 security predictions.

Fahmida Rashid security predictions for 2012. Anonymous is a loosely defined collective with no formal hierarchy or set of leaders. Any individual can take part in an Anonymous operation, and anyone start a campaign and encourage supporters to join in. The lack of a structure has resulted in several members to denounce certain attacks as not being "really" from Anonymous. There have been disagreements between members whether or not to target a company even before the operation launched. "Either the 'true' Anonymous group will reinvent itself, or die out," McAfee Labs said. Just as there's no official "face" for Anonymous, there's no preferred method of attack. Some members prefer launching denial of service attacks to disable Websites and disrupt operations to prove a point. Others would rather exploit network and application vulnerabilities to capture and dump personally identifiable information on the Internet, a practice now known as 'doxing.' Anonymous and similar hacktivist groups will also cross the line between the digital and physical worlds and start organizing physical protests, McAfee said. The group organized protesters in the San Francisco Bay Area to protest police shootings by the transit police at the Bay Area Rapid Transit system in August and helped publicize the Occupy protests in the fall. McAfee also predicted there will be more focus on cyber-warfare, increased government activity in cyber-space and more hacktivism in 2012.]]>