Saturday, November 28, 2009

Internet Security News: Week in Review November 21-28

Internet Lack of Security News: Week in Review - 11/21-11/28

692 websites hacked in September: Govt

(from The Economic Times at 11-28-2009)

It’s not good news for IT cities. According to a report prepared by the Computer Emergency Research Team from the Union IT ministry, a total of 692 websites have been affected in September alone. The unit has now asked the respective state governments to secure their own websites. “We have instructed all state governments to instal security measures, especially for those sites which contain sensitive data,’’ said a senior ministry official.... read more»

Hackers steal credit-card numbers from restaurant customers

(from Dispatch at 11-28-2009)

Diners who frequent a popular Downtown restaurant should review their charge-card statements because hackers broke into its computer system to loot debit- and credit-card numbers, police said today. Between 30 and 50 people have reported fraudulent charges on their accounts, and Columbus detectives said that anyone who used a charge card at Tip Top Kitchen and Cocktails in July or August is at risk.... read more»

Proper use of English could get a virus past security

(from NewScientist at 11-28-2009)

Hackers could evade most existing antivirus protection by hiding malicious code within ordinary text, according to security researchers. One of the most common ways of hijacking other people's computers is to use "code-injection" attacks, in which malicious computer code is delivered to and then run on victims' machines. Current security measures work on the assumption that the code used has a different structure to plain text such as English prose.... read more»

The inexorable convergence of cloud and security services

(from Verisign at 11-28-2009)

Concerns for the security of application run in the cloud are running high. The perceived lack of security of cloud platforms is often cited as the primary obstacle to adoption. Whether "cloud" is defined as infrastructure as a service, platform as a service, or simply as application outsourcing, almost everyone is lamenting at the security inadequacies of these new computing platforms.... read more»

Vendor rages after iPhone hacker given job

(from CIO at 11-27-2009)

A security firm has expressed incredulity at the news that the Australian prank hacker who wrote a program targeting Apple iPhone users has been given a job by an application developer. The writer of the Ikee worm, Ashley Towns, sprang to prominence only two weeks ago after his creation was found to be changing the desktop wallpaper on some 'jailbroken' or unlocked iPhones to display a picture of 1980's British pop-star Rick Astley. Now, fellow-Australian software company mogeneration is repo... read more»

Defamation trial threat to internet freedom: Google

(from nzherald at 11-27-2009)

An Italian prosecutor demanded jail time yesterday for four Google executives charged in absentia with defamation and violating privacy for allowing a video to be posted online showing an autistic youth being bullied. Prosecutor Alfredo Robledo is seeking a one-year term for three executives for violating privacy, and six months for a fourth for defamation in the case. Sentencing is expected on December 23.... read more»

Online Xmas retail jump tipped

(from nzherald at 11-27-2009)

Online retailers hope the convenience of the Web, plus discounts and deals, spur still-nervous shoppers to spend more online this holiday season - even as traditional retailers brace for mediocre sales. Internet analysts at comScore Inc. expect online retail revenue to rise 3 per cent to $28.8 billion for the months of November and December. That includes the websites of traditional retailers, such as Macy's, but excludes auctions, travel and large corporate purchases.... read more»

Six Best Black Friday Web Sites

(from PCmag at 11-27-2009)

The day after Thanksgiving is the best day to find holiday bargains. But with so many stores offering deals, how—and where—do you start looking? BlackFriday.FM read more»

Broadband security expert advises on 'screen scraping'

(from Broadband-Finder at 11-27-2009)

Consumers have been advised to be wary of the growing trend of 'screen scraping' on the internet. While more Britons become increasingly aware of the need to be security-savvy when using the internet, it has been suggested that online criminals are also becoming increasingly sophisticated in their methods.... read more»

Silly season security for Internet shoppers

(from techday at 11-27-2009)

As shoppers everywhere head online looking for great holiday deals, Internet security companies are urging consumers to educate themselves on the basics of online shopping safety. Simple steps, like looking for the 'secure site' padlock on your browser page when purchasing, or making sure you’re buying from a reputable company, can prevent potential headaches down the road.... read more»

NCCPL website hacked, data of bourses safe

(from TheNews at 11-27-2009)

The National Clearing Company of Pakistan Limited (NCCPL) website was hacked on Thursday, NCCPL officials disclosed. NCCPL officials confirmed that the website of the company was hacked by some Indian hacker who added some irrelevant content to the data present on the website. The added content suggests that the hacker has some connection with India. However, as soon as the breach was detected, the company blocked the website within 10 minutes, they added. “The hacking did not affect th... read more»

Second B.C. employee fired in document security breach

(from vancouversun at 11-27-2009)

The B.C. government has fired a second employee in connection with a security breach in which the files of 1,400 income assistance clients turned up in a government worker’s home. Citizens’ Services Minister Ben Stewart confirmed today that the second employee was “involved with” the Public Service Agency within his ministry. He declined to provide the reasons for the firing, but said it stemmed from the ongoing probe of the security breach. “Because it’s a personnel issue, I can’t tell yo... read more»

Are hotel key cards safe? Well , it could be a threat depending on the details it has stored on it

(from rediff at 11-27-2009)

Many hotels and resorts use electronic key cards. These cards with a magnetic strip are programmed in such a manner that once the duration of the stay is over, the person does not get access to the room. The key cards make it impossible to pick up a card and break into a room. Electronic door locking systems were introduced across the globe as they help enhance hotel security, but what information does it contain? All hotels mention the customer's name, address, room number and duration of... read more»

Cyber crime bigger than drug industry

(from telstraclear at 11-27-2009)

There is a warning cyber criminals will be making an increasingly sophisticated attempt to break in or infect computers in the new year.The warning comes from internet security provider AVG. Spokesman Lloyd Borrett says they are seeing increasing activity, but what is worse is that cyber criminals are getting more organised. He says they create 100 to 300 new websites a day and leave them up for a while, before putting active threats on them.... read more»

McAfee’s Virtual Criminology Report Warns of Global Cyber Warfare

(from spamfighter at 27-11-2009)

McAfee, a Web security giant, released the grave results from its fifth yearly Virtual Criminology Report on November 17, 2009. According to Dave DeWalt, CEO and president of McAfee, more than two years ago, the firm began warning people of the global cyberarms race, but it is noticing increasing evidence of the warning turning into reality, as per the statement published by on November 17, 2009. Further, several countries across the world are busy preparing themselves for cyber wa... read more»

RuneScape Hacking Rumbled - Arrest Made - But for What Crime?

(from spong at 27-11-2009)

The owner of MMO RuneScape, Jagex Games Studio, has teamed up with the Police Central e-Crime Unit (PCeU) and the Feds (FBI) to nick a 23-year old from the West Country of this United Kingdom. The unnamed miscreant was allegedly using phishing sites to "dupe unsuspecting players into providing their game logon credentials." Unlike every other executive this week, Mark Gerhard, Jagex CEO wasn't excited. He was serious. "Where there is any evidence to suggest someone has committed a crime, a... read more»

Splinter Cell hack smells more like publicity stunt

(from The Register at 27-11-2009)

Ubisoft said that the website of its popular video game Splinter Cell had been hacked on Thursday. However circumstantial evidence suggests the hack is more likely to be a publicity stunt than a genuine cyber assault. Visitors to the Splinter Cell website are been greeted by a message in Russian. This is followed a link buried in the message, which leads on to a page displaying the ASCII art of a shield with a double-headed eagle, also on the Splinter Cell site.... read more»

Security Irony from Microsoft and Symantec

(from Beskerming at 27-11-2009)

Security is a very difficult thing to get right, whether it is a company that has committed itself to overcoming historical security flaws and implementing a secure development process, such as Microsoft, or a company that exists to deliver Information Security services and products to governments, businesses, and consumers, such as Symantec.... read more»

Smartphones face creeping malware threat

(from TGDaily at 27-11-2009)

A SophosLabs security researcher has warned that hackers are likely to step up their malware offensive against various smartphone platforms. According to Graham Cluley, future attacks could exploit vulnerabilities in browsers used by mobile devices or take advantage of social engineering "tricks."... read more»

ICO: Stolen laptop contained data on 110,000 people

(from itpro at 27-11-2009)

Verity Trustees has had its wrist slapped by the Information Commissioner's Office (ICO) after a laptop was stolen containing data on 110,000 people. The laptop was taken from the locked server room of Northgate Arinso, which supplies pension management software to Verity. The laptop held names, addresses, salaries, national insurance numbers and dates of birth of 110,000 people, as well as 18,000 banking details.... read more»

EU cyber security agency calls for electronic ID cards

(from siliconrepublic at 27-11-2009)

Europe’s cyber security agency ENISA (the European Network and Information Security Agency) has concluded that electronic ID (eID) cards offer the most secure and reliable method of authentication for internet services like online banking. The agency has proposed the widespread introduction of a privacy-protecting universally applicable eID card which it says is technologically feasible.... read more»

Christmas shoppers still worried about online threats

(from IT Pro at 27-11-2009)

Nearly one in four Britons are held back from shopping online over Christmas due to security fears, according to a YouGov survey. The research said that 22 per cent of the UK were held back from online shopping due to fears over online identity theft and fraud, while 14 per cent do not trust e-commerce sites. The research, commissioned by Verisign, also said that UK consumers were only willing to spend a third of their shopping budget online, or 32 pence in every pound.... read more»

India to set up automatic monitoring of communications

(from NetworkWorld at 27-11-2009)

India plans to set up a centralized system to monitor communications on mobile phones, landlines and the Internet in the country, a minister told the Rajya Sabha, the upper house of Parliament, on Thursday. Indian laws allow the interception and monitoring of communications under certain conditions, including to counter terrorism.... read more»

Breaches not as disclosed as much as we had hoped

(from Financial Cryptography at 27-11-2009)

One of the brief positive spots in the last decade was the California bill to make breaches of data disclosed to effected customers. It took a while, but in 2005 the flood gates opened. Now reports the FBI: "Of the thousands of cases that we've investigated, the public knows about a handful," said Shawn Henry, assistant director for the Federal Bureau of Investigation's Cyber Division. "There are million-dollar cases that nobody knows about.... read more»

Afghanistan disappears from Planet Apple

(from The Register at 27-11-2009)

iPhone owners with mates in Afghanistan will have a hard time keeping track of them, as the handset doesn't admit the existence of the country in its contacts application. A contact's country of residence is selected from a drop-down list on the iPhone and iPod Touch - unless that contact lives in Afghanistan, in which case they are forced to remain stateless.... read more»

iPhone developer hires worm author

(from The Register at 27-11-2009)

An Australian mobile application developer has hired the creator of the first iPhone worm, Ashley Towns, as a software developer. Towns, 21, from Wollongong, New South Wales, landed a job with mogeneration, publisher of a children's game called Moo Shake! The creator of the infamous ikee (Rickrolling) worm broke news of his new job via his ikeeex Twitter feed.... read more»

EU agency runs rule over ID cards for online banking logins

(from The Register at 27-11-2009)

A study by an EU cybersecurity agency into the use of electronic identity cards for online banking has highlighted seven types of vulnerability and 15 possible threats. ENISA (the European Network and Information Security Agency) compared the suitability of smart eID cards to other authentication techniques for online banking, such as two-factor authentication and the use of mobiles to send out transaction authorisation codes. ID cards can be applied to the world of online banking but seve... read more»

EU cyber crime agency highlights ID card risks

(from v3 at 27-11-2009)

Enisa, the European cyber crime agency, has released a new paper discussing the security risks posed by European ID cards when used for identification purposes. The organisation has suggested that new, more standardised, approaches to online ID cards and their authentication are needed before they can be safely adopted on a widespread basis.... read more»

Computer hacker Gary McKinnon to be extradited to US

(from Guardian at 26-11-2009)

Computer hacker Gary McKinnon is at serious risk of suicide, relatives said today, after the home secretary rejected a last-ditch attempt to prevent his extradition to the US. In a letter today Alan Johnson ordered McKinnon's removal to the US on charges of breaching US military and Nasa computers, despite claims by his lawyers that extradition would make the 43-year old's death "virtually certain".... read more»

Cyber breaches kept secret

(from ITweb at 26-11-2009)

Cybercriminals regularly breach computer security systems, stealing millions of dollars and credit card numbers in cases that companies keep secret, said the FBI's top Internet crimes investigator. For every break-in like the highly publicised attacks against TJX and Heartland Payment, where hacker rings stole millions of credit card numbers, there are many more that never make the news.... read more»

ACFE Annual Fraud Conference London, UK

(from acfe at 26-11-2009)

Call for Speakers Submit your proposal online at: We are looking for anti-fraud professionals to share their expertise at our annual conference in Europe. All the details you need are on our website... read more»

Skim versus hack: Council still in the dark

(from ComputerWorld at 26-11-2009)

Auckland City is referring all enquiries about how its carparking systems were compromised, leading to the reissue of thousands of credit cards, to Westpac, which is leading the investigation into the incident. Spokesman Glyn Jones says the council "hasn't been told conclusively" whether skimming or hacking were used to breach customer security. The banks are conducting the investigation into the incident, he says.... read more»

Risky business: Remote Desktop opened the door for Aloha hackers

(from databreaches at 26-11-2009)

When nine restaurants in Louisiana and Mississippi filed lawsuits against Radiant Systems and its Louisiana distributor, they may have represented only the tip of a substantial iceberg of hacks affecting restaurants that used Radiant Systems’ Aloha POS system. It seems that the scope of the problem is first coming to the public’s attention approximately one and a half years after the hacking incidents started.... read more»

Security in the Channel: Hot Topics in 2009

(from BitPipe at 26-11-2009)

The last year has been very active in the security space. 2009 has seen a doubling in pieces of malicious code and a sharp increase in preventable data breaches. In this podcast, get details on some of the hottest security issues, including: Windows 7 security The security of social networking sites Malicious applications The adoption of Sharepoint... read more»

Think Tank Study Shows Top Web Trends Are Security Risks

(from readwriteweb at 26-11-2009)

Mobile technology, virtualization, the social web, cloud computing - a think tank study has all our good friends on a hit list. The study, which shows primary security and privacy concerns of U.S. government IT leaders, is making the rounds among military and government bloggers. Policy makers are being told that the applications we know and love are dangerous and pose gaping security loopholes for cyberterrorism. Is a Big Brother overprotective meltdown? Or are our advances really causing gr... read more»

Situational Awareness and Organizational Security

(from Cisco at 26-11-2009)

In this week’s CRR, we continued to follow an interesting roller coaster of events that has overshadowed electrical companies in Brazil over the past few weeks. There have been reports that recent power failures were a result of computer hacking, a rebuttal that the failures were not caused by hacking, and finally reports that power company websites were hacked into (though without any power failures). This has resulted in a flurry of media reports, fear mongering about “cyber attacks,” and ge... read more»

Hacker attacks ‘more organised’ in 2010

(from dynamicbusiness at 26-11-2009)

This year has seen a dramatic spike in volumes of spam, phishing, botnet activity and malware, and 2010 will be no different says security vendors AVG. According to Llyod Borrett, marketing manager for AVG (AU/NZ), in 2010 the threat environment will look pretty much the same as 2009, but will have “more of everything and be even more transient agile and organised.” Borrett provides the following predictions: 1. There will be more diverse, automatically generated malware. 2. More... read more»

Hacker Embarrasses Symantec website

(from eweekeurope at 26-11-2009)

Security vendor Symantec has been embarrassed after one of its websites was hacked to reveal sensitive customer data There were red faces at Symantec after the same hacker who penetrated Kaspersky's website earlier in the year, also hacked Symantec's Japanese support website. The Romanian hacker known as Unu, who earlier this year uncovered a hole in a website run by Kaspersky Lab, exploited a blind SQL injection problem to get his hands on clear-text passwords associated with customer rec... read more»

Cybersecurity Malaysia sets up Malware research center

(from Balita at 26-11-2009)

CyberSecurity Malaysia has set up CyberSecurity Malaysia Malware Research Center to ensure that Malaysians are adequately prepared and protected from malware. In a statement, CyberSecurity said the centre would come up with better techniques to detect and mitigate malware threat, advisories and alerts on malware information with local and international partners and the development of expertise to deal with malware. "Left unchecked, malware can compromise a user's confidential information, ex... read more»

Spammer Alan Ralsky jailed for 4 years

(from Metro at 26-11-2009)

A notorious e-mail 'spammer' has been jailed for more than four years for a 2005 stock fraud which netted him £1.6million. Alan Ralsky, from West Bloomfield, Michigan, sent millions of unsolicited e-mails trying to influence Chinese stock prices.... read more»

24 of the 100 top HTTPS sites now safe from TLS renegotiation attacks

(from Netcraft at 26-11-2009)

24 of the 100 most popular HTTPS websites appear to be safe from the recently documented TLS renegotiation flaws. Meanwhile, the other 76 sites are still vulnerable to renegotiation attacks, which allow a man-in-the-middle attacker to inject data into secure communication streams. To demonstrate the seriousness of the issue, Anil Kurmus published details of an attack scenario that showed how the flaw could be used to steal passwords from vulnerable sites such as Twitter.... read more»

Preventing cyber terrorism in India

(from MeriNews at 26-11-2009)

CYBER TERRORISM is becoming a big nuisance for India and India has to be technologically as well as legally sound to tackle the menace of cyber terrorism. There is an emergent need to amend the cyber law of India, ie Information Technology Act, 2000 (IT Act, 2000) in this regard as a single provision is not sufficient as per the cyber law experts.... read more»

Cyber Security In India Must Be Strengthened

(from groundreport at 26-11-2009)

Cyber security is very important to protect businesses, governments and general public at large. The same must be a part of the national policy of a nation. Unfortunately, cyber security in India is an ignored world. There are many factors that are ailing cyber security in India. In the Indian context, we have a very weak cyber law, negligible cyber security and cyber forensics and almost missing legal enablement of ICT systems.... read more»

Top 10 Cyber Monday Threats

(from ChannelWeb at 26-11-2009)

As the holiday season ramps up, time-strapped users will inevitably be less discriminating about where they go to shop for the hottest holiday gifts. In fact, attackers are banking on the fact that holiday shoppers will be so rushed they will ignore obvious red flags -- like the absence of a padlock icon on a Web page -- in an effort to get affordable prices or a scarce holiday item.... read more»

ENISA Report Examines Cloud Computing and Privacy

(from EPIC at 26-11-2009)

The European Network and Information Security Agency has released a new report on Cloud Computing. The ENISA report recommends that European officials determine the application of data protection laws to cloud computing services. The report also considers whether personal data may be transferred to countries lacking adequate privacy protection, whether customers should be notified of data breaches, and rules concerning law enforcement access to private data. Earlier this year, EPIC filed a c... read more»

AVG Predicts Internet Security Threats in 2010

(from NewsMaker at 26-11-2009)

Every year most of the security vendors' forecasts predict dramatic spikes in volumes of spam, phishing, botnet activity, and malware. And unfortunately, every year these predictions come true. While we’d prefer not to be sowing seeds of fear, uncertainty and doubt, the cyber criminals are succeeding on such a scale and making so much money, that each year they are able to invest in better and more automated ways to run their rapidly expanding and increasingly sophisticated operations. So onc... read more»

Man guilty of selling fake chips to US Navy

(from Channel Register at 26-11-2009)

A 32-year-old California man has pleaded guilty to selling thousands of counterfeit computer processors to the US Navy. Neil Felahy of Newport Coast, California pleaded guilty to conspiracy and trafficking in counterfeit goods charges. As part of a plea bargain Felahy has agreed to co-operate with the US authorities.... read more»

Privacy and Security Risks when Authenticating on the Internet with European eID Cards

(from Enisa at 26-11-2009)

Whenever we use internet services, the first steps we take are usually identification (we input our names) and authentication (we prove that it is us). How we actually identify and authenticate ourselves depends on the security level of the application. The means used can vary from a simple combination of username and password, through a secret PIN, to a PIN generated by some external device or a smart card using cryptography. Smart cards are being used increasingly for authentication purpose... read more»

Advertisers say new cookie law met by browser settings

(from The Register at 26-11-2009)

Advertising trade bodies have claimed that a new law passed this week by the European Parliament will not require website publishers to ask permission to put cookies on a user's computer. They argue that browser settings will imply consent. The European Parliament today voted to approve the European Commission's Telecoms Package of reforms. Part of that package of reforms was a change to EU law on the use of cookies.... read more»

SANS AppSec 2010 in conjunction with the WhatWorks in Application Security Summit

(from SANS at 26-11-2009)

Dear Colleague, I am pleased to invite you to our first Annual SANS AppSec 2010 Conference in San Francisco January 29-February 3. If you are a developer, you need the knowledge and skills to prevent attacks that come through the application layer. Secure coding courses can prepare programmers and developers for certifications and return them to work with the skills to immediately impact current and new projects so jobs will be done right the first time. This will save your organization and y... read more»

Highlights of Xcon 2009

(from avertlabs at 26-11-2009)

This is my 4th time to attend Xcon (Xfocus Information Security Conference), and the 3rd time being a speaker. Xcon is the biggest and most influential non-governmental computer security technical conference in China, actually for most Chinese security researcher it’s not only a technical event, but also a big party where they can meet old friends, make new friends, and communicate their ideas among a group of security technical geeks.... read more»

3G means more pxxx, China laments amid cleanup

(from mis-asia at 26-11-2009)

China called for a cleanup of mobile pxxx Web sites on Wednesday, blaming their rise on high-speed mobile data services, deployment of which has otherwise been a point of pride for the country. China issued 3G (third generation) mobile network licenses to its three mobile carriers early this year, and the number of 3G users in China has slowly climbed since then.... read more»

EUROSEC 2010 - European Workshop on System Security

(from iseclab at 26-11-2009)

EuroSec seeks contributions on all aspects of systems security. Topics of interest include (but are not limited to): * new attacks, evasion techniques, and defenses * operating system security * network/distributed systems security * hardware architectures * "trusted computing" and its applications * identity management, anonymity * small trusted computing bases * mobile systems security * measuring security * malicious code analysis and detect... read more»

Cyber attacks: Charities can fight back

(from mis-asia at 26-11-2009)

The reach and convenience offered by the Internet has opened more doors for charities and non-profit organisations seeking funds to support their causes. Many charities, for example, take credit cards online to accept donations. However, this ability has also made them a target for cyber attacks. While charities exist to help the disadvantaged, they require the same security controls as large, for-profit enterprises when it comes to safeguarding funds and donor information. TechSoup Global,... read more»

Google execs on trial for bullying video

(from The Age - Australia at 26-11-2009)

Italian prosecutors sought six-month to a year sentences for four Google executives on Wednesday over an internet video showing the bullying of a teenager with Down Syndrome, the company said. The four executives have been on trial in a Milan court over the video, which prosecutors argue Google had a legal responsibility to prevent it being shown.... read more»

Ingenuity and hard work - 20 years of internet in Australia

(from The Age - Australia at 26-11-2009)

Only two decades ago if you told somebody that the world would be electronically connected, with people in Sydney able to talk to those in New York, London and Tokyo with the click of a button, you would probably have been laughed at. Today email, social networking, P2P connections and all the other internet features we take for granted are so ingrained in our daily lives that those without risk missing out.... read more»

Five Tips to Shop Black Friday and Cyber Monday Securely

(from Yahoo Tech at 26-11-2009)

This Friday is Black Friday--officially kicking off the 2009 holiday shopping season. Online attackers and malware developers know how to capitalize on current events, and the rush to find great holiday bargains offers a prime opportunity to exploit eager shoppers. Here are five tips to help you shop online securely.... read more»

ACCC receives 12,000 online scam complaints

(from Computer World at 26-11-2009)

Online scams were the source of close to 12,000 complaints to the ACCC in the 2008-09 period, yet the consumer watchdog “concluded” just two instances of what it believed be cybercrime-related breaches to the Trade Practices Act. Speaking at the House of Representatives Standing Committee on Communications into cybercrime, ACCC group general manager, Enforcement Operations Scott Gregson said the decision to take action in two out of 11,998 cases was based on focusing the agency’s resources on... read more»

Obama Wants Computer Privacy Ruling Overturned

(from Wired at 26-11-2009)

The Obama administration is seeking to reverse a federal appeals court decision that dramatically narrows the government’s search-and-seizure powers in the digital age. The 9th U.S. Circuit Court of Appeals’ 9-2 decision offered Miranda-style guidelines to prosecutors and judges on how to protect Fourth Amendment privacy rights while conducting computer searches.... read more»

Ex-charity worker charged with computer crime

(from seattlepi at 26-11-2009)

A former employee of a Federal Way-based children's charity has been charged with computer crimes following allegations that he sabotaged his former employer's network. In charging documents, King County prosecutors contend Ricardo T. Valencia, 35, broke into the World Vision server system in the week preceding July 3. The malicious conduct, prosecutors allege, continued in the following weeks, ultimately costing the international children's charity $12,500 in repairs.... read more»

Not Kind, Not Gentle. The turn of the decade in security

(from fasthorizon at 25-11-2009)

The most painful thing we learned is that computer security hasn’t worked. We are, at this very moment, MORE insecure than we were in the year 2000. Billions of dollars were wasted on security technology that isn't working. In the last ten years, true cybercrime was born. Maybe we were just na├»ve about the coming storm. At the turn of the century, it was hard to get past the romantic idea of a university student hacker who prowled systems harmlessly for fun. Blocking ports and preventing network... read more»

Goldmine of black market in Russian data

(from FT at 25-11-2009)

Gorbushka Market, just outside central Moscow, does a thriving trade in any electronics good you could want: mobile phones, plasma television sets, the latest DVDs, and, if you ask to see them, software peddlers will show potential clients a list of “databases”. The confidential information is a goldmine for criminals, spies and journalists – but most of all for the the police and bureaucrats that sell the information to computer hackers, who mass produce the CDs and sell them openly through ... read more»

Redirecting DNS requests can harm the Internet, says ICANN

(from Network World at 25-11-2009)

ICANN (Internet Corporation for Assigned Names and Numbers) on Tuesday condemned the practice of redirecting Internet users to a third-party Web site or portal when they misspell a Web address and type a domain name that does not exist. Rather than return an error message for DNS (Domain Name System) requests for nonexistent domains, some DNS operators send back the IP (Internet Protocol) address of another domain, a process known as NXDOMAIN substitution. The target address is often a Web po... read more»

IT Security Predictions for 2010

(from EWeek at 25-11-2009)

In the past 12 months, the security industry saw a resurgence of worms, an increase in rogue antivirus software scams and much, much more. But with the sun setting on 2009, security pros are turning their eyes toward the coming year. In it, they see a future with a threat landscape not all that much different from the present – but with a few changes in scenery.... read more»

The Intelligent Response to Hackers and Insiders!

(from white-hats at 25-11-2009)

This is the last call for the meeting at 10:00 on Friday 4 December 2009 at the Institute of Directors, London. "Developing The Human Firewall - Real World Examples" We've been talking about security awareness and training for years, but now some organisations are putting their money into really getting the message across to their staff. Peter will talk about some recent security awareness projects and show how professional videos, podcasts, news articles and even crosswor... read more»

FBI Puts Cyber Threats in Perspective

(from govinfosecurity at 25-11-2009)

The FBI considers the cyber threat against our nation to be one of the greatest concerns of the 21st century. Despite the enormous advantages of the Internet, our networked systems have a gaping and widening hole in the security posture of both our private sector and government systems. An increasing array of sophisticated state and non-state actors have the capability to steal, alter or destroy our sensitive data and, in the worst of cases, to manipulate from afar the process control systems... read more»

EBay promises compensation after website crash

(from TGDaily at 25-11-2009)

EBay looks set to face a massive compensation bill after its website crashed over the weekend. The site was down for several hours on Saturday, causing vendors to lose sales, and raising the possibility that items may have been sold for lower bids than necessary. The company says it's confident that it's now fixed the software problem, and says it won’t happen again. But providing compensation is likely to cost it dear.... read more»

Radiant Systems and Computer World responsible for breach affecting restaurants – lawsuit

(from databreaches at 25-11-2009)

According to a statement provided to by Charles Hoff of the Law Offices of Charles Y. Hoff, PC, general counsel for the Georgia Restaurant Association and one of the attorneys acting as a legal advisor to the restaurants in the lawsuit, the plaintiffs “do not have any exact numbers from the Secret Service but have been told that it is believed that dozens of restaurants as well as some hotels were victims of security breaches.” Seven restaurants in Louisiana and Mississippi a... read more»

Fake online anti-virus softwares bug computer users

(from India Times at 25-11-2009)

For users seeking to quarantine their computers by using anti-virus software made available online, fake anti-virus (FAV) is a growing, invisible threat. While it’s much easier to identify a malicious software code received through a spam mail, or other suspicious attachments, FAVs are making it difficult for users to escape from them, because such ‘pop ups’ usually offer to remove viruses from an ‘infected’ computer.... read more»

SHODAN, The Best Computer Search Engine, Ever

(from marcoramilli at 25-11-2009)

SHODAN lets you find servers/ routers/ etc. by using the simple search bar up above. Most of the data in the index covers web servers at the moment, but there is some data on FTP, Telnet and SSH services as well. Let me know which services interest you the most and I'll prioritize them in my scanning.... read more»

Four in five S'poreans at risk from online fraud

(from asiaone at 25-11-2009)

Some one in four Singaporeans are vulnerable to online fraud, with many unable to identify the differences between a fake phishing site from a secure one, a survey shown. The YouGov survey was conducted by computer security firm VeriSign in eight countries globally between May and August this year. Singaporeans were ranked the sixth most vulnerable to online threats, with an 83 per cent risk. Web users from the UK and the US were ranked as the most vulnerable at 88 per cent. India was rank... read more»

Jacksonville Legal Aid worker accused of stealing clients’ identities

(from jacksonville at 25-11-2009)

A receptionist for Jacksonville Area Legal Aid surrendered Tuesday on charges she stole the identities of at least 20 clients and used the information to obtain thousands of dollars’ worth of payday loans. Tashannyo Adena Medley remained free on unsecured bail and was ordered to be in court Monday to answer charges of fraud and identity theft.... read more»

Whirlpool, Overclockers face 'malicious' security scare

(from SecureComputing at 25-11-2009)

Australia's largest technology forums - Whirlpool and Overclockers - had security breaches at the weekend. Founder of PC hardware forum Overclockers, James Rolfe, said he had become aware of the issue on Saturday.... read more»

Workers stealing data for competitive edge

(from Net-Security at 25-11-2009)

The recession is creating camaraderie amongst workforces, at the expense of their employers, is the finding of a transatlantic survey. Carried out amongst 600 office workers in Canary Wharf London and Wall Street New York, 41% of workers have already taken sensitive data with them to their new position, whilst a third would pass on company information if it proved useful in getting friends or family a job.... read more»

'Godfather of Spam' Sentenced to 4 Years

(from EWeek at 25-11-2009)

Alan Ralsky, the man the feds nicknamed the "Godfather of Spam," was sentenced to 51 months in prison for his part in a stock fraud and spamming scheme. Three other people were sentenced as well. The so-called “Godfather of Spam” was among four people sentenced today in federal court in Detroit for involvement in a stock fraud scheme that leveraged on a virulent spam campaign.... read more»

UK companies lag behind their US counterparts in updating technology policies

(from at 25-11-2009)

The study, commissioned by Kroll Ontrack – a consultancy for paper and electronic discovery, computer forensics and ESI – revealed that only 41% of UK businesses have revisited their policies in the last 12 months with regard to mobile devices, and just 35% have done so with respect to social networking sites. Experts believe that policies regarding ESI and document retention are a critical element in a company’s ability to cope with data disclosure obligations and litigation processes.... read more»

Reigate and Banstead MP Crispin Blunt goes to Washington over cyber warfare threat

(from epsomguardian at 25-11-2009)

Reigate and Banstead MP Crispin Blunt has been out in Washington to help set up a framework to defeat cyber warfare and cyber terrorism. Mr Blunt, shadow minister for home affairs and counter terrorismn,went there to work on an international legal framework on cyber warfare with US policy makers and academics.... read more»

'Cyber terrorism next big threat to India'

(from expressbuzz at 25-11-2009)

Pakistani cyber criminals deface nearly 60 Indian websites every day, says celebrity cyber security expert Ankit Fadia, adding that cyber terrorism is the biggest threat India is facing today. "The next big war that the country may have to wage against terror will be on the Internet. The network infrastructure of the country may be attacked any time. Social networking sites like Twitter, Facebook, Orkut and Myspace may also pose a threat," Fadia told IANS in an e-mail interview. Fadia, 24,... read more»

Godfather Of Spam Receives 51-Month Sentence

(from SecurityProNews at 25-11-2009)

Ralsky received his sentence for crimes related to wire fraud, mail fraud, and violating the CAN-SPAM Act. Assistant Attorney General Lanny A. Breuer shared a few more details - and talked about the potential results of this development - in a formal statement. "Today's sentencing sends a powerful message to spammers whose goal is to manipulate financial transactions and the stock market through illegal e-mail advertisements," he said. "People who use fraudulent e-mails to drive up stock pri... read more»

Cyber terrorism next big threat to India: Cyber security whizkid

(from calcuttanews at 25-11-2009)

Pakistani cyber criminals deface nearly 60 Indian websites every day, says celebrity cyber security expert Ankit Fadia, adding that cyber terrorism is the biggest threat India is facing today. After the Mumbai terror attacks last year, Fadia worked with the police 'to decode various VoIP messages that the terrorists passed on using various VoIP software (Skype and Google Talk) before the attacks to plan the strike.... read more»

Climate change hackers leave breadcrumb trail

(from theregister at 25-11-2009)

The hackers who leaked more than 1,000 emails from one of the top climate research centers may have used an open proxy to cover their tracks, but that doesn't mean authorities can't figure out who they are. Rob Graham, CEO of penetration testing firm Errata Security, said his analysis suggests that the hackers used three open proxies when they posted a 61 MB Zip file of email belonging to staff at the University of East Anglia's Climate Research Unit. CRU officials say they've brought in poli... read more»

Cyber Terrorism In India Is A National Security Hazard

(from groundreport at 25-11-2009)

Cyber law of India has covered a long distance. It has covered a journey from Informationn Technology Act, 2000 (IT Act, 2000) to the Information Technology Amendment Act 2008 (IT Act 2008). Just like any other technology law, the IT Act, 2000 is also far from perfect. Also with the passage of time, new provisions must be incorporated to address the issues of cyber crimes and online transactions.... read more»

Updated: Federal Government launches cybercrime fighting team

(from ArNnet at 25-11-2009)

The Federal Government has launched its cyber security strategy and created a new quick-response team to deal with digital threats. According to a joint release by the Attorney-General, Robert McClelland, Minister for Broadband, Communications and the Digital Economy, Senator Stephen Conroy, and Minister for Defence, Senator John Faulkner, the plan is the first of its kind in Australia.... read more»

Cyber breaches are a closely kept secret

(from Reuters at 25-11-2009)

Cybercriminals regularly breach computer security systems, stealing millions of dollars and credit card numbers in cases that companies keep secret, said the FBI's top Internet crimes investigator on Tuesday. For every break-in like the highly publicized attacks against TJX Co (TJX.N) and Heartland Payment (HPY.N), where hacker rings stole millions of credit card numbers, there are many more that never make the news.... read more»

Comments on net neutrality irk AT& T

(from washingtonpost at 25-11-2009)

AT&T doesn't like the idea of new regulations mandating unfettered access to the Internet, and recent comments from the Obama administration that connected the issue to censorship in China have really gotten under its skin. The telecom giant responded forcefully this week to remarks by White House deputy chief technology officer Andrew McLaughlin, who said that free speech and network neutrality are "intrinsically linked." Net neutrality rules are being crafted by federal regulators that woul... read more»

Recession could cause employees to steal data to help themselves or others

(from scmagazineuk at 25-11-2009)

A third of workers would steal data to help a friend get a job while 13 per cent would take access and password codes if they were fired. According to the ‘the global recession and its effect on work ethics' survey by Cyber-Ark, 48 per cent of respondents admitted that they would take company information with them if they were fired tomorrow. Of the respondents, 39 per cent would download company/competitive information if they found that their job was at risk and a quarter said that the r... read more»

Cloud security front and centre

(from ComputerWorldUk at 25-11-2009)

Cloud computing is the latest trend that has the industry abuzz. Everywhere you go, there are cloud services for every functionality imaginable. Many believe that cloud computing can deliver massive business and operational efficiencies. There is even a movement at the national level: Vivek Kundra, the US’s recently named federal CIO, is being tasked to push the adoption of cloud-based services across the federal IT landscape.... read more»

IT as Utility, that is just stupid and Wrong

(from uncommon sense security at 25-11-2009)

We've heard this idiocy from a variety of smart people, including Nicholas Carr and even The Bruce, and there is some truth to it- some parts of IT are becoming commodities, and IT is certainly evolving. Some people have extrapolated these ideas into saying that careers in IT are dead-ends. Now I've got nothing against the judicious use of hype and hyperbole to make a point, but these ideas fall apart pretty quickly under a little scrutiny. As far as "death" of the careers, these lies are... read more»

Case of the purloined term paper; when work is resold

(from USA Today at 25-11-2009)

Melinda Rieboldt's kids were Googling her name for fun when they found it: A college paper she had helped write as part of a group project while pursuing an MBA. It was available on at least five websites that sell research papers to students. Rieboldt, who graduated last year from the University of Phoenix in Pleasanton, Calif., doesn't know how the websites got the paper, on the topic of global communications. Nor, she says, do her five co-authors."None of us did it," she says. But they're ... read more»

Thanksgiving Links Latest Recipe for Malware

(from InternetNews at 25-11-2009)

CA is warning Internet users searching for the perfect pumpkin pie recipe or turkey-cooking directions to be on high alert for the latest batch of socially engineered malware traps. In a new blog posting, CA security team members this week have identified numerous malicious Thanksgiving-related links designed to ferret out personal data from link-happy holiday revelers.... read more»

Report: China's After U.S. Secrets, Technology

(from DarkReading at 25-11-2009)

China has increased its cyber espionage efforts to acquire U.S. secrets and technology, a Congressional advisory group warned in a report issued on Thursday. Echoing its 2008 and 2007 reports, which labeled China's espionage efforts "the single greatest risk to the security of American technologies," the U.S.-China Economic and Security Review Commission (USCC) said in its 2009 annual report that "there has been a marked increase in cyber intrusions originating in China and targeting U.S. gov... read more»

AVG's Nick FitzGerald on emerging threats

(from Computer World at 25-11-2009)

Nick FitzGerald, AVG's Christchurch-based emerging threats researcher, is a former editor of the UK's prestigious Virus Bulletin publication. Computerworld asked about his role, the threats he's seeing and how users can boost online security. My biggest concern is the continuing ease with which the organised crime groups behind most malware these days act much like other legitimate businesses. They buy professional advertising served by legitimate ad-serving networks, and yes, even the bigges... read more»

Passport data to be copied in Kiwicon demo

(from Computer World at 25-11-2009)

This weekend Nick von Dadelszen is going to use a $25 Snapper Card reader to extract data from a New Zealand e-passport and copy it to a new smartcard. He also plans to release tools to allow the reader to read other types of smartcards, he says, and to show how information can be extracted from chipped credit cards and used to create a "similar looking" card. Rather, it is one of several demonstrations he hopes will raise awareness of issues around smart card security.... read more»

Postsecondary phishing scams prevalent

(from The Gateway Online at 25-11-2009)

Universities across the world are facing a slew of phishing scams, with both students and staff falling victim to spammers who trick them into divulging personal information, including university webmail usernames and passwords. Steve Hillman, an information technology architect at Simon Fraser University, describes phishing as an attempt to collect online IDs and passwords to access their systems and can take on different forms.... read more»

One in three workers would steal data

(from IT Pro at 25-11-2009)

An alarming number of people would consider stealing sensitive data from their employer if it suited their own ends, and the figure is rising, new research has found. One in three employees canvassed by information security company Cyber-Ark said they had used their employee permissions to access privileged corporate information such as HR records and customer databases without authorisation.... read more»

Top 10 Black Friday Websites

(from PCWorld at 25-11-2009)

Black Friday is only days away, and while early sales have been heating up this year, the day after Thanksgiving will still be a day for big bargains. If you haven't already, you should get warmed up for the big shopping day by checking out PC World's 10 Fascinating Facts (they're really tips) for Black Friday 2009, 8 tech tools to keep you on top of this year's deals, and some online shopping pointers from Black Friday pros.... read more»

The Year Of The Mega Data Breach

(from Forbes at 25-11-2009)

Glance at 2009's data breach statistics, and you might think the IT world had scored a rare win in the endless struggle against cybercrime. According to the Identity Theft Resource Center, government agencies and businesses reported 435 breaches as of Nov. 17, on track to show a 50% drop from the number of breaches reported in 2008. That would make 2009 the first year that the number of reported data breaches has dropped since 2005, when the ITRC started counting.... read more»

Lack of backup foils Va.‘s new IT system

(from TimesDispatch at 25-11-2009)

Virginia's expensive new state IT system does not have network backups in case connections between its computers fail. In just five weeks this fall, the Virginia Department of Motor Vehicles suffered 12 computer system outages, putting individual offices out of business for a total of more than 100 hours. One outage lasted 29 hours, another 17. "The problem of no-redundancy . . . accounts for 90 percent of our outages," said David W. Burhop, the DMV's chief information officer.... read more»

Debate on Cyber Security Issues Facing Brazil: Video

(from Imperva at 25-11-2009)

During my business trip to Sao Paulo Brazil earlier this quarter I participated in a televised round table with multiple government and enterprise representatives from Brazil. There were also over 400 senior level individuals around the country connected in via audio/video streaming where they were able to follow along and participate in a lively Q&A.... read more»

'Very evil' conman jailed over $4m scam

(from The Sydney Morning Herald at 25-11-2009)

An "evil'' US conman who portrayed himself as a "Hanoi Hilton'' prisoner of war survivor to scam victims in Australia, New Zealand and the US out of almost $US4 million ($4.3 million) has been jailed. Robert William Searles, 71, was sentenced in a court in Tulsa, Oklahoma, on Tuesday to four years and nine months in a US federal prison.... read more»

25% of office workers would steal company data

(from NetworkWorld at 25-11-2009)

A quarter of office workers would steal sensitive company data if they thought it would help a friend or family member secure a job, says Cyber-Ark Software. Research by the data security firm also revealed that four out of ten office workers claimed they had already taken sensitive company data while USB flash memory drives were the media of choice for transporting data from the office.... read more»

Fasthosts in day-long email FAIL

(from The Register at 25-11-2009)

Customers of Fasthosts - the UK-based webhost - have been without both POP and web-based email for much of the day, complaining that such outages have become, shall we say, far too prevalent in recent months. A half-dozen users have contacted The Reg about the outage, and countless others have complained via posts to the web. According to web posts, the problem began as early as Monday evening.... read more»

Men sentenced in University Hospital records theft

(from Sltrib at 25-11-2009)

A garden-variety car burglary in Kearns caused widespread concern last year when police learned a stolen metal case contained tapes with the personal information of about 1.5 million University Hospital patients. The U. spent about $500,000 notifying patients of the potential for identity theft, and offered free credit monitoring. But most of the panic subsided a month later when the records were returned uncompromised, and Monday the criminal case also ended quietly.... read more»

Opera web browser 'censors' Chinese content

(from BBC at 25-11-2009)

Web browser Opera has closed a loophole which allowed Chinese users to access sites banned by the government. At the weekend mobile users of the Opera Mini browser were asked to upgrade to a Chinese version. According to the BBC's Beijing Bureau, this version no longer allows access to sites such as Facebook. Previously traffic ran over Opera servers bypassing the so-called Great Firewall of China, making the browser popular with Chinese users.... read more»

A bad day for browsers, severe flaws... again

(from Sophos at 25-11-2009)

Microsoft just posted an advisory on the recently discovered zero day flaw in Internet Explorer 6 and 7. Opera has also released a patch this week to a "Extremely Severe" vulnerability in their JavaScript engine. The heap overflow could lead to execution of code and users should upgrade to version 10.10 immediately. This might seem like a good week to be a Chrome, Firefox or Safari user, yet they have all had major vulnerabilities patched in recent weeks as well. We need to be consistently vi... read more»

Wikipedia shows signs of stalling as number of volunteers falls sharply

(from Times Online at 25-11-2009)

It was one of the internet’s most ambitious, radical and ultimately successful ideas. Eight years ago Wikipedia, the free online encyclopaedia that allows anyone to write and edit articles, declared that it would provide access to “the sum of all human knowledge”. It soon became one of world’s most popular websites.... read more»

Spain warned on filesharing cut-offs

(from The Register at 25-11-2009)

Communications Commissioner Viviane Reding has warned Spain to look carefully at proposals to cut off alleged illegal filesharers. She said such a policy ran counter to European values and laws and that a new approach to protecting intellectual property was required. Reding said: "If Spain cuts off internet access without a procedure in front of a judge, it would certainly run into conflict with the European Commission." She said repression alone would not solve the problem and that any actio... read more»

SANS WhatWorks in Incident Detection Summit 2009

(from Internet Storm Center at 25-11-2009)

Why should you attend the SANS WhatWorks in Incident Detection Summit 2009? Following the success of the 2008 and 2009 editions of the SANS WhatWorks in Forensics and Incident Response Summits, SANS is teaming with Richard Bejtlich to create a practioner-focused event dedicated to incident detection operations. The SANS WhatWorks in Incident Detection Summit 2009 will share tools, tactics, and techniques practiced by some of the world's greatest incident detectors. The Summit will offer two f... read more»

Workers would steal data to help their friends into work

(from Computing at 25-11-2009)

One third of UK and US workers would steal data to help their friends find a job, according to a recent study. In the study, conducted by digital account management specialists Cyber Ark, 600 office workers were interviewed in Canary Wharf, London and Wall Street, New York. It found that 41 per cent of workers have already taken sensitive information from their employers, and one third would pass on company information if it proves useful to getting friends or family a job.... read more»

Panic button plan to beat cyber-predators

(from The Age - Australia at 25-11-2009)

Children who feel they are being bullied, harassed or groomed online could call for help instantly using a "panic button" on their PCs under a plan being considered by the Federal Government's cyber-safety working group. Parents would be offered the ability to download and install the "widget" on their children's computers and, if the kids encounter serious trouble online, pushing the button could connect them instantly to police or child protection groups.... read more»

Online financial security threats: What can we expect in 2010?

(from Net-Security at 25-11-2009)

Proliferation of phishing and emergence of SMShing - fraudsters now use more realistic emails and other points of 'e-contact' to try and entice credentials from unsuspecting victims. Previously, SMS was considered to be a solution to the problem of unauthorised account access, since it was assumed sending a one-time use password to a mobile phone would create a barrier to scammers trying to gain access to accounts. Instead, however, it provides a new way for them to get their hands on creden... read more»

Mobile data security doubts

(from Net-Security at 25-11-2009)

A survey of 104 enterprise mobility professionals showed that more than two thirds of European organizations surveyed are not fully aware what sensitive data is stored within employees' mobile devices. Furthermore, 38% of those questioned are not aware of what applications are on employees' mobile devices, let alone what sensitive data is within the applications.... read more»

NFL player David Clowney is Twitter-hacked

(from Sophos at 25-11-2009)

David Clowney is not unusual in being a 24-year-old who is hooked on Twitter.No, what makes David Clowney stand out from the crowd is that he's a talented American football player, who appears for the New York Jets. And now, like other celebrities before him, his Twitter account has been hacked. What is perhaps bizarre is that although David Clowney has acknowledged the hack on his Twitter account, he hasn't deleted the (somewhat fruity) postings made by the hacker.... read more»

Brazil E-Voting Machines Not Hacked... But Van Eck Phreaking Allowed Hacker To Record Votes

(from Techdirt at 25-11-2009)

Last week, we noted that an attempt to let hackers crack e-voting machines in Brazil failed, but Slashdot points out that someone did use some Van Eck phreaking to figure out who people voted for. While that's not quite the same as hacking the results of an election, it could lead to questions about privacy and how anonymous voting really is. Of course, to some extent, this has always been a risk with e-voting systems, but it hasn't received that much attention.... read more»

IT strategy: Serious data breaches are set to rise

(from financialdirector at 25-11-2009)

The time has come to pour a glass of mulled wine and reflect on the technology trends and drivers that have categorised 2009 .Perhaps more worryingly, November saw the announcement that local authorities and police forces will carry on transferring potentially sensitive data obtained using Regulation of Investigatory Powers Act ‘spying powers’, without encryption. The reason for this data disaster waiting to happen? According to the Home Office, mandatory encryption would be ‘impractical’.... read more»

UK jails schizophrenic for refusal to decrypt files

(from The Register at 25-11-2009)

The first person jailed under draconian UK police powers that Ministers said were vital to battle terrorism and serious crime has been identified by The Register as a schizophrenic science hobbyist with no previous criminal record. His crime was a persistent refusal to give counter-terrorism police the keys to decrypt his computer files.... read more»

European Parliament adopts telecom law after bitter debate

(from ComputerWorld at 25-11-2009)

After two years of often bitter debate, the European Parliament approved a raft of new telecom laws Tuesday. Majority support for the package was achieved after the Parliament reached a compromise with national governments earlier this month on the controversial issue of illegal file sharing over the internet. The laws are designed to give European citizens cheaper telecom services, more privacy and a faster internet. They pave the way for a more competitive single market in telecom servic... read more»

'Godfather of Spam' sentenced to four years in prison

(from ComputerWorld at 25-11-2009)

One of the most notorious US-based spammers was sentenced to more than four years in jail yesterday for a scheme that used spam to manipulate stock prices in order to make a profit. Alan Ralsky, 64, of West Bloomfield, Michigan, was sentenced to 51 months in prison in US District Court for the Eastern District of Michigan, according a statement from the US Department of Justice (DOJ). Ralsky pleaded guilty in June to conspiring to commit wire fraud, mail fraud and violating the CAN-SPAM act.... read more»

A Different Slant on Cyber Security

(from securitydebrief at 24-11-2009)

A recent article in Congressional Quarterly’s Homeland Security edition looked into a very different aspect of our government’s cyber security efforts. More than anything else, the story shows how pervasive cyber issues have become. CQ visited the Cyber Crimes Center belonging to Immigration and Customs Enforcement (ICE). ICE is one of the many misunderstood and under-appreciated law enforcement organizations within the Department of Homeland Security (DHS). They labor long and hard to protect u... read more»

Lawyers concerned about finding internal data

(from Computing at 24-11-2009)

In-house lawyers at large firms are concerned that they will be unable to find relevant data in the case of litigation, according to a survey from KPMG. Half of respondents admit to being concerned about the legal department’s ability to find data, and nearly two in five respondents admit it would be difficult to retrieve relevant data in the event of a regulatory investigation or major litigation.... read more»

Survey Finds That 85 Percent of Workers Know It's Illegal to Steal Corporate Data, Yet Many Are Willing to Risk the Consequences

(from cyber-ark at 24-11-2009)

Stealing employer data has become endemic in our culture. According to a survey conducted with 300 office workers in New York City examining the impact of the recession on ethics and security, 85 percent of the respondents admitted to knowing that downloading corporate information from their employer was illegal, yet a quarter of those surveyed would take the data regardless of the penalties. In fact, 41 percent of respondents have already taken sensitive data with them to a new position, while ... read more»

FICORA urges network operators to take action to thwart phishing, pharming

(from Ficora at 24-11-2009)

The Finnish Communications Regulatory Authority (FICORA) issued a letter to Finnish telecom operators yesterday urging them to take action against Phishing and Pharming attempts directed against Finnish online banking service users. A block of networks in the United States has been identified as participating in sustained attacks against online banking service users. This is the first time FICORA has requested such actions since June, when a bill introducing the operators a mandate to thwart... read more»

IOCE Annual Conference 2009

(from cyberpolice at 24-11-2009)

The International Organization on Computer Evidence (IOCE) will hold the international conference in Tokyo. The purpose of the conference shall be to discuss levels of international standards relating to the topics in computer investigation and digital forensics. IOCE was established in 1992 and is highly repected by global law enforcement communities. In 1998, the G8 High-Tech Crime Sub-Group appointed IOCE to draw International principles for the procedures relating to digital evidence, whi... read more»

Retailers look to stretch out Cyber Monday push

(from mercurynews at 24-11-2009)

Retailers are thinking beyond Cyber Monday — a holiday marketing promotion many push for the Monday after Thanksgiving — and trying to spin their discounts into Cyber Weekends or even Cyber Weeks. Target, Walmart, Toys R Us and others will be running online sales throughout the holiday weekend, with additional sales Nov. 30, or Cyber Monday. J.C. Penney will offer online sales for items such as clothes and electronics on Monday and Tuesday, and will offer deals starting Monday thr... read more»

Introduce courses on cyber security in schools: Ankit Fadia

(from at 24-11-2009)

Indian authorities should introduce courses on cyber security in schools and colleges besides setting up police cyber cells manned by tech-savvy officers in all cities to prevent online attacks, cyber security expert Ankit Fadia said here Monday. The 24-year-old Fadia -who calls himself an ‘ethical hacker’ and advises companies, governmental bodies and security agencies both in India and abroad on cyber security - also said India should seek international [^] cooperation to check cyber crimes... read more»

Children's Online Safety Risks Give US Parents Nightmares: Report

(from MedIndia at 24-11-2009)

Parents across the United States have a wide range of concerns about the safety of their children's lives online, finds a new report. Eighty-one percent of parents report their children, ages 9 - 17, use the Internet and access Web sites without adult supervision.Forty-six percent of parents report children ages 9 - 17, who access the Internetby themselves have their own social networking profiles on sites like Facebook, MySpace and BlackPlanet.... read more»

Why IT managers drink: 10 issues that drive them to the bottle

(from SunbeltBlog at 24-11-2009)

PCAuthority just carried a great feature “Top 10 issues overloading IT managers,” that everyone should read. Nearly all of us who work with these demon machines depend on the IT folks. There are a lot of things we can do to make their lives easier (or at least not make their lives more hellish.) The ten issues are: 10. Cloud integration (is waaaay complicated and must be done right. Integrating with local resources is both a technical and management issue.) 9. Internal/external data bre... read more»

Cyber Risk Report November 16–22, 2009

(from Cisco at 24-11-2009)

The Cyber Risk Report is a strategic intelligence product that highlights current security activity and mid- to long-range perspectives. The report addresses seven major risk management categories: vulnerability, physical, legal, trust, identity, human, and geopolitical. Cyber Risk Reports are powered by Cisco Security Intelligence Operations, an advanced security infrastructure that identifies, analyzes, and defends against threats to keep organizations informed and protected. Cyber Risk Report... read more»

Federal Government unveils a new CERT

(from SecureComputing at 24-11-2009)

The Federal Government has unveiled a new point of contact for cyber-security issues in Australia.CERT Australia, announced last night by Attorney General Robert McClelland, would combine existing CERT arrangements under the one organisation. The CERT, which would be created using $8.8 million worth of funding announced in May, would be set-up as one of the recommendations from the E-Security Review 2008.The government has also suspended funding for the Computer Network Vulnerability Assessme... read more»

Mich. spammer gets 4 years in stock fraud scheme

(from Yahoo News at 24-11-2009)

A federal judge has sentenced a suburban Detroit man described as one of the world's most prolific senders of spam e-mail to more than four years in prison for his role in a 2005 stock fraud scheme that netted him $2.7 million. Alan Ralsky of Oakland County's West Bloomfield Township pleaded guilty in June to fraud and acknowledged that he sent millions of unsolicited e-mails trying to influence Chinese stock prices. Ralsky told Detroit U.S. District Judge Marianne Battani during Monday's ... read more»

Taking Steps to Protect the Network on Cyber Monday

(from tonybradley at 24-11-2009)

Cyber Monday is coming soon – many SMBs aren’t protected from the threats posed by employees online shopping from work. Online holiday season retail sales grew 12 percent (Forrester Research Inc.) last year and much of this was done by employees using company computers in the workplace. Last year, 55.8 percent of workers with Internet access said they planned to shop online on Cyber Monday (National Retail Federation).... read more»

Top 5 Mega Trends that Increase Risks

(from govinfosecurity at 24-11-2009)

The main takeaway from a survey released last week by a privacy and data protection think tank is that the newer a mega trend, the harder it would be to secure data and systems connected with it. The top five mega trends that increase security risks within government agencies, as identified by 217 senior federal IT pros surveyed by the think tank, Ponemon Institute: 1. Unstructured data (79 percent of responses). 2. Cyber terrorism (71 percent) 3. Mobility (63 percent) 4. We... read more»

'Godfather of spam' jailed over email fraud scam

(from The Sydney Morning Herald at 24-11-2009)

A Hong Kong resident and three other men, including a self-proclaimed "Godfather of Spam", have been jailed in the US for their roles in an email stock fraud scheme, the Justice Department said. The sentences, ranging from 32 to 51 months in prison, were handed down by US District Judge Marianne Battani in federal court in Detroit, the department said in a statement.... read more»

NIST Drafts Cybersecurity Guidance

(from informationweek at 24-11-2009)

Draft guidance from the National Institute of Standards and Technology issued last week, pushes government agencies to adopt a comprehensive, continuous approach to cybersecurity, tackling criticism that federal cybersecurity regulations have placed too much weight on periodic compliance audits. The guidance, encapsulated in a draft revision to NIST Special Publication 800-37, will likely be finalized early next year. While federal agencies aren't required to follow all of its recommendations... read more»

Government overhauls national cyber security arrangements

(from Australian IT at 24-11-2009)

BUSINESSES on the cyber frontline will get more direct help as the federal government bolsters national defences against increasing online espionage and attacks on critical infrastructure. "Many online threats are surreptitious and insidious, and the perpetrators are more inventive in their tricks," Attorney-General Robert McClelland said last night, unveiling a cyber-security strategy that positions e-security as a top priority.... read more»

Government Approaches to Cybersecurity - What are your tips?

(from Internet Storm Center at 24-11-2009)

On the heels of a recent Govenment Accounting Office (GAO) finding that many US federal agencies still are failing to adaquetly protect their systems, the National Institute for Standards and Technology (NIST) has issued new draft guidelines to revamp how the US government protects its own networks and to make up for the perceived failings of FISMA. (You can find the new guidelines here). While still in draft form, it appears the philosophy was to front-load security considerations and monitor t... read more»

Facebook Worm Uses Clickjacking in the Wild

(from theharmonyguy at 24-11-2009)

Reports have been spreading today of a new Facebook worm that posts a link to the infection page on people’s profiles. The infection page itself includes a button that users are told to click, with the promise of seeing “something hot” or dominating FarmVille. Nick FitzGerald at AVG posted a walkthrough of the worm (warning: slightly NSFW image), and when explaining how the worm operated, gave an explanation similar to that of other articles I saw: A sequence of iframes on the exploit page ca... read more»

DIMVA 2010 - Seventh International Conference on Detection of Intrusions and Malware & Vulnerability Assessment

(from DIMVA at 24-11-2009)

The annual DIMVA conference serves as a premier forum for advancing the state of the art in intrusion detection, malware detection, and vulnerability assessment. Each year DIMVA brings together international experts from academia, industry and government to present and discuss novel research in these areas. DIMVA is organized by the special interest group Security - Intrusion Detection and Response (SIDAR) of the German Informatics Society (GI). The con... read more»

Online shopping safety

(from chicagotribune at 23-11-2009)

Holiday shopping online is easy, but don't let it be too easy. Make sure you watch out for scammers and those who want to steal your identify or credit card information. Protect your computer - A computer used for online shopping should always have the most recent updates installed for spam filters, anti-virus and anti-spyware software, and a secure firewall.... read more»

11 Security Tips for Black Friday, Cyber Monday

(from CIO at 23-11-2009)

If your business is physical security, Friday is more than likely going to be a rough day. Shoppers will storm your stores the day after Thanksgiving in what has become known as Black Friday and spend, spend, spend. That's what the retailer wants, of course. But for the security pro, it means a much bigger risk of shoplifting on the part of customers and employees alike. For IT security practitioners, the day to watch is so-called Cyber Monday, when the masses turn on their office computers a... read more»

The market has rejected Linux desktops. Get over it.

(from Tech Republic at 23-11-2009)

Why hasn’t Linux succeeded on the desktop? There are several simple reasons: It’s still too much of a pain - While Ubuntu has made Linux much, much easier, it’s still not quite as easy to hook up a new printer, connect a digital camera, or manage your work calendar, for example, as it is on Windows. Plus, on the other end of the spectrum, Mac is even easier than Windows for most tasks and it has the same Unix underpinnings as Linux. As a result, in the last few years a lot of the hard-core te... read more»

IBM Outlines Top Security Trends for 2010

(from Internet News at 23-11-2009)

IBM's X-Force security research and response team has unveiled its top security trends for enterprise customers to prepare for in 2010 and, much like fashion and music, that which is old will be new again. X-Force researchers predict there will be a resurgence it what it called "old school" attacks next year with large-scare worm attacks becoming more common and the Trojan continuing to serve as the staple of the cyber threat community.... read more»

Another iPhone worm, but this one is serious

(from CNet at 23-11-2009)

Another iPhone worm has been spotted in the wild. Unlike the previous exploitation, which merely changed a jailbroken iPhone's wallpaper to a picture of Rick Astley of "Rickrolling" fame, this new threat allows hackers to steal sensitive information. According to security firm Sophos, which wrote about the exploitation after a Dutch ISP spotted it late last week, the worm attacks jailbroken iPhone and iPod Touch devices only.... read more»

Congress gets the blame for fed cyber woes

(from fierce governmentit at 23-11-2009)

A former assistant secretary for cybersecurity at the Department of Homeland Security (DHS) said the government's problems coordinating and coming up with consistent cybersecurity policies is partly the fault of Congress. Gregory Garcia, who served as assistant secretary for cybersecurity and communications at DHS from 2006 to 2008, said there are too many congressional committees dealing with cyberscurity and too many conflicting proposals coming from lawmakers.... read more»

Report: Cyberattacks against the U.S. 'rising sharply'

(from SC Magazine at 23-11-2009)

A new report prepared for Congress found that the number of cyberattacks against the U.S. government is “rising sharply” in 2009, and many of the attacks are coming from Chinese state and state-sponsored entities. During 2008, there were 54,640 total cyberattacks against the U.S. Department of Defense (DoD), according to the report, citing data provided by U.S. Strategic Command officials. See Details Report : read more»

Five ways to lose your identity (and wallet) this holiday season

(from Computer World at 23-11-2009)

The holiday season is almost here, and even in a recession huge numbers of people will likely be shopping online for gifts this year. The rush by shoppers to the Web makes the season a great time for online retailers. It's also a great time for hackers looking to steal data and money from the unwary millions expected to search for great deals online.... read more»

Symantec Japan website bamboozled by hacker

(from The Register at 23-11-2009)

A Symantec-run website was vulnerable to Blind SQL Injection problems that reportedly exposes a wealth of potentially sensitive information. Romanian hacker Unu used off-the-shelf tools (Pangolin and sqlmap) to steal a glimpse at the database behind Symantec's Japanese website. A peek at the Symantec store revealed by the hack appears to show clear-text passwords associated with customer records. Product keys held on a Symantec server in Japan were also exposed by the hack.... read more»

Episode 26 of the Who and Why Show: Secure Configuration Summaries

(from You Tube at 23-11-2009)

In the 26th episode of Team Cymru's 'The Who and Why Show', we talk with Bryan Broadhurst. Bryan is part of a team of network and security engineers, at The University of Warwick in the United Kingdom, who have just written an extremely useful set of "Configuration Summaries" to help folks from a security perspective. In this weeks show Bryan talks us through some of the more important tips from their document. See this weeks episode at at read more»

Older Microsoft Internet Explorer Vulnerable to Security Flaw

(from EWeek at 23-11-2009)

Researchers at Symantec say exploit code for a zero-day security vulnerability has been uncovered in Internet Explorer 6 and 7. Proof-of-concept code for an attack targeting old versions of Microsoft Internet Explorer has made its way online. According to Symantec, someone posted the code Nov. 20 to the Bugtraq mailing list. The code targets a flaw tied to how Internet Explorer (IE) uses cascading style sheet ( CSS ) information. CSS is used in many Web pages to define the presentation of... read more»

New state rules seek to prevent theft of customer information

(from enterprisenews at 23-11-2009)

Five years ago, identity thieves intercepted wireless transmissions from two Marshalls stores in Miami, opening the floodgates for the biggest data breach in U.S. history. Now Massachusetts businesses are gearing up to comply with new state regulations designed to prevent a repeat of the breach at TJX Cos., the parent company of the Marshalls and T.J. Maxx chains. The regulations, which take effect March 1, will make customers’ and employees’ personal information harder for hackers to access.... read more»

SOURCE Boston 2010 Information

(from sourceconference at 23-11-2009)

SOURCE Boston provides an interactive learning and networking environment allowing all participants and attendees to ask questions, talk to speakers and make the most of the experience. All of our speakers have been hand-selected by our advisory board to ensure presentation quality, effectiveness and content relevance. SOURCE is ideal for high level security professionals who are interested in both the technology and application of computer security, as well as the business practices used wi... read more»

Oracle Presents: Overview and Current Trends with GRC

(from sfisaca at 23-11-2009)

Session Synopsis GRC: It’s not just SOX anymore. Organizations today are faced with ever increasing regulatory challenges and requirements; all while being held to higher levels of accountability. The shift to GRC being the "new normal" has many organizations re-thinking what is possible. How has GRC changed? What are they key challenges organizations are faced with today? Can technology and automation change the game? Prevention vs. detection…what is truly possible?... read more»

IFSEC 2010 - Global annual security event

(from Ifsec at 23-11-2009)

IFSEC is the world's leading global annual security event, uniting over 25,000 security professionals with more than 600 world leading companies. With seven product areas, a comprehensive educational programme and Awards tied to its bow, IFSEC is the definitive security show to source all your security solutions and meet with your peers.... read more»

Infosecurity Europe 2010

(from Infosec at 23-11-2009)

Infosecurity Europe, where information security professionals address the challenges of today whilst preparing for those of tomorrow at THE No 1 industry event in Europe. Engage and participate in the unrivalled free education programme where influential global experts stimulate debate and industry practitioners share case study experiences. Enjoy the vibrant atmosphere where international solution providers showcase current and emerging technologies and deliver practical, professional & tech... read more»

HITBSecConf2010 - Hack In The Box Security Conference 2010 – Dubai

(from Hack in the Box at 23-11-2009)

The main aim of the HITBSecConf conference series is to create a truly technical and deep knowledge event in order to allow you to learn first hand on the security threats you face in todays super connected world. The HITBSecConf platform is used to enable the dissemination, discussion and sharing of critical network security information. Presented by respected members of both the mainstream network security arena as well as the underground or black hat community, our events routinely highlig... read more»

ARES 2010 - The Fifth International Conference on Availability, Reliability and Security

(from at 23-11-2009)

The Fifth International Conference on Availability, Reliability and Security (“ARES 2010 – The International Dependability Conference”) will bring together researchers and practitioners in the area of dependability. It will highlight the various aspects of dependability - with special focus on the crucial linkage between availability, reliability and security. ARES aims at a full and detailed discussion of the research issues of dependability as an integrative concept that covers amongst othe... read more»

The International Conference on Trusted Systems (INTRUST 2009)

(from tcgchina at 23-11-2009)

INTRUST 2009 is the first International Conference on the theory, technologies and applications of trusted systems. It is devoted to all aspects of trusted computing systems, including trusted modules, platforms, networks, services and applications, from their fundamental features and functionalities to design principles, architecture and implementation technologies. The goal of the conference is to bring academic and industrial researchers, designers, and implementers together with end-user... read more»

Fifth International Conference on Information Systems Security (ICISS 2009)

(from Umich at 23-11-2009)

The conference series ICISS (International Conference on Information Systems Security), held annually, provides a forum for disseminating the latest research results in information and systems security. This year's conference is at the Eastern Zonal Cultural Center in Kolkata, India. It will feature 4 keynote talks, 17 regular papers, and 4 short papers.... read more»

CANS 2009 - The 8th International Conference on Cryptology and Network Security

(from aist at 23-11-2009)

The main goal of this conference is to promote research on all aspects of network security, as well as to build a bridge between research on cryptography and on network security. We therefore welcome scientific and academic papers with this focus.... read more»

New computer worm virus may affect documents

(from The Economic Times at 23-11-2009)

China's anti-virus authorities on Sunday warned computer users to guard against new mutation of worm virus, which could infect various documents in their system. The virus, Worm_Piloyd.B, could infect documents like exe, html and asp and prevent the system from restoring the affected documents, according to the Tianjin-based National Computer Virus Emergency Response Centre.... read more»

Cloud computing security benefits, risks and recommendations

(from Help Net Security at 23-11-2009)

How can businesses and governments get the obvious benefits of cloud computing without putting their organization at risk? ENISA (the European Network and Information Security Agency) released a new report on cloud computing benefits, risks and recommendations for information security. It covers the technical, policy and legal implications and most importantly, makes concrete recommendations for how to address the risks and maximize the benefits for users. ENISA's report is the first to take ... read more»

New online virus threat comes via banner ads

(from monstersandcritics at 23-11-2009)

Recently, criminals managed to place a doctored banner ad carrying a virus on the homepage of the New York Times, a mainstay of American journalism. The fact they could do so is bad enough. Worse: it's not an isolated case. It's becoming more and more common for unsuspecting computer users to accidentally pull Trojan horses and other damaging programmes onto their computer via these ads.... read more»

Cyber criminals lurk on social networking sites

(from mercurynews at 23-11-2009)

More and more people are using social networking sites, including, sadly, criminals seeking to take advantage of the rest of us. Threats on those sites include applications and quizzes, as well as malware, worms and viruses. But the main risk, says Trend Micro's Rick Ferguson, is information you post yourself that can jeopardize your privacy and your security.... read more»

Security holding companies back from the cloud

(from IT Pro at 23-11-2009)

A European security agency says that even though the business case for cloud computing is clear, companies are holding back due to security and privacy fears. Research from ENISA on cloud computing said that concerns about privacy and the confidentiality of data were holding small to medium-sized enterprises (SMEs) back from getting involved with cloud computing. SMEs also had doubts about the availability and integrity of data, the potential loss of data and control of services, as well a... read more»

Jailbroken iPhones the target of new malicious worm

(from Computer World at 23-11-2009)

A new iPhone worm is on the loose and this time it has a sting in it’s tail – it’s malicious. Security outfit F-Secure is reporting that it has picked up a sample of a malicious iPhone worm with botnet functionality, and like the Ikee worm, it only affects jailbroken iPhones which have SSH installed and have not changed the default password.... read more»

Cyberspace the liberator is now a tyrant’s tool

(from Timesonline at 22-11-2009)

Cyberspace was born free, but everywhere it is in chains. Once a promised land inhabited by visionaries, libertarians and freedom fighters, it has become a war zone. “The Harry Potter age of the internet,” says Professor Ron Deibert, “is over.” Deibert is director of the Citizen Lab at Toronto University, which monitors state and corporate control of cyberspace. In a recent Citizen Lab survey of 69 countries, it learnt that 40 had internet restrictions.... read more»

OWASP Scotland November chapter meeting - 26th November

(from Owasp at 22-11-2009)

The OWASP Scotland November chapter meeting is all set for Thursday 26th. Venue is DNS, Abbey business centre, 26 Princes Street Timings will be :- Doors open 6pm - have a chat Talks start at 6:30pm - Main talk is by Lee Lawson on Physical Security, bio and talk overview below. Lee Lawson is a principal consultant with dns and heads up the 'security testing & response' team. During this OWASP meeting he will be talking about physical security, specifically the weaknesses of lo... read more»

FBI looking at UMC records leak

(from lasvegassun at 22-11-2009)

The FBI said Friday it may investigate a breach of patient privacy laws at University Medical Center, where hospital officials are reeling with the realization that at least one of their employees has leaked confidential names, birth dates and Social Security numbers. UMC officials spent Friday determining how they would respond to the Sun’s report that protected patient information allegedly has been sold so ambulance-chasing attorneys can harvest clients.... read more»

Personal records of 1,400 residents found in B.C. government employee’s home

(from nationalpost at 22-11-2009)

The British Columbia government is investigating a major security breach after police discovered the personal records of 1,400 income-assistance clients in the home of a government employee, the Victoria Times Colonist has learned. The records covered a period from December 2006 to April 2007 and included names, addresses, birth dates, social insurance numbers, personal health numbers, and monthly income-assistance eligibility amounts. In some cases, the material also contained the names of p... read more»

Lost laptops shock watchdog

(from edmontonjournal at 22-11-2009)

Alberta's privacy watchdog says he's "stunned" by a report the city has lost an average of one laptop a month that could contain personal data. Only half the 48 laptop disappearances over the last four years were investigated, and just once did officials look into whether a lost or stolen computer contained personal information, according to a report by city auditor David Wiun.... read more»

Report suggests discrepancy between reported and actual data loss incidents

(from Infosecurity-Magazine at 22-11-2009)

According to the Ponemon report, which was sponsored by Lumension, six out of 10 UK companies have data loss including sensitive information as a result of negligent employees, whilst 28% have experienced data loss of sensitive information held by a third party or cloud computing provider.... read more»

IT Execs Concerned About Retribution Attacks

(from mementosecurity at 22-11-2009)

A recent article in Bank Systems and Technology paints a concerning picture of the insider threat at institutions across the globe. The 12th annual Ernst and Young Global Information Security Survey found that 75% of senior IT executives fear reprisals for terminating employees. The concern is especially poignant in these difficult economic times.... read more»

Breaking: Hackers Infiltrate World's Leading Climate Research Unit

(from treehugger at 22-11-2009)

The email system of one of the world's leading climate researchers was just reported to be infiltrated by hackers. Protected information and email messages sent from climate scientists at the University of East Anglia's Climatic Research Unit (CRU) began turning up on public websites today. Why the CRU was targeted is still unclear--though there's speculation that with the global climate meeting in Copenhagen nearing, opponents of climate action may be going so far as to be doing illegal reconna... read more»

Former Database Administrator Convicted Of Hacking His Old Firm

(from DarkReading at 22-11-2009)

A former database administrator for GEXA Energy has been convicted after pleading guilty to hacking his former employer's database system. The conviction of Steven Jinwoo Kim, 40, was announced yesterday by U.S. Attorney Tim Johnson, according to a news report by At a hearing before U.S. District Judge Vanessa Gilmore, Kim admitted to recklessly causing damage to a GEXA Energy protected computer, the report says. GEXA Energy is a retail electric utility provider based in ... read more»

HITB Security Conference 2010 Dubai Call for Papers

(from hackinthebox at 22-11-2009)

The Call for Papers for HITB Security Conference 2010 Dubai is now open! Talks that are more technical or that discuss new and never before seen attack methods are of more interest than a subject that has been covered several times before. Summaries not exceeding 1250 words should be submitted (in plain text format) to cfp -at- for review and possible inclusion in the programme. Date: April 19th – 22nd 2010 Venue: Sheraton Dubai Creek Keynote Speakers: John Viega ... read more»

Security still an issue for cloud computing, says report

(from Computing at 22-11-2009)

The hosting of IT services online, known as Cloud Computing, is both a friend and a foe for chief security officers, according to a new report from EU IT security body Enisa. While significant resources and data present a more attractive target to attackers, cloud-based defences can be more robust, scalable and cost-effective. Giles Hogben, an ENISA expert and editor of the report said the business case for cloud computing is clear but boards want reassurance on security. "The number on... read more»

Hackers steal information from Climate Research Unit

(from Sophos at 22-11-2009)

The UK-based Hadley Climate Research Unit (CRU), at the University of East Anglia in Norwich, is reported to have sufferered a security breach which has resulted in many confidential emails and files being uploaded to the internet. A 61MB zip file containing information stolen from one of the world's leading climate research centres, was posted onto an anonymous FTP server in Russia, accompanied by a note saying: We feel that climate science is, in the current situation, too important to b... read more»

Teen Jailed for Hacking Scientology Site

(from PC World at 21-11-2009)

A 19-year old New Jersey man this week was sentenced this week to a year and a day in federal prison for hacking into the Church of Scientology's Web site in January 2008. Dmitriy Guzner, of Verona, N.J., had pleaded guilty to one count of unauthorized impairment of a protected computer in May at the U.S. District Court for the District of New Jersey.... read more»

McAfee warns about '12 Scams of Christmas'

(from CNet at 21-11-2009)

To highlight the increased crime during the holidays, security company McAfee has come up with the "12 Scams of Christmas" ranging from bogus electronic greeting cards that deliver malware instead of cheer to fake charities that steal your money and your identity. It's especially important to be extra careful this time of year, says McAfee's David Marcus. "The bad guys know people are spending more time online, they're paying more bills online so [the criminals] stand a chance of being a bit ... read more»

Industry would get hit in cyber war, report says

(from FCW at 21-11-2009)

Industry is likely to be caught up in the middle if a cyber war erupts between countries, according to a new report on cyber warfare . “Many international security and cybersecurity experts say that the critical infrastructure of nation-states — banking and finance, electrical grids, oil and gas refineries and pipelines, water and sanitation utilities, telecommunications systems — are all likely targets in future wars,” the report released Nov. 17 by the security technology company McAfee. ... read more»

Guiding Cybersecurity Principles for a Swiftly Changing World

(from ECommerce Times at 21-11-2009)

Two principles need to be part of the consciousness of every cybersecurity practitioner: First, security cannot hold back productivity. Technology that makes us more productive will get deployed and used even if it makes information less secure. Second, cyber and physical space will be increasingly entangled to the point where our activities and their impacts will seamlessly transition from one to the other. Cybersecurity is a young and immature field, but it cannot remain so for much longer.... read more»

Hackers leak e-mails, stoke climate debate

(from EXAMINER at 21-11-2009)

Computer hackers have broken into a server at a well-respected climate change research center in Britain and posted hundreds of private e-mails and documents online - stoking debate over whether some scientists have overstated the case for man-made climate change. The University of East Anglia, in eastern England, said in a statement Saturday that the hackers had entered the server and stolen data at its Climatic Research Unit, a leading global research center on climate change. The universit... read more»

Notre Dame security breach potentially affects employees

(from Wndu at 21-11-2009)

Notre Dame is warning university employees to keep an eye on their bank accounts after a security breach. Personal information of some past and current employees - including name, social security number and birth date - was accidentally put onto a public website.University spokesman Dennis Brown says the error was corrected and the information removed from the website. In a letter to the employees affected, the university says there is nothing to indicate that the information was used inap... read more»

ENISA Cloud Computing Risk Assessment - Three initial thoughts

(from soatothecloud at 21-11-2009)

The document's stated Risk Number One is Lock-In. This makes it extremely difficult for a customer to migrate from one provider to another, or to migrate data and services to or from an in-house IT environment. Furthermore, cloud providers may have an incentive to prevent (directly or indirectly) the portability of their customers services and data. Customers should not be tempted to use custom implementations of authentication, authorisation and accounting (AAA) as these can become weak if n... read more»

Taming the Chatter cloud

(from ZDNet at 21-11-2009)

Not attending Dreamforce, it appears I missed a telling moment, the irony of which I would have enjoyed had I been there to witness it in person. It seems has announced a new feature named after that most social of activities, Chatter, which aims to bring to the enterprise the functionality seen in social network tools such as Twitter and Facebook. So there we have it. Chatter’s going to be positioned as a collaboration tool, because that’s what customers are willing to pay... read more»

Vendor FAIL - Certified Pre-Owned (CPO)

(from Attrition at 21-11-2009)

For reasons unknown, vendors occasionally fail to maintain quality control over the media they ship. Whether it is CD-ROM, DVD, USB or some other form of media, it may contain viruses, trojans or even drug-runner music. When this happens, the software you receive obviously can't be trusted in any fashion, and installing software from already compromised media immediately puts your system's integrity in question. This page serves to keep a record of such incidents and remind vendors that ship... read more»

Enisa launches comprehensive cloud security report

(from ITNews at 21-11-2009)

The European Union's security agency has released a comprehensive report designed to teach public and private secret organisations and policy makers how to tap the benefits of cloud computing without falling foul of the security risks. Cloud Computing: Benefits, Risks and Recommendations for Information Security is the first of its kind from the European Network and Information Security Agency.... read more»

ENISA Cloud Security Risk Assessment: An Interview with Giles Hogben

(from cloudsecurity at 21-11-2009)

ENISA, supported by a group of subject matter experts comprising representatives from Industry, Academia and Governmental Organizations, has conducted, in the context of the Emerging and Future Risk Framework project, a risk assessment on cloud computing business model and technologies. The result is an in-depth and independent analysis that outlines some of the information security benefits and key security risks of cloud computing. The report provide also provides a set of practical recommenda... read more»

The Death of the Virus - inetiq have invented a whole new wheel

(from Avien at 21-11-2009)

Yet again, New Scientist shows us the way to put ourselves out of business. (Yippee, retirement at last!) Years ago on alt.comp.virus, someone came up with an astonishing solution to the virus problem. Since all virus detection is signature-based (ahem! really?), why not generate all the possible malware signatures proactively, so that viruses would be detected before they’re written? I did try to explain the difficulties of that approach at the time, but I was handicapped by gales of helples... read more»

EU security agency highlights cloud computing risks

(from NetworkWorld at 21-11-2009)

Cloud computing users face problems including loss of control over data, difficulties proving compliance, and additional legal risks as data moves from one legal jurisdiction to another, according to a assessement of cloud computing risks from the European Network and Information Security Agency. The agency highlighted those problems as having the most serious consequences and being among the most likely for companies using cloud computing services, according to ENISA.... read more»

Foreign Ministry signs MoU with TRA for protection of IT systems

(from wam at 21-11-2009)

The Foreign Ministry has signed a Memorandum of Understanding with the Emergency Response Team set up by the Telecommunications Regulatory Authority (TRA) for benefitting from the latter's expertise in the fields of cyber security, protection of database and early detection of any possible attempts to penetrate IT infrastructure. The MoU was signed by Director General of the Foreign Ministry Juma Mubarak Al Junaibi and Director General of the TRA Mohammed Nasser Al Ghanem translating the tec... read more»

McAfee Releases Q3 Report on Threats

(from ITBusinessEdge at 21-11-2009)

McAfee recently released one of my all-time favorite publications, its quarterly threat report. This report is for Q3 and covers spam, social engineering, Web threats, cybercrime and malware. For the second quarter, spam is up. As a percentage of mail, spam is at an all-time high of 92 percent, although it feels closer to 99 percent. The United States remains the number-one spam producer for the last three quarters. Rest assured, all is well in zombie land. The United States retained its... read more»

Cyberattacks on U.S. military jump sharply in 2009 - Many of them coming from China

(from NetworkWorld at 21-11-2009)

Cyberattacks on the U.S. Department of Defense -- many of them coming from China -- have jumped sharply in 2009, a U.S. congressional committee reported Thursday. Citing data provided by the U.S. Strategic Command, the U.S.-China Economic and Security Review Commission said that there were 43,785 malicious cyber incidents targeting Defense systems in the first half of the year. That's a big jump. In all of 2008, there were 54,640 such incidents. If cyber attacks maintain this pace, they will ... read more»

Contrarianism on Sequoia's Disclosed Source Voting System

(from educatedguesswork at 21-11-2009)

Sequoia Voting Systems recently announced that it will be publishing the source code to their Frontier opscan voting system. Reaction in the security community seems generally positive. Here's Ed Felten: The trend toward publishing election system source code has been building over the last few years. Security experts have long argued that public scrutiny tends to increase security, and is one of the best ways to justify public trust in a system. Independent studies of major voting vendor... read more»

Dumb code could stop computer viruses in their tracks

(from NewScientist at 21-11-2009)

On the day a new computer virus hits the internet there is little that antivirus software can do to stop it until security firms get round to writing and distributing a patch that recognises and kills the virus. Now engineers Simon Wiseman and Richard Oak at the defence technology company Qinetiq's security lab in Malvern, Worcestershire, UK, have come up with an answer to the problem. Their idea, which they are patenting, is to intercept every file that could possibly hide a virus and add a ... read more»

Symantec Talks Trends and Looks into the Crystal Ball

(from Symantec at 21-11-2009)

I had the honor recently of moderating a virtual roundtable discussion on the top Internet security trends from 2009 and what we expect to see in the security threat landscape in 2010. Funny thing about security predictions—you hope they won’t come true, but expect them to anyway. The roundtable featured expert panelists Paul Wood (Senior Analyst, MessageLabs Intelligence, Symantec) and Zulfikar Ramzan (Technical Director, Symantec Security Response). They each have unique insights into the worl... read more»

Black(hat) Friday - Cyber criminals behind the Rogueware epidemic have their blackhat SEO campaigns

(from panda security at 21-11-2009)

If you plan on shopping online for "Black Friday", or "Cyber Monday", you might be in for more than you bargained for. Cyber criminals behind the Rogueware epidemic have their blackhat SEO campaigns optimized to take advantage of deal seekers looking for advertisements online. One misstep and you just might find yourself staring at a scareware site designed to trick you into believing that your computer is infected.... read more»

Hacker exposes global warming researcher

(from Errata Security at 21-11-2009)

Hackers broke in and revealed the private e-mails of Phil Jones (NYTimes, BBC ), a famous climatologist. This is going to be one of the most politically relevant hacks of the last few years. When hackers broke into Sarah Palin's e-mails during the presidential campaign, they failed to find any interesting dirt. Phil Jones' e-mails, though, are full of dirt. There's no proof of a "conspiracy" or "cover-up", but a lot of the e-mails look bad for Jones and some of his fellow researchers.... read more»

Disqus for ePayment News