Saturday, December 5, 2009

Internet Security News: Week in Review November 29-December 5







Internet Lack of Security News: Week in Review - 11/29-12/05

























































































































































































































































































































































































































Web warning for shoppers buying Christmas gifts online 
 (from BBC News at 5-12-2009) 
 A warning has gone out about fake websites as Christmas shopping is set to peak this weekend, and consumers are due to spend more on the internet on Monday than any other day in history.... read more» 
   
 





 Colleague defends 'ClimateGate' professor 
 (from BBC News at 5-12-2009) 
 A colleague of the UK professor at the centre of the climate e-mails row says "sceptics" have embarked on a "tabloid-style character assassination". Professor Andrew Watson rallied to the defence of climate scientist Phil Jones, whose e-mail exchanges prompted claims that data had been manipulated.... read more» 
   
 





 Climate change protests ahead of Copenhagen summit 
 (from BBC News at 5-12-2009) 
 Demonstrations are being held around the UK to demand action on climate change ahead of the Copenhagen summit. Protesters in London, Belfast and Glasgow want world leaders to reach a tough new deal on cutting emissions.... read more» 
   
 





 Call for national strategy to tackle cybercrime 
 (from irishtimes at 5-12-2009) 
 IRISH BUSINESSES and consumers continue to fall victim to internet scams, and the lack of a co-ordinated national cyber-security strategy is hampering efforts to tackle the problem, a conference has heard. The Irish Reporting and Information Security Service (Iriss) held its first annual cyber crime conference in Dublin last week. Iriss was formed last year following unsuccessful efforts to persuade the Government to establish a Computer Emergency Response Team (Cert). Ireland is one of the f... read more» 
   
 





 Britons feel 'cut off from the world' without internet 
 (from IT Pro at 5-12-2009) 
 Being left without a mobile phone or internet connection would leave more than have of the UK’s adults feeling “cut off from the world,” according to a new survey. The study conducted by Opinium Research on behalf of moneysupermarket.com showed that these technological advances had more than half (59 per cent) of us dependent on them, although there were more worrying statistics to come.... read more» 
   
 





 Norwegians plan to harpoon Twitter 
 (from The Register at 5-12-2009) 
 A battling consumer group has pledged to take on Twitter, accusing it of breaching privacy laws. The Norwegian Consumer Council, which has a legal battle with Apple under its belt, said social networking sites' terms and conditions are unfair. "None of the international social networks adhere to even the most basic contractual and privacy principles that apply in an offline environment," spokesman Hans Marius Graasvold told Out-Law.... read more» 
   
 





 Two US men charged with running phony Cisco biz 
 (from The Register at 5-12-2009) 
 Two Kansas men have been charged with making $1m in proceeds by buying computer networking gear in China and passing it off as products from Cisco Systems. Christopher Myers, 40, and Timothy Weatherly, 27, obtained the networking gear from a variety of sources and then slapped phony Cisco labels on them, according to documents filed in federal court in Kansas City.... read more» 
   
 





 Security trends coming in 2010 
 (from Net-Security at 5-12-2009) 
 Websense released its list of security predictions and trends anticipated for 2010. The emerging trends and predictions show an overall blending of security threats across multiple attack vectors for the purpose of roping computers into bot networks and stealing valuable confidential information. Web 2.0 attacks will increase in sophistication and prevalence In the coming year, we can expect a greater volume of spam and attacks on the social Web and real-time search engines such as Topsy.com... read more» 
   
 





 Bing dies (briefly) after Microsoft hits wrong button 
 (from The Register at 5-12-2009) 
 Bing was hit by a widespread outage Thursday evening after Microsoft accidentally updated the live site with changes intended for a test environment. While the search site was offline for only a half hour, it embarrassingly was ankled the same day Microsoft was parading about new Bing features and updates to woo market share away from Google and Yahoo!.During the outage, which extended between 6:30 and 7:00 PM PST (2:30-3:00 AM Friday, GMT), those visiting the website received an error messag... read more» 
   
 





 Malware rebounds as cause of data loss 
 (from InfoSecurity at 5-12-2009) 
 Malware has rebounded to become the biggest cause of data loss in organizations, according to a report from the Computer Security Institute (CSI). Malware infections far exceed the next most common cause - laptop and mobile hardware theft - said the 2009 CSI Computer Crime and Security Survey. The 2009 CSI Computer Crime and Security survey identified a number of shifts in significant cybersecurity threats this year. Malware infections jumped to 64% from 50%, reversing a dip in the number of ... read more» 
   
 





 McAfee: U.S. Needs Clear Cyber War Doctrine 
 (from Redmondmag at 5-12-2009) 
 A recent study from McAfee on cyber crime and cyber warfare concluded that, like it or not, the world's information infrastructures are becoming theaters of war, as nations develop offensive and defensive capabilities to wage cyber warfare. "Cyber weapons exist, and we should expect that adversaries might use them," said James Lewis, director of the Technology and Public Policy program at the Center for Strategic and International studies. Lewis is one of 2,000 national and cybersecurity expe... read more» 
   
 





 New dashboard tracks cybersecurity programs 
 (from Federal Computer Week at 5-12-2009) 
 A trade group that represents major software companies today released an online dashboard to track cybersecurity programs that shows support for “the vast majority” of actions taken to secure cyberspace since President Barack Obama released his administration’s review of cyber policy six months ago. The Business Software Alliance (BSA) used the dashboard to detail 31 recent government "milestones" that correspond to 12 "major categories" the group said were defined by Obama administration’s r... read more» 
   
 





 The Official Training Guide for New Superheroes :New security methods to non-security 
 (from ISECOM at 5-12-2009) 
 I used a superhero theme with this presentation and focused on how you can use ISECOM research and the OSSTMM 3 to be better than the average human at security. This presentation has since been refined a few more times and has been very successful at explaining new security methods to non-security people in management.... read more» 
   
 





 Massive New UK Internet Wiretapping Plan Announced 
 (from Vortex at 5-12-2009) 
 Britain's Virgin Media ISP has announced a stunning plan to actually spy on the data content of Internet users -- using law enforcement grade equipment -- in search of illegal file sharing. The scope of the plan is breathtaking. File sharing protocol packets will be opened and the contents run through music fingerprinting systems to try determine if files are licensed or not. At this stage of the plan, any positive "hits" will be anonymous, but one can imagine how long that aspect will remain... read more» 
   
 





 Unu Cracks a Wall Street Journal Conference Site, Not WSJ.com 
 (from praetorianprefect at 4-12-2009) 
 Unu, the security researcher from Bucharest Romania known for performing unsolicited penetration tests on brand name web sites with a concentration in SQL Injection is at it again, this time with a claim that he cracked WSJ Online. Per Unu: “Traffic Rank 88 in U.S., by Alexa ‘WSJ online coverage of breaking news and current headlines from the U.S. and around the world. Top stories, photos, videos, detailed analysis” …and a big SQL Injection’”. Unu did identify a Wall Street Journal branded w... read more» 
   
 





 EuroCACS - The World’s Leading Conference for IT Audit, Security and Governance Professionals 
 (from ISACA at 4-12-2009) 
 Get the knowledge you need to stay one step ahead of the competition and keep up with changing professional trends at ISACA’s European Computer Audit, Control and Security (EuroCACS) Conference. EuroCACS is the must attend, hot-topic event for IT audit, security and governance professionals in Europe. It attracts the best and brightest with its content-rich and thought-provoking sessions that delve into some of the biggest challenges facing IT audit and security professionals. Sessions focus... read more» 
   
 





 P2P lockdown plan leaves Spanish web users fuming 
 (from nzherald at 4-12-2009) 
 Many Spanish internet users are furious over a government proposal to shut down websites offering peer-to-peer file sharing of music and films without a court order. A meeting yesterday between their representatives and the culture minister failed to calm them down.... read more» 
   
 





 After a battering in 2009's first half, Juniper and Cisco lead the way 
 (from CRN at 4-12-2009) 
 After a torrid start to the year the network security market showed signs of recovery in 2009's third quarter, but is still way down on last year, research has found. Figures from Infonetics Research reveal worldwide revenue from network security appliances and software in Q3 fell 14 percent year on year to US$1.26bn (A$1.36bn). But this represents a seven per cent hike on the market's nadir in the preceding quarter.... read more» 
   
 





 ISAlliance Delivers Cyber Security Report 
 (from information-security-resources at 4-12-2009) 
 The Internet Security Alliance held a luncheon at the National Press Club today to unveil their much anticipated recommendations to Congress and the Obama Administration regarding the future course of national cybersecurity policy. Central to the ISA’s thesis is the under-appreciated notion that cybersecurity is an isolated technical issue that lies somewhere outside the scope of the broader economic picture.... read more» 
   
 





 UK businesses plan IT spending increases next year 
 (from ComputerWorldUk at 4-12-2009) 
 A majority of companies in the UK and Ireland are likely to increase their IT budgets next year, according to survey of executives by the Economist Intelligence Unit. The UK was the most optimistic of six advanced markets with 63 percent expecting IT budget growth. Fifty nine percent of businesses in the US and 44 percent in Germany expect to increase their budgets. In France only 36 percent expect an increase in their budgets, in Italy 54 percent, and in Spain 55 percent.... read more» 
   
 





 IT Security: The Next Decade 
 (from techwebonlineevents at 4-12-2009) 
 As we come to the end of the first decade in the new millennium, the IT industry faces some of the greatest security challenges in its history. In fact, 2009 saw more breaches, more malware, and more zero-day exploits than any year before. At that rate, what will security be like ten years from now? What threats and challenges will the new decade bring?... read more» 
   
 





 Once a hacker, always a hacker - Hackers are unfit to serve as security experts 
 (from TechWorld at 4-12-2009) 
 Should we hire criminal hackers as security experts? This is the second of a two-part attack on the idea from a 1995 debate in which I participated. Consider the message you would be giving some thirteen year old proto-hacker. These kids, like most kids, are tremendously susceptible to peer pressure. They already find criminal hacking attractive because it's viewed as today's counter-culture — something fairly harmless (compared with, say, dealing drugs) but exciting because it's illegal.... read more» 
   
 





 Memory stick given to Bristol boy sparks school data law row 
 (from thisisbristol at 4-12-2009) 
 A school has been accused of breaching data laws after it sent a 10-year-old boy home with a computer memory stick which contained sensitive information about his fellow pupils. Carlos McSweeney, who attends the key stage two support centre in Fairlawn Road, Montpelier – a school for children with behaviour problems – was given the stick to save his artwork to take home.... read more» 
   
 





 Who Will Pay to Protect the Internet? 
 (from Bnet at 4-12-2009) 
 Corporate America doesn’t fully fear a cyber-terrorism event and therefore won’t adequately invest in the Internet’s security, according to a new report by the Internet Security Alliance, a trade association backed by companies like Lockheed Martin, Nortel, Verizon and Northrop Grumman. But new cybersecurity mandates on businesses, such as those proposed by Sen. Jay Rockefeller of West Virginia, could hurt the economy. And regulations can’t stay up-to-date with hackers, according to the ISA.... read more» 
   
 





 1.2 percent of Israeli websites pose security risk 
 (from TradingMarkets at 4-12-2009) 
 Israeli websites are ranked 31st worldwide in a list of the most dangerous domains to surf and search on the web, according to the third McAfee Inc report, "Mapping the Mal Web". 1.2 percent of sites with the .il domain contain security risks, such as spyware or viruses.... read more» 
   
 





 Hackers view the holiday season as the ideal time for hacking business computer systems 
 (from itsecurityportal at 4-12-2009) 
 Hackers are ready to take advantage of skeleton staff running IT departments over the holidays. According to Michael Hamelin, chief security architect with Tufin Technologies, the Christmas and New Year - holiday periods are the times when the heavy-duty hackers come out to play.... read more» 
   
 





 Anti-Spam Legislation is Unanimously Passed by the House of Commons 
 (from gc at 4-12-2009) 
 The Honourable Tony Clement, Minister of Industry, is pleased to announce that the proposed Electronic Commerce Protection Act has passed third reading unanimously in the House of Commons and is proceeding to the Senate as the next step in the legislative process. The legislation, which is meant to deter the most damaging and deceptive forms of spam and other online threats and create a safer online marketplace for both individuals and businesses, will help to grow online commerce in Canada. ... read more» 
   
 





 SHODAN: Cracking IP Surveillance DVR 
 (from praetorianprefect at 4-12-2009) 
 We continue to identify a variety of devices we sometimes note on security engagements that should not be externally accessible and are either still using factory default credentials or are not using any credentials for access to administrative interfaces. Accessing the administrative panels of these devices would allow a bad actor to further compromise the organization running the device on its network. We can quantify that we are seeing results not just for poorly configured home offices ... read more» 
   
 





 DHS completes draft of plan on how to respond to a national cyberattack 
 (from nextgov at 4-12-2009) 
 The Homeland Security Department, working with other federal agencies, has completed a draft of how governments and businesses should respond to a widespread cyberattack, establishing their roles and responsibilities. The department is collecting comments from the public and business partners that it plans to consider before it tests the final plan during a large-scale cybersecurity drill in September 2010, a DHS official said on Thursday.... read more» 
   
 





 Corporate laptops still vulnerable to data theft or loss 
 (from itsecurityportal at 4-12-2009) 
 According to a new survey by Check Point Software Technologies Ltd, only 41% of respondents said they had data encryption solutions deployed on their business laptops. 51% said they did not have encryption, and 8% said they did not know if encryption was in use. More than half of UK public and private sector organisations are still at risk of data breaches and leaks from portable PCs, because they do not have data encryption in place to secure their business laptops. Furthermore, only 54% say... read more» 
   
 





 Security Report Predicts Cloud Computing Attacks in 2010 
 (from linux.sys-con at 4-12-2009) 
 M86 Security, a leading global provider of Web and messaging security products, released Predictions 2010, a report on its expectations for Web and messaging-based threats for the coming year. The report is based on M86 Security Lab’s extensive research into the current trends in threats over the past year and its views on the major vulnerabilities facing organizations. The report highlights the increasing sophistication of traditional threats such as botnets, scareware, compromised legitima... read more» 
   
 





 Black Screen Of Death Hits 50,000 PCs 
 (from Information Week at 4-12-2009) 
 A security firm that's developed a fix for the so-called "black screen of death" affecting Windows PCs said more than 50,000 users have downloaded the utility in just five days—an indication that the problem is widespread. "Following the issue of our fix, which continues to receive significant downloads, we believe that this problem is still affecting a very large number of users in a very diverse range of Windows environments," said Prevx CEO and chief technology officer Mel Morris, in a bl... read more» 
   
 





 The top ten security heroes 
 (from PC Pro at 4-12-2009) 
 PC Pro's award-winning security guru, Davey Winder, counts down his top ten security heroes We in the media love to stick it to the IT security bad guys: the notorious hackers or the bumbling civil servants who put nothing more than a first-class stamp on a disc containing millions of personal files. We’ve decided it’s time to redress the balance and shine a light on the little-known heroes of the security world. In this feature, we laud the people who have made the internet a (relatively)... read more» 
   
 





 Britain clamps down on bogus shopping sites 
 (from Stuff at 4-12-2009) 
 More than 1,200 bogus websites that defraud shoppers across Britain by claiming to sell cut-price goods have been shut down in a major police operation ahead of the busy Christmas period. The Metropolitan police's specialised e-crime unit targeted hundreds of websites mainly run by criminal gangs in Asia which operate by hiding behind UK-registered domain names. The 1,219 websites offered shoppers the chance to purchase a range of popular items, like expensive Tiffany jewellery and trendy ... read more» 
   
 





 Badvertising: Stop the 5 Biggest Threats to Online Privacy 
 (from fastcompany at 4-12-2009) 
 Beginning next week, the FTC will hold a series of public roundtables covering the growing number of challenges to consumer privacy on the Internet. Dubbed "Exploring Privacy," the daylong discussions will focus on "the collection and use of information by retailers, data brokers, third-party applications, and other diverse businesses." Hold that yawn. Behavioral tracking and ad targeting have everything to do with the pesky "Warning!" pop-up blinking behind your browser window right now. The on... read more» 
   
 





 Crooks 'too lazy' for crypto - Met's digital forensics boss thanks human nature 
 (from The Register at 4-12-2009) 
 The widespread use of encryption by criminals - long feared by intelligence and law enforcement agencies - has yet to materialise, according to the man in charge of the country's largest digital forensics unit. Mark Stokes, head of the Metropolitan Police's Digital and Electronic Forensic Services (DEFS), told The Register that "literally a handful" of the tens of thousands of devices it handles each year from across the whole of London involve encrypted data.... read more» 
   
 





 Xmas: to Kindle or not to Kindle 
 (from Errata Security at 4-12-2009) 
 Xmas is coming up quick, and people are asking me whether they should get eBook readers as a present, specifically the Kindle. First of all, if they don't read at least one book a month, then it wouldn't be a good gift. It's like exercise equipment: if you don't already exercise, then getting exercise equipment won't make you exercise. Getting somebody a Kindle won't make them start exercising their brain.... read more» 
   
 





 Man loses fight against firm that suffered data breach 
 (from The Register at 4-12-2009) 
 A Missouri man has lost his legal battle against an online prescription processor that suffered a security breach that exposed highly sensitive subscriber information. John Amburgy alleged that Express Scripts was negligent because it failed to adequately safeguard customer data, including names, dates of birth, social security numbers, and prescription drug histories. He argued that the breach in October 2008 that exposed an unknown number of subscribers' details put him at risk of identity ... read more» 
   
 





 Virgin Media network goes titsup in Brum 
 (from The Register at 4-12-2009) 
 Virgin Media customers across the west Midlands are this morning cut off from broadband, cable phone and digital TV. Reg readers in Birmingham, Solihull and Kidderminster are reporting their connections went down at about 5.40am. A update on Virgin Media's status page confirms engineers are investigating the problems. A Virgin Media spokesman said the ongoing outage was caused by a power cut. He said power has now been restored and the firm expects its network in the area to return soon. The ... read more» 
   
 





 More than 1,200 UK shopping websites shut down 
 (from Timesonline at 4-12-2009) 
 More than 1,200 illegal internet shopping websites that have made millions of pounds for criminals have been shut down by Scotland Yard in the biggest operation of its kind in Britain. The sites claimed to sell heavily discounted designer goods, including Ugg Australia Boots, ghd hair straighteners and jewellery from Tiffany & Co and Links of London. Buyers either received counterfeit products or nothing at all. It is also likely that their credit card details have been used to fund other ill... read more» 
   
 





 Future cyber sleuths get an early start 
 (from Philly at 4-12-2009) 
 A threat in an online game chat room didn't faze Alexis Rivera. The Ridley High School senior immediately contacted local police, who told her to delete her account. "They are just cyber boys," Rivera, 17, said about the teen wannabe hackers who told her to pose before a Web cam or else they would hack her computer. "They think they can control people." Had the cyber boys known whom they were targeting, they might have changed their minds.... read more» 
   
 





 Hackers Claus Havoc At Christmas - Shows Study 
 (from securityoracle at 4-12-2009) 
 As the holiday season starts to ramp up businesses are being warned about the need to secure their IT defences against the onslaught of hackers who are ready to take advantage of skeleton staff running IT departments over the holidays.... read more» 
   
 





 Cyber spies are costing us billions 
 (from Sydney Morning Herald at 4-12-2009) 
 AN INTERNET crime centre should be set up by the Rudd Government so people can report spam, data loss, online scams and web fraud, a report by the Australian Strategic Policy Institute says. The report by Alastair MacGibbon, a cyber security expert, says the Government needs to impose tighter control on ''backyard'' internet providers and adopt an enforceable code of conduct.... read more» 
   
 





 What is the real problem with .ke domain? 
 (from wanjiku at 4-12-2009) 
 The debate over the uptake of .ke domains has been going on for a while and has been dominated by the issue of cost. Yes the domain is expensive; 3,000 Kenya shillings per year ($40) is expensive compared to $10 for a .com, .net .info etc. But is the cost the real issue? Are there other problems within .ke and management at KENIC that make it hard for people to take up .ke? Is Kenic's marketing structure flawed in as far as promoting the uptake of domains is concerned? (Read about Paul in a s... read more» 
   
 





 Google wants to unclog Net's DNS plumbing 
 (from CNet at 4-12-2009) 
 Google wants to speed up a key part of the Internet's inner workings called the Domain Name System and is inviting technically savvy folks to try their ideas out. The DNS is a crucial part of the Internet. It converts the text addresses people can remember into the numeric Internet Protocol addresses actually used to locate information on the Internet. For example, CNET.com's IP address is 216.239.122.102.... read more» 
   
 





 Google launches alternative DNS resolver 
 (from ComputerWorld at 3-12-2009) 
 Google has created a new system to resolve DNS (domain name system) queries that the company claims will speed up web browsing for end users, as well as make it more secure. Google Public DNS, announced on yesterday, is still in an experimental phase. It attempts to improve on existing DNS resolver technology with faster, more efficient caching and additional security safeguards against spoofing attacks that try to dupe users into visiting malicious websites.... read more» 
   
 





 Microsoft Security Bulletin Advance Notification for December 2009 
 (from Microsoft at 3-12-2009) 
 This is an advance notification of security bulletins that Microsoft is intending to release on December 8, 2009. This bulletin advance notification will be replaced with the December bulletin summary on December 8, 2009. For more information about the bulletin advance notification service, see Microsoft Security Bulletin Advance Notification. Affected Software: Microsoft Windows 2000 Windows XP Windows Server 2003 Windows Vista Windows Server 2008 Microsoft Office Internet Explo... read more» 
   
 





 Federated key management as the basis for secure cloud computing 
 (from voltage at 3-12-2009) 
 Cloud computing creates security problems that most organizations have not yet had to face on a large scale: protecting data when the location of the data is generally unknown. Encryption is a useful tool for solving this problem, but using it in the cloud is hard because of the key management problems that this causes. Fully federated key management can provide the basis for protecting sensitive data in the cloud, and it's probably the basis for how we’ll eventually protect such data. Let's loo... read more» 
   
 





 Hacked e-mails a tempest in a tea cup, say some scientists 
 (from businessday at 3-12-2009) 
 THE shouting match known as Climategate, which erupted after damaging e-mails were hacked from the server of a British climate research centre, has been dominated by wishful thinking on both sides. Climate sceptics pretend the e-mails are proof that man-made global warming is a hoax, the scientific consensus rigged. That’s preposterous. The hacked scientists and their defenders argue the e-mails amount to a tempest in a teacup, just another trumped-up attack from the sceptics.... read more» 
   
 





 Paying Attention To Customer Data Security 
 (from enterprise-security-today at 3-12-2009) 
 Today's contact centers act as a funnel for massive amounts of data that flow from silo to silo. Some forms of data are kept long term and archived; others are needed only fleetingly and are soon discarded. The sheer quantity of it, though, is staggering, on the order of petabytes of information. And that creates a bit of a problem when it comes to managing and isolating the specific pieces of data that need to be secured and safeguarded because of customer privacy concerns.... read more» 
   
 





 Do you know where your important content lives? 
 (from Spaces.Live at 3-12-2009) 
 The answer is everywhere you can imagine. Most organizations think their important data is only in word processing documents, spreadsheets, presentations or databases. What about a concept sketch for your new product? What about training videos? How about information shared by teams in an internal wiki or blog?... read more» 
   
 





 InfraGard Nations Capital Members Alliance (INCMA) - SANS CDI Holiday Reception, Expo, & Executive IT/Defense Briefs 
 (from eventbrite at 3-12-2009) 
 The InfraGard Chapter is hosting an OPEN TO THE PUBLIC end of year (EOY) event for 2009. This is sponsored by the IT Executive and Defense Executive SIGs in InfraGard INCMA, and in coordination with the SANS Cyber Defense Initiative. There is a vendor expo, holiday reception, and executive IT/Defense briefs. We would like to thank our facilities sponsor SANS CDI for hosting this important educational and professional networking event. You can register for the whole conference (http://www.san... read more» 
   
 





 CIS Benchmarks / Scoring Tools - FREE of CHARGE 
 (from cisecurity at 3-12-2009) 
 The Security Configuration Benchmarks below are distributed free of charge to propagate their worldwide use and adoption as user originated, de facto standards. The CIS Benchmarks are the ONLY consensus best practice security configuration standards both developed and accepted by government, business, industry, and academia. The Benchmarks are: Recommended technical control rules/values for hardening operating systems, middleware and software applications, and network devices; Unique, ... read more» 
   
 





 Is someone claiming that we're blocking your email? Please read this! 
 (from ow.ly at 3-12-2009) 
 A bogon prefix is a route that should never appear in the Internet routing table. A packet routed over the public Internet (not including over VPN or other tunnels) should never have a source address in a bogon range. These are commonly found as the source addresses of DDoS attacks. Bogons are defined as Martians (private and reserved addresses defined by RFC 1918 and RFC 3330) and netblocks that have not been allocated to a regional internet registry (RIR) by the Internet Assigned Numbers Au... read more» 
   
 





 Windows Black Screen Root Cause 
 (from prevx at 3-12-2009) 
 We've been working with Microsoft to get to the bottom of the specific black screen issues in our earlier blog. We have made some significant progress in determining specific triggers of the black screen event. The issue appears to be related to a characteristic of the Windows Registry related to the storage of string data. In parsing the Shell value in the registry, Windows requires a null terminated "REG_SZ" string. However, if malware or indeed any other program modifies the shell entry to... read more» 
   
 





 Conference - Human Factors in Information Security - 22-24 February 2010, Church house Conference Centre, Westminster, London 
 (from humanfactorsinsecurity at 3-12-2009) 
 Data security breaches have surfaced with increased regularity over the past years. Financial losses due to cybercrime continue to grow. Credit Card fraud, the theft of customer information, identity theft, social engineering, software piracy – these are all on the increase. Simple human error, ignorance or omission are nearly always at the root of many of these data breaches and e-crimes. In nearly every case there was no technical defence that would have prevented them. The damage to the pu... read more» 
   
 





 U.K. hacker granted short extension in extradition case 
 (from ComputerWorld at 3-12-2009) 
 The U.K. government will give a British hacker a short extension to challenge an extradition order to face trial in the U.S. Home Secretary Alan Johnson said last Thursday he would not intervene to block the extradition of Gary McKinnon on medical grounds. McKinnon has admitted to hacking into U.S. military computers as well as others from his girlfriend's north London home in 2001 and 2002.... read more» 
   
 





 Security firm retracts 'black screen' claims, apologizes to Microsoft 
 (from ComputerWorld at 3-12-2009) 
 The U.K. security company that started a firestorm after claiming recent Windows security updates caused a widespread "black screen" lock-out of users' PCs has retracted its claims and publicly apologized to Microsoft. "It is clear that our original blog post has been taken out of context and may have caused an inconvenience for Microsoft," Mel Morris, the chief executive of U.K. security firm Prevx, said in an entry on the company's blog Wednesday. "This was never our intention and we have a... read more» 
   
 





 California county upgrades law enforcement data sharing 
 (from Government Computer News at 3-12-2009) 
 The County of San Joaquin’s Information Systems Division (ISD) has improved the county’s ability to manage arrests, issue warrants and maintain crime histories with a custom-built, Web-based system that links 1,600 users and 18 agencies countywide. As a result, San Joaquin, a California county with a population of more than 600,000, has saved more than $1 million by eliminating the need to deploy and maintain the application on individual desktops, according to Shakir Awan, lead architect on ... read more» 
   
 





 Climate e-mail hackers aimed to maximise harm to Copenhagen summit 
 (from Timesonline at 3-12-2009) 
 E-mails alleged to undermine climate change science were held back for weeks after being stolen so that their release would cause maximum damage to the Copenhagen climate conference, according to a source close to the investigation of the theft. Climate change sceptics obtained the e-mails by hacking into a computer at the University of East Anglia. Professor Phil Jones, director of the university’s Climatic Research Unit (CRU), has agreed to stand down during an independent review of the aff... read more» 
   
 





 Civilization's High Stakes Cyber-Struggle: Q&A With Gen. Wesley Clark (ret.) 
 (from TechNewsWorld at 3-12-2009) 
 As wrenching as traditional warfare is, there is a new kind of threat brewing that ultimately could cause even greater harm to the planet, retired general Wesley Clark told TechNewsWorld. "We're in a cyber-struggle today," he said. "We don't know who the adversaries are in many cases, but we know what the stakes are: continued economic vitality and, ultimately, global civilization." That cyberconflict will take a far greater toll on the world, contends Clark, who last led the NATO forces to e... read more» 
   
 





 Government Surveillance Of Social Networks Challenged 
 (from Information Week at 3-12-2009) 
 The U.S. government's use of social networks as an investigatory tool is being challenged by two legal advocacy organizations. On Tuesday, The Electronic Frontier Foundation (EFF) and the Samuelson Law, Technology, and Public Policy Clinic at the University of California, Berkeley, School of Law filed a lawsuit against six government agencies seeking to force the disclosure of policies governing the use of social networking sites for investigations, data-collection, and surveillance.... read more» 
   
 





 IT spending set to rise as firms pull out of slump 
 (from ITNews at 3-12-2009) 
 Three-quarters of business and IT professionals believe the IT function has grown in importance since the recession, with most confident that spending will increase as IT helps lead the way out of the economic crisis, according to a new Accenture survey. The new Global Survey on IT Investments produced in association with the Economist Intelligence Unit (EIU) found that 61 percent of non-IT executives anticipate tech spending boosts in the next 12 months.... read more» 
   
 





 Cameroon Named Riskiest Country Domain 
 (from SecurityProNews at 3-12-2009) 
 Africa's Cameroon (.cm) has surpassed Hong Kong (.hk) as the Web's riskiest country domain, according to McAfee's third annual "Mapping the Mal Web" report. At the opposite end, Japan (.jp) is the safest country domain, landing in the top five safest domains for the second year in a row. The most heavily trafficked Web domain in the world, commercial (.com), jumped from ninth to second most dangerous domain, while government (.gov) is the safest non-country domain.... read more» 
   
 





 Schmidt: Why you should outsource your IT security 
 (from ITNews at 3-12-2009) 
 Former White House security adviser Harry Schmidt told a room of Australian security experts today that he believed companies should outsource their IT security. At the Australian Information Security Association conference in Sydney today, Schmidt said outsourcing IT security allowed outsourcers to see the “bigger picture” of the organisation’s IT set-up.... read more» 
   
 





 Everything you wanted to know about Data Protection 
 (from ComputerWeekly at 3-12-2009) 
 The Information Commissioner's Office has just published a detailed Guide to Data Protection. It's an excellent, well presented piece of work, though at 175 pages it's not likely to be read from cover to cover. But as a useful, free reference document, I'd advise every security professional to download a copy. Most managers require a broader view of the compliance space than a perspective on just one aspect of compliance or on the requirements in a single jurisdiction. Building up a library o... read more» 
   
 





 F-Secure Data Security Wrap-up for 2009 
 (from F-Secure at 3-12-2009) 
 Malware continued to grow exponentially despite the recession that affected the global economy in 2009. With malware available on demand from criminal gangs, the number of individualized variants of viruses and other malware seems infinite. Unlike many previous worms that were released in the wild for personal fame, Conficker was designed to call home and create a botnet of infected computers – a potentially profitable commodity for the authors of the worm.... read more» 
   
 





 An End to Sarbanes-Oxley 
 (from Channel Insider at 3-12-2009) 
 Next Monday, the nine justices of the U.S. Supreme Court will hear arguments in Free Enterprise Fund and Beckstead and Watts v. Public Company Accounting Oversight Board (PCAOB) and United States of America. If the plaintiffs are successful, they could unravel one of the most used and persuasive tools in security technology sales: the Sarbanes-Oxley Act of 2002.... read more» 
   
 





 Wikipedia ordered to disclose IP address of contributor 
 (from ComputerWeekly at 3-12-2009) 
 A judge in the US has ordered Wikipedia to reveal the IP address of a registered user in connection with a blackmailing case. According to the Telegraph.co.uk, the judge in Florida made the decision in relation to a case when a businesseswoman received letters threatening to reveal details of her professional life and expenses.... read more» 
   
 





 Expect more phishing attacks on corporate bank accounts in 2010 
 (from ComputerWeekly at 3-12-2009) 
 Corporate bank accounts are under attack from cybercriminals who are using targeted phishing e-mails to steal funds. The threat is likely to be one of the biggest trends in 2010, according to the Anti-Phishing Working Group (APWG). "There is already a shift away from consumer to corporate banks accounts, which we expect to intensify in the coming year," said David Jevans chairman of the APWG and chief executive of security firm Ironkey.Phishing attacks are becoming increasingly targeted at pe... read more» 
   
 





 Prevx apologises to Microsoft over 'black screen of death' 
 (from ComputerWeekly at 3-12-2009) 
 Security software supplier Prevx has apologised to Microsoft fora blogthat linked the software giant's recent security updates with users experiencing system crashes. Microsoft investigated reports that its latest release of security updates is causing users' PCs to crash. Prevx reported a "black screen of death" when they ran the patch, causing the machine to fail. Microsoft said the reports on a Prevx blog were inaccurate and none of the recently released updates are related to the 'blac... read more» 
   
 





 Privacy in the spotlight: 8 million reasons 
 (from Net-Security at 3-12-2009) 
 There is an all-around media frenzy going on about the 8 million GPS location requests that Sprint Nextel received and automatically granted through a web portal to law enforcement agencies during a period of 13 months (Sept. 2008-Oct. 2009). Everybody is up in arms about it - maybe it was the sheer number, repeated over and over, that made the difference. Even though Sprint Nextel "translated" the extremely generic term "requests" into "pings" when doing damage control, and that explanation ... read more» 
   
 





 Pirates offer Windows 7 on USB sticks 
 (from Arstechnica at 3-12-2009) 
 The Chinese black market has started selling copies of Windows 7 on USB disk drives. Microsoft considered doing this at one point, but that idea never came to fruition.Pirates have been selling Windows 7 on the black market long before the operating system was officially released on October 22, 2009. That said, as far we can tell, it's a first to see Windows 7 being sold illegally on USB drives, the selling point being that they work much faster than DVDs.... read more» 
   
 





 Black Screen of Death: A Lesson in FUD 
 (from PCWorld at 3-12-2009) 
 The reports of the Windows "black screen of death" seem to be greatly exaggerated and hardly worth mentioning. The FUD (fear, uncertainty, and doubt) and sensationalism that have surrounded the issue are a bigger story than the actual black screen of death at this point, and highlight the need for clear communication and ethical disclosure. Vulnerability research is a race for bragging rights. The competition to be first to announce a new flaw--particularly a flaw that allegedly impacts Windo... read more» 
   
 





 Middle East: 30% of bloggers are women 
 (from World e-Democracy at 3-12-2009) 
 According to Eleana Gordon, founder of the Center for Liberty in the Middle East, presenting its latest initiative, the Institute of Online Activism at the World e-Democracy Forum in Issy-les-Moulineaux (Paris), 30 % of bloggers in the Middle East are women. The Institute allows women in the Middle East access to tools to "turn their dreams into action for change." Her speech illustrates the rise of e-democracy in this region.... read more» 
   
 





 UK Man Jailed For Refusing To Decrypt His Files 
 (from Techdirt at 3-12-2009) 
 Two years ago, a US judge ruled that a guy with an encrypted hard drive did not have to hand over his encryption key to the police, as it would be a violation of the 5th Amendment. The argument there is that the encryption key is a form of "speech." This is quite a reasonable ruling, but it appears that over in the UK they view encryption keys quite differently.... read more» 
   
 





 Do firms delay upgrading because of security fears 
 (from Security-Watchdog at 3-12-2009) 
 According to security giant Symantec, which has commissioned a new survey into the upgrade habits of enterprise customers, either with alarming speed or uncanny foresight. The vendor interviewed nearly 1,500 IT managers in UK, France, Germany and Italy and found that just over a third had major concerns over hackers targeting newer desktop software to find vulnerabilities.... read more» 
   
 





 Malware Messes up India's Online Test for Business Schools 
 (from PCWorld at 3-12-2009) 
 The move by India's top business schools to take their CAT entrance test online turned embarrassing after malware-infected computers left a number of students unable to take the test. Prometric, a Baltimore, Maryland, testing company hired to conduct the CAT (Common Admission Test), said this week that the testing labs faced technical difficulties mainly due to malware and viruses. It said on the CAT Web site that it has decided to reschedule the tests for the affected students.... read more» 
   
 





 European citizens wiretapped more than Turkish citizens 
 (from todayszaman at 3-12-2009) 
 As the row continues between the government and several judges over claims that a chief public prosecutor and members of the Supreme Court of Appeals have been wiretapped for a long time as part of an ongoing probe into the clandestine organization Ergenekon, research conducted by the Ministry of Justice has revealed that several mature democracies in Europe are involved in more wiretapping than Turkey. The ministry addressed the claims by revealing the amount of wiretapping in France, Germa... read more» 
   
 





 Companies Expected To Increase Spending In Computer Security 
 (from Yahoo News at 3-12-2009) 
 Security vendors could benefit as companies loosen tech budgets tightened in the recession. More than 70% of companies plan to boost tech spending next year, with security a top priority, says a survey released Monday by Pacific Crest Securities. The 80 companies polled said their biggest increases will be for servers and security software.... read more» 
   
 





 SQL Injection discovered on Wall Street Journal 
 (from the tech herald at 3-12-2009) 
 Just four days after disclosing serious issues in INCA Internet’s (nProtect) website, Unu is at it again. This time he is posting details about SQL Injection (SQLi) flaws discovered while poking around on the Wall Street Journal domain, which are just as bad as his discoveries on nProtect. Unu started his research on the CEO Council section of the WSJ, and unearthed that the Ubuntu server hosting the database was allowing the load_file parameter, which means there is the chance an attacker co... read more» 
   
 





 Security Innovation Grant - The most innovative project in the area of the information security 
 (from Team-cymru at 3-12-2009) 
 The Dragon Resesarch Group (DRG) expects to award an investment of up to $10,000 (US) to the most innovative project in the area of the information security. Administered by the Dragon Research Group, an all volunteer research organization, dedicated to further understanding of online criminality and to provide actionable intelligence for the benefit of the entire Internet community, the grant is entirely and solely funded by a personal donation from Robert O. Thomas III.... read more» 
   
 





 Hackers cash in on Chinese gaming craze 
 (from asiaone at 3-12-2009) 
 The craze in online games among Chinese netizens is fuelling an increasingly lucrative real-world market for computer hackers, security firms have said. "There is a huge underground market and major revenue comes from selling game accounts or virtual items stolen from hijacked computers," said Mr Zhang Yumu, vice-president of Beijing Rising International Software, one of China's largest security firms.... read more» 
   
 





 Business users get hacked through well-known hardware 
 (from Australian News at 3-12-2009) 
 The US government has warned that hackers can ge into corporate computer networks through well known hardware components.The government has identified flaws in equipment from Cisco Systems, Juniper Networks, SonicWall and SafeNet. The Department of Homeland Security has said the warning applies to certain networking products that can be used to hack into company computer files over the Internet.... read more» 
   
 





 Wanted: A Smokey Bear for cybersecurity 
 (from Federal Computer Week at 3-12-2009) 
 Cybersecurity has become more than a homeland security issue; it has become a national lifestyle issue that hinges on raising education at the individual level, a panel of information security experts said today. “If the U.S. is going to continue to be a center of innovation in the world, we need to up our game” and get on par with the science, engineering and technology schooling of China and India, according to Richard Schaffer, information assurance director at the National Security Agency... read more» 
   
 





 Most Cyber Attacks Can be Prevented with Monitoring 
 (from web2.sys-con at 3-12-2009) 
 Did you know that nearly half of companies these days are reducing or deferring budgets for IT security, despite growing instances of web incursions into databases and other private information? That’s according to a 2009 study by PriceWaterhouse Coopers. I came across that number while reading a story about in Wired that reports on a Senate panel’s finding that 80% of cyber attacks can be prevented. According to the Richard Schaeffer, information assurance director for the National Security ... read more» 
   
 





 Feds tighten up cybersecurity hiring policies 
 (from InfoSecurity at 3-12-2009) 
 The federal government is tightening up hiring policies for cybersecurity professionals by launching cybersecurity competency models for its employees. In a memo, John Berry, director of the US Office of Personnel Management, said that his organization had been working with the National Security Council Interagency Policy Committee (IPC). The IPC cybersecurity group had arrived at three discrete categories of cybersecurity professional.... read more» 
   
 





 Sequoia opens kimono with e-voting code handout 
 (from The Register at 3-12-2009) 
 Sequoia Voting Systems has become the first electronic voting machine maker to publish the source code used in one of its systems, a move that computer scientists have praised. On Monday, the Denver, Colorado company released the first batch of code for Frontier, an end-to-end e-voting system that it plans to begin selling in the near future. Sequoia has promised to release the blueprints for 100 per cent of its system software, including firmware, before the system is submitted for federal c... read more» 
   
 





 Many More Government Records Compromised in 2009 than Year Ago, Report Claims 
 (from Government Technology at 3-12-2009) 
 If you're bummed about the data in your department that just got breached, you have some cold comfort. Although the combined number of reported data breaches in the government and the military has dropped in 2009 compared to last year, many more records were compromised in those breaches, according to recent figures compiled by a California nonprofit. As of Tuesday, Dec. 1., the Identity Theft Resource Center (ITRC) reported 82 breaches in U.S. government and military organizations. Although ... read more» 
   
 





 3,286 Indian websites hacked in 5 months 
 (from expressbuzz at 3-12-2009) 
 As many as 3,286 websites were attacked in India between January and June 2009, most of them of various government organisations. According to the CERT-In (Indian Computer Emergency Response Team) of the Department of Information Technology, there has been an increase in the attacks on government websites from January 2005 to February 2008. “We are aware of the attacks on National Informatics Centre, the IT mainstay of the Indian Government, which was attacked by GhostNet, allegedly by a Chin... read more» 
   
 





 5 security threats to watch in 2010 
 (from zdnetasia at 3-12-2009) 
 Everyday Internet users will be a key target for cybercriminals looking to get people to download their malware, while the proliferation of social sites such as Facebook and Twitter will lead to an increase of possible fraud cases, reported Symantec. At a media gathering Wednesday, the security vendor released a report outlining security threats enterprises and consumers should be mindful of in 2010. Of these, the security risk faced by everyday Internet users is likely to increase as crimina... read more» 
   
 





 More Than Half Of Laptops At Risk In U.K. Organizations 
 (from DarkReading at 3-12-2009) 
 More than half of U.K. companies don't use data encryption to protect their business laptops, and only about half have antivirus software on their machines, according to a new survey of IT executives. Check Point Software surveyed 135 IT managers and senior IT staffers in public and private organizations and found that 51 percent don't have any data encryption on their organizations' laptops, 41 percent do, and 8 percent didn't know if they did or not.... read more» 
   
 





 5 Key Cybersecurity Areas for DHS to Tackle 
 (from govinfosecurity at 3-12-2009) 
 Five key cybersecurity challenges the Department of Homeland Security should tackle were outlined in testimony delivered Wednesday at a hearing on post-9/11 transportation challenges. The only witnesses at a Senate Commerce Science and Transportation hearing on post-9/11 transportation challenges Wednesday was Homeland Security Secretary Janet Napolitano, but the managing director for homeland security and justice at the Government Accountability Office delivered a written statement for the r... read more» 
   
 





 Howard Schmidt: mobile devices next attack vector 
 (from SecureComputing at 3-12-2009) 
 Ashley Towns' iPhone hack was the "tip of the iceberg", says cybersecurity expert. As servers and desktops become too tough to crack, malicious hackers will turn their attentions to smart phones such as the iPhone, former Microsoft security officer Howard Schmidt told a gathering of security professionals in Sydney today. Speaking to the Australian Information Security Association annual seminar day, Schmidt (pictured) said the recent exploit from 21-year-old Wollongong hacker Ashley Towns w... read more» 
   
 





 A European Take on Cloud Security 
 (from RSA at 3-12-2009) 
 I have practiced information security on both sides of the Atlantic Ocean and I have always been fascinated by the differences between the European and the North American approaches to security. Europeans tend to take a comprehensive, long term, risk-based approach whereas Americans often favor effective protections with rapid return on investment. The greater adoption of smart cards and digital certificates in Europe than in the U.S. is certainly one of the many symptoms of this difference i... read more» 
   
 





 Mapping the Mal Web - The Web’s Riskiest Domains 
 (from McAfee at 3-12-2009) 
 Let’s say you do a search for a file-sharing program that allows you to download copyrighted music for free. You find a site that offers the program and start downloading it on your computer. What’s the chance that along with the program, you are also downloading malware, such as a virus or spyware? As it turns out, it may depend on whether the site’s domain ends in .JP (for Japan) or .CM (for Cameroon) because when it comes to risk, not all domains are the same.... read more» 
   
 





 Mapping the Mal Web: McAfee’s 3rd Annual Report 
 (from avertlabs at 3-12-2009) 
 We have just released “Mapping the Mal Web,” our third report revealing the riskiest and safest web domains to surf and search. For the first time combining data from McAfee’s SiteAdvisor and TrustedSource, the report is even more comprehensive than last year’s, naming Cameroon (.cm) as the riskiest place to surf with a whopping 36.7 percent of the domains posing a security risk.... read more» 
   
 





 Internet addiction linked to self-harming among teens 
 (from The Sydney Morning Herald at 3-12-2009) 
 Internet addiction has been linked to double the normal levels of self harm among high school students, in a new study published this morning. However the researchers say it is not clear that the addiction led to self-injury - both behaviours may be symptoms of a deeper problem, a lack of self control. Researchers from the University of Sydney and Notre Dame surveyed 1618 students aged 13 to 18 in Guangzhou in China.... read more» 
   
 





 Facebook, MySpace boot out sex offenders - Make the internet safer 
 (from The Sydney Morning Herald at 3-12-2009) 
 Facebook and MySpace have closed the accounts of 3533 convicted sex offenders in New York state under a law combating online predators, officials said Tuesday. "Facebook and MySpace are successfully using e-STOP to help make the internet safer, and it's time for all social networking sites to do their part to keep others from being senselessly victimised," Cuomo told reporters.... read more» 
   
 





 Security concerns hinder cloud computing adoption 
 (from Net-Security at 3-12-2009) 
 Concerns about the security of cloud computing environments top the list of reasons for firms not being interested in the pay-per-use hosting model of virtual servers, according to a survey by Forrester Research. Forty-nine percent of survey respondents from enterprises and 51 percent from small and medium-size businesses (SMBs) cited security and privacy concerns as their top reason for not using cloud computing. The survey of more than 2,200 IT executives and technology decision-makers in C... read more» 
   
 





 Most dangerous web domains 
 (from Net-Security at 3-12-2009) 
 Africa’s Cameroon (.cm) has overthrown Hong Kong (.hk) as the Web’s riskiest domain, according to McAfee's third annual Mapping the Mal Web report, released today. At the opposite end, Japan (.jp) is the safest country domain, landing in the top five safest domains for the second year in a row. The most heavily trafficked Web domain in the world, commercial (.com), jumped from the ninth to second most dangerous domain, while government (.gov) is the safest non-country domain.... read more» 
   
 





 Certifications are not a panacea for cybersecurity woes 
 (from Federal Computer Week at 3-12-2009) 
 As Congress debates legislation to improve cybersecurity, one problematic idea that appears to have gained some traction is developing a national certification program for cybersecurity professionals. If certifications were effective, we would have solved the cybersecurity challenge many years ago. Certainly more workforce training, although not a panacea, can help teach workers how to respond to known cyberattacks.... read more» 
   
 





 Wall Street Journal website vulnerable to SQL injection 
 (from Net-Security at 3-12-2009) 
 A Romanian security researcher that goes by the handle "Unu" has made public his latest conquest. He managed to gain access to databases of the The Wall Street Journal using an SQL injection. Furthermore, Unu acquired knowledge of various passwords (stored in clear text) and private information about the members of the press.He also found out another vulnerability that can ultimately allow access to the command line - making it possible to do virtually anything with the website.... read more» 
   
 





 China continues to spend on security: survey 
 (from mis-asia at 3-12-2009) 
 Spending on security function continues to grow in Chinese enterprises despite the economic uncertainties, according to the seventh annual global state of information security survey 2010. Phishing attacks have increased over the years and in China organisations are fighting the situation by investing in IT applications that protect their sensitive data. But these enterprises still have to better manage their employees and business processes for more effective management of information risks.... read more» 
   
 





 The Fruit of the Poisoned Tree 
 (from NetworkWorld at 3-12-2009) 
 Should we hire criminal hackers as security experts? This is the second of a two-part attack on the idea from a 1995 debate in which I participated. On a broader scale, consider the message you would be giving some thirteen year old proto-hacker. These kids, like most kids, are tremendously susceptible to peer pressure. They already find criminal hacking attractive because it's viewed as today's counter-culture — something fairly harmless (compared with, say, dealing drugs) but exciting becau... read more» 
   
 





 Opinion: The hackability of the smart grid 
 (from ComputerWorld at 3-12-2009) 
 What can harm you most? That for which you are least prepared. Given the level of denial within power companies that are gearing up for the smart grid, I'd say we can expect a lot of harm to be heading their way. I've been thinking about this because a state government CISO recently told me that he worries a lot about the smart grid and the tremendous damage that could result if it were exploited. But when he has sounded the alarm, other people in the government have said they don't see how h... read more» 
   
 





 Call for Papers - you Sh0t the Sheriff 4 - Security Conference, Brazil 
 (from Luiz Eduardo at 3-12-2009) 
 The call for papers for the yStS (you Sh0t the Sheriff) conference is now open! The 4th edition will be, once again, held in Sao Paulo, Brazil, on May 17th, 2010. you sh0t the Sheriff is a very unique event dedicated to bringing cutting edge topics to the top-notch Information Security Community in Brazil. yStS mixes the highest quality presentations and speakers from all over the globe, covering diverse topics in information security. Our goal is to help attendees understand the c... read more» 
   
 





 Cloud security service looks for malware 
 (from NetworkWorld at 2-12-2009) 
 Webroot Tuesday announced it has extended its cloud-based Web security service, adding a way to filter outbound as well as inbound Web traffic, monitoring for threats in order to detect and block malware such as botnets that have infected computers. "We already have inbound filtering and now we're adding outbound," says Brian Czarny, vice president of solutions marketing at Webroot about the Web Security Service that can now monitor for signs of malware-infected corporate computers trying to ... read more» 
   
 





 Cyber Arms Control 
 (from DefenseTech at 2-12-2009) 
 The sub ject of inter na tional cyber arms con trol (ICAC) has risen in con ver sa tion around the belt way and beyond, and it’s an issue has polar ized many in the tech ni­cal and pol icy mak ing communities. The argu ment among experts revolves around whether an inter na tional cyber arms con trol treaty might reduce the plethora of crim i nal and national secu rity threats, while pro mot ing greater cyber secu rity for all. The very first argu ment is that cyber crime should be han dled ... read more» 
   
 





 Swatting Exploits Use Technology To Harm 
 (from information-security-resources at 2-12-2009) 
 In the field of information security, swatting is an attempt to trick an emergency service (such as a 911 operator) to dispatch an emergency response team, generally a SWAT team. SWAT is (Special Weapons and Tactics). Caller ID spoofing technologies are used to send law officers on bogus calls along with social engineering and phone phreaking techniques.... read more» 
   
 





 TM Forum Americas Conference - 8-10 December, Orlando FL 
 (from realwire at 2-12-2009) 
 TM Forum, the world's premier industry group focused on business effectiveness for the communications and media sectors, today announced that the growing risks of Cyber Security will be addressed through a dedicated Security Management conference session, at the Forum’s 10th annual Management World Americas conference next month (8-10 December, Orlando FL). Forming part of the new Defense Spotlight at Management World Americas, Manuel Hermosilla (DISA DISN OSS) will lead a session entitl... read more» 
   
 





 Security Pros In Demand: Report 
 (from DarkReading at 2-12-2009) 
 Chief information officers are planning to increase hiring -- although at a low rate -- in the first quarter of 2010 with traditional jobs in networking, security, and application development most in demand, according to the latest IT Hiring Index and Skills Report from employment specialist Robert Half Technology. Based on telephone interviews with 1,400 U.S. CIOs, the report, issued Tuesday, found that a net 3% increase in IT hiring activity, spread across companies of all sizes, is expecte... read more» 
   
 





 Hospital laptop stolen, data may be breached 
 (from Philly at 2-12-2009) 
 A Children's Hospital of Philadelphia laptop computer containing Social Security numbers and other personal information for 943 people was stolen from a car outside an employee's home on Oct. 20. The billing information on the computer was password-protected, but an analysis found it was "possible to decode the security controls on the laptop and gain access to the personal information."... read more» 
   
 





 Laptop Theft Debated By Councillors 
 (from Hertsad at 2-12-2009) 
 A FOUR-day lapse between council staff realising a laptop containing nearly 15,000 postal voter details was missing and reporting it to police was called into question last week. A preliminary report containing the chronology of events surrounding the theft of the laptop - which contained names, addresses, dates of birth and signatures - was put before elected members at last week's full council meeting. It emerged that council staff realised three unused laptops were missing on October 1... read more» 
   
 





 Wichita Student Private Information Online 
 (from Kake at 2-12-2009) 
 Many Wichita parents are angry after learning their children's names, ages, addresses and phone numbers are listed on an internet web site. When a friend called Gabriel Grebenik about the site he quickly did a search. "I found both their names with the address and phone number," said Grebenik.... read more» 
   
 





 Strategies For Handling A Hack Discussed 
 (from SecurityProNews at 2-12-2009) 
 Hacks happen; they're sort of a fact of modern life. And while the way in which any given company tries to prevent them is important, so is how it handles the aftermath. So, heading into the holiday/heavy hacking season, a new guide gives both businesses and consumers some ideas about best practices.... read more» 
   
 





 Small businesses unaware of Internet- and information security risks 
 (from icenews at 2-12-2009) 
 According to a recent survey conducted by the NCSA (National Cyber Security Alliance), 70 percent of small businesses claim to not have any formal Internet security policies, causing huge risks toward company safety. As a person in charge of information security within a business or organisation, it is important to understand risk management standards and procedures. Compliance with the ISO/IEC 27001 code of practice is essential to ensure integrity, confidentiality and availability of your b... read more» 
   
 





 Microsoft denies that patches caused black screens 
 (from scmagazineus at 2-12-2009) 
 Microsoft on Tuesday completed its investigation into reports that its November security updates caused some customers to experience so-called "black screens of death" and determined that the software giant's patches are not to blame. The investigation comes after British security firm Prevx on Friday reported the issue on its blog, saying Microsoft's recent security fixes triggered the problem.... read more» 
   
 





 Cameroon's Cybercrime Boom 
 (from Forbes at 2-12-2009) 
 Watch your typos, Web users. One false key stroke, and you could end up in Cameroon. In a global study of 27 million sites released Wednesday, researchers at cybersecurity firm McAfee ( MFE - news - people ) found that Cameroonian Web sites were the most dangerous in the world for unwary Web surfers. More than half the sites that McAfee tested in Cameroon's domain space--sites ending in the abbreviation ".cm"--were determined by McAfee's site reputation database to be engaged in shady behavio... read more» 
   
 





 Malicious Activities On The Rise In Internet 
 (from Bernama at 2-12-2009) 
 Malicious activities on the Internet have increased with the targets being reputable, high-traffic websites, according to a research done by Symantec. Executive Vice President and Chief Technology Officer, Symantec Corporation, Mark Bregman said more new malicious programs were detected in the last 18 months than in all the previous years combined.... read more» 
   
 





 Court to decide what time, trouble are worth in Hannaford breach 
 (from bangordailynews at 2-12-2009) 
 Whether Hannaford Bros. customers may recover damages for the time and trouble it took them to straighten out their bank or credit card accounts after the Scarborough-based firm’s computer system was breached in late 2007 and early 2008 now is up to the Maine Supreme Judicial Court. The justices have never considered what constitutes damages for lost time and effort in cases of data theft.... read more» 
   
 





 Hacker injected e-CAT with viruses 
 (from DNAIndia at 2-12-2009) 
 It is feared that the disruption caused to CAT-2009, which is being held online for the first time, was the work of a 'zero-day' hacker. A city-based cyber expert told DNA on the condition of anonymity that it was possible that such a hacker had broken into the private server used for the examination.... read more» 
   
 





 Spammers fined €11m over billions of emails 
 (from Independent at 2-12-2009) 
 A GROUP of spammers responsible for a third of the world's junk mail has been fined €11m. The spam network, led by New Zealand brothers Lance and Shane Atkinson, is believed to have been responsible for as much as one-third of the world's web junk mail. A US district court ordered the Atkinson brothers to pay €11m for sending billions of unsolicited emails.... read more» 
   
 





 Digital Economy Bill 2009 seeks to crush UK Internet Domain Registry industry with bureaucratic red tape and unfair legal costs 
 (from Hostingprod at 2-12-2009) 
 How much more damage can unelected Labour politicians like Mandelson do before the forthcoming General Election ? Quite a bit it seems, if you read the appalling Digital Economy Bill, published by the Department for Business, Innovation and Skills and the Department for Culture, Media and Sport, which Mandelson is in charge of, but which he obviously does not even pretend to devote his attention to full time.... read more» 
   
 





 IPTComm 2010 - August 2 and 3, 2010 - Leibniz Supercomputing Center, Munich, Germany 
 (from iptcomm at 2-12-2009) 
 The IP communications domain has matured beyond providing VoIP only services. Universtities, enterprises, businesses and individual consumers routinely use VoIP. The focus of IP communications is now on the operations, management, administration and provisioning aspects of large-scale, reliable and secure communication systems. To this extent, the research and standardization work now includes log file analysis, session tracing across proxy meshes and overload control. As IP communications g... read more» 
   
 





 Scientist in climate change data row steps down 
 (from BBC at 2-12-2009) 
 The research director at the centre of a row over climate change data said he would stand down from the post while there is an independent review. Professor Phil Jones, director of the Norwich-based University of East Anglia's (UEA) Climatic Research Unit (CRU), has said he stands by his data.... read more» 
   
 





 Top 10 Countries Sending Spam (Nov 23-Nov 29) 
 (from icsalabs at 2-12-2009) 
 Brazil remains the world leader for a second consecutive week in sending spam according to spam e-mail collected by ICSA Labs. China jumped up two spots passing the United States and India into the number 5 spot.... read more» 
   
 





 Securuty review: Good riddance to 2009 
 (from Network World at 2-12-2009) 
 Looking back at 2009, I'm sure I will not be alone in celebrating the end of the year with gusto. 2009 was a difficult year for most, with a slow recovery and challenging business conditions.... read more» 
   
 





 2009 Domain Name Year in Review 
 (from circleID at 2-12-2009) 
 To say that it's been quite a year in the world of domain names would be an understatement. From compromised country code Top-Level Domains (ccTLD) registries, to the delay of new generic Top-Level Domains (gTLDs), some of the events of the past year have been surprising, while others could easily have been predicted.... read more» 
   
 





 Google to limit free news access 
 (from BBC at 2-12-2009) 
 Newspaper publishers will now be able to set a limit on the number of free news articles people can read through Google, the company has announced. The concession follows claims from some media companies that the search engine is profiting from online news pages. Under the First Click Free programme, publishers can now prevent unrestricted access to subscription websites.... read more» 
   
 





 Staying ahead of the cybercriminal 
 (from Net-Security at 2-12-2009) 
 Vulnerability scans and penetration testing are not synonymous and should both be carried out on a regular basis as they expose different weaknesses in a network. Penetration testing needs to be carried out by a specialist external company, which sees how far it can infiltrate the network from three angles; as if a stranger, from inside a user account and as an administrator. This needs to happen at least a couple of times a year. End-user companies themselves can carry-out vulnerability sca... read more» 
   
 





 Ponemon’s Survey - Insider Threat Main Cause of Data Breaches 
 (from spamfighter at 2-12-2009) 
 According to the Ponemon Institute's new research "Worldwide State of the Endpoint Survey 2010," about 60% of businesses in the United Kingdom are unable to protect sensitive data from phishers and hackers due to sheer negligence by employees, as reported by Computerweekly on November 18, 2009. The survey also highlights that the frequent utilization of collaboration programs, like SharePoint, is responsible for a growing volume of haphazard information on computers that might hold sensitive ... read more» 
   
 





 The Darknet Project - Team Cymru 
 (from Team-cymru at 2-12-2009) 
 A Darknet is a portion of routed, allocated IP space in which no active services or servers reside. These are "dark" because there is, seemingly, nothing within these networks.Darknets have multiple uses. These can be used to host flow collectors, backscatter detectors, packet sniffers, and IDS boxes. The elegance of the Darknet is that it cuts down considerably on the false positives for any device or technology. The goals of the Darknet are simple - to increase awareness, and to ease mitiga... read more» 
   
 





 Nigerian hacker targets local priest 
 (from dominica news online at 2-12-2009) 
 Police suspect that a hacker who tampered with the email account of a local priest may have originated from Nigeria. According to Father Franklyn Cuffy he has received several calls from family and friends who were on his contacts list informing him that they had received an e-mail from him requesting a loan of 900 pounds as his money had been stolen on a mission to Scotland.... read more» 
   
 





 Secure Web shopping; US trails in worker benefits 
 (from Yahoo News at 2-12-2009) 
 Whether businesses like it or not, online shopping is increasingly prevalent at work, surveys show, and comprise a growing chunk of American retailers' sales. So experts say businesses need to protect their computers from viruses, spam and other problems associated with e-commerce. Surveys by the National Retail Federation, CareerBuilder and Accountemps suggest anywhere from one-fifth to one-half of U.S. office workers will be browsing retail Web sites this holiday season.... read more» 
   
 





 Harvard study: Computers don't save hospitals money 
 (from NetworkWorld at 2-12-2009) 
 A Harvard Medical School study that looked at some of the nation's "most wired" hospital facilities found that computerization of those facilities hasn't saved them any money or improved administrative efficiency. The recently released study evaluated data on 4,000 hospitals in the U.S over a four-year period and found that the immense cost of installing and running hospital IT systems is greater than any expected cost savings. And much of the software being written for use in clinics is aime... read more» 
   
 





 Survey shows cyberattacks are getting more disruptive 
 (from nextgov at 2-12-2009) 
 Cyberattacks that seek to penetrate computer networks or disrupt online services are increasing significantly, according to a survey of public and private sector information security and technology professionals released on Tuesday. Infections from software designed to infiltrate or damage a computer system were "easily the most prevalent" type of cyberattack in 2009, the Computer Security Institute survey found. More than 64 percent of 443 respondents said they were victims of malware attack... read more» 
   
 





 More attacks but fewer losses, survey finds 
 (from SecurityFocus at 2-12-2009) 
 While more companies reported malware infections, denial-of-service attacks, financial fraud and password sniffing in the last year, claimed damages due to the attacks had shrunk, according to the latest survey of security managers and corporate executives conducted by the Computer Security Institute. The report, released on Tuesday and covering from July 2008 to June 2009, revealed that more than 64 percent of companies reported malware infections, up from 50 percent during the same period t... read more» 
   
 





 Get Rich Quick! Just In Time for the Holidays 
 (from avertlabs at 2-12-2009) 
 National unemployment rates over 10% and the pressures of the holiday shopping season make for a dangerous cocktail that the cyber criminals can take advantage of. Fears of not being able to pay the monthly mortgage, car payments, backed up bills, and providing for your children for the holidays have put many people into situations that they never thought they would find themselves in. This has caused many to become desperate and vulnerable as the try to make ends meet. Cyber criminals are alw... read more» 
   
 





 Call For Presentations - SaaScon 2010 
 (from Computer World at 2-12-2009) 
 Software-as-a-Service, Platform-as-a-Service, Infrastructure-as-a-Service -- whatever you might call the mosaic that makes up Cloud Computing, they're all delivering rapid elasticity and value for a mounting volume of customers. Customers who are trading in capital expense for operating expense; complexity for simplicity; reactive maintenance for proactive management. But how do you know which technologies are right for your organization? Where to apply them? When? And -- importantly -- how to g... read more» 
   
 





 European Commission Vacancy for Seconded National Expert (SNE) 
 (from Enisa at 2-12-2009) 
 The European Commission (DG Information Society and Media; Unit A3 - Internet, Network and Information Security) has a vacancy for the position of Seconded National Expert (SNE). The vacancy notice which was distributed via Member States' Permanent Representations as of 15 November 2009 is attached to this e-mail. Please do consult your Member State's Permanent Representation to obtain information on coordination of SNE positions by national authorities. Further information on SNEs, on how... read more» 
   
 





 Privacy fears prompt Fry to quit Plaxo 
 (from The Register at 2-12-2009) 
 Stephen Fry has quit Plaxo after he became annoyed that the social networking site was revealing what he sees as too many personal details with anyone visiting the site - as opposed to designated contacts. Plaxo, which was co-founded by Napster co-creator Sean Parker, maintains an online address book and social networking service. The service has fully configurable privacy settings, but Fry believes the default settings are sharing rather more information than he's comfortable with.... read more» 
   
 





 DC businessman loses thousands after clicking on wrong e-mail 
 (from washingtonpost at 2-12-2009) 
 Pay-per-click revenue in the online advertising business may be diminishing for traditional media publishers, but thieves increasingly are earning five- to seven-digit returns when victims click on a booby-trapped link or attachment sent via e-mail. The latest victim to learn this was Nigel Parkinson, president of D.C.-based Parkinson Construction, a firm with an estimated $20 million in annual revenue that has worked on some of Washington's top gathering places, including the new D.C. Conven... read more» 
   
 





 Anti-spammers urged to gang up 
 (from The Register at 2-12-2009) 
 The combined efforts of anti-spam products outperform any individual products alone, according to an experiment by Virus Bulletin, the independent security certification organisation. In a comparative test, almost 200,000 sample emails were sent to 14 different anti-spam products that were required to filter out spam messages from legitimate smails (ham). The test found that no legitimate mail was blocked by more than four products. For more details : http://www.virusbtn.com/vbspam/index... read more» 
   
 





 Russian ransomware blocks net access 
 (from The Register at 2-12-2009) 
 Miscreants have developed a ransomware package that blocks internet access in a bid to force infected users into paying up by sending a text message to a premium rate SMS number, lining the pocket of cybercrooks in the process. The malware comes bundled in a package called uFast Download Manager and targets potential marks in Russia. Users of infected machines are told that they need to send a text message in order to obtain an activation code for the product, which (ironically) poses as a so... read more» 
   
 





 Fake CDC vaccine e-mail leads to malware 
 (from CNet at 2-12-2009) 
 Updated 5:10 p.m. PST with information about later versions of the e-mail campaign directing to a landing page with hidden code that uses an Adobe exploit to try to download malware onto the system. You can ignore that e-mail that looks like it comes from the U.S. Centers for Disease Control and Prevention about creating a profile for an H1N1 vaccination program. It's a malware scam, according to security provider AppRiver. The fake alert informs recipients that as part of a "State Vaccina... read more» 
   
 





 ISS World Americas - Intelligence Support Systems for Lawful Interception, Criminal Investigations and Intelligence Gathering 
 (from issworldtraining at 2-12-2009) 
 ISS World Americas is the world's largest gathering of North American, Caribbean and Latin American Law Enforcement, Intelligence and Homeland Security Analysts and Telecom Operators responsible for lawful interception, electronic investigations and network Intelligence gathering. ISS World Programs present the methodologies and tools to bridge the chasms from lawful intercept data gathering to information creation to investigator knowledge to actionable intelligence.... read more» 
   
 





 Feds ‘Pinged’ Sprint GPS Data 8 Million Times Over a Year 
 (from Wired at 2-12-2009) 
 Sprint Nextel provided law enforcement agencies with customer location data more than 8 million times between September 2008 and October 2009, according to a company manager who disclosed the statistic at a non-public interception and wiretapping conference in October. The spokesman wouldn’t disclose how many of Sprint’s 48 million customers had their GPS data shared, or indicate the number of unique surveillance requests from law enforcement. But he said that a single surveillance order agai... read more» 
   
 





 Microsoft: 'Black Screen of Death' Claim is Bogus 
 (from WindowsITPro at 2-12-2009) 
 Microsoft completed its investigation into the so-called "Black Screen of Death" that was widely reported Monday and Tuesday and has found that it is completely bogus. According to the software giant, reports of a Black Screen related to the security updates it issued in November are "inaccurate." "The company has found [the Black Screen] reports to be inaccurate and our comprehensive investigation has shown that none of the recently released [security] updates are related to the behavior des... read more» 
   
 





 TRUST 2010 3rd International Conference on Trust and Trustworthy Computing 
 (from trust2010 at 2-12-2009) 
 Trust 2010 is an international conference on the technical and socio-economic aspects of trustworthy infrastructures. It provides an excellent interdisciplinary forum for researchers, practitioners, and decision makers to explore new ideas and discuss experiences in building, designing, using, and understanding trustworthy computing systems. Building on the success of Trust 2009 (held at Oxford, UK) and Trust 2008 (Villach, Austria), this conference focuses on trusted and trustworthy computi... read more» 
   
 





 Gartner Customer Relationship Management Summit 
 (from Gartner at 1-12-2009) 
 The Gartner Customer Relationship Management Summit delivers the leading-edge insights on how technology enables the marketing, sales, and customer service functions, adding value to the customer experience and delivering higher levels of customer satisfaction while increasing sales & saving money.... read more» 
   
 





 ICO publishes guide to Data Protection Act 
 (from data breaches at 1-12-2009) 
 The Information Commissioner’s Office (ICO) has produced a new plain English Guide to Data Protection to provide businesses and organizations with practical advice about the Data Protection Act and dispel myths. The guide will help organizations safeguard personal data and comply with the law. The guide takes a straight-forward look at the principles of the Data Protection Act and uses practical, business-based examples.... read more» 
   
 





 Combating Cybercrime In Betting and Gaming Conference 
 (from combatingcybercrime at 1-12-2009) 
 We're closing in on the end of the year, and its time to start thinking about 2010's important conferences. Few are as vital as Combating Cybercrime, which takes place on 26th January 2010 - conveniently in the same timeframe as the must-attend IGE show and in the same Earls Court, London location. Delegates will hear the best and most interesting case studies, direct from the experts that lead effective teams in fighting Cybercrime every day.... read more» 
   
 





 Computer hacker arrested (in real life) for theft in online medieval fantasy game RuneScape 
 (from dailymail at 1-12-2009) 
 A hacker has been arrested for stealing players' identities, skills, weapons and virtual money in an online computer game. In the first case of its kind, the 23-year-old man was held for hijacking hundreds of teenage boys' accounts to gain access to their hard-won virtual abilities. The boys were taking part in RuneScape, a medieval fantasy game which has more than 100million players worldwide.... read more» 
   
 





 New Open Vacancy at ENISA For the Position of Expert in Awareness Raising 
 (from Enisa at 1-12-2009) 
 Applications are invited for the position of Expert in Awareness Raising at the European Network and Information Security Agency. ENISA shall assist the Commission, the Member States and the business community in meeting the requirements of network and information security, including those of present and future Community legislation. For More Details See This URL :See :https://www.enisa.europa.eu/about-enisa/recruitment/vacancies/expert-in-awareness-raising... read more» 
   
 





 Has the McColo shut down, has spam decreased? 
 (from TechTarget at 1-12-2009) 
 This drop in spam was mainly due to the impact that the shutdown had on controllers of six major botnets, including one of the world's largest, Srizbi. Experts put the size of this botnet at around 500,000 machines and estimated that is supposedly capable of sending around 60 billion spam messages a day -- more than half of the global total. Interestingly, one reason for the initial spam decrease was that a number of emails were discarded because they were sent to non-existent addresses dropp... read more» 
   
 





 New Open Vacancy at ENISA 
 (from Enisa at 1-12-2009) 
 The following vacancy notice is published on ENISA website: - ENISA-CA-III-2009-05 'Expert in Awareness Raising' - Deadline 15/01/2010 Job description: The Expert in Awareness Raising will report to the Head of the Technical Competence Department. He/she will work within the Awareness Raising section of the Technical Competence Department. See :https://www.enisa.europa.eu/about-enisa/recruitment/vacancies/expert-in-awareness-raising... read more» 
   
 





 The Psychology of Being Scammed 
 (from Schneier at 1-12-2009) 
 Six general psychological principles that con artists use: 1. The distraction principle. While you are distracted by what retains your interest, hustlers can do anything to you and you won't notice. 2. The social compliance principle. Society trains people not to question authority. Hustlers exploit this "suspension of suspiciousness" to make you do what they want. 3. The herd principle. Even suspicious marks will let their guard down when everyone next to them appears to share the same r... read more» 
   
 





 The Guide to Data Protection 
 (from ICO at 1-12-2009) 
 The Data Protection Act 1998 establishes a framework of rights and duties which are designed to safeguard personal data. This framework balances the legitimate needs of organisations to collect and use personal data for business and other purposes against the right of individuals to respect for the privacy of their personal details. The legislation itself is complex and, in places, hard to understand. However, it is underpinned by a set of eight straightforward, common-sense principles. If yo... read more» 
   
 





 Microsoft's security patches year in review: A malware researcher's perspective 
 (from Net-Security at 1-12-2009) 
 It's no secret that Microsoft has had the lion's share of security vulnerabilities. Its success as a company has made it the most obvious and profitable target for malware authors for nearly twenty years now. While it is true that we are seeing malware authors begin to attack other pieces of software, to the tune of up to 84%, according to Microsoft's Security Intelligence Report v7, the fact remains that because of its ubiquity, the Windows operating system will continue to be the number one ta... read more» 
   
 





 SMEs should audit before outsourcing, says report 
 (from Computing at 1-12-2009) 
 Small businesses are exposing themselves to unnecessary risk through a lack of in-house skills, according to a white paper from vendor Fifosys. "It is difficult for small companies to acquire the IT skills necessary to support today’s complex technology requirements. These can include the management of online order taking, continual email services, maintaining and servicing local and wide area networks, as well as business continuity. A one or two-person IT team simply will not be able to man... read more» 
   
 





 Gilbert man loses job in case tied to alien-search software 
 (from Azcentral at 1-12-2009) 
 The search for intelligent life apparently has stopped for Brad Niesluchowski. Higley Unified School District records obtained by The Arizona Republic show that Niesluchowski, of Gilbert, resigned in October after an investigation into suspicious activity, including the use of a program that searches satellite signals for extraterrestrial life. According to the documents, district officials said they found Niesluchowski had abused his authority in purchasing and oversight of district technolo... read more» 
   
 





 CERT Australia pushes on network security 
 (from The Australian at 1-12-2009) 
 The new computer emergency response team, CERT Australia, will expect internet service providers to be more active in cleaning up infected computers operating on their networks. Following the federal government's e-security review last year, the Internet Industry Association has been hammering out a voluntary ISP code of practice aimed at identifying botnet activity and alerting customers to security breaches.... read more» 
   
 





 The nation needs a clear cyber war doctrine 
 (from Government Computer News at 1-12-2009) 
 A recent study from McAfee on cyber crime and cyber warfare concluded that, like it or not, the world’s information infrastructures are becoming theaters of war, as nations develop offensive and defensive capabilities to wage cyber warfare. “Cyber weapons exist, and we should expect that adversaries might use them,” said James Lewis, director of the Technology and Public Policy program at the Center for Strategic and International studies.... read more» 
   
 





 Cyber crime danger - Increase by 40 to 50 per cent from 2010 to 2012 
 (from Fiji Times at 1-12-2009) 
 THE Police Force has forecast cyber crimes to increase by 40 to 50 per cent from 2010 to 2012. Jemesa Lave of the police cyber crime unit said in these two years, it was anticipated that more complicated technological crimes would be perpetrated in Fiji. Coupled with this, he said was the anticipated shift from conventional criminal operations to cybercrime. "We need legislation, we need to ensure that standards are put in place to address computer crime issues," Mr Lave said.... read more» 
   
 





 CAT goes online, students go offline 
 (from siliconIndia at 1-12-2009) 
 After a disappointing start to the online CAT, the authorities have given different theories to the problem ranging from a virus attack to server crash. However, in the eyes of students who are left in the lurch, things seem to be different. With his eyes set on the top B-schools in the country, Srinath R.P. had prepared hard to bell the Common Admission Test (CAT) this year. His exam was scheduled to be held at R.V. College of Engineering, Bangalore at 10 am on 28 November.... read more» 
   
 





 Hackers stalk Facebook to harvest cash secrets 
 (from Guardian at 1-12-2009) 
 Britain faces a new threat from the sharp increase in cyber-crime with sophisticated hackers leaving the government far behind in its attempts to catch them, according to the world's leading expert in online security. Mikko Hyppönen, who regularly works with Scotland Yard, the FBI, the US National Security Agency and Interpol, said popular networking sites such as Facebook, Twitter and Linkedin were now prime targets for criminals.... read more» 
   
 





 Parents call for online privacy lessons 
 (from IT Pro at 1-12-2009) 
 The majority of parents want their children to receive lessons in online privacy, according to survey results released today. The YouGov study, commissioned to form part of the Digital Literacy Report 2009, showed 69 per cent of parents asking for the Government to provide compulsory lessons in school so children understand their online footprint and the effects it can have.... read more» 
   
 





 Top 10 information security trends for 2010 
 (from homelandsecuritynewswire at 1-12-2009) 
 Further adoption of cloud, social media, and virtualization technologies will continue to blur the network parameter; organizations -- large and small -- should consider a layered, centralized security solution that provides multiple security touch points within the network, rather than around it Next year will be the year of ongoing change on the information security front. Further adoption of cloud, social media, and virtualization technologies will continue to blur the network parameter, w... read more» 
   
 





 Australia pushing for APAC CERT 
 (from Computer World at 1-12-2009) 
 The Federal Attorney-General’s department is working on developing greater co-ordination between the international community, business, internet service providers and government agencies to better manage cyber crime, the House of Representatives Inquiry into Cyber Crime has heard. Speaking at the Inquiry, Mike Rothery, first assistant secretary of the National Security Resilience Policy Division with the Attorney-General’s Department, said the department was working on a an international enga... read more» 
   
 





 Norwegian consumer group will mount legal challenge to Facebook terms 
 (from Out-law at 1-12-2009) 
 A Norwegian consumer protection agency is preparing a legal challenge to Facebook and other social networking companies, accusing them of operating "in a legal vacuum and irrespective of norms and standards". Forbrukerradet, the Norwegian Consumer Council, has studied the privacy policies and terms and conditions of social networking sites and says that many do not properly protect Norwegian users and do not comply with Norwegian law.... read more» 
   
 





 Boosting Security Awareness in Colleges 
 (from avertlabs at 1-12-2009) 
 Security breaches, laptop theft, and identity theft happen all the time, and these crimes increase every year. The need for people to become more aware of their digital presence and the threats surrounding it is vital. The pace at which these threats increase is much faster than our awareness grows, making a bad situation. One way to improve matters is to implement security-awareness programs in colleges and universities.... read more» 
   
 





 Summarizing Zero Day's Posts for November 
 (from Dancho Danchev at 1-12-2009) 
 The following is a brief summary of all of my posts at ZDNet's Zero Day for November. You can also go through previous summaries, as well as subscribe to my personal RSS feed, Zero Day's main feed, or follow all of ZDNet's blogs on Twitter. Notable articles include: Windows 7's default UAC bypassed by 8 out of 10 malware samples and Man-in-the-middle attacks demoed on 4 smartphones.... read more» 
   
 





 Microsoft Technet Vulnerable to Cross-Site Scripting 
 (from security-sh3ll at 1-12-2009) 
 XSS and HTML Injection bugs on http://gallery.technet.microsoft.com Vulnerable page: http://gallery.technet.microsoft.com/ScriptCenter/en-us/site/search?f%5B0%5D.Type='Tag&f%5B0%5D.Value=XSS... read more» 
   
 





 Small business a prime target for hackers 
 (from The Age - Australia at 1-12-2009) 
 All operations, big and small, need safeguards against information theft, writes Julia Talevski. If you run a small to medium business and use email, you're a prime target for hackers. Emails have become one of the most common forms of correspondence and are usually the most targeted by hackers. An estimated 247 billion emails are sent around the world every day.... read more» 
   
 





 Email super-spammer fined $16m 
 (from The Age - Australia at 1-12-2009) 
 A New Zealand man living in Queensland and believed to be behind the world's largest spam operation, has been ordered to pay more than $16 million for running the illegal enterprise. Lance Atkinson, 26, originally from Christchurch, was living in Pelican Waters on the Sunshine Coast when the US Federal Trade Commission (FTC) had his assets frozen last year.... read more» 
   
 





 JB Hi-Fi website served malware 
 (from The Age - Australia at 1-12-2009) 
 JB Hi-Fi's website was redirecting customers to malicious web pages over the weekend in a cyber attack that appears to have affected several other Australian websites in the lead-up to Christmas. The exact details of the attack are not yet clear as the retailer has refused to comment but users first started reporting problems on Friday night. Visitors to jbhifi.com.au reported being automatically redirected to Chinese websites carrying malware. Similar issues affected JB Hi-Fi's New Zealand w... read more» 
   
 





 Man arrested for robbing RuneScape virtual characters 
 (from Sophos at 1-12-2009) 
 It has been revealed that British police have arrested a 23-year-old man accused of stealing virtual characters and goods from players of one of the world's most popular online games. The man, from the Avon & Somerset region, was arrested last Tuesday by officers of the Police Central e-Crime Unit (PCeU), after allegedly phishing the usernames and passwords used by players of RuneScape, a Massively Multiplayer Online Role Playing Game (MMORPG).... read more» 
   
 





 Netspeed's website hacked (correction) 
 (from iTWire at 1-12-2009) 
 First detected by the Israeli-based security company Imperva, pages on the Netspeed site have been modified to include a variety of malware. Amichai Shulman, Imperva's CTO notes, "Following the link into an infected page within a legitimate site would infect the victim's browser with a bot." He reflects upon the fact that his organisation has detected similar malware on other prominent Australian sites, including Overclockers and Whirlpool.... read more» 
   
 





 Kiwi lands multi-million dollar fine in US for spamming 
 (from ComputerWorld at 1-12-2009) 
 Lance Atkinson, the New Zealander who was convicted in the Christchurch High Court last year of offences under the Unsolicited Electronic Messages Act 2007 and fined $100,000, is facing far greater financial penalties after being ordered to pay $US15.5 million (NZ$21 million) by US authorities for his part in the spamming network busted by New Zealand and US authorities last year.... read more» 
   
 





 Dark Internet Fundamentals 
 (from ZDNet at 1-12-2009) 
 We all think we know the internet - the service that has magically transmitted these words from my keyboard to your eyeballs - but how much do you know of the fundamentals?... read more» 
   
 





 All you wanted to know about hacking 
 (from individual at 1-12-2009) 
 When did you realise that you could hack? got interested in hacking at 12, but it took a while before I figured out how to do it. My first hack was quite interesting. I defaced a magazine site and put my own profile, pictures and e-mail id on it. But then I thought I might get into trouble, so I sent a mail to the editor with the solution on how to prevent hacking the website. He got back to me with a job offer but when he learnt that I was 13, he asked me to wait till I turned 18. I learnt ... read more» 
   
 





 ICO: Stolen laptop contained data on 110,000 people 
 (from itpro at 30-11-2009) 
 Verity Trustees has had its wrist slapped by the Information Commissioner's Office (ICO) after a laptop was stolen containing data on 110,000 people. The laptop was taken from the locked server room of Northgate Arinso, which supplies pension management software to Verity. The laptop held names, addresses, salaries, national insurance numbers and dates of birth of 110,000 people, as well as 18,000 banking details.... read more» 
   
 





 Top 13 Security Threats for '10 
 (from enterpriseitplanet at 30-11-2009) 
 After a year of unprecedented proliferation of spyware, malware and cyber attacks of all types, security software vendor Symantec warns there's plenty more where that came from in its just-released 2010 Security Trends to Watch report. Kevin Haley, Symantec Security Response group product manager, this week posted an ironic blog entry titled "Don't Read This Blog" to draw attention to the company's latest report and to illustrate how Internet users have been conditioned to click any compellin... read more» 
   
 





 Episode 27 of the Who and Why Show: Secure Configuration Summaries Part 2 
 (from YouTube at 30-11-2009) 
 In the 27th episode of Team Cymru's 'The Who and Why Show', we have the second installment of our talk with Bryan Broadhurst about his teams set of "Configuration Summaries" to help folks from a security perspective. See this weeks episode at at www.youtube.com/teamcymru... read more» 
   
 





 Feds see web of conspirators in alleged scam 
 (from individual at 30-11-2009) 
 Federal indictments handed down this month accusing former Bend-based developers of operating two real estate schemes document a history of alleged mortgage fraud that, if proven, could land the company's executives in prison for decades. The principals of the now-defunct Desert Sun Development Inc. face more than three dozen charges, including taking a total of $19 million from banks for commercial construction that was never done and an employee residential real estate investment program th... read more» 
   
 





 Why Criminal Hackers Must Not Be Rewarded 
 (from NetworkWorld at 30-11-2009) 
 In 1995, I participated in a debate with distinguished security expert Robert D. Steele, a vigorous proponent of open-source intelligence. We discussed the advisability of hiring criminal hackers. Perhaps readers will find the polemic I published back then of interest today. I’m sure it will provoke vitriolic comments from the criminal hacker community.... read more» 
   
 





 UAB computer forensics finds virus disguised as Social Security download 
 (from myfoxal at 30-11-2009) 
 Experts at the University of Alabama at Birmingham say they have discovered a new spam campaign that is made to look like messages from the Social Security Administration. This new campaign was discovered by Gary Warner and his team at the UAB Spam Data Mine.... read more» 
   
 





 Mayor's e-mail used for 650,000 messages 
 (from unionleader at 30-11-2009) 
 An estimated 650,000 of Mayor Frank Guinta's closest friends received messages sent from his city e-mail account Wednesday night and early Thanksgiving Day. Well, maybe not his friends. Someone hacked the mayor's City Hall account and used it to send the 650,000 messages.... read more» 
   
 





 Conference - OWASP AppSec Research 2010 , 2nd CALL FOR PAPERS, Stockholm, Sweden 
 (from owasp.org at 30-11-2009) 
 Submission is now open for the upcoming OWASP AppSec Research conference, June 21-24, 2010 in Stockholm, Sweden -- http://www.owasp.org/index.php/OWASP_AppSec_Research_2010_-_Stockholm,_Sweden * TOPICS OF INTEREST * We encourage the publication and presentation of new tools, new methods, empirical data, novel ideas, and lessons learned in the following areas: • Web application security • Security aspects of new/emerging web technologies/paradigms (mashups, web 2.0, offline support,... read more» 
   
 





 Latest Microsoft patches cause black screen of death 
 (from NetworkWorld at 30-11-2009) 
 Microsoft's latest round of security patches appears to be causing some PCs to seize up and display a black screen, rending the computer useless. The problem affects Microsoft products including Windows 7, Vista and XP operating systems, said Mel Morris , the CEO and CTO for the U.K. security company Prevx.... read more» 
   
 





 Prometric blames Virus for CAT 2009 Disaster! 
 (from crazyengineers at 30-11-2009) 
 The CAT 2009 disaster continues and now, Prometric, the firm responsible for conducting the common admission test for over 250,000 students is blaming virus for the disaster. TOI reports that as many as 49 centers across 24 centers across India could not conduct the test because of the virus.... read more» 
   
 





 CA:Three family members in ID theft credit card ‘bust-out’ sentenced 
 (from databreaches at 30-11-2009) 
 While many of us were getting ready for Thanksgiving, three members of a Los Angeles family who operated a credit card “bust-out” scheme in the neighborhoods surrounding the Little Armenia section of Los Angeles were sentenced to up to eight years in federal prison after pleading guilty to fraud charges. Arutyun Sarkisyan, 27, of the Silverlake section of Los Angeles, the leader of an identity theft ring with co-schemers in the United States and Russia, was sentenced to 96 months in federal p... read more» 
   
 





 Leaked emails won't harm UN climate body, says chairman 
 (from Guardian at 30-11-2009) 
 There is "virtually no possibility" of a few scientists biasing the advice given to governments by the UN's top global warming body, its chair said today. Rajendra Pachauri defended the Intergovernmental Panel on Climate Change (IPCC) in the wake of apparent suggestions in emails between climate scientists at the University of East Anglia that they had prevented work they did not agree with from being included in the panel's fourth assessment report, which was published in 2007. The emails... read more» 
   
 





 Top 10 most famous hackers 
 (from expressbuzz at 30-11-2009) 
 Kevin Mitnick Probably the most famous hacker of his generation, Mitnick has been described by the US Department of Justice as "the most wanted computer criminal in United States history." The self-styled 'hacker poster boy' allegedly hacked into the computer systems of some of the world's top technology and telecommunications companies including Nokia, Fujitsu and Motorola.... read more» 
   
 





 Raunchy spam targets online gamers 
 (from SecureComputing at 30-11-2009) 
 Security experts are warning of a new malicious spam campaign designed to harvest the log-in credentials of online gamers.Attached to the emails is a “my photos.rar” containing several sexually explicit images of a young Asian woman and a couple of executables which claim to be pornographic videos.... read more» 
   
 





 India plans its own net snoop system 
 (from The Register at 30-11-2009) 
 On the anniversary of the Mumbai terror attacks, the Indian government has announced its own version of the UK's Interception Modernisation Programme (IMP) - a massive expansion of communications surveillance for the internet age. A pilot of the Centralised Monitoring System (CMS) will begin by June next year, communications minister Gurudas Kamat said on Thursday. Like IMP, CMS will see a network of monitoring probes inserted throughout the country's fixed line and wireless communications ne... read more» 
   
 





 Virgin Blue apologises (again) for email blunder 
 (from ComputerWorld at 30-11-2009) 
 Virgin Blue has issued a second email apology regarding its frequent flyer rewards program blunder a fortnight ago, blaming a “process error” for the problem. On November 13, thousands of Velocity customers mistakenly received an email saying they had been upgraded to Gold status, only to receive apologetic retraction email hours later.... read more» 
   
 





 Protect yourself while shopping on Cyber Monday 
 (from TimesDispatch at 29-11-2009) 
 Cyber Monday hits tomorrow when shoppers are expected to swarm to the Internet in search of online deals and all things gifty. The busiest day of the virtual shopping season comes with lots of bait -- free shipping, crazy discounts, hourly specials. And across the country, workers will steal some time to search online for the perfect present. From now through December, more than 68.8 million people with Internet access at work will shop for holiday gifts, according to a survey published by Sh... read more» 
   
 




 Online gaffes hard to cover up 
 (from nzherald at 29-11-2009) 
 So, you fail to take a deep breath and to count to 10 - and you post something you probably shouldn't on Twitter or Facebook. Hopefully, it blows over without doing too much damage. But what if you're famous and have thousands, if not millions of virtual followers?... read more»

Disqus for ePayment News