Internet Security News through January 30th

This Free IT-Security news feed was compiled and is provided by E-Secure-IT; the most comprehensive and complete Business Risk Management Intelligence Service and IT-Security Risk and Threat Early Warning Service available in the market today.  They offer a 30 day complimentary subscription. 

Visit them at www.e-secure-it.com or email more-info@e-secure-it.com for more information on their available services.

When standards bodies are the cyber threat     (from Network World at 30-1-2010)     Believe it or not, some practices of the groups charged with producing security standards represent cyber threats in their own right. As government and industry increasingly collaborate to enhance cyber security, it is critical these practices be considered as part of the overall cyber security framework. Crafting security standards involves multiple steps. First, experts agree on specifications intended to enhance cyber security. Then those specifications are made available to a community of... read more»

Hackers Kick Off Tax Season With Oklahoma Web Site Attack     (from CRN at 30-1-2010)     You might not be preparing your taxes yet, but hackers are thinking ahead with new tax-time scams. The Oklahoma Tax Commission was victimized by an attack that defaced the organization's Web site and downloaded malware onto visitors' computers, security researchers say. Visitors to the Oklahoma Tax Commission Web site were told they needed to accept an Adobe license agreement and then download software. While the prompt appears "normal," researchers said that the application contained malicio... read more»

Nigerian 419 scams on the rise     (from ComputerWorldUk at 30-1-2010)     Internet scammers had a bumper year in 2009 with people around the world continue to be duped by so-called 419 frauds, with one Dutch private investigation company estimating the highest ever annual losses occurred in 2009. Victims lost at least US$9.3 billion last year, up from $6.3 billion in 2008, said Frank Engelsman of Ultrascan, a Dutch company that investigates 419 scams - also known as advance-fee frauds (AFFs) - and other types of crime. Ultrascan will release a complete report on Fr... read more»

Telecom N.Z.’s XT Mobile Service Restored, Compensation Planned     (from Bloomberg at 30-1-2010)     Telecom Corp., New Zealand’s biggest telephone company, said services on its high-speed mobile network have been restored after a three-day fault. Mobile sites on the lower South Island, the last to be restored, returned to service late last night, Telecom said in a statement on its Web site today. Compensation for customers significantly affected by the shutdown will be announced next week, the Auckland-based company said.... read more»

Google Nexus One T-Mobile Outage - Over and Out : Reboot     (from Wireless and Mobile News at 30-1-2010)     Earlier today, Friday, there were reports of network connections problems with the Google Nexus One supertphone. We have a review unit of the Nexus One, and we have not experience problems. It is now working and surfing the web fine. If you are experiencing connections problems with T-Mobile on your Nexus One, it is reccomended that shut your phone completely off and then rebooot it.... read more»

Bank of America Web site goes down Friday     (from CNet at 30-1-2010)     Bank of America was investigating an outage on Friday that affected an unknown number of customers but had ruled out a cyberattack, a representative said. "Our online-banking service is available," spokeswoman Anne Pace said in a telephone interview on Friday afternoon. "We ruled out a cyberattack, but are working with partners to determine the root cause."... read more»

Lawmakers want review into House site defacements     (from scmagazineus at 30-1-2010)     U.S. House leaders are seeking answers as to why hackers were able this week to deface nearly 50 websites belonging to the lower chambers' members and committees. In a letter Thursday, Speaker Nancy Pelosi, D-Calif., and Minority Leader John Boehner, R-Ohio, requested an “immediate and comprehensive” review of the incident by Daniel Beard, the House's chief administrative officer.... read more»

Google still thinks it can change China     (from CNet at 30-1-2010)     After all the posturing of the past few weeks, Google CEO Eric Schmidt apparently still thinks that his company can change China. In comments at the World Economic Forum in Switzerland, Schmidt continued to soften his rhetoric toward the government of China, which Google all but accused of orchestrating a cyberattack that resulted in the theft of intellectual property. "We like what China is doing in terms of growth...we just don't like censorship. We hope that will change and we can apply s... read more»

Government closes half of its websites     (from kable at 30-1-2010)     A further 479 are "committed to be closed", according to a written answer from Cabinet Office minister Angela Smith on 27 January 2010. She was responding to a request for information from shadow Cabinet Office minister Francis Maude, who also asked for details of the numbers of websites operated by different organisations in Whitehall.... read more»

CIA, PayPal under bizarre SSL assault     (from The Register at 30-1-2010)     The Central Intelligence Agency, PayPal, and hundreds of other organizations are under an unexplained assault that's bombarding their websites with millions of compute-intensive requests. The "massive" flood of requests is made over the websites' SSL, or secure-sockets layer, port, causing them to consume more resources than normal connections, according to researchers at Shadowserver Foundation, a volunteer security collective. The torrent started about a week ago and appears to be caused by... read more»

Google Attack Highlights 'Zero-Day' Black Market     (from abcnews at 30-1-2010)     The recent hacking attack that prompted Google's threat to leave China is underscoring the heightened dangers of previously undisclosed computer security flaws — and renewing debate over buying and selling information about them in the black market. Because no fix was available, the linchpin in the attack was one of the worst kinds of security holes. Criminals treasure these types of "zero day" security vulnerabilities because they are the closest to a sure thing and virtually guarantee the s... read more»

Experts fret over iPad security risks - Death and taxes and browser exploits     (from The Register at 30-1-2010)     Apple's much hyped iPad tablet may come tightly locked down but the device is still likely to be affected by many of the security issues that affect the iPhone, as well as some of its own. Security experts polled by El Reg were concerned about a variety of risks, in particular phishing attacks and browser exploits. Graham Cluley, senior technology consultant at Sophos, commented: "The iPad, from the sound of things, will be as locked down as the iPhone. Hackers will no doubt try to jailbreak ... read more»

RI man given 11-year sentence for ID theft scheme     (from WBZ at 30-1-2010)     A Rhode Island man has been sentenced to 11 years in prison for his role in an identity theft and credit card scheme. Eric Snead, of Providence, pleaded guilty in October to orchestrating the scheme. Four others also admitted guilt. The four codefendants are scheduled to be sentenced in March.... read more»

Google phases out support for IE6     (from BBC at 30-1-2010)     Google has begun to phase out support for Internet Explorer 6, the browser identified as the weak link in a "sophisticated and targeted" cyber attack on the search engine. The firm said from 1 March some of its services, such as Google Docs, would not work "properly" with the browser. It recommended individuals and firms upgrade "as soon as possible". Google threatened to withdraw from the Chinese market following the attacks, which it said originated in China. Hackers used a flaw in... read more»

Hacked Twitter accounts a delicacy among cybercriminals     (from venturebeat at 30-1-2010)     News that cybercriminals are seeking out user names and passwords for resale is nothing new — but according to researchers at the anti-virus company Kaspersky Lab (via Computerworld), stolen Twitter accounts are fetching a higher price than other credentials among criminals. One Twitter account with only 320 followers recently sold for $1,000. Hackers have relied on malware software for some time to gather credit card numbers, bank log-ins, and whatever else they could find from unsuspecting ... read more»

Critical Infrastructure Vulnerable To Attack     (from informationweek at 30-1-2010)     Executives at corporate operators of critical infrastructure -- power, water, oil, telecom, finance, and transportation companies -- say that their networks face relentless attacks from cybercriminals and foreign governments, a situation that amounts to an undeclared cyberwar. On Thursday, McAfee, a security vendor, published a cyber security report authored by the Center for Strategic and International Studies (CSIS), a public policy research group.... read more»

McAfee, Inc. Report Reveals Cyber Coldwar, with Critical Infrastructure Under Constant Cyberattack Causing Widespread Damage     (from McAfee at 30-1-2010)     McAfee, Inc. (NYSE:MFE) today revealed the staggering cost and impact of cyberattacks on critical infrastructure such as electrical grids, oil and gas production, telecommunications and transportation networks. A survey of 600 IT security executives from critical infrastructure enterprises worldwide showed that more than half (54%) have already suffered large scale attacks or stealthy infiltrations from organized crime gangs, terrorists or nation-states. The average estimated cost of downtime... read more»

Burglar steals computers from city cemetery building     (from croatiantimes at 30-1-2010)     Police are investigating the case of an unknown burglar who stole five computers and four monitors at a Sisak cemetery building last night (Weds/Thurs). City cemetery head Mijo Domitrovic said the thief had stolen a CD with 2009 business documents and data. Domitrovic added that one stolen computer had contained a complete inventory of graves and information about grave fee payments.... read more»

Hackers threaten critical infrastructure     (from TGDaily at 29-1-2010)     A shocking report published by security company McAfee reveals that more than half of critical infrastructure enterprises worldwide have fallen victim to large scale or stealth cyber attacks. From public transportation, to energy to telecommunications, these are the systems we depend on every day. An attack on any of these industries could cause widespread economic disruptions, environmental disasters, loss of property and even loss of life.... read more»

McAfee: Attacks on critical infrastructure are common     (from ZDNet at 29-1-2010)     Cyberattacks on critical national infrastructure are common and are likely to increase, according to a report from McAfee. Critical national infrastructure organisations include utilities, oil companies, transport companies, communications companies and banks.... read more»

Security breach may affect 77,000 public employees, retirees in Alaska, raising threat of identity theft     (from Newsminer at 29-1-2010)     One of the immediate questions about the security leak the state announced today is why did the accounting firm learn about it in early December and reveal it to the state last week? PricewaterhouseCoopers should have acted sooner when it learned that the names, birth dates and Social Security numbers of 77,000 people were lost in its Chicago office and the information could have fallen into the wrong hands.... read more»

Cyberattacks from U.S. 'greatest concern'     (from SecurityFocus at 29-1-2010)     Global companies worry more about cyberattacks from actors based in the United States, not China, according to a survey of 600 information-technology executives released by McAfee on Thursday. The survey found that 36 percent ranked network attacks coming from the United States as their "greatest concern," compared to 33 percent most concerned about attacks from China. Russia came in a distant third, with only 12 percent of those polled rating it the most concerning.... read more»

Twitter vows to circumvent censorship     (from v3 at 29-1-2010)     Twitter has revealed that it is trying to stop its service being censored or blocked by foreign governments such as those of Iran and China, according to widespread reports. Twitter chief executive Evan Williams said at the World Economic Forum in Davos that the site is working on a number of ways to avoid censorship, and will not engage with governments on the issue.... read more»

EU telecom regulator Berec holds first meeting     (from Telecompaper at 29-1-2010)     The new Body of European Regulators for Electronic Communications (Berec) has held its first meeting in Brussels. Created under the EU telecoms reform legislation passed late last year, the body uniting national telecom regulators of EU member states is a more formal successor to the European Regulators Group. Berec provides a platform for the regulators to coordinate cross-border policies, share best practices for local markets, study new market developments and advise the European Commissi... read more»

Google, China, and the coming threat from cyberspace     (from The Christian Science Monitor at 29-1-2010)     The recent cyberespionage attacks on Google and that company’s subsequent announcement that it would reconsider its search engine services in China gripped the world’s focus and set off a debate about China’s aggressive cybersecurity strategy. The apparent scope of the attacks – more than 30 companies affected, Gmail accounts compromised, human rights groups targeted – took many by surprise. Some observers believe the attacks were highly sophisticated in nature, employing never-before-seen t... read more»

European Commission promises data privacy refresh     (from v3 at 29-1-2010)     European information society and media commissioner Viviane Reding has used today's Data Privacy Day to propose a modernisation of the European Union's privacy rules in order to keep pace with advances in technology. EU rules should allow everyone to realise their right to know when their personal data can be lawfully processed, in any area of life, whether boarding a plane, opening a bank account or surfing the internet, and to say no to it whenever they want.... read more»

Privacy Commissioner delays zombie code     (from ZDNet at 29-1-2010)     The finishing touches to an e-security code of conduct which will prevent compromised computers, also called "zombies", from accessing the internet is being delayed following concerns flagged by the Privacy Commissioner. It aims to make formal existing voluntary security arrangements that internet service providers (ISPs) currently follow under a scheme run by the Australian Communications and Media Authority (ACMA), according to Internet Industry Association (IIA) CEO Peter Coroneos.... read more»

China to take time to cut Internet censorship: web founder     (from Google at 29-1-2010)     China will gradually move to cut censorship of the Internet, but it will take a long time, the man credited with inventing the World Wide Web said Wednesday. Commenting on Google's threat to pull out of China, Tim Berners-Lee said Beijing was having to move "carefully" in opening up Internet openness, but said the "genie is out of the bottle" in terms of access.... read more»

Ballmer & Gates defend China censorship     (from ComputerWorldUk at 29-1-2010)     Microsoft CEO Steve Ballmer defended the company's presence in China in a message on Wednesday, after Chinese media seized on a statement by Bill Gates about Chinese web censorship being "very limited". "We have done business in China for more than 20 years and we intend to stay engaged, which means our business must respect the laws of China."... read more»

Information Security Agenda - Kevin Richards, President of ISSA     (from govinfosecurity at 29-1-2010)     With Howard Schmidt's appointment as national cybersecurity coordinator, his role as president of the Information Systems Security Association (ISSA) has been filled by Kevin Richards, a risk management advisor with Crowe Horwath. In an exclusive interview, Richards discusses: Top agenda items for ISSA in 2010; Biggest information security threats; Best opportunities for information security professionals.... read more»

Which Nation is Most Feared in Cyberspace?     (from govinfosecurity at 29-1-2010)     Which country is more likely to launch a cyber attack against the critical IT infrastructure of a foreign nation: China, Russia or the United States? According to a survey of 600 IT and security executives from 14 countries and seven industrial sectors, the nation most feared is the U.S. Even from the longtime American ally Germany, 45 percent of respondents named the U.S. as their top concern compared with 34 percent chose China.... read more»

Phishing Attacks Steadily Rise     (from informationweek at 29-1-2010)     A report this week shows the number of phishing attacks continue to climb, year over year. Ditto for the number of Web servers dishing out malware. And the country that hosts the most phishing sites? That one just may surprise you. The Phishing Activity Trends Report for the third quarter of 2009, published by the Anti-Phishing Working Group, paints a grim outlook when it comes to phishing. Nearly all statistics relating to phishing attacks are on the rise. More Information: http://www.an... read more»

IIPSEC 20ten Postponed & Relocated to Earls Court, London in October     (from iipseconline at 29-1-2010)     We are pleased to announce that IIPSEC 20ten Europe's Premier IP based Security Technology event will be re-scheduled and co-located with the UK's No.1 IP infrastructure event IP EXPO and moved to London Earls Court 2 on 20 - 21 October 2010. New Venue, New Date, New Partner! IP Expo is now in its 5th year and attracts over 7,000 IT professionals across all verticals with a particular strength in public sector and finance. We are all aware of the continued convergence between the phy... read more»

Merchants lose £400k a year to online fraud     (from ZDNet at 29-1-2010)     UK merchants say online fraud is now the greatest threat they face, costing them on average £400,000 in annual losses, according to a survey published on Tuesday by CyberSource. The payments processing provider's sixth annual UK Online Fraud Report found that traders lost 1.8 percent of their online revenues to scams in 2009, with an average of 1.6 of orders accepted proving to be fraudulent.... read more»

Google, IP Struggles Fuel US Business Concerns in China     (from CIO at 29-1-2010)     U.S. Commerce Secretary Gary Locke on Thursday warned that China must become more transparent and predictable, as a row between Google and China drew concern about the business environment there for foreign companies. Recent intellectual property rules that could block foreign companies from winning Chinese government contracts, followed by Google's threat this month to leave China due to hacking and censorship, have put a spotlight on the tough regulations often faced by U.S. companies in Ch... read more»

Home Office spawns new unit to expand internet surveillance     (from theregister at 29-1-2010)     The Home Office has created a new unit to oversee a massive increase in surveillance of the internet, The Register has learned, quashing suggestions the plans are on hold until after the election. The new Communications Capabilities Directorate (CCD) has been created as a structure to implement the £2bn Interception Modernisation Programme (IMP), sources said.... read more»

San Diego set to become cyber security leader     (from sdnn at 29-1-2010)     Cyber crime is notoriously hard to track, but experts agree that threats to online transactions of all types grow yearly, and shoring up defenses against these threats is paramount. According to the anti-virus software company Symantec, 87 percent of e-mails sent in 2009 were spam, and 2 percent of spam contained malicious software or viruses — up 900 percent from 2008. This continuing increase in cyber threats is part of what motivated a cyber security collaboration conference between In... read more»

Phishing attacks rose significantly over the past two months as more consumers admit to being victims of fraud     (from scmagazineuk at 29-1-2010)     Phishing attacks accounted for more than half of all viruses over the last two months. Analysis by Network Box revealed that phishing attacks soared before Christmas (to 57 per cent of malware), as criminals attempted to exploit the number of people shopping online. The figure was confirmed by RSA's online fraud report for January, which stated that in December, the total number of phishing attacks identified was 15,596 attacks, a three per cent increase from November.... read more»

Congress hacked near Obama speech     (from TechWorld at 29-1-2010)     More than two dozen Congressional websites have been defaced by the Red Eye Crew, a group known for its regular attacks on websites. The sites, some of which were using the Joomla content management system (CMS), were wiped of their regular content and replaced with a message coarsely expressing disapproval for US President Barack Obama. Democrats seemed to be predominantly targeted. The attacks came around the same time as Obama gave his first State of the Union address on Wednesday night... read more»

Search is getting more social     (from googleblog at 29-1-2010)     Late last year we released the Social Search experiment to make search more personal with relevant web content from your friends and online contacts. We were excited by the number of people who chose to try it out, and today Social Search is available to everyone in beta on google.com.... read more»

Critical infrastructure under continual cyber attack, says report     (from ComputerWeekly at 29-1-2010)     More than half the world's critical infrastructure organisations admit being targeted by cyber attacks, research commissioned by security firm McAfee has revealed. Some 54% of IT security executives at 600 critical infrastructure providers surveyed said they have been hit by large-scale attacks or infiltrations. Twenty nine per cent said they are facing multiple attacks every month, according to the survey by the Center for Strategic and International Studies (CSIS). Attacks by cybercri... read more»

unNamed App (Updated) - There is an hoax circulating on Facebook right now     (from pandalabs at 29-1-2010)     Cybercriminals are always trying to figure out the best way to fool users, and I have to admit that sometimes they do it using some smart approaches. There is an hoax circulating on Facebook right now: ALERT >>>>> Has your facebook been running slow lately? Go to “Settings” and select “application settings”, change the dropdown box to “added to profile”. If you see one in there called “un named app” delete it… Its an internal spybot. Pass it on. about a minute ago….i checked and it was on... read more»

Black Hat SEO Campaign Targets iPad     (from EWeek at 29-1-2010)     As always, attackers are hard at work on the black hat SEO front. Today's target is the Apple iPad. Search engine optimization poisoning is being used to rope users entering keywords such as "Apple Tablet" and "Apple iPad rumor" into downloading rogue security software. According to Symantec, the terms lead users to results from malicious sites such as youcanbesureforsafe.net, mastersmegasecurity.net and antyspywarescanblog.com. On its blog, a screenshot taken by Symantec showed the poison... read more»

Anatomy Of A Targeted, Persistent Attack     (from DarkReading at 29-1-2010)     A new report published today sheds light on the steps ultra-sophisticated attackers take to gain a foothold inside governments and company networks and remain entrenched in order to steal intellectual property and other data. The bad news is these attacks -- including the recent ones on Google, Adobe, and other companies -- almost always are successful and undetectable until it's too late.... read more»

Crimeware: Do It Yourself Criminal Hacking     (from Finextra at 29-1-2010)     For $400-$700 you too can be a criminal hacker. Phishing hacking and spoofing software has been around for a few years. Heres what may be an example. The ease and availability of this good for nothing other than crime software has made it easier, cheaper and more user friendly than ever to get into the cybercrime business. Anyone with moderate computer skills that can navigate around the web and upload or download files is pretty much capable of accessing and implementing the crimeware. ... read more»

Phony AV Now Stalking Google Image Search     (from EWeek at 29-1-2010)     Proving once again that rogue AV threats are as ubiquitous as any brand of malware campaign out there these days, the phony security programs have now made the leap to Google Image search results. Rogue AV attackers are sprinkling their wares throughout search results for popular terms including the names of actresses on popular TV shows, experts with Webroot report. The attacks target end users by returning images to Google searches that subsequently point people's browsers toward URLs deliv... read more»

Study confirms demise of the myth of attacks from within     (from h-online at 29-1-2010)     Last year, network giant Verizon suggested that the 'attack from within' was more of a myth than a serious threat. A study by UK security services provider 7Safe in conjunction with the University of Bedfordshire underpins this suspicion. Of 60 incidents investigated, only 2% could be traced back to internal attackers. However 18% of attacks were found to have taken place via systems belonging to business partners. The report emphasises that this does not necessarily mean that these partners ... read more»

SOHU Digital Channel Web Site Compromised with Xunlei Thunder DapPlayer Exploit     (from Websense Security Labs at 29-1-2010)     Today Websense Security Labs ThreatSeeker Network discovered that the SOHU Digital Channel Web site was compromised with a Xunlei Thunder DapPlayer Exploit that can lead to downloading and executing an Autorun worm that steals users' online game account information. SOHU is one of the biggest portals in China, with Alexa rank 43. It offers mainly advertising, search engines, and online multi-player gaming. While Xunlei is one of most popular download managers and BitTorrent clients, it also o... read more»

Web searches for iPad leading to malicous sites     (from CNet at 29-1-2010)     Security companies are warning consumers and Web site operators to be wary of iPad related search scams. "This is just the kind of opportunity fraudsters like to exploit by poisoning search terms," said Symantec's Candid Wueest. Wueest also warned about "iPad-related spam and phishing attacks hitting consumers hard over the coming weeks." In an interview, Don Debolt, CA's director of threat research, warned about "black hat search optimization"--a scam whereby hackers take advantage of sec... read more»

Are you managing for cybercrime?     (from fiercecio at 29-1-2010)     As a manager, your to-do list gets longer every day. You must keep your IT shop operating efficiently, make sure the budget is on track and prepare for post-recession growth. However, some managers are coming up short when it comes to protecting against cybercrime. Despite the constant drumbeat about cyberattacks and the need to protect your systems, a new survey finds that IT execs are not as concerned about bigger cyberthreats as they should be.... read more»

Global 419 Advance Fee Fraud Statistics 2009 (PDF report, 225 pages)     (from Ultrascan Advanced Global Investigations at 29-1-2010)     419 Advance Fee Fraud - Money for Free is big business - The worlds most successful scam Higest Losses - Over 41 billion US$ to date, 9.3 Billion in 2009 alone Highest number of organized Perpetrators - Over 300,000 globally. Growing 5% per annum, faster than ever. Highest Number of Victims - Millions of people gave incurred a loss to 419 Advance Fee Fraud - Marked increase of victims in Chinese population... read more»

How to Protect Your Reputation Online     (from ComputerWorld at 29-1-2010)     Several months ago when Twitter introduced its lists feature, social media consultant Allen Mireles checked to see which lists included her. "I wanted to see if the lists I was on were a reflection of how I wanted to be viewed on Twitter," she says. She found two surprises: A porn star had included her on a list and another user listed her under "people I've seen naked"-a surprise, she says, because she had never met the person.... read more»

DHS Cyber and Rodney Dangerfield: Looking for Respect     (from Adfero at 29-1-2010)     The late, legendary comedian Rodney Dangerfield long complained about getting “no respect.” After attending Wednesday morning’s Government Executive Leadership Series breakfast, “Cyber Security: Who Leads,” DHS may feel like using Rodney’s most memorable line to describe its placement in the federal cyber world. In what was a first-class discussion of the challenges and issues compounding the federal and international cyber-security environment, nary a word was mentioned about DHS and the r... read more»

Netflix to FCC: scary loophole in net neutrality rules     (from ARS Technica at 29-1-2010)     Netflix, the company that mails out DVDs and streams movies to millions of home theater potatoes, made the rounds to the Federal Communications Commission on Friday. The company's general counsel told staffers and Commissioners that the movie rental distributor supports the agency's proposed Internet nondiscrimination rules. But they also include a potentially nasty loophole, Netflix warned—the "managed services" category that the Commission created in its Notice of Proposed Rulemaking back in O... read more»

Even without cookies, a browser leaves a trail of crumbs     (from ARS Technica at 29-1-2010)     Those with no technical knowledge generally believe that they are anonymous when simply browsing the Web. Those who know more might recognize that IP addresses can be used to do some rough targeting, while browser cookies can be used to track someone across sessions and across IP addresses. But what if your browser itself—even with cookies off and IP addresses out of the picture—was leaving a digital fingerprint at every site you visit?... read more»

MS10-002 Exploit Constructor - You obtain a html file that contains the exploit     (from panda security at 29-1-2010)     As humans beings, we tend to be a bit lazy, at least in most of the cases. And cybercriminals are human beings, and therefore, lazy. My colleage Andrew Chang (AhnLab) has sent me a MS10-002 Exploit Constructor they’ve found out in a Chinese underground web site. When you run it, and click on the bottom-left button, you obtain a html file that contains the exploit. If you can understund Chinese, it says something like “Dark Techniques Working Group”.The resulting html file will download the ... read more»

The most magical question of all -- why are so many bright people fooling themselves about the science in information security?     (from Financial Cryptography at 29-1-2010)     It has been clear for a long time that information security was more about perception than any other factor than was good for it, a concept I tried to turn into a theory in the market for silver bullets, based on some solid thinking by others on the economics of insufficient information. Here are some random snippets that seem to anecdotally support that security is dominated by perception. Gunnar reports on Google who were apparently subject to a cyber-attack by China. I didn't notice, proba... read more»

Data cops seek law change after CRU broke rules     (from The Register at 29-1-2010)     The Information Commissioner's office wants to plug a loophole in the UK’s sunshine laws, after academics at the centre of the ‘Climategate’ scandal at the University of East Anglia escaped prosecution on a technicality. The ICO has said the Climatic Research Unit breached Section 77 of the Act - the so-called "shredding offence" - by failing to comply with requests to hand over data made in 2007 and 2008.... read more»

WASC RSA Meet-Up 2010!     (from WhitehatSec at 29-1-2010)     The Web Application Security Consortium (WASC) is having an official meetup in San Francisco during the RSA conference.... read more»

Report: Critical Infrastructures Under Constant Cyberattack Globally     (from Wired at 29-1-2010)     Critical infrastructure systems around the world are the targets of repeated cyberattacks, according to a new global survey of technology executives in these industries. They believe some of the attacks are coming not just from individual cybercriminals but terrorists and foreign nation states. The United States and China are believed to be the most likely countries to conduct a cyberattack against the critical infrastructure of another nation, according to the respondents.... read more»

Top 50 Spamvertised Websites     (from reportspammers at 29-1-2010)     This is a list of the websites advertised in the last 50 emails stopped by the emailcloud network. This page is updated every 10 seconds with new data. We get this data by looking into the content of spam emails and stripping out the website links. We use this information to work out the IP address of the web server, the administrators contact details and the content type of the website. All this data is then used to prevent further attacks from this sender.... read more»

ReportSpammers.net - Report Spammers also lists the most recent spamvertised sites seen on it’s mail clusters     (from Infosanity at 29-1-2010)     I was recently pointed towards www.reportspammers.net, which is a good resource for all things spam related and is steadily increased the quantity and quality of the information available. As much as I like the statistics that can be gathered from honeypot systems, live and real stats are even better and the data utilised by Report Spammers is taken from the email clusters run by Email Cloud.... read more»

Congressional Web Site Defacements Follow the State of the Union     (from praetorian prefect at 29-1-2010)     Shortly after President Obama’s State of the Union address, constituents visiting the web sites of Congressional representatives like Charles Gonzalez (20th District of Texas), Spencer Bachus (Alabama’s 8th District), and Brian Baird (Washington’s 3rd District) were presented with a defacement message from the Red Eye Crew that as of 4:10 am EST remains up on their web sites. All of the sites affected are in the house.gov domain, but not every congressional site in the domain is defaced.... read more»

Imitation Google, YouTube sites emerge in China     (from The Sydney Morning Herald at 29-1-2010)     Imitation websites of both Google and YouTube have emerged in China as the country faces off against the real Google over its local operations. YouTubecn.com offers videos from the real YouTube, which is blocked in China. The Google imitation is called Goojje and includes a plea for the US-based web giant not to leave China, after it threatened this month to do so in a dispute over web censorship and cyberattacks.... read more»

Computers under constant attack     (from Sydney Morning Herald at 29-1-2010)     Thirty per cent of computer systems for the nation's essential services such as banks, government and utilities are repeatedly attacked by hackers every month, according to an international report released today. More than half of those targets are hit multiple times a week or even multiple times a day, and the situation could get worse. Forty per cent of the Australian experts surveyed for the report believed the nation would sustain a ''major cyber incident'' against its key services in the... read more»

Hacker breaks into 49 House sites, insults Obama     (from Associated Press at 29-1-2010)     A hacker broke into 49 House Web sites of both political parties to post a crude attack on President Barack Obama after his State of the Union address. Jeff Ventura, spokesman for the House chief administrative officer, said the sites were managed by a private vendor - GovTrends of Alexandria, Va. Most House Web sites are managed totally by House technicians but individual offices are permitted to contract with a third party to manage new features and updates. Ventura says GovTrends let it... read more»

Critical infrastructures under attack, warns McAfee     (from v3 at 29-1-2010)     Attacks on critical infrastructure IT systems are widespread and growing in frequency, and could cost over $6m (£3.7m) a day on average, according to a detailed new report from security giant McAfee launched today. In the Crossfire: Critical Infrastructure in the Age of Cyberwar is one of the most in-depth reports of its kind in the security area. McAfee surveyed over 600 professionals responsible for critical infrastructure protection across seven sectors in 14 countries, and commissioned th... read more»

Top US lawmakers demand hacker probe     (from MSN News at 29-1-2010)     Top US lawmakers late Thursday demanded a full investigation into how hackers were able to break into and "deface" the official Internet sites of 49 members of the US House of Representatives. The unknown culprits posted a mocking, obscenity-laced screed against President Barack Obama after he delivered his prime-time State of the Union address on Wednesday.... read more»

UCSF patient records possibly compromised     (from SFGate at 29-1-2010)     Medical records for about 4,400 UCSF patients are at risk after thieves stole a laptop from a medical school employee in November, UCSF officials said Wednesday. The laptop, which was stolen on or about Nov. 30 from a plane as the employee was traveling, was found in Southern California on Jan. 8. ... read more»

3rd International Computers, Privacy and Data Protection Conference     (from cpdpconferences at 29-1-2010)     Objectives CPDP 1 Identifying and addressing new challenges to be faced by computer privacy and data protection,especially with regards to issues related to profiling and autonomic computing, 2 Bringing together, in a high level expertise conference, most of the academic key specialists in the field,data protection commissioners, computer scientists, practitioners, activists and people from standardization bodies and ICT industries, 3 Addressing recommendations to private and public pol... read more»

Global CIO: After Google Cyber Attack, CIOs Must Find The Body     (from Tech Web at 29-1-2010)     Saying that "the world has changed" since the Chinese began their cyberattacks under the name Operation Aurora, McAfee CTO George Kurtz said CIOs need to adapt their threat models "to the new reality of these persistent threats." But these latest attacks are making it hard for CIOs to make their case to the CEO because the post-Aurora threats are almost undetectable. They leave no evidence. They leave no body. The new challenge: "While a sophisticated attacker will leverage insidious malware,... read more»

Private data of 8,600 Ont. teachers compromised     (from CBC at 29-1-2010)     Laptops containing sensitive records belonging to thousands of Ontario teachers have been stolen, CBC News has learned. The three laptops contained names, addresses, birth dates and social insurance numbers of about 8,600 teachers, most of whom work at elementary schools for the Toronto District School Board. The computers were stolen from the Waterloo, Ont., offices of the Ontario Teachers Insurance Plan on Dec. 3.... read more»

UCSF says laptop with 4,400 patient records stolen, then recovered     (from San Francisco Business Times at 29-1-2010)     UC San Francisco said Wednesday that a laptop containing files with information on 4,400 patients was stolen from a UCSF School of Medicine employee on or about November 30. The university said Jan. 27 that it is in the process of alerting affected patients that their health information “is vulnerable to access as a result of the incident.” Information “potentially exposed” included name, medical record number, age and clinical information, but the stolen laptop did not contain any Social ... read more»

San Diego Looks To Take Lead In Cyber Security     (from 10News at 29-1-2010)     Companies, consumers and governments all take steps to ensure their computer data stays safe, but no one has ever collaborated on cyber security until now. Experts said cyber attacks increased 20 percent in 2009 to more than 55,000, and that is just the number the Department of Defense knows about. The problem of cyber security is what brought law enforcement, educators, government officials, businesses and Internet security professionals together for the first time in San Diego on Wednesday... read more»

Key NZ role in fighting cybercrime     (from nzherald at 28-1-2010)     While there have been no reports of New Zealand businesses or home PC users falling victim to the latest Trojan virus attack launched from China, local government IT security specialists have been keeping a close eye on the incident. New Zealand officials may also have helped out in the international efforts to curb the attack's impact on IT systems around the world.... read more»

8th Annual OffshoreAlert Financial Due Diligence Conference, 2-4 May 2010, Ritz-Carlton, South Beach in Florida     (from offshorealertconference at 28-1-2010)     Cutting-Edge Information, Actionable Intelligence, Unparalleled Networking All with an emphasis on Offshore Financial Centers ... * How to prevent and detect Serious Financial Crime. * How to Locate, Freeze and Seize the proceeds of fraud and other crimes. * How to Investigate and Gather Intelligence in offshore centers. * How to better understand Complex Financial Structures, Investments & Tax Issues. * How to Comply with existing – and sometimes conflicting – laws... read more»

Education, R&D Are Among White House Cyber Czar's Goals     (from Yahoo at 28-1-2010)     Educating Web users about risks, working better with other governments, and increasing federal support for cybersecurity research and development will be among the top priorities for the new U.S. White House cybersecurity director. Howard Schmidt, on the job for a week, said Wednesday that one of his goals is to create a national cybersecurity education campaign to help Web users protect themselves.... read more»

Cloud Computing Risk Assessment Methodology Available     (from Security-database at 28-1-2010)     ENISA -the European Network and Information Security Agency, working for the EU Institutions and Member States. ENISA is the EU’s response to security issues of the European Union. As such, it is the ’pacemaker’ for Information Security in Europe. The objective is to make ENISA’s web site the European ‘hub’ for exchange of information, best practices and knowledge in the field of Information Security. ENISA is carrying out a risk assessment of cloud computing with input from 30 experts from m... read more»

National Archives Breach Exposes D.C. Insiders' Data     (from eSecurity Planet at 28-1-2010)     A hard drive was either lost or stolen from processing room at the National Archives and Records Administration in College Park, Md., sometime between October 2008 and February 2009, putting at risk the personal information of more than 250,000 Clinton administration staffers, White House visitors and job applicants. The data, including at least 100,000 Social Security numbers, was placed on the Western Digital My Book external drive as part of a routine recopying process to ensure preservati... read more»

Cyber Attack Threat Keeps CEOs Up at Night     (from eSecurity Planet at 28-1-2010)     Cyber attacks like the high-profile Operation Aurora incident that targeted Google, Adobe Systems, and two dozen other U.S. companies are becoming the rule rather than the exception, according to a new survey commissioned by McAfee and the Center for Strategic and International Studies. More than half (54 percent) of 600 IT executives surveyed said their companies had already suffered a large-scale attack or stealthy infiltration from organized crime gangs, terrorists or nation-states, the re... read more»

Identity Theft Scams Revealed     (from yodzian at 28-1-2010)     There are so many new ways to steal and defraud consumers out of their money. You should be aware of new identity theft scams. After all, knowledge is your best protection. Here are a few scams that you should be aware of: The Credit Card Scam Alert Account Verification Emails The Nigerian 419 Scam The Canadian Lottery Free Credit Report Email Questionnaires... read more»

S.Korea heightens alert against cyberattacks     (from asiaone news at 28-1-2010)     South Korea's spy agency said Wednesday it had issued an alert against cyberattacks aimed at stealing data from government networks. The National Intelligence Service (NIS) did not say whether North Korea was responsible. Open Radio for North Korea, a Seoul-based group specialising in the North, said the latest attack was led by Pyongyang, which runs elite hacker units.... read more»

Facebook group chief claims identity theft by ‘cyber-troopers’     (from themalaysianinsider at 28-1-2010)     The person behind the Facebook group “We support the use of the name Allah by all Malaysians” has complained that “cyber-troopers” have been impersonating group administrators and making insinuations contrary to the group’s stand. The group was formed on the social networking website after the controversial Dec 31 High Court ruling that allowed Catholic weekly Herald to resume using the term “Allah” to describe the Christian God in its Bahasa Malaysia section.... read more»

Vietnam boosts its cyber-threat protection     (from upi at 28-1-2010)     The government will invest more than $42 million in the coming decade to protect sensitive information from an increasing cyber threat. The move is part of a far-reaching plan to raise the profile of the country's Internet technology sector, both in manufacturing of hardware and software development. It is also hoped the plan will show its commitment to combating cyberattacks that might originate in Vietnam, a criticism that has dogged the sector over recent years.... read more»

Lockheed Martin Offers New Cyber University     (from Bankinfosecurity at 28-1-2010)     Lockheed Martin's commitment to evolving cybersecurity talent and workforce development initiatives include the implementation of a cyber university that offers formalized training and certification programs to help employees become experts in cybersecurity career tracks, including: Cyber intelligence - forensics, incident response and fraud prevention specialists to defend and analyze attacks and Cyber engineering - architects, engineers responsible for building IT systems Traditional ... read more»

ICT 2010 - Why you should be there, Brussels Expo, 27-29 September 2010, Brussel, Belgium     (from Europa at 28-1-2010)     ICT 2010: Europe's most visible forum for ICT research and innovation. This biennial event has become a unique gathering point for researchers, business people, investors, and high level policy makers in the field of digital innovation. ICT 2010 will focus on policy priorities such as Europe's Digital Agenda and the next financial programme of the European Union for funding research and innovation in ICT. At ICT 2010: * latest research trends in information and communication technol... read more»

Report shows cyberattacks rampant; execs concerned     (from CNet at 28-1-2010)     Critical infrastructure networks around the world are subject to repeated cyberattacks from foreign governments and other high-level adversaries that can be damaging and costly, according to a report McAfee released Thursday. Attacks that lead to down time can cost more than $6 million per day, and more than $8 million at oil and gas companies, the report, "In the Crossfire--Critical Infrastructure in the Age of Cyberwar," found. Meanwhile, respondents said they worry about attacks on crit... read more»

Companies need more IT education to stop cyber crime     (from NetworkWorld at 28-1-2010)     The cases of information security breaches in UK are on the rise, according to an analysis of actual data compromise cases by computer security and forensics consulting firm 7Safe and the University of Bedfordshire. The company analysed data from more than 60 computer forensic investigations to prepare this report. The cases of security breaches have increased because businesses have begun to operate differently and now depend more on technology.... read more»

Will anything change?     (from Politico at 28-1-2010)     With the respectful clapping out of the way with and the post-game analysis all done, Republicans and Democrats on Capitol Hill are already retreating to their respective corners to plot the next round in the fight. Yet there are few signs that congressional leaders will heed President Obama’s State of the Union call for bipartisanship. House Republicans head to Baltimore today for a retreat to redouble their efforts to block the Obama agenda and mount their political comeback. Nancy Pel... read more»

Survey Finds Growing Fear of Cyberattacks     (from nytimes at 28-1-2010)     A survey of 600 computing and computer-security executives in 14 countries suggests that attacks on the Internet pose a growing threat to the energy and communication systems that underlie modern society. The findings, issued Thursday by the Center for Strategic and International Studies and the computer-security company McAfee, echoed alarms raised this month by Google after it experienced a wave of cyberattacks.... read more»

Police failing to take cyber crime seriously     (from v3.co.uk at 28-1-2010)     Cyber crime is not being treated properly or taken sufficiently seriously by the police, according to a new study from the University of Leicester. The study analysed the policing of the internet, and raised a number of concerns about police attitudes to the growing menace. Public Policing and Internet Crime, written by Professor Yvonne Jewkes of Leicester's Department of Criminology, highlighted a general unwillingness to investigate cyber crimes, and warned that even when they are invest... read more»

Spamming rises to 86 per cent of all emails: Websense news     (from domain-b at 28-1-2010)     The threat landscape from emails is growing more sophisticated. In a threat brief, web security firm Websense said that in December 2009 alone. A whopping 91.4 per cent of spam mails included an embedded URL.Websense says that ThreatSeeker anti virus stopped 55 thousand instances of 22 unique zero-day threats. 2.9 per cent of spam emails were phishing attacks. Zero day attack, refers to exploitation by viruses, trojans or spyware of unpatched software vulnerabilities or any new and prev... read more»

THE INSIDER: Gauteng local government stumped by hackers     (from businessday at 28-1-2010)     GAUTENG’s department of local government, and its MEC, Kgaogelo Lekgoro, must be wondering what they ever did to offend Chechen separatists, after the department’s website was defaced by hackers yesterday. Visitors to the site were confronted by an animated black flag and photographs of a child amputee and a Chechen fighter, along with the proud pronouncement that the site had been “Hacked By CeCeN Hack Team”. The hackers’ message was less then eloquent, though, reading roughly as follows:... read more»

How online card security fails     (from lightbluetouchpaper at 28-1-2010)     Online transactions with credit cards or debit cards are increasingly verified using the 3D Secure system, which is branded as “Verified by VISA” and “MasterCard SecureCode”. This is now the most widely-used single sign-on scheme ever, with over 200 million cardholders registered. It’s getting hard to shop online without being forced to use it. In a paper I’m presenting today at Financial Cryptography, Steven Murdoch and I analyse 3D Secure. From the engineering point of view, it does just ab... read more»

Cost Of Data Breaches Increased In 2009, Study Says     (from DarkReading at 28-1-2010)     The cost of data breaches continues to rise, and malicious attacks accounted for more of them in 2009 than in previous years, according to a study published today. In conjunction with study sponsor PGP Corp., Ponemon Institute today released the results of its fifth annual "U.S. Cost of a Data Breach" report. The news isn't good, according to the research firm's founder, Larry Ponemon. "Each year, I expect the breach cost figures to decrease, but the numbers are still rising," Ponemon says... read more»

Leading voice encryption programs hacked in minutes     (from TechWorld at 28-1-2010)     Most voice encryption systems can be tapped in minutes by installing a voice-recording Trojan on the target computer, a security researcher has confirmed after testing a range of well-known products. Although this type of attack has been known about for some time, the scale of the issue uncovered by researcher ‘Notrax' is still surprising. In all, the unnamed engineer was able to intercept calls made using twelve popular encryption programs and hardware systems using an easily available $100 ... read more»

Australia's net censorship plan     (from Stuff at 28-1-2010)     Australia is about to move to the small town of censor-ville. Their neighbours? Iran, China and Saudi Arabia. The most alarming thing for me about their plans for centralised internet filtering is that the list of sites they censor is to remain a secret. Well, that and the fact that it sets a dangerous precedent for us. New Zealand often looks across the ditch to compare policies and laws.... read more»

Report: Flawed Apps Increasingly Under the DDoS Gun     (from CSOonline at 28-1-2010)     A report from the CYBER SECURITY Forum Initiative (CSFI) offers further evidence that botnet herders are getting a bigger bang out of distributed denial-of-service (DDoS) attacks by targeting security holes at layer 7, more commonly known as the application layer. A paper on the findings, L7DA (Layer 7 DOS Attack) Report v1.0, was passed along to CSOonline by Paul de Souza, a Chicago-based security analyst and founder of CSFI, a group of IT security practitioners who volunteer their guidance ... read more»

Ponemon Study Shows the Cost of a Data Breach Continues to Increase     (from Yahoo Finance at 28-1-2010)     PGP Corporation, a global leader in enterprise data protection, and the Ponemon Institute, a privacy and information management research firm, today announced results of the fifth annual U.S. Cost of a Data Breach Study. According to the study, data breach incidents cost U.S. companies $204 per compromised customer record in 2009, compared to $202 in 2008. Despite an overall drop in the number of reported breaches (498 in 2009 vs. 657 in 2008 according to the Identity Theft Resource Center), the... read more»

Digital fingerprints to identify hackers     (from Help Net Security at 28-1-2010)     How can you retaliate against a cyber attacker if you don't know who he is? As we have witnessed lately, attribution of an attack is quickly becoming one of the biggest problems that the US defense and cyber security community are facing at the moment.... read more»

Chained Exploits - To catch a hacker, you must think like a hacker     (from Informit at 28-1-2010)     To catch a hacker, you must think like a hacker. Security expert Andrew Whitaker explains the hacker mentality and points out how hackers combine multiple exploits to achieve their goals. Andrew is the lead author of Chained Exploits: Advanced Hacking Attacks from Start to Finish, which teaches how attackers chain together attacks. Nothing makes you worry more about your job security then when the network that you're paid to secure gets hacked. You work tirelessly to ensure that systems are p... read more»

Obama Cyber Czar Digs in For Long Haul     (from esecurityplanet at 28-1-2010)     Barely one month into the job, Howard Schmidt is getting an idea of just how big a task he has ahead of him. Schmidt, whom President Obama tapped late last year to serve as the administration's senior director for cybersecurity, today laid out an ambitious agenda for revamping the government's approach to shoring up the country's digital infrastructure. For the seven months that the position remained unfilled, observers opined about the difficulty the individual selected would encounter in... read more»

Spam, Tequiza, and Total Information Awareness     (from Wired at 28-1-2010)     In 2004, when journalist Shane Harris first shook hands with retired admiral John Poindexter, he thought he was meeting an “evil genius.” After all, Poindexter was the architect of Total Information Awareness, the infamous antiterrorism program that aimed to collect as much data as possible — emails, credit card statements, even veterinarian bills — about absolutely everyone. But as Harris got to know Poindexter — hanging out on his boat, sharing lunches of Spam and Tequiza, and trading docum... read more»

HIMSS 2010: Healthcare Information Management Systems Society Annual Conference     (from himssconference at 28-1-2010)     All new members and first-time attendees are invited to attend one of two orientation sessions designed to answer every question and resolve every concern about the myriad of offerings at the Annual HIMSS Conference. Staff and speakers will be on-hand to offer valuable tips for making the most out of the conference.... read more»

.edu sites being targeted in SEO poisoning     (from SunbeltBlog at 28-1-2010)     Malicious operators are increasing their attacks on .edu sites so they can use them in search engine optimization (SEO) poisoning schemes. The .edu sites are given higher rankings by search engines because they are expected to have more reliable information. A researcher at SecTheory security firm who was investigating SEO poisoning said he found a surprising number of hacked .edu sites with the Google searches: inurl:.edu viagra inurl:.edu cialis inurl:.edu phentermine... read more»

Umm…TechCrunch? Defacement Two in 24 Hours     (from praetorianprefect at 28-1-2010)     Less than 24 hours from the last web site defacement, TechCrunch has been defaced again early this morning by the same cracker(s) responsible for yesterday’s attack. Whatever preventative measures were taken yesterday (WordPress upgrade, HTTP authentication for wp-admin) have not blocked the attacker’s access to modify TechCrunch’s content, as this morning the attacker left a profane message on top of the homepage for Michael Arrington as well as a few media outlets like Yahoo and the BBC. A... read more»

Amateur CCTV sleuth site probed by privacy watchdog     (from The Register at 28-1-2010)     A new website that would let internet users monitor CCTV cameras online has hit trouble before launch, with the data protection watchdog suggesting the idea could be illegal. Internet Eyes, based in Stratford-upon-Avon, plans to charge businesses £20 per month to have their security camera feeds monitored by its members, who would text in if they spot something suspicious. The amateur sentries would then be entered into a crime-fighting league to compete for a monthly £1,000 cash prize.... read more»

Nigerian parliament to tackle cyber crime     (from National Cyber Security at 28-1-2010)     Nigerian parliament is determined to rid the West African country of the menace of cyber crime that has become a global concern, the country’s Senate Committee on Communication has said. The parliament plans to galvanize its machinery to update its cyber crime and cyber security strategies with to ensure that Nigeria becomes a cyber crime-free zone.... read more»

OAS working group issues recommendations on cybercrime     (from National Cyber Security at 28-1-2010)     An Organization of American States (OAS) Working Group of international experts has issued a series of recommendations on how countries in the Americas may improve cooperation to strengthen their fight against cybercrime after meeting recently at the OAS. The recommendations, which seek to strengthen cooperation between countries of the Americas to prevent, investigate, prosecute and punish cybercrime, are to be evaluated during an upcoming high-level OAS meeting of governments in Brazil.... read more»

Scientists in stolen e-mail scandal hid climate data     (from Times Online at 28-1-2010)     The university at the centre of the climate change row over stolen e-mails broke the law by refusing to hand over its raw data for public scrutiny. The University of East Anglia breached the Freedom of Information Act by refusing to comply with requests for data concerning claims by its scientists that man-made emissions were causing global warming.... read more»

The Rise of Point-and-Click Botnets     (from KrebsonSecurity at 28-1-2010)     The graphic above is from a report out today by Team Cymru, a group that monitors studies online attacks and other badness in the underground economy. It suggests an increasing divergence in the way criminals are managing botnets, those large amalgamations of hacked PCs that are used for everything from snarfing up passwords to relaying spam and anonymizing traffic for the bad guys, to knocking the targeted host or Web site offline.... read more»

In cybersecurity, our greatest enemy may be     (from National Cyber Security at 28-1-2010)     When it comes to cybersecurity, we are constantly reminded of the threats posed by external adversaries, or about the inadvertent problems we sometimes cause because of our own lax practices. But what if the greatest damage comes from a deliberately designed weakness? As security guru Bruce Schneier points out in a recent opinion piece for CNN, the recent and widely publicized hack of Google sites by the Chinese was due to a “back door” that Google itself built into its systems to comply... read more»

Facebook 'Un Named App' scare leads to malware     (from TrendMicro at 28-1-2010)     A few minutes ago I noticed that a friend of mine had posted the following status to her Facebook profile. Of course this got my bat senses tingling and I smelled a panic-inducing spiral of insanity brewing, so I thought I’d have a bit of a look around. Nothing to worry about here as far as your Facebook is concerned, this does not appear to be a genuine malicious app. In fact a thread on Yahoo answers appears to demonstrate in a reproducible fashion that “Un named App” is nothing more than y... read more»

CyberSpeak January 24, 2010     (from cyberspeak at 28-1-2010)     This week on CyberSpeak, Bret or Ovie are both regretful that they are not going to the DoD CyberCrime Conference. CyberSpeak is not on STITCHER. Now you can listen to the latest show, on demand from your cell phone. You can also go directly there by going to this link http://stitcher.com/listen.php?fid=11119 Bret and Ovie briefly discuss Apple's big announcement, everyone is thinking it is the ipad/slate.... read more»

Second man admits involvement in Scientology DDoS attack     (from Sophos at 28-1-2010)     A second man has admitted his role in a distributed denial-of-service attack (DDoS) against websites belonging to the highly controversial Scientology organisation that struck the sites in January 2008. According to media reports, 20-year-old Brian Thomas Mettenbrink of Nebraska has signed a plea agreement confirming that he downloaded software from an anti-Scientology web forum with the intention of inflicting damage on Scientology's online presence.... read more»

IE 0-Day on GOV.CN     (from zscaler at 28-1-2010)     A few days back, there was a post on a forum about malware warnings displayed when visiting: www[dot]latax[dot]gov[dot]cn http://2.bp.blogspot.com/_TIeEMQaNHSw/S13jAk6seaI/AAAAAAAAAEs/ mFa_sg2LWNo/s1600-h/Screen+shot+2010-01-25+at+1.27.39+PM.png Upon analysis of the page, it appears that this GOV.CN page is hosting a page exploiting the Internet Explorer 0-day vulnerability (CVE-2010-0249). The same vulnerability exploited to compromise Google, Adobe, and other vendors in an attack dubbed... read more»

We're sorry - Telecom boss apologises for XT blackout     (from New Zealand Herald at 28-1-2010)     Paul Reynolds, the head of Telecom, has been forced to apologise to customers after an outage on its XT network extended into a second day, sending shares down 0.7 per cent to $2.42 in trading today. The CEO of the country's largest phone company was forced to apologise after the second major outage on the XT network in as many months hampered thousands of customers' mobile phone services south of Taupo yesterday. The problem has continued to affect some 10,000 people in the South Island toda... read more»

UCSF says laptop with 4,400 patient records stolen, then recovered     (from San Francisco Business Times at 28-1-2010)     UC San Francisco said Wednesday that a laptop containing files with information on 4,400 patients was stolen from a UCSF School of Medicine employee on or about November 30. The university said Jan. 27 that it is in the process of alerting affected patients that their health information “is vulnerable to access as a result of the incident.” Information “potentially exposed” included name, medical record number, age and clinical information, but the stolen laptop did not contain any Social Sec... read more»

Google May Keep Some Chinese Operations     (from Fox News at 28-1-2010)     Google has been threatening to close its search engine in China. But that may not necessarily mean it will no longer exist in the world's most populous Internet market. Google is in talks with the Chinese government to keep its research center in China. It also seeks to maintain an advertising sales team that generates most of the company's revenue in the country and a fledgling mobile phone business.... read more»

My School site crashes one hour after launch     (from Computer World at 28-1-2010)     The Federal Government's My School website has been brought to its knees by users swarming to the site an hour after its launch. The backend search component of the site is said to have been overwhelmed at around 2.30am. Australian Curriculum, Assessment and Reporting Authority (ACARA) chair, Barry McGaw, said the problem was exacerbated as traffic surged at around 6am."There were initial problems with loading pages...the situation is now improving and we are working to ensure this continues ... read more»

Guilty Plea in ‘Anonymous’ DDoS Scientology Attack     (from Wired at 28-1-2010)     A Nebraska man is pleading guilty in federal court to a computer-disruption charge for his role in the 2008 distributed denial-of-service attack that temporarily shuttered Church of Scientology websites, the authorities said Tuesday. Los Angeles federal prosecutors said Brian Thomas Mettenbrink, 20, signed a plea agreement Friday admitting his role in the January 2008 attack –- bringing to two the number of defendants convicted in Anonymous’ attack on Scientology. Next week, Mettenbrink is ex... read more»

Google Prevented From Using Australian Aboriginal Flag Because It's Covered By Copyright     (from Techdirt at 28-1-2010)     A whole bunch of folks have been sending in the news of Google needing to edit out the Aboriginal flag that was originally a part of an Australia Day Google logo. Google had apparently run a contest for a logo and an 11-year-old girl had won, after designing the logo, using various animals native to Australia, with the Aboriginal flag behind one of the "O"s. But when the logo went up on the site, it was missing the flag. It wasn't a case of Google being insensitive.... read more»

UK e-tailers losing £400,000 a year in fraud     (from v3 at 28-1-2010)     UK merchants believe that online fraud is their number one threat, and each has racked up an average £400,000 a year in resulting losses, according to the sixth annual Online Fraud Report from payments provider Cybersource released today. The firm found that 1.6 per cent of orders proved to be fraudulent, and that merchants lost an average of 1.8 per cent of online revenue to payment fraud in 2009.... read more»

Infamous iPhone hacker says he's hacked the PS3     (from NetworkWorld at 28-1-2010)     Last week, hacker George Hotz blogged that he had hacked the PlayStation 3. He spoke with the BBC on Monday announcing his exploits -- and today, he's releasing the exploit to the public. "In the interest of openness, I've decided to release the exploit," Hotz wrote on his blog. "Hopefully, this will ignite the PS3 scene, and you will organize and figure out how to use this to do practical things, like the iPhone when jailbreaks were first released. I have a life to get back to and can't keep... read more»

Man sentenced in credit card scam orchestrated behind prison bars     (from latimesblogs at 27-1-2010)     A man who pleaded guilty to orchestrating a bank fraud scheme from behind bars in a California state prison was sentenced today to eight years in federal custody, authorities said. Morocco Curry, 37, also known as Monica Dupree, was serving a three-year sentence at Centinela prison in Imperial after pleading guilty to bank fraud and identity theft charges in state court, according to the U.S. attorney's office in Los Angeles.... read more»

Hospital laptop stolen, putting patient info at risk     (from abclocal at 27-1-2010)     The theft of a laptop computer from a medical office has put hundreds of people at a greater risk of identity theft. On Friday, the Methodist Hospital notified 689 people that someone stole a laptop from an office at the Smith Tower in the Texas Medical Center. Hospital spokeswoman Stephanie Acin told Eyewitness News a thief took the laptop on January 18. The computer was attached to a medical device that tests pulmonary function and contained private health information and Social Security nu... read more»

Julius Baer whistleblower to 'Tell-All' at OffshoreAlert Conference     (from offshorealertconference at 27-1-2010)     Former offshore private banker Rudolf Elmer will 'tell-all' about his experiences as a Bank Julius Baer whistleblower in an appearance at this year's OffshoreAlert conference in May. Elmer has agreed to talk openly and frankly about what he believes is the bank's complicity in global tax evasion by its clients and go into the reasons that made him offer client-records to the world's tax authorities. "Whistleblowing should not be a money-making business but, today, it has to be because... read more»

Hackers Take Iran's Civil War Online     (from themedialine at 27-1-2010)     Reformists set up computer hacking team to counter Iran's Cyber Army. Iran's civil war began in June at the ballot box. Then it spread to the streets as reformists accused the Islamic republic's administration of rigging the results. Soon the civil war was being fought in online social media outlets, with debate over Iran's future filling tens of thousands of blogs and twitter pages for months.... read more»

McAfee boss calls for global cyber-crime body     (from ChannelWeb at 27-1-2010)     McAfee’s chief executive is calling for the formation of a global framework to fight the growing spectre of cyber-crime. Dave DeWalt stopped off briefly in London today on his way out to the World Economic Forum in Davos, where he will give a keynote on the need to protect critical infrastructure.... read more»

China lashes out at Google     (from TGDaily at 27-1-2010)     The Chinese are no longer playing a game of whispers when it comes to mouthing off about Google’s smackdown two weeks ago, with the country’s media now openly dissing the Internet giant, and the US government too for good measure. It seems that Hilary Clinton touched something of nerve behind the bamboo curtain when she openly defended Google’s threat to shut down its Chinese portal and pull out from behind the bamboo curtain unless the relentless hacking and Internet censorship demands cease... read more»

UK government launches £125m Environmental Innovation Fund     (from BusinessGreen at 27-1-2010)     The government has today formally launched the UK Innovation Investment Fund (UKIIF), with the first closing of a new £125m fund for investing in cutting-edge environmental technologies. The UKIIF was announced last June and was followed by the appointment of Hermes Private Equity and the European Investment Fund as managers for two new funds, one focusing on low carbon technologies and the other addressing life sciences, low carbon, digital technology and advanced manufacturing.... read more»

Gates describes China web censorship as 'limited'     (from v3 at 27-1-2010)     Former Microsoft chief executive Bill Gates has used an interview on US television to explain why he decided to start using Twitter, and to throw his hat into the Google/China debate. Gates said in an interview with Good Morning America that the Chinese government censors the internet only in a "limited" way, and that companies operating in the region must decide whether they want to do business in countries where the laws are different to their own. Gates did not mention Google by name.... read more»

Internet companies voice alarm over Italian law     (from workstations at 27-1-2010)     Internet companies and civil liberty groups have voiced alarm over a proposed Italian law which would make online service providers responsible for their audiovisual content and copyright infringements by users. The draft, due to be approved next month, would make Internet Service Providers (ISPs) like Fastweb and Telecom Italia, and Web sites like Google's YouTube, responsible for monitoring TV content on their pages, industry experts say.... read more»

Security breaches fall, but cost per incident rises     (from v3 at 27-1-2010)     The number of corporate security breaches fell last year, but the cost of each incident is on the up, according to a new study by the Ponemon Institute. The study of attacks in 15 different industries found that the average per-incident cost of a security breach was $6.75m (£4.16m) in 2009, compared to $6.65m (£4.1m) in 2008.... read more»

National Archives Warns Former Clinton Staff, Visitors of Major Data Breach     (from FOXNews at 27-1-2010)     Personal information for 250,000 Clinton administration staff and White House visitors sent to the National Archives was compromised after a computer hard drive containing confidential material disappeared nearly a year ago, RollCall.com reported Wednesday. The National Archives and Record Administration sent letters to former White House staff members and visitors during the Clinton era, informing them of the data breach and warning that highly sensitive information, like Social Security num... read more»

Phishing threat a growing worry     (from asiaone at 27-1-2010)     NINE out of 10 consumers in Singapore fear the safety of personal information stored on social networking websites, according to a survey by security firm RSA released last week. Singapore topped the 22 countries surveyed, with 91 per cent of users 'concerned' about personal information being accessed or stolen on social networking websites - significantly higher than the worldwide average of 70 per cent. And 81 per cent of Singapore users - also highest among the countries surveyed - said th... read more»

Canada needs cyber security czar: CATA Alliance     (from NetworkWorld at 27-1-2010)     U.S. president Obama's appointment last December of a cyber security co-ordinator should be mirrored by the Canadian government if it wants to raise awareness of cyber security and leverage the security expertise that exists in Canada, according to the Canadian Advanced Technology Alliance (CATA Alliance).... read more»

TechCrunch hacked twice in 24 hours     (from ComputerWeekly at 27-1-2010)     Technology website TechCrunch has been hacked for the second time in 24 hours. The website, which is back up and running for a second time, said the main site in the TechCrunch Network - techcrunch.com - was hacked and redirected on late on Monday, was up briefly half an hour later, but went down again. "The site is back up and appears to be stable. At this point we are still gathering information on how the site was compromised and will update this post with additional information," a pos... read more»

U.S. Businesses Face Increasing Threats From Chinese Cyber Attacks     (from Insurance Journal at 27-1-2010)     U.S. businesses and government agencies are facing increasing risks of potential cyber attacks from China, according to a recent report. And IT departments that react defensively to such attacks may not be doing enough to prevent a “long term, sophisticated computer network exploitation campaign” by the Chinese military, warns the “Report on the Capability of the People’s Republic of China to Conduct Cyber Warfare and Computer Network Exploitation.”... read more»

MPs probe Climategate - If you can't stand the heat     (from The Register at 27-1-2010)     The UK Parliament will examine the 'Climategate' affair, probing issues raised by the public release of source code and correspondence from the University of East Anglia's Climatic Research Unit (CRU). It sounds like the enquiry may have teeth. MPs will:Examine the hacked email exchanges, other relevant email exchanges and any other information held at CRU to determine whether there is any evidence of the manipulation or suppression of data which is at odds with acceptable scientific practice... read more»

The DoD's very cloudy thinking over Gmail     (from The Register at 27-1-2010)     In the wake of the Google vs. China dustup, we’re starting to see some discussion of the greater implications for computing, both in general and the cloudy Google way. The fact that some Gmail accounts were accessed by hackers looking for dissidents raises some questions about the security of Gmail specifically and the entire cloud model as well.... read more»

TechCrunch blog hit by hackers on the day before the Apple launch     (from scmagazineuk at 27-1-2010)     The TechCrunch website is back online after being hacked early this morning. At approximately 6:20am GMT, the website was replaced with a message that stated: 'What a f***ing useless hack isn't it? Bleh'. A link was also given that connected to a site that contained links to adult material.The hack did not last long however.... read more»

Malware research group spins off from Harvard     (from Yahoo News at 27-1-2010)     A research organization that tries to warn computer users about programs that do sneaky things on their computers has spun off from Harvard University. StopBadware says it will operate as a standalone nonprofit with funding from Google Inc., eBay Inc.'s PayPal and Mozilla, which makes the Firefox Web browser. It was initially set up as part of Harvard's Berkman Center for Internet & Society.... read more»

Companies get proactive as data breach costs continue to rise     (from ZDNet at 27-1-2010)     What’s the real cost of a data breach? After all, when someone hacks into your data, there are of lot of hidden costs that go beyond plugging the hole in the data file. Customers might jump ship if they feel their data is not safe with you. Employees will need training and education on how to protect data in the future. And you might be forced to cough up money for technologies that protect the data in the event of another attack. The Poneman Institute today released its annual study, called ... read more»

Principals rally troops to combat new website     (from The Sydney Morning Herald at 27-1-2010)     Principals will enlist parents and former students to counter any negative publicity stemming from the launch of the My School website tomorrow.The website will list information about all Australian schools, including national literacy and numeracy tests, and could identify teachers. Profiles for almost 10,000 schools will be listed, allowing parents to compare schools in their area as well as statistically similar schools in other regions.... read more»

Episode 35 of the Who and Why Show: News Feed     (from YouTube at 27-1-2010)     In the 35th episode of Team Cymru's 'The Who and Why Show', we're joined by Arjen de Landgraaf to talk about the Team Cymru News Feed: how it's done and what folks are talking about in our community, plus a little regarding plans for the future.... read more»

Man to plead guilty in Scientology cyber attacks     (from CNN at 27-1-2010)     A Nebraska man is expected to plead guilty next week to launching a cyber attack that shut down the Church of Scientology's Web sites, federal prosecutors said Monday. Brian Thomas Mettenbrink, 20, of Grand Island, Nebraska, was accused of participating in an attack orchestrated by a group that called itself "Anonymous."... read more»

Russians Get 'Gold Medal' for Cyber Fraud     (from themoscowtimes at 27-1-2010)     Russian hackers get a “gold medal” for fraud, but their Chinese counterparts carried out more than half of all the cybercrimes committed last year, according to Kaspersky Lab, Russia’s largest antivirus software developer. About 52 percent of the 73 million attacks on the World Wide Web that Kaspersky recorded last year originated in China, the Moscow-based company said in its annual security report Tuesday.... read more»

2020 vision: 10 things you'll see on the Web in the next 10 years     (from Government Computer News at 27-1-2010)     During the past 10 years, federal agencies have made significant progress with their Web sites and the way they use the Internet for daily business. A decade ago, many agencies were still transitioning from simple online “brochure-ware” toward real e-commerce and data sharing. In contrast, most major federal agencies now offer a variety of online databases and ways to electronically file requests and license applications, and most can accept online payments.... read more»

Pentagon Searches for ‘Digital DNA’ to Identify Hackers     (from Wired at 27-1-2010)     One of the trickiest problems in cyber security is trying to figure who’s really behind an attack. Darpa, the Pentagon agency that created the Internet, is trying to fix that, with a new effort to develop the “cyber equivalent of fingerprints or DNA” that can identify even the best-cloaked hackers. The recent malware hit on Google and other U.S. tech firms showed once again just how hard it is to pin a network strike on a particular person or group. Engineers are pretty sure the attack came f... read more»

Q4'09 web-based malware data and trends     (from Dasient at 27-1-2010)     The data in this post is drawn primarily from Dasient's proprietary malware analysis platform, which gathers data on web-based malware attacks from across the web, and in the last year has been used to help tens of thousands of site owners address their web-based malware issues. As we reported last quarter, the way malware is being distributed is undergoing a fundamental shift, with more attackers focusing on "drive-by downloads" from legitimate sites that have been compromised, or from sites... read more»

4 Arrested In Alleged Plot To Wiretap Senator's Office     (from NPR at 27-1-2010)     A conservative activist who posed as a pimp to target the community-organizing group ACORN and the son of a federal prosecutor were among four people arrested by the FBI and accused of trying to interfere with phones at Louisiana Sen. Mary Landrieu's office. Activist James O'Keefe, 25, was in the Democrat's New Orleans office Monday when Robert Flanagan and Joseph Basel, both 24, showed up claiming to be telephone repairmen, U.S. Attorney Jim Letten's office said Tuesday. Letten says O'Keefe ... read more»

Websites fade to black in censorship protest     (from The Sydney Morning Herald at 27-1-2010)     Hundreds of websites joined an Australia Day "internet blackout" today to protest against the Government's web censorship agenda, but even the internet industry body believes it will do little to lessen the Government's resolve. The Greens, Democrats and ISP iiNet are among the organisations that pledged to fade their websites to black today and provide visitors with information about the Government's censorship plans. The blackout is expected to last until Friday.... read more»

Trust in the Information Society, 10 - 11 February 2010, Auditorio of León, Spain     (from trustworthyict at 27-1-2010)     Trust in the Information Society is a conference focused on e-trust and on how the Information Communication Technology (ICT) can be a generator of trust or can be adapted and used to generate e-trust. The Advisory Board of Research and Innovation for Security, Privacy and Trustworthiness in the Information Society – RISEPTIS – published in its latest report a set of conclusions that form the core of the event concerning trust in the Information Society. Derived from this report a set of fund... read more»

OWASP Belgium Local Chapter, February 1th, 2010, Brussels, Belgium     (from Owasp at 27-1-2010)     MOBILE MALWARE NOW AND IN THE FUTURE (by Mikko Hypponen, Chief Research Officer at F-Secure Corp) Presentation + discussion: - Mobile Platforms - Situation 2005-2009 - Current threats - Case: The Ikee / Duh botnet on jailbroken iPhones - Case: Android banking trojans - Future scenarios - How to fight content security problems in mobile world?... read more»

The Top 10 Things To Do While Under DDoS Attack     (from blyon at 27-1-2010)     1. Don’t Panic 2. Create a contact list of external email addresses and phone numbers. 3. Setup a “War Room” 4. Get one of your guys to the colo ASAP 5. Find an old hub 6. Understand the nature of the attack 7. Document everything 8. Call your ISP 9. Setup “We are down” web hosting services 10. Learn from the event... read more»

Data Breach Costs Surge in 2009: Study     (from eSecurity Planet at 27-1-2010)     ata breach incidents cost companies an average of $6.75 million each time, according to a new study released by security researcher The Ponemon Institute and PGP Corp., an e-mail and data encryption security software developer. And while the study found that the total number of reported data breaches declined from 657 incidents in 2008 to 498 last year, the average cost inched up from $202 to $204 per customers record.... read more»

The Next HOPE, July 16-18, 2010, Hotel Pennsylvania, New York City, USA     (from The Next Hope at 26-1-2010)     2600 Magazine presents The Next HOPE, the eighth conference in the 16 year history of the Hackers On Planet Earth series. It will happen at the Hotel Pennsylvania in the middle of New York City from July 16-18, 2010, and will be the largest creative technology conference on the U.S. East Coast. This call for speakers goes out to hackers, makers, technologists, artists, and free thinkers around the world. Come share your passions and ideas with 3,000+ of your soon-to-be closest friends. Thi... read more»

TechCrunch hacked, site says 'We'll be back soon'     (from DarkReading at 26-1-2010)     The immensely popular blog TechCrunch has been compromised by hackers who posted an offensive message on its homepage. The message was followed by a link to a website containing links to adult material. The TechCrunch site is currently showing a message, presumably from its administrators who I imagine are feverishly trying to restore the site to its proper secure state, saying "We'll be back soon".... read more»

More money lost through online fraud     (from itpro at 26-1-2010)     The latest annual UK online fraud report from CyberSource has shown stable numbers when it comes to the amount of fraudulent transactions e-merchants face. But the value of such losses is on the rise. While the percentage of money lost through fraudulent transactions has stayed the same, the increase in consumers buying online has led to large losses in the retail industry.... read more»

Survey: Data breaches cost £126 per customer record     (from ComputerWorldUk at 26-1-2010)     The cost of a data breach rose last year to $204 (£126) per customer record, according to the Ponemon Institute. The average total cost of a data breach rose from $6.65 million (£4.1 million) in 2008 to $6.75 million (£4.17million) in 2009. Ponemon Institute based its estimates on data from 45 companies that publicly acknowledged a breach of sensitive customer data last year and were willing to discuss it.... read more»

Report: Attackers sent Google workers IMs from 'friends'     (from CNet at 26-1-2010)     People behind the China-based online attacks of Google and other companies looked up key employees on social networks and contacted them pretending to be their friends to get the workers to click on links leading to malware, according to a published report on Monday. "The most significant discovery is that the attackers had selected employees at the companies with access to proprietary data, then learnt who their friends were," the Financial Times reported. "The hackers compromised the social... read more»

Cybercrime increasing faster than company defenses     (from Net-Security at 26-1-2010)     Cybercrime threats posed to targeted organizations are increasing faster than many organizations can combat them. Moreover, a new survey suggests the threat of cybercrime is heightened by current security models that are only minimally effective against cyber criminals. More than 500 respondents, including business and government executives, professionals and consultants, participated in the survey. The survey is a cooperative effort of CSO, the U.S. Secret Service, Software Engineering Insti... read more»

Data breach costs increase     (from Net-Security at 26-1-2010)     The 2009 Ponemon Institute benchmark study examines the costs incurred by 45 organizations after experiencing a data breach. Results were not hypothetical responses; they represent cost estimates for activities resulting from actual data loss incidents. Breaches included in the survey ranged from approximately 5,000 records to more than 101,000 records from 15 different industry sectors.... read more»

New spam campaigns see sustained levels in the New Year     (from scmagazineuk at 26-1-2010)     Spammers have launched new campaigns in January to sustain the high levels of spam experienced towards the end of 2009. According to the January 2010 MessageLabs Intelligence Report, spam related to the New Year accounted for 7.7 per cent of all spam on a single day. More than 50 per cent of New Year related spam was sent by the Grum and Cutwail botnets combined.... read more»

Once impenetrable PS3 cracked wide open     (from The Register at 26-1-2010)     The first hacker to successfully jailbreak the iPhone says he has pulled off yet another modding marvel, this time penetrating the previously impervious PlayStation 3 gaming console. The hack by 20-year-old George Hotz, aka geohot, is significant because the PS3 was the only game console that hadn't been hacked, despite being on the market for more than three years. The feat greatly expands the functionality of the box by allowing it to run unrestricted versions of Linux and a wide range of g... read more»

Consumer Awareness Of Online Threats Is Up, Study Says     (from DarkReading at 26-1-2010)     Consumers are becoming increasingly concerned about the safety of their data online, according to a study published last week. In a study of more than 4,500 consumers conducted by InfoSurv and sponsored by RSA, researchers found that consumer awareness of phishing attacks has doubled between 2007 and 2009. The number of consumers who reported falling prey to this attack increased six times during that same time period.... read more»

NASA Research Center Website Compromised     (from Softpedia at 26-1-2010)     The website of the Center for Aerosol Research at NASA's Goddard Space Flight Center has been taken offline after a grey hat hacker demoed an attack on its database. The SQL injection exploitation had to be performed manually and was unusually hard to pull off, according to the attacker. "I want to say that it was very hard to make this injection… The webserver had good protection but wasn’t fully secured," TinKode, a Romanian self-confessed grey hat hacker, writes on his blog. "This kind onl... read more»

What Google Attacks Can Teach the Enterprise     (from PCWorld at 26-1-2010)     The cyberattacks against Google and more than 30 other technology companies by adversaries operating out of China highlights what some call the Advanced Persistent Threat (APT) confronting a growing number of U.S commercial entities. The term has been used for some time in government and military domains to describe targeted cyberattacks carried out by highly organized state-sponsored groups with deep technical skills and computing resources.... read more»

Report: Companies unprepared for cybercrime     (from CNet at 26-1-2010)     Many organizations are focused on stopping random hackers and blocking pornography when they should be concerned with bigger threats from professional cybercriminals, according to a new cybersecurity report. In a survey conducted last year of 523 IT and security managers, top-level executives, and law enforcement personnel, hackers were rated the biggest threat, followed by insiders and foreign entities--probably because hackers are the "noisiest and easiest to detect," the 2010 CyberSecurity... read more»

Cyberattack threat to US groups     (from financial time at 26-1-2010)     After the Chinese cyber-attacks on Google and other western groups, companies are realising they are not equipped to defend against assaults that have the support of governments. US financial institutions, manufacturers and service providers are conferring with experts and coming to terms with the likelihood they too have been compromised without knowing it.... read more»

Stop 11 Hidden Security Threats     (from ComputerWorld at 26-1-2010)     Do you know how to guard against scareware? How about Trojan horse text messages? Or social network data harvesting? Malicious hackers are a resourceful bunch, and their methods continually evolve to target the ways we use our computers now. New attack techniques allow bad guys to stay one step ahead of security software and to get the better of even cautious and well-informed PC users. Don't let that happen to you. Read on for descriptions of 11 of the most recent and most malignant security... read more»

Comment: Cybercrime - Still a growth industry?     (from Infosecurity-Magazine at 25-1-2010)     Create accountability – realise that the problem is large and multi-disciplinary; addressing it successfully requires a co-ordinated response from professionals in many departments including legal, IT, security, brand and product management, or online commerce business units. Make sure your company is clear about who needs to be involved and who will lead the effort. Put the problem into perspective – think clearly through the costs associated with online brand abuse for your company – they’r... read more»

India Offers Google More Hospitable Asian Home     (from Korea Times at 25-1-2010)     Indian information technology firms are anticipating sizeable commercial gains if Google Inc. makes good on its threat to pull out of China, eschewing more than $300 million in annual revenues and disbanding its 700 employees there. The giant U.S.-based Internet search giant, with $22 billion in 2008 annual revenue, made the threat after spectacular reports that the Chinese government had hacked personal data of its clients and sought information on dissidents. Google has also long been frust... read more»

India blamed China for RAW generated cyber terrorism     (from The Daily Mail News at 25-1-2010)     Everyone must have gone through India’s latest claim, blaming China for hacking it’s various websites and secret data. But what some might have forgotten and let me remind you of it, it was in fact early 2009 that the news got lose of China tapping into classified documents from government and private organizations in 103 countries, including the computers of Pakistan. The same moment, Conficker Worm threat got out too, set to bite computers on April Fools’ Day. The latter proved to be a hoa... read more»

Google cyberattacks stoke fears of stealth hackers     (from The Seattle Times at 25-1-2010)     The crown jewels of Google, Cisco Systems, Microsoft or any other technology company are the millions of lines of programming instructions, known as source code, that make its products run. If hackers could steal those key instructions and copy them, they could dull the companies' competitive edge in the marketplace. More insidiously, if attackers were able to make subtle, undetected changes to that code, they could essentially give themselves secret access to everything the company and its c... read more»

Chinese Human Rights Sites Hit by DDoS Attack     (from PC World at 25-1-2010)     Five Web sites run by Chinese human rights activists were attacked by hackers over the weekend, as a separate row continued between Google and China over political cyberattacks. The Web site of Chinese Human Rights Defenders, an advocacy group, was hit by a distributed denial of service (DDoS) attack that lasted 16 hours starting Saturday afternoon, the group said in an e-mailed statement on Monday. A DDoS attack involves the attacker ordering a legion of compromised computers all to visit a ... read more»

London DEFCON January meet - DC4420 - Wed 27th Jan 2010     (from Major Malfunction at 25-1-2010)     It's a new year, and we have a new venue and new rules of engagement! First, the venue - we are back in a pub, in the heart of the west end, with a private room/bar and easy connection to mainline stations etc. Food is excellent and drinks are at *normal* pub prices (and, most importantly, they have Guinness)!!!! Secondly, ROE: we still run on "Fight Club" rules, i.e. "you will talk", but we're going to make it a bit easier to get started... This year, we will be limiting the tal... read more»

Cybercriminals use China attacks on Google as lure     (from ComputerWeekly at 25-1-2010)     Cybercriminals are exploiting the recently announced China-based cyber attacks against Google and more than 20 other companies as a lure for carrying out further targeted attacks. The attackers are sending out e-mails that claim to contain details of the Google attacks in a PDF attachment, according to a blog post by security firm F-Secure. The e-mails appear to come from legitimate sources, but when the attachment is opened, it exploits a known vulnerability in Adobe Reader and Acrobat so... read more»

Blackout: 125 websites self-censor to protest filters     (from ITNews at 25-1-2010)     Open source developer Samba.org and at least two minor political parties were among around 125 websites to ‘black out' today to protest the Government's internet filtering plans. A search by iTnews also located anti-filter campaigners Stopinternetcensorship and web developer Simon Elvery's homepage among participants.... read more»

Survey: Data breaches from malicious attacks doubled last year     (from CNet at 25-1-2010)     Data breaches at U.S. companies attributed to malicious attacks and botnets doubled from 2008 to 2009 and cost substantially more than breaches caused by human negligence or system glitches, according to a new Ponemon survey to be released on Monday. The incidence of malicious attacks rose from 12 percent in 2008 to 24 percent last year, according to the 2009 Annual Study: U.S. Cost of a Data Breach survey conducted by the Ponemon Institute and sponsored by PGP Corp.... read more»

China accuses US of online warfare in Iran     (from Guardian at 25-1-2010)     The United States used "online warfare" to stir up unrest in Iran after last year's elections, the Chinese Communist party newspaper claimed today, hitting back at Hillary Clinton's speech last week about internet freedom. An editorial in the People's Daily accused the US of launching a "hacker brigade" and said it had used social media such as Twitter to spread rumours and create trouble."Behind what America calls free speech is naked political scheming. How did the unrest after the Iranian ... read more»

Call to banish virus-hit computers from internet     (from theaustralian at 25-1-2010)     Computers infected with viruses could be "expelled" from the internet under a new industry code to control Australia's plague of contaminated PCs. The federal government has given the internet industry an operate-or-legislate ultimatum to identify "zombie" computers involved in cyber-crime. The Internet Industry Association - whose members include major internet service providers Optus, Telstra, Vodafone, AAPT, Virgin and Hutchison 3G, as well as industry giants Facebook, Google and Micros... read more»

China Hacks Inspire Copycats     (from PCWorld at 25-1-2010)     Malicious hackers have begun using the recent cyberattacks against Google and more than 30 other companies as lures for launching even more targeted attacks, security firm F-Secure said in a blog post today. The company reported spoofed e-mails purporting to contain details on the alleged Chinese attacks that contain a PDF attachment. When opened, it installs and runs the Acrobat.exe backdoor on the user's machine.... read more»

Europe's Spam War Stalls     (from PCWorld at 25-1-2010)     Europe's ISPs are just about holding their own against the global spam barrage, a Europe-wide report has found. Put another way, things are not getting better, but are not getting any worse either. Judging from the 2009 ENISA (European Network and Information Security Agency) spam survey of ISPs across 27 EU states, ISPs spend substantial sums trapping spam before it gets to the end user, mainly because they have to to keep customers. Small providers spend at least 10,000 Euros ($14,100) figh... read more»

World Congress on Internet Security (WorldCIS-2011)     (from worldcis at 25-1-2010)     The World Congress on Internet Security (WorldCIS-2011) is Technically Co-Sponsored by IEEE UK/RI Computer Chapter. The WorldCIS-2011 is an international forum dedicated to the advancement of the theory and practical implementation of security on the Internet and Computer Networks. The inability to properly secure the Internet, computer networks, protecting the Internet against emerging threats and vulnerabilities, and sustaining privacy and trust has been a key focus of research. The WorldCI... read more»

Top 10 technologies to beat tyranny     (from v3 at 25-1-2010)     Last week we had a bit of fun and looked at technologies for budding dictators, but this week we're looking at the other side of the coin – how to stay safe online if your future depends on it. Every day each of use generates a rapidly expanding amount of data and that data is mined by companies and governments. In many cases it's used for nothing more irritating than advertising but for some countries that cloud is also a trail that can be monitored.... read more»

IT spending to grow in 2010     (from Help Net Security at 25-1-2010)     A slow but steady improvement in the macroeconomic environment in 2010 should support a return to modest growth in overall IT spending, according to Gartner. Worldwide IT spending will reach $3.4 trillion in 2010, a 4.6 percent increase from 2009.... read more»

How to Stop 11 Hidden Security Threats     (from PCWorld at 25-1-2010)     Do you know how to guard against scareware? How about Trojan horse text messages? Or social network data harvesting? Malicious hackers are a resourceful bunch, and their methods continually evolve to target the ways we use our computers now. New attack techniques allow bad guys to stay one step ahead of security software and to get the better of even cautious and well-informed PC users. Don't let that happen to you. Read on for descriptions of 11 of the most recent and most malignant security... read more»

95% of email is spam     (from Help Net Security at 25-1-2010)     The European Network and Information Security Agency (ENISA) released its new spam report which looks at spam budgets, impact of spam and spam management. The survey targeted email service providers of different types and sizes, and received replies from 100 respondents from 30 different countries, throughout the EU (26/27 EU Member States); and 80 million mailboxes managed. The survey analyses how e-mail service providers combat spam in their networks, and identifies the state of art in the ... read more»

IIA: Funding needed for ISPs to crack-down on unruly spammers     (from Computer World at 25-1-2010)     The Federal Government may be asked to fund an upcoming code requiring Internet Service Providers (ISPs) to crack-down on spamming computers. The Internet Industry Association (IIA) draft code proposes ISPs take action against customers whose computers are pumping out spam over their networks or may have been hijacked for use by online criminals. IIA chief executive Peter Coroneos said the industry-backed voluntary code will be released for further public consultation by the end of March this... read more»

China cries 'imperialism' over Google     (from The Age at 25-1-2010)     The Chinese Government has issued a stinging response to criticism that it is jamming the free flow of words and ideas on the internet, accusing the US of damaging relations between the two countries by foisting its ''information imperialism'' on China. Foreign Ministry spokesman Ma Zhaoxu defended China's policies regarding the web, saying the nation's internet regulations were in line with Chinese law and did not hamper the cyber activities of the world's largest online population.... read more»

China denies Google cyber attacks     (from The Sydney Morning Herald at 24-1-2010)     China on Monday denied any state involvement in cyber attacks on Google and defended internet censorship as necessary, as a row with Washington over the US firm's threat to leave the country rumbled on. The statements from Beijing, carried in twin interviews on the state news agency Xinhua, came after the White House said US President Barack Obama was "troubled" by Google's claims that it had been attacked by China-based hackers.... read more»

Conroy supports Clinton's anti-censorship speech     (from ComputerWorld at 24-1-2010)     Communications Minister, Senator Stephen Conroy has welcomed the US Secretary of State Hillary Clinton’s anti-censorship speech one month after announcing plans to introduce mandatory ISP-level Internet content filtering. Clinton’s speech in Washington DC overnight came nine days after Google announced that it may exit China because of cyber attacks originating from the country that appeared to be an attempt to silence or spy on human-rights activists there.... read more»

Irish internet forum back after hack attack     (from BBC at 24-1-2010)     An Irish internet forum which had to shut down after an attack on its user database has been restored. Boards.ie, which had to shut down on Thursday afternoon, was restored on Friday evening. Part of the database which included members' usernames, email addresses and obfuscated passwords was accessed.... read more»

UK most popular phishing target     (from v3 at 24-1-2010)     The UK is the most popular country to target with phishing attacks, according a recent report. MessageLabs delivered the news Friday in its monthly intelligence report on spam and malware. The report found that this month 1 out of every 253.6 emails was connected to a phishing operation. The global average is 1 phishing attempts in every 562.3 emails.... read more»

Computer security: fraud fears as scientists crack 'anonymous' datasets     (from Guardian at 24-1-2010)     Computer experts in the US can now identify people from personal information, leading to concerns over security and confidentiality. Computer scientists in the US have discovered ways to "re-identify" the names of people included in supposedly anonymous datasets.... read more»

Security is hard     (from Acunetix at 24-1-2010)     The year debuted with ‘Operation Aurora‘: Google and over 30 other companies were hit by a spear phishing attack which resulted in theft of intellectual property from Google and probably other companies. Spear phishing is a targeted form of phishing in which an e-mail message might look like it comes from your employer, or from a colleague who might send an e-mail message to everyone in the company, such as the head of human resources or IT. The attackers used an Internet Explorer 6 zero day... read more»

Related articles by Zemanta

• Suckers Victims lost $9.3 billion to 419 scammers in 2009 (arstechnica.com)


• Report: Companies unprepared for cybercrime (news.cnet.com)