Saturday, January 16, 2010

Internet Security News




















































































































































































































































































































































































































 




This Free IT-Security news feed was compiled and is provided by E-Secure-IT; the most comprehensive and complete Business Risk Management Intelligence Service and IT-Security Risk and Threat Early Warning Service available in the market today.  They offer a 30 day complimentary subscription. 





Visit them at www.e-secure-it.com or email more-info@e-secure-it.com for more information on their available services.







Web browser vulnerability used in Google attacks: Microsoft
 
 (from Yahoo at 16-1-2010) 
 Microsoft said Thursday that a security vulnerability in its Internet Explorer browser was used in cyberattacks which prompted Google to threaten to shut down its operations in China. Web security firm MaAfee Inc. said meanwhile that the attacks on Google and other companies showed a level of sophistication beyond that of cyber criminals and more typical of a nation-state.... read more» 
   
 





 Of Tailored Attacks and Chinese Trojans 
 (from unsafebits at 16-1-2010) 
 The files carrying the attacks were in various formats, but none of the attacks used Adobe’s portable document format (PDF) files, a popular vector for attacks. PDF files were initially fingered as the vector used to attack Google and 33 other companies, but at least some of those attacks used a vulnerability in Internet Explorer, and security firm McAfee has stated that none of the attack samples it has analyzed have been PDF files.... read more» 
   
 





 DRG (Dragon Research Group) Distro available for general release 
 (from SANS at 16-1-2010) 
 The Dragon Research Group (DRG) Distro is a Linux-based Live CD platform. It forms the cornerstone of much of DRG's ongoing research, analysis and development efforts. The goal of the DRG Distro is to build a DRG Network of pods that can securely and anonymously help provide actionable intelligence to the Internet security community. The DRG Distro can act as a passive data collection facility for many common applications such as HTTP servers or if expressly permitted, can help actively mo... read more» 
   
 





 Russian security firm rails against responsible disclosure 
 (from SecureComputing at 16-1-2010) 
 A little known Russian security firm has taken the bold step of releasing details of zero-day exploits in business software every day for the rest of January, according to reports. Security expert Brian Krebs revealed that Intevydis will post advisories on products from big name vendors such as IBM, Novell and Sun Microsystems, in protest at a 'responsible disclosure' policy which it regards as a waste of time.... read more» 
   
 





 Sumitomo Mitsui Card website altered by Gumblar variant 
 (from japantoday at 16-1-2010) 
 Sumitomo Mitsui Card Co said Wednesday its website was found to have been altered by a variant of the Gumblar computer virus. Personal computers of a total of 1,845 individuals who browsed the site between 2:30 p.m. Jan 6 and 11:13 a.m. Jan 7 might have been infected with the virus, the company said. The infection could cause data on the computers to be leaked onto the Internet, it said. Some other Japanese companies have already reported similar attacks on their websites, including East J... read more» 
   
 





 'Domestic extremism' police called in on climate hack 
 (from The Register at 16-1-2010) 
 Norfolk police investigating the "Climategate" hack have called in colleagues from the National Domestic Extremism Team (NDET), it has emerged. The unit was originally set up to investigate animal rights extremists. Recently it has been embroiled in controversy over police gathering intelligence about protestors, including environmentalists.NDET, run by ACPO, is providing the investigation with two officers and computer forensics expertise.... read more» 
   
 





 2010 to be a year of change for the security industry 
 (from threatchaos at 16-1-2010) 
 2010 is going to be a dramatic year for the security industry. Vendors and security professionals should prepare for a sea change. Here are my predictions for the year. 1. Crowd sourced Denial of Service attacks will be used against websites of US candidates in US elections. The attacks against Iranian web sites during June 2009 educated a lot of Twitter users on how to take down web sites of people they disagree with. Simple page refreshes on a candidate’s web site are enough to bri... read more» 
   
 





 Ritter faces trial in Monroe County on Internet sex charge 
 (from Pocono Record at 16-1-2010) 
 Prosecutors and police said on Wednesday that Scott Ritter, a former chief United Nations weapons inspector, will face trial in Monroe County Court in March after police accused him of innapropriate contact over the Internet with what he thought was a 15-year-old girl. Ritter, 48, turned himself in to Barrett Township Police in November after he was charged with having a sexual conversation with a police officer posing as a 15-year-old girl and masturbating on a Web camera on Feb. 7, 2009.... read more» 
   
 





 False Moscow CCTV feed scam leads to fraud charges 
 (from The Register at 16-1-2010) 
 The discovery that some CCTV cameras around Moscow streamed prerecorded images, instead of live pictures, has resulted in criminal charges against StroyMontageService, the firm that maintained the network. Dmitry Kudryavtsev, a director of StroyMontageService, has been arrested and charged with fraud over the alleged scam, which recalls fake image trickery used in films such as Ocean's Eleven. Kudryavtsev, who denies any wrongdoing, alleges he has been framed by rivals.... read more» 
   
 





 Business host DataGate vanishes 
 (from The Register at 16-1-2010) 
 Business hosting outfit DataGate has fallen off the internet today, with customers unable to raise the firm on the phone too. The London-based firm's own website is currently unavailable, as are those of its customers. Reg correspondents say DataGate disappeared at at about 8am. Web developer Robin Tong this afternoon claimed on Twitter that the firm had a Level 3 routing error.... read more» 
   
 





 Corporate spy risks from free email 
 (from SecureComputing at 16-1-2010) 
 Gmail, Yahoo! Mail and Hotmail "completely vulnerable" by default.Small business users of Gmail, Yahoo! mail and Hotmail were vulnerable to corporate spies when logged into their accounts on public Wi-Fi networks, a penetration tester has found. Business users of public Wi-Fi hotspots, such as those at cafes, who sent commercially sensitive information were at risk, said Hacklabs tester Chris Gatford.Employees of small businesses often used free email services as their main business email acc... read more» 
   
 





 NASA Nebula - Obama's own private cloud? 
 (from The Register at 16-1-2010) 
 The open-source Amazon-like compute cloud under development at NASA's Ames Research Center could become a means of hosting websites across the US government. Ames chief information officer Chris Kemp tells The Reg that the engineers building NASA's Nebula infrastructure cloud have been working with the team put together by federal CIO Vivek Kundra to build a new species of federal websites, and that in the "near future," Kundra's group will unveil some sort of built-from-scratch federal porta... read more» 
   
 





 Symantec: Web security on the rise among RP firms 
 (from Inquirer at 16-1-2010) 
 With companies constantly relying on the Internet for almost everything from inter-office communications, customer support, supply chain management, to outsourced back office management, the threat of security breaches will continue to rise. Symantec cites that just for the first half of this year, there had been 1.3 million online threats – more than half of what was recorded in 2008. Nevertheless, companies, especially the small- to medium-scale business in the Philippines are becoming more... read more» 
   
 





 Adobe Investigates Cyber-attack 
 (from EWeek at 16-1-2010) 
 Adobe Systems is investigating an attack against corporate network systems managed by Adobe. Details of the security threat are scarce. Adobe Systems reported Jan. 12 that it has uncovered a "coordinated attack against corporate network systems managed by Adobe and other companies." Adobe became aware of the attack Jan. 2, according to a post by Adobe employee Pooja Prasad on a company blog. Other companies were affected by the attack as well, and Adobe is in communication with them as the in... read more» 
   
 





 UK.gov dismisses Tory claims UK cyberspace is defenceless 
 (from The Register at 16-1-2010) 
 The government has dismissed Tory claims that the UK is not equipped to battle digital attacks on its national security. David Cameron backed the claim as he launched his party's national security green paper today. It criticises GCHQ's Cyber Security Operations Centre (CSOC), which is due to begin work in March."Even when it is operational, the Centre is only intended to analyse the threats – not to do anything about them," the Tories charged.... read more» 
   
 





 Network flaw causes scary Web error 
 (from Yahoo at 16-1-2010) 
 A Georgia mother and her two daughters logged onto Facebook from mobile phones last weekend and wound up in a startling place: strangers' accounts with full access to troves of private information. The glitch - the result of a routing problem at the family's wireless carrier, AT&T - revealed a little known security flaw with far reaching implications for everyone on the Internet, not just Facebook users. In each case, the Internet lost track of who was who, putting the women into the wrong ac... read more» 
   
 





 Social networks and the web offer a lifeline in Haiti 
 (from BBC at 16-1-2010) 
 The collapse of traditional channels of communication in Haiti has again highlighted the role of social media and the internet in disasters. Twitter is being used as a prime channel for communications, while sites such as Ushahidi are providing maps detailing aid and damage. Both Google and Facebook are producing missing persons lists. Satellite networks are also diverting resources to provide communications to aid agencies and the military. The very first images to escape from the region af... read more» 
   
 





 Smartphone security next big thing 
 (from NetworkWorld at 16-1-2010) 
 Future smartphones will come pre-loaded with anti-virus software clients to prevent the loss of data and services to malware. And mobile banking and person-to-person payments will be authenticated by fingerprint sensors on the handset. "Although malware has been seen in mobile handsets, in the past it has not done much damage," says ABI Research vice president Stan Schatt.... read more» 
   
 





 Website not responsible for data theft 
 (from koreaherald at 15-1-2010) 
 Auction, a major online open market, is not responsible for the theft of its customers' personal information, the Seoul Central District Court ruled yesterday. "Auction cannot be seen as having violated any duties as a Web service provider," ruled the court. The company also immediately reported the data breach to authorities and to its customers, and thus may be seen as having taken appropriate countermeasures, said the court.... read more» 
   
 





 Security from an Israeli Perspective April 11 - April 16, 2010 
 (from iscisrael at 15-1-2010) 
 Hosted and organized by Marc Kahlberg and Jim Gort. Organized Crime, Terrorism and an inside look at how Israel successfully counters and thwarts over 90% of all violence targeted at its civilian population, will be held in Israel from April 11 - April 16, 2010. The "Experience Israel" Training tour will be held in the framework of a combined Israeli Security Perspective of Technology and Human Resources.... read more» 
   
 





 Chinese hackers pose a growing threat to U.S. firms 
 (from Los Angeles Times at 15-1-2010) 
 The scale and sophistication of the cyber attacks on Google Inc. and other large U.S. corporations by hackers in China is raising national security concerns that the Asian superpower is escalating its industrial espionage efforts on the Internet. While the U.S. focus has been primarily on protecting military and state secrets from cyber spying, a new battle is being waged in which corporate computers and the lucrative valuable intellectual property they hold have become as much of a target of... read more» 
   
 





 Google to remove links to racist Australian website 
 (from nzherald at 15-1-2010) 
 Google has agreed to take down links to a website that promotes racist views of indigenous Australians. Aboriginal man Steve Hodder-Watt recently discovered the US-based site by searching "Aboriginal and Encyclopedia" in the search engine.... read more» 
   
 





 Surge in e-crimes in Dubai 
 (from Gulfnews at 15-1-2010) 
 Dubai Most cyber attacks in the UAE last year targeted banks and were perpetrated by electronic criminals from outside the country, a government report has revealed, adding that the number of hacking and defacement incidents quadrupled in 2009 from 2008. It added that of all the electronic breaches during 2009, "phishing" comprised the main offence - 62 per cent of which targeted local banks, followed by UAE branches of international banks and other institutions at 19 per cent each.... read more» 
   
 





 Lincoln National Discloses Breach Of 1.2 Million Customers 
 (from DarkReading at 15-1-2010) 
 Lincoln National Corp. (LNC) last week disclosed a security vulnerability in its portfolio information system that could have compromised the account data of approximately 1.2 million customers. In a disclosure letter (PDF) sent to the attorney general of New Hampshire Jan. 4, attorneys for the financial services firm revealed that a breach of the Lincoln portfolio information system had been reported to the Financial Industry Regulatory Authority (FINRA) by an unidentified source last August... read more» 
   
 





 Alleged China Attacks Could Test U.S. Cybersecurity Policy 
 (from CIO at 15-1-2010) 
 The attacks on Google and more than 30 other Silicon Valley companies by agents allegedly working for China is focusing renewed attention on the issue of state-sponsored cyber attacks and how the U.S. government should respond to them. The U.S. has no formal policy for dealing with foreign government-led threats against U.S. interests in cyberspace. With efforts already under way to develop such a policy, the recent attacks could do a lot shape the policy and fuel its passage through Congress... read more» 
   
 





 Internet Scams Go After Those Hit Hardest by Recession 
 (from enterprise-security-today at 15-1-2010) 
 Debbie Hodges was scanning the Internet when an ad that offered help seeking federal grants caught her eye. She applied for information, hoping to seek aid for the school where she works and the fire department where her husband volunteers. "I figured it couldn't hurt to try and see what was out there," said Hodges, 47, of Northfield, Conn. But after providing her credit card information, she said, she lost more than $70 without getting any leads to government grants.... read more» 
   
 





 DarkMarket kingpin pleads guilty to conspiracy 
 (from ComputerWeekly at 15-1-2010) 
 The brains behind DarkMarket, the clearing house for online criminals, pleaded guilty to conspiracy to defraud and five counts of furnishing false information at Blackfriars Crown Court yesterday and asked to be remanded in custody. Renukanth Subramaniam, 33, a Sri Lankan immigrant, set up DarkMarket in 2005 at an internet cafĂ© in Wembley, London. He handed himself in to the police in late 2008 after the FBI infiltrated and took over the site, running it as a sting operation.... read more» 
   
 





 Contactless smart cards can offer considerable value to the UK police force 
 (from SecurityPark at 15-1-2010) 
 IAM (Identity and access management) is a significant challenge for police forces throughout the country. Enabling employees to quickly and securely access data and facilities has always been a high priority. The growing number of data sources now available to police is making it more critical than ever that the right people have access to the information they need, and that this data can be assessed and monitored in a secure way.... read more» 
   
 





 Only 27% of organizations use encryption 
 (from Net-Security at 15-1-2010) 
 According to a Check Point survey of 224 IT and security administrators, over 40% of businesses in the last year have more remote users connecting to the corporate network from home or when traveling, compared to 2008. The clear majority (77%) of businesses have up to a quarter of their total workforce consisting of regular remote users. Yet, regardless of the growth in remote users, just 27% of respondents say their companies currently use hard disk encryption to protect sensitive data on co... read more» 
   
 





 Top 10 information security threats for 2010 
 (from Help Net Security at 15-1-2010) 
 "The start of a new year is a great time for companies to evaluate their information security practices and begin thinking about what threats they'll be facing in the coming year," said Kevin Prince, CTO, Perimeter E-Security. "As these security threats are becoming more serious and difficult to detect, it is vital for companies to understand what they can do to best protect their systems and information.... read more» 
   
 





 2010 Could Be The Year For Security Outsourcing, Forrester Says 
 (from DarkReading at 15-1-2010) 
 The new year could bring new relationships between the enterprise security department and the security outsourcing firms that want to serve it, according to a new industry report. According to "Twelve Recommendations For Your 2010 Information Security Strategy," a report published yesterday by Forrester Research, enterprises may rethink the "outsourcing" concept, making it more of a "co-sourcing" approach.... read more» 
   
 





 Businesses increase the amount of remote working but fail to secure their devices 
 (from scmagazineuk at 15-1-2010) 
 Over three quarters of businesses have regular remote users among their workforce, yet only 27 per cent use hard disk encryption. According to survey by Check Point, 77 per cent of businesses have a quarter of staff who regularly work remotely, and in addition, only nine per cent use encryption for removable storage devices.... read more» 
   
 





 Thirteen Percent of Systems in US Infected by Flammable ZBot Malware Cocktail 
 (from BitDefender at 15-1-2010) 
 BitDefender, an award-winning provider of innovative anti-malware security solutions, today warned of the rapid spread of malware intended for users of Microsoft Office Outlook Web Access. The unsolicited message directs users to “apply a new set of settings” to their mailboxes to update several “security upgrades” that have been applied. The link in the e-mail leads towards a Web page with Microsoft Office logos and instructs users to download and launch an executable file that will supposed... read more» 
   
 





 FINRA notifies Lincoln National of security vulnerability 
 (from databreaches at 15-1-2010) 
 A vulnerability in the portfolio information system for broker-dealer subsidiaries of Lincoln National Corporation potentially exposed the records of 1,200,000 people, 18,900 of whom are New Hampshire residents. By letter dated January 4, attorneys for Lincoln Financial Securities Corporation and Lincoln Financial Advisors notified the New Hampshire Attorney General’s Office that although an outside forensic review found no reason to believe that client data were actually accessed or misused,... read more» 
   
 





 A Drop in .cn Spam 
 (from Symantec at 15-1-2010) 
 After contributing 30 - 50% of URL spam in 2009, the volume of .cn spam is on the decline. It appears that the drop is due to the recent enhancement in domain registration procedures introduced by China's Internet Network Information Center (CNNIC). On December 11, CNNIC announced a new registration procedure for .cn domains. Data gathered in the Symantec Probe Network shows that the volume of .cn spam fluctuated around 40% until December 11. After a sudden spike in the volume on December 13... read more» 
   
 





 China throws rotten tomatoes at IMDb - Online movie bible blocked 
 (from The Register at 15-1-2010) 
 China this week appears to have blocked access to the Internet Movie Database (IMDb.com), giving rise to speculation that it is stepping up its war on websites that allow user-generated content. IMDb is owned by Amazon and is available to its claimed 57 million visitors per month in English, German, French, Spanish, Italian and Portuguese – but not Chinese. That hasn’t stopped the Chinese authorities from apparently blocking the site since last Wednesday, to the dismay of film industry inside... read more» 
   
 





 Researchers identify command servers behind Google attack 
 (from Arstechnica at 15-1-2010) 
 VeriSign's iDefense security lab has published a report with technical details about the recent cyberattack that hit Google and over 30 other companies. The iDefense researchers traced the attack back to its origin and also identified the command-and-control servers that were used to manage the malware. The cyber-assault came to light on Tuesday when Google disclosed to the public that the Gmail Web service was targeted in a highly-organized attack in late December. Google said that the intru... read more» 
   
 





 UK.gov moves to block Hamas kids site 
 (from The Register at 15-1-2010) 
 The Home Office is considering blocking a childrens' website run by the Palestinian group Hamas following suggestions it incites hatred of Jews. Liverpool MP Louise Ellman, chair of the Labour Jewish Movement, has called on ministers to block access to al-Fateh.net, a webzine launched by Hamas in 2002. Alongside baking recipes and exam advice, the fortnightly publication features tributes to suicide attackers and encourages "love of jihad".... read more» 
   
 





 China silent on Google, welcomes compliant internet firms 
 (from The Register at 15-1-2010) 
 China went on a wide-ranging charm offensive today to show the world it is open to the internet and is in fact the biggest victim of hacking attacks. The heartfelt pleas for understanding began the day after Google threatened to up sticks from the world's most populous country after complaining it had been targeted by organised hackers based in China.... read more» 
   
 





 Google agrees to take down racist site 
 (from The Sydney Morning Herald at 15-1-2010) 
 Google has agreed to take down links to a website that promotes racist views of indigenous Australians. Aboriginal man Steve Hodder-Watt recently discovered the US-based site by searching "Aboriginal and Encyclopedia" in the search engine. He tried to modify the entry on Encyclopedia Dramatica, a satirical and extremely racist version of Wikipedia, but was blocked from doing so. Mr Hodder-Watt then undertook legal action, that resulted in Google acknowledging its legal responsibility to remov... read more» 
   
 





 Google, China, Censorship and Hacking 
 (from Sophos at 15-1-2010) 
 According to a Google statement, Google and at least 20 other large companies have been on the receiving end of a "highly sophisticated and targeted attack" originating from China. It wasn't just internet companies who were victims of the attacks, but also firms from the finance, technology, media and chemical sectors. Google says that the attack resulted in the theft of some of its intellectual property, and claims that a primary purpose of the attack was to access the Gmail accounts of Chin... read more» 
   
 





 Global Study Reveals Proliferation of Consumer-Based Social Networking Throughout the Enterprise and a Growing Need for Governance and IT Involvement 
 (from Cisco at 15-1-2010) 
 Cisco today released the results of a third-party global study designed to assess how organizations use consumer social networking tools to collaborate externally, revealing the need for stronger governance and IT involvement. The research is the first of a two-part series that Cisco has commissioned to explore the impact of social networking and collaboration applications in the enterprise.... read more» 
   
 





 Adobe confirms it was also hit in Google/China hacking case 
 (from Sophos at 15-1-2010) 
 At almost the same time as Google was telling the world that attacks it believed to have originated from China had targeted its systems, Adobe made a brief statement saying that it too had been on the receiving end of a "sophisticated, co-ordinated attack". Presently it is not believed that any customer, financial, employee or any other sensitive data was compromised during the attack, which Adobe became aware of on January 2nd.According to the company - which makes the ubiquitous PDF reader ... read more» 
   
 





 Mastermind behind 'eBay for criminals' is facing jail 
 (from Telegraph at 15-1-2010) 
 Renukanth Subramaniam, from north London, established the website DarkMarket, which threatened every bank account and credit card holder in Britain and caused tens of millions of pounds of losses. It was described as a "one-stop shop" for fraudsters buying and selling stolen details such as PIN numbers, account balances, answers to account security questions and passwords for social networking websites.Subramaniam, 33, pleaded guilty at Blackfriars Crown Court in London to conspiracy to defra... read more» 
   
 





 Gmail Finally Gets HTTPS On by Default 
 (from Softpedia at 15-1-2010) 
 After security researchers and privacy advocates begged Google for years to enable HTTPS on Gmail by default, the company finally decided to do it. The most important consequence is that users checking their email from insecure networks will be protected from Man-in-the-Middle attacks. For well over a decade, the Hypertext Transfer Protocol Secure, or HTTPS, has been used to communicate securely over the Web. Today, it is a standard for websites that deal with sensitive data, like payment tra... read more» 
   
 





 Google's China move puts focus on local censorship plans 
 (from The Age - Australia at 15-1-2010) 
 An Australian internet rights group has applauded Google’s possible pull-out from China over censorship issues, drawing a link to Australia’s proposed plan to block parts of the internet. “We’re certainly happy and supportive that technology companies like Google are asserting that this is a bad idea globally,” said Electronic Frontiers Australia spokesperson Geordie Guy.Google's stance brings more global attention on the Australian government's proposed plans to restrict parts of the interne... read more» 
   
 





 Dodgy Haiti earthquake-themed domains point to scams 
 (from The Register at 15-1-2010) 
 With sad inevitability, fraudsters have rushed to register the Haiti earthquake-themed scam URLs in the wake of Tuesday's natural disaster in the impoverished Caribbean country. Not all the newly registered domains may turn out to be fraudulent, but ever since Hurricane Katrina in 2005 the registration of fraudulent domains has preceded cynical scams attempting to exploit the generosity of ordinary people to line the pockets of fraudsters.... read more» 
   
 





 Obama staffer wants ‘cognitive infiltration’ of 9/11 conspiracy groups 
 (from Rawstory at 15-1-2010) 
 In a 2008 academic paper, President Barack Obama's appointee to head the Office of Information and Regulatory Affairs advocated "cognitive infiltration" of groups that advocate "conspiracy theories" like the ones surrounding 9/11. Cass Sunstein, a Harvard law professor, co-wrote an academic article entitled "Conspiracy Theories: Causes and Cures," in which he argued that the government should stealthily infiltrate groups that pose alternative theories on historical events via "chat rooms, onl... read more» 
   
 





 Federal Government unveils cyber warfare centre 
 (from Computer World at 15-1-2010) 
 The Federal Government has moved to step up its cyber warfare defence capabilities with the opening of the Cyber Security Operations Centre (CSOC) announced as part of the Defence White Paper released last year. The centre, housed inside the Defence Signals Directorate (DSD) headquarters in Canberra, will provide critical understanding of the threat from sophisticated cyber attacks, according to the minister for defence, senator John Faulkner.... read more» 
   
 





 Groups seek to challenge U.S. gov't on seized laptops 
 (from Computer World at 15-1-2010) 
 The policy of random laptop searches and seizures by U.S. government agents at border crossings is under attack again, with a pair of civil rights groups seeking potential plaintiffs for a lawsuit that challenges the practice. The American Civil Liberties Union is working with the National Association of Criminal Defense Lawyers to find lawyers whose laptops or other electronic devices were searched at U.S. points of entry and exit. The groups argue that the practice of suspicionless laptop s... read more» 
   
 





 2nd International ICST Conference on Digital Forensics & Cyber Crime (ICDF2C), October 4 - 6, 2010, Abu Dhabi, UAE 
 (from Digital Forensics Conference at 15-1-2010) 
 The Internet has made it easier to perpetrate traditional crimes by providing criminals an alternate avenue for launching attacks with relative anonymity. The increased complexity of the communication and networking infrastructure is making investigation of the crimes difficult. Clues of illegal activities are often buried in large volumes of data that needs to be sifted through in order to detect crimes and collect evidence. The field of digital forensics is becoming very important for law enfo... read more» 
   
 





 CT Sues Health Net For Massive Security Breach (updated) 
 (from databreaches at 15-1-2010) 
 Attorney General Richard Blumenthal today sued Health Net of Connecticut, Inc. for failing to secure private patient medical records and financial information involving 446,000 Connecticut enrollees and promptly notify consumers endangered by the security breach. Blumenthal is also seeking a court order blocking Health Net from continued violations of HIPAA (Health Insurance Portability and Accountability Act) by requiring that any protected health information contained on a portable electron... read more» 
   
 





 Microsoft CEO says no China exit: report 
 (from Reuters at 14-1-2010) 
 Microsoft Corp has no plans to pull its business out of China after rival Google Inc threatened to quit the country over claims of cyber attacks on its email service, the company's chief executive said on Thursday. Google said that more than 20 other large companies had been the target of cyber attacks originating in China. Microsoft has said it has no evidence that any of its email services or corporate networks were attacked.... read more» 
   
 





 Google Attack Highlights Strength of Targeted Malware 
 (from PCWorld at 14-1-2010) 
 Google's revelation of China-based hacker attacks against it and many other major companies shines the spotlight on today's top Internet threat: the targeted attack. In response to an assault that went after the Gmail accounts of Chinese human rights activists, Google yesterday made the jaw-dropping assertion that it would seek to stop censoring search results on its Google.cn site.... read more» 
   
 





 McAfee: China attackers exploited new IE hole 
 (from CNet at 14-1-2010) 
 A new, unpatched vulnerability in Internet Explorer was exploited in the China-based attacks on Google and other companies, antivirus firm McAfee said on Thursday. Microsoft was expected to release an advisory on the previously undisclosed hole on Thursday, McAfee spokesman Joris Evers told CNET.... read more» 
   
 





 Google tightens up Gmail security after China hacks 
 (from nzherald at 14-1-2010) 
 Google is tightening the security of its free email service to combat computer hackers like the ones that recently targeted it in China. With the shift, Gmail accounts will automatically be set in an "https" mode, meaning contents of email will be scrambled so they're less likely to leak out to unauthorised users.... read more» 
   
 





 Yahoo backs Google's response to China hacks 
 (from nzherald at 14-1-2010) 
 Yahoo supports rival Google's threatened departure from China because of computer attacks that pried into the email accounts of human rights activists. In a statement, Yahoo said it is "aligned" with Google's reaction to the hacking that originated within China.... read more» 
   
 





 China Stands Firm in Response to Google Threat 
 (from Wired at 14-1-2010) 
 China has hit back at Google in its response to the search giant’s announcement this week that it may pull out of China if it can’t reach an agreement about censoring content. Two government officials said on Thursday that internet companies must obey the laws of China and help the government steer the country by guiding public opinion.... read more» 
   
 





 No breach in computer security system: PMO 
 (from littleabout at 14-1-2010) 
 The Prime Minister's Office (PMO) has said there was "no breach" in the security systems of its computers or those in other central government departments. Asked about a media report that hackers from China have targeted computers in the Prime Minister's Office (PMO), an official in the PMO denied the report. "Attempts have always been there to hack our computers, but we have our security systems in place," a PMO official told IANS. "There has been no breach on our security system, we a... read more» 
   
 





 Chinese hackers target PMO computers 
 (from indiatoday at 14-1-2010) 
 Hackers from China have targeted computers in the Prime Minister's Office (PMO). Headlines Today has learnt that the sinister attempt was made around December 15 last year. Investigators are still coming to terms with the depth of the damage. The hackers had aimed high - their targets were the cream of India's national security set-up: National Security Advisor M.K. Narayanan, Cabinet Secretary K.M. Chandrashekhar, PM's Special Envoy Shyam Saran and Deputy National Security Advisor Shek... read more» 
   
 





 China has a history of hacking computers 
 (from economictimes at 14-1-2010) 
 The attack on Google’s corporate infrastructure is not the only incident of cyber terrorism and corporate espionage attempted by Chinese hackers in recent times. In the past too, large institutions of importance in India, US, UK, Australia, Russia have been attacked regularly by IP addresses originating from China, in a bid to steal information. Last year, the Ministry of External Affairs in India confirmed that computers of some diplomats in New Delhi were compromised by IP addresses origina... read more» 
   
 





 Security experts say Google cyber-attack was routine 
 (from BBC at 14-1-2010) 
 The cyber-attack that made Google consider pulling out of China was run of the mill, say security experts. Google revealed its move following attempts to hack Gmail accounts of human rights activists. The search giant said analysis showed that the series of attacks originated from inside China.... read more» 
   
 





 Hacking risks persist even if companies withdraw from China 
 (from NetworkWorld at 14-1-2010) 
 Google and other enterprises still face a bleak computer security landscape that makes their companies vulnerable to hackers, whether they do business in China or not, analysts say. Google's chief legal officer revealed on Tuesday that the company and more than 20 other technology, financial and software companies were targeted by hackers, motivated to steal intellectual property and intelligence on human rights activists.... read more» 
   
 





 Opinion: IT's 5 big security mistakes 
 (from ComputerWorld at 14-1-2010) 
 Happy New Year, folks. As usual, the turn of the calendar has brought no shortage of articles predicting the future. That's all well and good, but it's a good idea to also take stock of where we are before we chart our course forward, so we can truly improve things for the future. You see, one of my pet peeves with our industry is how abysmal we tend to be at learning from our mistakes. Rather than blithely charging forward only to repeat those mistakes, let's study them and learn from them a... read more» 
   
 





 Connecticut AG uses HITECH to sue over patient data breac 
 (from healthimaging at 14-1-2010) 
 Connecticut Attorney General (AG) Richard Blumenthal announced Wednesday that he is suing Health Net of Connecticut for failing to secure private patient medical records and financial information involving 446,000 Connecticut enrollees and promptly notify consumers exposed by the security breach. Blumenthal also is seeking a court order blocking Health Net from continued violations of HIPAA by requiring that any protected health information contained on a portable electronic device be encrypt... read more» 
   
 





 Report: Mal-Bredo A Virus Spreads Via Social Media 
 (from DarkReading at 14-1-2010) 
 Commtouch' (Nasdaq: CTCH) today released its Internet Threats Trend Report for Q4 2009. Spammers continue to be cutting-edge marketers, this time taking advantage of the reputations of global brands, such as UPS, DHL and Facebook, to prompt opening of emails. During this past quarter, cybercriminals focused on distributing the Mal-Bredo A virus. While the number of variants decreased from 10,000 to 1,000 as compared to last quarter, it was spread with much more virulence. Commtouch's quart... read more» 
   
 





 FOSE -- 25-30 March 2010, Washington Convention Center 
 (from compusystems at 14-1-2010) 
 FOSE, the #1 technology event for government in the nation, brings together the tools, methods and systems to maintain, protect and modernize the nation's IT infrastructure. Join us to learn, network, share experiences, and evaluate products, services, and solutions. Visit : http://www.1105newsletters.com/t.do?id=4064385:12481215... read more» 
   
 





 UK: Action taken after personal details found in waste bins 
 (from databreaches at 14-1-2010) 
 The Information Commissioner’s Office (ICO) has found Bellgrange Mortgages and Insurance Services Ltd in breach of the Data Protection Act after clients’ details were found in two large waste bins intended for the use of local residents. The organization, based in Stanmore, has signed an official Undertaking to improve data security.... read more» 
   
 





 Yahoo Said to Be Target of Hacker Attacks From China (Update1) 
 (from Bloomberg at 14-1-2010) 
 Yahoo! Inc., owner of the No. 2 search engine in the U.S., was targeted by a Chinese attack similar to the one that affected Google Inc., according to a person familiar with the matter. Google said this week that at least 20 other companies were targeted in a series of “highly sophisticated” attacks in December. Yahoo was one of those companies, said the person, who declined to be identified because the information isn’t public.... read more» 
   
 





 MoJ clears £500,000 data breach fines 
 (from kable at 14-1-2010) 
 Justice minister Michael Wills laid a statutory instrument before Parliament on 12 January, setting the maximum fine at £500,000. The instrument will become law by default on 6 April 2010 unless Parliament objects. "These penalties are designed to act as a deterrent and to promote compliance with the Data Protection Act," said information commissioner Christopher Graham. "I remain committed to working with voluntary, public and private bodies to help them stick to the rules and comply with th... read more» 
   
 





 McKinnon wins review of extradition for hacking 
 (from ComputerWeekly at 14-1-2010) 
 Self-confessed hacker Gary McKinnon has been granted a reprieve from extradition to the US where he faces up to 70 years in jail for hacking federal and Pentagon computers. The High Court today granted permission for a judicial review of Home Secretary Alan Johnson's decision to extradite McKinnon. Karen Todner, McKinnon's lawyer, welcomed the decision but said it was countered by McKinnon's "very poor mental state". McKinnon, who suffers from Asperger's syndrome, an autistic condition, is... read more» 
   
 





 Google China hack exploited flaws in Adobe Acrobat and Reader 
 (from ComputerWeekly at 14-1-2010) 
 The attempts to hack the Gmail accounts of human rights activists which sparked Google's threat to pull out of China, exploited flaws in Adobe Reader and Acrobat software. The revelation by researchers at Verisign iDefence Security Intelligence Services came as Adobe released a critical security patch for both Reader and Acrobat. Adobe has given no indication of whether the patch is related to the same flaws exploited in the recent attack against Google and more than 20 other large compani... read more» 
   
 





 VB2011 - Barcelona - The 21st Virus Bulletin International Conference 
 (from Virusbtn at 14-1-2010) 
 VB2011 - the 21st Virus Bulletin International Conference - will take place 5-7 October 2011 at the Hesperia Tower hotel, Barcelona, Spain. For more details : http://www.virusbtn.com/conference/vb2011/index... read more» 
   
 





 VB2010 call for papers - The 20th Virus Bulletin International Conference 
 (from Virusbtn at 14-1-2010) 
 Virus Bulletin is seeking submissions from those wishing to present papers at VB2010, the 20th Virus Bulletin International Conference, which will take place 29 September to 1 October 2010 at the Westin Bayshore hotel, Vancouver, Canada. The conference will include a programme of 30-minute presentations running in two concurrent streams: Technical and Corporate. Submissions are invited on all subjects relevant to anti-malware and anti-spam. Suggested topics: - Cybercrime and law enforceme... read more» 
   
 





 Hackers of the world unite - A celebration of talented tinkerers everywhere 
 (from Guardian at 14-1-2010) 
 The 26th edition of the world's largest annual hacker conference, 26C3, took place in Berlin last week. With about 2,500 attendees, a combined total of 9,000 participants worldwide (via live streams), and an array of features that no other conference in the world can match, it was very much a milestone. A bit on the word "hacker", as I know the term might be bothering some of you. I am not using it in the stereotypical way mainstream society often does, to refer to criminal and malicious acti... read more» 
   
 





 Schools minister strikes elegiac tone at Bett - Future of IT in education 
 (from The Register at 14-1-2010) 
 Minister for Schools and Learners Vernon Coaker kicked off this year's Bett today, in a reflective speech that offered very little insight into what the current government plans were for the future of IT in education. Instead Coaker reminded the audience what the Labour government has done for getting technology into schools over the past decade.The plan - which PM Gordon Brown first greenlit in 2008 - looks increasingly likely to be the incumbent government's last IT-in-education hurrah ahea... read more» 
   
 





 IT's 5 Big Security Mistakes 
 (from CIO at 14-1-2010) 
 Happy New Year, folks. As usual, the turn of the calendar has brought no shortage of articles predicting the future. That's all well and good, but it's a good idea to also take stock of where we are before we chart our course forward, so we can truly improve things for the future. The 2009 Data Breach Hall of Shame You see, one of my pet peeves with our industry is how abysmal we tend to be at learning from our mistakes. Rather than blithely charging forward only to repeat those mistakes, ... read more» 
   
 





 Economics backs net neutrality, say researchers 
 (from Out-law at 14-1-2010) 
 Net neutrality is not just the fairest way to organise the internet but the most economically effective, according to two US academics. Their economic analysis of the policy claims that it is the best way to encourage investment in online services. Subscribers pay internet service providers (ISPs) for access to whatever information is published on the internet. Some ISPs want to charge content providers for special fast delivery over their networks.... read more» 
   
 





 Spam filters stuff Canadian Beaver 
 (from The Register at 14-1-2010) 
 Venerable Canadian publication The Beaver has been obliged to change its name after prudish spam filters objected to its suggestive title. Publisher Deborah Morrison explained to AFP: “The Beaver was an impediment online. Several readers asked us to change the title because their spam filters at home or at work were blocking it. I’ve even had emails bounce back because I had inadvertently typed the term in the heading."... read more» 
   
 





 McKinnon granted another judicial review 
 (from The Register at 14-1-2010) 
 The High Court has granted a further judicial review of the Home Secretary's decision to allow extradition proceeding against Pentagon hacker Gary McKinnon to proceed. The move means the imminent threat of extradition against McKinnon is removed until at least April. The latest in a long line of appeals by McKinnon will consider whether McKinnon's mental state is too frail to withstand a US trial and likely imprisonment over hacking attacks dating from 2001 and 2002.... read more» 
   
 





 Trojan pxxx dialers make comeback on mobile phones 
 (from The Register at 14-1-2010) 
 After taking a long hiatus, trojan dialers that can rack up thousands of dollars in charges are back by popular demand. According to researchers at CA Security's malware analysis lab, a new wave of malicious dialers is hitting users of mobile phones. The trojans are built on the Java 2 Micro Edition programming language and cause infected handsets to send SMS messages to high-cost numbers, at great expense to the victim.... read more» 
   
 





 Spam and Phishing Landscape: January 2010 
 (from Symantec at 14-1-2010) 
 Notable highlights this month include the shift of the regions of message origin, and changes in the average size of spam messages. • In recent months, APJ and South America have been taking the spam share away from the traditional leaders of North America and EMEA. However, North America and EMEA together sent 57 percent of spam messages in December 2009, compared with 50 percent in November 2009. • With respect to the average size of the messages, the 2kb – 5kb message size category... read more» 
   
 





 Spam grows from 8 to 90 per cent of global email in the last decade 
 (from Computer World at 14-1-2010) 
 The last 10 years has seen the average amount of spam in the collective organisational inbox go from eight per cent of all emails in 2000 to 90 per cent on average in 2009, according to Symantec’s Dermot Harnett. In a recent blog post looking back at the last 10 years of spam trends, Harnett wrote that some of the more notable spam factoids included more than 40 trillion spam messages being sent in 2009 alone. Since 2006, spam levels have steadily climbed from 56 per cent of all email to an a... read more» 
   
 





 Google Hackers Targeted Source Code of More Than 30 Companies 
 (from Wired at 14-1-2010) 
 A hack attack that targeted Google in December also hit 33 other companies, including financial institutions and defense contractors, and was aimed at stealing source code from the companies, say security researchers at iDefense. The hackers used a zero-day vulnerability in Adobe Reader to deliver malware to many of the companies and were in some cases successful at siphoning the source code they sought, according to a statement distributed Tuesday by iDefense, a division of VeriSign. The att... read more» 
   
 





 New botnet threats emerge in the New Year from Lethic and Bagle 
 (from SecureComputing at 14-1-2010) 
 Early January saw a rise in activity from both the Lethic and Bagle spambots. A blog post by Rodel Mendrez, threat analyst at M86 Security, said on January 7 that at that stage, they were not certain how big the Lethic botnet is. "However as it is currently responsible for about eight to ten per cent of the spam in our traps, we figure it is a sizeable botnet," he said. ... read more» 
   
 





 Spammers Target Brands To Spread Malware 
 (from SecurityProNews at 14-1-2010) 
 Spammers continue to take advantage of the reputation of global brands such as UPS, DHL and Facebook to prompt opening of emails, according to a new report from Commtouch. During the past quarter, cybercriminals focused on distributing the Mal-Bredo A virus, according to Commtouch's Threats Trend Report for Q4 2009. The number of variants decreased from 10,00 to 1,000 as compared to last quarter.... read more» 
   
 





 Twitter and Baidu hijacked by "Iranian Cyber Army" 
 (from Zone-h at 14-1-2010) 
 You probably read that story somewhere last month, on December 17 2009 Twitter's homepage has been replaced by this message: "Iranian Cyber Army THIS SITE HAS BEEN HACKED BY IRANIAN CYBER ARMY iRANiAN.CYBER.ARMY@GMAIL.COM U.S.A. Think They Controlling And Managing Internet By Their Access, But THey Don’t, We Control And Manage Internet By Our Power, So Do Not Try To Stimulation Iranian Peoples To…. NOW WHICH COUNTRY IN EMBARGO LIST? IRAN? USA? WE PUSH THEM IN EMBARGO LIST ;) Tak... read more» 
   
 





 Hackers Turn Their Attention to Smartphones 
 (from Symantec at 14-1-2010) 
 FINDING 1:Mid-sized enterprises lead the way FINDING 2:Data centers more complex, harder to manage FINDING 3:Important Initiatives in 2010 Finding 4:Staffing remains tight FINDING 5:Disaster recovery plan issues... read more» 
   
 





 Hackers used rigged PDFs to hit Google and Adobe, says researcher 
 (from ComputerWorld at 13-1-2010) 
 Adobe today confirmed that the cyberattack that hit its corporate network earlier this month was connected to the large-scale attacks Google cited yesterday as one reason it might abandon China. Meanwhile, some researchers have hinted, and others have claimed, that the attacks against both Google and Adobe were based on malicious PDFs that exploited a just-patched vulnerability in Adobe's popular Reader software.... read more» 
   
 





 NZNOG Conference 2010, 27-29 January 2010, Waikato University, Hamilton, New Zealand 
 (from NZNOG at 13-1-2010) 
 NZNOG is the New Zealand Network Operators Group - an online community of network operators, predominantly in the Internet and Online Services area. The annual conference provides an opportunity to learn, exchange technical information, and a high-value opportunity for NZ's networking staff to 'network' amongst themselves. NZNOG is New Zealand's only technical networking conference. The 2010 conference is supported by our Platinum Sponsor Vocus Communications and hosted by the WAND Group a... read more» 
   
 





 Date set for AusNOG-04 in Sydney, 16-17 September, Four Seasons Hotel, Sydney 
 (from ComputerWorld at 13-1-2010) 
 The forth annual Australian Network Operators Group (AusNOG) conference has been set for September 16 and 17 this year in Sydney. The conference is a meeting point for an international and local community of network operators working for ISPs and content providers to discuss the burning issues in telecommunications and share experiences and technical information "over a beer or three" at the Four Seasons Hotel.... read more» 
   
 





 Google considers pulling out of China 
 (from connecttheworld at 13-1-2010) 
 Google said Tuesday the company and at least 20 others were victims of a "highly sophisticated and targeted attack" originating in China in mid-December, evidently to gain access to the e-mail accounts of Chinese human rights activists. Google has decided it is no longer willing to consider censorship of its Google site in China and may have to shut down its site and its offices in that nation.... read more» 
   
 





 ISP owner on cyberfraud charges 
 (from ComputerWorldUk at 13-1-2010) 
 The owner of a Dallas-based internet service provider that was raided last April has been charged with participating in a conspiracy to defraud more than $15 million from companies such as Verizon, AT&T and XO Communications. Matthew Simpson, 25, of Red Oak, Texas, is one of 19 people charged in the case, according to a grand jury indictment that was unsealed late last week.... read more» 
   
 





 US asks China to explain Google hacking claims 
 (from Guardian at 13-1-2010) 
 The US government is investigating allegations of a Chinese hacking attack on Google amid what Washington called "serious concerns" over internet security. The strike, which the company said was aimed at uncovering information linked to political dissidents in the country, led Google to announce last night that it would no longer censor its search engine in China.... read more» 
   
 





 Google to end censorship in China over cyber attacks 
 (from Guardian at 13-1-2010) 
 Google, the world's leading search engine, has thrown down the gauntlet to China by saying it is no longer willing to censor search results on its Chinese service. The internet giant said the decision followed a cyber attack it believes was aimed at gathering information on Chinese human rights activists.... read more» 
   
 





 CyberMaryland seeks federal jobs from cybersecurity push 
 (from federalnewsradio at 13-1-2010) 
 he state of Maryland has announced plans to be "front and center" among states when it comes to developing the tools of cybersecurity, and create new, high-tech jobs in the process. One of the top Federal agencies leading national cybersecurity efforts played host to yesterday's "CyberMaryland" summit meeting. The new CyberMaryland report unveiled yesterday at the National Institute of Standards and Technology in Gaithersburg is nothing less than a road map to making Maryland, as Governor Mar... read more» 
   
 





 Google China Attacks Presage Battle With U.S. to Shape Internet 
 (from Businessweek at 13-1-2010) 
 Google Inc.’s threat to pull out of China because of hacking and censorship may further the Communist government’s resolve to shape the Internet to its political advantage rather than accept the “unrestricted” Web advocated by President Barack Obama. Secretary of State Hillary Clinton called on China’s government to explain the attacks, which follow attempts last year to mandate the installation of filtering software and the blocking of social-networking sites including Facebook.com and Twitt... read more» 
   
 





 Google attack part of widespread spying effort 
 (from IT World at 13-1-2010) 
 Google's decision Tuesday to risk walking away from the world's largest Internet market may have come as a shock, but security experts see it as the most public admission of a top IT problem for U.S. companies: ongoing corporate espionage originating from China. Google, by implying that Beijing had sponsored the attack, has placed itself in the center of an international controversy, exposing what appears to be a state-sponsored corporate espionage campaign that compromised more than 30 techn... read more» 
   
 





 China won't yield to Google on censorship 
 (from IT World at 13-1-2010) 
 Google risks having its online services blocked in China as it defies local authorities by ending censorship of results on its Chinese search engine, analysts said. Google has long removed sensitive search results from its Chinese search engine at Google.cn, but said Tuesday it plans to end the censorship and may ultimately shut down the company's China offices.... read more» 
   
 





 USA Goverment Statement on Google Operations in China 
 (from State.Gov at 13-1-2010) 
 We have been briefed by Google on these allegations, which raise very serious concerns and questions. We look to the Chinese government for an explanation. The ability to operate with confidence in cyberspace is critical in a modern society and economy. I will be giving an address next week on the centrality of internet freedom in the 21st century, and we will have further comment on this matter as the facts become clear.... read more» 
   
 





 Google hack raises serious concerns 
 (from IT World at 13-1-2010) 
 A coordinated hacking campaign targeting Google, Adobe Systems and more than 30 other companies raises serious concerns, U.S. Secretary of State Hillary Clinton said Tuesday. In a statement released late Tuesday night, Clinton said that the U.S. government is taking the attack -- which Google said came from China -- very seriously. "We have been briefed by Google on these allegations, which raise very serious concerns and questions," she said. "We look to the Chinese government for an explana... read more» 
   
 





 Weird Object Zooming by Earth Wednesday is Likely an Asteroid 
 (from space at 13-1-2010) 
 A weird object that left some observers wondering if it was a piece of space junk is most likely just a small asteroid, and will zoom close by Earth Wednesday, NASA scientists say. It may be visible to seasoned amateur astronomers as it passes harmlessly by the planet. Astronomers announced the discovery of the asteroid, which they named 2010 AL30, on Monday. It is relatively small, about 36 feet (11 meters) wide, NASA researchers said.... read more» 
   
 





 Chinese hacker attacks target Google Gmail accounts, top tech firms 
 (from search security at 13-1-2010) 
 A sophisticated attack targeting the corporate infrastructures of up to 33 Silicon Valley tech firms is believed to have originated in China and may be an attempt by Chinese government agents to track down Chinese human rights activists, according to a disclosure issued Tuesday by search engine giant Google.... read more» 
   
 





 Malicious attacks behind more data security breaches than human error 
 (from idtheftcenter at 13-1-2010) 
 According to a new report, in 2009, malicious attacks accounted for more of the reported data security breaches than human error, a trend that has not been seen in the past three years. Hacker attacks or theft by nefarious insiders made up 36.4% of 354 reported data security breaches last year, compared to 27.5% caused by accidental exposure or lost data, according to the 2009 Identity Theft Resource Center Breach Report, which was released Friday. The San Diego, Calif.-based nonprofit ITRC, ... read more» 
   
 





 Maryland wants to be cybersecurity epicenter 
 (from Federal Computer Week at 13-1-2010) 
 Maryland Democratic Gov. Martin O’Malley has plans to boost his state’s national status as a leader in cybersecurity and bolster Maryland's computer security-related jobs. O’Malley released a report, titled CyberMaryland, on Jan. 11 that makes the case that the state is positioned to be the hub for federal, academic and private-sector cybersecurity efforts.... read more» 
   
 





 Google blames 'human error' for leak of users' business data 
 (from InfoWorld at 13-1-2010) 
 Google is apologizing after it mistakenly e-mailed potentially sensitive business data last week to other users of its business listings service. The company's Local Business Center allows businesses to create a listing for Google's search engine and Maps application, as well as add videos, coupons or photos.... read more» 
   
 





 'Iranian Cyber Army' takes down Baidu 
 (from ComputerWorldUk at 13-1-2010) 
 The group that took down Twitter.com last month has apparently claimed another victim: China's largest search engine Baidu.com. Baidu.com was offline late Monday, but at one point it displayed an image saying "This site has been hacked by Iranian Cyber Army," according to a report in the official newspaper of the Chinese Communist Party and other websites. A Baidu representative confirmed services on the site had been interrupted by "external manipulation" of its domain name server in the ... read more» 
   
 





 CES shows us the Internet of the future 
 (from CNN at 13-1-2010) 
 In the 1990s, many of us began our online experience, likely over a dial-up connection. In the 2000s, broadband redefined the way we use the Internet, enabling advancements like online video and social networking to flourish. And if the first major technology event of the new decade -- CES -- is any indication, the 2010s are going to bring about another quantum leap in the way we work, play and communicate as the Internet becomes embedded in virtually everything we do.... read more» 
   
 





 Google may get copyright immunity in UK 
 (from TechRadar at 13-1-2010) 
 Search engines such as Google could well find themselves exempt from UK law of any liability for copyright infringement if a new proposed amendment to the Digital Economy Bill is passed. The latest proposed amendment (292) to the recently announced Digital Economy Bill has been put forward by Conservative Lord Lucas, who suggests:... read more» 
   
 





 Canada quashes Yes Men hoax with phishing claim 
 (from The Register at 13-1-2010) 
 Those online pranksters known as The Yes Men may be called many things for their spoofing antics - satirists, provocateurs, major-league assholes - but phishers they're not. Ah, but that's exactly the excuse Canada's department of the environment used to shut down two of the organization's parody website's created last month to thumb noses at the government's environmental policy during the Copenhagen climate conference.... read more» 
   
 





 Maryland Positions To Be Cybersecurity 'Epicenter' 
 (from National Cyber Security at 13-1-2010) 
 In a report, the state proposes creating a National Center of Excellence for Cybersecurity and aligning its cybersecurity initiatives with those of the Obama Administration. Maryland wants to become the Silicon Valley of cybersecurity. In a new report, the state says it has the assets, including a "cluster" of required IT capabilities, to support the federal government's growing cybersecurity requirements.... read more» 
   
 





 Hacker Messes With Student's Schedule 
 (from KCRA at 13-1-2010) 
 A college student has been dropped from her classes twice, apparently the victim of someone who hacked into her schedule. Michelle McCoy-Lloyd was going to take two culinary classes at San Joaquin Delta College starting next week. Last month, someone had hacked into her student schedule and dropped her five falls classes, which she was still attending.... read more» 
   
 





 Indian Internet Users Vulnerable to Cyber Fraud 
 (from Information Week at 13-1-2010) 
 A survey of more than 5,000 active Internet users across 10 cities in India suggests that users are becoming increasingly concerned about online security. Ninety one percent of the respondent Internet users experienced some case of cyber fraud, such as phishing, key logging, identity theft and account takeover. Despite the exposure to cyber fraud, a majority of respondents were unaware of ways to combat it. The survey, commissioned by VeriSign and conducted by IMRB highlighted that 60 percent... read more» 
   
 





 Adobe Investigates Corporate Network Security Issue 
 (from Adobe at 13-1-2010) 
 Adobe became aware on January 2, 2010 of a computer security incident involving a sophisticated, coordinated attack against corporate network systems managed by Adobe and other companies. We are currently in contact with other companies and are investigating the incident. At this time, we have no evidence to indicate that any sensitive information--including customer, financial, employee or any other sensitive data--has been compromised. We anticipate the full investigation will take quite some ... read more» 
   
 





 Episode 33 of the Who and Why Show: Resolutions 
 (from YouTube at 13-1-2010) 
 In the 33rd episode of Team Cymru's 'The Who and Why Show', Dave Monnier talks about some New years resolutions that might be appropriate for IT Security Professionals. See this weeks episode at at www.youtube.com/teamcymru.... read more» 
   
 





 Irresponsible disclosure? That's a big fat zero 
 (from Sophos at 13-1-2010) 
 Brian Krebs has published an interesting interview on his KrebsOnSecurity blog with Evgeny Legerov, the founder of Russian security firm Intevydis. In the interview Legerov reveals that he plans to take the controversial step of releasing details of previously undocumented zero-day vulnerabilities in several widely-used software products, as he is fed up with software vendors not taking the security holes seriously.... read more» 
   
 





 Data losses to incur fines of up to £500,000 
 (from BBC at 13-1-2010) 
 The Information Commissioner's Office will be able to issue fines of up to £500,000 for serious data security breaches. The new rule is expected to come into force in the UK on 6 April 2010. It has been approved by Jack Straw MP, Secretary of State for Justice. The size of the fine will be determined after an investigation to assess the gravity of the breach. Other factors will include the size and finances of the organisation at fault.... read more» 
   
 





 Google to Stop Censoring Search Results in China After Hack Attack 
 (from Wired at 13-1-2010) 
 Google has decided to stop censoring search results in China, after discovering that someone based in that country had attempted to hack into the e-mail accounts of human rights activists. The company disclosed the move in a startling announcement posted to its blog late Tuesday. Google said it was prepared to pull its business out of China, if issues around the surveillance and its decision to stop censoring results could not be resolved with the Chinese government. Although the company d... read more» 
   
 





 Powerful Quake Rocks Haitian Capital 
 (from The New York Times at 13-1-2010) 
 A fierce earthquake struck Haiti late Tuesday afternoon, causing widespread damage around the capital, leveling countless shantytown dwellings and bringing even more suffering to a nation that was already the hemisphere’s poorest and most disaster-prone. The powerful earthquake of 7.0 magnitude rocked Haiti just before 5 p.m. Eastern time, 10 miles southwest from the densely populated capital of Port-au-Prince, according to the United States Geological Survey. But damage to the capital city o... read more» 
   
 





 Google 'may pull out of China after Gmail cyber attack' 
 (from BBC at 13-1-2010) 
 Internet giant Google says it may end its operations in China after hackers targeted the e-mail accounts of Chinese human rights activists. It said it had found a "sophisticated and targeted attack on our corporate infrastructure originating from China". It did not specifically accuse China's government but said it was no longer willing to censor its Chinese site's results, as the government requires.Google says the decision may mean it has to shut the site, set up in 2006.... read more» 
   
 





 Google blames 'human error' for data leak 
 (from itworld at 13-1-2010) 
 Google is apologizing after it mistakenly e-mailed potentially sensitive business data last week to other users of its business listings service. The company's Local Business Center allows businesses to create a listing for Google's search engine and Maps application, as well as add videos, coupons or photos.... read more» 
   
 





 The 2010 Cyber Threat Environment 
 (from DefenseTech at 12-1-2010) 
 The cyber threat environment is constantly changing and becoming more challenging with every day that passes. Malware grew last year at the highest rate in 20 years. Multiple security reports showed that more than 25 million new strains of malware were identified in 2009. Forecasts suggest that 2010 will again see unprecedented growth in malware and the trend is expected to continue for the foreseeable future. Not only will the cyber attack volume escalated dramatically, but the sophisticati... read more» 
   
 





 O'Malley to promote Md. as U.S. cyber security hub 
 (from baltimoresun at 12-1-2010) 
 Gov. Martin O'Malley plans to promote Maryland as the "national epicenter" for cyber security innovation and to team with the state's Washington delegation to vie for billions in government spending as the global war on terrorism intensifies efforts to protect computer networks. State and industry officials said Maryland is better positioned than other areas, such as California's Silicon Valley, to be the premier cyber security hub because major defense agencies are based here already.... read more» 
   
 





 Vietnam websites encounter hacker onslaught 
 (from Vovnews at 12-1-2010) 
 There were over 47,000 computer viruses in Vietnam in 2009, up 30 percent from 2008, according to statistics from the Bach KHoa Internet Security Centre (BKIS).The most common targets of hackers include websites of internet service providers, financial companies, banks and governmental agencies. In November and December 2008, BKIS found 18 websites of government ministries and departments attacked by hackers.... read more» 
   
 





 McAfee: Spammers Turn to Free Web Hosting Services 
 (from EWeek at 12-1-2010) 
 Spammers are increasingly turning to free-hosting Websites to provide spam URLs, according to a new report from McAfee. In its "January 2010 Spam Report," McAfee notes the trend is turning into an “all-out gold rush” as dozens of these free-hosting sites have sprung up to provide Web space for anyone who requests it.... read more» 
   
 





 'SMiShing Hits The Region' 
 (from WSLS at 12-1-2010) 
 A new fraudulant scheme is hitting the region. Its called SMiShing. It is a term used to refer to the combination of texting (SMS) and phishing. Cell phone customers and bank customers recieve a text message or phone call asking for personal bank information. The scheme itself has been around for about a year and a half, it’s now hitting our area.... read more» 
   
 





 nullcon Goa 2010 International Security & Hacking Conference, 6-7th Feb 2010, The Retreat, Goa 
 (from nullcon at 12-1-2010) 
 null is proud to announce the launch of it's security & hacking conference nullcon Goa 2010. nullcon Goa 2010, India's first 'community' driven security & hacking conference will bring together Security Researchers, security professionals, vendors, CXOs, Law Enforcements agencies from all over the country to a common platform to discuss latest research in field of Information Security and in particular the major security threats faced by everyone today. nullcon Details -------------- Dates:... read more» 
   
 





 Who Was Who in Spam for 2009 
 (from eSecurity Planet at 12-1-2010) 
 President Obama checked in as the most common spam subject last year, beating out the likes of Michael Jackson (No. 2 among men), former President George W. Bush (No. 3), actor Brad Pitt (No. 4) and musician Eminem (No. 5). Rounding out McAfee's (NYSE: MFE) Top 10 among men in spam subject lines were Warren Buffett (No. 6), Chuck Norris (No. 7), Don Juan (No. 8), Elton John (No. 9) and Sacha Baron Cohen (No. 10).... read more» 
   
 





 Cisco Security Report: Malware, Social Media are Top Risks 
 (from govinfosecurity at 12-1-2010) 
 Malware is increasingly sophisticated, and social media are the common new venues for attacks. One was the real rise of the banking trojan and Zeus as the poster child for that family of malware. And the second one is that social media is really a playground for cyber crime, and the criminals have responded and followed those 350 million people on Facebook, those 80 million people on Linked In to attack them where they are doing their social media activities.... read more» 
   
 





 Maryland aims to be cybersecurity 'epicenter' 
 (from NetworkWorld at 12-1-2010) 
 Maryland officials want the state to be the U.S. "epicenter" for fighting cyber attacks, and on Monday they launched an effort to bring more cybersecurity research and jobs to the state. Maryland has several resources that make it the perfect place to be a national -- and world -- leader in cybersecurity, said Governor Martin O'Malley, speaking at a kick-off event at the U.S. National Institute of Standards and Technology (NIST) in Gaithersburg, Maryland. In addition to the NIST, Maryland is ... read more» 
   
 





 Iranian Cyber Army hacks China's Baidu search engine 
 (from ComputerWeekly at 12-1-2010) 
 The group known as the Iranian Cyber Army, which attacked Twitter in December, has defaced another high-profile website, according to security firm Sophos. This time the group has targeted China's biggest search engine, Baidu. The site's home page briefly displayed a message declaring the site had been hacked by the Iranian Cyber Army. "It is not presently clear whether Baidu's site itself was compromised or, as in the case with the Twitter attack, its DNS records," said Graham Cluley seni... read more» 
   
 





 Rogue anti-virus software targets Google Groups 
 (from ComputerWeekly at 12-1-2010) 
 Google discussion groups are being hit by messages linking to rogue anti-virus software, security firm Webroot has warned. The attacks have gained momentum in the past few months and typically use free Gmail accounts to post brief messages in both open and closed Google Groups. The messages claim to link to "fun videos" but instead link to code that redirects browsers to Chinese sites hosting rogue anti-virus software.... read more» 
   
 





 Cell Phone Tapping: GSM Encryption Hacked 
 (from information-security-resources at 12-1-2010) 
 GSM cellular networks in the US and Europe use the A5/1 stream cipher meant to ensure cellular calls cannot be listened into by unauthorized parties monitoring radio traffic. However, the guarantee of privacy is no longer ensured. New attack techniques were unveiled at the Hacking at Random conference in The Netherlends which would allow an attacker to decrypt cellular calls made over a GSM network. The attacker only needs the new software and about $500 in radio monitoring equipment. The AS... read more» 
   
 





 Firm to Release Database & Web Server 0days 
 (from KrebsonSecurity at 12-1-2010) 
 January promises to be a busy month for Web server and database administrators alike: A security research firm in Russia says it plans to release information about a slew of previously undocumented vulnerabilities in several widely-used commercial software products. The final list of vulnerabilities to be released is still in flux, but it is likely to include vulnerabilities (and in some cases working exploits) in: -Web servers such as Zeus Web Server, Sun Web Server (pre-authentication bu... read more» 
   
 





 Politicians say Maryland is ripe for cybersecurity industry 
 (from washingtonpost at 12-1-2010) 
 On Monday, Democratic members of Maryland's congressional delegation and Gov. Martin O'Malley (D) launched perhaps the most coordinated effort since their party took control of the White House to harness a stream of federal funding and a growing job sector, billing Maryland as the logical destination for thousands of new cybersecurity posts.... read more» 
   
 





 Never seem to find the time - 2010 has given us the facetiously-named Y2.01K Bug 
 (from Sophos at 12-1-2010) 
 2010 has already given us the facetiously-named Y2.01K Bug, following the appearance of date-related calculation flaws in the very sorts of application you might reasonably expect not to display such faults. Merchants and their customers in Australia and in Germany have been bitten by point-of-sale (POS) machines which wouldn't accept payment cards after the clocks ticked over to 01 January 2010. Quite what went wrong in the banking community is not clear.... read more» 
   
 





 Cybercriminals work in various ways to trap users online 
 (from universe at 12-1-2010) 
 As Internet usage continues to climb, so do security problems. Security providers work to stay ahead of hackers, but end-users, defined as anyone personally using the Internet, need to be educated to avoid potential pitfalls. Cybercriminals use different tactics such as phishing, spam and viruses to infiltrate the Internet.“One of the most serious threats is phishing, which steers people away from legitimate sites to fraudulent sites,” said Mark Kanok, senior product manager for Norton 360. ... read more» 
   
 





 Google leaks small biz stats to random people 
 (from The Register at 12-1-2010) 
 Google has inadvertently leaked web traffic data for multiple small businesses to random third-parties across the web. On January 7, web marketing consultant David Dalka received an email from Google that included traffic stats from its Local Business Center, a portal where small businesses can add themselves to Google's local search index and track visits to such listings. Dalka uses the Local Business Center on behalf of multiple clients, but the email detailed November 2009 data for a comp... read more» 
   
 





 Spanish cabinet approves anti-piracy law proposal 
 (from Telecom Paper at 12-1-2010) 
 The Spanish cabinet has passed an anti-piracy legislation proposal, local newspaper El Comercio reports. The new law would allow the Spanish federal court to close or block websites that offer unauthorized movie and music downloads. The law enables content owners to file copyright infringement complaints before an intellectual property commission within the country's Ministry of Culture. The commission will then submit the complaints to a federal court judge, who will have four days to decid... read more» 
   
 





 Chrome 'shows the way' for browser security 
 (from ComputerWorldUk at 12-1-2010) 
 Google Chrome's ability to isolate untrusted data from the rest of the operating system, should be followed by all browser manufacturers, according to a noted security researcher. Dino Dai Zovi, a security researcher and co-author of The Mac Hacker's Handbook, believes that the future of security relies on "sandboxing," the practice of separating application processes from other applications, the operating system and user data.... read more» 
   
 





 Girl fight videos posted on internet amid violence surge 
 (from News at 12-1-2010) 
 A MASSIVE spike in violent attacks by young Queensland girls has been blamed on internet "fight sites" where videos of the attacks are posted. Authorities say a 44 per cent jump in assaults is being driven by the growing popularity of "girl fight sites". Queensland police charged 441 girls aged 10 to 14 with assault last year – up from 307 the previous year. "The internet actually encourages this behaviour because kids from all over the world go on and rate the fights, so even when conflict d... read more» 
   
 





 Baidu.com: Website Failure Caused By Illegal Domain Name Tampering 
 (from China Tech News at 12-1-2010) 
 Chinese online search engine Baidu.com went down today in an episode some users suspect has to do with Iranian Internet hackers. According to reports in Chinese local media, starting from 07:00 this morning, the Chinese search engine Baidu.com experienced a massive failure and users in many cities and provinces in China said they were unable to visit the website.... read more» 
   
 





 Heartland Settles with Visa Over Data Breach 
 (from Softpedia at 12-1-2010) 
 Heartland Payment Systems announced a settlement with Visa, which involves funding $60 million for the reimbursement of credit card issuers affected by the data breach the firm discovered in 2008. Under the terms of the agreement, Heartland will provide $59.22 million and Visa will cover the rest from fines previously imposed upon the company. In 2008, during a computer network audit, the staff at Heartland Payment Systems, one of the largest payment processors in the United States, discovere... read more» 
   
 





 RSA Too Foresees Expansion in Online Threats in 2010 
 (from spamfighter at 12-1-2010) 
 The network security company RSA has just recently released its security projections for the year 2010, wherein it has predicted growth in the online security threats, similar to the predictions made by all other security firms. As per RSA, with the fraudsters sharpening their skills to rapidly exploit freshly detected flaws in desktops and websites, Trojan attacks and malware infections will augment massively in coming times. Cyber crooks will try to gain better penetration into the cybercri... read more» 
   
 





 Exploit.PGF-JS.Gen outranks the Trojan leadership in BitDefender’s December Top Ten Threat Report 
 (from BitDefender at 12-1-2010) 
 BitDefender’s December 2009 Top 10 E-Threat list includes: 1 Exploit.PDF-JS.Gen 12.04 2 Trojan.AutorunINF.Gen 8.15 3 Trojan.Clicker.CM 7.90 4 Win32.Worm.Downadup.Gen 5.85 5 Trojan.Wimad.Gen.1 4.57 6 Win32.Sality.OG 2.65 7 Trojan.Autorun.AET 1.97 8 Worm.Autorun.VHG 1.65 9 Win32.Worm.Downadup.B 1.25 10 Trojan.Script.236197 1.08 OTHERS 52.85... read more» 
   
 





 Forrester's 2010 security predictions 
 (from loglogic at 12-1-2010) 
 Firstly, congratulations to Mike Rothman on joining Securosis. Now, on to my Verizon post. Mike correctly pointed out that I drank too much over Christmas, and that what I said about being safe was fluffy and careless. In my defense, I was having post-Christmas fun, not submitting a whitepaper, or advising anyone on strategy. I’d just spent 400 words telling people to be vigilant, and not believe Verizon’s roses-round-the-door view of 2010. Plugging my products seemed like too good an opportu... read more» 
   
 





 Cyber exercise to target financial firms 
 (from SecurityFocus at 12-1-2010) 
 A critical-infrastructure group responsible for disseminating information to financial firms announced last week that it would hold a three-day cyber exercise in February to test the security of participants' payment processing. The Financial Services Information Sharing and Analysis Center (FS-ISAC) will run the three-day Cyber Attack against Payment Processes (CAPP) starting on February 9, opening the exercise to any firm that handles payments, William Nelson, president and CEO of the FS-IS... read more» 
   
 





 Protect Against VDDoS Cyber Attacks 
 (from koreaittimes at 12-1-2010) 
 July 7 of last year, DDoS attack was a very disruptive cyber attack for many companies, the public, and even the government. However, there is a possibility of a release of a newer and stronger cyber attack known as Vendor-Driven Denial of Service (VDDoS). VDDoS' specific characteristics once attacking include displacing important information and devastating the server and PC system. On January 8, Korea's Information Assurance Society held a conference to discuss defense mechanisms and solutions... read more» 
   
 





 This Month in the Threat Webscape - Month of December 2009 
 (from Websense Security Labs at 12-1-2010) 
 This month, Fox Sports and NASA discovered that their Web sites were compromised. Web 2.0 widget-maker RockYou suffered a major security breach where it was discovered that RockYou failed to apply the simplest security best-practice: encrypting the password of their users. Twitter suffered a DNS hijacking, Amazon EC2 was used by the Zeus bot network, there were more Adobe PDF and browser vulnerabilities... read on for more.... read more» 
   
 





 Study: back-to-basics security strategy the way to go 
 (from Computer World at 12-1-2010) 
 Protecting business information - the most basic element in any business - should be the priority of firms in ensuring security and managing risks in their organizations, data from a global information security survey conducted by Ernst & Young revealed recently. "The conventional way of handling security issues doesn't work anymore," asserted Gerry Chng, Far East Area information security champion, Ernst & Young. Chng said focusing on infrastructure, keeping the bad guys out, point-in-time s... read more» 
   
 





 E-statements plugged as solution to mail fraud 
 (from Computer World at 12-1-2010) 
 Mail fraud and identity theft like that clamped down on by NSW Police this week could be eliminated if bank customers opt for electronic-statements, according to a security analyst. Called Operation Gulliver the NSW Police teamed up with Australia Post to bust a mail fraud and identity theft ring this week. In a statement, the NSW Police said "stolen cheques are being altered or counterfeited and laundered through false bank accounts opened by so-called 'runners' as part of an organised crimi... read more» 
   
 





 Hate crime synagogue hacker unlikely to be charged 
 (from Sophos at 12-1-2010) 
 In the first week of January, two synagogues in Boulder, Colorado, found that their websites had been defaced by a hacker who posted anti-Semitic messages. The websites of Bonai Shalom and Har HaShem were breached on January 2nd with messages such as: Jews are terrorists. Child Organ Smugglers and Jews are terrorists Organization Subsequently, the Boulder Rabbinic Council's website was also defaced with similar messages claiming to come from a hacker calling themselves "Waja (Adi Noor)".... read more» 
   
 





 Phishing Attack Launched from Android Market 
 (from Softpedia at 12-1-2010) 
 A malware writer succeeded in getting a rogue phishing application listed on the Android Market website. The software posed as a shell for mobile-banking applications, but, instead, was being used to steal online banking credentials.... read more» 
   
 





 'Hack our election and spend the rest of your life in jail' 
 (from Sophos at 12-1-2010) 
 Hackers in the Phillippines have been warned of the serious punishments that could result if they try and interfere with the upcoming elections in the country. Ferdinand Rafanan, head of the Commission on Elections' law department, is quoted in news reports as saying: "If the automated election system is going to be hacked, that would amount to electoral sabotage where the penalty is definitely life imprisonment."... read more» 
   
 





 Cybersecurity's Critical Need: Better Metrics 
 (from govinfosecurity at 12-1-2010) 
 With the global economy so dependent on the Internet, the need for better cybersecurity metrics is crucial, and the government must take the lead to assure proper measurements are developed, says the top cybersecurity leader at the Department of Homeland Security. "Markets rely on information to allow effective decision making, so if you want people throughout the ecosystem ... and this is actually absolutely going to be required, to make effective decisions, to institute the right practices,... read more» 
   
 





 South Korea launches its cyberwarfare command centre 
 (from Sophos at 12-1-2010) 
 South Korea is reportedly officially launching its cyberwarfare command centre today. The unit, which will be manned by some 200 computer technicians, is designed to counter the threat of Chinese hackers and the much-rumoured North Korean cyberwarfare division, which has been accused of attacking North American and South Korean military computers in the past.... read more» 
   
 





 Geist: Ottawa pulls its own Internet hoax 
 (from TheStar at 11-1-2010) 
 Internet providers frequently are asked to remove content, yet most reputable firms only do so with court oversight or a clear statutory mandate. One exception to this rule involves cases of phishing, which is the criminally fraudulent process of attempting to acquire personal information such as user names, passwords and credit card details by masquerading as a trustworthy entity. This occurs when fraudsters create websites that look much like a popular bank or online auction site in the ho... read more» 
   
 





 EU urged to crack down on internet piracy 
 (from Guardian at 11-1-2010) 
 European trade unions and industry groups from TV, film and radio have joined Bono, Lily Allen and other big-name artists in calling for wider legal crackdowns on internet piracy. Workers' representatives and trade groups from across Europe have formed a coalition to urge the European Union to formally adopt a strong stance against illegal filesharing and to put more pressure on internet service providers (ISPs) to help curb piracy.... read more» 
   
 





 All Your Clouds Are Belong to… Not You 
 (from theaeonsolution at 11-1-2010) 
 After reading ENISA’s “Benefits, risks and recommendations for information security” , I am convinced even more so now than I ever was before, against the cloud. For those unaware of the acronym, ENISA stands for European Network and Information Security Agency. It can be viewed as Europe’s version of the USA’s NIST. Their document is 125 pages, with 71 pages encompassing the main scope and the remaining pages consisting of a Glossary, Bibliography and Annexes. It is a must read for any mana... read more» 
   
 





 Philippine goverment websites defaced 
 (from MB.Com at 11-1-2010) 
 Last week, we saw four websites of Philippine government agencies defaced by crackers. The sites of the Department of Health (DOH), Department of Social Welfare and Development (DSWD), National Disaster Coordinating Council (NDCC), and Department of Labor and Employment (DOLE) were all defaced.... read more» 
   
 





 Insurer sending letters about security breach 
 (from waaytv at 11-1-2010) 
 BlueCross BlueShield of Tennessee will start contacting customers this week whose personal information was exposed when hard drives were stolen from the state's largest health insurer. The insurer has been analyzing the security breach since 57 hard drives were stolen in October from a storage closet at the Eastgate Town Center training center. Company spokeswoman Mary Thompson told the Chattanooga Times Free Press that letters are being mailed in batches starting this week as the data is ... read more» 
   
 





 Web filters mean bad news for business 
 (from ZDNet Asia at 11-1-2010) 
 Filtering at the Internet service provider (ISP) level will result in businesses experiencing speed reductions, higher access fees and the possibility of being unintentionally blocked, according to industry observers. Several countries including Australia, China, Malaysia and Singapore, mandate that ISPs block sites that carry content deemed to be undesirable such as pxxxography. More recently, some governments are looking to extend this to other types of content.... read more» 
   
 





 Officials To Talk About Cyber Security Industry 
 (from WJZ at 11-1-2010) 
 State officials will be outlining plans on how to strengthen the cyber security industry in Maryland. Gov. Martin O'Malley is scheduled to release a report Monday that's being touted as the state's first comprehensive inventory of the cyber security sector in Maryland.... read more» 
   
 





 Law enforcement in India needs Techno-Legal Training 
 (from MeriNews at 11-1-2010) 
 Cyber law enforcement is passing through a bad phase in India. There is hardly any conviction of cyber criminals in India. On the one hand India has bad and weak cyber law whereas on the other hand law enforcement is hardly aware about the basics of cyber law and cyber forensics.... read more» 
   
 





 Philippine government Web sites hacked 
 (from upi at 11-1-2010) 
 Hackers in the Philippines have defaced a government Web site, the fifth such attack on such sites in a month, officials said. Hackers left a message on the government's Technical Education and Skills Development Authority site mocking the country's upcoming automated elections, GMANews.tv reported Sunday.... read more» 
   
 





 When Flood of E-Mail Pitches Recedes 
 (from The New York Times at 11-1-2010) 
 Two weeks before Christmas, online retailers blasted out promotional e-mail at a rate 60 percent higher than the yearly median. But in the seven days just before the holiday, the average number of messages fell, according to the online marketing firm Responsys, which tracked e-mail from 104 of the 150 largest online retailers. What gives?... read more» 
   
 





 Security And Privacy Issues Of The Unique Identity Number Project Of India 
 (from cyberlawsinindia at 11-1-2010) 
 The Unique Identification Authority of India (UIDAI) is not a “legally constituted” authority. In the absence of just and reasonable law(s) to support the same, it would violate the Human Rights and Fundamental Rights of the citizens of India, say techno-legal experts like Praveen Dalal. The interaction of Information and Communication Technology (ICT) with Human Rights is no more a science fiction and India must keep in mind the mandates of Human Rights Protection in Cyberspace while impleme... read more» 
   
 





 Terrorists' new target: Hire unemployed techies 
 (from siliconIndia at 11-1-2010) 
 At the time of recession, when most of the top IT companies slashed lakhs of jobs; techies took another step to earn money and joined different terrorists groups across the world. Indian security agencies say that the recruitment of techies was maximum in 2009 when recession hit the world. According to the research done by, European sociologists Diego Gambetta and Steffen Hertog, who surveyed over 400 terrorists, including 25 men involved in the 9/11 attack, found that 44 percent were enginee... read more» 
   
 





 The European Union’s Work Strategies and Practical Measures against Cybercrime 
 (from IBLS at 11-1-2010) 
 The steady increase of cybercrime with transnational implications concerns the European Union member states. For this reason, the European Council concerted some work strategies and practical measures against cybercrime in November 2008. These strategies and measures seek join action by member states in the sphere of police and judicial co-operation against cybercrime, in an effort to combat transnational organized crime and computer crimes in the European Union. This article briefs the Eur... read more» 
   
 





 The Cloud Connection - A mechanism that enables management of computing 
 (from Times of India at 11-1-2010) 
 Let's begin with the basics. What is cloud computing? Wikipedia says it is 'an Internet-(cloud-) based development and use of computer technology (computing). Simplifying this definition for us, Anurag Gupta, senior architect, Yahoo, says, "Cloud computing is a mechanism that enables management of computing and IT infrastructure to be consolidated in one or more data centres to reduce the overall cost of operating computing facilities ."... read more» 
   
 





 Latvian shooters hit British ISP 
 (from Ukrainian globalist at 11-1-2010) 
 The British provider of internet services Vispa was being entirely out of order during one day. And the support service is still not working because the hackers has been quite ingenious and damaged all the telephony of the company. It is curious that DDOS-resource has been detected in Latvia. But there have been no comments or statements from the hackers until now.... read more» 
   
 





 Greatest Cyber Risk Driven by Remote Network Access and Embedded Malicious Code: Deloitte Poll 
 (from auto-mobi at 11-1-2010) 
 More than 40 percent of executives polled by Deloitte believe remote internet access to corporate systems, embedded malware in computers, applications and devices, and little visibility into the security protocols of suppliers and business units are the greatest cyber risks today. The executives were polled recently during the Deloitte webcast, "Combating Cyber-Threats from the Underground Economy: A View from the Front Lines."... read more» 
   
 





 The Security Consortium Announces Support for White House Cyber Chief Schmidt 
 (from PrWeb at 11-1-2010) 
 The Security Consortium, (TSC) a leading IT security testing, research and corporate counsel services organization, today announced its support for recently appointed White House cyber-security “czar” Howard Schmidt. A former chief security executive at Microsoft with 31 years' experience in law enforcement and the military, Schmidt is one of the world's leading authorities on computer security according to John Brennan, the White House counter-terrorism advisor. Schmidt also wrote the forewo... read more» 
   
 





 Cybersecurity: Make It Work This Year 
 (from DefenseNews at 11-1-2010) 
 2009 had all the makings to be a banner year for cybersecurity: The need had been identified, guidance was promised, appointments were planned and mandates were discussed. Unfortunately, 2009 will be remembered as the year that wasn't, and the challenge facing us now is to make sure 2010 doesn't follow suit. Many people mistakenly believe that cybersecurity protects only consumers and other civilian uses for the Internet, but today's military is more dependent than ever on the civilian-based ... read more» 
   
 





 Tulsa World, Okla., Phil Mulkins column: Keep track of dangers on Web 
 (from istockanalyst at 11-1-2010) 
 How do I keep track of all the computer software vulnerabilities floating around the Internet. I can't really trust the sellers to keep me informed of their latest glitches and don't see it in the news paper or on TV. -- H.E., Tulsa. Two sources of "cyber security news" are US-CERT and Help Net Security.... read more» 
   
 





 W2sp 2010: Web 2.0 Security and Privacy 2010 
 (from w2spconf at 10-1-2010) 
 The scope of W2SP 2010 includes, but is not limited to: Trustworthy cloud-based services Usable security and privacy Security and privacy as a service Security for the mobile web Identity management and psuedonymity Web services/feeds/mashups Security and privacy policies for composible content Next-generation browser technology Secure extensions and plug-ins Advertisement and affiliate fraud... read more» 
   
 





 Online Mom shares cyber smarts with parents 
 (from acorn-online at 10-1-2010) 
 Old Greenwich Elementary School begins the new year with a talk by Monica Villa, "The Online Mom." The talk, titled Elementary Years Cyber Smarts: Internet Safety and Cyberbullying, is co-sponsored with Old Greenwich Elementary School. The event will be held at Old Greenwich School cafeteria - on Tuesday, Jan. 12 at 7 p.m. (snowdate Jan. 14). All parents of school-age children in Greenwich are welcome. Come learn more about social networking, photo sharing, video games, instant messaging an... read more» 
   
 





 Headlines to dread - Beware the escalation of corruption and cybercrime 
 (from Washington Times at 10-1-2010) 
 Two topics ought to rate persistent headlines in 2010: governmental corruption and cybersecurity. We know corruption is pervasive, a pan-human affliction, but in the developing world endemic corruption truly robs the present, steals the future and keeps oppressed populations mired in poverty. As it saps fragile economies and sows cynicism, corruption seeds conflict. Corruption in Afghanistan, Pakistan and Iraq has frustrated American and allied war-fighters.... read more» 
   
 





 Doctor who hacked into Prime Minister's health records escapes prosecution 
 (from Daily Record at 10-1-2010) 
 A DOCTOR who hacked into the health records of Gordon Brown and Alex Salmond will not be prosecuted, we can reveal today. Andrew Jamieson sparked a security alert after breaking into confidential computer files on the PM and First Minister and a series of other high-profile Scots. Former Labour leader Jack McConnell and his wife Bridget had their sensitive files viewed.... read more» 
   
 





 Facebook's Zuckerberg Says The Age of Privacy is Over 
 (from readwriteweb at 10-1-2010) 
 Facebook founder Mark Zuckerberg told a live audience yesterday that if he were to create Facebook again today, user information would by default be public, not private as it was for years until the company changed dramatically in December. In a six-minute interview on stage with TechCrunch founder Michael Arrington, Zuckerberg spent 60 seconds talking about Facebook's privacy policies. His statements were of major importance for the world's largest social network - and his arguments in favor... read more» 
   
 





 Cyber-monitoring efforts stepped up 
 (from Tvnz at 10-1-2010) 
 New Zealand authorities are stepping up cyber-monitoring efforts amid online breaches of name suppression. Last week, the identity of a Kiwi comedian was revealed on a TradeMe message board. The comedian is facing a charge relating to sexual connection with a child under 12. Their name and the TV show they have appeared on was revealed.... read more» 
   
 





 Malware linked to PDF reader tops e-threats report 
 (from theiet at 10-1-2010) 
 The device - called Exploit.PDF-JS.Gen - is designed to execute malicious code on its victim’s computer. On opening an infected PDF file, a specially crafted Javascript code triggers the download of malicious binaries from remote locations. The second highest e-threat in December 2009’s listing is Trojan.AutorunInf.Gen. This is a generic mechanism to spread malware using removable devices, such as flash drives, memory cards, or external hard disk drives. Win32.Worm.Downadup and Win32.TDSS are... read more» 
   
 





 Pxxx Star Ron Jeremy Urges Parents to Protect Children from Online Pxxx 
 (from melodika at 10-1-2010) 
 Ron Jeremy, the adult film star who is ranked as America's top pxxx actor by the Adult Video Network, is encouraging parents to take steps to protect children from pornography when they are surfing the Internet. Jeremy is recommending the use of tools such as InternetSafety.com's Safe Eyes family Internet management software to automatically block access to online pxxxographic content.... read more» 
   
 





 Top security threat in Malaysia is malware: Microsoft 
 (from mis-asia at 10-1-2010) 
 Software giant Microsoft’s latest security intelligence report shows that the top security threat in Malaysia is malware, which accounts for 70.8 per cent of all families removed from infected computers from July to December 2009. The company’s seventh volume of the Microsoft Security Intelligence Report (SIRv7) indicates that worm infections in the enterprise space rose by nearly 100 per cent during the first half of 2009 over the preceding six months, said Microsoft Asia Pacific regional se... read more» 
   
 





 White House calls for IT boost to fight terrorism 
 (from Computer World at 10-1-2010) 
 The White House report on the failed bombing attempt of a U.S airliner on Christmas Day highlights the challenges U.S intelligence agencies face in correlating terrorism-related information gathered from multiple databases and sources. The review, released yesterday, identified an overall failure by intelligence agencies to "connect the dots," despite having enough information at their disposal to have potentially disrupted the botched attack.... read more» 
   
 





 Biggest online threats in 2010 
 (from India Times at 10-1-2010) 
 A computer security firm has advised PC owners to keep their computer safe from new security threats in the new year. The experts revealed that the way people use the Internet and their computers has evolved significantly and so have the cyber criminals. They have changed their tactics accordingly. "It really speaks to a Web 2.0 world. People communicate differently today, people transact and pay their bills differently today, and that drives today's criminals," ABC Science quoted David Marcu... read more» 
   
 





 What were biggest scams of 2009? 
 (from freedomblogging at 10-1-2010) 
 1. Acai Berry Supplements, Teeth Whitening and Other “Free” Trial Offers. 2. Stimulus/Government Grants 3. Robocalls 4. Lottery or Sweekpstakes 5. Job Hunting 6. Google “Work from Home” Offers 7. Mortgage Foreclosure or Modification “Rescue” 8. Mystery Shopping/Secret Shopper 9. Over-payment Scams 10. Phishing E-mail... read more» 
   
 





 TRA warns of increase in cybercrime 
 (from business24-7 at 10-1-2010) 
 The number of cybercrimes committed in the UAE is expected to increase in the coming months as the latest technology makes it easier for hackers to commit fraud, according to a new report. Rapid advances in information technology were making it more difficult for companies and other organisations to safeguard vital information, said the study by the Telecommunications Regulatory Authority's Computer Emergency Response Team (aeCERT).... read more» 
   
 





 Financial sector plans cybersecurity drills 
 (from fierce governmentit at 10-1-2010) 
 The financial services sector is putting up new defenses against cyberattacks with a dress rehearsal of how to deal with a hack attack before it happens. The Financial Services Information Sharing and Analysis Center (FS-ISAC)--a group formed in response to a 1998 Presidential security directive--announced last week that it's inviting financial institutions, retailers, card processors and businesses of all sizes to participate in its Cyber Attack Against Payment Processes (CAPP) exercise.... read more» 
   
 





 US Army Website Compromised Through SQL Injection 
 (from cyberinsecure at 10-1-2010) 
 A Romanian grey hat hacker has disclosed an SQL inject (SQLi) vulnerability on a website belonging to the United States Army, which leads to full database compromise. The website, called Army Housing OneStop, is used to provide information about military housing facilities to soldiers. The website has been taken offline. The Army Housing OneStop (AHOS) is “the official Army website for soldiers who need information about Military Family Housing (MFH), Unaccompanied Personnel Housing (UPH) and... read more» 
   
 





 PDF files and Adobe Reader should be security priority for 2010, says Qualys 
 (from Computer Weekly at 10-1-2010) 
 The frequency and severity of security flaws in Adobe's Reader software make it a top priority for IT security managers in 2010, says security firm Qualys. Adobe Reader is an attractive target for attackers because the free, cross-platform software has a large installed base and is widely used by business to access Portable Document Format (PDF) files. Hackers are able to craft seemingly innocent PDF documents that contain everything necessary to exploit the victim's computer without needing ... read more» 
   
 





 China Blocks Wired.com With ‘Great Firewall’ 
 (from Wired at 10-1-2010) 
 Chinese authorities have begun blocking Chinese internet users from reading Wired.com, according to a report from the Examiner. Internet users from Beijing to Shanghai found the site inaccessible starting Friday, reports Glenn Loveland, the Examiner’s Beijing correspondent. The block adds Wired.com to a long list of sites that are or have been considered too dangerous for Chinese net users.... read more» 
   
 





 1/25: Network Neutrality and the Future of the Internet 
 (from Stanford University at 9-1-2010) 
 The Stanford Program in Law, Science and Technology and its Center for Ecommerce present an evening panel, "Network Neutrality and the Future of the Intenet." Network Neutrality continues to be the subject of fierce debate. Proponents of Network Neutrality argue that Internet access providers should not restrict access to lawful content, websites, platforms, applications or access by legal devices that do not harm the network. Opponents of legally mandated Network Neutrality maintain that br... read more» 
   
 





 Central fraud reporting centre operational 
 (from Computer Active at 9-1-2010) 
 Victims of online fraud and scams can now report these crimes directly to a central agency, Action Fraud, set up by the National Fraud Authority (NFA). The organisation, which has been running trials since the end of last year, will not try to solve individual crimes but act as the reporting point and support body for victims. Crime details logged by agency will be handed to the National Fraud Intelligence Bureau (NFIB), run by the City of London police, for investigation.... read more» 
   
 





 Data Breaches: The Insanity Continues 
 (from Identity Theft Resource Center at 9-1-2010) 
 In 2009, the Identity Theft Resource Center Breach Report recorded 498 breaches, less than the 657 in 2008, more than the 446 in 2007. Are data breaches increasing or decreasing? That is the question no one can answer. This fact will not change until there is a single data breach list requiring mandatory public reporting. With some breaches not being reported publicly, and some state Attorneys General not allowing public access to reported breaches, we doubt that anyone is in a position to a... read more» 
   
 





 Cybersecurity expert to head FBI's D.C. office 
 (from The Washington Post at 9-1-2010) 
 The FBI has tapped a cybersecurity expert as the new head of its Washington Field Office, one of the largest and most prestigious posts in the crime-fighting bureau, a spokeswoman confirmed Friday. As assistant director in charge of the field office, Shawn Henry, 47, will be responsible for leading federal investigations of fraud, public corruption and terrorism across Northern Virginia and the District, bureau spokeswoman Katherine Schweit said.... read more» 
   
 





 Hacking Takes Lead as Top Cause of Data Breaches 
 (from PC World at 9-1-2010) 
 Hacking has topped human error as the top cause of reported data breaches for the first time since such tracking began in 2007, according to the Identity Theft Resource Center's 2009 Breach Report. In its report, titled "Data Breaches: The Insanity Continues," the non-profit ITRC found that 19.5 percent of reported breaches were due to hacking, with insider theft as the second most common cause at 16.9 percent. For the past two years, "data on the move," a typically human-error loss of a port... read more» 
   
 





 New European crackdown on illegal Internet downloads 
 (from Mercury News at 9-1-2010) 
 Spain approved a plan Friday to quickly shut down Web sites offering illegal entertainment downloads, joining Britain and France in moving to implement new crackdowns on Internet piracy. Justice Minister Francisco Caamano said the measure by the Spanish Cabinet would create a panel of experts to hear complaints against suspect sites. The panel can then call on a judge, who will have four days to hear arguments from the parties involved before ruling on whether to shut down a site.... read more» 
   
 




 First hacker trial powers up in Beijing 
 (from People Daily Online at 9-1-2010) 
 An alleged hacker accused of manipulating national exam scores through a computer virus has become Beijing's first man to stand trial on hacking charges. Meng Lingjian, 30, was charged at Fengtai district court yesterday with destroying a computer information system - a computer-based crime aimed at hackers that was introduced by legislators last year.... read more»


Disqus for ePayment News