Saturday, March 27, 2010

Internet (Lack of) Security News through 3/25


























































































































































































































































































































































































































 Dave & Buster’s Settles FTC Charges it Failed to Protect Consumers’ Information 
 (from data breaches at 27-3-2010) 
 Entertainment operation Dave & Buster’s, Inc. has agreed to settle Federal Trade Commission charges that the company left consumers’ credit and debit card information vulnerable to hackers, resulting in several hundred thousand dollars in fraudulent charges. Dave & Buster’s operates 53 restaurant and entertainment complexes across the country under the names Dave & Buster’s, Dave & Buster’s Grand Sports CafĂ©, and Jillian’s. Dave & Buster’s will put in place a comprehensive information securit... read more» 
   
 





 Turk hacks State Government website 
 (from expressbuzz at 27-3-2010) 
 A website of the Kerala Government which had a full-fledged database with details of more than 2,000 government processes, started as part of the Citizen Call Centre (CCC) project, has been hacked by a foreigner. The Indian Computer Emergency Response Team (CERT), the agency of Union Ministry of Communication & Information Technology for probing computer security breaches, tracked down the hacking to a Turk, on a complaint by the State Information Technology Department. As a result, depart... read more» 
   
 





 CanSecWest 2010 Day 1 
 (from Sophos at 27-3-2010) 
 As a Vancouverite it always seemed to be a bit of a shame that I have never attended a CanSecWest conference. This year I am here, the 11th annual CanSecWest conference, and I would like to thank Dragos Ruiu for putting on such a great event. Beginning the conference was Marcus Ranum, from Tenable Network Security. If you would like to watch this presentation it is available through YouTube as Marcus presented it late last year at TED. The premise of his talk is that we have made some very po... read more» 
   
 





 Another interesting webinar: The Reality of Cyberattacks 
 (from voltage at 27-3-2010) 
 It looks like our marketing guys are at it again. They're doing another webinar on yet another interesting topic: The Reality of Cyberattacks: Emerging Solutions for Today's Threats. It will be held twice over the next few weeks: on Tuesday, April 6 at 12:30 pm Pacific/9:30 am Eastern, and again on Monday, April 19 at 10:00 am Pacific/7:00 am Eastern. It's a one-hour presentation on preventing cyberattacks against the US's critical infrastructure. For more details : http://www.govinfosecurit... read more» 
   
 





 The risk of mobile spyware is increasing as network-hosted defence encouraged 
 (from scmagazineuk at 27-3-2010) 
 The use of mobile spyware for corporate espionage is becoming an increasing worry for enterprises. Simeon Coney, VP of business development and strategy at AdaptiveMobile, claimed that organisations are becoming increasingly astute when it comes to monitoring and reporting on employees' online behaviour in a bid to protect data and prevent fraud. However, with over 50 per cent of the UK workforce now mobility enabled, can stringent processes be extended to cover those workers accessing server... read more» 
   
 





 Scammers capitalizing on tax season to spread Zeus 
 (from scmagazineus at 27-3-2010) 
 Cybercriminals have been capitalizing on tax season by sending messages that appear to come from the Internal Revenue Service but actually lead to the data-stealing trojan Zeus, researchers at anti-virus firm Trend Micro warned Thursday. The messages ask users to follow a link and review their tax statement to fix errors related to unreported or under-reported income, according to Trend Micro. The URL leads users to a variant of Zeus, which steals information from compromised systems and send... read more» 
   
 





 Phorm turns up in Brazil 
 (from The Register at 27-3-2010) 
 After months lost in a jungle of its own creation, Phorm, the much-maligned internet monitoring and profiling outfit, today emerged with new hopes its technology and the tens of millions spent on it might bring some return. Brazil has long been a destination of choice for those who hit trouble in Britain, and Phorm is no different. Confirming rumours that have been circulating for several months, Phorm said it has signed deals to profile with five of the country's ISPs.... read more» 
   
 





 Cloudamorphosis - A new age of elasticity and mobility 
 (from developing security at 27-3-2010) 
 Cloud computing and mobile devices have revolutionized our personal and professional lives. These innovations have unlocked a new age of elasticity and mobility. Along with this digital revolution, an unexpected transformation is taking place at the heart of server workloads and mobile devices. The once static datacenter has transformed into a highly agile virtual datacenter, and is once again transforming thanks to cloud computing. First generation migrations to cloud, using IaaS, are facing... read more» 
   
 





 Cybersecurity: Moving Beyond the Chatter and Noise! 
 (from lumension at 27-3-2010) 
 As both a guest speaker and attendee at the Security Innovation Network’s fourth annual IT Security Entrepreneur’s Forum, I found the conference provided a great deal of insight on important cybersecurity issues. Two panels I found particularly relevant were: “An Industry and Government Perspective on the Emerging Cyber Threats, Risks and Vulnerabilities” and “Moving Forward with a Roadmap for the IT, Banking, Finance and Energy Sectors.” Here’s why - the panels provided great food for thoug... read more» 
   
 





 ID theft hits 3.3 million college students 
 (from StarTribune at 27-3-2010) 
 Thieves stole computer data from Oakdale-based ECMC getting sensitive information about federal student loans. It is believed to be one of the biggest U.S. cases of student identity theft. A Minnesota company that processes loans for students nationwide has reported a major theft of "personally identifiable information" involving 3.3 million students after a break-in last weekend at its Oakdale headquarters. U.S. Department of Education officials said it is believed to be one of the biggest c... read more» 
   
 





 World Cup-themed PDF attack kicks off 
 (from The Register at 27-3-2010) 
 Miscreants have booted a World Cup-themed email malware attack onto the web, taking advantage of existing material on the tournament. Booby-trapped emails are doing the rounds, posing as messages from African Safari organiser Greenlife. The emails contain an attached PDF file claiming to provide a guide to the first African edition of football's most prestigious tournament.In reality, the attachment payload takes advantage of a recently patched Adobe Reader vulnerability (involving the handli... read more» 
   
 





 Alleged spy traitor's bail bid blocked 
 (from The Register at 27-3-2010) 
 A former MI6 officer who allegedly attempted to sell Top Secret computer files to what he thought was a foreign intelligence agency has had his bail application rejected. Westminster magistrates remanded Daniel Houghton, 25, from Finsbury Park, on two Official Secrets Act charges until a further hearing on April 15, PA reports.He was arrested on March 1 at a central London hotel after allegedly accepting a briefcase containing £900,000 from MI5 counter-espionage officers posing as foreign int... read more» 
   
 





 Microsoft's Hotmail flicks finger at UK students 
 (from The Register at 27-3-2010) 
 Microsoft’s Hotmail and Outlook Live servers keep getting stuck on a spamming loop that is locking many students and teaching staff at UK universities out of the firm’s email service. On 18 March, Microsoft admitted that Hotmail and Outlook Live users at the University of Bath and the University of Manchester were unable to receive emails for the best part of the day due to a cockup with the junk email filtering system.Now The Register is getting reports from readers that suggest similar prob... read more» 
   
 





 Rustock botnets starts spewing encrypted spam 
 (from TechWorld at 27-3-2010) 
 The volume of spam being sent by the notorious Rustock botnet using TLS encryption has surged in recent weeks, establishing an important new trend in botnet behaviour, security companies have said. Two weeks ago, Symantec's MessageLabs division reported noticing large volumes of spam using TLS (Transport Layer Security), an encryption protocol successor to the better-known SSL (Secure Sockets Layer), and normally a way of securing the contents of an email between server and client.... read more» 
   
 





 Research shows party leaders' 'social media reputation' 
 (from BBC at 27-3-2010) 
 Even before official campaigning begins, one thing seems clear - this election is going to be fought in cyberspace as well as on the doorsteps. Social media websites, like Twitter and Facebook, are now seen as crucial battlegrounds, as well as potential forums for political gaffes. The influence of bloggers too, free as they are to support or attack the various parties, also seems to be growing by the day. Now one company, Yomego, says it can put some numbers on the effect of all this - with ... read more» 
   
 





 Wikipedia suffers global collapse 
 (from InfoWorld at 27-3-2010) 
 Wikipedia and other Wikimedia Foundation Web sites went down for hours on Wednesday in a global outage caused by a domino effect of technical problems. The problems started when Wikimedia servers overheated in the organization's European data center and shut themselves off automatically. Wikimedia then switched all its traffic to its server cluster in Florida, but the failover process, which involves changing servers' DNS entries, malfunctioned, knocking the organization's sites offline ar... read more» 
   
 





 ISPA names and shames top South African spammers 
 (from charged at 27-3-2010) 
 The Internet Service Providers’ Association of South Africa (ISPA) has expressed concern at growing volumes of email spam at its most recent Spam Jam event, hosted earlier this year by Telkom. The organisation says that volumes of spam originating within South Africa are growing at an alarming rate, with a handful of high-profile spammers and email database sellers as the major culprits in the proliferation of spam. According to Symantec, spam accounted for 89.99% of email for February 2010 v... read more» 
   
 





 Health Plan May Expose Medical Records to Hackers, Experts Fear 
 (from FOXNews at 27-3-2010) 
 President Obama's goal of digitizing all medical records by 2014 could be realized by his new health care law, which requires research and reporting through electronic health care records. But privacy advocates fear that the speed at which the government is moving to digitize records will increase the risk of medical identity theft, and they are concerned about what the government will do once it has access to Americans' medical history.... read more» 
   
 





 Google defies China, hacker heads to the clink 
 (from Computer World at 27-3-2010) 
 1. Google stops censoring in China and China defends censorship, plays down Google harm on US ties. 2. Gonzalez sentenced for multimillion-dollar credit card scam and Hacker Gonzalez gets 20 years for Heartland breach. 3. GoDaddy to stop registering .cn domain names. 4. China's Great Firewall spreads overseas. 5. EC launches new drive for EU/US bank data-sharing agreement. ... read more» 
   
 





 IRS cybersecurity weak 
 (from Fierce Government It at 27-3-2010) 
 Information security controls at the Internal Revenue Service continue to be weak, according to a Government Accountability Office report released March 19. As part of its annual review of tax agency financial statements, GAO assessed cybersecurity at the IRS and found it wanting. The GAO acknowledges progress, but finds that 69 percent of previously identified control weaknesses and program deficiencies remain unmitigated--and problems cropped up.... read more» 
   
 





 China's censorship firewall invades foreign systems 
 (from Neowin at 27-3-2010) 
 Internet users in Chile and the U.S. came under the control of Chinese Firewall censoring today, according to Good Gear Guide. A networking error related to the operation of BGP (Border Gateway Protocol) routing used by high-level DNS servers is cited as the cause of the redirection of many users from popular sites like Facebook, YouTube, and Twitter. Certain ISPs began getting DNS data from a Chinese root DNS server operated by Swedish company Netnod, and giving the data intended for Chinese... read more» 
   
 





 China Leads In Targeted Malware Attacks 
 (from Security Pro News at 27-3-2010) 
 Symantec has released its March 2010 MessageLabs Intelligence Report detailing the origins of targeted malicious attacks. Analysis of the origins of the targeted attacks revealed the majority of malware sent this month, originated in the United States (36.6%) based on mail server location, but when analyzed by sender location, more targeted attacks actually originated in China (28.2%), Romania (21.1%) and United States (13.8%).... read more» 
   
 





 News to know: Google-China, CTIA, Pwn2Own 
 (from ZDNet at 27-3-2010) 
 Google took a bold step when it decided to stand up against the Chinese government. As the dust settles, the ripple effects are starting to become more evident. Close to home, a Congressional panel today praised Google and criticized Microsoft for their respective positions in China. Also getting some of that Congressional love was GoDaddy.com, which said today it would stop registering domain names in China because of new rules about applicant being demanded by the Chinese governmment.... read more» 
   
 





 FISMA overhaul under way 
 (from itknowledgeexchange at 27-3-2010) 
 Compliance with the Federal Information Security Management Act (FISMA) of 2002 has been just that–compliance. Critics rail against it, calling the reg a paperwork drill that has done little to improve the security of federal government IT systems and networks. Agencies continually earn failing grades and reams of classified and unclassified data, reportedly, still leak out of government computers into the hands of foreign conspirators. Lawmakers are trying to reverse the tide by calling for ... read more» 
   
 





 Cyber Security, FISMA 2.0, GRID Take Spotlight in Washington 
 (from q1labs at 26-3-2010) 
 Just yesterday, the Senate Commerce Committee approved the Cybersecurity Act (S.773), a bi-partisan introduced by Senator Rockefeller (D-W.VA) and Senator Snowe (R-Me), that is aimed at improving both public sector and private sector preparedness. The bill would mandate that the President and those responsible for critical infrastructure systems work to identify and classify IT systems that, if successfully attacked, would threaten strategic national interests. At the same time as significan... read more» 
   
 





 Cyber war, drug war -- what's the difference? 
 (from hostexploit at 26-3-2010) 
 Some senators introduced a bipartisan bill this week that would require the U.S. government to crack down on countries that harbor cyber criminals by imposing sanctions, if necessary. The International Cybercrime Reporting and Cooperation Act, co-sponsored by Sens. Kirsten Gillibrand (D-N.Y.) and Orrin Hatch (R-Utah), is being likened to the beginning of a cyber version of the war on drugs.... read more» 
   
 





 Are Computers In Africa Really Weapons Of Mass Destruction? 
 (from hostexploit at 26-3-2010) 
 The arrival of broadband Internet in Africa via the undersea cables is widely hailed as an opportunity for economic advancement due to the power of ICT-enabled businesses. The hopeful look at India’s success in software and services as a model for African growth, but a new meme is emerging that see the interconnections of Africans as a threat to global security. While it is an interesting, and perhaps fruitful, exercise to think through the potential downsides of the Internet in Africa, the way ... read more» 
   
 





 Consumers Don’t Relate Bot Infections to Risky Behavior As Millions Continue to Click on Spam 
 (from hostexploit at 26-3-2010) 
 A significant percentage of consumers continue to interact with spam despite their awareness of how bots and viruses spread through risky email behavior, according to the Messaging Anti-Abuse Working Group (MAAWG) based on a new survey it released today covering North America and Western Europe. Even though over eighty percent of email users are aware of the existence of bots, tens of millions respond to spam in ways that could leave them vulnerable to a Malware infection, according to the 2010 ... read more» 
   
 





 Auction Slammed Over Data Theft 
 (from hostexploit at 26-3-2010) 
 The news keeps getting worse for Auction (www.auction.co.kr), eBay's local unit and the country's largest online retailer, which has become the face of Korean ineptitude in cyber security. The company had struggled to recover from the fallout of a highly-publicized data theft case initially reported to involve 10.8 million of its customers, although is breathing a little easier when a recent court ruling saved it from a severe class-action payout.... read more» 
   
 





 European conference sets agenda for cybercrime fight 
 (from The Register at 26-3-2010) 
 The Council of Europe has called for a worldwide implementation of its Convention on Cybercrime to fight the growing problem of economic crime on the web. During the fifth annual CoE conference on cybrecrime in Strasburg this week, participants spoke in favour of greater international cooperation in sharing existing tools, instruments, best practices and initiatives. The conference also heard calls for improved co-operation between law enforcement and industry (ISPs, IT firm and national CETS... read more» 
   
 





 Durex India eStore spills customers' personal details 
 (from The Register at 26-3-2010) 
 A site that sold Durex condoms in India has threatened a whistleblower with a legal nastygram in the wake of an admitted security breach involving leaked client details. Problems with the kohinoorpassion.com site surfaced earlier this month after a customer noticed that simply changing the order ID numbers in a URL allowed voyeurs to browse the names, address, contact number and order details of customers of the site. Even though the snafu did not expose credit card details it still involved ... read more» 
   
 





 Chinese web users boycott Google 
 (from BBC at 26-3-2010) 
 While some gathered outside Google's head office in Beijing in support of its decision to end censorship, other Chinese citizens have expressed anger. Comments left on Chinese website sina.com.cn include "Google, out of China" and "Go away, we have Baidu". Internet and mobile company TOM Online, which is run by Hong Kong's wealthiest man Li Ka-shing, said that it would stop using Google.... read more» 
   
 





 Yes, He Can--Hack Into President Obama's Twitter Account 
 (from DarkReading at 26-3-2010) 
 French police arrested a man Thursday for allegedly hacking into the Twitter accounts of U.S. President Barack Obama and other famous individuals. Authorities said the 24-year-old Frenchman, who has not been identified, used the online pseudonym "Hacker Croll" while breaking into various Web sites. The man was able to access Obama's Twitter page and other users' accounts simply by guessing passwords, French authorities said.... read more» 
   
 





 EC proposed compromise over SWIFT bank information sharing 
 (from ComputerWorldUk at 26-3-2010) 
 The European Commission began work on a new set of negotiations with the US on the transfer of EU citizens' bank data for counterterrorism purposes, after a previous agreement was vetoed by the European Parliament last month. The agreement is needed because while European data protection laws prohibit the passing of personal data to the US, American authorities say the data has been a valuable tool with which to track the funding of terrorist acts. The Parliament torpedoed the agreement pa... read more» 
   
 





 China media accuse Google of violating promises 
 (from abclocal at 26-3-2010) 
 China reacted quickly Tuesday to Google Inc.'s decision to stop censoring the Internet for China by shifting its search engine off the mainland, saying it is "totally wrong" and accusing the company of violating promises. Google said Jan. 12 it would pull out part of its service if it had to keep censoring Internet results. Visitors to Google's old service for China, Google.cn, are now being redirected to the Chinese-language service based in Hong Kong, where Google does not censor searches. ... read more» 
   
 





 China Hands Down New Rules on Media Coverage of Google 
 (from Mashable at 26-3-2010) 
 A new set of rules and instructions from the Chinese government itself suppresses China media outlets from reporting almost anything about Google’s recent pull out from China. The instructions, nabbed by China Digital Times, outline a series of rather disturbing edicts to media outlets that are covering the Google (Google) story. While this is nothing new, the Chinese government’s broad and suppressive mandates are still striking. In the next section of this article, I am including not onl... read more» 
   
 





 Great Firewall of China put to the Google test 
 (from nzherald at 26-3-2010) 
 Type "Falun Gong" in Chinese into Google's search engine from Beijing, and the web browser suddenly becomes unresponsive for about a minute. Make the same search from Hong Kong, and you'll get plenty of links to the spiritual movement banned by the Chinese government. Internet users in mainland China and Hong Kong now share the same Google search site, but their experiences continue to widely differ, particularly on topics deemed sensitive by China's Communist leaders. The difference is that ... read more» 
   
 





 Researchers sound alarm on Web app "side channel" data leaks 
 (from NetworkWorld at 26-3-2010) 
 New research from Microsoft and Indiana University has found that data leaks from Web applications such as popular tax programs and online health programs - even when encrypted -- is a real and growing threat. According to the research, it's inevitable that a Software-as-a-Service application's data flow will be exposed on the network to some degree when passing back and forth between a web client (browser) and server even when HTTPS and encryption such as WPA/WPA2 is in effect. Network ea... read more» 
   
 





 China censorship leaks outside Great Firewall via root server 
 (from Arstechnica at 26-3-2010) 
 On Wednesday, someone from the Chilean domain registry .cl noticed that one of the DNS root servers was responding in a very strange way to queries for domain names like facebook.com, youtube.com, and twitter.com. Normally, root servers only provide a pointer to the correct set of Top Level Domain servers—in this case, the .com servers operated by Verisign. But here, the "I" root server responded with (apparently fake) addresses. It turns out that these queries were answered by a root server... read more» 
   
 





 EFF: Gmail vulnerable to snooping: SSL certificates often faked 
 (from ZDNet at 26-3-2010) 
 The Electronic Freedom Frontier released a report by Christopher Soghoian and Sid Stamm, Internet computer researchers, suggesting several international intelligence agencies can and do regularly inject revised SSL security certificates which, unbeknownst to the user, are being monitored by government agencies. The EFF disclosed it is providing legal advice to the two researchers regarding the research work and what the draft paper discloses. The report doesn’t reveal anything new regarding t... read more» 
   
 





 Police open computer forensics schools to industry 
 (from ComputerWeekly at 26-3-2010) 
 Police are planning to collaborate with industry by opening police computer forensics training to IT professionals. University College Dublin and Troyes University of Technology in France will be the first to open their doors as part of an EU-funded pilot that is to be extended across the Continent. BCS, the chartered institute for IT, has begun preparations for police and industry to train together in the UK, with 20 universities showing early interest.... read more» 
   
 





 FBI's Chabinsky: Cybercrime is a profession 
 (from fiercegovernmentit at 26-3-2010) 
 A cybercrime may occur in the virtual world, but its damage can be very real. The severity of such crimes is one reason cybercrime has become a top priority for the Federal Bureau of Investigation. Every day, foreign countries and terrorist organizations seek to steal U.S. public- and private-sector information "for the purpose of undermining the stability of our government or weakening our economic or military supremacy," said Deputy Assistant FBI Director Steven Chabinsky, speaking at FOSE ... read more» 
   
 





 U.S. Senate panel clears plan for tighter cybersecurity 
 (from chinapost at 26-3-2010) 
 A U.S. Senate committee on Wednesday approved a bill to try to tighten cybersecurity to better protect U.S. government agencies and businesses from Internet threats. The text was unanimously approved and now moves to a full Senate vote. “The status quo is not sustainable. We need a new model for the 21st century. We must secure America's critical networks, innovation and competitiveness in the global market,” committee chair and cosponsor Jay Rockefeller said in a statement.... read more» 
   
 





 Do the risks outweigh the benefits of cloud computing? 
 (from BCS at 26-3-2010) 
 Cloud computing technology does not relieve an organisation of its data accountability, one expert has warned. Rik Ferguson, senior security advisor at Trend Micro, has moved to remind businesses that they are responsible for their own data, even if it is stored on a virtualised centre. 'The problem is, when we consume cloud services we outsource a substantial amount of control but we don't outsource any accountability,' he told visitors to the recent Westminster eForum Keynote Seminar: Cl... read more» 
   
 





 IE8, Safari 4, Firefox 3, iPhone fall on day 1 of Pwn2Own 
 (from Arstechnica at 26-3-2010) 
 The first day of the annual Pwn2Own contest in which security researchers can win cash and hardware if they successfully compromise machines using zero-day exploits is finished. Internet Explorer 8 on Windows 7, Firefox 3 on Windows 7, Safari 4 on Mac OS X 10.6, and iPhone OS 3 were all compromised during the competition. Google's Chrome was the only browser left standing—and in fact, was completely untested. None of the researchers at the competition even tried to attack Chrome. So far, litt... read more» 
   
 





 Twitter hacker 'did it for the thrills' 
 (from nzherald at 26-3-2010) 
 He's 24, unemployed and has no specialised computer skills. Using sheer wit and persistence, the Frenchman managed to infiltrate Twitter administrators' accounts and post confidential company documents online, a prosecutor said. "Hacker Croll," as he was known online, also used the administrators' access to peep at the Twitter accounts of President Barack Obama and singers Britney Spears and Lily Allen, though he didn't have access to sensitive information about them, the prosecutor said.... read more» 
   
 





 DHS official: Government can't solve cybersecurity alone 
 (from Government Computer News at 26-3-2010) 
 U.S. software-makers are improving the security of their products, but the country’s cyber infrastructure is still far from secure, according to comments by Richard Marshall, the Homeland Security Department’s director of Global Cybersecurity Management in the National Cybersecurity Division. Marshall spoke this morning at FOSE, saying that, despite progress, laws are inadequate, education needs to be improved and the public and private sectors need to work together. GCN Editor-in-Chief Wyatt... read more» 
   
 





 House Bans File Sharing By Government Employees 
 (from Information Week at 26-3-2010) 
 The House has passed a bill that would prevent government employees from using peer-to-peer file-sharing software either in the office or when accessing government networks remotely from home. The Secure Federal File Sharing Act, introduced by Rep. Edolphus Towns, D-N.Y., in November, calls for the Office of Management and Budget to ban the use of applications like BitTorrent or Limewire on government PCs and networks. It also requires the OMB to set policies for federal employees who tel... read more» 
   
 





 IE8, Safari and Firefox fall at Pwn2Own 2010 
 (from ZDNet at 26-3-2010) 
 Internet Explorer 8, Safari and Firefox web browsers have all fallen victim to a PWNAGE at this years Pwn2Own 2010 security contest. Peter Vreugdenhil defeated Internet Explorer 8 on the Windows 7 platform despite security features such as ASLR and DEP, while star of Pwn2Own 2009 “Nils” cracked Firefox, also on the Windows 7 platform. Mac users shouldn’t be too smug either, since Charlie Miller managed to circumvent Apple’s best defenses to compromise the Safari web browser on the Mac OS X... read more» 
   
 





 Firefox, IE8 and Safari hacked at CanSecWest 
 (from SunbeltBlog at 26-3-2010) 
 In the Pwn2Own hacking contest at the CanSecWest security conference in Vancouver, Canada, security researchers and hackers quickly hacked three of the major browsers to take control of the underline operating systems. -- A German hacker who goes by the handle "Nils" used a previously unknown vulnerability in Mozilla’s Firefox to gain control of a 64-bit Windows 7 machine.... read more» 
   
 





 Nigerian Man Sentenced to 60 Months for Fraud 
 (from databreaches at 26-3-2010) 
 As a follow-up to a story reported back in July, United States Attorney Paula D. Silsby announced today that Olumide Adeola Pidan, 30, a native of Nigeria, was sentenced to a total of 60 months in prison for convictions on one count of bank fraud and two counts of aggravated identity theft. United States District Judge George Z. Singal imposed the sentence following Pidan’s guilty plea on November 20, 2009 to one count of bank fraud and two counts of aggravated identity theft. Those convicti... read more» 
   
 





 Woman gets 3 years for credit-card thefts at park 
 (from Philly at 26-3-2010) 
 A Wyncote woman was sentenced yesterday to three years in prison in connection with credit-card thefts from people visiting Valley Forge National Historical Park and other public recreational spaces in 2006, the U.S. Attorney's Office said. Karen Battle, 35, and two codefendants were accused of credit card fraud and aggravated identity theft. They broke into vehicles and took wallets containing credit or debit cards and used them at nearby stores, federal officials said. In total, they fraudu... read more» 
   
 





 ID Theft Ring Stole Patient Info From Northwestern 
 (from myfoxchicago at 26-3-2010) 
 Seven young women from Chicago, the south suburbs and downstate have been arrested for their alleged roles in a massive identity theft ring that claimed hundreds of victims from across the country. In addition to the arrested women, three more are wanted on felony warrants, and at least six other people of interest are believed to be fleeing, according to the Cook County Sheriff's office. Shikila Blount of Chicago and Dorothy Brown of Harvey, both 20, are charged with continuing a financia... read more» 
   
 





 Cops: ID theft ring took info from medical records 
 (from kwqc at 26-3-2010) 
 Seven people have been arrested in Chicago in connection with an identity theft ring that allegedly used information stolen from victims' medical records to obtain credit cards. Cook County Sheriff Tom Dart says the ring charged more than $300,000 to the credit accounts of 245 victims. Dart says one suspect worked for a janitorial service that cleaned the offices of the Northwestern Medical Faculty Foundation.... read more» 
   
 





 Hacker Albert Gonzalez receives 20 years in prison 
 (from scmagazineus at 26-3-2010) 
 Albert Gonzalez on Thursday received the largest-ever U.S. prison sentence for a hacker. Gonzalez, 28, of Miami, was sentenced to 20 years in prison for leading a group of cybercriminals that stole tens of millions of credit and debit card numbers from TJX and several other retailers. Gonzalez pleaded guilty in September to multiple federal charges of conspiracy, computer fraud, access device fraud and identity theft for hacking into TJX, which owns T.J. Maxx, BJ's Wholesale Club, OfficeMa... read more» 
   
 





 Hacker jailed for credit card theft 
 (from straitstimes at 26-3-2010) 
 AN AMERICAN man who stole millions of credit card numbers in one of the biggest computer hacking operations in US history was sentenced on Thursday to 20 years prison. Albert Gonzalez, 28, pleaded guilty last September to separate cases related to hacking into the computers of big retailers including TJX Cos and BJ's Wholesale Club. Sentencing him in Boston, Judge Patti Saris said: 'This is the largest and most costly example of computer hacking in US history.' The sentence was less than the... read more» 
   
 





 Obama's Alleged Twitter Hacker Guessed Passwords 
 (from cio-today at 26-3-2010) 
 On Thursday, French police arrested a man who allegedly hacked into celebrity Twitter accounts in the United States. Among his victims was President Barack Obama. French authorities described the hacker as a 24-year-old Frenchman. Rather than revealing his true identity, police are publicly calling him "Hacker Croll," a pseudonym the hacker used during his criminal activities. However, the Associated Press has identified him as Francois Cousteix.... read more» 
   
 





 Vietnam suffers great losses due to high tech criminals 
 (from vietnamnet at 26-3-2010) 
 The event was organized by the Ministry of Public Security's General Department of Logistics&Technology, the Vietnam Computer Emergency Response (VNCERT), the Ministry of Information and Communications and International Data Group (IDG Vietnam). The event's aim is to promote security and safety among enterprises and State agencies. Nguyen Viet The, head of the IT Department under the Ministry of Public Security, said security should be lightened to prevent high-tech violations in business act... read more» 
   
 





 TJX Hacker Gonzalez Gets 20 Years For Crime 
 (from Bankinfosecurity at 26-3-2010) 
 A federal judge Thursday sentenced Albert Gonzalez to 20 years in prison for leading a group of cybercriminals who hacked into the IT systems of TJX and other retailers. Gonzalez, who received his sentence for the TJX, Office Max, DSW and Dave & Busters breaches in front of a judge in the District Court of Massachusetts in Boston, will face another sentencing on Friday in the Heartland Payment Systems breach. His sentence of 20 years in the TJX breach, where more than 90 million credit and de... read more» 
   
 





 I'm no hacker, says man who cracked Obama's Twitter 
 (from Yahoo at 26-3-2010) 
 A Frenchman who broke into Barack Obama and Britney Spears' Twitter feeds insisted Thursday he is no hacker but a "kind pirate" seeking to expose security weaknesses. "I did not act with a destructive aim ... I wanted to warn them, to show up the faults in the system," said the 23-year-old, who was arrested Tuesday after an operation by French police and FBI agents. The curly-haired unemployed computer technician wore a pair of slippers adorned with smiley faces as he sat in his parents' h... read more» 
   
 





 Man arrested for attack on Twitter accounts 
 (from h-online at 26-3-2010) 
 On Thursday, investigators in France arrested an unemployed 25-year old man who appears to have been responsible for the spectacular attacks on Twitter accounts that included those of US President Barack Obama and pop singer Britney Spears. The man, who goes by the pseudonym 'Hacker Croll', is accused of having illegally gained access to a number of user accounts on short messaging service Twitter, including the accounts belonging to Obama and Spears. According to initial reports, the comput... read more» 
   
 





 Obama French Twitter Hacker Arrested, Won't Be Extradited 
 (from IT Proportal at 26-3-2010) 
 Francois, a French "hacker" who apparently gone into the Twitter account of US President Barack Obama as well as dozen of others, has been arrested by the French police who teamed up with FBI agents. The 25-year old, who goes by the nickname of "Hacker Croll", gained access to the Twitter accounts by using the answers to questions asked as part of the password reminder process on his victims' email accounts. The same technique was used in 2008 to get access to the Yahoo account of former U... read more» 
   
 





 Panel Approves Grid Security Act 
 (from EWeek at 26-3-2010) 
 The Grid Reliability and Infrastructure Defense Act would direct the Federal Energy Regulatory Commission to take measures to protect the electricity grid from telecommunications intrusions. Legislation that would protect the nation’s electricity grid from attacks passed passed the Energy and Environment Subcommittee March 24. The GRID Act (Grid Reliability and Infrastructure Defense Act) passed on a unanimous voice vote by the subcommittee. The GRID Act would direct the FERC (Federal Ener... read more» 
   
 





 Cyber Command hits speed bump 
 (from Federal Computer Week at 26-3-2010) 
 The Senate Armed Services Committee this month put the brakes on the creation of the U.S. Cyber Command by requesting more information on its relationship with the National Security Agency, reports Bill Gertz at Washington Times. Army Lt. Gen. Keith Alexander, who is NSA’s director, has been nominated to four-star rank and to lead the Cyber Command. If approved, he would command both the NSA and Cyber Command and be promoted to full general. The Cyber Command’s headquarters would be located a... read more» 
   
 





 New EU Gestapo Spies on Britons 
 (from Daily Express at 26-3-2010) 
 MILLIONS of Britons face being snooped on by a new European intelligence agency which has been handed frightening powers to pry into our lives.Europol can access personal information on anyone – including their political opinions and sexual preferences – if it suspects, rightly or wrongly, that they may be involved in any “preparatory act” which could lead to criminal activity. The vagueness of the Hague-based force’s remit sparked furious protests yesterday with critics warning that the EU s... read more» 
   
 





 Dell hints it may follow Google out of China 
 (from IT Pro at 26-3-2010) 
 Dell chief executive Michael Dell has hinted the company is considering relocating the company's Chinese operation to India. According to the Indian Financial Chronicle, Dell told prime minister Manmohan Singh as much in person, with Singh revealing details of the meeting after speaking to the country's planning commission about spurring the “development of hardware and parts of the computer industry”.... read more» 
   
 





 Foiling fraudsters in just 10 keystrokes 
 (from nebusiness at 26-3-2010) 
 WILL companies and governments soon be able to identify hackers from the way they use a keyboard? Newcastle University is looking at applications for new technology which can pinpoint a typist’s sex, age and culture within 10 keystrokes – a breakthrough that could have multiple uses in law enforcement, corporate fraud prevention and protection of children. Newcastle University associate professor Roy Maxion conducted his research at Pittsburgh’s Carnegie Mellon University, monitoring and t... read more» 
   
 





 $40.5m to be spent on data security 
 (from vietnamnews at 26-3-2010) 
 Viet Nam will draw about VND765 billion (US$40.5 million) from the State budget to ensure national information safety from now until 2020. The money would be used for technology infrastructure and institutions to protect national information, the Ministry of Information and Communications' Computer Emergency Response Team (VNCERT) director Vu Quoc Khanh told the Security World 2010 conference in Ha Noi earlier this week.... read more» 
   
 





 Researcher's fuzz testing finds dozens of Apple, Microsoft flaws 
 (from SearchSecurity at 26-3-2010) 
 Researcher Charlie Miller has one message for software vendors: Fuzz your software. In a fuzzing project over several three-week periods, Miller, principal security analyst at Baltimore-based Independent Security Evaluators, discovered dozens of vulnerabilities in products developed by Apple, Microsoft and Adobe Systems Inc. Miller fuzzed PDFs to identify vulnerabilities in Adobe Acrobat Reader and Apple Preview. He then fuzzed PowerPoint files to examine OpenOffice Impress and Microsoft Powe... read more» 
   
 





 Storyboard: Why It’s Time to Break Up the NSA 
 (from Wired at 26-3-2010) 
 With the ability to tune in to our phone calls, screen our e-mails, and digest key cryptology research, the National Security Agency is America’s most powerful and secretive government agency — and one of the U.S. government’s most important tools for fighting terrorists and hackers. Now the agency needs to split up its operations into surveillance and cybersecurity departments, according to Wired contributing editor and Danger Room editor Noah Shachtman. He lays out his case in “Security Wat... read more» 
   
 





 Online political campaigns 'will be attacked' 
 (from computeach at 26-3-2010) 
 Organisations using social media for campaigning purposes must come to terms with the fact that their online activities will be attacked by their opponents, according to the director of PR consultancy Diffusion, Ivan Ristic. "That's not a reason to not use social media, you just need to ensure that your campaign and your message can survive the detractors", said Mr Ristic.... read more» 
   
 





 Symantec to monitor business PCs for botnets 
 (from TechWorld at 26-3-2010) 
 Symantec announced a web monitoring service intended to unearth evidence of botnet-related malware activity within an organisation by continuously looking at outbound HTTP traffic for suspicious signs of Trojans on compromised computers trying to "call home" to their criminal controllers. According to Grant Geyer, vice president of Symantec's global managed security services, the around-the-clock monitoring service is an extension to Symantec's current security services portfolio.... read more» 
   
 





 Wikileaks Promises 'Pentagon Murder Cover-up' Details, Goes Suspiciuosly Silent 
 (from businessinsider at 26-3-2010) 
 WikiLeaks' Twitter feed went abuzz with info about a "Pentagon murder cover-up" and then suddenly became silent for hours. A blogger who goes by the alias "morgue" pointed this out, fearing the Pentagon might be trying to put pressure on them or shut them down. We previously reported that the Pentagon placed WikiLeaks, the site that lets anonymous tipsters post sensitive documents online, on a list of potential threats to military operations. We thought that was less scary that it might sound... read more» 
   
 





 Inside a global cybercrime ring 
 (from Reuters at 26-3-2010) 
 Hundreds of computer geeks, most of them students putting themselves through college, crammed into three floors of an office building in an industrial section of Ukraine's capital Kiev, churning out code at a frenzied pace. They were creating some of the world's most pernicious, and profitable, computer viruses.... read more» 
   
 





 China and Romania take phishing crown from US 
 (from v3 at 26-3-2010) 
 The United States is no longer considered the country with the highest rate of targeted malware attacks, according to Symantec. The company said in its most recent MessageLabs Intelligence report that when the original IP address of the attacker is considered, China is the most popular source of targeted attacks, followed by Romania and then the US.... read more» 
   
 





 Police to get mobile fingerprint-checking tech 
 (from CNet at 26-3-2010) 
 The organisation responsible for bringing high-tech equipment to the police has published its strategy for the next three years. In the Science and Innovation strategy, published on Wednesday, the National Policing Improvement Agency (NPIA) laid out a number of new technologies it would begin using. These include mobile fingerprinting, wearable video devices and digital forensics.... read more» 
   
 





 Met launches net cafĂ© spy operation 
 (from The Register at 26-3-2010) 
 Internet cafĂ© owners are being asked to spy on their customers as part of the Met police's terrorism prevention efforts. Under a pilot project in Camden some have agreed to monitor their customers' internet habits for evidence of interest in Islamic extremism, the BBC reports. They are intalling police screensavers and putting up posters warning against visiting extremist websites.... read more» 
   
 





 Pakistani Hacker posts anti-India slogans on B-school site 
 (from Indiatimes at 26-3-2010) 
 “Coward Indians stop sending trained terrorists in Pakistan from Afghan Border. Big F*** to RAW and Indian Agencies. Freedom and Justice of Kashmir and Palestine. This is Pakistan Net Army, Dr Neo, Son of Pakistan.’’ If this were ‘The Matrix’ , you would probably be looking at Neo’s evil avatar. A mysterious internet hacker, calling himself Dr Neo Dr Dan, defaced the website of Jaipur based-business school Taxila on Tuesday night. The hacker claims to be from an organisation called the Pakist... read more» 
   
 





 Wikileaks under US surveillance editor claims 
 (from v3 at 26-3-2010) 
 In a series of tweets Wikileaks has been warning that it is being shadowed by elements of the US government. The site’s editor, Julian Assange, used the messaging service to warn that he was followed by two undercover state department officials on his way to Iceland to discuss the setting up of a journalist’s safe haven within the country. He also said that one Wikileaks employee had been detained for 22 hours and that computers had been seized by the authorities. "WikiLeaks is currently unde... read more» 
   
 





 China Top Source of Targeted Malware 
 (from esecurityplanet at 26-3-2010) 
 It took some digging, but security software vendor Symantec now says that the majority of targeted malware distributed this month originated in China even though most of the e-mail servers used to facilitate the scams were physically located in the U.S. The report (PDF format) is just the latest damning evidence placing China at the epicenter of the worldwide surge in cyber attacks that have targeted U.S.-based companies and government agencies in the past three years.... read more» 
   
 





 Entertainment Industry Asks White House for Vast New Internet Monitoring, Filtering, and Takedown Powers 
 (from Lauren.Vortex at 26-3-2010) 
 Greetings. In a solicited filing with the new White House Office of Intellectual Property Enforcement Coordinator, seven entertainment industry groups including the RIAA, MPAA, SAG, and others, have asked the federal government to implement a sweeping new regime of ISP and privately-based monitoring, filtering, blocking, and reporting of presumed copyrighted materials, plus explicitly accuses search engines, ad networks, domain name registrars, proxy services, and other basic Internet infrastruc... read more» 
   
 





 WIPO: Dope-Vaporizer Seller Not Bogarting Domain Names 
 (from Wired at 26-3-2010) 
 The German producer of a popular device used to vaporize marijuana is claiming a North American dealer is bogarting its domain names. But the World Intellectual Property Organization on Thursday sided against Storz & Bickel, the maker of the Volcano Vaporizer, ruling that MSI Imports’ four dozen Volcano-related domains aren’t treading on Storz & Bickel’s trademarks.... read more» 
   
 





 Spam - How it Mirrors the Global Economy 
 (from viruslist at 26-3-2010) 
 These days, spam has become a part of our everyday lives, even if we wish that it wasn’t, and like many other things, it is indicative of what is happening to the global economy. It may not be readily obvious that this thesis is correct just by opening your inbox and finding lots of unwanted messages of course. However, when looked at as a whole it is clear that the themes and development trends of spam closely correlate to the global financial situation. In order to understand this correlati... read more» 
   
 





 What has Number 10's website got to do with 'piercings' and 'tattoos'? 
 (from Telegraph at 26-3-2010) 
 The Downing Street website, number10.gov.uk, lists “piercings”, “tattoos” and “polish armed forces” among the keywords that tell search engines what the website is about. The keywords read more like a random shopping list than a true reflection of what is contained in the site. As it is Budget day, one might expect the Number 10 website to appear quite highly in search results for queries such as “budget 2010” and “budget live”. In fact, according to SEOMoz rankchecker, number10.gov.uk doesn’... read more» 
   
 





 GPEN - Global Prosecutors E-crime Network 
 (from gpen at 26-3-2010) 
 The International Association of Prosecutors (IAP) has recognised the importance of putting resources into tackling e-crime. All countries need to ensure that they have a safe and secure online environment for users, by tackling e-crime and ensuring that prosecutors have the tools to deal effectively with on-line crime.... read more» 
   
 





 Private patient information stolen from Northwestern used in massive identity theft 
 (from Sun Times at 26-3-2010) 
 Unlocked file cabinets of patient information on three floors of Northwestern Memorial Hospital. Customers who didn't check their credit card statements. Businesses eager to make any sale in a tough economy. All created a ripe environment for a small crew of bandits to steal hundreds of identities then spend more than $300,000 on items charged from stores like Jared the Galleria of Jewelry, Victoria’s Secret and Lowe’s, Cook County Sheriff Tom Dart said Thursday. Some of the ill-gotten purcha... read more» 
   
 





 Police, Security Officials Meet on Cybercrime Strategies 
 (from Yahoo at 26-3-2010) 
 When the "ILOVEYOU" worm crippled computer systems worldwide 10 years ago this spring, authorities in the Philippines didn't even have a law to properly charge its author. Since that time, many countries have developed computer crime laws in part due to the 2001 Convention on Cybercrime, an international treaty that lays out legal guidelines for high-tech crime legislation. This week, more than 300 experts met at the Council of Europe's conference on cybercrime to discuss the treaty and bet... read more» 
   
 





 Former student pleads guilty to hacking school payroll data 
 (from Columbian at 26-3-2010) 
 A 21-year-old former Evergreen Public Schools student has pleaded guilty to criminal charges in connection with a computerized payroll security breach in November that put more than 5,000 past and current Vancouver Public Schools employees at risk of identity theft. Christopher Berge, a 2006 Mountain View High School graduate last known to live in Oregon City, Ore., was sentenced to 10 years in prison on Wednesday by Clark County Superior Court Judge Roger Bennett.... read more» 
   
 





 China implicated in flood of email-borne attacks 
 (from SecureComputing at 26-3-2010) 
 Symantec Hosted Services uncovers more Google-style attacks linked to China. China is the number-one source of email-borne targeted attacks of the sort Google and at least 30 other companies are believed to have suffered, according to the latest monthly MessageLabs Intelligence report from Symantec Hosted Services. The firm analysed the email headers of suspect messages intercepted last month to identify the true IP address of the senders, and found that around 28 per cent of targeted attack... read more» 
   
 





 Senate Panel Approves Cyber-security Bill 
 (from EWeek at 26-3-2010) 
 The Rockefeller-Snowe legislation is the result of nearly a year's worth of consultation and input from cyber-security experts in the private sector, government and civil liberties community. The U.S. Senate Committee on Commerce, Science, and Transportation approved the Cybersecurity Act of 2009 March 24. The legislation attempts to address the nation's well-documented flagging cyber-security efforts.... read more» 
   
 





 Exposed: WA Govt IT security bungles 
 (from ITNews at 26-3-2010) 
 The Western Australian Auditor-General has revealed he was able to guess passwords for highly privileged database accounts at two of the state's agencies, gaining full access to sensitive information. Auditor-General Glen Clarke said in a new audit report that changes made using the compromised accounts were undetectable.... read more» 
   
 





 New malware overwrites software updaters 
 (from Computer World at 26-3-2010) 
 For the first time security researchers have spotted a type of malicious software that overwrites update functions for other applications, which could pose additional long-term risks for users. The malware, which infects Windows computers, masks itself as an updater for Adobe Systems' products and other software such as Java, wrote Nguyen Cong Cuong, an analyst with Bach Khoa Internetwork Security (BKIS), a Vietnamese security company, on its blog.... read more» 
   
 





 Compromised server takes down Digiweb 
 (from Computer World at 26-3-2010) 
 A compromised server was the root cause of a series of outages at Christchurch-based web hosting provider Digiweb this week, according to a note to customers obtained by Computerworld. "It appears that one customer site was compromised, which in turn caused the flood of malformed packets to the firewalls. Our internal network analysis software did not identify these packets as they were not ‘standard’ TCP/IP traffic," a note from Adrian Grant, the managing director of Digiweb-owned Discount D... read more» 
   
 





 Google denies YouTube outage speculation 
 (from CNN at 26-3-2010) 
 Google Inc., owner of YouTube, said an outage of the popular video-sharing site Thursday was technical and not caused by outside tampering. "YouTube is up again following a technical issue which has now been resolved," a spokeswoman for Google said in a written statement. "We know how important YouTube is for people and apologize for any inconvenience the downtime may have caused." The outage apparently lasted for just over an hour, from roughly 7 to 8 a.m. ET. A YouTube source said the... read more» 
   
 





 Concert promoters pilot 'smart-chip' digital tickets 
 (from BBC at 26-3-2010) 
 The world's largest concert promoter Live Nation says it's piloting new digital wristbands to try to combat ticket fraud. The company, which books tours for the likes of Madonna and Jay-Z, has been testing the new "smart-chip" bands at small festivals. Live Nation says eventually it would like to get rid of paper tickets. John Probyn from Live Nation UK said: "Your ticket won't be a paper ticket, it'll be a wristband unique to you." According to the latest figures issued by the government, ... read more» 
   
 





 New technologies get residents involved in problem-solving 
 (from washingtonpost at 26-3-2010) 
 When last month's snowstorms hit the region, Montgomery County phone lines and Web sites were buried in requests for help from residents stuck in their cold, dark homes. County residents and officials are still handling the fallout. But residents now have a few new ways to notify Montgomery officials of potholes, stubborn snow piles or sputtering stoplights. Residents can snap a picture with their smart phone and upload complaints to a private Web site, SeeClickFix, which directors of the ... read more» 
   
 





 IT budgets up 3.3 per cent in 2010 
 (from Computer World at 26-3-2010) 
 IT departments are considering new ‘lighter weight’ technologies in order to deliver results for their organisation, according to the Gartner Executive Programs (EXP) 2010 CIO Agenda survey. A shift in focus towards productivity among Australian and New Zealand chief information officers is in line with overseas experience, according to the analyst firm. Group vice president, Asia Pacific for Gartner Executive Programs, Linda Price, said 2009 was the most challenging year for IT since the Ga... read more» 
   
 





 Man arrested for failure to tweet 
 (from The Sydney Morning Herald at 26-3-2010) 
 The manager of teen pop star Justin Bieber was arrested on Wednesday for refusing to warn fans on Twitter about overcrowding at a shopping mall event, narrowly avoiding a "horrible disaster," authorities said. Scott Braun, 28, surrendered to police in Williston Park, New York, for having refused to send a message on the social networking Web site warning fans that an appearance by the Canadian pop star had been canceled due to overcrowding, according to the Nassau County District Attorney.... read more» 
   
 





 Conroy's net gag sparks assassination and bomb plot chatter 
 (from The Sydney Morning Herald at 26-3-2010) 
 Members of the community responsible for recent attacks on government websites are now discussing a violent uprising, trading bomb recipes and calling for the assassination of Communications Minister Stephen Conroy. Senator Conroy's appearance on the 7pm Project last night to defend his internet filtering policy has galvanised online miscreants who are planning new attacks.Posts on the anonymous 4chan messageboard, the same community thought to be responsible for bringing down government webs... read more» 
   
 





 Hackers hit where they live - MessageLabs dissects March email malware attack patterns 
 (from The Register at 26-3-2010) 
 The countries of hackers originating malware-laced spam runs have been exposed by new research, which confirms they are often located thousands of miles away from the compromised systems they use to send out junk mail. A third of targeted malware attacks sent so far in March came from the United States (36.6 per cent), based on mail server location. However, after the sender's actual location is analysed, more targeted attacks actually began in China (28.2 per cent) and Romania (21.1 per cent... read more» 
   
 





 Brazil-originated spam levels topping 13 Percent says Panda Security 
 (from Infosecurity-Magazine at 26-3-2010) 
 Brazil, India, Vietnam, the US and Russia head the ranking of countries from which most spam was sent during the first two months of the year, according to a study by Panda Security's research division. Brazil came in with 13.76% of spam, whilst India came in second with 10.98% and Korea with 6.32% of spam expressed as percentile of total messages analysed. Interestingly, the UK came in 12th position in the ranking tables with just 2.34% of spam generated by 3.06% of IP addresses.... read more» 
   
 





 Tips for crafting a great workplace IT security awareness program 
 (from NetworkWorld at 26-3-2010) 
 Selling information security awareness to employees can be like "pushing the Queen Mary up Mt. Everest on the best of days," says Jay Carter, director of information security for the faculty of arts and sciences at Harvard University. But that hasn't stopped him from trying over the years, and he has success stories to share. Carter, says that that when a breach does occur or a malware infection takes place, the IT security department should use the event as an opportunity to stress the reali... read more» 
   
 





 7 Things That Would Happen if ISPs Banned Pxxx 
 (from egotvonline at 25-3-2010) 
 What if Internet Service Providers (ISPs) banned porn? #7 People would Actually Own Porn Again #6 Return of the Porn Star! #5 The Return of the Nudie Booth #4 Workplace Productivity Would Soar #3 It Will Get Exponentially Harder to Humiliate your Ex-Girlfriend #2 If You’re Into a Niche, You’re About to Make Some Weird Friends #1 Sexual Repression Will Turn Us Into Tough Sons-of-Bitches, Just Like the Greatest Generation... read more» 
   
 





 Adapting to a New Security Paradigm 
 (from Homeland Security Digital Library at 25-3-2010) 
 The security environment is becoming more complex, with shadowy and seemingly unpredictable threats around the globe. What is much less understood is exactly how the environment has changed, why it is evolving so rapidly, and what can be done to meet the new national security challenges that arise as a result. Understanding these trends, patterns, and challenges is critical. They are likely to persist for decades. For more information:- http://www.strategycenter.org/files/adapting_the_pa... read more» 
   
 





 Google case will not affect China-US relations 
 (from China Daily at 25-3-2010) 
 Google's withdrawal from the Chinese mainland will not affect China-US relations "unless someone politicizes the issue," Chinese Foreign Ministry spokesman Qin Gang said Tuesday. Qin told a regular press conference the Google issue was a commercial matter and would not damage the image of China.... read more» 
   
 





 Citizens, states and corporations are battling for online space. What happened to the dream of global communication? 
 (from indexoncensorship at 25-3-2010) 
 At the end of 2009, a social movement mobilised once again around an Iranian political crisis – from the streets of Iran’s cities spreading through networks of support to Europe, North America and beyond. In Toronto, where the Citizen Lab internet research and development centre is located, a dynamic group of Iranian students banded together with activists across the world, raising awareness and building support. Together they have formed an identity unique to the 21st century: a cyber enab... read more» 
   
 





 InfoSecurity, (ISC)2, ISACA, My Security Marathon 
 (from rootshell at 25-3-2010) 
 The 2010 edition saw an cool initiative from (ISC)2: they organized a Professional Development Cafe where CISSP’s could meet other CISSP’s but also people interested into the certification process or a career in the security field. The organizer announced a huge number of registrations but a lowest number of people attended. Less people but quite interesting point of view. It’s always nice to ear feedback from “colleagues”. Several topics were covered: audit, risks assessment, BCP, pentesting, l... read more» 
   
 





 Hard Skills In Cyber Are Even More Rare Than We Thought 
 (from securitydebrief at 25-3-2010) 
 Paller stated that there were perhaps 1000 people in all of America who really had the world-class skills to “do” cyber security. Everyone else amounted to nothing more than fillers around this small group. He said we did it by our compensation. The talkers get paid more than the technicians. Paller likened it to a system that would pay doctors less than you do the guy who is the hospital manager. One might add something, but without the “doers,” nothing really happens.... read more» 
   
 





 Privacy as a contract 
 (from Network World at 25-3-2010) 
 The Federal Trade Commission held a roundtable -- actually a series of talks and panels -- last week on the issue of privacy. The commission, it seems, is worried that rules to protect privacy have not kept up with technology. In the United States (and around the world) we've seen public outcries over Google Buzz and FaceBook whenever it was deemed that they were eroding people's privacy. And every time the corporate entity has made the changes that the "mob" deemed necessary -- no governmen... read more» 
   
 





 Global Outage - cooling failure and DNS 
 (from Wikimedia at 25-3-2010) 
 Due to an overheating problem in our European data center many of our servers turned off to protect themselves. As this impacted all Wikipedia and other projects access from European users, we were forced to move all user traffic to our Florida cluster, for which we have a standard quick failover procedure in place, that changes our DNS entries. However, shortly after we did this failover switch, it turned out that this failover mechanism was now broken, causing the DNS resolution of Wikimedi... read more» 
   
 





 How Virtualization Affects GRC 
 (from Security Catalyst at 25-3-2010) 
 Virtualization technology is becoming ubiquitous. More and more organizations are replacing physical infrastructure with virtualized systems, including desktops and servers, and application and storage virtualization are popular as well. Virtualization changes a number of paradigms across the information technology landscape – some obviously for the good, some possibly for the worse. In the realm of GRC, virtualization has some distinct points to consider, many of which may require changes in op... read more» 
   
 





 Zurich Insurance agrees to improve information security after losing over 46,000 individuals’ personal financial information 
 (from data breaches at 25-3-2010) 
 The Information Commissioner’s Office (ICO) has found Zurich Insurance plc in breach of the Data Protection Act after it lost an unencrypted back-up tape containing financial personal information belonging to 46,000 policy holders of Zurich Private Client, Zurich Special Risk and Zurich Business Client, which are all part of Zurich Insurance plc. The back-up tape, which also included personal details of 1,800 third parties, was lost by a sister company, Zurich Insurance Company South Africa, ... read more» 
   
 





 A Surprise Bug--Not China--Hits Google's Corporate Website 
 (from Forbes at 25-3-2010) 
 As Forbes contributor Jeffrey Carr underscores in a recent post, activist defacement of websites is not uncommon. So when on Wednesday the UK-based Guardian pointed out that Google's corporate site was redirecting users to a Chinese language version, you can understand why the author speculated that Google was hacked. ... read more» 
   
 





 FBI lists Top 10 posts in cybercriminal operations | Cybercrime organizations often run like corporations 
 (from freehacking at 25-3-2010) 
 Criminal hacker organizations are operating with increasing corporate-like efficiency, specialization and expertise, according to the FBI. Chabinsky presented a list of the top 10 positions in cyber crminal organizations. They are: 1. Coders/programmers, 2. Distributors, 3. Tech experts, 4. Hackers, 5. Fraudsters, 6. Hosted systems providers, 7. Cashiers, 8. Money mules, 9. Tellers, 10. Organization Leaders,... read more» 
   
 





 Miliband attacks ‘intolerable’ Israeli cloning of British passports 
 (from public intelligence at 25-3-2010) 
 David Miliband, the Foreign Secretary, said an investigation by the Serious Organised Crime Authority had concluded that there were “compelling reasons” to believe responsibility for the “misuse” of a dozen passports lay with the Israelis. The passports were forged while their holders were passing through airports in the region, and the counterfeit documents used by a hit squad suspected of murdering a Hamas commander in Dubai. In a statement to MPs, Mr Miliband said that he had asked the ... read more» 
   
 





 Videos : Browse 2010 Session Recordings 
 (from RSA Conference at 25-3-2010) 
 Relive and review some of the great insights and learnings that were shared at RSA Conference 2010. Videos of Keynote, Industry Experts and select track sessions are available now for on-demand replay. Keynote Sessions: 17 Sessions Available -- Each year we strive to bring you the most exciting and provocative line-up of keynote speakers, including leaders from world-class security organizations. Hear about current and future trends and their impact on our industry. Industry Experts S... read more» 
   
 





 The biggest loser - the cyberattack controversy surrounding Google and its developments 
 (from chinadaily at 25-3-2010) 
 Google grew in the Chinese market while many in the country used its search engine. Four years later, it suddenly announced it no longer wants to follow the rules it had no trouble following earlier. With the United States throwing its weight behind it under the pretext of Internet freedom, Google thinks it may have a chance to press the Chinese government into giving its search engine no restriction at all across the border.... read more» 
   
 





 Updated: Dell Reportedly May Follow Google Out of China, Jumping to India 
 (from DailyTech at 25-3-2010) 
 Dell currently does about $25B USD in business in China. It could soon pull the plug on that business and move it to India, according to Indian Prime Minister Manmohan Singh, who spoke with the Hindustan Times. Some are speculating that Dell is alarmed by the Chinese government's response to Google -- who uncensored its Chinese search results on Monday. The Chinese government is accusing Google of espionage and trying to force it out of the country.... read more» 
   
 





 Microsoft will not change China operations, official says 
 (from ComputerWorld at 25-3-2010) 
 Microsoft has noted Google's recent move to stop censoring its search engine in China, but will continue to do business there, a senior company official said Wednesday. On Monday, Google said it would redirect users of its Chinese site Google.cn to an uncensored search engine based in Hong Kong after the Chinese government said it would not allow the company to run an unfiltered search engine on "google.cn." Users are now being redirected to "google.com.hk."... read more» 
   
 





 Google's withdrawal from China pushing itself into corner 
 (from Xinhuanet at 25-3-2010) 
 Google's decision to stop censoring its Chinese search engine and redirect mainland users to its servers in Hong Kong was tantamount to pushing itself into a corner and ruining its image and interests, world media and experts say. "If Google had hoped to rally rivals to its cause, it failed. If Google was planning to embarrass China by whipping up a global debate on Internet freedom, it failed," the Financial Times wrote in an article published Monday.... read more» 
   
 





 GameCrush lets gamers pay to play with girls 
 (from News at 25-3-2010) 
 A NEW website launching this week is hoping to cash in on gamers willing to pay for the opportunity to play video games online with girls. GameCrush is being touted as the first social site for adult gamers with the women online able to set their gaming mood to either "flirty" or "dirty", IGN reports. The men online are known as Players and the women as PlayDates and Players pay to play while PlayDates get paid to play.... read more» 
   
 





 FISMA Reform Bill Unveiled in House 
 (from Govenment Information Security at 25-3-2010) 
 FISMA reform legislation introduced this week in the House of Representatives would have a Senate-confirmed White House cybersecurity director and a panel of government IT security specialists direct agencies on the steps they must take to secure federal digital assets. If the Federal Information Security Amendment Act, or H.R. 4900, introduced by Rep. Diane Watson would become law as drafted, federal agencies no longer would be required to annually file documents showing how they comply with... read more» 
   
 





 Call For Papers - Ruxcon 2010 - 4th and 5th of December - Royal Melbourne Institute of Technology (RMIT), Melbourne, Australia 
 (from Ruxcon at 25-3-2010) 
 Ruxcon is the premiere technical computer security conference within Australia. Ruxcon aspires to bring together the individual talents of the best and the brightest security folk within the Aus-Pacific region, through live presentations, activities, and demonstrations. Ruxcon's unique approach to running a security conference ensures that the conference is accessible to all levels of the security industry. Ruxcon aims to be the most interesting, thought-provoking, and relevant informati... read more» 
   
 





 Google Closes a Door on State-sanctioned Censorship; Now Other Corporations and Governments Must Follow 
 (from accessnow at 25-3-2010) 
 A door has been closed in the face of the Chinese regime; and a new door is opening to internet freedom – but, without the strong arm of national governments (including Hong Kong’s) and Google’s competitors like Microsoft, China will win the next round of the cyber war. “This is a wakeup call to the world’s dictators, that digital intimidation against citizens is not acceptable,” said Brett Solomon, Executive Director of AccessNow. “Censorship of information and active hacking of people’s ema... read more» 
   
 





 Supporting Dissent With Technology 
 (from The New York Times at 25-3-2010) 
 Cameran Ashraf was instant-messaging from Los Angeles with an activist in Iran during anti-government demonstrations Feb. 11 when the chat went dead. Had Iran’s government “shut down the Internet” to thwart dissidents from organizing online, or had the authorities come to arrest the man, Mr. Ashraf said he wondered as he described the incident during an online video interview. Mr. Ashraf, who says he sees himself as a digital aid worker, immediately alerted other Iranian contacts to block sur... read more» 
   
 





 Red faces as Tory website hacked for pxxxn 
 (from ComputerWorldUk at 25-3-2010) 
 There have been red faces at upstanding Conservative Party HQ after a website meant to embarrass Gordon Brown was hacked to redirect visitors to hardcore porn. The Cash Gordon site started life as a way of publicising the Prime Minister’s alleged links to unions currently in an increasingly bitter dispute with airline, British Airways, but poor security seems to have allowed the hackers in. As well as sending people to porn, visitors accessing the site for an extended period would be sent to ... read more» 
   
 





 Zurich promises encryption after massive customer data loss 
 (from ComputerWorldUk at 25-3-2010) 
 Insurance giant Zurich has promised to encrypt and closely monitor the movement of customer data, after losing the details of 641,000 customers on a backup tape over a year and a half ago. It will also instruct any contractors to follow the same security undertakings. The new announcements are part of an undertaking the company has signed with the Information Commissioner. The data lost included that of 51,000 UK customers – in some cases including their names, contact details and bank in... read more» 
   
 





 Strong increase in ICO penalties for serious data leaks or losses 
 (from itsecurityportal at 25-3-2010) 
 From April 6, the UK's Information Commissioners' Office (ICO) has the power to fine organisations up to 500,000 pounds - up from 5,000 pounds previously - for serious data leaks or losses. The critical element in this regard is clearly stated in the ICO's guidance on the new penalties. The guidance states that penalties will be incurred where the "data controller has seriously contravened the data protection principles and the contravention was of a kind likely to cause substantial damage or... read more» 
   
 





 EFF: Internet's security, privacy flaws need attention 
 (from ZDNet at 25-3-2010) 
 The Electronic Frontier Foundation (EFF) held a 1 hour round table concerning internet architecture revealing what they believe are flawed design elements have never been designed with standards consumers can trust. Internet technology engineers face legal concerns that are still not addressed, according to many legal scholars that follow Internet services and applications. The panel consisted of EFF Board of Directors David Farber, Ed Felton and Lorrie Faith Cranor; John Buckman, current Cha... read more» 
   
 





 Domain companies drag feet over security 
 (from ComputerWorldUk at 25-3-2010) 
 The leading domain name registrars in the United States appear to be dragging their feet on the deployment of DNS Security Extensions, an emerging standard that prevents an insidious type of hacking attack where network traffic is redirected from a legitimate website to a fake one without the website operator or user knowing. DNSSEC prevents cache poisoning attacks by allowing websites to verify their domain names and corresponding IP addresses using digital signatures and public-key encrypti... read more» 
   
 





 IETF close to standard for reporting cyber crime 
 (from ComputerWorldUk at 25-3-2010) 
 The Internet Engineering Task Force is close to approving a specification for a common format for reporting e-crime, a step taken to allow security experts to react faster to cybercrime. The Anti-Phishing Working Group is already collecting reports from organisations using the XML-based Instant Object Description Exchange Format (IODEF), which has been customised with extensions appropriate for e-crime reports, said Peter Cassidy, secretary general of APWG. The format will allow for unambi... read more» 
   
 





 Council of Europe pushes Convention on Cybercrime 
 (from ComputerWorldUk at 25-3-2010) 
 A European intergovernmental body that oversees the only international cybercrime treaty is advocating that the UN supports its efforts to get wider ratification of the treaty. The UN is scheduled to hold its 12th congress on crime prevention and criminal justice in Salvador, Brazil, from April 12 to April 19. The congress is scheduled to discuss cybercrime along with various crime prevention measures. Cybercriminals will not wait while the international community spends a couple of years ... read more» 
   
 





 Council of Europe pushes for single cybercrime treaty 
 (from ComputerWorld at 25-3-2010) 
 A European intergovernmental body that oversees the only international cybercrime treaty is advocating that the UN supports its efforts to get wider ratification of the treaty. The UN is scheduled to hold its 12th congress on crime prevention and criminal justice in Salvador, Brazil, from April 12 to April 19. The congress is scheduled to discuss cybercrime along with various crime prevention measures. Cybercriminals will not wait while the international community spends a couple of years ... read more» 
   
 





 Comments made on deleting data, as organisations struggle to securely and compliantly remove files 
 (from scmagazineuk at 25-3-2010) 
 Deleting data should be done efficiently as a failure could lead to a data breach or worse. In a recent blog SecureWorks solutions architect Beau Woods claimed that many organisations are struggling to delete data in a way that is both secure and compliant. He said: “Some ways to do this include using software to overwrite the data, using a degaussing tool to electronically damage the drives, and physically destroying them. Make sure you keep in mind that whatever method you use, the goal is... read more» 
   
 





 Brazil tops global spam rankings 
 (from Net-Security at 25-3-2010) 
 Brazil, India, Vietnam, USA and Russia head the ranking of countries from which most spam was sent during the first two months of the year, according to a study by Panda Security. Brazil has topped the global spam ranking for January and February. The spam messages themselves are used primarily either to distribute threats or sell illicit products, and the main lure used as part of the social engineering techniques employed is the promise of videos or photos of Brazilian girls.... read more» 
   
 





 YPG employee data possibly compromised 
 (from YumaSun at 25-3-2010) 
 The personal information of more than 700 Yuma Proving Ground employees may be at risk of identity theft because a home computer that contained their data may have been compromised. According to YPG spokesman Chuck Wullenjohn, personnel information from 2005-2007, which included the names and Social Security numbers of the employees at that time, was being stored on the personal home computer of an employee of the installation's Resource Management Division. That information, which was bei... read more» 
   
 





 U.S. electrical grid probed but not yet attacked, says paper 
 (from fiercegovernmentit at 25-3-2010) 
 Evidence suggests that "unknown foreign entities" have probed computer networks controlling the U.S. electrical grid, which would become a target during a cyber attack, according to a paper from the Center for Strategic and International Studies. Electrical power systems have long been targets, writes James Andrew Lewis, director of CSIS's Technology and Public Policy Program. But, now that Internet protocol commercial systems run the electrical grid, they can be a low cost target made from a... read more» 
   
 





 More security for root DNS servers 
 (from h-online at 25-3-2010) 
 From today (Wednesday) at 5pm CET, the K DNS root server operated by the European RIPE internet registry will provide a DNS zone signed with the DNSSEC security protocol. Two hours earlier, the D-Root server operated by the University of Maryland will start returning signed responses. The E-Root server operated by NASA is scheduled to follow in the early evening. This means that seven of the 13 central root servers which constitute the Domain Name System (DNS) responsible for domain name reso... read more» 
   
 





 The battle for Internet freedom: Obscenity and child pxxxgraphy 
 (from NetworkWorld at 25-3-2010) 
 Indecency is "offensiveness according to accepted standards, especially in sexual matters" and obscenity is "something that is disgusting and morally offensive." (Microsoft® Encarta® 2008.) In every culture, social norms prescribe and prohibit ranges of behavior. For example: • Scandinavians and most northern Europeans have far less concern about nudity than many people in the USA: when German exchange students cheerfully took off their blouses to sunbathe on the campus of Norwich University ... read more» 
   
 





 Many browsers patched prior to hacking event 
 (from WindowsSecrets at 25-3-2010) 
 One of the top draws at CanSecWest, the highly regarded Canadian security conference, is the break-the-browser contest known as Pwn2Own. So can it be coincidence that Apple, Google, and Mozilla updated their browsers just days before the contest? Yesterday was the start of CanSecWest 2010 in Vancouver, British Columbia. This year, a U.S. $10,000 prize sponsored by TippingPoint's Zero Day Initiative goes to each white-hat hacker who's the first to bring down Microsoft's Internet Explorer 8,... read more» 
   
 





 In response to new rules, GoDaddy to stop registering domain names in China 
 (from Washington Post at 25-3-2010) 
 GoDaddy.com, the world's largest domain name registration company, told lawmakers Wednesday that it will cease registering Web sites in China in response to intrusive new government rules that require applicants to provide extensive personal data, including photographs of themselves. The rules, the company said, are an effort by China to increase monitoring and surveillance of Web site content and could put individuals who register their sites with the firm at risk. The company also said the... read more» 
   
 





 ATS Leaves Building Unlocked, Open 
 (from camerafraud at 25-3-2010) 
 A corporate security breach at American Traffic Solutions was uncovered by CameraFRAUD volunteers Saturday night. The photo radar ticket processing facility, located in the Phoenix-suburb of Ahwatukee, was left unlocked and unattended. Numerous bundles of network cables were spotted throughout the building, potentially allowing anyone with a laptop to access internal systems containing vital “chain of evidence” data. A dozen trashcans full of unshredded documents were spotted, possibly contai... read more» 
   
 





 Twitter: Spam Reduced To 1% Of Tweets Per Day 
 (from DarkReading at 25-3-2010) 
 Twitter says its spam levels have dropped significantly to a new low of 1 percent of all tweets -- a major decrease from the level of nearly 11 percent in August 2009. Spam has been steadily declining as of December, from about 4 percent to the current volume of 1 percent as of February, according to a graphic on spam traffic posted by Twitter. Spammy tweets averaged in the 5 to 6 percent range most of last year, but started to dwindle in the fall, with occasional spikes, according to the dat... read more» 
   
 





 Cyberattacks an 'existential threat' to U.S., FBI says 
 (from ComputerWorld at 25-3-2010) 
 A top FBI official warned today that many cyber-adversaries of the U.S. have the ability to access virtually any computer system, posing a risk that's so great it could "challenge our country's very existence." Steven Chabinsky, deputy assistant director of the FBI's cyber division, delivered a strong and urgent warning about the threat of cyberattacks during a presentation Tuesday at the FOSE government IT trade show here. Chabinsky also offered recommendations for countering the threat, inc... read more» 
   
 





 U.S. Faces Cyber Security Gap Without Training, Education 
 (from eSecurity Planet at 25-3-2010) 
 As discussions about the federal approach to cyber security continue to percolate across the highest levels of government, one of the most important steps policymakers can take is to nourish the education and training of a new crop of security experts, a senior administration official said here at the FOSE government IT show. Working in concert with the government, the private sector has made significant strides in improving software security and ferreting out vulnerabilities in the supply ch... read more» 
   
 





 Justin Bieber manager arrested for failure to tweet 
 (from Reuters at 25-3-2010) 
 Scott Braun, 28, surrendered to police in Williston Park, New York, for having refused to send a message on the social networking Web site warning fans that an appearance by the Canadian pop star had been canceled due to overcrowding, according to the Nassau County District Attorney.... read more» 
   
 





 FBI lists Top 10 cybercriminal posts 
 (from ComputerWorld at 25-3-2010) 
 Criminal hacker organisations are operating with increasing corporate-life efficiency, specialisation and expertise, according to the FBI. From a business perspective, these criminal enterprises are highly productive and staffed by dedicated people willing to operate worldwide, around the clock "without holidays, weekends or vacations," according to Stephen Chabinsky, deputy assistant director in the FBI's cyber division . "As a result, when an opportunity presents itself these criminals can ... read more» 
   
 





 Laser Security for the Internet: Scientist Invents a Digital Security Tool Good Enough for the CIA -- And for You 
 (from ScienceDaily at 25-3-2010) 
 A British computer hacker equipped with a "Dummies" guide recently tapped into the Pentagon. As hackers get smarter, computers get more powerful and national security is put at risk. The same goes for your own personal and financial information transmitted by phone, on the Internet or through bank machines.... read more» 
   
 





 How China's internet generation broke the silence 
 (from Guardian at 25-3-2010) 
 One cold but sunny autumn day, a young white-collar worker in Shanghai received an anxious phone call from his family. The authorities were requisitioning their farmland for development. Wang Shuai believed the scheme was illegal, but officials refused to discuss it. He tried journalists, but they thought his story both too common and too sensitive. That was when he turned to the internet. "It was the choice of having no choice," he said. "But I had read complaints about injustices on the ... read more» 
   
 





 Cybersecurity Bill Passes Senate Committee 
 (from informationweek at 25-3-2010) 
 A crucial piece of cybersecurity legislation is one step closer to becoming law after being approved during a Commerce, Science & Transportation Committee hearing Wednesday. The Cybersecurity Act, S. 773, aimed at protecting critical U.S. network infrastructure against cybersecurity threats by fostering collaboration between the federal government and the private sector firms that maintain that infrastructure, is now on its way to the Senate floor. The bill, co-sponsored by committee Chai... read more» 
   
 





 'Infections found': Inside the great scareware scam 
 (from NewScientist at 25-3-2010) 
 ONE day in March 2008, Kent Woerner got a disturbing phone call from a teacher at an elementary school in Beloit, Kansas. An 11-year-old student had triggered a security scan on a computer she was using, revealing that the machine contained pornographic images. Worse still, the images had appeared on-screen as the scan took place.... read more» 
   
 





 Congress slams China and Microsoft, praises Google 
 (from CNN at 25-3-2010) 
 Two days after Google stopped censoring search results in China, a congressional panel praised the company's actions while excoriating the Beijing government for its record on Internet censorship and human rights. At a hearing held by the Congressional-Executive Commission on China on Wednesday, lawmakers called on China to allow a free flow of ideas on the Internet and sharply criticized Microsoft for continuing to be complicit with China's censorship laws.... read more» 
   
 





 U.S. Gov Says Cyber Security Experts in Demand Experts 
 (from InternetNews at 25-3-2010) 
 As discussions about the federal approach to cyber security continue to percolate across the highest levels of government, one of the most important steps policymakers can take is to nourish the education and training of a new crop of security experts, a senior administration official said here at the FOSE government IT show. Working in concert with the government, the private sector has made significant strides in improving software security and ferreting out vulnerabilities in the supply ch... read more» 
   
 





 Bejtlich in April Wired Magazine 
 (from TaoSecurity at 25-3-2010) 
 The April issue of Wired Magazine features an article by Noah Shachtman titled Security Watch: Beware the NSA’s Geek-Spy Complex. Noah writes: Early this year, the big brains at Google admitted that they had been outsmarted. Along with 33 other companies, the search giant had been the victim of a major hack — an infiltration of international computer networks that even Google couldn’t do a thing about. So the company has reportedly turned to the only place on Earth with a deeper team of geeks... read more» 
   
 





 Obama's Twitter hacking suspect busted 
 (from Canoe at 25-3-2010) 
 A 25-year-old who allegedly hacked the Twitter accounts of numerous well-known figures, including Britney Spears and President Barack Obama, has been detained, French police said Wednesday. The suspect, who goes by the online pseudonym "Hacker Croll," was caught following a joint operation with the FBI and detained for questioning Tuesday in the Puy-de-Dome region of central France, they said. Police say the FBI contacted them after discovering in July that someone had managed to get acces... read more» 
   
 





 Man held in Twitter hacking case 
 (from virginmedia at 25-3-2010) 
 A 25-year-old who allegedly hacked the Twitter accounts of numerous well-known figures, including Britney Spears and President Barack Obama, has been detained, French police said. The suspect, who goes by the online pseudonym "Hacker Croll," was caught following a joint operation with the FBI and detained for questioning on Tuesday in the Puy-de-Dome region of central France, they said. Police say the FBI contacted them after discovering in July that someone had managed to get access to co... read more» 
   
 





 AVprofit: Rogue AV + Zeus = $ - The e-mail address listed in the Web site registration records for avprofit.com is 'abusemaildhcp@gmail.com, 
 (from KrebsonSecurity at 25-3-2010) 
 The presence of rogue anti-virus products, also known as scareware, on a Microsoft Windows computer is often just the most visible symptom of a more serious and insidious system-wide infection. To understand why, it helps to take a peek inside some of the more popular rogue anti-virus distribution networks that are paying people to peddle scareware alongside far more invasive threats.... read more» 
   
 





 Google Fined For Not Blocking Dirty Jokes 
 (from Techdirt at 25-3-2010) 
 Sinsi was the first of a few of you to send in the news that Google has been fined by a Brazilian court for not blocking some dirty jokes on its Orkut social network (which, for reasons no one has explained, is only popular in Brazil). This isn't the first time that Google has run into legal trouble over Orkut -- though it appears in every case that the Brazilian courts seem to blame Google for any action done by its users.... read more» 
   
 





 Sans founder slams 'terribly damaging' US cyber security law 
 (from Computer Weekly at 25-3-2010) 
 Federal guidelines on how to protect computer systems did just the opposite, a US congressional committee heard. In a scathing attack on the Federal Information Security Management Act (Fisma), Alan Paller, founder of the Sans Institute, told the subcommittee on government management organisation and procurement, part of the committee on oversight and government reform, that Fisma slowed down every security process and took away key resources from projects that would allow agencies to act and re... read more» 
   
 





 Cybersecurity Policy Roundup 
 (from KrebsonSecurity at 25-3-2010) 
 There are several cybersecurity policy issues on Capitol Hill that are worth keeping an eye on. Lawmakers in the Senate have introduced a measure that would call for trade restrictions against countries identified as hacker havens. Another proposal is meeting resistance from academics who worry about the effect of the bill’s mandatory certification programs for cyber security professionals. As reported by The Hill newspaper, Senators Orrin Hatch (R-Utah) and Kirsten Gillibrand (D-NY) have int... read more» 
   
 





 OpenDNS reaches milestone in DNS services 
 (from TechWorld at 25-3-2010) 
 Internet infrastructure and services company OpenDNS has reached a major landmark by snagging one percent of all Internet users worldwide, according to analytics firm Quantcast. While it doesn't sound like very much, that adds up to 18 million global users, and given that most organisations get their DNS services from their ISPs, OpenDNS is the largest single provider of DNS services. Furthermore, its use has doubled in the past year, despite the emergence of a powerful new competitor after G... read more» 
   
 





 Google squares up for another censorship fight 
 (from TGDaily at 25-3-2010) 
 You might think Google had enough of a fight on its hands as it protests about censorship in China. But Google, along with Yahoo, is also complaining about newly-released plans to introduce an internet filter in Australia. The measures being considered in Australia go further than those of most countries, and in a submission to the Australian government, Google described them as 'too wide'."While we recognise that protecting the free exchange of ideas and information cannot be without some li... read more» 
   
 





 Ex-IBM exec heads to court in insider trading case 
 (from The Standard at 25-3-2010) 
 IBM's former server chief, Robert Moffat, is heading to court on Monday after he agreed to waive his right to a grand jury in a case related to the Galleon Group insider-training scandal, according to court documents. The waiver sets the stage for Moffat to enter a plea in the case relating to his involvement in an insider-trading scheme that netted some stock traders millions of dollars in illicit profits.... read more» 
   
 





 Facebook distracts school children from studies: survey 
 (from Courier Mail at 25-3-2010) 
 SOCIAL networking sites like Facebook are affecting the grades of almost 80 per cent of school children, a recent survey shows. The survey, conducted by Oxygen Factory, an organisation of youth and self-development experts, found nearly 80 per cent of students aged 11 to 18 said social networking sites were a distraction from their studies. Facebook proved the most popular site, with more than 80 per cent of students regularly using it.... read more» 
   
 





 Canada easy prey for cyber attacker: expert 
 (from Ottawa Citizen at 25-3-2010) 
 Canada is woefully unprepared for a massive cyber-attack that is within the capabilities of any run-of-the-mill hacker, and which could cripple the business of the nation, warns a leading security expert. Dragos Ruiu, an Edmonton-based computer security consultant, says it's time for the government to protect complex computer networks that can now be hijacked with the simplest of tools.Some governments are taking the threat of Internet-based cyber-attacks very seriously. Russia, China and the... read more» 
   
 





 Social media opens new door to cyberattacks, panel says 
 (from Government Computer News at 25-3-2010) 
 E-mail attachments are no longer the attack of choice of computer hackers and other individuals intent on gaining access to government and industry systems, security experts said today. As increasing numbers of people adopt social media, those sites are becoming the new attack portal of choice and malware is now the No. 1 threat, panelists said at the FOSE 2010 trade show in Washington, D.C. ...read more» 
   
 





 Tax season: Identity thief's paradise 
 (from Net-Security at 25-3-2010) 
 Many consumers look forward to tax season in anticipation of a hefty return. In the same instance, many identity thieves look forward to tax season as well, only in anticipation of beating you to your hefty return. As consumers are gathering their documents to complete their income taxes for the prior year, they are sending and receiving documents that contain significant amounts of personally identifiable information (PII), especially through peer-to-peer file sharing networks. These network... read more» 
   
 





 Cyber Attacks Reported By 100% Of Executives 
 (from Information Week at 25-3-2010) 
 Seventy-seven percent of C-level executives in a 115-person survey conducted in the U.K. say their organization has experienced a data breach at some point and all of them report attacks targeting corporate data in the past 12 months. These findings come from a study released on Wednesday by IBM, a company that sells data protection services, and The Ponemon Institute, a privacy and information management research organization.... read more» 
   
 





 Cloud computing is not always helpful in data recovery 
 (from Federal Computer Week at 25-3-2010) 
 Newer technologies such as cloud computing can be a boon for post-disaster recovery of data, but they don't always help much, Dennis Heretick, former chief information security officer for the Justice Department, said at a FOSE trade show session today. “Cloud computing can provide more reliability, but that should not be assumed,” Heretick said. How a specific cloud application fits within an agency’s or company’s disaster recovery strategy should be assessed by each organization individuall... read more» 
   
 





 The rise of Mafia-like cyber crime syndicates 
 (from Net-Security at 25-3-2010) 
 Gone are the days when the lone hacker operated from the dark of his room in order to gain credit and respect form his peers - the hacking business has been taken over by money-hungry, Mafia-like cyber crime syndicates in which every person has a specific role. So says Deputy Assistant FBI Director Steven Chabinsky, who assures us that law enforcement is taking the cyber threat very seriously. "The cyber threat can be an existential threat, meaning it can challenge our country's very existenc... read more» 
   
 





 EFF: Gmail vulnerable to snooping: SSL certificates often faked 
 (from ZDNet at 25-3-2010) 
 The Electronic Freedom Frontier released a report by Christopher Soghoian and Sid Stamm, Internet computer researchers, suggesting several international intelligence agencies can and do regularly inject revised SSL security certificates which, unbeknownst to the user, are being monitored by government agencies. The EFF disclosed it is providing legal advice to the two researchers regarding the research work and what the draft paper discloses. The report doesn’t reveal anything new regarding t... read more» 
   
 





 Pwn2Own Hackers Try to Take Down Browsers 
 (from esecurityplanet at 25-3-2010) 
 As if things weren't tough enough in the Internet security space, Web browser vendors will have a big target painted on their backs this week at the 2010 Pwn2Own competition. Taking place at the CanSecWest security show in Vancouver, Pwn2Own is a contest sponsored by security firm Tipping Point in which researchers square off against each other to win up to $100,000 in prize money for exploiting fully patched Web browsers, as well as mobile platforms.... read more» 
   
 





 Half Of Email Users Have Opened Spam 
 (from SecurityProNews at 25-3-2010) 
 A significant percentage of consumers continue to interact with spam despite their awareness of how bots and viruses spread through risky email behavior, according to a new survey by the Messaging Anti-Abuse Working Group. Even though over eighty percent of email users are aware of bots, tens of millions respond to spam in ways that could leave them open to a malware infection.... read more» 
   
 





 Dezombifying Australia 
 (from Sophos at 25-3-2010) 
 This morning it was Sophos's pleasure to host a meeting for the Internet Industry Association (IIA). From the text of its website, the IIA is an Australian industry body which aims to promote laws and initiatives which enhance access, equity, reliability and growth of the internet. Or, in the much punchier words of Chief Executive Peter Coroneos, "to build a faster, safer, fairer, more trusted internet in Australia."... read more» 
   
 





 Wikipedia Goes Down [Updated] 
 (from Mashable at 25-3-2010) 
 Wikipedia (Wikipedia) only went down a few minutes ago, according to the Twitter stream, which is already pumping out dozens of tweets per minute about the outage. There is only a “Server Not Found” message from our end. Wikipedia.org is up, but most — if not all — of the language-based encyclopedias are down, including the English one. Unlike Twitter (Twitter) and Facebook (Facebook), there isn’t a stream to check the status of the web’s de-facto information hub. We’ll continue to investigat... read more» 
   
 





 Gmail Gets Intruder Alarm 
 (from Information Week at 25-3-2010) 
 Addressing one of the ongoing concerns about cloud computing services, Google on Wednesday introduced a new security feature for its Gmail users that provides notification of unusual account activity. Since July 2008, Gmail has included a "Last account activity" link below users' inboxes that provides information about when the account was last accessed and the IP address used. But the placement of the link makes it useful mainly to people seeking to confirm an existing suspicion.... read more» 
   
 





 Twitterers go offline in the name of charity 
 (from MSNBC at 25-3-2010) 
 Thousands of Twitterers worldwide will put their fingers to rest and gather offline on Thursday in the name of charity. People in over 200 cities worldwide will participate in the second annual "Twestival," which this year aims to raise funds for education. "It's a pretty viral phenomenon that happened," said Sarah Prevette, lead organizer for Twestival Toronto.... read more» 
   
 





 Zurich Insurance promises changes after data loss 
 (from The Register at 25-3-2010) 
 Zurich Insurance has promised to improve its information security after losing personal financial information on 46,000 British clients through careless handling of unencrypted backup tapes. The back-up tape, which also contained personal details of 1,800 third party insurance claimants from the UK, was lost by Zurich's South African sister company during what was described as a routine transfer to a data storage facility in South Africa in August 2008.In total, 51,000 British records were on... read more» 
   
 





 Sure Signal not so sure - Vodafone leaves the disconnected disconnected 
 (from The Register at 25-3-2010) 
 Vodafone's Sure Signal is supposed to provide connectivity to the disconnected, but for the last few days the service has been far from sure despite relying on customers paying twice. Punters who shelled out 50 quid on the promise of getting a connection over their own ADSL line, where no wireless service was available, have been left facing repeated disconnections and slowdowns of the service as Vodafone struggles to integrate its mobile phone network with the internet.... read more» 
   
 





 In response to new rules, GoDaddy to stop registering domain names in China 
 (from Washington Post at 25-3-2010) 
 GoDaddy.com, the world's largest domain name registration company, told lawmakers Wednesday that it will cease registering Web sites in China in response to intrusive new government rules that require applicants to provide extensive personal data, including photographs of themselves. The rules, the company said, are an effort by China to increase monitoring and surveillance of Web site content and could put individuals who register their sites with the firm at risk. The company also said the ... read more» 
   
 





 Egypt to ban Skype VoIP to PSTN on mobile phones? 
 (from ZDNet at 25-3-2010) 
 Reuters reports Egypt’s National Telecommunication Regulatory Authority head Amr Badawy said earlier this month his country will ban international calls through mobile Internet connections. Mobile phone use has exploded in most of the Middle East and southern regions of Asia, providing a valuable resource of tax revenue for governments. Technology however has leapfrogged early telephone network billing and voice signal systems that track telephone usage affecting how regulators collect termin... read more» 
   
 





 Two U.S. Internet companies leave China 
 (from MSNBC at 25-3-2010) 
 Two U.S. companies that sell Internet addresses to Web sites said Wednesday they had stopped registering new domain names in China because the Chinese government has begun demanding pictures and other identification documents from their customers.... read more» 
   
 





 Internet agency approves domains in native scripts 
 (from usatoday at 25-3-2010) 
 Four countries and two territories have won preliminary approval to have Internet addresses written entirely in their native scripts as early as this summer. However, proposals for Internet addresses that would say "China" and "Taiwan" in Chinese will require a few more months of technical review. The delay is not over political disputes, but rather because the Chinese language can be written in two ways — using simplified and traditional scripts. Rules are being developed to make sure that a... read more» 
   
 





 'Colleges continue to embrace social networking for teaching'. Really? 
 (from ZDNet at 25-3-2010) 
 Universities and colleges are increasingly becoming aware and utilising social networks as a method of teaching students. Seeing as accessing Facebook especially - I hate to pick favourites but it really does have the most users after all - is used on a day to day basis by the Generation Y, accessing the knowledge they need is far easier by bringing the students to the professors on a more comfortable level. Lecturers are apparently using Second Life and other interactive social networks to c... read more» 
   
 





 Foreign Office changes tourist advice after Israeli inquiry 
 (from The Register at 25-3-2010) 
 The Foreign Office has revised travel advice for Brits visiting Israel after the UK government blamed the Jewish State for cloning UK passports for use in an operation to kill a Hamas commander in Dubai. Eleven of the 12 innocent Brits (as a group, mainly dual citizenship holders resident in Israel) impersonated by roving assassins have accepted passports with biometric chips offering improved security. Those affected include Melvyn Mildiner, an Israel-resident British IT worker. Both Foreign... read more» 
   
 





 The great firewall of China 
 (from The Age - Australia at 25-3-2010) 
 When vicious inter-ethnic violence broke out in Urumqi last year, Chinese authorities flooded the city with soldiers. But next came an unexpected step: they cut off internet access across the vast north-western region of Xinjiang. Controlling the information flow was as crucial as controlling the streets, it seemed. Eight months on, the net remains largely inaccessible in Xinjiang, though officials claim it will be restored. The small number of sites that were recently unblocked are heavily c... read more» 
   
 





 Cybersecurity bill passes first hurdle 
 (from ComputerWorld at 25-3-2010) 
 A closely watched bill that promises to introduce some major changes on the federal cybersecurity front was approved by the Senate Commerce Committee today just days after it was introduced by Senators Jay Rockefeller (D-W.Va.) and Olympia Snowe (R-Maine). The proposed legislation is called the Cybersecurity Act (S.773) and is a revised version of a bill that was originally introduced by the two Senators last year. It seeks to improve national cybersecurity preparedness by fostering a clos... read more» 
   
 





 Insider threat and data loss can be brought under control with effective end-user behaviour 
 (from scmagazineuk at 25-3-2010) 
 The ability to monitor end-user behaviour can make a difference when it comes to data loss and insider threats.Stuart Okin, managing director of Comsec Consulting, said the process can allow a company to monitor what an employee is doing and it allows all behaviours to be looked at. Okin said: “Is an employee moving data around? Are they profiling themselves against other peer groups? In the last three to four years this has been gathering momentum and companies are starting to trial this.”... read more» 
   
 





 Estate agents hit by web bug 
 (from The Age - Australia at 25-3-2010) 
 Brisbane real estate agents claim a major property website failed to deliver email queries from prospective buyers for up to one month costing them potential sales. LJ Hooker Coorparoo principal agent Peter Weiss said he had been forced to apologise to dozens of potential buyers since he did not receive their email queries from realestate.com.au. "We had customers ringing and complaining that we weren't responding to emails," Mr Weiss said.... read more» 
   
 





 FBI cyber cop says 'very existence' of US under threat 
 (from The Register at 25-3-2010) 
 Cyber attacks threaten the "very existence" of the US, according to a top FBI official charged with worrying about such things. "The cyber threat can be an existential threat - meaning it can challenge our country's very existence, or significantly alter our nation's potential," Steven Chabinsky was quoted by Computerworld as telling a gathering of government IT types at the Federal Office Systems Exposition, better known as FOSE, in Washington DC on Tuesday.... read more» 
   
 





 Feds To Test Cybersecurity System 
 (from Information Week at 25-3-2010) 
 The Department of Homeland Security plans to work with a commercial Internet service provider and one federal agency to carry out a pilot test of Einstein 3, an intrusion detection and prevention system that will eventually be used to bolster federal agencies' information security postures. DHS detailed the plans in a privacy impact statement -- required for new IT systems in government -- that it published last Thursday, along with some of the deepest detail yet of the partially classified s... read more» 
   
 





 Racist police emails 'disturbing and gross' 
 (from The Age - Australia at 25-3-2010) 
 A series of racist and pornographic emails shared among Victoria Police officers are too shocking to ever be released publicly, the state's police chief says. Up to 100 officers are being investigated and could face the sack for sharing the emails, described by Chief Commissioner Simon Overland as "disturbing and gross", on work computers. The most serious email shows an ethnic man being tortured. Speaking on radio station 3AW today, Mr Overland said the email misuse was ‘‘at the top end". "I... read more» 
   
 





 Privacy battle looms for Google and Facebook 
 (from The Age - Australia at 25-3-2010) 
 You have been tagged in 12 photos - even if you're not signed up to the Web site. European regulators are investigating whether the practice of posting photos, videos and other information about people on sites such as Facebook without their consent is a breach of privacy laws. The Swiss and German probes go to the heart of a debate that has gained momentum in Europe amid high-profile privacy cases: To what extent are social networking platforms responsible for the content their members uplo... read more» 
   
 





 Man who hacked Obama's Twitter released 
 (from The Age - Australia at 25-3-2010) 
 French police have released a hacker who gained access to US President Barack Obama's account in one of his attacks on the wildly popular micro-blogging site Twitter, police said Wednesday. The unemployed 25-year-old, who lived with his parents and used the pseudonym "Hacker Croll", was arrested Tuesday after an operation conducted jointly with US agents from the FBI that lasted several months. He was questioned in police custody in the central city of Clermont-Ferrand and has been ordered to... read more» 
   
 





 Facebook Six prison officers beat bid to sack them 
 (from The Age - Australia at 25-3-2010) 
 Six prison officers known as the Facebook Six have won their case against the NSW Corrective Services Department, which tried to sack them over comments posted on the social networking site. A Facebook group called "Suggestions to help Big RON save a few clams" criticised state government plans to privatise NSW prisons and suggested other ways that NSW Corrective Services Commissioner Ron Woodham could save money.... read more» 
   
 





 French hacker arrested for targeting Obama's Twitter 
 (from TGDaily at 25-3-2010) 
 A 25-year-old Frenchman has been arrested for trying to gain access to President Barack Obama's official Twitter account, as well as other notable public figures. The man, whose name wasn't released, is unemployed but obviously has some technical skill up his sleeve. French police official Captain Adeline Champagnat said the suspect was able to retrieve passwords from Twitter administrators.... read more» 
   
 





 Australian Internet Censorship Scheme Criticised By Yahoo, Google 
 (from ITPro Portal at 25-3-2010) 
 Internet czars Yahoo and Google have criticised Australia's plans to enmesh the nation into a sophisticated internet censorship structure, which, according to some, will restrict freedom of internet by prohibiting access to legal information. However, the Australian government has explained that the internet filter will effectively block access to offensive websites related to child pornography, sexual violence and websites explaining drug and weapon use. The new internet filtering technolog... read more» 
   
 




 Google Fined By Brazilian Court Over Orkut's Dirty Jokes 
 (from ITPro Portal at 25-3-2010) 
 Search engine giant Google has been served with a hefty fine by a Brazilian court in the state of Rondonia for inadequate monitoring of pages on its Orkut social networking service, which contained dirty jokes. The court has asked the US based company to cough-up 2,700 dollars for each day the pages remained hosted on the social networking platform.... read more»

Disqus for ePayment News