Saturday, May 29, 2010

Internet (Lack of) Security News through 5/29



This Free IT-Security news feed is provided by E-Secure-IT; the most comprehensive and complete Business Risk Management Intelligence Service and IT-Security Risk and Threat Early Warning Service available in the market today. Visit us at www.e-secure-it.com or email more-info@e-secure-it.com for more information on our available services.




























































































































































































































































































































































































































UK Postman Admits to Using Facebook and Bebo to Abuse Hundreds of Children
(from Mashable at 29-5-2010)
A UK postman admitted to using Facebook and Bebo to abuse “hundreds” of children in a case that included 27 sexual abuse charges. Michael Williams, a 28-year-old from Cornwall, used the sites to pursue and friend children, sometimes using false names and posing as a teenager, according to the BBC. With some of the victims, he used the sites to arrange meetings. The case comes at a time when social network users have grown concerned about their privacy while on such sites. In fact, 71% of 1... read more»





Cyber security of national importance
(from bangkokpost at 29-5-2010)
Information security experts are urging the government to set up an independent office of national cyber security responsible for national data security issues. The unrest in Bangkok and several other provinces nationwide last week raised concerns that cyber security has become of paramount importance to the kingdom. The internet and other methods of digital communication have the potential to be used to conduct cyber warfare. For example, attacks could be launched against critical infrast... read more»





Mom Who Used Son's Facebook Account Found Guilty Of Online Harassment
(from Techdirt at 29-5-2010)
We're somewhat skeptical of the various "cyberharassment" laws out there, as they leave themselves wide open to interpretation (often in dangerous ways). In April, we wrote about one case involving a son who sued his mother for harassment after she used his Facebook account (she went to the computer and he had not logged out) to post angry messages on his wall, pretending to be him, and then changed his password and locked him out of the account. (As a quick aside: I just checked, and as with mo... read more»





HMRC leaks private data in 50,000 letters
(from kable at 29-5-2010)
One person received his tax credit notice with his National Insurance details, but on the back were the details of the work, childcare and pay of other people, The Register has reported. He then received a note from HMRC saying that a print supplier had wrongly preparing the notices. A spokeswoman for the department said: "HMRC takes data security extremely seriously. Unfortunately an error has occurred in one of the tax credits print runs causing some customer information to be wrongly fo... read more»





Pentagon: If You Don't Let The US Gov't Spy On Your Network, You Place American Lives At Risk
(from Techdirt at 29-5-2010)
The whole "cyberterorrism" fear mongering is being taken to even more extreme levels. At the Strategic Command Cyber Symposium, William Lynn III, the deputy defense secretary apparently told the audience that companies who operate critical infrastructure need to let the US install monitoring equipment or it puts everyone at risk. The NSA has apparently developed a monitoring system called Einstein (I wonder if they paid the license fee), and want to let companies "opt-in" to installing the g... read more»





Google dismisses German request for WiFi data
(from TechWorld at 29-5-2010)
Google rebuffed a request from German data protection officials to hand over data it mistakenly collected as part of Street View imagery. Google had until midnight Wednesday to turn over a hard drive from one the vehicles collecting the data to Hamburg's Data Protection Agency. "They told us yesterday that they refuse to give the hard drive because they are afraid they could breach German telecommunication law," said Johannes Caspar, who heads the Data Protection Agency, on Thursday.... read more»





National strategy is light on cybersecurity details
(from nextgov at 29-5-2010)
The National Security Strategy the White House released on Thursday emphasizes the importance of protecting cyberspace, but is weak on specifics, according to one observer. In the security blueprint, President Obama acknowledged the need to pursue "new strategies to protect against ... challenges to the cyber networks that we depend upon." He said the United States will invest more in developing technology that better protects critical government and industry computer systems and networks. Th... read more»





The cybersecurity changes we need
(from Washington Post at 29-5-2010)
The news is filled with scary stories about the insecurity of the computer and telecommunication systems on which our nation's prosperity depends: malicious software planted in electricity-grid computers; rampant state-sponsored and criminal cyber-espionage and theft; and the possibility of cyberattacks on banking and transportation systems. Exactly one year ago, President Obama declared our "digital infrastructure" to be a "national security asset" and pledged to make it "secure, trustworthy an... read more»





Meet the scientist infected with computer virus
(from indiavision at 29-5-2010)
A British researcher has successfully infected himself with a computer virus and claims to be the first of its kind. Scientist Mark Gasson, contaminated a tiny, radio frequency identification (RFID) chip with a virus and placed it under the skin on his hand. He uses that chip to activate his cell phone, as well as open secure doors, reports bbc.co.uk. The chip which is an advanced version of ID chips used to locate animals, enables him to pass through security doors and activate his mobile... read more»





UK: 1000 data breaches reported to the ICO
(from databreaches at 29-5-2010)
The government’s analysis of the 1007 breaches indicates that stolen data or stolen hardware accounted for the most common cause of breaches, with 307 breaches of this kind. Of those 307 thefts, 116 were reported by the NHS. The second most common source of reported breaches was disclosure errors (254), followed closely by lost data or lost hardware (233).... read more»





FTC Extends Enforcement Deadline for Identity Theft Red Flags Rule
(from databreaches at 29-5-2010)
At the request of several Members of Congress, the Federal Trade Commission is further delaying enforcement of the “Red Flags” Rule through December 31, 2010, while Congress considers legislation that would affect the scope of entities covered by the Rule. Today’s announcement and the release of an Enforcement Policy Statement do not affect other federal agencies’ enforcement of the original November 1, 2008 deadline for institutions subject to their oversight to be in compliance. “Congress n... read more»





FTC asks Google to retain WiFi data
(from Washington Post at 29-5-2010)
The Federal Trade Commission has asked Google not to destroy any documents related to the data it collected from unsecured home wireless networks as it gathered images for its Street View photo-map archive, according to a person familiar with the matter. The company has not complied with a request from Germany to turn over Internet data and e-mail it collected from the networks as its roving Street View cars collected images, citing legal issues. It also has not turned over information to Hon... read more»





Ofcom publishes draft code for ISPs to combat piracy
(from v3 at 29-5-2010)
Ofcom has published a draft code of practice that internet service providers (ISPs) will have to adhere to in order to meet new anti-copyright requirements under the Digital Economy Act. Under the draft proposals only ISPs with over 400,000 subscribers will be subject to the new code, which means that BT, Talk Talk, Virgin Media, Sky, Orange, O2 and the Post Office will be affected. However, Ofcom stated that, should levels of copyright infringement on other networks, including mobile, inc... read more»





Three charged over massive fake anti-virus scam
(from TGDaily at 29-5-2010)
Three men have been charged over a $100 million scam involving fake anti-virus software. Through companies including Innovative Marketing and Byte Hosting Internet Services, the men are accused of posting ads on third party websites. These ads redirected users to websites that appeared to be virus scans. Users were then told their machines contained viruses, and urged to buy a series of fake anti-virus packages with names like DriveCleaner and ErrorSafe, and costing up to $70.... read more»





HMRC admits sending personal details of 19,000 tax credit claimants to wrong people
(from Telegraph at 29-5-2010)
Whitehall sources said ministers were “dismayed” by the latest example of a Government department losing people’s personal details. Around 19,000 individuals were sent other people's personal information in the post along with their annual award notice. They each received one page of someone else’s tax credit renewal form which included a variety of different personal details. These included names, addresses and dates of birth, as well as parts of bank account numbers, salary details a... read more»





Japanese police bust malware extortionist ring
(from TGDaily at 29-5-2010)
Japanese police have arrested two individuals accused of spreading a nefarious piece of malware that stole personal information and posted it on the Internet. According to Sophos security researcher Graham Cluley, the devious duo contacted compromised victims and offered to remove their personal data from the Internet for a hefty fee. "The malware was reportedly spread via the Winny peer-to-peer file-sharing network posing as an adult-themed Hentai game. Upon installing the program, victi... read more»





An Overview of Exploit Packs
(from avertlabs at 29-5-2010)
Today’s cybercriminals frequently use “exploit packs” to easily snare victims for their botnets. Users with underprotected computers who visit booby-trapped websites become the latest botnet zombies. I often receive requests asking me which exploit packs are current and which vulnerabilities they use. To answer these inquiries, I’ve created a table that lists the exploits referenced by their Common Vulnerabilities & Exposures (CVE) names and their related kits. (Click on the image to enlarge ... read more»





Blunkett threatens to sue for £30 ID card refund
(from The Register at 29-5-2010)
David Blunkett this morning claimed he may sue the government for a refund on his £30 ID card, which new laws will render worthless by the end of summer. The former Home Secretary and political originator of the ID cards scheme went on Today this morning to explain why he was right to introduce the scheme and the ConDem coalition is wrong to scrap it. Blunkett's cheerleading for ID cards led to the Labour government spending £257m on the scheme for nothing.... read more»





Firms tackle virus-laden Web sites, ads
(from CNet at 29-5-2010)
Taiwan-based Armorize knows something about keeping malware off Web sites. Four years ago, Wayne Huang left his job researching ways to help secure the Taiwanese government's networks from attacks. He and his brother, Matt Huang, a Stanford MBA graduate, decided to commercialize the research and launched Armorize, which became an anti-malware leader in Asia. Now the company is taking its malware expertise to the United States. This week, Armorize announced it is moving its headquarters to ... read more»





Data Theft Puts NC Employees At Risk
(from eSecurity Planet at 29-5-2010)
More than 5,200 current and former employees working for the city of Charlotte, N.C. are scrambling to check their bank accounts and credit reports this week after a leading benefits consulting firm acknowledged that two DVDs containing a goldmine of personal information have gone missing. According to city officials, the DVDs storing information including names, birth dates and social security numbers failed to arrive at Towers Watson & Co.'s Atlanta office sometime in February.... read more»





Koobface Botnet Revisited
(from EWeek at 29-5-2010)
An anagram of Facebook, Koobface has remained one of the successful pieces of malware to target social networks. First appearing in 2008, Koobface has targeted users of Facebook, MySpace, Hi5, Twitter and other networks. In a new paper, Trend Micro has taken another look at the Koobface botnet (PDF) and some of the changes it has made as it evolved. Among the major changes to the botnet chronicled by Trend Micro: 1. Using proxy command-and-control (C&C) servers 2. Encrypting th... read more»





MessageLabs: Botnets on rise in Africa
(from Bizreport at 29-5-2010)
MessageLabs finds: • 90.1% of email is now spam, an increase of 0.2% since April • 1 in every 211 emails now has a virus • 1 in every 237 emails is a phishing scam • 90% of spam messages also have a hyperlink or URL • Roughly 5 Autonomous System Numbers (ASN's, basically network identifiers) are used for 40% of spam domains These hyperlinks and URLs within spam messages are some of the most detrimental to consumers, who may not realize from the shortened URL or the Typo-URL that they'r... read more»





Adobe considers shorter update cycles
(from h-online at 29-5-2010)
According to Brad Arkin, Adobe's Director of Product Security and Privacy, the company is currently considering reducing the interval between security updates for Adobe Reader from 90 to 30 days. Adobe started a three-monthly cycle in mid 2009 and has since been releasing updates for Adobe Reader and Acrobat on the second Tuesday of every third month – the same day as Microsoft's official patch day.... read more»





A week in security: hentai malware writers nabbed
(from v3 at 29-5-2010)
This week has been dominated by further evidence of the uphill battle facing many security professionals and security vendors, with separate reports charting the continued growth of malware and new threats surfacing. Sophos senior technology consultant Graham Cluley called on Facebook to set up an early warning system on its network to notify users of any threats as and when they occur, after yet another malware attack hit the site last weekend.... read more»





Is it possible to measure IT Security?
(from The Register at 29-5-2010)
It is a commonly held principle in many areas of business that if you can’t measure something “quantitatively”, it will be difficult to raise the quality objectively. The applicability of this statement to the world of IT security is clear. Without having some form of metrics in place, it is tough, if not impossible, to judge whether security is getting better over time. Indeed, it is probably fair to say that many organisations have only one way to assess security – namely, “did anything go wro... read more»





U.S. businesses need gov't cyber security: official
(from China Post at 29-5-2010)
A U.S. government computer security system that can detect and prevent cyber attacks should be extended to private businesses that operate critical utilities and financial services, a top Pentagon official said Wednesday. William J. Lynn III, the deputy defense secretary, said discussions are in the very early stages and participation in the program would be voluntary. The idea, he said, would allow businesses to take advantage of the Einstein 2 and Einstein 3 defensive technologies that ar... read more»





Scientology Hacked; Church Website Cyber-Attacker Gets Year in Prison for 'Anonymous' Invasion
(from cbsnews at 29-5-2010)
A Nebraska man has been sentenced to a year in federal prison for his role in a cyber attack on the Church of Scientology's websites two years ago. Brian Thomas Mettenbrink, of Grand Island, Neb., was also ordered Monday to pay $20,000 in restitution and serve a year on supervised release after he gets out of prison. The cyber attack was orchestrated by an underground group that calls itself "Anonymous" and protests against the Church of Scientology, accusing it of Internet censorship.... read more»





BP pwned by Twitter pranksters
(from The Register at 28-5-2010)
Oil giant BP suffered further embarrassment on Thursday after its official Twitter account was hacked. Pranksters purloined the @BP_America Twitter account to write "Terry is now in charge of operation Top Kill, work will recommence after we find a XXL wetsuit. #bpcares #oilspill" The message, which was deleted around 30 minutes after it was posted, was contained an in-joke referring to the fake Twitter account @BPGlobalPR. The wag updating this account regularly references a character cal... read more»





Scammers threatening internet security
(from ABC at 28-5-2010)
Residents on Queensland's Sunshine Coast are being warned about threats to internet security with the fraud squad investigating several illegal operations in the region. In one of the scams, people are asked to reveal private details to a caller purporting to be from Microsoft. Detective Superintendent Brian Hay says personal information should not be handed out. "This should be avoided at all costs," he said. "They're nefarious with their intent, they will cause harm and they're try... read more»





White House to name Senate staffer as deputy cyber czar
(from The Hill at 28-5-2010)
The White House is planning to name Senate staffer Sameer Bhalotra as deputy cybersecurity czar, according to several reports. Bhalotra, who is currently a professional staffer for the Senate Select Intelligence Commitee, notified acquiantances on Wednesday that he would be moving to the White House to serve as cybersecurity coordinator Howard Schmidt's deputy. Bhalotra has worked for the committee since 2007, where he had access to classified materials as well as the cybersecurity budget.... read more»





Dragon Research Group Security Innovation Grant
(from Team Cymru at 28-5-2010)
The Dragon Research Group (DRG) expects to award an investment of up to $10,000 (US) to the most innovative project in the area of information security. Administered by the Dragon Research Group, an all volunteer research organization, dedicated to further understanding of online criminality and to provide actionable intelligence for the benefit of the entire Internet community, the grant is entirely and solely funded by a personal donation from Robert O. Thomas III. The grant is expected to be ... read more»





Peabody police thwart cyber-scam
(from thedailyitemoflynn at 28-5-2010)
The Peabody Police Department recently helped shut down an out-of-state scam company targeting consumers nationwide after a city resident voiced a complaint to police. The name of the company was not made known. "This is a common scam that never goes away and the scammers just keep reinventing themselves," said Peabody Police Deputy Chief Martin Cohan. "In this case, by working with the Mississippi Attorney General's Office, we managed to shut down this particular Web site as well as the f... read more»





AMEX breaks PCI control number 4: Encrypt transmission of cardholder data across open, public networks
(from securityexe at 28-5-2010)
Of all the parties you would expect to adhere to PCI-DSS controls, I would think American Express would be at the top of the list. After all, AMEX is one of the five companies that founded the PCI organization and is asking all merchants accepting AMEX to follow these guidelines. Enter the world of AMEX Daily Wish. Daily Wish is a site specifically for AMEX customers where after signing up and validating you’re an AMEX cardholder, you get specials deals and offers to buy goods and services. ... read more»





Fraudsters use ICO in latest email scam
(from v3 at 28-5-2010)
Data protection watchdog the Information Commissioner's Office (ICO) is warning internet users about a scam email purporting to come from the ICO which asks recipients for personal documents. The email claims to have been sent by Information Commissioner Christopher Graham, and says that he also works for the European Law Enforcement Agency. "Christopher Graham has never worked for the European Law Enforcement Agency and has not issued any letters asking individuals or organisations for m... read more»





Symantec warns of surge in malicious sites
(from v3 at 28-5-2010)
Spam, phishing and email-borne virus attacks all increased last month, as did the number of new sites harbouring malware, according to the latest MessageLabs Intelligence report from Symantec Hosted Services (SHS). The monthly report found that the global proportion of spam in email traffic from new and previously unknown bad sources rose to 90 per cent in May, an increase of 0.3 per cent. Global phishing activity reached one in every 237.1 emails, an increase of 0.2 per cent since April, ... read more»





Identity cards scheme will be axed 'within 100 days'
(from BBC at 28-5-2010)
The National Identity Card scheme will be abolished within 100 days with all cards becoming invalid, Home Secretary Theresa May has said. Legislation to axe the scheme will be the first put before parliament by the new government - with a target of it becoming law by August. The 15,000 people who voluntarily paid £30 for a card since the 2009 roll out in Manchester will not get a refund.... read more»





Asian firms can do more to protect data
(from ZDNet Asia at 28-5-2010)
Despite greater awareness among businesses in Asia on the need to protect data assets, security breaches seem to be on the increase across the region over the past year. The risk of a data breach is "now higher than ever before", Ng noted in an e-mail, particularly for organizations that have critical information assets including customer data and intellectual property. On a more positive note, awareness among Asian businesses about the importance of securing vital corporate information ha... read more»





Smart meters: Privacy warning over personal data
(from BBC at 28-5-2010)
A watchdog has said it will keep a close eye on energy companies over personal data held on smart meters. The devices, which show exactly how much gas and electricity is being used in a household, could contain a raft of private information. Every home in Britain is expected to be equipped with a smart meter by 2020 and the Information Commissioner's Office warned privacy must not be compromised.... read more»





Internet Security Software Alone Prevent Identity Theft
(from richardbulliet-ratfink at 28-5-2010)
It’s the swiftest growing and largest crime in America overreaching even drug trade. ID theft intrusions can come from a spread of sources and places where you hang out on the web. Even some of our fave sites like Face Book and My Space are not scam explanation and you can awfully simply lose your private info on the web in a selection of ways.... read more»





Interview - U.S. cyberdefence "close run thing" - NSA veteran
(from Reuters at 28-5-2010)
The U.S. government's defences against foreign cyber-foes are "very much a close-run thing" but experience has quickened and toughened its response to attack, a veteran of the National Security Agency (NSA) said on Thursday. "You are never going to be bullet-proof," Prescott Winter, a former chief information officer and chief technology officer for the NSA, the world's largest electronic eavesdropping agency, told Reuters on a visit to London.... read more»





Cybersecurity chief amplifies call for public-private teamwork
(from Government Computer News at 28-5-2010)
White House Cybersecurity Coordinator Howard Schmidt echoed the familiar call for public-private partnerships in securing the nation’s most critical computer networks, highlighting efforts in Washington to bolster cyber defense across military and industry that he said would yield results in coming weeks and months. Among the initiatives Schmidt emphasized are: * Re-examining the Federal Information Security Management Act for efficiency * Constructing federal policy to secure onl... read more»





BP says Gulf oil leak is 'environmental catastrophe'
(from CNN at 28-5-2010)
BP's top official, who had previously said the environmental impact on Gulf of Mexico would be modest, upgraded his assessment Friday to an "environmental catastrophe." Also Friday, engineers in the Gulf tried the "junk shot" method in an attempt to stop a massive oil leak in the Gulf of Mexico, BP's chief executive Tony Hayward said. The procedure involved shooting debris such as shredded rubber tires, golf balls and similar objects into the blowout preventer in an attempt to clog it and ... read more»





Europe warns Google, Microsoft, others about search data retention
(from Computer World at 28-5-2010)
Google, Microsoft and Yahoo are retaining detailed search engine data for too long and not making it sufficiently anonymous later, in violation of European law, the European Union's data protection advisory body has warned. The three companies received letters Wednesday from the Article 29 Data Protection Working Party, which oversees data protection issues in the E.U.... read more»





£15 a month for legal P2P?
(from The Register at 28-5-2010)
Over a quarter of file sharers would pay £14.50 a month for a legal P2P service, according to new survey of UK downloaders. A quarter also agreed with ISPs blocking web sites as a countermeasure against infringement. But around a third of pirates (34 per cent) reckoned that ISP threats would make no difference at all to their download habits. Yarr. The survey is law firm Wiggin's annual research into consumer and entertainment expenditure, this time conducted with Entertainment Media Research... read more»





Scam Alert - Uncovered: A network for selling ‘undetectable’ bots used for creating social network accounts
(from pandasecurity at 28-5-2010)
- An Internet portal offers bots designed for a range of activities at prices ranging from $95 to $225. The entire catalog of bots costs $4,500 - The creators claim that all bots are undetectable, as they randomly change users, agents and headers. They also include automated CAPTCHA generators PandaLabs, the anti-malware laboratory of Panda Security -The Cloud Security Company- alerts on a network selling bots specialized in targeting social networks and webmail systems. The publicly avai... read more»





Hack attack targets 4.3 million online CVs
(from PCPRO at 28-5-2010)
The personal details of 4.3 million job seekers may have been compromised in a “concerted and sophisticated” hack attack on Trinity Mirror's recruitment sites. According to Trinity Mirror, no actual CV details were exposed during the attack on sites such as Planet Recruit and JobSearch, even though the company believes email address and passwords may have been compromised. “Our security systems have detected a concerted and sophisticated attempt to hack into user accounts on our technology... read more»





One in 12 people sold fake tickets online
(from CityWire at 28-5-2010)
One in 12 people who buy tickets online is caught out every year by scam websites selling fake tickets and lose an average of £80, according to the Office of Fair Trading (OFT). The watchdog warned the 25,000 English football fans travelling to South Africa this year for the World Cup to be on their guard, as if they are caught out by ticketing scams they could be left miles from home, out of pocket and with no way to get to the event.... read more»





Threat of BT strike could affect internet and phone connections
(from Metro at 28-5-2010)
The threat comes as engineers look likely to walk out, complaining about their measly pay rise offers, while their bosses pocket millions. The Communication Workers Union said it would ballot up to 60,000 of its members for industrial action unless a two per cent pay offer was increased by Friday next week. CWU spokesman Kevin Slocombe said: ‘Many business and residential phonelines could go out of action, and if broadband crashes then thousands and thousands of people will find their inte... read more»





47% of IT pros see security audit costs going up in 2010
(from Help Net Security at 28-5-2010)
Forty-seven percent of IT security professionals believe that security audit costs will increase in 2010, according to a recent survey by nCircle, the leading provider of automated security and compliance auditing solutions. The online survey of over 250 security professionals was conducted between February 4 and March 12, 2010, and covered a range of security topics including smartphones, healthcare, cloud computing and social media.... read more»





The Technical Specification for the SCAP: SCAP Version 1.1 (DRAFT) - NIST Special Publication 800-126 Revision 1
(from NIST at 28-5-2010)
The National Institute of Standards and Technology (NIST) developed this document in furtherance of its statutory responsibilities under the Federal Information Security Management Act (FISMA) of 2002, Public Law 107-347. NIST is responsible for developing standards and guidelines, including minimum requirements, for providing adequate information security for all agency operations and assets; but such standards and guidelines shall not apply to national security systems. This guideline is cons... read more»





EU tells search firms to improve privacy
(from v3 at 28-5-2010)
Google, Microsoft and Yahoo have been told by the European Union that they must improve their online privacy processes by reducing the length of time they store browser-based data, and improving the way this data is anonymised. Jacob Kohnstamm, chairman of the Article 29 Working Party (WP29), Europe's data protection and privacy body, said in a letter to the companies' chief executives (PDF) that their current processes are not sufficient.... read more»





Study: Generation Y Taking Online Privacy to Heart
(from Yahoo at 28-5-2010)
Contrary to popular belief, younger Internet users are actually more vigilant about protecting the information they share online than their older counterparts, according to a new study from the Pew Internet & American Life Project. Nonetheless, people are more likely than ever to use the Web to search for people or monitor their friends, the report found. Of the 2,253 people polled by Pew, 71 percent of users 18 to 29 who use social networking sites have changed their privacy settings to limi... read more»





Mystery of fake BP Twitter account solved
(from CNet at 28-5-2010)
Along the beleaguered Gulf Coast, the emergency measure known as "top kill" appears to have halted the flow of oil from a ruptured offshore BP well--but the bogus Twitter sensation known as @BPGlobalPR continues to gush out black comedy gold. "Just got the concession call from Exxon Valdez. They were great competitors and remarkably evil about everything," the account, which claims to be written by the British oil giant's public relations department, tweeted shortly after the unfortunate reve... read more»





AFP to beef up internet child protection unit
(from SecureComputing at 28-5-2010)
The Australian Federal Police has earmarked an expansion of its team of agents that police the internet looking for child predators. Commissioner Tony Negus told Senate Estimates that the federal agency was "in the final processing of allocating [its] final internal budget."... read more»





5 reasons why the proposed ID scheme for Internet users is a bad idea
(from ZDNet at 28-5-2010)
Imagine waking up in a world, where you would need to use two-factor authentication, or perhaps even biometric based ID, in order to do anything online. The reason for this? Accountability and supposedly, prevention of cybercrime. This may well sound like the long-term reality, but Kaspersky’s CEO Eugene Kaspersky has been pushing the idea for years. According to a recently published article, he still believes that the time has come for a mass adoption of hardware IDs affecting every Interne... read more»





Phishing attacks back on the rise
(from v3 at 28-5-2010)
Phishing attacks rose last month after a period of decline, logging a three per cent increase to more than 18,000, with UK users on the receiving end of almost half of the scams, according to the latest Online Fraud Report (PDF) from RSA Security. A total of 18,080 attacks were recorded in April, an increase for the first time in three months, and the UK was the number one country by attack volume with 44 per cent of all attacks.... read more»





Alleged $100M scareware sellers facing charges
(from ComputerWorld at 28-5-2010)
Three men are facing federal fraud charges for allegedly raking in more than US$100 million while running an illegal "scareware" business that tricked victims into installing bogus software. Two of the men, Bjorn Sundin and Shaileshkumar Jain, operated an antivirus company called Innovative Marketing, which sold products such as WinFixer, Antivirus 2008, Malware Alarm and VirusRemover 2008. The third man charged, James Reno, ran Byte Hosting Internet Services, the company that operated Innova... read more»





China's Internet Crackdown
(from Forbes at 28-5-2010)
Tighten the screws. That's the Chinese government's response to growing corporate discontent with China's pervasive electronic censorship and surveillance system. Barely a month since Google pulled the plug on its China-based search engine, the Chinese government started demanding deeper corporate complicity with China's security agencies.... read more»





3 men charged in $100m scareware scam
(from The Register at 28-5-2010)
Federal prosecutors have accused three men of running an operation that used fraudulent ads to dupe internet users around the world into buying more than $100m worth of bogus anti-virus software. The defendants operated companies including Innovative Marketing and Byte Hosting Internet Services, which perpetuated an elaborate scheme that tricked internet publishers into posting malware-laced ads on their websites, according to an indictment filed Wednesday. The banners allegedly presented mes... read more»





How Do I Report Malicious Websites? Take 2
(from Internet Storm Center at 28-5-2010)
A Diary Entry that “Writes Itself” On my last shift, a reader asked: “How do I report Malicious Websites?” (http://isc.sans.org/diary.html?storyid=8719) I provided three ways one could report malicious URLs, IP addresses or hosts and requested your comments. There were a lot of suggestions, so I wanted to do a quick round up on this shift. Unfortunately it Became Complex. There was a long list of sites where you could submit a URL to a particular product, some that focused on parti... read more»





Information versus the silos
(from The Register at 28-5-2010)
The idea that ‘information is important and we want to do more useful things with it’ transcends technology by virtue of it having been true long before IT vendors wanted to talk about it. However, technology does have a key role to play in helping us exploit the information in our businesses, not least because of its ability to help us capture, sort, filter, transform and generally make sense of vast quantities of it.... read more»





Stolen Bord Gáis laptops not recovered
(from irishtimes at 28-5-2010)
None of the four laptops stolen from Bord Gáis last year - one of which contained personal data on 93,000 customers - has been recovered yet, a Joint Oireachtas Committee heard earlier today. Chief executive of Bord Gáis John Mullins told the Oireachtas Committee on Natural Resources that he could not give “100 per cent assurance” that the personal information on the stolen laptop will not fall into the wrong hands in the future. However, there is no evidence that anyone has accessed the data... read more»





Defacements Statistics 2008 - 2009 - 2010 First quarter
(from Zone-h at 28-5-2010)
When Zone-H started back in 2002, we were receiving an average of 2500 defacements monthly, this number keeps on increasing year after year. For example, the last month we registered over 95.000 defacements, while we only had 60.000 in 2009 for the same period. What we can also say from these numbers is that the methods used are still the same: most of the vulnerabilities exploited are on web applications. We also know from what we monitored that registrar attacks greatly increased the past y... read more»





Google misses German regulator Street Car Wi-Fi data grab deadline
(from The Register at 28-5-2010)
Google has failed to hand over some data it inadvertently collected from Wi-Fi networks to German regulators. Earlier this month German prosecutors launched an investigation into the company’s interception of private Wi-Fi data, after Google admitted that its world-roving Street View cars had scooped up information sent over Wi-Fi networks, thereby contradicting previous assurances that no such data had been collected by its snoopmobiles. Google decided to delay handing over some of the origi... read more»





Three men charged with $117m fake virus clean-up scheme
(from theage at 28-5-2010)
Three men have been charged in connection with a US$100 million Ukraine-based global fraud which tricked internet users into believing their computers were infected. Internet users in more than 60 countries purchased more than one million bogus software products from the three defendants, two Americans and a Swede, the US Justice Department said in a statement. Bjorn Daniel Sundin, 31, a Swedish citizen believed to be in Sweden, and Shaileshkumar Jain, 40, a US citizen believed to be livin... read more»





SANS WhatWorks in Incident Detection and Log Management Summit 2010
(from SANS at 28-5-2010)
The Incident Detection and Log Management Summit will offer two full days of content in a single track, consisting of expert keynotes, professional briefings and dynamic panels. It will concentrate on network-centric and host-centric methods to detect intruders that work in the real world. We will also focus on which logging configurations capture the history of a hacker's activity on your machine, from the establishment of unauthorized accounts to the installation of back-doors, enabling you... read more»





Security Concerns Less Considered
(from avertlabs at 28-5-2010)
Concern about security threats and such as malware and data loss is common and certainly warranted. But understanding of where threats come from varies. Most know Phishing, Spam, Adware, and PUPs are likely culprits and understand that any given site may become infected. But many don’t realize that some content types, even those welcomed into and used within business networks present specific risks.... read more»





Pentagon: Let Us Secure Your Network or Face the ‘Wild Wild West’ Internet Alone
(from Wired at 28-5-2010)
Companies that operate critical infrastructures and do not voluntarily allow the federal government to install monitoring software on their networks to detect possible cyberattacks would face the “wild” internet on their own and place us all at risk, a top Pentagon official seemed to say Wednesday. Defense Deputy Secretary William Lynn III, speaking at the Strategic Command Cyber Symposium in Nebraska, said we need to think imaginatively about how to use the National Security Agency’s Einstei... read more»





Japanese duo arrested over Hentai extortion virus
(from Sophos at 28-5-2010)
According to media reports, two men have been arrested in Japan in connection with computer malware which stole personal information and posted it on the internet. The men are said to have not only created the malware, but also been behind a fraudulent scheme whereby they contacted victims offering to remove their personal data from the internet - for a fee.... read more»





CARO Workshop 2010 - Day Two
(from Sophos at 28-5-2010)
Billy blogged yesterday about the first day of this year’s CARO conference. He has since developed a nervous tick whenever the words “exponential”, “growth” and “samples” are used in the same sentence. Luckily, today’s talks were much more upbeat. Instead of dwelling on the asymptotic apocalypse we’re all apparently hurtling towards, speakers presented case studies of some of the most interesting recent malware and practical methods for conducting analysis, classification and even testing.... read more»





Pakistan eases curbs on YouTube
(from BBC at 28-5-2010)
Pakistan has partially unblocked the YouTube video sharing website, but hundreds of its links to "blasphemous content" remain barred, officials say. The BBC's Aleem Maqbool in Islamabad says that YouTube is now working again, although internet downloads have been slower than usual. Our correspondent says that the Facebook website remains completely out of action. The sites were blocked when images of Prophet Muhammad appeared on Facebook. People were invited to draw images of him in the run-u... read more»





Zeus-Hosting Russian ISP Taken Offline
(from spamfighter at 28-5-2010)
PROXIEZ-NET, an Internet Service Provider based in Russia, that cyber-thieves popularly used for stealing logins for online banking is said to have been cut off from the Internet on May 14, 2010 following services severed from DIGERNET, the ISP's upstream provider. PROXIEZ-NET harbored around 13 command-and-control servers of the notorious Zeus Trojan prior to being cut off from DIGERNET. As per the reports, while PROXIEZ served as the Internet host for keylogging software of hackers as well ... read more»





Fraud Alerts Don’t Hurt Your Credit Score
(from The New York Times at 28-5-2010)
Earlier this month, the Phoenix New Times published an expose of LifeLock, an Arizona company that recently agreed to pay $12 million to settle charges from the Federal Trade Commission and 35 states that the company used false claims to advertise its identity theft protection services. For those not familiar with LifeLock, its major offering until recently was a service that would place a 90-day fraud alert on your credit files with the credit agencies Equifax, Experian and TransUnion and th... read more»





RFID virus scared 'hyped up'
(from theiet at 28-5-2010)
Mark Gasson, a senior research fellow working at the University of Reading’s ‘infected’ himself with a computer virus by implanting an RFID chip into his hand. Sophos experts claim that while it is possible to put any software code onto an RFID chip, the code would not be read until an RFID reader came into contact with the affected RFID chip. Furthermore, the software connected with the RFID reader itself would need to have a security vulnerability in order to allow the malicious code to be... read more»





Trend Micro warns of 419-style World Cup scams
(from SecureComputing at 28-5-2010)
Security experts are warning of yet more internet related scams designed to capitalise on this summer's World Cup tournament in South Africa by parting unsuspecting users from their cash. Gelo Abendan, of Trend Micro's technical comms team, wrote in a blog post of two separate spam runs exploiting the upcoming event. The first arrives in a .doc email attachment informing recipients of a 'Final Draw' competition run in part by the FIFA Organising Committee and offering a US$550,000 prize.... read more»





Authorities Shut Down Romanian ATM Skimmer Manufacturing Cybercriminal Ring
(from cyberinsecure at 28-5-2010)
The Romanian organized crime police has dismantled a major cybercriminal ring that specialized in manufacturing and selling ATM skimmers. Law enforcement officials descended at more than 40 locations in several cities and detained 20 suspects. Prosecutors from the Romanian Directorate for Investigating Organized Crime and Terrorism (DIICOT) are investigating multiple individuals under the suspicion of being members of an organized crime group, unauthorized access to a computer system, possess... read more»





Another Crime Server Discovered, Contained 44 Million Stolen Game Accounts
(from cyberinsecure at 28-5-2010)
Anti-virus company Symantec has discovered a server hosting the credentials of 44 million user accounts stolen from at least 18 different online games. Symantec, best known as the maker of the Norton software line, stumbled on the server while analyzing a user-submitted sample of code. What apparently got the company’s attention wasn’t the sheer size of the database but the creative way in which it went about validating each account. “What was interesting about this threat wasn’t just the sh... read more»





HMRC mails wrong private info to 50,000 taxpayers
(from The Register at 28-5-2010)
Her Majesty's Revenue and Customs apologised today for sending out private information to 50,000 tax credit recipients. One taxpayer who contacted The Register said: "We received our tax credit notice with our National Insurance details but on the back were two strangers' work, childcare and pay details." He then received a note from the Revenue which blamed a print supplier for wrongly preparing the notices.... read more»





Bhalotra to the White House
(from cybersecurityreport at 28-5-2010)
White House Cybersecurity Coordinator Howard Schmidt is expected to name Sameer Bhalotra his deputy cybersecurity coordinator soon. According to sources, Bhalotra, a professional staffer at the U.S. Senate, sent out notes last night informing people of his move to the White House. Bhalotra has gained deep respect within the ranks of cybersecurity circles as a strong cyber advisor. "It's a shame to see Sameer leave the Hill and SSCI, but this is a real coup for Howard Schmidt," said James L... read more»





Phishing attack behind our back..when we are not looking..
(from Azarask at 28-5-2010)
Most phishing attacks depend on an original deception. If you detect that you are at the wrong URL, or that something is amiss on a page, the chase is up. You've escaped the attackers. In fact, the time that wary people are most wary is exactly when they first navigate to a site. What we don't expect is that a page we've been looking at will change behind our backs, when we aren't looking. That'll catch us by surprise. ... read more»





Tallahassee Man Arrested in Child Pxxxgraphy Case
(from wctv at 27-5-2010)
On May 25, 2010 members of the North Florida Internet Crimes Against Children Task Force arrested a Tallahassee man and charged him with crimes relating to child pxxxgraphy. Agents from U. S. Immigration and Customs Enforcement (ICE), the Florida Department of Law Enforcement (FDLE) and the Leon County Sheriff’s Office (LCSO) executed a search warrant at 5169 Jackson Bluff Road, Tallahassee, FL. Members of the task force recovered computer equipment, child pxxxgraphic images and videos.... read more»





44 million stolen gaming credentials found in online warehouse
(from NetworkWorld at 27-5-2010)
Symantec says it has unearthed a server hosting the credentials of 44 million stolen gaming accounts -- and one of the most surprising aspects of it is that the accounts were being validated by a Trojan distributed to compromised computers. The purpose of this Trojan-based validation is apparently to figure which credentials are valid and can be sold. Symantec is calling this the Trojan.Loginck, and as described in a blog post by Symantec researcher Eoin Ward, the database of stolen informati... read more»





DoD Mulls Defending Key Private IT Systems
(from govinfosecurity at 27-5-2010)
The Pentagon has raised the possibility of the Defense Department becoming engaged in safeguarding nationally critical IT systems run by business. In a speech at the Strategic Command Cyber Symposium in Omaha, Neb., on Wednesday, Defense Deputy Secretary William Lynn III also outlined a major shift in DoD's approach to cybersecurity that includes drastically reducing the time to deploy IT security systems and the increased use of sophisticated technology tools to support the smaller-than-need... read more»





Facebook users want to 'opt-in' to share personal data, Sophos poll reveals
(from Sophos at 27-5-2010)
A poll of 605 Facebook users conducted by IT security and data protection firm Sophos in the wake of the latest changes to the social network's privacy settings has revealed the vast majority of users would favour default settings that do not automatically share their information. Facebook this week simplified its privacy settings - allowing users to control who can see their friends and pages, but the network's attitude to data privacy continues to attract criticism as it makes changes to th... read more»





The 8th annual PacSec conference will be held Nov 10/11 2010, at Aoyama Diamond Hall in Tokyo, Japan
(from Dragos Ruiu at 27-5-2010)
To address the increasing importance of information security in Japan, the best known figures in the international security industry will get together with leading Japanese researchers to share best practices and technology. The most significant new discoveries about computer network hack attacks will be presented at the eighth annual PacSec conference to be discussed. The PacSec meeting provides an opportunity for foreign specialists to be exposed to Japanese innov... read more»





EUSecWest 2010 MiniCFP - Jun 16/17
(from Dragos Ruiu at 27-5-2010)
One of our presenters was unable to get corporate approval for his travel and cancelled out. As such we are opening up one or two available slots for last minute submissions. We are also offering a referral bounty of a free conference registration for high quality replacement papers on short notice. (The Conference is on June 16/17 at the Melkweg in Amsterdam.) Please forward submissions to secwest10 [at] eusecwest.com, and please include the name of the referrer for the bounty award. ... read more»





FCC takes aim at the wireless industry
(from CNet at 27-5-2010)
The Federal Communications Commission, which has been taking a beating on proposed Net neutrality regulations, is lacing up the gloves again, this time to do battle with wireless carriers. While more than a few of the wireless carriers are the same companies going toe-to-toe with FCC Chairman Julius Genachowski over Net neutrality, the latest scrap is over a very different issue: billing. More specifically, those shocking bills consumers say they get from time to time from their wireless prov... read more»





Want Better Security? Reward Your Provider
(from DarkReading at 27-5-2010)
Managed security contracts that reward providers for notifying their clients of breaches provide better security, according to a mathematical analysis conducted by three researchers at the University of Texas at Dallas and the Middle East Technical University. The research, which will be presented at the Workshop on the Economics of Information Security (WEIS) 2010 next month, analyzed a common type of contract used today in which a provider assesses a fee for its managed security service, bu... read more»





Image-wary youth leaders in online privacy
(from nzherald at 27-5-2010)
What's that? A young college grad lecturing her elders about online privacy? It might go against conventional wisdom, but a new report from the Pew internet & American Life Project is adding fuel to the argument that young people are fast becoming the gurus of online reputation management, especially when it comes to social networking sites. Among other things, the study found that they are most likely to limit personal information online - and the least likely to trust free online service... read more»





Anti-Clickjacking Defenses 'Busted' In Top Websites
(from DarkReading at 27-5-2010)
Turns out the most common defense against clickjacking and other Web framing attacks is easily broken: Researchers were able to bypass frame-busting methods used by all of the Alexa Top 500 websites. The new research from Stanford University and Carnegie Mellon University's Silicon Valley campus found that frame-busting, a popular technique that basically stops a website from operating when it's loaded inside a "frame," does not prevent clickjacking. Clickjacking attacks use malicious iFrames... read more»





Online File Transfer Fraud
(from Symantec at 27-5-2010)
In May 2010, a phishing website was observed to be spoofing a leading, legitimate brand that provides online file transfer services. These services help people to send, receive, or host files of large sizes. Email messages typically have a limitation in the size of file that can be attached, and so online file transfer is often utilized as an alternative for sending large files. For an online file transfer, customers need to enter the recipient’s email address, select the required file, and ... read more»





BitTorrent Inc. open sources new P2P protocol
(from h-online at 27-5-2010)
BitTorrent Inc., the company behind the popular BitTorrent peer-to-peer file sharing protocol, has announced that its uTorrent Transport Protocol (uTP) code is now available as open source. The uTP protocol is aimed at maximising network throughput while minimising network congestion, providing a better overall experience for both ISPs and end users. Additionally, uTP is said to work well within home networks, preventing one system using BitTorrent from consuming the whole network.... read more»





EFA takes anti-filter line to families
(from SecureComputing at 27-5-2010)
Electronic Frontiers Australia (EFA) today launched a new campaign urging Internet-savvy Australians to discuss the Government's Internet Filter proposal with their mums. At 7am this morning, EFA unveiled its 'It's time to tell mum' website that encourages visitors to connect with family members over Facebook, Skype, SMS, e-mail, or in person. EFA vice chair Geordie Guy said the campaign targeted people in their teens and twenties, who were "likely to have a mum who may not know about filt... read more»





Facebook the new battleground for spam, malware: Sophos
(from TechWorld at 27-5-2010)
Facebook and Twitter users beware. Hackers and spammers are focusing on social networking sites, according to security firm Sophos. In the early days of the Internet, email used to be the major carrier of spam messages on the web. Today, according to Sophos, spammers have shifted to social networking sites - where users are many and prevalent - in carrying out their dastardly deeds. Compromised social networking accounts are just like PCs with botnets installed on them, according to Claren... read more»





Hackers targeting phone systems, warn Australian police
(from ZDNet at 27-5-2010)
The Australian Federal Police warned Australian IT security professionals to do penetration testing on their telephone systems or risk having their private branch exchange hacked. "[Private automatic branch exchange] PABX hacking and fraud... is happening more and more," Australian Federal Police (AFP) investigator Alex Tilley said at last week's AusCERT 2010 conference. "It's been around for donkey's years, but in the last few months we've seen domestically and globally a major up kick in t... read more»





Breakdown of all the major online threats in May
(from Net-Security at 27-5-2010)
Latest MessageLabs Intelligence Report reveals that nine out of ten spam emails now contain a URL link in the message. In May, five percent of all domains found in spam URLs belonged to genuine web sites. Of the most frequently used domain names contained in spam URLs, the top four belong to well-known web sites used for social networking, blogging, file sharing and host other forms of user-generated content. While Rustock is the botnet that uses the greatest number of disposable domains, Sto... read more»





VoIP-Aided Security Threat: Telephony Denial of Service
(from About at 27-5-2010)
The FBI calls it Telephony Denial of Service (TDOS). It is a new and growing kind of security attack that is not centered around VoIP itself but that uses VoIP to better do the job. The operation is carried out in two parallel moves - on one side, a genuine attack is done on a person's interest in a bank, financial institution or other company; on the other side, the person's the person's phone line is flooded at the same time with 'spam' calls in order to block other calls from coming in. T... read more»





New undersea cable feeds African botnets
(from TechWorld at 27-5-2010)
Spam coming from Africa could be about to boom thanks to new broadband infrastructure in the Eastern half of the continent, according to Symantec’s MessageLabs division. The proportion of global spam sent by Africa is still a tiny 3 percent, by MessageLab’s reckoning, but that is up from the 2 percent in April 2009. At a time when global spam levels are stable, the extra 1.2 billion spam emails is large enough to count as a new trend.... read more»





Gulf oil spill: BP says 'top kill' plug going to plan
(from BBC at 27-5-2010)
BP says its operation to pump mud into a breached Gulf of Mexico oil well to try to stem the flow of oil caused by a rig explosion is going to plan. The US government is backing the "top kill" procedure, which has never been tried at such a depth. BP is under intense pressure to succeed after previous attempts to stem the leak failed. President Obama is expected to announce tough new drilling regulations after a key report into the spill is released. The preliminary report from the US Depart... read more»





Cyber criminal activity on the rise in Turkey, data show
(from hurriyetdailynews at 27-5-2010)
According to the latest data by Trend Micro, a leading Internet security company, more than 2 million computers were hacked and 476 million spam e-mails were sent in Turkey between June 2009 and May 2010. With Internet an increasingly integral part of daily life, criminals are finding new playgrounds in cyberspace.... read more»





Virtualization, Cloud Computing, and Green IT Summit 2010
(from zoomerang at 27-5-2010)
The 1105 Government Information Group - publishers of Federal Computer Week, Government Computer News, and Washington Technology, is pleased to announce a Call for Participation in the Virtualization, Cloud Computing, & Green IT Summit, to be held October 26-27, 2010 at the Grand Hyatt Hotel in Washington, DC. This is your opportunity to recommend topics, speakers, and case studies for consideration in this event focused on using innovative efficiency tools to "do more with less" in public ... read more»





Hackers Target Small Businesses
(from The New New internet at 27-5-2010)
The Better Business Bureau of Minnesota and North Dakota and the Minnesota Cyber Crime Task Force are urging all small businesses with outdated or lacking online security software to be aware of foreign hackers stealing credit card information and then selling it on the web. Businesses targeted by these cyber intrusions could be liable for any losses involving stolen credit card data, which could potentially bankrupt smaller enterprises. All small businesses that process, store or transmit cr... read more»





Who is the biggest threat to business security? Staff or cyber criminals
(from News at 27-5-2010)
Traditionally, companies have considered disgruntled employees to pose the greatest risk, having access to passwords, information, systems and networks - and if they work in the IT department, administrator privileges. What's more, they usually know what they are looking for and what it might be worth to a competitor. But recent research shows that organised cyber gangs intent on cracking into corporate networks in the same way they might target a bank vault are a far greater threat to bus... read more»





Eclipse Summit Europe 2010 call for papers
(from eclipsecon at 27-5-2010)
The Eclipse Foundation has announced that it is currently seeking submissions from attendees for talks, papers and tutorials for this year's Eclipse Summit Europe. The fifth annual summit will take place from the 2nd to the 4th of November in Ludwigsburg, Germany. Sessions can range from short talks lasting approximately 25 minutes to longer talks (55 minutes) and symposia or tutorials, which can last up to four hours. Submissions will chosen by the ESE 2010 Program Committee, led by Program ... read more»





Malaysia to collaborate in fight against cyber crime
(from Malaysia in focus at 27-5-2010)
Malaysia’s Information Communication and Culture Minister, Datuk Seri Dr Rais Yatim, said that the country plans to work in collaboration with a number of countries in the fight against cyber crime. “The rise in cyber security attacks over the last few years reinforces the urgency to address the issue through the establishment of appropriate global frameworks for assessment and exchange of information related to cyber security,” he said at the opening of the World Information and Communicatio... read more»





India can thwart cyber attacks: DoT official
(from India4u at 27-5-2010)
India has the capability to thwart cyber attacks and has formed response teams to tackle such threats, Mr R N Jha, Deputy Director-General (International Relations) of Department of Telecommunications in the Union Ministry of Communications and IT, has said. Addressing reporters on the sidelines of ITU's World Telecom Development Conference (WTDC-2010) here on Wednesday, Mr Jha said a cyber war would be more catastrophic than a nuclear war.... read more»





Supercomputer tapped for 3D models of oil spill
(from Government Computer News at 27-5-2010)
The National Science Foundation has made an emergency allocation of 1 million compute-hours on a supercomputer at the Texas Advanced Computing Center at the University of Texas to create 3-D models of the spreading oil spill in the Gulf of Mexico, according to published reports. "The goal of this effort is to produce models that can forecast how the oil may spread in environmentally sensitive areas by showing in detail what happens when it interacts with marshes, vegetation and currents," wro... read more»





Google faces German Street View data blunder deadline
(from BBC at 27-5-2010)
Google has not handed over sensitive data requested by German authorities, despite a deadline of 26 May. Dr Johannes Caspar, the Information Commissioner for Hamburg, Germany, told BBC News that there was "no sign" of the requested hard disk The firm has until midnight to hand over data harvested by its Street View cars from private wi-fi networks.... read more»





Morally right to try hacker McKinnon in UK, says Nick Clegg
(from Computer Weekly at 27-5-2010)
Deputy prime minister Nick Clegg has repeated his view that self-confessed hacker Gary McKinnon should be tried in the UK, but said the government lacked the power to reverse some of the legal decisions that had led to McKinnon's possible extradition to the US. Clegg told a BBC radio station that the government was studying the situation very carefully. Morally "it was the right thing to do" to try McKinnon in the UK, he said. Judges were expected to review former home secretary Alan Johns... read more»





Microsoft plans further botnet shutdowns following success against Waledac
(from Computer Weekly at 27-5-2010)
Microsoft is planning to replicate the success in shutting down the Waledac botnet in February with similar operations. The operation pulled together researchers, security suppliers and legal experts to shut down Waledac's command and control domains and disable the botnet's peer-to-peer communications. Botnets are usually difficult to take down because they typically involve multiple legal jurisdictions, said Richard Boscovich, senior attorney at Microsoft's Digital Crimes Unit (DCU).... read more»





United Kingdom Country Report - United Kingdom 2010 NIS Report on Measures against Cybercrime
(from Enisa at 27-5-2010)
The European Networks and Information Security Agency (ENISA) conducted a comprehensive study on the status of network and information security (NIS) in Europe. The goal was to produce a series of country reports regarding the "state of the art of NIS in each European country. The countries covered by this report are Austria, Belgium, Bulgaria, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherland... read more»





P2P lender Prosper in firefighting mode following botched platform switch
(from Finextra at 27-5-2010)
US peer-to-peer lender Prosper is still struggling to reconcile user accounts three weeks after botching a major upgrade to a new loan servicing platform. The switchover to the new platform was a major project that involved the integration of more than 2 million loan based transactions. Most of the problems related to the interface between the Prosper Web site and the new loan servicing platform, which resulted in loan data being inaccurately displayed to users accessing their accounts and, "... read more»





DHS official stresses cybersecurity is industry's responsibility
(from nextgov at 27-5-2010)
Contractors that fail to live up to security requirements in federal technology contracts should be held accountable, even if the vulnerabilities originated in products or capabilities provided by suppliers, a top Homeland Security Department official said on Tuesday. In most business situations, "if we have a contractual arrangement and you fail [to meet the requirements], I have legal recourse," said Richard Marshall, director of global cybersecurity management at DHS.... read more»





Former FBI employee sentenced for leaking classified papers
(from Washington Post at 27-5-2010)
A Silver Spring man who worked as a linguist for the FBI was sentenced Monday to 20 months in prison for leaking secret documents to a blogger. But federal prosecutors in Maryland have remained mum about exactly what was contained in the classified papers that Shamai K. Leibowitz, 39, gave the unnamed blogger in April 2009, while he worked on contract for the FBI. According to court records, the documents concerned "communication intelligence activities."... read more»





ACLU Testifies On Preserving Free Speech And Privacy Rights In Online Counterterrorism Practices
(from American Civil Liberties Union at 27-5-2010)
Anthony D. Romero testified today before a key House Homeland Security subcommittee about the importance of steadfastly preserving privacy rights and free speech while continuing effective counterterrorism efforts online. While acknowledging the challenges posed by the cyber-revolution in protecting the Internet, Romero urged members of the Homeland Security Committee to not only allow the Internet to remain an unfettered place of freedom and anonymity but to ensure the free speech and privacy r... read more»





Australia falls behind Mongolia, global average on Internet speed
(from Computer World at 27-5-2010)
Australian Internet speeds are below average and behind the likes of Mongolia and Liechtenstein, according to Ookla's new Net Index tool. Australians have an average Internet download speed of 6.28 megabits per second (Mbps), behind the global average of 7.67Mbps. South Korea boasts the highest speeds, at 34.14Mbps, while Sudan suffers with an average of 0.34Mbps, according to Net Index....read more»





New undersea cable feeds African botnets
(from TechWorld at 27-5-2010)
Spam coming from Africa could be about to boom thanks to new broadband infrastructure in the Eastern half of the continent, according to Symantec’s MessageLabs division. The proportion of global spam sent by Africa is still a tiny 3 percent, by MessageLab’s reckoning, but that is up from the 2 percent in April 2009. At a time when global spam levels are stable, the extra 1.2 billion spam emails is large enough to count as a new trend.... read more»





British researcher cracks crypto problem
(from ZDNet at 27-5-2010)
A British researcher has helped put into practice an encryption scheme that could better protect sensitive data while it is being used in systems such as health-care computing. The scheme involves fully homomorphic encryption, an approach that allows computation to be performed on encrypted data without the need to decrypt the data, according to Nigel Smart, professor of cryptology in the Department of Computer Science at the University of Bristol.... read more»





Internet Privacy Worries Are Eroding, Pew Finds
(from Yahoo News at 27-5-2010)
Facebook chief executive Mark Zuckerberg's vision for a less private Internet is slowly coming to fruition, a survey by the Pew Internet & American Life Project suggests. Compared to 2006, Internet users are now less concerned with the amount of information available about them online. Moreover, the percentage of people who take steps to limit this online information has dropped over the last three years.... read more»





Application Security - Who Is Responsible?
(from eweekeurope at 27-5-2010)
If the software industry can't make applications secure, should governments wade in with regulations? Peter Judge thinks not. When your car fails, you can sue the manufacturer. But if your software turns out not to be secure, you may have a lot more trouble. Because in the IT world, these things are all too often the user’s responsibility. Last week, most of the people involved in the government of the UK were busy determining who’d do what in the new coalition government (or else who’d run t... read more»





Government Computing News Password Contest
(from Imperva at 27-5-2010)
In January of this year, Imperva published a study of 32 million passwords. Last week, Government Computing News asked readers for their thoughts on devising safe, strong passwords. Responses read like a personality test. Some users relied on recent golf scores, others on favorite books or poems. The winner? Ron from Indiana. His approach is worth reading. The approach, he wrote, is: “as strong as random generated passwords. I work for a business that stores business and medica... read more»





Businesses could use US cyber monitoring system
(from Yahoo News at 27-5-2010)
A U.S. government computer security system that can detect and prevent cyber attacks should be extended to private businesses that operate critical utilities and financial services, a top Pentagon official said Wednesday. William J. Lynn III, the deputy defense secretary, said discussions are in the very early stages and participation in the program would be voluntary. The idea, he said, would allow businesses to take advantage of the Einstein 2 and Einstein 3 defensive technologies that are ... read more»





USDA 2010 Cyber Security Summit
(from fbcinc at 27-5-2010)
Progress and Change - Building the Foundation to Safeguard USDA Information and Digital Assets. Keynote Speaker : 9:45 - 10:15 (invited, awaiting confirmation) Howard A. Schmidt, White House Cyber Security Coordinator Track 1: CISO Panel Discussion Moderator Charles T. McClam, Deputy Chief Information Officer, USDA Track 2: Identity Theft Maneesha Mithal, Assistant Director, Federal Trade Commission’s Division of Identity Protection Track 3: Financial Controls/A123 Update Annie ... read more»





Pakistan lifts ban on YouTube, Facebook
(from The Sydney Morning Herald at 27-5-2010)
Pakistan unblocked popular video sharing website YouTube late Wednesday after banning it in the wake of public outrage over "blasphemous" content. "YouTube has been unblocked, but the links to sacrilegious content would remain inaccessible in Pakistan," Khurram Mehran, Pakistan Telecommunication Authority (PTA) told AFP. Earlier interior minister Rehman Malik said Pakistan was to lift a ban on Facebook and YouTube in the next few days.The PTA banned access to Facebook and YouTube and other li... read more»





Australian Parliament House content goes common
(from Computer World at 27-5-2010)
The Australian Parliament House (APH) website is next in line for a Creative Commons licence, according to a spokesperson for the APH. The wesbite is currently undergoing redevelopment and is due to go live by October this year, with all content falling under a Creative Commons by attribution (CC BY) license. It follows the same license being issued for the 2010/2011 Federal Budget. Labour Senator Kate Lundy flagged the changes in a recent speech given to the Gov 2.0 Expo in the US. While a s... read more»





Spam and the law
(from Securelist at 27-5-2010)
Spam is illegal in many countries and Russia is certainly no exception. So why then is it mostly left up to the technical experts to try to combat the problem when it could be argued that the legislature should be leading the crusade? In this article we will discuss anti-spam legislation as it exists in different countries around the world, focusing on how effective such legislation is and what prevents it from being more so. What makes spam so dangerous and why is it so difficult to combat? ... read more»





Canada reintroducing anti-spam legislation
(from Sophos at 27-5-2010)
Today, media outlets are reporting that the Canadian federal government is reintroducing a previously set-aside Anti-spam legislation. Bill C-28 also known as the “Fighting Internet and Wireless Spam Act”, will be mostly identical to the previous version. Similar to legislation already in place in other countries, the proposed legislation has provisions to prohibit sending commercial emails including text messages unless there is an expressed or implied consent from the recipient. In addition... read more»





EU says Google and Microhoo still violate data protection law
(from The Register at 27-5-2010)
A panel of European Union data protection authorities has told Google, Microsoft, and Yahoo! that their data retention policies still do not comply with EU law. On Tuesday, the Article 29 Data Protection Working Party — an independent advisory body on data protection and privacy — sent public letters to the three major search engines saying that although it welcomes their efforts to bring their data retention policies in line with the law, they haven't gone far enough. With the letters, the W... read more»





Android App Aims to Allow Wiretap-Proof Cell Phone Calls
(from Forbes at 27-5-2010)
Worried about the NSA, the FBI, criminals or cyberspies electronically eavedropping on your private phone calls? There may be an untappable app for that. On Tuesday, an independent hacker and security researcher who goes by the handle Moxie Marlinspike and his Pittsburgh-based startup Whisper Systems launched free public betas for two new privacy-focused programs on Google's Android mobile platform: RedPhone, a voice over Internet protocol (VoIP) program that encrypts phone calls, and TextSec... read more»





4 Cyber Trends That Must Be Reversed Now
(from greylogic at 27-5-2010)
One: Congress is writing legislation for a domain that they don’t understand, to fix a problem whose scope is unknown because its victims are reluctant to report incidents. Two: Financial institutions would rather write off 20% losses to cyber crime as a cost of doing business than invest in hardening their networks, which would cost them money and potentially expose them to a shareholder lawsuit for not maximizing profits. Three: The Department of Defense is struggling to fit present-day ... read more»





Bit9 Announces Results of the “2010 What’s Running on Your Users' Desktops?” Survey
(from hostexploit at 27-5-2010)
Bit9, Inc., the pioneer and leader in Application Whitelisting, today announces the results of its 2010 survey of unauthorized software in enterprise and government networks. In a survey of 1,282 IT professionals, Bit9 found that enterprise and government desktops are polluted with unauthorized software ranging from P2P software, toolbars and games to ransom-ware, Trojans and Chinese spyware. What the survey reveals an eye-opener for organizations that are concerned about targeted attacks, Ma... read more»





Hackers Place Racist Message On Miami Road Sign: “No Latinos, No Tacos”
(from cyberinsecure at 27-5-2010)
Hackers in Miami targeted an electric billboard placing the slogan “No Latinos No Tacos” on a flashing construction sign on a major roadway in south Florida. The sign was supposed to be displaying a message warning drivers that the coming exit was closed to traffic. Officials attempted to change the text on the sign back to its intended message, but were unable to do so and were forced to simply turn off the sign. Miami police are investigating the incident.... read more»





Foxconn Website Defaced After iPhone Assembly Plant Suicides
(from cyberinsecure at 27-5-2010)
A subtle defacement of the website of electronics manufacturer Foxconn has drawn further attention to an alarming spate of worker suicides at a plant in southern China. Nine of the workers at a Shenzen plant where iPhones and other hi-tech kit is assembled have killed themselves this year, with a further two unsuccessful suicide attempts. In a satirical response, Foxconn’shuman resources site was hacked with a spoof ‘We’re Hiring’ notice.... read more»





It's Time For a New Privacy Model
(from threatpost at 26-5-2010)
The current raft of stories about privacy problems on Facebook and other high-profile sites is leading to a renewed consideration in some circles of whether there's a need for tighter government regulation of sites' privacy policies and user notifications. Regulation, experts say, may be the only real way to force sites to respect users' privacy. This is by no means the first time that there has been a call for better regulation of privacy. There have been periodic uprisings on this issue for... read more»





Lincoln: technology issues exposed customer data since 2002
(from databreaches at 26-5-2010)
It was a series of technology issues, dating back to 2002, that Lincoln National Life Insurance and Lincoln Life & Annuity say resulted in the potential exposure of personal information of customers to other clients and their agents. In a letter dated May 17 to the New Hampshire Attorney General’s Office, attorneys for Lincoln explain that when their system generates correspondence to a client, an e-copy is automatically stored in the client’s correspondence file so that the client and their ... read more»





Miami construction signs hacked to read 'No Latinos,' 'No Tacos'
(from Palmbeachpost at 26-5-2010)
Long-standing digital construction signs along the Palmetto Expressway on Tuesday morning were apparently hacked to flash two messages: "No Latinos" and "No Tacos." WTVJ-Ch. 6 reports the signs on the northbound side of the 826, right near the Northwest 25th Street exit, have since been turned to face away from the road. There is speculation that someone hacked into the signs overnight. Officials say the signs are password-protected.... read more»





Malware modularization and AV detection evasion
(from SANS at 26-5-2010)
Modularization of malware is something we have been seeing for quite some time already. Authors of malware often build various modules that allow them to extend functionality of malware but also to make analysis more difficult. The rationale behind this is pretty simple – if this particular infected machine does not need the module that, for example, attacks a certain bank it will not be downloaded and installed. This makes it more difficult for the AV vendors to collect all samples of vario... read more»





Hackers take down city of Denver website
(from kdvr at 26-5-2010)
Hackers have managed to take down the city of Denver's website for the second time in less than a week. If you visited the denvergov.org website Tuesday morning, you landed on a page that told you the site was undergoing maintenance. The site was back up and operating normally by midmorning. Hackers got into the site late Monday and the site was immediately taken down according to Eric Brown, a spokesman for Mayor John Hickenlooper.... read more»





Anatomy of a Modern Compromised Website
(from threatcenter at 26-5-2010)
In the security community, little attention is paid to compromised websites that don't serve up malware. The malicious URL lists maintained by the anti-virus companies, by Google, and by nearly every other source of malicious URLs rely on anti-virus to trigger on exploits and malware to determine if a site is malicious. In a few select cases, behavioral analysis may be used to determine if a visit to a website will lead to an infected computer. But sites that are taken over by hackers are freque... read more»





IT departments require more than encryption to securely track manage and protect mobile data
(from SecurityPark at 26-5-2010)
The increasingly mobile nature of data has resulted in growing pressures on IT departments. There was a time, not too long ago, when data was secured primarily due to the physical security of the building where it was located. Now, with the ubiquitous use of laptops and handheld devices, a secure physical environment, while requisite, is no longer sufficient. As we enter a new decade, IT departments are faced with a proverbial “perfect storm” when it comes to securing data. Departments are de... read more»





Industry gears up for Random Hacks of Kindness event
(from SecureComputing at 26-5-2010)
Some of the IT industry's biggest names are lending their support to Random Hacks of Kindness (RHoK), a weekend of hard coding where volunteer engineers seek to solve real-world problems. Google, Microsoft, Yahoo, Nasa and The World Bank are founding partners in RHoK, which this year takes place on June 4-6. The 'hackathon' will kick off in Washington, DC, with global satellite events going on around the world in Jakarta, Sydney, Nairobi and Sao Paolo and there's a special two day workshop at... read more»





'Internet is infested with mal-intended people', warn experts
(from newKerala at 26-5-2010)
Like the real world, the internet is also infested with mal-intended people looking for an opportunity to steal and with India witnessing a multifold rise in cyber crime in the last few years, netizens in the country must take all possible precaution, experts warned today. Launching a 'cyber safety week' in Mumbai, in association with the city police, NASSCOM and NetMonastery NSPL, the experts acknowledged that the internet offers a wide range of services from finance management to utility bi... read more»





Remember the Alureon: Rootkit Sinks Its Roots
(from mcpmag at 26-5-2010)
Remember Alureon, the pesky rootkit, which hit the Windows enterprise scene in 2006 and absolutely bum rushed some Windows systems earlier this year? Microsoft does and will for quite some time. The rootkit, which also goes by some of its technical aliases -- TDSS, Zlob and DNSChanger -- has to date infected nearly 2 million Windows systems. Alureon is the guest of honor rootkit in Microsoft's recently released May Threat Report. Alureon accounted for 18 percent of all malware-infected Win... read more»





Watching Out For Criminal Hacks
(from Finextra at 26-5-2010)
We use the web to search out tons of information, to shop online and to connect with friends and family. And in the process criminals are trying to whack us over the head and steal from us. And they’ve become very proficient at their craft while most computer users know enough about protecting themselves today as they did 15 years ago. Which equates to not so much. Back in the day, a person only had to know not to open a file in an attachment from someone they didn’t know. Maybe even not open... read more»





Notorious internet company shut down
(from BCS at 26-5-2010)
A notorious internet firm that made its money hosting online criminal content has been shutdown and ordered to pay back its profits. The US Federal Trade Commission (FTC) used legal action to close Belize based service provider 3FN after numerous illegal activities were linked to the company. The FTC said that amongst other forms of malicious content the company had hosted bot-nets, spam sites, child pornography and phishing websites.... read more»





Facebook reveals 'simplified' privacy changes
(from BBC at 26-5-2010)
Social network Facebook has said it will offer a one-stop shop for privacy settings in response to user concerns. Mark Zuckerberg admitted the settings had "gotten complex" for users. It follows a storm of protest from users over a series of changes on the site that left its members unsure about how public their information had become.... read more»





Bit9 Announces Results of the '2010 What’s Running on Your Users' Desktops?' Survey
(from hostexploit at 26-5-2010)
Bit9, Inc., the pioneer and leader in Application Whitelisting, today announces the results of its 2010 survey of unauthorized software in enterprise and government networks. In a survey of 1,282 IT professionals, Bit9 found that enterprise and government desktops are polluted with unauthorized software ranging from P2P software, toolbars and games to ransom-ware, Trojans and Chinese spyware. What the survey reveals an eye-opener for organizations that are concerned about targeted attacks, Ma... read more»





Public Comment: April 2010 DNS-CERT Operational Requirements & Collaboration Analysis
(from hostexploit at 26-5-2010)
ICANN is today opening a public comment period on the April 2010 DNS-CERT Operational Requirements and Collaboration Analysis Workshop Report (with Minority Statement). In advance of the ICANN Brussels meeting, ICANN is seeking comments on the potential requirements identified in the workshop report, DNS Security response gaps. In addition, ICANN is publishing the Summary & Analysis of Comments on the Security Strategic Initiatives and Global DNS-CERT Business Case papers, and the DNS-CERT Co... read more»





Deadly phone number of doom disconnected
(from The Register at 26-5-2010)
A Bulgarian phone number featuring nine eights has been cut off after three successive owners died in suspicious circumstances. The details come courtesy of the Telegraph, which reports that the first owner of 0888 888 888 died of cancer aged 48, while the next two were gunned down following shady business dealings. Such circumstances surely prove that the number is genuinely cursed, or maybe that criminals in Bulgaria with too much money to spend tend to wind up dead.... read more»





Mitigation, not prohibition, is best response to social media’s security risks
(from FCW at 26-5-2010)
Although an all-out prohibition might seem to be the simplest way to deal with the security risks of social media, it is not necessarily the wisest approach. The technology does introduce numerous risks, including the possibility that an employee might speak on an agency’s behalf without approval or even post sensitive or classified information inappropriately. Also, ill-intentioned actors might pose as social network friends to obtain such information — what’s known as social engineering. An... read more»





Major Step Ahead for Cryptography
(from ScienceDaily at 26-5-2010)
Imagine you could work out the answer to a question, without knowing what the question was. For example, suppose someone thinks of two numbers and then asks another person to work out their sum, without letting them know what the two numbers are. However, they are given an encryption of the two numbers but not told how to decrypt them. Nigel Smart, Professor of Cryptology in the Department of Computer Science at the University of Bristol, will present a paper in Paris May 26, which makes a st... read more»





A Cyberattack With That Latte?
(from cybersecurityreport at 26-5-2010)
Researchers at the University of Calgary in Canada have a new security threat they want you to know about. Typhoid adware. From a press release on the attack: Adware is software that sneaks onto computers often when users download things, for example fancy tool bars or free screen savers, and it typically pops up lots and lots of ads. Typhoid adware needs a wireless internet cafe or other area where users share a non-encrypted wireless connection. "Typhoid adware is designed for... read more»





Four-year-old rootkit tops the charts of PC threats
(from InfoWorld at 26-5-2010)
Microsoft just released its May Threat Report, and the results should give you pause. With nearly 2 million infected systems cleaned, the nefarious Alureon rootkit came out on top. Since it first appeared in 2006, Alureon (known in various incarnations as TDSS, Zlob, or DNSChanger) has morphed into a mean money-making marvel: a varied collection of Trojans most famous for their ability to invisibly take control of your PC's interactions with the outside world. Alureon frequently runs as a roo... read more»





Firms not required to inform victims of privacy breach under new rules
(from Canada at 26-5-2010)
Companies get to decide whether to tell their customers they've lost their personal information or hackers have stolen it, according to legislation tabled Tuesday by the Conservative government. The proposed amendments to Canada's private sector privacy law will require banks, retailers and other companies to inform Canada's privacy watchdog if they've experienced a "material" data breach of personal information. Factors for determining if the mandatory reporting rule kicks in include the sen... read more»





Capital One: Who’s in their database?
(from databreaches at 26-5-2010)
On May 18, Capital One notified the New Hampshire Attorney General’s Office that a “fraud ring may have obtained certain customer information.” The personal information included names, addresses, account numbers, Social Security Numbers, and “other sensitive information.” According to the letter to affected individuals from James McFadden, Vice President Chief Privacy Officer, the compromise may have occurred between December 2009 and February 2010.... read more»





Twitter For iPhone Attracts Malware
(from Information Week at 26-5-2010)
Recent top 10 Twitter topics -- "Lost finale," "Geek Pride," "Uniqlo Lucky Line" -- may sound innocent enough, but attackers are increasingly using them to serve malware to unsuspecting users. One recent attack, which aims to swipe users' banking information, is capitalizing on the release of the first official Twitter iPhone application. Click a link in an attacker's Twitter post -- one offending message says it's the "Official Twitter App" -- and get directed to a website hosting a Trojan a... read more»





Hackers delay seniors' payout
(from straitstimes at 26-5-2010)
THE RM100 (S$42.15) payment due to 18,000 senior citizens by mid-May has been delayed by a month as the computer system of the state government's appreciation programme for senior citizens was hacked early this month. State Welfare, Health, Caring Society and Environment Committee chairman Phee Boon Poh said the affected senior citizens are those who had gone overseas and those whose vouchers were returned by the banks due to technical errors when the money was handed out last month. 'The ... read more»





Rais vows to be tough on cyber crime
(from the malaysian insider at 26-5-2010)
Malaysia will not treat cyber crime lightly because obtaining information communication technology (ICT) through the Internet and broadband is fraught with dangers which need to be addressed, said Information Communication and Culture Minister Datuk Seri Rais Yatim. He said that although the international Internet protocol advocated by some parties was that there should be no restraint, guidance or screening on the Internet, Malaysia held on to its stand that cyber crime was not a matter that... read more»





IT Security Requires More Transparency
(from Government Information Security at 26-5-2010)
It's a not-too-uncommon sight: high-ranking government officials and top private-sector security experts sitting around a conference table complaining about the lack of information sharing between the two groups. It's a subject that seems to come up over and over again. There are some fundamental issues at play here. For instance, the challenge of government sharing classified information with specific businesses that don't have the appropriate security clearances. But new intermediaries that... read more»





Don't treat cyber crime lightly
(from Yahoo at 26-5-2010)
Malaysia will not treat cyber crime lightly because obtaining information communication technology (ICT) through the Internet and broadband is fraught with dangers which need to be addressed, said Information Communication and Culture Minister Datuk Seri Rais Yatim. He said that although the international Internet protocol advocated by some parties was that there should be no restraint, guidance or screening on the Internet, Malaysia held on to its stand that cyber crime was not a matter that... read more»





Upcoming IOUG Webinar - A Journey Through Enterprise Database Security for DBAs
(from Integrigy at 26-5-2010)
Integrigy's CTO, Stephen Kost, will be presenting an Independent Oracle User's Group (IOUG) educational webinar as part of IOUG's Database Security Technical Education Series. A Journey Through Enterprise Database Security for DBAs Stephen Kost, Integrigy Wednesday, May 26, 1:00pm - 2:00pm CT This presentation is intended for Database Administrators. It will detail the enterprise database security requirements, regulatory requirements and monitoring of databases.... read more»





Minister unveils 2010 quantum security
(from ITweb at 26-5-2010)
A quantum cryptography system to secure communication channels during the World Cup was officially launched by minister of science and technology Naledi Pandor. The system will secure the network linking the Moses Mabhida stadium and the Joint Operation Centre, in Durban. According to the Centre for Quantum Technology (CQT), at UKZN, which developed the system in partnership with the eThekwini Municipality, the aim is to provide ultra high data security, including telephone, Internet, video,... read more»





Businesses lag in moving away from IE6 and its vulnerabilities, study says
(from Network World at 26-5-2010)
Microsoft's Internet Explorer continues to dominate corporate browser use more so than it does private use, with its nearest rival, Mozilla's Firefox, lagging far behind with one in seven businesses opting for it, according to data collected by Internet-based security service Zscaler. Businesses are also more careless about upgrading IE than the general public with 27% still using IE6, which has known vulnerabilities, says Zscaler, including the one that led to the notorious Aurora attack aga... read more»





Next steps for continuous network monitoring
(from Government Computer News at 26-5-2010)
A blend of new guidance, increased oversight and expected legislative reforms are collectively elevating the importance of continuous monitoring of government networks, a panel of security experts said Monday at the 30 th annual Management of Change conference held by American Council of Technology and Industry Advisory Council. All three developments reflect the conclusion that agencies must monitor their networks continuously and manage security risks more effectively — and move beyond cur... read more»





Microsoft Appeal on Alcatel-Lucent Case Rejected
(from ITPro Portal at 26-5-2010)
The US Supreme Court has refused to hear Microsoft's appeal against a lower court's decision to allow mobile maker Alcatel-Lucent to seek damages worth $358 million. The lower court had found that the date-ticker function present in Microsoft's Outlook software had infringed patents held by Alcatel-Lucent, which had emerged from Bell Labs as Lucent Technologies.... read more»





Ireland First To Use 'Three Strikes' Rule On Piracy
(from ITPro Portal at 26-5-2010)
Ireland has become the first country to implement a 'three strikes' rule on piracy, cutting off users' Internet connections for copyright theft for the first time. Eircom voluntarily agrees to follow the 'three strikes and you're out' procedure to deal with copyright infringement by its users, after facing a lawsuit filed by major music labels, the Irish Times reports. Eircom will give a friendly notice to internet users found accessing data illegally for the first time.... read more»





Google Hands Over Street View Wi-Fi Data
(from ITPro Portal at 26-5-2010)
Google has announced that it has safely retrieved and secured the Wi-Fi data that company said had been "accidentally" captured by its Street View cars. The announcement comes after the company was served with a class-action lawsuit, demanding that the company disclose how it plans to handle the situation. According to a court filing made by Google in the Oregon federal court, the company said that it had copied all the data onto hard drives and handed them over to San Francisco-based info... read more»





Cyber crime: victims don't know whom to call
(from DNAIndia at 26-5-2010)
“There is a huge amount of under reporting in cases of cyber crime; people who have been victims do not register complaints fearing that it would make them objects of ridicule or their reputation might get damaged,” IPS officer Pratap Reddy from Karnataka said. “With the advent of social networking sites, people, including celebrities and VVIPs post scraps and messages about their activities. This can easily reveal their location and plans and they may become targets of criminals. People need... read more»





Queen's speech: Cuts start with ID cards, but broadband still a priority
(from Computer Weekly at 26-5-2010)
The Queen has named high-speed broadband roll out and the abolition of the national ID cards project as priorities for the coalition government in the coming 18 months. Her speech at the state opening of parliament also mentioned a commitment to removing barriers to flexible working. The Identity Documents Bill, if enacted, will "scrap ID cards, and require the destruction of all personal information gathered from existing cardholders and currently held in the National Identity Register", ... read more»





Student Sues School for Damages in Sxxting Case
(from Wired at 26-5-2010)
A former Pennsylvania high school student has sued school and county officials for damages in a controversial sxxting case. The student alleges a violation of her constitutional rights, in a civil suit filed last week that could serve as a cautionary tale to other officials considering punishing students over risque self-portraits.... read more»





Update: Key Dem lawmakers call for rewrite of 1996 Telecom Act
(from The Washington Post at 26-5-2010)
Update: With letter from 74 Democratic lawmakers to FCC Chairman, opposing plan to redefine broadband. Key Democratic lawmakers said Monday that they are seeking to update communications laws, a move aimed at clarifying murky interpretations over federal oversight of the Internet. In a brief statement, Congressional Commerce Committee chairmen Sen. John D. Rockefeller IV (D-W.Va.) and Rep. Henry A. Waxman (D-Calif.) said they would "start a process to develop proposals" to update the Commu... read more»





Security Innovation Grant
(from Team Cymru at 26-5-2010)
The Dragon Research Group (DRG) expects to award an investment of up to $10,000 (US) to the most innovative project in the area of information security. Administered by the Dragon Research Group, an all volunteer research organization, dedicated to further understanding of online criminality and to provide actionable intelligence for the benefit of the entire Internet community, the grant is entirely and solely funded by a personal donation from Robert O. Thomas III. The grant is expected to be ... read more»





Businesses lag in moving away from IE6 and its vulnerabilities: study
(from Computer World at 26-5-2010)
Microsoft's Internet Explorer continues to dominate corporate browser use more so than it does private use, with its nearest rival, Mozilla's Firefox, lagging far behind with one in seven businesses opting for it, according to data collected by internet-based security service Zscaler. Businesses are also more careless about upgrading IE than the general public with 27% still using IE6, which has known vulnerabilities, says Zscaler, including the one that led to the notorious Aurora attack aga... read more»





Modern Technical Security, Privacy & Confidentiality Threats
(from countersurveillance at 26-5-2010)
This in-depth course will acquaint students with fundamental principles of Technical Surveillance Counter-Measures (TSCM) and foster a comprehensive understanding of today’s growing security threats and the requisite safeguards and countermeasures to detect and neutralize a broad spectrum of modern electronic attacks. • Information Security Threats In Modern Society • Computer Compromises - Identification of Computer Spyware & Keyloggers - Introduction to Packet Sniffers & WiFi Threats - ... read more»





First human 'infected with computer virus'
(from BBC at 26-5-2010)
A British scientist says he is the first man in the world to become infected with a computer virus.Dr Mark Gasson from the University of Reading contaminated a computer chip which was then inserted into his hand. The device, which enables him to pass through security doors and activate his mobile phone, is a sophisticated version of ID chips used to tag pets. In trials, Dr Gasson showed that the chip was able to pass on the computer virus to external control systems. ... read more»





Information security salary: Determining the value of security skills
(from TechTarget at 26-5-2010)
In order to align compensation expectations appropriately with their skills and their worth to a current employer, information security professionals must understand their market value. And, while there are not absolute metrics that will enable an individual to determine fair compensation with absolute certainty, this month's career tip outlines three key factors to help security pros determine their market value and, in turn, increase their salary negotiating power. Functions closely aligned... read more»





Spyware Installed on Student Laptops Has More Security Problems
(from Wired at 26-5-2010)
A remote administration program installed on student laptops by a Pennsylvania school district and used by numerous companies to manage their computers is even more vulnerable than previously reported. The LANrev program can be exploited from anywhere on the internet, not just from an attacker on the same local area network as a victim’s computer, according to researchers who say that a second key used by the system is just as insecure as one that was previously disclosed.... read more»





German watchdog tells firms to do own US privacy checks
(from The Register at 26-5-2010)
German privacy watchdogs have told companies to conduct their own checks of US companies' conduct before passing personal data to them, even if they are signed up to the EU-US 'Safe Harbor' data protection scheme. The Düsseldorfer Kreis is an informal group of Germany's private sector data protection watchdogs. It has said that companies must not simply take US companies' word on their compliance with EU privacy principles if they plan to send personal data to them. They must make their own c... read more»





74 Democrats defy Obama man's net neut plans
(from The Register at 26-5-2010)
Seventy-four Democratic members of the US House of Representatives have sided with telcos in the ongoing dust-up over the Federal Communications Commission efforts to preserve net neutrality. "We urge you not to move forward with a proposal that undermines critically important investment in broadband and the jobs that come with it," reads a letter from Houston, Texas Rep Gene Green, signed by a total of 74 members of Obama's own party.... read more»





Call For Papers - Penn State Harrisburg's Intelligence Community Center for Academic Excellence (IC CAE) Symposium
(from Seclists at 26-5-2010)
Penn State Harrisburg's School of Public Affairs invites proposals for papers, presentations, and panel discussions to be presented at the first Intelligence Community Center for Academic Excellence Symposium, Thursday and Friday, September 23-24, 2010,in Harrisburg, Pa. Potential topics: * Careers in the intelligence community * Cyber security and information assurance * Border security * Critical infrastructure protection (CIP) * Intelligence and information sharing - domestic and inte... read more»





Default Database Passwords Still In Use
(from Dark Reading at 26-5-2010)
The rampant use of default passwords within live database environments continues to plague the security of enterprise data, researchers say. "It's a problem that has been around for a long, long time," says Alex Rothacker, manager of Team SHATTER, Application Security Inc.'s research arm. "A lot of default passwords out there get installed when you deploy a database, you install an add-on to it, or even if you install a third-party application that uses the database."... read more»





Denver's website hacked twice in one week
(from Denver Post at 26-5-2010)
The city and county of Denver website was pulled down Monday night after it was hacked, the second such attack in a week. Eric Brown, a spokesman for the mayor's office, said he didn't know what time the site was breached and when it might be restored. Starting about 8 a.m. Thursday, Denvergov.org was down for six hours after it was hacked. Brown said he did not know whether the cases were related. Denver police are investigating both attacks. The hacker's page was pulled down before... read more»





The Silver Surfer fights cybercrime
(from IT Pro at 26-5-2010)
Who better to fight cybercrime than the Silver Surfer? According to Marvel this superhero has the power cosmic and can absorb and manipulate ambient cosmic energies from the universe to fight off any foe. But forget the Fantastic Four where Silver Surfer first appeared over forty years ago, this time we have Prime Minister Cameron and Sidekick Clegg to thank. To thank, that is, for bringing the crime fighting superheroine to our attention. Ah yes, did I mention that the silver surfer in quest... read more»





Chinaz.com compromised
(from Websense at 26-5-2010)
Websense Security Labs ThreatSeeker Network has discovered that the speed testing site of chinaz.com has been compromised. Chinaz.com is a very famous Web master site that provides technical and resource downloading services in China. The daily traffic to this site is over 50,000 hits, and it has a very high Alexa rank of 179. The injected subdomain speed.chinaz.com is the page that supplies tools for testing the speed of Web sites. http://community.websense.com/cfs-file.ashx/__key/Commun... read more»





Mountain View delivers Google Analytics opt-out
(from The Register at 26-5-2010)
Mountain View has released a browser add-on that opts you out of Google Analytics, the traffic monitoring service now used by 71 per cent of the top domains on the interwebs. Google announced the plug-in on Tuesday with a post to its Public Policy blog, following through on a promise it made in mid-March. The plug-in is currently labeled as a "beta."According to a study from the University of California, Berkeley, Google Analytics was used on 71 per cent of roughly 400,000 top domains as of M... read more»





CeBIT 2010: Federated login unecessary for most - Human Services
(from ComputerWorld at 26-5-2010)
Australia's only federated login for government services, the Australian Government Online Service Point, isn't necessary for most government departments, according to the Department of Human Services deputy secretary of ICT infrastructure, John Wadeson. The login system, available on the australia.gov.au website, allows users to sign-on to different government services through a single portal. However, so far, the service is only available for Centrelink, Medicare and Child Support; all unde... read more»





A Matter of Trust: 10 Places Google Collects User Data
(from techi at 26-5-2010)
By now, everyone in the tech world and beyond has heard about Google’s data collection from unsecured Wi-Fi networks in Germany. What you may not have known, however, is that Google has been collecting detailed user data since day one. Why? Essentially, as market research, which is then used to enhance their services. While the improvements that come as a result of Google’s data collection may benefit us all, it does come at a cost. Do you really want Google to have databases full of infor... read more»





New cyber security centre to combat major threats
(from The Age - Australia at 26-5-2010)
Threats to sensitive computer networks lurk everywhere and with a few mouse clicks, organised criminals and hackers could shut down vital government, industry and military networks. But a team of analysts at a new cyber center in the US are using a wide range of tools to identify potential attacks, correlate data from around the world, and preempt future hits. "Our adversaries will hide. They have every motivation not to be seen," said Harold Jones, technical director of cyber warfare, BAE In... read more»





'BAE looks to draw government cyber work'
(from Yahoo News at 26-5-2010)
Threats to sensitive computer networks lurk everywhere and with a few mouse clicks, organized criminals and hackers could shut down vital networks that run the U.S. government, industry and military. But a team of analysts at a new cyber center run by the North American unit of Britain's BAE Systems are using a wide range of tools to identify potential attacks, correlate data from around the world, and preempt future hits.... read more»





Web hoster Media Temple shut down by attack
(from CNet at 26-5-2010)
Media Temple, Web hosting provider for Adobe, ABC, Sony, NBC, Time, Volkswagen, and Starbucks, was hit with a sophisticated distributed denial-of-service (DDoS) attack Tuesday. The outage began about 3:50 p.m. PDT, when Media Temple's domain name servers were deluged by a flood of traffic coming from outside the U.S., and lasted less than an hour, according to the Los Angeles-based company's blog. "Due to the sophistication of the attack, our normal DDoS firewall prevention techniques didn... read more»





Phones become hacker favourite: AFP
(from ZDNet at 26-5-2010)
The Australian Federal Police (AFP) warned Australian IT security professionals at last week's AusCERT 2010 conference to do penetration testing on their telephone systems or risk having their PABX hacked. "PABX hacking and fraud ... is happening more and more," AFP investigator Alex Tilley said. "It's been around for donkey's years, but in the last few months we've seen domestically and globally a major up kick in the amount of money that's being lost through PABX hacking," he said. Tille... read more»





Prison sentence in the Scientology cyber attack case
(from Help Net Security at 26-5-2010)
Brian Thomas Mettenbrink from Nebraska has been sentenced to a year in federal prison for his participation in the cyber attacks on the Church of Scientology's servers a couple of years ago. Metterbrink pleaded guilty in January. Back then, he admitted that he downloaded computer software from an “Anonymous” message board and used that software to bombard Scientology websites to the point that it impaired the integrity and availability of those websites in a variation of a DDoS attack.... read more»





CeBIT 2010: Government CIO pushes for in-house IT workforce
(from CIO at 26-5-2010)
The CIO of the federal Department of Education, Employment and Workplace Relations, Glen Archer, has admitted there are fewer places for IT contractors in Canberra, but stopped short of saying there in a new skills crisis in the nation's capital. Last week recruitment firm Peoplebank claimed IT contractors are fleeing Canberra causing a new skills drought. At an address at the CeBIT conference in Sydney this week, Archer spoke about the level of IT staff in the captial and said there is fu... read more»





Tabnabbing - A New Type of Phishing Attack
(from Azarask at 26-5-2010)
The web is a generative and wild place. Sometimes I think I missed my calling; being devious is so much fun. Too bad my parents brought me up with scruples. Most phishing attacks depend on an original deception. If you detect that you are at the wrong URL, or that something is amiss on a page, the chase is up. You’ve escaped the attackers. In fact, the time that wary people are most wary is exactly when they first navigate to a site. What we don’t expect is that a page we’ve been looking a... read more»





Students' personal data exposed after USB drive stolen
(from Sophos at 26-5-2010)
A school in Woodbridge, Virginia, held a meeting with parents last night to discuss the loss of a USB flash drive containing personal information about students. Lake Ridge Middle School posted an advisory on its website explaining that the USB drive was used by by school administrators "to contact parents in the event of an emergency occurring after school hours or under circumstances where the school building might become inaccessible or require evacuation."... read more»





Mistakes in silicon chips to help boost computer power
(from BBC at 26-5-2010)
Silicon chips that are allowed to make mistakes could help ensure computers continue to get more powerful, say US researchers. As components shrink, chip makers struggle to get more performance out of them while meeting power needs. Research suggests relaxing the rules governing how they work and when they work correctly could mean they use less power but get a performance boost. Special software is also needed to cope with the error-laden chips.... read more»





The 10 Best Hacks of 2010 (So Far)
(from Network World at 26-5-2010)
In honor of Geek Pride Day, Towel Day, and the Glorious 25th of May, here are ten of our most favorite hacks featured in Geek Tech in the last five months, running the gambit from phone, car, and CPU mods. Read on for some great moments in geek! Of all the mind-bending news items that have come out in the last few months, this one was up there on the ridiculous-o-meter: getting an iPhone to run the Android operating system. It's like a Hackintosh in reverse!... read more»





Social media the new battleground for spam, malware
(from Computer World at 26-5-2010)
In the early days of the internet, email used to be the major carrier of spam messages on the Web. Today, according to security solutions firm Sophos, spammers have shifted to social networking sites -- where users are many and prevalent -- in carrying out their dastardly deeds. Compromised social networking accounts are just like PCs with botnets installed on them, says Clarence Phua, ASEAN regional sales manager of Sophos. "[That makes] social networking accounts valuable to hackers, becaus... read more»





Obama urged to fast-track cybersecurity policy
(from federalnewsradio at 25-5-2010)
Tune in weekdays at 30 minutes past the hour for the latest cybersecurity news on The Federal Drive with Tom Temin and Amy Morris (6-10 a.m.) and The DorobekInsider with Chris Dorobek (3-7 p.m.). Listen live at FederalNewsRadio.com or on the radio at 1500 and 820 AM in the Washington, D.C. metro area. * The Obama administration is coming under increasing pressure from industry professionals to fast-track cybersecurity policies announced a year ago. United Press International reports that ... read more»




U.S. Leads in Malicious Web Content, but Southern Neighbors Are Danger Zones
(from Govtech at 25-5-2010)
Although the U.S. has far and away the highest number worldwide of Web servers infected with malicious content, the real danger is coming from its neighbors to the south, according to a study released Monday. Zscaler, a software-as-a-service security provider, released its report, State of the Web -- Q1 2010 on May 24, 2010, the second report of its kind conducted by the company. The data for this current period -- January through March -- analyzed worldwide Internet traffic and found that mo... read more»
Reblog this post [with Zemanta]

Disqus for ePayment News