Saturday, May 15, 2010

Internet (Lack of) Security News through 5/15





This Free IT-Security news feed is provided by E-Secure-IT; the most comprehensive and complete Business Risk Management Intelligence Service and IT-Security Risk and Threat Early Warning Service available in the market today. Visit us at www.e-secure-it.com or email more-info@e-secure-it.com for more information on our available services.




























































































































































































































































































































































































































Security Guard Pleads Guilty to Hacking His Employer
(from PCWorld at 15-5-2010)
A former security guard has pleaded guilty to charges that he broke into his employer's computers while working the night shift at a Dallas hospital. Jesse William McGraw pleaded guilty Friday to two counts of transmitting malicious code, the U.S. Department of Justice (DoJ) said in a statement. The 25-year-old hacker wasn't hard to catch; he posted videos of his misadventures to YouTube. In one video, he pretends to break into the hospital, saying he's "infiltrated a very large corporate ... read more»





Latvian Police Decline to Hold Database Hacker
(from PCWorld at 15-5-2010)
Latvian law enforcement officials are close to finishing their investigation of an artificial intelligence researcher who gained access to a government database, releasing sensitive salary information on Twitter. Ilmars Poikans was questioned and released by authorities on Thursday, said Zane Maskalonoki, spokeswoman for the Latvian state police. Poikans, an artificial intelligence researcher with the University of Latvia, was cooperative and not a danger to the public, she said. The case ... read more»





Gary McKinnon lawyers lobby new home secretary
(from BBC at 15-5-2010)
The new home secretary has been urged to overrule her predecessor's decision to allow the extradition of UK computer hacker Gary McKinnon. Mr McKinnon's lawyers have made "representations" to Conservative Theresa May as part of a long campaign to prevent a US trial for their client. A judge is due to rule on whether the previous home secretary Alan Johnson was wrong to allow the extradition.... read more»





UK to kill off national ID card program
(from NetworkWorld at 15-5-2010)
The U.K.'s new coalition government plans to cancel the national ID card program, calling it part of a "substantial erosion of civil liberties" that took place under the former Labour government. Following an election last week where no party gained a majority in Parliament, the Conservatives and Liberal Democrats allied to form a new government with David Cameron as prime minister.... read more»





Boffins warn on car computer security risk
(from The Register at 15-5-2010)
Computer scientists have carried out one of the first detailed security analyses of the security implications of increased use of computer systems in cars, finding systems surprisingly easy to hack or disrupt. A research paper from academics at the University of Washington and the University of California, San Diego, evaluates the implications of the cars that rely on the smooth operation of dozens of networked computer processors to monitor and control key systems.... read more»





Google says mistakenly got wireless data
(from Reuters at 15-5-2010)
Google Inc said its fleet of cars responsible for photographing streets around the world have for several years accidentally collected personal information -- which a security expert said could include email messages and passwords -- sent by consumers over wireless networks. The company said on Friday that it is currently reaching out to regulators in the relevant countries, which include the United States, Germany, France, Brazil and Hong Kong in China, about how to dispose of the data, whic... read more»





Another hacker arrested on TJX data-theft charges
(from InfoWorld at 15-5-2010)
A Ukrainian national has been arrested in India in connection with the most notorious hacking incident in U.S. history. Sergey Valeryevich Storchark was one of 11 men charged in August 2008 with hacking into nine U.S. retailers and selling tens of millions of credit card numbers. He was arrested in India earlier this week, according to a spokesman with India's Central Bureau of Investigation (CBI)....read more»





Cyber Challenge: 10,000 Security Warriors Wanted
(from campustechnology at 15-5-2010)
The Cyber Challenge has set as its national goal to identify and train an army of cybersecurity experts to help fill shortages in industry and government. Campuses like Cal Poly are helping to lead the charge. Karen Evans understands the need for online security--and for people who really know how to implement it properly. Evans, who spent 28 years with the federal government in the Office of Management and Budget as administrator for e-government and IT and CIO for the Department of Energy, ... read more»





Facebook Tightens Login Security Features
(from esecurityplanet at 15-5-2010)
In an effort to shore up security on its site, Facebook has released a pair of authentication tools that aim to prevent unauthorized access to users' profiles. The new security systems approach authentication by monitoring for suspicious logins and allowing users to register the devices they use to access their account. One feature Facebook is rolling out seeks to preempt unauthorized access to a user's account. When someone tries to log in to an account from a device that Facebook doesn't... read more»





Phishers Pedaling Facebook Scams in Record Numbers
(from esecurityplanet at 15-5-2010)
Phishers looking to snag users' personal banking and credit card information have taken a shine to the world's largest social networking site, according to the latest Internet security report from antivirus software vendor Kaspersky Lab. Through the first three months of 2010, Facebook's share of phishing attacks surged to 5.7 percent, placing it fourth on the list of most-targeted Web sites behind only PayPal, the runaway favorite for phishing attacks -- accounting for more than 52 percent o... read more»





Court rejects Qchex’s appeal
(from databreaches at 15-5-2010)
The Ninth Circuit Court of Appeals today affirmed a lower court ruling against Qchex. The Federal Trade Commission had brought the action against Qchex, claiming that Qchex violated federal law by operating an online check creation and delivery service with inadequate safeguards in place to prevent fraud. The lower court’s decision, issued in February 2009, had permanently barred Neovi, Inc., doing business as Neovi Data Corporation and Qchex.com, G7 Productivity Systems, Inc., James M. Danfo... read more»





4 Romanians charged in $182G bank fraud scheme
(from nhregister at 15-5-2010)
Four Romanian citizens have been indicted on charges related to a multi-state ATM scam through which they allegedly installed “skimming devices” and pinhole cameras in order to steal customers’ banking information. Two of the men employed the scam at People’s United Bank in Madison in September 2009, and used the information to make unauthorized withdrawals in Madison and Greenwich, as well as in New York, according to a statement from the U.S. Department of Justice. Dragos Osanu, 29; Ion ... read more»





Los Angeles Firemen's CU Has Data Breach
(from cutimes at 15-5-2010)
The $889 million Los Angeles Firemen's Credit Union has notified some of its more than 28,000 members that private information may have been compromised. The May 10 letter from CEO Michael Maestro said that “an extremely small percentage” of member files were “not properly moved” when the CU relocated from an old location. The data that could have been compromised included members names, addresses, phone numbers, account numbers, social security numbers and other identifiers. The CU sought... read more»





Google mistakenly collected WiFi data
(from CNN at 15-5-2010)
Google disclosed Friday that its Street View cars had mistakenly collected data about the Web sites users were visiting on open wireless Internet networks. Alan Eustace, a senior executive in Google's engineering and research department, apologized for the mistake in a blog post and said the company is working with regulators to dispose of the data. "We are profoundly sorry for this error and are determined to learn all the lessons we can from our mistake," Eustace wrote.... read more»





Lawyers make plea to May over hacker's extradition
(from Scotsman at 15-5-2010)
THE Home Secretary came under pressure yesterday to overrule her predecessor's decision to allow the extradition to the United States of computer hacker Gary McKinnon. Mr McKinnon's lawyers made representations to Theresa May yesterday in the latest bid to stop him facing trial in the US. A High Court judge is due to rule on whether Alan Johnson was wrong to allow the extradition. Mr McKinnon's lawyer, Karen Todner, said: "We hope the new Liberal-Conservative government will act upon their... read more»





Gary McKinnon: Theresa May urged to block extradition order
(from Guardian at 15-5-2010)
Campaigners for the computer hacker Gary McKinnon have called for support from the new coalition government in their latest bid to overturn a decision to allow him to be extradited to the US. Alan Johnson, the former home secretary, previously ruled that McKinnon, 43, could be removed for trial in the US for hacking into US military computers. He faces up to 60 years in a high security prison if convicted in the US. Both David Cameron and Nick Clegg have in the past publicly criticised pla... read more»





'Bulletproof' ISP for crimeware gangs knocked offline
(from The Register at 15-5-2010)
One of the internet's most resilient and crimeware-friendly networks was knocked offline Friday after the plug was pulled on its upstream service provider, security watchers said. Russia-based PROXIEZ-NET lost its connection to the internet at about 3 am California time, according to Zeus Tracker, a website that monitors the status of internet service providers used to control PCs infected by the notorious Zeus crimeware package. Before it was disconnected, the "bulletproof" provider hosted 1... read more»





2010 SCIP European Summit Call for Proposals - 15th European Competitive Intelligence Summit
(from Scip at 15-5-2010)
The Society of Competitive Intelligence Professionals (SCIP) and the Frost and Sullivan Institute bring you the 15th European Competitive Intelligence Summit, November 16-18, 2010. SCIP continues to develop and provide educational programming and networking opportunities for its members all over the world. In an effort to appeal to the pan-European audience this Summit will feature up to three concurrent tracks. The 2010 SCIP European Competitive Intelligence Summit will begin accepting pr... read more»





Malware: To create or not create. THAT is the question!
(from avertlabs at 15-5-2010)
The Anti-Malware Testing Standards Organization (AMTSO) has published a paper on its website that addresses one of the most controversial subjects in anti-virus testing – Issues involved in the “creation” of samples for testing. Many people within AMTSO (and I want to remind all our blog readers that this organization includes people from academic institutions, publishers, independent members as well as AV researchers) have traditionally felt that no malware should ever be created, period. Th... read more»





How many Fortune 500 Companies Compromised? Answer Inside
(from RSA at 15-5-2010)
The correct answer is 88%, and truth be told, this is probably a conservative estimate. Virtually every company has employees that were infected with Trojans, and bring the problem into the office. These Trojans are busy moving terabytes of corporate data to stealthy drop zones scattered around the Dark Cloud of the Cybercrime infrastructure.... read more»





'Delete Facebook account' is trending on Google
(from Sophos at 15-5-2010)
Wow. If you were any doubt as to whether an anti-Facebook sentiment was growing amongst the public - presumably concerned about privacy issues on the social network - check this out. Google Trends currently has "Delete Facebook account" as the ninth hottest search in the last hour in the USA. That must mean that a lot of people are investigating how to delete their Facebook account right now. Facebook's bosses might be wise to rethink some of their policies, and make their users' privac... read more»





Revisiting the Advanced Persistent Threat
(from Damballa at 15-5-2010)
Ever since the Google hack disclosures back in January this year, the term “Advanced Persistent Threat” (or “APT” if you prefer to use TLA’s) has been tossed about in various forums and associated with security, hacking, terrorism, state sponsored attacks, botnets, advanced malware, next generation malware, etc. – the net result is that the term means quite different things to different people.... read more»





Google stops sniffing Wi-Fi data after privacy gaffe
(from ComputerWorld at 15-5-2010)
Google has decided to stop its Street View cars from sniffing wireless networking data after an embarrassing privacy gaffe. The company revealed Friday that Street View vehicles had been sniffing the content of users' Internet communications on open wireless networks, despite the company's earlier statements to the contrary. Google has since discovered that it has been mistakenly collecting the content of communications from non-password-protected Wi-Fi networks, the company said in a stateme... read more»





Up to 50,000 sites may appear in Russian domain by end of 2010
(from hostexploit at 15-5-2010)
The number of websites using addresses in the Cyrillic Internet domain may reach 25,000-50,000 by the end of 2010, the Russian media and communications minister told journalists on Thursday. "Commercial sites will start operating from the fall and [the websites of] government entities may begin from summer. According to our forecasts, their number may reach 25,000-50,000 by the end of the year," Igor Shchegolev said.... read more»





Arabic domain names has been hailed as a milestone. But a milestone to where?
(from hostexploit at 15-5-2010)
Egypt, Saudi Arabia and the United Arab Emirates now have a green light, as well as the technical ability, to allow their citizens to type a domain name in their browsers in Arabic. Not a single Latin character need be included. The virtual world's main operator, ICANN (The International Consortium for Assigned Names and Numbers) has hailed the development as a "milestone" in Internet history....read more»





Google to offer encrypted search next week
(from CNet at 15-5-2010)
Google plans to offer encrypted search next week, it announced Friday in disclosing an embarrassing Street View privacy gaffe. Google's Marissa Mayer, vice president of search products and user experience, hinted that such a feature was coming Thursday during a question and answer session at Google's annual stockholder meeting. But the company must have decided it could no longer wait following the disclosure that it had improperly collected Internet usage data from Wi-Fi hot spots as part of... read more»





DHS Unveils Security Grants of $789 Million
(from hostexploit at 15-5-2010)
The Department of Homeland Security will issue new security grants for critical infrastructure that total $789 million, covering ports, freight rail and transit systems plus buffer zones around sensitive facilities including chemical and power plants. Early word on how some of the grants would be parceled triggered sharp criticism from some New York lawmakers that the DHS was cutting security spending there, just after a would-be bomber left a vehicle with explosives in Times Square.... read more»





Bots For Tweets - TwitterNET Builder
(from hostexploit at 15-5-2010)
Security experts have discovered a new tool that can be used to initiate denial-of-service attacks using micro-blogging site Twitter. The DIY tool is currently being freely distributed on the Internet with the capability to attack users' systems in order to start a distributed denial-of-service attack (DDoS) on the aimed Web sites and to download malicious files.... read more»





2010 Sees Upswing in Arrests, Prosecution of Cyber Criminals
(from hostexploit at 15-5-2010)
F-Secure yesterday released the first part of its 2010 security review, which notes a significant success in arresting and prosecuting cyber criminals around the world, a development the company hopes will be a permanent move for law enforcement to identify, seize and prosecute cyber criminals. 2010 sees upswing in arrests and prosecution of cyber criminals... read more»





Identity Theft Scammers Getting Personal
(from hostexploit at 15-5-2010)
Jennifer Fitzgerald became a victim of identity theft this morning, but they’re not just going after her, they’re also trying to scam everyone she knows in the process. “Here’s an email I just got back,” Fitzgerald said as she reads from her computer screen, “’I have already given you the information to send it to. Here it is again. Get back to me with the Western Union information.’” Someone is posing as Fitzgerald, emailing all of her contacts saying she is in desperate need of cash. ... read more»





Security goes to the movies: Iron Man 2
(from ComputerWorld at 14-5-2010)
The summer blockbuster season officially kicked off last Friday with Iron Man 2, an action-packed superhero flick that had the fifth-highest-grossing opening weekend in Hollywood's history. Whether you like the movie or not, at least one thing about it rings true — the plot and the characters provide a striking reflection of today's tech security industry. Spoiler alert: We do discuss major plot points in this article. If you haven't seen the movie, keep reading at your own risk.... read more»





May 2010 Web Server Survey
(from Netcraft at 14-5-2010)
Four of the five major web servers gained hostnames since last month. Google lost for the second month in a row with a drop of 1.4M hostnames, predominantly caused by expired sites in its blogging system. Although Microsoft served 780K more hostnames this month, it actually lost 235K active sites. As with Google, this was due to a significant loss of blogging sites. The biggest change this month was a 1.9M increase in hostnames served using Apache. The largest contributor to this was a gro... read more»





FTC offers Mother’s Day identity theft card
(from creditloan at 14-5-2010)
Commission reminds moms to guard their personal information. While Mother’s Day may be a time for people to show how much they care with flowers and brunch, the Federal Trade Commission is making sure identity theft is also covered. The FTC is making a free musical electronic card available that provides moms with tips on how to keep their information secure and avoid identity theft. The card is available at www.ftc.gov/mom, while a Spanish version can be sent through www.ftc.gov/madre.... read more»





Phishing attacks (security alert)
(from lbazaar at 14-5-2010)
Facebook is in the fourth place targeted by phishing attacks. Currently with more than 400 million users and increasing, fraudsters who have stolen users’ accounts, without their awareness can use them to distribute spam, advertise and sending bulk emails to the account owners and their friends in the network. Beware of any strange activity around your network. This method of distributing spam allows huge audiences to be reached. Additionally, it lets the fraudsters take advantage of the soc... read more»





Twitter 'botnet creator' spotted
(from Webuser at 14-5-2010)
A tool that lets criminals infect other PCs and turn them into 'bots' controlled through Twitter has been spotted by security experts. The tool, called TwitterNET Builder, creates malicious executable files that cybercriminals can send on to other surfers. If the files are opened, the victim's computer is infected with malware that enables the cybercriminal to control it via a Twitter account. Networks of infected computers - known as botnets - can then be used by the cybercriminals to swa... read more»





Google coding tool advances cloud computing
(from CNet at 14-5-2010)
Google has released a programming tool to help move its Native Client project--and more broadly, its cloud-computing ambitions--from abstract idea to practical reality. The new Native Client software developer kit, though only a developer preview version, is designed to make it easier for programmers to use the Net giant's browser-boosting Native Client technology.... read more»





Mobile Phone Becoming Bigger Target For Hackers
(from Finextra at 14-5-2010)
Mobile Internet access and mobile service usage is growing rapidly and cyber criminals are expected to pay more attention to this sector. Mobile device platforms compete for innovation created by application developers and other content creators who are increasingly demanding more device access. As their requests grow in numbers and they distribute their products more widely, security breaches will be inevitable. Mobile phones used to be bulky and cumbersome; they had to be carried in bags or... read more»





Building Security Awareness Among Docs
(from healthcareinfosecurity at 14-5-2010)
The best way to persuade physicians to take information security seriously is to explain the business risks involved, says Robert Tennant, senior policy analyst with the Medical Group Management Association, the trade group for physician group practice administrators. "If they have a breach, they could go out of business if they don't do things the right way," Tennant stresses. But physician groups, unfortunately, have a lack of awareness about information security issues and HITECH Act co... read more»





Hacker Attacks: Tips for Prevention
(from healthcareinfosecurity at 14-5-2010)
Although the list of major healthcare breaches reported to federal authorities so far does not yet include a large-scale hacking incident, organizations should nevertheless take preventive measures to avoid such attacks, a federal privacy expert says. Alain Sheer, senior attorney in the division of privacy and identity protection at the Federal Trade Commission, says healthcare organizations preparing to comply with the toughened HIPAA Privacy Rule under the HITECH Act should adopt a series o... read more»





How fast can wireless networking get?
(from Government Computer News at 14-5-2010)
The march toward faster wireless networks took a potentially big step May 10, when the Wireless Gigabit Alliance announced Version 1.0 of its unified wireless specification, which would use the unlicensed 60 GHz band and achieve data transfer rates as fast as 7 gigabits/sec. WiGig, which promotes adoption of 60 GHz wireless technology, said the specification would allow for triband devices that could also work in the 2.4 GHz and 5 GHz bands used by IEEE 802.11n and would be backward-compatibl... read more»





Top IT security concerns voiced in survey
(from Government Computer News at 14-5-2010)
Network breaches represent the foremost nightmare scenario for IT pros, according to a new industry report, announced on Tuesday. The report, "7th Annual Survey: Network and System Administrators," by Amplitude Research was sponsored by security solutions provider VanDyke Software. In compiling the report, Amplitude Research recorded the responses of 353 network or system administrators nationwide throughout the second and third weeks of April.... read more»





FEMA puts disaster info into hands of smart-phone users
(from Government Computer News at 14-5-2010)
Imagine this scenario: A sunny afternoon suddenly turns dark, the sky goes black and is streaked with lightning, and the wind is roaring. In the distance, you see a funnel cloud. It’s a tornado. You don’t have access to a desktop PC or radio. What do you do? Where do you go? Where do you get assistance? How can you help others? If you’ve got a smart phone — and many people do these days — you can quickly log on to the Federal Emergency Management Agency’s new mobile Web site, m.fema.gov, a... read more»





Personal data of reservists, veterans at risk in recent thefts
(from Government Computer News at 14-5-2010)
Personal data belonging to more than 207,000 Army reservists was stolen earlier this year, according to Col. Jonathan Dahms, the Army Reserve's chief public affairs officer, and cited in a report on the KrebsOnSecurity blog by former Washington Post reporter Brian Krebs. The Reserve Command began alerting affected reservists via e-mail messages on May 7, Dahms said. The unencrypted data was on a CD-ROM that was in a laptop stolen from an office of Serco Inc., a government contractor based in ... read more»





'Avalanche' Group Tied to Majority of 2009 Phishing Attacks
(from Yahoo at 14-5-2010)
A study by the Anti-Phishing Working Group (APWG) shows that a single criminal gang was responsible for 2/3 of all phishing attacks launched in the second half of 2009. The study shows that the "Avalanche" organization targeted vulnerable and unresponsive domain name registrars and registries, but in November 2009 changed tactics and now operates at a greatly reduced scale. Continuing a trend, the average uptime for a phishing attack declined in the second half of 2009. Industry response t... read more»





Cars’ Computer Systems Called at Risk to Hackers
(from The New York Times at 14-5-2010)
Automobiles, which will be increasingly connected to the Internet in the near future, could be vulnerable to hackers just as computers are now, two teams of computer scientists are warning in a paper to be presented next week. The scientists say that they were able to remotely control braking and other functions, and that the car industry was running the risk of repeating the security mistakes of the PC industry. “We demonstrate the ability to adversarially control a wide range of automoti... read more»





Internet makes snooping effortless for amateurs
(from nzherald at 14-5-2010)
The bar's hopping. The guy's hot. She's curious. He's mysterious. She decides to go gumshoe on him. The toilet becomes her office, the smartphone her secretary. And using a tech tool such as DateCheck she can scope out a potential partner's background in a minute. She's cleared him for a romantic go-ahead. From the ladies room to the chat room to the tweet-stream in the next cubicle, we are becoming a society of amateur spies.... read more»





Some quitting Facebook as privacy concerns escalate
(from CNN at 14-5-2010)
Concerns over Facebook's new privacy policy and the online social network's recent efforts to spread its information across the Web have led some of the site's faithful to delete their accounts -- or at least to try to. On Wednesday's episode of a podcast called This Week in Technology, host Leo Laporte, a well-known tech pundit, said he had to search wikiHow, a how-to site, to figure out how to delete his Facebook account permanently. After finding the delete button, which he said is hidd... read more»





One Eastern European gang drives two thirds of phishing attempts
(from ComputerWorldUk at 14-5-2010)
A single Eastern European gang is responsible for two-thirds of all phishing attempts conducted in the last half of 2009, according to an authoritative new report. The phishing group - named Avalanche by security researchers because of the large quantity of attacks it generates - was blamed for more than 84,000 out of the nearly 127,000 phishing attacks tracked by the Anti-Phishing Working Group (APWG), an organisation of companies and law-enforcement agencies that tracks phishing activity i... read more»





Google Summer of Code 2010: Student statistics published
(from h-online at 14-5-2010)
Google has published a statistical breakdown of the students accepted to participate in this year's Google Summer of Code (GSoC) event. Each year Google seeks students and mentors from the FLOSS community to take part in it's annual GSoC event, which takes place over a period of three months. According to a post on the Open Source at Google blog by OS program manager Carol Smith, the final total of 1,026 students includes participants from 69 countries worldwide, down from 81 last year. The t... read more»





Webcast: Application Whitelisting vs. Host Intrusion Prevention Systems
(from Press Release Point at 14-5-2010)
Behavioral Host Intrusion Prevention System (HIPS) technology is intended to prevent malicious or unwanted software. Unfortunately, it is proving to be problematic when used in the real world, resulting in excessive support costs, high false positives and labor-intensive behavioral rules. Cisco CSA expert Eric Ogren will offer attendees an insider perspective on replacing behavioral HIPS with Application Whitelisting for proactive endpoint protection. Audiences will learn how whitelisting techno... read more»





Protect Your Data Center’s Backbone: A Guide to Database Assessment Webinar
(from Imperva at 14-5-2010)
WEBINAR TOPIC: Analyst’s Guide to Understanding & Selecting a Database Assessment Solution SPEAKERS: Adrian Lane, Analyst, Securosis & Dana Tamir, Sr. Manager Database Solutions, Imperva DATE & TIME: Wednesday, May 19, 2010 | 11:00 AM (PDT) / 2:00 PM (EDT) If you considered database assessment products in the past, and could not find a good fit, it’s time to take another look. Join Securosis Security Analyst, Adrian Lane, as he explains how these solutions have evolved. Database secu... read more»





VA Continues Its Annual Tradition Of Losing Laptop With Unencrypted Sensitive Data
(from Techdirt at 14-5-2010)
When we last checked in with the Veterans Administration (VA) it was to suggest that it rename itself the "Ministry of Data Leaks." That's because every year or so they admit that they've lost a computer that happens to contain unencrypted personal data on VA members. And, each report seems to get worse than the previous one. So you would think that, by now, the VA would have at least put in place some system to encrypt and protect the data it stores. That would be wishful thinking. It's now... read more»





US$51bn losses from software piracy contribute to malware
(from SecureComputing at 14-5-2010)
The overall rate of software piracy increased two percent compared to 2008, a spike that primarily can be attributed to the rapid growth of the consumer PC market in Brazil, India and China, the report says. Overall, the commercial value of global software theft exceeded US$51 billion in 2009. “This is a global issue, impacting the economy at the local, country and global level,” Matt Reid, vice president of communications at the BSA, told SCMagazineUS.com.... read more»





Glitch shuts down German internet
(from hostexploit at 14-5-2010)
A major technical glitch shut down a wide swath of the German internet on Wednesday, leaving many websites with .de domains unavailable. DENIC, the organization that manages the top-level country domain for Germany said the problem started around 1:30 pm and the cause was still unclear. “Colleagues are feverishly working on a solution,” a DENIC spokeswoman told public broadcaster ARD. ARD’s website reported the glitch primarily affected internet domains starting with the letters ‘E’ through ‘... read more»





Broadband a priority for new government, but repeal of Digital Economy Act unlikely
(from Computer Weekly at 14-5-2010)
The extension of broadband to UK citizens remained high on the new government's priority list, despite not being part of the agreement thrashed out by Conservative and Liberal Democrat negotiators this week. However, an early repeal of the controversial Digital Economy Act was unlikely, a Conservative Party spokesman told Computer Weekly. The act was rushed through in two hours at the end of the previous parliament, and has been widely condemned as not addressing online copyright effective... read more»





Car hackers can kill brakes, engine, and more
(from NetworkWorld at 14-5-2010)
University researchers have taken a close look at the computer systems used to run today's cars and discovered new ways to hack into them, sometimes with frightening results. In a paper set to be presented at a security conference in Oakland, California, next week, the security researchers say that by connecting to a standard diagnostic computer port included in late-model cars, they were able to do some nasty things, such as turning off the brakes, changing the speedometer reading, blasting ... read more»





Ukrainian arrested in India on TJX data-theft charges
(from NetworkWorld at 14-5-2010)
A Ukrainian national has been arrested in India in connection with the most notorious hacking incident in U.S. history. Sergey Valeryevich Storchark was one of 11 men charged in August 2008 with hacking into nine U.S. retailers and selling tens of millions of credit card numbers. He was arrested in India earlier this week, according to a spokesman with India's Central Bureau of Investigation (CBI)....read more»





New malware spam targets HR departments
(from siliconIndia at 14-5-2010)
A job-search related malware spam has been uncovered by the researchers of Websense Security Labs. The spam targets the inboxes of HR executives and infects their computers. The spam asks the receiver to review a CV without mentioning anything about the position applied for. The spam also contains some attachments that are disguised as picture files. According to the researchers of Websense, over 230,000 samples have been found so far, and the number is increasing quickly.... read more»





The Dream Leaked Song "Champagne" To Help FBI Catch Music Pirating Hackers
(from DimeWars at 14-5-2010)
Atlanta singer/songwriter and VP of Island/Def Jam Records Leaked his song Champagne as part of a FBI plot to track down music pirating computer hackers. News of the song's leak, along with the song itself, spread rapidly on the internet yesterday (May 12). The song was encrypted with a federal tag which helped FBI investigators catch three individuals. Apparently, the R&B singer has been working with the FBI and using encryption tags on his music since 2009. He announced the capture of the thre... read more»





Organised crime demands new defences
(from IT Web at 14-5-2010)
Organised crime is gaining the upper hand over security vendors, as the traditional model of desktop ant-virus for securing endpoints, data, and people is no longer sufficient. This is the view of Rik Ferguson, senior security advisor for Trend Micro, speaking at yesterday's Security Summit, being held at the Sandton Convention Centre. He gave an outline of the underground cyber criminal movement and said new technologies and methodologies are needed to fight cyber criminals.... read more»





German Court Wants Civilian Help to Stop Hackers
(from The New New internet at 14-5-2010)
Internet users in Germany can now be fined up to euro100 ($126) if a third party uses their unprotected network to illegally download data, a German court in Karlsruhe ruled Wednesday. The highest German court has ruled that Internet users need to secure their WLAN connections by installing password protection to keep cyber miscreants from illegally downloading data such as music and video files.... read more»





Danger of departing employees: Are you vulnerable?
(from Cfo Daily News at 14-5-2010)
It’s one of the most common ways a firm’s sensitive info is compromised: departing employees on their way out. What’s worse, many companies actually make it easy for ‘em to do so. For example, a recent survey of tech workers found that 7% of IT pros never changed an administrative password. A large percentage of techies also said passwords were rarely changed.... read more»





Protecting Cyberspace from Terrorist Attack
(from Businessweek at 14-5-2010)
Richard A. Clarke isn't known for understatement. The former White House security official wrote a 2004 book that criticized his ex-boss, President George W. Bush, for dropping the ball before the 9/11 attacks, and later testified before Congress that Bush's invasion of Iraq "greatly undermined the war on terrorism." Now Clarke has co-authored a new book, Cyber War: The Next Threat to National Security and What to Do About It. Once again, he's not subtle: U.S. companies and government agencies a... read more»





Hackers use web servers to deliver more powerful DDoS attacks
(from Computer Weekly at 14-5-2010)
Cyber criminals are using a new type of distributed denial of service (DDoS) attack that is more powerful and elusive than any predecessors, says security firm Imperva. A new generation of DDoS attacks does not use bot-infected PCs, but instead capitalises on the greater power of web servers, said researchers. They estimate that hundreds of web servers have been infected and are being used to carry out DDoS attacks. The source of the attacks is also more difficult to detect, with trace-backs ... read more»





SANS What Works in Forensics and Incident Response Summit 2010
(from SANS at 14-5-2010)
Everywhere around you, there is a digital storage device within arms reach. We have "Electronic ADD." On a daily basis, you use digital devices constantly. You have a mobile device where you make phone calls, text message, post on Twitter, and surf the web. You use a computer to read email, pay bills, order groceries, and even watch TV. You probably also have one or more of the following devices: GPS, video game system, eReader, MP3 player, digital video recorder, or more. For better or wo... read more»





Facebook Moves to Thwart Cybercrooks
(from The New York Times at 14-5-2010)
Facebook has unveiled new features to help protect your account from getting taken over by cybercrooks, bitter ex-boyfriends or anyone else who might want to impersonate you to do you wrong. In a blog post Thursday, Facebook said that concerned users can now register “approved” devices that they use to access the site, such as their home computer, work computer and mobile phone, and be notified by e-mail — and text message, if they like — should someone try to access their account from a devi... read more»





Net Neutrality panic based on student MBA project
(from The Register at 14-5-2010)
Net Neutrality, the web-era equivalent of the McCarthyite Red Scare, is a political creation that feeds on paranoia, technical ignorance and gullibility. How fortunate we are that these are so abundant on the internet. This week the scare claimed several more victims, including the popular blog Boing Boing. Yesterday the Soros-funded political activist group Think Progress claimed a scoop - a document that revealed an apparently "secret" disinformation campaign funded by telecomms companies c... read more»





Teacher sacked after attack on student posted on YouTube
(from The Sydney Morning Herald at 14-5-2010)
A former charter school teacher fired after a mobile phone video posted on YouTube showed her allegedly beating a 13-year-old student does not have a teaching certificate and never needed one. The video clip has since been removed by YouTube. Sheri Lynn Davis, who was fired on Monday night as a science teacher at Jamie's House Charter School, a centre for children with disciplinary issues in Houston, Texas, was not required to be certified, the Houston Chronicle reported.... read more»





6 Hot And Sought-After IT Security Skills
(from Dark Reading at 14-5-2010)
The IT security job market is booming -- but that doesn't mean everyone is automatically getting a job, or the right job. And just like the threat landscape is rapidly evolving, so are the qualifications and qualities needed for positions in the security profession. There's a conundrum between supply and demand: Employers are looking for security candidates who can fill a specific need, such as incident response or risk management, while security pros on the job hunt want to build on their ex... read more»





Vilks website hacked as cyber hate grows
(from The Local at 14-5-2010)
The website of artist Lars Vilks was hacked on Wednesday, just a day after the 53-year-old was attacked as he gave a lecture at Uppsala University. Instead of gaining access to the artist's controversial drawing of the Muslim prophet Muhammad as a dog, which sparked outrage in parts of the Islamic world after its publication in Swedish newspapers in 2007, visitors to Vilks.net were greeted by a message from a hacker with the signature Al Qatari. An aggressive greeting charging the artist wit... read more»





Woman loses Bebo privacy case against lad mag
(from The Register at 14-5-2010)
A magazine did not intrude into a young woman's privacy when it published photos that she had uploaded to social networking site Bebo when she was 15 because the images had already been widely circulated online. The woman complained to press self-regulatory body the Press Complaints Commission (PCC). She said that an article and photographs which focused on her body intruded on her privacy and were published without her permission.... read more»





McKinnon campaign urges coalition to block extradition
(from The Register at 14-5-2010)
Family and supporters of accused Pentagon hacker Gary McKinnon are hopeful that the new Lib-Con government will honour promises made in opposition and bring a halt to controversial extradition proceedings. Both David Cameron and Nick Clegg supported the campaign against the extradition of the Asperger's sufferer to the US to stand trial for hack attacks against US military systems back in 2001. US authorities have sought the extradition of McKinnon since 2005.... read more»





Policy Official Notes Cybersecurity Challenges
(from Defense at 14-5-2010)
Putting cybersecurity in place poses significant challenges for the Defense Department, the government as a whole and for critical infrastructure, the principal deputy assistant secretary of defense for policy said today. James N. Miller, said cybersecurity “is not a glass half full/glass half empty story.” “There is a glass,” he said. “It has some water in it. The water is dirty, and we have an insatiable thirst in this area.”... read more»





U.S. Battling Evolving Cyberthreat
(from Radio Free Europe Radio Liberty at 14-5-2010)
The United States is losing enough data in cyberattacks to fill the Library of Congress many times over, and authorities have failed to stay ahead of the threat, a U.S. defense official says. More than 100 foreign spy agencies were working to gain access to U.S. computer systems, as were criminal organizations, said James Miller, principal deputy undersecretary of defense for policy.... read more»





APWG: eCrime Researchers Summit
(from eCrime Research at 14-5-2010)
The fifth annual APWG eCrime Researchers Summit once again will be held in conjunction with the 2010 APWG General Meeting between October 18-20, 2010 at Southern Methodist University in Dallas, TX. eCRS 2010 will bring together academic researchers, security practitioners, and law enforcement to discuss all aspects of electronic crime and ways to combat it, Topics of interests include (but are not limited to): * Phishing, rogue-AV, pharming, click-fraud, crimeware, extortion and emergi... read more»





'Hacker' posted Jackson children's YouTube videos
(from The Age - Australia at 14-5-2010)
The once sheltered children of the late Michael Jackson have been thrust onto the spotlight after home-made videos of two of his three children playing up for web cameras were leaked and appeared on YouTube. Their grandfather Joe Jackson told celebrity website Popeater that the family was upset by the leak, having adhered to Michael Jackson's wish to keep them out of the spotlight and did not want these videos out in public. Shortly after his son's death, however, he was reported as believing... read more»





Worst-case thinking makes us nuts, not safe
(from CNN at 14-5-2010)
At a security conference recently, the moderator asked the panel of distinguished cybersecurity leaders what their nightmare scenario was. The answers were the predictable array of large-scale attacks: against our communications infrastructure, against the power grid, against the financial system, in combination with a physical attack.... read more»





Child abuse 'big business online'
(from BBC at 14-5-2010)
There are around 450 criminal gangs around the world making money from images of child sxx abuse, the UK's Internet Watch Foundation has said. The watchdog's annual report says that the 10 most prolific of these account for more than 650 web pages. But despite these gangs being well-established online, the IWF says the the industry is not growing. Such groups are, however, finding new ways to distribute images, the report adds. Smaller social networks, image-sharing sites, free website hostin... read more»





ConLibs to outlaw kiddyprinting without permission
(from The Register at 14-5-2010)
The new government plans to ban the controversial practice in schools of taking children's fingerprints without their permission. The decision is likely to mean a change in the law. According to the Information Commissioner's Office (ICO), as it stands the Data Protection Act allows schools to take pupil fingerprints without permission, prompting outrage from parents' groups. In response, in 2007 the ICO issued non-binding guidance to schools suggesting that they ought to seek permission.... read more»





Facebook founder feels the heat as privacy backlash rages
(from The Age - Australia at 14-5-2010)
A leaked instant messenger (IM) transcript from 2003 in which Facebook founder Mark Zuckerberg mocks users who joined his then fledging social networking site is adding to the sense of outrage over the social networking site's cavalier attitude towards privacy. The transcript, published by the sober Business Insider website, dates from the days when Zuckerberg was a 19-year-old operating what was then called The Facebook from his Harvard dorm room.... read more»





Whitehall's new IT minister, who's it gonna be?
(from The Register at 14-5-2010)
David Cameron has taken on Francis Maude as minister for the Cabinet Office, but the MP set to be handed the ConLib coalition government’s IT brief is yet to be announced. Oliver Letwin, meanwhile, has become the minister of state in the Cabinet Office, where he will act as the new Prime Minister’s policy advisor. Maude has been the Conservative's shadow minister for the Cabinet Office for the last few years, and apparently has an outsourcing blueprint for the unit, which oversees the rest of... read more»





The Frustrations of Attempting Malicious Notifications
(from TrendMicro at 14-5-2010)
I hate to single out individual countries, organizations, ISPs, or any other entity but I have to tell you—my head almost explodes when I run into barriers in trying to contact the responsible organization where I see criminal activity. Now sure, I see criminal activity in a lot of places, granted. It is almost endemic in Eastern Europe and in other hosting facilities where Eastern European criminals manage to dupe (or simply buy) services from under the guise of being legitimate consumers.... read more»





Confessed Spy Convicted of Exporting U.S. Crypto Gear to China
(from Wired at 14-5-2010)
A Chinese national was convicted this week of smuggling and other charges over his efforts to acquire sensitive military and NSA-encryption gear from eBay and other internet sources. Chi Tong Kuok, of Macau, told Defense Department and Customs investigators that he had been “acting at the direction of officials for the People’s Republic of China,” according to a government affidavit in the case. “Kuok indicated he and PRC officials sought the items to figure out ways to listen to or monitor U... read more»





This Month in the Threat Webscape - Month of April 2010
(from Websense at 14-5-2010)
Major hits Palm's mobile platform named WebOS failed many basic security measures. White hat hackers found that WebOS could be exploited by specially crafted text messages (SMS). The Apache Foundation's web servers were compromised in an attack that used a combination of cross-site scripting (XSS) vulnerabilities and a URL shortener (TinyURL). In other news, 1.5 million Facebook accounts were up for sale in the malicious underground. The price per 1,000 compromised accounts was segmented by h... read more»





Twitter-controlled botnets come to the unwashed masses
(from The Register at 14-5-2010)
A security researcher has unearthed a tool that simplifies the process of building bot armies that take their marching orders from specially created Twitter accounts. TwitterNet Builder offers script kiddies a point-type-and-click interface that forces infected PCs to take commands from a Twitter account under the control of attackers. Bot herders can then force the zombies to carry out denial-of-service attacks or silently download and install software with the ease of their Twitter-connecte... read more»





Single group did 66% of world's phishing
(from The Register at 14-5-2010)
A single criminal operation was responsible for two-thirds of all phishing attacks in the second half of 2009 and is responsible for a two-fold increase in the crime, a report published this week said. The Avalanche gang is believed to have risen out of the ashes of the Rock Phish outfit, which by some estimates was responsible for half the world's phishing attacks before fizzling out in late 2008. Driving the success of both groups is their use of state-of-the-art technology for mass-produci... read more»





Latvian police release 'Robin Hood' hacker amid protests
(from The Sydney Morning Herald at 14-5-2010)
Latvian police Thursday released a suspected cyber-vigilante accused of leaking tax information in an internet campaign that left the Baltic nation's elite red-faced, amid protests over his arrest. "Taking into consideration his attitude, his confession of the crime, and his cooperation in the investigation, we did not seek his pre-trial detention," Ieva Reksna, a spokeswoman for the state police, told AFP. Earlier Thursday, hundreds of protesters had chalked slogans outside the main governme... read more»





Facebook IDs hacker who tried to sell 1.5M accounts
(from Computer World at 14-5-2010)
Facebook has identified the hacker named Kirllos who tried to sell 1.5 million Facebook accounts recently in underground hacking forums. According to the investigators at the social networking site, he's guilty of both hacking and hyperbole. Kirllos was first spotted by researchers at VeriSign's iDefense group a few weeks after he claimed to have an unusually large number of Facebook accounts for sale at rock-bottom prices. According to VeriSign, Kirllos wanted between $25 and $45 per 1,000 a... read more»





Payment China Conference Web Fraud Survey Results
(from threatmetrix at 14-5-2010)
Fresh on the heels of ThreatMetrix CTO David Jones’ blog entry from Payments China 2010 this week comes the results of our booth survey from the conference. About one hundred attendees completed our three-question survey to help us gauge the current state of payments web fraud in China. Here’s what they had to say: Respondents were about evenly split on whether stopping first time fraud is more important than streamlining customer transactions with a little more than half citing the later. ... read more»





Placing Limits on Cyber War
(from govinfosecurity at 14-5-2010)
Cyber war - its threat and meaning - has received much attention this year since former National Intelligence Director Michael McConnell told Congress in February that America is losing a cyber war. But there's been pushback, first from White House Cybersecurity Coordinator Howard Schmidt, who said in an interview with GovInfoSecurity.com that he doesn't believe a cyber war can exist. Even the author of the forthcoming book titled Surviving Cyber War, Richard Stiennon, defines the virtual con... read more»





HIPAA Audits: A Status Report
(from govinfosecurity at 14-5-2010)
The new federal HIPAA privacy and security rule compliance audits of healthcare organizations and their business associates likely will start later this year once a report on a model for the program is completed, a key federal privacy official says. In the next few weeks, Booz Allen Hamilton will provide a status report on its compliance audit study for the Office for Civil Rights in the Department of Health and Human Services, the governmental unit that enforces the privacy and security rule... read more»





Information on 207,000 Army Reservists Stolen
(from govinfosecurity at 14-5-2010)
A laptop containing the names, address and Social Security numbers of more than 207,000 Army reservists has been stolen from a government contractor in Georgia, the Army Reserves confirmed Thursday. A CD-Rom containing the personal identifiable information was in one of three laptops stolen from the Morrow, Ga., offices of Serco Inc., a government contractor based in Reston, Va. The other laptops did not contain sensitive personal information. Lt. Col. Ben Zoller. an Army Reservist spokesm... read more»





Obama keeps privacy oversight board on ice
(from CNet at 14-5-2010)
As a U.S. senator and presidential candidate, Barack Obama pledged to "strengthen privacy protections for the digital age." But after 16 months as president, Obama has failed to appoint anyone to a privacy oversight body charged with ensuring Americans' civil liberties are not violated. Rep. Jane Harman, the California Democrat who heads the Homeland Security committee, on Thursday called on the administration "to appoint the Privacy and Civil Liberties Oversight Board, which is mandated ... read more»





Stolen laptop puts thousands of New Mexicans at risk for ID theft
(from newmexicoindependent at 13-5-2010)
In late March, an employee of a subcontractor for the company that processes claims and provides dental benefits for the State’s Medicaid program, filed a stolen car report for a vehicle whose trunk contained an ”unencrypted” laptop loaded with patient information. That stolen car has prompted the New Mexico Human Services Department start notifying nearly 10,000 users of the government’s low-income health insurance program of a potential for ID theft.... read more»





Improved Online Security for a Tenth of the Cost
(from ScienceDaily at 13-5-2010)
Computer scientists at the University of Hertfordshire have found a way to share information online securely for a fraction of the cost of existing systems. Professors Bruce Christianson and Alex Shafarenko at the University's School of Computer Science, working in collaboration with Professor Sergei Turitsyn at the University of Aston, have been awarded a UK patent for a fibre optics system which uses a 'beacon' to enable cryptic communication between two users online. The beacon broadcas... read more»





Facebook Attracts More Phishing Attacks Than Google and IRS
(from Mashable at 13-5-2010)
New research from Kaspersky Lab shows that the number of phishing attacks on social networks has increased in the first quarter of 2010, especially at Facebook, the fourth most popular online target. The primary target is PayPal, the victim of more than half (52.2%) of all phishing attacks. eBay is the second most targeted organization at 13.3% and HSBC rounds out the top three with a 7.8% share. The report also revealed that links to phishing sites appear in 0.57% of all mail traffic.... read more»





Contractor helps groom future cybersecurity specialists
(from nextgov at 13-5-2010)
A major Defense Department contractor on Wednesday announced it is sponsoring a nationwide competition with the Air Force Association that is aimed at educating high school students to become information security professionals. Northrop Grumman Corp. will fund a grant and offer volunteers to provide cybersecurity expertise to 100,000 students for a yearlong tournament called CyberPatriot, Northrop Grumman and AFA officials said during a Washington press briefing. Company officials would not d... read more»





Phishing attack asks Gmail users to update account details for security reasons
(from Indiatimes at 13-5-2010)
India's 71 million internet and close to 10 million broadband users are increasingly becoming the victims of vicious phishing attacks that can result in identity theft, danger to life and even crippling financial fraud. On Wednesday, users of Google's email services received a legal notice from the gmail team asking them to update their account details for security reasons. "Gmail Team is working on total security on all accounts in order to make Gmail better as ever and as a result of t... read more»





Secure Application Development Report Expands Security Framework
(from EWeek at 13-5-2010)
A group of security pros offers a framework for comparing your secure application development practices with security initiatives from top companies. This year's report contains information from 30 organizations, including Intel, Bank of America and Microsoft. A team of security researchers has released a report laying the groundwork for enterprises to compare and assess the security strength of their application development processes.... read more»





Botnet hijacks web servers for DDoS campaign
(from TechWorld at 13-5-2010)
Researchers at Imperva have discovered an ‘experimental’ botnet that uses around 300 hijacked web servers to launch high-bandwidth DDoS attacks. The servers are all believed to be open to an unspecified security vulnerability that allows the attacker, who calls him or herself ‘Exeman’, to infect them with a tiny, 40-line PHP script. This includes a simple GUI from which the attacker can return at a later date to enter in the IP, port and duration numbers for the attack that is to be launched.... read more»





Research claims IT makes people happy
(from v3 at 13-5-2010)
New research claims to have found a correlation between IT and wellbeing, and evidence that women benefit more than men from access to technology. The research was commissioned by the British Computer Society (BCS) and conducted by the Trajectory Partnership. The findings were based on an analysis of the World Values Survey of over 35,000 people globally, and were presented in a report entitled The Information Dividend: Can IT make you happier?.... read more»





Product Watch: 'Measuring Stick' For Software Security Gets An Update
(from DarkReading at 13-5-2010)
A new version of the Building Security In Maturity Model (BSIMM) released today adds three times the number of companies' secure software initiative practices than the original version, plus the project has recruited security executives from Microsoft, EMC, Intel, Adobe, and Nokia to serve on newly created advisory board. BSIMM2 encompasses secure software initiatives from financial services firms such as Bank of America, software vendors, technology companies such as Google, healthcare, insu... read more»





Fraud Investment Assistance ,Business Proposal emails , Just Avoid Investing abroad
(from 419legal at 13-5-2010)
Sometimes investment assistance as claim by the companies doesn’t sounds good , when it comes to lose you hard earned . In recent times scam artists are using different schemes and tactics which are resulting worst investment scams and frauds . In earlier articles we have dealt with how to avoid investment scams . But still there are many types of investment crimes which are making hub outside or abroad sometimes very difficult to trace and recognise they will always knock your email inbox i... read more»





I-95 corridor to become U.S. cybersecurity corridor
(from homelandsecuritynewswire at 13-5-2010)
Two areas around Washington, D.C. are already centers of high-tech industry: Telecommunications companies and government contractors dominate the Dulles Toll Road corridor in Virginia, and biotechnology firms line the corridor along Interstate 270 in Maryland; experts say the corridor along the Interstate 95 corridor between Washington and Baltimore is becoming a cybersecurity center Two areas immediately outside Washington, D.C. are already important centers for high-tech industry. Telecommu... read more»





Google's Gmail under phishing attack
(from Indiatimes at 13-5-2010)
India's 71 million internet and close to 10 million broadband users are increasingly becoming the victims of vicious phishing attacks that can result in identity theft, danger to life and even crippling financial fraud. On Wednesday, users of Google's email services received a legal notice from the gmail team asking them to update their account details for security reasons. "Gmail Team is working on total security on all accounts in order to make Gmail better as ever and as a result of t... read more»





Software Insecurity is Our Biggest Weakness
(from threat post at 13-5-2010)
If the United States wants to remain competitive in the global economy and prevent widespread penetrations of its strategic, corporate and commercial networks, enterprises and government agencies should stop relying on commercial software and go back to writing more of their own custom code, a security expert said Tuesday. Speaking at the Secure360 Conference here, Marcus Ranum, CSO of Tenable Network Security, said that the country's reliance on commercial off-the-shelf software has made us ... read more»





Cybercrime Scenario Growing Worse
(from spamfighter at 13-5-2010)
As per the statement of Dave DeWalt, CEO, McAfee, cybercrime is really getting worse, according to the news published by GCN on April 30, 2010. DeWalt's statement followed the detection of over 34 Million malicious code samples by McAfee in 2009. Security experts observed several sophisticated cyber attacks in 2009. One of those attacks were Aurora attacks, wherein anywhere between 100 and 150 firms were hacked in 2009. Aurora attack refers to a well-coordinated attack that involves a compute... read more»





Malta victim of 2 unique phishing attacks
(from Di-ve at 13-5-2010)
Malta was found to be a victim of 2 phishing attacks according to a report issued by the ENISA. Phishing is a kind of cyber crime where domains pose as secure sites to steal sensitive information such as credit card details and passwords. ENISA (the European Network and Information Security Agency ) quoted from a report by the Anti-Phishing Working Group which identified 2 unique domains used for the phishing attacks, out of a total of 11,750 domains registered in Malta. ENISA’s report rev... read more»





Data Security Issues in Digital Mapping, Photo Sharing
(from enterprise-security-today at 13-5-2010)
Digital mapping and photography can bring the world closer together. The problem is, for some people, that's too close. Where travelers see great ways to track where they're going, data protection advocates see voyeurism. And the trend is only growing. Hobby photographers are putting their pictures up on services like Flickr while tourism agencies are posting webcams to highlight their promenades and beaches. Meanwhile, mapmakers aren't just producing paper maps, but detailed online city pla... read more»





Armenia to participate in seminar on cybercrime in Tbilisi
(from Panarmenian at 13-5-2010)
Tbilisi will host a regional seminar on cybercrime in the framework of a joint project launched by the European Union and the Council of Europe. Head of the European Union Delegation to Georgia, Ambassador Per Eklund will kick off the event to be attended by experts and private sector representatives from Armenia, Azerbaijan, Estonia, Georgia, Moldova, Italy, Netherlands, Norway, Romania, Spain, Turkey, Ukraine, UK as well as Interpol.... read more»





IT and government workers learn ethical hacking practices
(from todaysthv at 13-5-2010)
It's been almost a year since President Obama announced his Cyber-Security Initiative and many local officials are doing their part to make their towns safe from hackers. Cyber-security is an important safety and financial issue for state, local and federal governments. The number of attacks have steadily increased over recent years. One way to combat these attacks is learning how to be a hacker in order to beat one.... read more»





Unsecure Information Exchange Lead to Data Security Vulnerabilities Within U.S. Federal Agencies: Study
(from TMCnet at 13-5-2010)
In spite of the Secure File Sharing act passed by the U.S. House of Representatives on March 24, 2010 preventing government employees from using peer-to-peer file sharing software, such insecure methods were being used by the employees. The report reveals that the data is getting exposed to cyber criminals. Fifty four percent of the IT and information security professionals don’t follow the practice of monitoring FTP usage within their organizations. Federal employees do follow the unsafe met... read more»





ENISA maps key online security actors and strategies across Europe
(from Net-Security at 13-5-2010)
A study by the European Network and Information Security Agency (ENISA) provides a 750 pages-plus overview of the status of network and information security (NIS) in 30 European countries, including identification of stakeholders and trends. There is no particular pattern in the observed European countries with respect to the existence of a national NIS strategy. Yet, many countries are found to be putting major efforts into making progress in this area. Information exchange mechanisms and co... read more»





'Fraud & Stupidity Look a Lot Alike'
(from Bankinfosecurity at 13-5-2010)
The magnitude of fraud schemes has grown - the scale and the losses. But the basics of fraud investigation remain sound. And if there's one thing people should know up front, says Alan Bachman of the Association of Certified Fraud Examiners (ACFE), it's this: "In their initial stages, fraud and stupidity look an awful lot alike." Bachman, CFE, MBA, is responsible for seminar development and the educational content of all ACFE conferences and online learning. Most recently he worked in Higher ... read more»





'Senate Confirms Alexander to Lead Cyber Command'
(from hostexploit at 13-5-2010)
Defense officials are lauding the Senate’s confirmation of Army Lt. Gen. Keith B. Alexander, director of the National Security Agency, to also lead the new U.S. Cyber Command. The Senate confirmed Alexander on May 7, approving his promotion to four-star rank to lead both organizations at Fort Meade, Md. “We are pleased that the Senate has moved forward with his confirmation,” Pentagon spokesman Bryan Whitman said.... read more»





Webinar - Detecting Changes to Group Policy with the Security Log
(from Ultimate Windows Security at 13-5-2010)
Date and Time : 5/27/2010 12:00:00 PM [(GMT-05:00) Eastern Time (US & Canada)] Nowhere is change control more important than with Active Directory’s group policy objects. A single mistake in editing a group policy object can make hundreds or even thousands of systems unavailable in a matter of minutes. Can you track group policy modifications in your domain and identify who is changing what? You can with the Windows security log. I will show you how to configure Windows auditing and ... read more»





Key security actors, strategies, & good practices in Europe mapped
(from Enisa at 13-5-2010)
The EU Agency, ENISA, (the European Network and Information Security Agency) launches comprehensive study: European countries are highly varied in how prepared they are for dealing with the cybercrime, attacks and network resilience. This is a key finding of an updated and extended 2nd edition of ‘Country Reports’, published today. The Reports provide a comprehensive 750 pages-plus overview of the status of Network and Information Security [NIS] in 30 European Countries, including identification... read more»





Coalition government supports increased data privacy
(from v3 at 13-5-2010)
The Conservative and Liberal Democrat coalition government has promised to increase the public's civil liberties by bringing in a Freedom Bill and " rolling back state intrusion" by abolishing a number of Labour's central IT programmes. The lack of data privacy in UK society, and the development of a so-called 'database state', were concerns raised by both parties prior to the election.... read more»





Law enforcement is catching up with cyber criminals
(from SecurityPark at 13-5-2010)
There is now a tougher approach to tackling cyber crime with sentences becoming more punitive. This is in contrast to seven years ago when malware was treated as an online annoyance rather than a malicious criminal activity. This year has seen several landmark cases, including: Renu Subramaniam - received a five-year prison sentence in the UK. Aka JiLsi, he is one of the online criminals from Darkmarket In addition, over 70 members of a phishing gang were arrested in Romania by Russian au... read more»





ID cards, National Identity Register scrapped
(from ZDNet at 13-5-2010)
The Conservative-Liberal Democrat government has confirmed that it will scrap the ID cards scheme and the National Identity Register. Applications can continue to be made for ID cards, but we would advise anyone thinking of applying to wait for further announcements, the Home Office said in a note on its website on Wednesday.... read more»





Risk Assessment Essential HITECH Step
(from healthcareinfosecurity at 13-5-2010)
A critical first step down the path toward HITECH Act compliance is conducting a thorough risk assessment, an official with the agency enforcing compliance says. That's why the HHS Office for Civil Rights has issued draft guidance on risk assessments, says Marissa Gordon-Nguyen, an OCR health information privacy specialist. The office will revise the guidance, the first in a series of educational materials mandated by the HITECH Act , based on public comments.... read more»





Dealing With Social Media 'Nightmare'
(from healthcareinfosecurity at 13-5-2010)
Social media "are a data security person's worst nightmare," says Sharon Finney, corporate data security officer at Adventist Health System. So Finney and her team spent more than six months crafting security policies for limited use of the new media. "Social media are not secure; they were not meant to be secure," Finney says. "They were designed to share information openly. They don't discern what is confidential. They are a new jump-point for malware." Nevertheless, the 37-hospital syst... read more»





HIPAA Audits: A Status Report
(from healthcareinfosecurity at 13-5-2010)
The new federal HIPAA privacy and security rule compliance audits of healthcare organizations and their business associates likely will start later this year once a report on a model for the program is completed, a key federal privacy official says. In the next few weeks, Booz Allen Hamilton will provide a status report on its compliance audit study for the Office for Civil Rights in the Department of Health and Human Services, the governmental unit that enforces the privacy and security rule... read more»





Hacker pleads guilty to testing botnet on ISP
(from ComputerWorldUk at 13-5-2010)
The second of two men charged in 2006 distributed denial of service attacks on web hosting providers The Planet and T35 hosting agreed to plead guilty, according to court filings cited in the report. According to court filings, Thomas James Frederick Smith is set to plead guilty before a federal judge in Dallas on 10 June. He and David Anthony Edwards are facing five years in prison and fines of up to US$250,000 on charges that they assembled a 22,000 node botnet and then trained it on two IS... read more»





'Secret' telecom anti-Net neutrality plan isn't
(from CNet at 13-5-2010)
The Center for American Progress seemed to have blockbuster news on Tuesday: an expose titled "Telecoms' Secret Plan To Attack Net Neutrality." On its Think Progress blog, the liberal advocacy group announced it had "obtained" a PowerPoint document "which reveals how the telecom industry is orchestrating the latest campaign against Net neutrality" through a pseudo-grassroots effort. The story was echoed on Slashdot, Boing Boing, and innumerable pro-regulation blogs.... read more»





Security Firm Finds Gaps in Popular AV Software
(from eSecurity Planet at 13-5-2010)
The security software offerings of 35 of the world's leading vendors can be compromised by something called an argument-switch attack that would allow a virtually limitless amount of malicious code to infiltrate Windows-based PCs and devices, according to a report by security researcher Matousec. The so-called argument switch attack, which Matousec researchers also refer to as a KHOBE attack—short for Kernel Hook Bypassing Engine—is especially effective against user mode and kernel mode hooks... read more»





Police line up tips on saving kids from pxxxography
(from expressindia at 13-5-2010)
Mumbai Advising parents how to protect their children from pxxxography will be one of the police’s major objectives during the Cyber Safe Mumbai drive from May 24 to 29. The tools the police will use to put its message across will include childhood attractions like snakes and ladders and comic books, besides PowerPoint presentations and interactions with those who need to protect themselves against cyber crime.... read more»





Telecom DoS Hides Cyber Crime
(from thenewnewinternet at 13-5-2010)
The recent spike in unsolicited and mysterious telephone calls may be part of a new scheme to use telecommunications distributed denial of service (DDoS) attacks to distract individuals from ongoing cyber crime, the FBI warned recently. According to the FBI, cyber criminals are using telephone calls to mobile and land-lines to distract victims from the attempts by the criminals to empty their bank and trading accounts. The attacks, known as telephony denial-of–service (TDOS), have surged in r... read more»





Convicted murderer updated Bebo profile from prison
(from Telegraph at 13-5-2010)
Bosses at Edinburgh's Saughton Prison are facing calls for a full inquiry after it emerged that 24-year-old John Graham is updating the website from his cell. Graham was sentenced to life in April 2007 for the murder of his neighbour Thomas Hart, a 51 year old joiner, and ordered to serve a minimum term of 15 years before he can apply for parole. Now it has been revealed that he is using a smuggled mobile phone to post photographs of himself and fellow inmates on the Bebo social networking si... read more»





Corporate interests trump security
(from ITweb at 13-5-2010)
Although the security landscape has changed and evolved over the past 20 years, the state of IT security has arguably gotten worse. This is the view of Joe Grand, president of Grand Idea Studio, speaking at ITWeb's fifth annual Security Summit, taking place in Sandton this week. Grand was a member of the renowned hacker group L0pht, which started in the early 1990s as a clubhouse for local hackers to store computer equipment, tinker with projects, and just hang out. It evolved into a group... read more»





Latin America’s IT security regulations strict on data
(from Latino Business Review at 13-5-2010)
The IT security regulations used by Latin American businesses have been focused on securing its data, but not the security of their networks. According to a recent release by Cisco, Latin American governments tread lightly around the topic of security, higher regulations would require more direct intervention in company daily operations.... read more»





Turkish student apologises for 'bringing down Twitter' but denies being a hacker
(from Telegraph at 13-5-2010)
The 17 year-old told The Daily Telegraph that he was “not proud” of the "chaos" caused by the security glitch that left users, including many celebrities, with no “followers”. But the high school student, from the north Turkish city of Zonguldak, denied he was “hacker”, claiming he only stumbled across problems with the site and tried to pass on to Twitter administrators without success.... read more»





U.S. Battling Evolving Cyber Threat
(from rferl at 13-5-2010)
The United States is losing enough data in cyber attacks to fill the Library of Congress many times over, and authorities have failed to stay ahead of the threat, a U.S. defense official says. More than 100 foreign spy agencies were working to gain access to U.S. computer systems, as were criminal organizations, said James Miller, principal deputy undersecretary of defense for policy.... read more»





Serious Challenges Await Head of Cyber Command
(from EWeek at 13-5-2010)
The Senate has confirmed Gen. Keith Alexander (promoted from lieutenant general the same day) May 7 as head of the U.S. Cyber Command. He will have his work cut out for him. "There is a glass," James Miller, principal deputy assistant secretary of defense for policy, told the Defense Department's American Forces Press Service May 12. "It has some water in it. The water is dirty, and we have an insatiable thirst in this area." In an assessment of the country's cyber-security posture, Miller... read more»





Country Reports 2010 - Enisa
(from Europa at 13-5-2010)
Deloitte was engaged by ENISA for a project with the aim of providing an update of the country reports that give an overview of the key Network and Information Security (NIS) aspects in each country in the scope. The purpose of this document is to give an introduction to the project and high level overview of the individual country reports. It is not intended to provide a separate analysis, nor is it the aim to perform benchmarking or ranking of the NIS specific elements of these countries.... read more»





U.S. struggles to ward off evolving cyber threat
(from Yahoo News at 13-5-2010)
The United States is losing enough data in cyber attacks to fill the Library of Congress many times over, and authorities have failed to stay ahead of the threat, a U.S. defense official said on Wednesday. More than 100 foreign spy agencies were working to gain access to U.S. computer systems, as were criminal organizations, said James Miller, principal deputy under secretary of defense for policy.... read more»





Did LibCon alliance bring down O2 network?
(from The Register at 13-5-2010)
O2 suffered a widespread voice and data network outage last night just before 8pm. Irritated customers filled O2's customer forums, with some reporting that their contract phones weren't working while pay-as-you-go handsets were still working. Many complained that O2's website has no network map showing current problems. Instead O2 took its customer service onto Twitter - for those who had access to it. A message posted ten hours said: "There's an issue affecting our service in some of the... read more»





419 Scam Email : Single mum fleeced of $8700 through Nigerian eBay scam
(from The Age - Australia at 13-5-2010)
A single mother selling a Sony PlayStation through eBay for $250 has been fleeced of $8700 by a Nigerian who claimed to represent the WA government's consumer protection agency. The scam involved fake emails purportedly sent from the government's WA ScamNet service, eBay, PayPal and the Nigerian Police, Customs and Central Bank. The elaborate deception began when the victim advertised on eBay last month, selling a PlayStation with games and movies for $250. A bogus buyer made an offer, ... read more»





What went wrong at the .de-registry earlier today?
(from tld at 13-5-2010)
From 13:30 through about 14:50 today, large parts of the .de zone where unavailable, causing over 13 million domain names with websites and e-mail to be unavailable. It is very uncommon for a large domain name extension to be fully unavailable, so much that it is causing domain names under that TLD to actually not work. In the last 5 to 10 years, as far as we know about, of all the large TLD’s only .nu, .se and .biz have known some real downtime. Insiders tell us that the nameserver infrastru... read more»





Please explain: why Google wants your Wi-Fi data
(from The Age - Australia at 13-5-2010)
Google Australia will today be sent a "please explain" letter from two local privacy organisations demanding to know why the company has been collecting personal Wi-Fi network data from Australian homes alongside the images it takes with its Street View cameras. The letter comes in response to recent reports that the company has been quietly collecting Wi-Fi data around the world when taking pictures of streets and houses for its mapping service.... read more»





Net neutrality wars could entangle free speech
(from ComputerWorld at 13-5-2010)
U.S. Rep. Cliff Stearns wants so badly to stop the U.S. Federal Communications Commission (FCC) from creating network neutrality rules that he appears ready to weaken the U.S. Constitution's First Amendment. Stearns, a Florida Republican, unveiled legislation Tuesday that would require the FCC, if it passed Net neutrality rules prohibiting broadband providers from selectively blocking or slowing Web content and services, to also enforce the rules on Web application and content providers.... read more»





Ukrainian in biggest credit card con job held in Delhi
(from INDIA TODAY at 13-5-2010)
Officers from the Federal Bureau of Investigation (FBI) and its Indian counterpart detained a Ukrainian national from the Indira Gandhi International Airport (IGIA) on Monday for his involvement in Net fraud and identity theft. The man, Sergey V. Storchak, was travelling on a Jetlite flight S2 120 (Goa-Mumbai-Delhi). He is alleged to have been involved in the theft and sale of more than 40 million credit and debit card numbers. The US justice department had described it as the largest hacking... read more»





U.S. struggling to ward off evolving cyber threat
(from MSNBC at 13-5-2010)
The United States is losing enough data in cyber attacks to fill the Library of Congress many times over, and authorities have failed to stay ahead of the threat, a U.S. defense official said on Wednesday. In a sobering assessment, the Defense Department's Jim Miller said more than 100 foreign spy agencies were working to gain access to U.S. computer systems, as were criminal organizations.... read more»





The impact of virtualisation on securing systems
(from The Register at 13-5-2010)
Virtualisation has become an established trend in the x86 server market and is moving into the desktop and notebook space too. It's a great tool for providing flexibility, recoverability and consolidation. But virtualisation also brings challenges, and security is certainly one of them. Personal or financial data that should be deleted may be retained in libraries of offline virtual machine images. Loading up an old image that has been stored for some time may expose the network to threats fr... read more»





DOD struggles to define cyber war
(from Government Computer News at 13-5-2010)
As the Defense Department puts its new Cyber Command in place to defend the military information infrastructure, it also is wrestling with the nontechnical issues of defining cyber war and establishing a doctrine for cyber warfare, a top Pentagon cyber policy adviser said Wednesday. James Miller, DOD principal deputy undersecretary for policy, pondered how the law of armed conflict applies to cyber war.... read more»





Online publishers question Boucher privacy bill
(from The Washington Post at 13-5-2010)
In this video, I ask Online Publishers Association president, Pam Horan, to pose one question to Rep. Rick Boucher (D-VA.) about his draft privacy bill. She talks about geolocation services, which are booming on mobile devices but have caught the concern of privacy groups who want limits on how much a Web site or advertisers can track a user's behavior based on where they located.... read more»





New DoS attack uses Web servers as zombies
(from CNet at 13-5-2010)
Researchers have uncovered a botnet that uses compromised Web servers instead of the usual personal computers to launch denial-of-service (DoS) attacks. Security firm Imperva said on Wednesday it uncovered a botnet of about 300 Web servers after one of its "honeypot" servers was used in an attack and based on a search of attack code via Google. Web servers were commonly used in such attacks a decade ago but had been replaced by the more ubiquitous Windows-based PCs, said Amachai Shulman, chie... read more»





U.S. risks China's ire with decision to fund software maker tied to Falun Gong
(from The Washington Post at 13-5-2010)
The State Department has decided to fund a group run mainly by practitioners of Falun Gong, a Buddhist-like sect long considered Enemy No. 1 by the Chinese government, to provide software to skirt Internet censorship across the globe.... read more»





Counterfeit electronics trade is killing the industry
(from The Inquirer at 13-5-2010)
Counterfeit electronics goods are entering mainstream supply chains and winding up in consumer brand products, according to an investigation by Engineering & Technology magazine. The magazine, which is published by the Institution of Engineering and Technology, dug deep into the supply chains, speaking with manufacturers, distributors and testers, and found that fake goods have infected production like viruses. Amazingly, E&T found that at least five percent of the global supply chain include... read more»





Report: Facebook calls all-hands privacy meeting
(from CNet at 13-5-2010)
According to AllFacebook.com, all those with hearts, hands, and minds at Facebook are being called together for a mutual poking session on the increasingly troubling subject of privacy. This is said to be taking place Thursday at 4 p.m. Pacific Time. While Eilliot Schrage, the company's vice president of public policy, tried to answer some questions about privacy posed by readers of The New York Times this week, it appears that some at Facebook, as well as those in the real world, might be fe... read more»





Spam and Phishing Landscape: May 2010
(from Symantec at 13-5-2010)
“Dotted quad” spam makes a splashy return to this report as the volume more than tripled from the month prior. The most observed spam subject line of the month was also the dotted quad spam attack. With respect to message size, attachment spam continued to creep up in volume in March. This, along with an increase in NDR spam, raised the average message size. The 5kb – 10kb bucket increased by over four percentage points and the 10+kb bucket increased by over nine percentage points. With respect ... read more»





FBI Gets Evidence in Student Webcam Scandal
(from Wired at 13-5-2010)
A federal judge has granted the FBI access to evidence linked to a webcam scandal at a Philadelphia suburban school district. Federal prosecutors in Pennsylvania said they were investigating “possible criminal conduct” (.pdf) in the 6,900-student Lower Merion School District. U.S. District Judge Jan DuBois is presiding over a federal civil lawsuit alleging the district secretly snapped tens of thousands of webcam images (.pdf) of students using school-issued laptops, without the pupils’ kn... read more»





Internet 'Hijacking' Leaves Networks Vulnerable
(from enterprise-security-today at 13-5-2010)
In 1998, a hacker told Congress that he could bring down the Internet in 30 minutes by exploiting a certain flaw that sometimes caused online outages by misdirecting data. In 2003, the Bush administration concluded that fixing this flaw was in the nation's "vital interest." Fast forward to 2010, and very little has happened to improve the situation. The flaw still causes outages every year. Although most of the outages are innocent and fixed quickly, the problem still could be exploited by a ... read more»





Less than half of cloud services are vetted for security
(from Net-Security at 13-5-2010)
More than half of U.S. organizations are adopting cloud services, but only 47 percent of respondents believe that cloud services are evaluated for security prior to deployment, according to a survey by the Ponemon Institute and CA. The study reveals significant cloud security concerns that persist among IT professionals when it comes to cloud services used within their organization. More than 50 percent of respondents in the U.S. say their organization is unaware of all the cloud services dep... read more»





Pirate Bay appeal judges are not biased, says Swedish Court
(from ComputerWorld at 13-5-2010)
Sweden's Supreme Court has found that two of the judges scheduled to hear an appeal in the Pirate Bay case are unbiased, it ruled Wednesday. Judges Kristina Boutz and Ulrika Ihrfelt had been accused of bias because of their involvement in pro-copyright organizations. The Supreme Court's ruling means they will be able to hear the Pirate Bay's appeal in a copyright case pitting it against record labels, film studios and other entertainment companies. The appeal trial is scheduled to start on Se... read more»





Compromised Web Servers Used To Launch DDoS Attacks
(from cyberinsecure at 12-5-2010)
Hackers have begun using compromised servers instead of client PCs to launch more powerful denial of service attacks. Hundreds of web servers are infected with a DoS application that transforms them into zombie drones, according to database security firm Imperva. These zombie servers are controlled using a simple web application, consisting of just 90 lines of PHP code. Servers are harder to compromise than desktop PCs, which can potentially be compromised as easily as tricking a user into op... read more»





INTERNET ‘BLACK HOLE' - An unfixed routing glitch affects millions each year
(from Chron at 12-5-2010)
In 1998, a hacker told Congress that he could bring down the Internet in 30 minutes by exploiting a certain flaw that sometimes caused online outages by misdirecting data. In 2003, the Bush administration concluded that fixing this flaw was in the nation's “vital interest.” Fast forward to 2010, and very little has happened to improve the situation. The flaw still causes outages every year. Although most of the outages are innocent and fixed quickly, the problem still could be exploited by a ... read more»





Cybercrime tops Attorneys General meeting Attorneys
(from NetworkWorld at 12-5-2010)
The Federal and State government attorney generals have agreed to establish a National Cybercrime Working Group to coordinate a response to online threats, including the increasing rate of bullying. At the most recent meeting of the Standing Committee of Attorneys-General, the AGs also agreed: To consider "nationally consistent laws"; to clarify "responsibility relating to the investigation and prevention of technology-enabled crimes"; to review the possibility of updating what is or isn't an... read more»





Settlement reached with Md. payment processor
(from baltimoresun at 12-5-2010)
Maryland's consumer protection division announced Monday that it reached a $20,000 settlement with payment processor MAP, LLC for allegedly failing to properly dispose of consumers' personal information. The state claims that the company, formerly doing business as Mid Atlantic Processing, threw out 77 boxes containing consumers' Social Security numbers, cancelled checks and other sensitive information in a dumpsters when closing its Owings Mills office a year ago.... read more»





Goldman Sachs Sued For Illegal Database Access
(from DarkReading at 12-5-2010)
Goldman Sachs has been slapped with a $3 million lawsuit by a company that alleges the brokerage firm stole intellectual property from its database of market intelligence facts. Filed last week in the U.S. District Court for the Southern District of New York, the lawsuit claims Goldman Sachs employees used other people's access credentials to log into Ipreo Networks's proprietary database, dubbed Bigdough. Offered on a subscription basis, the information contained within Bigdough offers detai... read more»





PCI Issues New POS Standard
(from cuinfosecurity at 12-5-2010)
A new measure to strengthen credit card data protection was released by the PCI Security Standards Council today. Version 3.0 of the PIN Transaction Security (PTS) Point of Interaction (POI) standard is designed to streamline and simplify testing and implementation by providing a single set of modular evaluation requirements for all Personal Identification Number (PIN) acceptance Point of Interaction terminals. This standard is meant to enhance and prevent payment card fraud on devices th... read more»





New virus is extremely blunt, says expert
(from BCS at 12-5-2010)
A recently-detected computer virus has been described as 'extremely blunt' by one industry expert. Earlier this month, antivirus specialist Sophos reported that a 'destructive' piece of malware, called W32/Scar-H, had emerged. According to the firm, the virus penetrates the C: drive of infected computers and duplicates all files ending with .exe. ... read more»





Symantec: beware of Apple gift card phishing scam
(from macsimumnews at 12-5-2010)
Creative online crooks have been ripping off Apple gift card holders for more than a month, according to security software vendor Symantec. eSecurity Planet says the phishing scam “requires a little bit of luck for the bad guys and lot of naivety on the part of the card holder.” The con artists set up a phishing site using a typosquatted URL—a URL that’s a deliberate misspelling of Apple or some derivation of Apple’s online store—and then lies in wait for those folks who hastily typed in the ... read more»





Patch time: Keeping your system and programs up-to-date
(from Net-Security at 12-5-2010)
For all computer users, patching is an important aspect of keeping secure online. Need more information on exactly what patching is, why it’s so important, and how to stay up-to-date? Read on to learn more. ... read more»





Trusting attitude in digital world 'poses privacy risks'
(from Stuff at 12-5-2010)
Identity theft will become more commonplace, mobile technology more invasive and the internet will increasingly make decisions on our behalf, experts say. People need to be mindful to the threats technology poses to privacy. Law Commissioner John Burrows says the potential for technology to be misused to exploit personal data is alarming. "The potential for identity theft and what hackers can do is the main worry." The Law Commission is reviewing the Privacy Act, and new legislation ... read more»





Commonwealth and states take national approach to cybercrime
(from governmentnews at 12-5-2010)
The Standing Committee of Attorneys-General have agreed to a national approach to combating cybercrime. In announcing the decision, Federal Attorney-General, Robert McClelland, and Victorian Attorney-General, Rob Hulls, said cybercime was a serious and growing threat within Australia. Mr McClelland said the Internet had made it easy for criminals to operate across jurisdictions and a seamless national approach to cybercrime was required.... read more»





Internet Drug Rings & Their 'Killer' Online Pharmacies
(from hostexploit at 12-5-2010)
Need pills for migraine, diabetes, cancer, high blood pressure, or erectile dysfunction? How about rat poison for that migraine or chalk instead of Viagra? Rogue online pharmacies ("fake pharma") are one of the worst forms of criminal activities on the Internet. They prey on the sick, hide behind false identities and false certifications, and provide the basis for most of the spam in the world. Worst of all, there is a 50 percent chance the drugs you receive are fake, which can and does kill ... read more»





Business owner warns of website hackers
(from hostexploit at 12-5-2010)
The threats posed by online hackers have been stressed by one business owner, potentially highlighting the importance of website monitoring services. Speaking to the Cayman News Service, Dwight Ebanks has outlined the problems that his company's website has suffered as a result of hacking activity. The owner of Reel-esea Charters commented: "The scammers have now hacked into all my online business websites and email accounts, even the Facebook pages."... read more»





Beware of underground economy
(from hostexploit at 12-5-2010)
Cyber crime has become an economically-motivated underground movement. What strikes fear in businesses is not the familiar Malware we know, but the malicious threats we don't hear about, says Allison Miller, PayPal group product manager for account risk. Miller explained, at the fifth annual ITWeb Security Summit held this morning, at the Sandton Convention Centre, that the traditional fortress mentality of developing security perimeters around an enterprise is no longer relevant in today's e... read more»





Trained experts needed to fight cyber crime
(from IOL at 12-5-2010)
Trained experts are essential for law enforcement agencies to successfully fight cyber crime, said National Prosecuting Authority deputy director Paul Louw in Sandton on Tuesday. Speaking at a 2010 web security summit at the Sandton Convention Centre Louw said that cyber crime investigations often fail at an early stage due to digital ignorance. "There is still widespread ignorance among law enforcement agencies in the gathering of digital evidence," he said. Louw said it was difficult ... read more»





Millions of German domain names off the grid for more than an hour
(from stephanevangelder at 12-5-2010)
Reports of a major resolution failure on the .DE zone are coming out of Germany. It appears that for about 1.5 hours around lunchtime (in Europe) today, there was a problem with the nameservers used to support the .DE zonefile. As a consequence, many .DE domains became unavailable causing disruptions to websites, email and other domain-related services. The German registry Denic apparently stepped in very quickly to correct the problem (which they may have caused by mistakenly reloading the z... read more»





Yelp Facebook Implementation Exposes Security Concerns
(from Webpronews at 12-5-2010)
If privacy concerns weren't enough to get people thinking about deleting their Facebook accounts, they also have security concerns to consider. As Facebook takes over the web, user information goes with it. One can only imagine the potential threats that are lurking around the corner. An exploit was discovered on Yelp, one of Facebook's preliminary partners for its Open Graph initiative, which would have allowed malicious sites to harvest user names, email, and data users shared publicly on F... read more»





BEWARE! Information posted on Facebook puts you in danger of identity theft
(from Whas11 at 12-5-2010)
The most innocent quiz on Facebook could turn out to be a way to steal your information. That's just one of the threats WHAS11 News found after looking at social networking sites like Facebook. Even if you think you're being safe, WHAS11's Melanie Kahn found that a little of your information can go a long way for criminals. Social networking sites are not inherently dangerous. But the problem is, there really aren’t many ways to control who sees your information, or for that matter, how... read more»





Survey Finds 47% Of IT Security Professionals Believe Personal Healthcare Information Is Less Secure In 2010
(from MedicalNewsToday at 12-5-2010)
Forty-seven percent of IT security professionals believe their personal healthcare information is less secure than it was 12 months ago according to a recent survey by nCircle, the leading provider of automated IT security and compliance auditing solutions. The online survey of 257 security professionals was conducted between February 4 and March 12, 2010, and covered a range of security topics including smartphones, healthcare, cloud computing and social media. ... read more»





Virtual malware faces HyperSafe lockdown
(from ZDNet at 12-5-2010)
A team of researchers has come up with a way to stop malicious code from spreading from one virtual machine to the hypervisor and from there to other virtual machines. The researchers from North Carolina State University said that their "hypersafe" technology could protect virtualised system against this kind of threat, known as "virtual machine escape". The team's research is set to be presented in a paper called HyperSafe: A Lightweight Approach to Provide Lifetime Hypervisor Control-Flow I... read more»





Hacked Archos 5 Internet tablet runs Maemo
(from TGDaily at 12-5-2010)
An intrepid team of hackers has deployed openAOS dualboot to run Nokia's Maemo on the Android-based Archos 5 Internet Tablet and Internet Media Tablet (IMT). "For a happy, good, fun-time PROOF OF CONCEPT, here's Maemo running on an Archos 5 IMT using openAOS dualboot," Spz03737 explained in a YouTube video description. 

 "This has [thus far] been tested on A5 Gen6 AND Gen7 devices. Thanks to dm8tbr, Gaap and others on [IRC] #openpma for this effort."... read more»





V3.co.uk readers question Linux spam research
(from v3 at 12-5-2010)
V3.co.uk readers have reacted angrily to suggestions from security firm Symantec Hosted Services that a lack of knowledge and awareness about how to use Linux mail servers could be contributing to the disproportionately large number of Linux machines being exploited to send spam. Symantec malware data analyst Mat Nisbet argued in a blog post last week that many companies running Linux to keep costs down "have not realised that leaving port 25 open to the internet also leaves them open to abus... read more»





IT products guilty of shunning green labels
(from BusinessGreen at 12-5-2010)
Almost 80 per cent of IT products on the market have no stated green credentials or accreditation, according to a major study of about 150,000 products. The research, from technology services firm Probrand, looked at a wide range of hardware products from 11 manufacturers and found that only 22 per cent carried some form of official environmental standard such as the popular Energy Star label. Desktop computers, servers and laptops were most likely to have attained environmental accreditat... read more»





German court orders wireless passwords for all
(from Yahoo at 12-5-2010)
Germany's top criminal court ruled Wednesday that Internet users need to secure their private wireless connections by password to prevent unauthorized people from using their Web access to illegally download data. Internet users can be fined up to euro100 ($126) if a third party takes advantage of their unprotected WLAN connection to illegally download music or other files, the Karlsruhe-based court said in its verdict.... read more»





German court orders wireless passwords for all
(from MSNBC at 12-5-2010)
Germany's top criminal court ruled Wednesday that Internet users need to secure their private wireless connections by password to prevent unauthorized people from using their Web access to illegally download data. Internet users can be fined up to euro100 ($126) if a third party takes advantage of their unprotected WLAN connection to illegally download music or other files, the Karlsruhe-based court said in its verdict.... read more»





Breach Causes: Laptop Theft, DVD Losses
(from Healthcare Information Security at 12-5-2010)
Two February incidents are among those recently added to the federal tally of major healthcare breaches. One involves a laptop theft; the other the loss of two DVDs. Under the HITECH Act breach notification rule, organizations have 60 days to report breach incidents to federal authorities, the media and individuals affected. The HHS Office for Civil Rights says it adds incidents to its official tally once the details are confirmed... read more»





Top 10 Jobs For Criminal Hackers
(from BloggerNews at 12-5-2010)
Identity Theft Expert They need: 1. Programmers: They are the dudes that write the actual viruses that end up on your PC because you were surfing porn or downloading pirated software off of torrents. 2. Carders: the most visible of criminals who distribute and sell stolen data to whoever is willing to take it and burn it onto a white card or make purchases over the internet.... read more»





A failure to protect medical privacy
(from tampabay at 12-5-2010)
For the third time in recent months, Tampa Bay citizens have found themselves the unwanted recipients of patients' private medical records. What's more, in two cases, the recipients' efforts to restore patients' privacy were rebuffed, suggesting the federal Health Insurance Portability and Accountability Act (HIPAA) is falling far short of its promise to protect and enforce patient privacy. For more than half a year, strangers' medical records jammed the home fax machine of Hudson resident El... read more»





Cyberwar or cyber threat? Rethinking the who and the why
(from localtechwire at 12-5-2010)
In a world of such diverse threats and increasing allegations of cyber crime, economic espionage, military espionage, and cyber warfare, it is critically important that governments and cyber security professionals think differently about malicious cyber events and how to respond to them. The starting point is breaking down attacks by attribution and category.... read more»





Experts to fight cyber crime
(from timeslive at 12-5-2010)
Trained experts are essential for law enforcement agencies to successfully fight cyber crime, said National Prosecuting Authority deputy director Paul Louw in Sandton. "Law enforcement agencies need help as cyber crime technology gets outdated very quickly." Louw went on to say that there was a greater need for more proactive intelligent investigations to fight cyber crime.... read more»





BSA Reports $51 Billion Worth of Software Theft in 2009
(from Earthtimes at 12-5-2010)
* Piracy rates increased in 19 global economies, up from 16 in 2008. * The factors driving up the global piracy rate include growth in the consumer PC base and in emerging markets -- both segments with high piracy rates: o Globally, PC shipments to consumers rose 17 percent in 2009, while shipments to businesses, governments and schools dropped 15 percent. o The PC markets in Brazil, India and China accounted for 86 percent of the growth in PC shipments worldwide. * China saw the largest i... read more»





Ukrainian in biggest credit card con job held in Delhi
(from INDIA TODAY at 12-5-2010)
Officers from the Federal Bureau of Investigation (FBI) and its Indian counterpart detained a Ukrainian national from the Indira Gandhi International Airport (IGIA) on Monday for his involvement in Net fraud and identity theft. The man, Sergey V. Storchak, was travelling on a Jetlite flight S2 120 (Goa-Mumbai-Delhi). He is alleged to have been involved in the theft and sale of more than 40 million credit and debit card numbers. The US justice department had described it as the largest hacking... read more»





Breach Notification Planning Tips
(from healthcareinfosecurity at 12-5-2010)
All healthcare organizations should create a detailed plan for meeting the requirements of the HITECH breach notification rule, says attorney Gerry Hinkley. In an interview, Hinkley describes key steps hospitals, clinics and other should take, including: Designating someone, such as the HIPAA privacy officer, to lead the compliance effort; Outlining processes for discovering breaches; Creating a method for determining whether a particular incident poses a significant risk of harm and... read more»





Govt to develop own operating system
(from THE TIMES OF INDIA at 12-5-2010)
The government has set in motion an ambitious plan to develop its own software and end the reliance on foreign operating systems and anti-virus products after growing worries over the spurt in cyber attacks on Indian establishments. The government formed a high-level taskforce in February to devise a plan for building indigenous software, said a senior intelligence official who is a member. The panel will also suggest ways to conduct third-party audits on existing software in government offic... read more»





ISAlliance on Finance Sector Cybersecurity
(from infosecisland at 12-5-2010)
The lack of software quality or assurance in the products we use within our tech infrastructure. There are simply too many vulnerabilities out there to exploit; this is the underlying heart to most of the problems we face. It allows hackers, criminals or nation states to attack the confidentiality of our information or even the integrity of our information. From a public policy perspective, everyone reaps some of the benefit of investment in cyber security by a single company. This free-ri... read more»





Top 10 Skills in Demand in 2010
(from infosecisland at 12-5-2010)
In the Global Knowledge/TechRepublic 2010 Salary Survey, conducted at the end of last year, one of the questions put to respondents was "What skill set will your company be looking to add in 2010?" The skills listed by respondents include the perennial favorites, such as security, network administration, and Windows administration. Also included are virtualization/cloud computing and Web development. Meanwhile, an old favorite, business analysis, makes a come back. Here's the complete list... read more»





Why Everyone Should Learn to Be A Hacker
(from infosecisland at 12-5-2010)
I know enough about hacking to make all of my software un-usable, mess up my operating system, and crash my PC. I also know enough about hacking to re-install my operating system, re-install all my software and get my PC running fresh and relatively secure. I’m no criminal hacker. And I am not suggesting that. Nor can I program; I don’t know code but I do know enough to hack in a way that keeps me running, and again, secure. Hacker isn’t a bad word and hacking isn’t a bad thing to do. It’s so... read more»





European Parliament calls for internet rights charter
(from Computer Active at 12-5-2010)
Internet users should be able to demand the removal of their personal information from company systems the European Parliament has said. This right was among a number of issues, including cyber crime and broadband access, looked at by the Parliament as it put in place a new digital strategy called 2015. This outlined its ambitions for internet policy for the next five years and beyond.... read more»





Researchers Demo Hardware Attacks Against India's E-Voting Machines
(from Slashdot at 12-5-2010)
"India, the world's largest democracy, votes entirely on government-made electronic voting machines that authorities claim are 'tamperproof,' 'infallible,' and 'perfect,' but last week security researchers proved that they can be manipulated to steal elections. A team led by Hari Prasad, Professor J. Alex Halderman, and Rop Gonggrijp released an awesome video that shows off hardware hacks they built.... read more»





In theory, your antivirus software is worthless
(from Chron at 12-5-2010)
If you're a Windows user, you know that installing antivirus and antispyware software is a must. With so much malware targeting the platform, running a PC without it is essentially playing Russian roulette. Now, security researchers at Matousec.com have devised an attack that allows malicious code to get around antivirus software. Based on the company's tests, every Windows security product tested so far is vulnerable.... read more»





Scam Alert - Targeted Attack Using Journalists as a Lure
(from F-Secure at 12-5-2010)
We found a new malicious XLS file which contains lots of names, details and contact information for journalists around the world: This file was e-mailed to unknown persons, apparently in order to launch a targeted attack. The relevance of the journalists mentioned in the attack file is unknown. When the file (md5 hash: 46d0edc0a11ed88c0a39bc2118b3c4e071413a4b) is opened, it exploits a vulnerability in Excel. The vulnerability executes a piece of embedded code that drops several new executa... read more»





Facebook notifications leak IP addresses
(from Sophos at 12-5-2010)
Is everyone tired of hearing about Facebook yet? I am starting to think so, but every time I turn around they have another issue with information leakage. Unlike some of the privacy issues, this one does not appear to be by design, but clearly Facebook is aware it's a problem because they tried to hide it. Most people would agree at this point that we should not expect Facebook to protect our privacy, but with hundreds of millions of users impacted by their decisions, it's important to public... read more»





NC nurse charged with getting hydrocone illegally
(from roostercountry1061 at 12-5-2010)
A North Carolina nurse has been charged with obtaining about 3,400 hydrocodone tablets by hacking into an electronic prescription system. Multiple media outlets reported the Iredell County Sheriff's Department arrested 35-year-old Kara Lee Roland of Mooresville on Friday. The licensed practical nurse worked for OrthoCarolina, an orthopedic care provider based in Charlotte. Officials at OrthoCarolina say they learned of the fraudulent prescriptions in February and fired Roland the next day.... read more»





Hackers disrupt Prince Albert city website
(from CBC at 12-5-2010)
Hackers replaced the normal City of Prince Albert website on the weekend with the image of the founder of Turkey. The city's online site had been hacked, and viewers were misdirected to another website. As soon as the misdirection was discovered, city workers quickly changed the site back to normal.... read more»




White house: No evidence wall streeet drop was part of cyber attack
(from wbjb at 12-5-2010)
It’s something a lot of people probably thought about — but the White House says it didn’t happen. The Obama administration’s adviser for homeland security and counterterrorism issues says there is no evidence that a cyber attack is to blame for the wild action on Wall Street this past Thursday. John Brennan told “Fox News Sunday” that officials have turned up no links suggesting the turbulence in the Dow Jones industrials was caused by an online attack.... read more»

Disqus for ePayment News