Saturday, January 9, 2010

Internet Security News Through January 8th

Internet Security News

This Free IT-Security news feed is provided by E-Secure-IT; the most comprehensive and complete Business Risk Management Intelligence Service and IT-Security Risk and Threat Early Warning Service available in the market today.

Visit them at or email for more information on their available services.

Creating a Culture of Security - Top 10 Elements of an Information Security Program

(from govinfosecurity at 9-1-2010)

The Obama Administration has a heavy emphasis on information security, and already we're seeing greater attention paid to cybersecurity and FISMA reform. Now is the time for government agencies to benchmark and strengthen their information security programs. Learn from security veteran Patrick Howard, CISO of the Nuclear Regulatory Commission, how to: Develop the Security Program and Policy Manage Security Risks Provide User Awareness, Training and Education Respond to Incidents... read more»

CES: Why the White House is backing away from Net neutrality

(from CNet at 9-1-2010)

The Obama administration and its allies at the Federal Communications Commission are retreating from a militant version of Net neutrality regulations first outlined by FCC Chairman Julius Genachowski in September. That's my reading of a number of recent developments, underscored by comments made by government speakers on a panel on the first day of a Tech Policy Summit at CES in Las Vegas.... read more»

Does Dearth of Infosec Pros Pose Risk?

(from govinfosecurity at 9-1-2010)

Dickie George is an optimist about training the skilled information security professionals to protect American IT in the coming years, but he doesn't sugarcoat the truth when it comes to securing military and federal IT systems now. George is technical director of the National Security Agency's Information Assurance Directorate, and in the second part of an interview with (transcript below), he describes a shortage of skilled infosec pros in government. Does such a shortfa... read more»

Heartland Breach Demonstrates That Compliance is Simply Not Enough

(from CIO at 9-1-2010)

Nearly a year after Heartland Payment Systems disclosed what turned out to be the biggest breach involving payment card data, the company remains a potent example of how compliance with industry standards is no guarantee of security. Princeton, N.J.-based Heartland last Jan. 20 disclosed that intruders had broken into its systems and stolen data on what was later revealed to be a staggering 130 million credit and debit cards. That number easily eclipsed the 94 million cards that were compromi... read more»

Microsoft to Squish One Lonely Bug on Tuesday

(from InternetNews at 8-1-2010)

For system administrators who have felt under the gun in recent months as Microsoft patched record numbers of critical security bugs in its products, January should be a skate. That's because next Tuesday -- the second Tuesday of the month, also known as "Patch Tuesday," the day Microsoft (NASDAQ: MSFT) issues most of its patches for the month -- only has one patch for a single bug. And that bug is only really dangerous to those running the oldest supported version of the Windows operating sy... read more»

Security: Things That Didn't Happen in '09 and Probably Won't in '10

(from CIO at 8-1-2010)

At the beginning of 2009, CSO ran an article contributed by David Kelleher, communications and research analyst at security software firm GFI Software, about ten things that wouldn't happen in 2009. At that time, Kelleher gave us his picks for ten things he predicted security pros would want, but were not likely to get, in the coming year. As we head into 2010, we decided to look back at how the year shaped up and spoke with Kelleher about his prognosticating. His reaction?... read more»

TSA Gaffe Shows Pitfalls of Redaction

(from CIO at 8-1-2010)

The inadvertent exposure of a sensitive Transportation Security Administration security manual last month serves as a sobering reminder about the pitfalls of trying to redact, or hide, electronic text. The lapse occurred when a contract employee posted the improperly redacted security manual -- which described TSA airport screening methods that are designed to thwart terrorists -- on a public Web site for federal procurements.... read more»

Hackers drain New York school district's bank account

(from Securityinfowatch at 8-1-2010)

Over three days last month, about $3 million was drained by computer hackers from the bank account of the Duanesburg Central School District and deposited into overseas accounts. The cyber crime has prompted a joint probe into what banking and security officials say is a growing problem, underscoring the need for airtight internal controls. Duanesburg Superintendent Christine Crowley said during a news conference Tuesday at Duanesburg Elementary that the discovery of the unauthorized electron... read more»

What Does DHS Know About You?

(from philosecurity at 8-1-2010)

Here’s a real copy of an American citizen’s DHS Travel Record retrieved from the U.S. Customs and Border Patrol’s Automated Targeting System (ATS). This was obtained through a FOIA/Privacy Act request and sent in by an anonymous reader (thanks!) The document reveals that the DHS is storing the reader’s: Credit card number and expiration (really) IP address used to make web travel reservations Hotel information and itinerary Full Name, birth date and passport number Full airline itinera... read more»

The problem with malvertising will lead to the most trusted websites being viewed with suspicion

(from scmagazineuk at 8-1-2010)

The problem with malicious adverts will create some degree of risk even on the most trusted websites. Randy Abrams, director of technical education at ESET, claimed in a blog posting that he had recently received questions on the legitimacy of ‘malvertising', specifically on how likely infection was without intervention and what the best line of defence was.... read more»

Social Networking Hacks: Top 10 Facebook and Twitter Security Stories of 2009

(from CIO at 8-1-2010)

Jan. 6: Hackers hijack Obama's, Britney's Twitter accounts April 11: Twitter wrestles with multiple worm attacks May 18: Phishers, viruses target Facebook users Aug. 4: High-profile organizations ban Facebook, Twitter... read more»

Two Indicted For Identity Theft

(from wibw at 8-1-2010)

A Topeka man and Olathe woman are accused of identity theft. 45-year old Robert L. Maxwell of Topeka and 46-year old Marcella D. Machado of Olathe are each charged with conspiracy, bank fraud, aggravated identity theft, and theft or receipt of stolen mail. The indictment alleges that Maxwell and Machado obtained information relating to the identity of other persons, then tried to pass stolen checks using the stolen identities.... read more»

Hackers Compromise Fox Sports Website

(from spamfighter at 8-1-2010)

According to a warning released by security researchers, the Fox Sports website, an integral part of the Fox Broadcasting Company, has gone under the control of unknown hackers. The hackers injected malware inside the 'custom error' section of the site. Two different malicious codes have been found, each as a result of a different infection. The ThreatSeeker Network of Web-security Company 'Websense' detected the infected page.... read more»

Attack on InterNetX’s DNS servers

(from h-online at 8-1-2010)

As a spokesperson for InterNetX told The H's associates at heise SecurityOn, on Wednesday, a severe distributed denial-of-service attack (DDoS) nearly brought down the German company’s domain name service. The spokesperson added that the firm was still trying to understand the type and scope of the attack.... read more»

Email services that failed to block spear phishing message revealed

(from scmagazineuk at 8-1-2010)

Following a spear phishing experiment that saw smartphones fall victim to an email claiming to be from Bill Gates, the creator of the experiment has revealed the email services that failed to block the message. Writing on the Dark Reading website, PacketFocus CEO Joshua Perrymon said that he was able to get his spoofed message through to the likes of Microsoft Outlook 2007, Microsoft Exchange, Outlook Express and Cisco IronPort.... read more»

US financial sector group to test cyber attack defences

(from ComputerWeekly at 8-1-2010)

A US financial services information sharing organisation is to run a major exercise to test the ability of payment processors to respond to cyber attacks. The Financial Services Information Sharing and Analysis Center (FS-ISAC) has invited all payment organisations to take part in the three-day exercise scheduled to start on 9 February.... read more»

7th International Conference on Trust, Privacy & Security in Digital Business, 30 August - 3 September 2010, University of Deusto, Bilbao, Spain

(from ISACA at 8-1-2010)

The advances in the Information and Communication Technologies (ICT) have raised new opportunities for the implementation of novel applications and the provision of high quality services over global networks. The aim is to utilize this ‘information society era’ for improving the quality of life for all citizens, disseminating knowledge, strengthening social cohesion, generating earnings and finally ensuring that organizations and public bodies remain competitive in the global electronic marketpl... read more»

Home secretary: ID register contains NI numbers

(from ZDNet at 8-1-2010)

Home secretary Alan Johnson has confirmed that the National Identity Register contains National Insurance numbers and answers to 'shared secrets'. In a revelation that is likely to intensify the arguments over the privacy implications of the database, Johnson claimed the NI numbers have been included to "aid identity verification checks for identity cards and, in time, passports".... read more»

Financial services umbrella group to probe bank cyber security

(from MXLOGIC at 8-1-2010)

The Financial Services Information Sharing and Analysis Center will simulate a cyber attack on its member institutions to study how robust their IT security is. Information Week says that the online war game is scheduled for February 9 - 11, and each day of the exercise will present the participating institutions with a different type of cyber attack that their IT defenses must attempt to foil. The participants will be expected to activate any contingency plans that they had in place to deal ... read more»

December malware targeted the surge in online shopping, study says

(from internet retailer at 8-1-2010)

A rise in online fraud driven by software designed to steal financial account data on web sites was timed to hit web sites during the surge in December online shopping, network security firm Fortinet says in its recent Threatscape report. Malicious software, or malware, activity overall slowed in December to the lowest levels since October, Fortinet says. However, one malware variant - despite its threat only spanning a few days - bucked the trend, delivering 66.5% of total malware activity f... read more»

Bad publicity changing attitudes to data security

(from irishtimes at 8-1-2010)

NUMEROUS data-loss cases in headlines over the past two years have made Irish companies far more aware of privacy and data security policies and protections within their own companies, compared to their international colleagues. But a lower level of Irish company concern about the potential actions of disgruntled employees and a move towards greater off- shoring of data processing and the transfer of data to third-party management may not bode well at a time of corporate downsizing and the in... read more»

The IRS's 'Dirty Dozen list of tax scams

(from ledgerdelaware at 8-1-2010)

The Internal Revenue Service issued its 2009 “dirty dozen” list of tax scams, including schemes involving phishing, hiding income offshore and false claims for refunds. The 2010 list will be out this spring. “Taxpayers should be wary of scams to avoid paying taxes that seem too good to be true, especially during these challenging economic times,” IRS Commissioner Doug Shulman said. “There is no secret trick that can eliminate a person’s tax obligations. People should be wary of anyone peddlin... read more»

Industry Group Plans Cyber Attack Simulation

(from DarkReading at 8-1-2010)

A financial services industry group is planning to simulate a series of cyber attacks to test how well banks, payment processors and retailers deal with online threats. The Financial Services Information Sharing and Analysis Center (FS-ISAC), a group formed in response to a 1998 Presidential security directive, on Tuesday invited financial institutions, retailers, card processors, and businesses of all sizes to participate in its Cyber Attack against Payment Processes (CAPP) Exercise.... read more»

FCC seeks extension for national broadband plan

(from usatoday at 8-1-2010)

The chairman of the Federal Communications Commission is asking for a one-month extension on the national broadband plan the agency is required to submit to Congress. The plan, mandated by last year's economic stimulus bill, is due to lawmakers by Feb. 17. It will lay out a policy road map for ensuring that all Americans have access to affordable high-speed Internet service. The agency is asking for an extra month to finish digging through the massive volume of public comments that it has ... read more»

Real estate agency breaches the Spam Act

(from ACMA at 8-1-2010)

The Australian Communications and Media Authority has issued a formal warning to Danielou Pty Ltd, trading as Elders Real Estate Wollongong, following an investigation that found the real estate agency breached the Spam Act 2003 by sending commercial electronic messages without an unsubscribe facility. ‘This is the first enforcement measure taken against a real estate agent since an ACMA awareness campaign about unsolicited communications targeted at the real estate sector,’ said Chris Cheah,... read more»

Social networking hacks: Top 10 Facebook and Twitter security stories of 2009

(from Network World at 8-1-2010)

Facebook and Twitter use skyrocketed in 2009, and naturally the social networking sites became magnets for hacker attacks and sparked other types of privacy concerns. CIOs have expressed doubts about the social networking sites, and these stories show there is good reason to be worried. Here, in chronological order, are the top 10 security and privacy stories concerning Facebook and Twitter from the past year.... read more»

Large-scale attacks exploit unpatched PDF bug

(from ComputerWorld at 8-1-2010)

A week before Adobe is scheduled to patch a critical vulnerability in its popular PDF software, hackers are actively exploiting the bug with both targeted and large-scale attacks, a security researcher said today. The SANS Institute's Internet Storm Center (ISC) reported Monday that they'd received samples of a new rigged PDF document that hijacked PCs using a bug Adobe acknowledged Dec. 14 . Later last month, Adobe said it would not patch the bug until Jan. 12. In his write-up of the sample,... read more»

Computer crime: Protecting your privacy

(from Wten at 8-1-2010)

The FBI says it could be a while before we learn more information about the Duanesburg Central School District bank accounts being hacked and who did it. Investigators are trying to piece together how someone was able to transfer more than $3 million dollars to various overseas accounts without the district's authorization.... read more»

Batelco clamp on spamming activities

(from Gulf-daily-news at 7-1-2010)

BATELCO has taken action against a number of e-mail accounts known to be engaging in spamming activities, it was revealed yesterday. Officials said residents were complaining about the growing number of spam e-mails being received on a daily basis. Many have also been the victims of so-called phishing attacks with their e-mail accounts hijacked and used without their knowledge to send spam to people in their address books.... read more»

Cisco, Symantec, Apache Tackle Y2K10 Glitches

(from Earthweb at 7-1-2010)

Remember the Y2K bug? Ten years after the original scare leading up to the year 2000, IT systems are once again facing problems due to the changing of the calendar year. Now, the issues are stemming from the rollover to 2010 -- or Y2K10, as it's being termed. There are reports out of Germany that millions faced problems with credit and debit card access due to Y2K10 bugs.... read more»

Update: Heartland breach shows why compliance is not enough

(from ComputerWorld at 7-1-2010)

Nearly a year after Heartland Payment Systems Inc. disclosed what turned out to be the biggest breach involving payment card data, the incident remains a potent example of how compliance with industry standards is no guarantee of security. Princeton, N.J.-based Heartland last Jan. 20 disclosed that intruders had broken into its systems and stolen data on what was later revealed to be a staggering 130 million credit and debit cards. That number easily eclipsed the 94 million cards that were co... read more»

Microsoft Security Bulletin Advance Notification for January 2010

(from Microsoft at 7-1-2010)

This is an advance notification of security bulletins that Microsoft is intending to release on January 12, 2010. This bulletin advance notification will be replaced with the January bulletin summary on January 12, 2010. For more information about the bulletin advance notification service, see Microsoft Security Bulletin Advance Notification. Affected Software: Microsoft Windows 2000 Windows XP Windows Server 2003 Windows Vista Windows Server 2008 Windows 7 For more infor... read more»

How to: Protect Your Website Using robots.txt, Part 1

(from esecurityplanet at 7-1-2010)

For hackers looking to access passwords, user e-mails, retail transactions, and other private data, one of the most useful tools on the Web is also among the most popular—Google. Armed only with the world’s most popular search engine, and crafty search terms, a Google search can turn up troves of data whose owners are probably not looking for public exposure. Yet, technically speaking, neither Google nor those running these searches are doing any “hacking” at all.... read more»

New year brings new PDF vulnerabilities

(from planetpdf at 7-1-2010)

While the world was ringing in the New Year, hackers were creating new ways to exploit unpatched vulnerabilities in PDF documents according to Internet Storm researcher Bohan Zdrnja. In a blog post this week Zdrnja detailed a new JavaScript exploit that can be hidden in PDF files and exploit a widely documented PDF vulnerability. The blog post details Zdrnja's test on a suspicious PDF document that was sent by one of the blog readers. Zdrnja noted in his analysis of the document that it was e... read more»

FBI investigating online New York school district theft

(from ComputerWorld at 7-1-2010)

A New York school district has reverted to using paper checks after cybercriminals tried to steal about $3.8 million from its online accounts just before Christmas, prompting an FBI investigation. For three days starting Dec. 18, cybercriminals started transferring money overseas from the accounts of the Duanesburg Central School District, which has two schools with about 950 students about 20 miles west of Albany, New York.... read more»

Malware strains headed into the billions

(from ITWorldCanada at 7-1-2010)

A week rarely goes by without some kind of security report making headlines. This week's token report, which just surfaced from security firm PandaLabs, says that about 25 million new strains of malware were created throughout 2009. PandaLabs actually said that it identified more new malware strains last year than it has during its entire 20-year company history. The company also said that two thirds of these malware strains were banking Trojans. The next most popular type of malware was ... read more»

I Have Only One Security Prediction for 2010

(from threatpost at 7-1-2010)

Instead of the usual top ten lists that are all-too-common with predictions for the new year, I have just one: 2010 will be the year of desktop applications handling untrusted data in sandboxed processes, and it will be about time. Since the release of Windows XP SP2, there have been significantly less network-based Internet worms (Conficker being a notable and recent exception). This is largely due to XP SP2 making the Windows Firewall on by default and Wi-Fi. Yes, Wi-Fi.... read more»

Cloud computing to rise among SMEs in 2010

(from BCS at 7-1-2010)

More than half of small and medium sized enterprises (SMEs) are planning to use cloud computing technology this year, according to new research. The report by internet service provider, Easynet Connect, found that nearly three-quarters of SMEs are planning on using the technology over the next five years. This is up from 2008, when just under half of SMEs said they'd be using cloud.... read more»

Can We Trust NSA on Expanded Infosec Role?

(from govinfosecurity at 7-1-2010)

There's much distrust surrounding the National Security Agency, and those misgivings could hamper its potential expanded role in securing key government systems and the nation's critical IT infrastructure. The mistrust dates back to 2005 when reports first surfaced that the NSA - the super-secret, electronic spy agency administrated by the Defense Department - illegally eavesdropped without warrants on e-mail and other forms of electronic communications of American citizens as part of a large... read more»

2009 saw 25 million new malware strains as Trojans accounted for 66 per cent of all detections

(from scmagazineuk at 7-1-2010)

Last year saw 25 million new strains of malware with banking Trojans and fake anti-virus the main threats. According to the PandaLabs annual report, 25 million new strains were created in just one year, compared with a combined total of 15 million throughout the rest of the company's 20-year history.... read more»

10 fool-proof predictions for the Internet in 2020

(from NetworkWorld at 7-1-2010)

1. More people will use the Internet. 2. The Internet will be more geographically dispersed. 3. The Internet will be a network of things, not computers. 4. The Internet will carry exabytes perhaps zettabytes of content. 5. The Internet will be wireless. 6. More services will be in the cloud. 7. The Internet will be greener. 8. Network management will be more automated. 9. The Internet won't rely on always-on connectivity. 10. The Internet will attract more hackers. 11. Make your own pr... read more»

Hackers crack security on Eugene school employee info

(from kval at 7-1-2010)

Hackers breached the security a computer server containing the names, phone numbers and employee ID numbers of current and former Eugene School District employees, the district said Tuesday. The server in question did not contain other personal information but was attached to servers that contain Social Security numbers and other sensitive data, the district said.... read more»

25 million new strains of malware created in 2009

(from SecurityPark at 7-1-2010)

PandaLabs has published its Annual Malware Report, which reviews the major incidents and events concerning IT security in 2009. The outstanding trend of the last 12 months has been the prolific production of new malware: 25 million new strains were created in just one year, compared to a combined total of 15 million throughout the rest of the company's 20-year history. This latest surge of activity included countless new examples of banker Trojans (some 66%) as well as a host of fake antiviru... read more»

Hacker Posts Anti-Ahmadinejad Letter on His Site

(from IsraelNationalNews at 7-1-2010)

A hacker broke into the website of the Iranian president and posted in English a comment on the homepage expressing sadness over the death last year of Michael Jackson and wishing for the death of Ahmadinejad. "In 2009 you took my favorite singer - Michael Jackson," the hacker wrote in a message to God. “Please, please don't forget my favorite politician - Ahmadinejad and my favorite dictator - [Iran's Supreme Leader Ayatollah Sayyid Ali] Khamenei in the year 2010. Thank you."... read more»

'National net filter protest pushed back'

(from SecureComputing at 7-1-2010)

A planned national protest against the Federal Government's internet censorship regime was pushed back to March but separate Australia Day protests were on track. Organisers of the Block the Filter campaign last night updated their Facebook page to say that nationwide protests on January 30 will take place on March 6.... read more»

One in three U.S. businesses has no anti-virus protection

(from venturebeat at 7-1-2010)

A study released today by security software maker Symantec raises an alarm: One in three American businesses doesn’t have basic anti-virus software installed. Last week, the FBI and the American Bankers Association partnered on an advisory to small businesses: Dedicate a separate PC from workers’ machines, and use that machine alone for online banking.... read more»

Five SEO Secrets to Make Your Site More Visible

(from itworld at 7-1-2010)

1. Determine Goals, Priorities, and Measurements 2. Research Keywords 3. Use Keywords Judiciously 4. Create 'Linkbait' 5. Make Sure Your Site Is Search Engine Friendly... read more»

Google's 10 toughest rivals

(from itworld at 7-1-2010)

1. Amazon 2. Apple 3. AT&T 4. Facebook 5. Hulu 6. IBM 7. Microsoft 8. Nokia 9. Verizon 10. Yahoo... read more»

10 Sites and Services That Will Matter in 2010

(from itworld at 7-1-2010)

1. Fancast Xfinity TV 2. Bing 3. Android Market 4. Grooveshark 5. Google Voice 6. 7. Clicker 8. Yammer 9. 10. Postabon ... read more»

Can Imaging Technologies save us from Terrorists?

(from itworld at 7-1-2010)

Millimeter wave technology devices like L3 Communications' ProVision Whole Body Imager scan you with millimeter wave radio frequency (RF) from two antennas simultaneously as they rotate around you. The TSA (Transportation Security Administration) claims that millimeter wave scanners use far less energy than a cell phone in their scans. The result is a 3-dimensional gray-scale body image.... read more»

'Cuba protests US screening of airline passengers'

(from Boston at 7-1-2010)

Cuba summoned the top U.S. diplomat on the island Tuesday to protest extra screening for Cuban citizens flying into the United States, calling the rule a "hostile action" meant to justify America's trade embargo. The new dispute comes after several setbacks that have all but snuffed out hope for a quick resolution to the half-century of antagonism between Cuba and the United States, and as Cuban officials have been increasingly sharp-spoken about their disappointment in President Barack Obama... read more»

EC card problem persists

(from h-online at 7-1-2010)

It appears the year 2010 problem concerning EC cards and other debit/credit cards containing EMV chips won't be solved as swiftly as initially anticipated – while withdrawing money at cash points is reportedly no longer a problem, it will be at least another few days before the affected cards will be fully functional and accepted by all retailers. In a press release, the German Association of Savings Banks, Deutsche Sparkassen- und Giroverband (DSGV), has even recommended that customers "carr... read more»

Year 2010 bug wreaks havoc on German payment cards

(from theregister at 7-1-2010)

A delayed Y2K bug has bitten hard at some 30 million holders of German debit and credit cards, making it impossible for them to use automatic teller machines and point-of-sale terminals since New Year's Day. Multiple news agencies said the outage stemmed from card chips that couldn't recognize the year 2010. The DSGV, an association representing German banks, said engineers were working diligently to fix the problem, but a full resolution might not come until Monday.... read more»

Six Predictions for the 2010 Cyber World

(from Adfero at 7-1-2010)

1. Cyber will grow in importance this year. 2. Technology companies will claim that their appliances and software have “solved” the problem of security. 3. The hottest job opportunities will be for “cyber samurai.” 4. The Administration will finally launch a national Cyber Education and Awareness Campaign. 5. There will be a major internal blowup over cyber security within the Obama Administration. 6. There will be a major cyber event that negatively impacts one of the Nation’s i... read more»

Top 10 Reasons Your Security Program Sucks and Why You Can’t Do Anything About It

(from Wordpress at 7-1-2010)

- The bad guys are more interested in attacking you then you are in defending yourself, at least they work longer hours. - Your security and operations teams hate each other, hell they don’t even speak the same language. - Your security vendor is lying to you and why shouldn’t they, you believe them. - The tools you use are ineffective (they don’t really work) and inefficient (they cost way too much), not to name any names but they go by the acronyms H-P or I-B-M or C-A or B-M-C.... read more»

Extradition of Gary McKinnon breaches Bill of Rights

(from Telegraph at 7-1-2010)

Geoffrey Robertson QC said the 1689 Bill of Rights, which was passed at the same time as the Glorious Revolution, specificially prohibited "cruel and unusual punishments". He said this would almost certainly apply to the case of Mr McKinnon, who is wanted in America to face charges of hacking into Pentagon and Nasa computers.... read more»

78th Military Operations Research (MORS) Symposium

(from Mors at 7-1-2010)

MORS Symposia are classified (up to SECRET//NOFORN), normally three days in duration, and represent all military services (uniformed and civilian), government agencies, contractors and academic institutions. The meeting typically includes concurrent special and working group sessions and tutorials. Special sessions consist of formally prepared papers or panels centered on a theme approved by the Board of Directors. Thirty-three working groups are provided for informal discussion and debate o... read more»

Norwich adds cyber security course

(from timesargus at 7-1-2010)

A start-up software company geared toward government and military cyber-security will be teaming up with students at Norwich University in an effort that could benefit both parties and maybe some day the public. The private military academy in Northfield, which has been an early leader in information and computer security, announced on Tuesday a collaboration with Adaptive Cyber Security Instruments, Inc.... read more»

Cyber Attack Simulation Planned Next Month

(from Information Week at 7-1-2010)

A financial services industry group is planning to simulate a series of cyber attacks to test how well banks, payment processors and retailers deal with online threats. The Financial Services Information Sharing and Analysis Center (FS-ISAC), a group formed in response to a 1998 Presidential security directive, on Tuesday invited financial institutions, retailers, card processors, and businesses of all sizes to participate in its Cyber Attack against Payment Processes (CAPP) Exercise.... read more»

Whistleblower Web Site Goes Dark, Seeks Fundin

(from FOXNews at 7-1-2010)

A Web site that for years has let anonymous whistleblowers break stories of corruption and government malfeasance has gone dark and is expected to remain offline until it finds funds to support its operations and fend off lawsuits. Investigators and governmental watchdogs say has been an invaluable tool for exposing corruption and releasing previously unseen documents.... read more»

Spear-Phishing Experiment Evades Big-Name Email Products

(from Dark Reading at 7-1-2010)

The researcher who conducted a successful spear-phishing experiment with a phony LinkedIn invitation from "Bill Gates" is about to reveal the email products and services that failed to filter the spoofed message -- and that list includes Microsoft Outlook 2007, Microsoft Exchange, Outlook Express, and Cisco IronPort. Joshua Perrymon, CEO of PacketFocus, had previously revealed that the iPhone, BlackBerry, and Palm Pre smartphones had all fallen victim to the spear-phishing exercise.... read more»

Fed watchdog barks at cloud security

(from The Register at 7-1-2010)

The US federal consumer protection watchdog is barking at security and privacy risks posed by cloud computing. With ever-more products and services asking users to upload personal and sensitive information to centralized online servers in the nebulous (but trendy) notion of "the cloud," the US Federal Trade Commission is pondering whether further steps are needed to protect consumer privacy.... read more»

Is Cyber Crime a Threat to Your Business?

(from PCWorld at 7-1-2010)

The need for protection against cyber crime is ever increasing, especially considering the volume of personally identifiable information (PII) and financial transactions which corporations and financial institutions manage on a daily basis. Moreover, cyber crime is often a transnational threat, creating even more difficulty for law enforcement to pursue cyber criminals. The added complexities of international inconsistencies with respect to laws pertaining to PII exacerbate the problem, and c... read more»

Security report finds rise in banking Trojans, adware, fewer viruses

(from SearchSecurity at 7-1-2010)

PandaLabs, the malware research arm of Panda Security, issued its 2009 annual report Tuesday, outlining the continued rise of more sophisticated forms of malware, including banking Trojans targeting account credentials that have far outpaced known viruses in the wild.... read more»

TSA document release show pitfalls of electronic redaction

(from ComputerWorld at 7-1-2010)

The inadvertent exposure of a sensitive Transportation Security Administration security manual last month serves as a sobering reminder about the pitfalls of trying to redact, or hide, electronic text. The lapse occurred when a contract employee posted the improperly redacted security manual -- which described TSA airport screening methods that are designed to thwart terrorists -- on a public Web site for federal procurements.... read more»

Spooks in the Machine:How the Pentagon Should Fight Cyber Spies

(from progressivefix at 7-1-2010)

In Washington, “cybersecurity” is a term that’s come to have a thousand meanings, and none at all. Any crime, prank, intelligence operation, or foreign-government attack involving a computer has become a “cyber threat.” Russian teenagers defacing Georgia’s websites, hackers eyeing the power grid, overseas powers embedding government microchips with malicious code – they all share equal billing as cyber foes. The vague definition muddies the debate about what the real dangers are, where the... read more»

Half Right is All Wrong - SMBs need to take this lesson to heart

(from Symantec at 7-1-2010)

When I worked at a small business the IT guy also took care of the phone system, assembled bookcases if needed, and occasionally worked the front desk when the receptionist was on break. In a small business everyone wears many hats and you often don’t really have the skills necessary to do everything asked of you all that well. Or if you do, you probably don’t have the time.... read more»

Card theft sentence may be appealed

(from Boston at 7-1-2010)

A software engineer who supplied a program that helped a ring of computer hackers steal credit card data from retailer TJX Cos. of Framingham is considering appealing his prison sentence, his lawyer said yesterday. Stephen Watt was sentenced Dec. 28 by a federal judge in Boston to two years in prison and three years of supervised release and ordered to pay restitution to TJX of as much as $171.5 million.... read more»

‘Herald’ editor upset over hacking

(from The Star at 7-1-2010)

The Herald has been hacked three times after a landmark High Court decision in what editor Father Andrew Lawrence described as actions meant to create a climate of fear and perceived threat to national security. He lamented that no action had been taken by the authorities against the offenders although these tantamount to contempt of court and the website has also been inundated with “malicious profanities”.... read more»

Act to Strengthen Cybersecurity Actually Threatens Business and Freedoms

(from information-management at 7-1-2010)

Sometimes it’s hard to know whether Congress does the things it does to protect us or to make it appear that they are protecting us while actually doing nothing or, worse, hurting us. Given this lack of clarity, it is no small wonder that these legislators consistently garner abysmal approval ratings from the American public.... read more»

2020 Vision: You won't recognize the Internet in 10 years

(from ComputerWorld at 7-1-2010)

To borrow from John Lennon: Imagine there's no latency, no spam or phishing, a community of trust. Imagine all the people, able to get online. This is the kind of utopian network architecture that leading Internet engineers are dreaming about today. As they imagine the Internet of 2020, computer scientists across the country are starting from scratch and rethinking everything: from IP addresses to DNS to routing tables to Internet security in general. They're envisioning how the Internet m... read more»

Hackers polished their ploys in 2009

(from Dispatch at 7-1-2010)

Security experts describe the typical hacker of 2009 as more sophisticated, prolific and craftier than ever. If anything, criminals will be remembered by the sheer number of attacks they unleashed on the Web. Although the year didn't see many technological leaps in the techniques that hackers employ, the intruders continued to expand their reach to every corner of the Internet by leveraging social media, infiltrating trusted Web sites and crafting more-convincing and tailored scams.... read more»

Nigerian faces six charges for US plane plot

(from Sydney Morning Herald at 7-1-2010)

US officials have charged a Nigerian man with attempted murder and attempted use of a weapon of mass destruction after a botched attempt to bomb a passenger jet on Christmas Day. Umar Farouk Abdulmutallab, 23, was accused of boarding Northwest Flight 253 "carrying a concealed bomb" inside his clothing, according to court documents that detailed a total of six charges against him. "The bomb consisted of a device containing Pentaerythritol Tetranitrate (PETN), Triacetone Triperoxide (TATP) a... read more»

Collins Community Credit Union Card Holders Targeted in Phishing Scam

(from kcrg at 7-1-2010)

Police are urging Collins Community Credit Union card holders to ignore any automated phone calls telling them their cards have been deactivated. Confused customers started calling Collins Community Credit Union administrators last night saying that they had received a robo-call telling them that their debit and credit cards were no longer valid and that they would have to call a 1-800 number to reactivate their accounts... read more»

Feds to reduce authentication services

(from SecureComputing at 6-1-2010)

In search of a single sign-on for all Government services. Finance Minister Lindsay Tanner has announced that the Federal Government will rationalise the number of authentication services it uses to transact with businesses and individuals. Currently, Australians transact with agencies such as the Australian Tax Office, Centrelink or the Department of Health and Ageing using different credentials on different IT systems.... read more»

White House calls for regulators to increase wireless Internet access in U.S.

(from washingtonpost at 6-1-2010)

The Obama administration called Monday for federal regulators to provide more spectrum for wireless high-speed Internet services, saying mobile broadband would bring competition to DSL, cable and fiber broadband providers. In comments and a letter filed with the Federal Communications Commission, the White House's technology policy arm and the antitrust division of the Justice Department said that the current marketplace for broadband Internet services is not competitive enough and that wirel... read more»

Norwegian researchers hack into 'secure' quantum cryptography system

(from laserfocusworld at 6-1-2010)

In a paper presented at the 26th Chaos Communication Congress (On December 27 in Berlin, Germany), the Quantum Hacking group at the Norwegian University of Science and Technology (NTNU; Trondheim, Norway) described "How you can build an eavesdropper for a quantum cryptosystem." The group says that it has demonstrated the first experimental implementation of this eavesdropper for a quantum cryptosystem by exploiting physical imperfections of the single-photon detectors used in these systems.... read more»

Hackers raid school coffers for $3M

(from timesunion at 6-1-2010)

Over three days last month, about $3 million was drained by computer hackers from the bank account of the Duanesburg Central School District and deposited into overseas accounts. The cyber crime has prompted a joint probe into what banking and security officials say is a growing problem, underscoring the need for airtight internal controls.... read more»

How I Wasted 4 Hours with a Criminal Hacker

(from Finextra at 6-1-2010)

Lately I’ve been coming across “advertisements” posted on forums from criminal hackers looking to sell our stolen information. They are “carders” selling “dumps” and “fullz” I wrote about it HERE. Well I decided to make contact with one of them to see what the deal is. It turns out the one I connected with was less than forthcoming, but was very persistent and more than likely has and will continue to scam people. Here is the FIRST and SECOND postings set up by criminals that I’ve found this wee... read more»

Cyber Security: The Unhackable Cell Phone?

(from esecurityplanet at 6-1-2010)

The Israeli company invited hackers, cyber spooks, and industrial espionage geeks to try breaking its new Gold Lock 3G cell phone encryption system. Anyone who succeeds wins a cool quarter million dollars in gold ingots. The software, launched in mid-2009, is already used by the Israeli military to scramble field communications. South American moguls are using it to prevent kidnap gangs eavesdropping on their conversations. Life and death stuff. But Gold Lock 3G, which the company launched... read more»

FBI Investigating Theft of $500,000 from NY School District

(from KrebsonSecurity at 6-1-2010)

The FBI is investigating the theft of nearly a half million dollars from tiny Duanesburg Central School District in upstate New York, after cyber thieves tried to loot roughly $3.8 million from district online bank accounts last month.... read more»

2009 - Rise of The Bots

(from chaptersinwebsecurity at 6-1-2010)

First off, I'd like to wish a happy new year to everyone who's reading this. It's been a fascinating year in the evolution of black-hat hackers. Several security vendors compiled summary reports of 2009 information security incidents, such as McAfee. But you don't need to be an oracle, if you're in the infosec industry to see what's going on and how it could impact the near future.... read more»

Shock over deadly internet choking craze

(from nzherald at 6-1-2010)

Children are posting videos on the internet showing them choking other youngsters to the point of collapse, in a craze that doctors warn has led to brain damage and death. In one, a group of teenagers set out clear guidelines to the practice in an "instructional video", while in several others British voices can be heard. The problem has been increasingly acknowledged in the United States, Canada and France but campaigners warn that Britain is turning a blind eye. The craze is spreading on... read more»

HIPAA compliance manual: Training, audit and requirement checklist

(from TechTarget at 6-1-2010)

HIPAA compliance deadlines come and go, but compliance is forever. Whether you've met all the deadlines or you've fallen severely behind, this HIPAA compliance manual will act as a compliance checklist, offer advice and provide information on HIPAA compliance training, how to prepare for an audit, requirements and much more. This manual is full of HIPAA news, tips and expert advice that will help keep your enterprise on track.... read more»

Five security industry themes to watch in 2010

(from TechTarget at 6-1-2010)

The first decade of this millennium closed out as one of the weakest years economically. Tightening IT budgets at many enterprises forced some security firms to struggle; others closed their doors. The year was also marred with the largest data breach in history and several embarrassing social network attacks. Rather than releasing major security innovations, experts used 2009 to talk about cloud computing insecurities and the need to focus on security basics.... read more»

Panda finds 2009 a record-breaking malware year

(from scmagazineus at 6-1-2010)

Cybecriminals pumped out more malware in 2009 than they did in nearly 20 years, according to anti-virus vendor Panda Security. During 2009, PandaLabs, the anti-malware lab of Panda Security, identified 25 million new malware samples, according to Panda Security's Annual Malware Report, released Tuesday. Before 2009, PandaLabs had identified a total of 15 million pieces of malware in 19 years.... read more»

Hackers raid school coffers for $3M

(from timesunion at 6-1-2010)

Over three days last month, about $3 million was drained by computer hackers from the bank account of the Duanesburg Central School District and deposited into overseas accounts. The cyber crime has prompted a joint probe into what banking and security officials say is a growing problem, underscoring the need for airtight internal controls. Duanesburg Superintendent Christine Crowley said during a news conference Tuesday at Duanesburg Elementary that the discovery of the unauthorized electron... read more»

ID theft ringleader sentenced in Fresno

(from Fresnobee at 6-1-2010)

Alfred Darnell Ford will never get to finish building his dream home on a two-acre site east of Fresno. Instead, he will be moving into a federal prison to begin serving a 70-month sentence, issued Monday, for running a far-flung identity-theft ring that provided materials used in building the house.... read more»

4 Fla. Men Arrested In Pa. On ID Theft Charges

(from cbs4 at 6-1-2010)

Four Florida men have been charged with running a multistate identity theft operation out of a suburban Philadelphia motel room. Bensalem police say they recovered documents — including licenses and credit cards — listing the names of about 100 victims when they made the arrests Monday.... read more»

Forgetful gambler threatened to kill champion racehorse

(from NZ Herald at 6-1-2010)

FOR SELF-confessed gambling addict Andrew Rodgerson it must have seemed like the perfect way to make money from his vice. All Rodgerson had to do was place the bets when he was told to and the cash would roll in, earning a tidy sum for his clients as well as a wedge for himself. And roll in they did - until he made the ultimate error. Busy with his day job as a travel agent, the 26-year-old forgot to place a bet. Rodgerson followed this up with an email claiming that he had overheard m... read more»

World Cup Cybercrime 2010

(from Irishdev at 6-1-2010)

1. Social engineering attacks will continue to predominate, while attacks based on operating system vulnerabilities will continue to decline as more people move to more secure operating systems. 2. Hot topical issues such as public holidays, current news items (real or fabricated), high-profile events such as the World Cup, and persistent preoccupations such as the national and global economy will be used as hooks on which to hang social engineering attacks.... read more»

UAE to create cybercrime courts

(from Gulfnews at 6-1-2010)

The UAE has launched a major reform of its court system to cope with the growth of the internet and the rising global investment in the country. A ministerial resolution was taken to create special courts specifically dedicated to cybercrimes, it was announced on Monday.... read more»

Stop making it so easy to be attacked online

(from ComputerWorld at 6-1-2010)

Simplifying, beautifying, and streamlining our lives leads to significant security risk. For most of us, having pictures come up automatically when browsing the Web is standard. Getting e-mail in HTML format is normal, and setting our phones to automatically sync up with Wi-Fi and Bluetooth is natural. After all, these are technical innovations that allow our electronic lives to be beautified and streamlined so we'd be crazy not to use them.... read more»

Internet hackers victimize 2 OFWs in Italy

(from Abs-CbnNews at 6-1-2010)

Two overseas Filipinos based in Rome warned OFW internet users from falling prey to scammers who would use their personal e-mail accounts to con their friends. Annaliza Bueno Magsino and Ric Rosales advised fellow Filipinos abroad to be extra careful when using the internet.... read more»

Trojan Threats Ruled Roost in December

(from EWeek at 6-1-2010)

Trojan attacks once again led the way in terms of the sheer volume of threats tracked by security researchers during the month of December. According to experts with Sunbelt Software, based on their month-long scanning efforts, the mix of attacks seen over the course of Dec. 2009 was very similar to what was observed during November. In both cases, Trojan threats led the way and accounted for almost 20 percent of all the malware activity detected by the company's filters. Trojans specifica... read more»

Internet, broadband, and cell phone statistics

(from PewInternet at 6-1-2010)

In a national survey between November 30 and December 27, 2009, we find: 74% of American adults (ages 18 and older) use the internet -- a slight drop from our survey in April 2009, which did not include Spanish interviews. At that time we found that 79% of English-speaking adults use the internet. 60% of American adults use broadband connections at home – a drop that is within the margin of error from 63% in April 2009. 55% of American adults connect to the internet wirelessly, either t... read more»

National Rail website buried ahead of snow storm

(from The Register at 6-1-2010)

Commuters desperate to avoid spending the night in a railway station or being eaten by their snow-bound fellow commuters were left none the wiser if they went to the National Rail website this afternoon. The site, operated by the Association of Train Operating Companies, is a clearing house for train service information in the UK."The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later," the site cheerily told traveller... read more»

2010’s Top Internet Security Outlook

(from ca at 6-1-2010)

In 2009, we have seen organized cyber criminal activities flourish its capabilities and attacks. Among the most notable are: • Rogue or Fake Security Software successfully scammed users: Rogue security software, which is software that poses as legitimate Internet security software but is actually malware, has experienced a significant surge in popularity.... read more»

NSI's 25th annual IMPACT 2010 Conference

(from at 6-1-2010)

NSI's annual IMPACT conference is essential for government and contractor security directors and managers responsible for protecting classified and sensitive information assets from a growing array of threats posed by espionage, terrorism, computer crime and information warfare. Topics Include: Economic espionage Insider threats Cyber terrorism China cyberspies AIS security etc.... read more»

FTC set to examine cloud computing

(from The Hill at 6-1-2010)

The Federal Trade Commission (FTC) is investigating the privacy and security implications of cloud computing, according to a recent filing with the Federal Communications Commission. The FTC, which shares jurisdiction over broadband issues, says it recognizes the potential cost-savings cloud computing can provide. "However, the storage of data on remote computers may also raise privacy and security concerns for consumers," wrote David Vladeck, who helms the FTC's Consumer Protection Bureau.... read more»

Is Web 2.0 suicide painless? - delete your online presence and is irrevocable

(from Sophos at 6-1-2010)

A website called the Web 2.0 Suicide Machine has been making headlines after it offered internet users a simple one-stop-shop for wiping their data off the likes of Facebook, MySpace, Twitter, or LinkedIn. Although it may have been created with honourable intentions - after all, there is plenty of evidence that far too many people are sharing far too much data willy-nilly via social networks online - the Web 2.0 Suicide Machine website has stirred up some controversy after it was announced th... read more»

EU Presidency Website Defaced

(from Softpedia at 6-1-2010)

Unidentified hackers have defaced the website of the European Union Presidency assumed by Spain at the beginning of this month. The picture of Jose Luis Rodriguez Zapatero, Spain's Prime Minister, was replaced with one depicting Mr. Bean, a world-renowned comedy character.... read more»

Exclusive: Documents found in mall parking lot

(from abclocal at 6-1-2010)

Hundreds of documents with personal information like social security numbers were found in the parking lot of a popular mall. The papers were just flying around for anyone to take. So who dumped them? And was anyone's identity ripped off? The confidential papers were found by a man at the Palisades Mall in Rockland County. To make it worse, and what really got the man angry, is that no one at the mall seemed interested in taking those documents back.... read more»

Gaps in standardisation related to resilience of communication networks

(from Enisa at 5-1-2010)

Resilience of communications networks is not currently being addressed by the key standards developing organizations (SDOs) other than as guidance for management processes. This report summarises and presents the following key elements: • the definition applied to resilience in the context of standardisation (section 1 and section 4); • the identification and presentation of the major activities undertaken in the SDOs in either security or architecture that have a focus on resilience (sect... read more»

Anti-spam activities - Fighting SPAM - The 2009 Anti-Spam Measures Survey

(from Enisa at 5-1-2010)

ENISA is actively involved in providing accurate information on the current status of measures used by European providers to fight against spam. Surveys providing information and highlighting best practices are available and promoted in various international events. In 2009 ENISA launched an Anti-Spam Measures survey, asking e-mail service providers in Europe about the measures they take to combat spam in their networks. This survey provides a view of how the fight against spam has evolved si... read more»

2010 tech forecasts: What the accurate analysts predict

(from NetworkWorld at 5-1-2010)

A venerable New Year's tradition in the tech world entails trotting out year-old predictions by analyst shops and laughing at their off-base prognostications. But here's a surprise: The two biggest analyst firms still standing -- Gartner and IDC -- did a pretty good job a year ago forecasting the shape of IT in 2009, as did the smaller Forrester Research and 451 Group.... read more»

Real-Time FISMA Compliance Monitoring

(from govinfosecurity at 5-1-2010)

The E-Government Act, passed into law in December 2002, recognized that information security is essential to protect the nation's economic and national security interests. Title III of the E-Government Act, the Federal Information Security Management Act (FISMA), requires United States government agencies to develop, document and implement programs to protect the confidentiality, integrity and availability of IT systems. At the core of FISMA are NIST special publications 800-53 and 800-92. Th... read more»

SyScan'10 Call For Paper - Vietnam

(from syscan at 5-1-2010)

This year, SyScan'10 will be held in the 4 exciting cities of Singapore, Shanghai, Taipei and Ho chi Minh City (Vietnam). Details are as follows: SyScan'10 Ho Chi Minh City (Vietnam) date: 23 - 26 September 2010 TRAINING TOPICS SyScan’10 training topics will focus on the following areas: Web Applications Networks Securing Windows/Linux Systems Databases Storage Secure Programming/Development Cloud Computing Virtualization Malware Analysis Penetration Testing Exploit Develop... read more»

SyScan'10 Call For Paper - Taipei

(from syscan at 5-1-2010)

This year, SyScan'10 will be held in the 4 exciting cities of Singapore, Shanghai, Taipei and Ho chi Minh City (Vietnam). Details are as follows: SyScan'10 Taipei date: 19 - 22 August 2010 TRAINING TOPICS SyScan’10 training topics will focus on the following areas: Web Applications Networks Securing Windows/Linux Systems Databases Storage Secure Programming/Development Cloud Computing Virtualization Malware Analysis Penetration Testing Exploit Development Reverse Code Engi... read more»

SyScan'10 Call For Training - Shanghai

(from syscan at 5-1-2010)

This year, SyScan'10 will be held in the 4 exciting cities of Singapore, Shanghai, Taipei and Ho chi Minh City (Vietnam). Details are as follows: SyScan'10 Shanghai date: 8 - 11 July 2010 TRAINING TOPICS SyScan’10 training topics will focus on the following areas: Web Applications Networks Securing Windows/Linux Systems Databases Storage Secure Programming/Development Cloud Computing Virtualization Malware Analysis Penetration Testing Exploit Development Reverse Code Engin... read more»

SyScan'10 Call For Training - Singapore

(from syscan at 5-1-2010)

This year, SyScan'10 will be held in the 4 exciting cities of Singapore, Shanghai, Taipei and Ho chi Minh City (Vietnam). Details are as follows: SyScan'10 Singapore date: 15 - 18 June 2010 TRAINING TOPICS SyScan’10 training topics will focus on the following areas: Web Applications Networks Securing Windows/Linux Systems Databases Storage Secure Programming/Development Cloud Computing Virtualization Malware Analysis Penetration Testing Exploit Development Reverse Code Eng... read more»

Terena Networking Conference 2010

(from Terena Networking Conference at 5-1-2010)

TERENA conferences have been at the heart of developments in European research and education networking for more than two decades. Network and application experts, end-users and corporate partners gather there to share views and lend a hand in shaping the future of networking.... read more»

5th International Conference on ICT for Development , Education and Training

(from elearning-africa at 5-1-2010)

eLearning Africa 2010 – LEARN, SHARE, NETWORK eLearning Africa is delighted to announce that next year’s conference, the fifth in the highly successful series of pan-African gatherings, will take place in Zambia under the patronage of the Zambian Minister of Education, the Honourable Ms Dora Siliya.... read more»

High Level event on ICT for Energy Efficiency

(from Europa at 5-1-2010)

The second edition of the High Level event on ICT for Energy Efficiency is organised by the European Commission's Information Society and Media Directorate-General, in cooperation with the Spanish Presidency of the European Union. This event will take place on February 23rd and 24th 2010 in Brussels gathering policy makers and experts on the ICT for Energy Efficiency field through Conferences Projects' exhibition the Best ICT4EE Project Award Ceremony.... read more»

ICCC X - First International Conference on Computational Creativity

(from creative-systems at 5-1-2010)

The purpose of this conference is to facilitate the exchange of ideas on the topic of computational creativity in a cross-disciplinary setting. It will bring together people from AI, Cognitive Science and related areas such as Psychology, Philosophy and the Arts who research questions related to the notion of creativity as it relates to computational systems.... read more»

Facebook, Twitter to face more hacker attacks in 2010

(from defenceweb at 5-1-2010)

A US-based Web security firm says it expects social networking Web sites to face increased hacker attacks in the new year, but foresees overall progress in the fight against cybercrime. In its 2010 Threat Predictions report, issued this week, McAfee Labs said sites like Facebook and Twitter have given cybercriminals new technologies to work with and new centres of activity that can be exploited.... read more»

Twentieth Century Fox's 3D gamble pays off with billion dollar blockbuster

(from Guardian at 5-1-2010)

Copyright pirates may have met their match. The 3D technology used in recent Hollywood blockbusters such as Avatar has made it far harder to produce cheap knock-offs for sale on the black market. For Hollywood studios, a key advantage of 3D is that bootleggers cannot make copies using the simple method of sitting in a cinema with a furtive video camera. If they do, the image they get will be, at best, very blurred, with handheld technology befuddled by digital depth. "Ninety percent of p... read more»

Microsoft on high alert for Windows 7 security holes

(from Gcn at 5-1-2010)

Windows 7 has the potential to become a security target in 2010, according to researchers, although it's held up so far. Just days after Windows 7 was released to original equipment manufacturers and partners in July, a serious vulnerability was reported in the operating system. However, Microsoft released an early patch, and no serious issues were reported in 2009.... read more»

Facebook and Twitter threaten cyber security in 2010

(from itpro at 5-1-2010)

A new report from McAfee has predicted that social networking sites will be increasingly targeted by cyber criminals this year. Tech security specialist McAfee has predicted that popular social networking sites such as Facebook and Twitter will be major platforms for cyber crime throughout 2010.... read more»

Social networks will be crime 'hubs' in 2010

(from Webuser at 5-1-2010)

Security firm McAfee said that the ease of getting members of these sites to click on links seemingly sent by friends was likely to be key to cybercriminal tactics this year. All the criminals need to do is hijack an existing members' account and send out messages linking to compromised websites in order to spread infections.... read more»

The year 2010 is causing IT problems

(from h-online at 5-1-2010)

Following the 2010 bugs in SpamAssassin and problems in Germany with many cash point and credit cards, there have been even more reports about decade change bugs. For instance, consumers in Australia encountered problems when paying by (debit) card because a programming flaw caused shop terminals to assume that it was the year 2016 and that consequently the presented cards had expired.... read more»

China nabs 5,400 people for online pxxx in 2009

(from China Daily at 5-1-2010)

Chinese authorities caught nearly 5,400 suspects last year in a crackdown on online pornography and have vowed to strengthen Internet policing. In a statement late Thursday, the Ministry of Public Security said the "purification of the Internet" and fighting of online crime are closely tied to the country's stability.... read more»

Five things you need to do online in 2010

(from econsultancy at 5-1-2010)

If sorting out the corporate website is your ambition for 2010, it can be pretty difficult to know where to start and what to prioritise. After all, you’re bound to have a budget to stick to. So where should you start? Christmas indulgence is over and we’re all racing back to the office filled with positivity, enthusiasm and hopefully fading hangovers.... read more»

World Cup attracts cybercriminals

(from Cbronline at 5-1-2010)

The combination of hosting the football World Cup and new broadband capabilities make South Africa a likely target for malicious activity, Symantec believes. The security firm has noted that Internet threats increase dramatically when there is a major sporting event coupled with the introduction of new broadband capabilities. This year, South Africa hosts the World Cup and has added two new under-sea fibre-optic cables to double its broadband availability, making it a prime target for hackers... read more»

Mr Bean replaces Spanish PM on EU presidency site

(from BBC at 5-1-2010)

Visitors to Spain's EU presidency website have been greeted by an image of hapless fictional character Mr Bean instead of Spain's Socialist leader. An unidentified hacker briefly hijacked the site on Monday, replacing Prime Minister Jose Luis Rodriguez Zapatero with that of a bumbling comedy buffoon. In Spain, the similarity between Mr Zapatero and the Mr Bean actor Rowan Atkinson, is a long-standing joke. The government said the site itself,, had not been attacked.... read more»

Any other reports of decade change problems?

(from Internet Storm Center at 5-1-2010)

We are curious whether anyone else is seeing the sorts of issues like the one with Symantec we just reported. Have you seen problems with the change from 200* to 20**? UPDATE: Johannes mentioned that DShield actually had problems due to a regex on incoming logs looking for 200[0-9], to prevent ridiculously future dates being sent in. He ended up fixing it early in the morning on Jan 1.... read more»

WASC Threat Classification to OWASP Top Ten RC1 Mapping

(from Jeremiah Grossman at 5-1-2010)

With most of the work done by Bil Corry (@bilcorry), here is a solid first pass at creating a mapping between the newly released WASC's Threat Classification v2 and OWASP's Top Ten 2010 RC1. This should help those actively using one or both of use documents.... read more»

Tracking scammers, hackers and phishers

(from Swissinfo at 5-1-2010)

Internet crime – from paedophilia to data theft – is becoming increasingly present and ingenious, experts tell Swiss government officials are confronted every day with the reality of illegal Web use, including hardcore pornography, racism, the spread of harmful computer viruses and the misuse of personal data.... read more»

Small Businesses Should Conduct Online Banking from Dedicated Computers

(from Softpedia at 5-1-2010)

Following a flurry of incidents where hundreds of thousands of dollars have been siphoned from the bank accounts of small businesses and public institutions, the Federal Bureau of Investigation (FBI) and the American Bankers Association (ABA) advise using dedicated computers for online banking operations. This unusual security model should severely limit the exposure to malware threats for the PCs in question. The level of Automated Clearing House (ACH) transfers fraud rose significantly duri... read more»

2010 Outlook: Better Than 2009 and Moderately Wild

(from CIO at 5-1-2010)

"So," my esteemed editor asked. "What's on the horizon for the next 12 months?" Hmmm, quite the question. After considerable cogitation, charging and discharging of the flux capacitors, and examining more chicken entrails than a man should ever have to, I have come up with the following predictions.... read more»

Security Czar Highlights Insider Threats

(from businesscomputingworld at 5-1-2010)

Melissa Hathaway served as Senior Advisor to the Director of National Intelligence and Cyber Coordination Executive during the administration of President George W. Bush, and as Acting Senior Director for Cyberspace for the National Security Council during the administration of President Barack Obama.... read more»

Top 10 application security trends

(from Help Net Security at 5-1-2010)

The Denim Group has announced its guidance on the top application security trends for 2010. 1. Web mashup applications will result in new attack vectors 2. New data breaches will force organizations to focus on internal applications as well as external 3. Adoption of HTML 5 and other new technologies will cause developers to inadvertently build vulnerable applications 4. Resurgence of risk management... read more»

Boys in blue caught breaking IT rules

(from The Register at 5-1-2010)

Over 400 police officers and support staff were caught and disciplined for misuse of IT systems last year. The real figure could be higher because some forces declined to provide information. Apart from using work computers to access Facebook and smut sites, some officers and civilian workers were disciplined for inappropriate use of the police national computer.... read more»

Top Ten Must-Read DDanchev Posts For 2009

(from Dancho Danchev at 5-1-2010)

The following ten posts have been featured due to their insightful content, comprehensiveness of the topic covered, and due to plain simple exclusivity in the time of publishing, and not necessarily based on page views. Thank you for being a regular reader of my personal blog. Feel free to subscribe to my RSS feed, keep track of my posts at ZDNet's Zero Day, or follow me on Twitter.... read more»

Summarizing Zero Day's Posts for December

(from Dancho Danchev at 5-1-2010)

The following is a brief summary of all of my posts at ZDNet's Zero Day for December, 2009. You can also go through previous summaries, as well as subscribe to my personal RSS feed, Zero Day's main feed, or follow all of ZDNet's blogs on Twitter.... read more»

Top Ten Must-Read Posts at ZDNet's Zero Day for 2009

(from Dancho Danchev at 5-1-2010)

The end of the year naturally means a rush to come up with 'best of the best' top lists consisting of your finest content. However, based on personal observations, during the holidays season the short attention span of the average reader becomes even shorter with everyone looking forward to taking a well-deserved break. Therefore, the first working week of the new year appears to be the perfect moment to summarize some of my most insightful posts/analysis published at ZDNet's Zero Day for 2009.... read more»

Monthly Malware Statistics: December 2009

(from viruslist at 5-1-2010)

The first Top Twenty lists malicious programs, adware and potentially unwanted programs that were detected and neutralized when accessed for the first time, i.e. by the on-access scanner. Traditionally, the first Top Twenty is relatively stable and December was no exception. The appearance of three newcomers in sixth, tenth and eleventh places pushed a few other programs down the rankings. The exception was, which first entered the rankings last month, and which rose thre... read more»

CarioCodeCamp Conference 2010, 27th and 28th Feb 2010

(from cairocodecamp at 5-1-2010)

Hi All, It’s time for Cairo Code Camp 2010 , it will be in 27th and 28th Feb 2010. Cairo Code Camp All Benefits in one place, your join Benefit, your participation is a Benefit, your coming is the Greatest Benefits. Ø Top Tweeples Contest: dotnetwork will award the top 5 tweeples that will tweet the most about CairoCodeCamp. How to participate? Simple! Just add @CairoCodeCamp or #CairoCodeCamp in your tweet about the event, we'll publish it on hom... read more»

Episode 32 of the Who and Why Show: Community Services

(from YouTube at 4-1-2010)

In the 32nd episode of Team Cymru's 'The Who and Why Show', we detail the 20 services that we offer the community at absolutely no cost. Some you'll probably already know and use on a daily basis - but many may be new to you. From tools and templates through to feeds and portals, we explain the thinking and practicalities behind them all. See this weeks episode at at read more»

ENISA: Cloud Computing - Benefits, Risks and Recommendations for Information Security

(from govinfosecurity at 4-1-2010)

ENISA: Cloud Computing - Benefits, Risks and Recommendations for Information Security Report offers security pros and cons of cloud computing More Information: read more»

Adobe predicted as top 2010 hacker target

(from Itbusiness at 4-1-2010)

Adobe will overtake Microsoft as the primary target for hackers and virus writers in 2010, net-security firm McAfee predicts. Attacks targeting vulnerabilities in Acrobat Reader and Flash are already commonplace, driven in part by that software's widespread use. The often-tricky update process and lack of user awareness that apps as well as browsers and Windows need updating further compounds the problem of PDF-based malware - which McAfee reckons will only increase (this) year.... read more»

Adobe, social networking will be top targets for hackers in 2010

(from InfoWorld at 4-1-2010)

Adobe Systems' Flash and Acrobat Reader products will become the preferred targets for criminal hackers in 2010, surpassing Microsoft Office applications, a security vendor predicted last week. Cybercriminals have long picked on Microsoft products due to their popularity. In 2010, we anticipate Adobe software, especially Acrobat Reader and Flash, will take the top spot," security vendor McAfee said in its "2010 Threat Predictions" report.... read more»

Symantec issues South Africa cyber crime warning

(from v3 at 4-1-2010)

The next major global cyber security hub could be South Africa, as the country struggles to cope with the twin effects of rising broadband penetration and the World Cup tournament this summer, warned security giant Symantec. The firm said that South Africa risks creating a "perfect storm" for cyber criminals because of significant broadband infrastructure upgrades within the country, including links to two new undersea fibre-optic cables.... read more»

Apple resolved iPhone trademark conflict in China

(from ComputerWorld at 4-1-2010)

The company that owned the trademark "i-phone" in China yielded it to Apple, the Web site of China's trademark office shows, removing what could have become a legal roadblock for the similarly named iPhone there. Hanwang Technology, a Chinese maker of e-readers and other devices, applied for the i-phone trademark for mobile phones in China in 2004, when it also launched a handset by that name that it no longer sells.... read more»

Increase in P2P Malware Predicted for 2010

(from p2p-weblog at 4-1-2010)

Kaspersky Lab's 2010 cyberthreat forecast anticipates that malware writers will increasingly target P2P networks in the coming year. Kaspersky Lab said that it expects an increase in mass malware epidemics over P2P networks, writes Ars Technica's Jacqui Cheng. 2009 saw a series of mass malware epidemics that were not caused by, but supported by files that were spread over P2P networks.... read more»

Beware of Social Networks in 2010

(from Techtree at 4-1-2010)

McAfee Labs, in its latest report called "2010 Threat Predictions", said it foresees an increase in threats related to social networking sites, banking security, and botnets in 2010. With the ever growing footprint of social networking websites, McAfee says sites such as Facebook will face more sophisticated threats. The explosion of applications on Facebook and other services will be an ideal vector for cybercriminals, who will take advantage of friends trusting friends to click links they m... read more»

2010 predictions: Security

(from v3 at 4-1-2010)

The security landscape is a complex, multi-layered one that changes more subtly and indefinitely than the seasons. It is therefore hard to predict security trends with any degree of certainty. That said, by looking back at the security developments of the past year and talking to security experts, we believe we have come up with a list of key trends that any IT leader worth his or her salt would be wise to keep an eye out for in 2010.... read more»

Watch Out: Cyber Threats to Expect in 2010

(from abcnews at 4-1-2010)

The hubs for those snippets of communication -- Facebook, Twitter and other social networking sites -- will become major targets for cyber criminals, McAfee predicts. McAfee also warns that URL shorteners, like those used to accommodate Twitter's 140-character limit, make the cyber criminal's task even easier.... read more»

SecAppDev 2010 - February 22-26 2010 - Leuven, Belgium

(from SecAppDev at 4-1-2010)

SecAppDev 2010 will be held from February 22nd to February 26th 2010 in Groot Begijnhof, Leuven, Belgium. is a non-profit organization set up to increase security awareness in the developer community and promote secure software engineering practices. Katholieke Universiteit Leuven and Solvay Brussels School are partners. Since 2005, we have organized an annual secure application development course taught by world-leading instructors from academia and industry. ... read more»

Almost 16 million use same password for every website, study finds

(from Telegraph at 4-1-2010)

This could lead to money being stolen from bank accounts, fraudulent purchases via online shops or identity theft, according to life assistance company CPP. The average internet user is asked for a password by 23 websites a month. The research found 46 per cent of British internet users, 15.6 million, have the same password for most web-based accounts and five per cent, or 1.7 million, use the same password for every single website.... read more»

Wipe The Slate Clean For 2010, Commit Web 2.0 Suicide

(from TechCrunch at 4-1-2010)

Are you tired of living in public, sick of all the privacy theater the social networks are putting on, and just want to end it all online? Now you can wipe the slate clean with the Web 2.0 Suicide Machine. (Warning: This will really delete your online presence and is irrevocable). Just put in your credentials for Facebook, MySpace, Twitter, or LinkedIn and it will delete all your friends and messages, and change your username, password, and photo so that you cannot log back in.... read more»

Netflix Sued for "Largest Voluntary Privacy Breach To Date"

(from stewarttosh at 4-1-2010)

On December 17, 2009, a class action suit was filed against online movie rental giant, Netflix, Inc., in the United States District Court for the Northern District of California. Plaintiffs in the suit are claiming that Netflix has “perpetrated the largest voluntary privacy breach to date.”According to the Complaint, Netflix knowingly and voluntarily disclosed the sensitive and personal information of approximately 480,000 Netflix subscribers when Netflix provided participants in a contest initi... read more»

Data breaches affect million state residents

(from Boston at 4-1-2010)

One million Massachusetts residents - or 1 in 6 people - have had their credit card numbers, medical records, or other personal information leaked or stolen over the past two years, according to records provided to the Globe by state officials. Many thousands of the leaks were first reported between June and November - including confidential data on customers of Blue Cross Blue Shield of Massachusetts, Eastern Bank, JPMorgan Chase Bank, and other major institutions, documents released by stat... read more»

Security Predictions 2020

(from Chuvakin at 4-1-2010)

How impossible is it to predict anything in the field of information security? 10 years? Into the future? Still the purpose of this endeavor is not necessarily to “have everything right”, but to have fun in the process and to get people to think beyond the immediate tactical horizon in information security.... read more»

DSWD website defaced by hackers

(from techie at 3-1-2010)

‘Tis the season of hacking! A day after we reported the hacking of the Department of Health's website, another government agency's online home was defaced this morning. And this time, it's the Department of Social Welfare and Development's turn. The hackers placed on the DSWD home page an image of the Grim Reaper followed by a message in Indonesian. The message, when translated to English using Google's translation service, ironically called for hope for the coming year. Parts of the message ... read more»

Five security themes to watch in 2010

(from TechTarget at 3-1-2010)

The first decade of this millennium closed out with a lot of economic uncertainties. Tightening IT budgets at many enterprises forced some security firms to struggle; others closed their doors. The year was also marred with the largest data breach in history and embarrassing attacks on social networks. Rather than releasing major security innovations, experts used 2009 to talk about cloud computing insecurities and the need to focus on security basics.... read more»

Challenging times ahead for IT in 2010

(from at 3-1-2010)

There's little doubt that 2010 will be a tough year for those of us working in the IT industry. Economic times are hard, and there is a lot of uncertainty and change. As the president of BCS, The Chartered Institute for IT, I'm committed to ensuring that we continue to play a key role in supporting IT practitioners as they deal with the changing environment, both as individuals and within their organisations.... read more»

Researcher Uncovers Twitter, Google Calendar Security Vulnerabilities

(from EWeek at 3-1-2010)

A security researcher has uncovered vulnerabilities in Twitter and Google Calendar that could put users at risk. In a proof-of-concept, researcher Nir Goldshlager demonstrated cross-site scripting (XSS) vulnerabilities in Google Calendar and Twitter that he said could be used to steal cookies and session IDs. He also uncovered an HTML injection issue affecting Google Calendar as well that he said could be used to redirect a victim to an attack site anytime the user viewed his or her Google Ca... read more»

Computer security firm lists cyber threats of 2010

(from DNAIndia at 3-1-2010)

A computer security firm has advised PC owners to keep their computer safe from new security threats in the new year. The experts revealed that the way people use the Internet and their computers has evolved significantly and so have the cyber criminals. They have changed their tactics accordingly.... read more»

New Zealand Cyber Spies Win New Powers

(from Slashdot at 3-1-2010)

New cyber-monitoring measures have been quietly introduced in New Zealand giving police and Security Intelligence Service officers the power to monitor all aspects of someone's online life. The measures are the largest expansion of police and SIS surveillance capabilities for decades, and mean that all mobile calls and texts, email, internet surfing and online shopping, chatting and social networking can be monitored anywhere in New Zealand... read more»

Google Sets Censorship Precedent In India

(from Slashdot at 3-1-2010)

"Censorship varies from country to country but India, home to a sixth of the world's population, appears to be shaping up much like China. Not far behind everyone else, Google has increasingly censored websites with an incident where a very popular politician died and Google forcibly deleted and dissolved a group on Orkut where offensive comments about the Chief Minister of Andhra Pradesh were posted.... read more»

Van Morrison blames website hackers for baby rumours

(from Sophos at 3-1-2010)

Legendary Irish singer-songwriter Van Morrison was widely reported earlier this week to have become a father again at the age of 64, with American producer Gigi Lee. George Ivan Morrison III was said to have been the "spitting image" of his father - at least according to a statement on the official website of the grumpy curmudgeon who has delighted music lovers for decades with songs like "Moondance", "Tupelo Honey" and "Gloria". However, the truth may be rather different.... read more»

NZ's cyber spies win new powers

(from Stuff at 3-1-2010)

New cyber-monitoring measures have been quietly introduced giving police and Security Intelligence Service officers the power to monitor all aspects of someone's online life. The measures are the largest expansion of police and SIS surveillance capabilities for decades, and mean that all mobile calls and texts, email, internet surfing and online shopping, chatting and social networking can be monitored anywhere in New Zealand.... read more»

Kaspersky predicts more iPhone, Android attacks in 2010

(from Abs-CbnNews at 2-1-2010)

An anti-virus company on Saturday warned users of an increase in attacks on iPhone and Google's Android phone in 2010. 2010 promises to be a difficult time for iPhone and Android users, Kaspersky Lab said in a statement on its predictions on malware attacks in 2010.... read more»

Top 10 Security Challenges For 2010

(from informationweek at 2-1-2010)

1. Spam, Scams Go Social And Realtime 2. Crime Cloud 3. Hijacking Trusted Sites For Malware 4. Macs (Finally) Compromised In Significant Numbers 5. More Poisoned Search Results, Malvertising 6. Bots, Bots, And More Bots 7. Piracy Gets Riskier 8. Mobile Security Becomes Real Issue 9. A Major Insider Theft Scandal Will Surface 10. Clickjacking Strikes Back... read more»

Facebook and Twitter to face emerging threats in 2010, says McAfee

(from TechShout at 2-1-2010)

Sites like Facebook, Twitter and third-party applications hosted by them render cybercriminals fresh new technologies to work with on hotspots of activity carried on by trusting users. Apart from getting opportunities to trick people into clicking on malicious links, utilization of shortened URLs on websites like Twitter lets cybercriminals achieve the same ends too. McAfee Labs claims that these malevolent methods will be implemented ever more across networking sites as the year unfolds.... read more»

Facebook: 5 Predictions for 2010

(from Mashable at 2-1-2010)

1. Facebook’s Future Started With FriendFeed 2. Facebook Is Committed to Real-Time 3. Facebook Is Integrating With the Rest of the Web 4. Facebook Is Adapting to New Regions 5. Facebook Is Considering Virtual Currency... read more»

The WASC Threat Classification v2.0 Released

(from WebAppSec at 2-1-2010)

The WASC Threat Classification is a cooperative effort to clarify and organize the threats to the security of a web site. The members of the Web Application Security Consortium have created this project to develop and promote industry standard terminology for describing these issues. Application developers, security professionals, software vendors, and compliance auditors will have the ability to access a consistent language and definitions for web security related issues. The Web Application... read more»

9 most popular of 2009

(from hackaday at 2-1-2010)

1. Simple Xbox 360 rapid fire mod 2. BackTrack 4 Beta released 3. PSP 3000 firmware 5.03 hacked 4. Black Hat 2009: Parking meter hacking 5. How-to: USB remote control receiver 6. PSP 3000 hacked 7. Pandora’s battery (unbrick your PSP) 8. Nintendo DS homebrew guide 9. SheevaPlug, tiny linux server... read more»

Black Hat Europe 2010, Apr 12 - 15, Barcelona, Spain

(from Blackhat at 2-1-2010)

The Black Hat Briefings have become the biggest and the most important security conference series in the world by sticking to our core value: serving the information security community by delivering timely, actionable security information in a friendly, vendor-neutral environment. This site is a portal intended to provide users with current, useful and relevant information resources regarding the upcoming Black Hat Europe 2010 conference.... read more»

Black Hat DC 2010, Jan 31 - Feb 3, Hyatt Regency Crystal City, Arlington, VA

(from Blackhat at 2-1-2010)

The Black Hat Briefings have become the biggest and the most important security conference series in the world by sticking to our core value: serving the information security community by delivering timely, actionable security information in a friendly, vendor-neutral environment. This site is a portal intended to provide users with current, useful and relevant information resources regarding the upcoming Black Hat DC 2010 conference.... read more»

Wenatchee man charged with cyberstalking

(from TMC Net at 2-1-2010)

A 29-year-old Wenatchee man has been charged with cyberstalking for allegedly sending threatening messages through a Facebook account. Jeramie P. Palmer was charged Dec. 7 in Chelan County Superior Court with three counts of felony cyberstalking. Under state law, cyberstalking is using electronic communication to threaten to injure or to kill someone. According to court documents, Wenatchee Police began investigating a possible harassment case on Nov. 20, after an Idaho man said he received t... read more»

Cyber bullies reign in South Korea

(from Los Angeles Times at 2-1-2010)

When German-born fashion journalist Vera Hohleiter poked fun in print at the smell of kimchi and the short skirts of South Korean women, the cyber response was swift and nasty. Incensed Seoul Internet users flooded her blog with insults, calling her a racist and a Nazi, and demanded that she leave their country immediately.Hohleiter is among the latest victims of South Korea's combative and often destructive Internet phenomenon -- personal cyber attacks. In recent years, celebrities, authors ... read more»

Parallels Summit 2010, February 22 - February 24, 2010, Fontainebleau Resort Miami

(from Parallels at 1-1-2010)

Come join us on February 22-24, 2010 for our 5th annual Summit in Miami, Florida to meet with your industry peers and form new alliances to build better Cloud Services based businesses. The Parallels Summit has become the premier conference for industry leaders to discuss how to drive innovation, create differentiated service offerings, and build businesses that profit from the Cloud. At the Parallels Summit, you will learn how to leverage Parallels technology to enable new Cloud Services, as... read more»

O'Reilly Where 2.0 2010, March 30 - April 01, 2010, San Jose Marriott in San Jose, CA

(from Oreilly at 1-1-2010)

Now in its sixth year, Where 2.0 is one of the world's foremost events dedicated to exploring the emerging technologies in the geospatial industry. At Where 2.0, we expose the tools pushing the boundaries of the location frontier, track the emergence of new business models and services, and examine new sources of data and the platforms for collecting them. Happening March 30-April 1, 2010 at the San Jose Marriott in San Jose, California, Where 2.0 brings together the people, projects, and iss... read more»

Web Hosting Year in Review: Spam, Scams and Malware

(from thewhir at 1-1-2010)

Last year's take down of notorious spam host McColo was arguably the defining moment in online justice for the year. Heartening for the online community and those fighting malware and the proliferation of spam, McColo's demise offered only a short reprise from online threats. This year, new threats took the place of many of fading botnets such as Storm, and they are approaching their predecessors' ability to disrupt and scam. Cutwail, for instance, sends a wide variety of spam, including pha... read more»

Tech Insight: After The Holidays, It's Time To Re-Examine Smartphone Policies

(from DarkReading at 1-1-2010)

New toys, like iPhones, BlackBerrys, and the new Motorola Droid, give us around-the-clock connectivity that comes at a price not only to employees' personal time, but also to enterprise information security; just look at the recent attacks against "jailbroken" iPhones to steal personal data. President Barack Obama's addiction to his BlackBerry is a testament to the need of today's society to have within reach the means to check e-mail, send text messages, and browse the Web.... read more»

Net Privacy 2010: How Far Will the Needle Move

(from esecurityplanet at 1-1-2010)

For consumer groups that concern themselves with Internet privacy, the efforts to press policymakers to enact regulations or pass laws setting boundaries for collecting data online recall the plight of the long-suffering Brooklyn Dodgers fan: "Wait 'til next year" serves as a fitting mantra for both. So 2009 came and went with little movement on the privacy front, but advocates are looking ahead to 2010 with high hopes that this year, finally, will be their year.... read more»

Top security predictions for 2010

(from InfoWorld at 1-1-2010)

1. Security funding increases by more than 10 percent to recover from a year of cuts. 2. Congress creates new regulatory compliance mandates. 3. Self-propagating mobile phone worms and Trojans. 4. Cloud computing providers introduce encryption-at-rest and other security capabilities "as a service". 5. Security in the cloud expands with new services. 6. Desktop virtualization grows. 7. The FBI issues tens of thousands of security letters to get records on individuals without warrants.... read more»

2010's Top Security Threats: Facebook, Twitter, and iPhone Apps

(from PCWorld at 1-1-2010)

2010 will see increasing security threats to users of social networking and media sites such as Facebook and Twitter, a security vendor predicted. In 2009 we saw increased attacks on websites, exploit cocktails thrown at unsuspecting users, infrastructure failure via natural and unnatural causes, and friendly fire become a larger problem than ever. With Facebook reaching more than 350 million users, we expect that 2010 will take these trends to new heights, security vendor McAfee said in its ... read more»

Expect new, evolving computer viruses in 2010

(from at 1-1-2010)

McAfee is becoming the Nostradamus of the antivirus software world. This week, the Santa Clara, Calif., firm came out with its 2010 threat predictions report. Among the dire predictions — cybercriminals will target social networking sites and third-party applications and use more complex Trojans and botnets to build and execute attacks, according to McAfee Labs. Still, McAfee Labs also predicts 2010 will be a good year for law enforcement’s fight against cybercrime.... read more»

Materials, 26th Chaos Communication Congress (26C3)

(from okamalo at 1-1-2010)

26th Chaos Communication Congress (26C3) was the last conference on 2009, here is the mp4 video sessions ( torrent) More Information: read more»

Miracle on Thirty-Hack Street

(from ethicalhacker at 1-1-2010)

Merry Christmas, challenge fans! As you know, my friends and I write several challenges per year for But, we've made it a bit of a tradition around here of reserving the December challenge slot for me, an honor which I sincerely appreciate. During past holiday seasons, you got to tangle with the Grinch, Rudolph, that Messy Marvin kid, Frosty, and even Santa himself.... read more»

Computer hackers step up attacks in 2010

(from SkyNews at 1-1-2010)

Social networks have been warned to expect more sophisticated hacker attempts in the New Year. Web security firm McAfee Labs says law enforcement is being bolstered in a bid to better protect computer users. Facebook applications have been ear marked as the most vulnerable ports that cyber criminals will target.... read more»

Security issues to fear in the New Year

(from Government Computer News at 1-1-2010)

This is the season for top, best and worst lists, so it is appropriate to bring you a list of the things that are likely to be keeping you awake nights throughout the coming year. Predictions are risky, however, so in order to spread the risk (and the blame) I have searched for some consensus in what the deep thinkers at some of the large IT and security organizations are worried about.... read more»

Whoops! F.C.C. Chairman Spams Facebook Friends

(from The New York Times at 1-1-2010)

Facebook scam artists have closed out 2009 by snagging a prominent victim: Julius Genachowski, chairman of the Federal Communications Commission. On Friday at around 10:30 a.m., Mr. Genachowski sent his Facebook friends this puzzling message: “Adam got me started making money with this.” It was followed by a link to a Web page that is no longer active. The message blitz indicated that Mr. Genachowski’s account had been taken over by a malicious program that was using it to send out spam.... read more»

Social Networks Facing More Sophisticated Attacks

(from Redorbit at 1-1-2010)

According to Web security company McAfee Labs, social networking sites will face an increase in complex and sophisticated hacks in 2010. With the fear of new attacks on the rise, law enforcement is expected to up its game on cyber crime as well. The increased use of applications found on Facebook and other services allows cyber criminals an easy way to attack users. They “will take advantage of friends trusting friends to click links they might otherwise treat cautiously,” McAfee said.... read more»

Virus Scanners for Virus Authors

(from KrebsonSecurity at 1-1-2010)

I have often recommended file-scanning services like VirusTotal and Jotti, which allow visitors to upload a suspicious file and scan it against dozens of commercial anti-virus tools. If a scan generates any virus alerts or red flags, the report produced by the scan is shared with all of the participating anti-virus makers so that those vendors can incorporate detection for the newly discovered malware into their products.... read more»

It’s Always the End of the World as We Know It

(from The New York Times at 1-1-2010)

IT seems so distant, 1999. Bill Clinton had survived impeachment, his popularity hardly dented, Sept. 11 was just another date and music fans were enjoying a young singer named Britney Spears. But there was a particular unease in the air. The so-called Y2K problem, the inability of computers to read dates beyond 1999 threatened to turn Jan. 1, 2000 into a nightmare.... read more»

China says 5,394 arrested in Internet pxxx crackdown

(from Reuters at 1-1-2010)

Chinese police arrested thousands in a drive against Internet pxxxography throughout 2009, officials said, vowing a deepening crackdown that critics say is being used to tighten overall censorship. The Chinese government has run a highly publicized campaign against what officials said were banned smutty and lewd pictures overwhelming the country's Internet and threatening the emotional health of children.... read more»

Hacker may have accessed EWU student information

(from The Seattle Times at 1-1-2010)

Eastern Washington University is trying to notify up to 130,000 current or former students whose names, Social Security numbers and dates of birth were on a computer network involved in a security breach. Administrators at Eastern said Thursday there was no evidence leading them to believe that anyone's personal information has been compromised. But the university is mailing notification letters to people whose personal data may have been exposed to allow them to take steps to protect themsel... read more»

Have a Happy New Year

(from Internet Storm Center at 1-1-2010)

I know in some parts of the world it's already 2010, so I'd like to take the time to wish you all a Happy New Year. Here's looking for a safer 2010, as the movement away from OS exploits and into client exploits gets hotter, I think this will be a busy year. For those of you celebrating or are going to celebrate, be safe.... read more»

The Decade’s 10 Most Dastardly Cybercrimes

(from Wired at 1-1-2010)

It was the decade of the mega-heist, when stolen credit card magstripe tracks became the pork bellies of a new underground marketplace, Eastern European hackers turned malware writing into an art, and a nasty new crop of purpose-driven computer worms struck dread in the heart of America. Now that the zero days are behind us, it’s time to reflect on the most ingenious, destructive or groundbreaking cybercrimes of the first 10 years of the new millennium.... read more»

Security Errors and Omissions by Organizations As We Enter 2010

(from SANS at 1-1-2010)

- The biggest oversight is failure to understand the impact of the malicious insider. - Failure to keep access control as a priority. - Not putting enough emphasis on endpoint security, especially in telework situations. - DNS Security is much more than DNSSEC. - Failure to stay abreast of the security vendor space.... read more»

Scientists writing foolproof computer security code

(from thaindian at 1-1-2010)

We often see websites asking us to key in wavy letters into a box to prevent computer robots from hacking into servers and databases. But these codes, which are becoming increasingly complex for an average person, are not immune to security breaches A project led by Danny Cohen-Or, computer science professor at the Tel Aviv University (TAU), shows how a new kind of video captcha code may be harder to outsmart. Captcha technology is intended to block spam e-mail and automated systems.... read more»

New captcha technique could foil robot hackers

(from TGDaily at 1-1-2010)

Scientists at Tel Aviv University are working on a new captcha technology which they reckon will be harder for robot hackers to bypass. The new synthesis technique generates pictures of 3-D objects like a running man or a flying airplane. This, says Cohen-Or, will allow security developers to generate an infinite number of moving 'emergence' images that will be virtually impossible for any computer algorithm to decode.... read more»

Disqus for ePayment News