Friday, January 22, 2010

Internet Security News through January 22nd





This Free IT-Security news feed was compiled and is provided by E-Secure-IT; the most comprehensive and complete Business Risk Management Intelligence Service and IT-Security Risk and Threat Early Warning Service available in the market today.  They offer a 30 day complimentary subscription. 



Visit them at www.e-secure-it.com or email more-info@e-secure-it.com for more information on their available services.




























































































































































































































































































































































































































China Pushes Back on Clinton's Internet Speech 
 (from InternetNews at 22-1-2010) 
 Chinese officials don't typically move at "Internet speed," but their response to Secretary of State Hillary Clinton's speech yesterday was, relatively speaking, lightning fast. Clinton had criticized China's censorship policies, among those of other countries. Though long-planned, Clinton's speech included references to the recent dust-up between Google (NASDAQ: GOOG) and China over the latter's censorship policies. Google said last week that it plans to stop adhering to the censorship polic... read more» 
   
 





 The cyber-gangsters' "weapons" and the state of Internet security 
 (from securecyber at 22-1-2010) 
 I wrote my first article about cyber crime related to Russian hackers. Writing an article about Chinese hackers (will be published soon) I had to explain why it's difficult to fight against them due to a wide range of tools, methods and existing vulnerability of operating systems and applications in addition to the specific political conditions in China. Since this material turned to more than 15-page information, I have decided to put it into a separate article. So, it's offered here.... read more» 
   
 





 Internet forum database 'hacked' 
 (from BBC at 22-1-2010) 
 Irish internet forum Boards.ie has reported an attack on its user database which could affect thousands of users. In a statement it confirmed that "an unauthorised source" from outside Ireland accessed its database server. It urged members who use the same username/email and password on other sites to change passwords.... read more» 
   
 





 FBI, Telecoms Teamed to Breach Wiretap Laws 
 (from Wired at 22-1-2010) 
 The FBI and telecom companies collaborated to routinely violate federal wiretapping laws for four years, as agents got access to reporters’ and citizens’ phone records using fake emergency declarations or simply asking for them. The Justice Department Inspector General’s internal audit, released Wednesday, harshly criticized how the Federal Bureau of Investigation’s Communications Analysis Unit — a counterterrorism section founded after 9/11 — relied on so-called “exigent” letters to get carr... read more» 
   
 





 U.S. puts companies on notice in China 
 (from CNet at 22-1-2010) 
 U.S. Internet companies might soon need to find a new strategy for dealing with China. In announcing that it is now U.S. policy to advocate a free and open Internet around the world, Secretary of State Hillary Rodham Clinton on Thursday essentially dared U.S. companies to follow Google's lead and put an end to their complicit censorship of Internet content. Google has said it will shut down its Chinese search engine if it can't find a way to offer an uncensored version under Chinese law, and ... read more» 
   
 





 Hacks of war - The spat between Google and the Chinese government 
 (from Computing at 22-1-2010) 
 Google’s threat to withdraw its services from China last week following evidence of attempted hacks on Chinese human rights activists’ Gmail accounts, highlights how cyberspace is increasingly becoming a geopolitical battleground. Google was quick to clarify that it could not be sure the attacks were state sponsored, but its threat to withdraw services from China unless internet censorship is stopped was a clear challenge to state authorities – and one the US was quick to echo.... read more» 
   
 





 Hundreds of US websites hacked 
 (from ComputerWorldUk at 22-1-2010) 
 Hackers have managed to deface several hundred websites hosted by Network Solutions, the company said. In a blog posting, the Internet service provider described the incident as a "limited attack on websites hosted on Network Solutions Unix servers." Several servers were hit and "intruders were able to get through by using a file inclusion technique," the blog post said.... read more» 
   
 





 University of Exeter shut down its network because of the attack of a virus 
 (from 2-viruses at 22-1-2010) 
 The entire network of the University of Exeter in England had to be shut down because of the virus infection the University had suffered on Monday. It is still not clear what kind of malware has done this damage but according to David Allen, Registrar and Deputy Chief Executive of the University, it came through computers running Microsoft Windows Vista Service Pack 2. The only solution they had was bringing the network offline until the virus will be isolated. Otherwise it could lead to destruc... read more» 
   
 





 More consumers now aware of forms of Internet fraud 
 (from SunStar at 22-1-2010) 
 CONSUMER awareness of phishing attacks has doubled between 2007 and 2009 but the number of consumers falling victim to these attacks increased six times during the same period, according to a global online survey released recently. RSA, the security division of leading information infrastructure technology developer EMC Corp., announced the results of its 2010 Global Online Consumer Security Survey.... read more» 
   
 





 First Internationalized Domain Names Near Completion 
 (from Earthweb at 22-1-2010) 
 The move towards a fully Internationalized Domain Name (IDN) system took a step forward today. ICANN, the Internet Corporation for Assigned Names and Numbers, has announced the first four countries that have completed a key milestone in the IDN process -- an effort to expand domain names to support non-Latin alphabets.... read more» 
   
 





 Mailbox Phishing Arrests 
 (from newschannel10 at 22-1-2010) 
 Four arrests are made in what could be just the beginning of more arrests in a mailbox phishing ring in Amarillo. Amarillo police tell us 25-year-old Austin Ketcher-Side and 25-year-old Samantha Siler are charged with fraudulent use of identifying information. 38-year-old Jane Leigh Standiford has been charged with fraudulent use of identifying information and possession of stolen checks. The fourth suspect, who's mug shot is not available is 48-year-old Jeffrey Stees. He's has been ... read more» 
   
 





 APWG Report: New Records for Phishing & Targeted Brands in Q3, as eCrime Expands Unchecked or Deterred 
 (from Yahoo at 22-1-2010) 
 The APWG’s Q3, 2009 Phishing Activity Trends Report reveals that eCrime syndicates are expanding conventional, email-based phishing campaigns and their target base, as the report returned record highs for the number of submitted phishing reports and the number of phishing websites detected - as well as a new record for the number of brands hijacked in phishing campaigns. Furthermore, eCrime syndicates employing rogue anti-malware programs have turned from mining personal financial data with t... read more» 
   
 





 City Health Workers’ Personal Information Stolen 
 (from nbc4i at 22-1-2010) 
 City health workers were notified Friday morning that their personal information had been stolen. According to Columbus Public Health Spokesman Jose Rodriguez, the department emailed employees Friday morning about the stolen information. Employees will be given a year of identity theft protection. Rodriguez said he could not say how the information was stolen, but that Columbus police are investigating.... read more» 
   
 





 Rising cybercrime rattles social networking world 
 (from thestandard at 22-1-2010) 
 The steady growth of Cybercrime, or crimes committed through the Internet, had an adverse effect among users of social networking sites particularly on the confidence and trust issues. RSA, the security division of EMC, recently announced the results of its 2010 Global Online Consumer Security Survey, which revealed that consumers are now more aware of phishing threats, but new attack methods duped six times as many in just two years.... read more» 
   
 





 OAS Secretary General Calls for Cooperation in Fight against Cybercrime 
 (from prnewschannel at 22-1-2010) 
 The Secretary General of the Organization of American States (OAS), José Miguel Insulza, today spoke at the inauguration of a two-day Inter-American meeting on cybercrime in which authorities and experts throughout the continent are to evaluate the progress reached in the fight against cybercrime, define new initiatives of cooperation and formulate recommendations on future actions.... read more» 
   
 





 DIY Cybercrime Kits could be causing more computer problems 
 (from kcbd at 22-1-2010) 
 A rise in the number of people with computer problems could be due to a new tool that helps would-be cyber-crooks steal your information. Do-It-yourself cybercrime kits have gained popularity on the Internet, and one local computer repairman says they could be behind an increase in his business.... read more» 
   
 





 Wikileaks and the Economics of Information Disclosure 
 (from Cisco at 22-1-2010) 
 Wikileaks.org is currently experimenting with the economics of information disclosure. As of January 21, the site was offline, soliciting donations that will assist its operators to continue to provide service. That service, of course, is the coordinated disclosure of secret information that once belonged to governments, corporations, and other organizations, and the subsequent efforts to ensure that this information remains public.... read more» 
   
 





 Microsoft dodges multi-million dollar WGA payout 
 (from The Register at 22-1-2010) 
 Microsoft has dodged a potentially-expensive legal fight after a case against Windows Genuine Advantage (WGA) was denied class-action status. This means lawyers cannot represent individuals as a group of defendants in the case, and that's likely a cost saver for Microsoft. Class-action status can push case costs and any final settlements into the multi-million-dollar range.... read more» 
   
 





 A Primer on Cyber Crime 
 (from securitydebrief at 22-1-2010) 
 Cyber crime is basically a commercial endeavor, designed to make money. The others are intended to gain advantage or cause mischief.Probably the category most widely understood is the theft of personal information. This could be credit card data or individual bank account information. These are harvested by several means. It could be that someone simply writes down your card information in a restaurant, or they could actually trick you into giving it to them with a fake e-mail from your bank... read more» 
   
 





 Apology after magistrates' details sent to prisoners 
 (from Independent at 22-1-2010) 
 The personal details of hundreds of magistrates were placed in the hands of convicted criminals in a data loss blunder, it was revealed today. A directory containing names, telephone numbers and email addresses of magistrates and court legal advisors in Norfolk was sent for printing in a prison workshop manned by inmates. The document, containing details of 400 magistrates and 26 legal advisors, was sent to HMP Standford Hill in Sheerness, Kent, at the beginning of the month.... read more» 
   
 





 Clinton urged to influence on countries restricting Internet use 
 (from nzherald at 22-1-2010) 
 Five United States senators are urging US Secretary of State Hillary Clinton to take more proactive steps in supporting organisations that promote 'Internet freedom' in countries such as Iran and China, where severe Internet restrictions are enforced. Republican Senator Sam Brownback of Kansas wrote a letter to Ms Clinton on behalf of the five senators, asking Ms Clinton to quickly spend the US$45 million (NZ$63 million) budgeted to support Internet freedom but has not been spent, reports New... read more» 
   
 





 Exploring a Java Bot: Part 3 
 (from Cisco at 22-1-2010) 
 Before we begin part 3 in this series, let’s review what we’ve covered so far. In the first post we learned how this bot was discovered and some basics about botnets. In the second post we covered botnet fundamentals like command and control (C&C) and various other capabilities. In this post we will examine some of the offensive features incorporated into a botnet designed to launch attacks and maintain control of hosts (aka victims). First we will discuss how botnets spread and then we will... read more» 
   
 





 Google softens stand on cyber attack 
 (from financialpost at 22-1-2010) 
 Google Inc. doesn't want to leave China. At least, not yet. One week after igniting an international political firestorm by raising the possibility of pulling out of the world's largest Internet market, Google Thursday reaffirmed its commitment to China, saying it continues to engage in discussions with the Chinese government and that its business in the country remains "unchanged."... read more» 
   
 





 Leading Web sites in China promise to fend off piracy 
 (from chinapost at 22-1-2010) 
 A total of 101 Web sites in China have signed a declaration promising to facilitate the protection of Internet-related intellectual property rights amid the country's stepped-up efforts to curb widespread piracy. In the declaration, these Web sites vowed to “insist on the principle of acquiring copyrights before release, not spreading non-licensed works” and adopting necessary techniques to prevent users from uploading films and TV programs that are being publicly screened or broadcast.... read more» 
   
 





 Europe's spam war hits stalemate 
 (from TechWorld at 22-1-2010) 
 Europe's ISPs are just about holding their own against the global spam barrage, a Europe-wide report has found. Put another way, things are not getting better, but are not getting any worse either. Judging from the 2009 ENISA (European Network and Information Security Agency) spam survey of ISPs across 27 EU states, ISPs spend substantial sums trapping spam before it gets to the end user, mainly because they have to to keep customers. Small providers spend at least 10,000 Euros ($14,100) figh... read more» 
   
 





 European Union Rejects US Demands on Body Scanners 
 (from EPIC at 22-1-2010) 
 EU President Alfredo Perez Rubalcaba announced today that European countries would not rush to install body scanners as the United States has urged. He said that there will first be studies to determine whether the devices "are effective, do not harm health, and do not violate privacy." The European countries have agreed that they will adopt a unified position on the body scanner proposal. European Minister Viviane Reding stated that "Europe's need for security cannot justify an invasion of ... read more» 
   
 





 25,000 Indian email ids found on hacker forums 
 (from mydigitalfc at 22-1-2010) 
 The last couple of years have seen criminals hacking websites to steal personal information for monetary gains. Now, security firm Trend Micro has come out with a report which said that there are about 25,000 Indian email addresses and passwords on different hacker forums on the internet.... read more» 
   
 





 Cybercrime: Time to face up to responsibilities 
 (from ZDNet at 22-1-2010) 
 The adoption of computers and the internet as a way of life and business has forever changed how our society works, yet little has been done to share the burden placed on the police. Traditional police forces, methods and skills are no longer fit for purpose to deal with an army of invisible cybercriminals who are bound by no borders, little jurisdiction and ever-evolving organisation. Equally, the police are not availed of the additional resources required to protect against the increase in ... read more» 
   
 





 China Says Clinton Remarks on Internet Censorship ‘Damage’ Ties 
 (from Businessweek at 22-1-2010) 
 China said remarks made by U.S. Secretary of State Hillary Clinton criticizing China’s censorship of the Internet were unjustified and damaged bilateral ties. In a speech in Washington yesterday, Clinton called on U.S. technology companies to resist censorship of the Internet and said perpetrators of cyber attacks such as those who targeted Google Inc. must face consequences. Clinton also said China’s Internet controls could harm the Asian nation’s development.... read more» 
   
 





 Salesmen Are Not My Friends - Cross selling is bad for computer users 
 (from Sophos at 22-1-2010) 
 I dislike salesmen. The look on their faces irks me when I can feel the dollars flicking in their eyes. I hate it when my car insurance company ask if i want to get home insurance as well. I do not like it when my credit card company tries to sell me a great new insurance product. In general, I hate to be a victim of cross selling. Eventually, I ended up with a useless machine that will not play my movies nor launch common applications. Cross selling is bad for computer users! Using Whois, I ... read more» 
   
 





 Clinton calls for China probe into Google cyberattacks 
 (from brisbanetimes at 22-1-2010) 
 US Secretary of State Hillary Clinton urged China to conduct a thorough probe into cyberattacks on Google and other US companies, pressing technology firms to resist Internet censorship. Without specifically mentioning China, Clinton said in a speech on Internet freedom at the Newseum here that countries and individuals who engage in cyberattacks should be punished.... read more» 
   
 





 Massachusetts Senate Race Spurs Malware Flurry 
 (from eSecurity Planet at 22-1-2010) 
 Many of the Internet users looking for the latest breaking news and analysis pertaining to the Republican Party's surprising victory in the Massachusetts Senate race this week have become the latest victims of cyber attackers and their increasingly sophisticated manipulation of search engine results. According to a blog entry penned by Kevin Haley, Symantec's Security Response group product manager, the much-discussed victory by GOP candidate Scott Brown over Democrat Martha Coakley has attra... read more» 
   
 





 MPAA and RIAA Seek Net Neutrality Copyright Loophole 
 (from Electronic Frontier Foundation at 22-1-2010) 
 Last week the MPAA and RIAA submitted their comments in the FCC's net neutrality proceeding. As anticipated in EFF's comments, the big media companies are pushing for a copyright loophole to net neutrality. They want to be able to pressure ISPs to block, interfere with, or otherwise discriminate against your perfectly lawful activities in the course of implementing online copyright enforcement measures. Of course, the MPAA and RIAA couch this in language intended to sound inoffensive. The RIA... read more» 
   
 





 Customs and Border Protection (CBP) First Production Documents 
 (from American Civil Liberties Union at 22-1-2010) 
 In response to the ACLU’s Freedom of Information Act lawsuit seeking documents about the government’s policy of searching travelers’ laptops and cell phones at U.S. border crossings without suspicion of wrongdoing, the government has released hundreds of pages of documents about the policy. The records reveal new information about how many devices have been searched, what happens to travelers’ files once they are in the government’s possession, and travelers’ complaints about how they are treate... read more» 
   
 





 Router glitch cripples California DMV network 
 (from CNet at 22-1-2010) 
 The California Department of Motor Vehicles department suffered a network outage on Thursday due to an equipment glitch, a state official said. A router switch malfunctioned, said Bill Maile, spokesman for Office of Technology Services for the state of California. "It's very rare," he said. "Our staff quickly diagnosed the problem and re-routed network traffic to restore connectivity." The network was down for about two hours and was restored at about 1:40 p.m. PST, according to Maile.... read more» 
   
 





 Web users still don’t select good passwords 
 (from SunbeltBlog at 22-1-2010) 
 Security firm Imperva of Redwood Shores, Calif., found a unique way to gage the quality of the passwords that Web users select: they analyzed the 32 million passwords in the unencrypted file of passwords that miscreants stole from the servers of RockYou.com in December and posted on the Internet.... read more» 
   
 





 Local woman's e-mail hacked 
 (from individual at 22-1-2010) 
 As she slept Tuesday night, Athens resident Mitzi Evans was hijacked. Her e-mail account, which she has through Google, was hacked and a fraudulent request for money was sent to her friends with the subject line "Please help." For more details : http://www.individual.com/storyrss.php?story=113385850&hash =daf206835360e220232d381dcdc7e601... read more» 
   
 





 Report from Europe: 95 percent of email is spam 
 (from SunbeltBlog at 22-1-2010) 
 The European Network and Information Security Agency (ENISA) has released a report that says 95 percent of all email is now spam. The report was based on surveying last year of email traffic by about 100 service providers in 30 countries.... read more» 
   
 





 ENISA 2009 spam survey - What Are the Measures Used by European Providers to Reduce the Amount of Spam Received by Their Customers? 
 (from European Network and Information Security Agency at 22-1-2010) 
 The European Network and Information Security Agency (ENISA) has been designated to aid in the development of resilient public eCommunications networks and services in the European Union through research, sharing of knowledge, stimulation of industry debate, and encouragement of collaboration between public and private sector bodies active in the field. Since email has become a critical part of the foundation of modern electronic communications for private citizens, governments, companies, and o... read more» 
   
 





 Microsoft calls for cloud security legislation 
 (from v3 at 22-1-2010) 
 Microsoft has called on the US government and the IT industry to take immediate steps to improve the security of cloud computing. Brad Smith, senior vice president and general counsel at Microsoft, told a Brookings Institution policy forum on Wednesday that businesses need more reassurance when moving data from on-premise infrastructures to private and public clouds.... read more» 
   
 





 Is the Recent Chinese Google Hack the most Serious Privacy Breach of the Year? 
 (from infosecisland at 22-1-2010) 
 Last week Google announced that it was the victim of a hack in China. Word of the attack spread quickly and the German, French and Australian governments issued warnings about using internet Explorer. I'm amazed that this incident has not received more commentary from the privacy and security communities. Is this not the most serious data privacy breach in a search engine’s history?... read more» 
   
 





 4 nations clear hurdle for non-Latin Internet name 
 (from mercurynews at 22-1-2010) 
 Egypt, Russia, Saudi Arabia and the United Arab Emirates are the first countries to win preliminary approval for Internet addresses written entirely in their native scripts. Since their creation in the 1980s, Internet domain names have been limited to the 26 characters in the Latin alphabet used in English, as well as 10 numerals and the hyphen. Technical tricks have been used to allow portions of the Internet address to use other scripts, but until now, the suffix had to use those 37 charact... read more» 
   
 





 Crunch: Australian cyber-defences still warming up 
 (from ITNews at 22-1-2010) 
 The Department of Defence has opened a new cyber security operations centre in Canberra that will monitor for threats of cyber attack. Defence Minister John Faulkner said the DSD had brought in 51 existing staff to work at the centre and expects that number to increase to 130 over the next five years.... read more» 
   
 





 Locating and managing the IS security function 
 (from Arstechnica at 22-1-2010) 
 On first consideration, you might think that putting the IS security function inside the security organization would be the logical choice in most cases, unless there are extenuating circumstances (like designing secure systems) where it makes sense to intentionally move it to another organization. After all, we’re talking about a security discipline—why wouldn’t we put it in the Security org chart? The answer has to do with how many security organizations have evolved. Let’s take a brief look. ... read more» 
   
 





 Government launches one-stop shop for data 
 (from News Distribution Service at 22-1-2010) 
 A major new website has been launched to the public which gives anyone who wants to use it unprecedented and free access to government data in one place. The site called data.gov.uk contains more than 2500 sets of data from across government. All of the data is non-personal and in a format that can be reused by any individual or business to create innovative new software tools, such as applications about house prices, local amenities and services, or access to local hospitals.... read more» 
   
 





 Kaspersky Lab issues 2010 cyberthreat forecast 
 (from tradearabia at 22-1-2010) 
 Kaspersky Lab, a leading developer of secure content management solutions, forecasts a shift in the types of attacks on users this year by cybercriminals. The company’s analysts see a shift from attacks via websites and applications, towards attacks originating from file sharing networks. In 2008, the company’s analysts forecast a rise in the number of global epidemics. Unfortunately, that forecast proved to be accurate: 2009 was dominated by sophisticated malicious programs with rootkit f... read more» 
   
 





 EFA: 500 websites to go dark next week 
 (from ITNews at 22-1-2010) 
 About 500 websites were expected to black out next week to protest the Federal Government's introduction of mandatory ISP-level filtering. Electronic Frontiers Australia spokesman Colin Jacobs said more websites were joining the action. High-profile participants in the online campaign would be revealed on Monday, he said. But internet forum site Whirlpool would not be one of them, said founder Simon Wright.... read more» 
   
 





 Network Solutions Customers Hit By Web Defacement 
 (from Information Week at 22-1-2010) 
 A small number of Network Solutions Web hosting customers over the weekend found that their Web sites had been defaced, the company acknowledged on Tuesday. In a blog post, Shashi Bellamkonda, director of social media for Networks Solution, explained that the attack was limited in scope and that it involved the inclusion of remote files atop legitimate Web sites.... read more» 
   
 





 UM reacts to possible breach of student Social Security numbers 
 (from Columbia Missourian at 22-1-2010) 
 About 100 people responded to an e-mail sent Tuesday afternoon notifying students that their Social Security numbers may have been visible in the envelope window of a tax form sent by the University of Missouri System, said Nikki Krawitz, UM vice president of finance and administration. More than 75,000 Form 1098-Ts were mailed at the end of last week. The four-campus system has no way of assessing how many envelopes displayed the numbers. Form 1098-T is an Internal Revenue Service form that ... read more» 
   
 





 IC3 includes identity theft in statistics 
 (from NetworkWorld at 22-1-2010) 
 Identity theft has been a major and growing problem in the United States for several years. The Privacy Rights Clearinghouse, a "nonprofit consumer organization with a two-part mission – consumer information and consumer advocacy" has an excellent survey page with pointers to years of published studies and point-form summaries of many of their findings. For example, they point to valuable research reports from Javelin Strategy & Research, where one can find dozens of reports on fraud (some c... read more» 
   
 





 Microsoft's top lawyer demands a cloud computing law 
 (from The Register at 22-1-2010) 
 Redmond's top legal mouthpiece Brad Smith is calling on US lawmakers to overhaul rules on cloud computing, just as the company ramps up its efforts to belatedly step on other vendors' toes in that marketplace. He asked Congress yesterday to legislate cloud computing, in a move to protect business and consumer information. Microsoft's top lawyer proposed a Cloud Computing Advancement Act in a speech at the Brookings Institute in Washington DC on Wednesday. He also penned an op ed piece for the... read more» 
   
 





 80 Percent of U.S. Government Websites Miss DNS Security Deadline 
 (from CIO at 22-1-2010) 
 Most U.S. federal agencies -- including the Department of Homeland Security -- have failed to comply with a Dec. 31, 2009, deadline to deploy new authentication mechanisms on their Web sites that would prevent hackers from hijacking Web traffic and redirecting it to bogus sites. Agencies were required to roll out an extra layer of security on their .gov Web sites under an Office of Management and Budget mandate issued in August 2008, although at least one expert calls that yearend deadline "... read more» 
   
 





 Preparing for future security threats, evolving malware 
 (from TechTarget at 22-1-2010) 
 In the past year, malware has evolved in five major areas: bots, rogue security software, generic spyware, targeted malware and attacks on mobile phones and smartphones. These threats have, in turn, allowed criminals to find new ways to monetize the unauthorized access they have been able to gain. In the last year, malware has incorporated better techniques for hiding and staying resident on new hosts, improving their communications and increasing users' concerns about identity theft and rel... read more» 
   
 





 Locating and managing the IS security function 
 (from Arstechnica at 22-1-2010) 
 Deciding that you need an Information Systems (IS) security function within your business is easy. Deciding where to put it and how to manage it isn’t nearly as straightforward. Security, IT, and even Engineering all bring value to the table, but they also bring their own unique priorities, biases, and politics. Let’s examine the variables, review some options, and offer some suggestions for where to put IS Security in your org chart.... read more» 
   
 





 Update : Web site defacement issue 
 (from networksolutions at 22-1-2010) 
 We apologize for the delay in the update and can assure you that our security team members have been working non-stop sleeplessly to get to the bottom of this issue. We have discovered the cause of a limited attack on websites hosted on Network Solutions Unix servers where a few hundred sites were affected. Hackers were able to add a file displaying illegitimate content on top of the customer website content. This was an issue on multiple servers and unknown intruders were able to get throug... read more» 
   
 





 Mystery Computer Virus Hits UK University 
 (from Softpedia at 22-1-2010) 
 The University of Exeter in South West of England experienced serious problems with its computer network earlier this week due to a virus outbreak. Systems running Microsoft Windows Vista with Service Pack 2 seem to have been particularly affected by the unnamed malware. The problems started on Monday when a computer virus was introduced onto the network. "Experience of dealing with data corrupting viruses elsewhere indicates that it is essential to shut down the network ASAP to avoid so many... read more» 
   
 





 RockYou hack reveals easy-to-crack passwords 
 (from The Register at 22-1-2010) 
 Analysis of the 32 million passwords recently exposed in the breach of social media application developer RockYou last month provides further proof that consumers routinely use easy to guess login credentials. Sensitive login credentials - stored in plain text - were left exposed because of a SQL injection bug in RockYou's website. RockYou admitted the breach, which applied to user password and email addresses for widgits it developed, and pledged to improve security in order to safeguard aga... read more» 
   
 





 'Preemptive Protection' Isn’t – If You’re Battling APT’s 
 (from Damballa at 22-1-2010) 
 The vast majority of Internet attacks – especially mass Internet botnets – are opportunistic attacks. The bad guys have a broad objective in mind along with a number of tools they specialize in and have a ceiling to the amount of effort they’re willing to expend. They will optimize a particular attack vector, select the preferred delivery method, and pound the Internet (and everyone on it) with that toolset until they’re acquired enough victims. So, while many of the attacks may appear to be “ta... read more» 
   
 





 Fraud losses 'cost the UK £30bn a year' 
 (from BBC at 22-1-2010) 
 Fraud - including scams, online theft, insurance cheats and tax fraud - costs the UK £30bn a year, according to an official estimate. The National Fraud Authority (NFA) has calculated the figure for the first time and said it equated to £621 per adult in the UK. Some 58% of fraud was in the public sector, at a cost of £17bn, it added. It said the losses were paid for through taxes and rising prices of products and services. Some 31% of losses came in the private sector, with the financial ser... read more» 
   
 





 Hillary Clinton calls on China to probe Google attack 
 (from BBC at 22-1-2010) 
 The US has called on Beijing to investigate the recent cyber attacks on Google that have prompted the search giant to threaten to leave China. Secretary of State Hillary Clinton said that companies such as Google should refuse to support "politically motivated censorship". She also said China along with Tunisia and Uzbekistan had boosted censorship. Google says hackers tried to infiltrate its software coding and the e-mail accounts of human rights activists.... read more» 
   
 





 Google attack puts spotlight on China's 'red' hackers 
 (from Reuters at 22-1-2010) 
 They are cloaked by pseudonyms and multiple addresses, but China's legions of hackers were thrust into the spotlight last week after Google said it suffered a sophisticated cyber-attack emanating from China. Google announced last week that a "sophisticated" attack coming from China resulted in the theft of its intellectual property. It cited the hacking episode, as well as censorship, as reasons it may leave China.Google did not specify how it knew the attacks came from China, or why it and a... read more» 
   
 





 If Your Password Is 123456, Just Make It HackMe 
 (from The New York Times at 22-1-2010) 
 Back at the dawn of the Web, the most popular account password was “12345.” Today, it’s one digit longer but hardly safer: “123456.”Despite all the reports of Internet security breaches over the years, including the recent attacks on Google’s e-mail service, many people have reacted to the break-ins with a shrug. According to a new analysis, one out of five Web users still decides to leave the digital equivalent of a key under the doormat: they choose a simple, easily guessed password like “... read more» 
   
 





 The FBI used faked terrorism emergencies to illegally obtain Americans' phone records: Report 
 (from NYDailyNews at 21-1-2010) 
 The FBI faked terrorism emergencies to illegally obtain more than 2,000 U.S. telephone records between 2002 and 2006, the Washington Post reported Tuesday. FBI general counsel Valerie Caproni told the Washington Post that the FBI technically violated the Electronic Communications Privacy Act when agents invoked nonexistent emergencies to collect records.... read more» 
   
 





 CCTV captures thief infecting firm with malware 
 (from SecureComputing at 21-1-2010) 
 South Australian Police are hunting a male who broke into a recruitment firm and spent three hours installing remote access software on one of its computers. The incident was captured on closed-circuit television. Detective Senior Sergeant Barry Blundell from the commercial and electronic crime branch told iTnews that the computer was seized by Police.... read more» 
   
 





 Scanner faults linked to 60,000 Go card trips 
 (from SecureComputing at 21-1-2010) 
 Queensland Shadow Transport Minister continued to attack the State's troubled Go transit smartcard system claiming 60,000 trips a week were hit by card scanner malfunctions. Fiona Simpson said "transport sources were reporting that 5 percent of commuters could be experiencing difficulties with the Go card."... read more» 
   
 





 Political hackers deface Network Solutions-hosted sites 
 (from scmagazineus at 21-1-2010) 
 Hackers recently defaced hundreds of websites hosted by Network Solutions, the company said Tuesday. The hackers were able to break into several of Network Solutions' servers and then display their illegitimate content on top of the actual content of victimized websites, Shashi Bellamkonda, head of social media and strategy for Network Solutions, told SCMagazineUS.com on Wednesday. The hacks appear to be politically motivated, Bellamkonda said. Hacked sites displayed an image that included... read more» 
   
 





 Support Staff survives data theft attempt 
 (from SecureComputing at 21-1-2010) 
 Recruiter speaks out after thief tries to put malware on computer. A recruiter hit by a thief attempting to install malware had fielded calls from government departments anxious for assurances that the business's IT systems were not breached. Support Staff Australasia's managing director Richard Gilham told iTnews he had assurances from police investigators and his IT team that the thief did not access its mainframe.... read more» 
   
 





 City staff's private info sent out with water bills 
 (from kval at 21-1-2010) 
 A list of the names and Social Security numbers of employees of the City of Oakridge was sent out with monthly water bills in this town of about 1,400 households. Don Hadley is one of the residents who got a little more than he bargained for with his most recent water bill. In the same envelope was the City's newsletter that Hadley says contained too much information. "It would be really concerning to me," he said. Printed on one side of the publication is a news article and a January 2... read more» 
   
 





 Mortgage Broker Who Dumped Consumer Records Settles FTC Charges 
 (from databreaches at 21-1-2010) 
 A mortgage broker who discarded consumers’ personal financial records in a publicly- accessible dumpster paid a $35,000 civil penalty to settle Federal Trade Commission charges. According to an FTC complaint filed in December 2008, the defendant improperly disposed of about 40 boxes of sensitive consumer records collected by companies he had owned, including tax returns, mortgage applications, bank statements, photocopies of credit cards and drivers’ licenses, and at least 230 credit reports.... read more» 
   
 





 Forgers got data from OSHA fine checks 
 (from StarTribune at 21-1-2010) 
 A potentially large check-fraud operation has been broken up by Minnesota investigators, exposing a ring that allegedly stole account information from checks that businesses submitted to the state Department of Labor and Industry to pay fines.... read more» 
   
 





 Preparing for future security threats, evolving malware 
 (from TechTarget at 21-1-2010) 
 In the past year, malware has evolved in five major areas: bots, rogue security software, generic spyware, targeted malware and attacks on mobile phones and smartphones. These threats have, in turn, allowed criminals to find new ways to monetize the unauthorized access they have been able to gain. In the last year, malware has incorporated better techniques for hiding and staying resident on new hosts, improving their communications and increasing users' concerns about identity theft and related... read more» 
   
 





 IT firms face cyber crime laws 
 (from nzherald at 21-1-2010) 
 New Zealand businesses will soon face laws forcing them to disclose any loss of personal information to cyber-criminals, says the head of the world's largest computer security company. Symantec president and chief executive Enrique Salem said it was inevitable this country would follow the United States and other jurisdictions that are forcing organisations to reveal when hackers have stolen personal or sensitive information they held electronically, or when it was lost.... read more» 
   
 





 2010 Web Application Security Predictions 
 (from tacticalwebappsec at 21-1-2010) 
 As we have seen from the previous sections, social networking types of web sites have fallen victim to web-based XSS/CSRF worms. It seems as though these types of web sites are a perfect testing ground for these types of attack mechanisms, however the attackers ideally want to migrate these attacks off to other types of web sites. We believe that attackers will utilize Web 2.0 features such as RSS feeds, AJAX and widgets to propagate malicious code on other web sites.... read more» 
   
 





 17-Year-Old Windows Flaw Found 
 (from SecurityProNews at 21-1-2010) 
 Tavis Ormandy, who works for Google, appears to have discovered the issue sometime towards the middle of last year, and - after giving Microsoft more than a fair amount of time to deal with it (he notified the company in June) - wrote about it yesterday. Apparently the fault lies with the Virtual DOS Machine, which comes with 32-bit versions of Windows for the sake of supporting 16-bit applications. And the problem amounts to a privilege escalation bug, which isn't the most benign thing in t... read more» 
   
 





 India suspects China behind cyber attack 
 (from chinapost at 21-1-2010) 
 Indian cyber sleuths detected an attempt to infiltrate the computers in the Prime Minister's Office (PMO) by hackers believed to be in China. Beijing says it had nothing to do with the intrusion. This is not the first time hackers have tried to attack Indian government computers, people with knowledge of the developments said.... read more» 
   
 





 Leading Chinese Search Engine Sues US Domain Registrar Over Hacking 
 (from maximumpc at 21-1-2010) 
 China's leading search engine Baidu has pinned the entire blame for the recent attack on its site on American domain registrar Register.com. The hackers, who identified themselves as the Iranian Cyber Army, had disrupted Baidu's services for hours on January 12. They diverted all traffic meant for Baidu.com – the Chinese site (Baidu.cn) wasn't affected – to a page maintained by them. Baidu has wasted little time in slamming Register.com with a lawsuit for "gross negligence" on the latter's pa... read more» 
   
 





 Chinese search engine Baidu sues US registrar 
 (from ComputerWorldUk at 21-1-2010) 
 Users had trouble accessing Baidu.com for several hours last week after the company's domain name server in the US was tampered with. The Iranian Cyber Army, the same group that took down Twitter last month, also appeared to be behind the attack on Baidu. Baidu's lawsuit, filed in a court in New York, seeks related damages and alleges "gross negligence" by Register.com led to the service disruption, Baidu said in a statement. Baidu only said Baidu.com was hit by the outage, and that mirror si... read more» 
   
 





 Tories: 'We will make new cyber security centre' 
 (from Silicon at 21-1-2010) 
 The Conservatives have revealed plans to establish a centre to counter online attacks against the UK. According to a Conservative policy paper on national security published on Friday, the party plans to create a Cyber Threat and Assessment Centre (CTAC) if elected.... read more» 
   
 





 Attacks on Google in China raise national security concerns 
 (from chicagotribune at 21-1-2010) 
 The scale and sophistication of the cyberattacks on Google Inc. and other large U.S. corporations by hackers in China is raising national security concerns that the country is escalating its industrial espionage efforts on the Internet. Although the U.S. focus has been primarily on protecting military and government secrets from cyberspying, a new battle is being waged in which corporate computers and the valuable intellectual property they hold have become as much a target of foreign governm... read more» 
   
 





 Keeping safe online: Big threats for 2010 
 (from nzherald at 21-1-2010) 
 Every year most of the security vendors' forecasts predict dramatic spikes in volumes of spam, phishing, botnet activity, and malware. And unfortunately, every year these predictions come true. While we'd prefer not to be sowing seeds of fear, uncertainty and doubt, the cyber criminals are succeeding on such a scale and making so much money, that each year they are able to invest in better and more automated ways to run their rapidly expanding and increasingly sophisticated operations.... read more» 
   
 





 VizSec 2010 - International Symposium on Visualization for Cyber Security, 14 Sept 2010, Ottawa, Canada 
 (from Viz Sec 2010 at 21-1-2010) 
 The International Symposium on Visualization for Cyber Security (VizSec) brings together researchers and practitioners in information visualization to provide opportunities for the two communities to collaborate and share insights about meeting security needs through visualization approaches. VizSec 2010 will be held on September 14th in Ottawa, Canada and is co-located with 11th International Symposium on Recent Advances in Intrusion Detection (RAID). This year our focus is on understanding ... read more» 
   
 





 China's Baidu sues US company over hack 
 (from nzherald at 21-1-2010) 
 China's most popular search engine, Baidu, is accusing its US-based domain name registry of negligence in a lawsuit over a hacking attack that temporarily blocked access to the site last week. Baidu said it has filed suit against Register.com in a New York court, seeking unspecified damages.... read more» 
   
 





 German government IE warning leads to spike in Firefox downloads 
 (from h-online at 21-1-2010) 
 Following a warning last Friday from the German Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik, BSI) concerning the security hole in Internet Explorer (IE), Mozilla has said that it has recorded a "huge increase" in the number of Firefox downloads in Germany. According to a post by Mozilla's Ken Kovash on the Mozilla Blog of Metrics, more than 300,000 downloads of the open source browser took place during the recent Friday to Monday period.... read more» 
   
 





 The 2010 ADFSL Conference on Digital Forensics, Security and Law, May 19-21, 2010, St. Paul, Minnesota, USA 
 (from Digital Forensics Conference at 21-1-2010) 
 Digital forensics is playing a more prominent role in law enforcement, network security, and information assurance. The field of study encompasses not just digital evidence, but also the areas of cyber law, sociology, and security to name a few. Its increasing importance is reflected in its growing role within crime investigations, civil cases and homeland security. An in-depth understanding of digital forensics is needed by college students who will be entering the various fields within tech... read more» 
   
 





 PRC Gov Responses to Hacking Allegations 
 (from The dark visitor at 21-1-2010) 
 July 26, 2004 In response to accusations that the Chinese government was involved in computer intrusions against ROK government agencies “Some media reports that the Chinese government might be behind the hacking incident are groundless” – Chinese Embassy in Seoul (no personal attribution) December 15, 2005 Response to SANS comments about China being involved in world wide hacking “Work units and individuals are not permitted to use the Internet to be engaged in illegal activities or comm... read more» 
   
 





 Drilling into web application flaws & HIPAA: the root of the issue 
 (from holisticinfosec at 21-1-2010) 
 I recently changed dentists, and after my fist visit (successful and pleasant) I soon received follow up email from Demandforce D3 on behalf of my new dentist. Said email pointed me to an application feature that included the ability to set my email preferences for future contact as well as additional functionality. I'll present the $64,000 questions right up front. My understanding of website HIPAA requirements adhere to the following statement from Einstein Medical: "Since practice web ... read more» 
   
 





 Exeter University Shutdown! 
 (from IT-Director at 21-1-2010) 
 It seems that the University of Exeter is currently in the middle of a major virus outbreak, which has led to their IT team shutting down the entire campus network, including their telephone system in an attempt to contain the problem.The attack appears to have started on Monday. The campus network was shutdown at around 2:00pm as a direct response to the threat. However, the problems seem to be continuing today (Wednesday). The university’s home page suggests that staff and students are only... read more» 
   
 





 China to Scan Text Messages to Spot ‘Unhealthy Content’ 
 (from The New York Times at 21-1-2010) 
 As the Chinese government expands what it calls a campaign against pornography, cellular companies in Beijing and Shanghai have been told to suspend text services to cellphone users who are found to have sent messages with “illegal or unhealthy content,” state-run news media reported Tuesday. China Mobile, one of the nation’s largest cellular providers, reported that text messages would automatically be scanned for “key words” provided by the police, according to China Daily, a state-controll... read more» 
   
 





 Over 350 website list released for increasing web traffic for free 
 (from einnews at 21-1-2010) 
 Internet Marketing Services reports that Press Release Submission is a great way to get free website traffic for websites. Until now, lists have consisted of non-working websites, websites which actually sell something but don't offer submissions mixed in with a few quality websites. Internet Marketing Services has researched thoroughly the marketplace and has created a quality list for all people to use for free to help anyone who has news of any kind to announce to the public.... read more» 
   
 





 Cloud network security concerns prompt Microsoft to propose new laws 
 (from MXLOGIC at 21-1-2010) 
 Microsoft's general counsel, Brad Smith, told an audience at the Brookings Institution today that the government should step in to regulate the emerging cloud computing industry and help protect businesses and consumers from fraud and abuse. Smith said that the results of a survey it conducted recently found that 58 percent of the general public and 86 percent of industry leaders were "excited" at the prospect of cloud computing solutions, but that 90 percent of all respondents had serious co... read more» 
   
 





 Web Access Is New Clinton Doctrine 
 (from Wall Street Journal at 21-1-2010) 
 The U.S. plans to make unrestricted access to the Internet a top foreign-policy priority, Secretary of State Hillary Clinton plans to announce Thursday. The announcement, which has been scheduled for weeks, comes in the wake of accusations last week that Chinese hackers penetrated Google Inc.'s computer networks. The attack, which also targeted Chinese dissidents, is the kind of issue Mrs. Clinton aims to address, said Alec Ross, a senior adviser.... read more» 
   
 





 Symantec bares 3 major security trends this year 
 (from MB at 21-1-2010) 
 Against a backdrop of seeing more than 200 million attacks on average every month, with at least 10.7 million of them being unique threats, Symantec security researchers cited three key security trends to watch in 2010.Topping the list is Social Networking Site Attacks. This will continue to be commonplace. 2009 was the year attacks against both social networking sites themselves and the users of those sites became standard practice for criminals. Such sites combine two factors that make for ... read more» 
   
 





 Google: Keep user data safe by letting us hoard it forever 
 (from The Register at 21-1-2010) 
 Google has sought to turn its China crisis to its advantage by arguing it demonstrates why it should be allowed to hang onto search logs indefinitely. Privacy supremo Peter Fleischer told ComputerWorld in an interview that, "The unprecedented hacking... and the threat of similar such attacks in the future emphasized the importance of internal analysis of logs."Fleischer also called for the creation of an EU panel featuring data protection and cyber security experts.... read more» 
   
 





 Fearing Hackers Who Leave No Trace 
 (from The New York Times at 21-1-2010) 
 The crown jewels of Google, Cisco Systems or any other technology company are the millions of lines of programming instructions, known as source code, that make its products run. If hackers could steal those key instructions and copy them, they could easily dull the company’s competitive edge in the marketplace.... read more» 
   
 





 Baidu Blames Domain Registrar for Security Breach 
 (from Softpedia at 21-1-2010) 
 Baidu, the company operating China's top Web search engine, is holding its domain registrar responsible for last week's security incident, resulting in downtime for its services. The Chinese firm filed a lawsuit in a New York court against U.S.-based Register.com. For several hours on January 12, users who accessed Baidu.com were greeted by a Web page displaying the Iranian flag and a message from a group identifying itself as the "Iranian Cyber Army." It was later determined that the website... read more» 
   
 





 Hundreds of Websites Hosted at Network Solutions Defaced 
 (from Softpedia at 21-1-2010) 
 Network Solutions announced that several hundred websites hosted on its infrastructure fell victim in a mass defacement attack during the past several days. Preliminary findings suggest that a remote file inclusion technique was used to compromise several of the company's Unix servers. Network Solutions is one of the top five Internet domain name registrars, managing around 6,5 million domains as of January 2009. Apart from its successful domain registration business, the company also offers ... read more» 
   
 





 Senior citizens’ benefits, cybercrime bills passed 
 (from MB.Com at 21-1-2010) 
 The Senate has passed on third and final reading a bill that seeks to expand the privileges of senior citizens and exempt them from the 12 percent Value-Added Tax (VAT), while the House of Representatives passed its version of the anti-cybercrime law seeking heavier penalties against computer and internet-related fraud, child pornography and cybersex. Senate Committee on Social Justice Chairperson Sen. Pilar Juliana “Pia” Cayetano expressed confidence Congress would pass Senate Bill 3561 or t... read more» 
   
 





 Internet Users Falling for More Scams Despite Growing Awareness 
 (from esecurityplanet at 21-1-2010) 
 Internet users are more educated and suspicious than ever before but, according to a survey conducted in October for storage software giant EMC's RSA security division, they're still falling victim to phishing scams at a higher rate than ever before. RSA's 2010 Global Online Consumer Security Survey, conducted by InfoSurv, asked 4,539 people to characterize their online behavior and their awareness of trojans, viruses, and sophisticated phishing scams that continue to plague Internet users.... read more» 
   
 





 Microsoft Security Bulletin Advance Notification for January 2010 
 (from Microsoft at 20-1-2010) 
 This is an advance notification of one out-of-band security bulletin that Microsoft is intending to release on January 21, 2010. The bulletin will be for Internet Explorer to address limited attacks against customers of Internet Explorer 6, as well as fixes for vulnerabilities rated Critical that are not currently under active attack. This bulletin advance notification will be replaced with the January bulletin summary on January 21, 2010. For more information about the bulletin advance notif... read more» 
   
 





 Verisign admits Adobe flaw not to blame in Google attack 
 (from ComputerWorldUk at 20-1-2010) 
 A vendor that earlier this week claimed that a vulnerability in Adobe Reader appeared to have resulted in the recent attacks against Google and other companies has retracted that claim. In a statement issued this afternoon, Verisign's iDefense security group said that it was retracting its earlier assessment. iDefense had stated that the attackers used malicious PDF file attachments delivered via e-mail to break into Google and other companies. The company had suggested that a vulnerability i... read more» 
   
 





 Centre to shield Australia against cyber attacks 
 (from nzherald at 20-1-2010) 
 Australia has opened a new citadel to protect itself from attacks in what Defence Minister John Faulkner describes as the "battlefield" of cyberspace. The opening of the Cyber Security Operations Centre follows a year in which defence computer networks were attacked by about 220 "security incidents" a month, with another 220 targeting other government systems.... read more» 
   
 





 Hackers Hit Network Solutions Customers 
 (from PCWorld at 20-1-2010) 
 Hackers have managed to deface several hundred Web sites hosted by Network Solutions, the company said Tuesday. In a blog posting, the Internet service provider described the incident as a "limited attack on websites hosted on Network Solutions Unix servers." Several servers were hit and "intruders were able to get through by using a file inclusion technique," the blog post said.... read more» 
   
 





 FISMA Reform or Not 
 (from govinfosecurity at 20-1-2010) 
 As Congress returns to Washington for the second session of the 111th Congress, GovInfoSecurity.com this week will present the top five cybersecurity challenges - one each weekday - the federal government will face in 2010. Sen. Tom Carper won't be getting his birthday wish - made during an interview last year - of President Obama signing his bill to reform the Federal Information Security Management Act of 2002 in a Rose Garden ceremony by his birthday, this coming Saturday, Jan. 23. Majo... read more» 
   
 





 Top Ten Security SNAFU’s Of The Decade 
 (from information-security-resources at 20-1-2010) 
 On the last decade we have seen technological breakthroughs unlike any other. In response we have seen a tremendous rise in fraud. The reason? The speed of the conveniences technology have far outpaced the security of technology.... read more» 
   
 





 How antivirus software works: Is it worth it? 
 (from TechRepublic at 20-1-2010) 
 We are told, in order to survive on the Internet, our computers need protection afforded by antivirus applications. If that’s true: - Why do computers still get infected? - Would it be a lot worse if we didn’t use antivirus programs?... read more» 
   
 





 Lincoln Financial Breach Puts 1.2M Users at Risk 
 (from InternetNews at 20-1-2010) 
 Lincoln Financial Services and Lincoln Financial Advisors are now in the process of notifying more than 1.2 million customers that their personal data may have been compromised after someone got their hands on a username and password used to access the financial services providers' portfolio management system. LFS and LFA, a pair of broker-dealer subsidiaries of Lincoln National Corp., disclosed the security breach in a Jan. 4 letter to the New Hampshire attorney general's office, revealing t... read more» 
   
 





 Firefox Soars on Germany’s Browser Warning 
 (from The Wall Street Journal at 20-1-2010) 
 Germans appear to be heeding the advice of their government and seeking out alternatives to Microsoft’s Internet Explorer Web browser. Mozilla says it received about 300,000 incremental downloads above its typical downloading rate over that time period. Mozilla didn’t yet have download figures for France, where the French government has also advised people to try non-Microsoft browsers because of the security flaw.... read more» 
   
 





 Cyber Espionage: Death by 1000 Cuts 
 (from shadowserver at 20-1-2010) 
 The recent events surrounding a targeted intrusion at Google have intrigued many and sparked numerous recent debates on a variety of issues. While Shadowserver is familiar with several of the events surrounding this compromise, we are not getting up to the minute updates or fully clued into everything that happened. Targeted cyber intrusions are occurring daily at a very staggering level. Industries in the United States are heavily targeted but this truly is a global problem that is facing ne... read more» 
   
 





 Evidence Found for Chinese Attack on Google 
 (from The New York Times at 20-1-2010) 
 An American computer security researcher has found what he says he believes is strong evidence of the digital fingerprints of Chinese authors in the software programs used in attacks against Google. The search engine giant announced last Tuesday that it had experienced a series of Internet break-ins it believed were of Chinese origin. The company’s executives did not, however, detail the evidence leading them to the conclusion that the Chinese government was behind the attacks, beyond stating... read more» 
   
 





 Putting Chinese cyber espionage in perspective 
 (from threatchaos at 20-1-2010) 
 Last Tuesday Google announced that they had been hacked by sources in China. The target was email accounts of Chinese activists and bloggers. An outraged Google threatened to discontinue censoring search results at the Google China search engine google.cn. Yahoo chimed in in support of Google. Yahoo of course is another Internet company with a history of bowing to Chinese requests including providing information that led to the arrest and imprisonment of Shi Tao, a Chinese journalist who ... read more» 
   
 





 Bridging the Gap from IT Security to Financial Process Controls 
 (from CA Community at 20-1-2010) 
 Many agencies have a good handle on IT security, with the FISMA guidelines spelled out in great detail. However, with the advent of the new financial stimulus packages, there is a greater impetus to streamline the process around managing financial controls. Traditionally, financial process controls and IT security (e.g. FISMA) have been managed in separate silos. In November 2009, I presented a session at the IT Government Expo (sponsored by CA) in which we explored the potential of a broade... read more» 
   
 





 IT security market to see double-digit growth in 2010 
 (from enterpriseinnovation at 20-1-2010) 
 As most economic figures point to a smooth recovery, the outlook for the IT security industry in 2010 is expected to be optimistic in 2010. According to the figures recently released in the IDC Asia/Pacific Semiannual Security Software Tracker, most security markets in the Asia/Pacific are expected to post strong double-digit growth in 2010 compared to 2009. According to the study, the largest growth will be in the Security and Vulnerability Management (SVM) market which is forecast to grow ... read more» 
   
 





 FBI Broke Law Spying on Americans’ Phone Records, Post Reports 
 (from Wired Blog Network at 20-1-2010) 
 An internal audit found the FBI broke the law thousands of times when requesting Americans’ phone records using fake emergency letters that were never followed up on with true subpoenas — even though top officials knew the practice was illegal, according to The Washington Post. The inspector general’s follow-up report on the so-called “exigent” letters — an investigation that started in 2007 — is due in a few months. E-mails obtained by the Post showed that responsible agency officials inform... read more» 
   
 





 6th Annual State of the Net Conference 
 (from netcaucus at 20-1-2010) 
 The 2010 Conference will feature keynotes from Comcast Chairman and CEO Brian L. Roberts and from Howard Schmidt, the incoming cyber security coordinator for the White House! The State of the Net Conference is the largest information technology policy conference in the US, attracting over 550 attendees in 2009. The conference framed the policy debates facing the new Administration and the new Congress. The State of the Net Conference is the only tech policy conference routinely recognized for... read more» 
   
 





 Information Tribunal is abolished as new service takes charge 
 (from Out-law at 20-1-2010) 
 The appeals process for freedom of information and data protection cases changes from today as the previous structure is absorbed into a wider tribunals service. The Information Commissioner's Office (ICO) is responsible for monitoring organisations' compliance with freedom of information and data protection laws. Appeals against its ruling have until now gone through the Information Tribunal.... read more» 
   
 





 McAfee ‘Hacking Exposed’ Webcast Series Fights Cybercrime 
 (from avertlabs at 20-1-2010) 
 We are pleased to announce the next event in our complimentary monthly “Hacking Exposed Live!–A Webcast Series,” which educates attendees to protect against cybercrime and hackers. The monthly webcast, hosted by Hacking Exposed coauthor and McAfee Senior Vice President Stuart McClure, walks attendees through the latest hacking techniques and explains countermeasures for preventing attacks. The next webcast is January 21 at 11 a.m. Pacific time (2 p.m. Eastern) and will feature two white-hot s... read more» 
   
 





 Man Utd imposes social networking ban 
 (from The Register at 20-1-2010) 
 Manchester United has banned its players from using social networking websites. In a statement, the football club claimed none of its stars had ever used sites such as Twitter or Facebook and that all player news was communicated via its official website, ManUtd.com.... read more» 
   
 





 Government personal data handling has improved, says report 
 (from Out-law at 20-1-2010) 
 Measures put in place by the Government to better protect individuals' personal data have been successful but more work is needed, according to the first annual internal report due under the new regime. After a series of embarrassing losses of personal information, including the 2007 loss of discs containing the names, addresses and bank details of 25 million child benefit claimants, the Government conducted a Data Handling Review (DHR).... read more» 
   
 





 UK border database on target and budget, says Home Office on 
 (from The Register at 20-1-2010) 
 Half of all journeys in and out of the UK are now being centrally recorded and analysed by the £1.2bn e-Borders scheme, the government estmates. The Home Office yesterday said the system is currently gathering data on between 45 and 50 per cent of people crossing the border.... read more» 
   
 





 Infrastructure Security Report - The fifth edition of this report was released on January 19, 2010 
 (from Arbornetworks at 20-1-2010) 
 Arbor Networks’ Worldwide Infrastructure Security Report is designed to provide data useful to network operators so they can make informed decisions about their use of network security technology to protect their mission-critical infrastructure. The fifth edition of this report was released on January 19, 2010. Volume V Highlights: * Attack Size Still on the Rise, But at a Slower Pace: ISPs reported near doubling in peak distributed denial of service (DDoS) attack rates year-over-ye... read more» 
   
 





 Health Net's missing drive could cost it millions 
 (from The Register at 20-1-2010) 
 US healthcare corporation Health Net kept quiet for 6 months about a lost disk drive, exposing 1.5 million of its members to identity theft. It is now being sued. The law suit, filed by Connecticut's Attorney General, Richard Blumenthal, is in regard of 466,000 members in that state and refers to HIPAA regulations.... read more» 
   
 





 Broadband booms in the Naughties 
 (from ComputerWorld at 20-1-2010) 
 Global Internet access has exploded over the last decade from about 350 million to 1.6 billion, according to new research. More than a third of Internet users worldwide will connect via broadband, according to a BuddeComm report, 2010 Global Telecoms Industry Snapshot. About 500 million people will be on fixed-line technologies by year’s end. Almost two-thirds of users will subscribe to DSL connections, about 20 per cent via cable modem and only 10 to 15 per cent will use fibre.... read more» 
   
 





 Public sector urged to make better use of social media 
 (from v3 at 20-1-2010) 
 A report by the Society of Information Technology Management (Socitm) has called on public sector IT managers to embrace social media in order to communicate with an increasingly web-savvy audience. The report, Social media: why ICT management should lead their organisations to embrace it, said that ignoring the use of sites like Facebook and Twitter is akin to ignoring the advent of the telephone at the start of the 19th century.... read more» 
   
 





 Tories to overhaul Cyber Security Operations Centre 
 (from v3 at 20-1-2010) 
 The Conservative Party will introduce a Cyber Threat and Assessment Centre to act as a single reporting point for all cyber security incidents if it is elected. The Tories explained in a green paper released on Friday that the new centre would be built on the existing Cyber Security Operations Centre announced last year by Gordon Brown, and will aim to provide "a common operating picture, threat assessment and situational awareness to users".... read more» 
   
 





 Three lessons for businesses from the Google attack 
 (from NetworkWorld at 20-1-2010) 
 The cyberattacks against Google and more than 30 other technology companies by adversaries operating out of China highlights what some call the Advanced Persistent Threat (APT) confronting a growing number of U.S commercial entities. Writing in a blog post Thursday, security vendor McAfee's chief technology officer George Kurtz noted that APTs had begun to change the threat landscape. "These attacks have demonstrated that companies of all sectors are very lucrative targets," Kurtz said. APTs... read more» 
   
 





 Foreign reporters' Gmail hacked in China 
 (from MSNBC at 20-1-2010) 
 There are new claims that China may be hacking into more Google e-mail accounts. The Foreign Correspondents Club of China has e-mailed members warning that reporters in at least two news bureaus in Beijing claim their Gmail accounts had been invaded. They said their e-mails had been forwarded to unfamiliar accounts.... read more» 
   
 





 Google to call for creation of EU privacy, security panel 
 (from ComputerWorld at 20-1-2010) 
 Google needs to keep hold of information about people's search history if it is to combat the sort of hacking it experienced in China last month, the company's top privacy lawyer, Peter Fleischer, said on Tuesday. "The unprecedented hacking [of Google's networks] and the threat of similar such attacks in the future emphasised the importance of internal analysis of logs," Fleischer said in a telephone interview. He added that it is essential to find an appropriate balance between respecting... read more» 
   
 





 Bill on cybercrime penalties approved on final reading 
 (from bworldonline at 20-1-2010) 
 THE HOUSE of Representatives yesterday passed on third and final reading a bill that seeks to impose penalties on crimes committed through the Internet. House Bill (HB) 6794 or the proposed Cybercrime Prevention Act of 2009 seeks to address illegal hacking of government Web sites, phishing, data fraud, and use of cyberspace for sex and child pornography, among others. The bill also creates the Cybercrime Investigation and Coordinating Center under the Office of the President.... read more» 
   
 





 Security Automation Developer Days Winter 2010 Conference Invitation 
 (from David Waltermire at 19-1-2010) 
 I’d like to share some details with you regarding the upcoming Security Automation Developer Days Winter 2010 Conference to be held on Monday, 22 February 2010 thru Wednesday, 24 February 2010. This technical conference is a free three-day event that is sponsored by the Department of Defense (DoD), hosted by the National Institute of Standards and Technology (NIST), and facilitated by the MITRE Corporation. This conference will consist of a series of workshops that focus on engaging the securit... read more» 
   
 





 Software Firms Fear Hackers Who Leave No Trace 
 (from The New York Times at 19-1-2010) 
 The crown jewels of Google, Cisco Systems or any other technology company are the millions of lines of programming instructions, known as source code, that make its products run. If hackers could steal those key instructions and copy them, they could easily dull the company’s competitive edge in the marketplace. More insidiously, if attackers were able to make subtle, undetected changes to that code, they could essentially give themselves secret access to everything the company and its custom... read more» 
   
 





 INTECO - Event Trust in the Information Society, 10th and 11th of February 
 (from INTECO at 19-1-2010) 
 There is less than a month left till the beginning of the international event on e-Trust Trust in the Information Society, which will be held on the 10th and 11th of February in Leon, coinciding with the Spanish presidency of the European Union. The participants of the conference of different European nationalities during the two days of the event will intervene in sessions of a high strategic level on issues and topics of political and social scope. You can consult the Schedule of the E... read more» 
   
 





 Internet Survival Guide for Traveling Where Privacy Isn't Respected 
 (from LifeHacker at 19-1-2010) 
 Two things have really changed the face of independent backpacker travel in the last decade: digital cameras and—even more so—the internet. While some people can afford the luxury of traveling with a laptop or even a netbook, a real backpacker doesn't want to have to carry the extra weight nor the responsibility of carrying expensive equipment that would be difficult to lug around, relatively easy to steal, and expensive to replace. Internet cafes proliferate all throughout Asia and other rem... read more» 
   
 





 Phishing scam targets veterans 
 (from nbc12 at 19-1-2010) 
 A warning about what may be a new phishing scam targeting veterans. It's in the form of a text message related to V.A. benefits. The methodology isn't that complex with these phishing scams; cast a wide net, maybe a thousand text message go out. They might apply to a hundred of the recipients, and if 10 people get taken the scammer can pat himself on the back. "It was last week. I got three text messages in one day," said David Clements.... read more» 
   
 





 China: We are biggest victim of cyberattacks 
 (from NetworkWorld at 19-1-2010) 
 China on Tuesday denied any role in alleged cyberattacks on Indian government offices, calling China itself the biggest victim of hackers. When asked about Google's allegation that cyberattacks launched from China hit the U.S. search giant, foreign ministry spokesman Ma Zhaoxu said Chinese companies were also often hit by cyberattacks. "China is the biggest victim of hacking attacks," Ma said, citing the example of top Chinese search engine Baidu.com being hacked last week.... read more» 
   
 





 China behind hacking Indian government computers 
 (from siliconIndia at 19-1-2010) 
 National Security Advisor M.K. Narayanan's assertion that hackers have tried to penetrate government computers in vital ministries is true as there have been several attempts in the past to gain access to important documents, say security officials. In an interview to The Times, Narayanan said his office and other government departments were targeted Dec 15, the same date that U.S. defence, finance and technology companies, including Google, reported cyber attacks from China.... read more» 
   
 





 Hope grows Google will stay in China 
 (from nzherald at 19-1-2010) 
 Google says it has begun talks with the Chinese Government about the company's plan to stop censoring results from its search engine, after threatening to quit the country because of cyber attacks. Google will hold more talks with Chinese authorities "in the coming days", it said yesterday.... read more» 
   
 





 5 Government Cybersecurity Challenges in 2010 
 (from govinfosecurity at 19-1-2010) 
 - Monday: Cybersecurity Coordinator: Now What? - Tuesday: Recruiting a Cybersecurity Workforce - Wednesday: FISMA Reform or Not - Thursday: Securing the Cloud - Friday: NIST's Growing Influence... read more» 
   
 





 5 More Reasons Why IE6 Must Die 
 (from Mashable at 19-1-2010) 
 1. Your security and your company’s security are at risk. 2. World governments are suggesting you switch browsers. 3. Even Microsoft wants you to drop IE6. 4. Not wanting to upgrade from Windows XP isn’t a legitimate excuse anymore. 5. This will not be the last massive IE6 security breach.... read more» 
   
 





 Govt issues IE security warning 
 (from ABC at 19-1-2010) 
 The Federal Government has ramped up warnings about Microsoft's web browser Internet Explorer, which has come under attack from hackers. The Government is warning that people risk having their computers infiltrated and passwords stolen unless they install temporary fixes from Microsoft or use alternative browsers.... read more» 
   
 





 Lincoln National Corp Reveals Potential Breach of 1.2 Million Accounts 
 (from Bankinfosecurity at 19-1-2010) 
 Lincoln National Corp., a financial services company based in Radnor, PA disclosed a security vulnerability that may have leaked personal data of 1.2 million customers. The company revealed the possible data breach in a letter to the attorney general of New Hampshire on January 4.... read more» 
   
 





 Berlusconi's Government Plans to Severely Restrict Online Video in Italy 
 (from Softpedia at 19-1-2010) 
 The recent Google China debacle has raised the issue of Internet censorship again and made more people aware of the restrictions governments like China's enforce on its citizens. And many probably felt lucky that they didn't live in a country that limits their access to information and the Internet in particular. A new law passed by Berlusconi's government on December 17 and set to go into effect on January 27 would require anyone wanting to upload a video to have an official authorization f... read more» 
   
 





 UK ignores fears over Internet Explorer despite French and German warnings 
 (from Guardian at 19-1-2010) 
 The British government and armed forces are to continue their widespread use of the version of Microsoft's Internet Explorer browser that was attacked by Chinese hackers who broke into Google's corporate network – even though both the French and German governments have advised people to stop using it. The Cabinet Office, which oversees the deployment of computers in government, said today that "it doesn't think the issue [of being open to hacking] would be resolved any better by going elsewhe... read more» 
   
 





 In Americas new cyberwar Google is on the front line 
 (from Guardian at 19-1-2010) 
 The conflict between Google and China is no run-of-the-mill business dispute. The corporate leviathan and national behemoth have come to blows in a serious skirmish whose outcome remains unpredictable. While mere mortals should be concerned if not afraid when rivals like these clash, the conflict does shine a light on what is going on in the hidden world of cybersecurity. Without doubt the Chinese are up to no good. But it is hard to feel much sympathy for Google.... read more» 
   
 





 Foreign journalists in China hit in latest email attacks 
 (from TGDaily at 19-1-2010) 
 An association of journalists working in China says a number of its members have had their Gmail accounts hijacked. The Foreign Correspondents' Club of China says writers 'in a few bureaus in Beijing' have found that their emails were being forwarded to a stranger's address. One was Associated Press; the others haven't been named.... read more» 
   
 





 IPv4 addresses to be exhausted by 2012 
 (from v3 at 19-1-2010) 
 Only 10 per cent of the entire IPv4 address range is still available and businesses need to start preparing for the switch to IPv6 within the next two years, according to the Number Resource Organisation (NRO). The NRO is the official representative of the five Regional Internet Registries that oversee the worldwide allocation of internet number resources, and has called on various internet stakeholders to help facilitate the use of IPv6 addresses.... read more» 
   
 





 Team Cymru's YouTube Channel - Episode 34: Brian Krebs interview 
 (from Team Cymru at 19-1-2010) 
 In the 34th episode of Team Cymru's 'The Who and Why Show', we ask Bran Krebs: "What keeps you up at night worrying?". Brian recently left the Washington Post, where he covered all things cybercrime, for a new blogging venture, but he still asks (and in this case answers) some of the most interesting and important questions in the IT Security community.... read more» 
   
 





 China may reverse citizen ban on domain registration 
 (from theregister at 19-1-2010) 
 Chinese web regulators banned individual domain registration without a business license in early December, purportedly as part of a crackdown on internet smut and malware. But an official from China's Internet Network Information Center (CNNIC) told the English-language newspaper ChinaDaily that the decision may be reversed — so long as measures are in place to verify an applicant's personal information.... read more» 
   
 





 Data Privacy Day is January 28 
 (from data breaches at 19-1-2010) 
 Data Privacy Day is January 28, and there are more events this year than in past years, with some events starting on January 20. The Data Privacy Day Project lists a number of resources and events that you will want to know about. Many of the events have now been entered on this site’s privacy events calendar, located in the sidebar on PogoWasRight.org. By hovering over the date, you will be able to see if there are any privacy events in your geographic area.... read more» 
   
 





 Cyber security centre doesn't operate 24/7 
 (from SecureComputing at 19-1-2010) 
 Australia's first cyber security operations centre will not operate 24 hours a day until it "expands its capability", a Department of Defence spokesman has revealed. Launched Friday, the centre is tasked with defending Australia against Internet attacks. "Currently it does not operate around the clock," the spokesman said.... read more» 
   
 





 China Pays Web Users to Find Pxxx Amid Crackdown 
 (from CIO at 19-1-2010) 
 China has paid cash rewards to more than 200 people who found online porn and reported it to authorities, as a government crackdown on undesirable Web content spreads. Authorities gave the people a total of 224,000 yuan (US$33,000) as part of a policy to pay citizens for porn tip-offs, the official Xinhua news agency said late Monday. The policy caused a government watchdog's daily number of porn tip-offs from the public to surge by 10 times immediately after it was announced last month, acco... read more» 
   
 





 ISPs could cut spam easily, says expert 
 (from TechWorld at 19-1-2010) 
 Two simple techniques could be used to strangle botnets, a security expert has claimed. First, block email port 25 by default. Second, tell users when they are spewing spam from compromised PCs. According to Trend Micro's CTO, Dave Rand, who is leading a campaign to reform the way ISPs approach the matter of botnets and spam, the two countries that adopted such techniques, The Netherlands and Turkey, have seen a huge reduction in the numbers of botnetted PCs.... read more» 
   
 





 Ballmer: no China exit for Microsoft's Bing 
 (from The Register at 19-1-2010) 
 Microsoft is following Google into practically everything - except its threat to pull out of the Chinese search market. Chief executive Steve Ballmer says Microsoft has no plans to pull MSN or Bing out of China while professing confusion over Google's claimed reason for its threat, Reuters reports.Ballmer is reported to have said "no" when asked whether Microsoft would also pull out of China.... read more» 
   
 





 Chavez decries evils of PlayStation 
 (from The Register at 19-1-2010) 
 The evils of decadent Western technology have been highlighted by a brace of enlightened regimes, just days after China warned only compliant firms need bother trying to operate on its cyber turf. Meanwhile, Malaysia's information and communications minister has told the country's citizens they should be wary of the internet, because it had been developed by Westerners. Rais Yatim said Muslims, and other religious groups, should be careful about getting carried away by Facebook or Twitter.... read more» 
   
 





 ContactPoint database under security spotlight 
 (from IT Pro at 19-1-2010) 
 The Government's controversial ContactPoint database has allegedly already experienced security breaches before it has even been officially launched, according to reports. An investigation by the Daily Telegraph suggests that three of the 20 pilot sites in London, Staffordshire and Surrey have already come up against security issues.The database was proposed following the murder of Victoria Climbie back in 2000 to help safeguard vulnerable children and is set to hold information on all of the... read more» 
   
 





 Companies Fight Endless War Against Computer Attacks 
 (from The New York Times at 19-1-2010) 
 The recent computer attacks on the mighty Google left every corporate network in the world looking a little less safe. “The Google case shines a bright light on what can be done in terms of spying and getting into corporate networks,” said Edward M. Stroz, a former high-tech crime agent with the F.B.I. who now heads a computer security investigation firm in New York.... read more» 
   
 





 Chinese Internet search firm Baidu looks forward to life after Google 
 (from washingtonpost at 19-1-2010) 
 In 2000, a 31-year-old software engineer named Li Yanhong, a.k.a. Robin Li, left his job in Silicon Valley and returned home to China to start an Internet search engine. He raised $26.2 million in venture capital, including a modest investment by Google. Ten years later, Li's company, Baidu, has become the dominant search engine in China, a goliath with 7,000 employees and a market value of $16.2 billion on the Nasdaq Stock Market. Google, which sold its stake in 2006 when it launched its own... read more» 
   
 





 Social Web's true impact on China, Haiti 
 (from CNN at 19-1-2010) 
 We've seen some major world events unfold on the social media stage in the past week, the biggest being Google's threat to pull out of China and the Haiti earthquake. Google's actions have brought attention back to the long-standing Internet censorship that blankets China, while the destruction in Haiti has mobilized hundreds of thousands to open their wallets and their hearts.... read more» 
   
 





 Gmail of foreign journalists in China hijacked 
 (from Computer World at 19-1-2010) 
 The Gmail accounts of foreign reporters in at least two news bureaus in Beijing have been hijacked, a journalists' group in China said Monday. The news comes just one week after Google said it had been targeted by recent cyberattacks aimed at accessing the Gmail accounts of Chinese human rights activists. The U.S. search giant cited the attacks as one reason it has decided to stop censoring its Chinese search engine and may ultimately close its China offices.... read more» 
   
 





 Net Neutrality: Now cures all wickedness - and Loompa scurvy, too 
 (from The Register at 19-1-2010) 
 Delicious news from the United States, where 'Net Neutrality' is again being recast for a new political purpose. The term long since ceased to mean anything - it now means anything you want it to mean. But as a rule of thumb, advocating Neutrality means giving your support to general Goodness on the internets, and opposing general Badness. Therefore, supporting Neutrality means you yourself are a Good Person, by reflection, and people who oppose Neutrality are Bad People.... read more» 
   
 





 Russia and Brazil Attack Traffic Champions in Q3 2009 
 (from Softpedia at 19-1-2010) 
 According to a report from Akamai, one of the world's largest content distribution networks, Russia and Brazil surpassed the United States and China in terms of attack traffic for the third quarter of 2009. Around 80% of responsible attacks were generated by variants of the infamous Conficker worm and targeted port 445. Akamai maintains a network of servers worldwide in order to deliver content for some of the biggest IT organizations in the world, such as Microsoft, Apple, Adobe Systems, Ama... read more» 
   
 





 Google probing possible inside help on attack 
 (from Yahoo at 19-1-2010) 
 Google is investigating whether one or more employees may have helped facilitate a cyber-attack that the U.S. search giant said it was a victim of in mid-December, two sources told Reuters on Monday. Google, the world's most popular search engine, said last week it may pull out of the world's biggest Internet market by users after reporting it had been hit by a "sophisticated" cyber-attack on its network that resulted in theft of its intellectual property.... read more» 
   
 





 British government ignores MS browser fears 
 (from The Register at 19-1-2010) 
 France and Germany have already told their citizens to avoid Microsoft's Internet Explorer because of a critical hole in the browser, so what does the British government think? The problem emerged late last week and both governments reacted with a simple warning - use another browser until this is fixed. Three days later and still no response from the British government. We're still waiting to hear back from Lord Mandy's Department for Business, Innovation and Skills. The weakness is in older... read more» 
   
 





 The Ninth Workshop on the Economics of Information Security (WEIS 2010) 
 (from weis2010 at 19-1-2010) 
 Information security continues to grow in importance, as threats proliferate, privacy erodes, and attackers find new sources of value. Yet the security of information systems depends on more than just technology. Good security requires an understanding of the incentives and tradeoffs inherent to the behavior of systems and organizations. As society’s dependence on information technology has deepened, policy makers, including the President of the United States, have taken notice. Now more than ev... read more» 
   
 





 Poisoned PDF pill used to attack US military contractors 
 (from The Register at 19-1-2010) 
 Unidentified hackers are running an ongoing cyber-espionage attack targeting US military contractors Booby-trapped PDF files, posing as messages from the US Department of Defense, were emailed to US defence contractors last week. The document refers to a real conference due to be held in Las Vegas in March.... read more» 
   
 





 London-based Jewish newspaper attacked by hackers 
 (from washingtonpost at 19-1-2010) 
 Turkish hackers attacked the Web site of Britain's flagship Jewish newspaper, replacing the main page with a Palestinian flag and anti-Semitic writings, the paper's editor said Monday. The Web site for the Jewish Chronicle - the world's oldest continuously published Jewish newspaper - was defaced for a "couple of hours" on Sunday, editor Stephen Pollard said Monday. "It did no damage, as far as we can tell," he said. The site was back online by midday Monday.... read more» 
   
 





 IE security threat overblown: Australian experts 
 (from The Age - Australia at 19-1-2010) 
 Australian computer security officials believe France and Germany are jumping the gun in advising citizens to ditch Internet Explorer. The advisories, from Germany's Federal Office for Information Security and France's Government-owned Certa cyber threat agency, said all versions of IE were vulnerable to attack and people should switch to Firefox or Google's Chrome. But Australia's computer emergency response team, AusCERT, which compiles the cyber threat alerts for the Government's Stay Smar... read more» 
   
 





 French, German governments warn against IE 
 (from ZDNet at 19-1-2010) 
 The German and French governments have advised citizens to avoid using Internet Explorer until Microsoft patches a zero-day flaw that was used by hackers to access Google systems. Microsoft confirmed last week that the IE flaw was used in cyberattacks on Google's infrastructure - which included an attempt to access the Gmail accounts of Chinese human-rights activists - and on a number of other US companies. Attack code exploiting the invalid pointer reference flaw has been published on mailin... read more» 
   
 





 Theft of Goodwill safe raises identity theft concerns 
 (from WWMT at 19-1-2010) 
 In Kent County, the investigation continues into the theft of a safe from a Goodwill location in Kent County. This is a theft that Newschannel 3 first reported on in December. A man broke into a Goodwill store and stole a safe, but instead of money that thief got the names, addresses, dates of birth, and Social Security numbers from thousands of people. Now, there are fears that this could turn into a huge identity theft problem. Elden Shellenbarger first thought the letter from Goodwill... read more» 
   
 





 ATHCON2010 - CFP/1st Call for Papers - AthCon IT Security Conference 
 (from athcon at 19-1-2010) 
 From 3rd - 4th June AthCon, the first highly technical information security conference in Greece will take place in Athens at the Jockey's Country Club (http://www.jockeyscountryclub.gr) * Day 1: Training (Thursday 03 Jun 2010) * Day 2: Sessions (Friday 04 Jun 2010) AthCon is an annual, European two-day conference targeting particular areas of information security. It’s aim: to bring leading information security experts together, under the theme of twenty sessions and four -inten... read more» 
   
 





 Reminder: Campus Party EU 2010 Call For Participants 
 (from Seclists at 19-1-2010) 
 The Spanish Ministry for Science and Innovation presents in Madrid from 14th – 18th April, and during the Spanish Presidency of the European Union, Campus Party Europe (http://www.campus-party.eu/home-en.html) : a special edition of what is considered the biggest event for technology, creativity and digital culture online in the world. For four days, 800 young people from each of the 27 member states of the EU will participate in activities such as conferences, workshops and challenges... read more» 
   
 





 Turkey blocking 3,700 websites, reform needed: OSCE 
 (from Reuters at 19-1-2010) 
 Milos Haraszti, media freedom monitor for the 56-nation Organization for Security and Cooperation in Europe (OSCE), said Turkey's Internet law was failing to preserve free expression in the country and should be changed or abolished. "In its current form, Law 5651, commonly known as the Internet Law of Turkey, not only limits freedom of expression, but severely restricts citizens' right to access information," Haraszti said in a statement.... read more» 
   
 





 Google denies leaving China, seeks negotiations 
 (from Reuters at 19-1-2010) 
 Google, the world's most popular search engine, said last week it was thinking about quitting China after suffering a sophisticated cyber-attack on its network that resulted in theft of its intellectual property. The company has said it is no longer willing to filter content on its Chinese language google.cn engine, and will try to negotiate a legal unfiltered search engine, or exit the market. Most of the filters on google.cn were still in place on Sunday, though controls over some search... read more» 
   
 





 China isn’t our biggest hacker threat 
 (from CriKey at 19-1-2010) 
 When Google announced last week that it was targeted by a cyber attack originating from China it certainly got media attention. Google is a household name and China is perceived as a growing competitor. But transnational cyber attacks are widespread, and China isn’t necessarily Australia’s biggest problem. “Australian attacks targeting the private sector have come from other so-called ‘friendly countries’. Which country is a problem closely correlates with business competition in the particul... read more» 
   
 





 Young lawmaker says cybercrime bill 'too vague' 
 (from cbnnews at 18-1-2010) 
 Lack of definition of what constitutes computer crime may further delay the passage of House Bill 6974 or the CyberCrime Prevention Act of 2009, according to Kabataan Party-list Rep. Mong Palatino. Palatino urged fellow members of the House of Representatives to re-evaluate the bill, saying that the proposed measure could be used to stifle freedom of expression, speech and the press and may violate the people's right to privacy. "The definition of 'cybercrime' in the bill is vague and its ... read more» 
   
 





 4 North Texans accused of cybercrime conspiracy arrested in Mexico 
 (from Dallasnews at 18-1-2010) 
 Four people from North Texas indicted last week by a federal grand jury in Dallas were arrested Friday morning in Cancun, Mexico, according to the FBI. Michael Faulkner, 36, and his wife, Chastity Faulkner, 34, both of Southlake, were central figures in the 19-person indictment brought by U.S. Attorney James Jacks. Michael Faulkner had been reported as being killed trying to re-enter the United States from Mexico, but that report had not been confirmed.... read more» 
   
 





 Gmail of foreign journalists in China hijacked 
 (from ComputerWorld at 18-1-2010) 
 The Gmail accounts of foreign reporters in at least two news bureaus in Beijing have been hijacked, a journalists' group in China said on Monday. The news comes just one week after Google said it had been targeted by recent cyberattacks aimed at accessing the Gmail accounts of Chinese human rights activists. The US search giant cited the attacks as one reason it has decided to stop censoring its Chinese search engine and may ultimately close its China offices.... read more» 
   
 





 European governments warn against Internet Explorer 
 (from ComputerWorld at 18-1-2010) 
 The French government has become the second in days to warn its citizens to steer clear of all versions of Explorer (IE) until a serious security flaw is fixed in the browser. At the weekend, The German Federal Office for Information (BSI) Security warned users against using versions 6, 7 and 8 of the browser until Microsoft patched the vulnerability referred to Microsoft in advisory 979352, the remote execution security hole believed to be connected to recent high-profile attacks on Google s... read more» 
   
 





 Microsoft bots perform denial of service on Perl Testers 
 (from h-online at 18-1-2010) 
 The Perl CPAN Testers have been suffering issues accessing their sites, databases and mirrors. According to a posting on the CPAN Testers' blog, the CPAN Testers' server has been being aggressively scanned by "20-30 bots every few seconds" in what they call "a dedicated denial of service attack"; these bots "completely ignore the rules specified in robots.txt".... read more» 
   
 





 Threats 2.0: A glimpse into the near future 
 (from Net-Security at 18-1-2010) 
 Collaboration and socializing, flexible and movable content, interoperability - these are all things that made Web 2.0 the answer to our needs. New technologies to sustain this evolution are introduced almost daily, but we should not be so naive to think that attackers won't be able to find ways to compromise and take advantage of them and us.... read more» 
   
 





 Google opens talks with China over censorship 
 (from ComputerWeekly at 18-1-2010) 
 Internet search firm Google has begun talks with the Chinese government about plans to stop censoring search results after the company was targeted by cyber attacks traced to China. The company has revealed that its internal systems were broken into by hackers looking for information about human rights activists who subscribe to Google's free e-mail service. Google has threatened to pull out of the country if it is unable to reach an agreement with Chinese authorities to continue operation... read more» 
   
 





 6th Data Centres Europe 2010 & Awards Ceremony 
 (from datacentres at 18-1-2010) 
 Welcome to Europe’s largest and only pan regional event for the Data Centre industry High quality of attendees - C Level attendance has consistently risen year after year and now comprises of almost a quarter of all attendees; senior executives, decision makers and influencers form the main part of the audience together with companies engaged in advising and consulting to the sector. Consistently European – this year’s event will see attendees from across Europe, eastern and central Euro... read more» 
   
 





 Google engages in cyber vigilantism 
 (from threatchaos at 18-1-2010) 
 Last weekend I related communications I had with The Jester, an individual who has decided to express his outrage at Jihadist organizations by systematically taking down their web sites. This week we learned that engineers at Google had been engaging in their own form of cyber vigilantism by hacking into a command and control server in Taiwan. In what is rapidly turning into a game-changing story we are getting reports that 33 or more organizations have succumbed to what many experts are ... read more» 
   
 





 Online scams come with tax season 
 (from reporternews at 18-1-2010) 
 It’s tax season, and that means IRS-related phishing scams are ramping up. One such fake e-mail hitting in-boxes this past week asks “U.S.-based employers” to complete an “updated” version of the government’s W-2 form because of “important changes” within the forms. The updated form is conveniently attached to the e-mail. The first red flag is that it pretends to be an e-mail from the IRS, said Internal Revenue Service spokesman David Stewart.The IRS does not contact people via e-mail or req... read more» 
   
 





 Identity theft in focus 
 (from Net-Security at 18-1-2010) 
 The stories are all too familiar: Money siphoned from a checking account. Unfamiliar charges racked up on a credit card bill. Discovering a loan has been taken out under false pretenses. You may know someone forced to deal with one of these situations, or it may have even happened to you. Identity theft, when a thief uses your personal information for their personal gain, comes in all shapes and sizes, as criminals are able to steal information in a variety of ways – online and offline, inclu... read more» 
   
 





 Key ministry officials asked not to use Blackberry for emails 
 (from The Hindu at 18-1-2010) 
 Against the backdrop of concerns over hacking of crucial official websites, central security agencies have again warned the government about the use of multi-tasking blackberry instruments by some of the officials working in sensitive ministries including the Prime Minister’s office. Agencies have also cautioned against the practice of connecting official computers and laptops with unsecured internet connections by some bureaucrats thus compromising security.... read more» 
   
 





 German government warns against using MS Explorer 
 (from BBC at 18-1-2010) 
 The German government has warned web users to find an alternative browser to Internet Explorer to protect security.The warning from the Federal Office for Information Security comes after Microsoft admitted IE was the weak link in recent attacks on Google's systems. Microsoft rejected the warning, saying that the risk to users was low and that the browsers' increased security setting would prevent any serious risk.... read more» 
   
 





 Data Privacy Day 2010 
 (from dataprivacyday2010 at 18-1-2010) 
 During the week in which Data Privacy Day falls, a range of activities and events will take place in the United States and Canada, each designed to further privacy education and awareness or to advance the debate and dialogue around current controversial privacy issues. These pages will help you track the events that might be convenient or interesting to you. You will find: academic events, which include conferences, panel discussions, and brown bag lunches held at universities in the Unite... read more» 
   
 





 Computer Network Terrorism New World Threat 
 (from IsraelNationalNews at 18-1-2010) 
 “A fleet of fighter planes is not necessary to attack a power station; a keyboard is sufficient, according to University of Haifa Dr. Yaniv Levyatan, an expert on information warfare. “If you don't have the skills, there are enough mercenary hackers who can do it for you," he adds. "Carry out all my demands or the entire country's electricity will be cut off" is not just another line from a suspense film, but it is a palpable threat made possible with a computer keyboard,” Dr. Levyatan explai... read more» 
   
 





 Chinese hackers target India's national security office 
 (from theaustralian at 18-1-2010) 
 CHINESE hackers are believed to have attempted to penetrate India's most sensitive government office in the latest sign of rising tensions between the two rival Asian powers. M.K.Narayanan, India's National Security Adviser, said his office and other government departments were targeted on December 15, the same date that US companies reported cyber attacks from China.... read more» 
   
 





 Obama the fightback kid 
 (from The Age - Australia at 18-1-2010) 
 Whoever is responsible for cyber attacks on American industry and defence, the brouhaha has given the US President an opportunity to stand up to China. John Garnaut reports. For all the international pillorying of Barack Obama for allowing himself to be outmanoeuvred in his visit in November to newly assertive China, one deceptively gentle message cut through: ''I'm a big supporter of non-censorship.''... read more» 
   
 





 China tried to hack our computers, says India’s security chief M.K. Narayanan 
 (from Times Online at 18-1-2010) 
 Chinese hackers are believed to have attempted to penetrate India’s most sensitive government office in the latest sign of rising tensions between the two rival Asian powers, The Times has learnt. M. K. Narayanan, India’s National Security Adviser, said his office and other government departments were targeted on December 15, the same date that US companies reported cyber attacks from China. “This was not the first instance of an attempt to hack into our computers,” Mr Narayanan told The Time... read more» 
   
 





 Analysis Stuff - The Installed Components key in the Registry as a persistence mechanism 
 (from Windows Incident Response at 18-1-2010) 
 Metadata Didier has posted new versions of his PDFiD and pdf-parser tools. Didier's offerings really kind of run the gamut, don't they? Well, hey...it's all good stuff! I mean, really, other than the fact that he's updated these really great tools, what else needs to be said? Malware The MMPC posted some new malware descriptions recently, regarding Hamweq and Rimecud. Nice names. Signatures have been added to MRT, apparently.... read more» 
   
 





 Security trends to watch in 2010 
 (from TMCnet at 18-1-2010) 
 With the rise of polymorphic threats and the explosion of unique malware variants in 2009, the industry is quickly realising that traditional approaches to antivirus, both file signatures and heuristic/behavioural capabilities, are not enough to protect against today’s threats.... read more» 
   
 





 Uni network running pxxx and pirate movies 
 (from The Age - Australia at 18-1-2010) 
 Students at Sydney University's elite residential colleges are running a secret computer network for sharing pxxxography and pirated movies and music. And despite changes to disciplinary procedures promised after last year's ''pro-rape'' Facebook site scandal at St Paul's College, the university is still unable, under its code of conduct, to discipline students living in the colleges. The ''peer to peer'' file-sharing network, set up by students, is operated using the intranet provided by the... read more» 
   
 





 Australia responds to threats of internet war 
 (from The Age - Australia at 18-1-2010) 
 HACKERS are launching 200 attacks a month on the Defence Department's computer networks, the Defence Minister, John Faulkner, revealed as he unveiled a new centre to co-ordinate the nation's response to online threats. Journalists were allowed into the Defence Signals Directorate yesterday for the first time since its creation in 1947. The occasion was the opening of the Cyber Security Operations Centre.... read more» 
   
 





 What Is APT and What Does It Want? 
 (from TaoSecurity at 18-1-2010) 
 This has been the week to discuss the advanced persistent threat, although some people are already telling me Google v China with respect to APT is "silly," or that the attack vectors were what everyone has been talking about for years, and were somewhat sloppily orchestrated at that. I think many of these critics are missing the point. As is often the case with sensitive issues, 1) those who know often can't say and 2) those who say often don't know. There are some exceptions worth noting!... read more» 
   
 





 Clinton talk may signal China-Google direction 
 (from SFGate at 18-1-2010) 
 Secretary of State Hillary Rodham Clinton is giving a speech on Internet freedom and security Thursday. From it, we may get a sense of just how serious the controversy involving Google Inc., China and the Obama administration is going to get.... read more» 
   
 





 3G Encryption Also Vulnerable to Attacks 
 (from Softpedia at 18-1-2010) 
 The mobile industry is moving towards newer technology standards when it comes to limiting the risks of attacks on wireless networks, and the 3G service, already widely adopted all around the world, was seen as a solution when compared to the GSM technology. Since the latter was proven as quite vulnerable to attacks in December last year, 3G seemed like a more secure solution, until a few days ago.... read more» 
   
 





 How to protect ourselves from Chinese cyberwarriors 
 (from CIO at 18-1-2010) 
 Better user education might have played a role in stopping the apparent Chinese cyberattack on American businesses. Once targeted employees clicked on a link in an e-mail or instant message, however, most current security technology was defenseless. "Companies are not prepared for nation-states attacking them in cyberspace," said Dimitri Alperovitch, Vice President of Threat Research at McAfee, Inc.... read more» 
   
 




 US government to issue complaint to China over Google hack 
 (from v3.co.uk at 18-1-2010) 
 The US government is set to issue a formal complaint to China over its alleged involvement with the hacking attacks revealed by Google and several other companies earlier this week. State Department spokesman Philip Crowley told reporters at a press conference that Secretary of State Hillary Clinton has already spoken this week to Chinese Foreign Minister Wang, although he could not confirm whether the Google hack was on the agenda on that occasion.... read more»

Disqus for ePayment News