Saturday, February 6, 2010

Full Text Of Cambridge Report On Verified by Visa and MasterCard SecureCode











Evan Schuman, Editor of StorefrontBacktalk.com, released the full text of the recent Cambridge Report that, in no uncertain terms, states that: Verified by Visa is a "Textbook Example of How NOT to Design an Authentication Protocol"



If you are unfamiliar with Evan's blog, take a moment to visit. I've provided a link (title of post) to StorefrontBacktalk below:



Full Text Of Cambridge Report On Verified by Visa and MasterCard SecureCode



Written by Evan Schuman, today, February 6th, 2010



Verifed by Visa and MasterCard SecureCode: or, How Not to Design Authentication

Steven J. Murdoch and Ross Anderson: Computer Laboratory, University of Cambridge, UK






Editor's Note:  Way back, In October 2008  I posted a story from The Register regarding the the lack of protection afforded Verified by Visa users. Is Verified by Visa also Verified by Hackers?  Here's what they had to say about VbV back then.  I dug it back up and am republishing a comment that stuck in my head at the time. 



Verified by Visa and Mastercard SecureCode are there purely to protect the banks, not the card holder. They offer zero additional protection to the consumer, but allow the bank to claim that transactions using purloined credit card credentials were really made by the card holder. It is as simple as that. 



The issue has been noted, and commented on in the blogosphere as far back as June 2008, but has received little attention in the mainstream media, despite the obvious security implications.




Editor's Note from October 2008: The more I learn about securing a transaction on the web, the more I realize how unsafe many transactions actually are. Here's an interesting article in the Register regarding Visa's supposedly more secure program designed to fool cardholders into thinking their transactions are more secure. They call it "Verified by Visa." Caveat:  First it has to verified by consumers, (by typing into a web browser) which means it can also be keystroke logged and  "Verified by Hackers." (VbH?)



"VbyV login credentials
make it easier for crooks to make purchases online while simultaneously making it harder for consumers to deny responsibility for a fraudulent transaction".


Since card information is can be bought online for as low as $2.50, "Stolen Card Info Plunges to $2.50 in Black Market" and obtaining a DOB is so easy a caveman could do it, it's looking like VbV is more of a marketing ploy than of any real value when it comes to protecting the security of an online transaction. What I found even more interesting was Visa's declination to comment about the story which the Register tells us at the end of this article:


VbyV password reset is childishly simple • The Register



Both VbyV and SecureCode are based on 3DSecure, a name that hints at the introduction of some kind of three-factor authentication scheme. But unlike robust authentication techniques, hackers don't have a hardware token generating one-time passwords to worry about - it's just more of the same.



And since card details + CVV number is no longer considered as secure enough then it's hard to see how card details + CVV number + VbyV login is any more robust.



Much was made of how easy it was for a hacker to reset Sarah Palin's webmail account password and gain illicit access to emails, but resetting passwords for Verified by Visa - which supposedly makes online transactions more secure is arguably even easier. To reset Palin's email account a hacker needed to know the Republican VP candidate's birth date, her zip code and the answer to a secret question on where she met her husband. Resetting a Verified by Visa password, by contrast, requires only card details (got $2.50?) and a date of birth.



Register commenter Anthony explains.



Verified by Visa (VbV) allows anyone who has the credit card number in their hands to set a new password for VbV with just the card details and the card owner's date of birth. Since the latter is trivial to discover for most people, this adds almost no additional security to the process.



Register reader Jusme reports the same issue. Verified by Visa is one of the reasons I no longer use Barclaycard. Pretty much every time I had to use it the password was not recognised and I had to "reset it", which just meant entering my DOB and a new password, hardly very secure.



Online shoppers who buy goods and service with participating retailers are asked to submit a VbyV or SecureCode password to authorise transactions. These additional checks are typically submitted via a website affiliated to a card-issuing bank but with no obvious connection to a user's bank. Punters aren't informed up front that a merchant has signed up to Verified by Visa. Sites used to authenticate a VbyV or SecureCode password routinely deliver a dialogue box using a pop-up window or inline frame, making it difficult to detect whether or not a site is genuine.  The appearance of phishing attacks hunting for Verified by Visa passwords are among the reasons some punters are wary of the technology. Once obtained by fraudsters, either by direct phishing attack or through other more subtle forms of social engineering trickery,





An anonymous commenter to our original stories agrees:

Verified by Visa and Mastercard SecureCode are there purely to protect the banks, not the card holder. They offer zero additional protection to the consumer, but allow the bank to claim that transactions using purloined credit card credentials were really made by the card holder. It is as simple as that.
The issue has been noted, and commented on in the blogosphere as far back as June, but has received little attention in the mainstream media, despite the obvious security implications.


Read more: http://pindebit.blogspot.com/2008/10/is-verified-by-visa-also-verified-by.html#ixzz0emaZgxJW









Websense Security Labs Report - State of Internet Security, Q3-Q4 2009

The second half of 2009 saw malware authors focus their efforts to ensure they drove victims straight to them. In contrast to the first half of the year where mass injection attacks like Gumblar, Beladen and Nine Ball promoted a sharp rise in the number of malicious Web sites, Websense Security Labs observed a slight (3.3 percent) decline in the growth of the number of Web sites compromised. Instead, attackers replaced their traditional scattergun approach with focused efforts on Web 2.0 properties with higher traffic and multiple pages.



Over the six month period, Search Engine Optimization (SEO) poisoning attacks featured heavily, and Websense Security Labs research identified that 13.7 percent of searches for trending news/buzz words lead to malware. In addition, attackers continued to capitalize on Web site reputation and exploiting user trust, with 71 percent of Web sites with malicious code revealed to be legitimate sites that had been compromised.



Web security intelligence remains a critical component of any email and data security strategy as illustrated by the continued popularity of blended threats (spam emails with embedded URLs). During the second half of 2009 Websense Security Labs discovered:
• 13.7 percent of searches for trending news/buzz words (as defined by Yahoo Buzz & Google Trends) lead to malware

• 95 percent of user-generated comments to blogs, chat rooms and message boards are spam or malicious

• 35 percent of malicious Web attacks included data-stealing code

• 58 percent of data-stealing attacks are conducted over the Web

• 85.8 percent of all emails were spam

• an average growth of 225 percent in malicious Web sites




These discoveries, along with details on other exploits and analysis of Web, email and data security trends during the second half of 2009 are explored in the Websense Security Labs “State of Internet Security” report.



The full report is available here.  (Registration Required)



An archived Webcast presentation about the report can be found here. Watch the video overview of the findings below,









Malware Infects One in 150 Legitimate Sites vs. One in 20,000 in 2006

Operation Swipe



Kapersky Lab's Blog, Threat Post reports that more and more (1/150 vs. 1/20,000) legitimate websites are becoming infected by Malware.



While one in every 150 doesn't sound like a "huge" number, that level of penetration still represents unprecedented levels.



"In 2006 the rate was about one infected site in every 20,000 otherwise clean sites. By 2009 that number had skyrocketed to one in every 150 sites" - Kapersky Labs



I would predict that those numbers would become worse, except for the fact that the latest trend shows that hackers are becoming more savvy and targeting "Big Phish."



After all, why bother targeting 150 small credit unions when the bad guys could focus on one big net/catch?  (a Top 10 bank)



Therefore, I would expect to see a shift in the bad guys behavior. Rather than taking a mass distribution approach, as they have, they will also put together well prepared and specifically targeted attacks at higher traffic sites. (for example search engines which lead to malware infected sites)



The motivation is clear - target a smaller number of websites that have more traffic and gain more in less time.



Speaking of "less time", that's how much we have before the web becomes SO dangerous, it's untenable.  For that reason, I'm not alone when I say that it is only a matter of (less)  time before there is a PCI certified PED in every home, just as there is one at every point of sale in the world.  (except the most dangerous place of all...the Internet)   To continue on the path we are on, is insanity. (doing the same thing over and over again and expecting a different result)



Simply put, we have but two choices.



1. We can continue with the insane "type" of behavior that allows the bad guys to "SWIPE" our credit and debit card details in order to use them to steal from us in the "card not present" web environment or



2. We can take protect our sensitive data and start "SWIPING" our own credit and debit card details in the privacy of our own home, thus preventing our cardholder data from entering the dangerous browser space. At the same time, we would eliminate "card not present" fraud by performing transactions in a securely encrypted "card present" environment. We would also eliminate the threat posed by phishing, by eliminating the practice of typing.



Finally, if malware is designed to look for online banking credentials as we "type" them into boxes at genuine or cloned online banking websites, what would the bad guys find if we stopped typing those same username and passwords and instead, started swiping our bank issued card and entering our bank issued PIN? (replicating the same trusted process used to withdraw cash at an ATM)



Suffice it to say that that the 73% of consumers who use their online banking credentials to log-in to non-banking websites would be taken right out of harm's way. 



While one in 150 websites represent a mere .0066 infection rate, consider that almost one in six, or 13.7 percent of searches for trending news/buzz words lead to malware and 71% of Web sites with malicious code are legitimate sites.



Websense, in their recently released "State of Internet (IN)Security, Q3-Q4 2009: Over the six month period, Search Engine Optimization (SEO) poisoning attacks featured heavily, and Websense Security Labs research identified that 13.7 percent of searches for trending news/buzz words lead to malware."Attackers continued to capitalize on Web site reputation and exploiting user trust:   " 71 percent of Web sites with malicious code were revealed to be legitimate sites that had been compromised. - Websense Security Labs Report - State of Internet Security, Q3-Q4 2009


It's obvious to me that it's time to stop typing and start swiping.  Here's an excerpt from Threat Post:



One in Every 150 Legitimate Sites Infected by Malware by Dennis Fisher



MOSCOW--The problem of attackers infecting legitimate Web sites with malware that then silently exploits vulnerabilities in users' browsers reached unprecedented levels in 2009, with 1 in every 150 legitimate sites serving up malware, experts say.



Analysts at Kaspersky Lab have been monitoring a pool of about 300,000 legitimate Web sites for the last several years, looking to see how many become infected with malware and how long the infections last. In 2006 the rate was about one infected site in every 20,000 otherwise clean sites. By 2009 that number had skyrocketed to one in every 150 sites, a massive increase driven by the continued success of mass SQL injections campaigns by malware such as Gumblar, Asprox and others.







Many of the infections also are using stolen FTP credentials to perpetuate a vicious cycle of user compromise, credential theft, site infection and malware storage. Once a user's machine is infected with a particular type of malware, the program searches the user's PC for FTP user names and passwords, which it then sends off to a remote server. The attacker behind these campaigns then use the FTP credentials to gain access to remote FTP servers, where they will store attack tools and exploit kits that later can be used for other infections.



It's a frighteningly efficient and simple infection method that shows little evidence of slowing down. As long as it's still effective, there's no reason for the attackers to move on to other more complicated tactics.



Continue Reading













Internet (Lack of) Security News through February 6th





This Free IT-Security news feed was compiled and is provided by E-Secure-IT; the most comprehensive and complete Business Risk Management Intelligence Service and IT-Security Risk and Threat Early Warning Service available in the market today.  They offer a 30 day complimentary subscription. 



Visit them at www.e-secure-it.com or email more-info@e-secure-it.com for more information on their available services.

























































































































































































































































































































































































































Monthly Malware Statistics: January 2010
(from Kaspersky at 6-2-2010)
The first Top Twenty lists malicious programs, adware and potentially unwanted programs that were detected and neutralized when accessed for the first time, i.e. by the on-access scanner. For the third month in a row the top five programs have led the rest of the rating by some distance. January, however, did see seven new entries, which is unusual for the first Top Twenty. The two script downloaders that entered right behind the leading pack have already made an appearance in our second r... read more»






An explanation of the recent outage
(from Central Florida Future at 6-2-2010)
On Wednesday at about 2:30 p.m., a hacker tested the servers of College Publisher, the company we use to host this Web site. Upon finding a loophole in the security, the hacker returned at roughly 7 p.m., this time with a massive denial-of-service attack that overwhelmed and essentially destroyed most of the code held on one of their servers. Unfortunately that server was the one that this Web site is hosted on.During that time we were unable to post anything to our Web site. We had intended ... read more»






Cyber attacks a cover for internet-censorship in US – radio host
(from RT at 6-2-2010)
Radio host Alex Jones sees the new steps to protect the US from cyber attacks as attempts to curb the freedom of speech. A breeding ground for radicalisation and a possible launching site for a devastating attack on the US – that's how the Director of National Intelligence has described the Internet to Congress.... read more»






Information Security and Risk Management Conference in Colombia
(from ISACA at 6-2-2010)
This conference will build on and include the key elements of information security management practices and information security practices. The conference will cover related business, program and technical issues and the impact of risk management.... read more»






ISACA’s Asia-Pacific Computer Audit, Control and Security (CACSSM) Conference
(from ISACA at 6-2-2010)
Asia-Pacific CACS is the hot-topic event for IT audit/assurance, security, control and governance professionals in the region, covering issues such as: governance concerns for ERP, how to make IT audit more relevant, wireless network security, cloud computing, and security concerns for service oriented architecture.... read more»






Information Security and Risk Management Conference in Austria
(from ISACA at 6-2-2010)
This conference will build on and include the key elements of information security management practices and information security practices. The conference will cover related business, program and technical issues and the impact of risk management.... read more»






‘Maga No Need Pay’: Nigeria Gets Creative to Fight Cyber Scams
(from microsoftontheissues at 6-2-2010)
This week, a new pop song hits the airwaves in West Africa with a highly unusual message: Don’t be seduced by cybercrime. Cybercrime is a global issue, but perhaps no form of cybercrime has been more associated with a region than the advance fee fraud collectively known as “Nigeria” or “419” scams (419 is the section of the Nigerian Criminal Code dealing with fraud). Through schemes such as fake lotteries, bogus inheritances, romantic relationships, investment opportunities or – infamously... read more»






Information Security and Risk Management Conference in Nevada
(from ISACA at 6-2-2010)
This conference will build on and include the key elements of information security management practices and information security practices. The conference will cover related business, program and technical issues and the impact of risk management.... read more»






ISACA International Conference
(from ISACA at 6-2-2010)
This conference, now in its 37th year, has received global recognition for providing in-depth coverage of leading-edge technical and managerial issues facing IT governance, control, security, audit and assurance professionals. Conference materials and presentations will be available in both English and Spanish.... read more»






ISACA’s North America Computer Audit, Control and Security (North America CACSSM) Conference
(from ISACA at 6-2-2010)
This conference, now in its 40th year, attracts more than a thousand global industry experts and focuses on the latest strategies to address IT audit and security challenges from business, managerial and operational perspectives. WorldCom whistle-blower Cynthia Cooper, CEO of The CooperGroup, will deliver the keynote presentation titled Ethical Leadership for the 21st Century. Cooper is an internationally recognized speaker on ethical leadership, the current economic crises and recent scandals. ... read more»






Gartner Security & Risk Management Summit
(from Gartner at 6-2-2010)
The programs will cover today's hottest topics in security and risk management, from network and infrastructure security to cloud computing, security as a service, sourcing, compliance, e-discovery, privacy, and identity and access management. The new event has been restructured to feature four concurrent programs over three days. - CISO: strategic and managerial vs. tactical; professional development(includes Invitational Program) - IT Security: security technology, privacy and protectio... read more»






Ceridian computer glitch may have helped hacker
(from StarTribune at 6-2-2010)
The hacker who stole information about 27,000 people from payroll processor Ceridian Corp. apparently had some inadvertent help from the company. According to one hacking victim, a Ceridian employee told him that his inactive, 10-year-old payroll data had been stolen because a Ceridian software glitch kept it in the company's database long after it should have been deleted. The stolen information included his name, Social Security number and street address.... read more»






Is Chinese PC Hardware Safe and Secure?
(from NetworkWorld at 6-2-2010)
Is it safe to buy Chinese-made computer equipment? With Google and the National Security Agency now teaming up to investigate supposed Chinese hacking and most of our PC hardware coming from China, it's a fair question. And a hard one to answer with certainty. It is made more urgent by a report in the Sunday Times newspaper that Chinese spies in the U.K. have been handing out bugged memory sticks and cameras to targeted businesses in an attempt to steal the companies' intellectual property.... read more»






Google-China hacking feud puts a spotlight on threat
(from Sltrib at 6-2-2010)
Google's accusation that its e-mail accounts were hacked from China landed like a bombshell because it cast light on a problem that few companies will discuss -- the pervasive threat from China-based cyberattacks. And the issue just keeps getting hotter with reports this week that Google has turned to the National Security Agency for technical assistance to learn more about the computer network attackers who breached the company's cybersecurity defenses last year. The U.S. government has bec... read more»






Test: Most Web Application Scanners Missed Nearly Half Of Vulnerabilities
(from DarkReading at 5-2-2010)
Most Web application scanning tools miss vulnerabilities and generate false positives on their own public testing sites, according to a recent test of some of these products. Larry Suto, an application security consultant, tested the Web app scanners for accuracy and false positives as well as the time it took with each to get the best possible results, including running, reviewing, and supplementing the results from the scans. He tested Acunetix, IBM's AppScan, Portswigger.net BurpSuitePro, ... read more»






Call for Papers - Workshop on the Analysis of System Logs (WASL) 2010 - October 3, 2010 - Vancouver, Canada
(from Kathryn Mohror at 5-2-2010)
System logs contain a wide variety of information about system status and health, including events from various applications, daemons and drivers, as well as sampled information such as resource utilization statistics. As such, these logs represent a rich source of information for the analysis and diagnosis of system problems and prediction of future system events. However, their lack of organization and the general lack of semantic consistency between information from various software and... read more»






Google Attack Was Tip of the Iceberg
(from threatpost at 5-2-2010)
The recent disclosure by Google, Adobe and other companies that their networks had been thoroughly compromised by attackers who may have been after their source code has prompted a tremendous amount of discourse both in the security community and in the general public about the political and commercial implications of the attacks. But the fact of the matter is that the attacks themselves were neither remotely unique nor particularly clever. And that is what should be worrying lawmakers, corporat... read more»






FBI wants records kept of Web sites visited
(from CNet at 5-2-2010)
The FBI is pressing Internet service providers to record which Web sites customers visit and retain those logs for two years, a requirement that law enforcement believes could help it in investigations of child pornography and other serious crimes. FBI Director Robert Mueller supports storing Internet users' "origin and destination information," a bureau attorney said at a federal task force meeting on Thursday. As far back as a 2006 speech, Mueller had called for data retention on the pa... read more»






Police on the hunt for perfect PC crime breathalyser
(from Silicon at 5-2-2010)
UK police are continuing to develop a tool to detect evidence of illegal activity on PCs that could be as easy for officers to use as a breathalyser. Specialist e-crime policing organisations have been examining commercially available digital forensic devices that can search text, pictures and computer code on a hard disk for material of police interest. This 'digital triage' tool would give frontline police with little training in digital forensics the ability to search for anything from ... read more»






Two new jersey executives each sentenced to 27 months in jail for roles in nationwide scheme to defraud the federal e-rate program
(from justice at 5-2-2010)
Former co-owners of a New Jersey-based computer services provider were each sentenced to 27 months in jail for participating in a conspiracy to defraud the federal E-Rate program, the Department of Justice announced today. Benjamin Rowner and Jay H. Soled, former owners of DeltaNet Inc., were also each sentenced to pay $271,716 in restitution, jointly and severally, to the Universal Service Administrative Company (USAC). They were sentenced by U.S. District Court Judge Blanche M. Manning in ... read more»






Hacker admits stealing, reselling VoIP services
(from ComputerWorld at 5-2-2010)
A Miami man this week admitted hacking into the networks of several VoIP providers between 2004 and 2006 and then reselling millions of stolen minutes. Edwin Pena, 27, of Miami, yesterday pleaded guilty in a Newark, N.J. federal court to one count of conspiracy to commit computer hacking and wire fraud, and one count of wire fraud. Pena, who was returned to the U.S. last fall after being a fugitive for three years, is scheduled to be sentenced by U.S. District Judge Susan D. Wigenton on May 1... read more»






Windows file system exploitation at ShmooCon
(from Net-Security at 5-2-2010)
At ShmooCon 2010 tomorrow, Core Security researcher Dan Crowley will demonstrate how features not widely known in Windows path and filename normalization routines cause unexpected behavior and allow for potential attacks. Crowley will specifically highlight how an attacker may be able use the technique to bypass filters, access control lists, intrusion detection systems and other defensive mechanisms, as well as alter the way that files are handled and processed, and make brute force attacks ... read more»






EPIC files FOIA request over reported Google, NSA partnership
(from ComputerWorld at 5-2-2010)
Privacy advocacy group Electronic Privacy Information Center (EPIC) has filed a Freedom of Information Act (FOIA) request with the National Security Agency (NSA) asking for details on the agency's purported partnership with Google Inc. on cybersecurity issues. In a separate action that was also taken today, EPIC filed a lawsuit against the NSA and the National Security Council, seeking more information on the NSA's authority over the security of U.S. computer networks.... read more»






St. Robert man enters not guilty plea in child pxxxography case
(from waynesvilledailyguide at 5-2-2010)
A St. Robert man charged with seven counts of possession of child pornography entered a plea of not guilty last week during an arraignment hearing at the Pulaski County Courthouse. Benjamin Morrow, 43, was arrested last week at his home, where members of the Pulaski County Sheriff’s Department and the South Central Missouri Computer Crime Task Force seized three computers, 19 CDs/DVDS and one USB thumb drive after an investigation began in early December. Court documents reveal Deputy Wayn... read more»






Cybersecurity Enhancement Act passed by U.S. House
(from scmagazineus at 5-2-2010)
One week after having nearly 50 of its websites defaced by hackers, the U.S. House of Representatives on Thursday passed a bill that would seek to improve cybersecurity within the federal government and the public sector. The Cybersecurity Enhancement Act would authorize up to $396 million over the next four years to fund cybersecurity research and $94 million over that period to provide scholarships to students pursuing cybersecurity studies, as long as they commit to public service after gr... read more»






Let compliance lead the way in preventing healthcare data breaches
(from ZDNet at 5-2-2010)
Healthcare security breaches rocked headlines in 2009, and healthcare organizations are ringing in the New Year with high anxiety regarding HIPAA compliance. The recently passed Health Information Technology for Economic and Clinical Health (HITECH) Act imposes new, more stringent regulatory and security requirements to HIPAA privacy rules and increased penalties for violations. The act puts significantly increased demands on health care organizations in the areas of audit and notification. O... read more»






Barriers remain for bug bounty bait
(from zdnetasia at 5-2-2010)
More software businesses are now offering a bounty to security researchers, or whitehats, to uncover and disclose vulnerabilities but it remains to be seen if other vendors are willing to take that approach. Efforts to pay security researchers for reporting vulnerabilities in software are not new. Back in 2002, iDefense introduced its Vulnerability Contributor Program, while the Mozilla Foundation in 2004 said it would pay US$500 for each serious bug identified in its browser. TippingPoint in... read more»






Does Blippy really pose a security risk?
(from ZDNet at 5-2-2010)
Researchers from Cyveillance are calling the recently launched “Twitter of personal finance” service - Blippy, a “spear phisher’s dream” due to the massive amounts of real-time purchasing history shared by its users. With fraudsters actively crawling Web 2.0 services (Spammers harvesting emails from Twitter - in real time) for data to be later on integrated in targeted attacks, the detailed and publicly obtainable financial data on Blippy can come handy if they manage to solve a simple proble... read more»






Dealing with User 2.0
(from SANS at 5-2-2010)
Computing has been around for a while and security has grown with it over the last few decades. Increasingly however I'm coming across User 2.0 and I am betting that you are as well. They bring their own particular security challenges that we need to start solving in order for our organisations to grow and compete in the User 2.0 world. Some of us who are a little bit worn around the edges will remember User 0.1. The world was good. Users had nice green screens in front of them, they could... read more»






Cybersecurity Seizes More Attention, Budget Dollars
(from globalsecurity at 5-2-2010)
Cybersecurity is seizing more attention and budget dollars from the Defense Departmentat a time when China’s alleged cyber attack on Google has underscored the urgency of the threat and the vulnerability of U.S. networks. The Pentagon’s second-ranking official described cyber threats as his top worry, and a chorus of other defense and government officials recently sounded similar distress signals over the prospect of cyber war. “I'm often asked what keeps me up at night,” Deputy Defense Se... read more»






Cisco's wiretapping system open to exploit, says researcher
(from Arstechnica at 5-2-2010)
To meet the needs of law enforcement, most telecommunications equipment includes hardware and software that allow for the monitoring of traffic originating with the targets of investigations. The precise capabilities are often dictated by formalized standards, which allow any hardware maker to implement a compliant system. Unfortunately, these standards often leave the hardware wide open to various attacks that leave regular users vulnerable, and provide savvy surveillance targets the opportunit... read more»






Technology as a Substitute for the IT Security Pro
(from govinfosecurity at 5-2-2010)
"We are providing a technical solution that will eliminate the need for a lot of cyber professionals because we just don't have enough of them," Zalmai Azmi says. Can technology replace the IT security professional to safeguard government information systems? Zalmai Azmi, the former Federal Bureau of Investigation chief information officer, thinks so, at least in some situation, and could fill the gap caused by a shortage in government of qualified IT security personnel.... read more»






NSA teams with Google to fight cybercrime
(from CapitolHillBlue at 5-2-2010)
The world's largest Internet search company and the world's most powerful electronic surveillance organization are teaming up in the name of cybersecurity. Under an agreement that is still being finalized, the National Security Agency would help Google analyze a major corporate espionage attack that the firm said originated in China and targeted its computer networks, according to cybersecurity experts familiar with the matter. The objective is to better defend Google -- and its users -- from... read more»






Report: Google, NSA talk defense partnership
(from CNet at 5-2-2010)
Google is finalizing an agreement with the National Security Agency to help the search giant ward off cyberattacks, according to the Washington Post. The electronic surveillance organization is expected to help analyze a cyberattack on Google that the company said originated in China, so that the company can better defend itself against future attacks, the newspaper reported Wednesday. The arrangement is reportedly being designed to allow the two groups to share information without violating ... read more»






EPIC Objects To Google-NSA Cyber Partnership
(from enterprise-security-today at 5-2-2010)
Internet search giant Google has tapped government agencies to help the company find the person or people responsible for a recent cyberattack. But privacy advocates are not happy with the backdoor partnership between Google and government authorities. Google is working with the National Security Administration (NSA), according to published reports. While the company admits it's working with relevant U.S. authorities on the cyberattack, Google would not disclose which agencies are involved.... read more»






Google Partners With The NSA To Fight Cyberattacks
(from The Atlantic at 5-2-2010)
The Washington Post reports that Google and the National Security Agency are working together to fight cyberattacks. In December, Google detected a security breach that originated in China. The attack led to Google threatening to abandon the Chinese market. This new partnership shows that Google wants to fight back. I think this is great news. Under an agreement that is still being finalized, the National Security Agency would help Google analyze a major corporate espionage attack that the fi... read more»






EPIC Sues NSA to Force Disclosure of Cyber Security Authority
(from EPIC at 5-2-2010)
EPIC has filed a lawsuit against the National Security Agency and the National Security Council, seeking a key document governing national cybersecurity policy. The document, National Security Presidential Directive 54 grants the NSA broad authority over the security of American computer networks. The agencies violated the Freedom of Information Act by failing to make public the Directive and related records in response to EPIC's request. EPIC's suit asks a federal judge to require the relea... read more»






Corporations should follow the goverment's lead on attribution of cyberattacks
(from Net-Security at 5-2-2010)
Many would argue, and understandably so, that government does not often provide models for corporations to follow to improve their bottom line. However, federal agencies have long taken the leadership position in cyber security on this one key point; recognizing that it’s not enough to know how networks were hacked, but also to know by whom. It’s not at all uncommon that the origins of a virus, worm or other computer attack may reside in one continent, but at the behest of an organization or ... read more»






Report: Google to Partner with NSA for Cyber-Security
(from EWeek at 5-2-2010)
Google is reported to be finalizing a deal to partner with the National Security Agency to analyze the cyber-attack that hit the company in December so Google can prevent future attacks. According to media reports, Google and the National Security Agency are planning to partner to improve cyber-security at the company in the wake of an attack that struck Google in December.... read more»






Yikes! Is Google really tapping the NSA for network security help?
(from ZDNet at 5-2-2010)
Google, in an effort to put a better defense system in place following cyberattacks on the company’s infrastructure late last year, is partnering with the federal government to better protect itself, according to a report in today’s Washington Post. The Post, citing unnamed sources, said that the National Security Agency would help Google analyze the December attacks to prevent them from happening again in the future. The Post’s report also stressed that a partnership “doesn’t mean that the N... read more»






Report: Google to work with NSA over cyberattacks
(from h-online at 5-2-2010)
According to a report from The Washington Post, following the recent massive cyber attacks originating in China, Google will be working with the United States National Security Agency (NSA). Under the agreement, which has yet to be finalised, the NSA will help Google analyse the information gathered from the recent attacks and will help to investigate and defend against future attacks on the company's networks. The report goes on to say that "the deal does not mean the NSA will be viewing us... read more»






Google Working With NSA to Investigate Cyber Attack
(from infowar-monitor at 5-2-2010)
Officials at the National Security Agency have been working with Google Inc. to investigate the cyber attacks that Google announced publicly last month, according to people familiar with the investigation. A Google spokeswoman declined to comment. NSA didn’t immediately respond to requests for comment. The partnership began weeks ago, as the Internet company shared details about the attack – which it said it believed originated in China and affected more than 20 companies – with various gover... read more»






Google, NSA May Team Up
(from SecurityProNews at 5-2-2010)
At the same time, the deal that's under discussion supposedly wouldn't give the NSA access to any data that could compromise individuals' privacy, so people who are worried about the U.S. government's interest in their activities would be covered. It should be interesting to see what happens. Google's got something of a reputation for not cooperating with government agencies, and altering that pattern could have a negative effect on public opinion and its market share.... read more»






Beijing Bones up its Cyber Warfare Capacity
(from jamestown at 5-2-2010)
While the furor over cyber attacks against Google has lapsed somewhat, the Sino-American confrontation over the larger issue of Internet security and global digital warfare is expected to intensify in the near future. This is particularly in light of the deterioration of bilateral ties due to issues ranging from the value of the renminbi to U.S. arms sales to Taiwan.... read more»





Google, US intel teaming up to fight cyberattacks: reports
(from Yahoo at 5-2-2010)
A public interest group on Thursday demanded that the US National Security Agency (NSA) reveal details of a reported alliance with Internet powerhouse Google to ward off cyberattacks. The non-profit Electronic Privacy Information Center (EPIC) based here filed a formal request under the auspices of a federal law requiring government agencies to make public documents related to their dealings.... read more»






Google asks NSA for help on cybersecurity
(from poten at 5-2-2010)
Internet search giant Google has asked the U.S. National Security Agency for help in investigating a breach of the company's security, sources say. Google has said it believes recent "highly sophisticated" attacks on it originated in China, and it has threatened to pull its operations from that country, The New York Times reported Thursday. Theft of intellectual property had occurred, Google said, and the goal of the attacks was to access Gmail accounts of Chinese human rights activists.... read more»






Google Enlists NSA To Defend Its Data
(from Information Week at 5-2-2010)
After being hit by a cyber attack from China late last year, Google is reportedly seeking guidance on cyber security from the preeminent electronic intelligence agency in the U.S., the National Security Agency (NSA). Google and the NSA are said to be hammering out an agreement to allow NSA experts to assist in the investigation of the cyber attack, according to The Washington Post. The negotiation aims to define the ways in which Google can share relevant network security information without ... read more»






Police want backdoor to Web users' private data
(from CNet at 5-2-2010)
Anyone with an e-mail account likely knows that police can peek inside it if they have a paper search warrant. But cybercrime investigators are frustrated by the speed of traditional methods of faxing, mailing, or e-mailing companies these documents. They're pushing for the creation of a national Web interface linking police computers with those of Internet and e-mail providers so requests can be sent and received electronically.... read more»






Dealing with User 2.0
(from Internet Storm Center at 5-2-2010)
Computing has been around for a while and security has grown with it over the last few decades. Increasingly however I'm coming across User 2.0 and I am betting that you are as well. They bring their own particular security challenges that we need to start solving in order for our organisations to grow and compete in the User 2.0 world. Some of us who are a little bit worn around the edges will remember User 0.1. The world was good. Users had nice green screens in front of them, they could... read more»






Hospitality Industry Hit Hardest By Hacks
(from DarkReading at 5-2-2010)
Hackers checked into hotel networks more than any other in 2009, and all organizations hit by attacks didn't discover breaches for an average of 156 days, according to a new report based on real-world attacks worldwide. Nicholas Percoco, senior vice president of Trustwave's SpiderLabs, announced at Black Hat DC this week these and other findings the company compiled in 218 data breach investigations in organizations across 24 countries. Financial services companies accounted for about 19 perc... read more»






We've got a file on you - Dutch privacy under threat
(from Radio Netherlands Worldwide at 5-2-2010)
Few people realise how much of their private information is stored electronically. New research in the Netherlands shows that details on the average Dutch citizen are held in as many as 250 databases. Some people's details are kept in thousands of places. On Friday, the Dutch 'Big Brother' Awards will be presented to those judged responsible for the worst breaches of privacy in 2009. Almost everyone is aware their details are held by agencies such as the tax office or for things like the e... read more»






Criminals exploiting flood of leaked personal data
(from v3 at 5-2-2010)
Incidences of personal data being stolen and sold online have soared by 230 per cent since 2007, according to new figures from fraud database firm Lucid Intelligence. The company, which develops technology allowing users to check whether their data has been compromised and traded online, said in its annual report that, although the number of stolen credit cards being used online dropped slightly last year to 67,750, cyber criminals are shifting their attention to more sophisticated attacks.... read more»






Hackers gear up for Valentine’s Day
(from The Asian Age at 5-2-2010)
This Valentine’s Day may see some unusual disturbances — leaving asi-de some groups’ usual act of chasing away love-struck couples. Hackers across the world may be planning to launch a series of cyber attacks on February 14. "We have already found one spam which is being circulated. This is the beginning of cyber attack on the name of Valentine," said a senior official from internet content security, APEC Trend Micro. He said that the spam message leads users to fake gift card promotion... read more»






Man charged in connection with Xerox ink thefts
(from wilsonvillespokesman at 5-2-2010)
A Tacoma man was arrested Jan. 29 following a police raid on his home that uncovered hundreds of Xerox ink sticks allegedly stolen from the company’s Wilsonville factory. Terry Gaines, 57, now faces 42 separate counts of possessing stolen property and money laundering in connection with his alleged sale of nearly a half-million dollars worth of stolen solid ink sticks.... read more»






Cyber threats highlighted in green paper
(from Computing at 5-2-2010)
The threat of cyber attacks on Britain or on British interests has been highlighted in the government green paper setting out the basis for a major Strategic Defence Review (SDR) after the general election. Defence secretary Bob Ainsworth told MPs there are "great vulnerabilities" in the cyber environment as UK defence forces become more dependent on technology. The document says cyber space "poses serious and complex challenges for UK security and for the Armed Forces' operations".... read more»






Companies urged to absorb consumer led IT change
(from v3 at 5-2-2010)
The ability of consumer technology to drive business change has been a hot topic in the IT world for some time, but IT leaders attending Intellect's annual Regent Conference today were advised to act on the trend immediately or risk losing out to the competition. Gartner analyst Steve Prentice told delegates that organisations can no longer control staff use of new technologies, suggesting that the era of " social computing" had arrived and describing it as "my world, my way".... read more»






Web site of independent Russian newspaper resumes work after hacker attack
(from Google at 5-2-2010)
The Web site of a prominent Russian newspaper that relentlessly criticizes the Kremlin is back online after what editors say was a weeklong massive hacker attack. Sergei Asriyants, an editor at Novaya Gazeta, said Thursday that the site was down for eight days due to a "well-organized and powerful" attack. Novaya Gazeta's reporters have been harassed, attacked and even killed in crimes that police rarely solve. In recent years, online resources of Russian opposition and independent medi... read more»






‘Don’t Be Evil,’ Meet ‘Spy on Everyone’: How the NSA Deal Could Kill Google
(from Wired at 5-2-2010)
The company once known for its “don’t be evil” motto is now in bed with the spy agency known for the mass surveillance of American citizens. The National Security Agency is widely understood to have the government’s biggest and smartest collection of geeks — the guys that are more skilled at network warfare than just about anyone on the planet. So, in a sense, it’s only natural that Google would turn to the NSA after the company was hit by an ultrasophisticated hack attack. After all, the mil... read more»






Intelligence Official Acknowledges Policy Allowing Targeted Killings Of Americans
(from American Civil Liberties Union at 5-2-2010)
Director of National Intelligence Dennis Blair acknowledged in a congressional hearing on Wednesday that the U.S. may, with executive approval, deliberately target and kill U.S. citizens who are suspected of being involved in terrorism. The American Civil Liberties Union expressed serious concern about the lack of public information about the policy and the potential for abuse of unchecked executive power.... read more»






Recession causes huge rise in identity fraud
(from Computer Active at 5-2-2010)
The recession has led to a surge in identity theft, which has increased by nearly a third since 2008, according to the latest report from Cifas. The UK's Fraud Prevention Service's 2009 Fraud Trends report revealed that because banks and financial institutions are reluctant to lend, it is easier for criminals to hijack genuine accounts and drain these, and carry out other crimes by impersonating their victims.... read more»






Teen blogging is sick! (and not in a good way)
(from Register Hardware at 5-2-2010)
Teenagers are bored with blogging and are moving onto other public confessionals forms. In 2006 28 per cent of US teen internet users were bloggers. Now only 14 per cent blog today, with 52 per cent commenting on friends' blogs, down from 76 per cent in 2006. Is this such a surprise? Blogging means writing - and that means work for little or no reward. Aside from friends and nosy parents, who reads such teenage juvenilia? Certainly not other teenagers, who can flirt and get their online gossi... read more»






Web 2.0 Pivot Attacks
(from Jeremiah Grossman at 5-2-2010)
Any penetration tester would agree that pivot attacks, designed to compromise a secondary host to more effectively attack primary targets, are incredibly powerful. Organizations tend to have difficulty protecting all hosts at all times, which is why proper network segmentation is vital should loss of control occur on any one node. Often it’s easier to compromise a host from behind rather than head on. Case in point, a hacker used a pivot attack to break into Heartland Payment Systems and pilfer ... read more»






Hackers rigging blogs, email, websites
(from Yahoo at 5-2-2010)
Cyber crooks are rigging the Internet with booby-trapped blog commentary, chat rooms, email messages and websites, according to a Websense report released Thursday. Analysis of online threats during the second half of 2009 showed that 81 percent of email was rigged to deliver "malicious" code and 95 percent of comments posted to blog or chat forums were spam or links to nasty payloads.... read more»






Observations from the McAfee 'Crossfire' Report
(from digitalbond at 5-2-2010)
Last week McAfee and CSIS released a report titled In the Crossfire: Critical Infrastructure in the Age of Cyber War. Honestly, I dismissed it at first as marketing hype and even took some shots at it on Twitter because of the lack of real data. But they are actually very clear that it is a survey, and not even one that uses valid statistical sampling and error margins. They describe it as a “rough measure of executive opinion” which includes “600 IT and security executives from critical infrast... read more»






Google, NSA to team up in cyberattack probe
(from Yahoo News at 5-2-2010)
Internet search firm Google is finalizing a deal that would let the National Security Agency help it investigate a corporate espionage attack that may have originated in China, the Washington Post reported on Thursday. The aim of the investigation is to better defend Google, the world's largest Internet search company, and its users from future attacks, the Post said, citing anonymous sources with knowledge of the arrangement. The sources said Google's alliance with the NSA -- the intellig... read more»






Visit Kaspersky Lab at Mobile World Congress 2010 in Barcelona - The Future of Mobile Security
(from Kaspersky at 5-2-2010)
Kaspersky Lab, a leading developer of secure content management solutions, invites you to visit stand 2.1C45 in Hall 2 Level 2 at the world's biggest mobile technology exhibition, Mobile World Congress 2010, being held from 15-18 February in Barcelona, Spain. The company will be showcasing its newest products designed to protect end users from a wide range of mobile threats such as malware, spam, the risks linked to the loss or theft of a telephone as well as child access to undesirable conte... read more»






Visit Kaspersky Lab at Mobile World Congress 2010 in Barcelona
(from Mobile World Congress at 5-2-2010)
This year's Mobile World Congress will include: * A world-class thought leadership conference featuring visionary keynotes and action-provoking panel discussions * An exhibition with more than 1,300 companies displaying the cutting-edge products and technology that will define the mobile future * An Awards ceremony and industry seminars that highlight the most innovative mobile solutions and initiatives from around the world * And most importantly, the planet's best venue ... read more»






Auditor General resigns as pxxx found on laptop
(from WalesOnline at 5-2-2010)
The Auditor General for Wales has resigned after pornography was found on his office laptop, the Western Mail can reveal. Jeremy Colman, 61, who headed the Wales Audit Office which checks the accounts of public sector bodies with budgets of £19bn, was reappointed last May to his post, which carries a salary of more than £170,000. It is understood Mr Colman’s laptop was seized after a senior official at the Wales Audit Office contacted senior officials at the National Assembly. He resigned wit... read more»






Google turns to NSA for help in cyberattack defences
(from The Register at 5-2-2010)
Google is detailing a new data-sharing agreement with the US National Security Agency in order to better protect itself against apparent attacks from China. Back in 2006, Google claimed lots of positive press coverage for briefly resisting requests for its search data from the Department of Justice. The firm has generally considered only itself as a safe home for its users' private data.But it is now finalising a new deal with the National Security Agency to share data without breaking either... read more»






Extreme pxxx suspect has his internet access suspended
(from The Register at 5-2-2010)
A new threat for those suspected of ogling extreme porn arrives today in the shape of an internet ban pending trial. This is what lawyers might term "an interesting idea", and one that could come to cause grief far more widely if it catches on. Phillip Heard, aged 57, of Coed Fedwen, Birchgrove, in Swansea, faces 19 charges of having images of a "grossly offensive, disgusting" or "obscene" character.Heard was committed to Swansea Crown Court where he will appear next month.... read more»






DFRWS 2010 Annual Conference
(from Dfrws at 5-2-2010)
The annual DFRWS conference allows leading digital forensics researchers from government, industry, and academia to present their work and results to fellow researchers and practitioners. Many of the most cited digital forensics papers have been presented at DFRWS and the annual challenge has spawned research in important areas. Initial results and tool prototypes are also presented during the Works in Progress and demo sessions. The conference typically has about 100 people and is therefore ... read more»






Google and NSA Fulfilling 2008 Predictions
(from TaoSecurity at 5-2-2010)
In December 2007 I wrote Predictions for 2008. They included 2) Expect greater military involvement in defending private sector networks; 3) Expect increased awareness of external threats and less emphasis on insider threats; and 4) Expect greater attention paid to incident response and network forensics, and less on prevention. All three of those predictions are being fulfilled by the Google v China incident as demonstrated by this Washington Post story by Ellen Nakashima titled Google to en... read more»






Google Asks NSA to Help Secure Its Network
(from Wired at 5-2-2010)
Google is teaming up with the National Security Agency to investigate the recent hack attack against its network in a bid to prevent another assault, according to The Washington Post. The internet search giant is working on an agreement with the controversial agency to determine the attacker’s methods and what Google can do to shore up its network. Sources assured the Post that the deal does not mean the NSA will have access to users’ searches or e-mail communications and accounts. Nor wil... read more»






Wikileaks Meets Its Cash Goal
(from Wired at 5-2-2010)
The whistleblowing site Wikileaks has apparently raised the money it needs to continue operating for the time being, according to a message the organization sent out Wednesday night on Twitter. “Achieved min. funraising [sic] goal. ($200k/600k); we’re back fighting for another year, even if we have to eat rice to do it,” read the tweet, without specifying whether it had raised the full $600,000 or just $200,000.... read more»






APT and Botnet Audits (for free)
(from Damballa at 5-2-2010)
By now, if you’ve been keeping up with only a small fraction of the news stories related to the Google APT attack or project ‘Aurora’, you’ll have learnt that the Advanced Persistent Threat (APT) is a clear and present danger to your organization. Big or small, your business may be the ultimate target, or just the lowest-hanging fruit as the criminal operators route their attack through your organization to reach their real goal.... read more»






Rulings Leave Online Student Speech Rights Unresolved
(from Wired at 5-2-2010)
Do American students have First Amendment rights beyond the schoolyard gates? The answer is yes and no, according to two conflicting federal appellate decisions Thursday testing student speech in the online world. “Ultimately, the Supreme Court is going to have to decide if there ever is a time students have full-fledged First Amendment rights,” said Frank LoMonte, executive director of Virginia-Based Student Press Law Center. He’s one of the attorneys in the cases the 3rd U.S. Circuit Cou... read more»






Answering APT Misconceptions
(from TaoSecurity at 5-2-2010)
There's finally some good reporting on advanced persistent threat appearing in various news sources. A new Christian Science Monitor story, one by Federal Computer Week, and one by Wired are making progress in raising awareness. Unfortunately, there's plenty of Tweeting and blogging by people who refuse to understand what is happening or are not capable of understanding what is happening. From now on, rather than repeat myself trying to answer these misconceptions, I decided to consolidate them ... read more»






Tough new child pxxx rules - The government yesterday passed legislation directed at organised crime
(from The Age - Australia at 5-2-2010)
Police will be able to destroy computers carrying suspected child pornography even where the material is highly encrypted and impossible to access, under a tightening of federal sex offence laws. But police are also understood to be pressing the government for greater powers against suspects who refuse to reveal passwords. At present, offenders who refuse to reveal passwords can be jailed for up to six months but are able to avoid potentially longer sentences for incriminating material. ... read more»






Verisign slow to take down malware sites, says researcher
(from TechWorld at 5-2-2010)
A security researcher is accusing Verisign Inc. of not acting fast enough to take down several dozen sites that he says are known to be spewing malware. The sites are all in the .com and .net domains and were registered by domain name registrars in Russia and Turkey said Andrew Fried, CEO of security consultancy Deteque and a former senior special agent with the US Department of the Treasury.... read more»






REC0N 2010 Call for Papers
(from Hugo Fortier at 5-2-2010)
Topics : - Reverse engineering (Software, Protocols, Hardware, Human) - Exploit development and vulnerability assessment - Data analysis and visualization techniques - Crypto and anonymity - Physical security countermeasures - Anything elite... read more»






Black Hat 2010 discuss China Google hack
(from ComputerWorldUk at 5-2-2010)
Google's revelation last month that attacks out of China resulted in the theft of some of its data drew attention to the broader question at the Black Hat conference over what can be done to the villains. Cyberattacks give rise to anger and a very human desire to strike back, but pursuing hackers in ways that matter isn't accomplishing much. The number of people who are arrested and convicted for any of the phishing attacks, intrusions and thefts is tiny.... read more»






Analysis of Trustwave’s 2010 Breach Report
(from Securosis at 5-2-2010)
Trustwave just released their latest breach (and penetration testing) report, and it's chock full of metrics goodness. Like the Verizon Data Breach Investigations Report, it's a summary of information based on their responses to real breaches, with a second section on results from their penetration tests. The breach section is the best part, and I already wrote about one lesson in a quick post on DLP. Here are a few more nuggets that stood out: 1. It took an average of 156 days to detec... read more»






Leading anti-malware developer finds continued prevalence of Trojan horse programs
(from sunbeltsoftware at 5-2-2010)
In January, the malware landscape remained remarkably similar to December, according to Sunbelt Software ThreatNet statistics. The top seven detections were the same as December, but in a slightly different order. In December and January, six of the top 10 detections were Trojan horse programs. Trojan.Win32.Generic!BT - a generic detection for Trojans that comprised nearly one quarter (23.15 percent) of all the malware found. It remained in the top position for the third month in a row, growi... read more»






2010 International Conference on Information Security and Privacy (ISP-10) - 12-14 July 2010 - Orlando, FL, USA
(from James Heralds at 5-2-2010)
The 2010 International Conference on Information Security and Privacy (ISP-10) (website: http://www.PromoteResearch.org) will be held during 12-14 of July 2010 in Orlando, FL, USA. ISP is an important event in the areas of information security, privacy, cryptography and related topics. The conference will be held at the same time and location where several other major international conferences will be taking place. The conference will be held as part of 2010 multi-conference (MULTICONF-10). ... read more»






Nigeria uses celebrity power to stem cybercrime
(from IT World at 5-2-2010)
Microsoft and Nigeria have released a song and video as part of a campaign to dissuade people from getting involved in cybercrime. The song, "Maga need no pay", is part of Microsoft's Internet Safety Security and Privacy Initiative for Nigeria. "Maga" means victim. The song also references "yahoo-yahoo," a slang term for so-called advance free fraud (AFF) scams. AFF scams can involve letters or e-mail sent to either random or targeted victims. The scam invariably involved tricking the vict... read more»






Spam, e-mail threats high in the Asia Pacific in January
(from ComputerWorld at 5-2-2010)
Incidents of unwanted e-mails and attacks on computers ran high last month for countries in the Asia Pacific region, according to the monthly report of IT security firm Symantec. In Symantec's January 2010 MessageLabs Intelligence (MLI) on Internet security threats, countries in the Asia Pacific showed incidents and rates higher in most cases than the global average. The monthly report covered Internet threats such as spam, phishing, and viruses. MessageLabs' January monitoring covered the... read more»






U.S. House passes cybersecurity research bill
(from CNet at 5-2-2010)
The U.S. House of Representatives overwhelmingly approved a cybersecurity bill that calls for beefing up training, research, and coordination so the government can be better prepared to deal with cyberattacks. The Cyber Security Research and Development Act of 2009, which passed by a vote of 422 to 5, authorizes the National Institute of Standards and Technology (NIST) to develop a cybersecurity education program that can help consumers, businesses, and government workers keep their computers... read more»






Microsoft Warns Users of Black Hat Zero-Day
(from esecurityplanet at 5-2-2010)
Microsoft is warning users to protect themselves from a zero-day bug in Internet Explorer (IE) after it was disclosed Wednesday at the Black Hat hacking and security conference. The announcement came just a day before Microsoft (NASDAQ: MSFT) provides advance notice regarding what bugs will be fixed on next week's Patch Tuesday.... read more»






U.S. teens lose interest in blogging: study
(from Reuters at 5-2-2010)
The study released this week by the Pew Internet and American Life project also found that fewer than one in 10 teens were using Twitter, a surprising finding given overall popularity of the micro-blogging site. According to the report, only 14 percent of teenagers who use the Internet say they kept an online journal or blog, compared with a peak of 28 percent in 2006 -- and only 8 percent were using Twitter. "It was a little bit surprising, although there are definitely explanations given... read more»






House Passes Cybersecurity Bill
(from nytimes at 5-2-2010)
The House today overwhelmingly passed a bill aimed at building up the United States’ cybersecurity army and expertise, amid growing alarm over the country’s vulnerability online. The bill, which passed 422-5, requires the Obama administration to conduct an agency-by-agency assessment of cybersecurity workforce skills and establishes a scholarship program for undergraduate and graduate students who agree to work as cybersecurity specialists for the government after graduation.... read more»






Cybercrime As An Economic Threat
(from informationweek at 5-2-2010)
Speaking on Good Morning America this morning during a report on the terror threat, former counterterrorism czar Richard Clarke pegged cyberthreats as just as, if not more, serious than the next iteration of the underwear bomber. "Every day major corporations in the country lose their intellectual property, their corporate secrets, without even knowing it, to successful Chinese hacks" says Clarke. "This is the real big threat, because it takes away our economic advantage."... read more»






De-Worming Software More Effective at Detecting Infected Network Computers Before Contagion Can Spread
(from scientificamerican at 4-2-2010)
More than a year after being launched by hackers on a campaign to infect computers running Microsoft Windows, the Conficker worm's effects are still being felt. England's Greater Manchester Police department, for example, has had to cut its computers off from a national criminal database since detecting Conficker on its network last week. The reemergence of Conficker, which has infected millions of computers worldwide since first surfacing in November 2008, is a reminder of just how difficult... read more»






Update: Verisign fails to take action against malicious sites, researcher says
(from ComputerWorld at 4-2-2010)
A security researcher is accusing Verisign Inc. of not acting fast enough to take down several dozen sites that he says are known to be spewing malware. The sites are all in the .com and .net domains and were registered by domain name registrars in Russia and Turkey said Andrew Fried, CEO of security consultancy Deteque and a former senior special agent with the U.S Department of the Treasury. The sites first surfaced Monday, and have been pushing out a new Russian exploit kit called JustE... read more»






NSA Teams With Google Over Cybersecurity
(from itproportal at 4-2-2010)
The electronic surveillance agency of the US government, the National Security Agency (NSA), will soon be assisting search engine giant Google, to improve the company’s cyber security in order to prevent any further cyber attacks on the company’s corporate infrastructure, similar to the one, which was reported by Google several weeks ago. According to sources privy to the matter, the agreement between the two heavy weights, which is still being finalised, will see both organisations working t... read more»






Intel Chief: U.S. at Risk of Crippling Cyber Attack
(from FOXNews at 4-2-2010)
The United States is at risk of a crippling cyber attack that could "wreak havoc" on the country because the "technological balance" makes it much easier to launch a cyber strike than defend against it, Director of National Intelligence Dennis Blair said Wednesday. Blair, speaking to the House Intelligence Committee, said U.S. tools are not yet up to the task to fully protect against such an attack.... read more»






Google-China spat elevates cybersecurity to foreign policy priority
(from FCW at 4-2-2010)
In diplomacy and politics, how a message is delivered is often as important as its content. It’s helpful to view Secretary of State Hillary Clinton’s recent comments about cybersecurity and Internet freedom in this light. Clinton’s speech did not announce billions for a new program or a major treaty with a foreign adversary. Nonetheless, her comments directed squarely at the Chinese government served to elevate the importance of Internet freedom and cybersecurity to new heights at Foggy Botto... read more»






Google attacks: A wake-up call or curtain call for agencies?
(from FCW at 4-2-2010)
Until now, it might have been easy for government agencies that are not in the defense or intelligence business to think that state-sponsored cyberattacks were something they didn't have to worry about. But if there is any lesson from the news that Google and dozens of other nondefense companies were recent targets of sophisticated hacks run through China, it’s that civilian agencies are not as safe from such threats as some of them might think. “These were regular old businesses being attack... read more»






House Passes Cybersecurity Enhancement Act
(from govinfosecurity at 4-2-2010)
The first major cybersecurity bill to be passed by either house in the 111th Congress, the Cybersecurity Enhancement Act, was approved by a 422-to-5 vote in the House on Thursday. The measure, HR 4061, goes to the Senate. Rep. Dan Lipinski, the Illinois Democrat who is the bill's main sponsor, said on the House floor that cybersecurity is an important issue that affects people in their everyday lives. "The amount of time all of us spend on the Internet, the vulnerabilities that are out there,... read more»






Happy Birthday ZeuS Tracker!
(from abuse at 4-2-2010)
One year ago, on the 2nd of February 2009, ZeuS Tracker was born (Introducing: abuse.ch ZeuS Tracker BETA). Today ZeuS Tracker looks back to a very successful year and I would like to use this event to write some words about ZeuS Tracker. During the last year, ZeuS Tracker has tracked more then 2′800 malicious ZeuS C&C servers. The ZeuS Tracker has captured more then 360MB ZeuS config files and 330MB binaries.... read more»






Torrent phishing scheme trips up Twitter users
(from itknowledgeexchange at 4-2-2010)
If you signed up for an account on a torrent forum or website and use similar passwords for other accounts, change your passwords now. A savvy attacker is skimming passwords from the users of a number of torrent sharing sites he created, using the credentials to try to break into Twitter and other third-party sites. Torrent sites were made popular by people who wanted to share music files in the early 2000s. The file sharing protocol enables users to “seed” files and share small pieces of lar... read more»






How to: Protect Your Website Using robots.txt, Part 2
(from esecurityplanet at 4-2-2010)
n the first installment in this series, we looked at creating a robots.txt file to manage how search engine Web crawlers (or “spiders”) index your site. By default, crawlers will try to index every file they can find on your site, which may not be desirable. Although the basic syntax we looked at for robots.txt will cover most scenarios, there are some additional ways to manage Web crawlers—adjusting crawl rate, using meta tags, and creating a sitemap.... read more»






Microsoft Security Bulletin Advance Notification for February 2010
(from Microsoft at 4-2-2010)
This is an advance notification of security bulletins that Microsoft is intending to release on February 9, 2010. This bulletin advance notification will be replaced with the February bulletin summary on February 9, 2010. This advance notification provides a number as the bulletin identifier, because the official Microsoft Security Bulletin numbers are not issued until release. The bulletin summary that replaces this advance notification will have the proper Microsoft Security Bulletin num... read more»






NATO Chief: Nations Must Unite On Cyber Warfare
(from DefenseNews at 4-2-2010)
Given attacks on computer networks in Estonia, Georgia, Latvia and Lithuania in the past several years, the definition of protections for NATO members should be expanded, the NATO Supreme Allied Commander Europe said Feb. 2. The likelihood that the next conflict will start with a cyber attack rather than a physical attack highlights the importance of changing the treaty's definitions, Adm. James Stavridis said at the Armed Forces Communications and Electronics Association conference.... read more»






China says India's hacking allegations groundless
(from in at 4-2-2010)
To see the video please visit this url: http://www.in.com/videos/watchvideo-china-says-indias-hacking-allegations-groundless-6162689.html... read more»






Personal information on 3,700 Boscov's employees gets lost
(from Pennlive at 4-2-2010)
A damaged envelope resulted in the loss of papers containing names and Social Security numbers of 3,700 Highmark Inc. customers who work for Boscov's. The envelope had been mailed to Boscov’s corporate offices in Reading. Upon arrival, the envelope was damaged and torn, with pages missing, Highmark said. Highmark said the U.S. Postal Inspector and other government agencies have been notified, and “there is no reason to believe” the information was stolen. Highmark said it is notifying the ... read more»






BriefingsDirect analysts discuss ramifications of Google-China dust-up over corporate cyber attacks
(from ZDNet at 4-2-2010)
The latest BriefingsDirect Analyst Insights Edition, Volume 50, focuses on the fallout from the Google’s threat to pull out of China, due to a series of sophisticated hacks and attacks on Google, as well as a dozen more IT companies. Due to the attacks late last year, Google on Jan. 12 vowed to stop censoring Internet content for China’s web users and possibly to leave the country altogether. This ongoing tiff between Google and the Internet control authorities in China’s Communist Party-domi... read more»






Rogue iPhone Apps Could Jeopardize User Privacy, Expert Says
(from ITBusinessEdge at 4-2-2010)
Be careful of the apps you download for your iPhone, security expert Nicolas Seriot warns users. A flaw in the iPhone's design, along with rather lax App Store security, could make iPhone users vulnerable to privacy violations, according to CNET News. iPhone Apps, he says, have "unfettered access" to a wealth of information about the user once they are downloaded to an iPhone. That information can include the phone number, address book data, and a notes section of the address book, Seriot tol... read more»






Google to enlist NSA to fight off cyberattacks
(from MSNBC at 4-2-2010)
The world's largest Internet search company and the world's most powerful electronic surveillance organization are teaming up in the name of cybersecurity. Under an agreement that is still being finalized, the National Security Agency would help Google analyze a major corporate espionage attack that the firm said originated in China and targeted its computer networks, according to cybersecurity experts familiar with the matter. The objective is to better defend Google — and its users — from f... read more»






Sunbelt Software Announces Top 10 Malware Threats for January
(from Redorbit at 4-2-2010)
The top 10 most prevalent malware threats for the month of January are: 1. Trojan.Win32.Generic!BT 23.15% 2. Trojan-Spy.Win32.Zbot.gen 4.91% 3. Exploit.PDF-JS.Gen (v) 4.55% 4. Trojan.Win32.Generic!SB.0 2.40% 5. Trojan.Win32.Malware 1.93% 6. Trojan.ASF.Wimad (v) 1.92% 7. INF.Autorun (v) 1.46% 8. Virtumonde 1.23% 9. Packed.Win32.TDSS.aa.3 (v) 1.21% 10. Trojan.HTML.FakeAlert.a (v) 0.98%... read more»






Third parties revealed as biggest IT vulnerability
(from v3 at 4-2-2010)
An analysis of more than 1,900 penetration tests and 200 actual security breaches over the past year has shown that more than four out of five security problems are down to third-party suppliers. The survey by payment security firm Trustwave showed that third-party systems were responsible for 81 per cent of the security breaches, and that point-of-sale (POS) devices accounted for 83 per cent of that total.... read more»






Internet Security Myths
(from Mobile Computing News at 4-2-2010)
MYTH 1: HACKING Some people believe that hackers tend to be teenagers, who are simply snooping around aimlessly, and have no specific interest in specific personal information. In fact, hackers tend to be very inquisitive, and often destructive people. An example of this is the recent defacement of China’s Baidu site by Twitter hackers. MYTH 2: VIRUS SOFTWARE PROTECTS ME COMPLETELY Contrary to popular belief, anti-virus software does not automatically mean your computer is secure from virus... read more»






India not ready for cyberwar
(from Business Standard at 4-2-2010)
Experts are unanimous in their view that India is totally unprepared for a cyberwar. “But then when it comes to cyberwar, no country in the world is prepared to tackle this. If a country plans to attack another country, then it will choose to attack certain important online sites that will impact the economy of that country. A case in point would be deleting the database of a bank. But banks would have replicated the data and will manage to work around the situation.... read more»






2nd Annual LinuxCon 2010
(from linuxfoundation at 4-2-2010)
This event is co-located with a number of mini summits taking place on August 9th. Mini summits will be announced shortly. LinuxCon is the industry's premiere Linux conference. It is an annual technical conference that provides an unmatched collaboration and education space for all matters Linux. LinuxCon brings together the best and brightest that the Linux community has to offer, including core developers, administrators, end users, community managers and industry experts - the best techni... read more»






Top 5 Famous Computer Hackers: From Conficker to the First Computer Virus
(from abcnews at 4-2-2010)
Top of the List: America's Best-Known Hackers Fred Cohen Kevin Mitnick Robert T. Morris Kevin Poulsen Shawn Fanning... read more»






US threatened by cyber attacks
(from ABC News at 4-2-2010)
The top United States intelligence chief says the US is at risk of a crippling cyber attack. In his annual threat assessment delivered to the US Congress, National Intelligence director Dennis Blair said the extent of malicious cyber activity was growing and critical US infrastructure was being threatened. "Malicious cyber activity is occurring on an unprecedented scale with extraordinary sophistication," Mr Blair said.... read more»






Is China becoming a hacker haven?
(from Stuff at 4-2-2010)
Google's accusation that its e-mail accounts were hacked from China landed like a bombshell because it cast light on a problem that few companies will discuss: the pervasive threat from China-based cyberattacks. The hacking that angered Google and hit dozens of other businesses adds to growing concern that China is a centre for a global explosion of internet crimes, part of a rash of attacks aimed at a wide array of targets, from a British military contractor to banks and chemical companies t... read more»






Don't forget who's behind a cyberattack
(from washingtontechnology at 4-2-2010)
Many would argue, and understandably so, that government agencies aren't role models for corporations on how to improve their bottom lines. But federal agencies do hold a leadership position in cybersecurity on one key point: They recognize the value of knowing not just how networks are hacked, but also by whom.... read more»






Hackers Target Hotels for Card Data As Malware Gets More Insidious
(from Digitaltransactions at 4-2-2010)
A growing emphasis by computer hackers on stealing payment card data from hotels and resorts and their increasingly sophisticated malicious software and attack methods are two highlights in a new report from security consulting and technology firm Trustwave Holdings Inc.... read more»






Police survey provides glimpse of Net-surveillance figures
(from CNet at 4-2-2010)
A forthcoming survey of computer crime investigators suggests that electronic surveillance is a bit more commonplace than most people might expect. Even a relatively small group of 100 police working on online investigations reports submitting as many as 22,800 legal requests for information a year to Internet and e-mail providers, a category that includes both subpoenas and search warrants.... read more»






Google to enlist National Security Agency to help it ward off cyberattacks
(from mercurynews at 4-2-2010)
The world's largest Internet search company and the world's most powerful electronic surveillance organization are teaming up in the name of cybersecurity. Under an agreement that is still being finalized, the National Security Agency would help Google analyze a major corporate espionage attack that the firm said originated in China and targeted its networks, according to experts familiar with the matter. The objective is to better defend Google — and its users — from future attacks.... read more»






How Wi-Fi Attackers Are Poisoning Web Browsers
(from CIO at 4-2-2010)
Public Wi-Fi networks such as those in coffee shops and airports present a bigger security threat than ever to computer users because attackers can intercede over wireless to "poison" users' browser caches in order to present fake Web pages or even steal data at a later time.That's according to security researcher Mike Kershaw, developer of the Kismet wireless network detector and intrusion-detection system, who spoke at the Black Hat conference.... read more»






Most younger Net users get there wirelessly
(from MSNBC at 4-2-2010)
Fourth-fifths of young adults between the ages of 18 and 29 are wireless Internet users, and while many of them are getting to the Web using their laptops, they're also using netbooks, cell phones, game consoles and e-readers, according to a new report from the Pew Internet & American Life Project. “More so than for their elders, the Internet is a central and indispensable element in the lives of American teens and young adults,” the organization said in its report, “Social Media & Mobile Int... read more»






Cisco's Backdoor For Hackers
(from Forbes at 4-2-2010)
Activists have long grumbled about the privacy implications of the legal "backdoors" that networking companies like Cisco build into their equipment--functions that let law enforcement quietly track the Internet activities of criminal suspects. Now an IBM researcher has revealed a more serious problem with those backdoors: They don't have particularly strong locks, and consumers are at risk.... read more»






No 'three strikes rule' for Australian ISPs
(from ITNews at 4-2-2010)
The Department of Foreign Affairs and Trade (DFAT) has poured cold water on speculation Australia would adopt a "three strikes" rule, which would see ISPs cut off subscribers that were found to have shared copyright protected files on more than two occasions. The "three strikes" rule was reported to be on the agenda of the ACTA Anti-Counterfeiting Trade Agreement being forged between the United States and allies including Australia, Canada, Japan, New Zealand and nations within the European U... read more»






'Surfing The Web Can Make You Depressed'
(from Sky News at 4-2-2010)
Psychologists have found evidence of a strong link between time spent surfing the web and depression. The longer people spend on the internet, the less likely they are to be happy, according to researchers. An online questionnaire was used to assess levels of internet dependency and depression in 1,319 individuals ranging in age from 16 to 51. In general, the longer people spent online the more depressed they tended to be, the scientists found in a study published in Psychopathology jou... read more»






The Web won’t be safe, let alone secure, unless we break it
(from Jeremiah Grossman at 4-2-2010)
There are several security issues affecting all major Web browsers that have remained unaddressed for years (probably because the bad guys haven’t leveraged them aggressively enough, but the potential is there). The problem is that the only known ways to fix these issues (adequately) is to “break the Web” -- i.e. negatively impact the usability of a significant and unacceptable percentage of websites. Doing so is a nonstarter for any browser vendor looking to grow market share. The choice is cle... read more»






2010: A Decade Of Malware
(from ChannelWeb at 4-2-2010)
The first decade of 2010 has gone by in a blink, but the last 10 years have been a lifetime in the evolution of malware. Researchers at ScanSafe, now part of Cisco, found that what started with innocuous e-mail attacks and public viruses eventually gave way to botnets such as Storm, stealthy information-stealing Trojans and other sophisticated iFrame and SQL injection attacks. Going forward, cybercriminals appear to be leaning toward corporate and political espionage, with sophisticated malware ... read more»






Privacy and Security in the Future Internet - Summer School 2010
(from nis-summer-school at 4-2-2010)
The "Future Internet" promises an exciting new world of services and capabilities: Devices that will automatically exchange information to facilitate users, services that transparently and seemlesly combine information from different and multiple sources, protocols and systems that are able to handle complex interactions. At the same time, however, concerns about privacy and security increase for individuals, organizations, and the society in general. This gives rise to a number of question such... read more»






Organisations must instil a culture of data security
(from Computing at 4-2-2010)
Last November, St Albans City Council and two NHS care trusts were victims of embarrassing data thefts as the result of someone walking out the door with their computers. These incidents highlight a worrying trend: CIOs are focusing on technical security and forgetting about the basics. Implementing sophisticated data protection technology is fine, but not if you ignore the fundamentals of physical and online security. It’s like investing in fingerprint identification for your front door and ... read more»






MEDICON 2010 - The XII Mediterranean Conference on Medical and Biological Engineering and Computing
(from medicon2010 at 4-2-2010)
The MEDICON conferences are international events of high scientific standards with long lasting tradition held every third year in one of the Mediterranean countries under the auspices of the International Federation for Medical and Biological Engineering. MEDICON 2010 is intended to provide an international forum for discussing the latest results in the field of medical and biological engineering and computing. The scientific program of MEDICON 2010 will consist of invited keynote talks given b... read more»






Google complaint highlights China-based hacking
(from Yahoo at 4-2-2010)
Google's accusation that its e-mail accounts were hacked from China landed like a bombshell because it cast light on a problem that few companies will discuss: the pervasive threat from China-based cyberattacks. The hacking that angered Google Inc. and hit dozens of other businesses adds to growing concern that China is a center for a global explosion of Internet crimes, part of a rash of attacks aimed at a wide array of targets, from a British military contractor to banks and chemical compan... read more»






NotW reporter accused of hacking over 100 mobiles
(from The Register at 4-2-2010)
Disgraced former News of World royal correspondent, Clive Goodman, and a private eye accomplice, Glenn Mulcaire, allegedly tapped into the voice-mail records of far more celebrities and public figures than previously admitted according to mobile phone records. The pair were jailed in 2007 after both pleaded guilty to hacking into the voice mail messages of royal aides. Mulcaire also admitted to five counts of unlawful interception of communications offences over hacks into voice mail messages... read more»






Versign fails to take action against malicious sites, researcher says
(from Computer World at 4-2-2010)
A security researcher is accusing Verisign Inc. of not acting fast enough to take down several dozen sites that he says are known to be spewing malware. The sites are all in the .com and .net domains and were registered by domain name registrars in Russia and Turkey said Andrew Fried, CEO of security consultancy Deteque and a former senior special agent with the U.S Department of the Treasury.... read more»






Did the Job of Security Software Just get Bigger?
(from Symantec at 4-2-2010)
Well, it looks that way. We are only just into the second month of 2010 and yet we can now see, in prospect, a whole new raft of innovation coming our way. At CES a lot of the attention was with respect to eBook readers and new slate/tablet based PCs. These new devices are squarely focused on digital content. The devices themselves, when you strip them back, all have an OS, a browser, storage, and some means to connect to the Internet. At the end of the day they are PCs—of a sort. Hence, from... read more»






Phishing Scam Cripples European Emissions Trading
(from Spiegel at 4-2-2010)
Sneaky cyber-thieves have made millions by fraudulently obtaining European greenhouse gas emissions allowances and reselling them. The scam has hampered trading of the credits, which are seen as an important tool in curbing climate change, in several European countries. Most Internet users are familiar with the e-mail scam known in the jargon as "phishing." A plausible-looking e-mail arrives in your in-box, supposedly from your bank or a Web site like Ebay, informing you that your account has... read more»






Google to enlist NSA to help it ward off cyberattacks
(from Washington Post at 4-2-2010)
The world's largest Internet search company and the world's most powerful electronic surveillance organization are teaming up in the name of cybersecurity. Under an agreement that is still being finalized, the National Security Agency would help Google analyze a major corporate espionage attack that the firm said originated in China and targeted its computer networks, according to cybersecurity experts familiar with the matter. The objective is to better defend Google -- and its users -- from... read more»






Stubborn trojan stashes install file in Windows help
(from The Register at 4-2-2010)
Security researchers have spied malware that stashes a copy of itself in a Windows help file to ensure victim computers remain infected. The trojan, dubbed Muster.e by anti-virus provider McAfee, infects a Windows file called imepaden.hlp so it stores the main components of the malware in encrypted form. In the event the installed malware is removed, the secret payload is decrypted into an executable file called upgraderUI.exe and run by a companion installation file that automatically runs ... read more»






Committee Approves Cybersecurity Bill, TechAmerica Announces Approval
(from thenewnewinternet at 4-2-2010)
In a letter to the House Committee on Science and Technology, TechAmerica announced their support for H.R. 4061, The Cybersecurity Enhancement Act of 2009. The bill was approved yesterday during the afternoon session and the bill will be sent to the full House for consideration. In the letter, TechAmerica president and CEO, Philip Bond, wrote “TechAmerica has long been a proponent of increased focus on cybersecurity research and development and on buildling up our cybersecurity workforce, and... read more»






Attacks on social networks rising
(from smartcompany at 4-2-2010)
The number of cyber attacks on popular social networks such as Facebook and Twitter are on the rise, according to network security firm Sophos. The new "social security" report found an "explosion" of spam messages targeting users on the social networks. "Computer users are spending more time on social networks, sharing sensitive and valuable personal information, and hackers have sniffed out where the money is to be made," senior technology consultant Graham Cluley told News.com.au. "S... read more»






Warez backdoor allows hackers to pwn Twitter accounts
(from The Register at 4-2-2010)
Twitter has lifted the lid on its recent advice to many users to reset their passwords for the micro-blogging site. Originally, it was thought that the guidance had come in response to a common or garden phishing attack. In a post on Tuesday, Twitter explained that the attack was actually far more devious and elaborate. Hackers established Torrent user sites and forums with hidden backdoors. They waited for these forums to grow in popularity before they harvested login details.... read more»






Manchester cops recover from Conficker
(from The Register at 4-2-2010)
Manchester police were once again able to run inquiries on the Police National Computer on Wednesday morning, after techies purged a Conficker worm infection from the force's network. The malware infection left cops unable to run PNC checks on suspect persons or vehicles between Friday evening - when a decision to disconnect from the PNC database was taken in order to prevent the infection from spreading - and Wednesday morning, when links were restored. Links to court systems were also suspe... read more»






Schneier-Ranum Face-Off: Should we ban anonymity on the Internet?
(from TechTarget at 4-2-2010)
Universal identification is portrayed by some as the holy grail of Internet security. Anonymity is bad, the argument goes; and if we abolish it, we can ensure only the proper people have access to their own information. We'll know who is sending us spam and who is trying to hack into corporate networks. And when there are massive denial-of-service attacks, such as those against Estonia or Georgia or South Korea, we'll know who was responsible and take action accordingly.... read more»






Fugitive VoIP hacker admits 10 million minute spree
(from The Register at 4-2-2010)
A Miami hacker has admitted he pocketed more than $1m by selling millions of minutes of voice over IP calls and surreptitiously routing them through the networks of telecommunications companies. Edwin Andrew Pena pleaded guilty to two felonies in connection with the hacking spree, which spanned the years 2004 through 2006, according to court documents. He was apprehended last year in Mexico after skipping out on a $100,000 bond secured by the mother of his then girlfriend.... read more»






U.S. Hosts Over a Third of All Malware on the Internet
(from Softpedia at 4-2-2010)
According to a report recently released by security vendor Sophos, the United States hosted over 37% of the total amount of malware on the web in 2009. The prevalence of malicious programs hosted in China has significantly reduced during the past year, positioning the country in the third place after Russia. The top ten countries hosting malware on the web were revealed as part of the Sophos Security Threat Report 2010 (PDF). The statistics were compiled by analyzing data gathered between Jan... read more»






Top 10 malware threats for January
(from Net-Security at 4-2-2010)
Sunbelt Software announced the top 10 most prevalent malware threats of January 2010. The top seven detections were the same as December, but in a slightly different order. In December and January, six of the top 10 detections were Trojans. Trojan.Win32.Generic!BT – a generic detection for Trojans that comprised nearly one quarter (23.15 percent) of all the malware found. It remained in the top position for the third month in a row, growing by nearly 20 percent from 18.69 percent of all detec... read more»






Top ten malware-hosting countries revealed
(from Sophos at 4-2-2010)
IT security and data protection firm Sophos has revealed details of the top ten countries hosting malware on the web, passing on malware infections to innocent computer users. Every day Sophos discovers over 50,000 newly infected webpages, and its findings reveal that the problem of compromised websites is truly global.... read more»






Black Hat: Researcher claims hack of chip used to secure computers, smartcards
(from ComputerWorld at 4-2-2010)
A researcher with expertise in hacking hardware Tuesday detailed at the Black Hat DC conference how it's possible to subvert the security of a processor used to protect computers, smartcards and even Microsoft's Xbox 360 gaming system. Christopher Tarnovsky, a researcher at Flylogic Engineering, said he has hacked an Infineon SLE 66 CL PC processor that is also used with Trusted Platform Module (TPM) chips. He emphasized that his research shows TPM, which was developed as an industry specific... read more»






Hackito Ergo Sum 2010 - Call For Paper - HES2010 CFP
(from Philippe Mailinglist at 4-2-2010)
Hackito Ergo Sum conference will be held from April 8th to 10th 2010 in Paris, France. It is part of the series of conference "Hacker Space Fest" taking place since 2008 in France and all over Europe. HES2010 will focus on hardcore computer security, insecurity, vulnerability analysis, reverse engineering, research and hacking. INTRO The goal of this conference is to promote security research, broaden public awareness and create an open forum so that communication between the resear... read more»






Oops - Naughty Trader Caught Red-Handed On Live TV
(from hereisthecity at 4-2-2010)
Macquarie Bank is said to have launched an investigation after a trader was seen on live TV opening up photos on his work PC monitor of a scantily-dressed Miranda Kerr, the Australian supermodel. Australia's 7 News was interviewing a senior Macquarie private wealth professional on the subject of Oz interest rates Tuesday, when, in the background, a firm trader (clearly unaware that he was on live TV) opened some pics from Ms Kerr's recent GQ shoot. It looks as if the trader was tipped off by ... read more»






Government warns of looming cyberthreats
(from CNet at 3-2-2010)
White House Director of National Intelligence Dennis Blair says the U.S. is severely under the threat of greater cyberattacks but believes we can rise to the challenge. Blair appeared before a Senate panel on Tuesday to deliver the Annual Threat Assessment of the U.S. Intelligence Community (PDF). A statement of Blair's remarks to the Senate Select Committee on Intelligence was released for the record. While he focused mostly on non-cyberterrorism and similar threats, he led off with a stark ... read more»






Phishers steal carbon permits
(from BBC at 3-2-2010)
The international carbon market has been hit by a phishing attack which saw an estimated 250,000 permits worth over 3 million euros stolen this week. The scam involves six German companies and meant emissions trading registries in a number of EU countries shut down temporarily on 2 February. In the global carbon market, companies can buy permits from other firms, allowing them to emit greenhouse gases.... read more»






Highmark notifies members of new 'data spill'
(from bizjournals at 3-2-2010)
Highmark was notifying some 3,700 members on Wednesday that documents containing their names, policy identification and social security numbers were missing, the second such data spill for the region’s dominant health insurer in four months. In January, the company mailed a premium billing statement to Boscov’s Department Store, a client in Reading, according to Highmark. The envelope arrived damaged and torn and pages were missing.... read more»






Fake Firefox site bundles undead adware
(from The Register at 3-2-2010)
Adware slingers have taken advantage of the buzz around the latest version of Firefox to establish a fake browser download site. The counterfeit Firefox download site is disguised as a kosher browser download site and might easily fool the unwary. A closer look, however, reveals the version of Firefox on offer is version 3.5 (instead of the latest 3.6 version supplied by Mozilla). In addition, terms such as "Anti-Pishing" (sic) are misspelled on the glossy counterfeit download site.... read more»






One in Every 150 Legitimate Sites Infected by Malware
(from threatpost at 3-2-2010)
The problem of attackers infecting legitimate Web sites with malware that then silently exploits vulnerabilities in users' browsers reached unprecedented levels in 2009, with 1 in every 150 legitimate sites serving up malware, experts say. Analysts at Kaspersky Lab have been monitoring a pool of about 300,000 legitimate Web sites for the last several years, looking to see how many become infected with malware and how long the infections last. In 2006 the rate was about one infected site in ev... read more»






Read this for your chance to win - Unseen by us, a war on spam rages—and it’s about to heat up
(from Macleans at 3-2-2010)
For a brief instant in November 2008, the spam-industrial complex—that amorphous machine that sends out some 62 trillion junk emails a year—suffered a blow. McColo, a Web hosting firm based in San Jose, Calif., known as a safe haven for some of the Internet’s most virulent spammers, was knocked offline. Overnight, global spam, which by then totalled 100 billion messages daily, plummeted by 70 per cent. Purveyors of emails about cheap Viagra were beaten back; techies in the know r... read more»






Security Hardware & IT Security Software: Google, China and the Anatomy of the Aurora Attack
(from EWeek at 3-2-2010)
When Google reported in January that it had been the victim of a cyber-attack, it sparked what has turned out to be weeks of discussions and investigation. But what has become yet another entry on the list of cyber-security incidents between the United States and China began with a vulnerability in Internet Explorer. The December attack against Google turned out to be the tip of the iceberg. More than 30 enterprises are believed to have been impacted by what has since become known as "Operati... read more»






1,400 personal records stolen from Columbia College
(from Net-Security at 3-2-2010)
Three notebook computers were stolen two weeks ago from an office at the Columbia College, containing personal information, including social security numbers, of 1,400 of current and prospective students, alumni, and past and present employees. Columbia Spectator reports that the fact was revealed only this Friday, some 11 days after the security breach. The University offered to everyone who was affected a two-year subscription to a credit monitoring system (free of charge, of course) and ar... read more»






Old security flaws still a major cause of breaches, says report
(from ComputerWorld at 3-2-2010)
An overemphasis on tackling new and emerging security threats may be causing companies to overlook older but far more frequently exploited vulnerabilities, according to a recent report. The report, from Trustwave, is based on an analysis of data gathered from more than 1,900 penetration tests and over 200 data breach investigations conducted on behalf of clients such as American Express, MasterCard, Discover, Visa and several large retailers. The analysis shows that major global companies ... read more»






Off-Twitter phishing attack explained
(from Net-Security at 3-2-2010)
The mystery of the off-Twitter phishing attack, due to which some account passwords have been reset by the service, has been solved. Del Harvey, Director and leader of Twitter's Trust and Safety team posted an explanation, in which she says that a couple of accounts have witnessed a massive surge in the number of followers in the last five days, with no apparent reason. Finding it rather suspicious, they decided to head off a potential complication by resetting the passwords of all the fol... read more»






Chinese hacker says most are not skilled coders
(from itknowledgeexchange at 3-2-2010)
The New York Times managed to track down and interview a China-based hacker, offering a glimpse into what it says is a thriving hacking community there. The headline says “Hacking for Fun and Profit in China’s Underworld.” But there’s no real evidence of profit. David Barboza’s description of the hacker, who goes by the name Majia, lives up to the old-school hacker stereotype: He’s young. He seems to be in it for the fame and he lives in a dingy apartment. He has a government job by day and a... read more»






Customers risk online banking fraud by reusing bank credentials
(from SearchFinancialSecurity at 3-2-2010)
Many online banking customers reuse their banking login credentials to access other websites, putting themselves at risk of account hijacking and online banking fraud, according to a study by Trusteer Inc. The New York-based online security vendor found that 73% of bank customers use their Internet banking password to access non-financial -- and less secure -- websites. Forty-seven percent use both their online banking user ID and password on other websites. The practice puts online bankin... read more»






Attackers zero in on Web application vulnerabilities
(from TechTarget at 3-2-2010)
When users of link sharing and discussion website MetaFilter detected malicious code transforming benign webpages into a drive-by attack platform, Matthew Haughey raced to fix the security flaw. Haughey, a programmer and Web designer who started the site in 1999, soon figured out the problem: a standard SQL injection attack targeting a poorly coded Web application that he built when the website first went live. It was his first Web application and Haughey admits that it failed to filter out v... read more»






Black Hat DC: Researchers Reveal Connection String 'Pollution' Attack
(from DarkReading at 3-2-2010)
A pair of Spanish researchers here today demonstrated a way to hack the connection between a Web application and a database, letting the attacker hijack Web credentials and perform other nefarious activities. The so-called Connection String Parameter Pollution (CSPP) attack exploits poorly secured dynamic connections between Web apps and databases, namely ones that still use semicolons as separators between data such as the data source, user ID, and password associated with a connection to th... read more»






Researcher Cracks Security Of Widely Used Computer Chip
(from DarkReading at 3-2-2010)
Black Hat DC Conference 2010 -- The ultra-secure technology used to protect some of the world's most commonly used microchips might not be so secure, a researcher said here today. Christopher Tarnovsky, a researcher at Flylogic Engineering who has made a business of hacking "unhackable" chip technology and other hardware, was at it again today with the revelation of vulnerabilities in the Infineon SLE 66 CL PE chip, which is widely used in computers, gaming systems, identity cards, and other ... read more»






Mobile Apps Flood the Market: Will Hackers Notice?
(from enterprise-security-today at 3-2-2010)
Mobile phones are increasingly keeping computers switched off. Train schedules, Facebook, music downloads -- all of these tasks will soon be handled primarily via mobile phones. The key element here is apps -- short for applications, and referring specifically to applications for smartphones. Apple was the first to make a major move with its App Store for iPhone and iPod touch, now popular around the world. Other providers are now offering software as well, including Nokia, BlackBerry-maker R... read more»






Don't Click on That! Social Networks a Hacker's Delight
(from enterprise-security-today at 3-2-2010)
Social networks have infiltrated themselves into the lives of millions of Internet users. While some businesses have embraced the phenomenon, others are being negatively impacted by the use of social networks at the office. Aside from distracting individuals from their everyday work and affecting companies' bottom lines, they are also negatively impacting their security. Facebook, which has 350 million users worldwide, is the most disruptive to businesses because of the security risks invo... read more»






My Computer is More Secure Than Yours, or Not- the PC vs. Mac Security Debate
(from thenewnewinternet at 3-2-2010)
With cyber exploits filling the news recently and more and more organizations experiencing cyber attacks, we are often left with the question of which computer platform provides better security? A survey conducted by ESET and released in November found that the majority of computer users believe that Macs are more secure than PCs. However, the survey found that Mac users are just as likely as PC users to be victims of cyber crime. Mac users also tend to lose more money in cyber crime than PC ... read more»






Spammers: Looking to Save Money? Here’s how!
(from commtouch at 3-2-2010)
Next time you have some Viagra to sell or malware to spread, forget those passe, brute-force directory attacks. You don’t have to generate email addresses with all those alphanumeric characters or “typical” names and email structures, such as jane.smith@FORTUNE500COMPANY.com. And you especially don’t have to take days to deliver them slooowly and methodically so corporate servers don’t reject everything. The cheaper, better, faster way to harvest directories is here! With services like Linked... read more»






Net filter legislation to go public by March
(from SecureComputing at 3-2-2010)
Australians will get their first look at the wording of the Federal Government’s proposed internet filtering laws in “late February or March”, according to Labor Senator Kate Lundy. The timing was revealed as Lundy moved to clarify her views on the controversial policy. “This is a question best answered by the office of Minister Conroy, however I expect it will be late Feb or March,” Lundy said.... read more»






Increase in tax rebate phishing emails
(from Shout99 at 3-2-2010)
Taxpayers should not respond to any email promising a tax repayment HM Revenue and Customs (HMRC) has warned. Fraudsters have been sending out thousands of such ‘phishing’ emails in the run up to the January 31 tax deadline. The email tells the recipient they are due a tax refund and directs them to an online form to provide bank or credit card details for the 'rebate' to be paid into. Anyone providing their details could have their accounts emptied and credit cards used to their limit. Th... read more»






Cyber crime advertising online
(from Tvnz at 3-2-2010)
The people who brought the world malicious software that steals credit card numbers from your personal computer and empties bank ATMs of their cash are hiring - and they are advertising online. Two companies that are hiring - at least on a contractor basis - advertise online, said Kevin Stevens, a threat intelligence analyst for SecureWorks, who presented findings on the organizations at the Black Hat cybersecurity conference outside Washington.... read more»






Cybersecurity essential to national security, says DHS
(from ComputerWeekly at 3-2-2010)
Cybersecurity has become crucial to homeland security, according to the US Department of Homeland Security. In its first four-yearly review, the Department of Homeland Security said safeguarding and securing cyberspace had become one of the homeland security community's most important missions. "Our vision is a cyberspace that supports a secure and resilient infrastructure, that enables innovation and prosperity, and that protects privacy and other civil liberties by design," it said. "... read more»






China hacking laws to get tougher
(from ComputerWorldUk at 3-2-2010)
Chinese police and judicial officials are formulating new measures that govern how hacking crimes are handled by courts, the country's latest step to strengthen its cyber laws, state media reported. China's police are working with the country's highest investigative organ and the Supreme People's Court to release a judicial interpretation on hacking crimes, according to the People's Daily, the official paper of the Communist Party, citing a Chinese police representative. The report gave no de... read more»






Akademy 2010 Call for Papers Akademy 2010: "Our World, Clearly" - July 3 to 10 2010, Akademy in Tampere, Finland
(from KDE at 3-2-2010)
Akademy is the annual conference of the KDE community and open to all who share an interest in the KDE community and its goals. This conference brings together artists, designers, programmers, translators, users, writers and other contributors to celebrate the achievements of the past year and helps define the vision for the next year. In its 7th year, we invite all contributors and users to participate in Akademy in Tampere, Finland from July 3 to 10 2010. Recent developments in the KDE tech... read more»






China takes step to toughen hacking laws
(from ComputerWorld at 3-2-2010)
Chinese police and judicial officials are formulating new measures that govern how hacking crimes are handled by courts, the country's latest step to strengthen its cyber laws, state media reported. China's police are working with the country's highest investigative organ and the Supreme People's Court to release a judicial interpretation on hacking crimes, according to the People's Daily, the official paper of the Communist Party, citing a Chinese police representative.... read more»






US cyber security 'under threat'
(from Channel4 at 3-2-2010)
Malicious cyber activity is occurring on an unprecedented scale with extraordinary sophistication." That is what America's top intelligence official, Dennis Blair has told the US congress. It was a pretty stark warning about the risks that come with government, business and personal reliance on the internet.... read more»






Iowa officials: Hacker may be in China
(from upi at 3-2-2010)
Investigators say the hackers who broke into an Iowa Racing and Gaming Commission data base may have been working in China. Robert Bailey of the state Department of Administrative Services said personal data of about 80,000 people may have been compromised, the Des Moines Register reported. Most of the 80,000 are employees or former employees of casinos and racetracks in Iowa.... read more»






French government to bid Adieu to online passwords?
(from countermeasures at 3-2-2010)
The French newspaper 20minutes is reporting a French government initiative to do away with internet passwords. The French secretary of state responsible for the development of the digital economy, Nathalie Kosciusko-Morizet, announced on Monday a scheme to issue internet users with a digital certificate which would allow them to prove their identity to any online service that participates in the scheme.... read more»






How To Hack The Sky - A variety of tricks for gaining access to and exploiting satellite Internet connections
(from Forbes at 3-2-2010)
Satellites can bring a digital signal to places where the Internet seems like a miracle: off-the-grid desert solar farms, the Arctic or an aircraft carrier at sea. But in beaming data to and from the world's most remote places, satellite Internet may also offer its signal to a less benign recipient: any digital miscreant within thousands of miles. In a presentation at the Black Hat security conference in Arlington, Va., Tuesday, Spanish cybersecurity researcher Leonardo Nve presented a variet... read more»






House to consider cybersecurity bill on Wednesday
(from ComputerWorld at 3-2-2010)
The U.S. House of Representatives is scheduled to vote Wednesday on a proposed bill that is designed to bolster federal cybersecurity research and development activities, and stimulate the growth of a cybersecurity workforce in the country. The bill is called the Cybersecurity Enhancement Act of 2009 (HR 4061) and was introduced by Rep. Daniel Lipinski (D-IL) last year. It was passed by the House Science and Technology Committee last November. The bill is the first major cybersecurity legisla... read more»






Cyber Warfare: Should We Be On The Offensive?
(from TechBuddha at 3-2-2010)
There is much discussion of the changing dynamics and technologies of warfare but references particularly to cyber warfare have increased recently. Many people in the information security industry believe that we have entered an era of ‘cyber warfare’ and that government leaders need to go on the cyber-offensive. Although future wars are expected to include cyber-targets of some form, the hype surrounding cyber warfare created by the IT industry simply isn’t justified.... read more»






France sounds death-knell for online passwords
(from TechRadar at 3-2-2010)
The French government has announced plans to do away with internet passwords, exchanging the security system for a 'digital certificate'. According to French newspaper 20 Minutes, the scheme has been concocted by the French Secretary of State (and digital economy bod) Nathalie Kosciusko-Morizet who hopes the idea of a digital certificate will be picked up by French websites. So far 20 have signed up to the project, where users of the sites will be allowed access once their certification is ve... read more»






Intelligence chief: attacks on Google 'wake-up call'
(from Reuters at 3-2-2010)
Recent cyber attacks on Google are a "wake-up call" and neither the U.S. government nor the private sector can fully protect the American cyber infrastructure, the director of U.S. national intelligence said on Tuesday. "Malicious cyber activity is occurring on an unprecedented scale with extraordinary sophistication," Dennis Blair said in prepared testimony for a Senate intelligence committee hearing.... read more»






Cybercrime Checks Into The Hotel Industry
(from Forbes at 3-2-2010)
Over the past year America's hotels have had some uninvited guests: a wave of increasingly sophisticated invasions by organized cybercriminals. That's one finding of a report that cybersecurity researcher Nicholas Percoco plans to present Tuesday at the Black Hat security conference in Arlington, Va. His data shows a spike in hacking incidents that successfully targeted hotels and resorts, what Percoco describes as relatively unprotected sources of thousands or even millions of credit card ac... read more»






Cisco to Introduce Melissa Hathaway in New Security Advisory Role
(from CNN at 3-2-2010)
On Thursday, Feb. 4, Cisco will host a live Cisco TV broadcast and Q&A session to introduce Melissa Hathaway, previously acting senior director for Cyberspace within the National Security Council for President Barack Obama's administration, as senior adviser to the Company's security team. The broadcast will spotlight the work she will be involved in to help advance cybersecurity policy and tighter partnering between the private and public sectors.... read more»






U.S. 'Severely Threatened' By Cyber Attacks
(from informationweek at 3-2-2010)
Testifying before the Senate Intelligence Committee on Tuesday, the top U.S. intelligence official warned that U.S. critical infrastructure is "severely threatened" and called the recent cyber attack on Google "a wake-up call to those who have not taken this problem seriously." "Sensitive information is stolen daily from both government and private sector networks, undermining confidence in our information systems, and in the very information these systems were intended to convey," said Denni... read more»






Hackers for Hire - Orrin Kerr a prosecutor specializing in computer crime
(from FOXNews at 3-2-2010)
They go by names such as Piratecrackers, Yourhackers and Slickhackerz. Although illegal, a handful of internet services brazenly advertise that for a usual hundred dollar fee they can obtain almost any email password. One site boasts that it provides an ideal way to catch a cheating spouse or significant other. George Washington University Law professor, Orrin Kerr who worked as a prosecutor specializing in computer crime said although these services are breaking the law, prosecuting them is... read more»






OFT highlights spread of online scams
(from v3 at 3-2-2010)
The Office of Fair Trading has boosted its anti-scam awareness campaign with new research into the depth and spread of fraudulent online activity. The government watchdog released the results of a new survey into scams, showing that one in 11 adults in the UK have fallen victim to a scam, and almost a third have lost money as a result. One in 25 people responded to a scam in the past year alone, and almost half lost up to £50 as a result, according to the report. Unsurprisingly, email attacks... read more»






Sonoma woman victim of e-mail identity theft
(from Sonoma News at 3-2-2010)
A Sonoma dance and yoga instructor was startled to discover last week that her name and her e-mail address were being described in the pages of the Index-Tribune as part of an Internet scam. Karen Devaney said she began receiving phone calls and e-mails from countless friends after the item appeared in Kathleen Hill's Index-Tribune column Jan. 29. Hill alluded to a message she received that was also sent to at least two I-T staffers from someone identifying herself as "Karen Devaney" with the... read more»






Social networking to replace email by 2014
(from Computing at 3-2-2010)
The business benefits of social software platforms will lead to email being replaced as the primary means of communication by 2014, according to analyst Gartner. Increasing business use of tools such as Twitter and Facebook has resulted in more demand for such systems, says the firm, which predicts that 20 per cent of organisations will use them as their key communication medium by 2014.... read more»






Nexus One update fixes 3G problem, adds multitouch
(from ComputerWorld at 3-2-2010)
Google has started pushing out an update for the Nexus One that will fix a 3G connectivity problem that has plagued some users and adds limited support for multitouch. After receiving over 1,500 messages in a support forum from people complaining about trouble connecting to 3G, Google said last week that it had identified the problem and would soon deliver a fix. On Tuesday, it posted a message on its Nexus One news and updates page announcing that it had started delivering the software up... read more»






CA security report highlights insider threat
(from v3 at 3-2-2010)
The latest State of Internet Security report from CA has warned that employees will represent the biggest threat to enterprise security in the coming year. The report said that businesses face an increasingly large and complex array of security issues, the worst of which may be irresponsible or malicious behaviour by workers.Cyber criminals will begin targeting employees in earnest during 2009, getting at them through social networking sites with a view to recruiting them as "moles".... read more»






IT workforce is 'crucial to the UK's recovery'
(from Computing at 3-2-2010)
Technology expertise could be the solution to boost the UK’s economic recovery but more investment in skills is required, according to new research from sector skills council e-skills UK. Despite the recession and the wave of redundancies seen over the past couple of years, e-skills says that the industry has grown at twice the UK average over the past eight years to 1.1 million professionals working in the sector.... read more»






At Black Hat, a search for the best response to China
(from Computer World at 3-2-2010)
Google's revelation last month that attacks out of China resulted in the theft of some of its data drew attention to the broader question at the Black Hat conference here over what can be done to the villains. Cyberattacks give rise to anger and a very human desire to strike back, but pursuing attackers in ways that matter isn't accomplishing much. The number of people who are arrested and convicted for any of the phishing attacks, intrusions and thefts is tiny.... read more»






Cyber threat growing at unprecedented rate, intell chief says
(from Federal Computer Week at 3-2-2010)
Malicious cyber activity is growing at an unprecedented rate, severely threatening the nation's public and private information infrastructure, the government's top intelligence official said today. Dennis Blair, the director of national intelligence, told members of the Senate Select Intelligence Committee,that “in the dynamic of cyberspace, the technology balance right now favors malicious actors rather than legal actors, and is likely to continue that way for quite some time.”... read more»






Homeland Security Plans Cybersecurity, Data Center Investments
(from Information Week at 3-2-2010)
The Department of Homeland Security is looking to invest nearly $900 million in fiscal 2011 on technology projects that include bolstering cyber security and continued work on a data center consolidation project that's already underway. Other IT priorities listed as part of the department's proposed $56.3 billion budget, unveiled Monday, include improvements to an existing Internet-based verification program that lets employers check that someone is legally allowed to work in the United State... read more»






US senator asks companies about China rights practices
(from Yahoo at 3-2-2010)
A US senator on Tuesday asked 30 leading companies, including Amazon, Apple, Facebook, IBM, Nokia and Twitter, for information about their human rights practices in China after Google's threat to leave the country over cyberattacks and Web censorship. Democratic Senator Dick Durbin of Illinois, chairman of the Judiciary Subcommittee on Human Rights and the Law, also announced plans to hold a hearing in February on global Internet freedom.He said the hearing would feature testimony from Barack... read more»






Phil Jones, scientist in climate data row, promises to be more open
(from Times Online at 3-2-2010)
The scientist at the centre of the climate change row over stolen e-mails has admitted that he and his colleagues need to be more open with their data. Professor Phil Jones, of the University of East Anglia, has been accused of blocking requests for data under the Freedom of Information Act. He said: “We are facing more and more public scrutiny and any future work we do is going to have much greater scrutiny by our peers and by the public. We do need to make more of the data available, I full... read more»






China is world’s top hacking target say officials
(from v3 at 3-2-2010)
A Chinese government official has said that his country is the world’s leading target in hacking attacks. In an interview with state media Zhou Yonglin, deputy chief of the operations department of the China National Computer Network Emergency Response Technical Team (CNCERT) said that China suffered more hacking attacks than any other country.... read more»





Cyberthieves are hiring, using online ads
(from Yahoo at 3-2-2010)
The people who brought the world malicious software that steals credit card numbers from your personal computer and empties bank ATMs of their cash are hiring, and they're advertising online. Two companies that are hiring -- at least on a contractor basis -- advertise online, said Kevin Stevens, a threat intelligence analyst for SecureWorks, who presented findings on the organizations at the Black Hat cybersecurity conference outside Washington on Monday.... read more»






Disqus for ePayment News