|
| Hacked, website shut for post-mortem | |
| (from expressbuzz at 13-3-2010) | |
| For sometime, the Orissa Government website will remain off access. A day after the official website was breached and defaced, the IT Department is looking to set things right because the hacking came as an embarrassment to the State Government. How was it that the official website was broken into? Technically, it is not a really big ask for hackers who are dime a dozen and look for soft targets. The prime issue, though, is that of the security of the website. The State Government website is ... read more» | |
| | |
|
|
| Spammers attempt Grand Theft from Auto Recall | |
| (from View From The Bunker at 13-3-2010) | |
| Symantec’s March State of Spam and Phishing report has found that spammers are using recent car recalls as a premise to deliver spam messages and ‘phish’ personal details. Also this month, Symantec has noted a continued trend towards exploiting natural disasters with a high volume of spam and phishing linked to the Haiti and Chile earthquakes. Overall, phishing attacks increased by 16 per cent in March compared to February. There have been several global product recalls from multiple car manu... read more» | |
| | |
|
|
| FBI Hoaxes Boost Online Fraud | |
| (from Wired at 13-3-2010) | |
| Online fraud in the United States doubled to a reported $560 million in losses last year as illicit phishing expeditions by thieves posing as the Federal Bureau of Investigation represented the biggest consumer complaint, according to a Friday government survey. The e-mail phishing scams represented 16.6 percent of all complaints. The next closest category, at 12 percent, concerned consumer unhappiness about being billed for products never ordered or received, according to FBI data unveiled F... read more» | |
| | |
|
|
| UK shoppers unaware of online rights, reports BIS | |
| (from Out-law at 13-3-2010) | |
| UK web users are Europe's biggest online shoppers but are not aware of their consumer rights when it comes to e-commerce, a Government survey has found. UK shoppers spent £38 billion online in 2009, 10% of the total amount spent overall, making them the European Union's biggest online spenders, according to figures from the Centre for Retail Research and the Retail Sales Statistical Bulletin.But despite this high level of activity, a study conducted for the Government has shown that shoppers ... read more» | |
| | |
|
|
| Higher Education Cybersecurity Summit | |
| (from Indiana at 13-3-2010) | |
| The Summit will offer a variety of sessions on security and privacy topics of interest to practitioners, managers, and policy makers. Highlights include a keynote address by renowned security guru Bruce Schneier, a privacy panel featuring privacy officers from some of the country’s major universities, and afternoon breakout sessions featuring practitioner and management/policy tracks.... read more» | |
| | |
|
|
| China strikes back with report on U.S. human rights record | |
| (from Xinhuanet at 13-3-2010) | |
| China Friday retorted U.S. criticism by publishing its own report on the U.S. human rights record. "As in previous years, the (U.S.) reports are full of accusations of the human rights situation in more than 190 countries and regions including China, but turn a blind eye to, or dodge and even cover up rampant human rights abuses on its own territory," said the Information Office of the State Council in its report on the U.S. human rights record.... read more» | |
| | |
|
|
| eHealth 2010 Barcelona - 'eHealth for Sustainable Healthcare Delivery: global challenges through local actions' | |
| (from Europa at 13-3-2010) | |
| Co-organised by the forthcoming Spanish Presidency of the European Union and by the European Commission, with the cooperation of the Government of Catalonia and the Foundation TicSalut, the High Level eHealth Conference 2010, the 8th edition in the series of ministerial events representing an important annual milestone in the field of ICT for healthcare, aims to support dissemination of eHealth best practices. The 2010' conference theme – “eHealth for Sustainable Healthcare Delivery: global c... read more» | |
| | |
|
|
| Info Commissioner pleads with Tories to jail data thieves | |
| (from The Register at 13-3-2010) | |
| The data protection watchdog has strongly urged an incoming Tory government to quickly bring in jail sentences for data thieves, after the current government reneged on the idea. Christopher Graham, the Information Commissioner, campaigned last year for custodial powers already on the statute books under the Data Protection Act to be activated. The Labour government agreed to consult on the move, and said it planned to go ahead this April.... read more» | |
| | |
|
|
| China Threatens Google | |
| (from Wall Street Journal at 13-3-2010) | |
| A top Chinese minister warned Google Inc. "will have to bear the consequences" if it stops filtering its search results in China, suggesting there is little room for compromise in the high-profile showdown over censorship. Friday's remarks were the sharpest words yet in an unusual duel that could set a precedent for international business in the country and could escalate tensions between the U.S. and Chinese governments.... read more» | |
| | |
|
|
| Lessig Gives A Well-Timed Speech To The Italian Parliament On Internet Freedom | |
| (from Techdirt at 13-3-2010) | |
| We have noted, recently, that Italian laws and politicians seem to have a somewhat troubling view of the internet, where they are quick to blame the internet for anything bad that happens, and then look to pass laws that would throw out plenty of good just to protect against the possibility of any bad happening. This, of course, culminated just recently in the ruling in an Italian court that three Google execs were guilty of criminal violations, over a Google-hosted video.Given all that, it'... read more» | |
| | |
|
|
| Where's The Outrage Over The Gov't Brushing Mass Privacy Violations Under The Rug? | |
| (from Techdirt at 13-3-2010) | |
| I have to admit that I've been a bit in shock over Congress's decision to simply renew the Patriot Act, recently, without a single safeguard to protect against abuse. That's because just before all this happened, we wrote about how a report from the government found (not for the first time) that the FBI regularly abused its authority to get phone records it had no right to. This went well beyond earlier reports of abusing National Security Letters. In this case, the FBI didn't even bother wi... read more» | |
| | |
|
|
| Netflix cancels recommendation contest over privacy | |
| (from The Register at 13-3-2010) | |
| Netflix has canceled a contest designed to improve its movie recommendation system out of concern it might compromise the privacy of its customers. The decision was announced in a blog post published Friday, by Netflix chief product officer Neil Hunt. A previous competition that handed over anonymous user data to more than 50,000 contestants ended poorly after researchers showed it was possible to identify individuals' viewing habits by connecting the dots.... read more» | |
| | |
|
|
| Berman Working On Net Freedom Bill | |
| (from National Journal at 13-3-2010) | |
| House Foreign Affairs Committee Chairman Howard Berman, D-Calif., said Thursday that he is working on his own legislation aimed at bolstering global Internet freedom. Berman said he is still working out the details and plans to work with Rep. Chris Smith, R-N.J., on the legislation. Smith has introduced his own bill, known as the Global Online Freedom Act, which would require the State Department to set up an Office of Global Internet Freedom and compile an annual list of Internet-restricting... read more» | |
| | |
|
|
| ICANN delays decision on pxxxography domain | |
| (from The Register at 13-3-2010) | |
| ICANN has delayed its ruling on the proposed .xxx internet pxxx domain until this summer. Today, at its meeting in Nairobi, Kenya, the ICANN board voted to push a decision to its next get-together in Brussels this June, while giving its CEO and chief counsel two weeks to prepare recommendations on how to proceed with the .xxx proposal. These recommendations will then be open to comment for 45 days, the AP reports.... read more» | |
| | |
|
|
| Net clash for web police projects | |
| (from BBC at 13-3-2010) | |
| Social media activists are up in arms over plans by the UK's police watchdog for a project with the same name as an existing web initiative. MyPolice.org was set up in mid-2009 to funnel feedback from victims of crime and others to police forces. But Her Majesty's Inspectorate of Constabulary (HMIC) has unveiled plans for a project based around a site called Mypolice.org.uk. The MyPolice.org founders say they may change their name to avoid confusion. The idea is to use the website as a centra... read more» | |
| | |
|
|
| FBI: Cyberfraud losses doubled in 2009 | |
| (from Computer World at 13-3-2010) | |
| Last year was a tough one for most businesses, but for cybercriminals it was one of the best yet. According to data released Friday by the U.S. Federal Bureau of Investigation's Internet Crime Complaint Center (IC3), victims reported total losses of US$559.7 million in 2009, more than double the tally for 2008. The most frequently reported scam was one that used the FBI's own name to try and trick victims into handing over cash or sensitive information.One such scam involved an e-mail claimin... read more» | |
| | |
|
|
| Webroot warns of fake Windows update scam | |
| (from v3 at 13-3-2010) | |
| Security firm Webroot is warning internet users to be on the lookout for a malware attack masquerading as an official Windows update. The attack appears to relate to a number of out-of-band patches recently released by Microsoft. Brandt warned that falling for the scam could mean users being coerced into handing over money to deal with a 'virus problem' that does not exist.... read more» | |
| | |
|
|
| Kaspersky calls for international internet government | |
| (from v3 at 12-3-2010) | |
| World governments need to create an international governance and policing organisation to combat the growing problem of cyber crime, according to Eugene Kaspersky, chief executive at security vendor Kaspersky Lab. Kaspersky told V3.co.uk today that governments now understand that there is a problem, but need to step up a gear in terms of international co-operation.... read more» | |
| | |
|
|
| China warns Google over uncensored search threat | |
| (from The Register at 12-3-2010) | |
| China's Minister of Industry and Information Technology has warned Google that if it stops censoring search results in the country, it will "have to bear the consequences." In mid-January, after alleged Chinese hackers pilfered unspecified intellectual property from its internal systems, Google announced it had made the decision to "no longer" censor search results in China, saying that it would spend "the next few weeks" in talks with the government to determine "the basis on which we could ... read more» | |
| | |
|
|
| Cybercrime on increase ahead of the World Cup | |
| (from itnewsafrica at 12-3-2010) | |
| Three months before the World Cup, internet or cybercrimes are reported to be on the increase in South Africa. Several individuals have already been duped of hundreds of thousands of Rands, as unsuspecting individuals easily fall prey to these internet criminals.The names of cellular mobile companies have been used by individuals pretending to be representing them in order to make a quick buck.... read more» | |
| | |
|
|
| Cyber Weapons Pose Severe Threat Says DNI Chief | |
| (from Human Events at 12-3-2010) | |
| Life as we know it is “severely threatened” by weapons such as “botnets,” “phishing,” “DOS attacks” and “scans” says the U.S. Director of National Intelligence Dennis Blair. Last month, Blair delivered his Annual Threat Assessment to Congress by drawing attention to threats of computer warfare. These weapons, says Blair, could shut down our critical infrastructure and we are woefully unprepared to defend ourselves against them.... read more» | |
| | |
|
|
|
|
| The Second International Conference on Evolving Internet - INTERNET 2010 | |
| (from IARIA at 12-3-2010) | |
| Time & Date : September 20-25, 2010 Location : Valencia, Spain Advanced Internet mechanisms Access: call admission control vs. QoE vs. structural QoS / capability-based access control vs. role-based access control vs. attribute-based access control Routing and pricing models: BGP, pricing peering agreements using microeconomics, topological routing vs. table-based routing vs. network coding, power-efficient routing Optimization in P2P/CDN networks: peer placement for streaming P2P, ... read more» | |
| | |
|
|
| NIST out to ensure security products comply with vulnerability assessment language | |
| (from Government Computer News at 12-3-2010) | |
| A draft of requirements for determining the compliance of security scanning products with the Open Vulnerability and Assessment Language (OVAL) has been released by the National Institute of Standards and Technology. The requirements will be used by accredited independent laboratories for testing products for OVAL, one of the Security Content Automation Protocols (SCAP).... read more» | |
| | |
|
|
| Seminar - How to Create Defensible Risk Analysis | |
| (from aliadocorp at 12-3-2010) | |
| Time & Date : Apr. 28 2010 11:30 AM Location : NYC - Sheraton NY Hotel &Towers, 811 7th Avenue & 53rd Street Factor Analysis of Information Risk Speaker: Jack Jones CISM, CISSP, CISA In 2008, Jack joined an international ISACA Task Force developing Enterprise Risk Management standards for IT. His innovative risk analysis framework, called Factor Analysis of Information Risk (FAIR), is the foundation for The Open Group's risk management standard. Learn how to better articulate risk to... read more» | |
| | |
|
|
| McAfee inadvertently speeds creation of Metaploit IE exploit pack | |
| (from The Register at 12-3-2010) | |
| A security researcher has credited McAfee for helping him to develop exploit code that cracks open an unpatched flaw in older versions of Internet Explorer. Moshe Ben Abu (AKA Trancer00t) developed exploit code for the flaw in IE 6 and 7 in knocking-up an exploit module for the open-source Metasploit exploit database. "I didn't find the vuln', just found it in the wild. With a little help from McAfee (http://j.mp/c4W3xA) :-)," the Israeli security researcher noted in a Twitter update on Th... read more» | |
| | |
|
|
| ISPs choke Zeus botnet, but malware-linked ISP reconnects | |
| (from ComputerWorldUk at 12-3-2010) | |
| Last week FBI Director Robert Mueller called the fight against hackers "the cyber equivalent of cat-and-mouse." On Wednesday security experts trying to take down the Zeus botnet got a taste of what he meant. Just hours after Internet service providers severed network connectivity to Troyak, an ISP associated with the Zeus botnet, the ISP has regained connectivity after peering with a new upstream Internet service provider. "Don't worry, it is up and running again," Troyak spokesman Roman S... read more» | |
| | |
|
|
| Zeus botnet temporarily disrupted, but back in full force | |
| (from TechTarget at 12-3-2010) | |
| The Zeus botnet, a Trojan family widely used by cybercriminals to target victims with data-stealing malware, was temporarily disrupted this week after the ISP suspected of hosting its command-and-control servers was brought down. Kazakhstan-based Troyak.org, which harbors servers that control spam and malware botnets, went down temporarily on Tuesday. Troyak is considered to host 25% of the command-and-control servers that connect to Zeus infected computers. ScanSafe, which was recently acqui... read more» | |
| | |
|
|
| Fake antivirus software is most costly security scam of 2010 | |
| (from TechWorld at 12-3-2010) | |
| Fake antivirus programs that encourage web users to part with their hard-earned cash and download hoax security software is likely to be the most costly scam of 2010, says McAfee. According to the security firm, cybercriminals make upwards of $300m from conning web users worldwide into downloading scareware. The security firm also said it had seen a 660 percent rise in scareware over the past two years, and a 400 percent increase in reported incidents in the last 12 months.... read more» | |
| | |
|
|
| Employees rate YouTube most common online activity at work YouTube | |
| (from couriermail at 12-3-2010) | |
| IT was meant to make things easier, but the internet is proving to be more of a hindrance than a help in the workplace. New research shows almost three-quarters of Australian workers say "watching YouTube" is the most common online activity at work. More than 70 per cent shop for gifts and gadgets at the office when they should be working, while two-thirds are buying concert tickets.... read more» | |
| | |
|
|
| Google in discussions with Chinese government | |
| (from v3 at 12-3-2010) | |
| Google chief executive Eric Schmidt has said that the company is in discussions with the Chinese authorities regarding the ongoing dispute, and expects movement on the issue soon, according to new reports. Speaking at a media conference in Abu Dhabi yesterday, Schmidt declined to give any details of exactly how long the talks would last. "I can't really say anything other than that we're in active negotiations with the Chinese government, and there is no specific timetable. Something will ... read more» | |
| | |
|
|
| Allaple malware author jailed for online attack | |
| (from v3 at 12-3-2010) | |
| An Estonian man has been jailed for two years and seven months after being found guilty of using malware to launch a distributed denial-of-service (DDoS) attack on a local insurance company. The court ruled that Artur Boiko, 44, created the Allaple malware to get revenge on IF Insurance after the company disputed a claim for a car accident. The Allaple code spreads via network shares and by modifying local HTML files, which spread the infection further when uploaded to public web sites.... read more» | |
| | |
|
|
| Google says talks with China ongoing | |
| (from Yahoo at 12-3-2010) | |
| Google said Thursday that it was in talks with China on the future of the US Internet giant in the Asian nation, after the firm threatened to leave over cyberattacks and state web censorship. "We are indeed in active discussions with the Chinese government but we are not going to engage in a running commentary about those conversations," Google China spokeswoman Marsha Wang told AFP. "We've been very clear that we are no longer going to self-censor our search results." The comments came... read more» | |
| | |
|
|
| Tighter security coming for .org names | |
| (from NetworkWorld at 12-3-2010) | |
| The Public Interest Registry will add an extra layer of security known as DNS Security Extensions (DNSSEC) to the .org domain in June -- a move that will protect millions of non-profit organizations and their donors from hacking attacks known as cache poisoning. In a cache poisoning attack, traffic is redirected from a legitimate Web site to a fake one without the Web site operator or end user knowing. Cache poisoning attacks are the result of a serious flaw in the DNS that was disclosed by ... read more» | |
| | |
|
|
|
|
| Analyst Study Shows Employees Continue to Put Data at Risk | |
| (from infosecisland at 12-3-2010) | |
| From the press release, results of the annual “Human Factor in Laptop Encryption” study by Absolute Software and the Ponemon Institute: This year’s expanded study was conducted in the United Kingdom, Canada, France, Germany and Sweden, in addition to the United States. The study found that 15% of German and 13% Swedish business managers have disengaged their encryption solution. In contrast, 52% of Canadian, 53% of British, and 50% of French business managers have disengaged their encryption,... read more» | |
| | |
|
|
| 10 Quick Wins for IT Security and FISMA 2009 Compliance | |
| (from govinfosecurity at 12-3-2010) | |
| Everyone in government today is concerned with cyber security. While FISMA requires federal agencies to enhance their security posture, it remains a daunting task. Despite standardization from NIST and others, what is missing is a pragmatic evaluation of what an agency can do quickly to substantially tighten their security. The 80/20 rule applies; there are a number of requirements within FISMA and the NIST standards that are fast, relatively simple to implement and significantly increase age... read more» | |
| | |
|
|
| Massive child pxxx bust nets city teen | |
| (from hostexploit at 12-3-2010) | |
| A city teen has been caught in a massive province wide child pornography bust that has resulted in more than 120 charges against 35 people. The 17-year-old Brantford resident is charged with one count of possession of child pornography and one count of accessing child pornography. He cannot be named under the Youth Criminal Justice Act. The teen was arrested Tuesday after city police vice officers searched a north-end home. The officers seized computers and media storage devices.... read more» | |
| | |
|
|
| Change in Focus | |
| (from SecurityFocus at 12-3-2010) | |
| Since its inception in 1999, SecurityFocus has been a mainstay in the security community. From original news content to detailed technical papers and guest columnists, we’ve strived to be the community’s source for all things security related. SecurityFocus was formed with the idea that the community needed a place to come together and share its collected wisdom and knowledge. At the time, the security community was fairly fragmented with mainstream security information in its infancy. If you... read more» | |
| | |
|
|
| Businesses advised to educate staff on cybercrime educate | |
| (from BCS at 12-3-2010) | |
| Businesses in the UK would be better off in the long run if they took the time and effort to educate their staff about cybercrime. This is the view of Panda Security, which said the effects of the recent Mariposa botnet provide evidence that companies are affected less when cybercrime is high on the agenda. Luis Corrons, technical director for Panda Security, said countries like Brazil, Mexico and India were greatly affected by the botnet as educating staff about cybercrime is not prioriti... read more» | |
| | |
|
|
| Internet users urged to lie | |
| (from BCS at 12-3-2010) | |
| Internet users have been urged to lie in order to ensure their information is secure. Security expert Graham Cluley from security software provider Sophos said people may leave themselves open to attack if they give truthful answers when prompted to supply information such as their mother's maiden name. 'The problem is that people haven't learned to lie when a site asks them their mother's maiden name,' he said. 'They should say Xena Warrior Princess or Slartibartfast or Eammon Holmes. ... read more» | |
| | |
|
|
| Rise in online fraud highlights computer security needs | |
| (from BCS at 12-3-2010) | |
| Individuals need to step up their computer security efforts as online fraudsters increasingly target home users rather than larger corporations, it has been claimed. According to a new report from the UK Cards Association, online fraud in the UK has continued to rise over the past year. The payment body's figures show that, while card fraud has fallen by around 14 per cent over the past 12 months, the same period has seen a rise in online attacks, particularly phishing attacks aimed at ind... read more» | |
| | |
|
|
| How your email gets hacked | |
| (from Indiatimes at 12-3-2010) | |
| Experts have warned that hackers can comfortably crack questions used as security checks in webmails. Joseph Bonneau, a security researcher at the University of Cambridge, insists that attackers can break into at least 1 in every 80 accounts if they get three chances to guess answers. "The numbers were worse than we thought," the BBC quoted him as saying. He recommends webmail firms to replace simple answers with more complex tests to confirm a person's identity.... read more» | |
| | |
|
|
| TJX Hacking Conspirator Gets 4 Years | |
| (from Wired at 12-3-2010) | |
| Humza Zaman, a co-conspirator in the hack of TJX and other companies, was sentenced Thursday in Boston to 46 months in prison and fined $75,000 for his role in the conspiracy. The sentence matches what prosecutors were seeking. Zaman, a 33-year-old former network security manager at Barclays Bank, was charged with laundering between $600,000 and $800,000 for hacker Albert Gonzalez, who is currently awaiting sentencing on charges that he and others hacked into TJX, Office Max, Heartland Paymen... read more» | |
| | |
|
|
| U.S. targeting Iran's Internet? | |
| (from United Press International at 12-3-2010) | |
| Washington is backing a measure that would restrict Iranian access to technology meant to block or limit access to the Internet, a report says. Washington is at work on a U.N. measure to sanction Iran for its controversial nuclear activity. Tehran insists its nuclear work is for civilian energy, though Western allies suspect the program is weapons-related. Washington is supporting a measure that would limit Iran's access to software and equipment that could block Internet access, The Chris... read more» | |
| | |
|
|
| India, Mexico, Brazil have most Mariposa bots | |
| (from scmagazineus at 12-3-2010) | |
| An analysis of the dismantled Mariposa botnet has revealed that it consisted of 13 million infected PCs spanning 190 countries and 31,901 cities worldwide, according to anti-virus vendor Panda Security. The botnet, which took its name from the Spanish word for butterfly, infected PCs from almost every country around the world, stealing account information for social media sites, online email services, usernames and passwords, banking credentials, and credit card data, according to Panda. Comp... read more» | |
| | |
|
|
| Koobface worm can double command and control servers in 48 hours | |
| (from ComputerWeekly at 12-3-2010) | |
| The Koobface worm, which targets social networking sites, can double the number of command and control (C&C) servers in 48 hours, says security firm Kaspersky Lab. Koobface, which targets sites such as Facebook and Twitter, is rapidly expanding its C&C infrastructure to communicate with infected PCs, said Kaspersky. The increase is mainly in the US, where more than half of the Koobface C&C servers are hosted. Recent activity indicates that cybercriminals are constantly monitoring their ... read more» | |
| | |
|
|
| More governments plan to censor the internet, warns Clinton | |
| (from ComputerWeekly at 12-3-2010) | |
| More governments aim to censor the internet, according to the US State Department's annual report on human rights. US secretary of state Hillary Clinton said more governments were imposing "new and crippling restrictions" on non-government organisations that try to protect rights and enhance accountability. "New technologies have proven useful both to oppressors and to those who struggle to expose the failures and the cowardice of the oppressors," she said. The report said more people g... read more» | |
| | |
|
|
|
|
| Faster application development can improve security | |
| (from ComputerWeekly at 12-3-2010) | |
| More than 80% of organisations across the EMEA region have switched to agile software development methodologies, research has shown. Quicker time to market is the obvious reason for this trend, as highlighted by preliminary findings of a study by Forrester Research, but other benefits include better security. The main driver is faster application development as limited functionality is added through a series of short cycles that go through the whole development lifecycle.... read more» | |
| | |
|
|
| USB stick blamed for DHB's virus shut-down | |
| (from nzherald at 12-3-2010) | |
| A USB stick inserted in a carpark booth computer at Waikato Hospital has been blamed for bringing down the district health board's computer network in December last year. About 3000 computers across the board's network were infected with the Conficker virus, forcing a complete computer shutdown. Wilson Parking northern general manager Stephan Wuffli told the Waikato Times the source of the virus appeared to be from a USB stick that was used in a computer in a carpark booth. The booth was l... read more» | |
| | |
|
|
| US weighing legal challenge to PRC’s Internet censorship | |
| (from TaipeiTimes at 12-3-2010) | |
| The US is studying whether it can legally challenge Chinese Internet restrictions that hurt Google and other US companies operating in China, but direct talks with Beijing might yield faster results, the top US trade official said on Tuesday. “We are still dialoguing not just with Google, but with other Internet providers, to make sure we fully understand what is happening in China,” US Trade Representative Ron Kirk said in remarks at the National Press Club. At the same time, US trade off... read more» | |
| | |
|
|
| Spam and Phishing Landscape: March 2010 | |
| (from Symantec at 12-3-2010) | |
| In February, spammers continued to use the news of the earthquake in Haiti and the recent earthquake in Chile as another vector to utilize. Scam and phishing messages accounted for 19 percent of all spam in February, which is 2 percentage points lower than in January, but nevertheless an elevated level. In addition to spam tactics involving current events, this month’s report also highlights international threats. While spam is truly a global problem affecting all countries, the report showca... read more» | |
| | |
|
|
| Rogue antivirus software is most costly security scam of 2010 | |
| (from ComputerWorldUk at 12-3-2010) | |
| Fake antivirus programs that encourage web users to part with their hard-earned cash and download hoax security software is likely to be the most costly scam of 2010, says McAfee. According to the security firm, cybercriminals make upwards of $300m from conning web users worldwide into downloading scareware. The security firm also said it had seen a 660 percent rise in scareware over the past two years, and a 400 percent increase in reported incidents in the last 12 months.... read more» | |
| | |
|
|
| SecurityFocus to partially shut down | |
| (from h-online at 12-3-2010) | |
| Symantec has announced that it plans to shut down part of its SecurityFocus security information portal. The company says that only the Mailing Lists, including Bugtraq, and its Vulnerability Database will remain online. Starting on the 15th of March, SecurityFocus will begin transitioning its content to the Symantec Connect site. Founded in 1999, SecurityFocus was acquired in 2002 by Symantec, the company behind another acquisition the popular Norton range of security products. In addition t... read more» | |
| | |
|
|
| Sarah Palin to testify in email hack trial | |
| (from The Register at 12-3-2010) | |
| Former Republican vice presidential candidate Sarah Palin will testify in person against the college student accused of breaching her Yahoo mail account and leaking some of its contents online, according to published reports. Palin’s lawyer, Thomas V Van Flein, told multiple news outlets that the former Alaska governor will be in Knoxville to testify at the trial, set to start April 20. Palin, who insisted the Russians were "next-door neighbors" of her state, will appear at the request of fed... read more» | |
| | |
|
|
| Inside the mind of a Russian hacker | |
| (from BBC at 12-3-2010) | |
| Andrei is a young man with immense power at his fingertips. He's a reformed Russian hacker. Back hunched, eyes fixed on the computer screen in front of him, he demonstrates what he can do. "Look, here's the log-in and the password," he says, pulling up a Georgian government website. "This site has already been hacked, I'm just demonstrating the vulnerability. But it's easy if you know how."... read more» | |
| | |
|
|
| Hackers reminisce about raid of game publisher’s offices | |
| (from dailytexanonline at 12-3-2010) | |
| Austinites gathered Tuesday to commemorate the raid of a local computer game publishing company and the landmark court case that followed, increasing First Amendment protection on the Internet. On March 1, 1990, the Secret Service raided Steve Jackson Games because of the company’s suspected connection to a computer-hacking incident. Steve Jackson, founder of the publishing company, sued the Secret Service for infringing on his First Amendment rights and won $50,000 in damages.... read more» | |
| | |
|
|
| GCHQ staff lost 35 laptop computers, report says | |
| (from Guardian at 12-3-2010) | |
| Staff at GCHQ, the government's electronic eavesdropping centre, mislaid 35 laptops and it was not known whether the computers contained top secret information because of the agency's "haphazard" monitoring system, it emerged today. The computer disappearances were revealed in the latest report by the parliamentary intelligence security committee (ISC), which also expressed concern about GCHQ's failure to meet the growing threat of cyber attacks, both state-sponsored and by Islamist terrorist... read more» | |
| | |
|
|
| Google Prepares to Stop Censoring in China | |
| (from Wall Street Journal at 12-3-2010) | |
| Google Inc. could stop censoring its Web-search results in China within weeks, said people familiar with the matter, but the company isn't likely to withdraw from the country entirely. Google may end up making individual agreements with different Chinese agencies to allow it top operate some parts of its business in a patchwork arrangement, said one person familiar with the talks. "There will be a way for Google to not pull out 100%," this person said.... read more» | |
| | |
|
|
| TJX Hacking Conspirator Gets 4 Years | |
| (from Wired at 12-3-2010) | |
| Humza Zaman, a co-conspirator in the hack of TJX and other companies, was sentenced Thursday in Boston to 46 months in prison and fined $75,000 for his role in the conspiracy. The sentence matches what prosecutors were seeking. Zaman, a 33-year-old former network security manager at Barclays Bank, was charged with laundering between $600,000 and $800,000 for hacker Albert Gonzalez, who is currently awaiting sentencing on charges that he and others hacked into TJX, Office Max, Heartland Paymen... read more» | |
| | |
|
|
| Meg Hillier MP opens new offices for the Independent Safeguarding Authority (ISA) at Morton Palms | |
| (from The Northern Echo at 12-3-2010) | |
| A GOVERNMENT minister has said identity cards for young people could be one way of keeping children safe on the internet. However, Meg Hillier MP said it was also very important for parents and teenagers to be aware of the risks they take when using social networking sites. Ms Hillier, who is parliamentary under-secretary of state at the Home Office, was speaking yesterday at the opening of the new offices for the Independent Safeguarding Authority (ISA) at Morton Palms, in Darlington.... read more» | |
| | |
|
|
| Study: Employees Continue to Put Data at Risk | |
| (from courion at 12-3-2010) | |
| Based on a recent study by the research firm Ponemon Institute it was reported that, "Despite the best efforts of IT departments, business managers continue to disengage, or turn off, their laptops' encryption solution - exposing company information to thieves should the computer go missing." This is a concern, especially given the increase in sensitive data being made more broadly available (electronic health records, mobile computing...) and the continuing reports of lost or stolen laptop... read more» | |
| | |
|
|
| State Web site breach tied to foreign attacker | |
| (from DesMoinesRegister at 12-3-2010) | |
| A hacking incident on an Iowa homeland security Web site last week has been linked to a foreign attacker who gained access through a security vulnerability, a state official said Wednesday. This hacker used an "abstract, colorful" image to deface the site operated by the Iowa Division of Homeland Security and Emergency Management, said Robert Bailey, communications director for the Iowa Department of Administrative Services. Access was gained by exploiting software that lacked a security patc... read more» | |
| | |
|
|
| Cyber Threat Vectors: Are we looking at them all? | |
| (from Adfero at 12-3-2010) | |
| We often talk about cyber threats in different ways. Some speak of them based on who the bad guys are: hackers, terrorists, cyber criminals or nation states. Others use the bad guys’ technical approach as a means to define them: SQL injection, Memory Scrappers, DDoS Attacks, etc. A third way, one based on distance from targets, was used by Steven Chabinsky of the FBI recently in several venues. I think it adds to the depth of our analysis, and bring to the fore some key areas that are often o... read more» | |
| | |
|
|
| Password reset questions dead easy to guess | |
| (from The Register at 12-3-2010) | |
| Guessing the answer to common password reset questions is far easier than previously thought, according to a new study by computer science researchers. In the paper What's in a Name? Evaluating Statistical Attacks on Personal Knowledge Questions (pdf), Joseph Bonneau of the University of Cambridge and two colleagues from the University of Edinburgh show how hackers stand a one in 80 chance of guessing common security questions such as someone's mother's maiden name or their first school withi... read more» | |
| | |
|
|
| Tories on cyber war: Waffle, mutter, waffle. Um, vote for us! | |
| (from The Register at 12-3-2010) | |
| Tory peer and shadow security minister Baroness Pauline Neville Jones has set out her party's thoughts on cyber war and defence. Unfortunately once the waffle is stripped away there's pretty much nothing there. Here are a few selected bits from her speech: Neither the government nor the private sector can completely control or protect the country's information infrastructure. I think we all recognise that there is a long way to go.There are, of course, differences between the threat posed by ... read more» | |
| | |
|
|
| Pauline Neville-Jones: Governments and Cyber Warfare | |
| (from Conservatives at 12-3-2010) | |
| This is not just my view. It was one of the opening sentences of the US Director of National Intelligence, Dennis Blair, when he delivered the intelligence community's annual threat assessment to the Senate in February. He went on to say that, 'with increased national attention and investment in cyber security initiatives, measures can be implemented to mitigate this negative situation'. But I think we all recognise that there is a long way to go. A lot of attention has focussed on a simul... read more» | |
| | |
|
|
| Update: Security industry faces attacks it cannot stop | |
| (from ComputerWorld at 12-3-2010) | |
| At the RSA Conference in San Francisco last week, security vendors pitched their next generation of security products, promising to protect customers from security threats in the cloud and on mobile devices. But what went largely unsaid was that the industry has failed to protect paying customers from some of today's most pernicious threats. The big news at the show had to do with the takedown of the Mariposa botnet -- a massive network of hacked computers that has infected half of the Fortun... read more» | |
| | |
|
|
| Australia on internet watchlist with Iran, North Korea | |
| (from The Sydney Morning Herald at 12-3-2010) | |
| A top media rights watchdog has listed Australia along with Iran and North Korea in a report on countries that pose a threat of internet censorship. Paris-based media rights group Reporters Without Borders on Thursday put Australia and South Korea on its list of countries "under surveillance" in its "Internet Enemies" report. Australia was listed for the government's plan to block access to websites featuring material such as rape, drug use, bestiality and child sex abuse.... read more» | |
| | |
|
|
| PKK Hackers Arrested in Turkey | |
| (from garwarner at 12-3-2010) | |
| Hacker sites and foreign press are picking up the story today of the arrest of at least 23 hackers in 13 different provinces in Turkey. The news was first seen in Russian on 09MAR2010, but is now spreading into the English speaking press, with more details available. News.AZ ran the story 23 Kurdish hackers arrested in Turkey, which provides some basic facts that the hackers are associated with the Kurdistan Workers' Party, or PKK, and were taken to Diyarbakır for further questioning.... read more» | |
| | |
|
|
| Estonian DDoS revenge worm crafter jailed - Infection still spreading | |
| (from The Register at 12-3-2010) | |
| An Estonian virus writer has been jailed for two and a half years for creating a Windows worm family that launched denial of service attacks on the websites of a local insurance firm and ISP. Artur Boiko, 44, was convicted by a jury of creating the Allaple worm and sentenced to two years and seven months following a trial. Boiko pleaded not guilty but prosecutors persuaded the jury that he became a malware author in late 2006 to seek revenge against insurance firm IF following a dispute over ... read more» | |
| | |
|
|
| Computing's Killer Problem | |
| (from Forbes at 12-3-2010) | |
| Computers seem to exist in a world of perfect logic and absolute certainty. But much of what we do with computers--the fundamental security of the Internet, for example--is based not on anything we know for sure, but on what's essentially just a good guess. Is that the best we can do? Not if the computer scientists working on something called the P=NP problem have anything to say about it. For lay people the issue at the heart of whether P is equal to NP might seem awfully abstract; just expl... read more» | |
| | |
|
|
| Koobface gang refresh botnet to beat takedown | |
| (from The Register at 12-3-2010) | |
| Command and Control servers associated with the infamous Koobface worms have gone through a complete refresh over the last fortnight. Russian net security firm Kaspersky Lab reckons the change up might be aimed at making takedown efforts by cybercrime fighters more difficult. Koobface spreads via messages on social networking sites such as Facebook and Twitter. The worm and compromised legitimate websites act as proxies for its main command and control servers. Infected machines are contamina... read more» | |
| | |
|
|
| Three inspectors sign off on net filter blacklist | |
| (from Computer World at 12-3-2010) | |
| New Zealand’s opt-in internet content filter, which went live in February, runs the Swedish Netclean Whitebox content filter on a set of servers. Banned websites must be justified and signed-off by three “warranted inspectors of publications”. The blacklist has more than 7000 URLs of child sexual abuse material, according to 2009 government statistics. It has been in construction by the censorship unit since 2005 and is affiliated with Europe’s Cospol Internet Related Child Abusive Material P... read more» | |
| | |
|
|
| Allaple worm author sentenced to jail | |
| (from Sophos at 12-3-2010) | |
| The author of a series of worms that launched a denial-of-service attack against the websites of an insurance company and an internet service provider has been sentenced to jail for two years and seven months. 44-year-old Arthur Boiko has been convicted by the jury at Harju County Court, Estonia, after pleading not guilty to creating malware that sought revenge against the IF insurance firm.... read more» | |
| | |
|
|
| Internet restrictions curtail human rights, says US | |
| (from BBC at 12-3-2010) | |
| Many governments have used the internet to curtail freedom of expression at home, the US state department says in its latest annual human rights report. In many cases new forms of electronic communications are restricted to control domestic dissent, it says. The wide-ranging report also highlights continuing human rights violations in China against the Uighurs and extra-judicial killings in North Korea. Iran, Sri Lanka, Burma and Switzerland also come in for criticism. US Secretary of State H... read more» | |
| | |
|
|
| Burglars, pedophiles could exploit Facebook GPS location move | |
| (from Courier Mail at 12-3-2010) | |
| FACEBOOK is set to publish the exact GPS location of users in a move experts say will be exploited by burglars and pedophiles. The social networking giant will reportedly announce the feature next month at its yearly developer conference "F8". Users' locations will be revealed when they post status updates and the capability to tell when people are out of their house has shocked experts who say robbers will begin monitoring the site which has more than 400 million subscribers."And GPS technol... read more» | |
| | |
|
|
| Online banking fraud up by 14% amid wave of 'phishing' attacks | |
| (from CityWire at 11-3-2010) | |
| Fraudsters are turning away from traditional credit card fraud and attacking online bank accounts instead, new figures have shown. Online banking fraud rose 14% in 2009, with losses totalling £59.7m, according to the UK Cards Association. The increase in online fraud was largely blamed on criminals using more sophisticated fraud methods, such as ‘phishing’. Phishing is where fraudsters use fake websites and e-mails that imitate legitimate companies in order to trick you into handing ove... read more» | |
| | |
|
|
| Man charged over bid to damage U.S. security database | |
| (from insing at 11-3-2010) | |
| A Colorado man has been charged with trying to sabotage a U.S. security database that holds sensitive information used for screening air travellers, the Justice Department said on Wednesday. Douglas Duchak, 46, had worked at a Transportation Security Administration operations centre for five years, updating its computers with data from the Terrorist Screening Database and the U.S. Marshal's Service Warrant Information Network. The TSA is primarily responsible for screening passengers at U.... read more» | |
| | |
|
|
| Password cracker 100 times faster with an SSD cracker | |
| (from h-online at 11-3-2010) | |
| The security specialist Objectif Securite has optimised its rainbow tables – a common tool used to crack password hashes – to make use of SSDs. The result is, according to Objectif Securite's Philippe Oechslin, an acceleration by a factor of 100 when compared to their old 8GB Rainbow Tables for XP hashes. A web form takes the XP-hashes and cracks them for free with the new, ten times larger tables.... read more» | |
| | |
|
|
| Scareware will be most costly security scam of 2010 | |
| (from NetworkWorld at 11-3-2010) | |
| Fake antivirus programs that encourage web users to part with their hard-earned cash and download hoax security software is likely to be the most costly scam of 2010, says McAfee. According to the security firm, cybercriminals make upwards of $300m from conning web users worldwide into downloading scareware. The security firm also said it had seen a 660 percent rise in scareware over the past two years, and a 400 percent increase in reported incidents in the last 12 months.... read more» | |
| | |
|
|
|
|
| Former TSA analyst charged with computer tampering | |
| (from goodgearguide at 11-3-2010) | |
| A U.S. Transport Security Administration analyst has been indicted with tampering with databases used by the TSA to identify possible terrorists who may be trying to fly in the U.S. Douglas James Duchak, 46, was indicted by a grand jury Wednesday with two counts of damaging protected computers. According to a federal indictment, Duchak tried to compromise computers at the TSA's Colorado Springs Operations Center (CSOC) on Oct. 22, 2009, seven days after he'd being given two weeks notice that ... read more» | |
| | |
|
|
| Brocade: Half of network solutions only stop one in four network attacks | |
| (from infosecurity-us at 11-3-2010) | |
| Almost one in five participants at the RSA conference last week believe that their companies' security policies are being effectively enforced, according to figures released by data center fabric company Brocade. That said, at least half of them seem to be unhappy with their companies' security technology solutions. Brocade, which interviewed 144 RSA Conference attendees from a wide variety of different sectors, found that 18% of respondents believed company security policies were being total... read more» | |
| | |
|
|
| Human exploit attacks surpass the software flaw approach | |
| (from Net-Security at 11-3-2010) | |
| Barracuda Labs released its annual report for 2009, in which they highlight the shifts in Internet user behavior and the resulting attacker trends. Throughout 2009, Twitter experienced a number of attacks involving phishing, spam, worms, DDoS, compromised DNS records and site defacement. As millions of users flocked to Twitter, criminals followed. Accounts were used for poisoning trending topics with shortened malicious URLS. In 2009, one in eight accounts was considered to be malicious, s... read more» | |
| | |
|
|
| Phishing Update: 'No Brand is Safe' | |
| (from Bankinfosecurity at 11-3-2010) | |
| Online fraud schemes and malware are casting an even wider net, far beyond the large national banks and well-known retailers, as phishers seek new victims. This is the word from the Anti-Phishing Working Group (APWG), which has just issued its latest quarterly report on phishing trends. According to the APWG's fourth quarter 2009 report, the number of hijacked brands hit a record 356 in October, compared to the previous record month of 341 in August 2009.... read more» | |
| | |
|
|
| Y2.01K hits Garmin satnav | |
| (from The Register at 11-3-2010) | |
| Garmin's Geko 201 GPS kit can't decide what year it is, flipping between decades every time it's switched on, though it's performing better on days of the week. 2010 is proving a complicated year for computers, fouling up debit cards in New Zealand and credit cards in Germany, and now Garmin's Geko 201 GPS kit which has decided that it's 1949, or perhaps 1969 or even 2029. The shift isn't by an exact number of days and seems to change every time the device is switched on, but it's causing ... read more» | |
| | |
|
|
| Twitter is magnet for fakes, fraudsters and celebs | |
| (from ComputerWeekly at 11-3-2010) | |
| You probably always suspected it, but online security experts at Barracuda Labs have confirmed that Twitter is overrun with fakers and fraudsters. The lab's latest report on Twitter trends and tracking, web threats and trends, and e-mail spam and viruses, reveals that just 21% of people on the social networking site are genuine. The lab analysed more than 19 million Twitter accounts, both legitimate and malicious, for frequency and content of tweets, user-to-user interaction, and each acco... read more» | |
| | |
|
|
| IT security must address business trends, says Forrester | |
| (from ComputerWeekly at 11-3-2010) | |
| Shifts in technology, business expectations and process ownership in organisations are inevitable and all three have security implications, according to Forrester Research. "These shifts have been taking place for a few years, but the frequency of change has accelerated significantly in the past year," Khalid Kark, principal analyst at Forrester, told Computer Weekly. IT security professionals need to recognise these shifts to ensure they are prepared to handle them, he will tell the openi... read more» | |
| | |
|
|
| Government seeks to debunk cyber war myth | |
| (from ComputerWeekly at 11-3-2010) | |
| The government is seeking to quell what it claims are reactionary press reports branding network intrusions by hackers as "cyber attacks". Government officials say they are concerned that the use of the word 'attack' for any sort of hack has led the media to conflate network intrusion attempts with acts of cyber war. Air commodore Graham Wright, deputy director of the Office of Cyber Security (OCS), said his Cabinet Office department is developing a "national lexicon" of cyber English.... read more» | |
| | |
|
|
| Cybercrimals use fake Windows update to push bogus security software | |
| (from ComputerWeekly at 11-3-2010) | |
| Cybercriminals are using a fake Windows Update installation dialogue box to sell a bogus security product called Anti-malware Defender, security researchers have warned. The scam uses very realistic looking Windows Update dialogue boxes, pop-ups and bogus anti-virus scans, said Andrew Brandt, malware researcher at Webroot. The scam is triggered by infected websites that push drive-by downloads at visitors and include links to genuine Microsoft information pages, he said in a blog post.... read more» | |
| | |
|
|
| Arkansas National Guard Loses Hard Drive | |
| (from esecurityplanet at 11-3-2010) | |
| An unencrypted backup storage drive holding the names, social security numbers and other unspecified personal information of more than 35,000 Arkansas National Guardsmen was discovered missing last month, the latest incident in a string of military security gaffes. Officials at the Camp Joseph T. Robinson base in North Little Rock, Ark., said the wayward drive was last used in November as a backup drive to archive personnel information dating back to 1991. The drive was discovered missing... read more» | |
| | |
|
|
| Govt thwarted all hacking attempts: Sachin Pilot | |
| (from oneindia at 11-3-2010) | |
| Dispelling fears on hackers penetrating into important informations, Minister of State for Communication and Information Technology Sachin Pilot said that the government has been successful averting such attempts. "Yes, there have been attempts but I can categorically say that not one attempt has been successful," the minister said. "The government's computer network system, maintained by the National Informatics Centre, is highly efficient," Pilot said in a news agency report.... read more» | |
| | |
|
|
| NASA launches mission simulator Web site | |
| (from FCW at 11-3-2010) | |
| An interactive simulation Web site launched by NASA today enables anyone to experience space mission activities, such as docking the space shuttle at the International Space Station. The online Space Communication and Navigation (SCaN) simulation is designed to be both educational and entertaining, according to NASA officials who made the announcement. Other simulations include a trip to Mars and a lunar impact. The interactive simulation also offers a virtual 3-D experience to visualize how ... read more» | |
| | |
|
|
| Trademarks and security delay domain changes at ICANN meeting | |
| (from ComputerWorldUk at 11-3-2010) | |
| Trademark protection, costs and cybersecurity threats are some of the issues likely to derail the introduction of new Internet generic top-level domains, being discussed at a meeting of the Internet Corporation for Assigned Names and Numbers Board this week in Nairobi. Trademark protection and the rights of trademark holders have been among the controversial issues at the meeting, which started Sunday and continues through Friday. "The issue is very simple and complicated at the same time.... read more» | |
| | |
|
|
| Top Google Search Items Under Siege | |
| (from DarkReading at 11-3-2010) | |
| Search engine optimization (SEO) poisoning continues to be alive and well, with an unusually large wave of these attacks spotted during the past seven days targeting 284 of the top Google search terms. SonicWALL found 6,600 malicious URLs attacking the top search terms, including "what time do the oscars start 2010" and "disney princess half marathon." As many as nine of these terms are under attack at any one time. More than 60 malicious URLs for the princess query appeared on Google's top 3... read more» | |
| | |
|
|
| Net oversight board to consider (dot)xxx domains | |
| (from CNet at 11-3-2010) | |
| The Internet Corporation for Assigned Names and Numbers (ICANN) board at its meeting Friday will consider a proposal from ICM Registry for adult sites to use the .xxx top-level domain instead of or in addition to .com. This is hardly the first time ICANN has dealt with this issue. It rejected similar proposals in 2000, again in 2006 and most recently in 2007. In an telephone interview Wednesday night from Nairobi (scroll down for podcast), ICM President Stuart Lawley said he successfully a... read more» | |
| | |
|
|
| US expert: Chinese gov’t likely behind massive cyberattacks | |
| (from ComputerWorld at 11-3-2010) | |
| The Chinese government is likely behind recent cyberattacks on U.S. government Web sites and on U.S. companies in an apparent effort to quash criticism of the government there, an expert on U.S. and Chinese relations said Wednesday. There’s no conclusive proof that recent attacks on Google and dozens of other U.S. companies are directed by the Chinese government, but logic would point to official Chinese involvement, said Larry Wortzel, a member of the U.S.-China Economic and Security Review ... read more» | |
| | |
|
|
| Hackers Pocketed US$120 Million in Three Months | |
| (from TopNews at 11-3-2010) | |
| According to the U. S. Federal Deposit Insurance Corporation, the computer scams aiming at small businesses, cost US$25 million in the third quarter of 2009 to the U. S companies. The electronic transfer of funds involving fraudulent ways has increased to the loss of about US$120 million in the third quarter of 2009. This estimate was presented by David Nelson (an examination specialist with the FDIC) at the RSA Conference in San Francisco. With the help of different confidential reports f... read more» | |
| | |
|
|
| Expert says Chinese government likely behind massive cyberattacks | |
| (from InfoWorld at 11-3-2010) | |
| The Chinese government is likely behind recent cyberattacks on U.S. government Web sites and on U.S. companies in an apparent effort to quash criticism of the government there, an expert on U.S. and Chinese relations said Wednesday. There's no conclusive proof that recent attacks on Google and dozens of other U.S. companies are directed by the Chinese government, but logic would point to official Chinese involvement, said Larry Wortzel, a member of the U.S.-China Economic and Security Review ... read more» | |
| | |
|
|
| Hackers pose big threat to Indian enterprises | |
| (from Zibb at 11-3-2010) | |
| Hackers are the biggest threat to Indian cyber industry and they cause massive financial loss to the entrepreneurs, a recent study has found. The study, conducted by anti-virus manufacturer Symantec, showed almost 42 per cent of Indian enterprises considered cyber security as their top priority and 66 per cent of them experienced threats to their virtual data in the past year. Precautions to check the menace from outside and internal threats have been taken by the companies, the study, re... read more» | |
| | |
|
|
| Industry Frets Over Software Security | |
| (from EWeek at 11-3-2010) | |
| Based on the results of a survey conducted at last week's RSA Security Conference in San Francisco, IT security pros are more concerned than ever regarding the resiliency of the software systems that their organizations use based on the availability of exploitable vulnerabilities in the programs. According to the survey of 200 RSA attendees carried out by code analysis specialists Fortify, a lion's share of RSA attendees, some 73 percent, acknowledge that the software present in their organiz... read more» | |
| | |
|
|
| Social networking risks, benefits for enterprises weighed by RSA panel | |
| (from TechTarget at 11-3-2010) | |
| Are the evils of social networking ultimately brought on by users who make bad decisions about when and how to share their information, or by social networks that fail to properly protect their users' data? That was the key topic of debate during a 2010 RSA Conference panel discussion Thursday on social networking risks and why the use social networking sites often leads to the unintended exposure of personal and business information.... read more» | |
| | |
|
|
| APT: Should your panties be in a bunch, and how do you un-bunch them? | |
| (from vrt-sourcefire at 11-3-2010) | |
| There is no more predictable group of people than marketers. Once a term reaches a certain tipping point, they grab onto it for dear life and choke it until it means nothing. Apparently, the Advanced Persistent Threat (APT) hit that point somewhere around December. APT is a level of threat, a description of the sophistication, patience and talent behind an attack. The attacks are targeted, typically involving both an exploit and social engineering.... read more» | |
| | |
|
|
| U.S. expert blames Chinese government for recent cyberattacks | |
| (from Computer World at 11-3-2010) | |
| The Chinese government is likely behind recent cyberattacks on U.S. government Web sites and on U.S. companies in an apparent effort to quash criticism of the government there, an expert on U.S. and Chinese relations said Wednesday. There's no conclusive proof that recent attacks on Google and dozens of other U.S. companies are directed by the Chinese government, but logic would point to official Chinese involvement, said Larry Wortzel, a member of the U.S.-China Economic and Security Review ... read more» | |
| | |
|
|
| Security Pros Say Apps Are Vulnerable -- And Constantly Attacked | |
| (from DarkReading at 11-3-2010) | |
| If you worry that your organization's applications are vulnerable to attack, then you're not alone, according to study results released yesterday. In a survey at the RSA Conference 2010 in San Francisco last week, researchers from security vendor Fortify found that most security pros are stressed about potential attacks on their apps. In fact, 73 percent of respondents thought the applications in their companies had vulnerabilities that hackers could exploit. In fact, most agreed it would ... read more» | |
| | |
|
|
| Surge in Twitter use draws in the cyber crooks | |
| (from v3 at 11-3-2010) | |
| Twitter users are becoming more active, but so too are the cyber criminals targeting the micro-blogging site to infect PCs with malware, according to the latest figures from Barracuda Labs. The security firm's annual report (PDF) revealed that the proportion of Twitter users with no followers has fallen from 20 per cent last June to 17 per cent today, and the proportion with fewer than 10 followers dropped from 80 per cent to 74 per cent.... read more» | |
| | |
|
|
| UK SMEs in data recovery failure | |
| (from ChannelWeb at 11-3-2010) | |
| UK firms are more likely than their continental counterparts to suffer prolonged downtime as a result of poor disaster recovery practices, claims research by storage vendor Acronis. Some 600 SMEs from France, the UK and Germany took part in the study, which was carried out to gauge the differences in backup and data recovery practices between the three countries. According to its findings, the UK has the worst attitude when it comes to data recovery, with 38 per cent of UK SMEs claiming to ne... read more» | |
| | |
|
|
| Most Malicious Websites Hosted In U.S. | |
| (from SecurityProNews at 11-3-2010) | |
| The AVG research study is based on the analysis of threats reported during the last 6 months from AVG's 110 million global users of its LinkScanner security product. The research indicates an increase in malware serving websites targeting end users, which usually focus on stealing online baking information, credit card information, personal identities and passwords to social sites. After the United States countries hosting the most malicious websites include Germany and China at just five per... read more» | |
| | |
|
|
| Pennsylvania's Web security officer leaves post a week after talking about PennDOT hacking incident | |
| (from Pennlive at 11-3-2010) | |
| Last week, Pennsylvania’s chief information security officer Robert Maley was at an information security conference in San Francisco talking about a hacking incident involving PennDOT’s computers. This week, Maley is gone. Gary Tuma, Gov. Ed Rendell’s press secretary, confirmed that Maley is no longer employed by the state, but he declined to comment further, saying it is a personnel matter. Attempts to contact Maley yesterday were unsuccessful.... read more» | |
| | |
|
|
| How dangerous is Facebook? | |
| (from New Zealand Herald at 11-3-2010) | |
| On Monday in Britain, Peter Chapman, 33, was sentenced to a minimum of 35 years in prison for the murder of Darlington teenager Ashleigh Hall. Chapman, a convicted sex offender, was "very active" on a stolen black Acer laptop in the period leading up to the murder; it later transpired that he had used the social networking website Facebook in order to choose his victim. While websites such as Facebook usually play a passive, benign role in crimes that headlines might suggest are entirely attr... read more» | |
| | |
|
|
| Cyber ShockWave exposed missing links in U.S. security | |
| (from Government Computer News at 11-3-2010) | |
| In mid-February the Bipartisan Policy Council hosted Cyber ShockWave, a simulation of how our nation might respond to a catastrophic cyber event. The simulation was conducted through the lens of a notional National Security Council (NSC) meeting convened to advise the president on how the federal government should respond to the crisis and what the president should communicate to the American people to reassure them. The presentation of Cyber ShockWave was well timed. Right now, the U.S. gove... read more» | |
| | |
|
|
| Cyber Crimes In India Are Increasing Unchecked | |
| (from groundreport at 11-3-2010) | |
| Cyber crimes in India are increasing at a rapid rate. The matter is made worst by a weak and ineffective cyber law of India. Though the law minister of India had declared for a separate enactment to deal with growing cyber crimes yet the proposal seems to have been dumped for the time being. In India cyber crime are tried under both the traditional Indian Penal Code and the Information Technology Act, 2000 (IT Act 2000). However, police is not aware of the minutiae of the cyber law of India.... read more» | |
| | |
|
|
| March 2010 Spam Report - McAfee Research Report | |
| (from McAfee at 11-3-2010) | |
| On the day of the Haitian earthquake tragedy, McAfee Labs senior researcher Craig Schmugar wrote about related phishing sites and email scams in the McAfee Labs Blog.1 The people behind these frauds deserve to be caught and thrown in jail. Days later, another McAfee researcher, François Paget, shared a story that demonstrates that when several researchers join forces, the bad guys run the risk of being punished.... read more» | |
| | |
|
|
| 13m users worldwide affected by Mariposa botnet | |
| (from Net-Security at 11-3-2010) | |
| Following the worldwide shutdown of the Mariposa botnet last week, Panda Security reported today that the massive botnet had infected 13 million computers in 190 countries and 31,901 cities. According to Luis Corrons, Technical Director of PandaLabs, "The highest infection ratios are found in countries where computer security education is not a priority. However, in countries where cyber security awareness campaigns have been prioritized over the last few years, like the United States, German... read more» | |
| | |
|
|
| Colorado Springs man allegedly sabotaged TSA computers | |
| (from Denver Post at 11-3-2010) | |
| A former employee of the Transportation Security Administration has been indicted by the Denver federal grand jury for attempting to sabotage TSA computers that enable TSA airport personnel to spot potential terrorists before they board airliners. Douglas James Duchak, 46, of Colorado Springs, worked for the TSA from August 2004 through October 2009. According to the indictment, Duchak sent a code or virus into computers at the TSA's Colorado Springs Operations Center in the attempt to disabl... read more» | |
| | |
|
|
| McAfee Labs Publishes ‘March Spam Report’ | |
| (from avertlabs at 11-3-2010) | |
| This month authors Adam Wosotowsky and Elan Winkler discuss a possible charity scam in France that takes advantage of sympathy for the victims of the Haitian earthquake, examine a “ham campaign” regarding events in Haiti, and look at another fraudulent attempt to connect “lonely women” with victims’ credit cards. Our key topics: * Security professionals working together can expose fraudsters and sometimes bring about their arrests. One of our French researchers shows how it can work. ... read more» | |
| | |
|
|
| WhitePages.com halts ad networks over malware | |
| (from CNet at 11-3-2010) | |
| WhitePages.com has stopped ad networks from delivering ads to its site after they were found to contain fake antivirus malware. "On Monday morning WhitePages received reports from users [about] malware in the form of a fake antivirus upsell program that we believe originated (against our terms) from a third-party advertising network serving ads on our website, in addition to other websites," a WhitePages spokeswoman said in an e-mail late Tuesday.... read more» | |
| | |
|
|
| Correction: Botnet Busted story | |
| (from Yahoo at 11-3-2010) | |
| In a story March 2 about the arrest of three suspects in the virus infection of nearly 13 million computers, The Associated Press erroneously reported the spelling of the last name of a captain with Spain's Guardia Civil, which is investigating the case. The captain's correct name is Cesar Lorenzana, not Lorenza.... read more» | |
| | |
|
|
| UK's cyberdefence centre gets later start date | |
| (from ZDNet at 11-3-2010) | |
| The government's cyberattack response centre, charged with protecting Britain's critical IT infrastructure, will go into full operation later than MPs were told. The Cyber Security Operations Centre (CSOC), based near GCHQ in Cheltenham, was slated to start up on 10 March, according to a written parliamentary answer given by labour whip Baroness Crawley published in Hansard in November. She wrote that by that date, the centre would have reached its initial operating capacity of 19 staff membe... read more» | |
| | |
|
|
| An Evolution of Profit Driven Malware - China offers an interesting and distinct case study | |
| (from Websense Security Labs at 11-3-2010) | |
| Malware is a gremlin of cyberspace. Digitally disguised and undeterred by borders or passports, it can be found anywhere in the world and China is no exception. China has now formed a malware industry chain from malware programming to malware spreading. Usually, after malware writers write malware, commercial agents on the Internet will sell access to it, sharing incredible profits with these malware writers.... read more» | |
| | |
|
|
| After takedown, botnet-linked ISP Troyak resurfaces | |
| (from Computer World at 11-3-2010) | |
| Last week FBI Director Robert Mueller called the fight against hackers "the cyber equivalent of cat-and-mouse." On Wednesday security experts trying to take down the Zeus botnet got a taste of what he meant. Just hours after Internet service providers severed network connectivity to Troyak, an ISP associated with the Zeus botnet, the ISP has regained connectivity after peering with a new upstream Internet service provider.... read more» | |
| | |
|
|
| Multiple Vendors Affected by New Vulnerabilities | |
| (from TrendMicro at 11-3-2010) | |
| The number of serious zero-day vulnerabilities and potential exploits discovered in recent days is higher than normal. This can enable cybercriminals to gain more leverage in their attacks, allowing them to target a considerably large number of users while these vulnerabilities remain unpatched. Patching vulnerable applications sounds like a solution but that may not be ideal, particularly for enterprise users. Restarting servers is often not as simple for them as it is for home users. In add... read more» | |
| | |
|
|
| Internet 'in running' for Nobel Peace Prize | |
| (from BBC at 11-3-2010) | |
| The internet is among a record 237 individuals and organisations nominated for this year's Nobel Peace Prize. The number of nominations surpasses last year's record of 205 nominations. The internet's nomination has been championed by the Italian version of Wired magazine for helping advance "dialogue, debate and consensus".The director of the Nobel Institute, Geir Lundestad, told BBC News that the organisation had received "thousands of nominations" for the coveted prize. "Some were nominated... read more» | |
| | |
|
|
| Who’s the hardest working researcher of all time? Of 2009? | |
| (from Internet Security Systems at 11-3-2010) | |
| Top Vulnerability Discoverers of All Time Located below is a chart of the percentage of vulnerabilities that are discovered by the top 10 researchers of all time, the percentage of vulnerabilities that are discovered by named individuals, and the percentage of vulnerabilities are listed as unknown discoverers through the end of 2009. Top Vulnerability Discoverers of 2009 Moudi finds himself at the top discoverer of 2009. He is described as a hacker from Lebanon who posts most of his fi... read more» | |
| | |
|
|
| Voluntary Breach Disclosure Rare But Valuable | |
| (from Dark Reading at 11-3-2010) | |
| Google's and Adobe's disclosure in January that they had been hit by the same wave of targeted attacks were rare voluntary revelations, the likes of which may never be seen again: Most companies won't disclose an attack unless required to by law or regulations. But security experts and forensics investigators say the best way to defend against targeted attacks and help unmask who's behind them is to gather and correlate attack information among various victims. There's no common way today for... read more» | |
| | |
|
|
| Online Security Questions Need Improving | |
| (from allgov at 10-3-2010) | |
| From banks to email programs, website developers need to create more complex security questions so users avoid the danger of identity theft. Researchers at the University of Cambridge and the University of Edinburgh found that current schemes used to keep unauthorized individuals from gaining access to personal accounts are too easy to break through.... read more» | |
| | |
|
|
| RSA Conference Yields Expert Advice | |
| (from The New New internet at 10-3-2010) | |
| Last week, RSA held its annual conference out in San Francisco, CA. The conference brought together cyber experts from around the world, along with notable speakers like DHS Secretary Janet Napolitano, FBI Director Robert Mueller and Howard Schmidt, the White House Cybersecurity Coordinator. The topics discussed range from cloud computing to botnets to the need for public-private partnerships. Concerns over cyber crime and cyber espionage dominated the agenda while privacy issues also feature... read more» | |
| | |
|
|
| Q&A: Reed Henry on cybercrime and the CSOC | |
| (from Computing at 10-3-2010) | |
| How has cybercrime evolved over the past five years? The attacks are not random anymore. Five years ago most of them – such as the slammer worm - were made by novices, but they have evolved from scatter-shot to rifle-shot. They can take the form of corruption or disruption of computer networks and software, hacking, computer forensics and espionage.... read more» | |
| | |
|
|
| Chicopee Website Victim Of Argentina Hack | |
| (from cbs3springfield at 10-3-2010) | |
| Chicopee's municipal website is up and running after being temporarily compromised by hackers from Argentina. Mayor Michael Bissonnette said no critical information was leaked. Everyone worries about their personal computers being hacked, but it can also happen to large municipalities. Chicopee found that out this weekend The city's website was successfully hacked from Argentina on Sunday morning.... read more» | |
| | |
|
|
| Net-Witness of the Persecution | |
| (from bloginfosec at 10-3-2010) | |
| A large number of organizations, which have been subjected to successful cyber attacks, never find out about them other than by chance. This is particularly true of insider hacks, where the perpetrator often has proprietary knowledge of internal systems and is well able to operate “under the radar.” The very circumstances under which such discoveries are made lead one to believe, by inference, that we are only seeing the tip of the iceberg, with likely 90 percent or more hidden from view.... read more» | |
| | |
|
|
| Cyber attacks hit 3 in 4 Asia Pacific firms | |
| (from enterpriseinnovation at 10-3-2010) | |
| At least 75% of Asia Pacific organizations have experienced cyber attacks in the past year, costing them as much as US$763,000 annually, as companies grapple with gross understaffing and exponentially rising cyber threats in their respective firms, says a Symantec report. Security is of great concern to enterprises. The study found that 38 percent of organizations in Asia Pacific rate security their top issue.... read more» | |
| | |
|
|
| Patients' medical records go online without consent | |
| (from Telegraph at 10-3-2010) | |
| Those who do not wish to have their details on the £11 billion computer system are supposed to be able to opt out by informing health authorities. But doctors have accused the Government of rushing the project through, meaning that patients have had their details uploaded to the database before they have had a chance to object. The scheme, one of the largest of its kind in the world, will eventually hold the private records of more than 50 million patients.... read more» | |
| | |
|
|
| Cyber crimes cost Indian firms Rs 58 lakh in 2009 | |
| (from financialexpress at 10-3-2010) | |
| Cyber crimes and attacks cost Indian companies Rs 58 lakh in revenue in 2009 and affected over 66% of Indian enterprises, according to a study by internet security providers, Symantec Corp. According to the findings on India in the research titled 2010 State of Enterprise Security, over and above these revenue losses, Indian enterprises also lost an average of Rs 94.56 lakh in organisation, customer and employee data, and an average of Rs 84.57 lakh in productivity costs last year.... read more» | |
| | |
|
|
| Web malware scams go primetime | |
| (from v3 at 10-3-2010) | |
| Interest in primetime TV shows has become a favourite lure for cyber criminals, according to security experts. The Academy Awards and upcoming premieres of new television shows are being targeted in search engine optimisation attacks. Security firm Sophos said that malware writers had loaded web pages with keywords relating to the Awards in order to achieve higher placement in search results.... read more» | |
| | |
|
|
| Buckle in for the Cyber ‘Wilderness of Mirrors’ | |
| (from thenewnewinternet at 10-3-2010) | |
| Within the European Union and NATO, security professionals have been circulating dire warnings to colleagues regarding the growing cyber espionage threat from China. In recent months, the Chinese have appeared to more aggressively target NATO, EU and U.S. networks in an effort to steal intelligence secrets. Within the EU, cybersecurity is left up to individual member states and is not comprehensively coordinated. On Friday, the U.S. government released a report stating that the number of atta... read more» | |
| | |
|
|
| Cyber-bullying cases put heat on Google, Facebook | |
| (from Reuters at 10-3-2010) | |
| Although Google, Facebook and their rivals have enjoyed a relatively "safe harbor" from prosecution over user-generated content in the United States and Europe, they face a public that increasingly is more inclined to blame them for cyber-bullying and other online transgressions. Such may have been the case when three Google executives were convicted in Milan, Italy on February 24 over a bullying video posted on the site -- a verdict greeted with horror by online activists, who fear it could ... read more» | |
| | |
|
|
| More than three-quarters see Internet as right: report | |
| (from The Age at 10-3-2010) | |
| More than three-quarters of people across the world believe access to the Internet is a fundamental right, a poll carried out for the BBC indicated Monday. The poll, which questioned more than 27,000 adults across 26 countries, suggested strong support globally for access to the web. The findings come as efforts are stepped up across the world to increase net access, with the United Nations leading a push for more people to be given the opportunity to get online.... read more» | |
| | |
|
|
| Cyber security: a major concern | |
| (from duniyalive at 10-3-2010) | |
| In terms of threats, man-made or natural, cyber security has always been rated by Indian companies as a key concern. Today cyber crime is considered an even bigger threat in comparison to terrorism, natural disasters and crime. Vishal Dhupar stated “Indian enterprises are experiencing frequent cyber attacks and the losses incurred due to them are escalating.” He said further, “In the past 12 months, 66 per cent of the companies experienced cyber intrusions and 51 per cent of them report... read more» | |
| | |
|
|
| UPDATE on Ecuador Government Site Hacked - Details on Traffic and SSH Connections to Panama over last days | |
| (from E-Secure-IT Subscriber at 10-3-2010) | |
| Update 2 - Attached is a bunch of SSH connections to Panama. See PDF. Update 1 - Following is Traffic from the hacked webserver pointing to Latin American Nautilus Panama SA. Non-authoritative answer: Name: www.municipiodemejia.gov.ec Address: 190.152.217.250 Mar 9 12:38:44 101066: Mar 9 12:38:43.729: %SEC-6-IPACCESSLOGP: list denied tcp 190.152.217.250(51024) (FastEthernet0/0 000b.60aa.ec0a) -> 201.218.199.66(22), 1 packet Mar 9 22:25:40 103... read more» | |
| | |
|
|
| Credit card fraud losses drop 28% | |
| (from belfasttelegraph at 10-3-2010) | |
| Fraud losses on UK credit and debit cards fell by 28% during 2009 as a raft of industry initiatives paid off, figures show. Losses on all areas of card fraud dropped during the year to total £440.3 million, the first annual decline since 2006, according to the UK Cards Association. But there was a 14% jump in online banking fraud during the year, as criminals used increasingly sophisticated methods to obtain customers' account details.... read more» | |
| | |
|
|
| UK may retaliate against cyber-attacks | |
| (from BCS at 10-3-2010) | |
| The government's security tsar has warned that the UK is coming under constant cyber attack and hinted that the country may retaliate if pushed much further. Lord West of Spithead told the Observer that there were more than 300 significant attacks last year, often from agencies working for foreign governments. He claimed that huge amounts of intellectual property had been stolen and that a well co-ordinated attack could cause chaos if it were able to disrupt vital services. He warned th... read more» | |
| | |
|
|
| Email security questions easily cracked | |
| (from BCS at 10-3-2010) | |
| New research has found that many web accounts can be accessed without a password simply by guessing the answers to the alternative security questions. The BBC has reported that a study by Cambridge and Edinburgh Universities estimated that attackers could break into one in eighty accounts if they were given just three guesses. The study was trying to find out how easy it was to guess the answers to the security questions if the attackers did not know the victim, other studies have shown it... read more» | |
| | |
|
|
| Plans for .xxx top-level domain pop up again | |
| (from Arstechnica at 10-3-2010) | |
| The .xxx domain is back on the table. The Internet Corporation for Assigned Names and Numbers (ICANN) will reconsider the top-level domain during a meeting in Kenya this week, nearly three years after it was shot down and nine years after it was first introduced as a way to identify pornography sites and hopefully confine them to their own Internet red-light district. The .xxx domain was first proposed in 2001 and approved in 2005 for exclusive (but voluntary) use by the adult entertainment i... read more» | |
| | |
|
|
| UK still lousy on electronic nosiness | |
| (from The Register at 10-3-2010) | |
| A new report highlights a depressingly consistent drift towards ever greater control of the population using new technologies. There are few surprises in the 2010 report, entitled The Electronic Police State, issued yesterday. It shows Russia and the United States within a couple of points of each other when it comes to electronic policing and surveillance, North Korea just overtaking China to gain top prize, and the United Kingdom leading the rest of the West – after the US.... read more» | |
| | |
|
|
| 1024-bit RSA encryption cracked by carefully starving CPU of electricity | |
| (from Engadget at 10-3-2010) | |
| Since 1977, RSA public-key encryption has protected privacy and verified authenticity when using computers, gadgets and web browsers around the globe, with only the most brutish of brute force efforts (and 1,500 years of processing time) felling its 768-bit variety earlier this year. Now, three eggheads (or Wolverines, as it were) at the University of Michigan claim they can break it simply by tweaking a device's power supply. By fluctuating the voltage to the CPU such that it generated a si... read more» | |
| | |
|
|
| Students face bogus intranet scam | |
| (from ComputerWorldUk at 10-3-2010) | |
| Universities and their population of students have been marked out as the next soft target by online criminals, security company RSA has reported. In recent weeks, the company has detected a sudden rise in targeted attacks on US universities - particularly public state institutions - against internal websites used to serve students with services such as webmail. Such servers often contain personal data such as grades, names, addresses, and payment information.... read more» | |
| | |
|
|
| ICANN meeting opens in Nairobi | |
| (from ComputerWorldUk at 10-3-2010) | |
| After a series of board meetings on whether to cancel or not due to security issues, the Internet Corporation for Assigned Names and Numbers (ICANN) meeting kicked off in Nairobi. The meeting was overshadowed by security concerns and some ICANN members reportedly boycotted the meeting, choosing to hold parallel sessions in New York and Washington DC, instead of risking coming to Nairobi. By Monday morning, local organisers had registered 800 participants compared to the usual 1,000. The l... read more» | |
| | |
|
|
| Cyber attacks worry firms more than terrorism | |
| (from The Hindu at 10-3-2010) | |
| When it comes to threats, natural or man-made, Indian companies have rated cyber security as a major concern. In the light of increased cyber attacks, over 42 per cent of enterprises perceive cyber crime as a bigger threat than terrorism, crime and natural disasters. This was one of the findings of ‘2010 State of Enterprise Security Study,' a global study carried out by Symantec Software Solutions Pvt. Ltd., where Indian companies from sectors such as telecom, hospitality, manufacturing, retail... read more» | |
| | |
|
|
| 80% say 'Net access fundamental right, split on regulation | |
| (from Arstechnica at 10-3-2010) | |
| Access to the Internet is a fundamental right to nearly four out of five adults across the globe, and those in South Korea, Mexico, and China seem to have the strongest feelings on the topic. This is according to a report by the BBC World Service, which polled 27,973 adults on their feelings about, usage of, and concerns about the Internet. Although users are somewhat divided on whether the Internet should be regulated, they are in agreement on its usefulness for learning and information discove... read more» | |
| | |
|
|
| Cyber attacks worry Indian firms more than terror: study | |
| (from newKerala at 10-3-2010) | |
| Indian enterprises are more wary of cyber attacks to their IT infrastructure than perceived threats from terrorism and natural disasters, a study by global security solutions provider Symantec said Tuesday. A study 'On the State of Enterprise Security' conducted in January revealed that Indian enterprises suffered an average revenue loss of Rs.5.8 million due to cyber attacks by elusive hackers in 2009. "Security has become a main concern to Indian enterprises as cyber attacks are posing a... read more» | |
| | |
|
|
| China rejects claims it is behind cyber attacks | |
| (from Timesonline at 10-3-2010) | |
| China has hit back at a report in The Times that it is behind a surge in international cyber attacks, saying that it is as much a victim of such attacks as any other country and opposes internet warfare. The Global Times, an English-language newspaper run by The People’s Daily, quoted Li Daguang, a military expert, as saying that some Western powers may have adopted a strategy to sabotage China’s IT development by exaggerating the threat it poses. The expert from the National Defence Unive... read more» | |
| | |
|
|
| Online banking fraud 'suffers increase' | |
| (from BBC at 10-3-2010) | |
| Fraudsters are continuing their switch from traditional card fraud to raiding online bank accounts, according to new research. Fraud losses on UK credit and debit cards totalled £440m in 2009 - a drop of 28% compared with the previous year - the UK Cards Association said. But the number of "phishing" attacks rose by 16% in the same period. This is when fraudsters trick people into entering their personal details on a website or in an e-mail.... read more» | |
| | |
|
|
| Over 13 million users in 190 countries and 31,901 cities affected by the Mariposa botnet | |
| (from pandasecurity at 10-3-2010) | |
| After the recent worldwide shutdown of the Mariposa botnet –in a joint operation by Panda Security, Defence Intelligence, the FBI and the Spanish Guardia Civil, resulting in three arrests-, it has been discovered that the massive botnet had infected 13 million computers in 190 countries and 31,901 cities. According to Luis Corrons, Technical Director of PandaLabs, “The highest infection ratios are found in countries where computer security education is not a priority. However, in countries wh... read more» | |
| | |
|
|
| US government not properly coordinating cybersecurity efforts, warns GAO | |
| (from infosecurity-us at 10-3-2010) | |
| In a report issued last Friday, the GAO addressed the Comprehensive National Cyber Security Initiative (CNCI), which is a highly secretive initiative launched by the Bush administration in early 2008. The Office was asked to investigate how different federal agencies have been pulled together to plan and coordinate CNCI activities. It was also requested to identify the challenges faced by the initiative into achieving its objectives.... read more» | |
| | |
|
|
| ICANN: Break internet monopolies | |
| (from hostexploit at 10-3-2010) | |
| Rod Beckstrom, chief executive of the Internet Corporation for Assigned Names and Numbers (ICANN), said while 15 percent of the world’s population lives in Africa, Africans made up less than 7 percent of all Internet users. “We really need the African leaders to shatter monopolies because it is a bitter irony that in Africa there are some of the poorest people in the world paying the some of the highest prices,” said Beckstrom.... read more» | |
| | |
|
|
| Black Hat SEO Campaigns Claim 284 Top Terms in 7 Days | |
| (from EWeek at 10-3-2010) | |
| It is well known that attackers are abusing search engines to lead victims to malicious sites. But a study by SonicWall paints a disturbing picture of just how successful the attackers are. "In the last seven days, more than 284 top search terms have been attacked by more than 6,600 malicious URLs," SonicWall said in a news release, and "up to nine of the top 20 search terms are under attack at any one time."... read more» | |
| | |
|
|
| International Symposium on Security and Information/Communication Technologies: SICT 2010 | |
| (from iiis2010 at 10-3-2010) | |
| The purpose of The International Symposium on Security and Information/Communication Technologies: SICT 2010 is to bring together researchers and practitioners, academics and professionals, in the areas of Security and Information/Communications to present results from their research and/or professional experience (via case studies, position papers, reflective practice, etc) regarding the synergic, useful, or conceptually important relationships between both fields. Accordingly, the main, bu... read more» | |
| | |
|
|
| Voluntary Breach Disclosure Rare But Valuable | |
| (from DarkReading at 10-3-2010) | |
| Google's and Adobe's disclosure in January that they had been hit by the same wave of targeted attacks were rare voluntary revelations, the likes of which may never be seen again: Most companies won't disclose an attack unless required to by law or regulations. But security experts and forensics investigators say the best way to defend against targeted attacks and help unmask who's behind them is to gather and correlate attack information among various victims. ... read more» | |
| | |
|
|
|
|
| Best of Show RSA Conference 2010 | |
| (from threatchaos at 10-3-2010) | |
| One thing is evident from this year’s mega-security conference in San Francisco. The security industry is back with a vengeance. The show was packed with attendees and the expo floor was busier than I can remember in the last seven years I have attended. The reason? While economic downturns can curtail general IT spending and investments in upgrades and new technology deployments they have little impact on the need for securing existing infrastructure. Cyber criminals prey on companies in... read more» | |
| | |
|
|
| The US is not at cyberwar | |
| (from Guardian at 10-3-2010) | |
| Last week, the Obama administration's most senior official with responsibility for the internet and cyberspace made a significant intervention in the increasingly hysterical US debate over cyberwar. Since Google announced in January that it had been the victim of a series of cyber attacks originating in China, the prospect of imminent threat from foreign states and terrorists has been repeated time and again by senior figures in the security establishment. Now, the man who is charged with sha... read more» | |
| | |
|
|
| Where Are The European Regulators In Charge Of Protecting Freedom Of Expression? | |
| (from Techdirt at 10-3-2010) | |
| Michael Scott points us to a blog post by Peter Fleischer, the Global Privacy Counsel for Google -- perhaps better known as one of the three Google execs to be convicted on criminal charges due to a video some kids uploaded to Google Video, which the Italian courts believe Google did not take down fast enough. In the blog post, Fleischer discusses the balance between the right to privacy and the right to free expression, noting that posting a photo online is part of free expression, but if t... read more» | |
| | |
|
|
| Plugging Security Holes | |
| (from Forbes at 10-3-2010) | |
| Keeping up with security in the enterprise is an endless challenge. The hackers and thieves get more sophisticated while much of the technology inside companies changes over at a much slower pace. Add to that the shifts to virtualization and cloud computing, not to mention social networking and a slew of new devices, and the problem becomes even more daunting. So just how high is the risk and what can be done about it?... read more» | |
| | |
|
|
| Drudge Report accused of serving malware, again | |
| (from CNet at 10-3-2010) | |
| For the second time in less than six months, visitors to the Drudge Report say they got malware in addition to the Web site's usual sensational headlines. Matt Drudge denied that his site was infecting visitors, however it's likely that the malware is coming from ads delivered by a third-party ad network and not the site itself. "I can personally vouch for disinfecting my mom's desktop yesterday after visiting this Web page, even taking a screenshot after beginning remedial steps to addres... read more» | |
| | |
|
|
| White House Cyber Security Guy: There Is No Cyberwar | |
| (from Techdirt at 10-3-2010) | |
| We recently wrote how some special interests have been playing up the idea that there's some sort of cyberwar going on that the US is losing. Of course, there have been similar claims going back for a decade, without anything to support it. Are there state-supported hackers breaking into computers of other countries? Absolutely. Does that reach the level of "cyberwar"? Not at all. At best its a bit of espionage and maybe a tiny bit of sabotage, but escalating it to the cyberwar level only is... read more» | |
| | |
|
|
| Data issue hits BlackBerry devices for second day | |
| (from Computer World at 10-3-2010) | |
| Some BlackBerry users are complaining of an inability to use data services for the second day in a row. It appears that the issue could be related to two separate problems. While some users seemed to be back in business late Tuesday, others were still having problems. Research In Motion does not appear to have commented on the problem and had not replied to a request for comment by the time this story posted. Via Twitter, T-Mobile has acknowledged that there is an issue. "We are working with ... read more» | |
| | |
|
|
| Chatting via video could become the new craze in match-making | |
| (from Courier Mail at 10-3-2010) | |
| Australians have gone from merely flirting with online dating to committing en masse. More than one in four single adults now logs on rather than going out to find a partner, and hundreds join the trend weekly. But the number of online dating profiles is not the only thing growing. More dating services are popping up on the web, including innovative offerings that let you date by video and that match your personality with that of potential partners.... read more» | |
| | |
|
|
| Monoprice.com Shuttered After Fraud Complaints | |
| (from KrebsonSecurity at 10-3-2010) | |
| Audio visual cabling giant monoprice.com shut down its Web site – possibly for the next couple of weeks – while it investigates the possible compromise of its customer credit and debit card information. Vincent Lim, monoprice.com’s operations manager, said the company took the site offline around midnight on Friday, Mar. 5, after it received e-mails and phone calls from several customers complaining about fraudulent charges on their cards that they had used on monoprice.com.... read more» | |
| | |
|
|
| Weak web account ID tools undermining security | |
| (from v3 at 10-3-2010) | |
| The security mechanisms used to protect online accounts are inherently flawed, according to a new paper by researchers at Cambridge and Edinburgh universities. Joseph Bonneau, Mike Just and Greg Matthews argue in a paper entitled What's in a name? (PDF) that security questions used to verify an account can often be beaten by simple guesswork or through some personal knowledge of the account holder."Despite their ubiquity, personal knowledge questions have received relatively little attention ... read more» | |
| | |
|
|
| Supreme Court Takes ‘Informational Privacy’ Case | |
| (from Wired at 10-3-2010) | |
| The U.S. Supreme Court is agreeing to decide how much personal information the federal bureaucracy may acquire on its workers. The justices, without comment, decided Monday to review a lower-court decision surrounding the concept of so-called “informational privacy.” The 9th U.S. Circuit Court of Appeals in San Francisco struck down intrusive background checks last year on nearly three dozen National Aeronautics and Space Administration contractors as being too invasive — calling them an unco... read more» | |
| | |
|
|
| Cyberbullying hits LGBT youth especially hard | |
| (from CNet at 10-3-2010) | |
| We all have coming-of-age bullying stories. Mine started in junior high, when I was called a "sailor's dream" by the same boys who ogled me after that glorious summer before 9th grade, when you-know-what finally sprung forth. Then a new kind of torment began, and when I rejected the hot football quarterback, the lesbian rumors flew. That was the mid-'90s, when hardly anyone even had e-mail. So what's it like in the age of Facebook, sexting, and the ability to taunt and be taunted 24-7? And... read more» | |
| | |
|
|
| Two third of shoppers less likely to return goods online | |
| (from Computing at 10-3-2010) | |
| A Business, Innovation and Skills Department survey has revealed almost two-thirds of consumers are less likely to return goods bought online than those they have purchased from the high street. This is in despite of a statutory seven-day cooling-off period for goods bought over the internet. The survey confirmed Britons are now the biggest on-line shoppers in Europe - having spent £38bn or 10 per cent of UK retail sales — but 77 per cent are not aware of the difference in their rights betwee... read more» | |
| | |
|
|
| ISPs escape further Digital Economy Bill burdens | |
| (from v3 at 10-3-2010) | |
| Internet service providers (ISPs) escaped being saddled with further regulation yesterday when the Digital Economy Bill completed its report stage in the House of Lords. The Lords debated issues such as whether ISPs should be made more responsible for the safety of children on the internet. Baroness Howe of Idlicote said that ISPs should be obliged to provide customers with details of how they can filter internet content, and that the self-regulation approach advanced by the UK Council for Ch... read more» | |
| | |
|
|
| Law Firms Increasingly the Victims of Espionage | |
| (from politicalhacking at 10-3-2010) | |
| Law firms are one of the latest targets of alleged cyber espionage from China and others interested in obtaining information on clients or litigation that involve their interests: "Law firms are attractive targets for cyberattackers because they maintain sensitive client information on their systems, according to attorneys and technology consultants. Perpetrators may be digging for litigation strategies, negotiation tactics, details on pending deals, or other specific information that cou... read more» | |
| | |
|
|
| Nominet consults on short .uk domain names | |
| (from v3 at 10-3-2010) | |
| Nominet has announced a three-month consultation to decide how it should release one-letter, two-letter and single-number domains for registration. The organisation, which owns the national registry for all .uk domain names ending .co.uk, .org.uk and .me.uk, is currently unable to offer the short domains owing to the rules set up at the organisation's founding in 1996.Nominet is now proposing to lift these restrictions as the technical and policy reasons for withholding these domains have cea... read more» | |
| | |
|
|
| Mystery hacker a folk hero for struggling population of Latvia | |
| (from irishtimes at 10-3-2010) | |
| The person known as Neo has been embarrassing the ‘fat cats’ in a country with the EU’s highest rate of unemployment, writes DANIEL McLAUGHLIN IN THEIR hour of need the people of Latvia, the European country hardest hit by the economic crisis, have found an unlikely new hero. Neo is the nickname of a computer hacker who has stolen millions of supposedly confidential documents from the Latvian tax authorities, and exposed just how much cream the nation’s “fat cats” have been guzzling while ur... read more» | |
| | |
|
|
| Vodafone ships Mariposa-infected HTC Magic | |
| (from The Register at 10-3-2010) | |
| Vodafone has been blamed for shipping Mariposa botnet malware and other nasties on a HTC Magic Android smartphones it supplied. The mobile phone giant's Spanish arm supplied an HTC Magic smartphone preloaded with malware that attempted to establish a backdoor for stealing information on connected PCs during the synchronisation process. Vodafone acknowledged the problem but said that the incident was an isolated and local problem, which came to light because the customer affected works for Spa... read more» | |
| | |
|
|
| NSA Still Ahead In Crypto, But Not By Much | |
| (from Slashdot at 10-3-2010) | |
| "Network World summarizes an RSA Conference panel discussion in which former NSA technical director Brian Snow said that cryptographers for the NSA have been losing ground to their counterparts in universities and commercial security vendors for 20 years, but still maintain the upper hand in the sophistication of their crypto schemes and in their ability to decrypt. 'I do believe NSA is still ahead, but not by much — a handful of years,' says Snow. 'I think we've got the edge still.... read more» | |
| | |
|
|
| Fraud-prevention service ponies up $12m for 'false' ads | |
| (from The Register at 10-3-2010) | |
| An Arizona company that sells services designed to prevent identity theft has agreed to pay $12m to settle charges it oversold their effectiveness and didn't adequately protect sensitive customer data. LifeLock, which since 2006 has run TV and print ads displaying the social security number of its CEO, agreed to stop misrepresenting its service as a foolproof way to prevent identity theft, according to the US Federal Trade Commission. The consumer watchdog agency and attorneys general from 35... read more» | |
| | |
|
|
| Pxxx internet domain name 'dot.xxx' plan revived | |
| (from BBC at 10-3-2010) | |
| A plan to create an internet domain specifically for adult websites will be resurrected three years after it was rejected by internet regulators. The net's governing body Icann will reconsider the .xxx scheme on 12 March. Icann had previously given the domain the go ahead in 2005, but reversed the decision two years later amidst protests from US conservative groups. An independent review recently concluded that decision was unfair and that the plan should be reconsidered.... read more» | |
| | |
|
|
| Charity’s warning on social network predators | |
| (from thecourier at 10-3-2010) | |
| Laurie Matthew, co-ordinator of Eighteen And Under, was speaking after convicted rapist Peter Chapman was jailed for 35 years at Teesside Crown Court for murdering 17-year-old Ashleigh Hall in a field in Country Durham. The bald and toothless 33- year-old used a fake profile on Facebook to trick the teenager into agreeing to a meeting. Pretending to be the father of the teenage boy he had invented online, he kidnapped Ashleigh, raped and murdered her.... read more» | |
| | |
|
|
| Verisign: Security Solutions Overwhelming to Consumers | |
| (from eSecurity Planet at 10-3-2010) | |
| The executive chairman of Verisign didn't exactly play up to the crowd of thousands of security professionals gathered here at the RSA conference to hear his keynote. "Consumers are overwhelmed and frustrated by all the security solutions out there," said Verisign's (NASDAQ: VRSN) Jim Bidzos, who organized the first RSA Conference in 1991. "In fact some of the security tools we offer are nearing the point of negative returns." It's time we started thinking about security as only part of the s... read more» | |
| | |
|
|
| 10.10 Ubuntu Developer Summit announced | |
| (from h-online at 9-3-2010) | |
| Canonical's Ubuntu Community Manager Jono Bacon has announced that the next Ubuntu Developer Summit (UDS) will be take place from the 10th to the 14th of May, 2010 at the Dolce La Hulpe Hotel and Resort in Brussels, Belgium. According to Bacon, the 10.10 Ubuntu Developer Summit is "one of the most important events in the Ubuntu calendar and at it we discuss, debate and design the next version of Ubuntu". Bacon also points out that UDS is not a conference, but rather a "a participatory discuss... read more» | |
| | |
|
|
| Should you use ad blockers or not? | |
| (from Guardian at 9-3-2010) | |
| Using programs that screen out online advertising is fairly popular - particularly among the sort of savvy readers who spend their time reading this blog. But how much of a problem is it for web publishers? Just ask Ars Technica, the technology news and analysis site that tried a bold experiment to show its readers the real impact of ad blocking systems... and opened up a number of issues for web users and publishers alike in the process. Ad blocking, if you aren't familiar, is a technique us... read more» | |
| | |
|
|
| Top Ten Wi-Fi Security Threats | |
| (from esecurityplanet at 9-3-2010) | |
| Here, we offer our Top Ten Wi-Fi Threats and explain why diligence is (still) required. 1. Data Interception 2. Denial of Service 3. Rogue APs 4. Wireless Intruders 5. Misconfigured APs 6. Ad Hocs and Soft APs 7. Misbehaving Clients 8. Endpoint Attacks 9. Evil Twin APs 10. Wireless Phishing... read more» | |
| | |
|
|
| Students in the Crosshairs | |
| (from hostexploit at 9-3-2010) | |
| This young generation is tasked with carrying on the fight against cybercrime in the coming decades. But many of their friends already fall victim to fraud these days. Carnegie Mellon Researchers checking Phishing susceptibility found that the most exposed age group is 18 to 25. This might be counter intuitive: youngsters understand much more about technology than, say, the elderly; common sense says they aught to be much more resilient to online fraud and social engineering.... read more» | |
| | |
|
|
| PayPal tells users to download anti-phishing software | |
| (from Finextra at 9-3-2010) | |
| PayPal is asking UK customers to download software from Iconix to help identify genuine e-mails sent by the eBay unit and weed out phishing messages. PayPal, which has long been a favourite target for phishers, says Iconix eMail ID can help protect customers by visually identifying genuine messages. After a customer installs the software, they'll see an icon (a gold lock with a tick) next to a PayPal logo whenever they receive authentic e-mails from the firm. The free program works with mo... read more» | |
| | |
|
|
| Chicopee Web site temporarily shut down after someone from Argentina hacks into it, Mayor Michael Bissonnette says | |
| (from Masslive at 9-3-2010) | |
| The city’s Web site was temporarily shut down on Sunday after a hacker posted images of dancing bananas and the flag of Argentina on the site. Mayor Michael D. Bissonnette said the hacker was posting from Argentina. “We tracked it to a return address in Argentina and alerted Argentina authorities. It’s Internet graffiti. Twenty years ago, these people would have been writing on the sides of buildings and railroad cars,” said Bissonnette. Bissonnette said images placed on the Web site in... read more» | |
| | |
|
|
| Russian and Ukrainian criminals favor The Planet for their Web hosting | |
| (from intelfusion at 9-3-2010) | |
| James McQuaid has published an eye-opening post which graphically demonstrates what I’ve been saying ever since the first Project Grey Goose report came out in October, 2008; i.e., that the U.S. is the favored hosting provider for bad actors around the world. In this case, we’re talking about criminal enterprises operating out of Russia and the Ukraine and just one of the 20 or so U.S. companies who sell services to them – The Planet of Plano, TX.... read more» | |
| | |
|
|
| Phishers widen their net to target new businesses | |
| (from pcadvisor at 9-3-2010) | |
| Cybercriminals are expanding the types of organisations they exploit in phishing attacks, says the Anti-Phishing Working Group (APWG). According to the group's 'Phishing Activity Trends Report' for Q4 of 2009, a record number of 356 brands were hijacked in phishing attacks during October last year, thats 4.4 percent up on the previous year. "No brand is safe from the threat of spoofing for the purposes of online fraud," said APWG secretary general Peter Cassidy. "Once, only the largest... read more» | |
| | |
|
|
| In cyber security, confidence does not come cheap | |
| (from hostexploit at 9-3-2010) | |
| More money and more cooperation are the building blocks to better cyber security in the UK, believes Tony Dyhouse, director of the Digital Systems KTN – Cyber Security Programme. He tells Mike Lowe what the UK might face if it was hit by a successful cyber attack "When documents get leaked to the media from government, you never get the full story," says Tony Dyhouse.... read more» | |
| | |
|
|
| Kenya: Cyber Crime to Top Internet Forum Agenda | |
| (from Allafrica at 9-3-2010) | |
| An international conference on the future of the Internet will be officially opened despite earlier fears of insecurity. The meeting had earlier been threatened by fears of terrorist attacks. Last month, Internet Corporation for Assigned Names and Numbers (ICANN) received an unclassified report from the United States' Department of State related to the Kenyatta International Conference Centre, the venue for the meeting, that said the building was a key target for militants.... read more» | |
| | |
|
|
| Trust but verify - Very interestingly enough | |
| (from infosecisland at 9-3-2010) | |
| Very interestingly enough, in the past five or six days we have been detecting ad networks including Google Adsense, Adultadwords, and Adbrite allowing malware-laden ads on their networks. We are not the only ones who have identified this issue, check out the following links for more information about them: This highlights a major issue that we have been discussing for a long time with all of our customers -- that is, the need for ongoing Malware detection scanning. Your site might be nailed... read more» | |
| | |
|
|
| Internet hit by ransom attack | |
| (from ComputerWorldUk at 9-3-2010) | |
| Cybercriminals have once again hit the web with a ransomware campaign that was first used in 2008, says Fortinet. According to the security firm, in the space of only two days, 8 and 9 February, the HTML/Goldun.AXT campaign accounted for more than half the total malware detected for February, which gives some indication of its unusual scale. The attack itself takes the form of a spam email with an attachment, report.zip, which if clicked automatically downloads a rogue anti-virus product ... read more» | |
| | |
|
|
| RSA: Cybersecurity A Joint Fed, Industry Effort | |
| (from techWeb at 9-3-2010) | |
| Government officials played a starring role at the annual RSA Conference last week, laying out their plans for government cybersecurity, particularly the need for increased cooperation with industry, in keynotes and panel sessions throughout the week. White House cybersecurity coordinator Howard Schmidt set the tone in his Tuesday keynote address, focusing heavily on increasing partnerships and transparency when it comes to the federal government's role in cybersecurity. In his remarks, Sc... read more» | |
| | |
|
|
| Foreign cybercrime experts to partner with lawmakers | |
| (from 234next at 9-3-2010) | |
| Anti-cyber crimes and terrorism experts from the United States and other European countries are to partner with members of the National Assembly to review Nigeria’s anti-cyber crime and internet fraud. The coordinator of the National Assembly Anti-Money Laundering and Cyber Security Coalition, Bassey Etim, who disclosed this at the weekend, said that the experts will arrive Nigeria to participate in a national conference scheduled for next month. Other agencies also expected to partner wit... read more» |
|
