Saturday, May 8, 2010

Shouldn't We Have Figured Out How to Authenticate an Online Banking Session with a PC Before Introducing Mobile Banking?

I have a burning question.



Shouldn't the banks have figured out how to authenticate their online banking sessions using PC's before they started introducing Mobile Banking?



They're not going to do the username/password thing again are they? Didn't they hear? That doesn't work.



It's not that there isn't a solution. Again, the easiest, most trusted and most familiar method to authenticate the online banking session is to do what we do at an ATM.



Hundreds of millions of Americans are both familiar with the process and trust it. The banks seemingly trust it as well (or they wouldn't give you $200 at 2:00 AM two thousand miles away from their main branch when you swipe your bank issued card and enter your bank issued PIN.)



So why do banks still ask us to "type" in our username and password? What don't they get? (cause keystroke loggers, phishermen and online banking trojans all seem to get it)



Here's a rhetorical question for you...



Do you think that banks would trust an easily obtained "username and password" to dispense cash from their ATMs? No?



Then why do they push this antiquated Login method for online banking? Don't they understand that all they are doing is creating a gateway for the bad guys to obtain sensitive online banking credentials.



The long and the short of it is that banks still haven't introduced a viable authentication platform for online banking (such as using a PCI 2.0 Certified PIN Pad for two factor authentication) and now they are going to simply "shrug their shoulders" and introduce mobile banking platforms.





Man oh man, when I replaced "Economy" with "Typing" in Clinton's "It's the Economy Stupid" and introduced the "It's the Typing Stupid" slogo, I thought was being facetious but maybe, just maybe, I was right on.



Bank's cannot continue to shrug off security... it will be their own undoing.  Instead, I'd love to see an American bank step up to the plate and be the first (30% of Europeans use a card reader to authenticate financial transactions) to issue our devices to their online banking customers. Watch what happens. It ain't about convenience anymore. It's about securing people's money.



The lack of monetary security breaks up marriages everyday...if you are a banker, don't think for a moment that a lack of monetary security won't destroy your relationship with your customer.




I guess now is the time we move from the "Online Banking is Not Secure" era into the "Mobile Banking is Not Secure" era. Banks need to "pitch" security. The Security Pitch would produce an "ERA" they could be proud of.



Let the games begin with this...ComputerWeekly has published a couple of articles over the past 10 days questioning the security of Barclay's Mobile Banking platform. Now the Information Commissioner's Office is involved...





ICO in talks with Barclays over weak mobile banking security

The Information Commissioner's Office (ICO) is in talks with Barclays Bank about the security set-up of its mobile banking service.





Simple security questions expose details of Barclays' mobile customers





The personal information of millions of people is potentially at risk of exposure on Barclays bank mobile banking site.
People who lose their bank card, or have their card details copied, could have their banking transactions exposed to prying eyes, Computer Weekly has discovered. The problem affects the Barclays.mobi web link which connects customers to pages designed to be viewed on mobile phones. The site allows users to view their financial transactions if they answer four basic security questions.
Three of the answers are available on the card itself. These are surname, 16-digit account number and three-digit security code. The other question is the customer's date of birth. 


Editor's Note: Believe it or not, bank's are still under the impression that those "four questions" constitute "multi-factor" authentication.



Here's a tip.



Anytime you "type" ("anything") into a browser (yes, mobile browsers too) it can be lifted by a bad guy.



So it doesn't matter if you type two things, (username and password) four things (username and password, card number and three digit security code) or ten things. (you get the idea)



Typing is the problem and requiring that people type more information into boxes in browsers isn't the solution. A PCI 2.0 Certified PIN Entry Device utilizing 3DES/DUKPT Encryption is... 




 If someone is going to "Swipe" your card information, shouldn't it be you?
 
Reblog this post [with Zemanta]

Shouldn't We Have Figured Out How to Authenticate an Online Banking Session with a PC Before Introducing Mobile Banking?

I have a burning question.



Shouldn't the banks have figured out how to authenticate their online banking sessions using PC's before they started introducing Mobile Banking?



They're not going to do the username/password thing again are they? Didn't they hear? That doesn't work.



It's not that there isn't a solution. Again, the easiest, most trusted and most familiar method to authenticate the online banking session is to do what we do at an ATM.



Hundreds of millions of Americans are both familiar with the process and trust it. The banks seemingly trust it as well (or they wouldn't give you $200 at 2:00 AM two thousand miles away from their main branch when you swipe your bank issued card and enter your bank issued PIN.)



So why do banks still ask us to "type" in our username and password? What don't they get? (cause keystroke loggers, phishermen and online banking trojans all seem to get it)



Here's a rhetorical question for you...



Do you think that banks would trust an easily obtained "username and password" to dispense cash from their ATMs? No?



Then why do they push this antiquated Login method for online banking? Don't they understand that all they are doing is creating a gateway for the bad guys to obtain sensitive online banking credentials.



The long and the short of it is that banks still haven't introduced a viable authentication platform for online banking (such as using a PCI 2.0 Certified PIN Pad for two factor authentication) and now they are going to simply "shrug their shoulders" and introduce mobile banking platforms.





Man oh man, when I replaced "Economy" with "Typing" in Clinton's "It's the Economy Stupid" and introduced the "It's the Typing Stupid" slogo, I thought was being facetious but maybe, just maybe, I was right on.



Bank's cannot continue to shrug off security... it will be their own undoing.  Instead, I'd love to see an American bank step up to the plate and be the first (30% of Europeans use a card reader to authenticate financial transactions) to issue our devices to their online banking customers. Watch what happens. It ain't about convenience anymore. It's about securing people's money.



The lack of monetary security breaks up marriages everyday...if you are a banker, don't think for a moment that a lack of monetary security won't destroy your relationship with your customer.




I guess now is the time we move from the "Online Banking is Not Secure" era into the "Mobile Banking is Not Secure" era. Banks need to "pitch" security. The Security Pitch would produce an "ERA" they could be proud of.



Let the games begin with this...ComputerWeekly has published a couple of articles over the past 10 days questioning the security of Barclay's Mobile Banking platform. Now the Information Commissioner's Office is involved...





ICO in talks with Barclays over weak mobile banking security

The Information Commissioner's Office (ICO) is in talks with Barclays Bank about the security set-up of its mobile banking service.





Simple security questions expose details of Barclays' mobile customers





The personal information of millions of people is potentially at risk of exposure on Barclays bank mobile banking site.
People who lose their bank card, or have their card details copied, could have their banking transactions exposed to prying eyes, Computer Weekly has discovered. The problem affects the Barclays.mobi web link which connects customers to pages designed to be viewed on mobile phones. The site allows users to view their financial transactions if they answer four basic security questions.
Three of the answers are available on the card itself. These are surname, 16-digit account number and three-digit security code. The other question is the customer's date of birth. 


Editor's Note: Believe it or not, bank's are still under the impression that those "four questions" constitute "multi-factor" authentication.



Here's a tip.



Anytime you "type" ("anything") into a browser (yes, mobile browsers too) it can be lifted by a bad guy.



So it doesn't matter if you type two things, (username and password) four things (username and password, card number and three digit security code) or ten things. (you get the idea)



Typing is the problem and requiring that people type more information into boxes in browsers isn't the solution. A PCI 2.0 Certified PIN Entry Device utilizing 3DES/DUKPT Encryption is... 




 If someone is going to "Swipe" your card information, shouldn't it be you?
 
Reblog this post [with Zemanta]

Consumer Settlement Proposed for Heartland Breach

Linda McGlasson, the Managing Editor for Bank Info Security writes about the recent April 27th consumer class action hearing.  If this settlement proposal is indeed approved it leaves two more cases against Heartland.



The remaining class action lawsuit includes one filed by the financial institutions and the other settlement agreement yet to be reached is one with MasterCard.  (Visa made Heartland pay $60 million.)  For more info, enter "Heartland Breach" into the search box on the right.




Heartland Breach: Consumer Settlement Proposed

$4 Million Deal Would Cap Individual Claims at $10K

A proposed settlement of the consumer class action suit brought against payments processor Heartland Payments System got preliminary approval from a U.S. District Court judge in late April.
More...at Bank Info Security


Reblog this post [with Zemanta]

Consumer Settlement Proposed for Heartland Breach

Linda McGlasson, the Managing Editor for Bank Info Security writes about the recent April 27th consumer class action hearing.  If this settlement proposal is indeed approved it leaves two more cases against Heartland.



The remaining class action lawsuit includes one filed by the financial institutions and the other settlement agreement yet to be reached is one with MasterCard.  (Visa made Heartland pay $60 million.)  For more info, enter "Heartland Breach" into the search box on the right.




Heartland Breach: Consumer Settlement Proposed

$4 Million Deal Would Cap Individual Claims at $10K

A proposed settlement of the consumer class action suit brought against payments processor Heartland Payments System got preliminary approval from a U.S. District Court judge in late April.
More...at Bank Info Security


Reblog this post [with Zemanta]

Internet (Lack of) Security News through 5/8











This Free IT-Security news feed is provided by E-Secure-IT; the most comprehensive and complete Business Risk Management Intelligence Service and IT-Security Risk and Threat Early Warning Service available in the market today.  Visit us at www.e-secure-it.com or email more-info@e-secure-it.com for more information on our available services.







































































































































































































































































































 How a browser extension leaks Google history to Amazon 
 (from CNet at 8-5-2010) 
 A strange and scary incident while I was researching a story this week has led me to reconsider my recommendation of the Invisible Hand browser extension. This issue also serves to remind us that there are online privacy issues we all face from sites other than Facebook. As the video in this post shows, when I was looking up information on a product on Google, I found shortly afterward that Amazon knew about my Google search and put the product I was looking at in my "Recently Viewed" slot wh... read more» 
   
 





 Complex IM Worm Infects Yahoo! Messenger and Skype Users 
 (from Softpedia at 8-5-2010) 
 Security researchers warn that a new worm is targeting instant messaging users. Spotted on Yahoo! Messenger (YM) and Skype, the attacks use sophisticated social engineering techniques to trick users into infecting themselves. It certainly looks like IM worms are making a comeback on the threat landscape, as this is the second malware of this kind to emerge in under a week. Just this Monday, the online community was abuzz with news of a worm rapidly spreading through Yahoo! Messenger. The thre... read more» 
   
 





 The internet, as imagined in 1965 
 (from The Register at 8-5-2010) 
 A fascinating insight into how the world might look in the future, from the 1960s, comes courtesy of veteran science editor Nigel Calder. As editor of the New Scientist in 1964 Calder commissioned a hundred scientists to imagine the world 20 years hence. What 'major technological revolutions' might we see? Number one was "the revolution in information", inspired by the British computing pioneer Maurice Wilkes, who turns 97 next month.... read more» 
   
 





 EU Parliament calls for internet rights charter 
 (from The Register at 8-5-2010) 
 Internet users should be able to demand that their information is removed from company systems even if it was collected with their consent, the European Parliament has said. The Parliament has also called for a charter of individuals' internet rights. The Parliament has adopted a new digital strategy called 2015.eu which outlines its ambitions for internet policy for the next five years and beyond. It has passed a resolution adopting the plan and demanding that the European Commission make it... read more» 
   
 





 Stability vs Security - Security isn't concerned with availability 
 (from ncircle at 8-5-2010) 
 In case my posts in the past haven't made this clear, I'm going to state it one more time, I don't see a difference between stability and security bugs. I consider denial of service to be a serious security issue and I know that I'm not alone in that belief. If you read the bug bar link posted above and look at the client side section, you'll note the following line, "Normal, simple user actions, like previewing mail, viewing local folders, or file shares, are not extensive user interaction."... read more» 
   
 





 Cop-Rating Website Is Protected By The First Amendment 
 (from Techdirt at 8-5-2010) 
 A couple years ago, we wrote about the controversy surrounding the website RateMyCop.com, which (as the name implies) let's people "rate" their local police officers. While police around the country were "outraged" by this, we noted that police accountability seems like a good thing. While some complaints resulted in the site's registrar temporarily taking the site offline, a more troubling situation developed later in Florida, where a user of the site was arrested, after he posted informati... read more» 
   
 





 DNSSEC: the internet's International Criminal Court? 
 (from The Register at 8-5-2010) 
 The DNSSEC protocol could have some very interesting geo-political implications, including erosion of the scope of state sovereign powers, according to policy and security experts. “We will have to handle the geo-political element of DNSSEC very carefully,” explained Peter Dengate Thrush, a New Zealand patent attorney and chairman of ICANN, at the INET conference in San Francisco.... read more» 
   
 





 Know the enemy: today's top 10 security threats 
 (from ZDNet at 8-5-2010) 
 There is never a time for complacency in information security. All users remain under the permanent threat of cybercrime, so the most important thing is to know your enemy. If you do, you greatly increase the strength of your protection. Here are the main information security threats right now. First on the list are website attacks that exploit poorly secured web applications. Finding the open door of an insecure application is the essential first step in any website attack.... read more» 
   
 





 Govt plans mock cyber attacks to shield against hackers 
 (from The Economic Times at 8-5-2010) 
 he government is planning to conduct mock cyber war games every year, unleashing malicious mock attacks on computers of critical establishments like defence, telecom companies, airlines, banks and railways to prepare the nation against a cyber war. The move to have mock cyber wars comes in the wake of increased attacks by Chinese hackers on computers of major defence establishments in India, last year. About 37 central government departments and 21 state governments which participated in the... read more» 
   
 





 ‘I live in a world of nightmares,’ Says French Cyber Expert 
 (from The New New internet at 8-5-2010) 
 International cybersecurity experts recently discussed ways to promote international cooperation on cybersecurity issues at the Worldwide Cybersecurity Summit held in Texas. The experts also raised their concerns regarding the possibility of a catastrophic event that could cause significant damage to computer networks. “I live in a world of nightmares,” said Patrick Pailloux, director general of France’s Network and Information Security Agency. “My biggest nightmare is that we don’t have eno... read more» 
   
 





 Malware Injection Campaign: A Retaliation? 
 (from ESET at 8-5-2010) 
 This week there have been several major malware injection campaigns against WordPress blogs and other php-based content management systems. This malware injection battle began last week with Network Solutions and GoDaddy. Recently researcher Dancho Danchev has found evidence linking two US Treasury sites into the malware injection campaign: 1. What’s particularly interesting about this campaign is that, it’s part of last month’s NetworkSolutions mass WordPress blogs compromise… 2. …[and t... read more» 
   
 





 Internet Explorer 6: Hard To Kill 
 (from Dark Reading at 8-5-2010) 
 The situation is particularly bad internationally, he said, with 40% of people in some markets still using IE6. Crockford proposed that the major browser makers choose a day to simultaneously begin redirecting IE6 users to a Web site that asks them to choose a new browser. Russell, who works on Google Chrome Frame, an IE6 add-on that allows IE6 users to utilize the Chrome rendering engine rather than the native IE6 engine, suggested Chrome Frame could help.... read more» 
   
 





 Global cooperation pushed vs cyberattacks 
 (from Inquirer at 8-5-2010) 
 Government and business leaders wrapped up a cybersecurity conference here Wednesday agreeing that only global cooperation can protect a vulnerable Internet and interconnected world. "When it comes to our readiness to protect ourselves from cyberattacks we are not prepared, we are not even close to ready," said Tom Ridge, who headed the US Department of Homeland Security under former president George W. Bush.... read more» 
   
 





 New attack bypasses virtually all AV protection 
 (from The Register at 8-5-2010) 
 Researchers say they've devised a way to bypass protections built in to dozens of the most popular desktop anti-virus products, including those offered by McAfee, Trend Micro, AVG, and BitDefender. The method, developed by software security researchers at matousec.com, works by exploiting the driver hooks the anti-virus programs bury deep inside the Windows operating system. In essence, it works by sending them a sample of benign code that passes their security checks and then, before it's ex... read more» 
   
 





 Feds seize $143m worth of bogus networking gear 
 (from The Register at 8-5-2010) 
 Federal authorities over the past fives year have seized more than $143m worth of counterfeit Cisco hardware and labels in a coordinated operation that's netted more than 700 seizures and 30 felony convictions, the Justice Department said Thursday. Operation Network Raider is an enforcement initiative involving the FBI, Immigration and Customs Enforcement and Customs and Border Protection agencies working to crack down on the bogus routers, switches and other networking gear. In addition to c... read more» 
   
 





 FCC chief promises light broadband touch 
 (from Reuters at 7-5-2010) 
 The top communications regulator sought to calm fears his agency would heavily regulate Internet services, but shares in major cable companies fell and industry insiders predicted a prolonged legal battle. The chairman of the Federal Communications Commission issued a statement on Thursday pledging to retain a light touch with Internet regulation, after a court ruling last month threw into doubt the agency's authority over broadband. The FCC plans to regulate broadband access as a telecomm... read more» 
   
 





 Nokia hits Apple with new lawsuit over iPad 
 (from CNet at 7-5-2010) 
 Nokia upped the ante in its patent dispute with Apple on Friday, filing a new suit in Wisconsin over the iPad. Five Nokia patents are asserted in the new case against the iPad 3G and the iPhone, Nokia announced in a press release. "The patents in question relate to technologies for enhanced speech and data transmission, using positioning data in applications and innovations in antenna configurations that improve performance and save space, allowing smaller and more compact devices," Nokia sai... read more» 
   
 





 Heartland Breach: Consumer Settlement Proposed 
 (from Bank Information Security at 7-5-2010) 
 A proposed settlement of the consumer class action suit brought against payments processor Heartland Payments System got preliminary approval from a U.S. District Court judge in late April. The proposed settlement would create a $4 million pool to pay consumers and settle the case. The Heartland data breach impacted an estimated 130 million credit/debit cards -- the largest such incident ever reported.... read more» 
   
 





 Cyberwar? 
 (from silvertailsystems at 7-5-2010) 
 Like many of you, I’ve been watching the discourse about whether or not we should declare that a cyber war is underway. Here’s an article that gives some perspectives. I was undecided on whether I thought there was actually a war, so I looked up the definition of war in Merriam-Webster. It said “a state of usually open and declared armed hostile conflict between states or nations” So, this creates few questions. 1) Is there a state of open and/or declared armed hostile conflict?... read more» 
   
 





 Salvation Army CIO on BYO work laptops and fighting the fraudsters 
 (from Silicon at 7-5-2010) 
 As UK CIO for the Christian homelessness charity The Salvation Army, Martyn Croft knows the importance of getting the most from a lean IT budget. The Salvation Army is one of the 10 largest charities in the UK and is primarily focused on providing shelter and help for the homeless, typically aiding about 6,000 people in Britain at any one time. Croft's mission is to squeeze every bit of value from an IT budget that accounts for no more than one to two per cent of the charity's UK income, w... read more» 
   
 





 Michael Dell demands cybersecurity rethink 
 (from ComputerWorldUk at 7-5-2010) 
 Cybersecurity needs a global rethink, and fast, Dell’s CEO Michael Dell and Services CIO, Jim Stikeleather, have warned experts at the EastWest Institute Worldwide Cybersecurity Summit in the US. In separate presentations and briefings, the men developed the theme of piecemeal reactions to the rapid rise of crymber-criminality, which included economic crime and direct threats to critical infrastructure. The message was unusually blunt. Governments haven’t done enough and have fallen into t... read more» 
   
 





 The percentage of global web attacks from U.S. drops in 2009 
 (from internetretailer at 7-5-2010) 
 A lower percentage of Internet attacks originated in the United States in 2009 than in 2008, while Brazil produced more attacks, according to the latest Global Internet Security Threat Report from Symantec Corp., maker of Norton computer security software products. 19% of attacks originated in the United States in 2009, down from 23% in 2008, though the U.S. still led the way in generating malicious Internet activity, Symantec says. Attacks can include criminals attempting to steal payment... read more» 
   
 





 Five technology security myths, busted 
 (from ComputerWorld at 7-5-2010) 
 Think you can hide behind the privacy of an 'unlisted' cell phone number? Think again. Maybe you believe you don't need security software on a Mac or iPad. You'd swear that Firefox is the safest browser in town. Wrong on both counts. Most of us don't think about security for our digital devices until something goes wrong, or it's time to renew an anti-virus subscription. But what the security experts like to call the threat landscape changes all the time, and keeping up is hard to do. So we'l... read more» 
   
 





 Biden vows to work with EU parliament on data privacy 
 (from Yahoo at 7-5-2010) 
 Vice President Joe Biden urged the European Parliament on Thursday to allow terror investigators from the United States access to citizens' bank data in Europe, promising to guarantee their privacy. U.S. investigators say information on bank transfers is vital in pursuing people suspected of terrorist activities, but the issue has become controversial in Europe because of concern over privacy protection. In February, the European Parliament vetoed an agreement between the United States and... read more» 
   
 





 ACLU urges Electronic Privacy Act overhaul 
 (from TGDaily at 7-5-2010) 
 The American Civil Liberties Union (ACLU) has urged Congress to overhaul the country's outdated Electronic Communications Privacy Act (ECPA). Specifically, the ACLU has asked for a clause that would force law enforcement officials to obtain a warrant based on probable cause before accessing e-mails and text messages.... read more» 
   
 





 ICANN criticized over XXX domain delay 
 (from TGDaily at 7-5-2010) 
 The Internet Corporation for Assigned Names and Numbers (ICANN) has come under increasing pressure to create an XXX web domain for adult content. ICANN originally approved the domain in 2005, but later reversed its decision in 2007. 

The organization recently delayed another vote on the controversial issue after asking its general counsel to further "examine” the issue. "This has been a $7m dollar process, costing us $5m in legal fees and ICANN$2m," Stuart Lawley, chairman of... read more» 
   
 





 Google releases deliberately flawed micro-blogging app 
 (from v3 at 7-5-2010) 
 Google has released a new micro-blogging application that is riddled with security holes and designed to act as a guide for developers. The Jarlsberg application is for developers who want to improve the security of their code. It includes flaws that can be easily fixed as well as more complex problems that require source code access. "Jarlsberg was written specifically to teach about security," said the company in a blog post. "More specifically, it is a tool to show how to exploit web ap... read more» 
   
 





 Hacker Can Pull Off John Connor-Like ATM Trick 
 (from Softpedia at 7-5-2010) 
 A security researcher plans to demonstrate serious vulnerabilities in several ATM models at the upcoming Black Hat USA security conference. He promises a cash-dispensing trick more impressive than John Connor's in Terminator 2. A lot of people were expecting Barnaby Jack's presentation on automated teller machine (ATM) vulnerabilities at last year's Black Hat. However, faced with pressure from the affected ATM manufacturer, the researcher's employer, Juniper Networks, banned him from going ah... read more» 
   
 





 Icann makes history with first internationalised domain names 
 (from v3 at 7-5-2010) 
 The Internet Corporation for Assigned Names and Numbers (Icann) has heralded a new dawn for the internet after making internationalised domain names (IDNs) available for the first time in its history. The first IDN country-code top-level domains (ccTLDs) were inserted in the DNS root zone yesterday for Egypt, Saudi Arabia and the United Arab Emirates. The three ccTLDs were the first to appear courtesy of Icann's Fast Track Process which was approved at a meeting in Seoul last October.... read more» 
   
 





 FBI gets 30 convictions in fake Cisco hardware scam 
 (from v3 at 7-5-2010) 
 The FBI has wrapped up an investigation into fake Cisco networking hardware that resulted in 30 felony convictions and the recovery of $143m (£97m) worth of equipment. The investigation concerned Chinese computer networking hardware that was being rebadged as Cisco equipment. The FBI and US Customs and Border Protection (CPB) have seized more than 94,000 counterfeit Cisco network components and labels.... read more» 
   
 





 Portland Resident Sentenced to Two Years in Federal Prison for Stealing Identity of Former Co-Worker 
 (from databreaches at 7-5-2010) 
 James Nolan Kirkes, 39, of Portland was sentenced to two years in federal prison Tuesday in U. S. District Court for stealing the identity of a former co-worker and using the name and password of the person to access a computer and obtain information relating to an employment dispute with Kirkes’ former employer. During the plea hearing before U.S. District Judge Anna J. Brown in March, Kirkes admitted that during 2007 and 2008 he was involved in a legal action related to his 2007 termination... read more» 
   
 





 Hacker develops rootkit for ATMs 
 (from TechWorld at 7-5-2010) 
 One year after his Black Hat talk on Automated Teller Machine security vulnerabilities was yanked by his employer, security researcher Barnaby Jack plans to deliver the talk and disclose a new ATM rootkit at the computer security conference. He plans to give the talk, entitled "Jackpotting Automated Teller Machines," at the Black Hat Las Vegas conference, held 28 - 29 July. Jack will demonstrate several ways of attacking ATM machines, including remote, network-based attacks. He will also r... read more» 
   
 





 Houston woman who sold children’s SSN sentenced to prison 
 (from databreaches at 7-5-2010) 
 Carlin Joubert, 55, has been sentenced to a total of 24 months in federal prison for her role in providing Social Security numbers as well as fraudulent drivers’ licenses and Social Security cards to individuals who used them to obtain fraudulent home loans, United States Attorney José Angel Moreno announced today. At a hearing this morning, United States District Judge Nancy Atlas sentenced Joubert to 12 months for the conspiracy to produce false identification documents conviction and a con... read more» 
   
 





 Google Loses Potential Major Google Apps Customer Due to Privacy Concerns 
 (from Softpedia at 7-5-2010) 
 Google has been pushing hard to promote its Google Apps offering and increase adoption. The application suite is aimed at enterprises and schools and is seen as an alternative to products from established players like Microsoft or IBM. But Google’s efforts may have been dealt a blow, as the University of California Davis has decided not to pursue plans to switch to Gmail, which is part of the Apps suite, citing privacy concerns. The University was testing the email service with its 30,000 staff ... read more» 
   
 





 U.S. privacy bill: the battle lines form 
 (from SunbeltBlog at 7-5-2010) 
 The draft privacy legislation in the U.S. Congress that we blogged about yesterday has drawn comment from a lot of players – businesses and trade groups in the $24 billion online advertising industry as well as privacy groups. The draft legislation was introduced by Rep. Rick Boucher of Virginia (D-9), who is chair of the House Subcommittee on Communications, Technology and the Internet. It is cosponsored by the ranking minority member of the committee Rep. Cliff Sterns of Florida (R-6). I... read more» 
   
 





 The average cost of a data breach is over USD 3 million 
 (from SecurityPark at 7-5-2010) 
 Ponemon Institute and PGP Corporation have announced the results of the first-ever global study into the costs incurred by organisations after experiencing a data breach. The 2009 Annual Study: Global Cost of a Data Breach report, compiled by the Ponemon Institute and sponsored by PGP Corporation, assesses the actual cost of activities resulting from more than one hundred real life breach incidents, affecting organisations from 18 different industry sectors. The research shows that the averag... read more» 
   
 





 The dangers of the growing threat of phone hacking 
 (from SecurityPark at 7-5-2010) 
 The number of high profile data loss incidents have forced many public and private sector organisations to drastically alter their traditional security measures. Increasingly, the common approach has been to encrypt every memory stick, disc and laptop in an effort to avoid confidential information from falling into the wrong hands. Indeed, the consequences of a business or government department losing an unencrypted laptop could be devastating for the organisation’s reputation, and crush public ... read more» 
   
 





 Mikulski presses for more NSA web powers 
 (from Politico at 7-5-2010) 
 Sen. Barbara Mikulski (D-Md.) is pressing the Obama Administration to give the National Security Agency more power to oversee the privately-owned portions of the Internet. During an appropriations hearing Thursday, Mikulski pressed Attorney General Eric Holder for answers about legal opinions the government may be drafting to address the extent to which the NSA can defend cyberspace in the U.S. The Maryland senator said divisions of responsibility between the Department of Homeland Securit... read more» 
   
 





 Verizon Business, U.S. Secret Service to Join Forces on 2010 Data Breach Investigations Report 
 (from verizonbusiness at 7-5-2010) 
 As part of its continuing effort to better understand security breaches and how they can be prevented, Verizon is joining forces with the United States Secret Service on this year's Data Breach Investigations Report. The 2010 DBIR, slated to be issued this summer, will feature aggregated findings from Verizon's own caseload as well as hundreds of computer crime cases investigated by the Secret Service, in a first-of-its-kind collaboration. By including Secret Service data, Verizon security... read more» 
   
 





 Texas man sentenced to prison for ID theft and credit card fraud 
 (from databreaches at 7-5-2010) 
 Robert C. Flowers, 31, of Katy, Texas, has been sentenced by United States District Judge Nancy Atlas to serve more than five years in the federal penitentiary without parole for aggravated identity theft and credit card fraud, United States Attorney José Angel Moreno announced today. Judge Atlas sentenced Flowers to a total of 61 months in prison yesterday afternoon – 37 months for the possession of fraudulent credit cards convictions to be followed by a mandatory 24-month prison term for th... read more» 
   
 





 Cybersecurity meet ends with calls for global cooperation 
 (from terra at 7-5-2010) 
 Government and business leaders wrapped up a cybersecurity conference here Wednesday agreeing that only global cooperation can protect a vulnerable Internet and interconnected world. "When it comes to our readiness to protect ourselves from cyberattacks we are not prepared, we are not even close to ready," said Tom Ridge, who headed the Department of Homeland Security under former US president George W. Bush. Cyberspace has emerged in the 21st century as a new domain along with land, air, ... read more» 
   
 





 Non-Latin domain names activated 
 (from nzherald at 7-5-2010) 
 It's now possible for websites to use addresses entirely in Arabic. The first three domain names in non-Latin characters have been added to the internet's master directories, following final approval last month by the internet Corporation for Assigned Names and Numbers, or ICANN. It's the first major change to the internet domain name system since its creation in the 1980s. Until now, websites had to end their addresses with ".com" or another string using Latin characters. The change allows ... read more» 
   
 





 Hacker 'selling 1.5 million stolen Facebook users' login details on the black market' 
 (from Daily Mail at 7-5-2010) 
 A hacker has put 1.5million stolen Facebook accounts up for sale on the black market, an internet security firm has claimed. Researchers at VeriSign’s iDefense Labs said they had found the stolen or bogus accounts on a Russian forum called Carder.su. A hacker called 'kirllos' was offering log-in data of thousands of Facebook users at bargain basement prices.... read more» 
   
 





 Facebook shuts down chat over privacy concerns 
 (from Canoe at 7-5-2010) 
 Facebook turned off its chat function Wednesday after reports of people being able to see each other's private conversations. The privacy breach was caused by a security hole in the social networking giant's "preview profile" feature, which allows users to see what their profile looks like to other users. But some users started to notice that when they used the feature, they also saw their friends' chat windows and pending friend requests.... read more» 
   
 





 Wash. Supreme Court rules Internet filters OK 
 (from MSNBC at 7-5-2010) 
 Public libraries' use of Internet filters to block content does not run afoul of the state constitution, the Washington state Supreme Court ruled Thursday. In a 6-3 ruling, the majority said libraries have discretion about which Internet content to allow, just as they decide which magazines and books to offer.... read more» 
   
 





 Google Calendar Crashes for Most Users 
 (from CIO at 7-5-2010) 
 Google Calendar suffered a major outage on Thursday, the second crash in the past week for the company's hosted calendaring application. Thursday's problem, which Google acknowledged at 11:30 a.m. Eastern Time, affected a majority of Calendar users and locked them out of their accounts. Google declared the issue resolved at 1 p.m., according to information on the Google Apps Status Dashboard.... read more» 
   
 





 2nd Annual Cloud Computing World Forum 
 (from cloudwf at 7-5-2010) 
 Over 100 senior representatives from HP, British Airways, Lloyds TSB, Salesforce.com, BBC, Microsoft, Virgin, Google, Amazon, Rentokil Initial, McAfee, Royal Mail, Telegraph Media Group, Verizon, Deloitte, VMware, Gartner, BAE Systems, Fujitsu, NHS, Orange, TomTom, Siemens and many others confirmed to speak at the 2nd Annual Cloud Computing World Forum – the definitive event for discussions around Cloud Computing, SaaS and Virtualization. Taking place on the 29th June – 1st July 2010 the Free... read more» 
   
 





 FBI nails $143m fake Cisco hardware scam 
 (from ITNews at 7-5-2010) 
 The FBI has announced that it has wrapped up an investigation into fake Cisco networking hardware that that resulted in 30 felony convictions and the recovery of US$143m in equipment. The investigation was into Chinese computer networking hardware that was being rebadged as Cisco equipment. To date the FBI and Customs have seized more than 94,000 counterfeit Cisco network components and labels.... read more» 
   
 





 Exclusive: Gmail Ditched By Major University 
 (from Information Week at 7-5-2010) 
 In a potential blow to Google's efforts to establish itself as a major player in enterprise software, a leading public university has ended its evaluation of Gmail as the official e-mail program for its 30,000 faculty and staff members—and it's got some harsh words for the search giant. In a joint letter last week to employees, University of California-Davis CIO Peter Siegel, Academic Senate IT chair Niels Jensen, and Campus Council IT chair Joe Kiskis said the school decided to end its Gmail... read more» 
   
 





 Federal CSOs Split On Their Views Of Agency Security Posture 
 (from Dark Reading at 7-5-2010) 
 The chief security officers at major federal agencies are worried about the threats currently faced by their organizations, and many of them don't think have the resources they need to defend against them, according to a study published today. In a report compiled by Cisco and (ISC)2, only half of federal CSOs think they have a significant ability to affect the security posture of their agencies. Half of the CSOs say their postures have improved since 2009; 28 percent feel that things are wor... read more» 
   
 





 DOJ discloses U.S. convictions for sale of counterfeit networking hardware 
 (from Computer World at 7-5-2010) 
 U.S. agencies targeting the sale of counterfeit networking hardware have gotten 30 felony convictions, including a man attempting to sell fake networking equipment to the U.S. Marine Corps, and seized $143 million worth of fake Cisco hardware, the U.S. Department of Justice said on Thursday. The DOJ, U.S. Federal Bureau of Investigation, U.S. Immigration and Customs Enforcement (ICE), and U.S. Customs and Border Protection (CBP) have conducted Operation Network Raider, which has made 700 sepa... read more» 
   
 





 Two held for stealing data from job portals 
 (from The Economic Times at 7-5-2010) 
 The cyber crime cell of the Pune Police arrested two persons after they had been found stealing data from job portals such as Timesjobs.com and Naukri.com and selling it to third parties at a steep discount. Twenty one-year old Amol Kamble and 23-year old SJ Alapat, who ran a firm by the name King Infotech, have been arrested for cheating, theft of intellectual property and hacking.... read more» 
   
 





 The HacKid Conference: An idea whose time has come 
 (from ComputerWorld at 7-5-2010) 
 I go to a lot of security conferences, almost always without my family in tow. The logistics and money involved with trekking them from one part of the country to the next is usually beyond my resources. But when a conference is local and there's something in it for the kids, I'm in 100 percent. Last month's SOURCE Boston and Security B-Sides conferences coincided with school vacation, which put me in a bind. Fortunately, the security community is very kid-friendly, and nobody minded when I b... read more» 
   
 





 Verizon, Secret Service Team Up on Breach Reports 
 (from eSecurity Planet at 7-5-2010) 
 Verizon this week announced that it will join forces with the U.S. Secret Service on a Data Breach Investigations Report to give organizations a better idea of how and why cybercriminals are infiltrating their personal data and what they can do to better protect themselves. The 2010 DBIR will include aggregated findings from Verizon's (NYSE: VZ) own caseload, as well as hundreds of complex computer crime cases investigated by the Secret Service in the past year.... read more» 
   
 





 The DDoS attack survival guide 
 (from NetworkWorld at 7-5-2010) 
 Google. Twitter. Government websites. Fortune-500 companies. All are victims of crippling distributed denial-of-service (DDoS) attacks. The attacks have grown in reach and intensity thanks to botnets and a bounty of application flaws. This collection of articles will bring you up to speed on how the threat has evolved and what you can do to better protect your organization.... read more» 
   
 





 'Cyberwar' A Misused Term 
 (from Redorbit at 7-5-2010) 
 Some officials and computer security companies are arguing that the World Wide Web is battlefield in a “cyberwar” that has armies of hackers stealing online secrets and using the Internet to attack the mainframe of many real world companies. However, some security analysts countered that image saying this week at a conference that “cyberwarfare” is such a generally used term that it may be hurting efforts by many countries on how to cooperate when it comes to Internet security.... read more» 
   
 





 Trading Error at Major Firm Blamed For Selloff 
 (from CNBC at 7-5-2010) 
 A human trading error at a major firm was the root cause of Thursday's sudden, 9 percent selloff in U.S. stocks, sources told CNBC. Multiple sources said a trader entered the letter "b"- as in "billion"- when he or she meant to type "m," for "million," shortly before 2:47 p.m. New York time. U.S. stocks plunged suddenly, briefly by more than 9 percent, before pulling back to a near 3 percent drop, as investor worries mounted that Greece's debt problems could spread.... read more» 
   
 





 Is there really a cyberwar raging? Some say 'no' 
 (from New Zealand Herald at 7-5-2010) 
 Is there really a "cyberwar" going on? Some officials and computer security companies say yes, arguing that armies of hackers are stealing online secrets and using the internet to attack infrastructure such as power grids. However, some security analysts said at a conference this week that "cyberwarfare" is such a broadly used term that it might be hurting efforts by countries to agree how to cooperate on internet security. For instance, last month the United Nations rejected a Russian propos... read more» 
   
 





 Apple could face investigation over iPhone software 
 (from Computer Weekly at 7-5-2010) 
 Apple could face an investigation by US competition authorities into whether the latest version of the software for the firm's iPhone unfairly locks out competitors. A decision is expected within a week on whether to open an investigation to be led by either the US Department of Justice or the Federal Trade Commission, according to the Financial Times. If the investigation goes ahead, it will concentrate on whether Apple is unfairly forcing developers to use Apple's own tools to develop apps ... read more» 
   
 





 Cybersecurity experts share their 'nightmares' 
 (from The Sydney Morning Herald at 7-5-2010) 
 Cybersecurity experts from around the world meeting on ways to protect the Internet say they still have fears of "nightmare" scenarios in which attacks could cripple critical computer networks. "I live in a world of nightmares," Patrick Pailloux, director general of France's Network and Information Security Agency, told participants in the first Worldwide Cybersecurity Summit which ended on Wednesday.... read more» 
   
 





 May 2010 event, Brucon & Lancelot Institute event 
 (from ISSA-BE at 7-5-2010) 
 On May 11th, we will organize an event about Cybercrime: The actors, their actions, and what they’re after. The presentation will focus on trends and statistics based on 5 years of the Data Breach & Investigation Report and will be given by the EMEA manager of Verizon Business' Forensics practice who contributed to the Data Breach & Investigation report.... read more» 
   
 





 The FCC's Third Way 
 (from iptablog at 7-5-2010) 
 In the wake of the Comcast decision, the FCC today announced its "Third Way" framework towards regulating broadband. Statement by Chairman Genachowski, The Third Way: A Narrowly Tailored Broadband Framework: "The consensus view reflects the nature of the Internet itself as well as the market for access to our broadband networks. One of the Internet’s greatest strengths—its unprecedented power to foster technological, economic, and social innovation—stems in significant part from the ab... read more» 
   
 





 Birds of a Feather... - One of the major factors in malware and threat prevalence 
 (from RSA at 7-5-2010) 
 Brian Krebs has a great piece on the Mariposa (Spanish for butterfly) botnet that is really worth reading. I won't spoil it, but essentially it is about two criminals trying to get a job with Panda Security. There are some interesting take aways here, but what struck me most is that these two hackers are not making money in their trade and are trying to cash in on their skills in other ways. I keep coming back to the fact that this is fundamentally financially motivated. With the financial cr... read more» 
   
 





 Sydney identity fraud racket: 'ringleader' arrested 
 (from The Sydney Morning Herald at 7-5-2010) 
 An alleged ringleader of a multimillion-dollar identity fraud racket based in Sydney is facing multiple charges after an early morning raid. The 41-year-old Filipino man is the 23rd person to be arrested by police Strike Force Gamut, set up to investigate the theft of about $7 million from unsuspecting bank and superannuation account holders.He is charged with 57 counts of identity fraud and money laundering relating to transactions valued at more than $550,000.... read more» 
   
 





 Fire Sale on Botnet Rentals Makes You Less Safe Online 
 (from srcweb at 7-5-2010) 
 The law of supply and demand also applies to hackers and their wares. It has recently been reported that the cost of botnet rental has been slashed in the past few months.Why?More malware, infecting more computers creating more and bigger botnets. As with anything else, the greater the supply, the lower the price.How does it affect you? More spam, more malware, greater vulnerability, not just to you personally, but also to the businesses and institutions you depend on, who are increasingly s... read more» 
   
 





 Privacy watchdog looks into NHS data breach 
 (from ZDNet at 7-5-2010) 
 The loss of a data stick containing information on psychiatric patients in Scotland is to be investigated by UK privacy watchdog the Information Commissioner's Office. "We will be looking into how the data breach occurred and will consider what remedial action needs to be taken to prevent any further breaches," said the Information Commissioner's Office (ICO) in a statement on Thursday. "Any organisation which processes personal information must ensure that adequate safeguards are in place to... read more» 
   
 





 Chinese Wi-Fi Key-Cracking Kits Provide Free, But Illegal Internet 
 (from PCWorld at 7-5-2010) 
 Kits that crack WEP and guess WPA keys are popular in China despite hacking laws. Wi-Fi USB adapters bundled with a Linux operating system, key-breaking software and a detailed instruction book are being sold online and in bustling electronics bazaars... read more» 
   
 





 Cyber crime goes international, cracked by authorities in Ky 
 (from Whas11 at 7-5-2010) 
 At six, we showed you the Kentucky Attorney General's top secret Cyber Crime Lab, where investigators solve crimes committed by computers. The cases often involve sxx, identity theft and sometimes even blackmail. WHAS investigative reporter Adam Walser has this story of a cybercrime that started in the hills of eastern Kentucky and ended up being traced all the way to South Korea.At the University of the Cumberlands - the conservative, southern-Baptist university in Williamsburg, Ky. - pre-m... read more» 
   
 





 First iPad Spyware in the Wild: Not What You Think 
 (from Wired at 7-5-2010) 
 Today, Florida-based Retina-X Studios has announced a piece of commercial spyware for the iPad. Called Mobile Spy, the software sits on your iPad and silently logs all email, web browsing and even contacts added to the device. This information is uploaded to your online account where you can pry and snoop on the information at your leisure. It looks like Retina-X is pitching this at the business market, for bosses to keep an eye on their employees. “Mobile Spy is a priceless piece of soft... read more» 
   
 





 FCC chair floats 'Third Way' to regulate net 
 (from The Register at 7-5-2010) 
 US Federal Communications Commission chairman Julius Genachowski has issued his much-anticipated response to the April federal appeals court decision that threw a spanner into the works of his net-neutrality crusade. That decision said that the FCC had exceeded its authority when it ordered Comcast to stop choking BitTorrent and other P2P services back in 2008. According to the appeals court, the FCC does not have the authority to "regulate an Internet service provider's network management pr... read more» 
   
 





 Economic Security - Sometimes a security breach for one actor has costs for another 
 (from courseblog at 7-5-2010) 
 Information security matters. From securing military networks, to industrial control systems, to personal data, there are real human and economic costs associated with poor information security practices. To some extent, the market provides for reasonable security practices. A company has a lot to loose if its industrial control systems fail. In markets where customer data and consumer trust are valuable business asset, there is a commensurate incentive for business to use good security practice... read more» 
   
 





 Virgin Media deletes customers - Database purge leads to lengthy outages 
 (from The Register at 7-5-2010) 
 A purge of unregistered cable modems by Virgin Media, part of a records clean-up, has left hundreds of customers without internet access for up to 10 days. The programme has been running without problems since February, but in the last two weeks has hit active customers using old hardware. Virgin Media has been trawling its databases of MAC addresses for devices not matched to registered accounts. A technical glitch caused modems issued by NTL to be frozen out of the network. Customers wro... read more» 
   
 





 Arabic domain names cleared 
 (from The Age - Australia at 7-5-2010) 
 Three Middle Eastern countries have become the first to obtain internet addresses entirely in non-Latin characters. Domain names in Arabic for Egypt, Saudi Arabia and the United Arab Emirates were added to the internet's master directories this week, following final approval last month by the Internet Corporation for Assigned Names and Numbers, or ICANN. It's the first major change to the internet domain name system since its creation in the 1980s.... read more» 
   
 





 Is the Internet for Pxxx? An Insight Into the Online Adult Industry 
 (from Honeyblog at 7-5-2010) 
 The online adult industry is among the most profitable business branches on the Internet, and its web sites attract large amounts of visitors and traffic. Nevertheless, no study has yet characterized the industry’s economical and securityrelatedb structure. As cyber-criminals are motivated by financial incentives, a deeper understanding and identification of the economic actors and interdependencies in then online adult business is important for analyzing securityrelated aspects of this industry... read more» 
   
 





 Friday IT Funny: Unfortunate domain name attracts script-kiddies 
 (from Computer World at 7-5-2010) 
 Website defacements are nothing new, and are a rather trifling concern for security managers. They are low-hanging fruit, and the artworks of budding professional hackers and would-be penetration testers. But something did peak my interest when a notorious script-kiddy group vandalised the website of local company, Australian Security Supplies. It wasn't the type of defacement, and it wasn't the type of exploits they used. It was their acronym, turned domain name: www.ass.com.au.... read more» 
   
 





 Spammers ordered to pay tiny ISP whopping $2.6m 
 (from The Register at 7-5-2010) 
 A small internet service provider has been awarded nearly $2.6m in a lawsuit it filed against a company that sent just under 25,000 spam messages over an 18-month period. Although it's questionable whether Asis Internet Services will ever see a penny of that windfall, the judgment is testament to the awesome power of CAN-SPAM, short for the Controlling the Assault of Non-Solicited Pornography and Marketing Act, which was passed by Congress in 2003. It allows judgments of as much as $100 for e... read more» 
   
 





 Met issues internet cafe terror warnings 
 (from The Register at 7-5-2010) 
 The Met's plan to counter terrorism by putting up posters in internet cafes has been put into action, with broad warnings against "inappropriate" web and email use. Two notices labelled "internet code of conduct" and "internet policy" have been spotted by patrons in London cafes. "Do not access, upload, download or view any inappropriate material that causes or is likely to cause offence to any members of the public, including images of literature of a sxxual, violent or extremist nature," th... read more» 
   
 





 Arabic websites make history 
 (from straits times at 7-5-2010) 
 INTERNET addresses written in Arabic were live on the Internet on Thursday, making history as the first online domains in non-Latin characters. 'For the first time in the history of the Internet, non-Latin characters are being used for top-level domains,' the Internet Corporation for Assigned Names and Numbers (ICANN) said in an online message.'Arabic has now become the first non-Latin script to be used as an Internet domain name.' Top-level domain names serve as sort of a postal code for ... read more» 
   
 





 Spammers ordered to pay tiny ISP whopping $2.6m 
 (from The Register at 7-5-2010) 
 A small internet service provider has been awarded nearly $2.6m in a lawsuit it filed against a company that sent just under 25,000 spam messages over an 18-month period. Although it's questionable whether Asis Internet Services will ever see a penny of that windfall, the judgment is testament to the awesome power of CAN-SPAM, short for the Controlling the Assault of Non-Solicited Pornography and Marketing Act, which was passed by Congress in 2003. It allows judgments of as much as $100 for e... read more» 
   
 





 Australia Network Study Says Government Doesn't Need Telstra 
 (from The Wall Street Journal at 7-5-2010) 
 The study does little to clear uncertainty hanging over Telstra, Australia's dominant telecommunications company, but does bolster the government's case for pushing ahead. Australian lawmakers are due to resume debate as soon as next week on legislation that could force Telstra to split its operations into separate retail and wholesale network divisions, potentially bar it from acquiring any new mobile spectrum, and force it to sell its half-share of Australia's dominant pay-television opera... read more» 
   
 





 Washington Supreme Court Rules on Internet Filters 
 (from The Wall Street Journal at 7-5-2010) 
 Public libraries' use of Internet filters to block content doesn't run afoul of the state constitution, the Washington state Supreme Court ruled Thursday. In a 6-3 ruling, the majority said libraries have discretion about which Internet content to allow, just as they decide which magazines and books to offer.... read more» 
   
 





 Cyber Crime Cells Set Up to Check Hacking of Networks 
 (from hostexploit at 7-5-2010) 
 In order to address the growing threat of Cyber Crimes in the country, Cyber crime Cells have been set up by State Police. Central Bureau of Investigation has also set up Cyber crime Cell. These cells investigate Cyber crime cases and help respective police organizations in implementation of laws addressing Cyber crime. Cyber forensic training labs have been set up at CBI and Kerala Police. In addition, Government has also evolved an integrated approach with a series of legal, technical and a... read more» 
   
 





 Bigdough sues Goldman Sachs over copyright, data 
 (from hostexploit at 7-5-2010) 
 The owners of the bigdough.com.inc institutional investor database sued Goldman Sachs Group Inc (GS.N) on Wednesday, accusing the company of theft of information and copyright infringement. The lawsuit, filed in U.S. District Court in New York by Ipreo Holdings LLC, accused Goldman employees of 264 incidents of unauthorized access to the computer database in 2008 and 2009. "This unauthorized access was done by defendants with the intention to steal, copy, use and/or solicit contacts and co... read more» 
   
 





 New Survey by Norton Reveals 44 Percent of People Have Been Victimized by Cybercrime on a Social Network 
 (from Biz Journals at 7-5-2010) 
 As social networks continue to grow, cybercriminals are finding them lucrative places to find victims. A new survey by Norton* revealed that 44% of people have been a victim of a cybercrime perpetrated via a social network –viruses, online credit fraud, unsolicited pornography, receiving excessive spam and 'phishing' e-mails (bogus messages sent by fraudsters posing as banks and other retail companies). Additionally, the survey unveiled: * 72% of people have been victim of a cybercrime, ran... read more» 
   
 





 Filipino gets 28 months for Internet hacking and theft 
 (from hostexploit at 7-5-2010) 
 A Filipino man was sentenced to six months in prison after he pleaded guilty to hacking into an Internet connection. Raymond G. Azaracon, 29, also pleaded guilty of cheating a man by using a stolen credit card to purchase $2,720 worth of DST Easi Card top-up. He was sentenced to 22 months and 14 days for the offence. The sentence, which will run consecutively, totaled up to two years, four months and 14 days.... read more» 
   
 





 Botched update blamed for Telstra Next G outage 
 (from IT News at 7-5-2010) 
 Telstra has revealed that a botched update caused the statewide outage in its Next G mobile network today in Queensland. Engineers from Telstra, Ericsson and support partners of both companies remain on the ground in Queensland trying to fix the problem. Telstra has attributed the problem to an update made to the telco's core network overnight.... read more» 
   
 





 Bill would require most gov't documents to be online 
 (from IT News at 7-5-2010) 
 A U.S. senator has introduced legislation that would require U.S. government agencies to post all public documents online in a free, searchable database. Senator Jon Tester, a Montana Democrat, said the Public Online Information Act is part of an effort to bringing accountability to the federal government. "Montanans sent me to the Senate partly to help clean up Washington, and I'm doing just that," Tester said. "A little sunshine on government is always a good thing." The bill, introduced Tu... read more» 
   
 





 Experts at Dallas cyber summit say speed essential in fight against high-tech crime 
 (from Dallasnews at 7-5-2010) 
 The Internet can be a dangerous place. But attendees of a Dallas conference that concluded Wednesday plan to make it safer from hackers, thieves, spies and terrorists. And they plan to do it fast. "We're going to have to get very crisp in how we set priorities," Randall Stephenson, chairman, chief executive and president of Dallas-based AT&T Inc., said in his closing keynote speech.... read more» 
   
 





 Telstra Separation Bill due on Wednesday 
 (from Computer World at 7-5-2010) 
 The bill to separate Telstra is expected to be tabled in the Senate on Wednesday. Speaking at the release of NBN Implementation Study, the Communications Minister Stephen Conroy confirmed the Bills introduction and took the opportunity to slam the Opposition for its delaying tactics against the Bill’s introduction.... read more» 
   
 





 China state news agency Web site hit with malware 
 (from IT News at 6-5-2010) 
 A section of the Web site for China's state-run Xinhua news agency was found to be distributing malware last month, according to a Google malware scanning service that is still labeling the site as potentially harmful. The "news center" section of the Xinhua's Web site, which displays a feed of the agency's stories, was found to have one scripting exploit and one Trojan on it during a scan, according to a Google Safe Browsing diagnostic page. No suspicious content was found on the site during... read more» 
   
 





 FCC's broadband reclassification: What's next? 
 (from IT World at 6-5-2010) 
 The U.S. Federal Communications will move quickly to claim some regulatory authority over broadband after Chairman Julius Genachowski announced the agency would reclassify broadband as a regulated service. The FCC will vote on an item to start the process of reclassifying broadband transmission as a regulated, common-carrier service in the next month or so, Bruce Liang Gottlieb chief counsel to Genachowski said Thursday. The FCC announced Wednesday that it would move to reclassify broadban... read more» 
   
 





 Online community fighting the fraudsters 
 (from nebusiness at 6-5-2010) 
 NORTHUMBRIA University has launched an online community designed to help North East businesses keep up-to-date with fraud. The North East Warning, Advice and Reporting Point (NE Warp) enables members to share and receive advice and information on what’s out there, what’s struck and what cures are available. The initiative will allow businesses to strengthen their protection against financial fraud and cyber crime. It has been developed by digital security programme leader Dr Chris Laing an... read more» 
   
 





 Cloud Identity Summit 2010 
 (from cloudidentitysummit at 6-5-2010) 
 As Cloud computing matures, organizations are turning to well-known protocols and tools to retain control over data stored away from the watchful eyes of corporate IT. The Cloud Identity Summit is an environment for questioning, learning, and determining how identity can solve this critical security and integration challenge. The Summit features thought leaders, visionaries, architects and business owners who will define a new world delivering security and access controls for cloud computing.... read more» 
   
 





 NIST Special Publication 800-53A Revision 1 - Guide for Assessing the Security Controls in Federal Information Systems and Organizations 
 (from NIST at 6-5-2010) 
 PURPOSE AND APPLICABILITY The purpose of this publication is to provide guidelines for building effective security assessment plans and a comprehensive set of procedures for assessing the effectiveness of security controls employed in information systems supporting the executive agencies of the federal government. The guidelines apply to the security controls defined in Special Publication 800-53 (as amended), Recommended Security Controls for Federal Information Systems and Organizations. Th... read more» 
   
 





 FISMA Reform Bill Clears House Panel 
 (from Government Information Security at 6-5-2010) 
 A bill to require federal agencies to employ real-time security monitoring of their information systems to replace the current paper process cleared its first hurdle Wednesday, receiving approval by the House Oversight and Government Reform Subcommittee on Government Management, Organization and Procurement. The bill would require that the president's top cybersecurity adviser and the federal chief technology officer be confirmed by the Senate. The measure also would establish a panel of gove... read more» 
   
 





 Idolizing Attribution 
 (from Government Information Security at 6-5-2010) 
 That's the assertion of Liu Zhengrong, deputy director-general of the Internet Affairs Bureau in China's State Council Information Office, made at this week's global cybersecurity conference in Dallas sponsored by the think tank, EastWest Institute. Liu, according to a report in the Dallas Morning News, estimates cybercrime losses top $1 billion a year in China. Indeed, the Internet is architected to allow anonymity. One proposal offered at the conference is to create a two-tiered Internet, ... read more» 
   
 





 INVESTIGATION: Medical records discovered in local dumpsters. What's being done about it? 
 (from abcactionnews at 6-5-2010) 
 An ABC Action News investigation has uncovered local businesses who are carelessly discarding your sensitive personal information. In our second installment of this Taking Action investigation, we've uncovered examples of private medical records thrown away unshredded.... read more» 
   
 





 Microsoft Security Bulletin Advance Notification for May 2010 
 (from Microsoft at 6-5-2010) 
 Executive Summaries This advance notification provides a number as the bulletin identifier, because the official Microsoft Security Bulletin numbers are not issued until release. The bulletin summary that replaces this advance notification will have the proper Microsoft Security Bulletin numbers (in the MSyy-xxx format) as the bulletin identifier. Affected Software: Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Se... read more» 
   
 





 M86 Security Labs Report Details Web Exploit Kits 
 (from DarkReading at 6-5-2010) 
 M86 Security, the global expert in Web and email threat protection, today announced the release of the latest security report from M86 Security Labs, "Web Exploits - There's an App for That," which details the rise of distributed, monetized "exploit" kits, with M86 Security Labs counting more than a dozen new attack kits being launched in just the last six months. M86 Security Labs also has noted that most of the exploit kits were in Russian, such as Adpack and Fragus, perhaps indicating the loc... read more» 
   
 





 Internet censorship in China: The conventional view 
 (from NetworkWorld at 6-5-2010) 
 No one doubts that the government of the People's Republic of China is one of the most repressive regimes on the planet, nor that its repression extends to pervasive interference with its citizens' access to information at all levels, including blocks on Internet-mediated transmission from outside the country and suppression of internal news circulation by indigenous reporters. Australian journalist Jodie Martin wrote, "Since the introduction of the internet in China in 1994, the Chinese gove... read more» 
   
 





 Facebook's exorbitant privilege 
 (from Foreign policy at 6-5-2010) 
 One of the purposes of this blog is to take somewhat arcane concepts from the world of social science and make them more accessible to the general interest reader. For example, there's been a lot of talk in recent years about the end of the dollar's status as the world's reserve currency. I keep saying it's not going to happen. To undertstand why, let me put it this way: the U.S. dollar is the Facebook of hard currencies. Social networking technologies, like reserve currencies, have a p... read more» 
   
 





 FedRAMP Seeks to Unify Cloud Computing Security Standards Across the U.S. Government 
 (from NetworkWorld at 6-5-2010) 
 Yesterday, I hosted a panel at the Cloud Computing summit focused on cloud security for the federal government. The panel was made up of some smart folks: Alex Hart from VMware, Bob Wambach from EMC and one of the primary authors of the Cloud Security Alliance guidelines, Chris Hoff from Cisco. While these folks offered great contributions, most questions were focused on the fourth member of the panel, Peter Mell from NIST, the chair of the Federal Cloud Computing Advisory Council. Why? Let's... read more» 
   
 





 New privacy bill makes your location, sxxual orientation "sensitive info" 
 (from Arstechnica at 6-5-2010) 
 Major Internet privacy legislation was unveiled today by Rep. Rick Boucher (D-VA) and Rep. Cliff Stearns (R-FL). Under the bill, companies would be forbidden from using your cell phone's geolocation information without your consent, and the same goes for information on your race, religious beliefs, or sexual orientation. For most other information, a simple opt-out will keep that data—even data already collected—from being used. Boucher chairs the House Subcommittee on Communications, Technol... read more» 
   
 





 Wi-Fi key-cracking kits sold in China mean free Internet 
 (from NetworkWorld at 6-5-2010) 
 Dodgy salesmen in China are making money from long-known weaknesses in a Wi-Fi encryption standard, by selling network key-cracking kits for the average user. Wi-Fi USB adapters bundled with a Linux operating system, key-breaking software and a detailed instruction book are being sold online and at China's bustling electronics bazaars. The kits, pitched as a way for users to surf the Web for free, have drawn enough buyers and attention that one Chinese auction site, Taobao.com, had to ban the... read more» 
   
 





 Lessons to be learned from Facebook privacy changes 
 (from Net-Security at 6-5-2010) 
 The recent Facebook privacy changes, the public outcry they caused and the petition by a group of U.S. senators to the Federal Trade Commission to restrict the amount of personal information that online social networks can use, have brought into the spotlight the question of just how much the revealed information can hurt you. Highly personal information such as a full birth date can help cyber thieves, and your street address, phone number and a status that says that you're on vacation can b... read more» 
   
 





 Facebook flaw exposes private information 
 (from v3 at 6-5-2010) 
 A major security flaw in Facebook has allowed users to see other people's personal information, and once again opened the social networking site to accusations of not securing user data effectively. The fault meant that users editing their privacy settings and then using Facebook's 'See how my profile looks to friends' feature were able to see friends' chat boxes and friend requests.... read more» 
   
 





 Google's security and privacy are not good enough 
 (from The Inquirer at 6-5-2010) 
 A US UNIVERSITY has said that Google's commitment to privacy and security doesn't meet its standards. According to Information Week, Gmail failed a University of California at Davis evaluation as the official e-mail program for its 30,000 faculty and staff members. UC Davis' CIO Peter Siegel, academic senate IT chair Niels Jensen, and campus council IT chair Joe Kiskis said the school decided to end its Gmail pilot because faculty members doubted Google's ability to keep their corresponden... read more» 
   
 





 Facebook users reveal risky details 
 (from CNet at 6-5-2010) 
 More than half of Facebook and MySpace users surveyed have posted risky personal details about themselves online, according to the results of a new survey from Consumer Reports. The magazine's State of the Net 2010 report, published in its June 2010 issue and discussed in its Electronics blog on Tuesday, also discovered that 23 percent of Facebook users don't even know about the site's privacy controls or just don't bother to use them. The Consumer Reports National Research Center, which co... read more» 
   
 





 Man charged in US for reprogramming cash machines 
 (from h-online at 6-5-2010) 
 The US public prosecutor has charged a 19-year old man with attempting to reprogram cash machines. The man planned to exploit configuration options on cash machines manufactured by Tranax, which allow note denomination settings to be altered after entering a specific key sequence from the keypad (Tranax 1700: Enter, Clear, Cancel, 1,2,3) and a (default) password. By changing the recorded denomination for the cassette holding £20 notes to only $1 notes, the machine can be persuaded to give mor... read more» 
   
 





 Facebook site flaw exposes live chat sessions, user data 
 (from ZDNet at 6-5-2010) 
 The problems with security and privacy on Facebook hit a new gear today with news that a site vulnerability exposed live chat sessions and other private user data. According to a TechCrunch Europe report, the gaping security security on the Facebook site allowed any user to view the live chats of their ‘friends’ with just a few mouse clicks. From the article: Using what sounds like a simple trick, a user can also access their friends’ latest pending friend-requests and which friends they ... read more» 
   
 





 House Privacy Bill Arrives, Leaves Advocates Fuming 
 (from eSecurity Planet at 6-5-2010) 
 After more than a year of hearings and meetings with a broad array of interested parties, House subcommittee leaders have unveiled draft language of a bill that would set rules for Internet marketers and other Web companies in an effort to protect consumers' online privacy. The draft bill sets guidelines for online companies to provide consumers with meaningful notice about what information is being collected and how it is being used and shared. For most types of information, the bill only... read more» 
   
 





 Microsoft Calls for a Cybercrime Framework 
 (from eSecurity Planet at 6-5-2010) 
 The corporate vice president of Microsoft's Trustworthy Computing group is aiming to map out a plan for how businesses, governments, and individuals need to look at and deal with international cybercrime. Charney voiced his views and his concerns with cybersecurity's present shortcomings this week in a blog post, in a white paper, and in a presentation at the EastWest Institute's Worldwide Cybersecurity Summit in Dallas.... read more» 
   
 





 Is there really a cyberwar? 
 (from The Age - Australia at 6-5-2010) 
 Some officials and computer security companies say yes, arguing that armies of hackers are stealing online secrets and using the internet to attack infrastructure such as power grids. However, other experts said at a conference this week that "cyberwarfare" is such a broadly used term that it might be hurting efforts by countries to agree how to cooperate on Internet security.... read more» 
   
 





 Australia To Join Council Of Europe Convention On Cybercrime 
 (from thegovmonitor at 6-5-2010) 
 Attorney-General, Robert McClelland, and Minister for Foreign Affairs, Stephen Smith, today announced Australia’s intention to accede to the Council of Europe Convention on Cybercrime. The Convention, which entered into force in July 2004, is the only binding international treaty on cybercrime. It serves as both a guide for nations developing comprehensive national legislation on cybercrime and as a framework for international co-operation between signatory countries....read more» 
   
 





 Webinar : Auditing for Fraud in Financial Statements 
 (from AuditNet at 6-5-2010) 
 Time: 2:00 PM - 3:15PM EDT Your Presenters: - James Kaplan, CIA, CFE, President of AuditNet - Peter Goldmann, MSc., CFE, President of White-Collar Crime 101/FraudAware After attending this Webinar, you will know how to detect and reduce the risk of...: - Fraudulent revenue recognition - Manipulating asset values - Over-reporting receivables - Recording fictitious sales - Manipulating expenses - Improper/fraudulent disclosures If you’re an internal auditor, external auditor... read more» 
   
 





 Guide for Assessing the Security Controls in Federal Information Systems and Organizations - NIST Special Publication 800-53A Revision 1 
 (from NIST at 6-5-2010) 
 Today’s information systems9 are complex assemblages of technology (i.e., hardware, software, and firmware), processes, and people, working together to provide organizations with the capability to process, store, and transmit information in a timely manner to support various missions and business functions. The degree to which organizations have come to depend upon these information systems to conduct routine, important, and critical missions and business functions means that the protection of ... read more» 
   
 





 Webinar: How to define, implement and manage an Information Security Management System according to ISO 27001 framework 
 (from easy2comply at 6-5-2010) 
 May 12th 2010 10am (New York Time) – 3pm (London Time) The web seminar is structured in two parts. Firstly, a history of Information Security Management will be provided, the regulation surrounding this important topic, and the problems the industry faces in addressing these issues. Secondly, we will take you briefly through easy2comply's ISO 27001 software and show you how the management of Information Security can be made easier and more efficient. This webinar is aimed at: Chief Se... read more» 
   
 





 Gumblar: Farewell Japan - Japanese servers are no longer reinfected 
 (from Securelist at 6-5-2010) 
 Gumblar malware first appeared in spring 2009. Since then it has attracted a lot of attention of local ISPs in many countries, because it steals FTP credentials and injects malicious links in legitimate content as well as uploading backdoors on compromised servers. We have already described the general architecture of the Gumblar system here. The only thing which has changed since that time is the number of compromised servers and the additional layer of servers in the infection process chain... read more» 
   
 





 Americans Seeking Reward Money Inform IRS on Others (Update2) 
 (from Businessweek at 6-5-2010) 
 Americans seeking reward money are turning in neighbors, clients and employers they suspect of cheating on taxes to the IRS at a rate of nearly eight per day, the director of the agency’s whistleblower program said. Steve Whitlock, the director, told an audience of about 200 lawyers, investigators and government officials at a Miami Beach conference on offshore banking that his office receives 40 to 50 tips per month alleging tax liability in excess of $2 million. Americans submit another 200... read more» 
   
 





 Michael Dell calls for cybersecurity rethink 
 (from TechWorld at 6-5-2010) 
 Cybersecurity needs a global rethink, and fast, Dell’s CEO Michael Dell and Services CIO, Jim Stikeleather, have warned experts at the EastWest Institute Worldwide Cybersecurity Summit in the US. In separate presentations and briefings, the men developed the theme of piecemeal reactions to the rapid rise of crymber-criminality, which included economic crime and direct threats to critical infrastructure.... read more» 
   
 





 3rd International Disaster and Risk Conference IDRC Davos 2010 
 (from IDRC at 6-5-2010) 
 We would like to thank all the contributors to the IDRC Davos 2010 and are very happy to announce that the IDRC Davos 2010 Programme is evolving. Currently the IDRC Davos 2010 consists of 13 Plenary Sessions; a total of 279 Presentations will be presented in 54 Parallel Sessions; 179 Poster Presentations will be displayed and discussed in 18 thematic clusters; a total of 24 Special Sessions will also contribute to the IDRC Davos 2010. Prior and after the main conference days 30 May - 03 Ju... read more» 
   
 





 Is there really a cyberwar? Term might be misused 
 (from Yahoo News at 6-5-2010) 
 Is there really a "cyberwar" going on? Some officials and computer security companies say yes, arguing that armies of hackers are stealing online secrets and using the Internet to attack infrastructure such as power grids. However, some security analysts said at a conference this week that "cyberwarfare" is such a broadly used term that it might be hurting efforts by countries to agree how to cooperate on Internet security. For instance, last month the United Nations rejected a Russian pro... read more» 
   
 





 US data-collection bill gets chilly reception 
 (from The Register at 6-5-2010) 
 A proposed US congressional bill to regulate the collection of personal data is being almost universally panned, with privacy advocates arguing it's inadequate and pro-business groups saying it goes too far. The draft legislation (PDF) would for the first time impose national standards on how companies collect IP addresses, viewer history, and other potentially sensitive data from individuals. It would apply to websites and offline operations as well.... read more» 
   
 





 Summary Box: Analyzing the meaning of `cyberwar' 
 (from Yahoo News at 6-5-2010) 
 WORDS MATTER: Computer security analysts said at a conference this week that the term "cyberwar" is used so broadly that it makes it hard for nations to agree on how to best cooperate on Internet security. LOOK IT UP: It's often used to refer to anything from financial crimes to attacks over the Internet that actually could kill people. THE IMPLICATION: The "war" metaphor might make some people in industry think government bears the main responsibility for stopping such attacks. Instead, e... read more» 
   
 





 Gartner survey: SaaS use to explode in 2010 
 (from napera at 6-5-2010) 
 A new Gartner survey of 270 IT and business management professionals from a variety of industries in North America, Europe and Asia/Pacific shows a healthy 95 percent of organizations plan to maintain or grow their SaaS use through 2010. “SaaS applications clearly are no longer seen as a new deployment model by our survey base, with almost half of those surveyed affirming use of SaaS applications in their business for more than three years,” said Sharon Mertz, research director at Gartner.... read more» 
   
 





 New China encryption rule could pose headaches for U.S. vendors 
 (from ComputerWorld at 6-5-2010) 
 Vendors of some technology products will soon face a new hurdle when selling their products in China. Starting Saturday, the Chinese government will require vendors in several product categories to disclose details of encryption technologies used in their products, in order for them to be able to sell to government agencies. The new rules cover 13 technologies, including firewalls, routers, smartcards, database security tools, as well as anti-spam and network intrusion detection products. ... read more» 
   
 





 Report reams IT admins for secretly snapping student pics 
 (from The Register at 6-5-2010) 
 A suburban Philadelphia school district secretly captured more than 58,000 images of students and their friends and family members as a result of an "overzealous" campaign to track the whereabouts of school-issued laptops, according to an independent report. Although the tracking technology was supposed to be used only in cases where a laptop was stolen or missing, 50,000 of those images were taken after the computers had been recovered, according to the report, prepared by a former federal p... read more» 
   
 





 Most Social Network Users Post Private Data 
 (from Information Week at 6-5-2010) 
 Caught up, perhaps, in the joy of reuniting with old friends and keeping up with new ones, Americans are putting themselves at risk by sharing too much personal information on social networking sites, a new study by Consumer Reports found. Two-thirds of online households in the United States use Facebook or MySpace -- almost double the number in 2009, the magazine reported in the "State of the Net" report published in the June 2010 issue. In the study of 2,000 online households, 40% posted th... read more» 
   
 





 UK and France are the safest Internet surfers in the world 
 (from SecurityPark at 6-5-2010) 
 According to research conducted by Absolute Software, people in the UK and France are the safest IT users in the world when it comes to surfing safely, with 85 per cent and 87 per cent of laptop owners respectively using anti-virus protection. However, UK laptop owners are leaving themselves vulnerable to identity theft by not taking data security seriously. The online study, carried out in association with YouGov, revealed Germany, by contrast to the UK, had the least safe surfers with just ... read more» 
   
 





 A Treasury of Dumps - Internet botnets are quite adept at identity and credential theft 
 (from Damballa at 6-5-2010) 
 Most of the “popular” Internet botnets are quite adept at identity and credential theft. Granted, this is usually just the first phase of a successful botnet breach and the lowest hanging (digital) fruit, but it remains one of the more profitable data streams for the botnet’s criminal operators. However there’s a big gap between criminals that know how to build a botnet and automatically steal tens-of-thousands of identities, and those that are capable of really monetizing the stolen credenti... read more» 
   
 





 Does Storing Your Documents In 'The Cloud' Mean The Gov't Has Easier Access To It? 
 (from Techdirt at 6-5-2010) 
 One of the more annoying things concerning the ever changing technology world is the trouble that the law has in keeping up. We're seeing that a lot lately. For example, a few months ago, we talked about 4th Amendment issues when it comes to cloud data. There are a few different camps on this, with a few different thoughts -- and so far, no one's exactly sure who's right. The current federal statute on the issue, the Electronic Communications Privacy Act (ECPA), 18 U.S.C. § 2510, et seq., bas... read more» 
   
 





 Department of Treasury Web Site Hacked 
 (from Information Week at 6-5-2010) 
 A Department of Treasury Web site hosted by a third party was hacked on Monday, for a short while redirecting visitors to a malicious site in Ukraine and later tracking IP addresses before the Department of Treasury took the site offline. The main Web site of the Treasury division that prints U.S. paper currency, the Bureau of Engraving and Printing, remained down as of Wednesday morning, presenting would-be visitors with a 404 "not found" error at each of the four URLs that point to the page... read more» 
   
 





 Draft US privacy Bill weak on data protection plans 
 (from v3 at 6-5-2010) 
 A draft US Bill that contains proposals for regulating online data protection policies and increasing web users' privacy has been criticised for not going far enough and potentially harming buinesses. The 27-page document that soon may be debated in Congress has been put forward by Democrat Rich Boucher and Republican Cliff Stearns. However, while data privacy groups have long requested tighter data privacy legislation, they argue that the draft Bill does not go far enough.... read more» 
   
 





 China backs international efforts to secure cyberspace 
 (from ManilaTimes at 6-5-2010) 
 China supports international efforts to secure cyberspace but believes each nation's "Internet sovereignty" must be respected, a top Chinese official told a cybersecurity conference on Tuesday. "China, like many other countries, is very much concerned about cybersecurity," said Liu Zhengrong, deputy director general of the Internet Affairs Bureau of China's State Council Information Office. "China faces severe cybersecurity threats," Liu told participants here in the Worldwide Cybersecurity S... read more» 
   
 





 FCC may need to regulate broadband, say lawmakers 
 (from Computer World at 6-5-2010) 
 Two powerful Democratic members of Congress have called on the U.S. Federal Communications Commission to consider reclassifying broadband as a regulated common-carrier service in order to protect network neutrality rules and implement parts of its national broadband plan. The letter from U.S. Rep. Henry Waxman (D-Calif.), chairman of the House Energy and Commerce Committee, and Sen. Jay Rockefeller (D-W.Va.), chairman of the Senate Commerce, Science and Transportation Committee, called on the... read more» 
   
 





 Lawmakers consider changes to wiretapping law to protect cloud services 
 (from Computer World at 6-5-2010) 
 Users of e-mail and cloud computing services need to have the same protections from law enforcement searches as do people who leave information on laptops or in office cabinets, witnesses told a U.S. House of Representatives subcommittee. Congress should rewrite the 1986 Electronic Communications Privacy Act (ECPA), a law governing law enforcement agencies' access to electronic information, to account for changes in technology in the past two decades, representatives of Microsoft and the Cent... read more» 
   
 





 Cloud Leadership Forum - Advancing Cloud Adoption through Exclusive Industry/IT Dialogue 
 (from eiseverywhere at 6-5-2010) 
 The IDG/IDC Cloud Leadership Forum isn’t just any cloud event. It’s the place where the industry will set direction and clear out obstacles to market success, while senior IT executives get answers to their most pressing concerns about adopting public, private and hybrid cloud models. This exclusive event will convene the cloud industry’s most influential vendor executives and senior IT executives from leading companies to examine, debate and decide the issues critical to the success of publi... read more» 
   
 





 Rockefeller's Cybersecurity Act of 2010: A Very Bad Bill 
 (from Forbes at 6-5-2010) 
 There are a bunch of cybersecurity bills trickling through Congress right now; some of them several years in the making. Senator Rockefeller’s Cybersecurity Act of 2010(S.773) is deemed the most likely to get voted on by the Senate as it was just unanimously passed through the Senate Committee that he chairs, Commerce Science and Transportation. As a fundamental principle, cyberspace is a vital asset for the nation and the United States should protect it using all instruments of national pow... read more» 
   
 





 Sunbelt Software Announces Top 10 Malware Threats for April 
 (from Yahoo at 6-5-2010) 
 The top 10 most prevalent malware threats for the month of April are: 1. Trojan.Win32.Generic!BT 33.74% 2. Exploit.PDF-JS.Gen (v) 3.41% 3. INF.Autorun (v) 2.34% 4. Trojan-Spy.Win32.Zbot.gen 1.88% 5. Trojan.Win32.Generic!SB.0 1.85% 6. Trojan.Win32.Generic.pak!cobra 1.68% 7. BehavesLike.Win32.Malware (v) 1.31% 8. Trojan.Win32.Malware 1.23% 9. Trojan.ASF.Wimad (v) 1.07% 10. FraudTool.Win32.SecurityTool (v) 1.03%... read more» 
   
 





 Survey: Security Takes a Backseat in Virtualization Rush 
 (from Enterprise Security Today at 6-5-2010) 
 • Only 28% of respondents to the survey expressed confidence in the security of their virtual environments • A majority acknowledged importance of securing the virtualization Relevant Products/Services layer, yet only a small minority has implemented adequate controls at the hypervisor Relevant Products/Services level. • 51% cited budget as a primary inhibitor to securing virtual environments.... read more» 
   
 





 LIGATT Security and Search-Caribbean.com Host 1st Annual Caribbean Cyber Security Seminar and Workshop 
 (from hostexploit at 6-5-2010) 
 LIGATT Security International (Pink Sheets:LGTT), a cyber security company, today announced that the company, in conjunction with Search-Caribbean.com, will host their first annual Caribbean Cyber Security Seminar and Workshop entitled, A Millennium Without Fear. The seminar and workshop will be held on July 29-30, 2010 at the Errol Barrow Center for Creative Imagination, Cave Hill Campus Barbados, University of The West Indies. "After meeting with key decision makers in the government and th... read more» 
   
 





 Hundreds of Telstra workers strike, barricade T-shop 
 (from Computer World at 6-5-2010) 
 Up to 800 Melbourne Telstra workers took part in a strike over pay and staff cuts today, cutting off access to a T-Life shop and vowing to continue action across the country. The protests began at 10AM at the Victorian Trades Hall Council from where an estimated 500 workers marched to the Telstra’s Bourke street T-Life Shop and were reportedly joined by hundreds more for industrial meeting. Greens candidate Adam Bandt and Electrical Trades Union state secretary Dean Mighell threw their sup... read more» 
   
 





 Online legal camp debut in Palamau 
 (from TelegraphIndia at 6-5-2010) 
 For the first time, Jharkhand State Legal Services Authority (Jhalsa) will hold an online awareness programme for judicial officers, lawyers and litigants in Palamau — one of several Naxalite-affected districts of the state — on Thursday. The drive will be conducted by acting Chief Justice M.Y. Eqbal from Nyay Sadan in the capital. He will also launch an online mediation and conciliation centre on the civil court premises and a legal aid clinic at Palamau jail. “It will be an experiment wi... read more» 
   
 




 Getting the Word Out Through Notifications, Alerts and Warnings 
 (from emergency mgmt at 5-5-2010) 
 The federal government is pushing the system-of-systems concept for notifications. To that end, FEMA’s Integrated Public Alert and Warning System office supports creation of multisystem standards, including the Common Alerting Protocol (CAP), a data format for delivering public warnings over many systems to many applications. Two initiatives are visible at this point. One would modernize the Emergency Alert System; initial tests were recently conducted. The other creates the Commercial Mobile... read more»

Disqus for ePayment News