| | Iran Cyber Army Hacks Major Opposition Web Sites (Update2) | |
| | (from Businessweek at 13-2-2010) | |
| | Two Iranian opposition Web sites were hacked into by a group calling itself the Iran Cyber Army, one day after tight security stopped opponents of the government demonstrating on the anniversary of the Islamic revolution. The image of the Iranian flag hanging from an AK-47 rifle replaced the front pages of the kaleme.org Web site of the main challenger in the June 12 election and rahesabz.net.... read more» | |
| | | |
|
| |
| | Virus, not roses for Valentine’s Day, warns Imperva | |
| | (from mis-asia at 13-2-2010) | |
| | While the whole world is gearing up for a mushy weekend, Imperva is warning consumers to go easy on the word love. People still remember the I LOVE YOU virus that infected machines a decade ago but they still have not stopped using “iloveyou” as their password. According to Imperva, “iloveyou” is the fifth most common password, “lovely” is at number 18, “loveu” is number 23 and “loveme” is number 43. Apparently, hackers know this and they are all set to misuse personal information on social n... read more» | |
| | | |
|
| |
| | Google May Offer Buzz Independently From Gmail | |
| | (from searchengineland at 13-2-2010) | |
| | Google says it may allow people to participate in Google Buzz without having it integrated within Gmail, in addition to offering a combined Gmail service. That may be a welcome move for users of both products, especially in light of the substantial privacy concerns voiced this week about Google Buzz. “It’s clear that interest in Buzz may extend beyond the current Gmail base, and we’re open to serving that community,” said Bradley Horowitz, Google’s VP of Product Marketing, when I spoke to him... read more» | |
| | | |
|
| |
| | Card industry to report 'significant' drop in fraud | |
| | (from Out-law at 13-2-2010) | |
| | Fraud on lost and stolen credit and debit cards has fallen to its lowest level for 20 years, trade body the UK Cards Association has said. The body said that figures due to be published in two weeks' time will show that fraud on cards has fallen. A spokeswoman said that the drop was "significant" in scale and a statement said that it sent the fraud level to its "lowest level for two decades".... read more» | |
| | | |
|
| |
| | Racist content on US server 'within UK jurisdiction' | |
| | (from The Register at 13-2-2010) | |
| | The law of England and Wales applies to material published online, even if it is hosted on a server in another country, the Court of Appeal has ruled. As long as a substantial measure of the activities takes place in England, its law will apply, it said. Two men's appeals against convictions for publishing racially inflammatory material were based on their claim that the law of England and Wales should not apply because the material in question was hosted on a server in California in the US.... read more» | |
| | | |
|
| |
| | Govt can't ban pxxx websites for obscenity | |
| | (from Times of India at 13-2-2010) | |
| | In a little-noticed fallout of the recent amendment to the Information Technology (IT) Act 2000, the government has given up the power to block pxxxographic websites purely on the ground of obscenity. Sites like Savita Bhabi, in other words, can no longer be banished from the virtual world merely because they don't conform to a babu's subjective moral view. Now, the courts alone can block such sites. This is because Section 69A, which came into effect on October 27, 2009 has raised the bar fo... read more» | |
| | | |
|
| |
| | Cloud providers shrug off liability for security | |
| | (from ZDNet at 13-2-2010) | |
| | Businesses signing up for standard cloud services should not expect the provider to accept liability for data breaches and other security incidents, Microsoft and others have said. At a Cloud Law Summit in London on Wednesday, Microsoft's head of legal, Dervish Tayyip, said the company would not provide financial guarantees against data-protection issues on cloud contracts.... read more» | |
| | | |
|
| |
| | Cyber attacks against Australia 'will continue' | |
| | (from BBC at 13-2-2010) | |
| | An activist group that temporarily blocked access to key Australian government websites plans to continue its cyber attacks, the BBC has learned. The group, known as Anonymous, was protesting against the Australian government's proposals to apply filters to the internet in the country. A man claiming to be a representative of the group said that around 500 people were involved in the attack. The method they are using is known as Distributed Denial of Service (DDoS).... read more» | |
| | | |
|
| |
| | 30 minutes to explain information security | |
| | (from leune at 13-2-2010) | |
| | Running a Metasploit demo is one thing, but explaining what it actually means is another. Would the audience, that is used to living in world that predominantly consists of Facebook, Twitter and text messaging, understand the coolness of complete pwnage via a text-based interface? Doubtful. Everyone will be used to having a browser at their fingertips and demonstrating a SQL-injection attack that can be used to retrieve private information would be something they understand.... read more» | |
| | | |
|
| |
| | Hackers in China Feast on a Lucrative Market | |
| | (from data-storage-today at 12-2-2010) | |
| | Chinese Web sites sell hackers all sorts of Trojan horse programs and other malicious software designed to penetrate computer security systems. Online gaming in China alone presents hackers with a market whose value, according to a recent estimate by the state broadcaster CCTV, is 10 billion yuan (1 billion euros) annually [or $1.37 billion]. Using Trojan software secretly implanted in targeted computers, hackers steal users' personal information Relevant Products/Services and game accounts a... read more» | |
| | | |
|
| |
| | Security Issues in Cross-border Electronic Authentication | |
| | (from Enisa at 12-2-2010) | |
| | Many kinds of services use electronic authentication. The public services of government and health care providers are increasingly offering citizens electronic access to these services. These e-services are usually implemented on a national level with specific technologies, specific security concepts and specific business logic. In addition, these e-services are governed by the laws of the individual Member States, which range from data protection laws to dedicated regulations for the selected a... read more» | |
| | | |
|
| |
| | New flaws in chip and pin system revealed | |
| | (from BBC at 12-2-2010) | |
| | Most of us do not think twice about paying for something in a high street shop by keying in our pin. It is easy, fast and in most cases it works. But scratch a little under the surface and there are persistent reports of people who say they have been the subject of fraud of one kind or another on their credit or debit card. Now a team of computer scientists at Cambridge University has found a flaw in chip and pin so serious they think it shows that the whole system needs a re-write. Ove... read more» | |
| | | |
|
| |
| | 'Phishing' expeditions on the increase | |
| | (from mg.co.za at 12-2-2010) | |
| | The number of schemes to fraudulently obtain confidential information from internet banking users has grown, the South African Banking Risk Information Centre (Sabric) said on Tuesday. "Banking industry data managed by Sabric shows that the number of 'phishing' websites targeting local bank clients that have been detected and shut by the banks have more than trebled in the last four months," Sabric CEO Kalyani Pillay said in a statement.... read more» | |
| | | |
|
| |
| | Trend Micro warns to beware cybercriminal during the Valentine's Day | |
| | (from thaipr at 12-2-2010) | |
| | During the Valentine’s Day, the volume of phishing and malware-infected email is already starting to rise, judging from reports from Trend Micro. According to the veteran IT security vendor, it expects a further rise in related criminal internet activity, as previous years have seen emails on topical subjects such as a flowers, chocolates and other gifts, which route internet users to malware-infected and payment and-harvesting websites. Researchers with Trend Micro say that they ha... read more» | |
| | | |
|
| |
| | Police arrest 3 Turks over debit card scam | |
| | (from bangkokpost at 12-2-2010) | |
| | Ziya Ismet Gebologco, 54, Ozulmez Bekir, 37, and Falay Togan Ahmet, 34, were arrested yesterday with seven debit cards, a laptop computer and a digital camera at Seacon Square shopping mall on Srinakarin Road by Crime Suppression Division police. CSD police said they had been hunting the gang for three months. The three are suspected of using fake debit cards to buy goods and services worth more than 10 million baht in Thailand last year. Their cards were made abroad and brought to Thailand... read more» | |
| | | |
|
| |
| | Her Majesty's Government demands protection against cell phone theft | |
| | (from NetworkWorld at 12-2-2010) | |
| | The British government is demanding that the cell phone industry do more to protect subscribers from phone theft. This would be the same government that just days ago proudly unveiled shatterproof pint glasses for use in pubs. Neither of the two methods apparently involves actually fashioning the glasses from plastic. According to the BBC story, these firms "have a social and a corporate responsibility to tackle crime," says Alan Campbell, Minister for Crime Prevention. Apparently, the min... read more» | |
| | | |
|
| |
| | European Credit and Debit Card Security Broken | |
| | (from Slashdot at 12-2-2010) | |
| | With nearly a billion users dependent on smart banking credit and debit cards, banks have refused liability for losses where an idenification number has been provided. But now, the process behind the majority of European credit and debit card transactions is fundamentally broken, according to researchers from Cambridge University. The researchers have demonstrated a man-in-the-middle attack which fooled a card reader into accepting a number of point-of-sale transactions, even though the card... read more» | |
| | | |
|
| |
| | Chip and PIN is broken, say researchers is | |
| | (from ZDNet at 12-2-2010) | |
| | Chip-and-PIN readers can be tricked into accepting transactions without a valid personal identification number, opening the door to fraud, researchers have found. Researchers at Cambridge University have found a fundamental flaw in the EMV — Europay, MasterCard, Visa — protocol that underlies chip-and-PIN validation for debit and credit cards. As a consequence, a device can be created to modify and intercept communications between a card and a point-of-sale terminal, and fool the terminal ... read more» | |
| | | |
|
| |
| | WARNING: Google Buzz Has A Huge Privacy Flaw | |
| | (from businessinsider at 12-2-2010) | |
| | Google released some privacy fixes for Buzz. They're a nice start, but we don't think they go far enough. Read more here: Sorry, Google's Improvements To Buzz Don't Fix Privacy Flaw Earlier: There is a huge privacy flaw in Google's new Twitter/Facebook competitor, Google Buzz. When you first go into Google Buzz, it automatically sets you up with followers and people to follow.... read more» | |
| | | |
|
| |
| | Coloring outside the lines: Security break-downs don't follow rules | |
| | (from TechRepublic at 12-2-2010) | |
| | What do you think of when you hear “IT security”? Do you think of strong passwords, buffer overflows, and encryption? These are, of course, important factors to consider when worrying about security. This sort of thing is only part of the story, however. Security is really not that simple. Security is not something you can buy as an off-the-shelf product, or something you can get just by checking all the boxes on a checklist. Security is an ongoing effort to forestall and counteract the effor... read more» | |
| | | |
|
| |
| | Publicity we can all do without | |
| | (from ComputerWeekly at 12-2-2010) | |
| | Publicity-seeking security researchers are a welcome boost to journalists, but they are a pain for serious security practitioners who spend many years developing and justifying security solutions for a largely resistant and doubting community of business managers and customers, only to find their efforts undermined by sensational media claims that their countermeasures are not 100% perfect. This week we have seen two sets of claims that undermine existing security solutions, and as a result ... read more» | |
| | | |
|
| |
| | Updated Security Information as of 11 February 2010 | |
| | (from ICANN at 12-2-2010) | |
| | Within the last 24 hours, we received an unclassified report from the United States’ Department of State related to the Kenyatta International Conference Center, the venue for our upcoming meeting (attached below). The types of threats outlined in that communication are difficult to assess. ICANN is now reaching out to different parties in Kenya and elsewhere to see if it is possible to better assess the situation, and of course will share any further information with you.... read more» | |
| | | |
|
| |
| | European Parliament blocks US access to SWIFT data | |
| | (from h-online at 12-2-2010) | |
| | As reported by the BBC and others, today the European Parliament voted to block further US access to SWIFT banking data. Despite intensive US lobbying the motion to block was approved with 378 votes in favor, 196 against and 31 abstentions. Following 9-11 in 2001 the US had secretly started to analyse European banking data as part of the "War on Terror". The US use of the SWIFT data remained undisclosed until 2006. In November of 2009 European Ministers had passed an interim agreement to con... read more» | |
| | | |
|
| |
| | 45% of men watch pxxx online | |
| | (from IDG at 12-2-2010) | |
| | More than two in five (45 percent) men use the internet to watch porn, says WinMonkey. Research by the competition website revealed that of those that watch porn online, 87 percent immediately erase their browsing history, while only a third would publicly admit to it. According to WinMonkey 65 percent of men said they spent most of their time online playing games, while 62 percent said social networks including Facebook dominated their surfing time and 55 percent claimed their time on the... read more» | |
| | | |
|
| |
| | Government and infrastructure tops hacking league | |
| | (from TechWorld at 12-2-2010) | |
| | Cybercriminals are now aggressively targeting government and critical infrastructure companies, a review of malware and attack patterns over the last year has found. While the core takeaways in ScanSafe's Annual Global Threat Report won't surprise anyone at a time of high-profile controversy over attacks on governments, the statistics put some flesh on a problem that does seem to have suddenly got markedly worse. In 2009, Scansafe's analysis from its traffic passing its security-as-a-servi... read more» | |
| | | |
|
| |
| | New tool to detect Aurora malware behind Google hack | |
| | (from TechWorld at 12-2-2010) | |
| | Security vendor HBGary has released a free software tool that can remove "Aurora" malware, linked to corporate espionage at more than 30 companies. Called the Aurora Inoculation Shot, this utility will remotely scan Windows machines over the network for signs of Aurora and can remove the malicious software as well. It uses the Windows Management Instrumentation services to carry out the inoculation. Although Aurora has been linked to attacks on just 34 companies, the software has captured ... read more» | |
| | | |
|
| |
| | Cyber Shockwave exercise to test US infrastructure | |
| | (from v3 at 12-2-2010) | |
| | The US is to come under a cyber attack on Tuesday as part of a test of the national infrastructure. The Cyber Shockwave exercise will involve a huge simulated attack against US government and business national infrastructure systems. The attack is being run by the Bipartisan Policy Center's National Security Preparedness Group. Former Department of Homeland Security secretary Michael Chertoff and former CIA deputy director John McLaughlin will take the roles of government leaders in a m... read more» | |
| | | |
|
| |
| | Ex-Goldman employee indicted over software theft | |
| | (from Timesonline at 12-2-2010) | |
| | A former Goldman Sachs computer programmer was charged with stealing top-secret computer code from the Wall Street bank to use at a rival trading house. Sergey Aleynikov faces up to 25 years in prison on counts of theft of trade secrets, transportation of stolen property and unauthorised computer access. The case shines a light on the secretive and competitive world of high-frequency trading, in which companies race to make the fastest algorithmic trading platform, while trying to protect ... read more» | |
| | | |
|
| |
| | Oak Ridge develops powerful intrusion detection systems | |
| | (from homelandsecuritynewswire at 12-2-2010) | |
| | The attack analysis program uses machine learning to increase effectiveness; ORCA effectively sits on top of off-the-shelf intrusion detection systems, and its correlation engine processes information and learns as cyberevents arrive; the correlation engine supplements or replaces the preset rules used by most intrusion detection systems to detect attacks or other malicious events Scientists at the Energy Department’s Oak Ridge National Laboratory have developed an attack analysis tool that u... read more» | |
| | | |
|
| |
| | Google refuses to censor Australian YouTube | |
| | (from boingboing at 12-2-2010) | |
| | Google is seemingly bent on making a clean sweep of the Pacific Rim in its new anti-censorship campaign: first it refused to go on censoring its services at the behest of the Chinese government; now it has refused the Australian government's (batshit crazy) request to censor YouTube videos that Canberra's censor board put into its "refused classification" bucket. The minister who made the request, Stephen Conroy, apparently missed the memo on Google and China, as he cited Google's erstwhile w... read more» | |
| | | |
|
| |
| | Broward School District investigates computer hacking | |
| | (from Sun-sentinel at 12-2-2010) | |
| | The Broward School District said Thursday it has found "several security breaches" with school computer systems, and is investigating whether students at multiple schools hacked into computers to change grades and show work was completed when it wasn't. "We're not sure how many [schools], if it's one, if it's two," said district spokeswoman Nadine Drew. "It appears to be more than one." Drew said they aren't sure how many students were involved, or when it started. She declined to name the... read more» | |
| | | |
|
| |
| | Vietnam blogger complains of website hacking | |
| | (from qatar-tribune at 12-2-2010) | |
| | HANOI A well-known Vietnamese political blogger has had his website hacked in what a Western diplomat described as a more aggressive approach by authorities to online critics. “My personal blog has been attacked for several days by hackers and is no longer accessible,” said Huy Duc, whose blog, “Osin”, could not be opened. Duc said he did not know what the problem was but a Western diplomat said the authorities appeared to be behind recent problems at a number of politically-oriented and c... read more» | |
| | | |
|
| |
| | Major IT security system launched in Bahrain | |
| | (from poten at 12-2-2010) | |
| | More than 40 leading information technology officers from banks, government and other corporate bodies turned up for the launch of the LANDesk Technology. The event was held at the Crowne Plaza Hotel. The IT security system is being launched in Bahrain for the first time by UAE-based company Intertech which has already secured one major client for the US manufactured system.... read more» | |
| | | |
|
| |
| | Hackers take `racist' revenge for attacks on Indians | |
| | (from The Australian at 12-2-2010) | |
| | HACKERS claiming revenge for racist attacks on Indian students have targeted the servers of several Melbourne businesses, shutting down computer systems and resulting in hundreds of thousands of dollars of lost income. Victoria Police yesterday confirmed they were investigating cyber attacks on several Melbourne businesses that had been targeted in the past four days. "The Victoria Police e-crime squad is investigating reports of the alleged hacking of a number of different business server... read more» | |
| | | |
|
| |
| | New Technology Offers Secure Electronic Payment Via Mobile Phones | |
| | (from DarkReading at 12-2-2010) | |
| | Researchers from the University of Oxford have created a protocol for making electronic payments via mobile phones: The technology provides a secure channel that its inventors hope will be rolled into smartphone mobile banking or other payment applications. The idea for the technology came out of the U.K. Payments Council's plans to eliminate check payments by 2018. The goal of the Oxford project is to provide a secure channel for making peer-to-peer and person-to-person payments, says Bill R... read more» | |
| | | |
|
| |
| | New Patches Cause BSoD for Some Windows XP Users | |
| | (from KrebsonSecurity at 12-2-2010) | |
| | If you use Windows XP and haven’t yet updated your system with the applicable security updates that Microsoft issued Tuesday, you might want to hold off for a bit. Turns out, a non-trivial number of XP users are reporting that their systems suffer from the dreaded Blue Screen of Death (BSoD) and fall into an interminable reboot loop after installing the latest batch of patches from Redmond. The problem seems to be affecting only some XP systems. This thread on a Microsoft.com answers forum se... read more» | |
| | | |
|
| |
| | Chip and pin fraud danger revealed | |
| | (from Channel4 at 12-2-2010) | |
| | A team of computer researchers say they have uncovered flaws in the Chip and Pin system which are being exploited by fraudsters to use stolen cards. The group from the University of Cambridge's Computer Laboratory found that criminals can insert a "wedge" between the stolen card and terminal, tricking it into believing the pin has been correctly verified, when in fact any pin can be used for the transaction to go through. The card meanwhile thinks it was authorised by signature. Dr Steven ... read more» | |
| | | |
|
| |
| | Fake Cyber Terrorist Attack Will Get Real Government Response Next Week | |
| | (from Gizmodo at 12-2-2010) | |
| | Next week, for the first time, the public will be able to see how the US government might respond to a full-fledged act of cyber terrorism, in a simulation that will include top intelligence and security officials. On February 16, the Bipartisan Policy Centre-hosted event, dubbed Cyber ShockWave, will assemble many top officials in the “White House situation room” – recreated by set designers in a conference room at the Mandarin Hotel – to respond to a multifacted cyber attack of which they w... read more» | |
| | | |
|
| |
| | Australia cyber attacks could last ‘months’ | |
| | (from Gulf-Times at 12-2-2010) | |
| | A shadowy group of cyber-activists who succeeded yesterday in jamming key Australian government websites for a second consecutive day warned they could shut down the sites for months. The group, Anonymous, blocked the main government website www.australia.gov.au and www.aph.gov.au, the Australian parliament’s homepage, for a second day running in protest over controversial plans to filter the Internet. Codenamed ‘Operation: Titstorm’, the hacking campaign involves hundreds of people from a... read more» | |
| | | |
|
| |
| | Australian businesses hacked over attacks on Indian students | |
| | (from southeastasianews at 12-2-2010) | |
| | Hackers have attacked businesses in this Australian city in response to violence against Indian students, a media report said Thursday. Computers at five Melbourne-based businesses were attacked by a hacker who threatened to attack more companies if the violence continued, ABC Online reported. A Melbourne construction company says it lost all its data and had to pay $120,000 to repair its computer network, it said. ... read more» | |
| | | |
|
| |
| | Nigerian government uses music in cybercrime fight | |
| | (from infosecurity-us at 12-2-2010) | |
| | The Economic and Financial Crimes Commission is collaborating with Nigerian musicians to try and persuade people not to engage in digital scams. Ten Nigerian artists released a song titled 'Maga no need pay' earlier this month, which will be a precursor to the first West African Cybercrime Summit, to be hosted by Nigeria later this year. The release of the song is a reaction to a groundswell of popular music glorifying 419 scams, so called because section 419 of the Nigerian Criminal Code spe... read more» | |
| | | |
|
| |
| | Companies penny-wise in online security | |
| | (from edmontonjournal at 12-2-2010) | |
| | Using social networking sites such as Facebook and Twitter as a promotional tools makes companies far more vulnerable to cybercrime, security expert Robert Herjavec says. "The dichotomy is how companies protect their core online assets while allowing people the access they need," said Herjavec, one of the hosts of CBC's The Dragon's Den. While companies increasingly are aware of the threat, it doesn't necessarily translate into spending money on prevention, said Herjavec, who will be in Ed... read more» | |
| | | |
|
| |
| | Antivirus software fail to stop malware | |
| | (from ComputerWorldUk at 12-2-2010) | |
| | Nearly a third of PCs protected by up-to-date antivirus software show signs of malware infection, a new analysis based on real-world scans has found. Dutch cloud security startup, SurfRight, studied scans from 107,435 PCs that had downloaded its cloud-based behavioural scanning system, and found malware on 35 percent of the machines, about what one might expect of the general population of PCs. More surprising, however, was that 32 percent of machines using a fully-updated antivirus programs ... read more» | |
| | | |
|
| |
| | U.S. Internet security plan revamped | |
| | (from SFGate at 12-2-2010) | |
| | Instead of focusing on consolidating external Internet connections that civilian agencies operate -- which number in the thousands -- the Office of Management and Budget is directing agencies to deploy a standard set of security tools and processes on all of their Internet connections. The shift represents a new direction for the federal Trusted Internet Connections (TIC) Initiative, which was launched by the Bush administration in November 2007. The Bush administration's original goal was... read more» | |
| | | |
|
| |
| | Iran Shutters Google's Gmail Service | |
| | (from DarkReading at 12-2-2010) | |
| | The Islamic Republic of Iran has reportedly decided to close Google's Gmail service in the country and offer its citizens a national e-mail service. A Fox News report claims that Iran's telecommunications agency has announced the Gmail has been permanently suspended and that Iran will soon offer a national e-mail service, presumably to give the government more control over how Iranian citizens communicate. Google confirmed Gmail access problems in Iran but did not comment on the role of Ir... read more» | |
| | | |
|
| |
| | Google Buzz faces criticism over privacy | |
| | (from ComputerWorldUk at 12-2-2010) | |
| | At issue is a feature that compiles a list of the Gmail contacts who users most frequently email or chat with. Buzz automatically starts following these people and makes the list public, meaning strangers can see who Buzz users have been in contact with. The issue was noted by the Silicon Alley Insider. "Imagine ... a wife discovering that her husband emails and chats with an old girlfriend," the website said. "Imagine a boss discovers a subordinate emails with executives at a competitor." ... read more» | |
| | | |
|
| |
| | European Parliament blocks bank data transfer to US | |
| | (from ComputerWorldUk at 12-2-2010) | |
| | The European Parliament has blocked an agreement reached by the 27 EU national governments and the US last month to allow European citizens' personal financial data to be analysed by American authorities investigating the financing of terrorism. The vote was immediately criticised by supporters of the agreement, who claim that Parliament's veto impedes intelligence services tracking terrorist activities. A substantial majority of MEPs voted to block the EU's interim agreement on banking da... read more» | |
| | | |
|
| |
| | Cybercriminals Targeting Critical Infrastructure | |
| | (from SecurityProNews at 12-2-2010) | |
| | Critical infrastructure such as energy, pharmaceutical and government assets are more than twice as likely to be targeted by cybercriminals than other organizations, according to a new report by ScanSafe. ScanSafe found organizations that control the most valuable intellectual data are encountering malware at much greater rates than other verticals. The report highlighted the verticals most at risk: 1. Energy & Oil with a 356% greater rate of direct encounters with data theft trojans; 2.... read more» | |
| | | |
|
| |
| | UK government sponsors mobile phone safety tools | |
| | (from TechWorld at 12-2-2010) | |
| | The UK government is bringing three new mobile security technologies designed to safeguard stolen phones to next week's Mobile World Congress in hopes that manufacturers will show interest. The increasing use of mobile devices for email, banking applications and contactless payments puts users at increased risk of becoming fraud victims when phones go missing. In the UK, 228 mobile phones are reported stolen every hour.... read more» | |
| | | |
|
| |
| | Iranian Cyber Army strikes again… in China! | |
| | (from seadvd at 12-2-2010) | |
| | As reported by TheNextWeb in the wee small hours of the morning, the most popular search engine in China has just been hacked by the ‘Iranian Cyber Army’. This is the same group that brought down Twitter and an advocacy site supporting the Iranian presidential protesters. Comments on TheNextWeb suggest that the site (Baidu) wasn’t down for long. It was also the same kind of attack on Twitter: DNS cache poisoning. The data servers themselves weren’t exploited or backdoored — instead, the DNS e... read more» | |
| | | |
|
| |
| | 3rd Network and Information Security (NIS'10) Summer School, taking place in Crete, Greece, 13-17 September 2010 | |
| | (from nis-summer-school at 12-2-2010) | |
| | Dear colleagues, It is our pleasure to welcome you to the 3rd Network and Information Security (NIS'10) Summer School, taking place in Crete, Greece, 13-17 September 2010. This event is jointly organised by the European Network and Information Security Agency (ENISA) and the Institute of Computer Science of the Foundation for Research and Technology - Hellas (FORTH-ICS). The Summer School has a "special theme" and a fresh look each year, focusing on cutting-edge topics that guide the selec... read more» | |
| | | |
|
| |
| | Cloud computing: A Maneuvered Phrase ! | |
| | (from infosecisland at 12-2-2010) | |
| | Cloud computing has become a huge ‘buzz-phrase’ in last few years, but you’d be forgiven for not knowing what the term actually means indeed. Different people interpret “cloud computing” in different ways. That’s the dilemma because computing “in the cloud” may be important for you and your organization, but if it’s not clear what it actually means, how will you know? The chairman of the Cloud Summit Executive 2009 conference started the event by a witty comment that when he asked 20 people t... read more» | |
| | | |
|
| |
| | Govt warns of online Valentine's scams | |
| | (from BCS at 12-2-2010) | |
| | Internet users have been warned of the danger of online dating scams in the run-up to Valentine's Day. As part of Scams Awareness Month, the Office of Fair Trading (OFT) has warned lonely hearts of the practice, which sees scammers targeting dating websites by setting up fake profiles and sending malware links. More seriously, some will also try and gain people's trust through conversation and fake photographs, before giving a fake story to try and persuade users to part with cash.... read more» | |
| | | |
|
| |
| | Cyber ShockWave to Test Government Readiness | |
| | (from ITBusinessEdge at 12-2-2010) | |
| | The Bipartisan Policy Center plans to host a simulated cyber attack on the United States, reports Nextgov. The goal of Cyber ShockWave is to demonstrate how the government would respond in the event of a large-scale attack on the nation's computer systems and networks.... read more» | |
| | | |
|
| |
| | Annoying Vendor Emails | |
| | (from LiquidMatrix at 12-2-2010) | |
| | What David did at Black Hat in the summer of 2002 (and I was in the room for it) was show a proof of concept for what eventually became slammer more than 6 months later. The inference in the email was that he had released the worm. Not sure if that was intended but, that was my take away. This is not the way to win customers. Tell me why your product stands on its own two feet. If you want to sell your product don’t play the Coke vs Pepsi nonsense. And for all that’s good and holy…don’t tell ... read more» | |
| | | |
|
| |
| | Report: ID Fraud Grows At Record Pace | |
| | (from EWeek at 12-2-2010) | |
| | Despite widespread awareness of cybercrime and the resulting avalanche of electronic identity theft, the issue of people having their names and accounts hijacked online continues to spiral out of control. According to the latest version of the annual Identity Fraud Survey Report conducted by Javelin Strategy and Research -- which is based on interviews conducted with some 5,000 U.S. adults in late 2009, the number of ID theft victims in the U.S. jumped by 12 percent over the last year, a numb... read more» | |
| | | |
|
| |
| | Wowd: Searching The Darkness | |
| | (from Forbes at 12-2-2010) | |
| | Borislav Agapiev has $50,000 in computer hardware, 25 engineers in his native Serbia and a firm belief that millions of people will lend him their computers and privacy for the purpose of searching the Web. That's enough to take on Google. "Not only will we be very fresh, but we'll also be very high quality," says the founder of Wowd, a search company in Palo Alto, Calif. Unlike Google millions of computer processors performing the searches, with Wowd, explains Agapiev, "it's real people doin... read more» | |
| | | |
|
| |
| | DOJ: No Need for Warrant for Cell Location Information | |
| | (from CIO at 12-2-2010) | |
| | The U.S. Department of Justice will argue that it does not need to present a judge with probable cause of a crime to obtain mobile-phone tracking information in a hearing scheduled for Friday in Philadelphia. The DOJ will argue before the U.S. Court of Appeals for the Third Circuit that it does not need a court-ordered warrant to obtain cell site location information from mobile phone carriers, in an appeal of a magistrate judge's ruling against the agency's effort to get its hands on mobile ... read more» | |
| | | |
|
| |
| | Google Buzz attracts privacy concerns | |
| | (from TechWorld at 12-2-2010) | |
| | One day after its launch, privacy concerns have been raised about Google's new Gmail-based social networking tool, Buzz.At issue is a feature that compiles a list of the Gmail contacts who users most frequently email or chat with. Buzz automatically starts following these people and makes the list public, meaning strangers can see who Buzz users have been in contact with. The issue was noted by the Silicon Alley Insider. "Imagine... a wife discovering that her husband emails and chats with an... read more» | |
| | | |
|
| |
| | Employee Misuse of Computer Access Ruled Not a Crime | |
| | (from Law Technology News at 12-2-2010) | |
| | Using a password-accessed workplace computer in violation of company rules or policies may get you disciplined, but it's not enough to be prosecuted in New Jersey, says a Mercer County judge in a published case of first impression. Superior Court Judge Mitchel Ostrer threw out an indictment against Princeton Borough police sergeant Kenneth Riley, for viewing a digitally stored video of a January 2008 motor vehicle stop by other officers in his department.... read more» | |
| | | |
|
| |
| | Shell employees' details leaked to environmental campaigners | |
| | (from Financial Times at 12-2-2010) | |
| | Contact details for 176,000 employees and contractors of Royal Dutch Shell have been sent to environmental and human rights campaign groups, ostensibly by disaffected staff calling for a "peaceful corporate revolution" at the company. The database, from Shell's internal directory, gives names and telephone numbers for all the company's workforce worldwide, including some home numbers used for business. It was e-mailed with a 170-page covering note, explaining that it was being circulated by "... read more» | |
| | | |
|
| |
| | Symantec website exposes World Cup scams | |
| | (from IDG at 12-2-2010) | |
| | Symantec has unveiled a dedicated website aimed to inform web users about scams targeting this year's football World Cup in South Africa. The security vendor revealed that hackers are likely to exploit fans interested in not only searching for news about the tournament, but also those desperate to secure tickets to the matches.... read more» | |
| | | |
|
| |
| | Goldman Sachs faces 'Robin Hood tax' vote-rigging claims | |
| | (from Telegraph at 12-2-2010) | |
| | The Robin Hood Tax campaign alleged that a Goldman computer was one of two computers that allegedly “spammed” the internet poll with more than 4,600 “no” votes in less than 20 minutes on Thursday. Technical staff for the Robinhoodtax.org.uk website said the “no” counter increased at a “dramatic rate” from 3.41pm. The number of “no” votes jumped from 1,400 to 6,000 before campaigners – who are calling for the introduction of 0.05pc tax on banking transactions – tightened the site’s security.... read more» | |
| | | |
|
| |
| | Massive cyber attack against US due on Tuesday | |
| | (from v3 at 12-2-2010) | |
| | The US is to come under massive cyber attack on Tuesday as part of a war-game to test the ability of the national infrastructure to cope. The exercise, dubbed Cyber Shockwave, will involve a massive simulated attack against the US national infrastructure systems of both government and business. The attack is being run by the Bipartisan Policy Center’s National Security Preparedness Group.... read more» | |
| | | |
|
| |
| | Can computers really make you happy? | |
| | (from The New Zealand Herald at 12-2-2010) | |
| | In sci-fi films, when anyone gives a computer emotions, it all goes horribly wrong. The computer becomes vain, doubtful and irrational and Armageddon by wayward technology is only narrowly avoided. Yet machines that can recognise our emotions and respond to them are a hot new area in computer design.... read more» | |
| | | |
|
| |
| | Climate e-mail inquiry member resigns over his defence of researchers | |
| | (from Times Online at 12-2-2010) | |
| | A member of the panel set up to investigate claims that climate change scientists covered up flawed data was forced to resign last night, just hours after the inquiry began. Philip Campbell stood down after it was disclosed that he had given an interview in which he defended the conduct of researchers at the University of East Anglia’s Climatic Research Unit (CRU), insisting that they had done nothing wrong. He said in a statement that he was stepping down to ensure that the ability of the re... read more» | |
| | | |
|
| |
| | Fresh wave of cyber attacks hits India | |
| | (from Tribune India at 12-2-2010) | |
| | Computer networks at sensitive establishments have experienced a second wave of cyber attacks from foreign-based hackers. Sources in the intelligence reveal that fresh attacks began on January 28 and about 25 computers were targeted. Computers used by individuals associated with the National Security Council (NSC) Secretariat and the National Security Advisory Board (NSAB) were the target of the new attacks, according to sources at the National Technical Research Organisation (NTRO).... read more» | |
| | | |
|
| |
| | Critical Infrastructure encounters the most web malware, report | |
| | (from scmagazineus at 12-2-2010) | |
| | Critical infrastructure organizations, such as those in the energy, oil, pharmaceutical and chemical sectors, encountered at least twice as much web malware as other organizations during 2009, according to web security firm ScanSafe. More than any other verticals, the energy and oil sectors were pummeled with the greatest amount of data-theft trojans last year, according to ScanSafe's "Annual Global Threat Report 2009," released Thursday. Energy and oil companies experienced a 356 percent hig... read more» | |
| | | |
|
| |
| | Black Hat Webcast Series - Exploiting Lawful Intercept to Wiretap the Internet | |
| | (from GoToMeeting at 12-2-2010) | |
| | Many governments require telecommunications companies to provide interfaces that law enforcement can use to monitor their customer's communications. If these interfaces are poorly designed, implemented, or managed they can provide a backdoor for attackers to perform surveillance without lawful authorization. Most lawful intercept technology is proprietary and difficult to peer review. Fortunately, Cisco has published the core architecture of its lawful intercept technology in an Internet Draft a... read more» | |
| | | |
|
| |
| | 'Unhackable' Infineon Chip Physically Cracked | |
| | (from Yahoo News at 12-2-2010) | |
| | Former U.S. military security specialist Christopher Tarnovsky found a weakness in Infineon's SLE66 CL PE and presented the results of his hack at the Black Hat 2010 computer security conference. The Infineon chip is used in PCs, satellite TV hardware, and gaming consoles to protect secure data. Tarnovsky, who works for security firm Flylogic, said that cracking the Infineon chip, which has a Trusted Platform Module (TPM) designation, was a long process involving an electronic microscope (wh... read more» | |
| | | |
|
| |
| | Why Data Breaches Can Go Unnoticed by Their Victims | |
| | (from EWeek at 12-2-2010) | |
| | An analysis of data breaches by Trustwave found just 9 percent were uncovered internally by the companies that were breached. The report mirrors other studies and underscores the importance of having visibility into your IT environment as well as being able to correlate disparate events on a network.... read more» | |
| | | |
|
| |
| | Social networking sites slack on secreting kids' details | |
| | (from The Register at 12-2-2010) | |
| | More than half of social networking sites assessed by the European Commission fail to hide the personal details of under-18s by default, the EU body has warned. It said that 50 per cent of teenagers display personal information on the internet. The Commission analysed the policies of 22 social networking sites in a study aimed at finding out how well-protected under-18s were when using them as part of a campaign to urge young people to protect their information online.... read more» | |
| | | |
|
| |
| | Valentine's warning: scammers target love-seeking victims online | |
| | (from The Sydney Morning Herald at 12-2-2010) | |
| | First they go after your heart, then they go after your wallet. Online dating scams are on the rise, with 30 per cent more reports last year, according to figures released today by the Australian Competition and Consumer Commission (ACCC). In a pre-Valentine's Day warning, ACCC acting chairman Peter Kell said scammers often created fake dating profiles and lured in their victims with false promises, often in exchange for large sums of money. Mr Kell said this type of "advance fee fraud" was b... read more» | |
| | | |
|
| |
| | 14% of top search results 'lead to malware' | |
| | (from Which at 12-2-2010) | |
| | Online searches for news trends and buzzwords are exposing Web users to malware risks, according to research by Websense Security Labs. The research found that 14% of all Web searches for new buzzwords resulted in web sites that are loaded with malware – software including trojans and viruses designed to harm your PC.... read more» | |
| | | |
|
| |
| | US judges leave definition of obscenity to Amish, Kansas | |
| | (from The Register at 12-2-2010) | |
| | United States judges are squaring up for an almighty battle over the proper standards to apply to internet published material. The final verdict will determine whether the US eventually falls back into a new era of prohibition – this time for porn – or whether those living in more openly liberal states will be able to access material without being subject to the moral judgments of the most reactionary communities.... read more» | |
| | | |
|
| |
| | Equifax tax forms expose worker Social Security numbers | |
| | (from CNet at 12-2-2010) | |
| | An unknown number of current and former employees of credit reporting firm Equifax received W-2 forms in the mail with their Social Security numbers visible through a window on the envelope, CNET has learned. Equifax became aware of the problem on January 19 and informed employees in a letter dated January 27, according to a copy of the letter obtained by CNET. Specifically, some of the tax forms mailed by Equifax's payroll vendor through the U.S. Postal Service had the Social Security number... read more» | |
| | | |
|
| |
| | Iran accused of blocking opposition communications | |
| | (from BBC at 12-2-2010) | |
| | The US has accused Iran of seeking a "near-total information blockade" to silence anti-government protesters. The allegations came after opposition supporters clashed with security forces as Iran marked the anniversary of the 1979 revolution. The US government said it had information that the telephone network was taken down, SMS messages blocked, and internet communication "throttled". China and Burma have also been accused of blocking internet communication. Analysts say some governments ma... read more» | |
| | | |
|
| |
| | MEPs condemn Nokia Siemens 'surveillance tech' in Iran | |
| | (from BBC at 12-2-2010) | |
| | Euro MPs have "strongly" criticised telecoms firm Nokia Siemens Networks for providing "surveillance technology" to the Iranian authorities. In a resolution adopted on Wednesday, the MEPs said the hardware was instrumental in the "persecution and arrests of Iranian dissidents". But Nokia Siemens said that the implication that it had provided censorship technology was "wrong" . "We will be clarifying any inaccuracy in their understanding of our business in Iran with the European Parliament," B... read more» | |
| | | |
|
| |
| | Cybersecurity stocks look hot in 2010 | |
| | (from USA Today at 12-2-2010) | |
| | Companies and governments already had been paying closer heed. Worldwide spending on tech security rose 6% to $26 billion in 2009, and is expected to grow 9% to $28.3 billion this year, says market researcher IDC. That contrasts with information-technology spending as a whole, which declined 4.5% in 2009 and may rise 3%, to $1.5 trillion, in 2010, IDC says. Security firms have already benefited. McAfee shares closed Wednesday at $38.18, up 23.8% from its Feb. 3, 2009, closing price. Over the ... read more» | |
| | | |
|
| |
| | Cybersecurity Is A Worldwide Imperative | |
| | (from The Bulletin at 12-2-2010) | |
| | Secretary of State Hillary Clinton will raise the issue of Google’s ongoing battles in China in a broad policy address in Washington on Internet freedom. The main focus of the speech will be to let America’s policies for supporting and enabling unrestricted Internet access to people worldwide be known. The FBI’s Internet Crime Complaint Center (ICCC) issued a warning on fake software admonishing Web surfers to be wary of pop-up windows warning of security problems on their computer. They est... read more» | |
| | | |
|
| |
| | 'Political hacktivism' surged in 2009, says report | |
| | (from Network World at 12-2-2010) | |
| | According to the security vendor's '2009 Q4 Threats Report', the US is no longer the sole target of 'political hacktivism' and nor is China the sole origin for these types of attacks. McAfee pointed to recent political attacks targeting the Polish government, the Copenhagen Climate Conference and Latvia's Independence Day, and even the UK, the company said, highlighting an attack University of East Anglia's web servers, which with allegedly hacked by Russian freelance hackers, hired by clima... read more» | |
| | | |
|
| |
| | Enterprise Risks: How Does Your Business Respond to the New Reality? | |
| | (from americanbanker at 11-2-2010) | |
| | The risk your firm accepts should be the result of your business strategy not because of an accident waiting to happen. Information based decisions require transparency and speed. The current state of siloed incompatible data in financial services is a barrier to the goal of good decision-making. The current climate of uncertainty around compliance and regulatory rules is not an excuse to wait and see what will happen. We can help you to get a handle on your data and deliver it in a meanin... read more» | |
| | | |
|
| |
| | US identity theft continues to rise - Javelin | |
| | (from Finextra at 11-2-2010) | |
| | The survey of 5000 US adults - sponsored by Wells Fargo, the Identity Theft Assistance Center, Fiserv and Intersections - shows the second consecutive rise in ID theft, leaving it at its highest rate since the report's first outing in 2003. The number of fraudulent new credit card accounts increased to 39% of all identity fraud victims, up from 33% in 2008. New online accounts opened fraudulently more than doubled over the previous year, and the number of new e-mail payment accounts increased... read more» | |
| | | |
|
| |
| | Federal Government builds secret database to fight cyber-terrorism | |
| | (from ComputerWorld at 11-2-2010) | |
| | Australia's biggest banks, telcos, and utilities have handed sensitive data to government for the protection of critical infrastructure (CI) against terrorism and natural disasters. The rare move, which began in 2009, makes the country one of a few in the world with a centralised national critical infrastructure protection model. The Critical Infrastructure Protection Modeling and Assessment (CIPMA) program was launched in 2007 and received a $23.4 million funding boost to 2012 in last yea... read more» | |
| | | |
|
| |
| | Online Robbery: Hackers Steal $50,000. Bank Says ‘Tough Luck’ | |
| | (from moneywatch at 11-2-2010) | |
| | It’s every technophobe’s nightmare, but this time its true. Some $50,000 was stolen from Fan Bao’s online bank account by Croatian computer hackers and the bank told him that the loss is not their problem. Could it happen to you? Here’s the back story to help fill in who is at risk. Seven years ago, Fan Bao opened a checking account at Bank of America to facilitate his small import-export business called ZICO USA. When he needed to wire money, he or his wife, Cathy Huang, would walk a few ... read more» | |
| | | |
|
| |
| | Google Buzz Privacy Concerns Similar to Facebook Issues | |
| | (from EWeek at 11-2-2010) | |
| | Google's entry into the social networking space will face similar privacy challenges as Facebook and other social networking sites. Here are some facts about Buzz privacy for users to keep in mind. Social networking brings with it its own set of privacy and security challenges. With Google making its own foray into the space with the launch of Google Buzz, security experts say users will have to find the right balance between privacy and openness. Like Facebook, Buzz allows users to post u... read more» | |
| | | |
|
| |
| | 2010 World Cup cybercrime site set up | |
| | (from Webuser at 11-2-2010) | |
| | Security firm Symantec has set up a website to help football fans looking for information about the 2010 World Cup stay safe online. A new website is aiming to keep anyone looking for tickets or information about the 2010 World Cup safe from cybercriminals. The site, www.2010netthreat.com, has been set up by security firm Symantec to provide data, commentary, safety tips and useful links for football fans following the 2010 World Cup tournament.... read more» | |
| | | |
|
| |
| | Red Condor Warns of Trending Phishing Campaign | |
| | (from NewsFactor at 11-2-2010) | |
| | Old is new again for scammers as spam emails targeting attorneys are once again on the rise. Email security experts at Red Condor have issued a warning for trending phishing attacks requesting legal representation to help in the "collection of delinquent accounts." The majority of the messages with subject lines, including "Attn: Legal Counsel," "Dear Attorney," and "Legal Assistance," appear to come from legitimate corporations from the Asia-Pacific region such as Nabtesco Corporation, Nippon S... read more» | |
| | | |
|
| |
| | Europe's national security system 'years out of date' | |
| | (from v3 at 11-2-2010) | |
| | The technology underpinning a Europe-wide government database used for national security and border control is years out of date, with sweeping plans to overhaul the system in danger of being shelved if the delays continue. Updates to the system, overseen by the European Commission (EC), have been stalled by technical setbacks, much to the frustration of the EU Parliament and Council.... read more» | |
| | | |
|
| |
| | Healthcare Data Exposed In California Security Breach | |
| | (from DarkReading at 11-2-2010) | |
| | A labeling blunder has exposed the private data of nearly 50,000 of California's most vulnerable healthcare recipients. Their Social Security numbers were printed on address labels used in a mass mailing, state officials said. The California Department of Health Care Services notified its beneficiaries of the security breach within several days of the Feb. 1 mailing. Many of the those affected are blind, have Alzheimer's disease, or suffer some other cognitive disabilities, the Los Angeles Ti... read more» | |
| | | |
|
| |
| | Operation Aurora malware investigated | |
| | (from Net-Security at 11-2-2010) | |
| | Operation Aurora has become a name that is instantly recognized by everyone involved in cyber security. Speculation still abounds regarding the people and/or nation behind it, but what is certain is that the primary intent behind it is the theft of intellectual property. According to a HBGary report, all these attacks on different companies have in common the means of execution: a flaw in the Internet Explorer browser was exploited to insert malware which drops a backdoor program in the targe... read more» | |
| | | |
|
| |
| | Early-adopter criminals embrace cloud computing | |
| | (from ZDNet at 11-2-2010) | |
| | Executives unsure of the viability of cloud computing need look no further than the criminal fraternity for a ringing endorsement of the technology, according to a security expert. Cloud computing has been enthusiastically taken up by criminals for a range of activities, Rik Ferguson, senior security adviser at security firm Trend Micro, told delegates at a Westminster eForum on Wednesday. "One of the things that persuades me personally that the cloud is absolutely a viable model and has l... read more» | |
| | | |
|
| |
| | Iranian Government Bans Gmail | |
| | (from Mashable at 11-2-2010) | |
| | As the Iranian authorities attempt to stifle tomorrow’s protests surrounding the anniversary of the Iranian revolution, they are going one step further: Iran is permanently suspending access to Google’s Gmail. Earlier this week, we wrote about failing Internet connections in Iran. The timing of these problems has been met with suspicion: February 11 (tomorrow) marks the anniversary of the Iranian revolution and gatherings are already being planned to protest against June’s alleged election fr... read more» | |
| | | |
|
| |
| | Google cyber attacks a 'wake-up' call for U.S., intel chief says | |
| | (from WTOL at 11-2-2010) | |
| | The computerized critical infrastructure of the US is "severely threatened" by malicious cyberattacks now occurring on an "unprecedented scale with extraordinary sophistication." That's the headline Dennis Blair, director of national intelligence, offered the Senate Select Committee on Intelligence last week. But it was the largely unreported details he unpacked that could provide the wake-up call for government and private industry, whose computer networks he says are now under persistent an... read more» | |
| | | |
|
| |
| | Hide tracks on workplace computers | |
| | (from myfoxorlando at 11-2-2010) | |
| | There's no getting around it. Your boss can legally dictate what you can and can't do on the company computer. Many offices have policies that limit what you can do (if anything) online. Two tech gurus have agreed to dish the dirt on going behind your company's back. Andrew von Ramin Mapp is a computer forensics superguru who owns Data Analyzers in Orlando. Douglas Chick is a best selling author and network administrator for a large company.... read more» | |
| | | |
|
| |
| | ICANN and its Responsibilities to the Global Public Interest | |
| | (from circleID at 11-2-2010) | |
| | In 1998, the United States government might have taken a different path in asserting its control over the technical administration of the DNS. It might have asserted full U.S. governmental control, or it might have turned over the functions to an international body such as the International Telecommunications Union. Instead, it created a “private‐public partnership”, incorporated as a California “nonprofit public benefit corporation”, with a charter giving the company a dual mission o... read more» | |
| | | |
|
| |
| | Griffin Trailer Released | |
| | (from starwreck at 11-2-2010) | |
| | Trailer for the Wreckamovie developed cybercrime series Griffin has been released. The trailer was lauched at F-Secure’s SPECIES conference in Vienna and F-Secure is also supporting the Griffin series by giving its insight into the fight against cybercrime. Good hacker films are still hard to come by. Hollywood makes some lovingly crafted films about gamblers and conmen, but if the con uses computers they usually freak out and decide it absolutely can not be interesting unless they put in exp... read more» | |
| | | |
|
| |
| | Real life Mafia Wars: Spy Eye tool kit goes after Zeus botnet | |
| | (from SunbeltBlog at 11-2-2010) | |
| | Peter Coogan at Symantec put up a very interesting blog post yesterday about a crimeware kit called SpyEye v1.0.7 (on sale now on Russian sites -- $500) that has a module that will kill a Zeus bot infection on a victim’s computer so the bot created by SpyEye can take it over. In September, Computer Weekly reported the Swedish telco Telia Sonera shut down the Internet connections of Latvian company Real Host after it was linked to the Zeus botnet. At the time, researchers said they believed Re... read more» | |
| | | |
|
| |
| | New SpyEye toolkit targets Zeus botnet | |
| | (from the tech herald at 11-2-2010) | |
| | There is a new toolkit being passed around, and one of its selling points is that it can take out the Zeus botnet. The toolkit itself seeks to create a botnet of its own, and the developer has no issued with killing the competition. Selling at a cutthroat price of $500.00 USD, the SpyEye toolkit offers many of the features that Zeus has, but also adds the ability for the criminals to kill Zeus entirely if discovered on an infected system. It comes with a decent set of features, which mirror ... read more» | |
| | | |
|
| |
| | Malware toolkits - what they can do to the average Internet user | |
| | (from the tech herald at 11-2-2010) | |
| | Recently, a new tool has started to get some attention on IRC and a few forums. Called SpyEye, this new toolkit is looking to take over the botnet world, and even singles out the Zeus botnet in its design. Here is a breakdown of the tool itself, and a high-level explanation on how it would affect a normal Internet user. Tools of the trade: Online, toolkits are a collection of code. However, as is the way of things on the Internet, even the most harmless of terms can be perverted. To a crim... read more» | |
| | | |
|
| |
| | Government shuts down GP appraisal website over hacker fears | |
| | (from pulsetoday at 11-2-2010) | |
| | The GPC has warned that a 'large number' of GPs face 'real disruption' after the Government's NHS Appraisal Toolkit website was taken offline due to fears it is vulnerable to hackers. The site, a key resource for GPs in helping them to complete appraisals, has been withdrawn for three weeks after a routine security check revealed that the system was not ‘sufficiently robust to withstand modern-day hacking’. The Government insisted that there was ‘no evidence of any breach of security’, but... read more» | |
| | | |
|
| |
| | Fortinet: Malicious code hits record-high in Jan | |
| | (from ZDNet Asia at 11-2-2010) | |
| | Its distinct malware volume soared to over 9,000 last month, more than twice that in December, the company said in a statement Wednesday. Headquartered in Sunnyvale, Calif., Fortinet collects data from its FortiGate network security appliances and intelligence systems located globally, and compiles monthly threat statistics from the data. Topping the charts were variants of Bredolab, accounting for more than 40 percent of all malware activity. The Bredolab downloader program, which has assume... read more» | |
| | | |
|
| |
| | China Shut Down Biggest Hacker Training Site | |
| | (from yolasite at 11-2-2010) | |
| | What is believed to be the country's biggest hacker training site has been shut down by police in Central China's Hubei province. Three people were also arrested, local media reported yesterday. The three, who ran Black Hawk Safety Net, are suspected of offering others online attacking programs and software, a crime recently added to the Criminal Law. A total of 1.7 million yuan ($249,000) in assets were also frozen.... read more» | |
| | | |
|
| |
| | Jester Unveils XerXeS Automated DoS Attack | |
| | (from infosecisland at 11-2-2010) | |
| | Anti-jihadi hacker The Jester (th3j35t3r), continues his campaign against militant Islamic websites, and now reveals the development of an automated version of his DoS attack, which he calls the XerXeS project. While most of the conversations concerning Jester are regarding the ethics and lawlessness of his crusade, no one has addressed the fact that The Jester has developed an attack technique that could be employed against our own critical systems.... read more» | |
| | | |
|
| |
| | Head of UEA inquiry to outline scope of review into hacked climate emails | |
| | (from Guardian at 11-2-2010) | |
| | The senior civil servant conducting the inquiry into the fallout from the climate science emails stolen from the University of East Anglia will today set out the inquiry's remit. Sir Muir Russell was appointed by the university on 3 December to investigate allegations based on the contents of the emails. Many commentators had hoped that his inquiry would be completed quickly to draw a line under the affair and are dismayed that it has taken two months to formally begin.... read more» | |
| | | |
|
| |
| | China Looks to Increase Capacity for Cyber War | |
| | (from infowar-monitor at 11-2-2010) | |
| | The Chinese Communist Party is devoting an unprecedented level of resources to growing China’s cyber war capabilities, according to an article in Asian Times. The issue of cyber war and cyberspace espionage is featured heavily in the drafts of the 12th Five Year Plan, which is being drafted by the government and the People’s Liberation Army (PLA).... read more» | |
| | | |
|
| |
| | Old hacks never die, they just attack new systems | |
| | (from Government Computer News at 11-2-2010) | |
| | As the world becomes increasingly dependent on information technology and digital communications, persistent vulnerabilities — some of which have been known for 50 years — continue to expose the world’s networks and applications to attacks. “In 2009, the most notable trend is the continued use of existing attack techniques despite the security industry’s awareness of these vulnerabilities,” concluded a Global Security Report that Trustwave released at the Black Hat Federal Briefings in Washin... read more» | |
| | | |
|
| |
| | Iran Shuts Down Gmail, Announces National E-Mail Service | |
| | (from Fox News at 11-2-2010) | |
| | Iran's telecommunications agency announced Wednesday that it has permanently suspended Google's e-mail services and that a national e-mail service for Iranians will be rolled out soon. It is not clear what effect the order has had on gmail in Iran. Google says in a statement, "We have heard from users in Iran that they are having trouble accessing Gmail. We can confirm a sharp drop in traffic, and we have looked at our own networks and found that they are working properly.... read more» | |
| | | |
|
| |
| | Games sure to bring gold-medal hackers to town, expert warns | |
| | (from vancouversun at 11-2-2010) | |
| | While you're enjoying the Olympics a cyber thief could be plundering your BlackBerry or smartphone thanks to that new Bluetooth headset you just bought to comply with B.C.'s new hands-free driving laws. And if you're a police officer, a politician or a government agent carrying sensitive security information, the thief could be a terrorist intent on industrial or political espionage.... read more» | |
| | | |
|
| |
| | No Hacker Left Behind | |
| | (from Forbes at 11-2-2010) | |
| | Invite a few ubergeeks over to play a friendly war game, and you can bet the winner will be the one who most creatively breaks the rules. Last July, during the inaugural round of the online cybersecurity simulation game NetWars, 75 contestants vied to hack into and control the game's 12 servers, planting their user names on the conquered computers to declare their territory. But one contestant, known as SevenM7, had other ideas. Instead of focusing on the game's targets, he hijacked NetWars' sco... read more» | |
| | | |
|
| |
| | Privacy group swats Google Buzz | |
| | (from Computer World at 11-2-2010) | |
| | Google Buzz has come under heavy criticism from the Australian Privacy Foundation, which believes the new social networking tool has major privacy flaws. Speaking to Computerworld AustraliaAPF chair, Dr Robert Clarke, said the automatic roll out of the tool to Gmail users, and its automatic addition of followers based on email usage, was of concern.... read more» | |
| | | |
|
| |
| | Gmail blocked in Iran ahead of protests? | |
| | (from CNet at 11-2-2010) | |
| | Gmail appeared to be unavailable to some users in Iran on Wednesday, possibly as part of a government crackdown designed to suppress anti-regime demonstrations scheduled for Thursday. Meanwhile, The Wall Street Journal reported Wednesday that the Iranian government said it would shut down Gmail and replace it with a national e-mail system. CNN reported that government officials were believed responsible for blocked text messages and sluggish Internet speeds in Tehran for days.... read more» | |
| | | |
|
| |
| | Cloud computing will cause three IT revolutions | |
| | (from mis-asia at 11-2-2010) | |
| | Every revolution results in winners and losers -- after the dust settles. During the revolution, chaos occurs as people attempt to discern if this is the real thing or just a minor rebellion. When it comes to cloud computing, we should expect to see the same dynamic play out. Over the next two to five years, expect to see enormous conflict about the technical pros and cons of cloud computing that will, at bottom, be motivated by the perception on the part of the participants as to whether clo... read more» | |
| | | |
|
| |
| | Chinese artist-dissident lauds Google plan to stop censoring | |
| | (from mis-asia at 11-2-2010) | |
| | A well-known Chinese artist and activist voiced strong support late Tuesday for Google's plan to stop censoring results on its China-based search engine. Ai Weiwei, who wrote an opinion piece for The Wall Street Journal, gave Google the most visible support it has received for the plan from an individual Chinese activist. The outspoken Ai also said two of his Gmail accounts were hijacked late last year. Results are still being censored on Google's China search engine and the company has said ... read more» | |
| | | |
|
| |
| | Google issues warning to Chinese knock-off | |
| | (from The Sydney Morning Herald at 11-2-2010) | |
| | Google has sent a cease-and-desist letter to the operators of a Chinese search website whose logo bears a close resemblance to its own. Goojje's home page is adorned with a Google-styled logo and the familiar paw print logo of China's top home-grown search engine, Baidu. The website's name is a play on words with the final syllable "jje" sounding like the Chinese word "older sister", while the "gle" syllable of "Google" is pronounced like the Chinese word for "older brother".... read more» | |
| | | |
|
| |
| | Google baulks at Conroy's call to censor YouTube | |
| | (from The Age - Australia at 11-2-2010) | |
| | Google says it will not "voluntarily" comply with the government's request that it censor YouTube videos in accordance with broad "refused classification" (RC) content rules. Communications Minister Stephen Conroy referred to Google's censorship on behalf of the Chinese and Thai governments in making his case for the company to impose censorship locally. Google warns this would lead to the removal of many politically controversial, but harmless, YouTube clips.... read more» | |
| | | |
|
| |
| | Leading Indian IT Provider Has Its Domain Name Hijacked | |
| | (from Softpedia at 11-2-2010) | |
| | Unidentified hackers were able to hijack the domain name of Tata Consultancy Services (TCS), the largest IT and outsourcing provider in India. The DNS servers were apparently altered in order to redirect the domain to a different server. The attack happened last Sunday, when www.tcs.com displayed a message reading, "This domain name is for sale. Please contact us for further informations [sic.]." The contact e-mail address left by the attacker was abed_uk@hotmail.com and the message was repea... read more» | |
| | | |
|
| |
| | 25% think retailers should be responsible for web security | |
| | (from NetworkWorld at 11-2-2010) | |
| | A quarter of Brits think retailers should be responsible for making online shopping safer, says CyberSource. Research by the payment management company revealed that only 12 percent of web users think they are responsible when it comes to staying safe online, while 16 percent think the responsibility lies with banks and 12 percent singled out ISPs.... read more» | |
| | | |
|
| |
| | Identity fraud climbed 12% last year | |
| | (from NetworkWorld at 11-2-2010) | |
| | Identity fraud hit more victims last year, increasing 12% to an estimated 11.1 million adults in the United States, according to new data. The total cost of identity fraud reached $54 billion, according to the "2010 Identity Fraud Survey Report" published Tuesday by Javelin Strategy & Research. Each case cost an average of $4,841, though some totaled $50,000 or more. Victims were generally protected from fraudulent payment card charges because of existing zero-liability laws and policies by ... read more» | |
| | | |
|
| |
| | This Month in the Threat Webscape - Month of January 2010 | |
| | (from Websense Security Labs at 11-2-2010) | |
| | The major drive-by attack that compromised global technology behemoth Google raised further awareness that one can get infected by merely surfing Web. Blackhat SEO campaigns were a record high this month, with scammers capitalizing on hot topics like Haiti's earthquake, the release of Avatar, and the release of the Apple iPad. We know for sure that on the Web, where the eyeballs go, a malicious trail will sure to follow.... read more» | |
| | | |
|
| |
| | Spam and the Changing Business Model of Cyber Crime | |
| | (from secureworks at 11-2-2010) | |
| | In the past couple of months, the Freakonomics blog asked why there has been such a downturn in the familiar Viagra and Nigerian prince Spam. The author attributed this to the cost of spamming not being worth the rates of return anymore. Most commentators pointed to better spam filtering software. While it does seem that anti-spam filtering has improved, there might be more to the reasons of the observed downturn. There are noted temporary declines whenever some of the bad guys’ ISPs get take... read more» | |
| | | |
|
| |
| | Kaspersky defends false detection experiment | |
| | (from The Register at 11-2-2010) | |
| | Kaspersky Lab has defended its handling of a controversial experiment criticised by some as a marketing exercise of questionable technical value. The Russian anti-virus firm created 20 innocent executable files, adding fake malware detections for ten of the sample, before uploading the files to online online malware scanning service VirusTotal. VirusTotal routinely distributes samples of suspect files submitted to the service, which provides a useful tool for security pros to identify malware... read more» | |
| | | |
|
| |
| | YouTube saves dumb children from offensive content | |
| | (from The Register at 11-2-2010) | |
| | YouTube has announced an optional feature designed to protect your dumb and impressionable kids from viewing sexual content, graphic violence, and salty comments on the website. The new "Safety Mode" setting helps scour potentially objectionable content from YouTube that might not be nixed under its community guidelines, such as war coverage or a newsworthy video that contains violence.... read more» | |
| | | |
|
| |
| | NHS appraisal toolkit yanked offline | |
| | (from The Register at 11-2-2010) | |
| | The UK's Department of Health has taken the highly unusual step of suddenly taking a doctors' appraisal website offline for three weeks over concerns it was vulnerable to hacking attacks. The NHS Appraisal Toolkit was taken down on Tuesday (9 February) and is not expected to return until 3 March. The site provides an online database that allowed NHS doctors to prepare for their annual appraisals. The database therefore contains confidential information about all GPs' performance, along with a... read more» | |
| | | |
|
| |
| | Google Buzz criticised for disclosing Gmail contacts | |
| | (from Computer World at 11-2-2010) | |
| | One day after its launch, privacy concerns have been raised about Google's new Gmail-based social-networking tool, Buzz. At issue is a feature that compiles a list of the Gmail contacts who users most frequently email or chat with. Buzz automatically starts following these people and makes the list public, meaning strangers can see who Buzz users have been in contact with.There are some mitigating factors, however. Buzz only shares information about other people who are using Buzz and have s... read more» | |
| | | |
|
| |
| | Government calls for action on mobile phone crime | |
| | (from BBC at 11-2-2010) | |
| | The government has called on the mobile phone industry to do more to protect handset owners against theft. Alan Campbell, Minister for Crime Prevention, said firms "have a social and a corporate responsibility to tackle crime". Around 2% of British mobile phone users report they have suffered a theft in the last year, although for teenagers the figure is three times higher. Mr Campbell said it was also an opportunity for innovation. "First this is a great opportunity - this is new technology ... read more» | |
| | | |
|
| |
| | Safer Internet Day highlights online threats | |
| | (from v3 at 11-2-2010) | |
| | The theme of this year's event is 'Think B4 U Post' and is mainly targeted at the online threats facing young people, but Phil D'Angio, online security expert at VeriSign, warned that all web users are potentially at risk. "Most people have their name and date of birth on social networking sites like Facebook. Many also post their mobile phone numbers and email addresses," he said.... read more» | |
| | | |
|
| |
| | Call for Volunteers BruCON 2010 | |
| | (from brucon at 10-2-2010) | |
| | As things are starting to pick up for the 2010 edition, it's time to get all the teams organized. As BruCON is a not-for-profit and fun event for the community, we need volunteers to support it. The purpose of this meeting is to discuss the organization of the different teams and to see who wants to take the lead in some of the teams. Everybody is welcome but we will try to work in a different way meeting-wise compared to next year.. We welcome all feedback to the event, even if you are no... read more» | |
| | | |
|
| |
| | Identity fraud climbed 12% last year | |
| | (from IT World at 10-2-2010) | |
| | Identity fraud hit more victims last year, increasing 12% to an estimated 11.1 million adults in the United States, according to new data. America's 10 most wanted Botnets The total cost of identity fraud reached $54 billion, according to the "2010 Identity Fraud Survey Report" published Tuesday by Javelin Strategy & Research. Each case cost an average of $4,841, though some totaled $50,000 or more. Victims were generally protected from fraudulent payment card charges because of existing z... read more» | |
| | | |
|
| |
| | Hijacked IDs are fuelling spending sprees | |
| | (from IOL at 10-2-2010) | |
| | Identity theft has increased phenomenally in South Africa, reaching such a level that a major retailer is thinking about installing photo-recognition or fingerprint scanners in its stores. Johan Kok, chief operating officer of JD Group, said identity theft had become much more sophisticated in the past five years. Their group is part of the South African fraud-prevention service, and they see between five and six million cases of fraud a month.... read more» | |
| | | |
|
| |
| | US developing extreme digital forensic wizard | |
| | (from NetworkWorld at 10-2-2010) | |
| | Can anything you create digitally - software code, e-mail or documents - be traced back to you like so much DNA from a crime scene? Research scientists at the Defense Advanced Research Projects Agency (DARPA) seem to think so as they announced this week the $43 million Cyber Genome Program it hopes will develop technologies that will help law enforcement types collect, analyze and identify all manner of digital artifacts. The objective of the four-year program is to produce revolutionary cy... read more» | |
| | | |
|
| |
| | Internet urgently needs more regulations, speaker says | |
| | (from dailyfreepress at 10-2-2010) | |
| | The Internet poses a greater threat than ever due to lack of content regulation and an increasing number of hackers, speakers said at Harvard University on Monday. Internet security expert and author Cliff Stoll and Harvard Law School professor Jonathan Zittrain spoke about the growing risks in Internet security to an audience of about 30 people. In the early days of the Internet, the web was a safe haven for information and research resources, but as the years passed, security issues have... read more» | |
| | | |
|
| |
| | The Rise of Caller ID Spoofing | |
| | (from The Wall Street Journal at 10-2-2010) | |
| | Applications that let users change or “spoof” their Caller ID are gaining in popularity in mobile phone app stores, even as Congress considers stalled legislation to outlaw particular uses of the technology, and criminals use it to engage in nefarious activity. Caller ID spoofing technology allows a user to change the caller ID to show any desired number on a recipients caller ID display. There are currently a handful of companies that offer this service including SpoofCard (and it’s mobile a... read more» | |
| | | |
|
| |
| | Reports: SQL injection attacks and malware led to most data breaches | |
| | (from ZDNet at 10-2-2010) | |
| | With millions of personal records and payment card information stolen on a regular basis, several recently released reports independently confirm some of the main sources of breaches. Not surprisingly, that’s not zero day flaws, not even insiders, but good old fashioned SQL injections next to malware infections. With companies investing more resources into ensuring their networks and employees are protected against the very latest threats, some are clearly overlooking the most basic threats, ... read more» | |
| | | |
|
| |
|
| |
| | Rugged Manifesto calls on developers for secure code | |
| | (from TechWorld at 10-2-2010) | |
| | Three respected security professionals have issued a call for developers to learn and practice secure programming in an effort to reduce the number of exploits directed at applications. Called the Rugged Manifesto, the document encourages developers to adopt characteristics that will lead them to write more secure applications. The three authors of the manifesto are Josh Corman, an analyst with The 451 Group; David Rice, formerly with the National Security Agency and author of Geekonomics, a ... read more» | |
| | | |
|
| |
| | Schengen system raises privacy concerns | |
| | (from Computing at 10-2-2010) | |
| | It is believed that confidential information on British citizens could be accessed via 500,000 terminals all hooked up to an EU-wide computer network called the Schengen Information System (SIS). It is the vast number of terminals through which the system can be accessed that has triggered concerns about security of personal data. The network has seen a growth in terminals as a result of the expansion of the EU, from 125,000 in 2003 to 500,000 currently.... read more» | |
| | | |
|
| |
| | Police hunt for moles with security software | |
| | (from Computing at 10-2-2010) | |
| | The Lancashire Constabulary is to deploy auditing software that will monitor and record all of the data input by its employees in a bid to prevent information being leaked from its intelligence database. The Constabulary will trial 3ami's monitoring and audit (MAS) software client on a limited number of fixed and mobile terminals attached to its network, before rolling out the system to all of its 7,000 staff in time for the introduction of new data security regulations in March this year. ... read more» | |
| | | |
|
| |
| | Recon Call For Paper - Montreal 9-11 July 2010 | |
| | (from Hugo Fortier at 10-2-2010) | |
| | + RECON returns for 2010 - Training sessions + conference + We are accepting submissions - Single track - 45-60 minute presentations, or longer, we are flexible - There will be time for short, informal lightning talks + Especially on these topics - Reverse engineering (Software, Protocols, Hardware, Human) - Exploit development and vulnerability assessment - Data analysis and visualization techniques - Crypto and anonymity - Physical security countermeasures - Anything e... read more» | |
| | | |
|
| |
| | Ex-army bloke says the US is not ready for cyber war | |
| | (from The Inquirer at 10-2-2010) | |
| | FORMER US ARMY computer insecurity specialist Christopher Tarnovsky showed the Black Hat Technical Security Conference exactly why the US cannot handle a cyber war. Speaking before the throngs of hackers, he hacked into a computer chip called a "Trusted Platform Module" or TPM. TPM chips are supposed to be the industry's highest standard of security and are present in more than 100 million computers sold to businesses and individuals. When he managed it he had access to all the highly sens... read more» | |
| | | |
|
| |
| | Chinese-born engineer gets 15 years in spying for China | |
| | (from Latimes at 10-2-2010) | |
| | Dongfan 'Greg' Chung, who worked with Boeing and Rockwell International, was accused of providing information on the space shuttle and Delta IV rocket. A Chinese-born aerospace engineer who had access to sensitive material while working with a pair of major defense contractors in Southern California was sentenced Monday to more than 15 years in prison for acquiring secret space shuttle data and other information for China.... read more» | |
| | | |
|
| |
| | Cyber crooks play on Bill Cosby death hoax | |
| | (from v3 at 10-2-2010) | |
| | An online hoax claiming that US comedian and actor Bill Cosby has died is being used to push a malware attack. Researchers at security vendor Sophos reported seeing a new round of web sites claiming to offer news of Cosby's death. The pages attempt to mimic CNN's web site and presents surfers with phoney error messages attempting to push fake anti-virus packages. "Hunting for information about the story can lead your computer into a nasty malware infection," wrote Sophos senior technolo... read more» | |
| | | |
|
| |
| | Social Security numbers of nearly 50,000 Californians disclosed | |
| | (from Latimes at 10-2-2010) | |
| | California health officials have accidentally disclosed the Social Security numbers of nearly 50,000 of the state’s most vulnerable residents. The numbers were printed on the outside of envelopes sent to elderly patients of the Adult Day Health Care program, many of whom are blind or have Alzheimer’s disease or other cognitive disabilities. The Department of Health Care Services sent the envelopes, which contained change-of-benefit notices, Feb. 1.... read more» | |
| | | |
|
| |
| | Midland Police warn of cell phone scam | |
| | (from ourmidland at 10-2-2010) | |
| | Midland Police are warning residents of a cell phone scam involving automated calls for information regarding debit cards. Officers recently have been informed of a number of suspicious cell phone calls with an automated voice that states the recipient's VISA debit card has been suspended or compromised. Police say residents should not give out any sensitive personal information, such as account numbers, Social Security numbers, birth dates or driver license numbers, to anyone that they d... read more» | |
| | | |
|
| |
| | Cyber attack in M'sia still under control | |
| | (from The Star at 10-2-2010) | |
| | Cyber attack in Malaysia is still under control, due to government efforts in ensuring a safe electronic environment in the country, said CyberSecurity Malaysia's Chief Executive Officer Husin Jazri. "Cyber security in Malaysia is the same as in other parts of the world, we have issues and challenges that we face but in short, it is under control (cyber attack)," he told Bernama Tuesday. He said the government was pursuing more efforts to address the issue through CyberSecurity, which is t... read more» | |
| | | |
|
| |
| | How To Hack The Sky - A Spanish researcher demos new satellite-hijacking tricks with cybercriminal potential | |
| | (from Forbes at 10-2-2010) | |
| | Satellites can bring a digital signal to places where the Internet seems like a miracle: off-the-grid desert solar farms, the Arctic or an aircraft carrier at sea. But in beaming data to and from the world's most remote places, satellite Internet may also offer its signal to a less benign recipient: any digital miscreant within thousands of miles. In a presentation at the Black Hat security conference in Arlington, Va., Tuesday, Spanish cybersecurity researcher Leonardo Nve presented a variet... read more» | |
| | | |
|
| |
| | Hacker 'Mudge' gets DARPA job | |
| | (from CNet at 10-2-2010) | |
| | Peiter Zatko--a respected hacker known as "Mudge"--has been tapped to be a program manager at DARPA, where he will be in charge of funding research designed to help give the U.S. government tools needed to protect against cyberattacks, CNET has learned. Zatko will become a program manager in mid-March within the Strategic Technologies Office at DARPA (Defense Advanced Research Projects Agency), which is the research and development office for the Department of Defense. His focus will be cyber... read more» | |
| | | |
|
| |
| | ACC says sorry for botched mailout | |
| | (from nzherald at 10-2-2010) | |
| | ACC has apologised "unreservedly" to thousands of businesses and individuals whose private information about workplace injuries was sent to the wrong companies. The corporation sends out 15,000 individual reports each month and yesterday 2000 were mailed to the wrong businesses. In a statement issued last night, general manager Dr Keith McLea said ACC was very disappointed privacy may have been breached and blamed a problem with the January mailout. This was done by an external agency w... read more» | |
| | | |
|
| |
| | NY Town's Bank Account Hacked | |
| | (from Bankinfosecurity at 10-2-2010) | |
| | Officials in the Town of Poughkeepsie, NY report a computer hacker broke into the town's bank account and stole $378,000 in municipal funds. Poughkeepsie Supervisor Patricia Myers announced on Feb. 2 that the money was transferred to banks in Ukraine after someone broke into the town's TD Bank account in Jan. Similar thefts have occurred at businesses and government offices across the country where hackers get the online banking credentials of the business or government agency and send fra... read more» | |
| | | |
|
| |
| | Australian Government websites blitzed by DDoS attack | |
| | (from SecureComputing at 10-2-2010) | |
| | The websites of Senator Stephen Conroy and the Australian Parliament House were inaccessible this morning after the 'Anonymous' group of hackers claimed credit for a Distributed Denial of Service (DDoS) attack on Australian Government web sites. It is the second attack the 'Anonymous' group has levelled at the Australian Government in six months. A similar attack brought down the websites of the Prime Minister and the ACMA (Australian Communications and Media Authority) in September 2009. ... read more» | |
| | | |
|
| |
| | Iranian net slows to a crawl before planned protests | |
| | (from The Register at 10-2-2010) | |
| | Iranian authorities have blamed fibre-optic network damage for a convenient slow-down in net connection speeds in the country this week. The slow-down comes suspiciously close to planned opposition demos, timed to coincide with the 11 February anniversary of the Iranian revolution. Opposition groups, supported by many in the West, have used the internet and SMS messages to co-ordinate activities since the disputed re-election of President Ahmadinejad last June.... read more» | |
| | | |
|
| |
| | IPS's double IT has risks, says commissioner | |
| | (from The Register at 10-2-2010) | |
| | Identity commissioner Sir Joseph Pilling has expressed concerns about the Identity and Passport Service's two-stage approach to its core technology. "The IPS have gone for what they call a tactical and a strategic solution to the IT demands of running an ID scheme in this country," he told the Security Document World conference in London on 8 February 2010. One system has been put in place for the small-scale launch of the scheme, but another will be introduced when it is expanded by forcing ... read more» | |
| | | |
|
| |
| | Global gov's shrugging lets cybercrims frolic | |
| | (from The Register at 10-2-2010) | |
| | Someone will have to die before governments take cybercrime as seriously as they take digital piracy, a panel on cybercrime and internet security was told last week.US-based investigative journalists met local industry representatives for a debate in Madrid last Thursday evening. Brian Krebs, investigative journalist and former editor of the Washington Post SecurityFix blog was joined by Joseph Menn, journalist for Financial Times USA and author of the newly released cyber-crime book Fatal Sy... read more» | |
| | | |
|
| |
| | China jails pxxx-monger | |
| | (from The Register at 10-2-2010) | |
| | China's aggressive crackdown on internet smut and dissent continues - yesterday a man was sentenced to 13 years prison for renting a US server for distributing pornographic material Huang Yizhong, from Jiangmen, was fined 100,000 yuan (£9,400) and sentenced to 13 years for copying and distributing pornographic material.He used a rented US server to download 1,000 films which he edited into clips and made available to the 4,000 members of his website.... read more» | |
| | | |
|
| |
| | Upstart crimeware wages turf war on mighty Zeus bot | |
| | (from The Register at 10-2-2010) | |
| | Purveyors of a new botnet toolkit are touting a feature aimed at aspiring cybercriminals: the opportunity to commandeer computers already compromised by an established crimeware package known as Zeus. The SpyEye toolkit made its debut in December on Russian underground forums with a retail price of $500. It comes with usual configurable amenities such as a keylogger, credential stealers for credit cards, FTP and Pop3 email accounts, and a graphical control panel for managing large botnets.... read more» | |
| | | |
|
| |
| | Home Internet access quadruples in the last decade | |
| | (from ComputerWorld at 10-2-2010) | |
| | ICT has become increasingly more affordable over the past decade with the Australian Bureau of Statistics (ABS) recording marked increases in access to PCs and the Internet in Australian households. In its Household Use of Information Technology report the ABS found that access to the Internet at home between 1998 to 2008-09 had more than quadrupled from 16 to 72 per cent of Australians.... read more» | |
| | | |
|
| |
| | McAfee Labs Quarterly Threat Report Posted | |
| | (from avertlabs at 10-2-2010) | |
| | Today we unveiled our Threats Report for the fourth quarter of 2009. It highlights many of the most significant spam-generating stories in 2009 as well as the rise of political hacktivism in countries such as Poland, Latvia, Denmark, and Switzerland. The report’s findings also reveal that 2009 averaged approximately 135.5 billion spam messages per day; yet spam volume decreased by 24 percent in Q4 compared with Q3.... read more» | |
| | | |
|
| |
| | Feds say dev's 'cookie-stuffer' app fleeced eBay | |
| | (from The Register at 10-2-2010) | |
| | A Las Vegas web developer has been charged with fleecing eBay out of tens of thousands of ellars by selling a program that planted fraudulent web cookies on the PCs of people visiting the online auctioneer. Dubbed saucekit, the program deposited a cookie on end users' hard drives that contained a unique code identifying affiliate websites even though advertisements from those sites were never viewed, according to documents filed Tuesday in US District Court in San Jose, California. Users who ... read more» | |
| | | |
|
| |
| | HIPAA Security Breaches: 10 Steps to Take When a Breach Occurs | |
| | (from AIS Health at 10-2-2010) | |
| | HHS begins enforcing the new security breach notification rule this month — Feb. 17 to be exact — and HIPAA covered entities and business associates would be well-advised to have response plans in place in case they have a suspected security breach. How will you identify breaches that must be reported, mitigate risk to your organization and the individuals involved, and comply fully with this new law, which has potentially enormous penalties?... read more» | |
| | | |
|
| |
| | Google takes on Facebook and Twitter with network site | |
| | (from BBC at 10-2-2010) | |
| | Google has taken the wraps off its latest social network known as Buzz. The service - integrated directly with its e-mail service Gmail - allows users to post status updates, share content and read and comment on friends' posts. The site pitches Google directly against rival networks such as Facebook, which has amassed nearly 400 million users since its launch in 2004. Buzz will try to capitalise on the number of regular Gmail users, which is currently around 170 million people.... read more» | |
| | | |
|
| |
| | All Subversive Organizations Now Must Register in South Carolina | |
| | (from Schneier at 10-2-2010) | |
| | The state's "Subversive Activities Registration Act," passed last year and now officially on the books, states that "every member of a subversive organization, or an organization subject to foreign control, every foreign agent and every person who advocates, teaches, advises or practices the duty, necessity or propriety of controlling, conducting, seizing or overthrowing the government of the United States ... shall register with the Secretary of State."... read more» | |
| | | |
|
| |
| | Court Keeps White House Spy Docs Secret | |
| | (from Wired at 10-2-2010) | |
| | A federal appellate panel on Tuesday blocked a court order requiring disclosure of e-mail between the White House, Justice Department, National Security Agency and Office of the Director of National Intelligence — communications that paved the way for new spy legislation. The 2008 messages were a precursor to legislation that year to kill litigation against the nation’s carriers for funneling Americans’ communications to the National Security Agency without warrants.... read more» | |
| | | |
|
| |
| | Antivirus programs fail to stop new malware | |
| | (from TechWorld at 10-2-2010) | |
| | Nearly a third of PCs protected by up-to-date antivirus software show signs of malware infection, a new analysis based on real-world scans has found. Dutch cloud security startup, SurfRight, studied scans from 107,435 PCs that had downloaded its cloud-based behavioural scanning system, and found malware on 35 percent of the machines, about what one might expect of the general population of machines. More surprising, however, was that 32 percent of machines using a fully-updated antivirus pro... read more» | |
| | | |
|
| |
| | Operation Titstorm: hackers bring down government websites | |
| | (from The Age - Australia at 10-2-2010) | |
| | Groups opposing the government's internet censorship plans have condemned today's attacks on government websites, saying it will do little to help their cause, while Communications Minister Stephen Conroy called them "totally irresponsible". Hackers connected with the group Anonymous, known for its war against Scientology, this morning launched a broad attack on government websites.They are protesting against forthcoming internet filtering legislation and the perceived censorship in pxxxograp... read more» | |
| | | |
|
| |
| | Online safety push for five-year-olds | |
| | (from BBC at 10-2-2010) | |
| | Children as young as five are being targeted in a new online safety campaign backed by the government. The campaign uses cartoons to show five to seven-year-olds that people are not always what they seem. It is thought 80% of children in this age group use the web and one-in-five parents of this age group worry about who their children contact online. Experts say that by raising awareness of web risks at an early age, children will be better protected.... read more» | |
| | | |
|
| |
| | In Hollywood, hackers are mostly 'good guys' | |
| | (from WebIndia123 at 10-2-2010) | |
| | Damian Gordon of the School of Computing at Dublin Institute of Technology (DIT), Ireland, is not so sure. He has homed in on the hacking in live-action, non-documentary movies from the last four decades and come to some interesting conclusions. Gordon has analysed the characters and plots of a wide range of movies from the 1968 Peter Ustinov classic "Hot Millions" to "Die Hard 4.0" by way of "Weird Science", "Ferris Bueller's Day Off", "The Matrix" and "Jurassic Park".... read more» | |
| | | |
|
| |
| | Cyber attacks: What's in store for 2010? | |
| | (from Ciol at 10-2-2010) | |
| | The growth of mobile application sites has become one prominent hurdle in the fight against hacking. Today, iPhone and BlackBerry users now have an unprecedented number of third-party applications available for their enterprise handhelds. According to a recent study from Jupiter Research Inc., mobile application downloads are expected to reach 20 billion annually by 2014. Network security pros will face mounting challenges from a rising tide of mobile apps touching private networks and informati... read more» | |
| | | |
|
| |
| | KC Art Institute employees may have been victimized in potential identity theft | |
| | (from Kansascity at 10-2-2010) | |
| | About 145 employees at the Kansas City Art Institute have been notified of potential identity theft in connection with the disappearance of a computer from the campus. An Apple computer that contained Social Security numbers, dates of birth and other personal information about the school’s professors and staff employees was stolen from the human resource office last Thursday night.... read more» | |
| | | |
|
| |
| | ENISA report points out the risks and threats of mobile social networking services | |
| | (from Security Park at 10-2-2010) | |
| | Online Social Networking Sites (SNSs) have had an exceptional growth trend on Internet. 211Mn users (out of 283 Mn) in Europe use SNS, and, primarily, Facebook in 11/17 countries studied. The modern way of staying in touch with business or personal contacts is through SNS and other digital tools. Consequently, the ways people meet, share opinions, communicate information and ideas is changing. The EU ‘cyber security’ Agency - ENISA (the European Network and Information Security Agency) has pr... read more» | |
| | | |
|
| |
| | TIO website hit by malware | |
| | (from SecureComputing at 10-2-2010) | |
| | Weekend malware runs one new process per target machine. The website of the Telecommunications Industry Ombudsman (TIO) has suffered a malware attack that caused it to be taken offline today. The site was blocked for Google users this afternoon, with the search engine listing it as suspicious since Friday. According to Google's diagnostic page, three pages on tio.com.au were infected, and successful infection resulted in an average of one new process on the target machine. John DuBoi... read more» | |
| | | |
|
| |
| | ShmooCon: Web App Storage Open to Attack | |
| | (from CIO at 10-2-2010) | |
| | New forms of off-line client-side storage, such as those specified by the emerging HTML 5 set of standards, could open entirely new kinds of attacks to Web application users, said Michael Sutton, vice president of security research for cloud security firm ZScaler. Right now, only Chrome, Safari and Mobile Safari -- the iPhone browser -- support the HTML 5 storage specifications, thanks to the fact they all use the HTML 5-friendly WebKit browser engine.... read more» | |
| | | |
|
| |
| | Microsoft Security Advisory (977377) - Vulnerability in TLS/SSL Could Allow Spoofing | |
| | (from Microsoft at 9-2-2010) | |
| | Microsoft is investigating public reports of a vulnerability in the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. At this time, Microsoft is not aware of any attacks attempting to exploit the reported vulnerability. As an issue affecting an Internet standard, we recognize that this issue affects multiple vendors. We are working on a coordinated response with our partners in the Internet Consortium for Advancement of Security on the Internet (ICASI). The TLS and SSL ... read more» | |
| | | |
|
| |
|
| |
| | Re-Released - Microsoft Security Bulletin MS10-002 - Critical - Cumulative Security Update for Internet Explorer (978207) | |
| | (from Microsoft at 9-2-2010) | |
| | Added entry to the Update FAQ to clarify how the URL Validation Vulnerability (CVE-2010-0027) is addressed by both this update (MS10-002) and the MS10-007 update. Also, corrected the severity rating for Internet Explorer 6 Service Pack 1 when installed on Microsoft Windows 2000 Service Pack 4 for CVE-2010-0027. The URL Validation Vulnerability (CVE-2010-0027) is addressed by this update (MS10-002) and the Vulnerability in Windows Shell Handler Could Allow Remote Code Execution (MS10-007) depe... read more» | |
| | | |
|
| |
| | Australian airports to deploy body scanning technology | |
| | (from ComputerWorld at 9-2-2010) | |
| | The attempted terrorist attack aboard a US-bound Christmas Day flight has prompted the Federal Government to introduce body scanning technology at international airports, as part of a $200 million airport security boost. Prime Minister Kevin Rudd said the measures were designed to strengthen the aviation security regime in Australia.... read more» | |
| | | |
|
| |
|
| |
| | Microsoft Security Bulletin MS10-006 - Critical - Vulnerabilities in SMB Client Could Allow Remote Code Execution (978251) | |
| | (from Microsoft at 9-2-2010) | |
| | This security update resolves two privately reported vulnerabilities in Microsoft Windows. The vulnerabilities could allow remote code execution if an attacker sent a specially crafted SMB response to a client-initiated SMB request. To exploit these vulnerabilities, an attacker must convince the user to initiate an SMB connection to a malicious SMB server. This security update is rated Critical for Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows 7, and Windows Server 2008 R2,... read more» | |
| | | |
|
| |
|
| |
| | Microsoft Security Bulletin MS10-008 - Critical - Cumulative Security Update of ActiveX Kill Bits (978262) | |
| | (from Microsoft at 9-2-2010) | |
| | This security update addresses a privately reported vulnerability for Microsoft software. This security update is rated Critical for all supported editions of Microsoft Windows 2000 and Windows XP, Important for all supported editions of Windows Vista and Windows 7, Moderate for all supported editions of Windows Server 2003, and Low for all supported editions of Windows Server 2008 and Windows Server 2008 R2. Affected Software: Microsoft Windows 2000 Windows XP Windows Server 2003 Windo... read more» | |
| | | |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
| | Microsoft Security Bulletin MS10-014 - Important - Vulnerability in Kerberos Could Allow Denial of Service (977290) | |
| | (from Microsoft at 9-2-2010) | |
| | This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service if a specially crafted ticket renewal request is sent to the Windows Kerberos domain from an authenticated user on a trusted non-Windows Kerberos realm. The denial of service could persist until the domain controller is restarted. This security update is rated Important for all supported editions of Microsoft Windows 2000 Server, Windows Server 2003, and Windo... read more» | |
| | | |
|
| |
|
| |
|
| |
| | Social Networking's 17 Golden Rules | |
| | (from govinfosecurity at 9-2-2010) | |
| | The agency outlines a number of risks and threats associated with using social networking sites and has come up with a list of 17 golden rules to follow when visiting them or posting anything. Among the tips: - Always log out once a session is over; - Never using auto-complete tools to fill in passwords and other forms; - Choose carefully whom you friend on social networks; - Don't publish really private information and so on. ENISA's report also shows that the increased use of social n... read more» | |
| | | |
|
| |
| | ACM CCS 2010: Call for Workshop Proposals | |
| | (from Christopher Kruegel at 9-2-2010) | |
| | Proposals are solicited for workshops to be held in conjunction with ACM CCS 2010. Each workshop provides a forum to address a specific topic at the forefront of security research. A workshop must be one full day in length. Proceedings of all workshops will be available (on a CD) to the workshop attendees. Each workshop will also have on-line proceedings through ACM Digital Library, with a separate ISBN. For new workshops, proposals should include: * Workshop title * A draft "Call for ... read more» | |
| | | |
|
| |
| | Security Automation Developer Days Winter 2010 - February 22 – 24, 2010 | |
| | (from mitre at 9-2-2010) | |
| | The Security Automation Developer Days Winter 2010 conference is a free three-day conference that is sponsored by the Department of Defense (DoD), hosted by the National Institute of Standards and Technology (NIST), and facilitated by the MITRE Corporation. This conference will be a series of workshops that focus on engaging the security automation community in the development of key security automation related initiatives, including the Common Platform Enumeration (CPE), the eXtensible Confi... read more» | |
| | | |
|
| |
| | Hackers put TCS site `On Sale' | |
| | (from Indiatimes at 9-2-2010) | |
| | Tata Consultancy Services Ltd (TCS), India's largest software company, has restored its website tcs.com after hackers reportedly changed its domain name. The hacker posted a "For Sale" message on the site, which was reportedly written in both French and English. The hack is believed to be a DNS hijack, similar to the attack that Twitter succumbed to in 2009. According to a report in plugged.in, the hackers also provided their email id 'abed_uk@hotmail.com', besides displaying a whos.among... read more» | |
| | | |
|
| |
| | The top 5 mistakes of privacy awareness programs | |
| | (from ComputerWorld at 9-2-2010) | |
| | Despite good intentions, companies often make these five mistakes when educating employees about data protection. By Jay Cline The Health Insurance Portability and Accountability Act requires it. The Payment Card Industry Data Security Standard requires it. The ISO 27001 standard requires it. In fact, every regulation that mandates that reasonable measures be taken to protect information implicitly requires companies to set up training programs to help employees understand what those measures... read more» | |
| | | |
|
| |
| | EFF Asks Court to Suppress Evidence Illegally Gathered From Password-Protected Phone | |
| | (from EFF at 9-2-2010) | |
| | Our cell phones aren't just for calls anymore. They hold our address books, our calendars, our emails, and our grocery lists. They may even include things like a list of questions to ask your doctor, pictures of your girlfriend, or URLs of web sites you've visited. When can police search your phone and look at all this information? That's the question that EFF is asking a court in California to consider. In People v. Taylor, police in Daly City, California seized a suspect's iPhone during his... read more» | |
| | | |
|
| |
| | Get Latest Quote and Company Info TCS restores Web site after hackers put it up ‘For Sale' | |
| | (from The Hindu Businessline at 9-2-2010) | |
| | The country's largest software exporter Tata Consultancy Services Ltd (TCS) has restored its Web site tcs.com after it was hacked yesterday. For a whole day, visitors to TCS's Web site were greeted with a ‘For Sale' message in English and French. “The TCS Web site www.tcs.com was disrupted. Subsequently, it has been restored and is functioning fine. None of the servers were compromised. Initial investigation reveals a DNS redirection at the domain name registrar's end,” a spokesperson for ... read more» | |
| | | |
|
| |
| | Leaky anti-virus defences letting malware through | |
| | (from The Register at 9-2-2010) | |
| | Even users running up-to-date anti-virus software still get infected with malware, according to stats from an online malware scanning service. Nearly a third (25,000 out of 78,800) of computers with up-to-date anti-virus software were discovered to be infected with malicious code when users scanned their PC using SurfRight's HitmanPro 3 behavioural scan. SurfRight's analysis (pdf) is based on 107,435 users who put their PC through its scanner between 10 October and 4 December 2009. Around ... read more» | |
| | | |
|
| |
| | Safer Internet Day: How children can undermine corporate security | |
| | (from ComputerWeekly at 9-2-2010) | |
| | There is no safety without security on the internet, John Colley, managing director of information security professionals' organisation (ISC)² has warned. Youngsters continue to use the internet in new ways and take risks in a world where parents and teachers are ill-equipped to guide them, he said in a statement to mark Safer Internet Day. (ISC)² volunteers who run an internet safety and security programme in schools across the UK have found that many children share their parents' home or... read more» | |
| | | |
|
| |
| | Comerica Phish Foiled 2-Factor Protection | |
| | (from KrebsonSecurity at 9-2-2010) | |
| | A metals supply company in Michigan is suing its bank for poor security practices after a successful phishing attack against an employee allowed thieves to steal more than half a million dollars last year. The lawsuit, filed by Experi-Metal Inc. (EMI), in Sterling Heights, Mich., charges that Dallas-based Comerica Bank effectively groomed its customers to become phishing victims by routinely sending them e-mail messages that asked recipients to click a link to update the bank’s security techn... read more» | |
| | | |
|
| |
| | Verizon Blocking 4chan | |
| | (from Slashdot at 9-2-2010) | |
| | According to 4chan's owner and administrator 'moot,' Verizon has explicitly blocked all traffic on their network from boards.4chan.org, where all of 4chan's boards are located. Moot explains that only traffic to and from port 80 is being dropped and they were able to confirm that it was intentional. 4chan's downtime for Verizon users has been in effect for at least 72 hours since Saturday, February 7.... read more» |
|
0 comments