Saturday, November 21, 2009

Intert Security News: Week in Review

Internet Security News: Week in Review

EU security agency highlights cloud computing risks

(from NetworkWorld at 21-11-2009)

Cloud computing users face problems including loss of control over data, difficulties proving compliance, and additional legal risks as data moves from one legal jurisdiction to another, according to a assessement of cloud computing risks from the European Network and Information Security Agency. The agency highlighted those problems as having the most serious consequences and being among the most likely for companies using cloud computing services, according to ENISA.... read more»

McAfee Releases Q3 Report on Threats

(from ITBusinessEdge at 21-11-2009)

McAfee recently released one of my all-time favorite publications, its quarterly threat report. This report is for Q3 and covers spam, social engineering, Web threats, cybercrime and malware. For the second quarter, spam is up. As a percentage of mail, spam is at an all-time high of 92 percent, although it feels closer to 99 percent. The United States remains the number-one spam producer for the last three quarters. Rest assured, all is well in zombie land. The United States retained its... read more»

Cyberattacks on U.S. military jump sharply in 2009 - Many of them coming from China

(from NetworkWorld at 21-11-2009)

Cyberattacks on the U.S. Department of Defense -- many of them coming from China -- have jumped sharply in 2009, a U.S. congressional committee reported Thursday. Citing data provided by the U.S. Strategic Command, the U.S.-China Economic and Security Review Commission said that there were 43,785 malicious cyber incidents targeting Defense systems in the first half of the year. That's a big jump. In all of 2008, there were 54,640 such incidents. If cyber attacks maintain this pace, they will ... read more»

Symantec Talks Trends and Looks into the Crystal Ball

(from Symantec at 21-11-2009)

I had the honor recently of moderating a virtual roundtable discussion on the top Internet security trends from 2009 and what we expect to see in the security threat landscape in 2010. Funny thing about security predictions—you hope they won’t come true, but expect them to anyway. The roundtable featured expert panelists Paul Wood (Senior Analyst, MessageLabs Intelligence, Symantec) and Zulfikar Ramzan (Technical Director, Symantec Security Response). They each have unique insights into the worl... read more»

Dumb code could stop computer viruses in their tracks

(from NewScientist at 21-11-2009)

On the day a new computer virus hits the internet there is little that antivirus software can do to stop it until security firms get round to writing and distributing a patch that recognises and kills the virus. Now engineers Simon Wiseman and Richard Oak at the defence technology company Qinetiq's security lab in Malvern, Worcestershire, UK, have come up with an answer to the problem. Their idea, which they are patenting, is to intercept every file that could possibly hide a virus and add a ... read more»

Black(hat) Friday - Cyber criminals behind the Rogueware epidemic have their blackhat SEO campaigns

(from panda security at 21-11-2009)

If you plan on shopping online for "Black Friday", or "Cyber Monday", you might be in for more than you bargained for. Cyber criminals behind the Rogueware epidemic have their blackhat SEO campaigns optimized to take advantage of deal seekers looking for advertisements online. One misstep and you just might find yourself staring at a scareware site designed to trick you into believing that your computer is infected.... read more»

Hacker exposes global warming researcher

(from Errata Security at 21-11-2009)

Hackers broke in and revealed the private e-mails of Phil Jones (NYTimes, BBC ), a famous climatologist. This is going to be one of the most politically relevant hacks of the last few years. When hackers broke into Sarah Palin's e-mails during the presidential campaign, they failed to find any interesting dirt. Phil Jones' e-mails, though, are full of dirt. There's no proof of a "conspiracy" or "cover-up", but a lot of the e-mails look bad for Jones and some of his fellow researchers.... read more»

Wrecking CRU: hackers cause massive climate data breach

(from The Register at 21-11-2009)

The University of East Anglia has confirmed that a data breach has put a large quantity of emails and other documents from staff at its Climate Research Unit online. CRU is one of the three leading climate research centres in the UK, and a globally acknowledged authority on temperature reconstructions. A 61MB ZIP file was posted on a Russian FTP server late last night, local time. It contains over a thousand emails, and around three thousand other items including source code and data files.... read more»

Beware business cloud dangers, says EU agency

(from ZDNet at 21-11-2009)

Businesses should exercise caution when procuring cloud services, according to the European agency charged with promoting IT security good practice. The European Network and Information Security Agency (Enisa) on Friday published advice and a checklist for organisations thinking of jumping into the cloud, outlining the benefits and risks of using online service provision. Primarily, organisations should beware of lock-in to cloud services, Enisa told ZDNet UK on Friday. "There is very litt... read more»

Past Year's Malware Could Shape 2010's Threats

(from Internet News at 21-11-2009)

Over the course of the last year, a number of new innovations have occurred in the world of malware. New command-and-controls mechanisms emerged, new attack vectors appeared and platforms beyond Windows have increasingly become targets. During a Black Hat Webcast event late Thursday, Gerhard Eschelbeck, CTO of security vendor Webroot, explained how some new attacks that were seen in 2009 could be indicators for what we can expect to see in the year ahead.... read more»

Digital Economy Bill confirms crackdown on file sharers

(from Computer World at 20-11-2009)

Illegal filesharers could be disconnected from their internet accounts under proposed legislation in the finalised Digital Economy Bill published today.The Government published its draft legislation, but has stopped short of making online piracy a criminal offence. The bill will oblige Internet Service Providers (ISPs), such as Sky or Virgin, to send out warning letters to those caught file-sharing on their networks.ISPs will also be required to record the number of notifications a user has r... read more»

Tying New Tech, Trends to Specific Risks

(from govinfosecurity at 20-11-2009)

The fact that new technologies and trends present new threats to government information systems isn't new, but research released Thursday from the Ponemon Institute, a think thank that studies privacy and data protection, links particular technologies or trends to specific vulnerabilities.... read more»

Chairman Towns Introduces Legislation to Help Prevent Inadvertent Sharing of Federal Documents on Peer-to-Peer Networks

(from at 20-11-2009)

U.S. Representative Edolphus “Ed” Towns (D-NY), Chairman of the House Oversight and Government Reform Committee, today introduced the “Secure Federal File Sharing Act.” The bill will restrict the use of peer-to-peer (P2P) file sharing software across the Federal government. For almost a decade, the House Oversight Committee has examined the dangers associated with P2P software, and earlier this year a Committee hearing exposed the continued security and privacy risks associated with P2P file sha... read more»

NSA helps Apple, Sun and Red Hat harden their systems

(from h-online at 20-11-2009)

That the American National Security Agency has previously helped Microsoft harden various Windows versions is old hat, but what is news is that the NSA now also assists Apple, Sun and Red Hat with increasing the security of their operating systems. This was made publicPDF in a hearing at the US Senate's Subcommittee on Terrorism and Homeland Security. With these measures the NSA is responding to the increasing number of threats it perceives to critical infrastructures and economic systems. W... read more»

ENISA Offers Security Recommendations For Cloud Services

(from Dark Reading at 20-11-2009)

Are cloud services safe to use? What are their security weaknesses? What do enterprises need to know before they sign up? The European Network and Information Security Agency (ENISA) today is publishing a 124-page report that is designed to answer these questions for enterprises all over the globe. Nearly a year in the making, it covers the technical, policy and legal implications of cloud services and makes recommendations for how to address the risks and maximize the benefits. The report... read more»

57 percent of ME firms face cyber attacks

(from kippreport at 20-11-2009)

Fifty seven percent of businesses in the Middle East have faced two or more virus attacks in the past six months, according to a survey done by internet security firm, Trend Micro. “Ninety two percent of all attacks have a web component and organizations need to ensure that they are protecting their business from loss of data, credibility and money,” Chris Moore, the managing director of Trend Micro Middle East said in a release.... read more»

Botnet begins social networking spam run

(from at 20-11-2009)

A major malware botnet has sprung to life and is making a huge spam run through social networking sites. Researchers at Symantec's MessageLabs branch said that the DonBot network has begun sending spam emails in large numbers, accounting for as much as four per cent of the total global spam load since 18 November. The messages advertise a 'work at home' programme which promises $300 (£180) a day for posting information online.... read more»

China ramping up Internet spying, curbing markets: U.S.

(from Marketwatch at 20-11-2009)

China has increased its investment in cyber warfare capabilities in what amounts to a growing threat to U.S. computer networks, according to a U.S. government report Thursday. The U.S.-China Economic and Security Review Commission said in its annual report to Congress that cyber "incidents" against U.S. government Web sites rose 20% in 2008 to 54,640, and could likely rise another 60% this year.... read more»

Universities make ideal target for spammers

(from mcgilldaily at 20-11-2009)

Universities across the world are facing a slew of phishing scams. Both students and staff have fallen victim to spammers who trick them into divulging personal information, including university web mail user names and passwords. Steve Hillman, an information technology (IT) architect at Simon Fraser University (SFU), described phishing as an attempt to get persons’ online ID and passwords to access their systems that can take on different forms. He said that universities are often the target... read more»

Researchers: Online Threats Demand New Security Model

(from EWeek at 20-11-2009)

Large organizations continue to invest significant amounts of money in IT security initiatives despite the lagging worldwide economy, but most continue to struggle in preventing today's sophisticated electronic attacks, researchers contend. In a recent report on the pervasiveness of online threats, and the inability of most organizations to sufficiently protect themselves against such risks, analysts with Enterprise Research Group said that continued investment in perimeter defensive mechanis... read more»

RSA Reveals Inner Workings of Reshipping Scheme

(from EWeek at 20-11-2009)

The cyber-underworld is highly specialized, with the malware authors and purveyors at one end, and the cash out fraudsters responsible for laundering loot from compromised accounts on the other end. RSA, EMC's security division, recently took a long look at another side of the cyber-crime business. Researchers focused on a reshipping operation dubbed 'Air Parcel Express', where scammers recruited people to serve as mules for merchandise bought with stolen credit card information. The credit c... read more»

Cloud Computing - Benefits, risks and recommendations for information security

(from Enisa at 20-11-2009)

Cloud computing is a new way of delivering computing resources, not a new technology. Computing services ranging from data storage and processing to software, such as email handling, are now available instantly, commitment-free and on-demand. Since we are in a time of belt-tightening, this new economic model for computing has found fertile ground and is seeing massive global investment. The key conclusion of this paper is that the cloud’s economies of scale and flexibility are both a friend a... read more»

Outsourcers to fall victim to cloud computing rush?

(from Silicon at 20-11-2009)

Could some of the big names in outsourcing be among the victims of the much-hyped shift to cloud computing? As businesses begin to host their IT systems in the cloud - instead of hiring outsourcers to maintain and integrate their systems - outsourcers could start to feel the pain, according to author and technology thinker Nicholas Carr. Cloud computing allows businesses to ditch internal IT systems and access IT services over the internet from remote systems hosted in the cloud, resulting in... read more»

Single points of failure: How long will the hard drive in your machine last?

(from SunbeltBlog at 20-11-2009)

Good estimate – three years, maybe more. Higher rate of failure in the first year. (Clearly, mileage varies with usage) Many of us have experienced the failure of a hard drive or we’ve known someone who did. It’s the life experience that answers the question: “how often should I back up my files?” Manufacturers publicize the expected lifetime for hard drives. It’s called Mean Time to Failure (MTTF). There have been studies that suggest they either overestimate or underestimate the expected... read more»

Hackers to sharpen malware, malicious software in 2010

(from TechTarget at 20-11-2009)

Attackers proved in 2009 that social networks could be used to spread malware and trick users into giving up their data, but in 2010, according to two senior Symantec researchers, cybercriminals will turn to more sophisticated methods, including using social network architectures for the backbone of their attacks.... read more»

Thierry Henry's Wikipedia page defaced

(from Webuser at 20-11-2009)

French footballer Thierry Henry has had his entry in Wikipedia defaced after the striker admitted to handling the ball in the run-up to the goal that knocked Ireland out of the 2010 World Cup. Henry's entry on the collaborative encyclopedia has now been restored to its former state with just one reference to the "controversy".... read more»

Symantec's 'Unlucky 13' Security Trends for 2010

(from InternetNews at 20-11-2009)

After a year of unprecedented proliferation of spyware, malware and cyber attacks of all types, security software vendor Symantec warns there's plenty more where that came from in its just-released 2010 Security Trends to Watch report. Kevin Haley, Symantec Security Response group product manager, this week posted an ironic blog entry titled "Don’t Read This Blog" to draw attention to the company's latest report and to illustrate how Internet users have been conditioned to click any compellin... read more»

An introduction to the FBI's anti-cyber crime network

(from Arstechnica at 20-11-2009)

The Federal Bureau of Investigation told Congress this week that when it comes to cyber crime, terrorist groups like Al Qaeda aren't the sharpest pencils in the cup, but they're not out of the game either. "It is always worth remaining mindful that terrorists do not require long term, persistent network access to accomplish some or all of their goals," Steven R. Chabinsky, one of the Bureau's Cyber Division directors, explained to a Senate Judiciary Subcommittee. "Rather, a compelling act of ter... read more»

How to Carry Out Successful Cloud Governance and Adoption

(from EWeek at 20-11-2009)

Cloud computing is a dilemma for today's CIO. The potential to cut capital expenditure and reign in operating costs is so compelling that CIOs will push aggressively for cloud adoption. However, good managers understand that cost savings isn't the only variable to consider when evaluating whether to adopt cloud computing. Here, Knowledge Center contributor Scott Morrison offers 10 tips for CIOs to follow to successfully implement their cloud governance and adoption initiatives.... read more»

Call for Papers: CARO2010 Workshop

(from Caro2010 at 20-11-2009)

The annual CARO Workshop brings together the world's best researchers, analysts and programmers in the field of computer antivirus and computer security. We are welcoming nominations for presentations, including but not limited to the following topics: "Big Numbers" Malware sample growth rates Automated sample handling Solving scalability problems Sample feed profiling Honeynet collections Malware repository solutions Generic detection techniques Heuristics HIPS solutions Antivir... read more»

Social Networks Used as Criminal and Investigation Tools in Venezuela

(from Softpedia at 20-11-2009)

A group of Venezuelan students were recently arrested by local police for various theft charges. After further investigation, authorities proved that they were using many social networking sites, especially Facebook, to monitor their victims' activity and rob their houses while out of town. Global Post reports that the group was formed by three persons, a couple and a third man, a local student and close friend to many of his victims. The group used his Facebook friends list to acquire inform... read more»

Federal Agencies: Online Collaboration, Cyber Terrorism, Mobility, Web 2.0 Their Biggest Security Threats

(from DarkReading at 20-11-2009)

New survey by Ponemon Institute also finds more than one-third of agencies have suffered one or more hacks in the past 12 months . Senior federal IT executives say collaboration tools, cyber terrorism, mobility, and Web 2.0 are among the top threats to federal government data and systems and the nation's critical infrastructure, according to a new report published today by the Ponemon Institute.... read more»

ISA report reveals email security lapse

(from kable at 20-11-2009)

The incident, which occurred in the organisation's first full year of operation, was followed by an investigation which concluded that the lapse was due to human error rather than procedural failures, according to the ISA's annual report and accounts for 2008-09. Staff awareness of information governance legislation is regarded as highly important, says the document. At inductions employees are given training about data protection, freedom of information and information security. The report s... read more»

FAA Computer Glitch Knocked Out Electronic Flight Information

(from abcnews at 20-11-2009)

A Federal Aviation Administration computer outage early Thursday morning caused nearly 2,000 more flight delays than occur on a typical day, according to data compiled by and reviewed by ABC News. The problem began shortly after 5 a.m. ET this morning when a single circuit board failed in an FAA computer center in Salt Lake City. That meant air traffic controllers around the nation were no longer receiving information about flights electronically.... read more»

ENISA Clears the Fog on Cloud Computing Security

(from Sys-con at 20-11-2009)

How can businesses and governments get the obvious benefits of cloud computing without putting their organisation at risk? The EU's 'cyber security' agency, ENISA (the European Network and Information Security Agency) answers this question in a comprehensive, new report on "Cloud Computing: Benefits, risks and recommendations for information security". It covers the technical, policy and legal implications and most importantly, makes concrete recommendations for how to address the risks and maxi... read more»

Health Net takes 6 months to alert 450K of ID breach

(from Connpost at 20-11-2009)

Shelton-based Health Net of the Northeast Inc. surprised state officials and regulators Wednesday when it admitted private information on 450,000 Connecticut residents has been missing for about a half-year. According to the company and state regulators, an unencrypted portable disk drive containing personal information on past Health Net clients and providers disasppeared from the Shelton office in May, but not reported until now. The company said the breach was not reported because it to... read more»

FDA targets rogue Internet pharmacies

(from washingtonpost at 20-11-2009)

The U.S. Food and Drug Administration is pressuring a number of Internet service providers to shut off nearly 12 dozen Web sites alleged to be selling counterfeit or unapproved prescription drugs. The FDA's office of criminal investigations said it sent 22 warning letters to the operators of the sites, and alerted the appropriate ISPs and domain name registrars that the sites were selling phony pharmaceuticals, all without requiring a prescription. The agency said none of the sites represent ... read more»

How you can get pxxxo'd without meaning to - A rogue antispy operation

(from AVG at 20-11-2009)

It shows a rogue antispy operation but with a different pitch. Instead of simply pretending to scan your computer, and then pretending to find spyware, they display pxxxo images that they say they are finding on your computer. In reality, they are downloading them themselves, and then pretending to find them. All the victim had to do was simply go to a hacked website, and it started. In other words, the hacked website need have nothing to do with adult content, and could be completely innocen... read more»

Feds Charge 3 With Hijacking

(from Wired at 20-11-2009)

Three alleged members of the hacker gang Kryogeniks were hit with a federal conspiracy charge Thursday for a 2008 stunt that replaced Comcast’s homepage with a shout-out to other hackers. Prosecutors identified Christopher Allen Lewis, 19, and James Robert Black Jr., 20, as the hackers “EBK” and “Defiant,” known for hijacking Comcast’s domain name in May of last year — a prank that took down the cable giant’s homepage and webmail service for more than five hours, and allegedly cost the compan... read more»

Great American Hackathon - Come Together Nationwide, December 12-13

(from sunlightlabs at 20-11-2009)

On the weekend of December 12-13th, we're holding an open, distributed, nationwide hackathon to develop open source applications to open government. The goal is to solve as many open government problems as we can with as many hackathons across the country as possible. We've teamed up with Mozilla, Google, Redhat and Fedora, who will all be working with their developers to make things happen, and we've teamed up with Open Source for America and Code for America —there are opportunities for everyo... read more»

Security incident at TAD Gear

(from tadgear at 19-11-2009)

This notice is to inform our customers of a security incident at TAD Gear. We recently learned that our database was illegally accessed from an external source, and it appears that some customer data were taken, which may include customer names, contact information and credit card data. The possibility of a security breach came to our attention when certain customers notified us that unauthorized charges had appeared on their credit cards. Upon learning of the potential breach of security, TA... read more»

House Panel Passes Cybersecurity Enhancement Bill

(from govinfosecurity at 19-11-2009)

While the Senate bogs down in negotiations over drafting major cybersecurity reform legislation, a House panel Wednesday passed a nuts-and-bolts IT security bill that would require the president to assess the government's cybersecurity workforce, including an agency-by-agency skills assessment, and provide scholarship to students who agree to work as cybersecurity specialists for the government after graduation. The House Science and Technology Committee unanimously approved by voice vote th... read more»

UK police arrest two in connection with Zeus Trojan

(from TechTarget at 19-11-2009)

UK police have arrested a pair of 20-year-olds in connection with the Zeus Trojan, malware that cybercriminals have been using extensively in recent months steal online banking credentials . Officers from the Metropolitan Police's Central e-Crime Unit (PCeU) arrested a man and a woman in Manchester on Nov. 3, police announced Wednesday. The pair was arrested on charges of violating the UK 1990 Computer Misuse Act and 2006 Fraud Act, police said. No other details about the case were released.... read more»

ISAlliance: Cyber Security is Economic Issue

(from information-security-resources at 19-11-2009)

Internet Security Alliance President Larry Clinton joined several other prominent information security advocates to provide testimony before the Senate Judiciary Subcommittee on Terrorism and Homeland Security Tuesday. Entitled Cybersecurity: Preventing Terrorist Attacks and Protecting Privacy in Cyberspace, the hearings are one of several held this year by various Senate and House committees who over see everything from commerce to defense, as the nation struggles to gain insight into mounti... read more»

Protecting privacy; Lost medical files another reason for implementing more security: retired nurses

(from thewesternstar at 19-11-2009)

The discovery of 19 patient files from a temporary flu assessment clinic on a downtown city street earlier this month reinforces the need for stricter security over such records, say two retired registered nurses from Corner Brook. Last March, Marjorie Deckert and Eva Joan Lee publicly voiced their concerns about the number of health care professionals who could be permitted access to a patient’s medical record. According to the two, it is possible that any of up to 11 different groups of ... read more»

NJ Man Sentenced in Scientology Cyber Attack

(from abcnews at 19-11-2009)

A New Jersey man will serve a 366-day federal prison term for conducting a cyber attack on Church of Scientology Web sites in January 2008. At a hearing Wednesday in Newark 19-year-old Dmitriy Guzner (duh-MEET'-tree GOOZ'-nuhr) of Verona also was sentenced to two years' probation after his release from prison. Guzner pleaded guilty in May to computer hacking charges.... read more»

Are nations paying criminals for DoS attacks?

(from ComputerWorldUk at 19-11-2009)

Nations that want to disrupt their enemies' banking, media and government resources don't need their own technical skills; they can simply order botnet attack services from cybercriminals. That's a point made in McAfee's new report "Virtually Here: The Age of Cyber Warfare," which draws from the opinions of about 20 experts, including William Crowell, former deputy director of the US National Security Agency.... read more»

Hacking war has just begun

(from theage at 19-11-2009)

The email from Google in June was the first sign: it warned that the Free Our Data site seemed to be host to a set of hidden spam links — or, as Google put it, "techniques that are outside our quality guidelines". It took more than two months to discover the true extent of the hacking, which had planted links all over the website to an "online pharmacy" selling dubious products.... read more»

MP calls for Scot who hacked Pentagon to be given job

(from Scotsman at 19-11-2009)

COMPUTER hacker Gary McKinnon should be given a job rather than extradited to the United States, as his skills could be "put to good use". That was the view of MP Keith Vaz, who heads the home affairs select committee. He said McKinnon showed intelligence "far beyond what anyone could imagine" when he hacked into US military networks.... read more»

Cybersecurity: Do women count?

(from genderit at 19-11-2009)

I have another blog post to write about, which is a continuation of the privacy blog. But after attending this morning's session on ITU and cybersecurity, I think I should jot this down before the moment escapes. The workshop was a panel of representatives from the 5 pillars of ITU's work: legal, technical, organisational structures, capacity building & international cooperation. Yes, they were all male in matching black suits, but there was a fair amount of regional representation within tha... read more»

How Secure Is Cloud Computing?

(from technologyreview at 19-11-2009)

Cloud computing services, such as Amazon's EC2 and Google Apps, are booming. But are they secure enough? Friday's ACM Cloud Computing Security Workshop in Chicago was the first such event devoted specifically to cloud security. Speakers included Whitfield Diffie, a cryptographer and security researcher who, in 1976, helped solve a fundamental problem of cryptography: how to securely pass along the "keys" that unlock encrypted material for intended recipients.... read more»

Report: Online Social Networks, Education Sites Harbor Most Security Risk

(from Network Centric Security at 19-11-2009)

WhiteHat Security, a leading provider of Web site risk management solutions, recently released the eighth installment of the WhiteHat Security Web site Security Statistics Report, a high-level perspective on major Web site security issues that continue to compromise corporate data across all industries. WhiteHat's report, assembled from real-world Web site security data, cites the Top 10 Web site vulnerabilities and provides insight into the evolving challenges facing organizations today. Whi... read more»

Cyber-Terrorism/Warfare –The Emergent Threat:Strategies for Survival

(from bu at 19-11-2009)

It seems that cyberspace is under constant attack. As the world’s infrastructure becomes increasingly grounded on the Internet for commerce and communication, the consequences of these attacks become more ominous. Worse still, the perpetrators are usually difficult to trace whether they’re individuals or state actors, and they often carry out their attacks remotely with a worldwide network of hijacked personal computers.... read more»

Barack Obama said to be close to naming cybersecurity chief

(from ComputerWorldUk at 19-11-2009)

The two people in the running for the post are Frank Kramer, a former assistant secretary of defence during the Clinton administration, and Howard Schmidt, former White House cybersecurity adviser and corporate chief security officer (CSO), the report says. Both are names that have been mentioned as likely candidates for the position for several months now. This is not the first time that the White House has been rumored to be close to announcing its pick . In September, Reuters reported that... read more»

Iran's Cybercrime Plan Riles Rights Community

(from worldpoliticsreview at 19-11-2009)

Rights advocates are expressing concern about Iranian plans to create a cybercrimes division to investigate illegal activity on the Internet, over fears that authorities will use the unit to target the opposition and political activists. Iranian authorities say they are aware of over 100,000 incidents of cybercrimes in 2008 -- including theft, fraud, forgery and libel -- and that the number is on the rise. But rights advocates worry that the unit's real purpose is to quell political discou... read more»

New guidelines issued for risk management in IT system security, authorization

(from Government Computer News at 19-11-2009)

A revised set of guidelines for authorizing government information technology systems for operation focuses on implementing a risk management process and caps a three-year effort to harmonize IT certification and accreditation (C&A) across the civilian, defense and intelligence communities. The National Institute of Standards and Technology (NIST) has released for comment the final draft of Special Publication 800-37 Revision 1, titled “Guide for Applying the Risk Management Framework to Fed... read more»

Combating cyber crime

(from dailynews at 19-11-2009)

Computer interconnectivity has produced enormous benefits but has also enabled criminal activity that exploits this interconnectivity for financial gain and other malicious purposes such as internet fraud, identity thefts, pornography and terrorism, to name a few. Numerous challenges impede the efforts of law enforcement in particular and public and private sector partnerships in general to mitigate cyber crime. The first of such challenges is ensuring accurate reporting of cyber crime to law... read more»

Accused hacker files bail plea in Anoushka case

(from Indiatimes at 19-11-2009)

Junaid Khan, the alleged blackmailer of sitar player Anoushka Shankar, daughter of legendary musician Pandit Ravi Shankar, moved a trial court for bail four days after Delhi Police filed a chargesheet against him. 29-year-old Junaid, who allegedly blackmailed the young sitarist over some of her photographs which he had accessed after hacking into her email account, filed a bail application before the Chief Metropolitan Magistrate Kaveri Baweja.... read more»

Commentary: 'Silly' iPhone owners deserve what they get

(from SecureComputing at 19-11-2009)

If you must jailbreak, change the default password! Anyone who was infected by the recent rick-rolling iPhone virus deserved everything they got. Earlier this month, 21-year-old Ashley Towns from Wollongong, created a virus that exploited iPhones which had been jailbroken. This means the iPhone OS was modified to run applications and games not sanctioned by Apple through its App Store.... read more»

The six greatest threats to US network security

(from NetworkWorld at 19-11-2009)

It's not a very good day when a security report concludes: Disruptive cyber activities expected to become the norm in future political and military conflicts. But such was the case today as the Government Accountability Office today took yet another critical look at the US federal security systems and found most of them lacking.... read more»

National Cybersecurity Awareness Month: Wait until next year!

(from NetworkWorld at 19-11-2009)

The event was sponsored by the National Cybersecurity Alliance and featured prominent speakers including Department of Homeland Security Secretary Janet Napolitano, Deputy Defense Secretary William Lynn, and the White House National Security Staff's Acting Senior Director for Cybersecurity, Chris Painter. National Cybersecurity Awareness Month is an opportunity for us to get collectively smarter and more secure. Shame on us if we drop the proverbial ball.... read more»

Internet users bring dog thrower to justice

(from News at 19-11-2009)

A Lithuanian man was filmed by friends joking that "dogs can fly" before throwing the dog, the Daily Mail reports. The footage was then posted on the internet, initially sparking outrage on Lithuanian websites before spreading across the world.... read more»

New web portal to share European air quality data

(from BusinessGreen at 19-11-2009)

A new application to provide businesses and individuals with information on air quality across Europe was launched this week, alongside the promise that it could become a central database for a wide range of environmental information. The Eye on Earth site, which was developed as part of a joint initiative between the European Environment Agency (EEA) and Microsoft, provides interactive information on air and water quality from country-wide to street level, based on data from environmental me... read more»

Malware writers feeding on Twilight mania

(from v3 at 19-11-2009)

Growing interest about the Twilight vampire series is making life risky for fans seeking information online, experts have warned. Security firm PC Tools documented a growing number of attacks and scams related to the popular book and movie series. The company expects such attacks to increase with the release of the New Moon sequel.... read more»

Internet Search Engines Promote Illegal Online Pharmacies

(from pharmacychoice at 19-11-2009)

Internet Search Engines Promote Illegal Online Pharmacies the Partnership for Safe Medicines speaks out against dangerous ads for illicit online pharmacies The Partnership for Safe Medicines, a group of organizations and individuals dedicated to protecting consumers from counterfeit medicines, issued the following statement regarding recent reports released by LegitScript, an online pharmacy verification service, and KnujOn, an Internet compliance company, which found that 80 to 90 percent of... read more»

NSA Official Says 3 Steps Can Thwart Cyberattacks

(from mcpmag at 19-11-2009)

Computer systems with proper security and network controls should be able to withstand about 80 percent of known cyberattacks, according to a senior National Security Agency (NSA) official. There are common steps that people can take to bolster computer security and make it more difficult for would-be-hackers to gain access, Richard Schaeffer Jr., the NSA's information assurance director, told the Senate Judiciary Committee's Terrorism and Homeland Security Subcommittee on Tuesday. He identif... read more»

Best use of internet - practice: Grant Thornton

(from Accountancy Age at 19-11-2009)

Once again the biggest accountancy firms are leading the way in technology. Following last year’s win by PKF in the small business software category, Grant Thornton has picked up the top practice IT award. Up against competition from perennials in this category, SJD and Danbro, GT fended them off with an impressive entry, winning first place for a multitude of reasons.... read more»

UK police make 2 Trojan computer virus arrests

(from Yahoo at 19-11-2009)

A couple suspected of helping spread some of the Internet's most aggressive computer viruses has been arrested in the English city of Manchester, police said Wednesday. Scotland Yard's electronic crimes unit said a man and a woman, both 20, were arrested Nov. 3 on suspicion of helping spread malicious Trojan computer programs sometimes known as "Zbot" or "ZeuS."... read more»

McAfee Releases Cybercrime Report covering a variety of longstanding cybersecurity problems

(from DarkReading at 19-11-2009)

The world is arming for cyber war and better defenses must be planned for and implemented. McAfee, a computer security company, makes this claim in its Fifth Annual Virtual Criminology report, released on Tuesday. The report finds that there's no common definition of cyber war, that the private sector is destined to get caught in the crossfire during a cyber conflict, and that too much of the discussion of cybersecurity policies is happening behind closed doors.... read more»

IGF attendees: America, surrender the root zone file!

(from Arstechnica at 19-11-2009)

Complaints about continuing US government control of Internet domain name issues surfaced again this week in Egypt at the UN-backed Internet Governance Forum. Should the US government step even further back from the Internet? It was welcomed by the international community, but some continue to argue that it didn't go far enough, and this opposition to continued US influence over the domain name system and IP addressing surfaced again at the United Nations-backed Internet Governance Forum goin... read more»

Better web security understanding urged

(from BCS at 19-11-2009)

More knowledge and awareness of internet security is needed in the current age, according to an industry spokesman. Robin Blake, head of media literacy at Ofcom, spoke about how more people were becoming worried about the security of their details, with users now resorting to higher privacy settings on social networking sites and shopping facilities. He added: 'Concerns about the internet, concerns about people's safety, and concerns about privacy are some of the things that prey on people... read more»

Salesforce Chatter: Social operating systems emerge on the IT stage

(from ZDNet at 19-11-2009)

This morning’s announcement here at Dreamforce today from Salesforce of Chatter, an enterprise-class realization of Facebook and Twitter, is further evidence of the industry’s push for social Web capabilities for business activities. Early indications are that Chatter will drive conversation and attention on this subject in enterprise circles very much like Google Wave did for consumer circles (as well as some businesses.).... read more»

DNS Survey Reveals Internet Security Vulnerabilities

(from TMCnet at 19-11-2009)

Infoblox (News - Alert) and The Measurement Factory recently made public the results of its fifth annual study of domain name surveys on the Internet. The results reveal that use of Microsoft (News - Alert) DNS Servers for external DNS is almost negligible. Several businesses have recognized the security vulnerabilities involved and moved to a more secure option. One potential vulnerability has been addressed but another has loomed large.... read more»

Problems old and new in changing internet security threat landscape

(from eChannelLine at 19-11-2009)

The Internet threat landscape saw some major changes in 2009 --- most of them negative -- and the prospects for 2010 are not much better.One depressing development this year was the rapid growth of drive-by downloads, which deliver malicious code without the user's knowledge through things like a browser exploit or visiting a web site. These attacks are dispiriting because they overturn one of the conventional wisdoms of Internet behavior, that you are much less likely to be a victim if you b... read more»

Spam's new flavours - Filtering is keeping more unwanted messages from our inboxes

(from Guardian at 19-11-2009)

When Luis von Ahn gives talks on his work fighting spam, he likes to start by asking the audience a question. "How many of you have had to fill out one of those web forms that asks you to read a distorted sequence of letters or a word?" he asks. "How many of you found that annoying?" Not everybody feels so certain, however. While users are probably exposed to fewer spam emails than ever, thanks to the rapid improvement of services such as Hotmail, Gmail and Yahoo Mail, the picture behind the ... read more»

Unified Creeps: Cyber-crime to Rage on in '10

(from EWeek at 19-11-2009)

Typically you've got to wait until at least December to begin seeing security researchers' foreboding predictions for the malware and unethical hacking landscape in the next year to come. However, in keeping with the theory of unified cultural creep, or the increasingly invoked notion that supports the strange reason why we've begun to see Christmas sales a week or so after Halloween, experts at security market leader Symantec have already published some of their forecasts for the last year o... read more»

Panda Security offers advice to keep children safe on the Internet

(from pandasecurity at 19-11-2009)

Young people are spending more and more time on the Internet; social networks, blogs and chats are just a few of the services used by children in their free time. Meanwhile, many parents are rightfully concerned about the dangers, including contact with strangers, access to inappropriate content and malware. With this in mind, and to mark Universal Children’s Day on November 20, Panda Security has drawn up a list of practical guidelines to help children avoid these dangers and use the Interne... read more»

5th Ministerial eGovernment Meeting and Conference

(from egov2009 at 19-11-2009)

The 5th Ministerial eGovernment Meeting and Conference, 18-20 November, will take place at the Malmo Exhibition and Convention Centre, St Varvsgatan 15, SE-201 25 Malmo, Sweden. It will be one of the major events of the Swedish EU Presidency and will include a Ministerial Meeting of ministers responsible for eGovernment, a Ministerial eGovernment Conference, and an exhibition of more than 50 finalists of eGovernment Awards.... read more»

The link between high speed and cybercrime

(from viruslist at 19-11-2009)

At the moment I’m in Johannesburg, South Africa, talking at the opening of our local office about security and mitigation strategies. Despite being a booming city, Johannesburg, tribute to its distant location from the information centers of the world, has remained somehow behind others in terms of internet connectivity. This may change very soon, though.... read more»

Experts: 80 percent of cyber attacks can be prevented by simple security measures

(from homelandsecuritynewswire at 19-11-2009)

Experts tell legislators that about 80 percent of commonly known cyber attacks could be prevented If network administrators instituted proper configuration policies and conducted good network monitoring If network administrators simply instituted proper configuration policies and conducted good network monitoring, about 80 percent of commonly known cyber attacks could be prevented, a Senate committee heard Tuesday. Kim Zetter writes that the remark was made by Richard Schaeffer, the NSA’s inf... read more»

Microsoft Study Sees Growing Threat of Computer Worms

(from enterprise-security-today at 19-11-2009)

The danger of corporate computers becoming infected by worms has risen dramatically recently, according to a new study by Microsoft.The study showed that, globally, the chances of infection by a computer worm had increased by almost 100 percent when comparing the first half of 2009 with the same six-month period in 2008. The threat is focused mainly on business computers. Private users get off lightly, by comparison, partially because they are more likely than corporate customers to make sure... read more»

Small companies are the key to security innovation

(from Computer Weekly at 19-11-2009)

The Global Security Challenge finals which took place at London Business School last week were a revelation to anyone who believes that security innovation is dead. There's certainly little imagination and innovation to be seen in the products emerging from big vendors and research establishments. But many breakthroughs are initially developed by clever individuals or small start-up companies. So it's no surprise to find an impressive range of unique and imaginative new security solutions in ... read more»

US: Biggest threats to citizen data identified

(from Ciol at 19-11-2009)

Government initiatives aimed at modernizing federal information systems are fraught with risk, according to a new study sponsored by CA, Inc. and conducted by the Ponemon Institute, Cyber Security Mega Trends: Study of IT leaders in the U.S. federal government. Released today at CA's IT Government Expo, the Cyber Security Mega Trends study surveyed 217 senior-level IT executives employed by various U.S. federal agencies to identify significant areas of risk to information security associated ... read more»

Critical Infrastructure, 60 Minutes, and Missing the Point

(from Securosis at 19-11-2009)

Here's the thing about that 60 Minutes report on cybersecurity from the other week. Yes, some of the facts were clearly wrong. Yes, there are massive political fights under way to see who 'controls' cybersecurity, and how much money they get. Some .gov types might have steered the reporters/producers in the wrong direction. The Brazilian power outage probably wasn't caused by hackers.... read more»

Conn. health insurer acknowledges missing data

(from Google at 19-11-2009)

Connecticut Attorney General Richard Blumenthal said Wednesday that health insurer Health Net lost financial, health and personal information of nearly 450,000 state residents and failed to inform consumers for six months. Health Net spokeswoman Alice Ferreira said an unencrypted portable disk drive was discovered missing from the company's Shelton office. She said in an interview that it took the company six months to determine who was affected and it notified Blumenthal Wednesday.... read more»

No podcast this week

(from MCkeay at 19-11-2009)

We worked at it, we really did. I made special arrangements to be able to Skype in from my hotel room, Zach called in from home and Rich recorded everything at his home office. It all worked out. Or so we thought. When Rich went back to edit the podcast he found that his software had failed without warning and all he had recorded was his own audio, which might be interesting as a funny aside some day, but hardly makes for a satisfying podcast.... read more»

Two held over ZeuS trojan virus that steals personal data

(from Guardian at 19-11-2009)

Two suspected hackers have been arrested by police investigating a "trojan" computer virus that gathers confidential details from individuals and is believed to have infected tens of thousands of computers around the world. The Metropolitan police said that once the ZeuS or Zbot trojan was installed in an affected computer, it recorded users' bank details and passwords, credit card numbers and other information such as passwords for social networking sites.... read more»

Other voices: I’m tired of this whole ‘security is failing, security professionals suck’ meme'

(from SunbeltBlog at 19-11-2009)

“Rich” raises an interesting point about organizations hiding the real cost of losses. He also is a master of the long, breathless and funny sentence. Example: “If the industry was failing that badly all our bank accounts would be empty, we'd be running on generators, our kids would all be institutionalized due to excessive exposure to porn, email would be dead, and all our Amazon orders would be rerouted to Liberia... but would never show up because of all the falling planes crashing into... read more»

Hackers descend upon defense website

(from People at 19-11-2009)

Hackers are trying to penetrate the website of China's Ministry of National Defense and have made more than 2 million attacks on it within one month since the site's launch three months ago, People's Daily reported Wednesday. The efforts are seen as a sign of the increasing vulnerability facing China's official websites. "Since the first day the defense ministry website went online, it has suffered mass, uninterrupted hacker attacks," Ji Guilin, the editor in chief of the website, told the pa... read more»

A lack of CEO support and insufficient resources blamed for rise in insider and outsider breaches

(from scmagazineuk at 19-11-2009)

UK businesses are suffering from a multitude of data security breaches.According to a new study by the Ponemon Institute and commissioned by Lumension, negligent employees are beginning to rival computer virus infections as the biggest cause of data security incidents in UK businesses. While 84 per cent of organisations suffered from computer viruses and malware network intrusions in the last 12 months, the 'Worldwide State of the Endpoint Survey 2010' reports that more than six out of ten no... read more»

In-Q-Tel Invests In Cybersecurity Company

(from informationweek at 19-11-2009)

The independent venture arm of the U.S. intelligence community, In-Q-Tel, has invested in cybersecurity company FireEye, the company announced Wednesday. In-Q-Tel and FireEye didn't disclose terms of the agreement, or which intelligence agencies are particularly interested in the technology. However, in a release, they said that the investment "will extend FireEye's cyber security product development and stealth malware technical capabilities to protect against cyber threats."... read more»

Gov't executives cite unstructured data as top concern

(from scmagazineus at 19-11-2009)

More than cloud computing, mobile devices and Web 2.0 applications, unstructured data is the cyberthreat federal government IT executives are most worried about, according to a survey released Wednesday by the Ponemon Institute and IT management software and solutions vendor CA. In the survey of 217 senior IT executives from U.S. federal organizations, 79 percent said unstructured data – information not contained in databases – increases their organization's security risk. Unstructured data ... read more»

Man charged in $111k domain name theft

(from The Register at 19-11-2009)

A New Jersey man has been charged with stealing the domain name and selling it to a professional basketball player for more than $111,000 in the first US indictment for domain name theft. In May 2006, Daniel Goncalves, now 25, of Union City, illegally accessed accounts of domain name registrar GoDaddy "for the purpose of altering registration information for ',' to fraudulently transfer registration of ' from its lawful registrant," according to the indictment, which was... read more»

Cyber criminals worked furiously in 2009

(from Net-Security at 19-11-2009)

Symantec's Security Responce team took it upon itself to gather information from various sources and thousands of experts and compile a list of threats that marred the information security landscape this past year. As they shared on their blog, cyber criminals have been very busy in 2009 - there has been 403 data breaches, 43 million fake security software installation attempts have been detected, the amount of malware-bearing spam emails has seen a nine-fold increase and 14.4 million drive-b... read more»

Federal Officials Say U.S. Can Stop Only 4 of Every 5 Cyber Attacks

(from infoZine at 19-11-2009)

Federal officials told a Senate committee that U.S. government and private Web sites remain vulnerable to attacks like one over the summer that even hit the White House and that the least-sophisticated hackers are becoming bigger threats. Washington, D.C. - infoZine - Scripps Howard Foundation Wire - Federal officials warned the Senate Judiciary Committee that there is no panacea for Internet crimes and that individuals and small-business owners often don't notice their computers have been ha... read more»

NIST Special Publication 800-37 - Revision 1 - Guide for Applying the Risk Management Framework to Federal Information Systems - A Security Life Cycle Approach

(from NIST at 19-11-2009)

In accordance with the provisions of FISMA, the Secretary of Commerce shall, on the basis of standards and guidelines developed by NIST, prescribe standards and guidelines pertaining to federal information systems. The Secretary shall make standards compulsory and binding to the extent determined necessary by the Secretary to improve the efficiency of operation or security of federal information systems. Standards prescribed shall include information security standards that provide minimum infor... read more»

Couple arrested in connection with Zbot Trojan horse

(from Sophos at 19-11-2009)

A man and a woman have been arrested in Manchester by officers of the Greater Manchester Police and Metropolitan Police Central e-Crime Unit (PCeU) in connection with the Zbot family of Trojan horses. Zbot is one of the most notorious pieces of malware of recent times. It's a data-stealing Trojan horse, designed to grab information from internet users which would help hackers break into online bank accounts and social networking sites such as Facebook and MySpace.... read more»

80,000 Mailers Sent Out With Recipients' Social Security Numbers In Plain View

(from Wgal at 19-11-2009)

Check your mailbox. Thousands of Pennsylvanians could become victims of identity theft just because a piece of mail has been sent to their homes. Right on the front of the piece of mail, in plain view, is the recipient's Social Security number. Tens of thousands of Medicare recipients may be at risk. Delores and Frank Ember, of Elizabethtown, simply could not believe what they found in their mailbox on Monday. Frank was the first to notice a problem with the postcards they received.... read more»

UK police reveal arrests over Zeus banking malware

(from ComputerWorld at 18-11-2009)

British police said Wednesday they've made the first arrests in Europe of two people for using Zeus, a sophisticated malicious software program that can scoop up any sensitive information on a PC. A man and woman, both 20 years old, were arrested in Manchester, England, on November 3, said the Metropolitan Police's Central e-Crime Unit (PCeU). The pair, who have been released on bail, will face charges under the 1990 Computer Misuse Act and the 2006 Fraud Act.... read more»

Cyber-war Could Threaten Security of Critical Infrastructure

(from EWeek at 18-11-2009)

In a new report released by McAfee, several noted security experts discuss the improving cyber-warfare capabilities of the world's superpowers and the risks facing critical infrastructures. The ability of several countries to launch politically motivated cyber-attacks has increased and put critical infrastructure in the crosshairs, according to a sweeping report from McAfee.... read more»

U.K. Police Arrest Two Tied to Zeus Trojan

(from EWeek at 18-11-2009)

Police in the U.K. arrested two people tied to the Zeus Trojan, a notorious piece of malware used to steal banking information and another personal data such as passwords for sites like Facebook. Authorities in the U.K.have reportedly arrested two people in connection with using a notorious Trojan in a scheme to steal online banking information. The man and the woman, both 20, were arrested by the Metropolitan Police Service in Manchesterfor violating the 1990 Computer Misuse Act and the 200... read more»

Companies still lacking data management policies

(from SecureComputing at 18-11-2009)

The majority of companies still do not have basic data management processes in place despite the hype surrounding business intelligence software, intelligent data storage systems and virtualisation, according to IDC. The analyst firm said that very few companies have systems in place to make use of their data, and often struggle to classify data in order to find it again. "They have to answer the difficult question of what data is relevant," said Benjamin Woo, enterprise storage systems re... read more»

NC loan processor sentenced for ID theft

(from databreaches at 18-11-2009)

A former loan processor was sentenced Friday to to one year and one day imprisonment for wire fraud and aggravated identity theft charges. Senior United States District Judge James C. Fox also ordered Maria Lorena Croll, 24, of Raleigh, North Carolina, to pay restitution of $2,138.52. A federal grand jury had indicted Croll in December 2008 and she pled guilty in June 2009 to six counts of wire fraud and one count of aggravated identity theft.... read more»

Confidential Bushland ISD documents found

(from connectamarillo at 18-11-2009)

Bushland officials are wondering if an employee or perhaps an ex-employee walked out of the office with highly confidential documents. Those documents were dropped off at Pronews 7.... read more»

Cyber attacks hit almost 60% of Mideast businesses

(from arabianbusiness at 18-11-2009)

Fifty seven percent of businesses across the region have suffered two or more cyber attacks in the past six months, the latest research shows. According to the internet security firm Trend Micro, businesses need to do more to protect their company data and computer systems from web viruses.... read more»

Personal info at risk when items go missing

(from TorontoSun at 18-11-2009)

The personal information of taxpayers may be at risk because of a series of security breaches at the Canada Revenue Agency. Documents obtained by Ottawa researcher Ken Rubin reveal that lost mail, missing shipments of computers or other data storage devices, and the theft of computers that might contain tax records, is an ongoing problem. "Our analysis revealed an increase involving the loss of taxpayer information internally from 2005-06 to 2007-08," the documents read.... read more»

Browser wars: Security report provokes skepticism, caution

(from Gcn at 18-11-2009)

All of us who proudly use the Firefox Web browser have gotten a small comeuppance, with news that Firefox is the least secure of the four major Web browsers (Google's relatively new Chrome was not one of those studied), according to at least one analysis. The announcement from applications security firm Cenzic, which released the report, sparked a wave of reaction among technology bloggers and other writers.... read more»

You Will Lead the Same Way You Follow, So Be Careful How You Follow

(from bretlsimmons at 18-11-2009)

Leadership is not as mystical and magical as many make it out to be. Whatever else you might believe about leadership, the bottom line is that leadership becomes manifest in behavior – things we do and say. Our behavior follows patterns, those patterns are driven by our assumptions, and our assumptions are learned. How you follow is exactly how you will lead. We learn our assumptions as followers about the roles and responsibilities of leaders and followers. The assumptions about what is ... read more»

When Big Brother turns bad

(from BBC at 18-11-2009)

For a man described as the "internet entrepreneur you've never heard of", Josh Harris has led an extraordinarily public life. As an internet pioneer he took webcam surveillance to the extreme, becoming what many called the "Warhol of the web". His story is now part of an award-winning documentary film, We Live in Public. After setting up analyst firm Jupiter, he went on to found, one of the web's first webcam portals.... read more»

India puts nuclear plants on alert-report

(from Reuters at 18-11-2009)

India has put its nuclear power plants under alert and tightened security around them after intelligence about possible attacks, a report said on Monday. The step comes after a man arrested in the United States on charges of plotting attacks in India was found to have travelled to Indian states that have nuclear installations.... read more»

National Cyber Incident Response Plan Coming

(from informationweek at 18-11-2009)

In wide ranging testimony before the Senate Judiciary Committee on Tuesday, some of the federal government's top cybersecurity authorities said that the status quo in federal cybersecurity is not sufficient. They discussed plans to improve cyber defenses, including a new comprehensive National Cyber Incident Response Plan to delineate duties in case of a major cyber attack.... read more»

Cyber warfare 'now a reality' with United States and Russia armed

(from Telegraph at 18-11-2009)

A wave of politically-motivated cyber offensives this year – such as attacks on the White House and the US Department of Homeland Security – show that the international arms race is now moving online, a study claims. The report warns that cyber strikes could have a "devastating" impact on national infrastructure with power grids, water supplies and financial markets all at risk. While the potential of online warfare has long been talked up, the Virtual Criminology Report released by the web s... read more»

Indo-Pak cyber war claims 40-50 Indian sites daily

(from domain-b at 18-11-2009)

India and Pakistan, not the friendliest of neighbours, have fought three major wars and are now engaged in another in cyberspace. ] As per latest reports, hackers from across the border are working overtime to launch cyber attacks on Indian websites in their cross hair. Reports indicate that around 40-50 sites are being hacked by Pakistani hackers on a daily basis whereas around 10 Pakistani sites are being hit by their Indian counterparts.... read more»

IT profession has most inactive workers says survey

(from Computing at 18-11-2009)

A survey of 1,734 UK workers has found that of all nationwide professions, IT workers are the most inactive, as measured by government activity guidelines advocating half an hour of moderate exercise, five times a week. Fewer than one in five (19 per cent) meet the government guidelines, and the IT workers also feature highly with respect to the unhealthiest diets.... read more»

Internet Governace 2009 - IP Block

(from All Africa at 18-11-2009)

Nigeria Internet community would canvass for the appropriate security regulation and application, mostly on Internet Protocol (IP) blocking at the on-going Internet Governance Forum (IGF) holding in Sharm El Sheikh, Egypt. Participants at the recently concluded one-day Nigeria Digital Sense forum in a communiqué made available to Champion Infotel by the organizers, Digital Sense Africa (DSA) in collaboration with the Nigerian Communications Commission (NCC) on the theme: "Internet Governance:... read more»

Hackers Unite in the Name of Disaster Preparedness

(from Government Technology at 18-11-2009)

Building a developer community to tackle IT and communications issues related to disaster relief isn't a simple task, but when Microsoft, Google, Yahoo, NASA and the WorldBank team up, they mean business. The entities sponsored the two-day event -- called Random Hacks of Kindness (RhoK) in which developers tried to solve real-world disaster relief issues with technology in November at the Hacker Dojo in Mountain View, Calif.... read more»

Iraq Cyber Attack and the DigiSEALs

(from DefenseTech at 18-11-2009)

Reports have recently made it into the pub­lic domain that back in May of 2007 President George W. Bush autho­rized the National Security Agency (NSA) to launch a sophis­ti­cated cyber attack on the cel­lu­lar phones and com­put­ers of insur­gents in Iraq. This cyber attack cre­ated the abil­ity for U.S. forces to plant false infor­ma­tion that lead to the decep­tion of insurgents. Multiple senior level offi­cials have report­edly told media sources that this attack helped turn the tide of t... read more»

IT should use a little fear to promote cyber security

(from Tech Republic at 18-11-2009)

In the above “60 Minutes” video, correspondent Steve Kroft spoke with former and current US government officials and private-sector security about the nation’s vulnerability to cyber attack. To most IT professionals, this revelation isn’t, or at least shouldn’t be, news. Before joining TechRepublic 10 years ago, I worked for a regulated utility–a power company. Even then, before anyone was seriously pushing a “smart grid” we were keenly aware of digital threats to our organization. But, just ... read more»

What's Another 32-bits to Malware?

(from Technet at 18-11-2009)

The migration of PC computing from 32-bit to 64-bit is in full swing at last, and if you’ve been confused as to what it all means, you’re not alone. PCs built for years now have been capable of running both 32-bit and 64-bit operating systems, but for that you need 64-bit version of Windows (and corresponding drivers for devices), and getting everything working on 64-bit used to be for brave and technical people only. There are many advantages to using a 64-bit operating system – using twice... read more»

No cyberwar yet, but soon, says firm

(from SecurityFocus at 18-11-2009)

In 2007, a massive denial-of-service hit government and financial servers in Estonia. In 2008, as Russia invaded the former Soviet state of Georgia, attackers cut off communications to the outside world. In 2009, attacks on South Korea and U.S. targets caused consternation. Yet, none of these attacks rise to the level of cyberwarfare, security company McAfee stated in a report released on Tuesday. By looking at four characteristics -- source, motivation, sophistication, and impact -- the comp... read more»

Beware: Spam on Facebook and Twitter has reached epidemic

(from ZDNet at 18-11-2009)

They say you’re really made it in the web industry once you are a target for spam, but it’s gone too far on Facebook and Twitter.Besides nasty wall and mini-feed spam, Facebook’s group application has been the easiest place to phish users. Facebook needs to do a better job of detecting spam and protecting its users. Why don’t I have a “report as spam” link next to all those fake wall postings? The bad guys are getting smarter too. Most of the spam links you see contain obscure short URLs so y... read more»

Employees rival malware for data losses

(from Computer Weekly at 18-11-2009)

Negligent employees are starting to rival computer virus infections as the biggest cause of data loss in UK businesses. Some 60% of UK businesses are losing sensitive data as a result of negligent employees.This is exacerbated by the loss and theft of desktop and laptop computers and other mobile computing devices reported by 55% of organisations. Twenty eight per cent have lost sensitive data held by a third party or cloud computing provider.... read more»

Bogus Facebook page harvests login details

(from v3 at 18-11-2009)

Security firm PandaLabs is warning of a new spoofed Facebook page that has the ability to steal user passwords and other login details. Users of the social networking site are urged to watch out for rogue emails containing links to the bogus page, which can give attackers access to their account. If the user does enter their details, the page redirects to an error message claiming an "incorrect email/password combination".... read more»

T-Mobile staff sold customer data

(from ComputerWeekly at 18-11-2009)

The Information Commissioner's Office (ICO) said investigators have been working with the mobile phone company. It had suggested to the ICO that employees allegedly sold details relating to customers' mobile phone contracts, including when their contracts expire. The ICO investigation revealed that the information has been sold on to several brokers for large sums. Information commissioner Christopher Graham said, "We are considering the evidence with a view to prosecuting those responsible a... read more»

Microsoft reveals top 25 computer security threats

(from smartcompany at 18-11-2009)

Microsoft says businesses should continue to remain vigilant in protecting their computers against malware attacks and unwanted software, despite new figures which show infection rates are continuing to fall. The comments come as the company reveals the results of its Security Intelligence Report for the first half of 2009, which show Australia's average infection rate has improved from 4.7 out of every 1,000 computers to 3.9, compared to the global average of 8.7.Out of the top security thre... read more»

Hacker Infiltrates MassMutual Database

(from InternetNews at 18-11-2009)

MassMutual officials this week confirmed that one of its employee databases was accessed by an unauthorized person or persons, exposing an unknown number of employees' personal data for a yet-to-be-determined amount of time. The Springfield, Mass.-based insurer said the compromised database was being maintained by an unidentified, third-party vendor and contained "a limited amount of personal employee data."... read more»

Brazilian Hacking Attempts Fail To Break Brazilian E-Voting, But Do Improve The Process

(from Techdirt at 18-11-2009)

We pointed out recently that Brazil was allowing groups of hackers and security experts to hack their e-voting machines, something that the e-voting industry has always resisted angrily. The e-voting companies have never been able to adequately explain why experts shouldn't be able to try to hack the machines, and all it did was lead to more distrust over the machines. However, the Brazil test has been concluded, and there's some good news: no one was able to crack the machines. However, wit... read more»

Twitter Could 'See Off Email In A Decade'

(from sky at 18-11-2009)

Email could be wiped out by social networking sites and instant messaging within the next ten years, according to a leading professor.Professor David Zeitlyn from the University of Kent came to the conclusion because of the rise in the use of websites like Facebook and Twitter. These sites are seen as more fashionable and faster and easier to use, plus they can be accessed from anywhere with mobile phone technology.Professor Zeitlyn found that although 15 to 24-year-olds do use email, they us... read more»

Next year is THE year for cloud computing

(from ZDNet at 18-11-2009)

Yogi Berra had it right - it’s difficult to make predictions, especially about the future. It’s especially difficult to make predictions about the future in a new, industry-changing discipline like cloud computing. Still, since that’s the task at hand, here is my view on how cloud computing is likely to transform the computing industry landscape in 2010.... read more»

3 basic steps can thwart most cyberattacks, NSA security official says

(from Government Computer News at 18-11-2009)

Computer systems with proper security and network controls should be able to withstand about 80 percent of known cyberattacks, according to a senior National Security Agency official. There are common steps that people could take to bolster computer security and make it more difficult for would-be-hackers to gain access, Richard Schaeffer Jr., the NSA’s information assurance director, told the Senate Judiciary Committee’s Terrorism and Homeland Security Subcommittee today. He identified thre... read more»

IT Security as Easy as Mikado... - Mikado, an old European stick game

(from F-Secure at 18-11-2009)

It's Mikado, an old European stick game. The game is rather cute, but it is supposed to convey a serious message - that IT security can be as simple as this game. Most people have the impression that IT security is complex, highly technical, frighteningly arcane, and difficult to manage. To be fair, most people have good reason to think so. Even the language is difficult, like the latest from the Pentagon's cyber security people - the Global Information Grid Customizable Operational Picture (... read more»

How to hack China for just $1,800

(from Computer World at 18-11-2009)

Fraudsters may have a hot deal waiting for them in the form of an obscure Chinese domain name that's for sale on the Internet. The domain is for sale, according to a note posted on the Web site. That fact probably doesn't mean much to most people, but to Duane Wessels it's a big deal. He says that if it fell into criminal hands it could be misused for phishing or other types of fraud.... read more»

US man gets nearly 20 years for Thai pedophilia

(from Yahoo at 18-11-2009)

A US court has handed 19-and-a-half years in prison to an actor convicted of abusing children as young as six on trips to Thailand and posting the images on the Internet. Wayne Nelson Corliss, 60, was also ordered to pay a 5,000-dollar fine. The federal court in Newark, New Jersey said on Monday Corliss -- who reportedly played Santa Claus for children -- would be under supervision for life.... read more»

Endpoint security frustrates IT

(from NetworkWorld at 18-11-2009)

There's a groundswell of frustration about today's endpoint security, as well as worries about how newer technologies such as virtualization or cloud computing will impact it, according to a new study. The Ponemon survey of 1,427 professionals in IT security and 1,582 in IT operations, working in business or government who live in the United States, the United Kingdom, Australia, New Zealand or Germany, were asked how they managed endpoint security, how things were going with the budget and s... read more»

Michael Jackson is riskiest celebrity of 2009

(from NetworkWorld at 18-11-2009)

Michael Jackson has been named the riskiest celebrity of 2009 by Symantec. In its 'Top Cyber Threats Of 2009' report, the security firm said the King of Pop's death in June this year sparked a deluge of spam and malware campaigns as cybercriminals attempted to exploit his fans. Serena Williams' outburst at the US Open meant the Tennis Star was named the second most riskiest celebrity of 2009, while Patrick Swayze, Harry Potter and US President Barack Obama made up the rest of the top five.... read more»

The six greatest threats to US cybersecurity

(from itworld at 18-11-2009)

It’s not a very good day when a security report concludes: Disruptive cyber activities expected to become the norm in future political and military conflicts. But such was the case today as the Government Accountability Office today took yet another critical look at the US federal security systems and found most of them lacking. From the GAO: “The growing connectivity between information systems, the Internet, and other infrastructures creates opportunities for attackers to disrupt telecommun... read more»

Firms spend only up to 20% of their budget on IT security

(from business24-7 at 18-11-2009)

Security accounts for only 10 to 20 per cent of overall IT budgets within UAE enterprises - well below global standards. There is awareness, say experts, but security is still often viewed with a closed mind. IT security is not just about protecting the perimeter but has evolved as Web 2.0 and social media have taken the limelight. Employees are increasingly becoming mobile, which makes it important for organisations to consider cloud computing and software as a service (Saas) as parts of the... read more»

Over three quarters of security products fail an initial test and do not adequately perform

(from scmagazineuk at 18-11-2009)

A report by ICSA Labs has claimed that nearly 80 per cent of security products fail to perform as intended. The ‘ICSA Labs Product Assurance Report', which is co-authored by the Verizon Business data breach investigations report research team, revealed that the main reason for product failures is because it does not adequately perform as intended. It claimed that the products fail to perform as intended when first tested and generally require two or more cycles of testing before achieving cer... read more»

Cyber laws must punish individuals not society: specialist

(from Yahoo Tech at 18-11-2009)

Laws regulating cybercrimes must target individuals and not society as a whole, an IT specialist told an Internet governance forum at the Egyptian resort of Sharm el-Sheikh on Tuesday. Gisele Da Silva Craveiro from the University of Sao Paolo in Brazil said the broad nature of cyberlegislation leaves it open to abuse by authorities.... read more»

FBI: Hackers targeting law and PR firms

(from MSNBC at 18-11-2009)

Hackers are increasingly targeting law firms and public relations companies with a sophisticated e-mail scheme that breaks into their computer networks to steal sensitive data, often linked to large corporate clients doing business overseas. The FBI has issued an advisory that warns companies of "noticeable increases" in efforts to hack into the law firms' computer systems — a trend that cyber experts say began as far back as two years ago but has grown dramatically.... read more»

The few, the proud, the cyberwarrior

(from ashimmy at 18-11-2009)

According to McAfee anyway, the Marines aren’t the only ones recruiting warriors. Echoing the drums beat by CEO DeWalt over the last few months, McAfee released the report from its Virtual Criminology Report which indicates that politically motivated cyber attacks will continue to escalate over the coming months. This article on details that according to McAfee at least 20 countries have been building up their cyber warfare capabilities.... read more»

ICO investigating mobile firm over data leaks

(from v3 at 18-11-2009)

The Information Commissioner's Office (ICO) has revealed that mobile phone customer records are routinely being sold on illegally. The ICO has published the results of a large number of its investigated cases, including an incident involving a mobile phone company at which staff were allegedly selling customer and contract expiration details.... read more»

Cyber agencies mum on how they try to identify cyberattackers

(from nextgov at 18-11-2009)

Members of a Senate subcommittee on Tuesday asked criminal and security agency officials responsible for securing the nation's most sensitive computer systems and networks how they identify who is behind a specific cyberattack, despite the difficulty in doing so. Tracing cyberattacks back to a specific source can be a difficult process because attacks can be routed through numerous computer networks worldwide, making it nearly impossible to identify the computer network where the attack start... read more»

Senate Panel: 80 Percent of Cyber Attacks Preventable

(from Wired at 18-11-2009)

If network administrators simply instituted proper configuration policies and conducted good network monitoring, about 80 percent of commonly known cyber attacks could be prevented, a Senate committee heard Tuesday. The remark was made by Richard Schaeffer, the NSA’s information assurance director, who added that simply adhering to already known best practices would sufficiently raise the security bar so that attackers would have to take more risks to breach a network, “thereby raising [their... read more»

'Cyber warfare is a reality': McAfee

(from The Sydney Morning Herald at 18-11-2009)

Warning of a "cyber arms race," top web security firm McAfee says that China, France, Israel, Russia and the United States have developed cyber weapons. "McAfee began to warn of the global cyber arms race more than two years ago, but now we're seeing increasing evidence that it's become real," said Dave DeWalt, president and chief executive of McAfee on Tuesday.... read more»

Cyberwar Could Threaten Security of Critical Infrastructure

(from EWeek at 18-11-2009)

In a new report released by McAfee, several noted security experts discussed the improving cyberwarfare capabilities of the world's superpowers and the risks facing critical infrastructures. The ability of several countries to launch politically-motivated cyber-attacks has increased and put critical infrastructure in the crosshairs, according to a sweeping report from McAfee.... read more»

EU cracks down on mobile services

(from BBC at 18-11-2009)

Websites mis-selling mobile ringtones and other services have been forced to clean up their acts, following a European Union crackdown. Some 301 sites were investigated, resulting in the closure of 54 and the correction of 159. The biggest problems were unclear pricing and misleading advertising suggesting ringtones were free. The investigation was a direct response to hundreds of complaints from parents and consumers across Europe. Over half of the websites specifically targeted children.... read more»

The Cloud Security Survival Guide

(from Network World at 18-11-2009)

Virtualization and cloud computing let you simplify your physical IT infrastructure and cut overhead costs, but you've only just begun to see the security risks involved. Putting more of your infrastructure in the cloud has left you vulnerable to hackers who have redoubled efforts to launch denial-of-service attacks against the likes of Google, Yahoo and other Internet-based service providers.... read more»

T-Mobile customers' personal data sold to rivals

(from Sophos at 18-11-2009)

The story dominating the British news this evening is the revelation that staff at one of the leading mobile phone company's sold the personal details of thousands of customers for "substantial sums". Information Commissioner Christopher Graham refused to name the company concerned as it could prejudice a future prosecution, but told the media that the names, addresses, telephone numbers and information about customers' contracts was stolen and sold on to other competitors.... read more»

Cal Poly Pomona online security breached

(from abclocal at 18-11-2009)

University officials say that personal information from up to 355 student applicants, including social security numbers, addresses and telephone numbers were accessible on the Internet for about five years. The information was inadvertently left in a publicly accessible computer folder from 2003 to November of 2008. A former applicant found the mistake while searching for information on himself. The school says that even after the data was removed from a university server, some of it remai... read more»

DNS Survey Results Pandora's Box of Both Frightening and Hopeful Results, Says Cricket Liu

(from circleID at 17-11-2009)

The fifth-annual survey of domain name servers (DNS) on the public Internet—called a "Pandora's box of both frightening and hopeful results"—was released today by The Measurement Factory in partnership with Infoblox. Cricket Liu, Vice President of Architecture at Infoblox and author of O'Reilly & Associates' DNS and BIND, DNS & BIND Cookbook says: "Of particular interest is the enormous growth in the number of Internet-connected name servers, largely attributable to the introduction by carriers ... read more»

Clear Metrics for Cloud Security? Yes, Seriously

(from itworld at 17-11-2009)

Since publication of my first article -- Cloud Security: Danger (and Opportunity) Ahead -- it seemed new informations and cloud solutions were appearing daily. I'm gratified, for example, to see NIST, the National Institute of Science and Technology, has published its 15th draft on cloud computing, and with it, agreed with much of the definition I proposed in the previous article: "Service-based data processing and storage capability which is flexible, extensible and virtual."... read more»

Yahoo jobs site in SQL attack worry

(from ComputerWorld at 17-11-2009)

Yahoo raced last Thursday to close a potentially serious vulnerability that could have exposed customer data from its online jobs website, a security company has revealed. According to Israeli security company Imperva, which discovered the security hole being discussed on a known criminal forum, the vulnerability was a variant of the standard SQL injection attack known as blind SQLi, and could have revealed customer account details and possibly payment data.... read more»

Net gets set for alphabet changes

(from BBC at 17-11-2009)

Users of scripts other than that in which English is written will soon have web addresses in their own language. The net regulator Icann has invited countries to ask for "internationalised domain names" in non-Latin characters. Egypt and Saudi Arabia have announced their intentions to apply for the first Arabic domains. Countries can also apply for domains in other scripts, such as Chinese. The first official international web addresses are expected in 2010.... read more»

McAfee Outlines Growing Cyber Warfare Threat

(from InternetNews at 17-11-2009)

McAfee on Tuesday released the sobering results from its fifth annual Virtual Criminology Report, warning nations and companies that politically motivated cyber attacks continue to escalate around the globe and will for the foreseeable future. The report dovetails with comments made by McAfee CEO Dave DeWalt in October during the company's FOCUS 09 conference when he told attendees that "at least 20 countries" have made significant investments in cyber warfare.... read more»

Age of cyber warfare is 'dawning'

(from BBC at 17-11-2009)

Cyber war has moved from fiction to fact, says a report. Compiled by security firm McAfee, it bases its conclusion on analysis of recent net-based attacks. Analysis of the motives of the actors behind many attacks carried out via the internet showed that many were mounted with a explicitly political aim. It said that many nations were now arming to defend themselves in a cyber war and readying forces to conduct their own attacks.... read more»

4th Annual SCADA Security Scientific Symposium , January 20 – 21, Miami Beach

(from digitalbond at 17-11-2009)

Digital Bond’s 4th Annual SCADA Security Scientific Symposium [S4] is being held January 20 – 21 in warm and sunny Miami Beach. S4 is a bleeding edge research event where technical papers are presented in detail to a technical audience. It is not for everyone. There are no best practice papers, standards or gov program overviews, policy or SCADA 101 presentations. But if you are craving some technical meat down to the byte, protocol, metric/mathematics, exploit, … level and want to talk to other... read more»

Shadowserver to Take Over as Mega-D Botnet Herder

(from PCWorld at 17-11-2009)

An effort is underway to clean up tens of thousands of computers infected with malicious software known for churning out thousands of spam messages per hour. The infected computers are part of a botnet called Ozdok or Mega-D, which at one time was sending out around 4 percent of the world's spam messages. Last week, security vendor FireEyelaunched a drive to dismantle the botnet. The infected computers receive instructions and information for new spam campaigns through command-and-control ... read more»

Siemens sponsors Grid-Interop 2009

(from Prnewswire at 17-11-2009)

Grid-Interop 2009 is an annual three-day gathering of thought leaders from around the world who will focus on the successful interconnection of transmission and distribution devices to enable the Smart Grid. As a Gold Sponsor, Siemens Energy, Inc. supports this opportunity for organizations to convene in collaborative sessions with industry leaders. The conference will be held November 17-19 in Denver, CO. Siemens is pleased to announce that Dave Pacyna, senior vice president and general man... read more»

The Botnet Hunters

(from CSOonline at 17-11-2009)

A self-proclaimed geek from the age of 14, Andre DiMino had always been interested in computers and networking. But it wasn't until he entered his professional life many years later that he became interested in the security side of that world. "I was a system administrator for a fairly large network that experienced a significant hacking incident one weekend," said DiMino. "I became consumed with learning about the methods of attack, who might be involved, and where it came from. Right then, ... read more»

Report: Countries prepping for cyberwar

(from CNet at 17-11-2009)

Major countries and nation-states are engaged in a "Cyber Cold War," amassing cyberweapons, conducting espionage, and testing networks in preparation for using the Internet to conduct war, according to a new report to be released on Tuesday by McAfee. In particular, countries gearing up for cyberoffensives are the U.S., Israel, Russia, China, and France, the says the report, compiled by former White House Homeland Security adviser Paul Kurtz and based on interviews with more than 20 experts i... read more»

Growth in number of unmanaged DNS servers raises security risk

(from Government Computer News at 17-11-2009)

The estimated number of name servers on the Internet jumped from 11.7 million in 2007 to 16.3 million in this year’s scan. That in itself is not bad news, but that growth is believed to be responsible for the sharp increase in recursive servers—name servers that accept queries from any IP address and are more vulnerable to being used in denial-of-service attacks. The percentage of open recursive servers jumped to nearly 80 percent in this year’s study, from 52 percent in 2007.... read more»

IDC says firms still lacking data management policies

(from at 17-11-2009)

According to IDC despite all the hype surrounding business intelligence software, intelligent data storage systems and virtualisation, the majority of companies’ still lack both fundamental and basic data management processes. IDC’s Enterprise Storage Systems research vice president, Benjamin Woo suggested that, “Very few companies have systems in place to make use of their data.”... read more»

St Albans Council loses fourth laptop this month

(from at 17-11-2009)

A laptop has been stolen from St Albans District Council containing personal details on more than 14,000 local postal voters. The information included the names, addresses, dates of birth and signatures of the 14,673 residents who applied for a postal vote in the June local election. The laptop was the fourth to be stolen from the council this month.... read more»

ISPs criticise government plans to store all comms data

(from Computer Weekly at 17-11-2009)

Internet service providers (ISPs) are unhappy with the government's plans to require them to store records of all e‑mail, social networking and web traffic. The trade body representing the companies, the Internet Service Providers' Association (ISPA), has written to the Home Office over its plan to store all forms of communications data. In a document seen by the Financial Times it says the proposals go "far beyond" the present rules for storing telephone data, and would have a "debi... read more»

Team Cymru Launches New Tool to Help With Cyber Crime Investigations New website enables law enforcement to access details of thousands of computers

(from Yahoo at 17-11-2009)

A Chicago based IT Security Research company today launched a free website designed to help law enforcement around the world to identify and coordinate cyber crime investigations. Team Cymru's Botnet Analysis and Tactical Tool for Law Enforcement (BATTLE) has been providing police from 31 different countries with information on botnet command and control servers for over a year. The tool was today massively expanded to include phishing sites and malware download locations, making it the large... read more»

From the Humour Department - Official Bruce Schneier action figure steps onto market

(from The Register at 17-11-2009)

Good news for devotees of ponytailed crypto guru of all our hearts Bruce Schneier: it's now possible to buy an officially endorsed "Bruce Schneier action figure". The action figure, which can be purchased here, comes with a range of costumes ("casual Bruce", "smart Bruce" and "head only"), and also features "scalp" options ("bald", "ponytail" or "cyborg").... read more»

Supply of ethical hackers in India short of demand

(from Indiatimes at 17-11-2009)

This has very much to do with the nation’s security, but not one that the political leadership is being pulled up for. As hackers from across the border in Pakistan mount a cyber attack against the country’s websites, Indian hackers seem to be falling considerably short in firepower. "In the ongoing cyber warfare between the two countries, roughly 40-50 Indian sites are being hacked on a daily basis by Pakistani hackers while about 10 Pakistani sites are being hit by their Indian counterparts... read more»

The good, the bad and the ugly of DNS security on the Internet

(from Network World at 17-11-2009)

Recent survey results show that DNS configuration and related security practices continue to represent a mixed bag for enterprise IT managers, with certain threats diminishing and others gaining considerable steam. According to the results, 79.6% of the name servers in the random sample were open to recursion, up from 52.1% in 2007. Servers open to recursion are vulnerable to distributed denial of services, or DDoS attacks, Infoblox reports. The company suggests that carriers ensure default ... read more»

Hackers Breach State Database

(from KETV at 17-11-2009)

A hacker has broken into the Nebraska Worker's Compensation database, prompting an FBI investigation and an effort to contact those who may be affected. Several thousand people could be affected by the breach, which was discovered last week when the state's chief information officer noticed an unusual amount of Internet traffic traversing the Worker's Compensation courts server.... read more»

A different kind of antiviral donation for Africa

(from Network World at 17-11-2009)

Africa is suffering from yet another plague: this one infects their computers instead of their communities. Chris Michael, writing in the English newspaper The Guardian in August 2009, summarized the situation as follows: "…Africa has become a hive of [T]rojans, worms and exploiters of all stripes. As PC use on the continent has spread in the past decade (in Ethiopia it has gone from 0.01% of the Ethiopian population to 0.45% through 1999-2008), viruses have hitched a ride, wreaking havoc on ... read more»

GMH data breached in stolen laptop

(from GuamPDN at 17-11-2009)

The Guam Memorial Hospital suffered an information breach when a laptop containing unsecured health information was stolen in late October.It wasn't until late last week that they found out the machine contained a file with personal information for approximately 2,000 employees, volunteers, contractors and physicians. Their names, the date of their last physical examinations and their vaccination, Tuberculosis and Hepatitis B statuses were contained in the machine, which was being used by the... read more»

Working at Home: A Wi-Fi, H1N1, Family Survival Guide

(from ComputerWorld at 17-11-2009)

'Tis the season for business not-as-usual: The holidays are supposed to be a time of peace, harmony and gathering together with family and friends. Everyone is supposed to leave their cubicles and corporate offices behind, the point being to get away from troubleshooting ERP systems, gazing at Excel spreadsheets and answering customer complaints via your smartphone.... read more»

Report: Countries prepping for cyber war

(from CNet at 17-11-2009)

Major countries and nation-states are engaged in a "Cyber Cold War," amassing "cyber weapons," conducting espionage, and testing networks in preparation for using the Internet to conduct war, according to a new report to be released on Tuesday by McAfee. In particular, countries gearing up for cyber offensives are the U.S., Israel, Russia, China, and France, the says the report, compiled by former White House Homeland Security adviser Paul Kurtz and based on interviews with more than 20 exper... read more»

Obama said to be close again to naming cybersecurity chief

(from Computer World at 17-11-2009)

The Obama administration is once again reported to be close to naming a White House cybersecurity coordinator. A story in the Federal Times, quoting unnamed sources, said that an announcement could come as soon as Thanksgiving. The two people in the running for the post are Frank Kramer, a former assistant secretary of defense during the Clinton administration, and Howard Schmidt, a former White House cybersecurity adviser and corporate chief security officer (CSO), the report says. Both are ... read more»

Insecure Magazine - Issue 23 Released

(from infosecisland at 17-11-2009)

Issue 23 of Insecure Magazine. This issue contains the following topics. # Microsoft's security patches year in review: A malware researcher's perspective # A closer look at Red Condor Hosted Service # Report: RSA Conference Europe 2009, London # The U.S. Department of Homeland Security has a vision for stronger information security # Q&A: Didier Stevens on malicious PDFs # Protecting browsers, endpoints and enterprises against new Web-based attacks # Mobile spam: An old challenge in a ne... read more»

Second International Alternative Workshop on Aggressive Computing and Security - iAWACS 2010: the Revelation Edition

(from esiea-recherche at 17-11-2009)

Thinking security can not be done without adopting a preferential mode of thought of the attacker. A system cannot be defended if we do not know how to attack it. If the theory is still an interesting approach to formalize things, the operational approach must be the ultimate goal: to talk about security is meaningless if we do not actually do security. In recent years the major security conferences in the subjects preferred to select papers according to fashion topics, conforming to something l... read more»

UK ‘money mules’ earn £2,000 in a couple of hours

(from IT Pro at 17-11-2009)

The police have issued a stark warning for internet users and particularly job seekers to avoid ‘too-good-to be-true’ money making schemes, which could turn them into criminals. Cyber criminals are turning users into ‘money mules’, where they transfer money illegally gained from UK bank accounts to other countries. They do this by recruiting people online, often by convincing them they are applying for a genuine job, to receive funds into their accounts. The mules then withdraw the money and ... read more»

Yahoo Jobs site could have fallen to data hack

(from IT Pro at 17-11-2009)

Security researchers have said that the Yahoo jobs site was potentially open to a SQL injection flaw. Data security company Imperva said that the ‘Blind SQLi’ problem meant that the personal information of people could have been compromised.Amichai Shulman, chief technology officer for Imperva, said in a statement that data could have been taken and traded on online fraud forums. He explained that the SQL injection hack could have harvested private data, with forums acting as an auction or ex... read more»

Tibetan website man jailed in China

(from Channel4 at 17-11-2009)

The founder of a Tibetan literary website has been sentenced to 15 years in a Chinese prison on charges of disclosing state secrets, campaigners said. The International Campaign for Tibet said it had received reports from Tibetan exiles that Kunchok Tsephel, 39, was convicted and sentenced on November 12 in a closed-door trial in south-western Gansu province. Some of the charges are believed to be related to content posted on his influential website, Chodme, or Butter-Lamp, which promotes ... read more»

Most kids face cyberbullying

(from IT Pro at 17-11-2009)

Over 60 per cent of children face bullying as severe as death threats when using social networking and other websites, according to a new report from Beatbullying to mark Anti-Bullying Week. The report showed Bebo was the worst social networking site for bullying in the UK, with one in three of teens targeted by cyberbullying experiencing it on that site - with some apparently dubbing it "Bullybo".... read more»

40-50 Indian sites hacked daily by Pakistani hackers

(from duniyalive at 17-11-2009)

Hacking has given rise to many cyber crimes and also posed a threat to national security of countries. With respect to hacking attacks from across the Pakistan border, Ankit Fadia, Mumbai-based ethical hacker says, “In the ongoing cyber warfare between the two countries, roughly 40-50 Indian sites are being hacked on a daily basis by Pakistani hackers while about 10 Pakistani sites are being hit by their Indian counterparts.”... read more»

Survey: Majority of Web sites vulnerable

(from SecurityFocus at 17-11-2009)

Nearly two-thirds of Web sites have at least one serious security issue that would allow someone to remotely attack the site, WhiteHat Security said this week, citing a recent survey of its clients. According to the Web security firm's data, two-thirds of sites had cross-site scripting (XSS) flaws, nearly half had information disclosure issues and 31 percent were vulnerable to content spoofing. The volume of vulnerabilities, however, was dominated by cross-site scripting flaws, which accounte... read more»

ICO chastises NHS over data losses

(from Smart Healthcare at 17-11-2009)

The ICO said that, of the 711 reports of security breaches it has received since HM Revenue and Customs reported its loss of 25m child benefit records in November 2007, 209 came from the NHS. "We have investigated organisations, including several NHS bodies, that have failed to adequately secure their premises and hardware, which has left people's personal details at risk," said Mick Gorrill, the assistant commissioner with responsibility for investigations.... read more»

McAfee Inc. Warns of Countries Arming for Cyberwarfare

(from StreetInsider at 17-11-2009)

McAfee today revealed that the global cyberarms race has moved from fiction to reality, according to its fifth annual Virtual Criminology Report. The report found that politically motivated cyberattacks have increased and five countries - the United States, Russia, France, Israel and China - are now armed with cyberweapons. "McAfee began to warn of the global cyberarms race more than two years ago, but now we're seeing increasing evidence that it's become real," said Dave DeWalt, McAfee presi... read more»

Are nations paying criminals for botnet attacks?

(from Network World at 17-11-2009)

Nations that want to disrupt their enemies' banking, media and government resources don't need their own technical skills; they can simply order botnet attack services from cybercriminals. That's a point made in McAfee's new report "Virtually Here: The Age of Cyber Warfare," which draws from the opinions of about 20 experts, including William Crowell, former deputy director of the U.S. National Security Agency.... read more»

NZ interloper to commercialise UK internet blocking

(from The Register at 17-11-2009)

Arguments over just how successful government attempts have been in keeping child pxxx off the internet may be little more than a storm in a teacup – but such discussions highlight a shift in the way indecent material may be blocked in future. The story begins with a shocking claim from internet filtering company, Watchdog International, that "known illegal content is not blocked by 88 per cent of UK ISPs". Since the Home Office recently abandoned plans to bring filtering up from a claimed 98... read more»

Cybercriminals target UK job seekers, warns GetSafeOnline

(from Computer Weekly at 17-11-2009)

Job hunters should be wary of money-earning opportunities offered on the internet as they are likely to be linked to cybercrime, says UK internet safety group. Cybercriminals are using increasingly sophisticated techniques to recruit people to become unwitting "money mules" to receive and forward stolen funds, according to GetSafeOnline. These methods include making use of legitimate channels, including mainstream recruitment websites, to mislead people into thinking they are applying for gen... read more»

Facebook isn't always fun

(from viruslist at 17-11-2009)

National Anti-Bullying Week is kicking off in the UK today. This year the focus is on combating cyberbullying, with lots of resources for schools, a roadshow, and videos discussing the problem of bullying. It’s great to see this issue being addressed - media reports and research show that with Facebook, MySpace, text messaging and other technologies now part of our daily lives, the problem of cyberbullying is becoming increasingly widespread. There are lots of resources for kids, educators... read more»

Spam net snared a quarter million bots, says conqueror

(from The Register at 17-11-2009)

Herders behind the Mega-D botnet may have corralled nearly a quarter million infected machines into their spam-churning enterprise before it was recently crippled by white hat hackers. The botnet, which was once responsible for an estimated third of the world's spam output, was knocked out of commission last week by employees of security firm FireEye. After unplugging the Mega-D master control channels, the researchers set up a benign "sinkhole" channel for the bots to report to and waited to... read more»

FBI says hackers targeting law firms, PR companies

(from dailymail at 17-11-2009)

Hackers are increasingly targeting law firms and public relations companies with a sophisticated e-mail scheme that breaks into their computer networks to steal sensitive data, often linked to large corporate clients doing business overseas. The FBI has issued an advisory that warns companies of "noticeable increases" in efforts to hack into the law firms' computer systems - a trend that cyber experts say began as far back as two years ago but has grown dramatically.... read more»

Palestinian suspected of phishing Israeli bank accounts

(from Sophos at 17-11-2009)

The Israeli media is reporting that authorities have arrested a 22-year-old Palestinian man in relation to a phishing attack against customers of two banks. The man, who has not been named, was arrested by the IDF (Israeli Defence Force) and police after allegedly sending emails asking customers of Bank Leumi adn the Bank of Israeli to confirm their account details for "security reasons".... read more»

Disqus for ePayment News